Setup a Raspberry Pi TOR proxy

This is not a real HOW TO, it’s a two-step guide for setting up a Raspberry PI (with a wifi usb adapter) in order to create an easy-to-use TOR proxy on a WiFi Access Point.
Two simple steps:

  1. Create a Wifi Access Point on your Raspberry following this guide: https://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point/install-software https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md
  2. Install and configure TOR using this git repo: https://github.com/sarbyn/tor_box/blob/master/README.md

So simple!

Kali linux Post-IT

This is another personal Post-IT about some kali linux tools. Every time I forgot the various options or steps in order to do some basic tasks.

This is NOT an Hacker HOW-TO. Remember to use those tools only on your own network and on your own device as target!

Ettercap for dummies

  • Open Ettercap and select Sniff –> Unified sniffing (CTRL + U)
  • Scan for hosts (CTRL + S)
  • Open hosts list (CTRL + H) and select your target as TARGET 1
  • Open Mitm –> ARP posioning  —> select “Sniff remote connections”
  • Stop sniffing (Maiusc + CTRL + E) and start again (Maiusc + CTRL + W)
  • View connections (Maiusc + CTRL + C)

Bettercap for dummies

Install “.bettercap/bettercap-ca.pem” certificate on target device. No needs to set iptables rules or run aprspoof. Remember some bettercap command line options:

  • -T <target ip>
  • -I <interface>
  • -X (enables sniffing)
  • –proxy (enables http proxy)
  • –proxy-https (enables https proxy)
  • –log <logfile>
  • -P ‘<parser name>’
  • –full-duplex
  • –log-http-response

Unpack, modify and rebuild an APK

This is NOT an “Android hacker HOW-TO”. This is only a quick reference for myself.

  • Step 1 : decompile APK using apktool d -f -r app_name.apk
  • Step 2 : delete the original apk
  • Step 2 : Modify SMALI files
  • Step 3 : Rebuild apk using apktool b app_name
  • Step 4 : Generate a signing key with keytool -genkey -keystore test.keystore -validity 10000 -alias test
  • Step 5 : Sign the new APK jarsigner -keystore test.keystore -verbose app_name.apk test
  • Step 7 : Install apk and enjoy!
apktool d -f -r app_name.apk
delete app_name.apk
--- modify smali files ---
apktool b app_name
keytool -genkey -keystore test.keystore -validity 10000 -alias test
jarsigner -keystore test.keystore -verbose app_name.apk test
adb install -r app_name.apk

Install KODI on raspiNAS

My raspiNAS is based on a raspberry pi 2, with 1GB of ram and a 4core ARM processor, a more powerful board able to run a NAS and also a full HD media center. So in order to simplify my home setup and remove a raspberry I’ve decided to merge the KODI mediacenter (based on OSMC) into the raspiNAS board.

We have to create the group “input” if it doesn’t exist.

sudo addgroup --system input

Edit the file

sudo nano /etc/udev/rules.d/99-input.rules

enter the following text and save it:

SUBSYSTEM==input, GROUP=input, MODE=0660
KERNEL==tty[0-9]*, GROUP=tty, MODE=0660

Create & edit the following file:

sudo nano /etc/udev/rules.d/10-permissions.rules

enter this text and save it:

# input
KERNEL=="mouse*|mice|event*",   MODE="0660", GROUP="input"
KERNEL=="ts[0-9]*|uinput",     MODE="0660", GROUP="input"
KERNEL==js[0-9]*,             MODE=0660, GROUP=input
# tty
KERNEL==tty[0-9]*,            MODE=0666
# vchiq
SUBSYSTEM==vchiq,  GROUP=video, MODE=0660

Run the following commands for user pi (if you haven’t changed your user name):

sudo usermod -a -G audio pi
sudo usermod -a -G video pi
sudo usermod -a -G input pi
sudo usermod -a -G dialout pi
sudo usermod -a -G plugdev pi
sudo usermod -a -G tty pi

To play full HD video in Kodi, you have to set

gpu_mem=160

in /boot/config.txt (or higher) and reboot the board.

