HomeKit HomeBridge Enabled Arduino ESP8266 Self Powered 110v Wifi Controlled Powerswitch

http://www.instructables.com/id/HomeKit-Enabled-Arduino-ESP8266-Self-Powered-110v-/

Why buy a UL Listed iDevices Switch when you can potentially electrocute yourself or start a fire with a self built alternative instead?

Here’s how!

First, you must install HomeBridge on a Raspberry Pi, and configure it as a HomeKit bridge device. Instructions below.

Once you have HomeKit / HomeBridge working on your Pi and your iPhone, we can build a wireless power switch that can be controlled by Siri and the HomeKit app.

We start with a PowerTail2, and use the ESP8266 to control the on/off line.

We power the ESP8266 with a AMS1117 3.3V Power Supply Module. This brings the 5v from the charger down to the proper 3.3v that the ESP8266 needs.

We provide the power with a used cell phone charger. 110v -> 5v. This is wired directly to the ‘Line’ side of the PowerTail2 circuit board. It is always ‘Live’ or ‘Hot’ and will shock you.

We Load the code into the ESP8266 via your favorite USB/Serial converter (FTDI).

We plug it in. Homekit sees the device via the HomeBridge configuration file addition (accessory) on the Raspberry Pi.

You control the device on your iPhone, and turn electricity on and off at will.

More info to come.

Resources:

https://github.com/esp8266/Arduino/tree/master/lib…

http://www.electrodragon.com/w/ESP8266_AT_Commands

https://www.google.com/search?q=esp8266+arduino&es…

http://www.powerswitchtail.com/Documents/PSTK%20In…

Homekit:

https://github.com/nfarina/homebridge

https://github.com/nfarina/homebridge/wiki/Running…

https://www.npmjs.com/package/homebridge-indigo

https://www.google.com/webhp?sourceid=chrome-insta…

https://github.com/lagunacomputer/homebridge-Curre…

Step 1 Build It:

Solder it together.

1x PowerTail II Power switch kit $19.99 + shipping

1x ESP8266 ESP-01 module $5.50

1x AMS1117-3.3 Power Module AMS1117 3.3V Power Supply Module With Heat Sink $0.99

1x 110v to 5v/1A used cell phone charger

1x small Perfboard for circuit approx 2″x1.25″ inch

2x 110v extension cord to cut up $1.99 each at Home Depot

1x small SPST on/off switch

Step 2: Edit the HomeBridge /var/homebridge/config.json file on the Raspberry Pi HomeBridge

the file may alternatively be in /home/.homebridge or /root/home/./homebridge. read the docs from the github link

https://github.com/nfarina/homebridge

Ensure this plugin is installed. It may be installed by default in the newer versions:

https://www.npmjs.com/package/homebridge-http

Program the ESP8266. Upon powering up (3.3v do not use 5V!) it should be seen on the network.

Try something like http://192.168.1.110/gpio/1 . You should get a webpage returned.

Assuming your ESP8266 pulls a DHCP ip of :192.168.1.110

(you should probably set a DHCP reservation on your router, for each ESP8266 you add)

add this code to the config.json file. ( sudo nano /var/homebridge/config.json) etc:

mind the last comma, you may or may not need it if you have other accessories, or Homebridge is crashing on load.

{ “accessory”: “Http”,
“name”: “PowerTail”,
“on_url”: “http://192.168.1.110/gpio/1”,
“off_url”: “http://192.168.1.110/gpio/0”,
“http_method”: “GET”
},

Step 3: ESP8266 Arduino Code

/* * This sketch demonstrates how to set up a simple HTTP-like server.
* The server will set a GPIO pin depending on the request
* http://server_ip/gpio/0 will set the GPIO0 low,
* http://server_ip/gpio/1 will set the GPIO0 high
* server_ip is the IP address of the ESP8266 module, will be
* printed to Serial when the module is connected.
*/

#include

const char* ssid = "EDITMEWITHYOURWIFISSIDNAME";
const char* password = "EDITMEWITHYOURWIFIPASSWORD";

// Create an instance of the server
// specify the port to listen on as an argument
WiFiServer server(80);

void setup() {
Serial.begin(115200);
delay(10);
pinMode(LED_BUILTIN, OUTPUT); // Initialize the LED_BUILTIN pin as an output
// prepare GPIO0
pinMode(0, OUTPUT);
digitalWrite(0, 0);

// Connect to WiFi network
//Serial.println();
//Serial.println();
//Serial.print("Connecting to ");
//Serial.println(ssid);

WiFi.begin(ssid, password);

while (WiFi.status() != WL_CONNECTED) {
delay(500);
//Serial.print(".");
}
//Serial.println("");
//Serial.println("WiFi connected");

// Start the server
server.begin();
//Serial.println("Server started");

// Print the IP address
//Serial.println(WiFi.localIP());
}

void loop() {
// Check if a client has connected
WiFiClient client = server.available();
if (!client) {
return;
}

// Wait until the client sends some data
//Serial.println("new client");
while(!client.available()){
delay(1);
}

// Read the first line of the request
String req = client.readStringUntil('\r');
//Serial.println(req);
client.flush();

// Match the request
int val;
if (req.indexOf("/gpio/0") != -1)
val = 0;
else if (req.indexOf("/gpio/1") != -1)
val = 1;
else {
//Serial.println("invalid request");
client.stop();
return;
}

// Set GPIO0 according to the request
digitalWrite(0, val);
digitalWrite(LED_BUILTIN, val); // Turn the LED on (Note that LOW is the voltage level
client.flush();

// Prepare the response
String s = "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n\r\n
\r\nGPIO is now ";
s += (val)?"high":"low";
s += "

\n";

// Send the response to the client
client.print(s);
delay(10);
//Serial.println("Client disonnected");

// The client will actually be disconnected
// when the function returns and 'client' object is detroyed
}

Step 4: Test the new Accessory in iOS HomeKit App

Step 5: Don’t Electrocute Yourself.

http://lagunabeachcomputer.com/wp-content/uploads/2016/10/image1-150×150.png

http://lagunabeachcomputer.com/wp-content/uploads/2016/10/homekit_siri-150×150.png

http://lagunabeachcomputer.com/wp-content/uploads/2016/10/pst_ii_rev_6a_oct_2013.bmp

http://lagunabeachcomputer.com/wp-content/uploads/2016/10/esp8266-reflash-firmware-150×150.png

http://lagunabeachcomputer.com/wp-content/uploads/2016/10/IMG_4286-150×150.jpg

http://lagunabeachcomputer.com/wp-content/uploads/2016/10/IMG_4283-150×150.jpg

EvilRuxpin – The Chippy Ruxpin Alternative – Hacking a Teddy Ruxpin with Next Thing Co. C.H.I.P $9 Linux Computer to Play Heavy Metal

EvilRuxpin – The Chippy Ruxpin Alternative – Hacking a Teddy Ruxpin with Next Thing Co. C.H.I.P $9 Linux Computer to Play Heavy Metal

So, I modified a Chippy Ruxpin into a more ‘evil’ form as a gift for a coworker.

