2022-07-02 Checking hotel keycard security
For the first time in years I was staying in a hotel again for one night. The key for the hotel was a creditcard sized plastic card so I assumed immediately it was an RFID based card. Years ago I would have needed my linux laptop and the touchatag NFC reader to understand more about the keycard, but we're in some form of the future now, so I used NFC taginfo by NXP on my phone and held the keycard up to the phone. The taginfo app made the happy noise and told me it was an NXP mifare classic card. The app even told me most sectors had a default key of FF:FF:FF:FF:FF:FF. One sector was not accessible due to a different key but with mfoc (Mifare Classic offline cracker) or one of the other attacks on the Mifare classic I could probably get access to that sector. So in theory with something like the proxmark I could clone keycards of other visitors. Or clone the keycard of the cleaning crew which gives a lot more access. Update: A bit of searching finds this: Researchers Find Way to Create Master Keys to Hotels - F-Secure Blog. I don't know if the lock I looked at is the same system as the system in this article.
2022-06-23 It seems someone doesn't like it I write about bitcoin extortion scams
Today I'm seeing bounces of bitcoin scam mail, with about the same text as in the bitcoin extortion scam of about a week ago, but with a different bitcoin wallet. In the body of the mail the claim is that the criminal hacked the mailbox of the victim and can now send as the victim, but this criminal decided to 'get even' with me at the same time and contradict himself by setting the sender address to my e-mail address. So I'm now browsing the bounces and see the bitcoin wallet for this scam is 1Mjt2xobFExdZBGfjTVDcgzJWQxRxoHBdA which hasn't scammed anyone yet. As always: don't fall for these scams. Earlier items about bitcoin extortion scams: Earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier (although I think bitcoin is generally a really bad idea and a huge scam)Read the rest of It seems someone doesn't like it I write about bitcoin extortion scams
2022-06-19 Complete reports of our trip to Iceland
Recently I realized I am quite enjoy stories and videos of travel. As we had our own travel adventure a month ago I decided to write about it extensively as the memory was still fresh and I wanted to mentally relive that trip and get some experience in writing about my travels. With some help of the pictures, the list of hotel reservations and checking the maps there is now a complete set of stories of this holiday. I backdated the stories to the days they happened which was for me the logical choice. The reports per day:
In general this was a really good vacation. Iceland has the kind of raw nature and geology I enjoy visiting. The people are really friendly and helpful. Compared to our earlier visits it is clear Iceland is more prepared for visiting tourists without turning into a tourist trap. Iceland has turned even more cashless than in earlier visits. With a credit card and a debit card you can pay almost everything, even contactless international payments work. We saw a problem with paying with Android pay after a few days so we stopped doing that. Mobile phone and mobile data coverage is near-perfect along the roads. It's probably a good idea to not rely on mobile phone when you go on inland hiking trails but as long as you are sticking to paved and gravel roads there is lots of coverage. The first pictures have been integrated, for some days I need to copy more pictures from the camera to flickr to add these to the collection.
- Trip to Iceland day 1
- Trip to Iceland day 2
- Trip to Iceland day 3
- Trip to Iceland day 4
- Trip to Iceland day 5
- Trip to Iceland day 6
- Trip to Iceland day 7
- Trip to Iceland day 8
- Trip to Iceland day 9
- Trip to Iceland day 10
- Trip to Iceland day 11
- Trip to Iceland day 12
- Trip to Iceland day 13
- Trip to Iceland day 14
- Trip to Iceland day 15
2022-06-16 Time for some more bitcoin extortion spam
I hadn't seen these in my inbox in English for a while, but here we go again.Hi! You can consider this message as the last warning. We've hacked your system! This information can destroy your reputation once and for all in a matter in minutes. You have the opportunity to prevent irreversible consequences. To do so you need to: Transfer 1200 USD (US dollars) to our Bitcoin wallet. Don't know how to make a transfer? Enter "Buy Bitcoin" into the search box. Our Bitcoin wallet (BTC Wallet): bc1q4r05c7wdazh87ty9x9968e2r90w72rhtq5jl43 After you make the payment, your video and audio recordings will be completely destroyed and you can be 100% sure that we won't bother you again. You have time to think about it and make the transfer - 50 hours!As always: don't fall for these scams. Earlier items about bitcoin extortion scams: Earlier, earlier, earlier, earlier, earlier, earlier, earlier, earlier (although I think bitcoin is generally a really bad idea and a huge scam)
2022-06-15 Grafana 9.0.0 available, and downgraded back to 8.5.6 and back up...
