wire.less.dk

wireless networking, free software, solar power

the green window plug

Posted on | May 4, 2013 | No Comments

putting the green window plug into perspective:

http://grist.org/list/just-stick-this-portable-outlet-to-your-window-to-start-using-solar-power/

http://www.yankodesign.com/2013/04/26/plug-it-on-the-window/

 

greenwindowplug_in_perspective

 

 

 

 

 

 

 

 

howmanygreenwindowplugs

Touche Arduino

Posted on | August 14, 2012 | No Comments

Steve Houben, Sebastian Buettrich
Arduino Touché @pITlab –

http://pit.itu.dk

all credits & thanks: DZL, Mads Hobye
http://www.instructables.com/id/Touche-for-Arduino-Advanced-touch-sensing/

we followed their instructable 100% and it worked straight away.

 

Consider wireless security with EAP/802.1x completely broken / obsolete

Posted on | August 8, 2012 | No Comments

Second comment to the security debate, e.g. here

http://www.cso.com.au/article/432039/tools_released_defcon_can_crack_widely_used_pptp_encryption_under_day/

http://revolutionwifi.blogspot.dk/2012/07/is-wpa2-security-broken-due-to-defcon.html

So MSCHAPv2 is completely broken. No problem.

For EAP/802.1x wireless security, that should not matter, as we only use it inside a tunnel (TTLS, PEAP) (SSL protected).

Popular EAP/802.1x-methods: PEAP+MSCHAPv2 or TTLS+PAP or TTLS+MSCHAPv2

 

BUT

In most networks, on most clients, certificate validation is largely absent
and difficult to enforce across all clients (BYOD!).

Moreover, many user guidelines explicitly ask clients to NOT validate the certificate.

 

A very simple, realistic attack scenario:

Place a rogue AP with the right SSID and connected to a fake RADIUS server in the target building/area,
and harvest logons at leisure.
No client has any chance to even notice the attack.

So, the tunnel is broken.

The fact that MSCHAPv2 is broken – it does not even really matter:
the attacker lures the client into talking to their rogue RADIUS server,
and of course can read all user credentials, regardless of encryption.

This is NOT a little irrelevant side note to the discussion of MSCHAPv2, which is, i agree, more intellectually interesting.
The MSCHAPv2 discussion unfortunately is an interesting academic but irrelevant side note to the fact that our de-facto wireless security practices render EAP/802.1x broken.

Summary:

Unless the certificate validation problem is addressed,
we should consider current wireless security with EAP/802.1x completely broken / obsolete.

Agreed – it would not have to be, but it is.

MS-CHAPv2, widely used in WPA2 Enterprise, broken (more so than we thought)?

Posted on | August 1, 2012 | No Comments

Quoting this DEFCON 20 article

https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

“MS-CHAPv2 is used quite heavily in WPA2 Enterprise environments.

In their 1999 analysis of the protocol,
Bruce Schneier and Mudge conclude “Microsoft has improved PPTP to correct the major security weaknesses described in [SM98].
However, the fundamental weakness of the authentication and encryption protocol is that it is only as secure as the password chosen by the user.”
http://www.schneier.com/paper-pptpv2.html

“This, along with other writings, has led both service providers and users to conclude that they can use MS-CHAPv2 in the form of PPTP VPNs and mutually authenticating WPA2 Enterprise servers safely, if they choose good passphrases.”

Is there anything new in the attack reported here, then?

The attack focusses not on a library or guessing attack on the password but, instead on
recovering the MD4 hash of the user’s password.

A detailed look into the problem shows that what looks like a 2**128 crack job is really just a 2**56 – due to redundancies, shared bases and zero padding.
In other words, a single round DES crack.

The actual crack work is performed by a dedicated piece of hardware, “an FPGA box that implemented DES as a real pipeline, with one DES operation for each clock cycle.
With 40 cores at 450mhz, that’s 18 billion keys/second. With 48 FPGAs, the Pico Computing DES cracking box gives us a worst case of ~23 hours for cracking a DES key, and an average case of about half a day.”

This cracking engine is made accessible via “the cloud” (no comment on the cloud meme here) – an API and helper tool, free for download.

The article concludes:

“Enterprises who are depending on the mutual authentication properties of MS-CHAPv2 for connection to their WPA2 Radius servers should immediately start migrating to something else. ”

On Schneier’ blog, a comment has been requested:

“@Bruce –
Can we get a comment / response to the work presented at Defcon on MS-CHAPv2 only being as secure as a single round of DES?”

