Monday, June 20, 2011

Huntmaster

Last weekend I completed the huntmaster workshop. I'm now certified to put on one of the youth hunts (www.tyhp.org). They put on hunts for 8-17 year old's throughout Texas. About 75% are for deer; mostly does on MLD ranches. The hunts are typically weekend hunts from Friday evening to Sunday noon-ish. The youths have to be accompanied by a parent at all times. It's heavily geared for entry-level hunters and they really drill in the safety:
  • Everyone wears the orange all weekend.
  • Only one round in the gun.
  • Youth carries the gun, parent carries the ammo.
  • Hunter safety education certificate is required before
  • Almost all hunting is done from a ground blind over feeders.
I've been to a couple of the superhunts where SCI Austin was providing the Saturday evening meal. These had about 70 youths but the typical hunts are from 5-10 youths. The superhunt is held on the last weekend of the season which is open to youths-only anyway.

The hunts only cost $110 per parent & youth pair. That includes the hunt, food, and processing. The youth has to provide the hunting license, gun, ammo, bedding, clothes, etc. If they can't afford the $110 there are scholarships available. Here's me getting my certification:
Link

I'll post more after my first hunt.
Posted by at 2 comments:

Toy Update

Since the last post I hit a deer on the way home from work. It smashed the drivers fender back into the door (again) so I had to fix that (again). And no, the deer didn't survive. Another car hit her before I did. I drug her out of the roadway and put her down for good with 165 gr. through the heart.

Another day, the clutch linkage quit. It's a hydraulic linkage and was out of fluid. The way they route the line is awful; it's got a spot that is actually higher than the reservoir so it's not self-bleeding.

I've been chasing that damned miss in the engine since I got it. I took the intake plenum off several times to work on the injectors, which takes a couple hours by itself. I rechecked the injectors several times, cleaned the fuel rails, replaced the vacuum lines, plug wires, did another leak-down test, monkeyed with the fuel pressure, etc. It did seem that the miss moved from #6 to #1 to #5 when I was working on it. This was determined by pulling plug wires and by looking at the plugs.

The injector wires were in bad shape; the insulation was hard, had cracked, and was missing in some places. So I ordered 6 off eBay. I pulled it apart again last weekend and replaced the connectors and wiring on 4 of the 6 cylinders. I had enough connectors for all 6 but 2 were fine. I also rechecked every injector. I made a point to swap the injectors on the left and right bank.

On restarting it, it wasn't missing but after warming up the miss reoccurred. Before I took it apart the last time the miss was on cylinder #5; now it was on #6. I had swapped the injectors on those two cylinders so I was pretty sure it was the injector. I couldn't probe it with my stethoscope when it was in #5 because the plenum was in the way #6 is accessible. However it sounded like it was firing with the stethoscope.

So I grabbed one of the used injectors I had bought and re-checked that it seemed good. Then I pulled it apart again and put this other injector in, and reassembled everything. It seems to have fixed it - yeah!!!

My best guess that injector was plugging up when it got hot. This problem would probably have taken a seasoned Toyota technician a good while to diagnose correctly and fix, so i don't feel too bad. Out of the 6 original injectors, only one is still in the truck and working. Wish I'd have known that from the start; I'd have just replaced them and been done with it.
Posted by at No comments:

Monday, May 02, 2011

1st road trip

It's starting reliably and running so-so, so I took it on a road trip to Texas Interhash which was on lake Summerville (100m). Engine was missing the whole way there. I think it's cylinders 1 and 3 based on pulling plug-wires. #1 injector sounds like it's firing; can't probe #3. I'm starting to think this may be a mechanical problem that shows up when the motor is hot rather than an electrical or fuel issue. Could be a bad vacuum leak, valve issue, or rings. I digress...

