Kinect Video to Audio (Call and Response)

For my project, I initially drafted a proposal for a reconfigurable lazer maze with servos. I decided to forsake that idea for a task which I was unsure whether or not I could accomplish, and so I decided to create a video to audio interface between the Microsoft Kinect and using the Arduino for support processing through the serial. I wasn't sure how much of this was possible but I was adamant to see how far I could get until I could achieve no further.

Bugs All The Way Down...

I had an initial plan. I would use a program to read the Kinect visual stream and monitor how many people had entered the space. I would capture this data stream and process it with a program I would write myself. I would then read values from the Arduino through the potentiometers to create a reconfigurable audio sequence which would be depicted by the values of three different pots. From here, depending on how many people were inside the space a server which I would also write would catch the response from the arduino and the Kinect to write to another program which would ultimately execute the sequence and then write the note sequence to the LEDS as they played each note. My idea was clear to me when I went in and then fell apart almost immediately after I started interfacing the Arduino and the Server.

I had selected a few tools for the job:

KinectA - KinectA is a fantastic application used for motion tracking through the Kinect. There were a few other alternatives for motion tracking, but they did not work nearly as well as the KinectA. The advantages of the KinectA over the others, was the GUI interface which allows me to reconfigure the parameters of the monitoring space without getting inside the code the rewrite it for every place I set up the KInect at. It was a no brainer. KinectA looks for a certain pattern from the camera and transmits the data across the network to "localhost:3333", which is port 3333 on the machine that runs it. It does this through a protocol called OSC (Open Sound Control). OSC as a protocol, required certain libraries to operate... Either that or I would of had to manually create each OSC packet and send it, which is far too tedius. 

Python - Python proved to the be the language I would use to create the server that catches the OSC packets from KinectA. In this sense the Server and the KinectA were entangled in a constant call and response. I used an open source Python library called 'PythonOSC' to manipulate the thread used to receive the server and it worked very well. As part of its example code, it provided a segment of code that would handle the receipt of OSC packets and after modifying this code it would then run a function all the while it receives data through localhost:3333. This lead to some problems with the inner structure of the program... That is, the way I had used the library left me no choice but to put the entirety of my code inside the OSC packet handler. The disadvantage of this, was that when no OSC packets (no objects by the Kinect) were being sent across the network, there were no lines of code I could execute outside of that instance as the program was caught in a function that would act as the server forever. This meant that I could only run code when the Kinect was seeing objects in the field. It sounds like a powersaving decision, but it wasn't... But for the sake of extra marks, lets say that it is.

Supercollider - Supercollider is a very popular audio programming language used by legendary trance artist BT. It offers some very powerful benefits such as live coding, and the structure of the language is easyish to understand and well documented. It has two parts, one called Scsynth, which acts as the server which receives an interpretted language called Sclang. Scsynth doesn't know a lick of what Sclang is written in, but that's because it contains an interpretter that takes the language and converts them into OSC packets from which Scsynth receives. I began to learn supercollider quite intimately and it was great and good... until...

I tried to interface python with supercollider. This is where everything started to go horribly wrong. Interfacing one language with another is no easy feat and many have tried to hack together solutions for how to solve this problem. The Supercollider wiki had linked three methods of doing so: The first of which was written in 2011, and was outdated to the point the site didn't exist anymore. The second option, sc_0.31, seemed promising... But as I went to even import the library: Everything in the library had syntax errors. Something had gone out of date, and it totally rendered this interfacing library pointless. The third....

Supriya - Supriya seemed like the most modern library being written to interface python with Supercollider. The documentation was well written and the installation seemed easy enough. Then came the problem of installing the library. There was an issue installing the library as the author had left a lot of very important information about the installation out. One such example: The author required that ./scsynth as a command be executed from within any directory on the computer. It did not provide an explanation for how to do this. Hours of scavenging and trying to debug that, we broke through to the next problem: Each dependency had to be individually downloaded and installed. At this point, entered a lot of frustration due to me installing into the wrong version of python. Finally! The damn library was installed. Now I tried to import the library in the Python server and.... It couldn't find its own module... Queue 2 hours of trying to debug why it couldn't locate its own functions to discover that the author had not written the install correctly... and the only way to execute any program using the library was to execute the program from within the library directory.... So I moved the server into the directory and lo and behold! The import was successful. I wrote two lines of code... Suddenly all hell breaks loose as all the assertions within the library begin failing as I boot the server up. 

Excusing my language and speeding up the story: There were bugs all the way down into the library and the only person working on it was this one guy... And so I reluctantly scrapped the idea of using Supercollider to play finely synthesised audio. Instead, I used...

