The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘Hardware’ Category

« Previous Entries
Next Entries »

The woods and trees of OpenSuSE on single-board computers – image abbreviations – and getting it installed using OS X

Posted by jpluimers on 2017/02/27

Finding the right image

There are many single-board computers on the OpenSuSE hardware-compatibility list (HCL), including:

A lot of them have ready to go images, often for Tumbleweed, however none of the pages explain the below image differences hence the one-line for each:

Since I wanted a headless system, JeOS was what I needed.

As it wasn’t available for my ODroid C1+ but was for my Raspberry Pi 2 and as my main machine is a 15″ Retina MacBook Pro Late 2013 [WayBack] below are the steps I used to get the image working.

Installing the Raspberry Pi 2 image using OS X

The below Raspberry Pi2 link will redirect to the correct image in the generic download directory http://download.opensuse.org/repositories/devel:/ARM:/Factory:/Contrib:/RaspberryPi2/images/

http://download.opensuse.org/repositories/devel:/ARM:/Factory:/Contrib:/RaspberryPi2/images/openSUSE-Tumbleweed-ARM-JeOS-raspberrypi2.armv7l.raw.xz

For other Raspberry Pi versions, you can find them here:

http://download.opensuse.org/repositories/devel:/ARM:/Factory:/Contrib:/RaspberryPi3/images/openSUSE-Tumbleweed-ARM-JeOS-raspberrypi3.aarch64.raw.xz

http://download.opensuse.org/ports/armv6hl/tumbleweed/images/openSUSE-Tumbleweed-ARM-JeOS-raspberrypi.armv6l-Current.raw.xz

I installed on a 8 gigabyte SD card that revealed itself as /dev/disk1 using this diskutil command (via osx – List all devices connected, lsblk for Mac OS X – Ask Different [WayBack])

diskutil list

So this wrote the image to SD card in a sudo su - prompt:

targetDevice="disk2"
unxz --keep openSUSE-Tumbleweed-ARM-JeOS-raspberrypi2.armv7l-2016.08.20-Build2.1.raw.xz; \
diskutil umount "/dev/${targetDevice}s1"; \
dd bs=1m of="/dev/r${targetDevice}" if=openSUSE-Tumbleweed-ARM-JeOS-raspberrypi2.armv7l-2016.08.20-Build2.1.raw; \
sync; \
diskutil list; \
diskutil eject "/dev/${targetDevice}"

or if you want to select which image to “burn”:

targetDevice="disk2"
imageName="openSUSE-Tumbleweed-ARM-JeOS-raspberrypi2.armv7l-2016.08.20-Build2.1.raw"
imageName="openSUSE-Tumbleweed-ARM-JeOS-raspberrypi.armv6l-2016.11.23-Build2.22.raw"
imageName="openSUSE-Tumbleweed-ARM-JeOS-raspberrypi3.aarch64-2017.01.12-Build3.2.raw"
unxz --keep ${imageName}.xz; \
diskutil umount "/dev/${targetDevice}s1"; \
dd bs=1m of="/dev/r${targetDevice}" if=${imageName}; \
sync; \
diskutil list; \
diskutil eject "/dev/${targetDevice}"

A few notes:

Read the rest of this entry »

Posted in *nix, Development, Hardware, Hardware Development, Linux, Odroid, openSuSE, Power User, Raspberry Pi, Single-Board Computers, SuSE Linux, Tumbleweed | 1 Comment »

inversepath/usbarmory: USB armory: open source flash-drive-sized computer

Posted by jpluimers on 2017/01/26

Source: Inverse Path - USB armory

Source: Inverse Path – USB armory

usbarmory – USB armory: open source flash-drive-sized computer

Roughly EUR 100 excluding, SD card, host adapter and enclousure.

Source: inversepath/usbarmory: USB armory: open source flash-drive-sized computer

Since I was talking about security anyway…. this is a nice toy for breaking open laptops or desktops when the administrator forbade the installation of software, or you want software on it executed. This is often the case with company devices, e.g. the laptops which are supplied by banks to their 3rd party suppliers. Outsourcing is cool, remember?

This is a computer on a stick which can run a Linux kernel. In combination with some USB gadget kernel modules, it can be configured to authenticate itself as any device. All you need to do is plug it in, and iterate by brute force through the device identifiers until you hit one which is accepted to be used. Store the statically linked software you want to install or run on the stick beforehand, and here you go. So if you ever need a SSH client on a “secure” Windows laptop… putty.exe FTW.

