Archive for the ‘Android’ Category

« Older Entries
Newer Entries »

To hell with Best Buy.

Sunday, January 6th, 2013

Battery life on my Android phone has always been an issue.

Not too long ago (I think slightly more than a year) I bought a 1750 mAh hour battery from Best Buy. That worked okay for a while, but over the past few days, it has become clear that battery is dying.

“No problem,” I thought. “I’ll get another one from Best Buy.”

Went to Best Buy. Looked for batteries. Couldn’t find any. Got a clerk’s attention.

Best Buy no longer carries any cell phone batteries. At all. They’ve got car chargers. They’ve got cases out the wazoo. But no batteries for any cell phones, even the ones they currently sell.

The clerk told me “go to Batteries Plus”.

(Batteries Plus wanted $43 for a standard capacity Evo 4G battery, and didn’t have any 1750 mAh batteries. Screw that. I can get two 2000 mAh batteries from Newegg for $11.29. And I still have my original Evo 4G battery, plus a 3500 mAh battery that I paid $4.99 for a while back. I haven’t been using the 3500 mAh one because it is a physically larger battery that requires putting a custom back on the phone (included with the original purchase), which would in turn require removing the case I have on the phone. But it is there if I need it while I wait for the Newegg ones to come in.)

(Yes, I know it was CompUSA, not Best Buy, but this is still obligatory.)

Posted in Android, Stupid | 2 Comments »

The map is not the territory.

Monday, October 1st, 2012

I was going to the destination for Saturday’s Saturday Dining Conspiracy. So, of course, I put the address into the new IOS6 mapping application on my shiny new iPhone 5.

The phone routed me to a shopping center across a major highway and, I’d estimate, about .3 miles from where the restaurant actually was.

Oh, wait. Did I say “IOS6 maps” and “shiny new iPhone 5”? I’m sorry. I meant to say “Google Navigation” and “my two-year-old HTC EVO running Android”.

Point being: Apple’s new Maps may not be up-to-spec, but I’ve personally run into problems with Google Maps/Google Navigation on my phone as well. Apple gets all the attention now, probably because new! shiny! but the claimed perfection of Google does not exist.

(As I said above, I use an HTC Evo on Sprint. Now that I’m off contract, I am considering an iPhone 5, mostly because I’m not totally happy with Android as an environment and as an ecosystem, as well as not very much liking the Sprint add-ons. As I’ve said elsewhere before, I work professionally with Windows and UNIX based operating systems, my main home computers are Macs, and my laptop is a netbook running Ubuntu. I don’t have a dog in the platform wars, and I don’t really give a damn what you use, or what you think of other people who use a different platform.)

Posted in Android, Apple, Geek | Comments Closed

I am disgusted.

Thursday, August 2nd, 2012

It is 3:00 PM local time on Ice Cream Sandwich Day, and nobody has brought me my Android 4.0 tablet yet.

Posted in Android, Geek, Sarcasm | Comments Closed

DEFCON 20 notes: day 2.

Sunday, July 29th, 2012

Note: I’ve updated the day 1 notes with a couple of things I forgot to include last night.

Defeating PPTP VPNs and WPA2 Enterprise with MS-CHAPv2“:MS-CHAPv2 is a wildly popular authentication protocol. For example, DEFCON’s “secure” network uses MS-CHAPv2. People have been attacking CHAP for a while now, but most of the attacks are dictionary attacks, where you use asleap and throw a word list at it, hoping the user picked a weak password.

So is MS-CHAPv2 security password dependent? That’s a reasonable assumption, but not true.

If you look at the details of the MS-CHAPv2 handshake (Moxie had a good visualization, which I can’t find online or I’d link to it here) there’s only one unknown: the MD4 hash of the user’s password. Everything else is sent in the clear, or can be derived from known information.

MS-CHAP does a series of three DES encryptions on the user password. But it isn’t 3DES: it is just three DES encryptions with three keys. One of those keys is padded so it is really only two bytes, which makes it easy to crack. The other two encryptions use the same plaintext; the end result is that the complexity of cracking MS-CHAP DES reduces to about the same as normal 56-bit DES, 2 to 56th power.

