Blog

Fixing Over-modulation in a Cheap Throat Mic

I purchased this throat mic back in April. When I hooked it up to the UV5R, it was reported that I was over-modulating the mic. In layman’s terms, the mic was so sensitive that it was picking up my voice so well it was “overdriving,” or clipping the audio. You can see a fair example at the beginning of this youtube video:

So how to deal with the over-modulation in mics? If you have your Technician’s license, you know that this is one of the questions on the Amateur Radio Technician’s test. The answer is to move the mic further away from your mouth. But throat mics use a piezo element which translates vibration into an electrical signal. So, to work, they have to be touching the source of the vibration.

The solution is to dampen the vibration. One way to handle this is to rotate the throat mic about your neck so its not directly setting over your voice box. But, in my case, it wasn’t enough. To much low end in my voice, I suspect. In the end, the solution I employed was to put some theraband between the cup wall and the piezo element in the cup.

Theraband is basically rubber banding. Removed from sunlight, it doesn’t break down like a regular rubber band will do – an excellent quality for our intended use. Jorge Sprave uses it for his ridiculous launchers. I had some left over from a previous infatuation. If you don’t have theraband, you can use foam sheeting. I actually wanted to use the foam sheeting, much like this amazon product, but all I had was theraband. The idea was to reduce the amount of vibrations that the mic can “feel” by adsorbing some of the vibrations produced by speaking.

In the photo of the throat mic, the piezo element is located in that left hand cup. You can take it apart by removing the two Philips head screws on the inside of the band and gently pulling the cups apart. Then cut a piece or theraband or foam sheeting into a circle (a nickle is about the right size) and place it in the cup in between the piezo element and the inner wall that will be contacting your throat. Put the cups back together and then screw the screws back in. Be careful – the cheap plastic strips easily. I ended up needing to use some black electrician’s tape to hold mine together because I managed to strip out the screw holes and then lose one of the screws. I actually only needed a single piece of theraband to bring the mic into a usable range.

I used it to check into the local repeater net earlier, and heard no complaint. I’ll have to check with the fellow that pointed it out, but if I’m still over-modulating I’ll just place another coin sized piece of theraband between the cup and the piezo element. This is probably my favorite mic system to use. The acoustic tube makes for discreet listening and the mic needs to be directly on the sound source so it won’t pick up background noises.


Open Letter to the State Department

This letter was written in response to President Obama’s attempt to use the State Department to block speech about firearms online. In 2015, using the internet to speak is as natural as penning a letter to the local newspaper once was. The internet gives everyone a chance to speak and let their voice be heard. To gag firearm owners like hickok45, FPSRussia, Iraqveteran888, Jerry Miculek and even myself with Core Concept is a violation of our first amendment rights.

In this letter, I make the case that technical documents related to firearms should be protected much like technical documents about the brewing of alcohol is protected, even though I prove that alcohol is more dangerous then a firearm.

The people of America have no need to contact the State Department to disseminate information about firearms via the internet. To say that they do is a violation of our 1st Amendment rights. President Obama has continually made the case for a “free and open internet.” To regulate speech about firearms via the internet is an egregious violation of that pledge. This means that a sub 140 character tweet pointing out that .223 casings and 5.56 NATO casings are virtually identical could result in a $10,000 fine.

The internet is part of American speech in 2015 and talking about firearms is protected as talking about alcohol on the internet by the First Amendment of the United State’s Constitution.

I will make my case below. Free speech about firearms should be protected as much as free speech about the brewing of alcohol is on the internet. It is widely known that President Obama enjoys the responsible consumption of alcohol. In fact, the President’s brew recipes are available at https://www.whitehouse.gov/blog/2012/09/01/ale-chief-white-house-beer-recipe.

What if alcohol was regulated like President Obama wished to regulate firearm usage? After all, according to the CDC, 88,000 deaths are the result of alcohol each year. Quantifying the number of death from firearm accidents however, is impossible according The Washington Post. I will reference this article http://www.washingtonpost.com/news/post-nation/wp/2014/09/04/how-often-do-children-in-the-u-s-unintentionally-shoot-and-kill-people-we-dont-know/. The Washington Posts cites the CDC statistic that there were 32,351 deaths as a result of a firearm in the United States. However, despite this “alarming” number, only 591 where accidental.

At worst, using a firearm is half as dangerous as imbibing alcohol. At best? Remarkable safer then riding a bicycle (Close to 800 deaths, the CDC does not provide exact figures.)

Yet, posting the recipe for the President’s brews is considered free speech and protected by the first amendment while the administration wants to restrict gun owners as much as possible through his Unified Agenda.

Alcohol and Tobacco Tax and Trade Bureau Spokesman Tom Hogue stated that, “Potential for abuse isn’t grounds for us to deny a label.” He made this statement in regards to the approval of Palcohol – a powdered form of alcohol intended for those that desire the ability to transport alcohol but need to save as much weight as possible. Alcoholic beverages cannot be sold in the United States without this label.

As Mr. Hogue stated, potential for abuse is not grounds to deny a label. In the case of talking online about firearms, the potential for abuse is not grounds to deny a label. When you involve the 1st Amendment (which Cornell points out that “The most basic component of freedom of expression is the right of freedom of speech. The right to freedom of speech allows individuals to express themselves without interference or constraint by the government.”), there is never any need for an American citizen to receive permission from the government to talk about firearms.


