Know How... 106 (Transcript)

Net Casts you love, from people you trust. This is Twit! Bandwidth for Know How is brought to you by cachefly.com.

This episode of Know How is brought to you by lynda.com. Learn what you want, when you want with access to over 2700 high quality online courses, all for one low monthly price. To try it free for 7 days, visit lynda.com/knowhow.

On this teaser episode of Know How we are going to be covering bad USB, talking about DefCon and Patrick Delahanty is by to show us how he built Groot.

Father Robert Ballecer: Welcome to Know How, it’s the guadrians of the galaxy show where we bring you some of our projects that we’ve been working on and then give you the knowledge to pour in that knowledge hole.

Bryan Burnett: Right. When we are not busy dancing.

Fr. Robert: I’m Father Robert Ballecer, the digital Jesuit.

Bryan: And I’m Bryan Burnett.

Fr. Robert: And for the next half hour or so we are going to show some of the things that we’ve been doing. And actually show you DefCon and Black Hat coverage as well as maybe a little project that one of our very own has made that is kind of gone viral.

Bryan: Yeah. It has been everywhere. But before we get to the good stuff maybe you should tell us about the scary stuff you brought back from DefCon.

Fr. Robert: DefCon is normally like Disneyland. I love going to DefCon and Black Hat, it is my people. Security professionals, people who like to hack things apart. Normally there is one or two exploits that get released and it is sort of an intellectual exercise. It is interesting. There was something released at this year’s Black Hat that has me absolutely scared.

Bryan: I think, would you call it drop-in packets?

Fr. Robert: Let me explain it. We are calling it bad USB. It is really a vulnerability that two researchers from Germany by the name of Karsten Knoll and Jacob Lell, who I actually interviewed at Black Hat, they discovered that the way that USB is built has a horrible, horrible hole.

Bryan: And it has been around for a long time too.

Fr. Robert: It has been around since the beginning of USB. This is what is so scary. It is not really an exploit. It is using the USB standard to do something that we didn’t want it to do.

Bryan: Something that wasn’t foreseen.

Fr. Robert: Exactly. These are some standard USB flash drives. This is what we are used to. This is a 64 GB, this is a 32 GB. They go all the way from USB 1 to USB 3. If you take a look at the breakdown of what a USB device looks like on the inside. This is the memory chip where all your stuff gets stored. But on this side the part that connects to your computer, this is the controller. A lot of people don’t think about this, but your USB device be it a flash drive, a printer, a keyboard or whatever it has to have a controller. A controller is like a computer. This is an embedded computer that runs an operating system that is determined by its firmware.

Bryan: Right. It has a firmware which can, now that you found out, be replaced.

Fr. Robert: Right. Now reprogramming the firmware was always part of USB. It is what makes USB so flexible. That is why we can have USB keyboards and USB mice and USB this and that. Think of all the USB devices that you connect to. The problem is the way that this thing was designed was the system, your computer, can see the controller. That is the part that interfaces with the system, but it can’t see what is after the controller. So let’s say it is a printer. It can see the interface to the printer but it can’t actually talk to the component parts of the printer. Or a hard drive, or a flash drive, or a web cam. It is the same thing. The system can talk to the controller for the device but it can’t talk to the device itself. That is the way that USB was created. Here is the vulnerability. They figured out that you can reprogram the firmware on this controller to make it do bad things.

Bryan: Wow. Okay. And there is no way of detecting it either.

Fr. Robert: Yeah, unfortunately there is not. So, what they showed us in the demonstration, and if you want to see the full demonstration you can go to the YouTube page for this week in enterprise tech at twit.tv/twiet. We are going to put the full interview and the full Q & A, it is over an hour and a half of material. But they showed us, onstage, of how this works. You could plug in a USB flash drive, put it into your port and it will recognize the flash drive and then you have it set so that 30 minutes after they plug it in, it will switch from being a USB flash drive to a USB keyboard and then it will do a bunch of key strokes. For example if it is assuming it is a windows device it will bring up Windows Explorer, it will go to the address bar and then go to a website that will load malware onto your computer and then shut everything down. And if you are not staring at your computer while this is happening you would have no clue this is what it is doing. And then, it would switch back to being a flash drive.

Bryan: That is crazy. I’ve heard of the rubber ducky which hack 5 sells and that is where you plug in a USB and it runs a script like that. But that is a whole USB, that is not just the controller.