Enter the folks at Pico Computing, about whom I have written before. Pico built a machine with 48 FPGA chips, each with 40 cores running at 450 MHz, to attack DES. This machine can search the whole keyspace in about 23 hours. And Pico has come up with some clever optimizations for the FPGAs: preconfiguring memory, reducing the bus down to “key found/key not found” (since searching the keyspace is linear, if you know when the bus went to “key found”, you can figure out what the key is), and possibly just using JTAG instead of a bus.

“So what,” you say. “I don’t have a single FPGA, let alone 48 of them.”

Enter chapcrack. Do a packet capture, point chapcrack at it, and chapcrack will pull out the MS-CHAP handshake, in a handy form which you can submit to…

CloudCracker.com, which now supports MS-CHAPv2 attacks. Estimated turn-around time is one day. Woo hoo woo hoo hoo.

(Edited to add: Added a link to a blog post by Moxie Marlinspike summarizing his and David Hulton’s (of Pico Computing) presentation 8/1/2012.)

“Exploit Archaeology: Raiders of the Lost Payphones”:More of a fun panel than a practical one, covering all the stuff the presenter went through to find documentation and tools for an old Elcotel payphone he was given. Among other things:

  • The upper housing lock (which covers the internal phone mechanism, including the reset to defaults button) is a relatively easy to pick 3-pin lock (with “anti-impressioning divots”).
  • The lower housing (where the money is stored) is a much harder to pick 4-pin lock. But the presenter got lucky…
  • You also need a special tool, called a T-wrench, to do certain things. The presenter was able to improvise one…

So once you’ve got a payphone, what can you do with it? You can hook it to an ATA and connect to an Asterisk system, and have some fun that way. (The presenter pointed out that by law, 911 calls are required to be free. So he had some fun connecting the payphone to his Asterisk system, and configuring it so dialing 911 on the payphone got an outside line through Asterisk.)

Anyway, it turns out that there are three ways to program/reprogram these phones: there was specialized software available (Elcotel has been out of business for years, but the presenter managed to get a copy of the software, crack it, and get it running), local telemetry (where you open up the upper housing, reset the phone, and let it guide you through voice prompts for reprogramming), or remote telemetry (the phone has a modem). VOIP, by the way, is not well suited to modems.

Some notes:

  • these phones have a default ID of 9999
  • a default password of 99999999
  • a secondary password of 88888888
  • The phone ID is generally set to the last four digits of the phone number.
  • And the passwords are frequently left at the default.

There’s some other fun stuff you can do with an old payphone. For example, the presenter managed to rig up his phone, a Pwn Plug, and some custom scripting into a system that allows you to run NNmap port scans over the phone. But I’ll leave details of that for his presentation when he puts it up.

Into the Droid: Gaining Access to Android User Data“: Excellent presentation covering some of the ways you can get user data out of an Android device, even if it is locked or encrypted. For example:

  • you can use the abootimg tool to create a custom boot image, intercept the phone’s bootloader, and force it to use your image.
  • Special USB debug cables work on some devices.
  • The salt for the lockscreen and system passwords can be pulled out of specific locations on the device and cracked with something like oclhashcat-lite. (See the presentation for specific details on where the salt and key are located.)
  • Applications with no permissions can still create a root shell and send information back to an end user (by hiding data in URL parameters, for example).
  • There’s a specific distribution, Santoku Linux, designed for mobile device forensics (both IOS and Android). This is a work in progress, per the presenter…

(While I’m at it, let me say that I’m really impressed with viaForensics, especially their presentation page. Not only did they have the DEFCON presentation up, but it looks like there’s a lot of other good stuff there as well. I’m particularly interested in “iPhone Forensics with free and/or open source tools” and the “Android Forensics Training Presentation“.)

