I’ve been insanely busy with a bunch of cool things, which means both more blog content, but also quite a large latency before I get around to writing them.
Here’s what I’ve been up to, and what awesome posts/series you can expect in the coming weeks:
- 6.115 Labs and Final project — Masterlock combo breaker?
- 6.857 Final project — Boston Symphony Orchestra iPad app pentest
- CTFs — MITCTF, Cambridge2Cambridge
- 6.035 MITScript interpreter in Rust
## 6.115 Final project — Masterlock combo breaker?
Over spring break last week, I spent almost every day in lab for 6.115, working on the infamous Lab 4. The lab is centered around motors. We code assembly for controlling a robot arm with five DC motors providing five degrees of freedom. We also control a unipolar stepper motor for a toy version of optical tomography — getting a cross-section of a dowel on a spinning disk.
Practical Electronics for Inventors by Paul Scherz is an awesome book. It’s very readable, and without the chapter on DC/stepper motors, this lab would not have been possible.
Final Project
I have a cool idea for my 6.115 final project. The amazing hacker Samy Kamkar built a Masterlock combo breaker, and I really want to make one of these for my final project. Since I need to use both the 8051 microcontroller and the Cypress PSOC, I could have the 8051+LED interface for selecting combinations, and have the cracking algorithm coded in C for the PSOC. That still may not be enough code… maybe I could also have some computer vision such that I can observe someone turning the lock, and then record/replay the combo?
Anyways, will definitely be blogging about my progress on this.
## 6.857 Final project — Boston Symphony Orchestra iPad app pentest
I also need to get started on my 6.857 project, which is penetration testing an iPad application for the Boston Symphony Orchestra. We have an iPad, so I just need to setup a pentesting environment on it and start playing with it!
## CTFs! I've done a few MIT-based CTFs in the past few weeks — MITCTF, organized by Steven Valdez and my fellow TechSec lead Max Justicz, and the [Cambridge2Cambridge CTF Qualifier](https://cambridge2cambridge.csail.mit.edu/) which I think is one of the most exciting initiatives to come out of MIT. In the inaugural event last year, Cambridge University students came to MIT for an attack-defense CTF and other fun physical challenges like lockpicking. This year's final will be held at Cambridge University in July, so I hope I qualified! I've definitely seen a lot of improvement in my skills since last year — I'm a lot more comfortable with crypto, and have come a long way in pwn and reversing.
## 6.035 — MITScript and Rust
Also, I really need to get cracking on Rust and our 035 bytecode interpreter for Lab 3! Once I’ve finished Lab 3, I’ll publish my blog posts for Lab 2 and Lab 3. Maybe I’ll write something about learning Rust, as well 😉.