Wednesday, January 4, 2017

Rebble: Pebble Reborn

The Pebble smartwatch has meant a lot of things to a lot of people. From a strong leadership position at the forefront of what seemed like a smartwatch revolution, Pebble emphasized simplicity, and complementing the computer you already carry in your pocket instead of replicating it. Eschewing touchscreens for tactility, power-hungry OLEDs for power-sipping always-on LCDs, and embracing multiple platforms while others targeted just Android or iOS, Pebble has always focused on what matters most to users, and as a result, a vibrant community of fans quickly formed around them. A well-fostered subset of that community were developers, attracted by Pebble’s fantastic documentation, delightful SDK, and general amazing treatment of developers. Realizing as I type this that some of the preceding links may soon stop working following Pebble’s shutdown is incredibly disconcerting. Yet these feelings of unease and uncertainty have been harnessed by the developer community to create our own next chapter in the Pebble story - a chapter that we have decided to title Rebble. (shout out to @Northeastpaw on the officially unofficial Pebble Dev Discord server for advocating this name!)
Since the rumours began, and only increasing with their confirmation, a groundswell of support from developers and the community at large has resulted in countless suggestions, ideas, and projects to extend the Pebble legacy beyond its fateful denouement. The aim of Rebble is to bring the many disparate efforts under a single banner, concentrating energy and enthusiasm to maximize the likelihood of continuance and resurgence of Pebble as a platform. There are a vast quantity of extremely talented individuals ready to commit their time and expertise to extending the longevity of our wrist-based companion, from app distribution to hardware reverse-engineering, from archival to revival, from community to companion apps. Browse this site to find out more about our current projects, our ever-growing team, and the knowledge we’ve amassed so far. Peruse the FAQ, then please, sign up for our newsletter, join the #rebirth channel on the officially unofficial Pebble Dev Discord server, or just send us your ideas and words of encouragement via Twitter. Pebble’s tangible assets may have been liquidated, but its greatest asset of all, its amazing user and developer communities, endure, rebelling against our assumed fate, and seeing our wonderful little wearables reborn! :triumph:

Thursday, December 29, 2016

Shutdown Windows PC using a Pebble smartwatch

You need a:

Pebble smartwatch (any model)
Tasker app
PebbleTasker app
Install python-2.7.9 for Windows
Install pywin32-219.win32-py2.7 for Windows

Scripts:

save as http-shutdown.py the code below

#!/usr/bin/env python
# -*- coding: utf-8 -*-

# HTTP Shutdown for Windows 2014.3.15
# Copyright (c) 2014 Renato Silva
# GNU GPLv2 licensed

import sys
from cgi import parse_qs, escape
from wsgiref.simple_server import make_server
from win32api import ExitWindowsEx, GetCurrentProcess
from win32security import AdjustTokenPrivileges, LookupPrivilegeValue, OpenProcessToken
from win32security import TOKEN_ADJUST_PRIVILEGES, TOKEN_QUERY
from win32con import EWX_FORCE, EWX_LOGOFF, EWX_SHUTDOWN, SE_PRIVILEGE_ENABLED, SE_SHUTDOWN_NAME

def logoff_and_shutdown():
    shutdown_privilege = ((LookupPrivilegeValue(None, SE_SHUTDOWN_NAME), SE_PRIVILEGE_ENABLED),)
    token_handle = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY)
    AdjustTokenPrivileges(token_handle, 0, shutdown_privilege)
    ExitWindowsEx(EWX_LOGOFF | EWX_SHUTDOWN | EWX_FORCE, 0)

def application(environment, start_response):
    start_response('200 OK', [('Content-Type', 'text/plain')])
    path = environment.get('PATH_INFO', '').lstrip('/')
    parameters = parse_qs(environment.get('QUERY_STRING', ''))
    auth = escape(parameters.get('auth', [''])[0])

    if not path == 'shutdown': return ['hi']
    if not auth == AUTHENTICATION_KEY: return ['denied']
    logoff_and_shutdown()
    return ['started']

if len(sys.argv) != 4 or sys.argv[1] in ['-h', '--help']:
    print "Usage: %s [host] [port] [path to authentication key]" % sys.argv[0]
    sys.exit()

with open(sys.argv[3]) as file: AUTHENTICATION_KEY = file.read().strip()
server = make_server(sys.argv[1], int(sys.argv[2]), application)
server.serve_forever()

open notepad and type password and save as pwd.txt

open another notepad, copy paste the code below, and save as shutdown.bat

http-shutdown.py 192.168.0.206 1111 pwd.txt

On Tasker app:

Click Tasks and click + sign. Named it shutdownpc. Click + sign again. Click Net. Click HTTP Post.
In the Server:Port type 192.168.0.206:1111 then in the Path type shutdown?auth=password then saved.