“Off Grid Communications with Android – Meshing the Mobile World”: Solid presentation discussing the Android networking stack, hacking the stack and flipping chipsets into ad-hoc mode, and network routing algorithms. End result: the SPAN project on github, which provides open-source tools for Android mesh networks. (There’s also a paper in that repository that covers the same ground as the presentation, including sexy diagrams of the Android network stack.)

“The Safety Dance – Wardriving the Public Safety Band”:Basically: public safety providers are moving into the 4.9 GHz band. And it is possible to monitor their traffic using equipment bought for cheap off eBay, or equipment that, with the right drivers, can be tuned down to 4.9 GHz. One of the presenters has a blog entry here that covers some of what was in the presentation, and the github repository of their patched drivers, etc. can be found here.

I missed Kaminsky’s “Black Ops” presentation for reasons of the Penn and Teller theater being full, and I can’t find it online (yet). So I wandered over to Renderman’s “Hacker + Airplanes = No Good Can Come Of This” and got there a little late; late enough, as it turned out, that I missed Renderman observing that he was constantly being scheduled on panels opposite Kaminsky, and darn it, he’d really like to see a Kaminsky panel.

But I digress.

So have you ever wondered how things like PlaneFinder work? As part of the government’s efforts to bring air traffic control into the 20th Century, they’ve implemented something called ADS-B. Planes equipped with ADS-B transmitters send out data (such as their aircraft ID, altitude, GPS coordinates, bearing, and speed), which is picked up by ground stations and fed into the systems that feed PlaneFinder and other such sites. There’s two types: ADS-B Out, which is sent automatically as a broadcast, and ADS-B In, which allows planes to listen to each others ADS-B Out broadcasts, so that (in theory) they’re aware of each other without needing air traffic control.

(According to the presentation that followed Renderman, ADS-B is at about 70% penetration for commercial aircraft, and much lower for general aviation. The government’s goal is to have the majority of traffic on the system by 2020.)

When does this get interesting? Right about now. First of all, anyone can build a ground station and receive ADS-B broadcasts. Renderman has. (I understand there’s been quite a bit of work on using cheap-ass USB digital TV tuners as ADS-B receivers.) That gets you access to the flight data going over your head.

But wait, there’s more! ADS-B has no authentication and no encryption built in. That means anyone with the proper equipment (a radio that transmits at 1090 MHz) can spoof ADS-B broadcasts.

Remember the part above about how planes could use ADS-B to keep track of each others positions,  bypassing ATC? Have you booked your Amtrak ticket yet?

As ADS-B usage grows, attacks are likely to become more disruptive. What happens if someone starts jamming ADS-B signals? Or inserting fake flight data? Or has the same fake plane in two places at once? The official response, according to Renderman, boils down to “trust us”. “Us” being the same folks who brought you Operation Fast and Furious. Pull the other one, guys; it has bells on.

Edited to add: Link to Renderman’s slides for this presentation added 8/1/2012.

“Busting the BARR: Tracking ‘Untrackable’ Private Aircraft for Fun & Profit”: A semi-related panel to Renderman’s. So how does PlaneFinder get the data that comes from ADS-B broadcasts? The FAA has a feed (called ASDI: Aircraft Situation Display to Industry); they’ll send you the data in XML format, and you can parse it and display it and hug it and squeeze it and call it George, if you want.

However, the FAA also has something called the “Block Aircraft Registration Request”. If you’re someone who doesn’t want their flight information made public, you can put your aircraft on the BARR list. This doesn’t strip your data out of the ASDI feed; that’s still there, but sites that use ASDI (like FlightAware) can’t display information for flights on the BARR. (If you want to subscribe to the ASDI feed, write an XML parser, and be notified every time Jay Z’s plane takes off and lands, more power to you. You just can’t share that information with others.)

So how did the presenters work around that? Their project basically comes down to:

  1. Monitoring LiveATC.net and downloading ATC communications.
  2. Using speech recognition to pull out flight information (such as tail numbers of planes).
  3. Profit. Or in this case, OpenBARR.net, which is still in testing.

