Edit: Thanks for all the (mostly) good comments/questions! We've put up a response video trying to answer the most common ones: ruclips.net/video/ioU5G_IuGuw/видео.html Hey everyone, Waitz here! As everyone has commented, it was pretty stupid to leave an unmarked device in the open. This particular device was meant for a 24 hr test and we (foolishly) did not put an accompanying logo with it. All other devices we have up are covered and marked with our logo and we're making new markings with more clear contact info. Great video!
Dude, cmonn. If u'd do it in my country (Turkey) they will probably go panic and scream and consider it as a bomb xD even military could involve this operation :D don't do this :D people are not that smart to understand what u r doing :D
@@ArgeKumadan Yok be abi. Ben direkt malın biri çakallık yapıp milletin bilgilerini ele geçirmek isterken bana bedava pi zero hediye etmiş oldu diye düşünürdüm.
I should think so, too! Leaving unlabelled devices out in public (Or mostly open access) places is probably going to land you with a high level of equipment loss from inquisitive fellows and eBay opportunists enjoying an arguable Pi giveaway! :-o Put some ownership info on these, and then you might have a case respect of those which go walkabout. Otherwise, it's an unidentifiable object that could've slipped out of someone's bag ages ago and for whom the rightful owner might be impossible to identify! :-)
If you find a bunch of unidentified tech at a research university, chances are it is a project. Please, don't forget to label your tech as a project, and include contact info. Or someone may salvage your project.
At my university some kid actually went and hid raspberry pi’s and connected them to all of the computers in the library, turned out he was keylogging to try and find out if his ex was dating another dude (I guess she used the library computers when working and opened up social media in the background.) Kid was expelled, but you aren’t wrong lol it was definitely a project
Lesson learned for me: label your stuff especially in public places / school setting. A little sticker and qr code would go a long way to make sure people know what something is for if it looks a little fishy.
I guess the main takeaway from this is: - Have good SEO tags for your website so people can find your website - Have some sort of descriptive or informative document that states exactly who produced your software and where you can them
And even more importantly, label your devices with a sticker or a small tag, this whole thing could have been avoided if the Pi just had a "Property of Waitz [link to project website]" attached to it somehow.
This is a super super niche service, so all they would have to do is post bulletins at/near the library and common parts of the campus. No seo necessary.
@@saiverx yes, because it's so incredibly necessary to have people anywhere other than ucsd to know how many people are in the geisel library at any moment
@@saiverx they only need to optimize for 'waitz ucsd', general traffic doesn't need to be driven to the website because there's literally zero motive to do so
Hello Mr. Narrator. I just wanted to compliment you on NOT editing out the part about being in a rush and mistakenly downloading malware. To admit a mistake like this takes confidence. This is a great example of how ANYONE, despite what they know, can make a simple mistake and infect their systems. I'm sure your colleagues gave you a hard time for doing that, but I'm sure they've probably done it, too. (I know I have! 😬)
I am borderline OCD about optimizing my system and I have done it multiple times for the same reason. Being in a rush when I needed to slow down. I agree it was really cool of him to leave that in there and apologize. Good content.
@@FartBiterr BTW despite this annoying addition to the installation, IMG Burn is a really great piece of freeware, they are obviously trying to just make a little money. This method is used a lot in freeware including pages that look like you need to agree to some terms to install software when in fact you actually need to decline to install additional shovel ware. A small price to pay for some otherwise very useful freeware out there
Actually i never install crapware nor adware because i'm obnoxiously over-cautious each time i install something, i even read those damn contracts from time to time, and i sandbox everything that seems even a bit fishy before trying. I'm obsessive about it, i'm also obsessive about not having antivirus, so it kind of balances in the end.
@@joshanderson3961 Because AVS are for plebs that don't care about having a slow computer. Haven't used an AVS in over 20 years and not a single infection since I was under 10 years old during the days of dialup when viruses were actually harmful.
I mean yeah that's pretty basic, but it's still not something anyone new to Linux would know about? And for casual Linux users they could easily use Linux for a long time without knowing what the home folder is.
@@MrSquirrel1693 It's a folder in the root of the file system "/home/". Some users (specifically humans or some programs) have a folder in the home folder that's the same as their username, then in that is all their personal files. It's kind of like "C:/Users" on Windows, and very similar to the "/Users/" directory on Mac. But do note that when people say the "home folder" they mean the folder that contains all of the user files. It doesn't have to be in /home/, it can be in other places, e.g. root's is normally in /root/ instead. This is why ~ is used, as it will always expand to the home folder location regardless of where it is. Obviously somewhat a simplification since we're talking about linux, it doesn't have to be true on some systems, or has exceptions, etc.
First I would've checked systemd directories and then the package manager data. Rasp Pi usually uses a Debian based distro. While I'm not familiar with apt, it's probably in /var/lib/apt or /var/cache/apt for cached packages. /var/log probably has a pkg mgr log to parse out what was explicitely installed by the sudo user.
Judging by the fact that it was apparently originaly a student project, they probably didn't think of that at the time. It's also one of those things that you just learn by experience, I wouldn't have thought of putting a logo on it myself either. Though I would've at least put it in some kind of case to make it look a bit less evil.
me too i thought this was gonna be a creepypasta boy was i wrong , this was very technically educational but soo boring i had to skip through it for the ending lol kinda let down , i was wishing it belongs to anonymous or illuminati i was wrong , (Sad trumpet sound)
I think the biggest takeaway for me is that ImgBurn has become so adware and malware ridden. I had no clue. That software was incredible in the late 2000s.
@@thedevilsadvocate5210 It's advertising, and if someone is being dumb and just clicking through, the software that advertised it will get paid. So yes, you would make money.
After reading the comments: - Note to self, if doing something extremely nefarious, put device in small case and put an unintimidating logo on the front, something like a letter or food... Like a lower case i, or a raspberry, or an apple, or a banana even. People seem to think small random devices are evil, unless they're in a case with a logo, then they're not.
Bleed inSkull yeah for sure, but the implication is that, as the person above you stated, if you act like you belong, people will assume you do. It’s less about a case and logo to explain what a non-nefarious device does, my comment is pointing out that people appear to assume the device is less likely to be nefarious when given a case and logo when in fact I could just make a nefarious device and put it in a case with a logo to trick people. Of course there’s always that smart white hat and eventually someone is bound to crack it open and figure out what it to only to find out that it’s nefarious but for 99% of people the case + logo thing seems to tell them it isn’t bad
@@Mr539forgotten Yea. This is so much abusable and could land anyone in trouble. You know what a USB killer is? A small device that looks like ordinary USB stick drive, but it contains series of capacitors that can generate like hundreds of volts out of just 5 within just a fraction of second, and then pump it in the data feed of the USB connector. When you buy stock from legal store, it is clearly stamped with an image of skull with crossbones, meaning that this device will kill your computer if not protected properly. But as it happens, these little but hell deadly devices are easy to obtain and even easier to dismount! So you can just take an old malfuncioning USB stick drive, dismount it, remove the original device out of plastic and place in the dismounted USB killer. You successfully disguised USB killer as an ordinary USB stick drive. It only waits for its victim. NOTE: THIS ACTION IS HIGHLY NOT RECOMMENDED!!! IT MAY AND CERTAINLY WILL LEAD YOU STRAIGHT IN JAIL IF YOU DO IT!!! Someone makes it, deploys it in somewhere and walks away. A curious victim just gets out to explore the contents, unaware of its true nature. Then suddenly, as soon as he plugs it in his laptop, screen goes black and laptop no longer responds to any keystrokes. Fan turned off, all indicators turned off. You can't even turn it on. That's the moment you just realised that computer just instantly died! No way to restore function, no way to restore data. The only way to be able to surf the internet again is buy a brand new computer, because brand new moherboards costs pretty much like brand new computer, not to mention that you have to buy brand new licence of Windows as well, because new motherboard means completely brand new computer. So in reality, changing the motherboard would cost you in the end more than buying new computer with new Windows preinstalled. And all of it just because of one little USB stick.
@@CZghost A USB killer should only affect the series of USB ports on a specific controller, and even then, most are protected so even if one gets killed, the voltage will not be sent through the entire controller.
