There are two ways to write this blog. One is all positive, happy and humorous. The other is to be real. I’ve wrote both versions. I like the happy one better. I had some funny, “You know you’re fat when…” Foxworthy-isc quips…oh you silly hillbillies with your cornbread! but, to my surprise, weight loss is more than just losing weight, it’s personal. Dad gum…is it personal… Therefore, here we go…a real and unvarnished look at how I lost over 100lbs in two years. By the way…this is a long blog. I’ve subtitled each section so you can skip around if ya wanna.
“How about that! 3 more and that’s a perfect score in bowling! Woot!! Woot!!!” As a Lebowski under achiever, 300 is a magic number. So when my Dr. told me I weighted 297lbs on 10Oct11 heck man, I was happy at my accomplishment! Honestly, as a hillbilly that grew up on a diet of Crisco, Emge lard and deep fried everything and STILL have low cholesterol numbers, I felt great!! Suck it tofu eaters!! I was happy fat. Comfortable in my own skin, I loved to laugh and make fun of leaf eaters, calorie counters…joggers! Get a grip man! Be happy who ya are and enjoy life daddy-o!
My Doctor threw a brick thru my temple of celebration. “Well, let’s see if you cheer this Jimmy Ray… I have to start you on blood pressure pills right now because you are close to stoke levels (he watched me take two pills right there in his office) and I have to monitor you for self-induced diabetes…”
Wait a minute…WTF…but…none of that runs in my family.
As a matter of fact, about the only thing that really kills off Purser’s are bullets and each other. There must be a mistake. I’m healthy… I AM!!! He flipped over the chart and showed me what every engineer needs to see; numbers and histograms based against a benchmark. Oh crap…jokes on me….who’s laughing now.
But that middle thing…self-induced??! You mean there are folks in this world I know personally that have medical problems they could not help ,they do not want and go bankrupt trying to cure and I’m so friggen fat and lazy that…I’m inducing them in myself????????????????????????????????????? Whatta friggen ungrateful piece of crap I am. Given the gift of health and this is what I’m doing with it. Man…Whatta friggen whanker I am.
There a few milestones in my life that I can look back on and know that I have turned a corner. For example;
- When I could no longer recognize the names in the Police Blotter section of the paper; I knew I was older. Although I still see familiar faces on COPS. It’s always good to stay in touch.
- When I could actually taste a difference between good beer and Pabst Blue Ribbon, I knew I could lie to myself better.
- When I heard of CUDA and immediately thought of Compute Unified Device Architecture instead of a bad to bone MOPAR with a Hemi; I knew I crossed into the valley of geek.
CUDA was invented way back in the day by NVIDIA as a way to let the video card process other stuff (in parallel) instead of just video. This is NOT a hack but an actual design framework. NVIDIA has a great site for folks interested in coding with CUDA at: http://www.nvidia.com/object/cuda_home.html This is great news because the support, forums, troubleshooting tools are outstanding! Not every NVIDIA card supports the CUDATM proc so double check with this site to be sure.
I wanted to take CUDA 5 (the latest version as of Oct 2013) out for a test drive so I went out to download the software development kit (SDK) thinking I was going to have to bite the bullet and learn sucky OpenGL or worse…<gulp> DirectX to get this work. Much to my MEGA surprise, CUDA actually uses C for parallel development!! Yee Haa!! I’ll be drinkin’ early tonight! I love writing in C because it is low level enough that I can control how the processor handles the code and it’s easier to spell then other languages. If you’ve been reading my blog for a while, you know the importance I place on grammar… After I read the SDK manual and found out that between the memory and grid/thread dimensions is a parameter called: Warp Size…Warp Size… I. Am. Home. Warp is cool in both Star Trek and CUDA because it’s a way of grouping threads into blocks, then into grids. This gives us EXCELLENT control of hardware resources.