Traveling Well: Plane Tips

Welcome to my new series, "Traveling Well". During this series, I’ll share some of the tips, tricks, and techniques that I’ve discovered that make my life so much easier when on the road.

I should note that I refuse to travel by airplane anymore as a result of the TSA. In short, I feel that the TSA does not utilize legitimate security practices but instead practices Security Theatre. But, in a quest to travel well, here a few tips gleaned carefully from the four flights I have made.

Gum

Buy a pack and stow it whenever you fly. Chewing gum is the easiest way to keep your ears popping to adjust to the pressure changes. My first flight was made without gum. Second flight was with gum from the airport. I bought gum at walmart before my third and fourth flight and stashed it where I could get to it easily. I can’t stress the importance of this tip. Its why babies cry during a flight – the pressure changes hurts their ear drums and they don’t know how to release the pressure. Babies don’t develop the ability to swallow about 6 months.

Shoes, Socks, and the TSA

I’ve read countless article talking about how nasty the TSA terminals are and how you should wear socks through the gate.

Those nasty germs they’re so worried about? They’re on your shoes which get put in the bins. The same bins that you place your backpack and your laptop in.

Yep. They’re is a serious logic flaw in how wearing socks will insulate you against those germs.

And that nasty you don’t want on your feet so you saved yourself by wearing socks? Now, when you put your socks on, you’ve transferred the germs to a warm, moist, dark environment that you’ll never wash. Its the inside of your shoes. Now, everytime you put those shoes on, you can relive the fun of flying!

So, if you want my advice, tuck your socks inside your shoes as you go through the body scan. Put them back on when you reach the other side. At least those germs will be contained inside your socks. (Or lay out a clean pair on top of your bag to change into on the other side of the gate and baggie the old ones.)

I guess you could have skipped this part, but, oh well.

Fluids and Baggage

  • This was a tip until I didn’t learn until my flight out to California. While you’re not allowed to take fluids through a TSA checkpoint, empty (or borosilicate glass) bottles are considered acceptable by the TSA. Exploit this. Instead of buying overpriced water once you’ve passed into the DMZ, just take an empty bottle and fill it at the drinking station that most airports have as a manner of convenience.
  • If you’re the kind of person that checks a bag (I am, have to bring my knives somehow) make sure you pack a change of clothes in your carry on. What if the airline loses the baggage that has all your clothes in it? All you need is a fresh pair of jeans and a t-shirt. Its a small amount space in your carry on for a day to recover from lost baggage.
  • Traveling with a dopp kitt and liquids and such may seem challenging, but it isn’t. All that is required is that your 3 oz containers fit in a 1 quart zip lock baggie. I have 5 3 oz containers in my baggie. I keep my dopp kitt in my carry on for the same reason as keeping a change of clothes in my carry-on. How easy is it through the gate? Zipper one on my bag (which I have to open anyway) opens to my dopp kitt. Zipper two opens dopp kitt (left open as well), and then I remove the 1 qt baggie and set aside in the tray. Boom. Shame on my for the small bottle of purrel that I left clipped to my bag.
  • Another tip for baggage is, pack for accessibility. This is one I learned on my flight to California. I had crammed my Goruck GR1 to capacity. I realized after flying that there were only a few things I wanted on my flight: my netbook, tablet, headphones, and my ActiviTEA. Because I had stuffed my GR1 with thought to placement and capacity instead of accessibility it made it very hard to get to what I wanted without creating a jumble in my GR1. That jumble also made it very hard to get it closed when it was time to disembark. Next time, I’ll tuck the netbook and such into my messenger bag and pack that as well as my goruck.
  • Well versed travelers know that on checked baggage, you never leave the strap on. Another bit that I learned from experience that I wished I had known first. I traveled with my duffle and the carry strap was ripped off. Fortunately it was the stitching that failed, and after a little repair at home everything was back to fighting form.

Clothing for Comfort, Not for Business

Flying is an interesting experience. You’re hustled into a shiny aluminum tube and shot hundreds of miles per hour across the US in said tube. As you can easily imagine, there’s not alot of space. I find window seats the roomiest, though there are those that disagree (or course). And be prepared to sit for the duration of the flight. Pacing the isle is not an accepted activity.

When I made my first flight at night, I made a mistake in assuming that the cabin would be heated. Nope. And I had stowed my hoodie in such a way so that I couldn’t get at it. That was a cold flight to Vegas. On my return trip (flown in the morning), I wore my hoodie. Thankfully, the plane wasn’t packed and I was able to remove it because flying at day is significantly warmer.

The lesson is that flying at night is cold while flying at day is hot. Makes sense – being high in the sky, you have less atmosphere to keep the heat down during the day. And, at the night, less atmosphere to keep the heat in. With that in mind, dress in layers. You want to be able to remove them in the cramped confines of the cabin, so I suggest a tshirt during the day and a long sleeve at night, with layers that split down the middle – jean jackets or similar so that you can easily adapt to your environment.

Bonus Tip: Craft Beer

Getting beer home was another fun experiment from my final flight. Of course, this had to be checked baggage. How I managed it was to purchase an aluminum tool case from Harbor Freight, place the beer inside, and then utilize enough of my t-shirts to pack them tightly. To keep the latches closed but allow the TSA to pop the box open without trashing the case, I took and wrapped around the case with electrician’s tape making sure that each latch was covered and kept closed by the tape. Simple, effective. It survived the baggage handlers with no problems, and the tape wasn’t removed upon arrival (but your milage may vary on that!)