But, for something that sounds like it s going to bring down most of this planets enterprise wireless, it doesnt seem to make an awful lot of waves. Why not?

 

As far as wireless security (and only that!) is concerned,

does this discovery mean we need to stop using MSCHAPv2 or maybe even
EAP-TLS/PEAP/802.1x altogether, and “use something else” – as the article
somewhat vaguely says?

No.

Simplified, it doesnt matter much to Enterprise WiFi  if MSCHAPv2 is broken, as we are
only using it inside protected tunnels.

 

Andrew von Nagy explains this much better than i could:

http://revolutionwifi.blogspot.dk/2012/07/is-wpa2-security-broken-due-to-defcon.html

I quote:

“What is the Impact to Wi-Fi Network Security?
Specifically, does this make much of an impact for Wi-Fi networks where
802.1X authentication is employed where MS-CHAPv2 is used (namely
EAP-PEAPv0 and EAP-TTLS)?
Answer – No, it really does NOT. The impact is essentially zero.”

Much more of a problem in real life wireless is the fact that on the networks i have seen, almost nobody enforces strict certificate validation.

Also, keep in mind that certificates are bound to hosts/domains/organizations, but in no way to SSIDs (whether ESSID or BSSID) or APs.

 

 

Thus, a realistic attack scenario is quite simple:

i will deploy a rogue  AP and Radius server that supplies some (!) certificate (which will
never be checked for validity!), and own the EAP-TLS tunnel and hence all communication inside it, harvesting usernames and passwords as people connect.

Now THAT is a problem.

The fact that i speak open inside the tunnel is not a problem, really,
as long as we know who owns the tunnel.

So, we can more or less ignore the MSCHAPv2 hack and focus on certificates instead.

 

ps. Thanks NSRC colleagues for heads up and thanks to my colleague Felix here at ITU, for discussion!

Raspberry Pi – first boot

Posted on | June 8, 2012 | No Comments

 

 

 

 

 

 

 

 

 

 

 

1. Physical connections

DVI screen, network, usb keyboard, power.

2. Prepare SD card

I m using Debian Squeeze as supplied here: http://downloads.raspberrypi.org/download.php?file=/images/debian/6/debian6-19-04-2012/debian6-19-04-2012.zip

It s the “image we recommend you use. It’s a reference root filesystem from Gray and Dom, containing LXDE, Midori, development tools and example source code for multimedia functions.”

Downloaded it, insert SD card, which in my case mounts as /dev/sdb1

# umount /dev/sdb1
# dd bs=1M if=~/Downloads/debian6-19-04-2012/debian6-19-04-2012.img of=/dev/sdb
1859+1 records in
1859+1 records out
1950000000 bytes (2,0 GB) copied, 947,865 s, 2,1 MB/s

3. First boot

Inserting it into the Pi.
Not so good: the card sticks out from the board quite a bit.
Well. nobody said to expect a cased designer product.

Power supply is known to be critical – i ve chosen a 5V/1200 mA – that should be margin enough.

Plug it in, boots without a problem.

Log in – some people noticed that the Pi comes with english keyboard settings as standard, so check whether you are QWERTY or QWERTZ.

Run

# dpkg-reconfigure locales

as root to adjust your locales settings.

4. Summary so far

No surprises, install and boot is easy, following the guides linked from the raspberry site –

http://www.raspberrypi.org/

and some guides out there .

http://www.heise.de/hardware-hacks/artikel/Erste-Schritte-mit-dem-Raspberry-Pi-1573973.html (german)

Now we are starting running various tests, trying different images, seeing how the CPU copes, whether the board gets hot, etc.

 

to be continued

Solar power on 11 pages

Posted on | May 10, 2012 | No Comments

 

Here is a little introduction to photovoltaics, written in the context of a project at a school in Nepal,

 

and primarily meant for school students from 12 – 20 years, with varying degrees of maths and science skills.

So, it s an attempt to explaining the basics of photovoltaics in a simple way.

Your comments, corrections and critical remarks are most welcome!

In case you would like to help improve it, let me hear from you.

Solar power on 11 pages

X-CTU on Linux Ubuntu 10.04

Posted on | February 3, 2012 | 1 Comment

  Using Digi XCTU on linux (ubuntu 10.04)

Digi XCTU,

http://ftp1.digi.com/support/documentation/90001003_A.pdf (last verified: Feb 2012)

is a utility for configuring xbee modems.

