Welcome - Jabawok Industries

Welcome to my digital home! There are lots of articles you might find helpful buried in this site on topics such as modifying an Alfa Romeo 159, rebuilding a Lotus 7 (Robin Hood 2B), not to mention a ton of stuff on technology in general. It’s all here somewhere, so use the search function or navigate using the menu structure. if you want to talk, reach out via the contact function, I usually do answer!

Random Post Selection

Black, White or Grey? What colour hat do you wear?

InfoSecThere is often a lot of talk about this concept, specifically in the white hat vs black hat debate that has gone on for what seems like forever now. I have, as you would expect, my own take on this. Lets start with a history lesson and the basics. White Hats are the “good guys” and Black Hats are the “bad guys”, why? because back in the good old days of spaghetti westerns, good guys always wore White Hats and the bad guys wore Black Hats, it’s that simple! Of course, in the scripted world of the western, it was that simple, the bad guy was that easy to spot and the good guys rode off into the sunset, but back in the real world it’s a little more difficult to identify. The line between Black and White is often understood to be the law itself, i.e. if you’re a hacker, cracker or even a “skidie”, your hat changes colour the minute you go from having permission to do something to not having permission. I however wager that if we were to exact that understanding on every security expert in this field of expertise, today, it would be a near 100% perfect sea of Black Hats. So the question becomes, if that’s the case, are we all really the “bad guys”? I put to you a different concept, I different way of thinking about this that, personally, I think fits much better. First of all let’s forget about hats and the law and look at a couple of basic concepts. Motivation is the activation or energization of goal-oriented behaviour and is defined as intrinsic or extrinsic. Intrinsic motivation comes from rewards inherent to a task or activity itself – the enjoyment of a puzzle or the love of playing whereas Extrinsic motivation comes from outside of the performer. Money is the most obvious example, but coercion and threat of punishment are also common extrinsic motivations. Another point of consideration is Goal orientation, often seen as an aspect of an individual’s motivation. An individual’s goal orientation describes the goals that they choose and the methods used to pursue those goals. One of the most common conceptualizations of goal orientation is the three factor model, that is, individuals can be described in terms of goal orientation based on three factors: mastery, performance-approach, and performance-avoid. Individuals with a mastery goal orientation seek challenging tasks and value learning. Highly performance-approach oriented individuals seek tasks that allow them to demonstrate the skills they already possess, and highly performance-avoidant tend to avoid tasks where they may fail and thus appear incompetent. The final aspect to consider in this equation is an agent’s intention in performing an action. In so much as his or her specific purpose in doing so, the end or goal that is aimed at, or intended to accomplish. In recent years, there has been a large amount of work done on the concept of intentional action in experimental philosophy. This work has aimed at illuminating and understanding the factors which influence people’s judgments of whether an action was done intentionally. For instance, research has shown that unintended side-effects are often considered to be done intentionally if the side-effect is considered bad and the person acting knew the side-effect would occur before acting. Yet when the side-effect is considered good, people generally don’t think it was done intentionally, even if the person knew it would occur before acting. The most well-known example involves a chairman who implements a new business program for the sole purpose to make money but ends up affecting the environment in the process. If he implements his business plan and in the process he ends up helping the environment, then people generally say he unintentionally helped the environment; if he implements his business plan and in the process he ends up harming the environment, then people generally say he intentionally harmed the environment. The important point is that in both cases his only goal was to make money. While there have been many explanations proposed for why the “side-effect effect” occurs, researchers on this topic have not yet reached a consensus. So now we understand a little about motivation, goals & Intentions, what really makes the “bad guy” bad? Well its worth adding into themix that the “good guys” and “bad guys” all have the same level of skill, they all learned it the same way and they all have the same aptitude (loosely speaking of course). In fact during the learning process its probably fair to wager that on occasion everyone ended up, purely through exploration, somewhere they shouldn’t have been. Does this make us all “bag guys”? I certainly do not think so. In my opinion, motivation, goals & intent are what separate the good from the bad, and in this context the “White Hats” from the “Black Hats”. Let’s look at an example. the CERT Coordination Centre came up with an interesting classification matrix, which I have provided below as a diagram: In the above diagram, we see six types of attacker (as well as a virtual 7th type that could be all 6 in a different context), six types of motivation and four goals. It is assumed in this classification, as insinuated by the word “Attacker”, that we are dealing with the “bag guys” or Black Hats here, however, I would argue that the first type, “Hacker” has a motivation and goal that is not negative or in fact malicious in any way, so should they also be considered a “bad guy”? Its fair to say, someone hell bent on the quest for knowledge in that particular classification may take a devil may care approach that could have a negative impact on the systems they are exploring, but again, is this malicious intent, or just carelessness? In summary I put it to you that there are no White Hats, or Black hats in the world today, just Shades of Grey, and that only motivation, goals and intent separate those of us trying to help from those who have a more nefarious purpose.Related Images: [...]