1. Build a Chippy Ruxpin out of a C.H.I.P. and an old Teddy Ruxpin
2. Make it evil. Make it say random evil scary things every few minutes, and make the eyes glow red with an LED
3. Make it wifi. It is now ad-hoc so no keyboard is needed. Smartphone controllable!
4. Add DHCP server, so your smartphone can connect and pull an IP, so you can load the web gui over wifi
5. Add an 3W stereo audio amplifier. Stock ruxpin speaker + CHIP audio is kinda wimpy.  DC 5V PAM8403 Audio Stereo Amplifier Board Volume Control Class D Kit Module
6. Add a big battery, maybe a 5w solar panel to charge the battery.
7. put a heavy metal t shirt on Teddy.
8. option to play stored heavy metal .mp3’s using mplayer in linux, controllable on the webgui page from a smartphone.
I chose Blackened by Metallica as the first Heavy Metal song played thru a Teddy Ruxpin ever in the history of the Earth. Yes my Teddy Ruxpin plays Metallica in stereo on command via wifi from my smartphone.
Dont’ forget to put an .mp3 file in /home/chip/Desktop/m.mp3. Obviously we are going to change this to play many many metal .mp3’s. ‘Cause that’s rad. Teddy Ruxpin Metal Beats Pill. If only I could figure out how to make the mouth/eyes move while mplayer plays an .mp3…………hmmmmmmmmmmmmmm
9. do it all as a boot script so no user input is needed after power on.

I’ve done it! (except the LED/GPIO part)

More to come! to do:
to do: integrate amazon echo hack, so that replys move the mouth and eyes of Ruxpin.

So, here are the basic steps (updates to come):
flash CHIP with 4.3 headless. 4.4 wifi? doesn’t seem to work even if you modify the GPIO variables in the .py script.
enable a wifi connection, apt-get update and apt-get upgrade
install all the chippy crap from the link below

sudo apt-get install python-setuptools python-dev build-essential espeak alsa-utils
sudo apt-get install python-alsaaudio python-numpy python-twitter python-bottle mplayer

-get chippy working
apt-get install isc-dhcp-server, again see link below
apt-get install bc , this lets ./battery.sh work, so you can monitory your LiPo 3.7v battery from linux
apt install wireless-tools     (this step may break your normal wifi managed mode connection setup.  its ad-hoc w no internet from here out, so if you want to install more software from the internet, do it before this step)

edit /etc/NetworkManager/NetworkManager.conf:
wired device not managed

Most probably your interface appears in /etc/network/interfaces. By default, NetworkManager does not manage interfaces that appear in /etc/network/interfaces. You can change this behaviour.

To do this – in a terminal:

sudo nano /etc/NetworkManager/NetworkManager.conf

change the line managed=false to managed=true

Save, stop and start network manager:

sudo service network-manager restart

-configure that bitch /etc/dhcp/dhcp.conf
-configure /etc/network something/ interfaces to use 192.168.1.66 ip and dns, see links below
-configure wlan0 to always use 192.168.1.66 because we are evil
-config wlan0 as ad-hoc wifi on channel 6 see just below this
-config /etc/rc.local to do all this crap at boot, no login needed to turn on wifi and dhcp, and python script

edit /etc/network/interfaces make the ip 192.168.1.66 cause we are evil:
source-directory /etc/network/interfaces.d
auto wlan0
iface wlan0 inet static
address 192.168.1.66
netmask 255.255.255.0
gateway 192.168.1.1

edit /etc/rc.local code:
iwconfig wlan0 mode ad-hoc channel 6 essid “EvilRuxpin”
ifconfig wlan0 up 192.168.1.66
sudo service isc-dhcp-server start
cd ChippyRuxpin cause i installed under root
python /root/ChippyRuxpin/chippyRuxpin.py

sample /etc/dhcp/dhcp.conf code for ez ip’s baby:
option domain-name “Evil.Ruxpin”
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.20;
option subnet-mask 255.255.255.0;
option routers 192.168.1.66;
option domain-name-servers 192.168.1.66;
}

after a editing /etc/rc.local, /etc/network/interfaces and /etc/dhcp/dhcp.conf, reboot.
once booted up, you should be able to connect to ad-hoc wifi “EvilRuxpin”
it should serve up a DHCP address between 192.168.1.10-20.
goto http://192.168.1.66:8080 or 80
page should load

note: my stupid dell laptop would not connect to the ad-hoc wifi, but my iphone 5s would.

Resources:
Chippy Ruxpin:

https://github.com/NextThingCo/ChippyRuxpin/blob/experimental/chippyRuxpin.py
http://makezine.com/projects/chippy-ruxpin/
http://www.dreeyoreshospital.net/Teddy_Ruxpin-fix-1.html
Pinouts H Bridge
http://espeak.sourceforge.net/voices.html
https://www.hackster.io/LagunaComputer/evil-ruxpin-a7afc6

C.H.I.P wifi adhoc/dhcp server:
https://bbs.nextthing.co/t/does-c-h-i-ps-wireless-radio-supports-adhoc-mode/3425/10
https://wiki.debian.org/NetworkConfiguration
http://www.binarytides.com/disable-ipv6-ubuntu/
http://askubuntu.com/questions/71159/network-manager-says-device-not-managed
https://wiki.debian.org/DHCP_Server

Amazon Echo Hack for CHIP(to do!):

http://sammachin.com/the-10-echo/

Next Thing Co CHIP GPIO:
https://github.com/xtacocorex/CHIP_IO
http://docs.getchip.com/chip.html#physical-connectors
https://bbs.nextthing.co/t/programming-with-gpio/2110/7
https://github.com/connornishijima/chipGPIO
http://docs.getchip.com/chip.html#gpio
https://bbs.nextthing.co/t/adafruit-gpio-library-for-chip/2696/5

CHIP Linux misc:

http://serverfault.com/questions/727943/auto-root-login-in-linux-servers
http://stackoverflow.com/questions/11421399/how-to-fix-bad-interpreter-error-when-using-yum
https://bbs.nextthing.co/t/configure-vnc-without-display/1334/5
3.7v lipo battery
battery.sh python-run-external-command-and-get-output/

Evil Ruxpin

Rear of Evil Ruxpin

H Bridge

Chippy Ruxpin

CHIP 3.7v LiPO battery

CHIP $9 Linux Computer

Back of Ruxpin

Chippy Ruxpin Audio Amp

chippyRuxpin.py:

#!/usr/bin/python
# Chippy Ruxpin by Next Thing Co
# Powered by C.H.I.P., the world's first $9 computer!

