Plaid CTF

0
Filed under Generic, Security

Plaid hack catch the flag game – wanted to play a little bit before the weekend but seems that people would rather DDOS it.. I wonder why there must always be someone spoiling the game…Or is it a way to gain some time?

Bitcoin mining: how profitable?

0
Filed under Generic

Now that we have gone through the theory, it is time to talk money and roll up our sleeves.
(you can read part1 if you need to refresh the basis!)

So, how profitable is mining?
Here the bad news start.
Remember in the previous article the difficulty rating? Initially a CPU was sufficient. It was OK to just use the CPU for some mining. But as we know, generic processors (i.e. CISC) are not exactly the fastest around, although they are good for multi-purpose instructions.

Then people started to use GPUs. GPU can execute routine jobs much more easily as that is all they were build for: execute instructions. But again, GPUs were not really designed to process bitcoin blocks.
But the era of GPU is now closing to an end as ASIC (application specific integrated circuit) – these have been designed for the specific purpose of processing bitcoin blocks.
Now, while everybody at home has a CPU or a GPU, ASIC hardware is basically useless for anything else other than mining bitcoins. And while with a good GPU we might have got close to 500MegaHash/second, with a little USB ASIC we could easily get 2.5 GHash (like my little redfury).

And here we can start doing a bit of maths. Given I was curious to test ASICs, I bought the redfury sticks, which cost around 100$/120$ each



Now, remember the difficulty rating? While I bought two of those, someone might have bought a whole lot – creating huge arrays with an investment of over 1000$. Newer ASICS are coming out (i.e. ice fury) – some even have dedicated ASIC servers.
In the meantime, difficulty goes up.

Now I have been mining since one month – at 5GH/s I managed to get around 0.02, which makes roughly 8.5$.


Funny thing is, many “pool” services (more about this later), will not pay under a certain threshold (in the case of eclipseMC that I am using, is 0.2)

At this rate (so, without difficulty increase), to make up the cost of the sticks, it will take me two years; without counting electricity cost. Of course though, if I was to invest 3000$ in a specified machine, I would probably be able to make money much faster and probably pay for the investment much faster.

But is it really worth it? This is what I think:

  • Assuming we can get 4000$ in mined bitcoin, is it really a sound investment? Bitcoins will need to be sold or re-used, but the virtual shops accepting bitcoins are just a bunch, while the 3000$ of investment were very real…
  • What if an exploit is found that will invalidate the bitcoins in the meantime? What will happen of the 4000$? Though I guess there is a risk of each investment but…
  • What happen if a new ASIC with 4000GH/s is found in the meantime, that increases the difficulty so much to make any effort with the current hardware pointless?
  • What happens if bitcoins devaluate considerably?

Again, risks are around the corner everywhere, but in this case I would really consider these factors before investing seriously (because this is the only way to make a return) – it might be less risky to invest in stock market!
As far as I am concerned, I can always say that I am also fascinated by how the redfury work, maybe with some PCAP I might be able to decrypt hashed passwords? Looks quite complicated but you never know, time will tell…

What are the alternatives?

Litecoin are a good alternative right now and as I write this article ASIC hardware is a fairly new thing. But is it worth investing good money in litecoin when Bitcoin already exists?

Get started!

This tutorial is for linux box… But should be easy for windows as well
The first thing to do, is finding a mining pool. Mining alone is not suggested as awards are given on block solved, and solving a block alone with a mere 5 GH/s is nearly impossible. A list of mining pools can be found here; though I found myself well with Eclipse mining consortium (which will not pay below 0.02bc). To get paid we need a wallet – coinbase is a good place to start. Desktop software without services can also do this but it will be necessary to download the block-chain… Can take a loooong time. Coinbase will give a wallet address fast and with no fuss. The wallet can be configured in the mining pool.

Create a new worker and password, these will be your username and password for the miner.

The next step is to configure the mining software. For ASIC hardware (and CPUs), cgminer is the best solution. Addresses to connect can be found here for eclipse MC, being myself in europe, I will use stratum+tcp://eu.eclipsemc.com:3333.
Under manage worker, it will be possible to create a new worker, and set the password. The worker can then be specified when cgminer starts:

Login

Fingers crossed, you should see the workers green, and the hashes flowing:

Conclusions
Mining was not made to be profitable. But Bitcoins have a huge potential, and value might still go up. If you decide this is something you are interesting in investing, give it a go, but it won’t be cheap!
One thing I found nice is that, given that I always leave my PC switched on, I can make good use of it to make a few pennies – maybe in three years I will have paid off my red furies and might be able to claim I got myself a beer out of it! :)

 


Bitcoin mining: a human introduction to the theory

0
Filed under Generic

For anybody not familiar with bitcoin, it is basically a peer to peer system to handle transactions of virtual money.

