Student Finds Hidden Devices in the College Library - Are they nefarious?
Vložit
- čas přidán 8. 11. 2018
- Get the LiveOverflow Font: shop.liveoverflow.com (advertisement)
A reddit user finds raspberry pi zeros hidden behind trash cans, vending machines and other places in the college library. We reverse engineer them and determine if they are malicious.
DirtyCOW video including "files" in Linux: • Explaining Dirty COW l...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#ReverseEngineering
Edit: Thanks for all the (mostly) good comments/questions! We've put up a response video trying to answer the most common ones: czcams.com/video/ioU5G_IuGuw/video.html
Hey everyone, Waitz here! As everyone has commented, it was pretty stupid to leave an unmarked device in the open. This particular device was meant for a 24 hr test and we (foolishly) did not put an accompanying logo with it. All other devices we have up are covered and marked with our logo and we're making new markings with more clear contact info. Great video!
Dude, cmonn. If u'd do it in my country (Turkey) they will probably go panic and scream and consider it as a bomb xD even military could involve this operation :D don't do this :D people are not that smart to understand what u r doing :D
@@ArgeKumadan Yok be abi. Ben direkt malın biri çakallık yapıp milletin bilgilerini ele geçirmek isterken bana bedava pi zero hediye etmiş oldu diye düşünürdüm.
@@ArgeKumadan yep we were dumb
Did you get it back or did oc keep the one he stole?
I should think so, too! Leaving unlabelled devices out in public (Or mostly open access) places is probably going to land you with a high level of equipment loss from inquisitive fellows and eBay opportunists enjoying an arguable Pi giveaway! :-o
Put some ownership info on these, and then you might have a case respect of those which go walkabout. Otherwise, it's an unidentifiable object that could've slipped out of someone's bag ages ago and for whom the rightful owner might be impossible to identify! :-)
This is like those detective books for kids where at the end it turns out to be nothing important, and you get grounded for bothering your neighbors.
This guys has no idea what he is doing. If you want to see some real world uses ask a real Linux admin. This video is embarrassing.
Still got to the solution, so what does it matter? Also maybe don’t just judge from a single video that had very specific constraints ;)
Well he had baby owls, have you seen baby owls?
Or, as the saying goes, a month in the laboratory can often save an hour in the library.
except, no one but them were bothered and it was really fun even just as a story too!
the "twist" at the end was exceptionally great too!
*Accidentally downloads malware in an effort to expose a hacker*
*Ends up being a school project*
It hurt itself in confusion!
Props for Pokemon reference
Love the reference! xD
lel pokemon
YES.
@@misceryyt2897 lel
If you find a bunch of unidentified tech at a research university, chances are it is a project. Please, don't forget to label your tech as a project, and include contact info. Or someone may salvage your project.
Or add a Readme file
At my university some kid actually went and hid raspberry pi’s and connected them to all of the computers in the library, turned out he was keylogging to try and find out if his ex was dating another dude (I guess she used the library computers when working and opened up social media in the background.) Kid was expelled, but you aren’t wrong lol it was definitely a project
@@shreddded6403 lol
@@shreddded6403 that would mean you need to have already removed it from where it is to be able to read that, possibly ruining said project
@@genesisreaper2113 yeah but at least then they know to put it back.
Lesson learned for me: label your stuff especially in public places / school setting. A little sticker and qr code would go a long way to make sure people know what something is for if it looks a little fishy.
I don't think so. I still haven't figured out how to read qr code with my phone
@@propagandalf123 just use your camera app.. most camper apps now will automatically detect the QR code and have something pop up that you click
I feel like they also could have just packaged the board and stuff in something innocent looking. Like a CO detector body or something.
@@jackbootshamangaming4541 Yep, and if for whatever reason that doesn't work, Snapchat will also read QR codes
Qr code ffs don't scan random qr codes you fkn m0r0n
"If you're a windows user, You've definitely seen fat before"
ouch
Cutting deep here
So Windows is fat?
@@FishlandicFishy she thick
@sw4gr1d Linux users...yeah go FSCK yourselves. hahaha....
@Ultracloud thats the jokes, man
*casually walks behind a vending machine*
His friend was paper mario.
:))))))))) dying
*CASUALLY*
What? You don't walk behind every vending machine you encounter to find electronic tools placed by criminals?
You freak
Your profile pic goes with this so well.