# apt-get install python-setuptools python-dev build-essential espeak alsa-utils
# apt-get install python-alsaaudio python-numpy python-twitter python-bottle mplayer

# IMPORTANT NOTE ABOUT TWITTER STUFF!
# In order to retrieve tweets, you need to authorize this code to use your twitter account.
# This involves obtaining some special tokens that are specific to you.
# Please visit Twitter’s website to obtain this information and put the values in the variables below.
# For more information, visit this URL:
# https://dev.twitter.com/oauth/overview/application-owner-access-tokens

consumerKey=’INSERT YOUR CONSUMER KEY HERE FROM TWITTER’
consumerSecret=’INSERT YOUR CONSUMER SECRET HERE FROM TWITTER’
accessTokenKey=’INSERT YOUR ACCESS TOKEN KEY HERE FROM TWITTER’
accessTokenSecret=’INSERT YOUR ACCESS TOKEN SECRET HERE FROM TWITTER’

import sys
import time
import subprocess
import os
from random import randint
from threading import Thread
from chippyRuxpin_audioPlayer import AudioPlayer
from chippyRuxpin_gpio import GPIO
from chippyRuxpin_twitter import ChippyTwitter
from chippyRuxpin_webFramework import WebFramework

fullMsg = “”

MOUTH_OPEN = 408 # GPIO pin assigned to open the mouth. XIO-P0
MOUTH_CLOSE = 412 # GPIO pin assigned to close the mouth. XIO-P2
EYES_OPEN = 410 # GPIO pin assigned to open the eyes. XIO-P4
EYES_CLOSE = 414 # GPIO pin assigned to close the eyes. XIO-P6

io = GPIO() #Establish connection to our GPIO pins.
io.setup( MOUTH_OPEN )
io.setup( EYES_OPEN )
io.setup( MOUTH_CLOSE )
io.setup( EYES_CLOSE )

print(“start”)

audio = None
wasRunning = False
isRunning = True
print(“isRunning t”)
rcount = 0

def updateMouth():
print(“def updateMouth”)
lastMouthEvent = 0
lastMouthEventTime = 0

while( audio == None ):
time.sleep( 0.1 )
print(“while audio none”)

while isRunning:
if( audio.mouthValue != lastMouthEvent ):
lastMouthEvent = audio.mouthValue
lastMouthEventTime = time.time()

if( audio.mouthValue == 1 ):
io.set( MOUTH_OPEN, 1 )
io.set( MOUTH_CLOSE, 0 )
else:
io.set( MOUTH_OPEN, 0 )
io.set( MOUTH_CLOSE, 1 )
else:
if( time.time() – lastMouthEventTime > 0.4 ):
io.set( MOUTH_OPEN, 0 )
io.set( MOUTH_CLOSE, 0 )

# A routine for blinking the eyes in a semi-random fashion.
def updateEyes():
print(“def updateEyes”)

while isRunning:
print(“before updateEyes”)
io.set( EYES_CLOSE, 1 )
io.set( EYES_OPEN, 0 )
time.sleep(0.6)
print(“io updateEyes”)
io.set( EYES_CLOSE, 0 )
io.set( EYES_OPEN, 1 )
time.sleep(0.6)
#io.set( EYES_CLOSE, 1 )
#io.set( EYES_OPEN, 0 )
#time.sleep(0.2)
io.set( EYES_CLOSE, 0 )
io.set( EYES_OPEN, 0 )
time.sleep( randint( 0,1) )
print(“while updateEyes”)
#rtalk()
#wasRunning=True

def rtalk():

while isRunning:
#cmd = “sudo sh -c ‘echo 1 > /sys/class/gpio/gpio412/value'”
#subprocess.Popen(cmd,shell=True, stdout=subprocess.PIPE)
time.sleep(1)
global rcount
myTextIndex = 1
rcount = rcount + 1
myTextIndex = ( randint( 0,2) )
print(myTextIndex)
print(rcount)
if rcount >= 60:
#myTextIndex == 0

if myTextIndex == 0:
myText = “hello fucker!”
elif myTextIndex == 1:
myText = “I can hear you Adam. I know you are talking about me. You don’t want to make me angry ”
elif myTextIndex == 2:
myText = “Hey! give me the pipe back”
else:
myText = ‘single quotes this is option 4’
#return MyText
rcount = 0
talk(myText)

def talk(myText):
print(“talk”)
global rcount
rcount = 0
if( myText.find( “playmetal” ) >= 0 ):
myText += “0”
myText = myText[7:-1]
cmd = “mplayer /home/chip/Desktop/m.mp3”
subprocess.Popen(cmd,shell=True, stdout=subprocess.PIPE)

#try:
# myText = twitter.getTweet( myText )
#except:
# print( “!!!ERROR: INVALID TWITTER CREDENTIALS. Please read README.md for instructions.”)
return

os.system( “espeak \”,…\” 2>/dev/null” ) # Sometimes the beginning of audio can get cut off. Insert silence.
time.sleep( 0.5 )
subprocess.call([“espeak”, “-w”, “speech.wav”, myText, “-s”, “130”])
audio.play(“speech.wav”)
#audio.play(“m.mp3”)

# cmd = “mplayer /home/chip/Desktop/m.mp3”
# subprocess.call(cmd,shell=True, stdout=subprocess.PIPE)
#cmd = “mplayer /home/chip/Desktop/m.mp3”
#subprocess.Popen(cmd,shell=True, stdout=subprocess.PIPE)

#cmd = “sudo echo 0 > /sys/class/gpio/gpio408/value”
#subprocess.call(cmd,shell=True, stdout=subprocess.PIPE)

print(“done talking”)

return myText
rtalk

#os.system( “sudo axp209 –no_limit” )
mouthThread = Thread(target=updateMouth)
mouthThread.start()
eyesThread = Thread(target=updateEyes)
eyesThread.start()
rtalkThread = Thread(target=rtalk)
rtalkThread.start()

print(“started aand played”)

audio = AudioPlayer()

if( consumerKey.find( ‘TWITTER’ ) >= 0 ):
print( “WARNING: INVALID TWITTER CREDENTIALS. Please read README.md for instructions.” )
else:
twitter = ChippyTwitter(consumerKey,consumerSecret,accessTokenKey,accessTokenSecret)

print(“def userinput”)
def userInput():
print(“start userinput”)
time.sleep(6)
while isRunning:
user_input = raw_input(“some input:”)
talk(user_input)
print(“while userinput”)

print(“userinput thread”)
inputThread = Thread(target=userInput)
inputThread.start()

print(“webframe”)
web = WebFramework(talk)
print(“webframe done”)
isRunning = False
print(“isrunning false”)

io.cleanup()
print(“io cleanup”)

sys.exit(1)

chippyRuxpin-webFramework.py:

#!/usr/bin/env python
#
# Chippy Ruxpin by Next Thing Co 2015
# Powered by C.H.I.P., the world's first $9 computer!

from bottle import run, get, post, request, route, redirect
import socket

preset1=”Hello Adam, would you like to hear some Heavy Metal?”
preset2=”Hello Adam, would you like to hear some Heavy Metal?”

print(“web start”)
class WebFramework:
def __init__(self,func):
self.ip = [(s.connect((‘192.168.1.66’, 80)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1]
print( “———“)
print( “CHIPPY RUXPIN IS ONLINE!”)
print( “In your browser, go to ” + str(self.ip) + “:8080”)
print( “———“)
self.talkFunc = func

@route(‘/’)
def index():
return ”’

What do you want Chippy Ruxpin to say? (Or type \”playmetal\” followed by some search terms):

preset01:

preset02:

preset03:

preset04:

preset05:

preset06:

preset07:

preset08:

preset09:

preset10:

preset11:

”’
@post(‘/’)

def speak():
speech = request.forms.get(‘speech’)
self.talkFunc( speech )
redirect(‘/’)

print(“def speak”)

run(host=self.ip, port=8080, debug=True)

this part of the code does not format well in wordpress . it is:
LESS THAN SYMBOL form action=”/” method=”post” GREATER THAN SYMBOL
preset11: LESS THAN SYMBOL input name=”speech” type=”text” size=”96″ value=”one of these days, _ _ _ _ I am going to kill that fucking cat'” / GREATER THAN SYMBOL

LESS THAN SYMBOL input value=”Go!” type=”submit” / GREATER THAN SYMBOL

chippyRuxpin_audioPlayer.py:

#!/usr/bin/env python
#
# Chippy Ruxpin by Next Thing Co 2015
# Powered by C.H.I.P., the world's first $9 computer!

