PYTHON DEVICE HACKING (KEYBOARD)

After spending a bit of time hacking at the gamepad I decided to take a deeper look in to how /dev devices worked in Python, the easiest device I could get my hands on of course was a keyboard.

First things first I needed to discover which device name represented my keyboard, to do this I used the virtual /proc filesystem at /proc/bus/input/devices :

I: Bus=0011 Vendor=0001 Product=0001 Version=ab41
N: Name="AT Translated Set 2 keyboard"
P: Phys=isa0060/serio0/input0
S: Sysfs=/devices/platform/i8042/serio0/input/input3
U: Uniq=
H: Handlers=sysrq kbd event2
B: PROP=0
B: EV=120013
B: KEY=4 2000000 3803078 f800d001 feffffdf ffefffff ffffffff fffffffe
B: MSC=10
B: LED=7

From the above output I can see my device is event2 within Handlers, which I know is the block device /dev/input/event2 .

4/11/2013 DevelopmentPythonHardware

PYTHON DEVICE HACKING (GAMEPAD)

So today I was reading an article on Hack A Day about a user who wrote a Python script to interrupt his USB Gamepad, I watched the video and realized I had a very similar gamepad laying around. One thing led to another and I found my self attempting the same sort of project.

The Gamepad I am using is a Logitec Dual Action :

gamepad

Using some of the code posted on Hackaday I quickly realized my Gamepad returned quite different result and thus needed different code.

4/11/2013 DevelopmentPythonHardware

REVERSE ENGINEERING A BINARY 1

DISCLAIMER

Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country.

THE CODE

In this paper we are going to go over the reverse engineering of a simple compiled C++ binary, if you look below I have included the source code. This program will check user input and compare it against the string 2512 , if it matches you get the printout “Correct!” or if your wrong you get “Incorrect…”:

4/11/2013 DevelopmentReverse EngineeringHacking

REVERSE ENGINEERING A BINARY 2

DISCLAIMER

Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country.

THE CODE

In this example we have a bit more complicated program which assigns two integers to varibles then performs a multiplication on them to get our code :

4/11/2013 DevelopmentReverse EngineeringHacking

PYTHON FREQUENCY ANALYSIS FOR CIPHERS

Dancing_men

Frequency Analysis is the study of the frequency of letters or groups of letters in a cipher text.

Using Python we can extract the count of letters, bigrams, and trigrams, lets have a look shall we:

$ ./frequency.py --help
usage: frequency.py [-h] [--letters] [--bigrams] [--trigrams] msg

positional arguments:
  msg             Message to count letters in

optional arguments:
  -h, --help      show this help message and exit
  --letters, -l   Frequency of letters
  --bigrams, -b   Frequency of bigrams
  --trigrams, -t  Frequency of trigrams

Lets go ahead and enter a simple sentence and do some testing:

4/11/2013 DevelopmentPythonCiphers

WACKY PYTHON IMAGE CREATION

The other night I had a wacky idea of extracting each pixel from an image in order to save it as a plain text ASCII file.

Of course this is not ideal and can take a bit of time, but like most things I do with python its just for the fun of it.

I figured the easiest way to achieve this would be to use Python’s Image library and save the output to a serialized pickle text file.

4/11/2013 DevelopmentPython

CLEARING VARNISH CACHE WITHOUT RESTART

There has been a number of times when I’ve needed to clear the Varnish caching server’s cache, but had no clue how to do this. This resulted in me restarting Varnish, which really wasn’t needed.

The easiest way to clear the Varnish cache (without restarting) is by using the varnishadm command line tool:

varnishadm -T 127.0.0.1:6082 url.purge .

The man page for varnishd shows a number of command which can be used with varnishadm , but the one we need is url.purge:

4/11/2013 LinuxVarnish

PYTHON RUNNING SYSTEM COMMAND

So there are a few ways to run system command using python, but I tend to find the below approach the easiest to use and has error handling.

First off I would create a function rather than running the commands over and over:

import subprocess

def run(command):
    '''takes a string command and hands back a subprocess object'''
    process = subprocess.Popen(command.split(), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    process.wait()
    return process

The function itself is pretty small and makes use of the subprocess library .

4/11/2013 DevelopmentPythonLinux

CREATING QR CODE WITH GOOGLE

So today I thought I would be neat to show how to quickly create QR codes using Google’s Chart Tools .

Google gives us a extremely easy way to create QR code by sending GET data request via URL: https://chart.googleapis.com/chart?cht=qr&chs=300x300&chl=nessy That is nice and easy, but I figured I would wrap this up in a small Python script just because:

#!/usr/bin/env python
from urllib2 import quote, urlopen, Request
from poster.encode import multipart_encode
from poster.streaminghttp import register_openers
import sys

def create(width, heigth, data):
    '''Builds a URL for Google to create us a QR code'''
    # build and make URL request
    google_chart = 'https://chart.googleapis.com'
    url = '%s/chart?cht=qr&chs=%sx%s&chl=%s' % (google_chart, width, heigth, quote(data))
    request = urlopen(url)
    response = request.read()

    # write QR code to file
    f = open('qr.png', 'w')
    f.write(response)
    f.close
    return 'Wrote qr.png..'

def read(qr_file):
    '''Reads a QR code by URL'''
    # post image to decode page
    register_openers()
    datagen, headers = multipart_encode({'f': open(qr_file)})
    request = Request('http://zxing.org/w/decode', datagen, headers)
    response = urlopen(request).read()
    return response

if sys.argv[1] == 'create':
    print create(300, 300, sys.argv[2])

if sys.argv[1] == 'read':
    print read(sys.argv[2])

Basic usage works like so:

4/11/2013 DevelopmentPython

BRUTE FORCING SALTED PASSWORD

Since my last post showed how to check a salted password, I figured this time we can look over some example code for brute forcing a salted password. Of course this is just proof of concept and should not be used on any password you do not have access to.

The code I tossed together is using a bit of some examples I found online, and is no where near optimized for speed, but as I will show it will work.

4/11/2013 DevelopmentPythonHacking