Setup a Raspberry Pi TOR proxy

This is not a real HOW TO, it’s a two-step guide for setting up a Raspberry PI (with a wifi usb adapter) in order to create an easy-to-use TOR proxy on a WiFi Access Point.
Two simple steps:

  1. Create a Wifi Access Point on your Raspberry following this guide: https://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point/install-software https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md
  2. Install and configure TOR using this git repo: https://github.com/sarbyn/tor_box/blob/master/README.md

So simple!

Kali linux Post-IT

This is another personal Post-IT about some kali linux tools. Every time I forgot the various options or steps in order to do some basic tasks.

This is NOT an Hacker HOW-TO. Remember to use those tools only on your own network and on your own device as target!

Ettercap for dummies

  • Open Ettercap and select Sniff –> Unified sniffing (CTRL + U)
  • Scan for hosts (CTRL + S)
  • Open hosts list (CTRL + H) and select your target as TARGET 1
  • Open Mitm –> ARP posioning  —> select “Sniff remote connections”
  • Stop sniffing (Maiusc + CTRL + E) and start again (Maiusc + CTRL + W)
  • View connections (Maiusc + CTRL + C)

Bettercap for dummies

Install “.bettercap/bettercap-ca.pem” certificate on target device. No needs to set iptables rules or run aprspoof. Remember some bettercap command line options:

  • -T <target ip>
  • -I <interface>
  • -X (enables sniffing)
  • –proxy (enables http proxy)
  • –proxy-https (enables https proxy)
  • –log <logfile>
  • -P ‘<parser name>’
  • –full-duplex
  • –log-http-response

Unpack, modify and rebuild an APK

This is NOT an “Android hacker HOW-TO”. This is only a quick reference for myself.

  • Step 1 : decompile APK using apktool d -f -r app_name.apk
  • Step 2 : delete the original apk
  • Step 2 : Modify SMALI files
  • Step 3 : Rebuild apk using apktool b app_name
  • Step 4 : Generate a signing key with keytool -genkey -keystore test.keystore -validity 10000 -alias test
  • Step 5 : Sign the new APK jarsigner -keystore test.keystore -verbose app_name.apk test
  • Step 7 : Install apk and enjoy!
apktool d -f -r app_name.apk
delete app_name.apk
--- modify smali files ---
apktool b app_name
keytool -genkey -keystore test.keystore -validity 10000 -alias test
jarsigner -keystore test.keystore -verbose app_name.apk test
adb install -r app_name.apk

Install KODI on raspiNAS

My raspiNAS is based on a raspberry pi 2, with 1GB of ram and a 4core ARM processor, a more powerful board able to run a NAS and also a full HD media center. So in order to simplify my home setup and remove a raspberry I’ve decided to merge the KODI mediacenter (based on OSMC) into the raspiNAS board.

We have to create the group “input” if it doesn’t exist.

sudo addgroup --system input

Edit the file

sudo nano /etc/udev/rules.d/99-input.rules

enter the following text and save it:

SUBSYSTEM==input, GROUP=input, MODE=0660
KERNEL==tty[0-9]*, GROUP=tty, MODE=0660

Create & edit the following file:

sudo nano /etc/udev/rules.d/10-permissions.rules

enter this text and save it:

# input
KERNEL=="mouse*|mice|event*",   MODE="0660", GROUP="input"
KERNEL=="ts[0-9]*|uinput",     MODE="0660", GROUP="input"
KERNEL==js[0-9]*,             MODE=0660, GROUP=input
# tty
KERNEL==tty[0-9]*,            MODE=0666
# vchiq
SUBSYSTEM==vchiq,  GROUP=video, MODE=0660

Run the following commands for user pi (if you haven’t changed your user name):

sudo usermod -a -G audio pi
sudo usermod -a -G video pi
sudo usermod -a -G input pi
sudo usermod -a -G dialout pi
sudo usermod -a -G plugdev pi
sudo usermod -a -G tty pi

To play full HD video in Kodi, you have to set

gpu_mem=160

in /boot/config.txt (or higher) and reboot the board.