I saw an upgrade of Grafana available, which turned out to be 9.0.0. When upgrading to 9.0.0 I get...An unexpected error happened TypeError: Object(...) is not a function t@[..]public/plugins/grafana-clock-panel/module.js:2:15615 WithTheme(undefined)So maybe the grafana-clock-panel plugin isn't compatible with 9.0.0 somehow. Downgrading to 8.5.6 and reloading everything makes it work again. Update: I checked the grafana-clock-panel plugin and noticed it hadn't been updated. So I did that update and retried grafana 9.0.0, and that made everything run smoothly again.
2022-06-12 And the really annoying block at Microsoft is back
After receiving another mail in the mail exchange that made me note Microsoft outlook.com wasn't blocking my mailserver anymore we're back right in the same spot:----- Transcript of session follows ----- ... while talking to outlook-com.olc.protection.outlook.com.: >>> MAIL From:<***** .at. idefix.net> SIZE=2035 BODY=7BIT <<< 550 5.7.1 Unfortunately, messages from [220.127.116.11] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [BN8NAM11FT026.eop-nam11.prod.protection.outlook.com] 554 5.0.0 Service unavailableAaargh. I thought it wasn't broken anymore. Utterly unreliable stuff at Microsoft. And I'm back to having to use SMS to explain to very non-technical people why their mail isn't getting through: because they are using outlook.com. Update 2022-06-13
As a workaround I am now using SMTP2GO to send mail to outlook.com and hotmail.com. SMTP2GO does interesting things (even in a free account) to get the mail delivered and keep their mail 'reputation' in the plus. I hate having to use such a service to get my mail delivered but this is one of those signs that Internet e-mail has been demolished by spammers.
2022-06-11 Finally CW included on paper
Today the updated registration documents and card arrived with the much wanted "CW included". I passed the exam on 18 April 2022 and informed Agentschap Telecom on Tuesday 19 April 2022 about passing the morse test. In the autoreply from Agentschap Telecom there was a remark that changes in existing certificates or registrations can take up to 8 weeks to process. At almost 7 weeks they lived up to their promise.
2022-06-08 My interests in electronics and security together: trying some hardware hacking
One of the subject areas I'm interested in at work is hardware security and hardware hacking. After doing things with rfid earlier I'm now looking at low-level electric interfaces. With the earlier hardware challenges in CTF contests in HackTheBox Cyber Apocalypse CTF 2022 - Intergalactic Chase and The HackTheBox & CryptoHack Cyber Apocalypse 2021 I got interested in logic analyzers. Those sounded expensive (but I never actually checked). And then I read this bit: I recently got this 8ch cheap USB-C logic analyzer from AliExpress and the price shown is 5.42 US dollar. That's really cheap! For that price I can buy one and not be too dissapointed when it blows up or fails to give me the joy I hope. So, ordered: one 8 channel logic analyzer and a set of test leads so I can actually clip this to a circuit. The price for me for the logic analyzer circuit is EUR 6.78 including delivery and taxes. For software I learned about PulseView. This hardware has limitations, but for simple decoding of hardware protocols this is a nice start.
2022-06-06 It seems Microsoft doesn't block my mailserver anymore
Recently I tried to contact someone with an outlook.com address and it went fine. So it seems the really annoying block I ran into earlier is gone. I still get enough spam from/via outlook.com so I'm still not convinced the spamfiltering at outlook is working very well but that's a different rant. The incoming block is now gone.
2022-06-05 Having multiple wsjt-x instances available from CQRLOGItems with tag english before 2022-06-05
I'm currently also doing some contacts with a special event station call and I wanted to separate the wsjt-x history for my normal call from the history for the special event station call, just like I split the log databases in CQRLOG. For the non-amateurradio persons: I have my own callsign, PE4KH which is linked to me. It is also possible to have one extra temporary callsign. Those are usually linked to an event or some other reason for a 'special' callsign. Temporary callsigns in the Netherlands have either the digit 6 or more than one digit. There is an option for multiple profiles in wsjt-x but those are just for the settings (including callsign) but not for the logging location. This means all different profiles share the same history and will show the same countries as 'new' or 'already contacted'. When I was looking at the options for starting wsjt-x with different settings I noticed the -r --rig-name <rig-name> Where
is for multi-instance support.option in the help. With this option, all the logging is in ~/.local/share/WSJT-X - <rig-name>/ which is what I want. The next challenge is to start wsjt-x with the extra commandline paramater from CQRLOG. It seems the 'path to wsjt-x' setting doesn't accept commandline parameters. So I created a script ~/bin/ses-wsjtx with:#!/bin/sh /usr/bin/wsjtx -r sesChanged the 'path to wsjt-x' setting to /home/koos/bin/ses-wsjtx and now I get what I want.