Here is a bit of a summary of how it works:
block – A block contains a set of transactions. But not only. It contains a mathematical puzzle to be solved and a reference to the previous block and more (see link to the bitcoin wiki)
block chain – A series of blocks together will compose the big “bitcoin db”, and a set of blocks is called a block chain. Every transaction can therefore be tracked to its source on bitcoin (well, at least to its crypto alias)
mining – And this brings us to our topic. Adding transactions to the block of chains will be done by miners. Given all the stuff included in a block, this is not an easy task… But will cover this in a bit.
Mining is rewarded through bitcoins.

An element, difficulty, is changed on a block level every 2016 blocks. Difficulty is created for the sole purpose of making a miner’s life hard. If the network was flooded with miners, blocks would be added to the chain one after the other and maintaining (costwise) the network would become increasingly difficult. Basically, the more processing power there is, the lower the shared income of miners.

Now, two weeks are used as a metric for the difficulty. If the 2016 blocks are found before the two weeks, it means there is a lot of processing power, and therefore difficulty can increase.
On the other hand, if the 2016 blocks were found after the two weeks, difficulty decreases.

Comes automatic that the number of miners since the bitcoin came to exist increased, and with it the difficulty… But more about my experiences there on the next post.

Anag vision LCD + Arduino

0
Filed under Arduino

Has been a while since I made a proper post, so thought it was about time to get something done!
I have recently been playing with Arduino – got a nice arduino DUE, a gyro system (they both deserve one post probably…) and an LCD display.

The LCD display was a standard LCD, 16 characters, 1 row, model ANAG VISION AV1611YFBY-WJ, on top “1601L Rev.B”:

LCDOff
LDCModel

Once sorted out all connections…
overview

I uploaded the code on my nice Arduino DUE using the example code

#include <LiquidCrystal.h>

// initialize the library with the numbers of the interface pins
LiquidCrystal lcd(12, 11, 5, 4, 3, 2);

void setup() {
// set up the LCD’s number of columns and rows:
lcd.begin(16, 1);
lcd.print(“Hello World!”);
}

void loop() {

}

This is where I got the disappointment…

Hello

It was impossible to actually print the whole string… String was getting cut after 8 chars.
Since the display is 16 digits, cutting the string at the 8th character does not strike me immediately as an issue of the library…
How about, the LCD has actually two rows of 8 chars (although we can see only one)?
Strangely enough, changing the lcd.begin() to 8 columns, 2 rows did not make a difference.

HelloWorld

Indeed, the solution was to use two rows – but the only way to do the trick was to move the cursor to the second row! Fortunately Arduino’s string manipulation really came in helpful! If anybody needs the code, here it is:
#include <LiquidCrystal.h>

// initialize the library with the numbers of the interface pins
LiquidCrystal lcd(12, 11, 5, 4, 3, 2);

void setup() {
// set up the LCD’s number of columns and rows:

}

void printOnDisp(String toWrite) {
lcd.begin(8, 2);
lcd.print(toWrite.substring(0,8));
lcd.setCursor(0, 1);
lcd.print(toWrite.substring(8,15));
}

void loop() {
printOnDisp(“Hello,world!”);
}

Updated source and binaries

0
Filed under Forensics, Security

New code and binaries out there!
It is now possible to set thresholds within the tool and there have been some stability improvements (though, still not exactly stable…)

I’ll publish the training videos on how to train new files in the next few days and start advertising the tool a bit more!

More news on the way!

0
Filed under Uncategorized
Tagged as ,

Although this website is not picking up yet, the freecode.com page of ANNFiD (the only site where it is advertised officially so far) is getting from 50 to 100 viewers a day!
I am currently working on a new release of ANNFiD, I know right now setting the thresholds is quite hard (must modify sqlite directly), but the new release will get rid of the issue.

Shortly after the new release is out I’ll release the tutorial on how to train new files – so stay tuned for more news!

Last but not least, thank you for everyone helping me (for me this includes advertising the site or writing comments) – having some support is great when you are starting something new

Youtube video uploaded!

0
Filed under Forensics, Security
Tagged as

added a youtube video on how to detect files – available in the “Projects” Section.

Started!

0
Filed under Generic

Fabytes.com has just booted up.

I’ll try to update it with posts on various topics, including security and, most importantly, some of my projects.

The first project I’d like to make public is ANNFiD.

ANNFiD is a tool to detect file types from mangled up files (such as the ones you get from file carving), it uses neural network to detect the type from the byte pattern. This makes the tool extremely flexible – it was created with a nice GUI so training the tool to detect additional files is quite easy, even without any coding knowledge.

There is still much to do such as publishing some instructions and adding new projects and definitely improve the page CSS… But I believe it is time to make some of my ideas available so that they can be improved.

I guess I will write back some time soon!