Another productive day at the office

General…what is it about working from home that makes life so much easier? I treasure my days in the “home office” as they give me opportunity to catch up on all that has evaded me for so long! I find at least 1 day a week keeps me ahead of the game and on top of the workload. Related Images: [...]

How-To – Ubuntu 8.04 LTS on a Soekris net-4501

GeneralI decided to write this how-to as there are no specific guides on Ubuntu 8.04 LTS for the net-4501, and it took a combination of configs from two completely different approaches from two separate guides to get it all working. I have found that the easiest way to build for the target platform of the Soekris is to make use of the QEMU emulator, freely available in Ubuntu. It lets you perform a typical installation, the way you would do for any other platform so its less confusing. That said, there are a couple of slight differences and gotchas that this how-to will cover. Step 1 – Preparation Aside from a Soekris device you will need a CF card, whatever size you require, I tend to use 8GB or higher as they are quite cheap nowadays and a card reader in your host platform. To perform the installation you will need a host platform running Ubuntu. What ever you have lying around, or a VM will do the trick. Install QEMU on your host platform if its not already installed: sudo apt-get install qemu make a build folder and download the Ubuntu 8.04 LTS x86 Server Release into it from here: mkdir build cd build wget http://releases.ubuntu.com/8.04/ubuntu-8.04.4-server-i386.iso . Once your environment is ready its time to prepare the CF card. As we are going to use QEMU to emulate the platform and allow a typical installation, we dont need to manually create the partitions on the card. All we need to do is ensure that it is 100% empty. Install your CF Card and if it mounts as a partition, unmount it from the command line: umount /dev/sdc NB: you can determine the device it is detected as by running the dmesg command and noting the device it is assigned. It will likely be sdc or sdd as the card will be seen and used as a SCSI disk device. Now you need to ensure that it has no partitions on it. run fdisk and delete any partitions listed: fdisk /dev/sdc The commands you will need in fdisk are: p = Print partition table d = delete partition (you will be prompted for a number) w = write changes to disk ? = help Step 2 – Installation Now you have a blank CF card your ready to run QEMU and start the install. This is actually very simple as QEMU can be controlled from the command line, so all you actually need to do is type the following command: qemu-system-i386 -m 512 -hda '/dev/sdc' -cdrom 'ubuntu-8.04.4-server-i386.iso' -net nic,vlan=0 -net user,vlan=0 -localtime -no-acpi This will launch a window and present you with the Ubuntu installation program your already familia with. The only notable option within the installation is when prompted to configure your disk layout, use “Guided” without LVM and use the full disk available. if you use LVM it will add an unnecessary overhead and as the net-4501 is a GEODE Processor with 133mhz clock and 64Mb ram, overheads are not ideal. Once it has completed its installation, reboot and allow the newly installed OS to boot up in QEMU once more. Step 3 – Configuration The one drawback I have found with QEMU is that you cannot copy and paste between the host and guests. This is a bit of a bind, but fortunately there are not a lot of configuration changes to make. The first major change we have to make is to swap the kernel for one that does not require PAE extensions. To do this, type the following: sudo apt-get install linux-image-generic Now we can configure the serial port listener using your favourite editor (vi, nano etc.. I prefer vi so will use that in the commands): vi /etc/event.d/ttyS0 start on runlevel 2 start on runlevel 3 start on runlevel 4 start on runlevel 5 stop on runlevel 0 stop on runlevel 1 stop on runlevel 6 respawn exec /sbin/getty ttyS0 115200 Next we need to configure grub to use a serial port: vi /boot/grub/menu.1st Somewhere near the top of the file add the following two new lines: serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 terminal --timeout=5 serial Now, find the line that looks like this: # defoptions=quiet splash and change it to look like thgis (keeping the hash): # defoptions=splash console=ttyS0,115200 Finally we need to load some modules early on or it wont be able to use the CF as a disk to boot from: vi /etc/initramfs-tools/modules Append these lines to the bottom of the file: ext3 ide_generic usb-storage The last thing to do is to force an update of the changes we just made so run the following commands: Update-inintramfs -u update-grub For good measure you can always run: apt-get update && apt-get upgrade but it is optional 🙂 Now all that is needed is to power off the QEMU instance: poweroff and remove the CF card from your host. Step 4 – Finishing up The final thing to do is to sync the baud rate of the Soekris device to the baud rate we have used in the configs. By default the Soekris is set to 19200 baud, but we have used 115200 baud in teh configs to make things a little better to work with. We need to sync these for ease of access later on, so first open up your preferred terminal application and connect to the Soekris at 19200, with no CF card installed. At the boot prompt type: set conspeed 115200 Once this is set, you can power down the Soekris, install the CF card in it and boot it back up. It should boot to a prompt quite happily and your ready to configure your new embedded Ubuntu device however you need 🙂 Enjoy! ——————————- FAQ Section: Q: Why are you using 8.04LTS and not a more recent release? A: As of 10.04, Ubuntu dropped support for all 486 and older style CPU’s on the premise that most people would have modern computer systems. This is a deviation from the ethos of Linux in my opinion, but it was their choice to make! I have spent weeks trying to build later versions of Ubuntu on the 4501 platform, and have built custom kernels with the right modules etc, but have NEVER had success. Your welcome to try though 🙂 Related Images: [...]

