" Wow."

" This episode of Hak5 is brought to you by net flicks. -- And square space."

" Hello and welcome back by this you weekly does tech analyst and here we are at the Marriott warden in. Washington DC force -- Two just. You little hung over we partied last night just a little bit now went on a rampage but they. Solar from moment to. They have excellent parties here's a -- but on top of that yet excellent speakers. Awesome you're professional friends lots of -- use use out here on the people coming up to us in like. In and teeth ache and giving out stickers a lot of the air and -- it is. Now we do anything about us being like the little -- they disagree here is now."

" we've got. You know sway that they've never seen before. You know we have to thank Jason Apple bomb was kindly. Operating the camera right now and being a little tool behind it but. He is the one that actually created these will you column limited limited edition first run and I think."

" Excellent machines that in jacket is probably the official term ends so automating mostly. -- So yeah let's let's just kick it over and -- to some of our awesome skew prevention of friends see what's going on and we'll see yet into the general -- and -- accidentally he splashed lately what's new it and."

" Both -- before we did a complete -- all the in America. And though we really tried to do with it is is make it an automated penetration fees for penetration testers that was blows -- nothing else out there. And done a lot of work with. Payload delivery options word has been done before. By -- restrictions that are out there -- tries act. Box so. What he's -- mean its lead around like two years ray really made a lot of pollution. What is it makes abstracts the others a lot of things I mean that the techniques that we actually use with and fast track animate them before we go through into the sequel injection attacks which he objection that's been around ten years. But we spice it up and actually go through and you post some compromises without government. Having egress connection. If financial it was -- So it's late it's all the tools and literally just automated it allows its it's compromised -- ultimate little effort. And really LCIs find out exactly on those. To me an idea and that I think started. So I was I did a lot of work for the for the backtrack guys and news and backtracked to. And that we start off with a lot of tools -- in -- became out of the -- and so when it it was -- or reading a script that. It sort of thing a lot of tools out there. And certain certainly try to automate you know a lot of that process. And basically -- doesn't apparent test of China and a lot tools out there and you really -- or they were nonexistent. Summing Ocalan has not Communists are right in the stuff and now so I wrote I robot tools that fast track that we try to automate a lot of methodologies my company's here's day. It's really try to break in the systems like we would that would normally takes three days if not more and out of its fiscal second."

" It's so this is basically the same syndrome that any system administrators fallen into in that it. Wow all of this exchange administration stuff is mundane right you're just doing the same thing -- penetration testing."

" Ray you know and and I really wanted to get it out to you a lot of our clients to use so that they can understand what these attacks were prevent against and then meet -- more chance to -- is -- in Antonin on the first day. And some as games of the notes are themselves the real test for we test for. Try to elevate our attacks again it'll look better and edge know initially this -- was just basically a lot scripts are finally ready a lot of stuff together how is that changed. Yes all also all the their cost -- so the the sequel pwnage tool the -- bloopers that does the the -- news injections all those -- Costco and complete the and pencils awkward python. And religious. You know -- isn't so out. Is is working with Metasploit like like the initial version is it an alternative to Metasploit. -- transits or recreate Metasploit by fastening needs to use is brilliant views and he has a lot about you know that's what Obama Audrey stuff. We really strategy was take attacks are the Metasploit. Incorporate them into law fast track so the tools that we're actually using on their house because it. We do use Metasploit for a -- creations no no no no reached agreement -- and with the new it was a few investment code gets passed an embarrassment problem. As a theater technique we want to corporate fast that --"

" Can tell me that that technique my very interest seeing that OK so you've shown like lots of different ways you talk to it to get different you know shells on boxes. But once you got -- box he would deliver your your tools up to your funnel and yet you've got a very interesting creative way to you to do that contentment of this format."

" Excellent so most most people in the new -- Tesla do look at FTP Apple file or TFT here's a link that monitors -- drug that can assist them. What's its fight by antivirus not doing it's about to your CF TV but times egress wise and allow those connections or ideas right guess my planet. If it's -- one. And so we try to do was -- that we can drop him onto the system without ever originating egress connections electoral -- hits. So we have a -- is when do we use windows the bug to take tax -- will drop -- an underlying operating system and use -- the -- to divert our payload that's the next -- Now what's it -- with this is. It is what does he bug has to -- restriction so if you're trying to drop and -- or you know obviously reverse the NC payloads can be of most populous. So you're really limited in a way to drop on the system. And so you'll -- locals village on -- these -- for transferring -- we end up doing was we just rewrote when the Z -- That takes out. Raw tax experts all raw binary so subsequently by passing the windows."

" Or if you publisher side you get your hacked version of the windows do you vote on the witnesses. We use we use. 64 cats and -- speculates there's -- file here's something absolutely. Brilliant and beautiful about the simplicity of abuse in the tool to it to download act version of itself yes and so as far as the -- if -- if you're like extra step in the wire. What would these tools look like -- traffic. Over GGV so it all back -- overseas via silencing. Such talk arts."

" So the only thing that they would ever pick up would be that origination origination connection from the pop box off the Internet or by accelerant that -- Well Patrick really come along way last few years what is coming up nearly four point one. For once got a lot of cool things and it's we got new or a model that releasing that's going to use common goal after or -- you or pwnage and what is there fashions. We are also edit a lot of new features and fast -- corporate news tech sectors. Really it's an ongoing process united and I wrote a practice of Polly tells visuals. And though world's kind of front -- poems and stuff in this hospital source community -- lot of where can people go in get their hands on it you do -- it Beckham in electrical section down there. Not to go to the -- test dot com. And other contests that Tom is where the summer months or is -- has pulled out from there pots also got a bug tracker Wiki. And also we know we go through. We actually following these attacks give you movies for each woman might use it. And then we -- can prevent the attacks so it's it's all ones and let's see how we export system right prevent those attacks during. And that's also -- in the latest back."

" For data that goes there. Awesome and it excellent agreement thank you so much coming on yet to -- The -- talking about your software. That you wireless mapping software would describe it. So what it does is it allows computer to visually represent the information from has meant. -- in a manner that's flexible so we're we're able to extract information. Story database and then query the database to track of information its its interest in that particular user. Now wireless data into databases did not like just taking the is dated it's running a report on or is it different. So you're short all of the information that kids and it would capture. But this allows us to extract information that's useful for -- so for example we can make a graph of visual representation. The Linksys access point that we Xeon chips thanks that are not using encryption. How is this will be news that would you like it scenario what you would use. The G is has been for it so. The key the G is business software that I that I developed. Allows for an organization or an -- go to organizations say let's do a -- audit and can represent only information that is unique to you. So now now for university for example. Only the information that a particular college would have where the you know the group that that brought in the -- consultants. Says I only care about the information from college I don't care about forest university. I don't care about the outer -- lying. Access -- information and it's we we need to see the information we're talking about graphic representation. Of me kind of an idea that. Come together with the uses looks sure so what it does is it it just currently we're we're grappling access points would appoint. In particular place. It's store information about the access points you've seen the list of clients she some information about the tight. I -- lines that are connected the manufacturers. The channels encryption that are being used. And you know the other -- mention she's. Sweet and you tell me earlier about -- integration with. Google maps you have that -- so all all of the graphs are currently being generated are what we're doing is your point -- into Google maps to. Visually represent the data so that's the current grapple. So to use -- would -- is I'm assuming Linux laptop that -- Wi-Fi card GPS. Exactly and all you need to do would be on. Capture the information has minute and then insert the information you Davis -- fairly easy so. Oh where can I get this I'm currently it's available online yet -- dot or. Feel free to you know it's a neat feature requests bugs -- but anything is open source like if they're playing with that it needed in the totally open source and -- allow. People -- visually represent. And here that it's my. We're gonna include India and vector for very exciting. They've -- excellent frequently very much."

" This month. Not only do we have Hawaiian land party games for you but we have to because we know your legs obvious that lives we're playing less Ford said it fell fourteen dot Hak5 dot org. Insomnia panic as ZP dot Hak5 hours. And guess what the servers are already open. We're playing this game on Saturday February 28 and I got to thank our sponsor go -- Godaddy.com makes it easy to customize your own virtual dedicated server. She's one of three popular plans are select your own Linux or windows server with all the plan options you need. Plus if use cut Hak5 you can get ten dollars off the forty dollar order or more -- restrictions apply see the website for details and get your piece of the Internet tags godaddy.com. Next -- we have we have some more awesome interviews from snoop on."