Fr. Robert: The rubber ducky is very cool and it does exactly this sort of stuff. It is a one stop, plug it in and get exports. But with this hack any device could become a rubber ducky. This is what gets really scary. You could have this malware get loaded on your computer which will then affect other devices.

Bryan: So your keyboard, your mouse. So then you take your mouse and plug it in another computer and then that one is infected.

Fr. Robert: And that is the other thing. When you look at your laptop it is actually a collection of USB devices. The web camera, the keyboard, mouse, card reader, those all have controllers with firmware that can be owned. Once they get owned it means that your computer is owned. So any device you plus into your computer it is now owned. Any computer plugs into that printer, it is now owned. That computer plugs into a hard drive, that is now owned.

Bryan: I think you just dropped some packets, Padre.

Fr. Robert: Absolutely dropped some packets.

Bryan: That is scary.

Fr. Robert: That is not the scary part. We’ve seen exploits like this and yes they are scary but there are always ways around them. No.

Bryan: We were talking that if you monitor your network traffic very closely. But who is going to do that?

Fr. Robert: Now there were three suggestions that were given to the presenters during the keynote for Black Hat. The first one was why not run an anti-virus. The second one was why not copy over good firmware.

Bryan: Re-flash it?

Fr. Robert: Re-flash it. And the third one was why not make these devices non programmable. Let’s cover them one by one. The first one, the anti-virus. You run anti-virus on your computer every once in a while.

Bryan: Definitely. At least once a week.

Fr. Robert: Here is the problem with trying to run an antivirus to find this particular malware. Your system can only see the controller. It can’t see the firmware and it can’t actually see the device. So the first thing, if I were to program this malware, is say hey controller always tell the system that everything is fine. And because the computer can’t see past the controller there is nothing the anti-virus can do. It cannot look through the memory of the controller. It can’t look to the device connected to the controller.

Bryan: Usually when I run my anti-virus it is not on the USB drives that are connected to the computer.

Fr. Robert: Actually, especially if it is not a flash drive we have no anti viruses to scan other devices. So that is obviously not going to work. The second suggestion was, why not put good firmware. Here is the problem, the way that the update process works on a USB device when you want to upload new firmware, it goes to the controller and the controller puts it into memory and then it runs an update utility that replaces the old firmware with the new firmware. Again, if I have written a malware, I will write it and say take the new firmware, take the revision number, put that on top of yourself and discard everything else. And so now that I think I’ve updated the firmware and it will look right, but the controller will just say no I’m totally updated.

Bryan: And then there was one more wasn’t there?

Fr. Robert: The last one. And this is the one that a lot of people think will work. Make it non-programmable. And now will work…

Bryan: But that means that this USB devices that we use are less flexible. Right?

Fr. Robert: Yeah, think about it. How many times, for example your phone. Your phone is the USB device. It has a USB controller. Every once in a while you have to update the firmware because there is an exploit that someone found. If you make it non-programmable, you can’t update it you are stuck. You would have to believe that the firmware they gave you out of the factory was 100% right. Because there is nothing you can do to change it. And the other problem is that even if you did that, there are literally billions of USB devices on the market. None of which can be fixed by that.

Bryan: So moving on from this point, is the only security fix to redesign the way USBs work?

Fr. Robert: That is the thing. We don’t know if we want to do that, because the way they are designed makes them so flexible. We like the flexibility of USB. What Jacob and Karsten Were saying is you are not going to get rid of all the USB devices in the world. You are not just going to get rid of them. But we could start making devices non-programmable, at least the ones that don’t need to be programmable. But that is also probably not going to work. The only way this is going to happen is that people start being more cautious about what you do with the USB device. Never share a USB device. Which is a problem, because that is what we do with them. Do things, for example if I want to give data to you copy it onto an SD card instead of a USB device. Because an SD card doesn’t have the same vulnerability.

Bryan: And SD card doesn’t have the controller.

Fr. Robert: There is no controller. It is just backup memory.

Bryan: O what if, you were fairly certain that your USB wasn’t compromised. And you wrote your own firmware basically like the malware you can get on here. And just said don’t ever update this. So then if something does try to infect it…

Fr. Robert: But again, the controller is owned.

Bryan: What if you personally owned the controller?

