...stuff I do and things I like...

Sunday, January 25 2009

Got an ADP1!

since Wednesday of last week I'm the proud owner of an ADP1 Android Dev Phone 1 (the developer version of the T-Mobile G1). Actually I wanted to buy a Kogan Agora Pro but since the device was canceled at the last minute I decided to buy an G1. I simply bought the dev version because it was cheaper then the G1 without contract. I guess people will tell me this is not true but since I haven't found a cheaper way of getting an G1 I bought the ADP1.

So far I have just played with the device not using it as my regular phone that I use every day. I really like the background processes thing especially in combination with instant messaging and apps like Twitter (if something happens I get notified through the status bar). I know this is not new or anything I just think this is done especially well in Android. Having a keyboard is nice, but I really need an on-screen keyboard for stuff like writing SMS and instant messaging. I hope the new OS release is coming sooner then expected.

One thing I'm quite disappointed about is the email capability. The build-in mail client is no competition for the one on the iPhone. Some issues are: speed, I can't move messages to other folders, and I had plenty of email display problems (some plain text messages could not be displayed). The instant messaging client only supports GTalk. They could really have made this just a plain cool XMPP/Jabber client. Sadly all other IM apps suck. Android is quite new compared with the iPhone so I can forgive these first issues.

Now the good stuff. I totally like ShopSavvy this is a bar code scanner that directly looks up prices online and in shops that are close to you. I did a few tests and it really works but it needs better support for Germany (they say this is work in progress). Wikitude is a also a very nice app that shows you information about the place you are currently at. It has this cool mode where it shows points of interest as an overlay of the area currently captured by the device's camera. This app also uses the digital compass build into the G1 (something the iPhone doesn't have). Both applications use the possibility to directly access the camera of the G1. I guess this is the reason why both applications are not available on the iPhone.

Development. So far I only wrote a very small demo project using the SDK. Since this is Java I feel more at home compared with Objective-C. Over the weekend I followed the various guides and downloaded the gcc toolchain to build native executables and kernel modules. For testing purposes I compiled the tun/tap module and iodine both seem to work well. In order to get a minimal acceptable shell environment I of course installed a statically liked version of busybox which brings me to another rather bad part of Android, the Linux system. The Linux system is really really small with just the most necessary binaries (that's why you need busybox). Also many standard files are missing such as /etc/resolv.conf. Once you find the getprop binary you find many of the missing information such as the current nameserver and such.

Finally, I really like the Android platform and the G1 and I plan to do a lot of hacking on it.

Saturday, January 24 2009

Mobile Security News January 2009

I just read that CanSecWest's Pwn2Own is going mobile this year. It looks like they are going to have an iPhone, a Android (should be a G1), a Symbian, and a Windows Mobile device too pwn and own. I wonder how the rules are going to be for these devices. via twitter

Second part. There seems to be the first mobile phone banking micro payment trojan out in the wild according to Kaspersky Labs. The trojan targets a micro payment service that allows transfer of money and minutes between users of the service using SMS. Another interesting part of the story is that the trojan is just a modified version of an existing premium SMS trojan. Stories: 1 2.

NAS Box Power Consumption

I've recently build myself a new NAS box based on PC hardware (VIA C7-D) with a 220W power supply. Now I wanted to see how much power this thing actually consumes. For the measurement I bought a Voltcraft Plus ENERGY MONITOR 3000.

The measurements for now are:
    ~332kWh/year while the thing is idle
    ~376kWh/year during normal operation (ethernet + disks)
If you take 20cent/1kWh you pay about 75Euro a year for powering this thing.

Wednesday, January 21 2009

Mobile Malware Book

today I finally got a copy of Mobile Malware Attacks and Defense to which I contributed about 12 pages. Should be the first book on the subject (of mobile malware and mobile attacks). I contributed to chapter 7. Operating Systems and Device Vulnerabilities that was written by Seth Fogie. If you are interested in this kind of stuff you should buy it :-)

Monday, January 19 2009

Samsung LE-40A859 just works now :-)

in the early evening I got back my Samsung LCD TV, actually a brand new one since the one I originally bought had broken HDMI inputs. This was the reason why non of our MacBooks and PCs were recognized by the TV, see here. The TV I got today just works, instant picture when connecting my MacBook using a DVI-to-HDMI adapter selecting multiple resolutions. Now I can safely say this was a really good buy.

Dmcrypt tools for OpenWrt

I don't know why there is no official dm_crypt/cryptsetup support on OpenWrt because if you search the web you will find many people trying to run cryptsetup on OpenWrt. Here is how I made it work (packages to download in the middle of this post).

Getting cryptsetup (userspace part of dm_crypt) to work on OpenWrt requires a whole bunch of tools and libraries these are: libuuid (part of e2fsprogs), libpopt, gettext, libdevmapper (part of lvm2). After one has build all those tools and libs cryptsetup builds nicely and just works. Also every time you run cryptsetup you will get a warning about the missing udevsettle binary but this is not a problem it works anyway. To save you from the hassle of getting cryptsetup to work all by yourself you can download the packages that are not part of OpenWrt from me here: dmcrypt-tools-openwrt.tgz (contains cryptsetup, lvm2, popt and gettext). I know gettext is available in some OpenWrt branches but not in trunk. Just unpack the archive in your OpenWrt package directory, run make menuconfig and select cryptsetup before building it by running make.

Now it would be nice to get cryptsetup into the OpenWrt SVN so that it will just be there in the future.

Why would I run cryptsetup on OpenWrt? Over the weekend I decided that I don't want to run a full blown Linux distribution on my NAS/backup box and rather run a small system. I chose OpenWrt because I'm familiar with it since I spent quite some time hacking on my NAS-4220b before deciding to go x86 for my NAS project.