RH2B – Exhaust Fix

RH2B Build DiaryWhen I collected the car and drove it a few times in the winter was incredibly loud, like TO LOUD, and I like loud! So Something wasn’t quite right with the exhaust, and it needed to be sorted. I removed the exhaust and bought some acouosti-mat sound deadening material to repack the exhaust only to discover it was not repack-able. Fortunately, a local fabricator said he would cut it open, repack and weld it back up for me, so that averted the crisis! All that remained of the original packing material. To say it needed doing was an understatement, it was completely empty of packing so was essentially a straight pipe with an echo chamber! Once the fabricator sorted the packing for me, I wrapped it in exhaust wrap, reinstalled the heat shield and put it back on the car. The sound was much more palatable. Sporty, throaty but not deafening! Much better! Related Images: [...]

Alfa 159 TI Full LED Conversion – Interior Guide

Alfa 159This post covers the interior lighting modifications made to my 2008 Alfa Romeo 159 TI.For the exterior LED conversion guide, click here. This modification is worth completing as a single project as the results are a dramatic change in the mood of the interior of the car at night. The original filament bulbs are very yellow so choosing a good LED that puts out a colour range around 6000K changes the feel of the car to a much cooler, relaxed and crisp feel.The parts required to complete this conversion are as follows: 7 x w5w / 501 Type bulbs (all CANBUS) (Puddles, Maps & Glove box) 2 x 42mm FESTOON type bulbs (CANBUS) (Cabin & Boot) Expected Cost: £35-40 Required Tools: One Bojo trim removal kit “Bojo Bars” (£30) …or a few screwdrivers and a steady hand! I personally used two of these Festoon type bulbs for the courtesy lights in the front of the car and the boot and four of these 501 type bulbs for the rest of the courtesy & map lights in the front and rear of the car. These were a good balance of brightness and colour, and matched well as I did not want to flood-light the car at night. For the puddle lights and the glove-box I wanted more light so I chose these 501 type bulbs that provided much more light output than the other ones, as these were areas of the conversion that would benefit from more light output. It is important to understand that the bulbs you use must be CANBUS ready. What this means is that the LEDs have additional resistance added to them that simulates the load of a normal filament bulb so that the cars internal computers do not think that the bulbs are blown. This is due to the fact that modern cars put a small electrical current across the lighting circuits to check that the bulb has not blown, and to report an error if it has, so you know to fix it. While the interior lights don’t report the errors, the circuit still has a small electrical current across it, so if you do not use CANBUS friendly bulbs you will find that some of the lights never turn off and instead stay illuminated (all be it quite dimly) forever! Here are some images taken from an iPhone, which explains why they look very dark. Its not actually dark at all! The following expanding links give you the