" I -- get involved in putting together a Bluetooth. Monitor. I get involved it was. We you know I I I started working with that would -- radio user he. Actually at work and it wasn't even. Really what I was supposed to be doing first place it was just. Sort of working at these stupid -- communication sciences and there -- some interns there that summer who were basically given a couple of US Turkey's sit through you can do with it. And and like Aaron after I got back from black hat. By. Went to a little presentation that they gave on here's what we've been able to do with these user -- the end of the Summers you know. And what I hope we count these this has tremendous potential for security work so I just immediately jumped in started. Learn what it could. And I don't know how I sort of bigger problem to -- it I was looking at. What you -- he maybe could do in general and thinking. All the different kinds of wireless technologies that are out there and at some point I'd. Ran across. -- paper. Using the US -- to decode a single channel a Bluetooth. His very first implementation that. And that kind of gave me some other ideas of like well maybe we can reverse popping sequence and so forth. Ultimately dying and the contacting him. We."

" Start working. So why is it that. Sniffing. Bluetooth. Are monitoring Bluetooth is so much more difficult than it is with my attitude at eleven radio -- can't put it might part of promiscuous mode --"

" If you're -- and in. Your reader to go up and radio. Card they're pretty much every card. Is monitor -- capability these days right man though a lot of -- Iraq project to. But that just isn't available in with a Bluetooth chip sets. Days. For example the most common Bluetooth chips that has court later and that looks for brains. And at the precinct organizations sequence is unique to a particular address. So. The -- earlier than women and men in hardware. Has. -- in an address to it were to be able to find packets in the first place to get to have prior knowledge of the address in order to locate packets. Unless the packets have some standard addresses something like it just a."

" Packets so so is that why you can't just to conflict. A key is meant for. As an analogy has meant for Bluetooth and then targets a single yet society or Mac address whatever maybe."

" You could if you have prior knowledge of the address or you are only produced several -- Now there's an image business because. -- and it. It could be used with. Other hardware and addition to -- show the two modules. We're talking about maybe integrating business -- the US or -- that were. So you be more expensive module than one you have built in tears opera. But it would -- you."

" We might be able to get -- capabilities. Bluetooth monitoring to tools like its march art work. Now you when asked to. Where the difficulty is with just using a Bluetooth only mentioned hopping just to numbers from your -- said that there are 79 channels. An enemy getting this right that -- rounds of nine megahertz. That's correct and 1600 hops per second and so that that's what through what is that one packet -- hop or has."

" It is one packet per crop there well there is a time slot that starts every sixty times per second time slot. And at each of those time slots. Is. There's a new channel selection. Now a single packet can't stand one to five times lots. And it will remain on that frequency for the duration of the pack. So if you have very long packet that takes -- multiple times slots then you'll skip some of the next pops until the next packet start. Edit and it'll it'll stay an effort into Pakistan so the maximum -- rate is one packet per time slot. But it can't be less sun than that. Due to packet -- longer or it can be lesson that just due to -- at the trafficking sparse. It's like I've never seen believe."

" I've never seen a fully busy Hutus network so far that had every single time -- occupied. Even a fairly busy network like. A mobile phone access to use what's at the times."

" Now you can't about this problem by using dvd US hockey to do stepping what kind of what kind of approaches and difficulties did you first. Attempt to an end and learn when you started to try to actually spent the entire spectrum be the 79 channels."

" Well. It right off the bat it. We didn't have -- wait to get all of channels. Without a lot of work. Dominic at -- with this implementation. It is signals. And -- it should be relatively easy to extend that to. City channels in the case views are viewed by council speakers are too. But not likely to be done real time. So why is that. Just because of the amount CPU time required to process the -- waveform. We're dealing with a lot of bits per second it is the US -- it it's. Is spitting out. A pair of 32 byte. Sorry a pair 32 bit blows. Where every single sample point five of them per second. Right that's not USB based. It doesn't fit on -- yeah bus and a lot of the biggest problem with the US -- Q one per. And so that's what they've had upgraded with the user -- news its has has meted based on BB ethernet bus accident USB bus. And even then they Gigabit ethernet is the bottleneck. It is the PGA on the user to. Passed that down convert from a hundred examples for a second all the way down point five million samples per second. Not doctor bounce Apple got in order to. Just ignore it over the Gigabit ethernet bus so that's really or limitation and then when we get that all those bids were coming and very higher rate. To a host computer. Processing them is very expensive CPU wise and processing them 25 times as much so do all point but channel with the typical laptop's dual core system were -- able to achieve. Roughly one channel per core. So I can on -- up companies dialogue successfully able to. Decode two channels that time not successfully able to be code -- some packets word detective Oliver's account but drop --"

" Well it sounds like a complicated problems and and efforts -- thinking about it okay if I can do one channel for core. -- channels. Just throw a lot of money to for a lot of iron for a lot of brute force that it but that's not the approach you ended up taking what's -- what kind of and that's did you in the cheating coming here to end up getting back kind of spectrum what we did 22 different tricks."

" And it and ultimately. A big iron solution is really the only way you're going to build the monitors -- can detect. All Bluetooth devices on all channels simultaneously. But if you're interested in targeting only a particular network single peek at a time. Then. That it and is only using one frequency at -- time. So one the first trick that we use is to actually follow the popping sequence -- pseudo random sequence. And that allows us to select the correct channel of the correct time and only have to decode one channel times. We have to predict where it's going to hop right. Right -- for predict the popping sequence pseudo random sequence that is based. It is. Overly complex algorithm. That it but it basically takes. The address of the master device and the -- clock -- the master device and crunches some numbers and spits out channel number. And the clock value the address doesn't change and so once we're able to work address that the clock value. Increments 3200 times per second and it's twenty bit number 27 of which is used for this this -- popping out. So we just calculate the entire table of every possible. Pop. Every possible channel occurs it each clock. And and then we observe a much packets and say well we got we got -- this time on this channel and we got one. X number of times thoughts later on this of the channel you know one X number of times a slicker so it channel. And it's just searched through that -- sequence until we find -- sometimes it takes you tries have to get more packets sometimes -- we did you -- Hit actually it is hopping tends to result in a lot of repeats."

" So it. If it's at random but it's not random okay. What that's the crazy awesome science and so now they you can you can submit -- soon. It's following that without getting too technical and how we're actually tricking the US LPR he had to do you -- doing that. Let's talk about the practical so simulate we do. The ability to. To stick it right what can we do that now and and you've shown some proof of concept currently. What surprised you about that."

" What are we so what do we do with it now we have it. That's a big question and it's something Dominic I have is to discuss and we sort of -- put off because we've been so focused on just getting packets that. And there's two so much work -- has gone it's just getting packets are to the point now we're week we finally -- packets and yet we could prove Marco equipment we have packets that would reduce them. Is -- big question that we just. Past -- talked about yesterday when things keep -- there is. Is truck right there demo word you used. Dominant single -- solution. Two. Recovered the address of the device and then. Subsequently. Configure -- off the show Bluetooth cars. To use that device and spoof the master. And convinced -- is select the next time that Bluetooth headset for example turned off and on again it could connect. To the malicious device. Instead of connecting to the cellphone. You can also do a man -- the middle attack where possible. There're a number of taxes. Develop there was an effective -- mentioned. On via -- Algorithm but it apparent protocol and so we we capture the whole. Pairing process now -- actually leave trial that algorithm off. -- captures that we acquired. Already. And we haven't tried that yet. We can also -- all kinds of higher level a higher layers. -- agree with commitment and create wear shirt and there's a lot that could be. That we hope that the work that we've done so far and it opens the door to. Always. He tried using US therapy to do any sort of objection. To your question because the US RP one of the great things about it is that it can transmit and receive. It. Is difficult however to to happen. Very precise timing and with the transmit and receive. There's some new code that being worked on right now that allows them you've been signaling to trip to -- Problems but. But there there are different challenges. One of the things reversing the -- sequence is is it allows us to. Know which channel we would have to transmit on at what particular time. In order to inject traffic into network. Also o'clock. Values required to to do part of a package what. Process in addition to knowing what -- it on actually clock. In order to format -- first place. So we require the address we are archery device that Ricans who we find. We've acquired clock value. And we could in theory use that to generate new packets what men and transmit them correct time immigrant."