On PebbleTasker app:

Open PebbleTasker then on Select Default Tasks choose which button you want to assign the shutdownpc or any button you want. And choose shutdownpc.

To make this work is you have to saved all scripts on the same folder. Then double click shutdown.bat. And now you can open your pebbletasker app in your pebble and click the assigned button to shutdown your computer.

Note: PC and Phone must be on the same subnet. And change the local IP base on your network subnet.

Kickstarter backed a Pebble 2

Pebble 2 is the uncompromising smartwatch for the active and active at heart. Thin, lightweight, and durable, Pebble 2 will help track your sleep, activity, and heart-rate, all at an unbeatable price.

Pebble 2 is compatible with iPhones running iOS 8 or later and Android devices running OS 4.3 or later. It is water resistant to 30M, and has a battery life of up to 7 days.

Starting at just $99 on Kickstarter, Pebble 2 is available in 5 sporty colors: Black Cloud, Charcoal Flame, Charcoal Lime, White Aqua, and White Cloud.

Features
Pebble 2 exists on the same ecosystem as the Time-series watches and has all the features we love about our previous lineup.

    Up to a week of battery life
    Always on, always readable
    Water resistant
    Timeline
    For more information about Pebble's timeline, please click here.
    Pebble Health
    For more information about Pebble Health, please click here.
    Discrete Notifications
    13,000 apps
    Music Control
    Alarms and Smart Alarms
    Voice Input
    30-Day Money-back Guarantee

Thursday, April 7, 2016

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker


Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies--and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyberspace, always three steps ahead and labeled unstoppable. But for Kevin, hacking wasn't just about technological feats-it was an old fashioned confidence game that required guile and deception to trick the unwitting out of valuable information.

Driven by a powerful urge to accomplish the impossible, Mitnick bypassed security systems and blazed into major organizations including Motorola, Sun Microsystems, and Pacific Bell. But as the FBI's net began to tighten, Kevin went on the run, engaging in an increasingly sophisticated cat and mouse game that led through false identities, a host of cities, plenty of close shaves, and an ultimate showdown with the Feds, who would stop at nothing to bring him down. 

Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.

My review on this book

While reading this book I feel the thrill of the true story about this man. Always hungry of new information and technology around him. Always one step ahead on the people who chase him. The funny part is how he simply manipulate his victims in doing what he want them to do even after being fooled many times. A honest man and not boastful of his hacks. Another big plus is most the hacks depended as much on "social engineering", his main weapon. Plus an awesome skills on phreaking. Mitnick was more relax and confident at social engineering people as he was writing code. You must read his book!

Rootcon X: Call For Papers


Call For Papers

Let the freshest hacks be submitted and share them among the hacker community.

Guidelines

Where to submit? - Submit your paper to cfp [at] rootcon [dot] org

Email Subject - email your talks with subject line of RC10 CFP Submission - [TOPIC NAME]

Submission Deadline - will be before June 13, 2016

Minimum Time: 30 minutes

Maximum Time: 45 minutes

Topics of interest but not limited to:

- Real-life hack (responsible disclosure)
- Non-tech hacking
- New tool release
- Exploit Development
- Reverse Engineering
- Web Application Attacks
- Tools 101 (Metasploit, Nmap, etc…etc…)
- Wireless Attacks (3G, 4G, 802.11(x))
- Cloud Security
- Vulnerability Discovery
- OS Level Vulnerabilities
- Physical Security (Lock picking – Digital Locks or Digital Safes)
- SQL Injections
- Vendor Appliance Vulnerabilities
- Exploitation Techniques
- Mobile Security

ROOTCON 10 Call For Papers Form

(*) Denotes Mandatory Field

Please copy the needed information together with the agreement and paste them on a .txt format.