Texas Interhash 2011
  • Brenham did a really good job again (they hosted in 95 too). This is a small hash so they all did a lot of work.
  • Over 300 people; these are getting HUGE. I suspect it'll get harder and harder to find venues capable of handling the numbers.
  • The crowd is defineatly getting much lazier; I think a good 1/3 never left camp. There were only 18 on the ballbuster. I can remember much smaller hashes having 30-50.
  • Seems like every time I saw Yard Ralph she was picking up trash; use to be hashers didn't litter. So much for tree-hugging liberals caring about the environment. Only the guilty need feel guilty...
  • They only had a band on Friday night. This was a good thing as trying to do skits, Mr/Ms TXIH, plus a band plus the midnight hash on Sat night is too much. FWIW, we only started having bands in the last 10 years or so. The first paid band I remember was SA (at Corpus) in 2002. Maybe SA did in 97, I can't remember for sure...
  • Food was okay. I got enough to eat but I sure miss Hash Potato's grubs.
  • Hash drama - if you can't leave it at home, stay home. Nuff said.
  • Skits were quite good this year. TiteBox probably had the best one.
  • Ft Worthless in 2012; Wicked Itch and I are already signed up.
Posted by at No comments:

Thursday, April 21, 2011

More CSI trouble



It wouldn't start again yesterday morning. I knew it was CSI related so I pulled it out and put it in a catch-cup while I cranked it - no fuel. I pulled the fuel source to it and verified that it was getting gas, so my assumptions from yesterday were all wrong. I put a test light on the connector and verified power while cranking. (That's the "STA" wire above.) Then I removed the CSI, filled it with carb cleaner, put power to it, and verified it was working. The only thing left is that it isn't getting ground, which would complete the power.

The circuit to ground is supplied by the start injector time switch. It's mounted in the engine block where coolant can get to it. What's supposed to happen is when the engine is cold, the STJ signal is connected to ground. (The contact by the arrow moves to the right.) When the switch warms up, the contact moves to the left. The resistance of the two coils are both about 80 ohms, so in the "warm" state there's about 160 ohms between the CSI and ground so it won't fire. It's supposed to switch states around 80F. The coils also heat up the switch so if you crank it while cold for a while it will switch to the warm state. This is to keep you from putting too much fuel into the engine and flooding it.

Mine is is the "warm" state mine is in at room temperature. I could only get it to the "cold" state if I put it in icewater. I found one for $20 on eBay so hopefully I'll get this finished this weekend. If the problem persists I'll add a manual switch in parallel to the automatic one so I can shoot a little extra fuel in if it doesn't want to crank.
Posted by at No comments:

Tuesday, April 19, 2011

Cold Start Injector

The used injectors showed up in Saturday, 2 days after I bought them on eBay. Spent all day Saturday cleaning the shop, including pressure washing the floor so I didn't get back on the 4runner until Sunday morning. I checked the used injectors all worked. installed one in place of the plugged one, and put it back together. The miss was gone. Took it for a test run and it ran like a top, pulling like it should up the long hill. Parked it, started it a 1/2 hour later, and it was missing again!

Back in the shop. Pulled the plugs, it looks like #3 isn't firing. Before yanking the intake chamber off again to get to the injectors (2 hour job) I decided to jumper the fuel pump ON and let it run for a long time, which would cycle the fuel through the fuel filter and the fuel system. The idea was to knock whatever crap is in there loose.

I put the plugs back in this morning and it wouldn't start. Sounded like no fuel. I verified it had fire, shot some carb cleaner into the intake and it fired a little but wouldn't catch. I kept doing this and was able to get it started, and it actually ran pretty good. Then it just died and I was unable to get it restarted. I knew it was fuel related, but what? Electrical problem on the injectors because of some sensor (crank, temp, fuel pres?), or low fuel pressure, or low flow, or plugged something??? I checked everything electrical and my vacuum lines - nothing. Then I pulled the return line off the regulator, started the fuel pump, and verified there was fuel flow.

Then I unhooked the cold start injector feed line and there was no fuel that sprayed out. Normally when you unhook something on the high-pressure side there's enough residual pressure that fuel will shoot out, even after several hours. So the pressure at the CSI was low. Hmmm. I pulled the fuel filter thinking it may be plugged from the garbage in the tank (even though it's new) - it was okay. I tried up-ing the pressure by clamping off the return line hose with some vice grips; pressure should must higher now. Still wouldn't fire. Next I completely unhooked the CSI feed line, started the pump, and let about 1/2 cup go into a catch pan. I hooked it back up and it started! My theory is I had some crap plug up the CSI line and unhooking it was enough to flush it out. It ran the one time because I put enough carb cleaner in the intake to get it fired to where the normal fuel injectors could feed the engine. Whew!

