HACK.ART with WiFi Pineapple, Processing, & Arduino

Hak5’s WiFi Pineapple is a penetration testing and security auditing tool for wireless networks. Here I want to talk about using the Pineapple for art — perhaps HACK.ART (or HAK.ART), in the manner of NET.ART. Fortunately, the Pineapple includes an API I can interface with my favorite digital arts medium, Processing, using the HTTP Requests for Processing library and a modification for JSON formatting (essentially, just save this file to the folder your Processing sketch resides in, which adds an addJson function you can see in my following example). To use the API, I first had to install the APITokens module on the Pineapple, and generate a token for Processing to use.

I have written a demo sketch that does the following:

  1. Send a JSON-formatted POST request to the Pineapple’s API to scan all access points within range of the Pineapple.
  2. Send another request to retrieve the results of the scan.
  3. Show the response data as a series of rectangles whose lengths are determined by the APs’ relative signal strengths, and whose colors are determined by the first three octets of their MAC addresses.
  4. Search the response for the occurrence of a particular MAC address, and if it is found, send a signal to an Arduino (which we could program to light an LED, sound a buzzer, or whatever; this would be more useful when including clients in the scan, but you get the idea).

If all you want is a bar chart or alert there are easier ways to make one (you could even write your own Pineapple module), but the Big Idea here, of course, is that you may do many kinds of creative things with these data.


Retro Hacking Apps

Sifting through an box of old software this past weekend (wherein I found the Schwa Screen Cleanser), I discovered a few 3.5″ disks of hacker utilities I got from the SotMESC (Spur of the Moment Elite Social Club) c. 1998 (I cannot believe the mid-90s were long ago enough to be “retro” now). I am making the disk images (imz) available here along with descriptions of the files, for historical purposes. Most of these are shareware of freeware, I think. Many are MS-DOS programs written in C or C++; a few are Visual Basic. I do not expect any of them to work properly on modern computers. Caveat hacker. (You can find most or all of these and much more in the Hacker’s Encyclopedia ’98 @ textfiles.com.)

Fuckin' Hacker 2.0 — read the docu @ textfiles.com
Fuckin’ Hacker 2.0 — read the docu @ textfiles.com

Credit Master v4

Disk 1

download disk 1 compressed image file

File Name Contents Version Author Date Note
analyzer.zip A Trivial Ethernet Analyzer ? Vance Morrison 6/5/90 includes C source code
fh20.zip Fuckin' Hacker 2.0 Hypnocosm 6/10/87 dial-up hacker
internet.hak A Hacker's Guide to the Internet 2.00 The Gatsby 7/7/91 text file
jack.zip Cracker Jack 1.3 Jackal 2/5/93 UNIX password cracker for PC
kc.exe Killer Cracker 9.11 Doctor Dissector 10/7/91 UNIX /etc/passwd cracker
master.zip Master Hack 1.0 Master Frodo 1/1/91 dial-up hacker
pkzip.exe PKZIP file compression utility 1.01 Phil Katz 7/21/89
pkunzip.exe PKUNZIP file decompression utility 1.01 Phil Katz 7/21/89
pwc.dox Password Cracker ? Paul Pomes 1986 C source code
pwp.exe Password Preprocessor 2.00 Doctor Dissector 9/20/91 mutates passwords for cracking
teled212.zip TeleDisk – The Diskette Fax Machine 2.1 Sydex July 1990 converts disk contents to file
teledisk.doc Docu for TeleDisk text file
thief40.zip Code Thief Deluxe 4.0 Brew Associates ????

Disk 2

download disk 2 compressed image file

File Name Contents Version Author Date Note
brute.zip Brute force password cracker 1.1 Prometheus ?
fastzip.zip Fast ZIP Cracker 1.04 Fernando Papa Budzyn 1995
hades.zip HADES Passwd Cracking Engine 1.00 alpha ? 1991
hckbbs02.zip HackBBS COM Only Version 0.2 Virogen 6/29/93
hedit.zip HEdit32 1.2 Yuri Software 1992 hexadecimal editor
hex51.zip HEX 5.1 Jonathan Durward 4/12/95 hexadecimal editor
ipspoof.zip EyeDent Spoofer ? Royce ? fake user name on ident requests
keylog95.zip this is actually a corrputed archive of EyeDent Spoofer (q.v.) can partially fix with pkzipfix
keylogwn.zip keystroke logger ? Mike Ellis ?
leech.zip DELP: Delam's Elite Password Leecher 1.00 Dr. Delam 5/18/91 records keystrokes for a given program
newbie.zip Newbies Handbook N/A Plowsk¥ Phreak ? text file
starthak.zip The Ultimate Beginner's Guide to Hacking and Phreaking N/A Revelation 8/4/96 text file
thc-lh10.zip The Login Hacker 1.0 van Hauser/TCH (The Hacker's Choice) 4/15/96
war2kali.zip Warcraft 2 Over Kali Patch ? ? ?
winnuke_.c Winnuke N/A _eci and _wfx 5/13/97 port attacker

