DEF CON 29: Why does my camera scream like a banshee? Signal Analysis & RE

I'll be presenting at DEF CON 29 tomorrow on signal analysis and reverse engineering a strange audio encoding used to configure certain models of wireless security camera. Along with the presentation I've created a tool that lets you pair the camera to your wireless network without using the included vendor app. This streamlines the process to speed further reverse engineering work:

Pre-recorded video can be found here: Why does my security camera scream like a banshee?

LXQt - lubuntu 20.04 shows windows from all virtual desktops / workspaces

After migrating a VM to Lubuntu 20.04 (with LXQt 0.14.1) I noticed that the launch bar / taskbar would show windows from all workspaces. My preference is to view only the ‘current' workspaces windows at any time to reduce accidental switches between desktops. There is an easy way to configure this.

golang sort.Slice - limits of 'int' in function signature

I had an idle question earlier today: can golang support sorting a slice with more than 2,147,483,647 or 4,294,967,295 entries (signed 32bit and unsigned 32bit max values)? Looking at the documentation for sort.Slice it specifies a comparator function with this signature: func(i, j int) bool which got me thinking about what int can represent in golang. int is signed, so is there a way to sort through a slice with a hypothetically enormous number of entries?

Work-around: Terraform 0.11 wants to rebuild EC2 instances when they haven't changed

Terraform claims that my EC2 instance needs to be rebuilt due to changes in the ebs_block_device even though we haven't made any changes to the block device definition. Note the ebs_block_device lines that claim 'forces new resource':

aws_instance.infosec-gatekeeper (new resource required)
      id:                                "i-01234567890123456" => <computed> (forces new resource)
      ami:                               "ami-0123456789abcdef0" => "ami-0123456789abcdef0"
      arn:                               "arn:aws:ec2:us-east-1:098765432109:instance/i-01234567890123456" => <computed>
      associate_public_ip_address:       "false" => <computed>
      availability_zone:                 "us-east-1e => <computed>
      cpu_core_count:                    "1" => <computed>
      cpu_threads_per_core:              "2" => <computed>
      ebs_block_device.#:                                "0" => "1"
      ebs_block_device.1357911171.delete_on_termination: "" => "true" (forces new resource)
      ebs_block_device.1357911171.device_name:           "" => "/dev/xvda" (forces new resource)
      ebs_block_device.1357911171.encrypted:             "" => <computed> (forces new resource)
      ebs_block_device.1357911171.iops:                  "" => ""
      ebs_block_device.1357911171.kms_key_id:            "" => <computed> (forces new resource)
      ebs_block_device.1357911171.snapshot_id:           "" => <computed> (forces new resource)
      ebs_block_device.1357911171.volume_id:             "" => <computed>
      ebs_block_device.1357911171.volume_size:           "" => "16" (forces new resource)
      ebs_block_device.1357911171.volume_type:           "" => "gp2" (forces new resource)

This was in an environment with:

  • terraform
  • aws provider 2.56.0

Switch Hybrid Graphics Mode - Nvidia & Intel

My 'new' travel laptop had an issue with battery life and the issue was traced to power consumption of the Nvidia graphics card. Since I'm not gaming or doing graphics intensive work it makes more sense to stick to the 'integrated' Intel graphics to gain runtime. This is how to change the graphics mode in Ubuntu 20.04.

Disable Laptop Display Auto-Dim - NVidia Optimus Hybrid Graphics

I have a Razer Blade Pro 17 inch laptop and found a behavior that bugged me with no clear way to turn it off: Display auto-dimming. The laptop screen would get dimmer when I switched between applications and darkened to an unacceptable degree when loading VMWare Workstation (full screen). Others have had similar issues with their Razer laptops and had mixed results in finding a resolution.

Migrate Pebble To a New Android Device

I've been a die hard Pebble Smartwatch fan for years now. Since they were acquired a few years back the Pebble App has vanished from the Google App Store and I now need to extract the APK from my old Android device so I can install it on my new one.

The procedure is fairly straight-forward.

Numeric FilePermissionRights in Windows (Generic Access Rights)

While performing an SMB share permissions review we discovered some fileshares with numeric permissions like 268435456 that did not translate to a Human-readable permission set (such as FullControl or ReadAndExecute). We wanted to better understand the numeric permissions.

How to stop Ubuntu 20.04 from auto-adding network printers

I noticed something odd today while using a new laptop with Ubuntu 20.04 installed: A network printer was automatically detected and installed without any intervention on my part. The laptop was connected to a WiFi network where the screen was locked for a few minutes. When I came back I found a notification waiting for me on the login screen about a new printer. The notification disappeared after I entered my unlock password or I'd have included an image here.

Infer Docker Registry Hashes for Local Image Layers

In recent weeks I spent some time working on security analysis of Docker container images in an environment that used multiple container registries. The goal of the project was to ensure that application images are built against known-good / certified base images. There was an unforseen factor that complicated this work- the organizationally approved base images reside in an old Quay Enterprise 2.9.x server that does not support the latest Docker registry API (Image Manifest Version 2, Schema 2) which prohibited a simple check of image layer hashes as the hashes are calculated differently and don't match up.

To get around this I crafted a solution that calculates the 'new' hash for each layer of approved base images and used the calculated layers to compare against application images. If you want to jump to the code, see this repo: InferDockerRegistryHash. For more details, read on below