I guess the main takeaway from this is:
- Have good SEO tags for your website so people can find your website
- Have some sort of descriptive or informative document that states exactly who produced your software and where you can them
And even more importantly, label your devices with a sticker or a small tag, this whole thing could have been avoided if the Pi just had a "Property of Waitz [link to project website]" attached to it somehow.
This is a super super niche service, so all they would have to do is post bulletins at/near the library and common parts of the campus. No seo necessary.
@@Rwdphotos Any SEO is good SEO, especially for a company.
@@saiverx yes, because it's so incredibly necessary to have people anywhere other than ucsd to know how many people are in the geisel library at any moment
@@saiverx they only need to optimize for 'waitz ucsd', general traffic doesn't need to be driven to the website because there's literally zero motive to do so
“Knowing where to look is acquired over time if you work on Linux”. Opens “Home” folder.
I mean yeah that's pretty basic, but it's still not something anyone new to Linux would know about? And for casual Linux users they could easily use Linux for a long time without knowing what the home folder is.
What's the home folder?
@@MrSquirrel1693 It's a folder in the root of the file system "/home/". Some users (specifically humans or some programs) have a folder in the home folder that's the same as their username, then in that is all their personal files. It's kind of like "C:/Users" on Windows, and very similar to the "/Users/" directory on Mac.
But do note that when people say the "home folder" they mean the folder that contains all of the user files. It doesn't have to be in /home/, it can be in other places, e.g. root's is normally in /root/ instead. This is why ~ is used, as it will always expand to the home folder location regardless of where it is.
Obviously somewhat a simplification since we're talking about linux, it doesn't have to be true on some systems, or has exceptions, etc.
First I would've checked systemd directories and then the package manager data. Rasp Pi usually uses a Debian based distro. While I'm not familiar with apt, it's probably in /var/lib/apt or /var/cache/apt for cached packages. /var/log probably has a pkg mgr log to parse out what was explicitely installed by the sudo user.
@@krozareq PJ
Lesson of the day: Print contact info on the devices you install in the wild :)
lol
Literally lol
You are still spying!
yes
same like: "don't forget your passport before you go on a terrorist attack"
A simple logo on the device would have helped quite a bit haha
Judging by the fact that it was apparently originaly a student project, they probably didn't think of that at the time.
It's also one of those things that you just learn by experience, I wouldn't have thought of putting a logo on it myself either. Though I would've at least put it in some kind of case to make it look a bit less evil.
Exactly! A little case and everything would've looked way less shady.
at least a readme.txt on the root of the fat32.
@@pastrana2000 black case with a warning sticker "Security device do NOT unplug" ;-)
Or a link to the the website / Reddit page
I think the biggest takeaway for me is that ImgBurn has become so adware and malware ridden. I had no clue. That software was incredible in the late 2000s.
I used cloneCD by slysoft. And it is still around.
Well, he has to make money in some way.
@@bryancampbell4604
You aren't going to make any money that way.
@@thedevilsadvocate5210 It's advertising, and if someone is being dumb and just clicking through, the software that advertised it will get paid. So yes, you would make money.
@@bryancampbell4604 a lot of the time you dont even have to click it
Lol. Why didn’t Waitz just package their raspberry pis in some branded packaging - then it would’ve been obvious it wasn’t some nefarious hack 😅
Or even just label them.
They said the unmarked ones were for testing, they installed permanent ones and probably forgot where they put all the temp ones lmao
School project... main lesson learned: packaging is key.
ikr how unprofessional.
@@kba They still should have been labeled, including contact details. And, if they were installed with the university's consent, they should have been put in legitimate places (ceiling voids, locked cabinets, etc.) rather than in places that looked massively dodgy.
I was kinda hoping this ended in some international espionage, and maybe a car chase and shootout.
naw that only happens on tv
me too i thought this was gonna be a creepypasta boy was i wrong , this was very technically educational but soo boring i had to skip through it for the ending lol kinda let down , i was wishing it belongs to anonymous or illuminati i was wrong , (Sad trumpet sound)
@@veg4life. *lol*
hahahahhahhahhahahhahahhahhaha! John Wick, James Bond, Jason Bourne style......
lol, If it did you wouldn't have seen it in the first place.
Normally it's a sin to steal property, but this was VERY interesting.... all is forgiven. Go forth and sin no more.
@@meep.472 r/whoooooosh
How’s your dad doing?
Thanks, Jesus.
