[TEASER] King of the sidewalk – Pimping Chris Ride-on car Part 2

Just an update on parts, don’t get all excited yet :)

I have been sick as a dog the last 2 weeks back and forward, hit by 2 strains of flu that kept me in bed or begging to the porcelain god for most of the time, so not much has happen except the siren feature during the last days of being well, which is appended to part one of this series, if you missed it.

Beside that landing on the first page of HackerNews drove a lot interest, comments and feedback which i’ve only been partially able to respond to or look into to, will follow up. Just like the prior post, i will keep editing it as the build progresses and stuff i’ve done might become redundant, or included. In the meantime parts have kept arriving and i’ve felt well enough to take some pictures and blog a little so for now this post is mainly about the collection of parts.

Mechanics

So. Motor, rear diff, axles, disc-brakes, chains, sprockets have arrived:

Motor:

MY1020 48V1000W 2800RPM at a rated current of 32Amp. I giggled a little while placing this order. This engine is a beast, but with that said i am running it on 12 volt on a very fine-grained ESC and controller. Following days i will figure out a nice way to measure the rpm’s i am getting out of it and make sure i gear it correctly. My aim is strength, not speed.

Differential:

General transmissions gt82005 Differential d16 This thing is beautiful, and the folks at General Transmissions are great. I had few questions, which was answered immediately, and shipment took 2 days from Germany.

Chain and sprocket:

Standard bicycle chain and sprocket, from the bike-store around the corner. As i am still not sure what kind of rpm i get out of the engine, i reserve to detail more before i know it will fit the bill.

Brakes:

I was looking for brakes for a while, looking mostly at disc-brakes for bicycles but these are not cheap and not the smallest either. Turns out pocket-bikes have mechanical brakes that could work for me. I ordered these brake-claws and these 120 mm discs. However to pull these brakes i also needed some heavy duty servos.

 

My creative process:

Not sure what other people do this process, but i tend place things on the floor, make a temporary placeholder or frame from anything i have around (cardboard, paper-molds, pvc plastics) for the parts i need, make measurements to make sure it will fit and at the point i am relatively sure the puzzle will go together with no issues, this is when i start raw cutting materials. Lastly the modifications is done to the car. This is just to make sure my son has his car during the weekends he spends with me, allowing me to keep progressing in the background. You will see this reflected in how i structure what gets done when.

Why not use CAD like normal persons?

Good question, i do realize the benefits of modern tools. I do model in Blend3r for 3d-printing, but am also trying to get into FreeCAD for these kind of jobs. It will come, i am not afraid of technology :)

In the meantime in Amish-land:

Measurement for the front disc brake holder is being made.

TIL: Not all aluminium is weldable

As my welding rig is slowly getting ready, my power supply is up to standard and i’m mentally ready to take on a new challenge i started reading up on welding processes with aluminium. Most people advise against welding aluminium because it’s notoriously hard. It turns out the challenge is that aluminium melts around 660 degree’s Celsius, while the slag forming on the weld has a considerably higher melting temperature. To avoid oxidation it seems the key is using AC, where one polarity melts the metal and a switch of polarities causes the weld to clean itself.

From the little i’we seen and read so far, most people who advise from welding this material, come from welding steel and try to apply their steel-welding skills to this alloy, and that shit does not fly well.

It also seems that depending on the grade of aluminium (i.e depending if it’s a alloy mixed with elements such as magnesium, silicon, manganese, tin or copper) will make it more or less weldable. There are 8 main series (1xxx,2xxx, and so on called Wrought alloys) that all have very different properties in terms of strength, weldability, welder settings and filler materials added while welding. I would be lying if i said this will not take a while to get my head wrapped around.

Problem now is that all the material i bought have been purchased at general warehouses, so asking their staff what grade of aluminium they are selling and what alloys it’s composed of would be as useful as asking a toddler about bending time space continuum. I might actually be better of going to a proper metal supplier and be sure i know what i am buying. This is a bit of a setback, but that’s what you get for shopping first and asking questions later.

At the moment i understand i should avoid 2xxx and 7xxx (with a handful of exceptions) as these are considered unweldable (please correct me if i am wrong).

As for fillers, different grades have corresponding filler materials that will give the best results.

Having read this i understand that if you come from welding MIG, TIG or MMA on carbon steel or stainless, to slabbing two unknown pieces of aluminium together, the learning curb gets steep very fast. Lucky for me, i never welded more than a little MIG when i was a kid, so it’s all new. Not sure how or if that will benefit me, but we will see.

For now it seems my first welding will be a little stainless steel stick welding to get the sprocket on an axle. This seems like a reasonable challenge until i know what the hell i am doing :)

T.B.C

Loooong time, no post.

2017 has been super eventful year for me, not leaving much time to write here. As usual, work dominated most of my time and i added quite a few products to my CV.