Now install kodi with:

sudo apt-get install kodi

Edit /etc/default/kodi in order to start kodi at boot:

# Set this to 1 to enable startup
ENABLED=1

# The user to run Kodi as
USER=pi

# Adjust niceness of Kodi (decrease for higher priority)
NICE=-5

Source: https://www.raspberrypi.org/forums/viewtopic.php?t=99866

Allow SSH trafic from local net and from a specific IP

I need to connect to my raspiNAS server from the local network and from a specific IP (my office IP address) but I don’t want to let it open to the world. So the steps are:
Configure a NAT rule in order to enable TCP port fowarding
Let’s play with iptables

# iptables -A INPUT -s OFFICE_IP/32 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j DROP

Setup iptables at boot:

sudo bash -c 'iptables-save > /etc/network/iptables'
sudo nano /etc/network/interfaces

At the bottom add

pre-up iptables-restore < /etc/network/iptables

Error building i9515 kernel

My linux build machine died some days ago, and then I lost my working build environment.
Luckily I found this helpful post on XDA with a working VM out-of-the-box and then, after the usual repo sync… I found a strange error during kernel build

/bin/sh: -c: line 0: syntax error near unexpected token `('
/home/android/i9515/kernel/samsung/jf/scripts/Makefile.build:307: recipe for target 'scripts/mod/empty.o' failed

Changing the /bin/sh from /bin/dash to /bin/bash the error changes a little bit and shows some other infos

/bin/sh: -c: line 0: `set -e; echo ' CC scripts/mod/empty.o'; /home/android/i9515/kernel/samsung/jf/scripts/gcc-wrapper.py /home/android/i9515/prebuilts/misc/linux-x86/ccache/ccache /home/android/i9515/prebuilts/gcc/linux-x86/arm/arm-eabi-4.9/bin/arm-eabi-gcc -Wp,-MD,scripts/mod/.empty.o.d -nostdinc -isystem ccache: FATAL: /home/android/i9515/prebuilts/gcc/linux-x86/arm/arm-eabi-4.9/bin/arm-eabi-gcc: execv returned (No such file or directory)
[...]

So…this is simple an error with my cross compiler configuration. Google team changes the compiler name from arm-eabi to arm-linux-androideabi, and so it’s very simple to fix.
This is the diff for the “BoardConfigCommon.mk” file

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 872bdc9..fe64f87 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -43,8 +43,8 @@ BOARD_MKBOOTIMG_ARGS := --ramdisk_offset 0x02000000
BOARD_KERNEL_PAGESIZE := 2048
TARGET_KERNEL_CONFIG := cyanogen_jfve_defconfig
TARGET_KERNEL_SOURCE := kernel/samsung/jf
-KERNEL_TOOLCHAIN := $(ANDROID_BUILD_TOP)/prebuilts/gcc/$(HOST_OS)-x86/arm/arm-eabi-4.9/bin
-KERNEL_TOOLCHAIN_PREFIX := arm-eabi-
+KERNEL_TOOLCHAIN := $(ANDROID_BUILD_TOP)/prebuilts/gcc/$(HOST_OS)-x86/arm/arm-linux-androideabi-4.9/bin
+KERNEL_TOOLCHAIN_PREFIX := arm-linux-androideabi-

RaspiNAS – DIY nas with a Raspberry

After more than one year with my NAS build over an ALIX, I bought a Raspberry pi 2 and I want to check if the “USB POWER BUG” is resolved now.

I don’t need an high speed NAS so the speed issue with the shared PCI link between USB hub and network adapter is not so important.

Advantages of a Raspberry pi 2 setup are:

  • Less power consumption: raspberry drain half the power of an Alix card
  • Flexibility: 4 USB ports instead of 2
  • Smaller: Raspberry Pi 2 is smaller than Alix board

So this is a copy&paste from my previous post, adapted for the new environment

Install Raspbian lite

Go to Raspbian download page and download the lite version

Install VIM
# apt-get install vim
Add new user
# useradd -m -s /bin/bash sarbyn
# passwd sarbyn
Add user to sudo
# visudo --- add user
Install NTFS-3G
# apt-get install ntfs-3g
Fstab and volumes
# mkdir /mnt/TimeMachine
# mkdir /mnt/MUSIC
# chown sarbyn:sarbyn /mnt/MUSIC
# chown sarbyn:sarbyn /mnt/TimeMachine