@@ThatRipOff Guess you're ok with being watched and accounted without your consent. Thinking this shit is OK is what leads us to a slippery slope downwards a dystopia.
@@kba They still should have been labeled, including contact details. And, if they were installed with the university's consent, they should have been put in legitimate places (ceiling voids, locked cabinets, etc.) rather than in places that looked massively dodgy.
well he doesn't know anything about anything as evidenced by the fact that he's using windows. That guy wasn't ever going to reverse engineer anything. Nobody was going to find out what it was until someone who actually knows thing got their hands on it.
All the devices should be surrendered to the campus security and ICT team for further investigations. Who knows how many wifi passwords and login credentials the have stolen. Of course a thief will never own up they are thieves.
It was probably harmless but I'd prefer to err on the side of caution. I might be reluctant to return the devices. Could this be perverted into something not so harmless?
@@karlbergen6826 Considering this person found and stole one and then cracked it open like an egg to the point of being able to edit the files, yes, yes it could be molested into something devious
I remember watching this video years ago! When I finally got to university and saw this system in commercial deployment I had a blast of nostalgia. I'm so happy that this video has come back up in my feed cuz I havnt been able to stop thinking about it
Then the attackers would copy your sticker and go unnoticed. Instead if you are allowed to install devices in public areas install them into a place where only authorised people have access. Like a locked cabinet or similar.
Kudos to the uni & waitz for the amateurish approach. Use a casing and put them in places that can't be reached without a ladder maybe? Super fun video! Also, you might not want to just plugin that SD card into a device that has network and that you care about. Who knows what might be on there.
A client broght a bloody knife to detective and wondering if it is a murder weapon. As detective and client deduces the case, they figured the blood on the knife is from animal, not human. At that same time , they arw hearing a scream from the local butcher: "Whoever found the butcher knife, please return it. We need it for work!"
skip to 15:15 and watch the rest if you dont feel like figuring out what it does through the other 15 mins of code talk. after 15:15, they figure out what it is and what it does and thats the video
If you are walking around locations you do not own or rent, while broadcasting a locator signal from a device, you should have no expectation of any privacy. Also this device is no different than a car counter on a highway, as it's only show number of signals per area, not detailed info on each signal.
ONLY IF YOU'RE NEFARIOUS!! I looked around my library and I found a whole bunch of computers and some unnecessary books. But I am not nefarious, so I left them there.
@@VIJAYGACHANDES i’ve never even seen linux i have been thinking about trying to figure out how to change operating systems but i don’t wanna fuck things up
@@aidanl3105 I'm on my last semester of Cyber Security, and I would say it's (Linux) no big deal. It's not hard to learn, and you definitely don't need to switch to it to use it. Using it has only made me like windows more.
Nah, you're cool. Took me 2-3 years to familiarise with Linux. Once you get the basics, you rocket yourself to the mid ground. And after that it's just all practice
Most of this stuff went WAY over my head. I imagine it’s what I hear when explaining music theory to others. It’s interesting because I can tell you find it fascinating and don’t dumb it down all that much. Nice work!
4:24 You should ALWAYS check software to see if it has those little "I have read" checkboxes. Those will prevent software from being installed without your consent.
That sort of system could probably in theory be used to determine if someone attempting to connect to the public wifi network is within the property of the network owner or not! It could possibly be used to block people from joining the network if they are physically outside the property! :)
Props for not glossing over the fact that you committed a serious security gaff in the process of figuring this out (installing malware). Goes to show that even security conscious folks can make one small mistake and get into trouble. win32diskimager can pull a disc image as well. Also, your accent kinda hides the purpose of the device "waitz" = waits. Checking wait times. It all checks out!
His spelling is shit, get an education. It's "could HAVE been", there is absolutely zero justification for the word "of" in there, and anyone doing this needs a massage with a chainsaw.
I am as dumb as a bag of useless rocks when it comes to understanding any of this. However I was compelled to watch like a moth to a flame. Only thing I learned from this video is I am as dumb as a bag of rocks. Having said this I loved watching anyway, thumbs up. 👍
The thing that keeps moths being dumb as rocks are the flames to which they are drawn. Fire is essentially nature's mind eraser, and it's almost been proven that immersing yourself immediately into a soothing pool of flames after learning something removes all the learning from you and gives it to the fire. They tested this with mice, and it was hard to determine how much of the learning was transferred to the fire, as the mice were slain rather quickly each time they were exposed to the soothing pool. It was even more difficult to attempt to extract this learning from the fire itself, and so it was generally assumed and agreed upon that the experiment was successful, and that is why fire is so smart and why moths aren't. You're welcome.
A bag of rocks isn’t useless. It can be used in many ways.You can use the bag to smash all this stuff, pull a rock out and smash something at a distance, mark your trail in the woods as you get lost, etc (lol) I get your tongue in cheek comment though. I feel the same way about this level of tech.
@@johnkruton9708 Well I have advanced some over the years point in fact I finally switched from a flip phone to an iPhone. The only reason I bought it was because the sales lady assured me I can also make my coffee in the morning. But seriously when I don’t understand something I just call my nephew and he is like a wizard and fixes everything in seconds.
This video is aimed at neophyte users, but neophyte users will not understand it. It could have been shortened to 2 minutes for the real audience. So, this video could have been shortened to 2 minutes, and therefore the video is designed to hack YOU and your time.
I just got this video recommended by RUclips. Good analysis, I think I would've done mostly the exact same steps, only I didn't know what MQTT is. Small recommendation: instead of calculating partition offsets manually, create a loop device for the whole image using `losetup` with the -P flag for a partition scan. Then you have /dev/loopX for the image and /dev/loopXpY for each partition. These can be mounted like any other block device.
Whoa! Holy $#!t It's MrMario! I watch your videos all the time. So cool to see your comment on a random video. Anyway keep up the good work dude, I really like your channel.
Yeah, I haven't coded in about 20 years and could keep up, so it was good for me. Also I know crap about Linux so appreciated he didn't assume everyone is a Lunix expert.
The bluetooth dongle receives powerful signals, which overcharge the whole device. The SD card, due to the high voltage, heats up, heating up the air around it.This causes rapid expansion of the air, also known as an explosion.
Never use Express Installation, Use Custom, and always remember to uncheck all boxes that have to do with any “tools and features” to added for “free”. Most of the time, these programs are flagged as PUPs (Potentially Unwanted Programs) by your anti-virus or anti-malware. Take a look around before hitting “Next”. It’s a good habit. ;)
There's a program called Unchecky that automatically does this on most programs I wouldn't recommend it if you're an advanced computer user, but it's a nice thing to install on dumbusers' computers
Or use ninite for the apps it supports. Install multiple apps at once, with no extra stuff you don't need. Imgburn is on there, so even though it didn't work for this purpose it would have avoided installing the PUPs.
When i was in high school, there were kids setting trash cans on fire in the bathroom. It was happening like 2 times a week. I walked into the bathroom one day between classes and saw kids pulling a tape recorder out of the ceiling tiles that they just found. Said they heard it click when they were using the bathroom. I went to the principal and he totally dismissed it. I saw it plain as day. A black tape recorder with a microphone on a long wire.
"When you said "UCSD" I instantly knew what it was... -- UCSD student" - Congratulations, you fulfilled your curriculum. You memorised your school's name.
Really liked following you on your investigative journey on this. Wish I had some of those same levels of system and software knowledge. So useful in this real world scenario we now live in.
I love how you write your videos so that not only am i learning about your project, but about all the little side pieces of information I can gain from your journey along the way. It's like im making friends while I'm on my way to a destination. :)
@@thatsciencedude4552 you mean the guy who only uses linux that was trying to have someone on the other side of the globe use windows to extract the data from the device? Seems reasonable to me. Once he got the disk image he sailed through the discovery process quite well.
TL;DW It’s a sensor that reads the “busyness” of certain areas. It sends the info it gathers to an app the students can use to see what areas of campus are more congested.
Man I love how you get people enthused about security dude good job. Didn't see too many comments about the amount of effort and the detailed explanations that you're able to communicate to your audience even if they have a decent understanding of computer sci. Good job man damn
@@cypherusuh he did a google search it just didn't occur to him it might have been official due to no documentation or stickers. I would say in this day and age a README file or a permission contact sticker is a requirement to keep people from getting freaked out.
