Sunday, August 30, 2020

Running Kali 2020.3 on an original GPD Pocket

I recently needed to dust off my wifi skills, and to keep a low profile, I use my GPD Pocket laptop.  My install of Kali was old, so I decided to see if I could load Kali 2020.3 on it.  After much searching and futzing about, it turns out almost everything works right out of the box.  You need a couple files, some settings, and a trick with the installer.  I also found the archlinux wiki page on GPD really useful, oddly enough.
  • Run the text-mode installer.
  • When you're asked to load the brcm files from a USB drive, say "no."
  • It will successfully find all the APs around you, so select yours.
  • But, it *won't* be able to negotiate WPA2 without the missing files.
  • Tell it you're using an open wifi network.
  • Let this fail.  (If you'd told it WPA2 it it would be in a loop of failing and re-asking you the PSK.)
  • Now, select the option to continue without a network connection.
  • Install and reboot.
  • Log in to your new system.
  • (If your screen is rotated, click to the Kali logo, pick Settings, then Display, and set Rotation to "Right.")
  • Put a copy of this brcmfmac4356-pcie.gpd-win-pocket.txt file on a USB drive.  (Kali can read FAT.)
  • Write a copy into /lib/firmware/brcm/brcmfmac4356-pcie.gpd-win-pocket.txt on Kali.
  • Reboot.  (I know, I know, I could use modprobe.)
  • Log in to your system.
  • Click the Kali icon, choose Settings, then Advanced Network Configuration.
  • Double-click your SSID.
  • Go to the Wi-Fi Security tab.
  • Update your settings to reflect that you use WPA, and provide a password.
  • Save

You'll also need to tweak the touchscreen configuration, which doesn't know it is rotated, yet.

  • Edit /usr/share/X11/ xorg.conf.d/40-libinput.conf
  • Inside the "InputClass" stanza for "libinput touchscreen" add this:
  • Option "CalibrationMatrix" "0 1 0 -1 0 1 0 0 1"
  • Restart

Tuesday, September 19, 2017

Build a Puppet 5 Master on CentOS 7 -- Hella Quickstyle

Want get going with Puppet 5, but you're in some sort of an insane hurry?  Let me walk you through a "hella quickstyle" install of a Puppet 5 master on CentOS 7.  Starting with a completely new, base CentOS 7 system, here's what to do, as root.

Install the Master

I'll be using Puppet Labs' own yum repositories for the install.  The repository definition can be installed by grabbing an RPM.

  rpm -Uvh

Now it's a piece of cake to install the puppetserver package and its dependencies.

  yum -y install puppetserver

The default configuration has the master's JVM start with a 2 gb heap size.  That's way more than I need.  (Your mileage will vary.)  Let's bring that size down.

  sed -i -e 's/-Xms2g -Xmx2g/-Xms128m -Xmx512m/' /etc/sysconfig/puppetserver

Now I can start up the Puppet server.

  systemctl start puppetserver

If you like, make a symlink to the puppet binary in /usr/local/bin.

  ln -s /opt/puppetlabs/puppet/bin/puppet /usr/local/bin/puppet

The package adds configuration for the master, but not the agent, so I'll add a stanza telling the agent to fetch catalogs from itself.

  cat >> /etc/puppetlabs/puppet/puppet.conf <<EOF
    server = `hostname -f`

Now the agent should be able to run.

  puppet agent --test

Finally, I'm going to tell firewalld to allow TCP connections to port 8140, so that other nodes can request catalogs from my master.

  cat > /etc/firewalld/services/puppetmaster.xml <<EOF
  <?xml version="1.0" encoding="utf-8"?>
      <description>Puppet Master</description>
      <port protocol="tcp" port="8140"/>

  firewall-cmd --permanent --add-service=puppetmaster   # may take two tries
  firewall-cmd --reload

Add PuppetDB

Next, I'll use Puppet to install and configure PuppetDB.  First, I need to install a module.  I'm not going to use r10k to manage the modules I need, but in the real world, you probably would.  I'm just going to use the Puppet Module Tool to throw it directly into the production code environment.

  puppet module install puppetlabs-puppetdb

Now I classify my master with puppetdb classes.  I'm going to add a node definition for my master to the site.pp manifest.  (And I'll add a default node, for the future.)  When I declare the puppetdb class, I'll tune my memory requirements down, and tell it not to manage my firewall.

  cat >> /etc/puppetlabs/code/environments/production/manifests/site.pp <<EOF
  node '`hostname -f`' {
    # Install and configure PuppetDB
    class { 'puppetdb':
      java_args => { '-Xms' => '128m', '-Xmx' => '256m' },
      manage_firewall => false,
    # And configure the master to use PuppetDB
    include puppetdb::master::config

  node default {
    notify { 'Default node definition ... no classification found!':}

Let's make sure it's working.  First, do an agent run, which should make the master submit a report to the PuppetDB.

  puppet agent --test

And now try a (convoluted) curl request straight into the local PuppetDB, to list nodes that are classified with the "Puppetdb" class.  Note: if you adapt and re-use this later, make sure to run it from the master.