Fr. Robert: You would have to to have built it. You would have to have assembled it. You would have to have been there to program it and make sure that the trip controller got the right firmware. That is the other thing. We know this, and we are paranoid now. We understand that things are being compromised at the factory or in transit.

Bryan: Hardware that is compromised is much harder to detect. But I think I have a solution.

Fr. Robert: Just throw those away? Just get rid of them? One problem. You still have USB devices in your computer.

Bryan: Fudge. Okay.

Fr. Robert: So, unfortunately we don’t have a good solution for you. We just wanted to scare you. This is one of those things where I think people should know. People should understand right now there is a major problem with USBs. You have to be aware of this. And be a little bit scared. One of the things that was big at Black Hat and DefCon is that when you go to these conferences everyone gives to their press kit on a USB.

Bryan: No thanks. That was the role of some even before I heard this. Don’t plug-in random USBs that you find into your computer.

Fr. Robert: It used to be that I had a separate computer and all it did was that I plug the USB drive into it and wipe it. But I can’t wipe the controller. All right. Now that we scared the pants off of you, we want to take a little break before we get to our main events. This last week has seen a lot of buzz from a device that one of our very own, Patrick Delehanty, built. It is a baby groot from the movie guardians of the galaxy. He is going to give us the teaser. It is not the step by step but it is a tease into what it took to make baby groot.

Bryan: It is surprisingly simple.

Fr. Robert: The mechanics are simple, the art is not.

Bryan: The art part is the hardest thing. You have to give credit to Spet, his fiance.

Fr. Robert: But before we do that, let’s talk about our first sponsor of Know How. And of course, we being the folks that try to fill your knowledge hole, Lynda should be in that hole. We may have to cut that out. lynda.com is The repository for online knowledge on the Internet. What I love about Lynda is that not only is it a one-stop shop for everything you want to know but is also a one-stop shop for everything you might want to be reminded of. That is what Lynda is about. It is not just a textbook that is online. It is an experience. It is an interactive learning process. lynda.com is pretty much the best that there is. Now lynda.com helps keep you up to date with software, learn brand-new skills, and explore new hobbies with easy to follow video tutorials. Whether you want to take pictures and video with your DSLR, learn the programming skills necessary to develop your own mobile app or save some bad USB firmware, or at it your own video footage using Final Cut Pro 10 or premier, lynda.com offers thousands of video courses in a variety of topics. For any software you might rely upon, including Microsoft office, Adobe creative Cloud, Final Cut Pro, logic Pro and more, Lynda helps you stay current with product update to learn how to be more efficient and productive in your professional or personal life. lynda.com recently released a new iPhone and iPad app for iOS seven and enhance their android app to provide Chrome cast support. The iOS app includes a more visual intuitive interface and both new apps offer online course and video viewing. Which allows you to learn in any environment. lynda.com Users can also move seamlessly between mobile and desktop applications, which means that you were never bound to a single device or a single location. You learn when you want to, where you want to, how you want to. Now one of the courses that we have been getting is we've been trying to look at Adobe Premier. We are switching over in the brick house to all new machines and we are leaving Final Cut Pro on Mac and going to adobe premiere on Windows boxes. We need our staff to get learned up. The subjects are the same, the process is the same but sometimes you need to get that little detail that gets lost when you make a transition. And lynda.com has been absolutely invaluable. Now, Lynda has over 2700 courses with more added weekly. All their courses are produced at the highest quality. Not like those homemade YouTube videos, which I love, but sometimes you want really good audio and really good lighting and really good video production values. That is what Lynda gives you. At Lynda the Instructors are accomplished professionals at the top of their field. And they are passionate about teaching. They have courses for all experience levels. From beginner to intermediate and advanced. And you get to watch from your computer, your tablet, or your mobile device. Whether you have 15 minutes or 15 hours, each course is structured so that you can learn from start to finish. And you can also search the transcripts to find quick answers were real long with the video. Finally, lynda.com offer certificate of completion when you finish your course, which you can publish to your LinkedIn profile which is great if you are looking for a job and you want to show people the skills that you have learned along the way with Lynda. so here is what we want you to do. Learn something new. Go ahead and do it. For something into that knowledgeable with lynda.com. it is only $25 a month for access to the entire course library, or for $37.50 a month you can subscribe to the premium plan. Which includes exercise files that you follow along with the Instructors projects. Using the exact same assets. You can try lynda.com right now with a free seven day trial. Visit lynda.com/knowhow to access the entire library. That is over 2700 courses free for seven days. It is all at lynda.com/knowhow. And we thank Lynda for their support of Know How.