Tonight I bought 5 gal of gas because the tank was almost dry, which meant it was sucking more crap into the system. Before I put it in I pulled the pump to inspect the tank. It's pretty clean but I could have done a better job with the pressure washer. If it gunks something up again I'll try to find a radiator shop to vat it out (they're getting hard to find anymore). I called one yesterday and they said it'd be at least $90. I can get a new tank for $180, shipped.

Taxes: Got my last K1 today. Now I can do this for real...

United States of Zimbabwe: I don't think a lot of people get how serious it is that the US credit rating my drop. Once confidence drops our dollar isn't worth as much, which means it'll take more dollars to buy things from other countries, i.e. oil, clothes, autos, etc. Oil is the big one; I predict gas will be $5/gal by next summer. That means anything requiring transportation will also go way up in price, i.e. food, electricity, etc. It all means massive inflation. If you want proof, next time you see me ask to see the Zimbabwe money I have in my wallet.
Posted by at No comments:

Thursday, April 14, 2011

Found the miss

When I pulled the plugs, cylinder #1 was black. Leakdown was 98% for #1, the rest were 91-98%. I focused on the #1 cylinder... I bit the bullet and pulled the air chamber again so I could get to that injector. I was thinking maybe it was stuck open, causing the plug to foul. I got the injector out and it looks like it's plugged. That's one of the 3 that the guy in Pflugerville said he was able to clean (the other 3 he couldn't clean).

To test it I filled the top with carb cleaner, hooked 12V to the pins, and tried to blow the fluid through. It's definately plugged. You can hear it click when applying voltage, sometimes, and it's weak. The ones he marked "bad" DO flow correctly. I'm guessing they just flowed weak. He said one was stuck open; I assume it wasn't stuck open, just leaking. In any event, I'm not reusing the bad ones.

I can get one for $45 + $15 core locally, or mail order from RockAuto.com for about $37 each with core & shipping. I found another outfit called Fuel Injector Wharehouse (fuelinjectorwhse.com) that has them for $40 with core, shipped so I might try them. Also found some on eBay for $19 shipped but they're not rebuilt. They could be from a truck that has sat like mine and be screwed.

In other news, I sent the IRS a HUGE check today. I had to estimate my taxes since one of my investments does not send out their K1's until April 15! Joy...
Posted by at No comments:

Sunday, April 10, 2011

Inflation

FWIW, car batteries are $5 more than they were 2 months ago. (Bought one for the 4runner.)

I road tested it and it's still missing to where it has a hard time pulling itself up a long hill at 60mph in 5th. It's hard to narrow down to the cylinder by pulling plug wires. The coil is hot enough that it'll jump a 1" gap so it's very hard to pull the wires one at a time while it's running without getting shocked. I think I'll try pulling the computer codes; that may tell me more...

So the fed govt didn't shutdown and everyone is claiming they're a hero for avoiding it.
  • Democraps in the senate & whitehouse didn't bother passing a budget last year when they controlled both houses. The only thing they can brag about to their voters is that they didn't give the right anywhere near the cuts they wanted ($38 out of $100 billion).
  • Republicans caved in. They promised to cut spending, and they did, but they didn't ask for near enough in the beginning and they caved in instead of shutting the fed govt down. As part of the deal they will do an up/down vote on fed spending for abortions and obamacare in the senate.
I'm thinking they traded the billions on this bill just so they would force each liberal senator to g on record voting for these issues, which will be used against them in the 2012 and 2014 elections as they attempt to recapture the senate & whitehouse. Issues aside, the bean-counters on the right has always impressed me with their ability to model elections and put the assets where needed to win elections. There's a hell of a lot of money involved in the elections and 100x in the outcome. It'll be interesting to see if Bammi, his teleprompter, and his $1 billion can sway the sheeple again by flooding them with slogans.
Posted by at No comments:

Friday, April 08, 2011

Gas tastes worse than I remember

I hooked the battery up this morning and it cranked right up. No missing, even after it warmed up. It's running on fumes so I siphoned some more fuel into the tank, got a BIG mouthful of gas. I've had this happen before albeit I don't think I've ever got that much in my mouth before. It seems to taste much worse than I remember, and the worse part is that the taste lingers. Now I know what it must feel like to have voted for Obama.

