Profile

Cover photo
Dragos Ruiu
Works at dragostech.com inc.
Attended University of Alberta
Lived in Saskatchewan
1,420,857 views
AboutPostsPhotosYouTube+1's

Stream

Dragos Ruiu

Shared publicly  - 
 
Bypassing rolling code systems, such as commonly used with car key fobs, using 2 SDRs - rolljam and other DoSes
http://goo.gl/ywpmBj 
6
3
Bert Knabe's profile photoSebastian Binder's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
There are plenty of cooler ways to do this, including teensy's, but if you only have plentiful and nearly ubiquitous Arduinos around, here are some good docs on how to make them into a SPI flash chip programmer to read and write firmware chips such as BIOS. https://goo.gl/7KJR6E
Interfacing a Serial EEPROM Using SPI. In this tutorial you will learn how to interface with an AT25HP512 Atmel serial EEPROM using the Serial Peripheral Interface (SPI) protocol. EEPROM chips such as this are very useful for data storage, and the steps we will cover for implementing SPI ...
5
1
Bogdan Donici's profile photo
Add a comment...

Dragos Ruiu

General Discussion  - 
 
My mileage so far with a few days of testing the OpenRC F1 car in ABS with an optimistic short course truck power system.

The two weak points so far are the pinion gear and the front axles. Snapped off a nose crashing into a wall but that was driver error :-). Interestingly the front wing didn't snap or get damaged, but the nose snapped in two.

I'm getting occasional loss of steering from the servo saver rubbing against the shell despite grinding a deeper groove - the fit is tight there and I might put another washer in to increase the tension on the saver or sand a deeper groove in the front shell where the arm rubs. If that still fails then maybe I'll tweak the saver servo arm design to be 0.25mm shorter on the servo side.

I keep destroying pinion gears whenever I crank up the throttle, the plastic isn't enough to handle the torque of the slightly ambitious power system. I've gone through six of those - the gear teeth do fine but the inner hole that fits on the motor shaft gets shredded - and this is in stronger ABS, can't imagine PLA ones fare much better. Reprinting that with more infill and more shell layers to see if that can be tough enough - if that fails the next step is to switch to a metal pinion. I had to put in a drop of CA to keep the pinion from flying off the motor at even gentle power applications.

The major structural failure I've had so far is that I snapped a front axle from road bumps - also reprinting that with a tougher profile. I snapped a couple of those in assembly putting the bearings on, so I was wary of this mechanical failure point from the get-go. They always snap right at the base next to the bevel. The bolt holding the axle to the axle carrier gets loose and sloppy with driving as well making the axles wobbly - I might rework that front part to print the axle and axle carrier as one hopefully stronger piece instead of two - using bridging support for the axle in printing and sanding the rough surface where the bridging support will snap off.

Another potential issue and part I have to reprint is the rear axle, the issue there is that it's a little flexy - so any weight imbalance in the wheels tends to show up as a wheel wobble/hop at speed which makes the tires (I'm very keen to try the new friction ones that Thomas just posted - thanks!) lose traction very easily. I have to be very careful applying power with this setup. We'll see if more solid plastic printing profiles can cure this problem.

I also want to mod the lid further to install the motor controller power switch that all the Castle speed controllers come with at the front of the lid just in front of the driver's helmet (which I haven't printed or installed yet. Or maybe I can come up with some clever solution to hide the switch under the helmet... The cylindrical hole version I posted actually turned out quite cool and looks and functions fine with an oval inlet shape for motor ventilation and printed well (pics soon). I'm going to adjust that hole to better match the rounded triangular profile of the intake soon if Daniel doesn't beat me to it.

So far this is awesome though. Going today to find the parts for two more cars so I can challenge my two stepsons to races. Planning to hand them a bag of printed pieces, parts, and then offer them a bounty of $100 on Steam if they can beat me in a race.
2
brett turnage's profile photoTinkerMake's profile photo
3 comments
 
+Dragos Ruiu Great feedback, have you tried printing the front axles on the horizontal position? That helped me tremendously. As for the rear axle, I switched to an aluminum one that I machined. I too have found the gears to be a weak point as well. Let us know what you come up with.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
So I bought meat out of the back of a truck today. Seemed weird to me, but my friends tell me door to door meat salesmen are common in more rural areas. It looked like a very high quality product from a small independent caterer, nicely packaged and prepared, in individually vacuum sealed frozen portions. So I'm set for barbecue material for a bit.

In other news, there is this doozy of a bombshell IPv6 vulnerability in default install FreeBSD, ouch. Party like it's 1999. http://goo.gl/sfghdl
The FreeBSD team has announced their operating system was detected to contain critical vulnerabilities that could be exploited to conduct DoS attacks, escalate user privileges, and disclose important data. SCTP ICMPv6 error processing vulnerability (CVE-2016-1879) ...
18
7
Orlando Salinas Alcantara's profile photoArto Pekkanen's profile photoGabriel Sfestarof's profile photoSamuel Orr's profile photo
2 comments
 
The meat truck thing is common here with Schwan's being the number one choice.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Detailed look at ARM virtualization extensions. http://goo.gl/vAKooE
An in-depth look into the ARM virtualization extensions. Recent high end ARM CPUs include support for hardware virtualization. Due to limitations of former ARM architectures, virtualizing the hardware tended to be slow and expensive. Some privileged instructions did not necessarily trap when ...
5
3
Alexandre Keledjian's profile photoJeroen van Gelderen's profile photo
Add a comment...

