Posted by
endeavormac – June 18, 2010
Recently I found myself coming across numerous WPA-PSK encrypted wireless APs, with a desire to access them. I think it’s safe to say we all know about the WPA CoWPAtty tables, but these APs did not have names that were in the tables. To make matters worse, at the time the only available hardware I had available was my netbook, and I was attempting ~280 keys a second. With my massive dictionaries with millions and millions of real-world passwords to attempt, it was going to take hours for each AP.
I decided I needed to order my password dictionaries in a manner that would bring the more likely passwords to the beginning, and the least likely passwords to the end. I wasn’t aware of any program that did this, and figured I would write my own.
A few hundred lines of C later and I have a very fast password dictionary ordering program. It is far from perfect, but much better than nothing. It loads the entire dictionary into memory, creates all the information necessary for markov chains, and then uses this information to score each individual password. The passwords are then ordered by their score.
You can find the code in the rainbowsandpwnies googlecode svn repo.
Posted by
endeavormac – May 3, 2010
Only about 1/4 of my projects ever make it to any sort of announcement or release. Usually, those releases are silent through svn somewhere. However, I’ve finally reached the time to take a look at the stock market, and have figured, naturally, my best bet is with tech stocks.
In any case, I thought tonight would be a good chance to share one of those many projects that never see foreign eyes. I thereby present you with my custom spin on what a tech stock tracker should look like. I’m not trading minute to minute, or hour to hour, so I don’t care about real-time stock quotes. What I do care about are new announcements that may tip a stock one way or the other, or stocks that look like they may be headed towards rapid change.
Right now, you’re looking a few hours in python, on a 10 minute cron. It grabs information, parses it, and generates static html. I have plans yet to continue to improve this project. More specifically, I’d like to delve deeper into the news articles, counting keywords that may indicate the direction a stock is about to head. I also planning on grabbing historical stock information and running some regression stats in an attempt to automate finding what stocks are very closely related to one another. If stocks A, B and C are all closely related, and news indicates good things for A and B, good things are most likely in store for C.
Posted by
endeavormac – March 28, 2010
A Quick Background on Perfect Rainbow Tables
Rainbow tables allow us to find plaintexts to cryptographic hash algorithms quickly. They are based off of Hellman Martin’s “A Cryptanalytic Time – Memory Trade-Off“. By including the step in the reduction function, Phillipe Oechslin was able to improve on Hellman Martin’s method, and we came up with Rainbow Tables, the “Faster Cryptanalytic Time – Memory Trade-Off“.
If you are unfamiliar with rainbow tables, it is suggested you become familiar before continuing.
Even rainbow tables are not perfect. They still merge, and merges mean wasted information, wasted space, wasted time. What we really want are perfect rainbow tables. In perfect rainbow tables, each chain has a unique endpoint. We have no merges. They give us nearly the same percentage to find a plaintext as non-perfect rainbow tables, but are much smaller.
More…
Posted by
endeavormac – October 24, 2009
I posted x86 Assembly for C Programmers 1 to reddit and got some great feedback. There were a few things that were brought up, and I’m taking a minute to address some of them (I’m not addressing everything). Thanks to everyone out there who took the time to point out mistakes and make suggestions. More…
Posted by
endeavormac – October 13, 2009
Introduction
I’m writing a series of tutorials on x86 assembly for C programmers who are already familiar with many of the basics of programming and computing. The assembly tutorials available online just aren’t doing it for me, and I need something organized the way I think, on the topics I’m interested in, presented in a way which make comprehensive understanding easy. I’ll do the work, go find the answers, and then drop everything here for you to enjoy.
Please note I do not claim to be an expert on the assembly language.
My interest in assembly is for both optimizing C applications, and the purpose of developing exploits for vulnerabilities in common applications, not write applications in assembly from scratch. I’m not interested in, “Good,” examples of assembly, I’m interested in real examples. This will affect the assembly we look at. More specifically, I write the code in C, compile it with gcc, and what comes out is what we’ll be dissecting.
For the purposes of these tutorials, 32-bit x86 assembly. Everything compiled/built/disassembled on the latest stable distro of Ubuntu. More…