Bryan: And filling your knowledge hole.

Fr. Robert: Now, you saw Guardians of the Galaxy. Right?

Bryan: I did. I loved it.

Fr. Robert: Actually Guardians of the Galaxy was the first movie that I have seen all summer.

Bryan: That is kind of sad. But you know what? I’m in the same boat. Because there haven’t been a lot of movies that have come out that I’ve been excited about. So when I saw the Guardians. I like Chris Pratt. I think we have played down the livestream a few times.

Fr. Robert: And for me, it was the whole idea of expanding the Marvel universe.

Bryan: You were really geeking out in that. You were telling me all about the infinity stones.

 Fr. Robert: It is a childhood the thing. To see a company that actually understands what you do with the comic book, Superman, Batman were great movies but they weren’t comic book movies. The Marvel movies have really been comic book movies. I really enjoy that.

Bryan: I enjoy the humor in it. It was a very funny movie.

Fr. Robert: But we are not here to talk about Guardians of the Galaxy. We are here to talk about one particular Guardian of the Galaxy, Groot.

Bryan: It is one of the characters in the movie. Our own Patrick Delahanty, let’s bring him in here.

 Fr. Robert: Now Patrick, you created this thing after you saw the movie about a week ago right?

Patrick Delahanty: I saw it on opening night with my fiancée and at the very end of the movie, there is a dancing baby Groot. And I thought that would be neat to make as a puppet. And so I got some materials and started doing that. But then I thought, I remember these dancing flowers they had in the 80s I could just build on top of that.

Bryan: And then just mold a custom head to that?

Patrick: And so I searched on eBay and found a Movin' and Groovin' flower.

Bryan: I can see why you swapped the head.

Patrick: I cut that head off with scissors and it was very fun. It went right in the trash. It had a pink puffy flowerpot at the bottom. I cut everything off and all it had left was just the stem. The stem would just dance on its own it was kind of weird. I’ve built everything right off of that base. And so after I got that off of eBay, and good luck finding one now. I went to Michaels and I bought everything for about $10.

Fr. Robert: Okay, when you say everything what do you need to make a baby Groot? Of course there is the iPod, and I can get that but here comes the artistry stuff. Show me the artistry.

Patrick: So, you can get a piece of felt for $0.33 and then that is what I used for the body, I just wrapped it around and kind of wrapped it diagonally. Then I wrapped it in twine. It is just bald twine, kind of a brownish green. That was just three dollars. It is just wrapped around the body. For the head, my fiancée used Model Magic. It is this foamy clay that is very lightweight. It stays relatively soft even after it dries. And so she’s sculpted it, she used some sculpting tools.

Fr. Robert: That is the part that would really lose me. That is just modeling clay but I don’t think I could do it. I don’t understand how you make stuff like that. It is real three-dimensional.

Patrick: She has an art degree. She used sculpting tools to do the detail in the head.

Bryan: So do you have to bake that?

Patrick: No, the model magic just air dries. So we left this to dry overnight. The rest of it was done one night and then we did the rest of the body and the painting the next night. It didn't take very long at all.

Bryan: The painting looks great on it and for the eyes do you use…

Patrick: We used to black beads that we also picked up in the jewelry aisle and then over in paint we picked up two shades of acrylic paint, brown and golden brown. And then for the arms in the floral aisle they had wires wrapped in paper. So that is what we used on the arms. I kind of braided them and then wrap them in twine. And then we just put paint on the whole thing. Most of the detail in the paint was on the face obviously. We tried to make the bottom of the body darker and the top lighter and then painted the arms to make it uniform color. I covered the old dirt in the pot with some more felt.

Fr. Robert: Have you been contacted by Marvel yet? And Disney?

Patrick: I haven’t been contacted by Marvel directly but I know that there are people at Marvel that know about this. People on Twitter have alluded them to it. So thanks for that. But I am not going to be selling it because I would be sued so fast. Apparently there are people who have made clay Groots that don’t move for the garden or whatever. They have already had takedown notices on their Etsy pages.