While it is a Windows application, it can easily be made to work on Linux.

 

The following is no new information,

rather just a confirmation and

 

documentation of making this work on Linux Ubuntu 10.04

Before we start, some tips for XCTU in general, not specific for Linux:

 

  • Be patient! Be really patient! XCTU communication can be really slow, and often it will fail. When that happens, take your time, and systematically try all different connection settings. For example, you may think that your modem is at 38400 baud, but for some reason, it doesnt remember that – and will answer OK on 9600 baud anyway.
  •  Always save and archive configurations, and save them with good names that will let you know which is which – it will save you a lot of time.

Now, the Linux part:

(the following steps to be performed as root or via sudo)

0) Install wine

 

apt-get install wine

and configure it, using the Configure Wine menu item in your Applications menu.

You dont need to make any changes. It will create the .wine directory under your user directory.

 

1) Prepare symlinks

 

in ($HOME)/.wine/dosdevices, do

ln -s /dev/ttyUSB0 com5
ln -s /dev/ttyUSB1 com6
ln -s /dev/ttyUSB2 com7
ln -s /dev/ttyUSB3 com8

This is the main step really – it maps Linux’s serial ports (called tty) to Windows’ COM ports.

 

2) Download XCTU

 

http://ftp1.digi.com/support/utilities/40003002_B.exe

(at the time of writing – this might change.)

 

chmod this file to be executable:

 

chmod 755 <filename>

 

3) Open XCTU installer with wine program loader

Right click the file in folder view, open with Wine program loader,

follow install dialogue, no surprises or probs there.

 

4) Insert USB gateway with xbee module on it

 

Check which port it connects to by doing

ls -ltr /dev/tty*

or

grep USB /var/log/syslog

 

5) Start x-ctu via wine menu.

 

It should open without probs.

 

6) What will not work

 

Automatic firmware updates via web do not seem to work – you will have to get firmware updates manually, from

 

http://www.digi.com/support/productdetail?pid=3661 (at the time of writing, 20 feb 2012) and put the zip files in the xctu updates directory, e.g.

<yourhome>/.wine/drive_c/Program Files/Digi/XCTU/update

 

Then add them via the XCTU menu item

 

“Downlaod new versions” >> “from file”

 

7) Examples, screenshots

 

then follow the typical xbee modem configuration process, as described elsewhere, e.g. in pdf linked above or Rob Faludis book,

http://shop.oreilly.com/product/9780596807740.do

 

In order to communicate, XBee modules must use:

 

Here s some examples of my settings with some screenshots.
set BAUDRATE 38400
use API

 

 

PC settings, user com port – add our port here:

 

 

 

TEST QUERY MODEM answers OK

 

 

Modem Configuration – Read

Set Function Set ZIGBEE ROUTER API
Set PAN ID = 666
Channel = yr choice

SERIAL INTERFACING

Baud rate 38400 = 5
API = 2

Addressing

DH and DL both = 0

 

How to boot from USB in virtualbox on Ubuntu

Posted on | May 13, 2011 | 1 Comment

How to boot from USB in virtualbox
Useful for quick testing of USB boot media, flexible plug’n’play of guest operating systems, and so on.
Tested for various Ubuntu 9/10, virtualbox 3.1.6/4
Prepare:
$ su
# mkdir /root/.VirtualBox/HardDisks
# VBoxManage internalcommands createrawvmdk -filename /root/.VirtualBox/HardDisks/usbdisk.vmdk -rawdisk /dev/sdb1
So, you tell virtualbox to see the USB drive as a disk, which you then boot from.
Open virtualbox
# virtualbox
Make new machine, choose “Existing harddisk” and point at the one you created.

Useful for quick testing of USB boot media, flexible plug’n’play of guest operating systems, and so on.

Tested for various Ubuntu 9/10, virtualbox 3.1.6/4.0.6

Prepare:

$ su

# mkdir /root/.VirtualBox/HardDisks

# VBoxManage internalcommands createrawvmdk -filename \
/root/.VirtualBox/HardDisks/usbdisk.vmdk \
-rawdisk /dev/sdb1

Note: all in one line! the last bit, the device name, needs to point at your USB drive. In this case /dev/sdb1 – yours will be different!

So, you tell virtualbox to see the USB drive as a disk, which you then boot from.

