About three years ago I released a Python program to send out WiFi beacon frames with an AirPCap adapter. During my last holiday, I took some time to add a new feature to apc-b.py: option nomap.
When you start apc-b.py with option nomap, it first listens for 60 seconds and records all ESSIDs in finds in beacon frames. Then it starts to broadcast beacon frames for these ESSIDs, but with string _nomap appended to each ESSID.
I’ve been playing with a .NET Micro Framework micro-controller: the USBizi. A few of its interesting characteristics are that you program it in C# with Visual Studio and that in-circuit debugging (including single-stepping) is supported.
The .NET Micro Framework has no assemblies to support USB in host mode (only guest mode), but the USBizi comes with assemblies for host mode providing support for removable drives like USB sticks. To illustrate this feature, I wrote a program to scan the files on a USB stick for the EICAR test file and replace the content with a message appropriate for the time of the year.
Some ideas I’ve for this device: program it as a hardware keylogger, a hardware password vault, …
Here’s some Python code (it uses my mPDF module) to append a new PDF document to an existing PDF document to “hide” the original document. Recovering the original is trivial, you open the PDF document with a HEX-editor and delete the appended document (starting after the second %%EOF counting from the end of the file). This trick uses incremental updates.
#!/usr/bin/python
__description__ = 'make-pdf-hide-original, use it to "hide" the original PDF document'
__author__ = 'Didier Stevens'
__version__ = '0.0.1'
__date__ = '2009/11/07'
"""
Source code put in public domain by Didier Stevens, no Copyright
https://DidierStevens.com
Use at your own risk
History:
2009/11/07: start
Todo:
"""
import mPDF
import time
import zlib
import optparse
def Main():
oParser = optparse.OptionParser(usage='usage: %prog [options] pdf-file\n' + __description__, version='%prog ' + __version__)
oParser.add_option('-s', '--line', default='Hello World', help='The line of text to print on the screen (default Hello World')
(options, args) = oParser.parse_args()
if len(args) != 1:
oParser.print_help()
print ''
print ' %s' % __description__
print ' Source code put in the public domain by Didier Stevens, no Copyright'
print ' Use at your own risk'
print ' https://DidierStevens.com'
else:
pdffile = args[0]
oPDF = mPDF.cPDF(pdffile)
oPDF.template1()
oPDF.stream(5, 0, 'BT /F1 24 Tf 100 700 Td (%s) Tj ET' % options.line)
oPDF.xrefAndTrailer('1 0 R')
if __name__ == '__main__':
Main()
Ready for some Security Through Obscurity fun?
I’ve been playing with TrueCrypt‘s Boot Loader Screen Options to display a custom message when I boot my laptop with full disk encryption.
It’s probably enough to be misleading during a casual inspection of your laptop:
The screen doesn’t even display asterisks when you type your TrueCrypt password.
It’s just as unresponsive as the original “NTLDR is missing” screen.
The only difference with the Windows XP NT Loader missing message, is that the original is just a bit longer:
Or you can just let it display gibberish, like this:
And if challenged, say your laptop was infected with a virus from that damned hotel’s WiFi network.
In response to Bruce Schneier’s latest post, let me explain how you can corrupt your own PDF documents for free. Open your PDF document with a binary editor, search for references to the root object (/Root), and overwrite the reference (36 in my example) with a non-existing reference, like 00.
RT @brucon: Early-bird registration for BruCON training ends in just 9 more days! Do yourself a favour and talk with your boss this afterno… 1 week ago
RT @adulau: Cisco call manager the AES key used to cipher the password is hard-coded in the Java classes. Key is the same everywhere... #SS… 1 week ago
RT @digininja: Ncat will get Lua support as part of the nmap google summer of code.Can't imagine how it will work but bet it will be very u… 1 week ago
RT @brucon: 12 more days until the early-bird registration deadline for BruCON training. After that, prices jump EUR 100. You know what to … 2 weeks ago