#!/usr/bin/env python
#

import alsaaudio as aa
import audioop
from time import sleep
import struct
import math
import array
import numpy as np
import wave
import os
import subprocess

class AudioPlayer:
def __init__(self):
subprocess.Popen(‘amixer cset numid=1 100%’ ,shell=True, stdout=subprocess.PIPE ) # Set PA mixer volume to 100%
subprocess.Popen(‘amixer cset numid=2 2’ ,shell=True, stdout=subprocess.PIPE ) # Set right mixer to be “right” (2)
subprocess.Popen(‘amixer cset numid=3 1’ ,shell=True, stdout=subprocess.PIPE ) # Set left mixer to be “left” (1)
subprocess.Popen(‘amixer cset numid=4 1′ ,shell=True, stdout=subprocess.PIPE ) # Set DAC self.output to be “Direct” (2… or 1 for “Mixed” if you prefer)
self.prevAudiovalue = 0
self.mouthValue = 0

def play(self,fileName):
# Initialise matrix
matrix=[0,0,0,0,0,0,0,0]

# Set up audio
wavfile = wave.open(fileName,’r’)
chunk = 1024
output = aa.PCM(aa.PCM_PLAYBACK, aa.PCM_NORMAL)
output.setchannels(1)
output.setrate(22050)
output.setformat(aa.PCM_FORMAT_S16_LE)
output.setperiodsize(chunk)

data = wavfile.readframes(chunk)
try:
while data!=”:
output.write(data)
# Split channel data and find maximum volume
channel_l=audioop.tomono(data, 2, 1.0, 0.0)
channel_r=audioop.tomono(data, 2, 0.0, 1.0)
max_vol_factor =5000
max_l = audioop.max(channel_l,2)/max_vol_factor
max_r = audioop.max(channel_r,2)/max_vol_factor

for i in range (1,8):
self.generateMouthSignal((1<<max_r)-1)

data = wavfile.readframes(chunk)
except:
data = None

os.system( ‘/etc/init.d/alsa-utils restart’ )
sleep( .25 )

def generateMouthSignal(self,val):
delta = val – self.prevAudiovalue
if( delta < -2 or val == 0 ): self.mouthValue = 0 elif( delta > 0 ):
self.mouthValue = 1

self.prevAudiovalue = val

Install Windows 10 when the Reserve button does not work or the Get Windows 10 app icon does not appear

If your Windows 10 ‘Reserve’ button in Windows Updates does not do anything, or you do not have the ‘Get Windows 10’ icon or program, there is an easy way to obtain the .iso or initiate the Windows 10 installer from within Windows 7.

Windows 10 Upgrade this PC now

Windows 10 iso creation

Just download and run the MediaCreationTool.exe. It allows you to begin upgrading to Windows 10 directly, or create a .iso or USB installer.

https://www.microsoft.com/en-us/software-download/windows10

Windows 10 Reserve

Sony Online Entertainment Accounts Vulnerable to Brute Force Password Reset

Sony Online Entertainment Accounts Vulnerable to Brute Force Password Reset

A few months ago I began to recieve numerous spam emails from Sony Online Entertainment. Obviously, some poor kid had typed in my email address instead of his own when signing up for the online gaming platform.
As a nice guy, I sent SOE customer service an email asking for my email address to be removed. ( I do not like being awoken by a beeping cell phone in the middle of the night). Sure, I could have just flagged the email as SPAM, and gone on with my life. But I thought the honest, correct and ‘right’ thing to do was to get this poor kids account actually corrected.

I received no response from Sony Online Entertainment Customer Service.

After being awoken several times more, my attitude for SOE turned ‘twords the unfavorable side. I thought, “why don’t these people simply respond, and why won’t they stop sending me crap when requested?”. So I attempted to have this corrected once again:

to Sony
God fucking admit you have the wrong email address stop sending me this

Sent from my iPhone

On Feb 27, 2015, at 4:40 PM, Sony Entertainment Network wrote:

Sony Entertainment
Network
Wallet Transaction Notification: Funds Added.

Dear glenn,

The requested funds have been added to your Sony Entertainment Network wallet. The transaction details are provided below for your records.

Thank you,
The Sony Entertainment Network Team

Online ID: imabad460
Order Number: 8052327724
Date Purchased 02/18/2015 @ 11:10 AM
Charge Method: MC 5516********4375
Funds Added To Wallet: $9.99

Current Wallet Amount*: $9.99
*This wallet amount is current as of the date and time of this transaction.

To update your marketing preferences, please click here.

This e-mail message has been delivered from a send-only address. Please do not reply to this message. For more information about your account, please visit the links below.

Support:
http://www.us.playstation.com/corporate/contactus/

Terms of Use and Privacy Policy:
http://www.sonyentertainmentnetwork.com/legal/

“Sony Entertainment Network” and “Sony Entertainment Network Logo” are trademarks of Sony Corporation.

SOE

Again, no response. Poor ‘little imabad460. It seems SOE is not interested in fixing this problem for its customer.

Then in March of 2015, after being awoke several times again from SOE spam, I decided to call SOE customer support. The nice foreign guy at the call center did not seem to be concerned that their company was sending out spam to non customers after being asked nicely not to. He said he would send me a password reset. I told him that was the problem, please stop doing so. He then demanded my name, and I explained to him that my name is irrelevant since I am not an SOE customer. This went on and on and they said they would send a verification email to the email address in question. They did, and I responded with:

Do Not Reply do-not-reply@playstation.sony.com via rg4l6fsz62gjayab.5q95zs6dsyqcprg9.a50sj.i-h5efeac.na15.bnc.salesforce.com
Mar 18 (4 days ago)

to me
Send the email to “pscustomer_service@playstation.sony.com”

Subject line: ATTN: Sony Entertainment Network account Email Investigations, Case Number#

Body of the email: Include your name and Case number

Be sure to document in the “Case Feed” the email is being used without permission.

05183358 this is the case

ref:_00Di0H5ef._500i0MVrtu:ref

Laguna Computer
Mar 18 (4 days ago)

to pscustomer_service@playstation.sony.com
Yes I do not have a Sony account, please stop sending me emails. The account holder has used the wrong email address

Sent from my iPhone

> On Mar 18, 2015, at 12:44 PM, Do Not Reply wrote:
>
> Send the email to “pscustomer_service@playstation.sony.com”
>
> Subject line: ATTN: Sony Entertainment Network account Email Investigations, Case Number#
>
> Body of the email: Include your name and Case number
>
> Be sure to document in the “Case Feed” the email is being used without permission.
>
> 05183358 this is the case
>
>
> ref:_00Di0H5ef._500i0MVrtu:ref

soe2

Since then, I just keep receiving Account password links from Sony. So I thought to myself. “I will just fix it myself!”. I clicked on the password reset link that they sent me, and was taken to a birthdate verification page. This is where the exploit was found.