Posted by Ralf Ramge – Google+

–jeroen

via: Since I was talking about security anyway…. this is a nice toy for breaking open laptops or desktops when the administrator forbade the installation of… – Kristian Köhntopp – Google+

Posted in *nix, Hardware, Pen Testing, Power User, Security, USB | Leave a Comment »

Convert FRITZ!Box 7360 to Managed Switch (or even Access Point) having it’s own IP address: Setting up the FRITZ!Box as an IP client – via AVM International

Posted by jpluimers on 2017/01/23

This was a tad difficult to find as I searched for “Convert Fritz!Box to Switch” instead of “Convert Fritz!Box to Access Point”.

Since I had an old Fritz!Box 7360 lying around (from my ADSL era) and wanted to extend the cabled LAN for my brothers Fritz!Box 7490 with some low-bandwidth devices (max 100 megabit/second) I searched for Switch. My bad.

Oh I had to factory reset it as well as I forgot the management credentials. The AVM help on this is cumbersome: Loading the FRITZ!Box factory settings | FRITZ!Box 7360 | AVM International but the xs4all help includes a web-reset procedure as part of Internet: Reset procedures van mijn FRITZ!Box 7360 which translates to:

  1. Switch off the Fritz!Box (as this procedure needs to be done within 10 minutes of switching it on)
  2. Connect LAN2 to your computer
  3. Switch on the Fritz!Box
  4. Wait for a DHCP IP or (if you know the IP addresses) configure IP manually
  5. Go to the web-interface URL
  6. Indicate you forgot your password:

    Forgot your password?

    Forgot your password?

  7. Indicate you want a factory reset:

    Restore Factory Settings

    Restore Factory Settings

Anyway: with the above steps it becomes a Managed Switch (and if you don’t disable WiFi: Access Point too) that uses the primary internet connection as DHCP server (so it gets an IP address itself as well which means you can manage it).

Read the rest of this entry »

Posted in ADSL, Fritz!, Fritz!Box, Internet, Power User | Leave a Comment »

linux port forwarding to external ip – Google Search

Posted by jpluimers on 2017/01/20

For my Link Archive via linux port forwarding to external ip – Google Search:

Need to look at this more closely, but it looks like you need PREROUTING, FORWARD and POSTROUTING and two NATs (DNAT and SNAT), as this graph from Port Forwarding Using iptables – SysTutorials shows:

PACKET IN
    |
PREROUTING--[routing]-->--FORWARD-->--POSTROUTING-->--OUT
 - nat (dst)   |           - filter      - nat (src)
               |                            |
               |                            |
              INPUT                       OUTPUT
              - filter                    - nat (dst)
               |                          - filter
               |                            |
               `----->-----[app]----->------'

–jeroen

Posted in *nix, *nix-tools, Internet, Internet protocol suite, iptables, Linux, openSuSE, Power User, routers, SuSE Linux, TCP | Leave a Comment »

In this tutorial you will learn how to configure pfSense to load balance and…

Posted by jpluimers on 2017/01/13

In this tutorial you will learn how to configure pfSense to load balance and fail over traffic from a LAN to multiple Internet connections (WANs) i.e.… – Joe C. Hecht – Google+

Source: In this tutorial you will learn how to configure pfSense to load balance and…

Posted in Internet, pfSense, Power User, routers | Leave a Comment »

nanog: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

Posted by jpluimers on 2016/12/05

Time after time issues pop up related to MAC addresses that start with a4 or a 6.

[WayBacknanog: Forwarding issues related to MACs starting with a 4 or a 6 (Was: [c-nsp] Wierd MPLS/VPLS issue)

The underlying issue has to do with switches interpreting too much information of (un)encrypted traffic and dropping them because they wrongly think it’s plain ethernet traffic they need to handle.

MAC addresses starting with a 4 or 6 have have a common bit pattern (likekly that fails with 12 and 14 as well) that cause failure in certain network equipment that’s hard to trace as there is limited.