" Now when you first started this project how much the Bluetooth stack did you now. We've been there enough but what surprised you the most when you start getting really nitty gritty with Bluetooth."

" I think what surprised me the most what does."

" The fact that. There are her over -- billion Bluetooth devices. Man. For almost none of them. He. Here's -- zero zero zero zero is here I thought. -- they have they have -- games -- that are easily hackable -- if they're not zero zero zero zero which most of them are. And most of them don't use any encryption there's there's encryption standard in the Bluetooth but if but it. And it's been don't have some weaknesses but but nothing yet. -- devices used. And people are using Bluetooth or -- the -- was -- train conductors in the UK have Bluetooth enabled credit card. Readers. In states we have."

" Wireless traffic control systems. Traffic signal control system that use them to see Dorado and turn on traffic lights it's turned off the plate. And they're being used you know had censored ubiquitous that people -- conversation so time. And you have a you know you have an encrypted communications. Between your phone and phone network. And what you're transmitting your that same conversation in the clear between your pets that your phone."

" Right. So given. The proof of concept how far we are right now with like re search given the the expense of the US Turkey to at least 1400 dollars that's been. The base model without daughter board so it's a little little bit on top of that. Do you think and then when you think if it is possible that there would be some sort of off the shelf solution for you know -- hacker to start really playing with --"

" I don't know right now you know we've only just got to the point where we have a device that's that's you know the cost of a nice laptop that can't do this stuff. And it's we're just kind of exploring what we can do with that at this point. Getting to the point where it's it's as affordable as they -- Wi-Fi. Hackable Wi-Fi module. We're a long way from that. And if we ever get there it's probably going to. Come in the form packing some kind of off show device. Unfortunately right now all off the shelf devices that we you know. Are are not. Capable even with custom firmware flash on them but doing -- would do it yours to do so way. I I don't see it time and in the near future win this technology is going become accessible -- thousand dollar level. Is there place of people complain with the code or play with the Bluetooth dumps they've done. Yes. And we have a project called GR Hutus GR I can Bluetooth. Supposed to outsourced orders -- sort word answer for here to we have. Our first release was made the other day version there -- about to work so confident that we do that. Half and we. We also put together package. Short sample files that are captured wave forms. Actually the very devices that are refusing demo today they could reconstruct the codec thanks to listen back to conversation. Theoretically. Yes you should. You should be able to and that's one of the higher earlier things that we haven't done yet -- decoding the audio so you can actually listen to conversations from the packets that we. Captured right. But theoretically from those those. Samples that are on the website you should be able to act because that audio and tell me what was someone waiting for the you know from the -- tell me what was being set on -- phone call -- lab."

" This is very exciting is very very early days of of this type of Bluetooth packing -- The challenges. That have to be overcome before that the -- simple tools. Can be put together to really take advantage of practical. Mike thanks so much and I really appreciate you are obvious from your time and a."

" Last week's trivialize. Our friend -- find uses a cast of portals of power funds by. The open source project that forks from that captive portal in 2008. And I was correctly answer by force master in 1990. You correctly answered with -- We're gonna give force -- one of awesome awesome CDs from dual core. At dual core music dot com you can check out what this stuff. And if you check out this week's trivia it's Hak5 dot org slash trivia. And use levels letters that are popping up all over the place during this episode. -- that ends hopefully get the trivia answer rights. And then maybe we'll send you some awesome cool little giveaway if you instant -- 24 hours. And last but not least I'd like to thank our sponsor Netflix Netflix thank you so much for sponsoring this episode of Hak5. With Netflix to commence over 90000 titles online including possibly -- titles with free shipping both ways to hear house. They now have over forty shipping centers almost all deliveries happen in just one this Tuesday. Plus Netflix plans start at only 499. And as a new member you can get it -- week. No risk free trial membership at www. Netflix.com slash Hak5 and please don't forget the three w.'s. And I think we got a couple more awesome interviews from snoop on voice and yeah."

" It is so mister X how did you get involved with. With aircrack. Just gets interest and and one is because again of doing rested its. At the end of the year I got and you and your leapt up with the -- And then -- and number of ways because I wanted to test everything. And then phones -- correct and that this interest it and and it's. Cemented that -- more precious to you today few days. Some point the -- or affect affect disappeared. We we go to any news. And what's -- on December 2005. I and then. And in February. I didn't have the very it's six. So they're -- because. Chris wanted to make modifications thinking human history from me but that's onto what's a good idea to share this to the community to feedback send. -- How is the project evolved since you first started. Working on aircrack -- played them up another few forms. Like NBA's. Some to -- do did you via text to -- in the news."

" So tell me about the speeds which cracking. What kind of that's what kind of techniques can we see in the future or or even now to it increases you cracking."

" You can use. -- pronounce it initiate. You can mostly used to be you. -- because. Let us not just in cringe but that's spent."

" You already know -- down on mine V yeah. We try to supports it -- stream to. And that's pretty fast but think ethernet. And that Johnny you read up heels and great selling books what's been keeping you busy lately it's the the the book sales have been just absolutely phenomenal. I've been I've been amazingly -- these you know on Google acting was yeah was phenomenal -- really well. But the than volume two came expected but sales increased in this thing was still -- And then no attack you know stealing book in the middle there -- is doing serious and -- it was just like this Grand Slam books. So I -- really happy with books. I I ended on notes at acting which to great. It was it was my style death fund as a great talk you thanks thanks and and people are really -- who have a lot of people. But I got Apple -- like you know what -- break yet doesn't book projects knowledge that feel burned out but I felt pretty fulfilled. Like you know this is a good place to quit for -- So I did the the notes checkbook all the proceeds are going back into -- so I think that's part of the reason that selling really well. There might be some some church lawn somewhere but it --"

" Its -- and Africa now. -- you talk to us about the charity last year it's become when we get a live show and then we forgot to -- little red white wires and mixers wouldn't get audio but we had a lot of fun putting it together the -- The law all cats episode is probably one of -- yeah yeah I was I just it was just a layer just politicians got New York and he absolutely love is ultimately. Just a it's completely logo and added of that reduce certain parts of the backwards it's tonight Leo. So to tell me how to the security come -- how to how to Packard go into the -- charity work."

" Let's that's the big question so. I mean I was. I was like most people this community mean thruster technolust had I edited. You know stay in on the cutting edge you know -- and has been doing physical students. I mean you never know -- Iran to -- everything that's cutting it -- it absolutely everything. So my wife. Wanted to go to Africa spin a couple of his way to go to our children. So she got an opportunity to go like -- church and and I was like -- as you're doing. So she went. And I was I was it black hat. I think two years ago. And I open my talk saying you know -- my -- got a text message from my wife who's in redundancies tell me that she just got -- water. And chickens walk with her normally goes next few. And I waltz and the -- we bathroom him incentives palace of the marble walls and LCD flat screen in the light. Well we're like world the way the heck was she came back with some some footage that really struck me. We've seen in national geographic -- Two lines rivals like we've got used to this. We'll she came back as a as our own footage and she showed me pictures these these kids. -- you know happiness. Like laugh and like dirt. You know one shirt like ripped to shreds oh by the way this child -- both sides. There's an orphan living with a family of twelve this is the oh by the way they haven't eaten we. I was like with a happy about. You know that that like sort of -- yeah obviously you know my my -- it doesn't have you -- the right amount of milk or sugar in the morning -- Yeah these kids you know -- difference I was curious about that. Next year the trip came around again -- ago. And that's that's where things are -- interest. I was picture -- and in under a picture and you know doing some constructions. You know typical. Whatever instrument houses. I do if you manually record profits grew about patents that Pakistan and your lightbulbs. Good lightbulbs. But when I got there what they really want it is they found out I was a computer guy and it turned out the organization of working with had computer systems that don't. That word like overrun the viruses. And needed all this work and so I spent two weeks -- computer work. And never expected that."

" You know why is it that us as geeks and and and you know -- that you can go anywhere he can't go home for the holidays remove the spyware it. So -- is -- the -- in the if your if your computer guy you can Pixar where you can do all this crap but it's expected. But that's really valuable and I mean -- that's really cool that they've they've got access and."