ToDo:
  1. Get a battery (I've been using my CJ5's battery until now
  2. Get insurance
  3. Get another charcoal canister
  4. State inspection
Posted by at No comments:

Thursday, April 07, 2011

More plugged stuff

I traced the line from the charcoal canister back to the tank. There's about a foot of 3/8" hose at the tank and the rest is hardline. I pulled the hose and it was plugged, but I got the hardline breathing. There was a hard obstruction in the line so I cut it open with a knife just to see what it was. It's actually a plastic tube about 3/4" long that's definitely supposed to be there. At first I thought it might be a one-way check valve, but whatever it was it was plugged. I jammed a scribe through the middle of it and knocked out whatever the obstruction was. Now there's just a hole in the center about 1/10" in diameter. Me thinks this is just a choke to restrict the flow of fuel/fumes to a reasonable level. That should be plenty big to bleed of the fumes but small enough that fuel shouldn't splash through it. There's no mention of this in the factory service manual.

The charcoal canister is plugged and I can't get it unplugged, so I'll either have to find another one or bypass it.

My 3 new (rebuilt) injectors arrived today from RockAuto.com and I reassembled everything tonight. There has to be over 20 items to connect on the air chamber. I missed one; a coolant line that's under the throttle body. I wouldn't have noticed had I put the antifreeze back in. I fixed that and cleaned up the mess. Benny (my renter) is asleep so I'll try to fire it up in the morning. Hope it works; I'm tired of fussing with it.

It'd be good to have another running vehicle since the world is going to explode tomorrow when we have to survive without the fed govt.
Posted by at No comments:

Monday, April 04, 2011

Ghosts in the Toy

Sunday afternoon I opened up the shop doors and it was pretty warm out. I'm behind the 4runner and I hear what sounds like a pump running. I've got the fuel injection all torn apart so there's no battery in it, so it's impossible for anything to be non-static. So I thought... I walk around front and gasoline starts shooting out of a hose on the air chamber, which goes on top of the intake. I stopped it by loosening the gas tank cap.

To explain what happened I need to describe the fuel system. The fuel is pumped from the tank to the fuel rails, which connects to the injectors. The injectors need a constant 40 lbs of pressure so they use a fuel pump that will put out well over 40 lbs and have a fuel pressure regulator that bleeds off anything over 40 lbs. The excess is returned through the return line to the fuel tank. The return line actually runs to the bottom of the tank rather than dumping it in at the top to minimize splashing.

When the fuel in the tank sloshes around or gets warm, it releases vapors. These need to be vented before the pressure builds and causes something in the fuel system (like the tank) to rupture. It used to be they just had a breather line that vented this into the atmosphere. But this is an emissions vehicle so it's a closed fuel system. The vapors are vented through a 3rd line at the top of the tank (where vapors are highest) back to a charcoal canister which can store the fumes. When the motor is running it sucks the fuel vapors out of the charcoal canister and burns them in the engine. You may save a teaspoon of fuel per tank; it's more for keeping emissions out of the atmosphere (or your garage).

I had noticed when I removed the fill cap that air hissed out; there was pressure in the fuel tank. This means the venting wasn't working properly. My guess is it was also plugged from sitting so long. So when I opened the shop doors letting hot air in, the tank warmed up and the vapor pressure built up with so much pressure that it forced the gasoline through the return line to the air chamber. It was shooting out because I had a line unhooked between the air chamber and the pressure regulator. (I had to remove it to take the air chamber off.)

I started checking things tonight. The charcoal canister is almost plugged; may not be able to unplug it. Damn thing is over $300, so I'm REALLY going to try to bring it back to life. There's a rubber hose that comes off the tank that's got an obstruction in it that's so hard I couldn't break it with a screwdriver. A foot of 3/8 line is only a buck so I'll replace that. The rest of the lines seem okay.