Of course on NVIDIA’s site they talk about the great uses for CUDA in industrial, science, medical, saving whales and helping Robb match his shoes to his socks according to mood , geographic biorhythm and astral plane aura mapping.. . Hey that’s all well and good but I am using it to crack passwords baby!! Namely MD5 passwords, why? Because databases and WPAv2 can suck it!! I played around with this for a while on some custom code I wrote up and noticed about a 10-15% calculation performance increase, not bad. Then I used BarsWF http://3.14.by/en/md5 code (it went open source back in Nov 2010) and wholly smokes I noticed a mega honkin’ increase in password cracking speed for sure. Matter of fact that is the fastest MD5 cracker I have EVER used. Plus it reminds me that I am as good at writing code as a Flowbee is to giving you that Madison Avenue haircut. Although, I’m just starting to fart around with oclHashCat-Plus and it looks VERY promising!! http://hashcat.net/oclhashcat-plus/yeah…very promising.Relaxed and groovy for sure right! Come on! can I get a witness! This is your video code daddy-o!!!
Back in the day, to get a poor mans type of grid processing muscle I used John the Ripper with the -d distributed switch to run multiple instances on multiple machines but scalability and tolerance of Robb to approve my expense reports wore thin. Although I did build a 120 node Raspberry Pi shade tree super computer which I’ll write about later on…
CUDA is a game changer and allows me a ton of options on a single machine. I added a few CUDA tools to my own home grown ISO like BarsWF, Pyrit, oclHashCat for wireless and Vernoux.
Then my fav canned security ISO; Backtrack http://www.offensive-security.com/ is released with a few applications that support CUDA! I had to check that out for sure! Lucky for me that the folks at Offensive Security also had a CUDA config guide to walk me thru their CUDA implementation
I still need to actually config BT5 to run the CUDA code. So I just followed the guide to build out the framework and it worked great without a hitch. No need to bore you with details you can read in the friggen sweet guide. It’s the results that make the difference here. I fired up CUDA-Multiforcer with the command:
I listed out this command not to show my CLI skills but to point one the most important arguments. The --min --max argument dedicates systems resources. If you plan on using your CUDA machine for other stuff like gaming, surfing and work stuff, lower the max number accordingly. It’s different for every machine. For my 8600 card, 500 is dedicating max resources. I use 10 for everything else except gaming and truthfully with the demand gaming tugs on a video card I do not game (on that machine) when CUDA is Crackin’. With 1500+ hashes, the tables from BOINC at http://www.freerainbowtables.com I busted thru and recovered the passwords with 96% accuracy in seconds. Impressive! Not as fast as BarsWF but not by much for sure.
You do not have to be a coder to take advantage of CUDA. There are some great canned applications already that will give you immediate success and change the way you look at password cracking.
Jimmy Ray Purser
Trivia File Transfer Protocol
The first document computer password “hack” was in 1962 by Dr. Allan Scherr. He was looking for more computer time to run his simulations, so he submitted a request to print all passwords via punch card and just enjoyed the access!
I had a customer at Interop NYC yesterday ask me if I still hack stuff? Still?!?! Of course!! It’s something that’s just in your blood daddy-o! I just like to hack stuff. It doesn’t matter really what it is, I just enjoy the challenge of figuring out how stuff works and how to bypass certain controls. I am not trying to be a whank about it and post how to steal a case of Sundrop from a Dixie-Narco vending machine, I just want to know from an engineering stand point. When I see electronic firmware based stuff work I always wonder; “How did they code that one up?”
That’s all it takes to get me started. Now my wife is not a fan of guns but if I started purchasing all the stuff I hack around here weekly, my guess is that she would change her mind real quick… So I need another method…a more…low cost method of hacking a device without ever purchasing the device. Firmware baby!!! Matter of fact, it is very rare for me to get actual gear. I just go for the low hangin’ fruit! Firmware! say with me…What do we want! Firmware!! f.i.r.m.w.a.r.e!!
Many vendors out there today offer up firmware freely without authentication or with only a email address so they can gather marketing data. I just use a 10 minute emailer like Mailinator or I give them Robb’s email and then I start downloading firmware. The firmware can be like the wardroom door to Narina if you look deeply into it.
Here’s the thing. Many vendors out there today do not have firmware developers in house. They have a marketing plan, money, call centers , etc…but code jockeys are something that is normally outsourced. These code houses do not just buzz the code for one vendor but for 50 or more. Now to keep this code straight from vendor to vendor many code houses place comments in their firmware.