2:50 the reason windows won't mount the second partition actually has nothing to do with its format and is actually caused by the fact that windows does not support more than one partition on an external drive mounted through USB.
It's still the best software for that. Etcher from Etcher.io may seem more modern, but it lacks the functionallity to generate an image of a whole (micro) SD Card
A little history lesson about ImgBurn, it's actually the stripped down version of a software called DVD Decryptor, the very first piece of software that cracked the DVD CSS (Content Scrambling System) and allowed anyone to make backups of their DVD movies, the author stopped development of DVD Decrytor in fear of being sued and used the image burning part of of the software to create ImgBurn, it was never meant to create image from SD cards, its sole purpose is to create images from optical discs (And does a damned good job at it too). Now regarding adware, yes it has bundled adware, but only on the official mirror that you downloaded, all external mirrors doesn't have the adware portion and are clean.
How was Your day? Was in the library, chillin around, looked behind trash cans and some machines, installed some malware and stole some boards from a college project.
Actually if this was in EU it would be deemed as illegal because this system gathers MAC data and location (without users consent and awareness on top of it) and that data is considered as identification data.
@@GeraintDafis a conspiracy theory as I understand it usually invoked to explain a specific event. What I really meant to say is that it's a potential security threat. These devices were unencrypted, they could have easily be made malicious by anyone including your average joe smoe, a state or gangsters.
Hilarious outcome. I really don't miss sifting through code very much. Your patience with the noobs re mounting the filesystem was exemplary, but painful for me to envision. Anyways, this reminds me of a project I did once. Great content.
I realize you're not a native English speaker, but once you discovered what it was used for I realized that its name gave it away: wait (plural). Waits. Like how long you have to wait if you go to an area that's busy. Aptly named and very useful. I've seen this type of thing used in other media, like cameras at auto inspection stations.
"next - next - next" is a lazy rookie mistake... If I had a penny every time I cleaned up a computer after a noob or "advanced users", because of that method... But all in all it was an interesting video, - especially Linux os part was informative.
I really like how you included the part where you installed ImgBurn without paying attention and installed an unwanted addon. I also liked how you took full responsibility for not paying attention. Not the fault of ImgBurn.. And also not a Virus - Just an unwanted program. This happens all the time to normal people that really just do not pay attention to what they are installing. On one hand it is crappy that programs do this, but THEY do give you the option to Opt-Out.. When it should be an option to Opt-In. Alas who would Opt-In?!??!? no one.. These are all teaching moments.. The device could have just as easily have been nefarious. Just as the unwanted addon could also have just as easily been nefarious. So a great learning experience for all.. It is great that you shared this, and making it a learning experience for more people who watch this.. For those saying it would have been easier if they would have looked at all this on a Linux PC... Yea that is true, but the more average person like in the video (who found the device) might not have such available - So it added the extra insights into 1st trying this out on a Windows PC..
Though, it does piss me off when certain sneaky programs install the extra stuff even if you click "opt-out" in the options... I've had that happen at least once or twice before, getting the stuff even AFTER you clicked "no" and "next" because it actually wanted you to click CANCEL, whereas sometimes clicking cancel actually cancels the entire install with other installers. So yea, it can happen sometimes even if you're experienced and pay attention depending on how they set up the installer and how clear/unclear they make it. But yea, most of the time it's just as simple as clicking opt-out or "no" though, like you said ;)
@@DeathBringer769 LOL yea I think I know what sneaky programs you are talking about LMAO.. The kind where you not only do a full backup and remove that backup from the system, but also 1st try it out in a VM to see what kind of shenanigans it wants to get up to. But alas friends and family have not a clue, and thats when we get the call that something is wrong with their PC. You ask them did you do anything? They say NO NEVER!! lmao.. Did you install any programs? Oh well just this one, but my friend Bob said it was good so it can not be that.
Imgburn used to be an indispensable tool back in the days of optical media. From memory, they gave up all hope & went to the dark side after Sourceforge started repacking all installers with bundled adware
Never "Next, Next, Next" through an installer... Every unwanted item installed with Imgburn could have been deselected, the only reason they got installed was "Next, Next, Next" - also always choose "Expert user" as often these options are not made available under the "Express" install option - Expert mode generally just has to ask you at every stage if you are OK with what it wants to do next...
From my experience, ImgBurn's installer will actually install some junk whether or not you deselect stuff thanks to it's use of OpenCandy for the installer ads. After several installs on VMs, carefully unchecking everything each time, I still got some ransomware and spyware from it. I pretty quickly found that there are some complaints here that were simply ignored by the author... forum.imgburn.com/index.php?/topic/21877-why-the-malware/
@@LuciferStarr Yeah, I just thought I'd mention that unfortunately it won't actually help you out with ImgBurn. Best way is to install it through Ninite or something. :/ Really disappointing..
I had to pause the video and comment because this video is just amazing. The way you explain it, your attitude, all awesome. Thanks for making such an awesome video!
So basically, they left something that looked like it could easily be nefarious in a public place without any sort of security (physical or software) and expected nobody to care? That's stupid. At least put a sticker that says "School Property" and explains what the device does on it lmao
If someone is under the impression that these devices might be malicious, they could easily assume that someone might have put that sticker on them as a disguise. In fact, someone that wanted to *hide* them, instead of just putting them out of the way, might actually have made an effort to make them appear inconspicuous.
if its school stuff dont hide it make a box and mount it on the wall. but i like how you would be fooled with a simple sticker found behide the vending machine.ohh like a raspberry pie maybe somebody is trying to hack the library.nah man see the sticker its theirs XD @@christianknuchel
It seems to me that while the intent might not be nefarious in this case, the implementation is quite questionable and negligent. If someone who wanted to spy on the students found that such devices were deployed around the place, they might find some way to exploit them or tamper with them, or they might install their own devices, trusting that if they were discovered those in charge of the place would just assume they were part of the authorized project. I think the student should investigate with the authorities of the place to what degree this was authorized, as while they seem to think it was legitimate, that might mean anything from them just getting the ok from a few random employees to the project having been reviewed by the highest authorities. Was it reviewed for ethical concerns? Was campus security informed? was those in charge of computer and network security consulted? After all, one would think that if it went through all the channels, the installation would presumably have been coordinated with those in charge of computer network or physical plant installations, who would probably have seen to it that the installation was a bit more professional.
Everyone: please label your project so people don't think it's nefarious Nefarious actor: awesome idea, label spy device to make it look like a school project
Yeah, ImgBurn is actually a great tool (for optical disk images, particularly, ISOs). You could've gone straight to traditional disk imaging for Raspberry Pi and used something like DiskImager to do a raw byte read to an image file. I, of course, write this while only at 5:23 in the video and I'm not trying to bust your chops, just giving suggestions as to how I would've handled that part.
I'm usually mounting images with ImDisk, or just open them directly in 7-zip, but with that much work I would've just thrown in a Linux live image (assuming there is not system installed on hardware around)
If I found a device like this and figured it out, I’d silently put it back then rename my devices with dead celebrities then repeatedly walk by the library
Edit: Thanks for all the (mostly) good comments/questions! We've put up a response video trying to answer the most common ones: ruclips.net/video/ioU5G_IuGuw/видео.html
Hey everyone, Waitz here! As everyone has commented, it was pretty stupid to leave an unmarked device in the open. This particular device was meant for a 24 hr test and we (foolishly) did not put an accompanying logo with it. All other devices we have up are covered and marked with our logo and we're making new markings with more clear contact info. Great video!
Dude, cmonn. If u'd do it in my country (Turkey) they will probably go panic and scream and consider it as a bomb xD even military could involve this operation :D don't do this :D people are not that smart to understand what u r doing :D
@@ArgeKumadan Yok be abi. Ben direkt malın biri çakallık yapıp milletin bilgilerini ele geçirmek isterken bana bedava pi zero hediye etmiş oldu diye düşünürdüm.
@@ArgeKumadan yep we were dumb
Did you get it back or did oc keep the one he stole?