Injectors:
I got those back today. He said they were the dirtiest he'd ever seen. Normally he cleans them within a day but he worked on these 4 days and couldn't get 3 of them cleaned. Said one was stuck open? He charged me full price ($15/ea); not sure that was fair since he technically didn't clean them... I hooked power to them and could hear them clicking so I don't know how bad they really are. I did verify I could blast some carb cleaner through the 3 "good" ones when they were energized. I ordered 3 more through rockauto.com, $123 shipped with the core charge.
Posted by at No comments:

Thursday, March 31, 2011

Injectors

I pulled the "air chamber" off and got the injectors out. The air chamber is this big aluminum thingy with a jillion hoses going to it that's between the throttle-body and the intake manifold. You have to remove it to get the injectors out.

I got it out and the only casualty (so far) was I broke the line going to the PCV valve. It was old and had gotten brittle. Easy enough to replace with a 6" piece of 5/16 hose. I had to cut the one end of the busted line off the PCV valve and when I did this my jackknife slipped and I put a deep slash in my thumb. If I was a liberal I'd demand a purple-heart, take a month of sick days, and sue Toyota & the knife maker for a jillion dollars. It really is a deep cut though, was still bleeding tonight about9 hours later.

I found a guy in Pflugerville that cleans injectors. I debated doing it myself. I've got some REAL carb cleaner but I'm afraid it might eat the plastic parts of the injectors and ruin them. They're expensive, $50-75 each, so I don't want to muck them up. He only charges $15 each. We'll see how it goes...

So what's up with Bammie invading Libya? Not really vital to our national interests. Perhaps he knows he's going to be ousted in 1212 and doesn't want to be known as a prez who didn't invade another country. Now he's arming the al queda rebels. Weren't those the bad guys? I miss GWB.
Posted by at No comments:

Sunday, March 27, 2011

4runner

I found a 89 4runner off a chick on Craigslist 3 weeks ago. 200K+ miles and she said she quit driving it because she could pull it out of first gear without putting in the clutch (So???) They said it hadn't been started in 2-3 years so the battery was dead and I would not be able to start it much less test-drive it. Every body panel on it has some dings with the worse being the driver's front fender; the neighbor backed into it, knocking it into the door so it wouldn't open more than 1/3. They hadn't pried it open with a tire-iron like most morons do; all that does is create more bodywork. Interior was better than average for the age. It's the SR5 model, 4wd, V6, and 5-speed. It had obviously never been off-roaded as it was clean and straight underneath. Tires were very good. Looked completely stock except for green shag carpet and a cheap equalizer. I got it for $800.

I trailered it home and pulled it off the trailer with the tractor. It almost yanked the rear bumper loose, the damn thing was about to fall off and it had a 2" ball!

I parked it in the shed and the first thing was to drop the fuel. These things actually have a drain-plug in the fuel tank - sweet! The tank had about 8 gallons of green-funk in it. Next I pulled the tank, which wasn't much work either. The in-tank fuel pump and fuel-level sending unit were caked in rust. The pump was locked up from the grunt so I ordered a new one online for about $25. I cleaned the sending unit and got it working again. The tank looked pretty bad inside. I hit it with the pressure washer and it cleaned it up surprisingly well. The only crap still in it is on the top of the tank where I couldn't hit it with the washer.

She had some service records in the glove box that I went through. She got raped on a master cylinder, $288! (I can get them for $50.) The last time it was worked on was 2002 so I assume
it was parked in 2002. There were no tags or registration to tell me otherwise.

I put a battery in to check the lights. The highbeams weren't working. I took the switch apart and it buzzed out okay but when I put it back together still no workie. Hmmm... Apart again for a better look; it had enough continuity to turn on the buzzer in my meter but there was about 25 ohms across the contacts. I pulled the switch apart and they looked a little burned. After a little time with a points file and a cleanup with contact cleaner and they were reading close to 0 ohms closed. Put it back together and the lights work correctly, except for the back license-plate light. I cranked the key and the motor turned over! That's a good sign; I know it isn't locked and the starter works.

I checked out the rear bumper and it's mounted to 2 sheet-metal points either side on the body. 3 bolts total (1 was missing) and all the mounts were ripped on the body. They also had some 20ga angle-iron going to the frame, which did no good. It was about to fall off on it's own and they actually towed something with it. Criminal!

I got the new pump in a few days, reassembled everything, and put a battery in. Then I jumpered the fuel pump and let it run for a few minutes to cycle some new gas through the system before trying to crank it. It took a minute or so of cranking but it slowly started firing. Sound like it's hitting on 3-4 cylinders, not bad!

