Armageddon421's Hackingblog

Tag: python

Pointy – Revived Laserpointermouse-project

by on Apr.01, 2011, under Projects, quickhack

Ages ago, I had a project that used a webcam to track a laser pointer on a wall and control the mouse cursor. When using a strong laser pointer, this even worked together with a projector. Since the project is very old and will not compile (c++) any more, I revived the project by doing a little bit of python coding. There is no calibration yet and the camera used was way to bad, but somehow I got it working, under certain circumstances (the picture has to be white enough for the camera to automatically turn the brightness down far enough etc).

Here are some proof of concept videos:

Leave a Comment :, , , , , , , , , , more...

Stats from the “Alice Modem 1111″

by on Jan.24, 2011, under quickhack

This weekend a friend of mine asked me if I could make his fileserver display some intersting stats. One of those stats would be the internet traffic. The problem was the crappy modem/router thing from Alice that he has to use. The webinterface has very sparse information, there is also no traffic monitor.

Running nmap revealed that the modem has a telnet interface.

Starting Nmap 5.00 ( ) at 2011-01-24 10:18 CET
Interesting ports on alicebox.localdomain (
Not shown: 996 closed ports
23/tcp open telnet
80/tcp open http
2800/tcp open unknown
8008/tcp open http

I tried connecting, and then there was the next problem: It asked for login and password. I found out that it is not the same as for the webinterface, so I googled. The login would be “admin” and the password would consist of “Alice” + the last 6 Bytes of the MAC in hex + “123″, for example “AliceFFFFFF123″.

The I was confronted with some strange shell that allowed to press “?” to display the possibilities.

Connected to
Escape character is '^]'.

Alice Modem 1111
Alice Software Version : 4.19

Login: admin
Password: **************

Login successful

agent            Get a file from a remote host
bridge           Configure layer 2 bridge.
bridgevlan       VLAN transport configuration
classifier       Packet classifier configuration commands
console          Console access
dhcpclient       DHCP client configuration commands
dhcprelay        DHCP relay Configuration
dhcpserver       DHCP server configuration commands
dnsrelay         DNS relay configuration
ethernet         Commands to configure ethernet transports
firewall         Firewall configuration commands
help             Top level CLI help
imdebug          Directly access the information model
ip               Configure IP router
l2filter         Packet filter configuration commands
nat              NAT configuration commands
port             Physical port configuration commands
pppoa            PPP over ATM configuration
pppoe            PPP over Ethernet Configuration
security         Security configuration commands not specific to NAT or firewall
sntpclient       Simple Network Time Protocol Client commands
system           System administration commands
transports       Transport configuration commands
upnp             UPnP configuration commands
user             User commands

After toying around a bit, I found what I needed:

--> port ethernet show

Version = 1.01
RxNoBuffer = 121
TxNoBuffer = 0
PortClassEthernet = true
Disable = false
PromiscuousEnable = true
RxBroadcastEnable = true
RxMulticastEnable = true
RxMulticastAllEnable = true
RxUnicastEnable = true
RxAddressEnable = false
RxPassBad = false
FullDuplexEnable = true
CrcEnable = false
PadShortDataEnable = false
Loopback = false
HaltImmediately = true
MAC = 00:85:a0:01:01:00
RxOK = 4657743
TxOK = 6663192
MaxFilterEntries = 21
TxIntTx = 6663192
Tx10Stat = 0
TxPar = 0
TxHalted = 0
TxSQErr = 0
TxMCast = 7788
TxBCast = 2018
TxVLAN = 0
TxMACC = 0
TxPause = 0
TxExcessiveCollisions = 0
TxLateCollisions = 0
TxUnderrun = 0
TxCarrierLoss = 0
TxDeferred = 0
TxAfterOneCollision = 0
TxAfterMoreCollision = 0
TxCollisions = 0
TxExcessiveDeferrals = 0
RxIntRx = 0
RxMIIErrors = 0
RxPar = 0
RxHalted = 0
RxMulticastPackets = 62675
RxBroadcastPackets = 693755
RxVLAN1Frames = 0
RxCRCErrors = 0
RxErrorAlign = 0
RxOverlongPackets = 0
RxOverruns = 112852
RxControlFrames = 0
RxShortPackets = 749
txOKBytes = 211726529
rxOKBytes = 541541832

txUCastPkts = 6653390
rxUCastPkts = 4012768
PhyMode = MII
resetDefaults = false
portSnmpIfIndex = 0
portSnmpIfType = 0