Speaker's Bio

This part should contain a little info about yourself, what you do, etcetera - to be posted on the site.

Personal Information

* Speaker Name :

* Title and Company (if applicable):

* Email Address :

* Mobile Number :

* Backup speaker name :

* Email Address :

* Mobile Number :

* Have you talked on previous ROOTCON events or any organized events under ROOTCON ? Yes or No.:

Presentation Information

This part should contain info about your presentation.

* Name of Presentation: (name goes here)

* Abstract: (A sketchy summary of your presentation which we can post on the website, giving the attendee an idea what your presentation is about in a nutshell.)

* Time: AM, PM or Anytime will do

* Day: Day 1 or Day 2? (Applicable to speakers that has only one topic)

Audience Participation needed? Yes or No.

LCD Projector? Yes or No.

Internet access? Yes or No, if yes specify wireless or wired.

White Board? Yes or No.

* Any other equipment requirements? Please specify.

* Location: Metro Manila, Others please specify.

Copyright Agreement

I warrant that the above presentation is of my own work, or if copied, permission has been obtained from the author for publications on ROOTCON 10, and that I will give credits accordingly.

I will grant permission to ROOTCON to post my presentation on the ROOTCON Relics after the event.

Speaking Remuneration Agreement:

1. As a ROOTCON speaker, you will be entitled to the following benefits:

a. Free registration to ROOTCON 10 will enjoy all benefits included on registration. (This will include Swags, Food, etc)
b. Speakers coming from within the Philippines (domestic) will be free of airfare and accommodation (ROOTCON preferred hotel and airline).
c. Speakers coming from outside the Philippines (international) will be free of accommodation (ROOTCON preferred hotel).
d. One ROOTCON speaker token.
e. One Speaker Badge
f. And of course free booze all throughout the conference.
g. Access to ROOTCON 10 post-con party.
h. Certificate of attendance (speaking engagement) by request.

2. ROOTCON will be responsible for providing all equipments and setup needed for the presentation as stated on the Equipment Needs.

3. ROOTCON will not be responsible for all other expenses not included on the Equipment Needs and on the benefits stated above.

4. Creation of the presentation will be done by the speaker himself. ROOTCON members can assist the speaker such as preparing the LCD Projector, white board, prepare the stage, setup of the microphone and assistance during the demo. Other requests should be addressed to the ROOTCON organizing committee.

5. ROOTCON will not disclose speakers personal and contact information unless stated by the speaker.

6. ROOTCON must not be held liable for the safety of their speakers before, during and after the event.

7. Speaker will be held liable in creating his/her disclaimer if the presentation contains hacking exposure.

8. In the event the speaker changes his topic, he must inform the cfp [at] rootcon dot org one (1) month before the event; new topic will be subject to approval.

9. Speakers are advised to check-in at the hotel one (1) day before the event. This is to meet the organizing committee, give you proper orientation about the venue, prepare your equipments and discuss other important matters before the event.

10. On the event proper, the speakers should be at the venue an hour or two prior to his or her presentation.

11. Speaker who wishes to decline or backs out from his speaking engagement, he should inform cfp [at] rootcon dot org one (1) month before the event.

12. Substitution is allowed provided that the original speaker will look for his own substitute and inform the organizing committee the complete profile of the new speaker (substitute) one month before the event.

13. ROOTCON will only pay the additional hotel accommodation if the speaker has pending tracks on the following day

14. To maintain the quality of topics, all topics are selected according to awesomeness level.

15. Final Presentation materials should be sent to cfp [at] ROOTCON /./ org, one month before the CON. This is for security reasons in any case the speaker lost his .ppt presentation due to laptop corruption or any other unexpected circumstances.

I, (insert your name here), have read the above and understand and agree to the terms as detailed in the Speaking Remuneration Agreement and Copyright Agreement.

In the event the Speaker failed to comply with the Speaking Remuneration Agreement and Copyright Agreement, ROOTCON reserves its right to revoke any benefits entitled to the speaker.

More info here.