That is when I discovered that the Sony Online Entertainment password reset webpage does not timeout for failout after x amount of attempts. This is a large security hole. By my math it should take 365 dates (1-31x12months) x 40 ‘years’ (1975-2015) approx less than 15,000 attempts before the password reset is brute forced.

Weak Sauce SOE! Can’t you just remove my email address from your system as requested?

Brute Force Vulnerability in Sony Entertainment Online's Account Password Reset Webpage
Brute Force Vulnerability in Sony Entertainment Online’s Account Password Reset Webpage

Controlling Lights with Arduino Uno and Ethernet Shield from Cell Phone SMS text using Twilio and Temboo over the Internet

Here is the meat of this project.
http://www.instructables.com/id/Controlling-your-Christmas-lights-with-Text-Messag/?ALLSTEPS
Controlling your Christmas lights with Text Messages by VisionaryNutcases

The original code is for an Arduino YUN. The YUNs have built in ethernet and some code had to be changed to get it to work with my standard Uno with an ethernet shield.
Basically i had to strip out the Console.print and the Bridge.h commands, changing them to Serial.print . Also ,I had to shift the response string lookup digits a few places, because it was offset with the original YUN code. I just copied the RESPONSE from the serial monitor into Notepad, and counted the digits by using the right arrow key, taking note to count the spaces as well.

Here is the modified code that works on an Arduino Uno with an Ethernet shield. Dont forget to get your TembooAccount.h file from the temboo site.
Also, I had issues with the header code box not populating correctly while following the instructions. Try hitting refresh, switch between Arduino YUN and Arduino code using the box at the top of the temboo website.

You will need to edit the code below to include YOUR twilio auth code and ID. This code will turn a LED on digital pin7 if you send a text as “lights on” and turn the led off if you send “lights off”


header
/* Setup shield-specific #include statements */
/*Use the pic above, for the header setup, my WordPress software hides the code from this part in this post */
#include
#include
#include
#include
#include
#include
#include "TembooAccount.h" // Contains Temboo account information
#include

/*REPLACE THE FIRST 10 Lines with those shown in the pic above ^ */

byte ethernetMACAddress[] = ETHERNET_SHIELD_MAC;
EthernetClient client;

int numRuns = 1; // Execution count, so this doesn't run forever
int maxRuns = 5; // Maximum number of times the Choreo should be executed
int ledPin = 13; // Led for debug
int buzzerPin = 2; // buzzer's connected to pin 2
int lightsPin = 7; // The pin where your Xmas lights are connected to.
int timeToWait = 600000; //Delay between calls
String bodyMsgLast = "none"; // This variable holds the last text message read.

void setup() {
Serial.begin(9600);

// For debugging, wait until the serial console is connected.
delay(4000);
while(!Serial);

Serial.print("DHCP:");
if (Ethernet.begin(ethernetMACAddress) == 0) {
Serial.println("FAIL");
while(true);
}
Serial.println("OK");
delay(5000);

Serial.println("Setup complete.\n");

//Set Outputs
pinMode(ledPin, OUTPUT);
pinMode(lightsPin, OUTPUT);
pinMode(buzzerPin, OUTPUT);

//Turn lights off on boot up
digitalWrite(lightsPin, HIGH);
delay(5000); //simulates a button press for 5 seconds
digitalWrite(lightsPin, LOW);
delay(1000);

//Bridge.begin();
//Console.begin();

}

void loop() {
if (numRuns <= maxRuns) { Serial.println("Running GetLastMessageThatContains - Run #" + String(numRuns++)); TembooChoreo GetLastMessageThatContainsChoreo(client); // Invoke the Temboo client GetLastMessageThatContainsChoreo.begin(); // Set Temboo account credentials GetLastMessageThatContainsChoreo.setAccountName(TEMBOO_ACCOUNT); GetLastMessageThatContainsChoreo.setAppKeyName(TEMBOO_APP_KEY_NAME); GetLastMessageThatContainsChoreo.setAppKey(TEMBOO_APP_KEY); // Set Choreo inputs String AuthTokenValue = "6e0aecedb5461c4ccbc7f72535c7c569"; GetLastMessageThatContainsChoreo.addInput("AuthToken", AuthTokenValue); String FilterValue = "lights"; GetLastMessageThatContainsChoreo.addInput("Filter", FilterValue); String AccountSIDValue = "AC25eb0f996fbe268825f00405885f6fba"; GetLastMessageThatContainsChoreo.addInput("AccountSID", AccountSIDValue); // Set Choreo inputs GetLastMessageThatContainsChoreo.addInput("AuthToken", " PUT YOUR TWILIO AUTH TOKEN HERE "); //Twilio Authentication Token GetLastMessageThatContainsChoreo.addInput("Filter", "ights"); // Filter for incoming messages holding this word GetLastMessageThatContainsChoreo.addInput("AccountSID", " PUT YOUR TWILIO ACCOUNT ID HERE "); //Twilio account ID GetLastMessageThatContainsChoreo.addInput("ResponseMode", "simple"); //Response Mode // Identify the Choreo to run GetLastMessageThatContainsChoreo.setChoreo("/Library/Twilio/SMSMessages/GetLastMessageThatContains"); // Run the Choreo; when results are available, print them to serial GetLastMessageThatContainsChoreo.run(); String bodyMsg; // This contains the whole Message while(GetLastMessageThatContainsChoreo.available()) { char c = GetLastMessageThatContainsChoreo.read(); Serial.print(c); bodyMsg += c; //The characters are being fed to the bodyMsg string } //Serial.println(bodyMsg+ "<-- is bodyMsg" ); if (bodyMsg != bodyMsgLast) { //Only runs if this message is different than the one stored. if (bodyMsg.substring(33, 35) == "on") { //This only works if the 17th to 19 letters are "on"". // This works if you're seinding the message "Lights on" // Characters before Lights on are other info from Twilio // Turn lights on //digitalWrite(ledPin, HIGH); //turns on debug LED digitalWrite(lightsPin, HIGH); //delay(800); //digitalWrite(lightsPin, LOW); //Simulated button press for less than a second Serial.println("Lights are on"); //tone(buzzerPin, 2000, 3000); //beeps for 3 seconds } else if (bodyMsg.substring (33, 36) == "off") { //17 20reads "off" from a message saying "Lights off" //digitalWrite(ledPin, LOW); //turns off debug LED //tone(buzzerPin, 4200, 1000); //beeps digitalWrite(lightsPin, LOW); //delay(5000); //simulates a 5 second button press to turn the lights off //digitalWrite(lightsPin, LOW); //delay(1000); Serial.println("Lights are off"); } bodyMsgLast = bodyMsg; //Copies this message to the Last message variable } else { Serial.println("Identical to Last"); //if identical, do nothing. } Serial.println(); Serial.println("Waiting..."); delay(timeToWait); // wait a period between GetLastMessageThatContains calls GetLastMessageThatContainsChoreo.close(); } Serial.println("\nWaiting...\n"); delay(30000); // wait 30 seconds between GetLastMessageThatContains calls }

TembooAccount.h

you must edit your tembooaccount.h file as well. make sure you get an up to date app key FOR YOUR APP from the temboo website.