Now install kodi with:

sudo apt-get install kodi

Edit /etc/default/kodi in order to start kodi at boot:

# Set this to 1 to enable startup
ENABLED=1

# The user to run Kodi as
USER=pi

# Adjust niceness of Kodi (decrease for higher priority)
NICE=-5

Source: https://www.raspberrypi.org/forums/viewtopic.php?t=99866

Allow SSH trafic from local net and from a specific IP

I need to connect to my raspiNAS server from the local network and from a specific IP (my office IP address) but I don’t want to let it open to the world. So the steps are:
Configure a NAT rule in order to enable TCP port fowarding
Let’s play with iptables

# iptables -A INPUT -s OFFICE_IP/32 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j DROP

Setup iptables at boot:

sudo bash -c 'iptables-save > /etc/network/iptables'
sudo nano /etc/network/interfaces

At the bottom add

pre-up iptables-restore < /etc/network/iptables

Error building i9515 kernel

My linux build machine died some days ago, and then I lost my working build environment.
Luckily I found this helpful post on XDA with a working VM out-of-the-box and then, after the usual repo sync… I found a strange error during kernel build

/bin/sh: -c: line 0: syntax error near unexpected token `('
/home/android/i9515/kernel/samsung/jf/scripts/Makefile.build:307: recipe for target 'scripts/mod/empty.o' failed

Changing the /bin/sh from /bin/dash to /bin/bash the error changes a little bit and shows some other infos

/bin/sh: -c: line 0: `set -e; echo ' CC scripts/mod/empty.o'; /home/android/i9515/kernel/samsung/jf/scripts/gcc-wrapper.py /home/android/i9515/prebuilts/misc/linux-x86/ccache/ccache /home/android/i9515/prebuilts/gcc/linux-x86/arm/arm-eabi-4.9/bin/arm-eabi-gcc -Wp,-MD,scripts/mod/.empty.o.d -nostdinc -isystem ccache: FATAL: /home/android/i9515/prebuilts/gcc/linux-x86/arm/arm-eabi-4.9/bin/arm-eabi-gcc: execv returned (No such file or directory)
[...]

So…this is simple an error with my cross compiler configuration. Google team changes the compiler name from arm-eabi to arm-linux-androideabi, and so it’s very simple to fix.
This is the diff for the “BoardConfigCommon.mk” file

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 872bdc9..fe64f87 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -43,8 +43,8 @@ BOARD_MKBOOTIMG_ARGS := --ramdisk_offset 0x02000000
BOARD_KERNEL_PAGESIZE := 2048
TARGET_KERNEL_CONFIG := cyanogen_jfve_defconfig
TARGET_KERNEL_SOURCE := kernel/samsung/jf
-KERNEL_TOOLCHAIN := $(ANDROID_BUILD_TOP)/prebuilts/gcc/$(HOST_OS)-x86/arm/arm-eabi-4.9/bin
-KERNEL_TOOLCHAIN_PREFIX := arm-eabi-
+KERNEL_TOOLCHAIN := $(ANDROID_BUILD_TOP)/prebuilts/gcc/$(HOST_OS)-x86/arm/arm-linux-androideabi-4.9/bin
+KERNEL_TOOLCHAIN_PREFIX := arm-linux-androideabi-

RaspiNAS – DIY nas with a Raspberry

After more than one year with my NAS build over an ALIX, I bought a Raspberry pi 2 and I want to check if the “USB POWER BUG” is resolved now.

I don’t need an high speed NAS so the speed issue with the shared PCI link between USB hub and network adapter is not so important.

