...stuff I do and things I like...

Saturday, May 26 2007

Inspecting the Neo1973

today (at ph-neutral) I got my hands on a Neo1973 (OpenMoko) phone and I must say it is smaller and lighter then I expected. This is really good, I had the fear that it would be kind of big and heavy. Playing with the software was kind of disappointing, it seems really slow. I know the software is not final and probably was build for debugging.

Tuesday, May 22 2007

PocketPC MMS talk at SyScan07

In early July I am giving my PocketPC MMS talk at SyScan in Singapore. Looking at the speakers list you will find another trifinite member and many guys from Germany :-)

This will be my first time to Asia and I'm really looking forward to it!

Monday, May 21 2007

Mobile Phone Bluetooth Security Reference in The Simpsons

In Episode 21 in Season 18 (about 15 minutes into the show) Bart asks Lisa if he is on a secure line (24 reference), Lisa answers you are on a Bluetooth cellphone the most vulnerable device known to man.

This is way cool!

Thanks to Erik for pointing it out!

Wednesday, May 02 2007

Crypted Root Server

some time ago I setup a new root server for a new project of a friend and myself, this time I wanted to go full crypto. In the beginning I thought this might be a lot of work but as it turned out it is quite simple if you do some thinking.

There are many ways to do this, this is how I did it.

The setup works like this: the server boots into a minimal system starting only the SSH daemon. The you login and enter/upload the passphrase to unlock the disk(s). Finally you tell the system that you are done, after which you are kicked out and the system completes the boot by mouting the real root partition and executing init from there. At this point everything is as usual.

There are two basic parts in this setup: first building a good minimal system so you don't waste too much space and second build the init script for the minimal system.

The minimal system needs to contain stuff like: sshd, filesystem tools such as mkfs, fsck, fdisk, etc., cryptsetup, networking tools like ifconfig, route, ip, etc., mdadm (if you run raid), and of course all the required libraries. The easiest way to do this is using the recovery tool your hoster provides. Just setup a minimal system on one partition and strip it down before moving it to the boot partition.

The init script is quite simple, it needs to do three things: first, configure the network (ip address and route); second, start sshd; and third, start the actual system after the root partition has been unlocked. My script works as follows: after sshd has been started the script waits for a file to be created in the tmp directory. As soon as the file is created all ssh processes are killed, and the real system is booted.


Files:
    file list of my minimal system
    init script for minimal system (touch /tmp/READY_TO_BOOT after you unlocked the root partition)


Some notes:
    You need to encrypt your swap otherwise this is useless!
    If you upload a key to your minimal system only upload to key to a ram drive, never write it to disk. Otherwise all the work is useless!
    Remember your key! Remember your key! Remember your key!


Todo:
    Filesystem integrity check for the minimal system. This is a very hard task and I don't have a solution so far.