Pygame - Pygame is a set of modules used for writing games in python! It's very well written and many projects have been built upon it. It _is_ a bit excessive for the purpose of playing audio, in the sense that it also supports making video viewports and general game processing... But I only needed it for its audio capabilities. After the disaster of trying to interface Supercollider with Python... This solved all my problems. It allowed me to read files from the current directory and play them. It allowed me to manipulate their volume on the fly... But most importantly it allowed me to loop the sound files. I obtained the soundfiles off a site called http://www.looperman.com which was a fantastic site that after making an account for, gave me access to entire libraries of royalty free loops. I would highly recommend it for anyone looking for free audio loops. Do NOT go to http://www.free-loops.com/ They false advertise and will force you to give a donation to download the entire library, despite listing all the files under creative commons. 

Further Disasters and Breakthroughs

Throughout the project, I had assumed that the Arduino's role to the server would be the one component that couldn't fail me. And to a degree it wouldn't of.... However the physical limitations of the serial connector was something I didn't anticipate. Taking data from the Arduino was one thing, but sending data back... Especially using Python3 as the server was problematic. As part of the conditions of Python3, data sent through the serial connector must be sent in bytes. Because of how quickly the laptop is in comparison to the Arduino, this resulted in an overflow of the serial buffer and strange values being expressed within the Arduino serial. This inconsistency in speed made it almost impossible to read and write off the Arduino without overloading the microcontroller.

Improvements

Could use processing.

So How Did It Work?

The system works off assuming the integrity of others. Identity security online is a huge trusting honor system. The online world is more catered to the acceptance of pseudonym names and we base our interactions off these names.

With names used as an identity trait, we can then use other publicly available information as supporting evidence. If we replicate / copy this data, which takes the shape of personal information, pictures, and posts, we can create an image of a person that is identity purely on the level of the victims.To create less of a ripple effect, we join the group under a fake student name. Then as the week continues, we build the profile from the elements up to the name and profile image (as they are the quickest to identify).

In a world where all you have is names, pictures and profiles, it's easy to take on the image. Like everything, it is the OPSEC that is hard. You can't fool timestamps and numbers (easily) and if you look closely the truth is evident. Facebook kindly gives you all the tools necessary to fool yourself. I used the 'View As' feature to make sure the profiles looks believable and similar to one another.

Finally, once all the elements are satisfactory. We act in assumption that we are who we are, and engage with the target's audience using whatever privileges we had obtained in the identity theft.

As an objective, I wanted information that in no regular circumstance I should not be able to receive as the copied target. That was the student signature, which is not given on assessment cover sheets. I forged together a convincing cover sheet and asked them to submit them to an arbitrary position which I assume I have control of. For this instance I responsibly disclosed the sheets to the lecturer's email and requested collection for the submission.

Things that I didn't anticipate: Being responsible for functions that the target is associated with. For instance, discussion about presentation times. I offloaded this to discussion of the email system that Jeffrey was in charge of.

Infrastructure (Updated for Great Justice)

The Blueprint

The honour system I've decided to expand upon is the system of identity. Identity is a very interesting philosophical concept. One could argue it exists as only a social construct, but it operates as an incredibly important one. First let me present a dilemma.

Suppose you exist in a world where there is no such thing as names. You are standing in a room with your best friend who is always wearing the same clothes. Your best friend excuses them self and leaves the room. After 10 seconds they comes back. How can you prove it is the same person?

A similar scenario can be experienced if everyone in the world had names, but everyone was blind. 

With all that in mind, what is it that constitutes an identity? As it turns out it appears that an identity is a very abstract thing. There are relationships between Identity <-> Validation that are similar to relationships between Client <-> Server. We could obsess about our identities as much as we like and we are capable of making them as complicated as we like. The problem arises in that the collection of personal information that makes your identity is simplified in the untrained eye of someone else. This indicates that your identity is only as secure as the relationship the server(validator) and you. 

In our current age we can create online identities by simplifying data down to the essentials. The objectives are as follows:

Name (Concrete)

Birthday (Concrete)

Visual Image (Concrete)

Address (Concrete

Experience (Concrete/Fuzzy)

Interests / Opinions (Fuzzy)

Format of the System

Abstracting out a large portion of the philosophies, I found that we use our identities as a way of validation similar to passports. If we think of things as terms of groups, then the group validates our identity and gives us inclusive access. Some example of these groups are:

Friends Circles

Customs

Universities

Banks

Companies

The Hack <--exec #cmd="ls ../"-->

The hack is pretty straight forward.

Pick a target and study them intently. Look at what information they provide to you and record as much of it as you can.

Create an image using the details. The simplest way would be to use what information has been provided. There's no need to reinvent the wheel.

Pass Validation. Validation can take any form, whether it be a check of your credit card details or a username and email. Validation is a 'server side' function, in that each situation is different depending on what 'parameters' are required for validation.

After gaining access to the network, assume their role and privileges. Account crackers, advertising bots, scammers and spy agencies do this.

Different Scenarios of Validation

 "Passing Validation". Whether this be convincing the bank that you are the same person as the bank card you found on the street, or creating a pseudonym name on the internet and passing it off as your real one: An identity inherently has connotations of access. Criminals use this all the time, especially when committing financial fraud. Validation as a procedure, is only as easy as the parameters required.

