Thursday, November 14, 2013

InfoSec Links for Thursday, November 14, 2013



Adobe Breach Link Blitz:
Root Cause: Cold Fusion
Also Owned: Limo Company to the rich, famous and well connected.  Note the targeted attacks (often called spear phishing) based on the original hack:
AT&T owned too:

An interesting article on how most security amounts to Integration concerns and not true security problems.
Also, putting financial security in perspective:

Updated: Skylanders Hacking

Worked with Skylanders Editor in Windows 8 64 bit.  Here is what I learned:

  1. Editor came with source code and a portal driver.  This is great if I want to play with the code itself and build a Mifare Classic encryption cracker out of it.
  2. You may need to disable the Spyro Portal Service before Editor.exe can talk to a portal.  Do this in services.msc.
  3. I was able to get the PS3 and 3DS wireless portals to work using the driver included in the Editor zip file.
  4. When working with the device in any system post-Vista, make sure to run your command prompt or batch file as an administrator.  This allows such ancient technology to access the USB where the portal connects.
  5. I was unable to get the wired portal to work.  I believe this one is from Skylanders Giants.
  6. I do not have a portal from Swap Force to test it out, but I suspect a new driver will be necessary.
  7. My Nexus will not read Mifare Classic cards with the usual apps.  You need keys and something to teach the NFC reader how to talk using the Mifare proprietary format.
  8. Breaking the Mifare encryption is my next step.  As described in the Editor v2 docs, the key is a bunch of data from Block00-01 and 35 bytes from a constant key.  I have my bead on a Mifare cracker in Backtrack Linux that will do the job quickly. 

Update: After sitting down with the Editor code and some testing, it seems like the author has done all the work for you.  Still planning an exercise to crack the key myself, though.  I conducted a practical upgrade/downgrade test on a first-gen Skylander.  A normal Skylander will go to level 10 in the first release and 15 in "Giants".  The actual Giant figs have yet to be tested, but I expect similar results.  The data pulled the same and decrypted just fine using Editor v2.0. 

Final Note: Don't tell him, but I may get SWAP Force for my son for Christmas just to get a peak at those new guys.  Curious as to how they sense the fig/element match.  It requires a pretty hefty purchase, though, so it is either that or Disney Infinity.

Tuesday, November 12, 2013

Pivoting from Planning to Doing


The above tweet by Dan Kaminsky really got into my system.  As someone who makes lists of things to do, I often get trapped planning more than doing.  Since DEFCON 21, I have tried to focus on doing.  Here is a list of my successes so far:
  • Rooted my Sony Ericsson Xperia Play and installed Cyanogenmod 9.
  • Studied Arduino and created a few basic projects.
  • Started following security wonks on Twitter and have become fairly well-versed in the conversation.
Where to go from here?
  • Hack Skylanders and Disney Infinity using tag writers and custom code.
  • Help Ethan get through Scratch manual.  He has had a blast so far.
  • Creating a product in Arduino.  Planning a card swipe emulator to apply my skills to real world annoyance.
  • And probably most important: settle on a handle.  VegasVic?

Modest Mouse - Missed the Boat

The lyrics to this song got me through a very depressing and delicate time.  I had just split with my wife and given up on religion.  This song gave me comfort that a life without religion could still be fulfilling.  It pointed to a common experience many like me have had: general despair in the ability of the individual to decide a right course for themselves.

Tuesday, June 22, 2010

Heirs of Vulcan Heavy Support

Land Raider Crusader "Throne of Vulcan"

This centerpiece model is the culmination of all my bitz and conversion work. I didn't drastically alter the hull of the model, though I did deck it out with little detail bitz that keep me looking at it from all angles.

The most noticeable conversion is the dozer blade.  Though no longer providing any benefit while playing, this adds bulk to the model (though it will be tough to paint).  As a smal;l detail, I added an extra row of frag charges to the front (because I had them, that's why), fuel/promethium tanks and spigots on the rear (including an externally stored hose), ventilation fan, an extra comms unit, and a set of winches and chain to the top/rear. 