  curl -X GET \
    --tlsv1 \
    --stderr /dev/null \
    --data-urlencode "query=[\"and\",[\"=\",\"type\",\"Class\"],[\"=\",\"title\",\"Puppetdb\"]]" \
    --cert   $(puppet config print hostcert) \
    --key    $(puppet config print hostprivkey) \
    --cacert $(puppet config print localcacert) \
    https://`hostname f`:8081/pdb/query/v4/resources | python -m json.tool

Add Agent Nodes

For quick reference, here are the steps to add just the Puppet agent to a node.  All you need to do is add a yum repo, install the puppet-agent package, aim it at your new master, and run.  Make sure  to replace FQDN_OF_YOUR_MASTER in the example below.

  rpm -Uvh
  yum -y install puppet-agent
  cat >> /etc/puppetlabs/puppet/puppet.conf <<EOF
    server = FQDN_OF_YOUR_MASTER
  puppet agent --test --waitforcert 10

Future Direction

These instructions use the Puppet module tool to install the puppetdb module.  That throws it directly into /etc/puppetlabs/code/environments/production/modules.  Most production-grade Puppet masters use 'r10k' to manage the modules that they need, automatically pulling them from version control or the forge, rather than adding them by hand.  The documentation for r10k is here.

Wednesday, April 26, 2017

Spoofing a Hardware MAC address on MacOS

This post was going to be a note to myself, but then I figured it might be useful to other people.  So, now there's extra description of what's going on.

There you are at the hotel bar, where the wifi has a captive portal.  You want to get your Arduino or Raspberry PI or ZipIt Z2 or something on the wifi, but there's no way you're going to get it to login to a captive portal on its own.  No problem.  Have your MacBook pretend to be the hapless device for long enough to login to the captive portal, and then make your MacBook go back to being itself.  The captive portal doesn't know the difference, and will think your other device is already logged in when it tries to associate.

Open the Terminal app on your Mac.  Run `ifconfig` to see what your wireless adapter's official MAC address is -- it's the "ether" line -- and make a note of it if you don't feel like rebooting later.

  ifconfig en0

Now, set your MacBook's MAC address to whatever your other device's MAC address is ... down the interface ... and up the interface

  sudo ifconfig en0 ether 00:1D:04:01:02:03
  sudo ifconfig en0 down
  sudo ifconfig en0 up

Reconnect to that hotel wifi network -- which will think you're the other device -- and login to the captive portal.

Then, restore your Mac to its proper MAC address -- which you noted when you first ran the `ifconfig` command -- or if you didn't bother reading that part of the instructions, reboot your Mac to restore it to its original MAC address.  However you do it, make sure your Mac stops pretending to be the other device.

  sudo ifconfig en0 ether 00:88:65:01:62:01
  sudo ifconfig en0 down
  sudo ifconfig en0 up

All set.  The other device should be able to associate without needing to login to the captive portal, because your Mac already logged in, pretending to be it.

Monday, March 27, 2017

Cloning a VingCard "Original" punch-hole keycard

(Update 20190122: here is my STL file.  I moved out.  Enjoy!)

This is the most interesting hotel key you've never seen.  It's space-age, and hails from a time where tossing plastic in a landfill involved no thought for the future.  One word.  Are you listening Benjamin?  Plastics.

This is the original asymmetric key-pair.  Hotels order a stack of keys, that consist of a programming side, and a "guest" side.  The staff use a conventional brass key to open the door.  Once open, they slip the programming end into the back of the lock, and it programs the lock for the corresponding "guest" portion.  You snap it apart, hand the opening part to the guest, and toss the programming side in the trash.  The programming side can't open the door, and the opening side can't be guessed from knowing the programming side.  (Okay not a likely reality with today's computing power, but back then quite possible.)

Flawless security!  And it's from the future!  So let's see if I can copy one.

Looking over a patent for a device that can detect the pin configuration currently configured, it appears that the key, when inserted, selectively pushes up some ball bearings allowing a plate to move freely.  That's about all I can figure out.  So, is it the holes, or the lack of holes that's important?  Maybe it's both.

Well, gift cards are only a little thinner than this thing, and I can cut one down to the right width.  So I "borrow" an empty gift card from a local purveyor of coffee.  Drop the key on top of it, trace the outline and holes with a sharpie, and take a pair of small, pointy scissors to it.

Nope.  Looks like at the very least, the not-holes are significant.

Fine.  Be that way.  But, I live in the future, too.  I put a request for bids up on People Per Hour, including pictures of the card, and ask what a professional will charge me to send a ready-to-print 3D representation of it.  The answer?  $120.  And that's only because the person had a one-hour minimum.

A day later, and I've got the file in-hand.  Upload to thingiverse, enter my credit card, pick a swanky color.  And a couple days later it arrives.

It works!

So far I've only seen this sort of key once.  It was a building that used to be a hotel, and then I think it became a residential hotel, and now it's mostly apartments with art school students packed in, two per two-hundred square foot efficiency unit.

Not cheap, to copy those things.  But for an art student who's perpetually losing their key, it could come in handy.  The building charges fifty dollars each, to replace these antiques.  And they can't help you at four AM, when you realize you lost it.  Having a spare on-hand might be worth it.