I should think so, too! Leaving unlabelled devices out in public (Or mostly open access) places is probably going to land you with a high level of equipment loss from inquisitive fellows and eBay opportunists enjoying an arguable Pi giveaway! :-o
Put some ownership info on these, and then you might have a case respect of those which go walkabout. Otherwise, it's an unidentifiable object that could've slipped out of someone's bag ages ago and for whom the rightful owner might be impossible to identify! :-)
This is like those detective books for kids where at the end it turns out to be nothing important, and you get grounded for bothering your neighbors.
This guys has no idea what he is doing. If you want to see some real world uses ask a real Linux admin. This video is embarrassing.
Still got to the solution, so what does it matter? Also maybe don’t just judge from a single video that had very specific constraints ;)
Well he had baby owls, have you seen baby owls?
Or, as the saying goes, a month in the laboratory can often save an hour in the library.
except, no one but them were bothered and it was really fun even just as a story too!
the "twist" at the end was exceptionally great too!
Normally it's a sin to steal property, but this was VERY interesting.... all is forgiven. Go forth and sin no more.
@@meep.472 r/whoooooosh
How’s your dad doing?
Thanks, Jesus.
@@meep.472 how is he fake? he has a verified check so he's definitely real.
Lmao 😂
*Accidentally downloads malware in an effort to expose a hacker*
*Ends up being a school project*
It hurt itself in confusion!
Props for Pokemon reference
Love the reference! xD
lel pokemon
YES.
@@misceryyt2897 lel
If you find a bunch of unidentified tech at a research university, chances are it is a project. Please, don't forget to label your tech as a project, and include contact info. Or someone may salvage your project.
Or add a Readme file
At my university some kid actually went and hid raspberry pi’s and connected them to all of the computers in the library, turned out he was keylogging to try and find out if his ex was dating another dude (I guess she used the library computers when working and opened up social media in the background.) Kid was expelled, but you aren’t wrong lol it was definitely a project
@@shreddded6403 lol
@@shreddded6403 that would mean you need to have already removed it from where it is to be able to read that, possibly ruining said project
@@genesisreaper2113 yeah but at least then they know to put it back.
"If you're a windows user, You've definitely seen fat before"
ouch
Cutting deep here
So Windows is fat?
@@FishlandicFishy she thick
@sw4gr1d Linux users...yeah go FSCK yourselves. hahaha....
@Ultracloud thats the jokes, man
Lesson learned for me: label your stuff especially in public places / school setting. A little sticker and qr code would go a long way to make sure people know what something is for if it looks a little fishy.
I don't think so. I still haven't figured out how to read qr code with my phone
@@PropagandalfderWeiße just use your camera app.. most camper apps now will automatically detect the QR code and have something pop up that you click
I feel like they also could have just packaged the board and stuff in something innocent looking. Like a CO detector body or something.
@@jackbootshamangaming4541 Yep, and if for whatever reason that doesn't work, Snapchat will also read QR codes
Qr code ffs don't scan random qr codes you fkn m0r0n
I guess the main takeaway from this is:
- Have good SEO tags for your website so people can find your website
- Have some sort of descriptive or informative document that states exactly who produced your software and where you can them
And even more importantly, label your devices with a sticker or a small tag, this whole thing could have been avoided if the Pi just had a "Property of Waitz [link to project website]" attached to it somehow.
This is a super super niche service, so all they would have to do is post bulletins at/near the library and common parts of the campus. No seo necessary.
@@Rwdphotos Any SEO is good SEO, especially for a company.
@@saiverx yes, because it's so incredibly necessary to have people anywhere other than ucsd to know how many people are in the geisel library at any moment
@@saiverx they only need to optimize for 'waitz ucsd', general traffic doesn't need to be driven to the website because there's literally zero motive to do so
Lesson of the day: Print contact info on the devices you install in the wild :)
lol
Literally lol
You are still spying!
yes
same like: "don't forget your passport before you go on a terrorist attack"
Hello Mr. Narrator. I just wanted to compliment you on NOT editing out the part about being in a rush and mistakenly downloading malware. To admit a mistake like this takes confidence. This is a great example of how ANYONE, despite what they know, can make a simple mistake and infect their systems. I'm sure your colleagues gave you a hard time for doing that, but I'm sure they've probably done it, too. (I know I have! 😬)
I am borderline OCD about optimizing my system and I have done it multiple times for the same reason. Being in a rush when I needed to slow down. I agree it was really cool of him to leave that in there and apologize. Good content.
@@FartBiterr BTW despite this annoying addition to the installation, IMG Burn is a really great piece of freeware, they are obviously trying to just make a little money. This method is used a lot in freeware including pages that look like you need to agree to some terms to install software when in fact you actually need to decline to install additional shovel ware. A small price to pay for some otherwise very useful freeware out there
Actually i never install crapware nor adware because i'm obnoxiously over-cautious each time i install something, i even read those damn contracts from time to time, and i sandbox everything that seems even a bit fishy before trying.
I'm obsessive about it, i'm also obsessive about not having antivirus, so it kind of balances in the end.
@@diablo.the.cheater why do you not use anti-virus ?
@@joshanderson3961 Because AVS are for plebs that don't care about having a slow computer. Haven't used an AVS in over 20 years and not a single infection since I was under 10 years old during the days of dialup when viruses were actually harmful.
*casually walks behind a vending machine*
His friend was paper mario.
:))))))))) dying
*CASUALLY*
What? You don't walk behind every vending machine you encounter to find electronic tools placed by criminals?
You freak
Your profile pic goes with this so well.
“Knowing where to look is acquired over time if you work on Linux”. Opens “Home” folder.
I mean yeah that's pretty basic, but it's still not something anyone new to Linux would know about? And for casual Linux users they could easily use Linux for a long time without knowing what the home folder is.
What's the home folder?
@@MrSquirrel1693 It's a folder in the root of the file system "/home/". Some users (specifically humans or some programs) have a folder in the home folder that's the same as their username, then in that is all their personal files. It's kind of like "C:/Users" on Windows, and very similar to the "/Users/" directory on Mac.
But do note that when people say the "home folder" they mean the folder that contains all of the user files. It doesn't have to be in /home/, it can be in other places, e.g. root's is normally in /root/ instead. This is why ~ is used, as it will always expand to the home folder location regardless of where it is.
Obviously somewhat a simplification since we're talking about linux, it doesn't have to be true on some systems, or has exceptions, etc.
First I would've checked systemd directories and then the package manager data. Rasp Pi usually uses a Debian based distro. While I'm not familiar with apt, it's probably in /var/lib/apt or /var/cache/apt for cached packages. /var/log probably has a pkg mgr log to parse out what was explicitely installed by the sudo user.
@@krozareq PJ
A simple logo on the device would have helped quite a bit haha
Judging by the fact that it was apparently originaly a student project, they probably didn't think of that at the time.
It's also one of those things that you just learn by experience, I wouldn't have thought of putting a logo on it myself either. Though I would've at least put it in some kind of case to make it look a bit less evil.
Exactly! A little case and everything would've looked way less shady.
at least a readme.txt on the root of the fat32.
@@pastrana2000 black case with a warning sticker "Security device do NOT unplug" ;-)
Or a link to the the website / Reddit page
I was kinda hoping this ended in some international espionage, and maybe a car chase and shootout.
naw that only happens on tv
me too i thought this was gonna be a creepypasta boy was i wrong , this was very technically educational but soo boring i had to skip through it for the ending lol kinda let down , i was wishing it belongs to anonymous or illuminati i was wrong , (Sad trumpet sound)
@@veg4life. *lol*
hahahahhahhahhahahhahahhahhaha! John Wick, James Bond, Jason Bourne style......
lol, If it did you wouldn't have seen it in the first place.
This RUclips algorithm is giving me the coolest suggested videos today
big time
Screw anything the devs at JewTube do. It's all done to supress the truth and shove nonsense Shane Gayson down your throat.
Same
For one it actually shows things I like
@@crepemaister5416 shane dawson*
I think the biggest takeaway for me is that ImgBurn has become so adware and malware ridden. I had no clue. That software was incredible in the late 2000s.
I used cloneCD by slysoft. And it is still around.
Well, he has to make money in some way.