@@meep.472 how is he fake? he has a verified check so he's definitely real.
Lmao 😂
I remember watching this video years ago! When I finally got to university and saw this system in commercial deployment I had a blast of nostalgia. I'm so happy that this video has come back up in my feed cuz I havnt been able to stop thinking about it
Do you feel old?
i’m a first year CS major and this video is giving me anxiety
use linux from beginning, later its hard to switch
@@VIJAYGACHANDES i’ve never even seen linux i have been thinking about trying to figure out how to change operating systems but i don’t wanna fuck things up
@@aidanl3105 I'm on my last semester of Cyber Security, and I would say it's (Linux) no big deal.
It's not hard to learn, and you definitely don't need to switch to it to use it.
Using it has only made me like windows more.
I've heard that DIY castration has calming effects
Nah, you're cool. Took me 2-3 years to familiarise with Linux. Once you get the basics, you rocket yourself to the mid ground. And after that it's just all practice
This CZcams algorithm is giving me the coolest suggested videos today
big time
Screw anything the devs at JewTube do. It's all done to supress the truth and shove nonsense Shane Gayson down your throat.
Same
For one it actually shows things I like
@@crepemaister5416 shane dawson*
I already saw this video but it's being recommended to me again so I'm just gonna watch it.
Same lmfao
same
Same
Same
Oh, really interesting!
Kudos to the uni & waitz for the amateurish approach. Use a casing and put them in places that can't be reached without a ladder maybe? Super fun video! Also, you might not want to just plugin that SD card into a device that has network and that you care about. Who knows what might be on there.
14:55 The thing you came for. It logs mac addresses to show how busy a place is.
4:24: NEVER SPAM NEXT ON INSTALLS.
Mcafee ad chormium lol
I'm very careful but I still have Unchecky installed to catch any sneaky addons I miss.
Or better yet : Only install from trusted repositories using a package manager like apt.
@@NatoBoram Nobody likes Linux elitists. Windows users have no choice as you know.
You should try scoop.sh
Hello Mr. Narrator. I just wanted to compliment you on NOT editing out the part about being in a rush and mistakenly downloading malware. To admit a mistake like this takes confidence. This is a great example of how ANYONE, despite what they know, can make a simple mistake and infect their systems. I'm sure your colleagues gave you a hard time for doing that, but I'm sure they've probably done it, too. (I know I have! 😬)
I am borderline OCD about optimizing my system and I have done it multiple times for the same reason. Being in a rush when I needed to slow down. I agree it was really cool of him to leave that in there and apologize. Good content.
@@PatrickPants BTW despite this annoying addition to the installation, IMG Burn is a really great piece of freeware, they are obviously trying to just make a little money. This method is used a lot in freeware including pages that look like you need to agree to some terms to install software when in fact you actually need to decline to install additional shovel ware. A small price to pay for some otherwise very useful freeware out there
Actually i never install crapware nor adware because i'm obnoxiously over-cautious each time i install something, i even read those damn contracts from time to time, and i sandbox everything that seems even a bit fishy before trying.
I'm obsessive about it, i'm also obsessive about not having antivirus, so it kind of balances in the end.
@@diablo.the.cheater why do you not use anti-virus ?
@@joshanderson3961 Because AVS are for plebs that don't care about having a slow computer. Haven't used an AVS in over 20 years and not a single infection since I was under 10 years old during the days of dialup when viruses were actually harmful.
I am as dumb as a bag of useless rocks when it comes to understanding any of this. However I was compelled to watch like a moth to a flame.
Only thing I learned from this video is I am as dumb as a bag of rocks. Having said this I loved watching anyway, thumbs up. 👍
The thing that keeps moths being dumb as rocks are the flames to which they are drawn. Fire is essentially nature's mind eraser, and it's almost been proven that immersing yourself immediately into a soothing pool of flames after learning something removes all the learning from you and gives it to the fire. They tested this with mice, and it was hard to determine how much of the learning was transferred to the fire, as the mice were slain rather quickly each time they were exposed to the soothing pool. It was even more difficult to attempt to extract this learning from the fire itself, and so it was generally assumed and agreed upon that the experiment was successful, and that is why fire is so smart and why moths aren't. You're welcome.
@@Double-X2-Points
LOL
A bag of rocks isn’t useless. It can be used in many ways.You can use the bag to smash all this stuff, pull a rock out and smash something at a distance, mark your trail in the woods as you get lost, etc (lol) I get your tongue in cheek comment though. I feel the same way about this level of tech.