" I mean it's why you think about it it's like you know you go to grandma's house for Thanksgiving and you know our computers overrun with spyware and you fix that that's like. So valuable outside the context here. You know like here that's not a big deal when you do that for somebody doesn't have access to huge deal. But it was even bigger deal because. A virus on a computer in a Third World country for non government organization is holding spreadsheets the children. We're getting money for food from sponsors probably in the US a virus stupid macro virus and excel spreadsheet. This connects everything yet and now it's like we have this money -- supposed to go to got a kid that's not you'd. So my work there. Opened my eyes light up back here and I'm doing cool stuff who still -- still love the tech. But it's knowledge goes saved anybody's life was like big downer. That are -- talked it was like this given little bit. 23 weeks you'll be over. Two months later I'm still think. So then as I thought about like our community all the skill that we have the idea that I came up with was let's see if we can connect the skill. In this community we need. In underdeveloped countries and that's where hackers Richards started. So out has them to get involved and active for charity and what could expect to volunteer do you. They -- very we're keeping it small and try to do a few things well so right now we have a basic mailing -- go to Google groups list to sign up for that. Something comes along and for example that your view -- it's a website and so we've got this -- in the can afford to pay anybody interest in building a website. The ideas what will we want to do offer our technical initiatives want to connect. People are looking for jobs in the community looking to improve their careers were some brilliant. Hacker has flipping burgers that's not even work at and T we get jobs. Good jobs better job of this idea yet so little we do it and them will connect with people have the need that can afford it. It's a win win. And it's all about this magic word empowerment. It's improving the life. Technologists. Hackers to better jobs by improve and all the same time improving things for -- And in turn improving the life of the people pictures. So so far hasn't been doing. It's been it's been overwhelming. I had no idea that there was this sort of latent. Goodness in the community I mean I knew it and -- Hackers are good people we we can -- and leftover equipment for like a well over an hour and there's gonna steal that there'll be -- that's that they mean there's media perception that hackers are people. It's a side benefit of having done this but it's the media start to take -- ago. Hackers. Working with charities. You know them they're like confused by. Will they shouldn't be. You know me so to answer your question it's been. Really overwhelmingly positive to the point I realized I needed to focus on you know war full ever. So we've got you got the technology. Program you know we're looking to connect skills with the this thing we're doing is building classrooms. Computer -- East Africa -- Yeah this always tell you something like hardware is donations or Blake what. In the classrooms in one night. We used to first cluster was built entirely -- donated laptops that we logged over suitcases. Most of them made it over and and molested some of one of them vanished one of them didn't work. It was expensive it was heavy. And so we used to take old equipment try to get it there it's just too hard. It's too expensive so what we do now is about three weeks are sites going to be up full steam. We're a temporary -- users or let people know what's going click a button say I've got this hardware. The service I don't me comes in and says we got a buyer. Buyers can pick up the -- takes a percentage gives us the rest of money. We by computer equipment race and and you get the new stuff and and it's a great way to get rid of all of this PCI cards that are laying around in my closet absolutely. So we wanted to find a way to use your -- trail most people are gonna get rid of perfectly working whole. Computers or perfectly working laptops and you throw an X this drone or something it's perfectly. -- what people have crap. We want to take that -- in the stuff that makes a difference. The very rewarding different. Yeah and and that's part of what I want to encourage people looking in the lewis'. You know what you connect with something like that really. That that really changes starts changing people's lives. It sticks with you. You know it's and it's it's addictive it's part of you know give him yet is that it is that it keeps go so word we've been encouraged by. So where can you encourage your viewers to go in and -- old -- units and there at their web services or or IT skills. Yeah our website as hackers for charity dot -- It's we also of this the tag line is -- actuaries. I pictured. And that's what raises eyebrows people who like. You an argument in the computer's like do. And so it's in our web sites are website it's pretty pretty low budget right now because we were completely revamping everything. To honestly to make up were. -- and we've gotten much interest that there is so just check out our website and we'll --"

" Thank you so much to us that spectrum oh and also the the pineapple Hak5 pineapple yeah Leon you guys got here the you know which isn't Z -- Sager answer it write me is. That's that. Anyway the pineapple. They're built this awesome pineapple in common according to -- involved in physics who's a -- project ahead. Okay somebody donated is awesome by a global five -- first an auction and people are going not story it's. It's our biggest silent auction -- So far but it's exciting I've never -- I've never made a pineapple for anyone else so. This it's the lyrical itself left and right if they were cheap enough for me -- is thanks getting thank you. Appreciate that yeah."

" Our guess that wraps up marsh move con 2009 episode. We want to thank Bruce and Heidi potter and all the -- here for. The great converts that they actually put on and digging into it you know there's there's conference is like these that we'd like to go to all the time. Enchantment about that a little bit later but I want to let you guys know about the survey that's currently going on it revision3.com. Slash. Hak5 -- it's very important that jazz they'll announce we get some sort of feedback and you know it it. Some people like it's way too long now it's really now you have retain -- before this is you know. Cakewalk so call ahead revision3.com. Slash Hak5 survey and get your. Form village now on. Yeah exactly. So. And now kicking it over to the lovely. -- jacket wearing Janet."

" That name. And just and yet guys think you so so much for supporting us everything that we've been doing. On if you want to support is even -- ago for going to conventions like this line. And bringing you these are awesome interviews and -- school projects that everybody's been doing these days. You can head over to Hak5 dot org slash stickers we have plenty of awesome cool -- sticker packs -- The got a pineapple sticker evil servers sticker. Stick it out. And there we gas. And evil server sticker or else. -- play any any sense of thank you so much for supporting us and you know check if you want."

" Q and when until you guys about season five because it is right around the corner but before I do I have to that what -- world -- sponsors for making this show happen. And that is square space if you head over to www. squares is talk com. And you sign up the coupon -- act by the -- 10% off select you order plants started just like eight dollars month and and a really awesome web hosting service with very unique. Web creation content creation system that's Alex back input on the front and where you can create a page in like minutes whether it's anything -- my blog too big corporate website I'm personally actually putting together a big corporate website and and decided you square space as the engine for it and my trial was expiring and as unlike trying to convince management that -- this is the way to go right. So 1030 and I I send tickets saying hey money on -- that expired in an extension until the twentieth. Oh yeah two minutes later 1030 at night while this was east coast but dude that's that's an awesome service a taken out -- he's about -- five sports show and we love sports and so critical now. She's -- as excited. Yes. Well okay so on 26 episodes that is the season if you've ever watched to season of Star Trek you know next generation lives and who and com. And basically we feel that. The gradient the gradual. Production enhancements and everything we've seen in season four. Have resulted in actually better content especially the last quarter of the season you've noticed leap and bound and and then -- research and and the production. Quality that we can put into it not because you're pretty much nailed down production. Do one HD was really for a while but by human thinking about."

" That's a pain in the ass. We the you know we tried a couple different solutions we add HD cameras that were shooting composite into a garbage mixer and -- problems at all of his well here. And finally. You know with the help bug you know as you're guys donations. It really. Is now not an issue we can take everything out of the box. So it dropped the box set everything up in what 45 minutes -- less then you know so. Hey it it it's it's no longer a you know in the back of our head is you know is audio -- it is you know this rating is you know my guy and so."

" I feel like it's it's -- much better. Yes so -- production on now that it's still very hacker set up because we didn't go with a twelve grand mixer weekend with the grand mixer. But I would get their little hack solution for a lot less and we'll see guys that's in because it's it's really inventive and and whatnot on. Yeah but it's act at work so we we're very happy with that so it now that that's that online doing an excellent stuff so she's in five look for next week -- break during."

" you know we've got to DC you said and gradual XP and gradual. We're getting a monkey that's in the pool -- he continued questions that you conservative and or different instances -- people on. Com so if I want to thank you guys were attending again. Can we -- its. Students -- worthwhile for cheap and portable compact five."

" remind you the I take --"

" And you're here it's become. And it's one of those conferences where your lake."

" the freeze like you to eighty. A -- here in the hotel."

" With a Mike. That doesn't -- He's better at it than me to six the good version from a kernel not for word press. Catch me on the Hak5 site inspecting or making a sequel truncation injection. You can -- it for real every -- squeal as MySQL to adult then and that's for real. Hak5 dual core we get together and make things rain just like the weather. I'm Darren Kitchen from Hak5 we've been hanging out that they --"

" Wow."

