Eli's Space

Tag: cybersecurity

  • Squirrel Annoyer

    I have a few bird-feeders, and enjoy supporting the local bird population. The birds are polite, taking a seed or two and then fluttering away. Squirrels, however, have a tendency to hop on the feeder and sit there for an hour at a time just chompity-chomping away. They scare away all the birds and eat an unfair share.

    View the Source Code:

    https://github.com/elisspace/squirrel_annoyer

    The Journey So Far

    I should have started documenting this earlier, but so far I’ve probably tried 50 different solutions to keep the squirrels off the feeders without setting traps or laying poison or anything else quite so drastic. I actually am fond of my furry friends, and simply wish to enforce good manners.

    I’ve tried all the feeders you’ve seen advertised on TV. They spin, they use springs to cover the inlets, they practically wash the dishes and make the bed. Alas, no luck via feeder variation. I next tried my own physical modifications. I’ve got the big inverted wok-style hat on one of the feeders now. Like the previous attempts, it worked well for a week or two but eventually an intrepid tree-rat figured out just the right bit of acrobatics to slide over the edge and catch the feeder below.

    I tried electrifying the fence. I managed to shock myself several times, but the squirrels escaped unscathed. It turns out it’s harder than expected to electrify something hanging in the middle of the air. A real electrician would probably have had it working in 3 minutes, but alas…

    I put barbed wire and razors between the feeders and where the squirrels come from. I felt kind of bad about it, until I watched them traipse past the traps with the grace of a Russian ballerina.

    I share a few of the highlights, but the journey had many more bumps and turns that I may write about later.

    Fast-forward to Today

    I’ve been enjoying dipping my toes into the hobby electronics world. I have Home Assistant set up and this has allowed me many opportunities to develop my tinkering abilities with cheap and affordable sensors and chips. I figured I might apply the same skills to my years-long battle against the small, grey nutty ninjas.

    I first set out to create a script that alerts me when a squirrel is on the feeder. You need a clear detection mechanism/trigger before anything else can be implemented. This logic is seen in squirrel_annoyer.py. I pull images from my cameras, and then use AI image processing to check for a squirrel. If we get a hit, an alarm sounds. Currently, the alarm is a rather alarming scream.wav I pulled from an copyright-free library online. My wife hates it. It scares the bajeesus out of me! But not just me…

    squirrel_annoyer.py

    After getting the basic script working I used it “manually”. I’d hear the alarm and rush outside to scare the squirrels off the feeder. Funnily enough, it seemed some classical conditioning started to work. The squirrels would hear the scream and jump off the feeder on their own (at least sometimes).

    For some technical notes, I have a lot of troubleshooting messages in there, and it should be somewhat self-explanatory. I used AI to generate the skeleton and then tweaked it from there.

    In the future, I want to use my library of positive/negatively-identified photos to train my own local AI which will save me the outrageous $10/month it currently costs using OpenAI’s 4o model.

    code.py

    Realizing there might be something to the sound angle of attack, I next bought an ESP32-C6 from Adafruit and started working on a speaker setup that I could power with a battery. My idea is to play an obnoxiously loud sound that’s high enough to be above human thresholds so I don’t annoy the neighbors (just their dogs).

    The current iteration uses an MQTT trigger (sent by the previously mentioned script) and plays the sound via an cheap attached tweeter speaker (designed for higher frequency work). I’ve got a Lithium Ion battery attached to keep it going, and basic testing has showed the 6600 mAh battery lasts over a day without any current power saving features enabled or utilized. As the squirrels only come out during daylight I can charge every night.

    Future Work

    There’s lots to do. I need to find a way to package up the speaker-widget and attach it to the speaker to take advantage of the inverse-square law and maximum amplitude/volume. This will need to be waterproof and fairly durable. Gee, I wish I had a 3D printer!

    Beyond that, I need to do some testing to get the right exact sound to play. The script on-device currently plays a short melody that I can hear for testing purposes, but eventually I don’t want to hear it at all.

    I also need to train my own local image-detection model to save money on API calls. I plan to let the API run a while longer to build a really good library of yes/no’s, and then it should be fairly quick work to my own model.

    And if all of this doesn’t fit my final needs…then it’s time to move on to attempt #52. Maybe a servo that bangs on the feeder? Pops a balloon full of water on the squirrel? Ideas are welcome.

  • MetaCTF CyberGames 2021: A to Z

    This year I participated in my first capture the flag (CTF) event! After a recommendation from my current Cybersecurity bootcamp instructor I’m glad I checked out MetaCTF and had a chance to participate. I learned a lot in the process, and I want to share a few writeups from the easier end of the spectrum. While these problems already have some writeups, my own approach hopefully offers at least one or two details that are instructive beyond those other great options.

    A to Z (100 points)

    This encrypted flag will only require a simple substitution cipher to solve. Rearrange the letters from A to Z.

    yzhsufo_rh_nb_uze_wdziu

    Process

    To start with I ran the string through a quickly-googled Caesar cipher tool. For those unfamiliar, a Caesar cipher is a simple code system that was, in fact, used by Caesar. You simply replace one character with another character. The website I just linked uses the traditional version, where you basically start a different place in the alphabet (ex: S) and that becomes the replacement for A. Then the next letter, alphabetically (continuing with the ex: T) becomes B, and so on. When you get to the end of your code alphabet you wrap around to the beginning (ex: Z replaces H, and then A replaces G). Given the simplicity of this, it was enough to deliver an encoded message with a number (representing the starting index) if the recipient understood how it worked.

    Unfortunately, after quickly scanning through all 26 possible starting positions it became clear this didn’t work. What about the second sentence? I took the given code and rearranged it’s letters from A to Z. Nope. Z to A? That didn’t work either.