Fr. Robert: We just wanted to tease the audience a little bit. But you are going to be giving us as step-by-step as soon as you can find another one of those…

Patrick: And that may be difficult. I printed this out at full size based on the size of the stem so that I could reference the size of the hand.

Bryan: Oh, smart. So total cost of this was around $35?

Patrick: Probably around $40. The dancing flower was $27 and everything else was around $10.

Bryan: And it took you a couple evenings to put it together?

Patrick: Yeah, yeah. And then we brought it Stockton Con and Timothy Green II who worked on Guardians of the Galaxy comic. He loved it.

Fr. Robert: This is now going to be going with you everywhere.

Patrick: Yes.

Fr. Robert: Patrick Delahanty, we want to thank you very much for coming out on the show to share this with us. It is funny because we really do a lot of technical stuff with a lot of steps that is kind of hard core geek. And this brings me the most joy of any project we’ve seen on the show.

Bryan: It made me so happy the first day I saw that Groot.

 Fr. Robert: I know.

Bryan: It is been on so many different websites already.

Patrick: I know, I’ve lost track. I searched for my name and "Groot" and there are so many results that come up.

Fr. Robert: And as soon as you do get another one of those potted plants will you come back on the show to show us an actual step by step?

Patrick: Absolutely. Worst-case scenario I can do it on top of a broom handle.

Bryan: What I want to do is have an arts and crafts session in the studio, where we all try to build our own Groot!

Fr. Robert: I would do so bad. I have no artistic ability. Now we want to give you a little something something. The last bit from Maker Faire. This was the last thing that I thought was really fun from Maker Faire 2014 in San Matteo. When we come back I’m going to share some secrets of DefCon but before that, have you ever really wanted to see a sound wave?

Bryan: Yes. I want to see it. Where is it? Is it in there?

Fr. Robert: I'm Father Robert Ballecer, the Digital Jesuit with Twit TV. Now, one of the things here at Maker Faire that we are all about is finding new ways to introduce science topics to the young ones. And here we have one from Norman Tatum. This is an exhibit that you find at the exploratory them. What exactly does this do? These strings can vibrate at a certain frequency. We all know that right? That is why they make sound. If I were to hold up this microphone right now you would hear this. The problem is that if you try to tell someone that bees are sound waves they may or may not understand you. Now you could show them by using a strobe. If you sign a strobe you can see the individual waves or you could do this. Spinning the drum is essentially a strobe light. The cool thing about this exhibit is that I can, with this paddle, change the frequency of the sound waves as they travel through the strings. So they could get a visual representation of what a sound wave actually looks like. This is one of the few things that you will see here at Maker Faire 2014.

Fr. Robert: I really want to thank everyone at Maker Faire who helped us take all that footage. It was a lot of fun and you should come with us next time.

Bryan: Yeah, I think the only reason I didn’t make it was that my dogs tooth was falling out. But that looks really cool and I’ve The scene where you take an iPhone and you put it over a guitar and you can see the sound wave also.

Fr. Robert: There are a lot of different ways to do it. What I liked about that was that it was really low-tech. A spinning drum with some white and black lights painted on it and then you have a string that actually vibrates at a certain frequency. It is one of these little projects that any kid can make.

Bryan: And helps you visualize it a lot more.

Fr. Robert: All right now let’s step away from Maker Faire and talk about the new hotness. I already shared with you the scariest thing I learned at BlackHat but now let’s talk a little bit about DefCon.

Bryan: So you’ve got press passes and stuff. But these don’t look like normal press passes.

Fr. Robert: This is what the badges look like at DefCon. This one was from two years ago. It actually looks like this in its original form. This is a conference badge. So if you go to the show you how to have a badge in order to get to the show itself. It is actually a microcomputer. What I really liked about this was it didn’t come in this form. You actually had to solder the battery pack, the PS2 ports and a VGA port in order to get the full functionality out of it.

Bryan: Did you bring your own VGA ports and stuff?

Fr. Robert: Of course. This is what we had from DefCon 21. It is a circuit board and it looks like there was no circuitry on it but there was actually a little trick to using this and I’ll talk about it in a little bit. I want to explain something about DefCon. Defcon has this thing called crypto challenge. And it runs from the beginning of the show all the way to the end. The idea is that Lost who is the artist to creates all this wonderful stuff for DefCon, embeds an encrypted message that you must hand to him and if you and your team handed to him you get what is called an Uber badge. It is a black badge that has the status symbol of lost. If you have any number badge people would just look at you and go wow.

