OnionScanner – A TOR Link Checker

Well last night I got an idea.  I like to checkout the TOR Hidden Services from time to time but it’s a pain in the tail just trying to find a link that actually works.  So I cooked up the OnionScanner!  It’s basically just a TOR link checker.  But feel free to check it out on the home site or on GitHub and let me know what you think.  If you have some ways to improve on it feel free to put in a request.  Even if you just want to port it to another language to make it cross-platform I would greatly appreciate it!


Blind Signal Analysis

So here I am just browsing through the electro-magnetic spectrum with gqrx and I come across a signal…a strong signal at that.  Obviously this piqued my curiosity so I decided to check it out.  I started out by recording just the raw signal with GNURadio and saving it to a file.  Afterwards I ran it through a few filters and put it up on the scope sink, and FFT.  In the end (with the help of a constellation plot) I was able to figure out it was FSK modulated.  I quickly demodulated the signal and through the contents into another file to check out with a hex editor. Continue reading “Blind Signal Analysis”

Fun with Keyfobs!

Anyways, just like I said I would I got into trying to actually demodulate the signal for that fan remote…well as it turns out, after tons of research it seems like the method I posted about in my last entry was the easiest way to “demod” a PWM signal, just doing it by hand.  So I’ve moved on to other stuff.  So, been working on attacks against Keyfobs today (that little button you use to unlock/lock your car) and so far so good. Here’s a screenshot of a little program I’m working on to make IDR (intercept, disrupt, replay) attacks on keyfobs a little easier. When it’s done it will basically sit there and listen for you to push a button, when you do it will jam the signal and save the signal to a file. Then when you push it again it will jam that signal, save the second one to a file, the replay the first one (causing your vehicle to lock/unlock as expected). Continue reading “Fun with Keyfobs!”

Decoding fan remote RF signal

It’s been quite a while since I’ve last posted here so I figured I’d do a little experiment.  I haven’t even touched my SDRs in a few months, but I recently purchased a HackRF and WIFI Pineapple (they haven’t arrived yet) so I figured I’d pull out my old dongles and brush up some on SDR and DSA.  Well, I wanted to start with the simplest thing I could think of so I grabbed a remote control for our ceiling fans and decided I’d try to decode the signal. Continue reading “Decoding fan remote RF signal”

Storing Sessions in a database

Most common applications and “home-brew” sites use sessions for storing temporary data as well as authentication. However,
sometimes a developer may want the session to span over multiple domains and or servers, and some may just be very security
conscience. It is common knowledge that session data is stored in a text file on the webserver, however if you are using
a shared server (as most cannot afford dedicated hosting or VPS) then any user on that server may see your session files.
To prevent this, and allow your user’s sessions to span over multiple domains the answer is easy: store the session data in a
MySQL database! Most of you may not be sure how to do this, or may have even been unaway that this is possible, however it is
very easy. When storing sessions in a database PHP makes the work easy for us with the use of a function called
session_set_save_handler(), this function can control the way that sessions are stored, retrieved, destroyed, etc. Continue reading “Storing Sessions in a database”

Secure Hashing

Many developers believe in the practice of securing passwords and other financial data using a hash function (a function of turning some kind of data into a small number that may serve as a digital “fingerprint”). However just hashing a password isn’t enough it may still be bruteforced and as usernames and passwords are determined by the users not all will meet minimum secure levels so it is up to the developer to pick up where they leave off. Continue reading “Secure Hashing”

Uploading Files

PHP as you all know is a very powerful and yet fairly loose language, however one of it’s very usefully abilities is the ability to upload files. PHP can upload literally any type of file you allow it to. However this can also open up many holes for many exploits, which is why we’ll also cover some basic security along with uploading the files. Continue reading “Uploading Files”