" This episode of Hak5 is brought to you by net flicks. -- And square space."

" Hello and welcome back by this you weekly does tech analyst and here we are at the Marriott warden in. Washington DC force -- Two just. You little hung over we partied last night just a little bit now went on a rampage but they. Solar from moment to. They have excellent parties here's a -- but on top of that yet excellent speakers. Awesome you're professional friends lots of -- use use out here on the people coming up to us in like. In and teeth ache and giving out stickers a lot of the air and -- it is. Now we do anything about us being like the little -- they disagree here is now."

" we've got. You know sway that they've never seen before. You know we have to thank Jason Apple bomb was kindly. Operating the camera right now and being a little tool behind it but. He is the one that actually created these will you column limited limited edition first run and I think."

" Excellent machines that in jacket is probably the official term ends so automating mostly. -- So yeah let's let's just kick it over and -- to some of our awesome skew prevention of friends see what's going on and we'll see yet into the general -- and -- accidentally he splashed lately what's new it and."

" Both -- before we did a complete -- all the in America. And though we really tried to do with it is is make it an automated penetration fees for penetration testers that was blows -- nothing else out there. And done a lot of work with. Payload delivery options word has been done before. By -- restrictions that are out there -- tries act. Box so. What he's -- mean its lead around like two years ray really made a lot of pollution. What is it makes abstracts the others a lot of things I mean that the techniques that we actually use with and fast track animate them before we go through into the sequel injection attacks which he objection that's been around ten years. But we spice it up and actually go through and you post some compromises without government. Having egress connection. If financial it was -- So it's late it's all the tools and literally just automated it allows its it's compromised -- ultimate little effort. And really LCIs find out exactly on those. To me an idea and that I think started. So I was I did a lot of work for the for the backtrack guys and news and backtracked to. And that we start off with a lot of tools -- in -- became out of the -- and so when it it was -- or reading a script that. It sort of thing a lot of tools out there. And certain certainly try to automate you know a lot of that process. And basically -- doesn't apparent test of China and a lot tools out there and you really -- or they were nonexistent. Summing Ocalan has not Communists are right in the stuff and now so I wrote I robot tools that fast track that we try to automate a lot of methodologies my company's here's day. It's really try to break in the systems like we would that would normally takes three days if not more and out of its fiscal second."

" It's so this is basically the same syndrome that any system administrators fallen into in that it. Wow all of this exchange administration stuff is mundane right you're just doing the same thing -- penetration testing."

" Ray you know and and I really wanted to get it out to you a lot of our clients to use so that they can understand what these attacks were prevent against and then meet -- more chance to -- is -- in Antonin on the first day. And some as games of the notes are themselves the real test for we test for. Try to elevate our attacks again it'll look better and edge know initially this -- was just basically a lot scripts are finally ready a lot of stuff together how is that changed. Yes all also all the their cost -- so the the sequel pwnage tool the -- bloopers that does the the -- news injections all those -- Costco and complete the and pencils awkward python. And religious. You know -- isn't so out. Is is working with Metasploit like like the initial version is it an alternative to Metasploit. -- transits or recreate Metasploit by fastening needs to use is brilliant views and he has a lot about you know that's what Obama Audrey stuff. We really strategy was take attacks are the Metasploit. Incorporate them into law fast track so the tools that we're actually using on their house because it. We do use Metasploit for a -- creations no no no no reached agreement -- and with the new it was a few investment code gets passed an embarrassment problem. As a theater technique we want to corporate fast that --"

" Can tell me that that technique my very interest seeing that OK so you've shown like lots of different ways you talk to it to get different you know shells on boxes. But once you got -- box he would deliver your your tools up to your funnel and yet you've got a very interesting creative way to you to do that contentment of this format."

" Excellent so most most people in the new -- Tesla do look at FTP Apple file or TFT here's a link that monitors -- drug that can assist them. What's its fight by antivirus not doing it's about to your CF TV but times egress wise and allow those connections or ideas right guess my planet. If it's -- one. And so we try to do was -- that we can drop him onto the system without ever originating egress connections electoral -- hits. So we have a -- is when do we use windows the bug to take tax -- will drop -- an underlying operating system and use -- the -- to divert our payload that's the next -- Now what's it -- with this is. It is what does he bug has to -- restriction so if you're trying to drop and -- or you know obviously reverse the NC payloads can be of most populous. So you're really limited in a way to drop on the system. And so you'll -- locals village on -- these -- for transferring -- we end up doing was we just rewrote when the Z -- That takes out. Raw tax experts all raw binary so subsequently by passing the windows."

" Or if you publisher side you get your hacked version of the windows do you vote on the witnesses. We use we use. 64 cats and -- speculates there's -- file here's something absolutely. Brilliant and beautiful about the simplicity of abuse in the tool to it to download act version of itself yes and so as far as the -- if -- if you're like extra step in the wire. What would these tools look like -- traffic. Over GGV so it all back -- overseas via silencing. Such talk arts."

" So the only thing that they would ever pick up would be that origination origination connection from the pop box off the Internet or by accelerant that -- Well Patrick really come along way last few years what is coming up nearly four point one. For once got a lot of cool things and it's we got new or a model that releasing that's going to use common goal after or -- you or pwnage and what is there fashions. We are also edit a lot of new features and fast -- corporate news tech sectors. Really it's an ongoing process united and I wrote a practice of Polly tells visuals. And though world's kind of front -- poems and stuff in this hospital source community -- lot of where can people go in get their hands on it you do -- it Beckham in electrical section down there. Not to go to the -- test dot com. And other contests that Tom is where the summer months or is -- has pulled out from there pots also got a bug tracker Wiki. And also we know we go through. We actually following these attacks give you movies for each woman might use it. And then we -- can prevent the attacks so it's it's all ones and let's see how we export system right prevent those attacks during. And that's also -- in the latest back."

" For data that goes there. Awesome and it excellent agreement thank you so much coming on yet to -- The -- talking about your software. That you wireless mapping software would describe it. So what it does is it allows computer to visually represent the information from has meant. -- in a manner that's flexible so we're we're able to extract information. Story database and then query the database to track of information its its interest in that particular user. Now wireless data into databases did not like just taking the is dated it's running a report on or is it different. So you're short all of the information that kids and it would capture. But this allows us to extract information that's useful for -- so for example we can make a graph of visual representation. The Linksys access point that we Xeon chips thanks that are not using encryption. How is this will be news that would you like it scenario what you would use. The G is has been for it so. The key the G is business software that I that I developed. Allows for an organization or an -- go to organizations say let's do a -- audit and can represent only information that is unique to you. So now now for university for example. Only the information that a particular college would have where the you know the group that that brought in the -- consultants. Says I only care about the information from college I don't care about forest university. I don't care about the outer -- lying. Access -- information and it's we we need to see the information we're talking about graphic representation. Of me kind of an idea that. Come together with the uses looks sure so what it does is it it just currently we're we're grappling access points would appoint. In particular place. It's store information about the access points you've seen the list of clients she some information about the tight. I -- lines that are connected the manufacturers. The channels encryption that are being used. And you know the other -- mention she's. Sweet and you tell me earlier about -- integration with. Google maps you have that -- so all all of the graphs are currently being generated are what we're doing is your point -- into Google maps to. Visually represent the data so that's the current grapple. So to use -- would -- is I'm assuming Linux laptop that -- Wi-Fi card GPS. Exactly and all you need to do would be on. Capture the information has minute and then insert the information you Davis -- fairly easy so. Oh where can I get this I'm currently it's available online yet -- dot or. Feel free to you know it's a neat feature requests bugs -- but anything is open source like if they're playing with that it needed in the totally open source and -- allow. People -- visually represent. And here that it's my. We're gonna include India and vector for very exciting. They've -- excellent frequently very much."

" This month. Not only do we have Hawaiian land party games for you but we have to because we know your legs obvious that lives we're playing less Ford said it fell fourteen dot Hak5 dot org. Insomnia panic as ZP dot Hak5 hours. And guess what the servers are already open. We're playing this game on Saturday February 28 and I got to thank our sponsor go -- Godaddy.com makes it easy to customize your own virtual dedicated server. She's one of three popular plans are select your own Linux or windows server with all the plan options you need. Plus if use cut Hak5 you can get ten dollars off the forty dollar order or more -- restrictions apply see the website for details and get your piece of the Internet tags godaddy.com. Next -- we have we have some more awesome interviews from snoop on."