I did a compression test which showed a couple cylinders a little weak. Next I ran a leakdown test which is much better. Cylinders 2, 3, and 6 were leaking pretty bad through the intake. #3 was the worst at 50% leakdown. Sounds like it needs a valve job.

I started tearing it apart in prep to remove the motor. Looks like a big job. Then I got to researching and there's a product called "SeaFoam" that's supposed to clean sticking intake valves. I figured I'd give it a try; $10 crap-shot against doing a valve job. You put 1/3 of the can in the tank and let it warm up and then pour it into the intake through a vacuum line. After the can is empty you let it sit 15-30min and then start it up. It'll smoke like hell for a while as it knocks the crap loose. It didn't seem to stop the missing but it was running a little better. I took the plugs back out, did a leakdown again and the valves had sealed! 2 cyl's were a little low, 91% and 86% but leaking through the rings this time. (I could hear air coming out the crankcase vent.) I stuck my stethascope on the lifters to listen for them clicking. $6 sounded real good, #2 and #4 were weak, and #1 wasn't doing anything. I couldn't get to #3 and #5 because they're under the intake thingy. I got another can of SeaFoam and treated it again, hoping it would help the injectors. Also put in a new set of platinum plugs because it had some cheap ones that were shot.

The next morning I started it up cold and it was running pretty smooth; didn't seem to be missing. But after it warmed up it started missing again. I let it cool down, restarted it (ran fine) and it started missing as it warmed up. Hmmm... I change out the fuel filter and cursed those Toy engineers for putting it in such a crappy place. It's on top of the crossmember so it's hard to get to but there's an open spot on the frame 8" forward; wouldn't have cost any more to locate it there. I digress... Must have taken an hour to swap out the filter. Good thing I did; the old one was almost competely clogged. I fired it up again; same symptoms. #1 and #3 don't seem to be firing at all and #2 and #4 are weak. The injectors on #2 and #4 don't sound near as strong as #6 but #1 sounds really good even though that cylinder doesn't seem to be firing. I shot some carb cleaner into a vacuum line and the engine sped up some, so I think some cylinders are starving for fuel. Most of the problems I've found have been fuel-related. I was hoping that driving it would clean out the injectors but I'm staring to think I'm going to have to pull the injectors and clean them manually. There's a couple of places I found that will clean them for a little over $100 or I can do it myself for under $20, but I've never done it before. Either way I have to remove them which is quite a job on the V6 because there's a lot of crap in the way.

Other stuff: The rear pinion seal is leaking; common but it takes a 30mm or 1 3/16 socket to remove remove the yoke on the pinion. Will have to purchase one as I have a 1 1/8, which won't fit, and 1 1/4, which is too loose.
Posted by at No comments:

Tuesday, March 22, 2011

Miss Me Yet?

Posted by at No comments:

Tuesday, February 22, 2011

Password Security

I went to a seminar at lunch today over at National Instruments. Some group called "OWASP" that had me on their mailing list. It was free, about hacking passwords using the GPU, so I gave it a shot.

The speaker, Rick Redman of Korelogic, is a professional hacker who is hired by companies to try to break into their systems.

How passwords are stored: Typically when you sign up to some internet site (facebook, blogger, paypal, etc.) you have to enter a username (or email) and password. They store the password on their servers. Usually they run the password through some encryption and store the encrypted password. An example of a simple (crappy) encryption algorithm would be to increase every entry by one. Make every 'a' a 'b', every 'b' a 'c', every 'S' a 'T', every '6' a '7', etc. Here's some examples:

Un-encrypted password
 Pencil
Number1Hasher
Encrypted Password
Qfodjm
Ovncfs2Ibtifs
When you enter your password "Pencil" the first time they store the encrypted password "Qfodjm" in their password file. Then everytime you log in and enter your password it runs it through the same encryption algorithm and verifies it matches. "Pencil" will yield "Qfodjm" and match while "Pancil" will yield "Qbodjm" and fail.

There are less than a dozen common encryption algorithms. Some are fairly simple (not nearly as bad as mine) and some are quite complex but the algorithms are all known and readily available. Usually the more simple algorithms are used because it takes more CPU cycles to execute them or the implementer is just lazy.