@@johnkruton9708
Well I have advanced some over the years point in fact I finally switched from a flip phone to an iPhone. The only reason I bought it was because the sales lady assured me I can also make my coffee in the morning. But seriously when I don’t understand something I just call my nephew and he is like a wizard and fixes everything in seconds.
Really liked following you on your investigative journey on this. Wish I had some of those same levels of system and software knowledge. So useful in this real world scenario we now live in.
Think of how much trouble could be saved with a 25 cent enclosure that says "Library Property - Do not remove."
Came here just to say something similar.
Brandon Pack 一
just what someone up to no good would do...
We would still shove it into our pockets who are we kidding
Think of how much more trouble could be saved if people didn’t randomly steal property they found on campus and try playing detective with it 🤔
Or better yet, at least lead with a “Hey librarian, I found this thing do you know what it is?”
After reading the comments:
- Note to self, if doing something extremely nefarious, put device in small case and put an unintimidating logo on the front, something like a letter or food... Like a lower case i, or a raspberry, or an apple, or a banana even.
People seem to think small random devices are evil, unless they're in a case with a logo, then they're not.
Right on with that observation. It is the r/actlikeyoubelong for hardware.
a case + Waitz logo + small description written on the front like "active busyness monitor" = harmless tracking device
Bleed inSkull yeah for sure, but the implication is that, as the person above you stated, if you act like you belong, people will assume you do.
It’s less about a case and logo to explain what a non-nefarious device does, my comment is pointing out that people appear to assume the device is less likely to be nefarious when given a case and logo when in fact I could just make a nefarious device and put it in a case with a logo to trick people.
Of course there’s always that smart white hat and eventually someone is bound to crack it open and figure out what it to only to find out that it’s nefarious but for 99% of people the case + logo thing seems to tell them it isn’t bad
@@Mr539forgotten Yea. This is so much abusable and could land anyone in trouble. You know what a USB killer is? A small device that looks like ordinary USB stick drive, but it contains series of capacitors that can generate like hundreds of volts out of just 5 within just a fraction of second, and then pump it in the data feed of the USB connector. When you buy stock from legal store, it is clearly stamped with an image of skull with crossbones, meaning that this device will kill your computer if not protected properly. But as it happens, these little but hell deadly devices are easy to obtain and even easier to dismount! So you can just take an old malfuncioning USB stick drive, dismount it, remove the original device out of plastic and place in the dismounted USB killer. You successfully disguised USB killer as an ordinary USB stick drive. It only waits for its victim.
NOTE: THIS ACTION IS HIGHLY NOT RECOMMENDED!!! IT MAY AND CERTAINLY WILL LEAD YOU STRAIGHT IN JAIL IF YOU DO IT!!!
Someone makes it, deploys it in somewhere and walks away. A curious victim just gets out to explore the contents, unaware of its true nature. Then suddenly, as soon as he plugs it in his laptop, screen goes black and laptop no longer responds to any keystrokes. Fan turned off, all indicators turned off. You can't even turn it on. That's the moment you just realised that computer just instantly died! No way to restore function, no way to restore data. The only way to be able to surf the internet again is buy a brand new computer, because brand new moherboards costs pretty much like brand new computer, not to mention that you have to buy brand new licence of Windows as well, because new motherboard means completely brand new computer. So in reality, changing the motherboard would cost you in the end more than buying new computer with new Windows preinstalled. And all of it just because of one little USB stick.
@@CZghost A USB killer should only affect the series of USB ports on a specific controller, and even then, most are protected so even if one gets killed, the voltage will not be sent through the entire controller.
Most of this stuff went WAY over my head. I imagine it’s what I hear when explaining music theory to others. It’s interesting because I can tell you find it fascinating and don’t dumb it down all that much. Nice work!
as a music theory nerd i feel this
Music theory today is just the quantize button on a daw 😂
Hands down that was the most brilliant and well done tech video I've watched in a while! Very informative, and it's great to know the equipment was being used for benevolent purposes.
Sets out to reverse engineer malware, downloads and installs malware on his own computer.
well he doesn't know anything about anything as evidenced by the fact that he's using windows. That guy wasn't ever going to reverse engineer anything. Nobody was going to find out what it was until someone who actually knows thing got their hands on it.