Most importantly this year: I had a son, which in terms will be my biggest and most important programming project many years to come. Needless to say a lot of the hacks now aims at toys intended for him.

I attended SHA2017, where i started playing with PyQT5, went to a range of good talks which sparked interests in a bunch of new concepts like machine learning, that i am looking into more in 2018.

I bought a Kossel mini 3dprinter which i systematically broke every part on, redesigned and rebuilt. Once i am done upgrading the 3d printer, i decided i will build a 3d scanner too, so stay tuned.

I revamp the complete cooling system of my Honda CBR1000RR, crashed my Kawasaki Ninja 636, broke my hand, hacked the cast, ABS welded the fairing of the bike together again.

With all this 2017 have been packed with things to write about and the coming days i will start writing about these projects.

Here comes 2018, posts will follow soon!

 

Confessions of a abandoned server

<DISCLAIMER> I started writing this post in 2015 but never finished it, mostly because i enjoy riding a motorbike a lot more than i enjoy spending hours spell-checking something almost no-one will read. Sorry once more, will get some new more relevant stuff here soon, but for now feel free to read this..</DISCLAIMER>

In a sense this entry don’t really belong at this blog as no actual hacking was ever needed so I am sharing this as more of a security advisory for someone that never decommission a server.

After a wet night in the bar with the guys I found a computer sticking out of a waste container on my way home. I noticed the IBM X-series logo which made me disregard that it was covered in an inch of snow and I dragged it home.

It turned out to be a X3200 tower, running a Xeon E3400 cpu at 1.8 ghz, 4 gb of ddr2 memory, 2 sata-mirrors. 80gb for OS, one 500gb mirror for data, by the look of it.

The hardware

After a proper drying I plugged it in. Power icon was blinking green but pushing the button did nothing. I measured the button using a multimeter, but the switch itself worked. I found a “Power On” jumper on the motherboard and once shorted the machine rev’ed up its fans but never let ACPI kick in to lower the RPM of the fans, nor initiating BIOS. Monitor indicated no VGA signal either.

I was fiddling with jumpers for quite some time, I reset the CMOS and noticed that when i moved back the jumper to Disabled that the box twitched to life. The monitor flickered up and the blue iconic X-series logo filled the screen, with a few beeps and warnings about the CMOS battery having low voltage it came back to life. Unfortunately I had no disk connected to the system at this point and it would take another 45 minutes before I succeeded to do it again. After hours of trying to streamline the process of getting it booted the recipe for success seems to be:

Use the Power ON jumper for 20 seconds. Pull the power-cord to the server. Enable CMOS-reset with the jumper on the motherboard. Put the power-cord back in. Leave the server for 20 minutes with the CMOS-reset ON. Then…. pull out the CMOS reset jumper :) BOOM! The server boots Windows 2003: A real man-OS!:

Not being a huge fan of spending 20 minutes on booting any machine I kept looking for something simpler. Trickling pin 2 and 3 on the WOL-connector on the network adapter did make the power-led on the motherboard flicker but once more didn’t start the machine up.

I never mentioned how restless I am as a person in this blog, but for people who know me that is a fact. What I did mention was that both OS and Data disks where both in a mirrored configuration, once this was confirmed in the BIOS, it allowed me to snatch one disk of each mirror to be able to see what was lurking on the sectors while waiting for the server to get ready for it’s next boot.

“This is Windows.. I know windows!”

I hooked up the OS-drive with a SATA-to-USB-dongle and mounted the NTFS partition on my linux-laptop. The 80gb drive was divided into 2 partitions. 21gb for OS and a 55gb labeled EXCHANGE. I was happy to see no attempt at encrypting (or destroying the drives for that matter) were made but I guess if I saw such attempts I would be even more curios to see what they tried to hide from me. I am far from an expert on Windows these days but it didn’t take long to locate the the email data-directory belonging to the email exchange server, that the partion-name indicated would be there.

TIL that e-mails are stored in clear-text in Exchange 2010.

Curious about who owned the machine before me I started reading mail after mail. A picture slowly dawned on me. Some kind of medical related, pedicure, new age thing, something? I was intrigued.

Using standard un*x tools like cat, grep and more I could see every email sent and received from 2007 to 2011. Just for the fuck of it I greped out 20 lines surrounding the word “Password” and “Wachtwoord” and piped it to two files.

3200.ftp

Now, I understand a tiny non-IT company can mess up and send out clear-text password..

3200.kpn.hotspot

..but KPN is the stately owned phone-company in Holland, and should know better :)

3200.mijndomain.new.passwd

Hosting companies don’t seem to mind keeping it simple.3200.mijndomain

I guess it’s up to their customer not to keep the same 6 character-passwords year after year. I am however convinced mijndomain.nl has changed practices on this topic anno 2015?