A couple years ago a company called "RockYou!" wrote a plug-in for facebook. They asked for you facebook password so they could link in with your facebook friends, interests, etc., and said they would never store the password. Well it turns out they actually did store it and they didn't even bother encrypting them. They had horrible security on their own server and someone hacked it using an old, well-known hack (SQL injection?) and got full access. They snooped around and found a file called something like "passwords.txt" which contained 32 million un-encrypted text format. The hacker posted the file on the net and hackers around the world downloaded it and went to town. The entries looked something like this:

username
email
password
johnsmith
 jsmith@aol.com
pencil
janedoe
 janedoe1@myspace.com
123456
superhasher
 hasher1@yahoo.com
onon
So now you could hack anyone's facebook account that used "RockYou!". Not really a big deal in itself, but the password file was gold. Turns out most people love to reuse passwords, so the hackers simply went to paypal and tried to log in using these email accounts and passwords. Most didn't work but a whole bunch of them did work and then it was just a simple matter to tell paypal to transfer money from these user's accounts to themselves. After paypal they tried the same idea on a few of the major banks and mutual fund companies next and, well you get the idea... Yikes!!!

Not done yet... Before this the hacker community had a "dictionary" of what they thought were the most common passwords they'd use when trying to hack into an encrypted system. An amazing number of people use things like "password", "password1", "pencil", their favorite sports team or college, etc. So there was a dictionary of about 500 words that were tried against every account. The list wasn't that good so their success rate of cracking the passwords were low. But now they had a list of 32 million actual passwords that people used. They piped this into a spreadsheet and found the most common ones, and then updated and vastly improved their dictionary. To illustrate how poor of passwords are commonly used, here's the top 10:
  1. 123456
  2. 12345
  3. 123456789
  4. password
  5. iloveyou
  6. princess
  7. 1234567
  8. rockyou (hacked website was "rockyou")
  9. 12345678
  10. abc123
By having this huge database they vastly improved their knowledge of what people commonly use for passwords, so they can had a better dictionary and were able to write smarter algorithms for hacking passwords.

There's a couple of free tools they recommended: John The Ripper, hushcat, and oclhushcat. John is open source, the other two aren't. oclhushcat is valuable because it uses the GPU instead of the CPU, which is at least 2 orders of magnitude faster. You feed these tools an encrypted password, some parameters like the dictionary and what to check for, and it uses brute force to tries every combination of password you specified to find a matching solution.

What I came away with:
  1. Never use the same passwords for goof-off accounts (facebook, blogger, etc) as I do for ones with data I need to protect, i.e. online banking.
  2. Verify that my "strong" passwords weren't on the list.
  3. Avoid using any site that has access to your money that forces weak passwords. For instance, RockYou! would not allow special characters.
  4. Have a better idea of what people commonly do and avoid it:
  • Mix lower and upper case letters, and don't just capitalize the first letter, i.e. "Password"
  • Add numbers and not just at the front or back, i.e. "password123"
  • They know all the tricks for substituting numbers/special characters for letters, i.e. '3" for 'E', '$' for 'S', 'I' for '1", etc.
  • Horizontal keyboard patterns like "qwertyuiop" (top row) are well known and checked for
  • Vertical keyboard patterns like "NHY^6yhn" are known too. (Up in caps, down in lower case)
  • People love putting in dates, i.e. "2011", "Feb2011". These are used especially when they have to change their passwords monthly.
  • Common and uncommon names of people, places, sports teams, etc are known.
Last of all he said the best hash encryption algorithm was bcrypt, MD5 the worst. They may have to try several million passwords to find a match, each time running through the encryption algorithm. It takes a couple seconds to compute bcrypt, which kills their brute-force methods whereas MD5 takes a few milliseconds.

There was a guy last year at defcon who built a machine with 6 high-end GPU cards. It could crack any 8-character MD5 password in 2 minutes (or something along those lines...) This is by using brute-force, i.e. checking every possibility of every character combination (6.6 quadrillion) instead of using intelligent search patterns. A longer password stored with bcrypt would take much longer but could still eventually be cracked. The idea is to make it so time-consuming (in terms of CPU cycles) that they'll give up and find easier prey.
Posted by at No comments:
Subscribe to: Posts (Atom)