Dragos Ruiu

Development  - 
 
A simple first cut at a F1 Car Lid with a functional air vent hole. I'm sure others can make this fancier, but it's just a first attempt.
http://www.thingiverse.com/thing:1254566
This is a remixed version of the OpenRC F1 car top/hatch lid with a functional vent hole. My first cut at it with a simplistic solution, a cylindrical vertical hole.
6
TinkerMake's profile photoDragos Ruiu's profile photo
3 comments
 
Interestingly, it seems the file conversions during format conversion for Thingiverse using the AutoCAD 123D software has added some extraneous minor artifacts to the model on the top surface in the form of some small bevels next to the original center hole. It printed fine, but some further tweaking is due on the next version.
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Hacking Microsoft SQL Server without a password via man in the middle attack (ettercap ARP spoof in example) http://goo.gl/WgVV00
Using a Man in the Middle (MITM) style attack and some packet manipulation, you can hack any Microsoft SQL Server and setup shop.
10
Tim Johnson's profile photo
 
Wait, you mean to have us believe that changing text in an unencrypted connection can be done?!  Get out of town! :)
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Tool to rip apart BIOS images for analysis. https://goo.gl/owYAOk
And VirusTotal now does Firmware! :-) http://goo.gl/iCsOlu
Various data structures and parsing tools for UEFI firmware.
15
4
Alexandre Keledjian's profile photoJaroslaw J. Warzecha's profile photoAntti Vainiola's profile photoMichael Gebetsroither's profile photo
3 comments
 
I noticed that through my coffee to+go loop +David Goll :)
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
reversing apple's syslogd bug https://goo.gl/7L1i2e
8
2
Dan Borges's profile photoAidden Keli's profile photo
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
You say potato, I say pwn windows.
http://goo.gl/DEVkSH also see http://goo.gl/0Mu0aI
Which is when I ask, if you are running a standalone windows laptop, why do you even have all that corporate environment stuff like SMB/CIFS, WPAD proxy discovery, etc... enabled at all anyways? 
14
5
Antti Vainiola's profile photoPaul Henning's profile photoBert Knabe's profile photoBrett Coburn's profile photo
3 comments
 
You mean when you could chose to have 3.11 or 3.11 for workgroups? :)
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
The hotel always sells out so now is a good time to make a reservation if you are coming to CanSecWest on March 16-18 or the Dojos on March 12-15, 2016.

The dojo registration links are active, including three new two day courses and one revamped four day course, as well as our regular lineup of excellent material taught by industry luminaries to empower your security technology level. Two sessions of a course on securing hardware called "Applied Physical Attacks on x86 Systems" from Joe Fitzpatrick are available, and our regular instructors Scott Lambert and Jason Geffner, who also do the Introductory and Advanced Malware Deobfuscation courses, have a new course about "Nation-State Sponsored Targeted Attacks", which is very timely as this has emerged as a new significant threat vector recently. John Butterworth is offering a new course on securing UEFI BIOS in "Introductory BIOS & SMM Attack & Defense" and Saumil Shah has updated his always popular four day Exploit Lab course to focus on the ARM platform in the "ARM Exploit Lab" which is also emerging as an important new area of security technology.

Joe's hardware course "Applied Physical Attacks on x86 Systems"

Applied Physical Attacks on x86 Systems This course introduces and explores attacks on several different relatively accessible interfaces on x86 systems. Attendees will get hands-on experience implementing and deploying a number of low-cost hardware devices to enable access, privilege, and deception which is in some cases imperceptible from software. The course has several modules: USB, SPI/BIOS, I2C/SMBus, PCIe, and JTAG. Each begins with an architectural overview of an interface, and follows with a series of labs for hands-on practice understanding, observing, interacting with, and exploiting the interface, finishing with either potentially exploitable crashes or directly to root shells. Based on the pace and interest of the attendees, not all material may fit in 2 days but will still be available to attendees.

Scott and Jason's APT analysis course "Nation-State Sponsored Targeted Attacks"

RSA, Google, The New York Times, Lockheed Martin, Coca-Cola, Northrop Grumman, The Wall Street Journal, Kaspersky, the list goes on and on of companies that have been recently infiltrated via Advanced Persistent Threats (APTs). Nation-state adversaries and organized crime groups have been waging a digital war on major companies and government agencies over the last several years and the quantity and complexity of these attacks continues to accelerate at a rapid pace. In order to prevent and respond to APTs, it is critical to understand the attackers' motives and methods. This course follows the theatrical narrative of a fictional attack on a major defense contractor and puts the student in the action seat. Students work with a team of supporting characters throughout the class in order to analyze and learn about the tactics, techniques, and procedures used during an APT intrusion. This is a hands-on course. Attendees will analyze real-world malware used by real-world nation-state adversaries during the APT response in order to track down the adversary behind the attack and understand the havoc wreaked on the victim's network.