Bryan : That guy did some hacking to get that.

Fr. Robert: Exactly. That it is not just hacking the device. The crypto challenge literally is all over the show floor. For DefCon 22 this was one of the graphics that you see in the main hall. It looks like a bunch of zeros and ones and you see this symbol for DefCon. you start seeing numbers and if you didn’t know there was a crypto challenge going on you wouldn’t understand what they are. It looks like a cool design. But that is not how it works at DefCon. At DefCon everything has some sort of meaning. I am not going to guide you through the entire crypto challenge because that would probably take an entire episode. But, regardless to say, it was fun.

Bryan: It’s like an Easter egg hunt or a scavenger thing. But like on a high tech mystery scale.

Fr. Robert: There are people that come to Defcon and this is all they do. They don’t go to any of the talks, they don’t go to any of the workshops, they sit there with their team and they just hack away. Let me explain a little something. It is not just stuff on the walls or floors, they actually gave you a set of red specs and as you are looking around the hall there are things that are written on the wall that are part of the crypto challenge. Now this, everyone thought the badge figures prominently into the crypto challenge. But what they didn’t realize is that the lanyard also featured prominently. There is actually a code embedded into the lanyard. See the little dots and dashes?

Bryan: Is that like the old computer card?

Fr. Robert: This was a slightly obscure. And that is why you need a team. Someone that actually could just recognize this. It is not just that. If you look at this badge there was a sequence of numbers at the bottom and actually is part of the encryption scheme. Now Lost is a funny guy. He Doesn’t want to make any single Chryptological challenge within the whole crypto challenge to tough. So this is not actually that hard. This is an offset. But what happens is that when you combine a bunch of really easy challenges you get one really hard challenge. Let me show you just a tiny tad of what this looks like. This has a USB interface.

Bryan: Whoa. We talked about this.

Fr. Robert: We talked about this. But okay. So if I plug this in like that. Suddenly it stops and people starting to say I wonder what that is? The reason why is stop doing the demonstration is that now it is actually pumping messages across the USB port of my computer. We are going to use a client called Teraterm. Teraterm is just a serial communications protocol. So I know this device is on com port three. So I am going to switch over to com port three. and we are going to see what it is actually sending us. This is what is coming in right now. And so if you just plugged it in and you just ran the default drivers to get this thing communicating with your computer and you started up a serial console that is what you are going to see. It looks like gibberish. What is going to have been is you are going to have someone on your team that says oh I remember this. This is from way back in the terminal days when we went to plug a client in and start seeing gibberish we knew that we would have to play with the communication settings.

Bryan: Of course. I can’t wait to have someone on my team who does that.

Fr. Robert: I’ve already messed with the speed but what I have to do is I now have to mess with the terminal settings. From experience I know that I get this when I don’t have the right communication settings. So I’m going to change this to CR and LF and I’m going to make sure this is on a local. And when I do this, and reestablish the communication…. I’m having issues.

Bryan: Don’t panic, we have dancing Groot to fill in the blanks.

Fr. Robert: I have to do it all over again. Character run and line feed change the way that it deals with the incoming text. And I also have to make sure that the speed is correct and so I’m going to go here. Instead of 9600 I am going to change it to 5600. And suddenly, messages.

Bryan: Watch TV…. what does it say?

Fr. Robert: Now, this is weird. So once we started getting this text we were like what is going on? This is weird. But what this is, is that people recognized it. These are the little slogans that were hidden all over the movie they live. The Carter movie about aliens coming down? So, I wonder where they are doing that. Now if you go back to your badge. Watch this. I’m going to go ahead and touch these pads. They look just like decoration. If I start touching these pads, is stops. And now it is giving me other messages. This is all built into the badge for DefCon. These are clues for the crypto challenge. And what we figured out was that if you did a Google the search for Harold he actually did some work in cryptology and if you looked there was actually a phone number listed. If you call about phone number you would get a message that you would then include in this snippet of code that is included here as a URL. Which would get you to a website that would give you the next clue that would let you move on in the crypto challenge. Now obviously you have to put in a lot of effort. And this is just one step to complete the crypto challenge. It was something like six steps. The people at DefCon do this every single year.

Bryan: It sounds like a blast.