These can be comments about debug interfaces, HARD CODED ACCOUNTS!!!! Private keys, hidden commands and yes even backdoor passwords. (I just found two days ago in a vendor device) Basically, low rent firmware hacking is really a piece of cake to understand.Plus it can really yield huge…benefits. Remember Stuxnet? Oh Yeah… Most firmware out there today is unsigned and unencrypted which means I can read it in a simple hex editor. But before your go download firmware and opening it up in your favorite hex editor, here are a few pointers to get ya started:
Tip 00x01 I normally like to look for bootcode if I have the choice. If not, I just deal with what I have.
Tip 00x02 Firmware files are in hex and have a ton of unreadable data in them. I am interested in about 1% of the file which contains ASCII text. The first thing I do is run firmware thru the *Nix command; Strings. Strings is a command that will print out any ascii character sequences that is followed by a an unprintable character. The default character limit is 4 but you can change that. A example command would look like this:
strings -t firmwareName.bin
Simple but powerful command with few options. The -t is an option I use to tell me the offsets just in case I need to…use them later on…
Tip 00x03 Some firmware will be compressed in what is called ZLIB compressed chunks. In outsourced code larger then 3Meg this is very common. There is a great tool called DeeZee which is part of the Black Bag Tool Kit from Matasano. It is older but works really well still for binary dissection. DeeZee will search thru a binary file for ZLIB signatures then extract them and print out the results. Human behavior is such that we write and comment stuff out all the time. Look at the best practices for a simple ACL. If I run a file thru strings or view it in a hex editor and see nothing but unreadable crap, then I assume it must be ZLIB’ed or encrypted but that is very rare. I run it thru DeeZee, with the command:
DeeZee will chew on it few a while then spit out the results into the same directory I run it at. I just do a LS to see the results, then view those results in my hex editor and Kazam! it’s hammertime!
Now you have some readable ASCII extracted from firmware. Some of my results have been stuff like:
- FTP passwords
- Backdoor passwords for various ports
- Hidden SNMP community strings
- Mountable filesystems that actually allow me to mount the firmware and interact with it. Heck I have pulled off .pem files that allowed me to do a super effective bogus SSL connection!
- Internal server ip addresses of the code house
- Contact information, which is great for social engineering
- Debug interfaces with access commands
and of course some of the funniest comments you have seen. If you decode a OEM suppliers firmware you may have hit a real jackpot since most C code is modularized and reused in other devices, so this the gift that keeps on givin’!! At this point you can gather the data and test certain conditions you have mined OR you can move up to the graduate level of hacking and start looking at disassembly with IDA Pro and start installing rootkits in firmware. That is the true Holy Grail of hacking embedded systems, but we’ll cover that next blog.
What’s that? You want a how to and not just tips? Hmmm…OK, here is an excellent blog showing you the step by step details of reversing some code from a…product…. http://www.devttys0.com/2011/05/reverse-engineering-firmware-linksys-wag120n/
Jimmy Ray Purser
Trivia File Transfer Protocol
In the rockin’ age of 390B.C. Playwright Aristophanes wanted to show the world just how pretentious db whack he really was. In his play Ecclesiazusae the characters feasted on a dish called; lopadotemachoselachogaleokranioleipsanodrimupotrimmatosilphioliparomelitoaktakexhumeno-kichlepikossuphophattoperisteralektruonoptopiphallidokinklopeleioplagoosiraiobaphetragalopterugon
MMMMM…Please sir may I have another helping of…lopa, lopadotema.. just forget it. Where’s the gyro stand?
Our latest episode is out! This one is all about the Contact Center and we spent a lot more time showing examples of Social Media integration. Everyone agrees that ‘the internets’ are a huge watering hole of opinions and valuable business data…but its overwhelming when trying to figure out just how you might leverage it. Now you can integrate all that goodness with the maturity of business relevant call center and all the process that implies.
Jimmy Ray shares his personal experience volunteering to work in an actual (non-Cisco) call center all night long to gain better experience for how we developed this show. Check out his blog for more details on this.
This show featured Packaged CCE (Contact Center Enterprise), Feature Rich Reporting, Finesse Agent, Social Miner and even a few field trips to see what Cisco is doing with their ‘Social Media Listening Center’ and a very cool mobile application we internally refer to as ‘Roadside Demo’ that will open your mind as to how mobile devices SHOULD be part of your Contact Center Strategy.