@@bryancampbell4604
You aren't going to make any money that way.
@@thedevilsadvocate5210 It's advertising, and if someone is being dumb and just clicking through, the software that advertised it will get paid. So yes, you would make money.
@@bryancampbell4604 a lot of the time you dont even have to click it
After reading the comments:
- Note to self, if doing something extremely nefarious, put device in small case and put an unintimidating logo on the front, something like a letter or food... Like a lower case i, or a raspberry, or an apple, or a banana even.
People seem to think small random devices are evil, unless they're in a case with a logo, then they're not.
Right on with that observation. It is the r/actlikeyoubelong for hardware.
a case + Waitz logo + small description written on the front like "active busyness monitor" = harmless tracking device
Bleed inSkull yeah for sure, but the implication is that, as the person above you stated, if you act like you belong, people will assume you do.
It’s less about a case and logo to explain what a non-nefarious device does, my comment is pointing out that people appear to assume the device is less likely to be nefarious when given a case and logo when in fact I could just make a nefarious device and put it in a case with a logo to trick people.
Of course there’s always that smart white hat and eventually someone is bound to crack it open and figure out what it to only to find out that it’s nefarious but for 99% of people the case + logo thing seems to tell them it isn’t bad
@@Mr539forgotten Yea. This is so much abusable and could land anyone in trouble. You know what a USB killer is? A small device that looks like ordinary USB stick drive, but it contains series of capacitors that can generate like hundreds of volts out of just 5 within just a fraction of second, and then pump it in the data feed of the USB connector. When you buy stock from legal store, it is clearly stamped with an image of skull with crossbones, meaning that this device will kill your computer if not protected properly. But as it happens, these little but hell deadly devices are easy to obtain and even easier to dismount! So you can just take an old malfuncioning USB stick drive, dismount it, remove the original device out of plastic and place in the dismounted USB killer. You successfully disguised USB killer as an ordinary USB stick drive. It only waits for its victim.
NOTE: THIS ACTION IS HIGHLY NOT RECOMMENDED!!! IT MAY AND CERTAINLY WILL LEAD YOU STRAIGHT IN JAIL IF YOU DO IT!!!
Someone makes it, deploys it in somewhere and walks away. A curious victim just gets out to explore the contents, unaware of its true nature. Then suddenly, as soon as he plugs it in his laptop, screen goes black and laptop no longer responds to any keystrokes. Fan turned off, all indicators turned off. You can't even turn it on. That's the moment you just realised that computer just instantly died! No way to restore function, no way to restore data. The only way to be able to surf the internet again is buy a brand new computer, because brand new moherboards costs pretty much like brand new computer, not to mention that you have to buy brand new licence of Windows as well, because new motherboard means completely brand new computer. So in reality, changing the motherboard would cost you in the end more than buying new computer with new Windows preinstalled. And all of it just because of one little USB stick.
@@CZghost A USB killer should only affect the series of USB ports on a specific controller, and even then, most are protected so even if one gets killed, the voltage will not be sent through the entire controller.
Think of how much trouble could be saved with a 25 cent enclosure that says "Library Property - Do not remove."
Came here just to say something similar.
Brandon Pack 一
just what someone up to no good would do...
We would still shove it into our pockets who are we kidding
@@ThatRipOff Guess you're ok with being watched and accounted without your consent.
Thinking this shit is OK is what leads us to a slippery slope downwards a dystopia.
I already saw this video but it's being recommended to me again so I'm just gonna watch it.
Same lmfao
same
Same
Same
Oh, really interesting!
Lol. Why didn’t Waitz just package their raspberry pis in some branded packaging - then it would’ve been obvious it wasn’t some nefarious hack 😅
Or even just label them.
They said the unmarked ones were for testing, they installed permanent ones and probably forgot where they put all the temp ones lmao
School project... main lesson learned: packaging is key.
ikr how unprofessional.
@@kba They still should have been labeled, including contact details. And, if they were installed with the university's consent, they should have been put in legitimate places (ceiling voids, locked cabinets, etc.) rather than in places that looked massively dodgy.
Sets out to reverse engineer malware, downloads and installs malware on his own computer.
well he doesn't know anything about anything as evidenced by the fact that he's using windows. That guy wasn't ever going to reverse engineer anything. Nobody was going to find out what it was until someone who actually knows thing got their hands on it.
@@jhk6558 I thought the LO implicated that he installed the malware with screenshare (remotely),
@@jhk6558 what's wrong with windows?
@@blendernoob8993 not open source
How embarrassing. Even my grandma wouldn't fall for that.
4:24: NEVER SPAM NEXT ON INSTALLS.
Mcafee ad chormium lol
I'm very careful but I still have Unchecky installed to catch any sneaky addons I miss.
Or better yet : Only install from trusted repositories using a package manager like apt.
@@NatoBoram Nobody likes Linux elitists. Windows users have no choice as you know.
You should try scoop.sh
"this device isn't nefarious. It's just part of a school project"
...Exactly what a nefarious person would say.
All the devices should be surrendered to the campus security and ICT team for further investigations. Who knows how many wifi passwords and login credentials the have stolen. Of course a thief will never own up they are thieves.
It was probably harmless but I'd prefer to err on the side of caution. I might be reluctant to return the devices. Could this be perverted into something not so harmless?
@@karlbergen6826 Considering this person found and stole one and then cracked it open like an egg to the point of being able to edit the files, yes, yes it could be molested into something devious
@@nervonabliss So could the library computers, or the books
@@alakani Yea, pretty much. Only difference is one is monitored a lot more often then some raspi left in a corner somewhere
I remember watching this video years ago! When I finally got to university and saw this system in commercial deployment I had a blast of nostalgia. I'm so happy that this video has come back up in my feed cuz I havnt been able to stop thinking about it
Do you feel old?
Moral of the story: Always put contact information on the devices you leave on the field with normal hoomans.
Then the attackers would copy your sticker and go unnoticed. Instead if you are allowed to install devices in public areas install them into a place where only authorised people have access. Like a locked cabinet or similar.
Why not a) out of reach, b) secured.
I was wondering why so many raspberry boards were suddenly for sale on eBay from San Diego seller's.
alternate moral of the story: don't poke around with devices that are clearly part of the campus' network and clearly labelled
_Security expert in action_
@Hugohopser Didn't find "Win32 Disk Imager" though, which everybody says is immediatly found with google.
Hugohopser follows to click in one million user pop up
@@LiveOverflow I literally just searched for your quoted text and its the first result on google....
@@jslay88 I'm clearly an idiot ;)
@@LiveOverflow be careful next time :3
This has been a Public Service Announcement on the benefits of using property identification tags.
Kudos to the uni & waitz for the amateurish approach. Use a casing and put them in places that can't be reached without a ladder maybe? Super fun video! Also, you might not want to just plugin that SD card into a device that has network and that you care about. Who knows what might be on there.
A client broght a bloody knife to detective and wondering if it is a murder weapon.
As detective and client deduces the case, they figured the blood on the knife is from animal, not human.
At that same time , they arw hearing a scream from the local butcher: "Whoever found the butcher knife, please return it. We need it for work!"
Kowalski analysis
@alysdexia use your fucking common sense
@@rzul thats not so common anymore
@@LegoDude182 *sHOts firED*
Damn there is free tech around and I just have to find it
OMG JARID I LOVE UR VIDS PLEASE RESPOND TO THIS COMMENT PLEZZZZZ
You’ve been ignored xd
Oof I unsubbed like 2 months ago :(
He10s etfja tyiam my channel!
RAWSTORM Did you just have a stroke
Should have put a camo skin on that RasPi to make it invisible.
Can confirm. I did that to one of my pis 3 years ago and haven't been able to find it since!
Did he show it in the video, I couldn’t see the pi
He'd have better luck if he used a John Cena skin.
Cover it with John Cena stickers 😶
@@notsmoothie umm... What stickers? I cant read.
14:55 The thing you came for. It logs mac addresses to show how busy a place is.
skip to 15:15 and watch the rest if you dont feel like figuring out what it does through the other 15 mins of code talk. after 15:15, they figure out what it is and what it does and thats the video
Thank you very much
Bruno Real MVP.