Fr. Robert: I do one step. Just so I can play. You have to be crazy, crazy smart and really good at security in order to get the black badge. Now, crypto wasn’t the only thing that we saw at DefCon. The other thing that I brought back was a little bit of lock picking. We have a video from DefCon that is actually going to show you exactly how this works. But, essentially what you want to do is take a lock like this and what you want to do is figure out how you open this up. It is just a series of torsion bars any little bit of a key so that you can flip up the tumblers and slide the lock open. Once you get it down like that….

Bryan: You’ve gotten really fast at it. What number was that level of difficulty?

Fr. Robert: This is one of those things that is a survival skill. Something that you learn for fun at DefCon.

Bryan: Something that is fun to know how things work. And of course the first thing I would try to do is break into the engineering office.

Fr. Robert: Which is a bit more difficult. But this is the stuff that we are going to be bringing you in the next couple of weeks of Know How. We’ve got several segments from DefCon showing you how to build micro components, embed a computer like the badge. We have a special series on how to pick locks. And we are actually going to have an expert that will come on and talk about the crypto challenge.

Bryan: We should make our own crypto challenge here in the studio. So maybe a guest could command and try to solve the clues. And then the last thing you have to do is pick a lock into a safe to get the black twit card. Or get a mug. We should do that. We should make a game out of it.

Fr. Robert: That would be fun, we could do that for Know How.

Bryan: We’ll call it Lost.

Fr. Robert: I’ll introduce you to him. He’s a nice guy. Crazy creative. Now, before we go there was one last thing I wanted to show you. Last time I showed the pizza robot. This time if you could show us the Mochi Robot.

Bryan: This is for after the pizza.

Fr. Robert: This is for desert. if you’ve never had Mochi, it is a Cajun dessert. It is rice-based. And the whole idea is that you have to be able to gelatinize the Mochi. This is a rice cooker that you can then turn on Mochi mode. It does look a little strange right now. What you are going to see is that as it goes it starts getting more and more uniform. And eventually you get this ball of stuff. It is sweet rice. Eventually you are going to get to the point where it looks just like dough. The cool thing is that you can eat this right now. It is ready to go. It is cooked rice that has been turned into this ultra-smooth wonderfully sweet rice.

Bryan: So did they add flavor after the fact?

Fr. Robert: No, you don’t have to. You can if you want to. Look how cool this is. And then you chill it. Because you wanted to keep its shape. It will stay in its shape more if it’s chilled.

Bryan: That is not the most appetizing look at it. But it is good.

Fr. Robert: I actually contacted the manufacture and asked if they would send this one. I want Mochi.

Bryan: And so does Alex and Patrick.

Fr. Robert: That is a whole lot of material. I think we should probably end up on the Mochi monster. Folks, we know that we pushed a lot of material at you. Everything from bad USB to the wonderful dancing Groot.

Bryan: We dropped some packets, you learned how to be creative, and be like a modern day….

 Fr. Robert: In just one little part of the crypto challenge for DefCon.

Bryan: I’m serious about that. I want to do it at the studio.

Fr. Robert: But, if you want to find out more go ahead and drop by our show notes page. You are going to be able to find it at twit.tv/kh. Once there you will be able to find all our episodes and you will also be able to subscribe so you can get our episodes automatically. Also, you can email us at knowhow@twit.tv although we never check that email so you probably don’t want to do that. The better thing to do is to follow Wes on Google plus. Where can they find our Google plus page?

Bryan: Go to Google Plus and search for Know How. We used to have a URL but it doesn’t work anymore. Just search for it. You’ll see Padre’s face there. It is a great place to submit Project ideas and see what other people are doing. Or if you have a question that needs answering we've got over 7000 members now. There is somebody in neither can answer a question.

Fr. Robert: You can also find us on Twitter. It is the best way to keep abreast of whatever we are doing. Be it at this show or the other shows that we do around the Twit TV network. You can find me @PadreSJ.

Bryan: And I am @cranky_hippo.

Fr. Robert: We also want to thank our TD, Alex. He is our pilot extraordinaire, not just in the air but also on the tri-caster. Also thanks to Patrick Delahanty for showing us some Groot. Until next time…. I’m Father Robert Ballecer.

Bryan: I’m Bryan Burnett.

Fr. Robert: And now that you know how…

Bryan: Go do it! Go build a Groot.