@@jhk6558 I thought the LO implicated that he installed the malware with screenshare (remotely),
@@jhk6558 what's wrong with windows?
@@blendernoob8993 not open source
How embarrassing. Even my grandma wouldn't fall for that.
I just got this video recommended by CZcams. Good analysis, I think I would've done mostly the exact same steps, only I didn't know what MQTT is.
Small recommendation: instead of calculating partition offsets manually, create a loop device for the whole image using `losetup` with the -P flag for a partition scan. Then you have /dev/loopX for the image and /dev/loopXpY for each partition. These can be mounted like any other block device.
This kind of videos makes me wonder of all the things you could do with programming and stuff, it's super exciting.
_Security expert in action_
@Hugohopser Didn't find "Win32 Disk Imager" though, which everybody says is immediatly found with google.
Hugohopser follows to click in one million user pop up
@@LiveOverflow I literally just searched for your quoted text and its the first result on google....
@@jslay88 I'm clearly an idiot ;)
@@LiveOverflow be careful next time :3
Moral of the story: Always put contact information on the devices you leave on the field with normal hoomans.
Then the attackers would copy your sticker and go unnoticed. Instead if you are allowed to install devices in public areas install them into a place where only authorised people have access. Like a locked cabinet or similar.
Why not a) out of reach, b) secured.
I was wondering why so many raspberry boards were suddenly for sale on eBay from San Diego seller's.
alternate moral of the story: don't poke around with devices that are clearly part of the campus' network and clearly labelled
That sort of system could probably in theory be used to determine if someone attempting to connect to the public wifi network is within the property of the network owner or not! It could possibly be used to block people from joining the network if they are physically outside the property! :)
How?
Actually if this was in EU it would be deemed as illegal because this system gathers MAC data and location (without users consent and awareness on top of it) and that data is considered as identification data.
...because it is identification data. We really need to have a national discussion about digital privacy.
@@sailirish7Digital privacy? We can't even stop the feds from telling big tech what to censor to interfere with our elections and politics.
Should have put a camo skin on that RasPi to make it invisible.
Can confirm. I did that to one of my pis 3 years ago and haven't been able to find it since!
Did he show it in the video, I couldn’t see the pi
He'd have better luck if he used a John Cena skin.
Cover it with John Cena stickers 😶
@@notsmoothie umm... What stickers? I cant read.
So you're saying if I look around at libraries I might find some free pi zeros *scratches chin*
Hello brother
That was my very thought haha
ONLY IF YOU'RE NEFARIOUS!!
I looked around my library and I found a whole bunch of computers and some unnecessary books. But I am not nefarious, so I left them there.
🤣
Yes
When i was in high school, there were kids setting trash cans on fire in the bathroom. It was happening like 2 times a week. I walked into the bathroom one day between classes and saw kids pulling a tape recorder out of the ceiling tiles that they just found. Said they heard it click when they were using the bathroom. I went to the principal and he totally dismissed it. I saw it plain as day. A black tape recorder with a microphone on a long wire.
Great video! Awesome to see you walk through the process of reverse engineering it to see what it was used for!
Damn there is free tech around and I just have to find it
OMG JARID I LOVE UR VIDS PLEASE RESPOND TO THIS COMMENT PLEZZZZZ
You’ve been ignored xd
Oof I unsubbed like 2 months ago :(
He10s etfja tyiam my channel!
RAWSTORM Did you just have a stroke
"this device isn't nefarious. It's just part of a school project"
...Exactly what a nefarious person would say.
All the devices should be surrendered to the campus security and ICT team for further investigations. Who knows how many wifi passwords and login credentials the have stolen. Of course a thief will never own up they are thieves.
It was probably harmless but I'd prefer to err on the side of caution. I might be reluctant to return the devices. Could this be perverted into something not so harmless?
@@karlbergen6826 Considering this person found and stole one and then cracked it open like an egg to the point of being able to edit the files, yes, yes it could be molested into something devious
@@nervonabliss2071 So could the library computers, or the books
@@alakani Yea, pretty much. Only difference is one is monitored a lot more often then some raspi left in a corner somewhere
I understood about 2% of the content, but it made me hungry to learn more. Thanks for posting - totally awesome!!
Watch this a while ago and it popped up again today, there’s a lot of important info here especially about how easy it is to assess who is around through your digital footprint
This has been a Public Service Announcement on the benefits of using property identification tags.
A client broght a bloody knife to detective and wondering if it is a murder weapon.