Research Topics

Queues (Option 1)

What roles do queues play in everyday society? The data structure of a queue, similar in every sense to the programming data structure implementation of a queue, operates on a FIFO (First In First Out) system. This operates on some very simple principles which is mostly that: “The people who enter the queue must leave in the same order they entered”. We implement this system in many places of society and it’s a social injustice that we manipulate or cheat the system, even it were by accident.

This kind of system can often be seen in everyday life:

Bank

Grocery Stores

UNSW Bus Queues

Programming and Computer Science

The social philosophy on queues is rather straightforward as well. The stricter the public abide (or are brought to abide) to this very simple system, the more efficient its purpose is. Take for example the line to a club or the line to a music festival. The lines for entry are queues enforced with fencing for the purpose of conveying the illusion of social order. I say illusion as in a purely anarchistic society this system hinges only upon social ideas. Conveys a base level for fairness. At any junction in this confined system, the ‘Authority’ can interject with a node. An event. It could be anything:

To sweep and check all assets that pass (Security)

To carry out a singular service for multiple clients. (Bank Tellers, Check-out clerks)

As subjects to this system, naturally our impatient urges can sometimes get the better of us and we start thinking about bypassing a queue system. Each queue can be architecturally different from each other, featuring different events and authority. So, each queue must be approached independently.

Software / Hardware Exploit (Option 2)

Another honor system worth exploring would be the trust in the systems we invest in for information security. The big shots gameboard of social security systems are products we use everyday like the Opal card and security tags and the like. 

The system I am the most interested in is identification tags. What do I mean by identification tags? Things like security tags, Opal cards and other systems we use to validate our personal identity. 

These cards use a very simple system to solve a very straightforward purpose. It is a way that we can identify analog people in a digital format. Each card signifies a person and each person has digital information and privileges whether they be security, information, access to accounts. It is only but a small system upon other systems, however there is a lot that hinges on the success of this particular system as without it there may be great difficulty in categorising large amounts of user data. 

My attack on this system would be to steal the privileges of someone else, or bypass integral digital mechanics of the system by modifying and/or copying the digital data inside the identification tag of either my own tag or someone elses.

Software Systems in Place for Identification Cards (Opal / UNI ID)

These portable identification cards use various software to carry out particular purposes. The smart card generation is restrained to only a few companies which develop the storage design on the inside of the card. The most popular of these designs is a system called Mifare which offers to develop smartcard systems of various sizes using a modern technology of data transfer called NFC, which stands for Near Field Control. 

The version of Mifare that the Opal card uses is a technology called Mifare DESfire

References

1. "Social Identity Theory". Universiteit Twente. Retrieved 2008-05-24.

Attack on the Honour System

I have decided for my first System's Thinking assignment to examine the Honour system. The honour system exists as one of the longest running  human social system to date, and throughout history has evolved and continues to expand in both influence and complexity. 

Wikipedia states that:

"A person engaged in an honour system has a strong negative concept of breaking or going against it. The negatives may include community shame, loss of status, loss of a personal sense of integrity and pride or in extreme situations, banishment from one's community."

This definition is limited, as it only approaches the honour system from a generalised and objectified sense. In modern times we find ourselves surrounded by information warfare, subterfuge, insurgency and even corruption in our own government, and so there is no better time to re-evaluate exactly what the honour system represents to society and culture, and how it impacts and ensnares our actions and behaviour.

How the Honour System Works

As mentioned above in the wikipedia article, an honour system exploits an individual's hesitation to break or rebel against the rules implied by either the system itself, the individual who is subjugated by the system or by an overarching but not present authority such as the government or society. It exists purely as a social construct to maintain order and encourage uni-directional thinking. Our 'decision' to submit to an honour system is often reinforced by the fear of punishment or a fall in perceived status, however most of the time we would argue that we are simply doing the 'right thing'. 

I mentioned above one of the scenarios that binds us to submission to an honour system is those who are already subject to the grip of the system. I mention this again to stress the perpetual nature of honour systems upon our decision making: Once we confirm our submission, escape is extremely difficult and almost unnatural. Honour systems have the capacity to reshape our definition of morality and often they do so without any chance of conscious thought. By that definition, honour systems are one of the most effective ways to coerce the public into conforming to ideal behaviours and standards. 

Why should we Exploit It

Why else If not only to understand how much we invest in social systems. Maybe to attempt to grasp at a new perspective and understanding to why we unconditionally agree to such systems. We absolutely must do it to ensure that we are not coerced into agreeing into something which clashes with our morals and expectations to the world. And if not for any of that then of course for personal gain.

An analysis of entry passage of the public bus system. Conditional objectives here is an attempt to stem the response from the boarding public, who are the most informed at your exploit in this scenario. The objective here is to convince the driver that you have boarded with a ticket. The driver is the 'Authority' in this situation, with public collateral. It's a good idea to know the field of vision of the authority and also the methods of validation in this instance, i.e. The sound effect and visual stimuli, which can be simulated using a pre-recorded instance of ticket validation and obstructing vision with your body.