That was enough excitement for one day. I seriously thought about entering the DEFCON Beard Competition, but I couldn’t tell if there was a cash prize and I don’t want the IOC revoking my status as an amateur.

Posted in Android, DEFCON 20, Geek, Planes, Radio | 5 Comments »

-2 Day DEFCON 20 notes.

Monday, July 23rd, 2012

The schedule for DEFCON 20 is up.

Lawrence reminded me on Saturday that I also had not solicited panel requests, so this is your pre-DEFCON 20 post.

I’m flying out Wednesday morning and getting to Las Vegas around 1 PM. I’m hoping to visit the Mob Museum (just because it is new since my last visit, and I haven’t seen it) and to make a return trip to the two bookstores I visited last year. Lotus of Siam is also required.

There is some stuff going on at DEFCON on Thursday:

Here’s what I’m interested in on Friday:

Saturday, we have a possible tie for this year’s “Hippie, PLEASE” panel:

I shan’t be attending either. The Saturday panels I am interested in:

Sunday! Sunday! Sunday! Live at DEFCON 20! Nitro-burning FUNNY CARS!

So that’s that. If anyone has any specific panel requests after looking over the posted schedule, let me know (by email on in the comments), and I’ll try to hit those events. Also, if anyone has any recommendations for new, cool, or interesting places to eat in Vegas, feel free to leave those in comments.

(Edited to add: It’s a Borepatch-o-lanche! Thank you, brother man!)

Posted in Android, DEFCON 20, Food, Geek, Planes, Python | 4 Comments »

Noted.

Thursday, May 17th, 2012

I can get Wired for a buck an issue if I use the blow-in cards that come with the print edition. (I can also frequently get Wired for a buck an issue if I purchase it at Half-Price Books.)

If I go to their website to subscribe, the combined print/tablet issue costs $1.67 an issue. The tablet or print issues by themselves cost $1.25 an issue.

If I get the Wired app from Amazon for the Fire, yep, $1.67 an issue if I do an in-app purchase. And the app gets mixed reviews.

(Current print subscribers apparently get the content for free. Which means that it makes more sense to go to Wired‘s web site and subscribe than it does to do an in-app purchase: $15 vs. $19.99. It makes even more sense to subscribe using the cards, but then I have to deal with the print editions.)

Look, Conde Nasties, I’d be happy to subscribe to the Kindle edition of Wired. But I want at least as good a deal as you give on those blow-in cards. One dollar an issue or bust!

Posted in Android, Geek, Kindleing | Comments Closed

En Fuego.

Wednesday, May 9th, 2012

Some folks may have noticed that I haven’t written much about my experiences with the Kindle I purchased a while back.

Well…the screen went south on that one and it is unusable.

I’d held off on replacing it because I have the Kindle reader on my phone, so there wasn’t a compelling argument for me to have a stand-alone Kindle.

At least until Amazon had their sale last week offering refurbed Kindle Fires for $139.

Mine arrived yesterday. I’m still messing around with it trying to get things set up the way I want then, but expect some thoughts on the Fire in the nearish future.

(I actually do still agree with John Siracusa’s summary of the Kindle Fire: “a magical, colorful window through which you can give money to Amazon“. But my plans for the device mostly do not involve giving a lot of money to Amazon; rather, I’ve been loading it up with O’Reilly ebooks and public domain/free content.)

Edited to add: Interestingly enough, the Standard Catalog of Smith & Wesson 3rd Edition is available on the Kindle, and probably works much better on the Fire than it does on the regular Kindles. I’m willing to give Amazon $15.39 for that; Supica and Nahas are essential, but also an awful lot to lug around.

Posted in Android, Guns, Kindleing | Comments Closed

Some things that have been rattling around that I’d like to point out.

Wednesday, March 7th, 2012

A few days ago, the News @ Y Combinator Twitter feed linked to this article, misleadingly titled “24/192 Music Downloads…and why they make no sense”. I say “misleadingly” because the article is actually a very good introduction to the theory of digital audio, touching on such subjects as the human ear and how it works, how we know that humans can hear between 20 and 20,000 Hz, Nyquist sampling, and ABX tests.