As detective and client deduces the case, they figured the blood on the knife is from animal, not human.
At that same time , they arw hearing a scream from the local butcher: "Whoever found the butcher knife, please return it. We need it for work!"
Kowalski analysis
@alysdexia use your fucking common sense
@@rzul thats not so common anymore
@@LegoDude182 *sHOts firED*
I’m a network developer myself and this is very interesting content man. Nice one. Definitely subbed.
That is so fun! Congratulations on your successful reverse-engineering and investigation of the files.
4:24 You should ALWAYS check software to see if it has those little "I have read" checkboxes. Those will prevent software from being installed without your consent.
kaspersky has a function to untick those sneaky checkboxes automatically to prevent adware ;)
Yeah! Ikr?
@@n-i-n-o What if unticked means install?
@@Ultrajuiced checkbox which is not selected
@@n-i-n-o yes but they're saying what if it says uncheck the box to install bloatware
14:56, you’re welcome.
Abe Cervantes Thanks
Lochlan Gallagher no problem ;)
Ty sm
Thanks so much. this was too long winded.
Rip watch time
This just randomly came up in my suggestions, what a fun ride this was.
Years later - still fascinating. Glad I stumbled across this.
kowalski analysis.
Hahaha
This ain't it chief
Before this comment gets 1k likes
Subscribe to PewDiePie
SHMOO fuck I was gonna say that
Kowalski, paralysis.
I always put a Readme file on my devices. I've left my USB accidentally before and got it back.
good idea.
>Assuming that people read "README"
@@jared8515 people would probably read it if it was on a flash drive they found and if they had an intention of finding who's it is / giving it back.
@@jared8515 for example, a readme with a small explanation of what the device is and does would have helped extraordinarily here
@@jakecrowley6 fair
Interesting to watch even if it is harmless! I'd like to see more of this kind of content.
This is like the movie which i know i watched already, but watch it again to watch the suspense unfold. Amazing stuff.
"So we hopped in a Skype call"
Oh, must be an old video then
*Nov 9 2018*
Mainsream skype alternative in 2018 ? None.
Furrane discord has better voice chat better screen sharing, better video chat what's not an improvement
@@furrane Discord?!
Isnt Discord is made for gamers?
@@senki0151 While discord has features regarding gaming, no, it can be used for anything.
That’s a free raspberry pi zero in my books
Right!
Down!
Those are incredible unrelated to my comment
Nice, you watch your name?
@@xbl6506
Yeah i do/did
Loved kimi no na wa/your name
How exciting. Made my day. After I finish my electrons flowing in narrow semiconductor band simulation I gonna watch all your videos!
That's cool. Our university has a website where you can see which computers are free, but nothing about the general busyness of the library.
I was secretly hoping it was a student trying to get access to free college E text books. But that seems like an actual useful tool for students.
Not that id call this clickbait welcome to modern reporting mostly nonsensical bs.
It isn't exactly hard if you look around a little bit.
You can just find them online already lol
1:39 If you are a Windows User you definitely have seen fat before ... gee thanks for making me self aware :/
Oof
Haha don't worry on Linux we have a file system called Butter. :P
Keep going to the gym and soon you'll be exfat!
lmao
Nope most do not know what that is. Never assume when doing a video on the internet.
Wow this is actually pretty fascinating, my university library has a TV that shows how busy each floor is and I wondered how they even measured it, and it turns out my school also uses Waitz, now to figure out how to mess with it to give it incorrect readings on the number of devices present
Walk through with a backpack of cheap cellphones connected to the wifi
@@GODDAMNLETMEJOIN The only problem is its kind of a lengthy process to connect a new device to the University wifi
It kind of amazes me how many people find this compelling content, this is just normal PC stuff
Props for not glossing over the fact that you committed a serious security gaff in the process of figuring this out (installing malware). Goes to show that even security conscious folks can make one small mistake and get into trouble.
win32diskimager can pull a disc image as well.
Also, your accent kinda hides the purpose of the device "waitz" = waits. Checking wait times. It all checks out!
Not malware, but it could've been.
"could of been" - Your fucking SPELLING is malware!
Anvilshock His spelling is fine, get a life.
His spelling is shit, get an education. It's "could HAVE been", there is absolutely zero justification for the word "of" in there, and anyone doing this needs a massage with a chainsaw.
If you say pls because it is shorter than please, I will say no because it is shorter than yes.