John Butterworth's course "Introductory BIOS & SMM Attack & Defense"

UEFI BIOS is firmware where the sophisticated attacker can live unseen and unfettered. This class covers why the BIOS is critical to the security of the platform. It will also show you how the BIOS may be compromised and what capabilities and opportunities are provided to the attacker when it is. You will be provided tools for performing vulnerability analysis on firmware, as well as firmware forensics. Additionally, this class will introduce people UEFI firmware reverse engineering. This can be used either for vulnerability hunting, or analyzing suspected implants found in a UEFI BIOS, without having to rely on anyone else.

Saumil Shah's course "ARM Exploit Lab"

ARM has emerged as the leading architecture in the Internet of Things (IoT) world. The all new ARM Exploit Laboratory is a 4-day intermediate level class intended for students who want to take their exploit writing skills to the ARM platform. The class covers everything from an introduction to ARM assembly all the way to Return Oriented Programming (ROP) on ARM architectures. Our lab environment features hardware and virtual platforms for exploring exploit writing on ARM Linux and Windows environments. The 4-day format features lots of hands-on exercises allowing students to internalize concepts taught in class.

HOTEL INFO

We have special rate for our conference attendees at Sheraton Wall Centre (our conference hotel).

If you would like to take this opportunity, please go to the link below and reserve your room, then you should be able to get the room with conference special rate which is CDN $175/night (the price includes high speed internet connection in your room plus additional benefits as below).

We sell out all of the rooms every year and we will close the link pretty soon, so please make sure to book your room early enough.

Conference Hotel Block Rate Booking

Guests who book from our group rate can get these benefits(not applicable for out of block bookings):

- Complementary Hi-Band in room Internet (4Mbps, Regular price additional $18.95 per night)
- Complementary Bottled water within guestrooms for the duration of the conference (Valued at $10 per day)
- Complementary Communication bundle (includes HSIA, local/1-800 calls) for each guestroom (Valued at $1.60 access charge for calls up to 60 minutes and $0.10 for each additional minute up to 90th minute)
- A voucher to use in Cafe One or Bar One (in the hotel) for a 10% discount off the menu (excludes alcohol)
- Complimentary Health Club Access
- Free of charge cancellation until the day of arrival 6pm
- Earn SPG points

1
Add a comment...

Dragos Ruiu

Shared publicly  - 
 
Wave Bubble - DIY RF Jammer http://goo.gl/Xg3aHH
7
4
Jaroslaw J. Warzecha's profile photoBert Knabe's profile photo
Add a comment...
Story
Tagline
Stop, Think, Pwn.
Introduction
Systems Rationalizer
Bragging rights
Can hover inverted. ;-)
Education
  • University of Alberta
Basic Information
Gender
Male
Other names
dr
Work
Occupation
engineer
Employment
  • dragostech.com inc.
    engineer, 1997 - present
  • HP
  • Myrias
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Previously
Saskatchewan
Links
Dragos Ruiu's +1's are the things they like, agree with, or want to recommend.
Waze Social GPS Maps & Traffic
market.android.com

Waze is a fun, community based mapping, traffic & navigation app. With millions of drivers from across the globe joining forces to outsmart

Threema
market.android.com

Threema ist eine Kurznachrichten-App mit einem besonderen Fokus auf Sicherheit. Echte Ende-zu-Ende-Verschlüsselung garantiert, dass niemand

CPU-Z
market.android.com

Android version of the popular CPU identification tool for PC/Windows., CPU-Z is a free application that reports information about your devi

Demand answers and real consequences for robocall election fraud
www.leadnow.ca

Elections Canada just traced misleading phone calls made during the 2011 federal election to a company that worked for the Conservative Part

KB14320-How to maximize battery life and free memory on the BlackBerry s...
btsc.webapps.blackberry.com

Maximizing Battery Power. Application Management. Multitasking - Close any running BlackBerry® smartphone applications that are not being ac

Play VOB,MKV,MTS,FLV RM,RMVB on Windows RT (Surface 8 RT included) » AMV...
blog.amvsoft.com

Overview Micrsoft has made an important step to support the playback of MPEG-4 on Windows 8 RT and Windows 8 Pro. Windows RT has excellent s

Locus Pro
market.android.com

MULTI-FUNCTION TOURIST NAVIGATION Irreplaceable application for hiking, geocaching and your everyday life. Locus offers many useful features

A free and open world depends on a free and open web. | Google
www.google.com

A free and open world depends on a free and open Internet. Governments alone, working behind closed doors, should not direct its future. The

There's a New Way to Own a Piece of Facebook Before Its IPO
mashable.com

If you're looking to invest in Facebook before its IPO but not privy to the secondary markets where shares of the company have been trad

Maverick
market.android.com

Off-road GPS navigator with offline maps support, compass and track recording. Use offline maps and GPS even without an internet connection.

Vancouver Riot: Psychology (Not Hooligans) Is Responsibile for the Chaos...
bleacherreport.com

As I sat at home watching the Vancouver riots unfold in front of me, I was amazed at how ill-informed the newscasters and on-site reporters