I like to call this the fire truck.  Not sure if it is putting fires out or starting them.  However, it is well kitted to do either.  In addition, the dover blade and winches make it the perfect lost technology recovery vehicle.  All around, the Fabricator General's personal vehicle will make all your battlefield woes vanish when he and the Vet Squad comes tearing out of it, followed by his personal servitors sporting power fists.  Ah, it's good to be king...


Whirlwinds

The floating tank concept is very impractical.  To this end, I gave stabilizers to the artillery.  These Whirlwinds have custom payloads and optics only to be surpassed by their custom feet.  They fly with armor down, but the armor hinges out as they touch down, and provide much needed ground support when launching endless barrages of hell fire.

The conversion itself is very simple: hinge up the extra armor from the Vindicator kit, add several pistons from dozer blades as well as 2 dozer mounting kits (easy to come by should you be copying my plow blade design for the Vindicators) make one Whirlwind.

The conversion really speaks to me, and the model itself is static while telling a dynamic story.  That is a recipe for miniature love, right there.

Vindicators

This was the first vehicle model I converted.  The FW extra armor and smoke stack from Cities of Death's Manufactorum fell into my hands at Blue Table, and somehow I conned Shawn into giving me two dozer blades to mutilate.  This was also the inception of replacing the front plate of the Rhino chassis with CoD vents.

Together, it makes sense.  The wildly inaccurate mortar chell lobbed by a Vindi could only come from a mobile, floating mortar  Extra bling in the form of a pop-up HK Missile and custom floating using superglue caps and specialized flying bases rounded out the conversions.

When I started this army, I had no intention of building a coherent force out of it.  However, the concepts that appeared here wormed their way into every inch: ubiquitous geared skull, floating EVERYTHING, Storm-bolter positioning, on and on.  Not only is the Rhino chassis preserved, but it is enhanced in a way that is not totally outlandish and quickly recognizable.  In other words, I am not putting down a Dr. Pepper bottle and calling it a Carnifex, I'm building my own little corner of the universe, related but unique.


Thunder Fire Cannon

OK, so I saw the newest Space Marine swag before Games Day oine year and said to myself, "Self, you're broke.  Make a choice."  Instead of buying the Thunderfire, I bought the limited edition Techmarine which became my beloved Librarian HQ, the Archivor General.  This piece was then started to fill the new slot.

Clearly, the scale compared to the real thunderfire is way too big.  This makes it a sitting duck.  Stripping the battery cells (Leman Russ Wheels) down to the single large cell and reducing height and width would give it a much needed playability bonus.  However, as far as goofy contraptions goes, this is it.  This could easily serve as an Anti-Aircraft Mount for Apocalypse or be re-engineered as the big gun on a converted Bane Blade.

Heirs of Vulcan Fast Attack

Hoverbikes

Not quite jetbikes, not quite ground bikes, these were a work of love. The innumerable hours collecting bitz, pouring over conversion articles and rice rocket pictures, gathering the courage to chop up a figure that costs $15 a pop...

1) Obtain a bike, new or used, remove rider
2) Cu off the front hub and reattach almost eactly 180 degrees rotated
3) Attach foot plate at high angle and to the rear.
4) Attach Land Speeder engine between the exhaust pipes
5) Using top plate off Rhinos, attach a section of the notched portion underneath to cover from footplate to engine
6) Add AC muzzles, LC muzzles and old Leman Russ LC muzzles to exhaust pipes for more thrusters.
7) Chop rider off at the knees
8) Attach rider
9) Greenstuff knees to reconnect. Expert sculpting of the crotch and seat to get them to ride just right as well as greenstuff smoothing skills are required to keep this from looking goofy.

The techmarine has a conversion beamer, the sarge has a clampy thing that could be a power weapon or power fist, depending on their battle role. One thing I love about conversions, they make sense no matter how the points are bought.

Assault Squad

"Gee, those Elysian grav chutes look awesome. I wonder if you got enough together if you could lift yourself off the ground..."

This squad majored in dramatic posing during Ass Kicking University. The gung-ho sarge is always jumping off something while the rest are going around, over, off of and into another thing. We have superman taking off, in flight, hovering, and landing.