So those are the few tips I have for you on flying. While I don’t mind the actual flying (in fact, I find take-off exhilarating), I can’t stand the TSA’s incompetence. While I may not have the money to fight the TSA, the air lines do. And when we make the airlines loose money because of the TSA, they will take up our cause.


BAFTE and M855: a Misguided Decision

This is a letter that I sent to my Senator, Representatives, and BAFTE.  It’s an opinion on the current decision to ban the import\production of the M855 ammunition as “armor piercing.”

The dead line for comments regarding the proposed ban in March 16th.  There is still time for commentary. NRA-ILA has a tool for finding out who to direct your commentary at.

I am writing in concern regarding BAFTE’s decision to reclassify M855 “green tip” ammunition as “armor piercing.” I personally believe that this movement has been directed by the Obama Administration to constrict American’s ability to exercise our right to “keep and bear arms,” as promised us by the Bill of Rights. This is a document that you, a member of our government would have use believe our soldiers are dying over seas in Iraq and Afghanistan to protect. Please understand that my criteria during the recent elections was whomever would protect my freedom to keep and bear arms.

The ATF currently defines “armor piercing” as:

“A projectile or projectile core which may be used in a handgun and which is constructed entirely (excluding the presence of traces of other substances) from one or a combination of tungsten alloys, steel, iron, brass, bronze, beryllium copper, or depleted uranium; or A full jacketed projectile larger than .22 caliber designed and intended for use in a handgun and whose jacket has a weight of more than 25 percent of the total weight of the projectile.”

The difference in thickness of the diameter of the M855 and a .22 caliber round is less then the thickness of a human hair. The M855 round was developed by the US Military not as a hand gun round, but as a rifle cartridge. The steel “core” of the M855 is not the entirety of the bullet. Nor is the jacket weight more then 25% of the cartridge. While the 44 magnum is currently used in lever action rifles, it is still considered a “pistol cartridge.” It is not fitting that we should define a cartridge by what it is used in but what it was developed for.

Redefining the M855 as armor piercing as a result of the development of AR-Pistols is foolish. It is a slippery slope that could lead to defining all cartridges as armor piercing. What a clever way to allow for the freedom to keep and bear arms while rendering that freedom useless. And US citizens have benefited from military innovation – from M&M’s to nylons, to more. It is only fit that we benefit from military research which has been funded by our tax-dollars.

In a town not 20 minutes from me, the police force feels it justified to shop for dog food while wearing body armor and a firearm. Is this the world we live in today? That shopping for dog food could end your life at any moment? Why is an officer of the law being given this freedom while I am told, nay, it is demanded that I should be defenseless?

Further, I practice target shooting as a means of self-discipline, exercise and self-development. President Obama has recently received recognition from the Washington Time as being on course to play more rounds of gold then Tiger Woods. In a sense, he and I do the same thing. We both seek to align a small projectile with a slightly larger hole in practice of self-discipline, exercise, and self-development.

I stand as a US Citizen, a member of the Gun Owners of American and the National Rifle association in demanding that the reclassification be canceled. I have contacted my senators and representatives to voice my opinion. This decision by BAFTE is not about protecting our law enforcement officials, it about constricting the rights of US Citizens to keep and bear arms. It is also usurping the authority of the Representatives and Senators of the Citizens of the United States.

Thank you for your time.


Welcome To Ham Radio

So, I qualified for my amateur radio license in November. I was asked the other night about how to go about acquiring one for yourself. My response was pretty simple:

Studying at http://hamstudy.org , paying $15 to take the test at a club, $35 for the baofeng + $10 for a Nagoya na-701.

.

But I thought in addition to fleshing out some links, I would give some other things that I’ve learned in the few month I’ve had my license.

Studying for your test at hamstudy.org is great. It’s not the eye stabber that most ham test sites are. But you will learn the questions and answers. You’ll need to read outside of that to learn how to actually ham. Thankfully, almost everyone in the community I’ve met is willing to teach you what you need to know and to give advice. Its called elmering. Not everyone will elmer you, but everyone is pretty welcoming and will through a bone to you if they can.

Hardware

  1. Programming Cable. You definitely want the programming cable. The baofeng is notoriously hard to program. There’s guides online, but this make everything super simple, especially when you pair it with chirp.
  2. SWR Meter. Strictly optional … unless you want to build antennas. I’m not sure how accurate it is, but I get great signal reports on the baofeng after tuning my antenna with it.

Online Resources

  1. Chirp. Its great. It can also be used to backup your radio presets (which I do).
  2. Repeater Book. Repeater book is a great way to learn about the repeaters in your area. Using a repeater is a great way to expand the range of your hand held.

Etiquette

Or, what I wish I could have been told to start
How do I get into a conversation? The correct way is to wait for a pause or break in the conversation, then key and state your call sign.
NATO Phonetics: Please learn them. Please use them. Yes, Kangaroo Dingo Nine Fluffy Chuckie Oppenhiem works, but when you have to revert to phonetics, its probably because the signal isn’t as strong as it could be. As an operator, you’re expecting certain patterns. By using the correct Kilo Delta Nine Foxtrot Charlie Oscar, we’re hearing a pattern we know and thus we can match it better.
Making sure you identify every ten minutes: I purchased this sand timer from Amazon. Flip it the second time, and identify a bit through that second flip.

Antennas!