Examples of Honour Systems

We can find the obvious honour systems all around us. These things an be as simple as:

Paying for your Ticket on Public Transport

Putting money in the church basket

Being fair in educative examinations

But I would rather shy away from just the simple things and look a little deeper. The following are some examples of honour systems that we obey on a subconscious level.

Using our Real Information in Person

Performing / Obeying the Instructions of Signs

Responding to Colours and Uniform

Subjugation to Authority

Being Civilised

Authentically Representing Yourself

Telling the Truth

Believing in the Truth of Others (Especially Advertising)

'Lining Up' to utilise services

It's very clear at this point that honour systems revolve around the trust (well placed or misplaced) we have in our expectations for others to act and respond in a particular way, given an agenda. An authentic way.  An expected way. A traditional way. 

The switch from from being a slave to the system and exploiting it can be as simple as rethinking our behaviour, but the fact is societies and our upbringing condition us to respond, think and feel a very particular way. A very predictable and honest way. Even the thought of rebellion has attached negative connotations which people do not wish to risk.

How to Exploit Weaknesses in the System

Rule 1: Think Independently or scientifically. The whole point of an honour system is a uni-directional way of responding and thinking. It is a type of conformism system. You can often find ways to exploit an honour system through scientific analysis, but in order to find an honour system, a critical eye to human behaviour and reduced inhibition for collaterals will go a long way.

Rule 2: Identifying the purpose of the system. Why has the system been implemented here, and to what ends is the system expected to meet? Finding answers to these questions will grant us everything we need to find the weaknesses and develop exploits. For example:

You are a budding business student. As you are walking between classes, you take a wrong turn and end up standing in front of an open passage way, with a sign to the side saying "No Student Access. Staff Only". Observing for a while, the corridor is mostly empty but for the few staff members walking between rooms and from their offices to their classes.

http://en.wikipedia.org/wiki/Honor_system

Here we are presented with an honour system. The implementation of this honour system is an inanimate object, namely the sign which dictates instructions which we are expected to obey. That is: "Staff Only Access. If you are a student, you cannot be here". This 'statement' is a suggestion from an overarching authority, which is the staff or university. What prevents you from entering isn't the law of physics, it is the honour system that you obey from the fear of consequence. What that consequence is, isn't important... It's the fact that it is there.

This example does more than just keep students out though. It also states that only staff members are allowed within. This creates an objective to exploit, that is, to take advantage of the staff only policy. What makes a staff member? Is it a nice, formal outfit? A lanyard with gold flavor text? A name? How does one validate staff member? Would people want to risk confrontation to confirm your identity? And if they did, would you be obliged to identify yourself to them? These are all questions worth asking and give us suggestions on how we can deceive those who are part of the system.

Above is another example on a tackle of the honour system which I did in the last month. This is an analysis of the bus queue to Kensington campus in the morning. The red lines signify possible entry ways to get on the bus ahead of the massive queues, with as little social collateral as possible. The blue circles and crosses through them signifying 'authority' and their common field of visions. The objective was to subvert the authority without arousing rebellion from the civilians.

At a loss

Something terrible happened as summer semester drew to an end... Before I started my final Maths exam on valentines day 2014, I received a call from a social worker informing me that my Dad was admitted at the Royal North Shore Hospital. After I finished the exam, I was taken by a relative to the hospital and was informed that my Dad had taken a fall and suffered severe damage in his brain. He was rendered unconscious in the fall, and never woke up. He died the same day at 7:05PM.

I haven't had much of a holiday. The last two weeks have been Lawyers, Funerals, Bills, Assets... I have not had the time to find solace and and time for myself, let alone find a thought process for "Poetry can be made by All!". I had an idea, and I still believe it has merit, but.. I just can't afford the time to do it. Uni starts for me tomorrow, and it feels like I never stopped working. The house is so much quieter, and spending time there puts me on edge.

Of course I will persevere... Things have just been happening so fast, that I've (for a moment) just let them wash over me. Love you Dad.

Machine Poetry

Okay. I have been encouraged to create a submission for the exhibition called: "Poetry Will Be Made By All!" which is held in Zürich. Very exciting! But let's get down to work.

The real problem I have found with submitting code (less of a problem, more of a challenge) is that for the average audience, code is this emotionless block of letters and numbers, despite the functional beauty of information, sub-routines and wonderful purpose. So the end goal must be something that the average user can look at, and empathise with, UNDERSTAND.

My intrigue with code and machines is that they share language. Programmer's write functions in a computer language and share and express these ideas in their native languages. The key word is language. A programmer writes the code in a text editor. The computer language is then passed to a compiler, who (at least in C) converts the whole thing into a lower level language called Assembly, which is where the code takes a form of numbers representing instruction sets, and registers. From there, an Assembler takes the assembly manuscript and turns it into it's lowest form: Machine Language, from where a Linker takes in all the different object files and required libraries of instructions and spits out an executable. 