Open virtualbox:

# virtualbox

Make new machine, choose “Existing harddisk” and point at the one you created.

Thats all.

Thanks, Three Wise Men http://www.twm-kd.com/software/boot-virtualbox-machine-from-a-usb-flash-drive/

Testing new fitPC2i

Posted on | April 14, 2011 | No Comments

Install Ubuntu Desktop 10.04.2 on fitPC2i
Insert HD
Insert bootable USB with Ubuntu
With 2microUSB on front panel – you have 4 USB total – nice.
Installs without problem.
user: kopan
password: br34th3
Wireless not recognized.*
Run full update, a.o. new kernel packages
* We will try this guide:
http://xlcwu.wordpress.com/2010/07/09/build-rt3070-kernel-module-on-ubuntu-10-04-lucid-lynx/

Install Ubuntu Desktop 10.10 on fitPC2i

Note: Initially i planned to use 10.04.2, but the fact that the RT2x00 wireless drivers (needed for RT3070 thats inside the fitPC2i) are in kernel from 2.6.33 and up makes it worth using 10.10. imho.

Version with 1.6 GHz/1GB

HD 160 GB SATA 2,5″

  • Insert HD
  • Insert bootable USB with Ubuntu
  • With 2 microUSB on front panel – you have 4 USB total – nice.
  • Installs without problem.
  • Wireless: module rt2870sta loads automagically, works fine. http://wiki.debian.org/rt2870sta
  • Run full update – all good.

Temperature still seems a bit worrying … metal case is just about too hot to touch.

IPv6 tunnel via gogo6 on Ubuntu 9.10

Posted on | March 30, 2011 | No Comments

The following is a short summary guide on making a ipv6 tunnel via http://gogonet.gogo6.com/ work on Ubuntu 9.10 Karmic Koala, for those of us who are not on 10.10 yet.

It makes no assumptions about whether tunneling instead of going generic IPv6 is a good thing to do, or whether it just makes us become lazy and put up with not having IPv6.

Also, it makes no statement about the quality of gogo6/freenet6 tunnels in comparison to other brokers like

The guide is completely based on this one – which i found just works straight forward. Thanks for sharing:

Get a freenet6 account here:

As root:

# apt-get install gw6c radvd

# /etc/init.d/radvd stop

# vi /etc/gw6c/gw6c.conf

like so:

userid=USERID
passwd=PASSWORD
server=broker.freenet6.net
auth_method=any
prefixlen=64
template=linux
if_tunnel_v6v4=freenet6
if_tunnel_v6udpv4=freenet6
if_prefix=eth0 (CHANGE IF NEEDED)
keepalive=yes
keepalive_interval=10
host_type=router (CHANGE TO host IF 1 BOX)

then do

# /etc/init.d/gw6c restart

On first attempt of starting gw6c, i m getting a short re-negotiate of broker:

root@sbut:/home/sebastian/gogoc-1_2-RELEASE# /etc/init.d/gw6c restart
 * Restarting Gateway6 Client gw6c                                                                                                                                                                                                                                                                                           No /usr/sbin/gw6c found running; none killed.
Gateway6 Client v6.0-RELEASE build Sep  7 2009-13:59:46
Built on ///Linux palmer 2.6.24-24-server
#1 SMP Wed Apr 15 16:36:01 UTC 2009 i686 GNU/Linux///
).ceived a TSP redirection message from Gateway6 broker.freenet6.net
(1200 Redirection
The Gateway6 redirection list is
 [ sydney.freenet6.net, amsterdam.freenet6.net, montreal.freenet6.net ].
The optimized Gateway6 redirection list is
[ amsterdam.freenet6.net, montreal.freenet6.net, sydney.freenet6.net ].
Received data is invalid.
Last status context is: TSP authentication.
Finished.

After a retry, everything is fine:

root@sbut:/home/sebastian/gogoc-1_2-RELEASE# ping6 2001:470:1f14:b91::2
PING 2001:470:1f14:b91::2(2001:470:1f14:b91::2) 56 data bytes
64 bytes from 2001:470:1f14:b91::2: icmp_seq=1 ttl=57 time=51.8 ms
64 bytes from 2001:470:1f14:b91::2: icmp_seq=2 ttl=57 time=33.4 ms

You might want to put the best gateway, in my case amsterdam.freenet6.net, into the config file above.

« go backkeep looking »