The antenna is arguably the most important part of your rig. The antenna that comes with the UV5R is crap. That’s why I said to switch for the nagoya. But I also want to throw out the antenna I’m currently using – a 1/4 Wave ground plane. My local ham club is on the 2cm band, so I made and tuned this antenna for the 2cm band. It works great, and under the right conditions I’ve made a 54 mile reach with the 4 watts from my baofeng.

Community

Another thing you can do is reach out for advice through the internet. ##hamradio on freenode is a good place to hang out. Another good amateur radio community online is /r/amateurradio.

That’s all I can think of for now. I’ll post a follow up as I learn more.


Yubikeys and Udev Locking

Impressions

I recently bought a yubikey after attending BSides LA and meeting an individual that used one to secure his gmail accounts. $30 and about a week after ordering, I had a yubikey of my own. I keep it tethered to my new fenix flashlight (which the jury is still out on) so that I can find it easily and will remember to take it with.

Now, I’ve been concerned about the physical security of my devices for awhile. If you know my simplistic password, bingo, you’re in. With the yubikey, I was able to change that. It now takes both a token and a password to log into my computer. Plus, I’ve been intrigued by the yubikey since the Fedora Project started using it a few years ago.

Yubikey toughts its one time authentication token as its primary feature, but the yubikey has more then just that. You can choose any two of the following modes:

  1. One-Time-Password
  2. Challenge-Response
  3. Static Password (32 character limit which saddens me)
  4. O-auth

Challenge-Response Auth Tokenization

When I plan things, I always plan on my internet connection not working or being unavailable. To me, the only usuable features of the yubikey are challenge-response and static password. So, I setup challenge-response in the first slot and static password in the second. Then, I set about requiring the challenge response token to log into my account.

This post from the Vermont Linux and Unix User Group has a great guide on setting up challenge-responce on your device. I’ll summarize:

  1. Install pam_yubico and yubikey-personalization-gui
  2. Edit /etc/pam.d/system-auth to include: auth [success=1 default=ignore] pam_succeed_if.so quiet user notingroup yubikey auth required pam_yubico.so mode=challenge-response
  3. Run the following commands after inserting your yubikey: sudo ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visible sudo groupadd yubikey sudo usermod -aG yubikey username

You should now test that everything works correctly by pressing ctrl+alt+f2 and trying to login with and without the yubikey. Do not log out of all of your sessions – if something’s broke you’re going to want to be able to fix it for sure!

Now, what I’ve implemented on my primary laptop doesn’t really secure the data, and I understand that. Sadly, I’m unable to fully encrypt my hard drive because of the triple boot with windows. If you know the harder root password, you can easily bypass my login and see the data. Or, you could boot an external USB with its own OS and view the files. When I finally purchase a new laptop next year, full hard drive encryption with a single booting OS is on the docket.

Udev Locking

Now, what if you want the screen to lock every time you remove your yubikey? You can try to do that with udev. Udev is the monitor system on linux that reacts when devices are plugged into a computer. The Vermont LUUG page has some guides on how to make it work, but here’s what worked on my system (mostly).

  1. `su -c "yum install -y slock"
  2. touch /etc/udev/rules.d/98-yubikey-rules.rules. If you do not end the file in .rules, then udev will ignore the file.
  3. Add the following text to that file: SUBSYSTEM=="usb", ACTION=="remove", ENV{ID_MODEL}=="Yubico_Yubikey_II", RUN+="/usr/local/bin/ykgone"
  4. touch /usr/local/bin/ykgone
  5. Add the following to that file: if [ -z "$(lsusb | grep Yubikey)" ] ; then /bin/su USERNAME to be your username.
  6. touch /usr/local/bin/lock
  7. Add the following to that file: DISPLAY=:0 slock
  8. chmod +x /usr/local/bin/lock && chmod +x /usr/local/bin/ykgone

Debug

While there is plenty of other posts and ways on how to get a system to lock when the yubikey is pulled, there’s very few on how to debug the udev system. The command that I found the most helpful was udevadm test --action="remove" /devices/pci0000:00/0000:00:1d.1/usb3/3-1 which tested what would have if I removed something. That helped me figure that without my udev rules ending in .rules it wouldn’t be used. You’ll need to change that device address to where ever you are mounting your yubikey. udev monitor will spit the device address whenever you remove or insert your yubikey.

Mostly

I said mostly, because for whatever reason I couldn’t get my system to lock properly with anything other then slock. Also, slock doesn’t require my yubikey to unlock the system. There’s no selinux denials that I can see, and I’ve stepped through as well as I can.

At this point, I’ve decided that I’m better to remember to grab my yubikey and press ctrl+alt+l to lock the system – at least then it requires proper two-factor auth to get back into my compuer.

Ending Thoughts

The yubikey works fairly well. I’ll be able to use it as a challenge response key for full hard drive encryption in the future. I’m not thrilled that the static password can only be 32 characters long. It should be 64-128 long, or more. It’d also be nice if the company could add a third programmable slot so that you could still maintain the OTP functionality without loosing the ability to use 2 very good offline usable authentication methods. But at $30 it may be to much to ask.

Should you buy it? If you want that extra auth token on your computer? Yes. What if you want to experiment with second-factor authentication? Sure. At $30 shipped, its a reasonable start. But if you’re passive about authentication the yubikey just doesn’t make sense.


War Driving on the Wifi Pineapple: Part 2

You can skip this part to if you like

But please don’t, its awesome.

I saw this tweet over 2g on my phone while at work, so I was unable to watch the video. I never thought that my blog would source the inspiration for this video. Let alone a video that would be tweeted by Darren. Wow.