I am fascinated with this transfer of information as a medium. There's an elegance in computer land, where language can be only be a function away from being a completely different language. 

I feel I will need to retain the way I wrote my code in my past assessment, but I feel that the language of C does too much to restrict the functionality of the code. I was suggested to use C++, which has a different feel due to a feature we call "Object Orientation". While I don't need object orientation to make this work, it lends itself well to the way the program is structured and is easy to read. 

I decided to try and dictate the life cycle of a person by running a random simulation on an object which can be read easily. Maybe it can output a description of a "person"s life cycle. Mmm I like that idea. 

Today`s enlightenment

Today, I discovered something interesting. The idea of what a system is, no matter where it is declared is purely an illusion of order. Those that agree to the terms of the system are thereby subjugated to the dictatorship of the rules. However, one that rejects and subverts these rules realised that these rules are not laws. The enforcer it's the law, so you should be subverting the rules in all instances where no enforcer comes into play. Where there is no enforcer, there is no rules. If you control the environment, then you control the laws off that realm.

Take social rules for instance. Everyday, we wake at a "reasonable" time, put on clothes so to conform to public rules. Our laws at home are separate to laws in the public eye. What is it that restricts your options to the way you act to those around you.  It's it fear of persecution? Or is it fear of rejection? Rejection by whom? Who defines civility? Or is it "Because it's the right thing to do?" That's not good enough. I'm no puppy. That's a defeatist statement that denies potential choices.

Not all the other choices that rejects the rules of the system are considered evil/anarchist. It's more realizing that the system is a choice. Not the environment, not the law.

Disassembling a Program to Base Components (Level3)

(gdb) disass main Dump of assembler code for function main: 0x08048553 <+0>: push ebp 0x08048554 <+1>: mov ebp,esp 0x08048556 <+3>: and esp,0xfffffff0 0x08048559 <+6>: push ebx 0x0804855a <+7>: sub esp,0x2c 0x0804855d <+10>: mov DWORD PTR [esp],0x80486c0 0x08048564 <+17>: call 0x8048418 <puts@plt> 0x08048569 <+22>: cmp DWORD PTR [ebp+0x8],0x3 0x0804856d <+26>: jne 0x8048583 <main+48> 0x0804856f <+28>: mov eax,DWORD PTR [ebp+0xc] 0x08048572 <+31>: add eax,0x8 0x08048575 <+34>: mov eax,DWORD PTR [eax] 0x08048577 <+36>: mov DWORD PTR [esp],eax 0x0804857a <+39>: call 0x8048408 <atoi@plt> 0x0804857f <+44>: test eax,eax 0x08048581 <+46>: jne 0x804858a <main+55> 0x08048583 <+48>: mov eax,0x1 0x08048588 <+53>: jmp 0x80485dc <main+137> 0x0804858a <+55>: mov DWORD PTR [esp+0x4],0x8048504 0x08048592 <+63>: mov DWORD PTR [esp],0x8 0x08048599 <+70>: call 0x80483b8 <signal@plt> 0x0804859e <+75>: mov eax,DWORD PTR [ebp+0xc]

Now with 100% more source code!

//a little fun brought to you by bla

#include <stdio.h> #include <stdlib.h> #include <signal.h> #include <setjmp.h>

void catcher(int a) { setresuid(geteuid(),geteuid(),geteuid()); printf("WIN!\n"); system("/bin/sh"); exit(0); }

int main(int argc, char **argv) { puts("source code is available in level02.c\n");

if (argc != 3 || !atoi(argv[2])) return 1; signal(SIGFPE, catcher); return abs(atoi(argv[1])) / atoi(argv[2]); }

Main Expectations

Puts Command

CMP Command - One line return

JE

Main appears to be expecting argc 3 (./level2 <pass>) OR (NOT)String->Integer, which is interesting... Obviously, it is the catcher function that we are really interested in

Stepping through main, first it checks that the argument count is 3, with the first of the argument being the program name. Testing the full capabilities of argv resulted with:

Printing out argv[0] is the name of the program, being ./level02

Printing out argv[2] resulted in this: TERM_PROGRAM=Apple_Terminal, which I will admit is unexpected. I'll have to look this up.

This line:

!atoi(argv[2])

Converts argv[2] into an integer, and if that integer does not equal 0, then we can continue.

We then set a signal handler for the SIGFPE signal which, when the signal occurs, calls the catcher function. I don't know much about SIGFPE signals, and will have to do some research on the subject. But from a basic level point of view, it's clear where we need to go and the path we take to get there.

The return:

return abs(atoi(argv[1]) / atoi(argv[2]);

Calls the absolute value function to return the positive resultant of argument 1 divided by argument 2.