Disk 3

download disk 3 compressed image file

File Name Contents Version Author Date Note
amex.zip American Express Card Generator 1 beta WaReZ ?
apex10.zip Apex 1.00 Ed T. Toton III 10/8/91 hoax; simulates hacking NORAD
attccgen.zip AT&T Calling Card Number Generator 0.1 beta Agon 1994
ccmaker.zip ChaSeR's Credit Card Generator 1 beta ChaSeR ?
claym.zip Claymore brute force cracker ? The Grenadier ?
cmaster4.zip CreditMaster 4.0 MPI [Micropirates Inc.] Development Labs 10/31/95
cprobe.zip Credit Probe 1.0 BlooDLuST credit card number generator
glide.zip Glide file cracker ? ? ? includes C++ source code
ipspoof.zip ipspoof C code ? ? ? not same as "ipspoof" on disk 2
ircbnc.zip IRC bouncer C code ? Mark 8/31/93
ircwar.zip five IRC utilities: FLASH, FLOODBOT, LL, MCB, and SUMO ? ? ?
jill20.zip utility for DOS version of CrackerJack (q.v.) ? The Scorpion 11/25/95
linklook.zip link looker for IRC ? ? ? cf., ll++ for Linux
omnibox.zip OmniBox telephone tone generator 1.1 The Phantom ?
phmas.zip PhreakMaster Lite 1.0 Elroy of ECR 1992 tone generator and phonebook
rahk-bbs.zip Remote Access BBS Hacking Tools ? Skywalker ?
thugsvip.zip THUGS IRC utilities, VIP ed. 2 B|zZyBoNe 11/10/96
wardial.zip Scavenger-Dialer 0.61 The Scavenger 1995

SotMESC Disks

Cursing (and Hacking) Up

For we wrestle not against flesh and blood, but against principalities, against powers, against the rulers of the darkness of this world, against spiritual wickedness in high places.
// Ephesians 6:12

Recent news about the Ashley Madison hack reminded me of something I have been wanting to write about on here for a while.

Firstly, I need to introduce the concept of punching up, which “is a term for deploying powerful techniques of criticism and rhetoric to critique and dismantle power structures, rather than to harm people disempowered relative to yourself. It (apparently) comes from comedy, in which the idea is to make fun of powerful people and institutions rather than disempowered people” (Geek Feminism Wiki). If you want to read more about it, here is a good piece from a few years ago.

I have a similar ethic about magical cursing, which I call cursing up. I love baleful and malefic magic; can’t get enough of the stuff, really. But I am not much for cursing my neighbor because he plays his music too loudly or got paint chips in my yard, or cursing a café for serving me poisoned cheesecake (remember Burroughs and the Moka Bar?), or even cursing the Comcast or Dell technical “support” people who really rouse my ire (I am seeing red before I have even finished dialing the numbers to call them). Usually, I have adequate mundane solutions for such things. However, there are many problems in the world today for which I am, frankly, not clever enough to engineer solutions, so I sometimes practice magic either to aid the people who are, or wallop the ones causing the problems (you could say I literally get medieval on them, but my style of magic, while sometimes inspired and informed by my studies of medieval magic, rarely resembles the older craft).

Magic, especially witchcraft, has some history of use by marginalized people. In the introduction to her excellent book, Witches, Erica Jong writes, “The more disempowered people are, the more they long for magic, which explains why magic becomes the province of women in a sexist society. And what are most spells about? Usually procuring love, with the hexing of enemies running a close second.” My idea of cursing up is essentially that adapted to a different theatre and cast of characters.

OK, so, the AM hack. In the past couple of decades there have arisen some hacking and related efforts intended (or seemingly so) to disrupt the activities of, or expose the secrets or lies of, people or institutions abusing their power; e.g. Anonymous and WikiLeaks. Some people call it hacktivism. Others call it crime. What you call it might depend on which side of the power dynamic you side with (which is not necessarily the side you are actually on). It is, to me, similar to cursing up, and although hacking up usually means something different altogether, I shall call it that for the remainder of this brief article.

When you employ satire or maleficium or computer hacking to attack someone (or something, such as a corporation, government, or social or political movement), you should carefully premeditate on whether you are doing it for the right reasons, and what could be the consequences (including the unintended ones) of your action. The hacker or hackers, self-identified as The Impact Team, who perpetrated the AM hack claimed they were doing it because of the unethical practices of the company behind AM, and they acknowledged the pains the hack might cause to “many rich and powerful people.” But did they consider the collateral damage to the spouses and partners of AM users, or how AM has been used by LGBT people who need to hide their sexual identities or preferences for diverse reasons including personal safety? There are now millions of people whose livelihoods or very lives could be at risk because they, or just someone they know, facilitated participation in the ancient (and often sexist, and often complex) institution of adultery, over a medium they had fair reason to believe was private and secure.

