Andreas Happe: linux
Building a 4G/LTE router+accesspoint using hostapd, network-manager and modemmanager
So I’ve been using a Raspberry Pi 4b+ together with a WaveShare LTE Modem as 4G router/access-point for my home network setup. I do like my hardware to be quiet and thus fan-less, alas the Raspberry Pi 4b+ gets a tad on the warm side. So this was a perfect opportunitiy to play around with an older Raspberry Pi 3b+ which should use approx. 20-25% less power (both, during idle and load) and with “new” software.
Create a new Ubuntu 20.10 Desktop without too much Ubuntiness.
After I’ve bought a new and fast 1TB SSD, it’s time to setup my aging Desktop again. Last time I went with Fedora Core, this time I will try to reduce some of the ubuntu-iness of a Ubuntu 20.10 Desktop for that. After preliminary tests Ubuntu seems to be more resource efficient than Fedora Silverblue and I should be able to remove most of Ubuntu’s problematic packages. Given that my Notebook still runs Fedora Core, I’m also keeping in touch with both the Ubuntu/Debian as well as with the Redhat/Fedora world through that.
Amazing (Physical) Access Control with HID RFID cards
So my company moved to a new building which uses HID RFID cards for access control. These cards are typically white with some sort of numeric code printed on one side of them. I have not included an image of my card due to (later) obvious reasons.. Setting up my Proxmark3 RDV4 reader Some time ago I joined the Kickstarter for an updated version of the Proxmark3 RFID reader/writer and immediately broke it during the initial flash update.
Revising my lazy http/https interception setup
I’ve wrote about about creating a simple wireless (WLAN for us right-pondian) http/https interception setup before. Mostly I’m using this as a first step when testing mobile/desktop applications. Linux’ network-manager is perfectly able to create an software access-point with most modern network cards. Alas GNOME’s configuration tool only allows for the creation of ad-hoc networks (and switching to KDE for just this is a bit overkill for me) so you have to setup the access point on the command line with nmtui or nmcli.
Fun Hacking Stuff ahead
Recently I’ve found an old post-it with guidelines I wrote myself a couple of years back, two of those stood out: make mistakes don’t buy stupid stuff Seems like I haven’t been the most consistent person back then. The post-it got discovered during a clean-up session of my flat, the same session brought up the following stupidly-bought-and-never-used gadgets: one BBC micro:bit that should be able to capture Bluetooth Low Energy transmissions one Proxmark 3 RV4 that should be able to do some nifty RFID stuff (and that I was recently able to fix) one Realtek Software-Defined Radio USB Stick (rtl-sdr).
GnuPG/PGP and Evolution/Seahorse Private Key Woes
I have a quite simple setup: Fedora 23 on my Desktop, Ubuntu 16.04 on my Notebook and a YubiKey thrown into the mix. I do have my normal GnuPG key DD436203 that I’m using. There’s also an old and revoked key 3F5D00B6 with which I was testing my YubiKey with (note to myself: don’t use an YubiKey-crested private key as you cannot backup it). My main key offers an ElGamal 2048bit subkey – which does not work with the Yubikey (as that only supports 2048bit RSA).
How (NOT) to hide OpenVPN behind HTTPS/SSL
Update 2017: Sadly I found out (thanks due to the comments on this blog post) that using port-share does not encapsulates subsequent traffic in normal TLS. So using this method will not fool Deep-Package Inspection Firewalls. If you need to mask all your traffic, this is not an option – you might need to investigate stunnel, information can be found here, here or here. I assume, that the higher success rate of this method could be related to some firewalls checking the target of the initial https request.
Firejail: Chroot on Speed
Firejail describes itself as a SUID program that reduces the risk of security breaches by restricing the running environment of running programs. We’ll just call it chroot or jail (for the BSDers out there).<!– more –> So, it’s SUID? First things first: it’s SUID, so if there’s an error within the firejail binary an attacker can gain root rights. This comes with the territory. How large is Firejail and how many dependencies does it have?
pathogen vs vundle
Pathogen was the first vim plugin management system that I’ve known of. The contender is Vundle which seems to be inspired in it’s configuration syntax (and name) by Ruby’s Bundler. So let’s compare those two. Pathogen Pathogen’s workings are quite easy to grasp: each plugin is a directory within “~/.vim/bundle/”; pathogen traverses through the plugin list and includes each one of them. Let’s see a sample directory: 1 2 3 4 5 6 7 [~/.
Capybara for automating Pen-Tests
After a successful penetration test a re-test is performed. The common approach is that the customer fixes the code and I perform the necessary steps to confirm that that initial security breach was closed. Sometimes it takes the customer a couple of tries to achieve that. Most security problems (XSS, CSRF, SQLi) can easily be automated tested, but I had problems automating server-side authentication and authorization problems. The test would have to emulate multiple parallel user sessions.