I appreciate his detail, but I understood none of it. You're my hero
Hero
17:50 "It isn't nefarious, it is extremely basic and giving you (gives
us) an idea of how many people are in the Library." answers the question.
I like how tracking people's movements without their knowledge has become so normalized that we no longer consider it nefarious.
I like how sensitivity to collecting information has gotten so normalized that we no longer consider it an overreaction.
>Not setting off repeating high energy emp pulses as you walk around campus.
Even if everyone knew they wouldn't care if the convenience outweighs the concern!
If you are walking around locations you do not own or rent, while broadcasting a locator signal from a device, you should have no expectation of any privacy. Also this device is no different than a car counter on a highway, as it's only show number of signals per area, not detailed info on each signal.
FraKctured I love gentle giant
So you're saying if I look around at libraries I might find some free pi zeros *scratches chin*
Hello brother
That was my very thought haha
ONLY IF YOU'RE NEFARIOUS!!
I looked around my library and I found a whole bunch of computers and some unnecessary books. But I am not nefarious, so I left them there.
🤣
Yes
i’m a first year CS major and this video is giving me anxiety
use linux from beginning, later its hard to switch
@@VIJAYGACHANDES i’ve never even seen linux i have been thinking about trying to figure out how to change operating systems but i don’t wanna fuck things up
@@aidanl3105 I'm on my last semester of Cyber Security, and I would say it's (Linux) no big deal.
It's not hard to learn, and you definitely don't need to switch to it to use it.
Using it has only made me like windows more.
I've heard that DIY castration has calming effects
Nah, you're cool. Took me 2-3 years to familiarise with Linux. Once you get the basics, you rocket yourself to the mid ground. And after that it's just all practice
"So we hopped in a Skype call"
Oh, must be an old video then
*Nov 9 2018*
Mainsream skype alternative in 2018 ? None.
Furrane discord has better voice chat better screen sharing, better video chat what's not an improvement
@@furrane Discord?!
Isnt Discord is made for gamers?
@@senki0151 While discord has features regarding gaming, no, it can be used for anything.
That’s a free raspberry pi zero in my books
Right!
Down!
Those are incredible unrelated to my comment
Nice, you watch your name?
@@xbl6506
Yeah i do/did
Loved kimi no na wa/your name
kowalski analysis.
Hahaha
This ain't it chief
Before this comment gets 1k likes
Subscribe to PewDiePie
SHMOO fuck I was gonna say that
Kowalski, paralysis.
Most of this stuff went WAY over my head. I imagine it’s what I hear when explaining music theory to others. It’s interesting because I can tell you find it fascinating and don’t dumb it down all that much. Nice work!
as a music theory nerd i feel this
Music theory today is just the quantize button on a daw 😂
4:24 You should ALWAYS check software to see if it has those little "I have read" checkboxes. Those will prevent software from being installed without your consent.
kaspersky has a function to untick those sneaky checkboxes automatically to prevent adware ;)
Yeah! Ikr?
@@n-i-n-o What if unticked means install?
@@Blast-Forward checkbox which is not selected
@@n-i-n-o yes but they're saying what if it says uncheck the box to install bloatware
14:56, you’re welcome.
Abe Cervantes Thanks
Lochlan Gallagher no problem ;)
Ty sm
Thanks so much. this was too long winded.
Rip watch time
I always put a Readme file on my devices. I've left my USB accidentally before and got it back.
good idea.
>Assuming that people read "README"
@@jared8515 people would probably read it if it was on a flash drive they found and if they had an intention of finding who's it is / giving it back.
@@jared8515 for example, a readme with a small explanation of what the device is and does would have helped extraordinarily here
@@jakecrowley6 fair
That sort of system could probably in theory be used to determine if someone attempting to connect to the public wifi network is within the property of the network owner or not! It could possibly be used to block people from joining the network if they are physically outside the property! :)
How?
I was secretly hoping it was a student trying to get access to free college E text books. But that seems like an actual useful tool for students.
Not that id call this clickbait welcome to modern reporting mostly nonsensical bs.
It isn't exactly hard if you look around a little bit.
You can just find them online already lol
1:39 If you are a Windows User you definitely have seen fat before ... gee thanks for making me self aware :/
Oof
Haha don't worry on Linux we have a file system called Butter. :P
Keep going to the gym and soon you'll be exfat!
lmao
Nope most do not know what that is. Never assume when doing a video on the internet.
Props for not glossing over the fact that you committed a serious security gaff in the process of figuring this out (installing malware). Goes to show that even security conscious folks can make one small mistake and get into trouble.
win32diskimager can pull a disc image as well.
Also, your accent kinda hides the purpose of the device "waitz" = waits. Checking wait times. It all checks out!
Not malware, but it could've been.
"could of been" - Your fucking SPELLING is malware!
Anvilshock His spelling is fine, get a life.
His spelling is shit, get an education. It's "could HAVE been", there is absolutely zero justification for the word "of" in there, and anyone doing this needs a massage with a chainsaw.
If you say pls because it is shorter than please, I will say no because it is shorter than yes.
I am as dumb as a bag of useless rocks when it comes to understanding any of this. However I was compelled to watch like a moth to a flame.
Only thing I learned from this video is I am as dumb as a bag of rocks. Having said this I loved watching anyway, thumbs up. 👍
The thing that keeps moths being dumb as rocks are the flames to which they are drawn. Fire is essentially nature's mind eraser, and it's almost been proven that immersing yourself immediately into a soothing pool of flames after learning something removes all the learning from you and gives it to the fire. They tested this with mice, and it was hard to determine how much of the learning was transferred to the fire, as the mice were slain rather quickly each time they were exposed to the soothing pool. It was even more difficult to attempt to extract this learning from the fire itself, and so it was generally assumed and agreed upon that the experiment was successful, and that is why fire is so smart and why moths aren't. You're welcome.
@@Double-X2-Points
LOL
A bag of rocks isn’t useless. It can be used in many ways.You can use the bag to smash all this stuff, pull a rock out and smash something at a distance, mark your trail in the woods as you get lost, etc (lol) I get your tongue in cheek comment though. I feel the same way about this level of tech.
@@johnkruton9708
Well I have advanced some over the years point in fact I finally switched from a flip phone to an iPhone. The only reason I bought it was because the sales lady assured me I can also make my coffee in the morning. But seriously when I don’t understand something I just call my nephew and he is like a wizard and fixes everything in seconds.
"We stole from the school." "This was so much fun".
Pedro Sequeira lol whatever
you forgot to append this at the end. "-LiveOverflow 2018"
It's not stealing since they returned it
@@leonardfluhart3532 Its stealing no matter what you do next.
@@Pedro-tl7jg I'd agrue not simply because they didn't know and as soon as they found out they returned it
Did I understand anything? No
Did I watch the whole video? Yes
Did I enjoy it? Definate yes
I've watched this for the third time, and. Yeah I understand 68.99% of the video XD
@@prakharmishra3000 +.01
boy that's like basic stuff
Lol
This video is aimed at neophyte users, but neophyte users will not understand it. It could have been shortened to 2 minutes for the real audience.
So, this video could have been shortened to 2 minutes, and therefore the video is designed to hack YOU and your time.
You just gave 3 mill advertisement views in under a year , to this project . people should be paying you for this sort of marketing genius. lol
but what if it was all a planned ad
@@RenanSilvaSoriano o.o;
I just got this video recommended by RUclips. Good analysis, I think I would've done mostly the exact same steps, only I didn't know what MQTT is.
Small recommendation: instead of calculating partition offsets manually, create a loop device for the whole image using `losetup` with the -P flag for a partition scan. Then you have /dev/loopX for the image and /dev/loopXpY for each partition. These can be mounted like any other block device.
Your way of explaining everything here was excellent.
Whoa! Holy $#!t It's MrMario! I watch your videos all the time. So cool to see your comment on a random video. Anyway keep up the good work dude, I really like your channel.
i agree. he did it very nicely
I agree to I think you should do some more rgh tutorials
Yeah, I haven't coded in about 20 years and could keep up, so it was good for me. Also I know crap about Linux so appreciated he didn't assume everyone is a Lunix expert.