ABX is considered a minimum bar for a listening test to be meaningful; reputable audio forums such as Hydrogen Audio often do not even allow discussion of listening results unless they meet this minimum objectivity requirement.

Holy cow! You mean, there are audiophiles out there who actually believe in science and double-blind testing? My faith in humanity is restored.

The Hon. John Gruber pointed out a post by Chris Hofstader about disability advocacy groups (in particular, the National Federation of the Blind) and how they treat corporations:

At last years NFB convention, ebay was the lead sponsor. Guess what? The ebay web site had, at that time, dozens of accessibility problems . NFB took ebay’s sponsorship dollars while ignoring their poor accessibility. Those of us who would say that any group advocating for our community should require accessibility before rewarding a company by splashing its name all over their convention like they were a friend of our population.

It isn’t just ebay: Hofstader points out that the NFB has been harshly critical of Apple (a company that has done a great deal to promote accessibility) while promoting Google’s Android (which, per Hofstader, has poor accessibility).

I’ve been seeing a lot of promotion of something called “Kony 2012”, which appears to be tied to a campaign by a charity called “Invisible Children” targeting Joseph Kony and his “Lord’s Resistance Army” in Uganda. From what I can tell, Kony is a scumbag who recruits children to fight his battle against the Ugandan army. I think he deserves to be killed; and apparently, we (that is, the United States military) have sent forces to kill him in the past. But the whole “Kony 2012” campaign seems to be, from what the supporters state, about raising money and “awareness”. As far as “awareness” goes, what good is that going to do? As far as money, money for what? Hiring mercenaries to kill Kony?

“Kony 2012” may be a worthwhile cause. But before you jump on the bandwagon, I’d like to suggest that you read the “Visible Children” Tumblr blog, which offers an alternative and skeptical take on the cause. (I will point out one problem with Grant Oyston’s entry: Invisible Children currently has three stars on Charity Navigator, not two Edited to add: I misread Oyston: IC has three stars overall, but he is correct in stating that they only have two stars in the specific subcategory of “Accountability & Transparency”.)

Posted in Android, Apple, Clippings, Geek | 1 Comment »

It’s like, how much more black could this be? and the answer is none. None more black.

Thursday, January 19th, 2012

WCD did not go on strike yesterday because of SOPA and PIPA (though we did call our Congress slime and make our views known).

(By the way, we think the “Congress” app for Android  is pretty spiffy.)

Basically, there just wasn’t much going on yesterday.

Today, we note the NYT‘s article on discussions of doing away with the leap second.

Also noteworthy: Penn State trustees discuss the decision to fire Paterno.

We have no joke here, we ust like saying “feral burros”.

Posted in Android, Clippings, Geek, Law, Sports | Comments Closed

Motorola Galaxy Optimus Prime Plus XT

Tuesday, December 6th, 2011

You want to make sure to get the XT model, not the regular Prime Plus.

Seriously, this kicked over our giggle box: the Android Phone Name Generator.

(Admit it: you thought for a second that the “Galaxy Optimus Prime Plus XT” was real.)

(Hattip: Mr. Vodka soaked himself.)

Posted in Android, Clippings | 1 Comment »

Desert Bus update.

Tuesday, November 22nd, 2011

You can now get Desert Bus for Android and iOS. Yes, this means you can play Desert Bus on your iPad.

It is 99 cents, but the money goes to Child’s Play. So you can feel virtuous while you pretend to drive between Tucson and Las Vegas. At 45 MPH. In real time. In a pretend bus that keeps drifting to the right.

Posted in Android, Apple, Geek | Comments Closed

DEFCON 19 update #1.

Wednesday, August 10th, 2011

Added links to the following presentations:

Posted in Android, Apple, DEFCON 19 | Comments Closed

« Older Entries
Newer Entries »