Thursday, January 15 2009

NFC/NDEF Tool Update (from 25c3)

I've just uploaded the latest version of my NFC/NDEF tools. This is the version that I presented at my talk at 25C3. I mainly added some parsers for the new NDEF records supported by the Nokia 6212 Classic. Also included are some bug fixes and a small fix to talk to the BtNfcAdapter running on the Nokia 6212. I further included some more attack samples and an updated version of my ndef_mifare reader/writer tool.

At 25C3 I had the chance to take a look at Motorola's L7 NFC phone that is used by Deutsche Bahn Touch and Travel. The phone is not a real NFC phone, Motorola just replaced the battery lid with a lid that also contains the NFC hardware (or maybe only the antenna). The only NFC functionality the phone supports is the Touch and Travel application. What is really bad is that the user first needs to start the application and then hold the phone up to the Touch Point. WTF? How is this going to be a good user experience? The Nokia phones constantly scan for NFC tags and start the appropriate application as soon as one holds the phone up to a tag.

Finally I have noticed that RMV ConTags are starting to appear all over the place out side Frankfurt/Main. Also they only seem to be placed at big stations like the Darmstadt main station (Hauptbahnhof) but not inside the city. As always I like to know about interesting new NFC services around Europe and especially Germany.

Wednesday, January 14 2009

New NAS Box

Yesterday the parts for my new NAS/backup box arrived. As you can see I've stopped looking for an off-the-shelf (embedded) NAS box and decided to build one based on standard PC components.

This is mainly because of cypto acceleration which is not easy to find in embedded NAS boxes. Also many embedded NAS boxes such as the NAS-4220B from RaidSonic (based on gemini design by storelink) or the devices based on the Orion design have crypto acceleration hardware but lack driver support. The gemini crypto driver is designed for ipsec but works with loop AES but no dm_crypt support. The orion kernels don't have crypto support at all.

Back to my new NAS box. I choose a VIA C7-based board since it supports PadLock. PadLock is supported on Linux and FreeBSD (and possible other OSes).

Hardware list: The total price of 161 Euro is really good for a small home NAS without disks. In this configuration it can hold two SATA disks (and two PATA disks). If you want four SATA disks you will need to buy a PCIe SATA controller (costs between 20-30 Euros). The only drawback is that the device only has 100Mbit Ethernet. Mini-itx boards with Gbit Ethernet cost about double the price (about 120 Euros).

Software wise I will just install a minimal Ubuntu server to a USB flash disk that will server as the system disk. This is so it can spin down the storage disks while this thing is in idle.

About power consumption, the case has a 220W power supply that will, of course, eat more energy then an embedded box but this is the price you have to pay I guess. Also I guess you can find mini-itx cases that have smaller power supplies (tips are welcome).

Sunday, January 04 2009

PHS300 Hardware

finally I've managed to find the time to disassemble my CradlePoint PHS300 to take pictures of the hardware. The pictures can be found here: www.mulliner.org/hardware/cradlepoint_phs300

The hardware seems to be build based on the ubicom IP3023. From what I can see after a quick check of the SoC spec. this thing does not run Linux. This is sad since I really hoped this would be the case.

New Hardware in 2009

I already assembled a list of hardware I'm going to buy this year. Of course the list is not complete :-) I really like to get hints for all hardware on my list, thanks!

1) NAS Box (or multiple)
    I bought a NAS-4220 in March last year. I wanted to run it as a backup device with raid-1 and crypto. But it turned out that not all of the required software works good enough to be used for backup (a unstable backup system is useless in my opinion). So I'm going to sell it (the actual hardware and default software works just fine).

    So I'm looking for a nice NAS box that runs Linux (or can be made to run Linux). The devices based on the Orion SoC look nice. See here. Unfortunately the crypto acceleration is not yet supported. Crypto is thing I really need in hardware as raid-1 works just fine in software on Linux.
2) 802.11n Wifi router that runs OpenWRT
    No research done yet besides a brief check on the OpenWRT site. Seems some routers are supported but with out supporting the 802.11n part itself.
3) Internet Radio device for the kitchen
    I want something that just works, runs Linux, and is hackable. Needs WiFi. Good looking hardware that is not too big.
4) Gaming Computer
    Since 2004 I only own laptops (besides my media center/home server). From time to time I think about playing/buying some games but since non of my laptops can handle current games I will go and buy a gaming computer.

    It will need to cost less then 1K Euro (without screen). I'll probably go for a intel E8400 with 4GB ram and a nVidea GTX+ with 512MB. Is this OK for most games this year? I mainly like real-time strategy C&C, WarCraft, StarCraft style games.
5) Android-based mobile phone
    I ordered a Kogan Agora Pro in December.

    I mainly ordered this one because it is really cheap in comparison with the G1. Looking forward to play with it. It will be interesting to see how the whole android thing goes this year.
6) Media streaming device (something like Apple TV)
    I want a device to put audio/video into my living room without the need for a computer (my media center is too noisy after all). I have a Zenega/S100 in my bed room which is really great but can't play high bit rate content.

Saturday, January 03 2009

dsniff for iPhone (jailbroken)

today I've build a dsniff package for the iPhone (if jailbroken). It took me a real long time to get it to work since I had to configure all the required libraries and dsniff to work on OS X, something I never did before. Dsniff basically is just a test package for me to get into the whole iPhone software business. Also it is a nice software package I like to have installed on all my devices (Nokia Maemo tablets and now iPhone).

The package is available from my iPhone page over here: http://www.mulliner.org/iphone/repository. I'll try to get included into the Cydia installer with my repository but until now you need to download the .deb file and run: dpkg -i dsniff.deb (on your iPhone). Happy sniffing!