I would like to thank HackedExistence for the nice things he said about my blog. I went and watched a random video from his youtube channel, and again he did a very nice job presenting on the subject at hand.

Updates!

So, wow … let’s talk about updates to the war driving system that I’ve made since I last posted on the subject.

Hardware

I am using the GlobalSat GPS dongle discussed in this post. It works fairly well, but you’ll want to check that it sticks in NMEA mode. To set the dongle to NMEA mode, use SiRF Demo. This does function under Wine on Fedora 20, which how I primarily use it now. If you’re looking to get a gps dongle, you can also look for ones that work with the rasberry pi. There were few comments remarking on the youtube video about how war driving data is more useful if you know where the access points were located and I agree.

Were I to purchase another GPS reciever, Adafruit published a tutorial for GPS on the rasberry pi that I thought would be another interesting approach. They utilize one of their GPS breakout board and a serial ttl convertor cable to interface with the Rasberry Pi. You might even be able to push the GPS data from the breakout board to the pineapple via the onboard serial convertor instead of using a USB breakout.

When I was looking into GPS units, I found that the GPS standards are rather more guides that aren’t often followed. The advantage of the adafruit receiver would be the ability to help format the code into something that is standards compliant.

I’ve found that the little battery from sparkfun lasts about 2 hours, while I’m powering the pineapple and the gps unit. For longer war driving sessions, say to Ohio and back, this does the job, as well as keeping my power hungry cell phone juiced up.

Software

Parsing the GPS data is done by kismet_server. GPSD was falling over itself.

One thing I never could manage to get work correctly was autostarting kismet_server. My thought was that something in the command stack was failing, but not kismet_server. Actually, it was the enviroment starting kismet_server.

In trying to write this post I started researching how to get it to work. Someone else on the hak5 forums had the same problem. Thankfully, that someone else documented the solution. The short explanation is that many of the envirmental variables needed by kismet_server are not loaded at the time that kismet_server starts.

The solution is to use a script that sets up the enviroment for kismet. I’m using harmless’ script, which follows:

    
		#!/bin/sh
		#/sd/usr/bin/printenv >> /sd/var/log/boot110.log
		 
		#Setting some environment variables so that kismet can run
		#These were copied verbatim from the SSH printenv output:
		export LD_LIBRARY_PATH='/lib:/usr/lib:/sd/lib:/sd/usr/lib'
		export PATH='/bin:/sbin:/usr/bin:/usr/sbin:/sd/usr/bin:/sd/usr/sbin'
		 
		#Run kismet (daemonized to suppress unnecessary output):
		kismet_server --daemonize -f /sd/kismet/kismet.conf
		pineapple notify 'kismet now running'
	

I saved it as kismet-server-start in root’s home directory. Remember to chmod +x.

Configuration

HackedExistence’s video shows him setting up the microSD card to be automounted by the pineapple. I myself have also started letting the pineapple auto mount the sd card. This necessitated a change in the configuration file to use /sd/kismet instead of /mnt/test. These changes are also reflected in the kismet config, which I’ve included at the end of the post.

Boot Mode Setup

Because the pineapple is now handling mounting the SD card at boot, I no longer need to use the old boot mode code that included mounting a directory. I also need to update it to use the script in /root. My new boot switch code is this:

ifconfig wlan1 down && iwconfig wlan1 mode monitor && ifconfig wlan1 up && /root/kismet-server-start

At the end of the video, HackedExistence was cating the contents of the files. Here’s my command to print just the access point names from the nettxt file:

cat *.nettxt | grep "SSID       : " | sed -e 's/<SSID>//g' | tr -d " t:"" | sed '/Cloaked/'d | sed '/cloaked/'d | sort -d | awk 'a !~ $0; {a=$0}' | sed  '/[0-9][0-9]/d'

Where to from here?

The question I had that made me set all this up was, “How many android phones are openly accessible from the road?” I’m not any closer to answer that question. Honestly, I have not thought about it much since I set this system up. I’ve had other things accepted onto my plate that had a higher priority then this. However, the little time I’m thought about it, I’ve had a few different ideas:

  1. Using the first three digits of the mac address.
  2. Some kind of filter based on location.
  3. How long the access point remains active (if I pass a car I should only see it for a few seconds)?
  4. The other thing that I’ve thought about is that if I take two passes through an areas, then subtract the ones that are there twice.

So, how about you folks? Any ideas? Leave them in the comment below, please!

Full Configuration File

http://soliloquyforthefallen.net/blog/?p=678
	# Kismet config file
	# Most of the "static" configs have been moved to here -- the command line
	# config was getting way too crowded and cryptic.  We want functionality,
	# not continually reading --help!