specific guides for each light unit to perform this upgrade yourself: The front courtesy light is a single unit with several components in it including switches, alarm sensors and the B&M microphone so care is required when replacing the bulbs. The unit itself is held in place with a series of clips down each side that hold it against the roof lining (1a in diagram). You will need 1 x 42mm Festoon bulb (1 in diagram) and 2 x 501 bulbs (2c in diagram) to upgrade this component, below is the removal guide from eLearn: Like the front courtesy light, this unit is held against the roof lining by a series of clips (1a in diagram). care must again be exercised so as not to damage the unit during removal. You will need 2 x 501 type bulbs (1c in diagram) for this light unit. Below is the removal guide from eLearn: The puddle lights are located in the base of each front door and provide illumination of the ground when the doors open. They are held in place using a simple clip mechanism (1b in diagram) and are a self contained plastic unit which the bulb sits inside. You will need 2 x 501 type bulbs (1c in diagram) to complete both doors. The guide below from eLearn shows how to remove the units: The glove box makes use of the same style bulb holder as the puddle lights and requires a single 501 type bulb (2 in diagram). The eLearn guide below shows how to remove it: The boot light makes use of the final 42mm Festoon bulb (4b in diagram) and is located behind a simple clip on housing (1c & 1b in diagram). The eLearn guide below shows how to remove this: Related Images: [...]

B-Sides 2013 Mix

LiveMixesIn honour of the crew @ B-Sides 2013 and @Dantiumpro for developing a cool cipher challenge for the UK Cyber Security Challengers to mess with, I have come out of retirement, fresh for 2013 (all be it a bit rusty!) more to come!Track Listing: 1 Wild One Two (Original Mix) – Jack Back feat. David Guetta, Nicky Romero & Sia 2 Icarus (Original Mix) – Madeon 3 Breakn’ A Sweat (Zedd Remix) – Skrillex & The Doors 4 Quasar (Original Mix) – Hard Rock Sofa 5 Don’t Hold Back (Original Mix) – Starkillers & Dmitry Ko 6 Lightspeed (Original Mix) – Datsik & Kill The Noise 7 Damaged (Main Mix) – Antillas feat. Fiora 8 That’s What She Said (Original Mix) – Joe Garston 9 Let’s Party (Instrumental Mix) – Mat’s Mattara feat Rockman 10 All By Myself (Original Mix) – Dubvision 11 French Rules (Muzzaik Remix) – Sebastien Drums, Niles Mason 12 Mono (Mat’s Mattara, Peruz Mix) – Peruz, Mat’s Mattara 13 Cascade (Original Mix) – Tommy Trash 14 Slash (Original Mix) – Nari & Milani vs. Maurizio Gubellini 15 Toulouse (Original Mix) – Nicky Romero 16 Concrete Angel (Original Mix) – Gareth Emery feat. Christina Novelli 17 Paradise (Fedde Le Grand Remix) – Coldplay 18 Spaceman (Original Version) – Hardwell 19 Flashing Lights (Kid Massive Remix) – Roger Sanchez, Sidney Samson https://jabawoki.com/wp-content/mp3/Jabawoki_BSides_2013.mp3 Podcast: Play in new window | Download Related Images: [...]

Hard House Happiness 02/12/2000

LiveMixesOldschool Hard House from the archives https://dev.jabawoki.com/mp3/Jabawok_02122000_Hard_House.mp3 Podcast: Play in new window | Download Related Images: [...]

