The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,862 other subscribers

Archive for the ‘Communications Development’ Category

« Previous Entries
Next Entries »

Reverse ssh tunnel between two linux boxes to allow RDP traffic over port 3389

Posted by jpluimers on 2017/06/12

You know the drill: site that limits incoming traffic and has painful VPN. Luckily this time outgoing ssh traffic on port 22 was allowed (because they do SFTP which is SSH File Transfer).

Since I’ve outside Linux boxes and could run a Linux VM there (all Tumbleweed based), this allowed me to do a reverse SSH tunnel. Those are always a bit confusing, but this set of drawings really helps: What’s ssh port forwarding and what’s the difference between ssh local and remote port forwarding – Unix & Linux Stack Exchange [WayBack].

Which brings me to a statement like this:

ssh -o "ExitOnForwardFailure yes" -R :3389:192.168.199.114:3389 -p 33322 93.184.216.34

That didn’t work: a remote machine could not RDP to port 3389, but a local telnet localhost 3389 would. The reason is that by default sshd binds a remote port to the local address only and not the wildcard addres.

So you have to open up the remote config a bit: at least /etc/sshd_config and most likely also your firewall.

Read the rest of this entry »

Posted in *nix, Communications Development, Development, Internet protocol suite, Linux, openSuSE, Power User, SSH, SuSE Linux, TCP, Tumbleweed | Leave a Comment »

URLs and domains that OS-es use to detect Captive Portals

Posted by jpluimers on 2017/05/11

OS X

Android / Chromebook:

  • clients3.google.com

iOS 6:

  • gsp1.apple.com
  • *.akamaitechnologies.com

iOS 7:

  • www.appleiphonecell.com
  • www.airport.us
  • *.apple.com.edgekey.net
  • *.akamaiedge.net
  • *.akamaitechnologies.com

iOS 8/9:

Windows

Amazon Kindle (Fire)

OS X settings are in:

  • /Library/Preferences/SystemConfiguration/CaptiveNetworkSupport/Settings.plist

--jeroen

via:

Posted in Captive Portal, Communications Development, Development, Hardware, Internet, Internet protocol suite, Network-and-equipment, Power User, Software Development, TCP | Leave a Comment »

Building `libssh2` for Windows (Win32/Win64) is a lot harder than I hoped for

Posted by jpluimers on 2017/05/09

Building libssh2 for Windows (Win32/Win64) is a lot harder than I hoped for.

There were no instructions on their website, there was the occasional “use CMake” at and that was about it.

Of course running just CMake doesn’t work and getting it working involves a lot of non-descriptive error messages, cursing and fruitless searches for them just bumping into “me too” threads not really providing the solution.

I tried building OpenSSL but after building, no `lib` directory appears so I cannot satisfy the dependencies. Not sure what OpenSSL would bring as I could not find any documentation about it either, so I’ll leave it at that.

Might be that `make test` for OpenSSL doesn’t succeed because some vague non-explained error which is odd when doing this on an almost prestine VS 2015 Community Edition VM.

But I’ll take that up with the OpenSSL people one day.

Oh the joy of Open Source…

Below are the steps (below the –more– mark a gist with the most recent version).

The core are these:

  • you need git, Visual Studio and CMake
  • use CMake to generate project files, msbuild to build (CBuild cannot build any more)
  • After a Win64 build you have to reset the platform to create a Win32 build

These links helped a lot some in the positive, others in the negative sense:

libssh2-build-steps.rst
  1. Install Visual Studio 2015 community edition from https://www.visualstudio.com/en-us/downloads/download-visual-studio-vs.aspx (as of writing:http://download.microsoft.com/download/D/2/3/D23F4D0F-BA2D-4600-8725-6CCECEA05196/vs_community_ENU.exe or http://download.microsoft.com/download/b/e/d/bedddfc4-55f4-4748-90a8-ffe38a40e89f/vs2015.3.com_enu.iso )
  2. Download CMake via https://cmake.org/download/ back then https://cmake.org/files/v3.6/cmake-3.6.2-win64-x64.msi
  3. Install and ensure to add CMake to the PATH for all users:

https://www.dropbox.com/s/ss5xke97iy4yyka/Screenshot%202016-09-13%2009.36.54.png?raw=1

  1. Run this script on a new command-line: 
    git clone https://github.com/libssh2/libssh2.git
pushd libssh2
mkdir buildWin64
pushd buildWin64
:: Generate build for MSVS 2015
cmake .. -G"Visual Studio 14 Win64" -D"BUILD_SHARED_LIBS=1"