[WayBackChristian Vogel – Google+ (Physics, Electronics, Software) explains this way better at [WayBack] When your MAC address starts with 4 or 6, weird things can happen and it’s not always fixable… – Kristian Köhntopp – Google+:

Read the rest of this entry »

Posted in Internet, Network-and-equipment, Power User, routers, VPN | Leave a Comment »

Make a cheap TOR anonymizer — BYTESEC Labs Inc

Posted by jpluimers on 2016/12/02

I had a few friends ask if they could buy a cheap travel router that protects their internet activity as they travel around the globe. So my criteria:

  1. Cheap (< USD 20)
  2. Portable (pocket size)

Source: [WayBackMake a cheap TOR anonymizer — BYTESEC Labs Inc

via: [WayBack] hmmm – Joe C. Hecht – Google+

–jeroen

Posted in Network-and-equipment, Power User | Leave a Comment »

Disable TR-069 on a Fritz!Box and check if that was succesful – translated from a post by Hartmut Goebel 

Posted by jpluimers on 2016/11/29

Just in case you got scared by the TR-064 hack and likely causality to the German Telekom ISP outage yesterday as some modems expose TR-064 via the TR-069 WAN access, here is how to disable TR-069 in your Fritz!Box: [WayBackTR-069 auf Fritzbox ausschalten und Ergebnis prüfen — Hartmut Goebel · CISSP, CSSLP · Berater für Information-Security-Management

Note that for Fritz!Box the TR-069 implementation is not as bad as some Speedport devices used by Telekom, but you might want to consider turning TR-069 off:

If you trust yourself to keep the Fritz!Box firmware *and* settings up-to-date better than your ISP does, below are the translated steps.

Steps to disable TR-069 on a Fritz!Box router

  1. Activate telnetd on your Fritz!Box via a connected phone by dialing #96*7*
  2. Connect to your Fritz!Box over telnet at using telnet fritz.box or instead of fritz.box., use the IP-address of your Fritz!Box device
    • the password is the same as the password in the Fritz!Box web interface
  3. Disable TR-069 by typing this command: ctlmgr_ctl w tr069 settings/enabled 0
  4. Verify the TR-069 is off by looking at configuration file with this command: cat /var/flash/tr069.cfg
    • Check that at the start there is a line with enabled = no
  5. Disable telnetd on your Fritz!Box via a connected by by dialing  #96*8*
Note that even without a phone you can enable/disable telnetd as described by [WayBack] FRITZ!Box VoIP password extraction 

–jeroen

References:

Posted in Fritz!, Fritz!Box, Network-and-equipment, Power User | 2 Comments »

Opinion: The Internet of Shitty Things — Kommentar: The Internet of Shitty Things | heise online

Posted by jpluimers on 2016/11/20

I translated the heading and one quote; if you want to read further in English: Google translate does a good job on the text.

HVAC thermostats, bread baskets, coffee machines: The net is full of things, which make no sense at all and nobody needs. The Internet of Things is a huge pile of shit, says Clemens Gleich.

There are no error-free systems, there are maximum undetected errors.

German original:

Heizungsthermostate, Brotkörbe, Kaffeemaschinen: Das Netz ist voll mit Dingen, die da nur Quatsch machen. Braucht kein Mensch. Das Internet of Things ist ein riesiger Haufen Scheiße, meint Clemens Gleich.

Es gibt keine fehlerfreien Systeme, es gibt maximal unentdeckte Fehler.

[WayBackKommentar: The Internet of Shitty Things | heise online

Posted in IoT Internet of Things, Network-and-equipment, Power User | Leave a Comment »

Rob Graham 🦃 on Twitter: “1/x: So I bought a surveillance camera https://t.co/HbmPzrZgFK”

Posted by jpluimers on 2016/11/20

Conclusions:

  1. Always put your IoT devices behind a firewall
  2. Isolate each IoT device into it’s own “world” that can communicate as little with the rest of your networks as possible
  3. Preferably isolate each set of IoT devices that do need to communicate in their LoT (Lan of Things)
  4. Use Ad-Blockers

“1/x: So I bought a surveillance camera”: [WayBackRob Graham 🦃 on Twitter: “1/x: So I bought a surveillance camera https://t.co/HbmPzrZgFK”

Interesting: [WayBackErrata Security: Configuring Raspberry Pi as a router

Via: [WayBackPlugging in a new IP webcam. 98 seconds. infected. Wow. https://twitter.com/E… – G+ Jan Wildeboer

Interesting: [WayBackErrata Security: Configuring Raspberry Pi as a router

Of course Rob tried many webcams to find a vulnerable one. And putting telnet port 23 to the open is not the best idea, but people do that or get an indirect infection by some piece of JavaScript from an Ad-Network that searches for local vulnerable devices. That’s how the internet works!

Since Twitter and other social media ten to show the non-interesting part of a stream, here is the full one (no time to edit out the superfluous stuff):

Read the rest of this entry »

Posted in IoT Internet of Things, Network-and-equipment, Power User, Security | Leave a Comment »

« Previous Entries
Next Entries »