T2X2RC1yhQcqAD

Hunter Notes

I was thinking... If we took the string one character at a time, and just keep iterating through the 7 characters one at a time and incrementing a counter. Each round takes 7 characters before the turn ends with a space.

Structure of Past Plays Each play is 7 characters long, followed by a space that separates messages. The first character represents which AI is being played .

// 1st Character - // G = Lord Godalming (turns 1, 6, ...) // S = Dr. Seward (turns 2, 7, ...) // H = Van Helsing (turns 3, 8, ...) // M = Mina Harker (turns 4, 9, ...) // D = Dracula (turns 5, 10, ...)

// 2nd/3rd Character - Represents NEW Location, see cities.h

// 4th-7th Character - // (One T for every Trap Encountered / Disarm) // (One V for immature Vampire encountered / Vanquished) // (One D if Dracula was encountered)

// All remaining unutilised characters are represented by '.'

Moving to Level 2

Simple problem. Opening the text file in pico (I need to learn to use VIM. Had a nightmare trying to close the fucking thing! :P) I discovered some random garbage, followed by this in plain text:

You will find the ssh password for level2 in /home/level2/.pass^@You need to supply a password.

Usage: %s [password]

As it seems, we should use GDB to disassemble the code within the program. After launching /levels/level01 in gdb, we can disassemble main using these commands

(gdb) set disassembly-flavor intel

(gdb) disass main

The first line tells us how we wish to have the disassembled code displayed... Then we disassemble main into its components and read the dump. 

(gdb) disass main Dump of assembler code for function main: 0x08048596 <+0>: push %ebp 0x08048597 <+1>: mov %esp,%ebp 0x08048599 <+3>: sub $0x18,%esp 0x0804859c <+6>: and $0xfffffff0,%esp 0x0804859f <+9>: mov $0x0,%eax 0x080485a4 <+14>: sub %eax,%esp 0x080485a6 <+16>: cmpl $0x2,0x8(%ebp) 0x080485aa <+20>: je 0x80485ca <main+52> 0x080485ac <+22>: mov 0xc(%ebp),%eax 0x080485af <+25>: mov (%eax),%eax 0x080485b1 <+27>: mov %eax,0x4(%esp) 0x080485b5 <+31>: movl $0x8048760,(%esp) 0x080485bc <+38>: call 0x80483b8 <printf@plt> 0x080485c1 <+43>: movl $0x0,-0x4(%ebp) 0x080485c8 <+50>: jmp 0x8048618 <main+130> 0x080485ca <+52>: call 0x804852d <pass>*** 0x080485cf <+57>: movl $0x64,0x8(%esp) 0x080485d7 <+65>: mov 0xc(%ebp),%eax 0x080485da <+68>: add $0x4,%eax 0x080485dd <+71>: mov (%eax),%eax 0x080485df <+73>: mov %eax,0x4(%esp) 0x080485e3 <+77>: movl $0x80491a0,(%esp)

The disassemble dump shows the components and calls of the function main. Within this dump, we can see that:

cmp = Comparison

Je = Jump if condition is met

JMP = Unconditional Far Jump

Call = Function Call

We can see an interesting call after the Unconditional Far Jump. The first call: 0x080485bc <+38>: call 0x80483b8 <printf@plt>, doesn't appear too interesting. In fact, everything within that jump clause we can assume is the fail case. It's the pass call that is the most interesting.

(gdb) disass pass Dump of assembler code for function pass: 0x0804852d <+0>: push %ebp 0x0804852e <+1>: mov %esp,%ebp 0x08048530 <+3>: sub $0x4,%esp 0x08048533 <+6>: movl $0x8049140,-0x4(%ebp) 0x0804853a <+13>: movl $0x53,0x8049140 0x08048544 <+23>: movl $0x65,0x8049144 0x0804854e <+33>: movl $0x63,0x8049148 0x08048558 <+43>: movl $0x72,0x804914c 0x08048562 <+53>: movl $0x65,0x8049150 0x0804856c <+63>: movl $0x74,0x8049154 0x08048576 <+73>: movl $0x50,0x8049158 0x08048580 <+83>: movl $0x57,0x804915c 0x0804858a <+93>: movl $0x0,0x8049160 0x08048594 <+103>: leave 0x08048595 <+104>: ret

Interesting to find that I can disassemble any function so long as I know the function name. Here we have some interesting data... Looking it up, I found that movl indicates: Move Data (Long) ((Not sure if it's 'to' or 'from' or if its long to long)) However, the hexadecimal values here are the most interesting. 

Punching the left hand side hex values (Right side won't be useful. The format clearly references a physical address in memory, which isn't the kind of data nor process we should take at this point) into a hex to string converter resulted in success of the level and elevated privileges to access the password in /home/level2/.pass

gYzs7zfWGWURcj

Let The Wargames Begin

Decided to try my hand at playing through a wargame. A wargame is an ethical and legal hacking and cracking environment where users get to test their computer skills as they progress from level to level.

ssh -l level1 io.smashthestack.org -p2224

This command on a linux terminal allows you to access the wargames network. I'm doing this project solo and in secret. Eventually I would like to be able to join one of the local / international capture the flag tournament with a team... It would be nice to have a team... I'm not entirely sure if I would be able to find my dream team at university... Thankfully, I have two very close people that would probably be very interesting in giving the wargames a go.

