Sunday, January 25 2009
Saturday, January 24 2009
since Wednesday of last week I'm the proud owner of an ADP1 Android Dev Phone 1 (the developer version of the T-Mobile G1). Actually I wanted to buy
a Kogan Agora Pro but since the device was canceled at the last minute I decided to buy an G1.
I simply bought
the dev version because it was cheaper then the G1 without contract. I guess people will tell me this
is not true but since I haven't found a cheaper way of getting an G1 I bought the ADP1.
So far I have just played with the device not using it as my regular phone that I use every day.
I really like the background processes thing especially in combination with instant messaging and
apps like Twitter (if something happens I get notified through the status bar). I know this is not new
or anything I just think this is done especially well in Android. Having a keyboard is nice, but I
really need an on-screen keyboard for stuff like writing SMS and instant messaging. I hope the new
OS release is coming sooner then expected.
One thing I'm quite disappointed about is the email capability. The build-in mail client is no
competition for the one on the iPhone. Some issues are: speed, I can't move messages to other
folders, and I had plenty of email display problems (some plain text messages could not be displayed).
The instant messaging client only supports GTalk. They could really have made this just a plain cool
XMPP/Jabber client. Sadly all other IM apps suck.
Android is quite new compared with the iPhone so I can forgive these first issues.
Now the good stuff. I totally like ShopSavvy this is a bar code
scanner that directly looks up prices online and in shops that are close to you. I did a few tests
and it really works but it needs better support for Germany (they say this is work in progress).
Wikitude is a also a very nice app that shows you information
about the place you are currently at. It has this cool mode where it shows points of interest as
an overlay of the area currently captured by the device's camera. This app also uses the digital compass
build into the G1 (something the iPhone doesn't have). Both applications use
the possibility to directly access the camera of the G1. I guess this is the reason why both
applications are not available on the iPhone.
Development. So far I only wrote a very small demo project using the SDK. Since this is Java
I feel more at home compared with Objective-C. Over the weekend I followed the various guides
and downloaded the gcc toolchain to build native executables and kernel modules. For testing
purposes I compiled the tun/tap module and iodine
both seem to work well. In order to get a minimal acceptable shell environment I of course
installed a statically liked version of busybox which brings me to another rather bad
part of Android, the Linux system. The Linux system is really really small with just the
most necessary binaries (that's why you need busybox). Also many standard files are missing
such as /etc/resolv.conf. Once you find the getprop binary you find many of the
missing information such as the current nameserver and such.
Finally, I really like the Android platform and the G1 and I plan to do a lot of hacking on it.
I just read that CanSecWest's Pwn2Own is going mobile this year. It looks like
they are going to have an iPhone, a Android (should be a G1), a Symbian,
and a Windows Mobile device too pwn and own. I wonder how the rules are going
to be for these devices. via twitter
Second part. There seems to be the first mobile phone
banking micro payment trojan out in the
wild according to Kaspersky Labs. The trojan targets a micro payment service
that allows transfer of money and minutes between users of the service using
SMS. Another interesting part of the story is that the trojan is just a
modified version of an existing premium SMS trojan.
Stories: 1 2.
Wednesday, January 21 2009
I've recently build myself a new NAS box
based on PC hardware (VIA C7-D) with a 220W power supply. Now I wanted to
see how much power this thing actually consumes. For the measurement I bought
a Voltcraft Plus ENERGY MONITOR 3000.
The measurements for now are:
~332kWh/year while the thing is idle
~376kWh/year during normal operation (ethernet + disks)
If you take 20cent/1kWh you pay about 75Euro a year for powering this thing.
Monday, January 19 2009
today I finally got a copy of Mobile Malware Attacks and Defense to which I contributed about 12 pages. Should be
the first book on the subject (of mobile malware and mobile attacks).
I contributed to chapter 7. Operating Systems and Device Vulnerabilities that
was written by Seth Fogie. If you are
interested in this kind of stuff you should buy it :-)
in the early evening I got back my Samsung LCD TV, actually a brand
new one since the one I originally bought had broken HDMI inputs. This
was the reason why non of our MacBooks and PCs were recognized by the TV,
see here. The TV I got today just works, instant picture when connecting
my MacBook using a DVI-to-HDMI adapter selecting multiple resolutions.
Now I can safely say this was a really good buy.
Thursday, January 15 2009
I don't know why there is no official dm_crypt/cryptsetup support on OpenWrt because if you search the web
you will find many people trying to run cryptsetup on OpenWrt. Here is how I made it work (packages
to download in the middle of this post).
Getting cryptsetup (userspace part of dm_crypt) to work on OpenWrt
requires a whole bunch of tools and libraries these are: libuuid (part of e2fsprogs), libpopt, gettext,
libdevmapper (part of lvm2). After one has build all those tools and libs cryptsetup builds nicely and
Also every time you run cryptsetup you will get a warning about the missing udevsettle binary but
this is not a problem it works anyway. To save you from the hassle of getting
cryptsetup to work all by yourself you can download the packages that are not part of OpenWrt
from me here: dmcrypt-tools-openwrt.tgz (contains cryptsetup, lvm2, popt and gettext). I know gettext is available in some OpenWrt branches but
not in trunk. Just unpack the archive in your OpenWrt package directory, run make menuconfig
and select cryptsetup before building it by running make.