/*
IMPORTANT NOTE about TembooAccount.h

TembooAccount.h contains your Temboo account information and must be included
alongside your sketch. To do so, make a new tab in Arduino, call it TembooAccount.h,
and copy this content into it.
*/

#define TEMBOO_ACCOUNT "lagunabeachcomputer" // Your Temboo account name
#define TEMBOO_APP_KEY_NAME "myFirstApp" // Your Temboo app key name
#define TEMBOO_APP_KEY "2761f18fae384543af4f... xxxx " // Your Temboo app key

#define ETHERNET_SHIELD_MAC {0xFE, 0xAD, 0xBE, 0xEF, 0xFE, 0xFD}

/*
The same TembooAccount.h file settings can be used for all Temboo SDK sketches.
Keeping your account information in a separate file means you can share the
main .ino file without worrying that you forgot to delete your credentials.
*/

Bitlocker TPM and Active Directory Batch File Script for Windows 7

This DOS batch file script does everything for Bitlocker:

-Updates Group Policy and forces no logoff (we use a separate OU for computers staged to be encrypted)
-Enables the TPM
-Sets the TPM password
-Asks for USB drive letter
-Enables Bitlocker
-Backs up key to USB drive
-Backs up key to Active Directory, creates folder based on Hostname of PC
-Copies .BEK key file from USB drive to the network location of your choice (must edit)

rem bitlocker.bat copyright Galen Wollenberg LagunaBeachComputer.com 2014
@echo.
@echo )\.-. /`-. .') )\.---. )\ )\ ' )\.--.
@echo ,' ,-,_) ,' _ \ ( / ( ,-._( ( \, / ( ._.'
@echo( . __ ( '-' ( )) \ '-, ) \ ( `-.`.
@echo ) '._\ _) ) _ ) )'._.-. ) ,-` ( ( \ \ ,_ ( \
@echo( , ( ( ,' ) \ ( ) ( ``-. `.)/ ) ( '.) ) v1.0
@echo )/'._.' )/ )/ )/,__.' )..-.( '.( '._,_.'
@echo 888888b. d8b 888 888 888
@echo 888 "88b Y8P 888 888 888
@echo 888 .88P 888 888 888
@echo 8888888K. 888 888888 888 .d88b. .d8888b 888 888 .d88b. 888d888
@echo 888 "Y88b 888 888 888 d88""88b d88P" 888 .88P d8P Y8b 888P"
@echo 888 888 888 888 888 888 888 888 888888K 88888888 888
@echo 888 d88P 888 Y88b. 888 Y88..88P Y88b. 888 "88b Y8b. 888
@echo 8888888P" 888 "Y888 888 "Y88P" "Y8888P 888 888 "Y8888 888
@echo .d8888b.
@echo d88P Y88b
@echo Y88b.
@echo "Y888b. 888 888 88888b. .d88b. 888d888
@echo "Y88b. 888 888 888 "88b d8P Y8b 888P"
@echo "888 888 888 888 888 88888888 888
@echo Y88b d88P Y88b 888 888 d88P Y8b. 888
@echo "Y8888P" "Y88888 88888P" "Y8888 888
@echo 888
@echo 888
@echo 888
@echo .d8888b. d8b 888 888 888 888
@echo d88P Y88b Y8P 888 888 888 888
@echo Y88b. 888 888 888 888
@echo "Y888b. .d8888b 888d888 888 88888b. 888888 888 888 888
@echo "Y88b. d88P" 888P" 888 888 "88b 888 888 888 888
@echo "888 888 888 888 888 888 888 Y8P Y8P Y8P
@echo Y88b d88P Y88b. 888 888 888 d88P Y88b. " " "
@echo "Y8888P" "Y8888P 888 888 88888P" "Y888 888 888 888
@echo 888
@echo 888
@echo 888
@echo.
@echo *** Did you Move the USAVxDxxx to Bitlocker Staging in AD?
@echo.
@echo n | gpupdate /force

@echo.
@echo *** Enable TPM
manage-bde -tpm -t
@echo.
@echo *** Set TPM Password
manage-bde -tpm -o P@ssw0rd

@echo off
@echo.
set usbletter=e:
Set /p usbletter= "Enter the letter of the USB drive ([e:]): "
If "%usbletter%"=="e:" goto :sub_gotlettere

@echo.
echo * USB Drive is %usbletter%
echo.
echo *** Deleting existing .BEK files on USB...
echo.
attrib -h -s -r -a %usbletter%:\*.BEK
del %usbletter%:\*.bek
echo.
echo *** Enabling Bitlocker Encrytion on C: ...
@echo.
Manage-BDE.exe -on c: -recoverypassword -recoverykey %usbletter%
@echo.
goto sub_go

:sub_gotlettere
@echo.
set usbletter=e:
echo * USB Drive is %usbletter%
@echo.
echo *** Deleting existing .BEK files on USB...
echo.
attrib -h -s -r -a e:\*.BEK
del e:\*.BEK
echo.
echo *** Enabling Bitlocker Encrytion on C: ...
@echo.
Manage-BDE.exe -on c: -recoverypassword -recoverykey e:
goto sub_go