:: this fails bitching about v100 not being there:
:: cmake --build . --config "Visual Studio 14 Win64"
:: this just works:
set Platform=
call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\amd64\vcvars64.bat"
call msbuild libssh2.sln
dumpbin /headers example\Debug\libssh2.dll | find "machine"
popd
mkdir buildWin32
pushd buildWin32
:: Generate build for MSVS 2015
cmake .. -G"Visual Studio 14" -D"BUILD_SHARED_LIBS=1"

set Platform=
call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin\vcvars32.bat"
call msbuild libssh2.sln
dumpbin /headers example\Debug\libssh2.dll | find "machine"
popd
popd

Source: Building libssh2 for Windows (Win32/Win64) is a lot harder than I hoped for

–jeroen

Read the rest of this entry »

Posted in Communications Development, Development, Internet protocol suite, OpenSSL, Power User, Security, SSH, TCP | Leave a Comment »

The SSH Port 22 story

Posted by jpluimers on 2017/04/28

The story isn’t a catch-22, but it is still fun to read:

SSH port is 22. The history of how I (Tatu Ylonen) got it. How to configure it through firewalls and iptables.

It also shows how agile the Internet was back then.

Source: [Archive.isSSH Port

Via: [WayBack] “The SSH (Secure Shell) port is 22. It is not a co-incidence. This is a story I (Tatu Ylonen) haven’t told before.” https://www.ssh.com/ssh/port – This is why I Code – Google+

–jeroen

Posted in Development, History, Internet protocol suite, Software Development, SSH, TCP | Leave a Comment »

Mac OS X – serial communication programs

Posted by jpluimers on 2017/03/30

Some links that helped me getting FTDI USB serial communication to Raspberry Pi systems going:

–jeroen

Posted in Apple, Communications Development, Development, Hardware Development, Hardware Interfacing, iMac, Legacy Ports: COM, Mac, Mac OS X / OS X / MacOS, MacBook, MacBook Retina, MacBook-Air, MacBook-Pro, MacMini, OS X 10.10 Yosemite, OS X 10.9 Mavericks, Power User, Raspberry Pi, USB | Leave a Comment »

Some ChromeCast URLs

Posted by jpluimers on 2017/02/01

I need to check these against a Chromecast v2 as the below URLs are from a v1 device:

More is possible by using cURL: Chromecast Hacking Has Begun | fiquett.com

sleep 8h; while true; do
curl -H "Content-Type: application/json" http://192.168.71.113:8008/apps/YouTube -X POST -d 'v=somevideo';
done

Related:

–jeroen

via:

Thoughts on a Chromecast Alarm app?
byu/akhilcacharya inChromecast

Posted in Chromecast, Communications Development, Development, Google, Hardware Interfacing, HTTP, https, Internet protocol suite, REST, Security, TCP | 3 Comments »

Some notes and links on hacking a Philips TVs TCP ports

Posted by jpluimers on 2017/01/25

In my case this is about a Philips 42PFL7676H TV, but this likely applies to many Philips TVs from the 2009-2012 era.

According to nmap, these ports are open:

PORT STATE SERVICE REASON VERSION
1925/tcp open unknown syn-ack
2323/tcp open 3d-nfsd? syn-ack
49153/tcp open upnp syn-ack Philips Intel UPnP SDK 1.4 (Philips Smart TV; UPnP 1.0; DLNADOC 1.50)

TCP port 1925 is actually implementing the jointSPACE REST API over HTTP which has some nice documentation (also locally on your TV).

PCremote implements this and is easy to install: just download (or git clone) the html locally or to a web-server and try it, or even easier: browse to the www.netdata.be/tv site. You can even use it on your Raspberry Pi. There is also support for jointSPACE it in agocontrol.

Two nice threads about it from the Philips support forum:

TCP port 2323 seems to be the voodooport which should enable you to do DirectFB Voodoo.

Jean-Marc Harvengt (software engineer at Philips) showed a nice demo (see video below) on using VooDoo. I wish he had published the source code.

TCP port 49153 also hosts an HTTP server. The base URL I could find information about is 192.168.71.115:49153/nmrDescription.xml It seems that nmrDescription.xml has to do with DLNA and upnp.