Advantages of a Raspberry pi 2 setup are:

  • Less power consumption: raspberry drain half the power of an Alix card
  • Flexibility: 4 USB ports instead of 2
  • Smaller: Raspberry Pi 2 is smaller than Alix board

So this is a copy&paste from my previous post, adapted for the new environment

Install Raspbian lite

Go to Raspbian download page and download the lite version

Install VIM
# apt-get install vim
Add new user
# useradd -m -s /bin/bash sarbyn
# passwd sarbyn
Add user to sudo
# visudo --- add user
Install NTFS-3G
# apt-get install ntfs-3g
Fstab and volumes
# mkdir /mnt/TimeMachine
# mkdir /mnt/MUSIC
# chown sarbyn:sarbyn /mnt/MUSIC
# chown sarbyn:sarbyn /mnt/TimeMachine

UUID=206606FF6606D606 /mnt/MUSIC ntfs-3g   rw,defaults     0       0
UUID=03c90579-88f0-4478-ae8d-adc64972a07d /mnt/TimeMachine ext4 defaults 0 0
Samba
# apt-get install samba samba-common-bin
# service samba stop
# mv /var/lib/samba /var/tmp/samba
# ln -s /var/tmp/samba /var/lib/samba
# smbpasswd -a sarbyn
[mnt]
path = /mnt
read only = Yes
guest only = Yes
guest ok = Yes

[mnt_RW]
path = /mnt
read only = No
valid user = sarbyn
browseable = yes
writable = yes
SSH
$ mkdir .ssh
$ chmod 0700 .ssh/
$ cd .ssh
$ ls
$ vim authorized_keys
$ chmod 600 authorized_keys

Disable root login and plaintext login in /etc/ssh/sshd_config file

Transmission
# apt-get install transmission-daemon
# service transmission-daemon start
FIX cracklib config

I don’t know if it is required with new Jessie debian version…but I’ve repeated it

# apt-get install cracklib-runtime
# create-cracklib-dict /usr/share/dict/*

Before
root@voyage:/var/cache/cracklib# ls -la
-rw-r--r-- 1 root root 1024 Oct 4 13:28 cracklib_dict.hwm
-rw-r--r-- 1 root root 16 Oct 4 13:28 cracklib_dict.pwd
-rw-r--r-- 1 root root 16 Oct 4 13:28 cracklib_dict.pwi
-rw-r--r-- 1 root root 65 Oct 4 13:17 src-dicts

AFTER
root@voyage:/var/cache/cracklib# ls -la
-rw-r--r-- 1 root root 1024 Oct 7 22:46 cracklib_dict.hwm
-rw-r--r-- 1 root root 412696 Oct 7 22:46 cracklib_dict.pwd
-rw-r--r-- 1 root root 22968 Oct 7 22:46 cracklib_dict.pwi
-rw-r--r-- 1 root root 65 Oct 4 13:17 src-dicts
# cd /usr/lib/
# root@voyage:/usr/lib# ln -s  /var/cache/cracklib/cracklib_dict.hwm
# root@voyage:/usr/lib# ln -s  /var/cache/cracklib/cracklib_dict.pwd
# root@voyage:/usr/lib# ln -s  /var/cache/cracklib/cracklib_dict.pwi
Netatalk

*DON’T USE NETATALK FROM DEBIAN REPOS*
The older version of netatalk are VERY…VERY unstable. Download the sources from Netatalk site and follow —> this tutorial <—

# apt-get install build-essential libevent-dev libssl-dev libgcrypt11-dev libkrb5-dev libpam0g-dev libwrap0-dev libdb-dev libtdb-dev libmysqlclient-dev avahi-daemon libavahi-client-dev libacl1-dev libldap2-dev libcrack2-dev systemtap-sdt-dev libdbus-1-dev libdbus-glib-1-dev libglib2.0-dev tracker libtracker-sparql-1.0-dev libtracker-miner-1.0-dev 
# apt-get install avahi-daemon

# insserv avahi-daemon
# insserv netatalk
# /etc/init.d/avahi-daemon start
# /etc/init.d/netatalk start

Edit “/usr/local/etc/afp.conf”.

[Global]
; Global server settings
uam list = uams_dhx.so,uams_dhx2.so
set password = yes

[MusicAFP]
    path = /mnt/MUSIC

[TimeMachineAFP]
    path = /mnt/TimeMachine
    time machine = yes

Add user to Netatalk (using the SHORT password)

# afppasswd -an sarbyn
FIX BOOT

The NTFS volume does not mount at boot, so add some lines on /etc/rc.local

# vim /etc/rc.local

service transmission-daemon stop
mount -a
swapon /mnt/MUSIC/swapfile
service transmission-daemon start

# chmod +x /etc/rc.local
NOIP client
# wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
# tar xzf noip-duc-linux.tar.gz
# cd no-ip-2.1.9
# make
# make install
# sudo noip2 -U 60
Install RPI monitor

Rpi monitor is a small web application that shows usage statistics of a raspberry pi board. Install rpi monitor following this link
Configure /etc/rpimonitor/storage.conf in order to setup storage monitoring and edit the /etc/rpimonitor/data.conf in order to include the storage.conf entry.