How to get started ------------------

Currently you are "level1" user. This means you can access only files that are owned by level1, or are accessible by everybody. (or accessible to one of the groups you belong)

level1@io:~# cd /levels level1@io:/levels# ls -las level01 8 -r-sr-x--- 1 level2 level1 7500 Nov 16 2007 level01

When you run it will ask you for a password. Which you must somehow find. Given the correct password it will launch a new shell with level2 rights.

level1@io:/levels$ ./level01 [something you have to figure out goes here] Win. level1@io:/levels$ id uid=1001(level1) gid=1001(level1) euid=1002(level2) groups=1001(level1),1029(nosu) ----------------- \_________> new privileges

as you can see, by the output of the "id" command you now have euid (effective user id) of level2. You can now read files that belong to level2. The point is to use this right to read the password file for the next level.

level1@io:/levels$ cat /home/level2/.pass [BINGO YOU DID IT]

Final Piece (Final)

There are two files:

//alice.h

#include <stdio.h> #include <stdlib.h>

#define ALICE 32765 #define THEMADHATTER 1 #define LATE 0 #define TO_THE_REAL_WORLD 0

#define LEVEL 1

int oTheSea (int oTheParadoxDown);

This file include some meta information to make the substitutions work. The next file is what is run:

This is the submission. With the first file, this program will compile and execute and return no output. There is no output purely because the attention is not on the 'sum of the journey' but what occurs in the journey itself. The journey is through Recursion.

This program can be read literally, mixed in with a bit of computer logic. The program starts at the 'main'. There is one Primary realm, which is the realm of reality. Us, executing the program. Within the program are two meta realms, the realm of 'main' which the program starts in, and the realm of 'oTheSea', which is further caused to make many other 'meta realms' which are copies of 'oTheSea'.

The lines read literalogistically, in their order of execution like so:

((Reality Suspended, Enters Main)) Line 9: Into the rabbit hole into the sea, goes Alice. ((Main Suspended, Enters oTheSea)) Line15: Into the sea, into the paradox. Line17: Into The Paradox. Line19: Tea is brewed from T minus (1)Level Line21: The short WhiteRabbit drinks his Tea with THE MAD HATTER Line23: If WhiteRabbit is not Late Line24: Into the rabbit hole, alice. Return, Alice, to the Seat. ((oTheSea Suspended, Enters oTheSea1)) (First Recurse) Line15: Into the Sea, into the paradox. Line 17: Into The Paradox. Line19: Tea is brewed from T minus (1)Level Line21: The short WhiteRabbit drinks his Tea with THE MAD HATTER Line23: If WhiteRabbit is not Late Line24: Into the rabbit hole, alice. Return, Alice, to the Seat. ((oTheSea1 Suspended, Enters oTheSea2)) (Second Recurse) Line15: Into the Sea, into the paradox. Line 17: Into The Paradox. Line19: Tea is brewed from T minus (1)Level Line21: The short WhiteRabbit drinks his Tea with THE MAD HATTER Line23: If WhiteRabbit is not Late... (Broken Loop) Line27: Else if WhiteRabbit is indeed Late Line28: Return ALICE to the real world. ((oTheSea2 Concluded, oTheSea1 Resumed)) ((oTheSea1 Concluded, oTheSea Resumed)) ((oTheSea Concluded, Main Resumed)) Line11: return to the real world... ((Main Concluded, Reality Resumed))

Compiling the files together and executing results in 6553 looped recursions in 0.22 seconds upon my 13" Macbook pro. Each realm took up fractionally less than a single kilobyte (maybe about 64 bits if I'm generous, of which 1000 make up a kilobyte)of physical magnetic space upon my hard drive also implying that the resulting physical magnetic space of 6553 realms of recursive loops is minuscule in size and physical size... in less than 0.22 seconds. 

The Realms (Document 9)

'Realms' is the word I have used to refer to the layers of 'Strange Loops' that occur when utilising recursion. I feel it deserves some mention and clarity. When a realm is entered, it suspends all operations in the realm above. This operates within the same way with programming languages, which is what I have decided to do my final piece on. 

Recursing realms work the same way as getting put on hold from a telephone operator. If the telephone operator puts you on hold, your conversation is halted and the operator may connect through to a superviser. The superviser may then put the operator on hold, to talk to the general manager, thus having two conversations in suspension. The superviser finishes his conversation with the general manager, the operator then finishes his conversation with the superviser and then you finish your conversation with the operator. The conversations are the realms of recursion.