:sub_go
@echo.
Manage-BDE.exe -protectors -get c:|findstr ID >%Temp%\ID.txt
echo+
echo+
echo+
echo *** Saving Bitlocker Key to Active Directory...
echo.
for /f "tokens=1,2" %%a in (%temp%\ID.txt) do manage-bde -protectors -adbackup c: -id %%b
echo+
@Echo ****** VERIFY THE KEY WAS SAVED TO AD, ignore 1st/3rd ERROR ABOVE ^ *****
@echo.
@Echo ****** LOOK FOR this V , up Above ^ *****
@Echo ****** "Recovery information was successfully backed up to Active Directory." *****
@pause
echo.
echo * This is %computername%
Echo.
echo *** Creating folder at I:\BITLOCKER\Saved_Keys\Enterprise\%computername%
echo.
md \\data\it\BITLOCKER\Saved_Keys\Enterprise\%computername%
attrib -h -s -r -a %usbletter%\*.BEK
@echo.
@echo *** Copying .BEK key file from USBdrive to
@echo *** I:\BITLOCKER\Saved_Keys\Enterprise\%computername%
echo.
copy %usbletter%\*.BEK \\data\it\BITLOCKER\Saved_Keys\Enterprise\%computername%
start \\data\it\BITLOCKER\Saved_Keys\Enterprise\%computername%\
echo.
@echo ****** NOW You Just Need to RENAME the .BEK file
@echo ****** adding the %computername%_xxxxxxxx_xxxx_xxxx_xxxx_xxxxxxx.bek ******
@echo.
@echo 8888888b.
@echo 888 Y88b
@echo 888 888
@echo 888 d88P .d88b. 88888b. 8888b. 88888b.d88b. .d88b.
@echo 8888888P" d8P Y8b 888 "88b "88b 888 "888 "88b d8P Y8b
@echo 888 T88b 88888888 888 888 .d888888 888 888 888 88888888
@echo 888 T88b Y8b. 888 888 888 888 888 888 888 Y8b.
@echo 888 T88b "Y8888 888 888 "Y888888 888 888 888 "Y8888
@echo.
@echo 888888b. 8888888888 888 d8P 8888888888 d8b 888
@echo 888 "88b 888 888 d8P 888 Y8P 888
@echo 888 .88P 888 888 d8P 888 888
@echo 8888888K. 8888888 888d88K 8888888 888 888 .d88b.
@echo 888 "Y88b 888 8888888b 888 888 888 d8P Y8b
@echo 888 888 888 888 Y88b 888 888 888 88888888
@echo d8b 888 d88P 888 888 Y88b 888 888 888 Y8b.
@echo Y8P 8888888P" 8888888888 888 Y88b 888 888 888 "Y8888
@echo.
@echo .d8888b. 8888888b. 888 888
@echo d88P "88b 888 Y88b 888 888
@echo Y88b. d88P 888 888 888 888
@echo "Y8888P" 888 d88P .d88b. 88888b. .d88b. .d88b. 888888
@echo .d88P88K.d88P 8888888P" d8P Y8b 888 "88b d88""88b d88""88b 888
@echo 888" Y888P" 888 T88b 88888888 888 888 888 888 888 888 888
@echo Y88b .d8888b 888 T88b Y8b. 888 d88P Y88..88P Y88..88P Y88b.
@echo "Y8888P" Y88b 888 T88b "Y8888 88888P" "Y88P" "Y88P" "Y888
@echo.
@pause
rem ren \\data\it\BITLOCKER\Saved_Keys\Enterprise\%computername%\*.bek rem \\data\it\BITLOCKER\Saved_Keys\Enterprise\%computername%\

Windows 7 Media Center MCE Losing or Changing ClearQAM Channels After Channel Scanning or Internet TV Guide Update – How to Fix

Windows 7 Media Center MCE Losing or Changing ClearQAM Channels After Channel Scanning or Internet TV Guide Update – How to Fix

After setting up Windows Media Center with my new Hauppauge 2250 Tv Tuner Card, I had all of my HD digital TV clearQAM channels piped in from Cox coax and it was wonderful.
However after the MCE tv guide updated on the internet, my channel listing dropped some good channels and changed the listing numbers. Here is how I fixed my MCE channels and stopped Media Center from changing the channels automatically (wrong) on me.

read this:

http://joelsef.blogspot.com/2011/01/clear-qam-channels-remapping-in-windows.html

you have to scan for channels with the network disconnected.
This will pull a ‘real, full scan’
You will want to stop the scan once a few channels show up, but not let it complete. IE stop around %45 scan complete.
now go into the channel editor in MCE and write down which frequency/channel the station is actually using such as ‘86.1’ and the detected bitrate QAM64
now repeat re-scanning/overwriting channels until you get all the ones you want written down. see my list below as an example.

now, when you plug your network back in, the internet directory info will ‘correct’ a few stations, this is actually screwing them up and overwriting actual signals with what it thinks should be there from the info in the internet lookup.

since you have written down the actual frequecies for the stations prior, you can go into the ‘add missing channels’ setup and manually add the ‘overwritten channels’

THEN YOU HAVE TO DISABLE CHANNEL UPDATING IN THE REGISTRY:
http://joelsef.blogspot.com/2011/01/clear-qam-channels-remapping-in-windows.html

here are my Cox Orange County, CA HD channels

internet guide channel# desc real chl/freq QAM bitrate
4.1 KNBCDT 23.45 64
4.2 KNBCDT2 23.315 64
5.1 KTLADT 86.2 64
5.3 KTLADT3 88.6809* 64
6.4/2.1 KCBSHD 2.1 40.3 256
7.1 KABCDT 31.1 256
7.2 KABCDT2 31.4 256
9.1 KCALDT 40.1 256
11.1 KTTVDT 31.3 256
12.1 KDOCHD 35.43284* 256
13.1 KCOPDT 80.19653* 64
13.3 KCOPDT3 6.7123* 64

*MCE windows 7 only allows up to 3 decimal places for manual channel entry. These channels had to be auto scanned by MCE for me to receive them. I was not able to manually add them due to the longer digits

more info here http://www.thegreenbutton.tv/forums/viewtopic.php?f=6&t=6069&p=73943#p73943

Bitcoin exchange to resume withdrawals after slump

Major bitcoin exchange Mt Gox announced on Monday that users should soon be able to withdraw funds from their accounts amid growing tensions and a price collapse for the virtual currency.
Japan-based Mt Gox is the second-biggest bitcoin exchange in the world – representing around 18 percent of total bitcoin trade in the last week, according to Bitcoinity.org. A halt in withdrawals last weekend left customers unable to transfer their investments into U.S. dollars.
The price of the virtual currency has plunged to below $300 on the exchange in recent days, compared to a figure of around $650 on other major exchanges. Bitcoin had traded above $1,200 at its peak back in November but has since halved in price.

In a new statement on Monday Mt Gox apologized for the inconvenience caused by the recent suspension of external bitcoin transfers and said that it had implemented a workaround that should enable withdrawals and mitigate any issues.

“With this new system in place, Mt Gox should be able to resume withdrawals soon. At the beginning we will do so at a moderated pace and with new daily/monthly limits in place to prevent any problems with the new system and to take into account current market conditions,” it said in a statement on its website on Monday.
“We will update everyone again by Thursday at the latest.”

Withdrawals were halted last week as the exchange’s technical team investigated a problem with the way bitcoin withdrawals were processed. This followed several weeks of users complaining of slow withdrawal rates. Mt Gox blamed its ongoing technical issues on a critical flaw in the cryptocurrency which it said affected all exchanges.
It detailed a bug in the bitcoin software that made it possible for people to use the bitcoin network to alter transaction details. That could give the false impression that bitcoins had not been sent to a bitcoin wallet, when in fact they had.
Mt Gox caused anger in the bitcoin community when it blamed the fault on this issue — known as called “transaction malleability”. A representative from the Bitcoin Foundation, an organization that aims to promote and protect bitcoin, hit back at Mt Gox’s claims, saying that it was actually due to its highly customized software, its customer support procedures, and its unpreparedness.
This war of words continued with Mt Gox chief executive Mark Karpeles suggesting to Forbes magazine on Thursday that the flaw ought to have been solved by the Bitcoin Foundation as it has been known about since 2011.