All I had to do now was automate this process. The finished python script, using expect to simulate the interaction and rrdtool to store and graph the data, looked like this:


import pexpect, sys, os

os.linesep = "\r"  #telnet expects \r instead of \n, expect uses os.liensep

#Connect and simulate interaction
c = pexpect.spawn("telnet 23")
c.expect("Login: ")
c.expect("Password: ")
c.expect("--> ")
c.sendline("port ethernet show")
c.expect("--> ")
res = c.before

#Find the required values
lines = res.split("\r\n")
for line in lines:
	if line.startswith("txOKBytes"):
		tx = line.split("= ")[1]
	if line.startswith("rxOKBytes"):
		rx = line.split("= ")[1]

#Update RRD"rrdtool update /home/ave/rrd/database/internet.rrd N:%s:%s" % (tx,rx))

The finished output of rrdtool looks like this:

Later I added a second graph that shows the number of devices in the LAN that respond to ping probes. It’s as simple as


res=`nmap -sP | wc -l`   #nmap the LAN, count the lines
num=$(($res - 3))                         #substract nmap's static status lines
rrdtool update /home/ave/rrd/database/devices.rrd N:$num     #update RRD

I hope I could give some of you an example on how to approach such a problem. Comment if you did something similar or want to do it!

Leave a Comment :, , , , , , , , more...

Repaired the Shackspace Telnet Twitterclient today

by on Jan.15, 2011, under quickhack

Some time ago, back in the times when twitter made oauth the only valid authentication method, my twitter plugin for the shackspace telnet interface “Noise” broke. Today I spent hours figuring out how to complete that damn oauth authentication process just to realize that the python and other library versions on the server were much too old. After another few hours of trying to update those libraries I finally got it to work. Have a look at the beautiful output of our colorful telnet interface!

"Noise" Twitter output

The twtter module just outputs the last tweets on the timeline of the @shackspam account. Also, if /twitter <text> ist entered, it tweets the given text to the same account. The script can be easily adapted to be used as a normal shell script because that’s what it actually is. However, I would recommend just using “ttytter”, which is a nearly full-featured command line twitter client.

Leave a Comment :, , , , , more...

Homemade wooden portal-CNC-mill

by on Jan.15, 2011, under Projects

About one and a half years ago I started a project together with a friend. Our goal was to be able to directly drill PCBs. The result was a relatively big portal-CNC-mill.

CNC from behind

The workpiece is moved along the X- and Y-Axis and the tool is providing the remaining Z-Axis. The three stepper-motors are controlled by an atmega32 microcontroller. All PCB’s on the rear of the device are made by the device itself. This was possible because at that time, most of the parts were just hacked together mid-air or on breadboards.

The mill is communicating with the PC via a simple USB-to-RS232 converter and is talking some strange custom protocol. On the PC-side I am running a very crude python-script that can basically just parse HPGL. I plan to rewrite everything in Java. This allows me to have a nice GUI and it makes keeping the code clean much easier.

Here you can see the mill in action. It is drilling the shackspace logo in acrylic glass.

Since we used stepper motors and stepper motors make noise, we can also have fun with them.

On those two pictures you can see the the device painting on a PCB with permanent ink. Notice the high precision of the drawn lines.

This is a snapshot while drilling the holes in a PCB.

This was one of our first attempts in two-sided PCB’s. As you can see, the alignment worked quite well. However, some of the signals lines dissolved during the etching process.

Feel free to comment and ask for more details. It is always hard to explain everything at once, so if you want to know something specific, just ask.

You will find more blogposts about the mill over at

Leave a Comment :, , , , , , , , , , more...