The theme base, piping, became clear from the start. If you don't see it on the base, expect it running underneath the tiles and out the sides. The Mega Man guns here are AC muzzles that have been turned into Bolt Pistols with small chain feeds or energy feeds or whatever. The blades are again vibro blades concealing a nano-wire suspended in a stasis field. This is the only known weapon held in more respect at AKU than the chainsaw sword. An 2 Elysian grav chutes are used per model. One set is placed on the backpack, another on the legs.

Land Speeders

The inspiration for this model is obvious: Forge World's Tempest. The Tempest is a very simple conversion of the Land Speeder chassis and I wanted to combine the single seat cockpit with the integrated weaponry of the Rhino front ends.

The demise of a few speeders in a tragic PineSol incident left me with passable wings I converted into the tail wings. The cockpit itself is mostly plasticard jointed at just the right angles to make a passable crew compartment without leaving exposed rough edges.

Overall, I think this could translate well to the Storm by taking some cues from the Thunderhawk or similar.

Heirs of Vulcan Troops

Tactical Squads

These 10 man squads were started before Combat Squadding was even a twinkle in GW's eye. Each features a decked out Sarge with a heavy weapon and assault weapon deputy. The rest of the troops use Mega Man arms for counts as Bolters and various cool poses. I started to run out of my supply of multi-lasers when IG was rereleased. The flood of unused ML tips was a godsend and helped me to finish my army post-haste.

In addition to Mega Man bolters, this is where the weighted and tiled bases as well as guitar wire came into its own. Every base has a nickel (5c coin) or chunks of pewter to give it heft even thought it's plastic. All bases are tiled with some accessory unique to the squad, and guitar wire speaks to the experimental (and thus heretical) nature of the Chapter. Lastly, each squad has their own personal fetish: a scroll or book at the hip or a power connector at their feet. This unifying theme helps to tie the squads together amongst the chaos of their wacky poses and non-standard styling.

Scouts

Bog standard. These scouts are bog standard. Except when they're not. I mostly experimented with posing here. The spotter sniper, auspex sniper, weapon swaps, metal tabs clipped to integrate into tiled nonslotta bases. I used every construction trick I knew to add variety.

The only custom bit I added is an Ad Mech geared skull plucked lovingly from the tank commander marine torso piece. This gives them a winged geared skull. The only problem is I build about half of these guys before I decided to add the skull. Some ended up with just a painted gear instead of an actual bit adornment.

All of the above gets thrown out the window when we talk about the squad leaders. One is a Sergeant Telion stand-in with a custom bolter, the other is my father's favorite conversion which is now counts as: Thunder Hammer and Stomr Shield Scout! The other two are simple conversions meant to show the bulk of experience: Apothecary sergeant is looking for unstable neophytes and Crouching HQ Hidden Fist sergeant is waiting to snipe a BA Chaplain or Demon.

Servitors

Ah the servitors. Simple conversions with leftover power claws (hard to come by in this army. I buy in bulk and am still left wanting...). Some are over the top, some are simple yet graceful. I tried to limit myself to one conversion. On one or two, I just couldn't help myself.

The weapon balance needs to be addressed under the new codex, but overall I give a good mix of options to confront any foe.

Transports

3 Rhino chassis displaying all the characteristics of my other Rhino CHassis conversions:
  • No tracks, instead, hover plates.
  • Emblem on the side signifies their branch: Archivum. These are nicknamed Book-Mobiles.
  • Single grate from Cities of Death Manufactorum sprue replaces Rhino front
  • Storm Bolters mounted low and in front, not in the pintles. Searchlight mounted to replace one headlight
  • Smoke launchers mounted low in front
  • Top turret ring not swappable. Razorback to Rhino conversion replaces turret with Damocles style comms equipment.
  • Rear hatch flipped to show grating instead of blank hatch.
  • These suckers float too (see Vindicators for illustration)
These conversions have a problem with WYSIWYG unless your opponent is generous (No top hatch = no shooting from it. No rear hatch = difficult to disembark. Low storm bolters = LOS sucks). But who wants to play with idiots anyways.

Otherwise, they drawe oohs and ahhs more often than not.