    You may have already figured out my mistake, but to be honest I skipped this one at the time of the event and only returned a month later, slightly better armed with a fabulous tool: Cyberchef. Cyberchef is your one-stop-shop for dealing with text across any format or encoding you can imagine. Put simply, you give it input text and a set of instructions, and it bakes the text and gives you an output text encoded/decoded however you asked.

    In this case, it hit me: the cipher/key was the part I needed to rearrange! How? Well…I rearranged it so A (plain text) = Z (encoded text)…and then…what if B = Y, and so on? In other words, I just reversed the alphabet for the cipher/key.

    Hmm…that didn’t help much…

    It took me a second to realize my issue, but then I remember that in ASCII (or any text encoding, really) uppercase and lowercase letters are treated differently. My recipe text was all upper case, so I needed to either retype the substitution rules in lowercase…or…

    Bazinga!

    …use the tools CyberChef already had. To explain in detail what’s happening here: I copy/paste the text from the challenge into the input field. Then I found the “To Upper Case” action on the left of CyberChef’s page in the “Operations” section. Similarly, I found the “Substitute” operations and dragged it below the “To Upper Case” action, because it happens second (the actions happen from top to bottom). At this point I was done–Cyberchef instantaneously output the processed text, bringing us to the flag text you see above. You can follow this link to see the exact Cyberchef configuration, and play around with it.

    I hope you found this instructive. The two main takeaways here are to understand what Caesar’s cipher is, and to get a look at CyberChef. 

    For a hand-picked list of write-ups gleaned from MetaCTF's discord check this document I've put together. For even more writeups check here.

  • Starting A New Career

    I passed the 5 year mark for my Asian residence this past Summer. What started as a bit of an aimless wander has turned into a comfortable life, complete with domestic bliss and a good job. However, those who know me best will remember how I railed against the idea of working in education in my youth. Somehow, despite these youthful protests I’ve spent more time working in education (between GHP and my work in Vietnam) than in any other field.

    Now don’t get me wrong — I have really enjoyed this foray into teacherdom. There’s no doubt about it: teaching is hard. After 5 years of practice I still feel like a beginner — maybe just barely moving into the intermediate range now. I honestly consider education to be a field where (unless you’ve got a special gift or inhuman work ethic) you can’t consider yourself even “good” until you’ve put in a decade of practice. That said, I know folks who have taught for 10 years who are also quite sure they’re not good. So.

    Doing hard things feels good, at least after you’ve overcome the initial trepidation and sense of drowning. That all passed a few years ago, and now I can walk into a classroom of any age/size and operate with comfort. It’s a confidence that gets shared across all other avenues of my life. Also, I expect that no matter what the future holds, being able to teach will always be a skill in demand.

    I could comfortably continue to work my way up the skill/job ladder. There’s a lot of earning potential and exciting aspects to the future of education. For example, COVID saw a massive shift towards online offerings, which thrills me. After years in the Boy Scouts learning “leadership skills” I’m afforded ample opportunities to practice and build them with my current management position. The company I work for is wonderful, with an A+ culture of respect from the top to the bottom. But.

    But for some reason I can’t shake the feeling that I’m not living up to my potential. Maybe it’s some Freudian slap making my cheeks burn when I hear my mother’s voice urging me to do something more. Maybe it’s just realizing there’s not a lot of connection between a math degree and managing a learning center. Perhaps its all my brilliant coworkers who are pursuing graduate degrees, setting an example of not resting on one’s laurels. Regardless of the cause, I’ve been racking my brain for the last 2 years (especially) in search of what’s next.

    Two weeks ago it finally hit me. I’d eaten some THC gummies to enjoy the end of a hard-working week and in that space of creative flow I was walking from the kitchen to my room when I realized what I want to do next. I’d read an article a few weeks prior to that talking about the growing demand and lack of supply for cybersecurity experts. I guess my mind had finished processing this and connecting up all the wires because in that moment I had the mental equivalent of a cheesy Vegas neon sign light up: “Cybersecurity Career (Free Buffet)”.

    I got started playing around with computers when I was 8 when our first Windows 95 PC appeared. I remember diving into every single menu and setting as a warmer, and then picking up some C programming books at the library, excited to join the fray of sexy, anonymous hackers. Well…admittedly I quickly gave up on the programming, but the tinkering never stopped. I ended up writing my first public program as a response to a project assigned in a middle school class, in QBasic. I don’t remember the details, but I remember working on it with my old man and the teacher giving me top marks with zero feedback, because clearly she didn’t know how it worked (thank god–I’m sure it was awful).

    Over the ensuing decades (I’m 30, I can talk about living for decades now) I had many more little projects. An idea pops up, or maybe I’d just go through some tutorials online. I picked up the most basic of skills bit by bit, never really feeling like I was doing anything impressive, clearly aware of how I’d be ridiculed if I showed up at DEF CON with my paltry skills. I kept telling myself the story that computers were a hobby at most, and the dream of being some kind of computer wizard weren’t realistic.

    Well…take one article on the growing need for cybersecurity, decades of tinkering and learning a wide (but shallow) range of basics, and the confidence that comes from buying a one-way ticket to Asia and building a career and you get…a sudden realization that one of my earliest childhood dreams isn’t actually out of reach.

    But for the first time in a long time I know what I want to do, and I have the confidence and patience to get there.

    I’m two weeks into researching next steps, and to be clear I’m still essentially a novice in any area that counts. There are many paths into the field, and many areas of specialization. If I’m lucky I’m 5 years away from being able to properly call myself an ethical hacker…by some more conservative measures it’s going to be another decade.

    But for the first time in a long time I know what I want to do, and I have the confidence and patience to get there. I’ve got no specific goals around blogging, but I think it would be interesting for me to keep some records of the journey, so I expect I’ll have some more posts about things as I go. Stay tuned.