It is a bomb. I know it. A kid made one from a Walmart clock.
😂😂😂
The bluetooth dongle receives powerful signals, which overcharge the whole device. The SD card, due to the high voltage, heats up, heating up the air around it.This causes rapid expansion of the air, also known as an explosion.
@@boggybolt6782 suddenly a bright flash in the sky a flaming meteor crashes to earth
Ban all clocks!
@John Doe source?
Never use Express Installation, Use Custom, and always remember to uncheck all boxes that have to do with any “tools and features” to added for “free”. Most of the time, these programs are flagged as PUPs (Potentially Unwanted Programs) by your anti-virus or anti-malware. Take a look around before hitting “Next”. It’s a good habit. ;)
There's a program called Unchecky that automatically does this on most programs
I wouldn't recommend it if you're an advanced computer user, but it's a nice thing to install on dumbusers' computers
Or use ninite for the apps it supports. Install multiple apps at once, with no extra stuff you don't need. Imgburn is on there, so even though it didn't work for this purpose it would have avoided installing the PUPs.
Or just don't use Windows, and have your package manager do the right thing
"Don't use Windows" is a really retarded argument, if your use-case prefers you use Windows, you will use Windows
@@Ryndae-l not always an option, and you know it...
When i was in high school, there were kids setting trash cans on fire in the bathroom. It was happening like 2 times a week. I walked into the bathroom one day between classes and saw kids pulling a tape recorder out of the ceiling tiles that they just found. Said they heard it click when they were using the bathroom. I went to the principal and he totally dismissed it. I saw it plain as day. A black tape recorder with a microphone on a long wire.
I don't understand anything but I felt my brain has evolved after listening him babbling alien language.
😂
Seriously? Ok. It is all very basic....
Herman Willems Keep in mind this is a youtube video that anyone can watch. Also people who dont know anything about this kind of stuff
@@jessebijma, spoken like a unix master.
@@koh9894 I don't know the first thing about unix to be honest
Have you tried turning it off and on?
Have you tried setting it to wambo?
Have you tried forcing an unexpected reboot lol I love the I.t crowd best show ever lol
*_Have you try unplug computer?_*
From the Beavis & Butt-Head episode "Tech Support".
@@gentlemanvontweed7147
*WEEST???* That's _West_ me boy!
Have you tried putting it in rice?
When you said "UCSD" I instantly knew what it was...
-- UCSD student
@Diogenes TheDog what exactly is supposed to be that in german?
"When you said "UCSD" I instantly knew what it was... -- UCSD student" - Congratulations, you fulfilled your curriculum. You memorised your school's name.
@@Anvilshock I think they meant they knew that it was this company's product since it was in use in the school.
Shh. Don't ruin the moment.
Really liked following you on your investigative journey on this. Wish I had some of those same levels of system and software knowledge. So useful in this real world scenario we now live in.
I love how you write your videos so that not only am i learning about your project, but about all the little side pieces of information I can gain from your journey along the way. It's like im making friends while I'm on my way to a destination. :)
I'd like to see more of these reverse hacking projects
This isn't reverse hacking. This is video is embarrassing. This guy has no fucking clue what he is doing.
@@thatsciencedude4552 chill out dog
This isnt hacking he just read the files
@@thatsciencedude4552 you mean the guy who only uses linux that was trying to have someone on the other side of the globe use windows to extract the data from the device? Seems reasonable to me. Once he got the disk image he sailed through the discovery process quite well.
Btw what everyone is calling hacking is actually cracking
spam clicking through installers is very stupid.
So too assuming the site itself isn't trying to profit off of them
its what i do succesfully so dont hate nigiga
@@richrich9740 nigiga
@NATHANIEL PARISE We do? I really hope not.
@Ratko Mladic nigigigigiga
Recommended after 2 years? Ah yes youtube algorith btw interesting video
Can you please say, "an zen fire zee missilez"
but i am le tired
@@n0nlinear1ty haha........Australia
Nein, du Schweinehund! >8(
Racizm
No no no, have him say Nuclear Wessels
Rufus is your friend for Windows file system stuff
Rufus? The boot usb thingy? I was thinking more ex2fsd, but of course the best option is to wipe windows and go full Linux.
Yup, but not for dumping ;)
wtf
@DREAM666 lol
Да
TL;DW
It’s a sensor that reads the “busyness” of certain areas. It sends the info it gathers to an app the students can use to see what areas of campus are more congested.
Any idea on where to start building smth like this? I need to do this for my diploma project
His accent just makes this 100 times better
Man I love how you get people enthused about security dude good job. Didn't see too many comments about the amount of effort and the detailed explanations that you're able to communicate to your audience even if they have a decent understanding of computer sci. Good job man damn
couldn't they just add a README.md file to explain the whole thing ?
they already gives a clue (waitz). he just missed it and doesn't search "waitz + location it found / whatever connection it might be"
That was exactly the first thing I thought.
@@cypherusuh he did a google search it just didn't occur to him it might have been official due to no documentation or stickers. I would say in this day and age a README file or a permission contact sticker is a requirement to keep people from getting freaked out.
Duh? Cornholio!
Lilely would have made more sense to put the name on it like Waitz app then a link to teh website. label makers are easy to use after all.
Booooooring
Where's the scandals, the drama, the FBI? All around disappointing results. Subscribed
Opecuted nice profile
@Binuk Vidana I'm a 5 year old and understood a 1/5 of the video
@Binuk Vidana it isn't really complex
@@shinkiro69420 ye bro this straightforwerdly easy if one don not now what the fuckk all this mean their surely is dumb
I'm 21 and I don't know how to read
This just randomly came up in my suggestions, what a fun ride this was.
Dude theres professors at ucsd looking for their pi's.
Its on the playstore comments
Alejandro Guerra wot
Which profs???
@@Sakura11101 gary
@@RM-xr8lq is he planning on taking uc property? That's worthy of a professionalism deduction
17:50 "it isn't nefarious"
Here's a tip, if you don't want to come off a looking suspicious, don't behave in a suspicious manner
Underrated thought here, place a sketchy looking device, don't be surprised when people don't trust you/investigate
YES
Suspicion is not a crime 😏
@@KurtsToys Will have you know that is not always the case ( www.legislation.gov.uk/ukpga/1986/62/section/32 )
Yea that should have some note explaining what it is
Skip to 17:45 if you just wanna know what it is.
thank you
thank you kind sir
The hero we need.
Thank you
But you miss the detective drama of the video!
2:50 the reason windows won't mount the second partition actually has nothing to do with its format and is actually caused by the fact that windows does not support more than one partition on an external drive mounted through USB.
Win32 disk imager can make raw copy of drives on Windows. Works well ;)
Yeah i use it with the rpi all the time
Same
It's still the best software for that. Etcher from Etcher.io may seem more modern, but it lacks the functionallity to generate an image of a whole (micro) SD Card
Every fucking -script kiddie- raspbian user should know these programs man! I'm astonished :[
A little history lesson about ImgBurn, it's actually the stripped down version of a software called DVD Decryptor, the very first piece of software that cracked the DVD CSS (Content Scrambling System) and allowed anyone to make backups of their DVD movies, the author stopped development of DVD Decrytor in fear of being sued and used the image burning part of of the software to create ImgBurn, it was never meant to create image from SD cards, its sole purpose is to create images from optical discs (And does a damned good job at it too). Now regarding adware, yes it has bundled adware, but only on the official mirror that you downloaded, all external mirrors doesn't have the adware portion and are clean.
How was Your day? Was in the library, chillin around, looked behind trash cans and some machines, installed some malware and stole some boards from a college project.
Nice, i just got out of chem wanna get lunch
Actually if this was in EU it would be deemed as illegal because this system gathers MAC data and location (without users consent and awareness on top of it) and that data is considered as identification data.
...because it is identification data. We really need to have a national discussion about digital privacy.
@@sailirish7Digital privacy? We can't even stop the feds from telling big tech what to censor to interfere with our elections and politics.
Plot twist: All the files were a front and the PI actually had a rootkit installed stealing everyone credentials in the university.