I want to point out that I never tried to use any of the passwords to verify if they worked or not as that would be highly illegal. Additionally some logins were to patient care systems, making it utterly unethical to touch. I did however google the companies, visited their homepages to get a greater idea of exactly what they did and how they connected to the company who’s server I stumbled into. Needless to say i read up on the company itself, which still exists.

Seeing many passwords never changed during the years and many were frequently reused between different systems, i feel safe to bet some of them still work. But I wasn’t really that curious about the passwords and continue exploring the rest of the emails. Who were these guys?

Slowly the picture of the prior residents cleared. They had their own little newsletter, were selling subscriptions, seemed to be holding courses, involved in Integrative medicine (Never heard of it before but I am a skeptic. A fast search through all mailboxes got me bored. Almost all of the emails in all the email-boxes was work-related, how boring of them. You can only read so many of someones emails before you need to do something else.

I started checking out the Data drive. It turns out this was not only the Exchange server in their tiny infrastructure. It also carried their Domain controller and roaming home folders. I searched the user home folders, starting with the Administrator account. I could not believe my eyes..

Someone already brute-forced the server and the result files were still there :)

3200.passwords

Worth to mention is that it took 7m24s to brute-force the computer-knowing layout guy’s password, while it took 2h35m35s to crack he person I assume works in accounting.

Almost all passwords followed the same standard: X123Y4, where _123_4 never changes between users and the letters did to a certain degree. I can only assume these passwords were set by whomever delivered the system and never changed.

One user seemed to have changed his password but instead of setting a better password he went with a 4 digit only password, which was cracked in 26 seconds.

Initially i assumed it was the Administrator’s own pen-tests but looking through the mail again, it seemed they had been hacked around the same time this password file was created:

3200.we.are.hacked

One guy seem to enjoy the peace it brought to the office and point out that it is Friday the 13th. Some external partner responds “Digi-missery”.

In the meantime the server booted up again

The server was finally booting up on two single disk mirrors. My eyes glittered in the LCD-light. I would finally get to hack something.. or.. well.. I had the passwords to all accounts already, so technically still no hacking. But i would at least get to enter a username and password and feel like a hacker. Nope, machine seemed to have a registry hack and automatically logged in as Administrator, but something hung it after that. As i didn’t want it to start connecting out on the internet i just hooked it in to a switch without uplink.

 

I have to say I was a bit surprised to find the brute-forced password file, but not as surprised as I was about to become. Turn out this machine also hosted several windows shares.

One was most likely used by their HR, as i could find ALL information about people working there, like digital copies of their contracts and dismissals.

Another share contained a lot of access databases. Their complete customer-database, sales records, lists of prospect customers and tons of PDF-material about their products.

With the data i had at this point, i could map the whole company up on a time-line, seeing who started when, what they got paid, when they left. I could build a visual picture of who emailed who, which seller caught the big fish and who was just complaining about work while slacking. With almost 10GB of email, 500GB of data and no real idea of where I wanted to go out of it, this blog-post got hanging mid-air. It would take a year to go through it all. And most of it way to fucking boring to plow through.

I kept looking and found pictures from a few events their company participated in. Some of the pictures were named after who they depicted, allowing me to put a face on most of the names from emails i had been reading. It almost felt like i knew the people at this point. I was about to get way closer than i wished for.

I explored the the data-drive and found a backup windows share. Turns out this server was also used by some of the people to back up their laptops, and some of them were very.. blunt.

One of the sales guys, which i recognized from pictures i found from a kickoff he went to was obviously gay. I don’t claim to be able to spot a gay guy, nor do i judge anyone being gay but this guy had tons of pictures of him and a friend fucking a tiny Asian man making me pretty sure this was the case with this guy. Among the data he traveled with (and cared enough to backup) was GB’s off piss-porn.

I wanted to finish up this post a while back, but as i mentioned, I had NO IDEA of what to do with this. Obviously i would never attempt to use it against the company or any of their employees, but the next guy to find this might not be as friendly as I am.

Bits of advise, anyone?

No matter what you Think is on a computer you are getting rid off, small pieces of your life’s puzzle are stored on that machine. May it be in your internet-cache, in your cookies or from RAM in a swapfile. Someone with the right motivation or amount of interest will be able to scavenge it and use it against you.

If you ever toss away anything with a NAND-circuit (like a broken cellphone that contained naked pictures of your gf), unscrew/drill out the screws and use the a car battery charge to short every circuit on the board, making sure who ever tries to retrieve the data, gets a run for his money.

If you ever toss a PC with a harddrive, remove the drive, smash it to pieces with a hammer or drill right through it a few time. It only takes a few minutes, and you know for sure you are safe from 99.9% of people as curious as me.

If you are decommissioning a combined mail-server, file-server, piss-porn-repository, containing all your financial statements, all your customer information, every edge you have on your competition: For the love of Science, make sure no-one can just pick it up and just power it on.