UUID=206606FF6606D606 /mnt/MUSIC ntfs-3g   rw,defaults     0       0
UUID=03c90579-88f0-4478-ae8d-adc64972a07d /mnt/TimeMachine ext4 defaults 0 0
Samba
# apt-get install samba samba-common-bin
# service samba stop
# mv /var/lib/samba /var/tmp/samba
# ln -s /var/tmp/samba /var/lib/samba
# smbpasswd -a sarbyn
[mnt]
path = /mnt
read only = Yes
guest only = Yes
guest ok = Yes

[mnt_RW]
path = /mnt
read only = No
valid user = sarbyn
browseable = yes
writable = yes
SSH
$ mkdir .ssh
$ chmod 0700 .ssh/
$ cd .ssh
$ ls
$ vim authorized_keys
$ chmod 600 authorized_keys

Disable root login and plaintext login in /etc/ssh/sshd_config file

Transmission
# apt-get install transmission-daemon
# service transmission-daemon start
FIX cracklib config

I don’t know if it is required with new Jessie debian version…but I’ve repeated it

# apt-get install cracklib-runtime
# create-cracklib-dict /usr/share/dict/*

Before
root@voyage:/var/cache/cracklib# ls -la
-rw-r--r-- 1 root root 1024 Oct 4 13:28 cracklib_dict.hwm
-rw-r--r-- 1 root root 16 Oct 4 13:28 cracklib_dict.pwd
-rw-r--r-- 1 root root 16 Oct 4 13:28 cracklib_dict.pwi
-rw-r--r-- 1 root root 65 Oct 4 13:17 src-dicts

AFTER
root@voyage:/var/cache/cracklib# ls -la
-rw-r--r-- 1 root root 1024 Oct 7 22:46 cracklib_dict.hwm
-rw-r--r-- 1 root root 412696 Oct 7 22:46 cracklib_dict.pwd
-rw-r--r-- 1 root root 22968 Oct 7 22:46 cracklib_dict.pwi
-rw-r--r-- 1 root root 65 Oct 4 13:17 src-dicts
# cd /usr/lib/
# root@voyage:/usr/lib# ln -s  /var/cache/cracklib/cracklib_dict.hwm
# root@voyage:/usr/lib# ln -s  /var/cache/cracklib/cracklib_dict.pwd
# root@voyage:/usr/lib# ln -s  /var/cache/cracklib/cracklib_dict.pwi
Netatalk

*DON’T USE NETATALK FROM DEBIAN REPOS*
The older version of netatalk are VERY…VERY unstable. Download the sources from Netatalk site and follow —> this tutorial <—

# apt-get install build-essential libevent-dev libssl-dev libgcrypt11-dev libkrb5-dev libpam0g-dev libwrap0-dev libdb-dev libtdb-dev libmysqlclient-dev avahi-daemon libavahi-client-dev libacl1-dev libldap2-dev libcrack2-dev systemtap-sdt-dev libdbus-1-dev libdbus-glib-1-dev libglib2.0-dev tracker libtracker-sparql-1.0-dev libtracker-miner-1.0-dev 
# apt-get install avahi-daemon

# insserv avahi-daemon
# insserv netatalk
# /etc/init.d/avahi-daemon start
# /etc/init.d/netatalk start

Edit “/usr/local/etc/afp.conf”.

[Global]
; Global server settings
uam list = uams_dhx.so,uams_dhx2.so
set password = yes

[MusicAFP]
    path = /mnt/MUSIC

[TimeMachineAFP]
    path = /mnt/TimeMachine
    time machine = yes

Add user to Netatalk (using the SHORT password)

# afppasswd -an sarbyn
FIX BOOT

The NTFS volume does not mount at boot, so add some lines on /etc/rc.local

# vim /etc/rc.local

service transmission-daemon stop
mount -a
swapon /mnt/MUSIC/swapfile
service transmission-daemon start

# chmod +x /etc/rc.local
NOIP client
# wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
# tar xzf noip-duc-linux.tar.gz
# cd no-ip-2.1.9
# make
# make install
# sudo noip2 -U 60
Install RPI monitor

Rpi monitor is a small web application that shows usage statistics of a raspberry pi board. Install rpi monitor following this link
Configure /etc/rpimonitor/storage.conf in order to setup storage monitoring and edit the /etc/rpimonitor/data.conf in order to include the storage.conf entry.

Optional – MiniDLNA support

If you need miniDLNA support follow this link

Final step – do a MicroSD backup

Now is all setted up but it’s better to do a MicroSD backup using dd

# dd if=DISK of=raspinas-backup.img bs=1m