Optional – MiniDLNA support

If you need miniDLNA support follow this link

Final step – do a MicroSD backup

Now is all setted up but it’s better to do a MicroSD backup using dd

# dd if=DISK of=raspinas-backup.img bs=1m

How to build cm13 on i9515 (Samsung s4 Value Edition) [UPDATED]

XDA user “sombree” has ported CM 13.0 on Samsung Galaxy S4 Value Edition (i9515)

In order to build a working rom you need to add a local manifest with the right device configuration and kernel

mkdir .repo/local_manifests
vim .repo/local_manifests/roomservice.xml

Edit the file and add the following XML

<?xml version="1.0" encoding="UTF-8"?>
<manifest>
  <project name="jfvelte-dev/proprietary_vendor_samsung" path="vendor/samsung" remote="github" />
  <project name="CyanogenMod/android_device_qcom_common" path="device/qcom/common" remote="github" />
  <project name="CyanogenMod/android_device_samsung_qcom-common" path="device/samsung/qcom-common" remote="github" />
  <project name="jfvelte-dev/android_device_samsung_jfvelte" path="device/samsung/jfvelte" remote="github" />
  <project name="jfvelte-dev/android_device_samsung_jf-common" path="device/samsung/jf-common" remote="github" />
  <project name="jfvelte-dev/android_kernel_samsung_jf" path="kernel/samsung/jf" remote="github" />
</manifest>

Then do a simply

brunch jfvelte

Thanks to Sombree for the hints about roomservice.xml and for the porting, of course 🙂

Source: XDA Forum

A simple Android <-> Arduino Bluetooth project

This is a simple project that use a bluetooth channel in order to connect an Android application with an Arduino.
The aim of this sample is:

  • Learn how Bluetooth serial channel works
  • Learn how to configure a bluetooth device on Android
  • Send a string from Arduino to Android (in this example the value of light sensor)
  • Send a byte from Android to Arduino (in this example the LED ON-OFF status)

The Arduino schema is very simple

schema_bb

 

I’ve used an HC-06 bluetooth adapter, the cheapest (and slower) available on ebay. You can find the source code of the android application and Arduino Sketch file on my GITHUB repositories.

Now I’m ready to add bluetooth feature on my “HomeTemp” project.

 

Send email when webcam detects movement

In my previous post I’ve explained how to configure a DIY IP camera using motion.

Now let configure an email alert system that send email upon motion detection and the video recorded. It’s very simple.

First of all, install some software:

sudo apt-get update
sudo apt-get install sendemail libio-socket-ssl-perl libnet-ssleay-perl

If you want to use GMAIL as smtp you need to fix SSL config. Open /usr/share/perl5/IO/Socket/SSL.pm and then change

m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))$}i

to:

m{^(!?)(?:(SSL(?:v2|v3|v23|v2/3))|(TLSv1[12]?))}i

Now change motion.conf file.

# email sent when an event starts
on_event_start sendEmail -f YOURFROMEMAIL@gmail.com -t YOURTOEMAIL@gmail.com -u "[Motion] Event detected" -m "Movement has been detected on: %d %m %Y. The time of the movement was: %H:%M (Hour:Minute). Video will follow" -s smtp.gmail.com -xu YOURGMAIL@gmail.com -xp YOURGMAILPASSWORD -o tls=yes

# send video as attachment
on_movie_end sendEmail -f YOURFROMEMAIL@gmail.com -t YOURTOEMAIL@gmail.com -u "[Motion] video" -m "Video" -s smtp.gmail.com -xu YOURGMAIL@gmail.com -xp YOURGMAILPASSWORD -o tls=yes -a %f