Wouldn't be surprised if that actually would happen. I'm sure state actors would love to get a bunch of info about these students
@@GeraintDafis a conspiracy theory as I understand it usually invoked to explain a specific event. What I really meant to say is that it's a potential security threat. These devices were unencrypted, they could have easily be made malicious by anyone including your average joe smoe, a state or gangsters.
"if you're a windows user you've definitely seen fat before" lmao
Especially Windows 7 below users.. Although, I'd prefer NTFS
@@mournblank he meant like down ur belly
Foxhound?snake? Hmm oldskool
@@breakstone1000 He meant the filesystem:
File
Allocation
Table
F
A
T
FAT
on hard drives and other stuff.
@@tredI9100 Yeah mate that was a joke, it could be both tho
Hilarious outcome. I really don't miss sifting through code very much. Your patience with the noobs re mounting the filesystem was exemplary, but painful for me to envision. Anyways, this reminds me of a project I did once. Great content.
I realize you're not a native English speaker, but once you discovered what it was used for I realized that its name gave it away: wait (plural). Waits. Like how long you have to wait if you go to an area that's busy.
Aptly named and very useful. I've seen this type of thing used in other media, like cameras at auto inspection stations.
"next - next - next" is a lazy rookie mistake...
If I had a penny every time I cleaned up a computer after a noob or "advanced users", because of that method...
But all in all it was an interesting video, - especially Linux os part was informative.
I really like how you included the part where you installed ImgBurn without paying attention and installed an unwanted addon.
I also liked how you took full responsibility for not paying attention. Not the fault of ImgBurn.. And also not a Virus - Just an unwanted program. This happens all the time to normal people that really just do not pay attention to what they are installing.
On one hand it is crappy that programs do this, but THEY do give you the option to Opt-Out.. When it should be an option to Opt-In.
Alas who would Opt-In?!??!? no one..
These are all teaching moments.. The device could have just as easily have been nefarious. Just as the unwanted addon could also have just as easily been nefarious. So a great learning experience for all.. It is great that you shared this, and making it a learning experience for more people who watch this..
For those saying it would have been easier if they would have looked at all this on a Linux PC... Yea that is true, but the more average person like in the video (who found the device) might not have such available - So it added the extra insights into 1st trying this out on a Windows PC..
Though, it does piss me off when certain sneaky programs install the extra stuff even if you click "opt-out" in the options... I've had that happen at least once or twice before, getting the stuff even AFTER you clicked "no" and "next" because it actually wanted you to click CANCEL, whereas sometimes clicking cancel actually cancels the entire install with other installers. So yea, it can happen sometimes even if you're experienced and pay attention depending on how they set up the installer and how clear/unclear they make it. But yea, most of the time it's just as simple as clicking opt-out or "no" though, like you said ;)
@@DeathBringer769 LOL yea I think I know what sneaky programs you are talking about LMAO.. The kind where you not only do a full backup and remove that backup from the system, but also 1st try it out in a VM to see what kind of shenanigans it wants to get up to.
But alas friends and family have not a clue, and thats when we get the call that something is wrong with their PC. You ask them did you do anything? They say NO NEVER!! lmao.. Did you install any programs? Oh well just this one, but my friend Bob said it was good so it can not be that.
Yeah, they didn't deserve the flak. Developers have to make money somehow. It's every day stuff to avoid those toolbars and other options.
Imgburn used to be an indispensable tool back in the days of optical media.
From memory, they gave up all hope & went to the dark side after Sourceforge started repacking all installers with bundled adware
There is a tool called unchecky that sometimes catches these unwanted installations...but its not 100% full proof
All that work to mount a partition 😂
How exciting. Made my day. After I finish my electrons flowing in narrow semiconductor band simulation I gonna watch all your videos!
Never "Next, Next, Next" through an installer... Every unwanted item installed with Imgburn could have been deselected, the only reason they got installed was "Next, Next, Next" - also always choose "Expert user" as often these options are not made available under the "Express" install option - Expert mode generally just has to ask you at every stage if you are OK with what it wants to do next...
From my experience, ImgBurn's installer will actually install some junk whether or not you deselect stuff thanks to it's use of OpenCandy for the installer ads.
After several installs on VMs, carefully unchecking everything each time, I still got some ransomware and spyware from it. I pretty quickly found that there are some complaints here that were simply ignored by the author...
forum.imgburn.com/index.php?/topic/21877-why-the-malware/
@@PseudoResonance Fair enough, but I believe my point stands for any installer... "Next, Next, Next" is always bad practice.
Maybe he was in a virtual machine during the install?
@@LuciferStarr Yeah, I just thought I'd mention that unfortunately it won't actually help you out with ImgBurn. Best way is to install it through Ninite or something. :/ Really disappointing..
That's why I use "portable" programs when available instead of "full" installs; they are a lot cleaner.
If a computer science student just clicks through a free software install wizard, not checking what it says, he should reconsider his studies.
BracketGuySerious That just confirms you know shit about computers lol.
@@martins7037 Did you really say that ⬆️
You're so dumb 🤪🤪🤪
@@martins7037 yupp
Martin S and that’s why you go and learn...
Martin S you mean software......
What a rookie mistake. That's why you reject all installers.
>we need to dump the entire SD card to an image file!
>proceeds to download a well-known CD/DVD burning utility
I had to pause the video and comment because this video is just amazing. The way you explain it, your attitude, all awesome.
Thanks for making such an awesome video!
MINNNNNNNE DIIIIIAAMONDSSSS!!!
I see you're a man of culture as well.
Least expected person to see here
@@pomuhgranate4232 top 10 Anime crossovers nobody expected
AverageGeek why am i laughing like a goof at 1AM, i just HAHAHaHa the fucking minecraft dude 😂
So basically, they left something that looked like it could easily be nefarious in a public place without any sort of security (physical or software) and expected nobody to care? That's stupid. At least put a sticker that says "School Property" and explains what the device does on it lmao
If someone is under the impression that these devices might be malicious, they could easily assume that someone might have put that sticker on them as a disguise. In fact, someone that wanted to *hide* them, instead of just putting them out of the way, might actually have made an effort to make them appear inconspicuous.
if its school stuff dont hide it make a box and mount it on the wall. but i like how you would be fooled with a simple sticker found behide the vending machine.ohh like a raspberry pie maybe somebody is trying to hack the library.nah man see the sticker its theirs XD @@christianknuchel
It seems to me that while the intent might not be nefarious in this case, the implementation is quite questionable and negligent.
If someone who wanted to spy on the students found that such devices were deployed around the place, they might find some way to exploit them or tamper with them, or they might install their own devices, trusting that if they were discovered those in charge of the place would just assume they were part of the authorized project.
I think the student should investigate with the authorities of the place to what degree this was authorized, as while they seem to think it was legitimate, that might mean anything from them just getting the ok from a few random employees to the project having been reviewed by the highest authorities. Was it reviewed for ethical concerns? Was campus security informed? was those in charge of computer and network security consulted?
After all, one would think that if it went through all the channels, the installation would presumably have been coordinated with those in charge of computer network or physical plant installations, who would probably have seen to it that the installation was a bit more professional.
watch the video he tells you all of that
@@Ts6451
I don't it said anything about the ethics of this project
i love how im just sitting here basically understanding nothing but having a good time, thats how you know youre a good content creator
Everyone: please label your project so people don't think it's nefarious
Nefarious actor: awesome idea, label spy device to make it look like a school project
Yeah, ImgBurn is actually a great tool (for optical disk images, particularly, ISOs). You could've gone straight to traditional disk imaging for Raspberry Pi and used something like DiskImager to do a raw byte read to an image file. I, of course, write this while only at 5:23 in the video and I'm not trying to bust your chops, just giving suggestions as to how I would've handled that part.
I'm usually mounting images with ImDisk, or just open them directly in 7-zip, but with that much work I would've just thrown in a Linux live image (assuming there is not system installed on hardware around)
4:30
Exactly why you always, ALWAYS read all the checkboxes before you click next on ANY installation
Expert my Diablo 1 disk from 1996, I'm pretty that's safe.
"Win32DiskImager" is usually refered to if you want to flash/copy raspberry pi images
If I found a device like this and figured it out, I’d silently put it back then rename my devices with dead celebrities then repeatedly walk by the library