	# Version of Kismet config
	version=2009-newcore

	# Name of server (Purely for organizational purposes)
	servername=Kismet_2009

	# Prefix of where we log (as used in the logtemplate later)
	logprefix=/sd/kismet/logs

	# Do we process the contents of data frames?  If this is enabled, data
	# frames will be truncated to the headers only immediately after frame type
	# detection.  This will disable IP detection, etc, however it is likely
	# safer (and definitely more polite) if monitoring networks you do not own.
	# hidedata=true

	# Do we allow plugins to be used?  This will load plugins from the system
	# and user plugin directiories when set to true (See the README for the default
	# plugin locations).
	allowplugins=true

	# See the README for full information on the new source format
	# ncsource=interface:options
	# for example:
	ncsource=wlan1
	# ncsource=wifi0:type=madwifi
	# ncsource=wlan0:name=intel,hop=false,channel=11

	# Comma-separated list of sources to enable.  This is only needed if you defined
	# multiple sources and only want to enable some of them.  By default, all defined
	# sources are enabled.
	# For example, if sources with name=prismsource and name=ciscosource are defined,
	# and you only want to enable those two:
	# enablesources=prismsource,ciscosource

	# Control which channels we like to spend more time on.  By default, the list
	# of channels is pulled from the driver automatically.  By setting preferred channels,
	# if they are present in the channel list, they'll be set with a timing delay so that
	# more time is spent on them.  Since 1, 6, 11 are the common default channels, it makes
	# sense to spend more time monitoring them.
	# For finer control, see further down in the config for the channellist= directives.
	preferredchannels=1,6,11

	# How many channels per second do we hop?  (1-10)
	channelvelocity=3

	# By setting the dwell time for channel hopping we override the channelvelocity
	# setting above and dwell on each channel for the given number of seconds.
	#channeldwell=10

	# Channels are defined as:
	# channellist=name:ch1,ch2,ch3
	# or
	# channellist=name:range-start-end-width-offset,ch,range,ch,...
	#
	# Channels may be a numeric channel or a frequency
	#
	# Channels may specify an additional wait period.  For common default channels,
	# an additional wait period can be useful.  Wait periods delay for that number
	# of times per second - so a configuration hopping 10 times per second with a
	# channel of 6:3 would delay 3/10ths of a second on channel 6.
	#
	# Channel lists may have up to 256 channels and ranges (combined).  For power
	# users scanning more than 256 channels with a single card, ranges must be used.
	#
	# Ranges are meant for "power users" who wish to define a very large number of
	# channels.  A range may specify channels or frequencies, and will automatically
	# sort themselves to cover channels in a non-overlapping fashion.  An example
	# range for the normal 802.11b/g spectrum would be:
	#
	# range-1-11-3-1
	#
	# which indicates starting at 1, ending at 11, a channel width of 3 channels,
	# incrementing by one.  A frequency based definition would be:
	#
	# range-2412-2462-22-5
	#
	# since 11g channels are 22 mhz wide and 5 mhz apart.
	#
	# Ranges have the flaw that they cannot be shared between sources in a non-overlapping
	# way, so multiple sources using the same range may hop in lockstep with each other
	# and duplicate the coverage.
	#
	# channellist=demo:1:3,6:3,11:3,range-5000-6000-20-10

	# Default channel lists
	# These channel lists MUST BE PRESENT for Kismet to work properly.  While it is
	# possible to change these, it is not recommended.  These are used when the supported
	# channel list can not be found for the source; to force using these instead of
	# the detected supported channels, override with channellist= in the source defintion
	#
	# IN GENERAL, if you think you want to modify these, what you REALLY want to do is
	# copy them and use channellist= in the packet source.
	channellist=IEEE80211b:1:3,6:3,11:3,2,7,3,8,4,9,5,10
	channellist=IEEE80211a:36,40,44,48,52,56,60,64,149,153,157,161,165
	channellist=IEEE80211ab:1:3,6:3,11:3,2,7,3,8,4,9,5,10,36,40,44,48,52,56,60,64,149,153,157,161,165

	# Client/server listen config
	listen=tcp://0.0.0.0:2501
	# People allowed to connect, comma seperated IP addresses or network/mask
	# blocks.  Netmasks can be expressed as dotted quad (/255.255.255.0) or as
	# numbers (/24)
	allowedhosts=172.16.42.0/24

	# Maximum number of concurrent GUI's
	maxclients=5
	# Maximum backlog before we start throwing out or killing clients.  The
	# bigger this number, the more memory and the more power it will use.
	maxbacklog=5000

	# Server + Drone config options.  To have a Kismet server export live packets
	# as if it were a drone, uncomment these.
	# dronelisten=tcp://127.0.0.1:3501
	# droneallowedhosts=127.0.0.1
	# dronemaxclients=5
	# droneringlen=65535

	# OUI file, expected format 00:11:22manufname
	# IEEE OUI file used to look up manufacturer info.  We default to the
	# wireshark one since most people have that.
	ouifile=/etc/manuf
	ouifile=/usr/share/wireshark/wireshark/manuf
	ouifile=/usr/share/wireshark/manuf

	# Do we have a GPS?
	gps=true
	# Do we use a locally serial attached GPS, or use a gpsd server?
	# (Pick only one)
	#gpstype=gpsd
	gpstype=serial
	# What serial device do we look for the GPS on?
	gpsdevice=/dev/ttyUSB0
	# Host:port that GPSD is running on.  This can be localhost OR remote!
	#gpshost=localhost:2947
	# Do we lock the mode?  This overrides coordinates of lock "0", which will
	# generate some bad information until you get a GPS lock, but it will
	# fix problems with GPS units with broken NMEA that report lock 0
	gpsmodelock=false
	# Do we try to reconnect if we lose our link to the GPS, or do we just
	# let it die and be disabled?
	gpsreconnect=true

	# Do we export packets over tun/tap virtual interfaces?
	tuntap_export=false
	# What virtual interface do we use
	tuntap_device=kistap0

	# Packet filtering options:
	# filter_tracker - Packets filtered from the tracker are not processed or
	#                  recorded in any way.
	# filter_export  - Controls what packets influence the exported CSV, network,
	#                  xml, gps, etc files.
	# All filtering options take arguments containing the type of address and
	# addresses to be filtered.  Valid address types are 'ANY', 'BSSID',
	# 'SOURCE', and 'DEST'.  Filtering can be inverted by the use of '!' before
	# the address.  For example,
	# filter_tracker=ANY(!"00:00:DE:AD:BE:EF")
	# has the same effect as the previous mac_filter config file option.
	# filter_tracker=...
	# filter_dump=...
	# filter_export=...
	# filter_netclient=...