The “Fast Money” crew reacts to tech investor Marc Andreessen’s comments on Bitcoin. And trader Brian Kelly sees promise in the digital currency.
Mt Gox has been described as the “original” bitcoin exchange by fans of the digital currency who see it as facilitating its fledgling growth in the early days of the technology. Mt Gox once claimed that it handled around 80 percent of all global dollar trades for the currency. However, the exchange hasn’t been without its own set of public relation disasters.
It recently experienced lengthy delays when exchanging bitcoin into U.S. dollars and has previously experienced high-profile DDoS (distributed denial-of-service attacks) hacking attacks which slow down its user experience. Meanwhile, the U.S. Department of Homeland Security seized its bank account in May 2013, saying it had never properly registered as a money services company.
Customers have taken to social media to express their dissatisfaction about the latest halt to trade, and bitcoin news website CoinDesk reported on Friday that a small protest had been conducted outside the offices of Mt Gox in Tokyo.

Bitcoin is a “virtual” currency that allows users to exchange online credits for goods and services. While there is no central bank that issues them, bitcoins can be created online by using a computer to complete difficult tasks, a process known as mining. Some 12 million bitcoins are believed to be in circulation, with a cap of 21 million — meaning no more bitcoins can be created after that point.

—By CNBC.com’s Matt Clinch; Follow him on Twitter @mattclinch81

Bitcoin Price Tumbles Over %50 In Six Days On News Of Bugs, Exchange Glitches and DDoS Attacks

bitcoin_falls

Important Announcement: In order for our team to resolve the BTC withdrawal issue it is necessary for a temporary pause on all external bitcoin withdrawal requests in order to obtain a clear technical view of the current processes. We have updated our statement on this matter HERE. The MtGox trading platform, deposits, and withdrawals will perform as usual for the needs of our customers.
Dear MtGox Customers and Bitcoiners,

As you are aware, the MtGox team has been working hard to address an issue with the way that bitcoin withdrawals are processed. By “bitcoin withdrawal” we are referring to transactions from a MtGox bitcoin wallet to an external bitcoin address. Bitcoin transactions to any MtGox bitcoin address, and currency withdrawals (Yen, Euro, etc) are not affected by this issue.

The problem we have identified is not limited to MtGox, and affects all transactions where Bitcoins are being sent to a third party. We believe that the changes required for addressing this issue will be positive over the long term for the whole community. As a result we took the necessary action of suspending bitcoin withdrawals until this technical issue has been resolved.

Addressing Transaction Malleability
MtGox has detected unusual activity on its Bitcoin wallets and performed investigations during the past weeks. This confirmed the presence of transactions which need to be examined more closely.

Non-technical Explanation:
A bug in the bitcoin software makes it possible for someone to use the Bitcoin network to alter transaction details to make it seem like a sending of bitcoins to a bitcoin wallet did not occur when in fact it did occur. Since the transaction appears as if it has not proceeded correctly, the bitcoins may be resent. MtGox is working with the Bitcoin core development team and others to mitigate this issue.

Technical Explanation:
Bitcoin transactions are subject to a design issue that has been largely ignored, while known to at least a part of the Bitcoin core developers and mentioned on the BitcoinTalk forums. This defect, known as “transaction malleability” makes it possible for a third party to alter the hash of any freshly issued transaction without invalidating the signature, hence resulting in a similar transaction under a different hash. Of course only one of the two transactions can be validated. However, if the party who altered the transaction is fast enough, for example with a direct connection to different mining pools, or has even a small amount of mining power, it can easily cause the transaction hash alteration to be committed to the blockchain.

The bitcoin api “sendtoaddress” broadly used to send bitcoins to a given bitcoin address will return a transaction hash as a way to track the transaction’s insertion in the blockchain.
Most wallet and exchange services will keep a record of this said hash in order to be able to respond to users should they inquire about their transaction. It is likely that these services will assume the transaction was not sent if it doesn’t appear in the blockchain with the original hash and have currently no means to recognize the alternative transactions as theirs in an efficient way.

This means that an individual could request bitcoins from an exchange or wallet service, alter the resulting transaction’s hash before inclusion in the blockchain, then contact the issuing service while claiming the transaction did not proceed. If the alteration fails, the user can simply send the bitcoins back and try again until successful.

We believe this can be addressed by using a different hash for transaction tracking purposes. While the network will continue to use the current hash for the purpose of inclusion in each block’s Merkle Tree, the new hash’s purpose will be to track a given transaction and can be computed and indexed by hashing the exact signed string via SHA256 (in the same way transactions are currently hashed).

This new transaction hash will allow signing parties to keep track of any transaction they have signed and can easily be computed, even for past transactions.

We have discussed this solution with the Bitcoin core developers and will allow Bitcoin withdrawals again once it has been approved and standardized.

In the meantime, exchanges and wallet services – and any service sending coins directly to third parties – should be extremely careful with anyone claiming their transaction did not go through.

Note that this will also affect any other crypto-currency using the same transaction scheme as Bitcoin.

Conclusion
To put things in perspective, it’s important to remember that Bitcoin is a very new technology and still very much in its early stages. What MtGox and the Bitcoin community have experienced in the past year has been an incredible and exciting challenge, and there is still much to do to further improve.

MtGox will resume bitcoin withdrawals to outside wallets once the issue outlined above has been properly addressed in a manner that will best serve our customers.

More information on the status of this issue will be released as soon as possible.

We thank you for taking the time to read this, and especially for your patience.

Best Regards,
MtGox Team

More Bitcoin Exchanges Forced Out of Sync After Massive DDoS Attack
http://it.slashdot.org/story/14/02/12/1559233/more-bitcoin-exchanges-forced-out-of-sync-after-massive-ddos-attack
An anonymous reader tipped us to news that several Bitcoin exchanges have joined Mt Gox in suspending withdrawals after being forced out of sync with the Bitcoin network at large. After Mt Gox blamed transaction malleability for forcing them to suspend withdrawals, miscreants started flooding at least Bitpay and Btc-e with bogus transactions. Quoting the Bitcoin Foundation:
“Somebody (or several somebodies) is taking advantage of the transaction malleability issue and relaying mutated versions of transactions. This is exposing bugs in both the reference implementation and some exchange’s software. We (core dev team, developers at the exchanges, and even big mining pools) are creating workarounds and fixes right now. This is a denial-of-service attack; whoever is doing this is not stealing coins, but is succeeding in preventing some transactions from confirming. It’s important to note that DoS attacks do not affect people’s bitcoin wallets or funds. “

Mt. Gox Bitcoin Exchange Halts Withdrawls, Bitcoin Price Tumbles %33

Statement Regarding BTC Withdrawal Delays – UPDATE
Posted: Feb 07 14:34 JST

Dear MtGox Customers,

In our efforts to resolve the issue being encountered by various bitcoin withdrawals, it was determined that the increase in the flow of withdrawal requests has hindered our efforts on a technical level. To understand the issue thoroughly, the system needs to be in a static state.

In order for our team to resolve the withdrawal issue it is necessary for a temporarily pause on all withdrawal requests to obtain a clear technical view of the current processes.

We apologize for the sudden short notice. All bitcoin withdrawal requests will be on pause, and the withdrawals in the system will be returned to your MtGox wallet and can be reinitiated once the issue is resolved. The trading platform will perform as usual for the needs of our customers. 



Our team will resolve this problem as soon as possible and will provide an update on Monday, February 10, 2014 (JST).



We deeply apologize for the inconvenience caused, and thank you for your kind support and considerations. 


Sincerely,

The MtGox Team

bitcoin falls 33
-gman