" I -- get involved in putting together a Bluetooth. Monitor. I get involved it was. We you know I I I started working with that would -- radio user he. Actually at work and it wasn't even. Really what I was supposed to be doing first place it was just. Sort of working at these stupid -- communication sciences and there -- some interns there that summer who were basically given a couple of US Turkey's sit through you can do with it. And and like Aaron after I got back from black hat. By. Went to a little presentation that they gave on here's what we've been able to do with these user -- the end of the Summers you know. And what I hope we count these this has tremendous potential for security work so I just immediately jumped in started. Learn what it could. And I don't know how I sort of bigger problem to -- it I was looking at. What you -- he maybe could do in general and thinking. All the different kinds of wireless technologies that are out there and at some point I'd. Ran across. -- paper. Using the US -- to decode a single channel a Bluetooth. His very first implementation that. And that kind of gave me some other ideas of like well maybe we can reverse popping sequence and so forth. Ultimately dying and the contacting him. We."

" Start working. So why is it that. Sniffing. Bluetooth. Are monitoring Bluetooth is so much more difficult than it is with my attitude at eleven radio -- can't put it might part of promiscuous mode --"

" If you're -- and in. Your reader to go up and radio. Card they're pretty much every card. Is monitor -- capability these days right man though a lot of -- Iraq project to. But that just isn't available in with a Bluetooth chip sets. Days. For example the most common Bluetooth chips that has court later and that looks for brains. And at the precinct organizations sequence is unique to a particular address. So. The -- earlier than women and men in hardware. Has. -- in an address to it were to be able to find packets in the first place to get to have prior knowledge of the address in order to locate packets. Unless the packets have some standard addresses something like it just a."

" Packets so so is that why you can't just to conflict. A key is meant for. As an analogy has meant for Bluetooth and then targets a single yet society or Mac address whatever maybe."

" You could if you have prior knowledge of the address or you are only produced several -- Now there's an image business because. -- and it. It could be used with. Other hardware and addition to -- show the two modules. We're talking about maybe integrating business -- the US or -- that were. So you be more expensive module than one you have built in tears opera. But it would -- you."

" We might be able to get -- capabilities. Bluetooth monitoring to tools like its march art work. Now you when asked to. Where the difficulty is with just using a Bluetooth only mentioned hopping just to numbers from your -- said that there are 79 channels. An enemy getting this right that -- rounds of nine megahertz. That's correct and 1600 hops per second and so that that's what through what is that one packet -- hop or has."

" It is one packet per crop there well there is a time slot that starts every sixty times per second time slot. And at each of those time slots. Is. There's a new channel selection. Now a single packet can't stand one to five times lots. And it will remain on that frequency for the duration of the pack. So if you have very long packet that takes -- multiple times slots then you'll skip some of the next pops until the next packet start. Edit and it'll it'll stay an effort into Pakistan so the maximum -- rate is one packet per time slot. But it can't be less sun than that. Due to packet -- longer or it can be lesson that just due to -- at the trafficking sparse. It's like I've never seen believe."

" I've never seen a fully busy Hutus network so far that had every single time -- occupied. Even a fairly busy network like. A mobile phone access to use what's at the times."

" Now you can't about this problem by using dvd US hockey to do stepping what kind of what kind of approaches and difficulties did you first. Attempt to an end and learn when you started to try to actually spent the entire spectrum be the 79 channels."

" Well. It right off the bat it. We didn't have -- wait to get all of channels. Without a lot of work. Dominic at -- with this implementation. It is signals. And -- it should be relatively easy to extend that to. City channels in the case views are viewed by council speakers are too. But not likely to be done real time. So why is that. Just because of the amount CPU time required to process the -- waveform. We're dealing with a lot of bits per second it is the US -- it it's. Is spitting out. A pair of 32 byte. Sorry a pair 32 bit blows. Where every single sample point five of them per second. Right that's not USB based. It doesn't fit on -- yeah bus and a lot of the biggest problem with the US -- Q one per. And so that's what they've had upgraded with the user -- news its has has meted based on BB ethernet bus accident USB bus. And even then they Gigabit ethernet is the bottleneck. It is the PGA on the user to. Passed that down convert from a hundred examples for a second all the way down point five million samples per second. Not doctor bounce Apple got in order to. Just ignore it over the Gigabit ethernet bus so that's really or limitation and then when we get that all those bids were coming and very higher rate. To a host computer. Processing them is very expensive CPU wise and processing them 25 times as much so do all point but channel with the typical laptop's dual core system were -- able to achieve. Roughly one channel per core. So I can on -- up companies dialogue successfully able to. Decode two channels that time not successfully able to be code -- some packets word detective Oliver's account but drop --"

" Well it sounds like a complicated problems and and efforts -- thinking about it okay if I can do one channel for core. -- channels. Just throw a lot of money to for a lot of iron for a lot of brute force that it but that's not the approach you ended up taking what's -- what kind of and that's did you in the cheating coming here to end up getting back kind of spectrum what we did 22 different tricks."

" And it and ultimately. A big iron solution is really the only way you're going to build the monitors -- can detect. All Bluetooth devices on all channels simultaneously. But if you're interested in targeting only a particular network single peek at a time. Then. That it and is only using one frequency at -- time. So one the first trick that we use is to actually follow the popping sequence -- pseudo random sequence. And that allows us to select the correct channel of the correct time and only have to decode one channel times. We have to predict where it's going to hop right. Right -- for predict the popping sequence pseudo random sequence that is based. It is. Overly complex algorithm. That it but it basically takes. The address of the master device and the -- clock -- the master device and crunches some numbers and spits out channel number. And the clock value the address doesn't change and so once we're able to work address that the clock value. Increments 3200 times per second and it's twenty bit number 27 of which is used for this this -- popping out. So we just calculate the entire table of every possible. Pop. Every possible channel occurs it each clock. And and then we observe a much packets and say well we got we got -- this time on this channel and we got one. X number of times thoughts later on this of the channel you know one X number of times a slicker so it channel. And it's just searched through that -- sequence until we find -- sometimes it takes you tries have to get more packets sometimes -- we did you -- Hit actually it is hopping tends to result in a lot of repeats."

" So it. If it's at random but it's not random okay. What that's the crazy awesome science and so now they you can you can submit -- soon. It's following that without getting too technical and how we're actually tricking the US LPR he had to do you -- doing that. Let's talk about the practical so simulate we do. The ability to. To stick it right what can we do that now and and you've shown some proof of concept currently. What surprised you about that."

" What are we so what do we do with it now we have it. That's a big question and it's something Dominic I have is to discuss and we sort of -- put off because we've been so focused on just getting packets that. And there's two so much work -- has gone it's just getting packets are to the point now we're week we finally -- packets and yet we could prove Marco equipment we have packets that would reduce them. Is -- big question that we just. Past -- talked about yesterday when things keep -- there is. Is truck right there demo word you used. Dominant single -- solution. Two. Recovered the address of the device and then. Subsequently. Configure -- off the show Bluetooth cars. To use that device and spoof the master. And convinced -- is select the next time that Bluetooth headset for example turned off and on again it could connect. To the malicious device. Instead of connecting to the cellphone. You can also do a man -- the middle attack where possible. There're a number of taxes. Develop there was an effective -- mentioned. On via -- Algorithm but it apparent protocol and so we we capture the whole. Pairing process now -- actually leave trial that algorithm off. -- captures that we acquired. Already. And we haven't tried that yet. We can also -- all kinds of higher level a higher layers. -- agree with commitment and create wear shirt and there's a lot that could be. That we hope that the work that we've done so far and it opens the door to. Always. He tried using US therapy to do any sort of objection. To your question because the US RP one of the great things about it is that it can transmit and receive. It. Is difficult however to to happen. Very precise timing and with the transmit and receive. There's some new code that being worked on right now that allows them you've been signaling to trip to -- Problems but. But there there are different challenges. One of the things reversing the -- sequence is is it allows us to. Know which channel we would have to transmit on at what particular time. In order to inject traffic into network. Also o'clock. Values required to to do part of a package what. Process in addition to knowing what -- it on actually clock. In order to format -- first place. So we require the address we are archery device that Ricans who we find. We've acquired clock value. And we could in theory use that to generate new packets what men and transmit them correct time immigrant."