	# Alerts to be reported and the throttling rates.
	# alert=name,throttle/unit,burst
	# The throttle/unit describes the number of alerts of this type that are
	# sent per time unit.  Valid time units are second, minute, hour, and day.
	# Burst describes the number of alerts sent before throttling takes place.
	# For example:
	# alert=FOO,10/min,5
	# Would allow 5 alerts through before throttling is enabled, and will then
	# limit the number of alerts to 10 per minute.
	# A throttle rate of 0 disables throttling of the alert.
	# See the README for a list of alert types.
	alert=ADHOCCONFLICT,5/min,1/sec
	alert=AIRJACKSSID,5/min,1/sec
	alert=APSPOOF,10/min,1/sec
	alert=BCASTDISCON,5/min,2/sec
	alert=BSSTIMESTAMP,5/min,1/sec
	alert=CHANCHANGE,5/min,1/sec
	alert=CRYPTODROP,5/min,1/sec
	alert=DISASSOCTRAFFIC,10/min,1/sec
	alert=DEAUTHFLOOD,5/min,2/sec
	alert=DEAUTHCODEINVALID,5/min,1/sec
	alert=DISCONCODEINVALID,5/min,1/sec
	alert=DHCPNAMECHANGE,5/min,1/sec
	alert=DHCPOSCHANGE,5/min,1/sec
	alert=DHCPCLIENTID,5/min,1/sec
	alert=DHCPCONFLICT,10/min,1/sec
	alert=NETSTUMBLER,5/min,1/sec
	alert=LUCENTTEST,5/min,1/sec
	alert=LONGSSID,5/min,1/sec
	alert=MSFBCOMSSID,5/min,1/sec
	alert=MSFDLINKRATE,5/min,1/sec
	alert=MSFNETGEARBEACON,5/min,1/sec
	alert=NULLPROBERESP,5/min,1/sec
	#alert=PROBENOJOIN,5/min,1/sec

	# Controls behavior of the APSPOOF alert.  SSID may be a literal match (ssid=) or
	# a regex (ssidregex=) if PCRE was available when kismet was built.  The allowed
	# MAC list must be comma-separated and enclosed in quotes if there are multiple
	# MAC addresses allowed.  MAC address masks are allowed.
	apspoof=Foo1:ssidregex="(?i:foobar)",validmacs=00:11:22:33:44:55
	apspoof=Foo2:ssid="Foobar",validmacs="00:11:22:33:44:55,aa:bb:cc:dd:ee:ff"

	# Known WEP keys to decrypt, bssid,hexkey.  This is only for networks where
	# the keys are already known, and it may impact throughput on slower hardware.
	# Multiple wepkey lines may be used for multiple BSSIDs.
	# wepkey=00:DE:AD:C0:DE:00,FEEDFACEDEADBEEF01020304050607080900

	# Is transmission of the keys to the client allowed?  This may be a security
	# risk for some.  If you disable this, you will not be able to query keys from
	# a client.
	allowkeytransmit=true

	# How often (in seconds) do we write all our data files (0 to disable)
	writeinterval=300

	# Do we use sound?
	# Not to be confused with GUI sound parameter, this controls wether or not the
	# server itself will play sound.  Primarily for headless or automated systems.
	enablesound=false
	# Path to sound player
	soundbin=play

	sound=newnet,true
	sound=newcryptnet,true
	sound=packet,true
	sound=gpslock,true
	sound=gpslost,true
	sound=alert,true

	# Does the server have speech? (Again, not to be confused with the GUI's speech)
	enablespeech=false
	# Binary used for speech (if not in path, full path must be specified)
	speechbin=flite
	# Specify raw or festival; Flite (and anything else that doesn't need formatting
	# around the string to speak) is 'raw', festival requires the string be wrapped in
	# SayText("...")
	speechtype=raw

	# How do we speak?  Valid options:
	# speech    Normal speech
	# nato      NATO spellings (alpha, bravo, charlie)
	# spell     Spell the letters out (aye, bee, sea)
	speechencoding=nato

	speech=new,"New network detected s.s.i.d. %1 channel %2"
	speech=alert,"Alert %1"
	speech=gpslost,"G.P.S. signal lost"
	speech=gpslock,"G.P.S. signal O.K."