I like how tracking people's movements without their knowledge has become so normalized that we no longer consider it nefarious.
I like how sensitivity to collecting information has gotten so normalized that we no longer consider it an overreaction.
>Not setting off repeating high energy emp pulses as you walk around campus.
Even if everyone knew they wouldn't care if the convenience outweighs the concern!
If you are walking around locations you do not own or rent, while broadcasting a locator signal from a device, you should have no expectation of any privacy. Also this device is no different than a car counter on a highway, as it's only show number of signals per area, not detailed info on each signal.
FraKctured I love gentle giant
Nice! Thank you for this solid Explanation of the "reverse Engineering" of this.
I subscribed for your sense of humor alone . Your "God damn it ! I am supposed to be a security professional " had me rolling.
It is a bomb. I know it. A kid made one from a Walmart clock.
😂😂😂
The bluetooth dongle receives powerful signals, which overcharge the whole device. The SD card, due to the high voltage, heats up, heating up the air around it.This causes rapid expansion of the air, also known as an explosion.
@@boggybolt6782 suddenly a bright flash in the sky a flaming meteor crashes to earth
Ban all clocks!
@John Doe source?
You just gave 3 mill advertisement views in under a year , to this project . people should be paying you for this sort of marketing genius. lol
but what if it was all a planned ad
@@RenanSilvaSoriano o.o;
Recommended after 2 years? Ah yes youtube algorith btw interesting video
This was awesome and pretty educational! Nicely done!
Never use Express Installation, Use Custom, and always remember to uncheck all boxes that have to do with any “tools and features” to added for “free”. Most of the time, these programs are flagged as PUPs (Potentially Unwanted Programs) by your anti-virus or anti-malware. Take a look around before hitting “Next”. It’s a good habit. ;)
There's a program called Unchecky that automatically does this on most programs
I wouldn't recommend it if you're an advanced computer user, but it's a nice thing to install on dumbusers' computers
Or use ninite for the apps it supports. Install multiple apps at once, with no extra stuff you don't need. Imgburn is on there, so even though it didn't work for this purpose it would have avoided installing the PUPs.
Or just don't use Windows, and have your package manager do the right thing
"Don't use Windows" is a really retarded argument, if your use-case prefers you use Windows, you will use Windows
@@Ryndae-l not always an option, and you know it...
"We stole from the school." "This was so much fun".
Pedro Sequeira lol whatever
you forgot to append this at the end. "-LiveOverflow 2018"
It's not stealing since they returned it
@@leonardfluhart3532 Its stealing no matter what you do next.
@@Pedro-tl7jg I'd agrue not simply because they didn't know and as soon as they found out they returned it
His accent just makes this 100 times better
So much fun watching this video. Feels like watching with so much plot twist.
I'd like to see more of these reverse hacking projects
This isn't reverse hacking. This is video is embarrassing. This guy has no fucking clue what he is doing.
@@thatsciencedude4552 chill out dog
This isnt hacking he just read the files
@@thatsciencedude4552 you mean the guy who only uses linux that was trying to have someone on the other side of the globe use windows to extract the data from the device? Seems reasonable to me. Once he got the disk image he sailed through the discovery process quite well.
Btw what everyone is calling hacking is actually cracking
Have you tried turning it off and on?
Have you tried setting it to wambo?
Have you tried forcing an unexpected reboot lol I love the I.t crowd best show ever lol
*_Have you try unplug computer?_*
From the Beavis & Butt-Head episode "Tech Support".
@@gentlemanvontweed7147
*WEEST???* That's _West_ me boy!
Have you tried putting it in rice?
I had no idea JD-GUI existed. Amazing that decompiled code can be read so cleanly!
That would be pretty handy to know real-time when various places are busy.
When you said "UCSD" I instantly knew what it was...
-- UCSD student
@Diogenes TheDog what exactly is supposed to be that in german?
"When you said "UCSD" I instantly knew what it was... -- UCSD student" - Congratulations, you fulfilled your curriculum. You memorised your school's name.
@@Anvilshock I think they meant they knew that it was this company's product since it was in use in the school.
Shh. Don't ruin the moment.
Dude theres professors at ucsd looking for their pi's.
Its on the playstore comments
Alejandro Guerra wot
Which profs???
@@Sakura11101 gary
@@RM-xr8lq is he planning on taking uc property? That's worthy of a professionalism deduction
>we need to dump the entire SD card to an image file!
