Defcam 2.0 Preparation and more from Defcon 27!

DC27 Defcam2 - link UP

So I did not “complete” my hat until very late Friday when i finally got it to announce its link status on its new set of 14 segment displays.  It performed admirably all weekend.  Thanks to Paul for safely transporting it to and from Vegas. I must also thank Stephen for his late night help on Wednesday. (tacos are not enough)  Without his amazing soldering, i’d still be trying to figure out what i had done wrong.  Here are some pictures from that night and the con to follow. . .

DC27 Defcam - Return to operationDC27 Defcam2 - PreparationDC27 Defcam2 - new headerDC27 Defcam2 - PrototypingDC27 Defcam2 - CompleteDC27 Flight - Solar CollectorsDC27 - Nixie Badge
DC27 Villages - Rogues Village - Shuffle TheoryDC27 Talks - Detecting Mac MalwareDC27 Villages - Hacking a BoatDC27 - Badge Rick
Continue reading “Defcam 2.0 Preparation and more from Defcon 27!”

Google Play support agent suggests waiting a year for problem to go away. (audio)

I have been struggling with a Google Play suspension.  For some reason, google policy is not to discuss suspensions. period.  Not even to resolve them.  I have been battling with email and phone support for days, but this last communique was just too good not to share.  In this recording, the Google Play support agent admits nothing can be done and suggests i wait a year for the problem to resolve itself. (edited to remove personal details and to shorten length)

Google Play Fail - Rejected reinstatement

 

New security updates overtake jailbreak advantages.

There are just so many privilege escalation fixes in the latest iOS 12.2 update. I finally removed the jailbreak from my primary device and updated.  Privilege escalation is when an unprivileged or user process (like an app from the app store or even a web page*) gets root or even kernel authority.  This is when bad turns to worse because it can do and see anything with any of the device’s data or sensors.   Since even the big trusted apps have been caught tracking or stealing data, I simply couldn’t leave myself unprotected any longer.

I’ll still of course keep a development device jailbroken on 12.1.2 for all of the reasons. It was a wonderful experience, only slightly beta. I appreciate all the hard work by everyone in the scene. I think i am going hate seeing the home bar again the most.

* web pages are often sandboxed separately from the app itself. Some might argue that a webpage would first have to escape the sandbox before it could escalate privileges. this is true, but i would respond that sandbox escape is just another form of privilege escalation, only one level down. There are also over a dozen webkit fixes in this update.

Open source artisanal iOS Jailbreak released using only grass fed locally sourced exploits.

Cydia - Package management system for Jailbroken iOS.

A long time in the works, this is the first completely open source jailbreak to be released for an almost current version of iOS (11-12.1.2).  This is an interesting jailbreak.  It is semi-tethered, but unlike previous jailbreaks, this can at least be untethered from the device itself.  Using Cydia Impactor, you can side load the unc0ver app and install the jailbreak directly from the app.  it also allow the easy rejailbreak upon reboot or battery drain. Great work all around despite the remaining bugs and instability (it is still beta. Huge thanks to the efforts of @pwn20wnd and @sbingner).  To be honest, there are very few tweaks and apps that are ready for iOS 12, but i am excited to see the tradition of jailbreaking continue.  I have cydia again!  For the first tine since I closed down my own cydia repo.  C’mon developers, do you thing!

iOS jailbreak 12 unc0ver iOS 12 jailbreak -Cydia on iPad Pro
In truth, i never got it going on my phone, only my iPad.  I get a crash on my phone immediately after this dialogue comes up.  It took a few passes to get a picture (this one extracted from a screen record).  Not sure exactly what went wrong, but “Unexported kernel task port” is my best clue.  With my phone cashing as soon as it becomes untethered, i am never actually able to run Cydia. On my iPad, instead of rebooting, it resprings.  either way, it is very hard to read the final message.

iPhoneX iOS 12 unc0ver jailbreak fail

UPDATE:  This problem was resolved in b38.

my Asterisk PBX is back!

Google Voice Killed Asterisk SupportAfter Google killed XMPP support for Google Voice, I no longer had a house phone. I was using my Google Voice number as a home phone and for the gate info our building.  This lead to the whole system being ignored and neglected. By the time the SD card gave up the ghost, even the backups were in poor shape. I rebuilt the whole system fresh from the latest RasPBX dist and it’s working better then ever. Bought a real DID so i could continue to use Google Voice on our handsets at home. It’s great to have my Asterisk back.

Back to reality after another amazing DEFCON!

I met a pile of incredible people.  Bought some amazing toys (for science), some i’ve even got working.  Saw some talks and demos.  Talked to some of my heroes and listened to even more.  I saw Ladar Levison talk about epoxying your ports and adding thermite to your hard drives.  I played with the ECU of a fake car!  now i just have finish building the DarkNet Badge!  enjoy my pictures. The hat data is still being analyzed.  I’ll try to build something out of it eventually.


DEFCON26 - Badge Acquired DEFCON26 - Car Hacking Village Badge DEFCON26 - Blockchain Badge DEFCON26 - Show us what you got?! Battlefield Las Vegas - Mac-10 Battlefield Las Vegas - Tank Collection Battlefield Las Vegas - Tank crushing car Battlefield Las Vegas - Tank crushing car close
Continue reading “Back to reality after another amazing DEFCON!”