Monday, February 4, 2013

Adventures with Arduino

For no reason other than they are cool I have been playing around with an Arduino UNO and a Seeedstudio Stalker. Both of these devices are really easy to use and fairly cheep.



UNO w/ LCD Shield
The UNO is a base level arduino model and runs at 5v supplied by a barrel jack connector or via USB. The USB is also connected to an integrated USB USART allowing the same connector to be used for programming and power, as well as being connected to the hardware serial connectors on the micro for I/O.

Conversely, the Stalker runs at 3.3v but only accepts power from a LiPo battery (JST) connector or via the programming header connection. There is also a JST connector for a solar panel to allow the unit to trickle charge the battery for remote sensing apps. In order to program the unit you need an external USART - the UsartSBee is ideal for this as it has all the required connections (tx,rx,dtr,vcc & gnd.)

The other massive difference is that the Stalker has an integrated header for connection an XBee module in addition to the usual ardunio rev 3 layout headers. Oh, it also has a real time clock and mini-sd card reader on board, meaning you don't need extra shields or break outs for those modules. The disadvantage is that those pins are hardwired to the micro making a number of shields incompatible.
Stalker w/GPSBee

In this shot you can see the GPSBee connected to the Stalker, power via the programming header though the UsartSBee's regulated supply, and finally Software Serial connection back to the UNO for debugging. The Software Serial is needed as the hardware serial connections on the Stallker are hardwired to the programming header AND the XBee socket, meaning you can be talking to one or the other, but not both, which complicates debugging in the field.

Eventually, my goal is to use the Stalker as a standalone datalogging unit, a function for which it is ideal because of the RTC & SD integration. Next steps are designing a custom sensor shield and working out a decent way to get the data from it up to 500M away wirelessly :)

-B

Posted by at No comments:
Labels: ,

Tuesday, January 29, 2013

Forensic Challanges & Future Plans

Some time ago (back in distant 2012) an open challenge was posted on twitter:


My response to this was posted on dropbox. In upcoming posts I will be covering some of the techniques used as well as finally addressing some of those unanswered questions I left dangling in my analysis:

* Use of the ChopShop gh0st_decode module to extract the commands used (Appendix A) as
well as the files themselves.
* Use of the mftparser command for volatility to extract the bat files from the $DATA
segments in RAM
* Reconstruction of command line activity over a PSEXEC session from memory

One other thing that was useful from this exercise was accurately reconstructing the IP addresses in use on the device being examined. For this I created a plugin for Volatility to do just that.

You can download the alpha release from dropbox. In a future post I will deconstruct how it works and ways to extend it.

UPDATE:
The report, plugin, and other bits and pieces are now on my GitHub repo.

-B
Posted by at No comments:
Labels: ,

Blog Reboot

Well, after putting it off for years I have finally decided to re-launch this blog. Hopefully with more content than 1 now deleted post and a "welcome" posting :)

-B
Posted by at No comments:
Subscribe to: Comments (Atom)