>proceeds to download a well-known CD/DVD burning utility
Love how one was near the vending machine. Studying how the freshman 15 is acquired.
I love how you write your videos so that not only am i learning about your project, but about all the little side pieces of information I can gain from your journey along the way. It's like im making friends while I'm on my way to a destination. :)
spam clicking through installers is very stupid.
So too assuming the site itself isn't trying to profit off of them
its what i do succesfully so dont hate nigiga
@@richrich9740 nigiga
@NATHANIEL PARISE We do? I really hope not.
@Ratko Mladic nigigigigiga
I subscribed because you have a way to explain everything that I rarely see ,keep up za good work man !
TL;DW
It’s a sensor that reads the “busyness” of certain areas. It sends the info it gathers to an app the students can use to see what areas of campus are more congested.
Any idea on where to start building smth like this? I need to do this for my diploma project
Rufus is your friend for Windows file system stuff
Rufus? The boot usb thingy? I was thinking more ex2fsd, but of course the best option is to wipe windows and go full Linux.
Yup, but not for dumping ;)
wtf
@DREAM666 lol
Да
Du hättest auch "Linux Filesystems für Windows" von Paragon nehmen können. Kostet zwar ein bisschen, ist aber unglaublich hilfreich wenn man mit beiden Systemen viel arbeitet und mal schnell ne SD vom Pi aufm Windows PC lesen möchte.
Following this was fun. It's amazing how easy it is for us to find something that is actually innocuous and worry that it is nefarious.
Sometimes a duck is just a duck!
A little history lesson about ImgBurn, it's actually the stripped down version of a software called DVD Decryptor, the very first piece of software that cracked the DVD CSS (Content Scrambling System) and allowed anyone to make backups of their DVD movies, the author stopped development of DVD Decrytor in fear of being sued and used the image burning part of of the software to create ImgBurn, it was never meant to create image from SD cards, its sole purpose is to create images from optical discs (And does a damned good job at it too). Now regarding adware, yes it has bundled adware, but only on the official mirror that you downloaded, all external mirrors doesn't have the adware portion and are clean.
"if you're a windows user you've definitely seen fat before" lmao
Especially Windows 7 below users.. Although, I'd prefer NTFS
@@mournblank he meant like down ur belly
Foxhound?snake? Hmm oldskool
@@breakstone1000 He meant the filesystem:
File
Allocation
Table
F
A
T
FAT
on hard drives and other stuff.
@@tredI9100 Yeah mate that was a joke, it could be both tho
I would recommend Rufus for creating SD card images on windows. Another option would be to install Virtual box and pass through a SD card reader USB device to a Linux guest.
Two thoughts... (1) waitz.io was the first result on my seach engine hit. After seeing that the purpose was obvious. (2) Capturing wifi and/or bluetooth mac addresses is not anonymous and could be considered nefarious. If you want to stalk someone, configure this to notify you when their cellphone signal fingerprint is captured by this devide.
Win32 disk imager can make raw copy of drives on Windows. Works well ;)
Yeah i use it with the rpi all the time
Same
It's still the best software for that. Etcher from Etcher.io may seem more modern, but it lacks the functionallity to generate an image of a whole (micro) SD Card
Every fucking -script kiddie- raspbian user should know these programs man! I'm astonished :[
Your way of explaining everything here was excellent.
Whoa! Holy $#!t It's MrMario! I watch your videos all the time. So cool to see your comment on a random video. Anyway keep up the good work dude, I really like your channel.
i agree. he did it very nicely
I agree to I think you should do some more rgh tutorials
Yeah, I haven't coded in about 20 years and could keep up, so it was good for me. Also I know crap about Linux so appreciated he didn't assume everyone is a Lunix expert.
2:50 the reason windows won't mount the second partition actually has nothing to do with its format and is actually caused by the fact that windows does not support more than one partition on an external drive mounted through USB.
4:30
Exactly why you always, ALWAYS read all the checkboxes before you click next on ANY installation
Expert my Diablo 1 disk from 1996, I'm pretty that's safe.
I don't understand anything but I felt my brain has evolved after listening him babbling alien language.
😂
Seriously? Ok. It is all very basic....
Herman Willems Keep in mind this is a youtube video that anyone can watch. Also people who dont know anything about this kind of stuff
@@jessebijma, spoken like a unix master.
@@koh9894 I don't know the first thing about unix to be honest