Later on I found that my brothers 32PFL7675H TV should also support JointSPACE, but that it had to be activated:

AFTER upgrading to the new firmware, jointSPACE NEEDS TO BE ACTIVATED by entering the following digits sequence while watching TV (WatchTV activity): “5646877223

Source: jointSPACE TVs Developers

Before activation, only port was open 49153. After that, port 2323 was open as well. But the www.netdata.be/tv app doesn’t work on this TV. This does work however: Philips MyRemote – Android Apps on Google Play

–jeroen

Read the rest of this entry »

Posted in Communications Development, Development, Hardware Interfacing, HTTP, Internet protocol suite, REST, TCP | Leave a Comment »

linux port forwarding to external ip – Google Search

Posted by jpluimers on 2017/01/20

For my Link Archive via linux port forwarding to external ip – Google Search:

Need to look at this more closely, but it looks like you need PREROUTING, FORWARD and POSTROUTING and two NATs (DNAT and SNAT), as this graph from Port Forwarding Using iptables – SysTutorials shows:

PACKET IN
    |
PREROUTING--[routing]-->--FORWARD-->--POSTROUTING-->--OUT
 - nat (dst)   |           - filter      - nat (src)
               |                            |
               |                            |
              INPUT                       OUTPUT
              - filter                    - nat (dst)
               |                          - filter
               |                            |
               `----->-----[app]----->------'

–jeroen

Posted in *nix, *nix-tools, Internet, Internet protocol suite, iptables, Linux, openSuSE, Power User, routers, SuSE Linux, TCP | Leave a Comment »

Getting A or better grading on SSL Labs HTTPS tests

Posted by jpluimers on 2016/12/30

Now that everyone has had enough time to get proper TLS certificates using for instance LetsEncrypt, it’s time to up the ante: score better than an A on the SSL Labs tests from either their main site or dev site:

Here are some links to get there:

–jeroen

Posted in *nix, Apache2, Communications Development, Development, Encryption, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, TCP, TLS | Leave a Comment »

WinSCP can be embedded and scripted as can PSFTP but not FileZilla

Posted by jpluimers on 2016/12/01

In a quest to perform SFTP in Delphi next to FTP, I first researched what I was up against. A tiny voice in the back of my head said “SFTP is totally unlike FTP” and it was right: SFTP means SSH File Transfer Protocol, not Simple File Transfer Protocol nor FTP over SSH nor FTP over SSL aka FTPS – the latter is supported by Indy but the former isn’t.

I decided against SecureBlackBox (providing SFTPBlackbox) and IPWorks (SSH) as I tried both a while ago for S/MIME support and was disappointed about both the lack of features and documentation; in the end I went for wrapping OpenSSL for the “encrypt-then-sign” process and Indy for the SSMTP part. The merger of the SecureBlackBox and IPWorks made me even less happy.

The Chilkat alternative for SFTP isn’t too compelling either: ActiveX or DLL black-box without a lot of insight on how many people do use it.

So when I had to do SFTP and knew there are no free or open source SFTP components for Delphi available I opted for thinking outside the Delphi realm.

My basic idea was to embed either of these:

  1. Filezilla (as Filezilla on Windows is waaaay faster than WinSCP)
  2. WinSCP (a Windows SCP and SFTP client written in C++ Builder)
  3. PSFTP (the Putty SFTP client)

FileZilla

FileZilla internally uses FzSFtp.exe which is based on PSFTP code (but with some buffers making it faster than PSFTP or WinSCP).

According to the author, neither FzSFtp.exe nor FileZilla can be automated:

FileZilla cannot make any automated transfers at all. Neither FileZilla.exe nor fzsftp.exe (is for SFTP) can be used for any batch processing.

Source: run filezilla tzsftp from batch command line – FileZilla Forums

The WinSCP author commented in a similar fashion:

FileZilla does not have any command line arguments (nor any other way) that allow automatic transfer.

Source: windows – Command line option to download file in FileZilla – Stack Overflow

In addition, FileZilla is always a GUI program, so running it as a console app (which I’d prefer) would be impossible.

WinSCP

WinSCP can be automated in two ways:

  1. The WinSCP.exe command-line allows for a /console and /script switch enabling scripting mode that you can use for Scripting and Task Automation :: WinSCP
  2. A wrapper around WinSCP.exe is availble as WinSCP .NET Assembly and COM Library :: WinSCP which requires both .NET to be installed and (from Delphi) calling through COM which I don’t like much

Since I already had good Delphi wrapping code round starting/waiting-for running processes, I’d opt for using WinSCP.com scripting.

There used to be wrapping code around: Use with Delphi :: Support Forum :: WinSCP

PSFTP

These Using PSFTP to transfer files securely links should get me going:

Chapter 6: Using PSFTP to transfer files securely

Practical examples:

Source locations

For my own reference, the open source locations:

Some semi-random Delphi SSL related postss

During the search above I found the below links that will be useful to me one day:

–jeroen

Posted in .NET, Delphi, Development, Software Development, SSH, TCP | 5 Comments »

« Previous Entries
Next Entries »