How Security Should Work

InfoSecI work in a world of standards, opinions, controls and countermeasures, all encompassed in a foreign language of “InfoSec” and “ItSec”. This of course, while entertaining, is of little use to the world. I would like to propose a simple concept, probably high level, and I am sure my peers would argue is “inadequate”, that said however, hear me out: Ok, so the basic concept is simple, setup three primary work streams or “functions”, 1 is a Risk Asssesment and Classifcation Function, 2 is a People / Process/ Awareness, and 3 is Controls, both protective and detective as needed. The idea is that the risk assessment process runs in a cycle with inputs and outputs at the core of the system which serves as the engine for security. Its easier to explain in a diagram, take a look: Genious or Madness, its your decision, I like it because its simple and can be applied to any situation. Of course I agree with arguments such as “where is the governance?”, “what about strategy” etc, but quite simply, thats not what this is. This is a simple security process that allows you to feed information in and get solutions out. Related Images: [...]

How to make an Xponent Great

GeneralThe Problem: Ok, so anyone who has worked with sound equipment before would have been greatly disappointed shortly after taking the M-Audio Xponent out of the box. Essentially, it’s a bit crap. The main bug-bears are the faders, often referred to as being made by “Fisher Price”.They are loose, and generally feel nothing like a proper mixer, so anyone used to using pro audio equipment is going to feel short changed (I know I did!). That said, once you get over them, and there are some tricks you can apply to make them feel less annoying, the other primary bug-bear is Torq. This software can only be described as an epic fail! I gave it a shot, I persevered with it for a long time, and have come to the conclusion that its beat detection engine was programmed using chaos theory. I have mixed on many different platforms, decks (belt and DD), CDJ’s (from first gen to modern) and midi software from TraktorScratch V1.0 through to the usual suspects of today. What all of these platforms allow you to do is beat match with little effort if you’ve got a good ear. Torq on the other hand, seems to want to fight this process and in my own experience, creates a clinical/harsh environment to align beats without getting nasty overlay (beat on beat cancelation). If you persevere I am sure you can personally compensate for this and actually become good at “mixing with Torq” but IMO I don’t think it appropriate to change my mixing style after 20 years just to accommodate crap software. This problem brings us to the solution I have discovered. I don’t take credit for pulling this together, many people better than me have toiled long and hard to make this work and have done some excellent work on the subject. All I wanted to do was have a rant, show you how easy it is to make the Xponent better and then credit those who did the work. The Solution: Native Instruments have invested a lot of time and energy into refining the Traktor product to what it is today. I have used different iterations of it since Scratch v1.0 (the first ever version) and it just keeps improving! The most recent version is Traktor Pro V1.x, I am using 1.2.4 and it is truly phenomenal. I won’t go into it in too much detail, but will say this much, its intuitive, just like it should be, has some amazing effects available out of the box and “just works perfectly” What more could you ask for? Of course, Despite the Xponent being a Midi Control Surface and a Sound Card, it’s been locked into Torq to proliferate the spread of the evil program, but, there is a way you can break out of this and turn your midi control surface back into a programmable 2-way midi surface like any other. It’s actually quite simple: While you switch the device on, press and hold the number 2 Queue button + the Lock Button on the left deck. It’s that simple, hold them till it’s all booted up, and to check its worked, press any button, if it lights up then fades away, it’s not worked and you need to power off and try again. If it does not light up, you’re in business and you have a midi control surface ready to use with any Digital DJ software you want! At this stage you have a couple of options, start mapping the buttons yourself or grab a map that has already been put together. Personally, I like to short-cut things, so I would grab a predesigned map. After a good look around and a few failed starts, I found a mapping from HolyCT based on the work of DJ Kad listed in the NI Forums. It is amazing! It has all the mappings you would want, full documentation and even a browser mode so you can use the jog wheels to browse your track lists without the keyboard and mouse! It makes use of the X/Y Pad and is IMO a very well put together map for the Xponent. Bringing the good features from the Xponent to a well written and user friendly piece of software like Traktor Pro, is a marriage made in heaven! I am truly blown away with the usability and playability of the combination, and it has convinced me to stick with my Xponent for the time being. It may not be the best controller in its class, but it has some cool features and once you get used to the faders, it’s not all bad! Related Images: [...]