" Now when you first started this project how much the Bluetooth stack did you now. We've been there enough but what surprised you the most when you start getting really nitty gritty with Bluetooth."

" I think what surprised me the most what does."

" The fact that. There are her over -- billion Bluetooth devices. Man. For almost none of them. He. Here's -- zero zero zero zero is here I thought. -- they have they have -- games -- that are easily hackable -- if they're not zero zero zero zero which most of them are. And most of them don't use any encryption there's there's encryption standard in the Bluetooth but if but it. And it's been don't have some weaknesses but but nothing yet. -- devices used. And people are using Bluetooth or -- the -- was -- train conductors in the UK have Bluetooth enabled credit card. Readers. In states we have."

" Wireless traffic control systems. Traffic signal control system that use them to see Dorado and turn on traffic lights it's turned off the plate. And they're being used you know had censored ubiquitous that people -- conversation so time. And you have a you know you have an encrypted communications. Between your phone and phone network. And what you're transmitting your that same conversation in the clear between your pets that your phone."

" Right. So given. The proof of concept how far we are right now with like re search given the the expense of the US Turkey to at least 1400 dollars that's been. The base model without daughter board so it's a little little bit on top of that. Do you think and then when you think if it is possible that there would be some sort of off the shelf solution for you know -- hacker to start really playing with --"

" I don't know right now you know we've only just got to the point where we have a device that's that's you know the cost of a nice laptop that can't do this stuff. And it's we're just kind of exploring what we can do with that at this point. Getting to the point where it's it's as affordable as they -- Wi-Fi. Hackable Wi-Fi module. We're a long way from that. And if we ever get there it's probably going to. Come in the form packing some kind of off show device. Unfortunately right now all off the shelf devices that we you know. Are are not. Capable even with custom firmware flash on them but doing -- would do it yours to do so way. I I don't see it time and in the near future win this technology is going become accessible -- thousand dollar level. Is there place of people complain with the code or play with the Bluetooth dumps they've done. Yes. And we have a project called GR Hutus GR I can Bluetooth. Supposed to outsourced orders -- sort word answer for here to we have. Our first release was made the other day version there -- about to work so confident that we do that. Half and we. We also put together package. Short sample files that are captured wave forms. Actually the very devices that are refusing demo today they could reconstruct the codec thanks to listen back to conversation. Theoretically. Yes you should. You should be able to and that's one of the higher earlier things that we haven't done yet -- decoding the audio so you can actually listen to conversations from the packets that we. Captured right. But theoretically from those those. Samples that are on the website you should be able to act because that audio and tell me what was someone waiting for the you know from the -- tell me what was being set on -- phone call -- lab."

" This is very exciting is very very early days of of this type of Bluetooth packing -- The challenges. That have to be overcome before that the -- simple tools. Can be put together to really take advantage of practical. Mike thanks so much and I really appreciate you are obvious from your time and a."

" Last week's trivialize. Our friend -- find uses a cast of portals of power funds by. The open source project that forks from that captive portal in 2008. And I was correctly answer by force master in 1990. You correctly answered with -- We're gonna give force -- one of awesome awesome CDs from dual core. At dual core music dot com you can check out what this stuff. And if you check out this week's trivia it's Hak5 dot org slash trivia. And use levels letters that are popping up all over the place during this episode. -- that ends hopefully get the trivia answer rights. And then maybe we'll send you some awesome cool little giveaway if you instant -- 24 hours. And last but not least I'd like to thank our sponsor Netflix Netflix thank you so much for sponsoring this episode of Hak5. With Netflix to commence over 90000 titles online including possibly -- titles with free shipping both ways to hear house. They now have over forty shipping centers almost all deliveries happen in just one this Tuesday. Plus Netflix plans start at only 499. And as a new member you can get it -- week. No risk free trial membership at www. Netflix.com slash Hak5 and please don't forget the three w.'s. And I think we got a couple more awesome interviews from snoop on voice and yeah."

" It is so mister X how did you get involved with. With aircrack. Just gets interest and and one is because again of doing rested its. At the end of the year I got and you and your leapt up with the -- And then -- and number of ways because I wanted to test everything. And then phones -- correct and that this interest it and and it's. Cemented that -- more precious to you today few days. Some point the -- or affect affect disappeared. We we go to any news. And what's -- on December 2005. I and then. And in February. I didn't have the very it's six. So they're -- because. Chris wanted to make modifications thinking human history from me but that's onto what's a good idea to share this to the community to feedback send. -- How is the project evolved since you first started. Working on aircrack -- played them up another few forms. Like NBA's. Some to -- do did you via text to -- in the news."

" So tell me about the speeds which cracking. What kind of that's what kind of techniques can we see in the future or or even now to it increases you cracking."

" You can use. -- pronounce it initiate. You can mostly used to be you. -- because. Let us not just in cringe but that's spent."

" You already know -- down on mine V yeah. We try to supports it -- stream to. And that's pretty fast but think ethernet. And that Johnny you read up heels and great selling books what's been keeping you busy lately it's the the the book sales have been just absolutely phenomenal. I've been I've been amazingly -- these you know on Google acting was yeah was phenomenal -- really well. But the than volume two came expected but sales increased in this thing was still -- And then no attack you know stealing book in the middle there -- is doing serious and -- it was just like this Grand Slam books. So I -- really happy with books. I I ended on notes at acting which to great. It was it was my style death fund as a great talk you thanks thanks and and people are really -- who have a lot of people. But I got Apple -- like you know what -- break yet doesn't book projects knowledge that feel burned out but I felt pretty fulfilled. Like you know this is a good place to quit for -- So I did the the notes checkbook all the proceeds are going back into -- so I think that's part of the reason that selling really well. There might be some some church lawn somewhere but it --"

" Its -- and Africa now. -- you talk to us about the charity last year it's become when we get a live show and then we forgot to -- little red white wires and mixers wouldn't get audio but we had a lot of fun putting it together the -- The law all cats episode is probably one of -- yeah yeah I was I just it was just a layer just politicians got New York and he absolutely love is ultimately. Just a it's completely logo and added of that reduce certain parts of the backwards it's tonight Leo. So to tell me how to the security come -- how to how to Packard go into the -- charity work."

" Let's that's the big question so. I mean I was. I was like most people this community mean thruster technolust had I edited. You know stay in on the cutting edge you know -- and has been doing physical students. I mean you never know -- Iran to -- everything that's cutting it -- it absolutely everything. So my wife. Wanted to go to Africa spin a couple of his way to go to our children. So she got an opportunity to go like -- church and and I was like -- as you're doing. So she went. And I was I was it black hat. I think two years ago. And I open my talk saying you know -- my -- got a text message from my wife who's in redundancies tell me that she just got -- water. And chickens walk with her normally goes next few. And I waltz and the -- we bathroom him incentives palace of the marble walls and LCD flat screen in the light. Well we're like world the way the heck was she came back with some some footage that really struck me. We've seen in national geographic -- Two lines rivals like we've got used to this. We'll she came back as a as our own footage and she showed me pictures these these kids. -- you know happiness. Like laugh and like dirt. You know one shirt like ripped to shreds oh by the way this child -- both sides. There's an orphan living with a family of twelve this is the oh by the way they haven't eaten we. I was like with a happy about. You know that that like sort of -- yeah obviously you know my my -- it doesn't have you -- the right amount of milk or sugar in the morning -- Yeah these kids you know -- difference I was curious about that. Next year the trip came around again -- ago. And that's that's where things are -- interest. I was picture -- and in under a picture and you know doing some constructions. You know typical. Whatever instrument houses. I do if you manually record profits grew about patents that Pakistan and your lightbulbs. Good lightbulbs. But when I got there what they really want it is they found out I was a computer guy and it turned out the organization of working with had computer systems that don't. That word like overrun the viruses. And needed all this work and so I spent two weeks -- computer work. And never expected that."

" You know why is it that us as geeks and and and you know -- that you can go anywhere he can't go home for the holidays remove the spyware it. So -- is -- the -- in the if your if your computer guy you can Pixar where you can do all this crap but it's expected. But that's really valuable and I mean -- that's really cool that they've they've got access and."