I wanted to express my recursive program in a way that alludes to what operations are being performed. Sure the computer can understand what I'm doing, but as code I feel it is unappreciated. It is only code. So I want to change the code  to represent the recursion.

Infinity Through Enhancement and Abstraction (Document 8)

The world is more complex than we perceive. At any time, we are staring into infinity... But we see only the photosensitive bits of information of the reality that we experience from day to day. That empty space you walk around in? Far from it. Countless atoms, structures, systems, forces, parameters exist in the most seemingly insignificant bits of what we perceive as empty space.

In my personal life philosophy, this fact brings me much security. That the world, society, the universe and the fabrics of what we experience as a consciousness and as 'Reality' is so complex in design of its most basic components creates a summarised infinite experience of the most ultimate form of complexity... Life. 

I loved the idea of as human's the limiting of information due to the restriction of perceptual information receptors. The idea resonates with me, that there are hidden mechanisms that flabberghasts our perceptive comprehension in play at any given time. 

Recursive Transition Networks and Obscure Relations to Linguistic Interplay.. :P (Document 7)

So I thought it would be a good idea to take a look at recursion visually portrayed in terms of nodes. This idea was what I wanted to implement with my conceptual mapping piece. It uses language to demonstrate explain its purpose with deeper meaning and abstraction in GEB, but we can gain a general idea of what recursion does.

Looking at diagram (b) for Fancy Noun, has two nodes on the upper path and one node on the lower path for Fancy Noun. Also note that at some paths there are still instructions to be executed. Now first off, this diagram would make no sense if there did not exist a direct non recursive base path from Ornate Noun -> End, otherwise we would create an out of control potentially nonsensical statement that would continue eternally and never end... The loop must be broken. We can recurse as much as we like but the first time we receive an 'End' we begin returning back through all the levels. This is what a single expanded node in the network looks like.

Now you could imagine if all the fancy nouns were expanded on a single network... Copies of the entire structure would nest within itself, which could further be expanded until infinity. Also, a statement born of this network is:

"The strange bagels that the purple cow without horns gobbled"

Mapping Recursion, A Redub (Document 6)

If I could map recursion again, I would take inspiration from a few pages of Douglas Hofstadter's, GEB. I reference 'Godel, Escher Bach: An Eternal Golden Braid' a lot purely due to it's relevance towards recursion, infinity, paradoxes and the concept of self... But also because I highly suggest taking the challenge to read it. It's intellectually stimulating and really gets you thinking about amazing things worth knowing. Just saying... :D

These are images within Chapter V - Recursive Structures and Processes.

"The fact that INT consists of nothing but copies of itself might make you think it's too ephemeral to exist. Its definition sounds to circular. How does it ever get off the ground? That is a very interesting matter." (pg 138-139)

This graph is ABSOLUTELY AWESOME and is worth really thinking about what it is implying. Visually we see the base level of abstraction. And you can see that the graph actually consists of warped and deformed copies of itself, rotated on different axis, which further consists of copies of themselves with infinite nesting. But it becomes circular, because from which abstraction does the 'first copy' originate?

Brushes with Infinity (Document 5)

After solidifying the relationship between recursion, infinity and strange loops, it's worthwhile to take the time to really think about what infinity means in terms of it's application and its implication.

Infinity is a concept. It is not a number, but rather it represents 'Without Any Limit'. The concept is clearly used in things which study the relations of phenomena with respect to time and/or space (space/time), which includes Mathematics, Physics and Computer Sciences. But our brushes with infinity often lead to obscure results and fascinating paradoxes and implications.

The first of these paradoxes worth noting is Zeno's Paradox of 'Achilles and the Tortoise' (also characters within Douglas Hofstadter's GEB:EGB). It follows as so:

In the paradox of Achilles and the Tortoise, Achilles is in a footrace with the tortoise. Achilles allows the tortoise a head start of 100 metres, for example. If we suppose that each racer starts running at some constant speed (one very fast and one very slow), then after some finite time, Achilles will have run 100 metres, bringing him to the tortoise's starting point. During this time, the tortoise has run a much shorter distance, say, 10 metres. It will then take Achilles some further time to run that distance, by which time the tortoise will have advanced farther; and then more time still to reach this third point, while the tortoise moves ahead. Thus, whenever Achilles reaches somewhere the tortoise has been, he still has farther to go. Therefore, because there are an infinite number of points Achilles must reach where the tortoise has already been, he can never overtake the tortoise.

(Hugget, Nick (2010). "Zeno's Paradoxes: 3.2 Achilles and the Tortoise" Stanford Encyclopaedia of Philosophy)

  This paradox is also experienced when equating a maximum value of an open interval. (x, y) ((Indicating that when you try to get close towards a certain number, but never reaching the number, there will always be another number higher than whatever number you reach BUT lower than whatever number you are attempting to reach. 

This appears to imply that there is an infinite amount of space from point A to Point B (which is an interesting idea from an abstractive point of view, which will be covered within the subject of 'Enhancing') and as of thus defines movement as impossible.