The GCHQ Cipher Story you don’t know.

InfoSecSo much has been said, good and bad, about GCHQ’s recent release of a cipher to the community. Simply a publicity stunt or well designed honey-pot? No one will ever really know, but what you don’t know is that this was an example of seeing a good idea and then totally cocking it up. Let me start by saying these are my own words and thoughts and in no way reflect the opinion of my employer, or those organisations I am associated with. A year or so ago, I got involved with the UK Cyber Security Challenge, which, as far as I am concerned is a good organisation, doing the right thing for the industry and those that want to be a part of it. I put a lot of my own personal time and resources into it for free, and make my employer give even more time, resources and money to the cause as well. Since I got involved with the UKCSC I have been providing them with simple on-line code breaking challenges, though my own devious thought processes and those of the many experts far better than me, that I have the pleasure of employing. We do these little challenges, typically on a quarterly basis, as well as to “support suitable and worthwhile endeavours”. One such endeavour happened recently, specifically, the London Conference on Cyberspace, hosted by the FCO. As was the usual manner for these things, I got a phone call from one of the UKCSC directors on a Friday evening asking if we could pull together a cipher for the event the following week, of course, I said we would be able to and engaged the collective grey matter of a couple of my team. The caveat to this request was that the cipher needed to somehow include GCHQ, the FCO, the UKCSC and of course my own companies brand. As such, I devised a simple 2 stage approach that would allow me to sufficiently bring together the brands and get the exposure each organisation wanted. The cipher itself was a union jack (in keeping with the event) hosted on the FCO conference site, with a series of logos on the flag itself. It was uploaded as a PNG file and had a binary string in the middle of the flag. The binary string easily translated to a goog.le shortlink that took you to a holding page on one of my sites that had each of the organisations logo’s and a message saying thanks for playing. What was less obvious and in fact the real challenge, was that the flag actually had two binary strings embedded onto each other in such a way that if you played with the colours you would see a series of 0’s that were in fact 1’s and vice versa 🙂 This decoded to a different goog.le link that took you to a random page on a paste bin style site, where there was an ascii art pumpkin with some cipher text in it. The cipher text required a key to decrypt, and the key was hidden as a html comment in the other page that you went to if you only found the first shortlink, so to complete the entire task you had to visit both short links, and pull it all together. It was a simple little cipher that around 100 or so people played and 3 people got right. I put the low turn out down to the last minute nature of the engagement and lack of major press coverage, but, it was still a lot of fun to pull together, and if you cant have fun in your work, what’s the point? So, what does all this have to do with the GCHQ Cipher I hear you ask? Simple… When my team and I developed this cipher for the event I was liaising with the guys at GCHQ careers to ensure they were happy with what we had done and that we had hit the relevant targets for them. In short, they “absolutely loved the cipher” and “thought it was a brilliant idea”. …a few weeks later, they had their own. Now, don’t get me wrong, I am aware I don’t own the rights to developing cipher/code breaking challenges to identify talent in the community, but I have been doing it long enough to know that you have to get the “pitching” absolutely perfect to the targets. By this I mean, there is no point in creating a cipher/challenge that would tax the most senior pen tester in the market when your using it to find talent to fill a job that pays £20K or so, in fact, this is the reason the ciphers we develop for the UKCSC are not that difficult. What these challenges do/should do is require the player to demonstrate some core requirements such as R&D/basic scripting/coding potentially, ability to think creatively etc, and then entice them in through layers of difficulty to a point where they are genuinely interested and engaged. This approach lets us target the college/university/entry to employment band of the industry and find the real talent in it to bring on board and then develop. So, in summary, GCHQ, nice try but don’t give up your day jobs, and next time you want some help finding talent to help protect the nation, just ask, we are always happy to help. Related Images: [...]