	# How many alerts do we backlog for new clients?  Only change this if you have
	# a -very- low memory system and need those extra bytes, or if you have a high
	# memory system and a huge number of alert conditions.
	alertbacklog=50

	# File types to log, comma seperated.  Built-in log file types:
	# alert				Text file of alerts
	# gpsxml			XML per-packet GPS log
	# nettxt			Networks in text format
	# netxml			Networks in XML format
	# pcapdump			tcpdump/wireshark compatible pcap log file
	# string			All strings seen (increases CPU load)
	logtypes=pcapdump,gpsxml,netxml,nettxt,alert

	# Format of the pcap dump (PPI or 80211)
	pcapdumpformat=ppi
	# pcapdumpformat=80211

	# Default log title
	logdefault=Kismet

	# logtemplate - Filename logging template.
	# This is, at first glance, really nasty and ugly, but you'll hardly ever
	# have to touch it so don't complain too much.
	#
	# %p is replaced by the logging prefix + '/'
	# %n is replaced by the logging instance name
	# %d is replaced by the starting date as Mon-DD-YYYY
	# %D is replaced by the current date as YYYYMMDD
	# %t is replaced by the starting time as HH-MM-SS
	# %i is replaced by the increment log in the case of multiple logs
	# %l is replaced by the log type (pcapdump, strings, etc)
	# %h is replaced by the home directory

	logtemplate=%p%n-%D-%t-%i.%l

	# Where state info, etc, is stored.  You shouldnt ever need to change this.
	# This is a directory.
	configdir=%h/.kismet/

RapidSSL And Murmurd (Mumble server)

I’m starting up a new podcast this weekend, and I’ll be using mumble to communicate with another person. Being a proper person, I decided that I wanted a proper SSL certificated instead of the self-signed cert that mumble/murmur generates on first start.

Everything went pretty well at first. I followed the instructions at the website, adding the following to my murmur.ini file:

sslCert=/home/OliverK/tron_soliloquyforthefallen_net.crt
sslKey=/home/OliverK/myserver.key

(Protip: just use hardpaths on a server. It seems to me that I never get anywhere using relatives.)

Which made the murmur server use my newly minted rapidSSL certificate. (Did I mention I’m cheap?)

But, when I tried to connect, I received the following errors:

Server presented a certificate which failed verification ..
The specific errors with this certificate are:

1. The issuer certificate of a locally looked up certificate could not be found
2. The root CA certificate is not trusted for this purpose
3. No Certificates could be verified.

Do you wish to accept this certificate anyway?
(It will be also be stored so you won’t be asked this again.)

After some searching, I found out that I needed to add the following line:

sslCA=/home/OliverK/COMODORSADomainValidationSecureServerCA.crt

Restart the murmur server, and get the same set of errors, minus one:

Server presented a certificate which failed verification ..
The specific errors with this certificate are:

1. The issuer certificate of a locally looked up certificate could not be found
2. The root CA certificate is not trusted for this purpose

Do you wish to accept this certificate anyway?
(It will be also be stored so you won’t be asked this again.)

Searching on the internet alluded to needed to concatenate various files, but which ones? My ssl cert package used different names then everyone else? On a gambit, I did this:

[OliverK@tron ~]$ cp COMODORSADomainValidationSecureServerCA.crt COMODORSADomainValidationSecureServerCA.crt.bak
[OliverK@tron ~]$ cat COMODORSAAddTrustCA.crt >> COMODORSADomainValidationSecureServerCA.crt

After that, everything connected rather happily.

Just thought I’d through this out for anyone trying to use a rapidSSL cert on their murmur server.


War Driving on the Wifi Pineapple: Geotagging Access Points

In my second to last post I was talking about the GlobalSat ND-100S USB GPS Dongle. I said it didn’t work. Then in my last post, I said maybe it did.

It worked.

I won’t give everything away, because it draws pretty much a big arrow to where I live, but some interesting stats:

  • WPA Protected networks: 1,497
  • WEP Protected Networks: 108
  • Open Networks: 1,193

So, some interesting tidbits and a large mass of data …. now I just have to figure out what statistics (and how) to generate with the information.


Setting up a raspi

I finally got my christmas rasberry pi up and running. I had to redo the power grid to my room to properly support all the things I have plugged in upstairs. I live in a 100 year old farm house so now my room has as many outlets as the entire upstairs. Plus I had a few other issues that slowed me down in getting it done until now.

Here’s a couple of notes I took while working on this project.

Have to have an HDMI monitor with noobs. Also keyboard and mouse.

If you’re using NOOBS Lite, you’ll need to have a wired connection. For reasons (100 year old farm house), I needed to share the wireless across the wired connection of my laptop. I run KDE fedora linux and this guide talks setting up sharing wireless to a wired connection via KNetwork: https://bbs.archlinux.org/viewtopic.php?id=126285.

Use gparted to format SDCard. FAT32 is alright. Unzip with unzip -d destination ~/Downloads/NOOBS_lite_v1_3_4.zip

I chose arch linux because its small (so less download time on my very slow internet connection and i presume updated more then pidora (which is based on fedoraredhat and a distro I am more familiar with.)

after it says 100% you need to let it sit awhile or you will bork the install

Reboot into your fresh pi install. Run wifi-menu to setup wireless connection.

At this point you can either do the following configuration while connected on the tv or over ssh.

You can check your router for the IP address, or you can nmap scan. Either way, ssh to it and use root/root for login and password.

Enabling onboot wireless:
systemctl enable netctl-auto@wlan0
probably want to setup a static ip address
nano /etc/netctl/wlan0

Something like this is what you need after editing /etc/netctl/wlan0.

Description='Automatically generated profile by wifi-menu'
Interface=wlan0
Connection=wireless
Security=wpa
ESSID=ssid
Key=wpa password
IP=static
Address='10.13.37.7/24'
Gateway='10.13.37.1'
DNS=('10.13.37.1')

pacman -Syu to update the distor.

change the hostname by editing /etc/hostname

Change the root password. You’re internet facing now.

Time to reboot and enjoy your pi.