It’s certainly true that voice isn’t my favorite technology. Not that is bad or that I dislike it…it just doesn’t hold my interest like routing and switching or data center or even wireless. Man I just fall all over myself on that stuff!! When we are asked to do a TechWiseTV episode, the first thing I do is go back and watch any previous shows that we had before. After watching the Contact Center shows I came to one glaring conclusion; I don’t get it.
<insert ego here> Sure I understand the technology well enough. Also how to implement it and really support it like an IT geek should. I just didn’t understand WHY things like Social Miner, Stats, Desktop deployment were any more important than anything else. So for example; if desktop layout is so important, use a thin client and roll ‘um out. Or if stats and tracking is so important then buy a projector, write script and display that stuff on the wall man. Why is this a real selling feature?
So I contacted a peer of mine that works in a Call Center and I volunteered to work an eight hour shift (from 7PM to 4AM…Yowza…) to see what it’s like and how users actually use the product in a production environment. I wanted to work in a non Cisco environment to get an untainted experience so that I would be better prepared to really analyze what we did and did not do. He gladly took me in and after about an hour of online training and two hours of strictly supervised mentorship, I added my name to the “score board” and logged in as “Jimmy Ray” with a dreams off earning a green up arrow showing that I was moving up the leader board.
Wholly smokes! What an eye opening experience. First off, the turnover rate of staff is huge. I had three new folks also starting with me. It’s not because of the management. Heck, they are actually very cool. Giving out bonuses, prizes right on the spot. Anything to keep their employees happy. I was impressed and surprised because I was expecting to be yelled at, hard drove to stay on the phone all the time, stick to the script, but no folks worked hard to win stuff and compete with each other. The team of folks that manage the phones come from all walks of life. In one shift I met folks fresh off divorces, two laid off PhD’s from a medical company up the road, a few recent college grads, former educators, etc…basically, high quality folks looking to take a Mulligan and move on to the next phase of life.
To sum up my phone experience, it’d go like this; being yelled at, hung up on, cursed at, air horns and whistles blew into the phone and loathed more than the United States Congress. Why? because I’m interrupting their chillin’ at home and sometime work life and boy howdy they like me know real quick by not be friendly or patient. Hey I worked as a product developer, a presales engineer and was in the United States Navy so I can handle rejection and being cussed at well. But man alive hearing not just “No” but some tasty cuss words can take its toll on your attitude and overall morale.
Wow! Now I get it. Certainly 8 hours does not make me an expert. It did really change my viewpoint. On the drive back to the Code Cave, I called Robb and woke his butt out of bed and told him we need to reformat this show. He mumbled something about gummy bears driving on the A10 in Norwich then hung up the phone. I understand why call center users need to have a dynamic desktop that we can update with apps as skill levels/responsibility changes. I understand why an IT department wants to have a solution they can tweak on the fly without calling in a bus load of consultants. I understand why managers know that a call center is expensive to a company and the need to have customized reports in a ton of different formats to show success or failure. Even the ability to scale and add features with limited servers I knew would be important on really any network discipline. However, in a normal call center solution takes 17+ servers with a strict mandate of “Don’t Touch These” from the consultants that seemed to be more like staff and consultants to be honest. Reminded me a lot of the old main frame days. Come on man!!
Take a look at this episode of TechWiseTV. It airs on Thursday 19Sep2013. It’s a little different based upon me coming off this experience. Robb and I formatted this show not based on an all IT experience, but a true usability story. The Contact Center team is really a great group of folks. I have had the pleasure of working with a lot of teams in our seven years of doing TechWiseTV. Without a doubt, the Contact Center team is one of my favs. The team is great, they honestly listen to customer feedback with a pencil to see what they can change. Although Cisco is a large company, this team moves with the nimbleness of a small startup. Watch this episode and even attend our follow on workshop http://www.ciscoworkshops.com If you need a call center solution, I betcha you’d really like the solutions package and licensing they come up with.
Oh…and if your phone rings during suppertime…cut ‘um a little slack…it’s a tough gig for sure.
Jimmy Ray Purser
Trivia File Transfer Protocol
Clarence Birdseye founded his frozen food empire with $7. It bought him an electric fan, cakes of ice, and buckets of brine.