Friday, November 14, 2014

SANS 2014 - Abu Dhabi (SEC575 Mobile device security and ethical hacking)

Hey guys,

So here is a glimpse of my training trip to Abu Dhabi for SANS 2014. The course i attended was SEC-575 Mobile device security and ethical hacking. I really had a great time and the session was very informative. Since its not fare to shoot a video of the entire session and upload it on YouTube here in the below video is just glimpse to give you a feel of the class.

Enjoy ... here it is

Abu Dhabi was really beautiful and i really enjoyed the entire week though i was alone :P

SEC575 course is awesome and i really learned quite a few tricks from the session. The instructor was Tim Medin and he was a cool guy.

Here is myself and Tim.

You can go through a lot of pics that i took on my facebook album here

Sunday, October 12, 2014

Running ubuntu linux on mk808 minipc

Howdy folks

So my mission this time is to run Linux on cheap Chinese MK808 Minipc which comes with stock android and can be connected to your HDMI television and make it smart. This device is powered by an ARM 1 GHZ dual core processor, plenty of RAM, good GPU and internal WiFi all compressed into little tiny dongle which is slightly bigger than a normal flash drive.

With its dual-core 1.6-GHz Rockchip RK3066 CPU, 1GB of RAM and 8GB of internal storage, the MK808 Android Stick PC provides solid performance that's good enough for playing full-HD movies, surfing the Web and even doing some gaming.

Noted Android developer Finless makes a custom ROM for the MK808 and available for download on This custom ROM allows full 1080p output, a set of additional launchers and the ability to remotely control your Mini PC from an Android phone or tablet. After downloading Finless ROM and connecting the MK808 to a Windows PC while pressing a paper clip into a hole on its bottom surface (to enable Flash mode), we ran the Finless installer, which completed within 5 minutes.

For Rs 2k, the MK808 Android Stick PC provides enough power to let you view HD videos, set up a DLNA server for sharing media files, surf the Web, make VoIP calls and even play games. However, users who want to do video conferencing should consider the Measy U2C, which costs more but comes with a webcam and microphone built in, and those who want more power should opt for the quad-core versions. However, if you want the best value around, the MK808 is a strong choice, as long as you're willing to flash a new ROM.

I currently have a Mk808, Mk808B (with additional Bluetooth) and a Mk908 (quad core version with different chipset) and i absolutely love playing with them.

Mk808 is powered using the adapter which is rated 5v 2A so basically it can be powered by cheap portable power banks easily.

So with all this info I set out to my mission to have Linux installed in this sweet device. I don't know much of Linux but the main issue that I am about to face is lack of open source Linux kernel for Rk3066 chipset. This is because manufactures did not really make it open source. Sad :(

Still I didn't really think of which Linux distro to use on this. Being in Information security field I am always biased towards something like Kali Linux :D But i jumped into the problem any ways. First I did try to learn some techniques of loading Linux on this device. Fortunately i had lots of help :) There are lots of people like me trying to do the same. As mentioned earlier, the fabulous finless rom boot loader and firmware flashing tools can be used to burn Linux on the device.

So the next thing was kernel, i heard that an awesome kernel has been ported by our dear friend Olegk0 which is said to be stable on mk808, so i downloaded that. Now for a root file system i thought of using kali linux and there is an awesome tutorial on how to make kali root file system for ARM devices in their website here. Unfortunately the webpage with long detailed steps to create custom file system for kali is offline as i write this article. SAD :(

So based on that i created a kali rootfs for ARM and then using cross compilation i compiled the kernel sources from olegk0 and burned all this using flashing tool that came with finless rom. Below is what happened in my first try

The OS did not boot up as planned but then I fixed it. Now I got Kali shell prompt. Now what? Oh yes I had issues with video driver. That too got fixed. Finally I loaded Kali GUI on mk808 :)

But then i found out most of the tools in kali had issues with ARM so i got confused again. Meanwhile i attended a hacker conference called cOcOn where i met Dr. Philip polstra who happens to be a veteran in the field. He actually made a portable pentest platform on beaglebone black and he demonstrated it there. Its called The Deck and it is awesome. So we both had a chat and he told that he uses a custom distro which is made himself for beagle bone and said it could be ported on to mk808 as well. So I thought I will give it a try. I downloaded it and tried to flash it to mk808 and this is what happened. I never was able to get past the login screen and am still trying figure out what went wrong there, it might take a while but i will try my best to run The Deck on mk808. Thanks for the all the awesome support Phil, it really meant a lot to me.

Philip Polstra and Me during cOcOn :-)

Ok so as i was going ahead with my venture with the Deck, i came across an ubuntu port for mk808 made by justintime4tea. This looked promising and i gave it a try. It is awesome and i was able to finally load a stable linux version on mk808 now. I tried adding drivers for my alfa card and you can see a small demo of the same in the youtube video shown below. Enjoy. Still a lot of work is in progress, and now i am trying to mix several tools from The Deck on to this ubuntu and it will take some time to finally have a portable penetration testing platform on mk808. I will keep you all posted. Thanks :-)

A Diy bug lure and zap from old mosquito bat

So... OK here is the story: I am on bed at night watching some movie on my tablet and soon trouble starts. These nasty little bugs, attracted by light, crawls all over my bed. AND I AM SICK WITH THEM !!!!! ARGHHHH!!!!!!

Next day i set out to blast these bugs (Fortunately they are not big as the ones in star ship troopers lol ). So they are suckers for lights, bingo some multicolored LED s gonna do the trick.

How to blast them? Its a pity, I did not happen to have any nuclear warheads lying around in my garage.. But wait my brother found the exact solution

An old mosquito Zapper electric bat, with a dead battery.. PERFECTTTTTTT :) :D Thanks Bro (Seriously he gave me a good pose with that laugh for something else)

So I hacked that bat, literally to get me the inner guts (aeewww :P)

This little sucker, sucks in about 3.5volts and squirts a large amount of voltage out. that is the part we are interested in. Just for the record, this dude has a battery charging logic as well (RIP that). Alright, we have got most of it. Now what? Oh yea LEDs, I love them :D

I bought a couple of LEDs from a local shop and I had a LM317 lying around to regulate the voltage. Not to mention the 12v 1A AC adapter or 12v SLA lying around in the house.

So at first i made these

2 Parallel connected sets ( 3 series connected LEDs)  lol on a prototype board ..... cool

Now to make a neat simple voltage regulator, I used LM317 and a bunch of resistors. It pretty simple circuit, If you are interested please go to this link. Which contains detailed information. I kinda hate redundancies unless its a matter of security (I know Tony stark thinks the same way... Wanna bet? Check out the scene in the Cafe where Ironman hangs out the day after his birthday when his suit was taken by his best buddy. Agent Romanov says "Multiple redundancies to prevent unauthorized usage" :D)

Ok that being said here is my Regulator 

See it in action 

Now all i have to do is connect the LEDs and Zapper board in parallel way. Of course you have to trim down the voltage fed into Zapper to 3v or else the poor chinese made stuff aint gonna hold it :)

Ok Now i mounted the whole stuff (I salvaged the metal net thingy from the bat and taped it on a cardboard box and it looks neat aint it?

I tested it on different batteries (Li Po and SLA ones ) It works perfect.

Ok now this little dude serves me well at night so that i can watch movies all night BUG FREEE

Hope you guys like my simple hack. It getting real late i should be back to watching movies Lol

I have uploaded a video i took some time back while making the Zapper enjoy :D