" I mean it's why you think about it it's like you know you go to grandma's house for Thanksgiving and you know our computers overrun with spyware and you fix that that's like. So valuable outside the context here. You know like here that's not a big deal when you do that for somebody doesn't have access to huge deal. But it was even bigger deal because. A virus on a computer in a Third World country for non government organization is holding spreadsheets the children. We're getting money for food from sponsors probably in the US a virus stupid macro virus and excel spreadsheet. This connects everything yet and now it's like we have this money -- supposed to go to got a kid that's not you'd. So my work there. Opened my eyes light up back here and I'm doing cool stuff who still -- still love the tech. But it's knowledge goes saved anybody's life was like big downer. That are -- talked it was like this given little bit. 23 weeks you'll be over. Two months later I'm still think. So then as I thought about like our community all the skill that we have the idea that I came up with was let's see if we can connect the skill. In this community we need. In underdeveloped countries and that's where hackers Richards started. So out has them to get involved and active for charity and what could expect to volunteer do you. They -- very we're keeping it small and try to do a few things well so right now we have a basic mailing -- go to Google groups list to sign up for that. Something comes along and for example that your view -- it's a website and so we've got this -- in the can afford to pay anybody interest in building a website. The ideas what will we want to do offer our technical initiatives want to connect. People are looking for jobs in the community looking to improve their careers were some brilliant. Hacker has flipping burgers that's not even work at and T we get jobs. Good jobs better job of this idea yet so little we do it and them will connect with people have the need that can afford it. It's a win win. And it's all about this magic word empowerment. It's improving the life. Technologists. Hackers to better jobs by improve and all the same time improving things for -- And in turn improving the life of the people pictures. So so far hasn't been doing. It's been it's been overwhelming. I had no idea that there was this sort of latent. Goodness in the community I mean I knew it and -- Hackers are good people we we can -- and leftover equipment for like a well over an hour and there's gonna steal that there'll be -- that's that they mean there's media perception that hackers are people. It's a side benefit of having done this but it's the media start to take -- ago. Hackers. Working with charities. You know them they're like confused by. Will they shouldn't be. You know me so to answer your question it's been. Really overwhelmingly positive to the point I realized I needed to focus on you know war full ever. So we've got you got the technology. Program you know we're looking to connect skills with the this thing we're doing is building classrooms. Computer -- East Africa -- Yeah this always tell you something like hardware is donations or Blake what. In the classrooms in one night. We used to first cluster was built entirely -- donated laptops that we logged over suitcases. Most of them made it over and and molested some of one of them vanished one of them didn't work. It was expensive it was heavy. And so we used to take old equipment try to get it there it's just too hard. It's too expensive so what we do now is about three weeks are sites going to be up full steam. We're a temporary -- users or let people know what's going click a button say I've got this hardware. The service I don't me comes in and says we got a buyer. Buyers can pick up the -- takes a percentage gives us the rest of money. We by computer equipment race and and you get the new stuff and and it's a great way to get rid of all of this PCI cards that are laying around in my closet absolutely. So we wanted to find a way to use your -- trail most people are gonna get rid of perfectly working whole. Computers or perfectly working laptops and you throw an X this drone or something it's perfectly. -- what people have crap. We want to take that -- in the stuff that makes a difference. The very rewarding different. Yeah and and that's part of what I want to encourage people looking in the lewis'. You know what you connect with something like that really. That that really changes starts changing people's lives. It sticks with you. You know it's and it's it's addictive it's part of you know give him yet is that it is that it keeps go so word we've been encouraged by. So where can you encourage your viewers to go in and -- old -- units and there at their web services or or IT skills. Yeah our website as hackers for charity dot -- It's we also of this the tag line is -- actuaries. I pictured. And that's what raises eyebrows people who like. You an argument in the computer's like do. And so it's in our web sites are website it's pretty pretty low budget right now because we were completely revamping everything. To honestly to make up were. -- and we've gotten much interest that there is so just check out our website and we'll --"

" Thank you so much to us that spectrum oh and also the the pineapple Hak5 pineapple yeah Leon you guys got here the you know which isn't Z -- Sager answer it write me is. That's that. Anyway the pineapple. They're built this awesome pineapple in common according to -- involved in physics who's a -- project ahead. Okay somebody donated is awesome by a global five -- first an auction and people are going not story it's. It's our biggest silent auction -- So far but it's exciting I've never -- I've never made a pineapple for anyone else so. This it's the lyrical itself left and right if they were cheap enough for me -- is thanks getting thank you. Appreciate that yeah."

" Our guess that wraps up marsh move con 2009 episode. We want to thank Bruce and Heidi potter and all the -- here for. The great converts that they actually put on and digging into it you know there's there's conference is like these that we'd like to go to all the time. Enchantment about that a little bit later but I want to let you guys know about the survey that's currently going on it revision3.com. Slash. Hak5 -- it's very important that jazz they'll announce we get some sort of feedback and you know it it. Some people like it's way too long now it's really now you have retain -- before this is you know. Cakewalk so call ahead revision3.com. Slash Hak5 survey and get your. Form village now on. Yeah exactly. So. And now kicking it over to the lovely. -- jacket wearing Janet."

" That name. And just and yet guys think you so so much for supporting us everything that we've been doing. On if you want to support is even -- ago for going to conventions like this line. And bringing you these are awesome interviews and -- school projects that everybody's been doing these days. You can head over to Hak5 dot org slash stickers we have plenty of awesome cool -- sticker packs -- The got a pineapple sticker evil servers sticker. Stick it out. And there we gas. And evil server sticker or else. -- play any any sense of thank you so much for supporting us and you know check if you want."

" Q and when until you guys about season five because it is right around the corner but before I do I have to that what -- world -- sponsors for making this show happen. And that is square space if you head over to www. squares is talk com. And you sign up the coupon -- act by the -- 10% off select you order plants started just like eight dollars month and and a really awesome web hosting service with very unique. Web creation content creation system that's Alex back input on the front and where you can create a page in like minutes whether it's anything -- my blog too big corporate website I'm personally actually putting together a big corporate website and and decided you square space as the engine for it and my trial was expiring and as unlike trying to convince management that -- this is the way to go right. So 1030 and I I send tickets saying hey money on -- that expired in an extension until the twentieth. Oh yeah two minutes later 1030 at night while this was east coast but dude that's that's an awesome service a taken out -- he's about -- five sports show and we love sports and so critical now. She's -- as excited. Yes. Well okay so on 26 episodes that is the season if you've ever watched to season of Star Trek you know next generation lives and who and com. And basically we feel that. The gradient the gradual. Production enhancements and everything we've seen in season four. Have resulted in actually better content especially the last quarter of the season you've noticed leap and bound and and then -- research and and the production. Quality that we can put into it not because you're pretty much nailed down production. Do one HD was really for a while but by human thinking about."

" That's a pain in the ass. We the you know we tried a couple different solutions we add HD cameras that were shooting composite into a garbage mixer and -- problems at all of his well here. And finally. You know with the help bug you know as you're guys donations. It really. Is now not an issue we can take everything out of the box. So it dropped the box set everything up in what 45 minutes -- less then you know so. Hey it it it's it's no longer a you know in the back of our head is you know is audio -- it is you know this rating is you know my guy and so."

" I feel like it's it's -- much better. Yes so -- production on now that it's still very hacker set up because we didn't go with a twelve grand mixer weekend with the grand mixer. But I would get their little hack solution for a lot less and we'll see guys that's in because it's it's really inventive and and whatnot on. Yeah but it's act at work so we we're very happy with that so it now that that's that online doing an excellent stuff so she's in five look for next week -- break during."

" you know we've got to DC you said and gradual XP and gradual. We're getting a monkey that's in the pool -- he continued questions that you conservative and or different instances -- people on. Com so if I want to thank you guys were attending again. Can we -- its. Students -- worthwhile for cheap and portable compact five."

" remind you the I take --"

" And you're here it's become. And it's one of those conferences where your lake."

" the freeze like you to eighty. A -- here in the hotel."

" With a Mike. That doesn't -- He's better at it than me to six the good version from a kernel not for word press. Catch me on the Hak5 site inspecting or making a sequel truncation injection. You can -- it for real every -- squeal as MySQL to adult then and that's for real. Hak5 dual core we get together and make things rain just like the weather. I'm Darren Kitchen from Hak5 we've been hanging out that they --"