And what about The Impact Team’s sexual moralism? Anyone can claim they are punching up. Homophobic Christians satirizing gay people can say they are punching up, but gay bashing is clearly not about overcoming an oppressive or despotic power structure.

The whole point of punching, cursing, or hacking up is to disempower those who are acquiring their power at the pains of others, or using their power to hurt others. When you hurt the people who are already hurting, in the process, you defeat the purpose.

Hacking Magical Links

You play with blood and hair and sweat and ends of fingernails,
The very things to do the deeds the Brotherhood demands.
// Black Widow, “Way to Power”

Sorcery has a long tradition of acquiring the physical likeness of a person or an object they had physical contact with, in order to confer magical influence over that person or their affairs. I have been wondering about the digital equivalent of that.

I tend to think of magical links like Elvis paraphernalia. At the very bottom of the spectrum are all of the mass-produced merchandise that pretty much anyone can get their hands on. Further up the ladder are goods of rarer quality, such as limited-edition collectibles. Next, objects associated with someone’s actual experience of Elvis — ticket stubs etc. Then, objects that belonged to Elvis, or that he physically interacted with. Finally, at the top of the hierarchy — appropriately — is the experience of having met the King himself. I suspect that any difficulty overcome or weirdness involved in obtaining the artifact amplifies its magical efficacy.

(I also suppose there are at least two types of magical links: those connecting the magician to her target, and those connecting her to a source of occult power to influence said target. The Elvis analogy applies to both.)

In today’s connected (pun intended) world, it is often pretty easy to find someone’s photograph online. What about hacking their computer or phone or one of their online accounts, in order to get at something more personal — and more rare? Would that be like going through their trash for discarded hair or fingernail clippings, or breaking into their house to take something in their possession? Is someone’s password or private blog entry a “good” magical link in the same way that their house key or diary might be? Would the thrill of the hack or the degree of effort involved in pulling it off affect the efficacy of the magic following it?

A Reflection on Hacking and Magic

Related articles: A Concise Expression of My Synthesis of Cybernetics and Magic

When someone attacks you it is not technique number one (or is it technique number two, stance two, section four?) that you are doing, but the moment you are “aware” of his attack you simply move in like sound and echo without deliberation. It is as though when I call you, you answer me, or when I throw something to you, you catch it. That’s all. // Bruce Lee, “My View on Gung Fu” (from Bruce Lee: Artist of Life)

Today I read two things that have been co-working in my mind: David Metcalfe’s review of David Chaim Smith’s The Blazing Dew of Stars, and Thomas Foster’s cultural essay, “The Transparency of the Interface: Reality Hacking and Fantasies of Resistance” (from the book, The Matrix Trilogy: Cyberpunk Reloaded). I do not have much time for writing just now so I will cut to the main theme that has been emerging.

Neo’s ability to manipulate the programmed/simulated reality of the Matrix is likened to computer hacking (Morpheus to Neo: “This is a sparring program, similar to the programmed reality of the Matrix. It has the same basic rules, rules like gravity. What you must learn is that these rules are no different than the rules of a computer system; some of them can can be bent; others can be broken.”), but manifests practically/performatively as magic, as if Neo is able to merely will the program to change and it does. (This is similar to how Kevin Flynn is sometimes able to alter the Grid in Tron: Legacy.) The problem with the computer-hacking analogy is that computer hackers do not just magically will things to happen and they do. Rather, they work diligently at understanding the computer system and then introducing variety where it did not exist previously and often was not anticipated by the system’s engineers. But Neo never studies the Matrix code nor the architectures of the machines running it, which are surely things he knew about the systems he was hacking in the “real” world. So, how is he able to hack the Matrix?

The solution to this problem lies, I suppose, in the realization of the limits and purpose of the analogy. Morpheus was not suggesting that in order to hack the Matrix Neo needed to hunch down with a computer keyboard, a printout of Matrix memory dump, and a cup of coffee; he was telling Neo that in order to “hack” the Matrix, Neo just needed to know (on a gnostic level) that the Matrix was not real, that the natural “laws” that seemed to be in effect were actually illusions created by his own mind; and he was exploiting Neo’s “real”-world experience of hacking as thinking outside-the-box (even though much of “real”-world hacking involves thinking inside-the-box i.e. understanding how the box’s contents work) or hacking as gaining superuser access to administrative functions that can change the system on a deeper level, in order to do so. This is just how magicians “hack reality”; rather than assimilating technical information about the system we are operating with(in) (well, we might do that too, but more importantly…), we assimilate gnosis of how “rules of the system” can be “bent” or “broken.” Through altered states of consciousness we (be)come to real-ize that we are ourselves creating what is ordinarily taken for granted as having been already established, and that realization empowers us to introduce variety where it did not exist previously, bringing the hacking analogy full circle.

The way we do it does not look like typing at a keyboard; it looks like closing our eyes and making gestures in the air and then the scene changes. It looks like magic… because it is magic.