Now it would be nice to get cryptsetup into the OpenWrt SVN so that it will just be there in the future.
Why would I run cryptsetup on OpenWrt? Over the weekend I decided that I don't want to run a full blown
Linux distribution on my NAS/backup
box and rather run a small system. I chose OpenWrt because I'm familiar with it since I spent
quite some time hacking on my NAS-4220b before deciding to go x86 for my NAS project.
Wednesday, January 14 2009
I've just uploaded the latest version of my NFC/NDEF
tools. This is the version that I presented at my talk at 25C3.
I mainly added some parsers for the new NDEF records supported by the Nokia 6212 Classic. Also included
are some bug fixes and a small fix to talk to the BtNfcAdapter running on the Nokia 6212. I further included some more attack samples and an updated version of my ndef_mifare reader/writer tool.
At 25C3 I had the chance to take a look at Motorola's L7 NFC phone that is used by Deutsche Bahn
Touch and Travel. The phone is not a real NFC phone, Motorola just replaced the battery lid with
a lid that also contains the NFC hardware (or maybe only the antenna). The only NFC functionality
the phone supports is the Touch and Travel application. What is really bad is that the user
first needs to start the application and then hold the phone up to the Touch Point. WTF? How is
this going to be a good user experience? The Nokia phones constantly scan for NFC tags and
start the appropriate application as soon as one holds the phone up to a tag.
Finally I have noticed that RMV ConTags are starting to appear all over the place out side Frankfurt/Main. Also they only seem to
be placed at big stations like the Darmstadt main station (Hauptbahnhof) but not inside the city.
As always I like to know about interesting new NFC services around Europe and especially Germany.
Sunday, January 04 2009
Yesterday the parts for my new NAS/backup box arrived. As you can see I've
stopped looking for an off-the-shelf (embedded) NAS box and decided to build
one based on standard PC components.
This is mainly because of cypto
acceleration which is not easy to find in embedded NAS boxes. Also many
embedded NAS boxes such as the NAS-4220B from RaidSonic (based on gemini design
by storelink) or the devices based on the Orion
design have crypto acceleration hardware but lack driver support. The
gemini crypto driver is designed for ipsec but works with loop AES but no dm_crypt support.
The orion kernels don't have crypto support at all.
Back to my new NAS box. I choose a VIA C7-based board since it supports PadLock. PadLock is supported on Linux and FreeBSD (and possible other OSes).
The total price of 161 Euro is really good for a small home NAS without disks. In this configuration
it can hold two SATA disks (and two PATA disks). If you want four SATA disks you will need to buy
a PCIe SATA controller (costs between 20-30 Euros). The only drawback is that the device only has 100Mbit Ethernet. Mini-itx boards with Gbit Ethernet cost about double the price (about 120 Euros).
Software wise I will just install a minimal Ubuntu server to a USB flash disk that will server as the
system disk. This is so it can spin down the storage disks while this thing is in idle.
About power consumption, the case has a 220W power supply that will, of course, eat more energy
then an embedded box but this is the price you have to pay I guess. Also I guess you can find
mini-itx cases that have smaller power supplies (tips are welcome).
finally I've managed to find the time to disassemble my CradlePoint PHS300 to take pictures of the
hardware. The pictures can be found here: www.mulliner.org/hardware/cradlepoint_phs300
The hardware seems to be build based on the ubicom IP3023. From what I can see after a quick check of the SoC spec. this thing does not run Linux. This
is sad since I really hoped this would be the case.
Saturday, January 03 2009
I already assembled a list of hardware I'm going to buy this year. Of course
the list is not complete :-) I really like to get hints for all hardware
on my list, thanks!
1) NAS Box (or multiple)
I bought a NAS-4220 in March last year. I wanted to run it
as a backup device with raid-1 and crypto. But it turned out that not all
of the required software works good enough to be used for backup (a unstable backup system is useless in my opinion). So I'm going to sell it (the actual hardware and default software works just fine).
2) 802.11n Wifi router that runs OpenWRT
So I'm looking for a nice NAS box that runs Linux (or can be made to run Linux).
The devices based on the Orion SoC look nice. See here. Unfortunately the crypto acceleration is not yet
supported. Crypto is thing I really need in hardware as raid-1 works just fine
in software on Linux.
No research done yet besides a brief check on the OpenWRT site. Seems some routers
are supported but with out supporting the 802.11n part itself.
3) Internet Radio device for the kitchen
I want something that just works, runs Linux, and is hackable. Needs WiFi. Good looking hardware that is not too big.
4) Gaming Computer
Since 2004 I only own laptops (besides my media center/home server). From
time to time I think about playing/buying some games but since non of
my laptops can handle current games I will go and buy a gaming computer.
5) Android-based mobile phone
It will need to cost less then 1K Euro (without screen). I'll probably go
for a intel E8400 with 4GB ram and a nVidea GTX+ with 512MB. Is this
OK for most games this year? I mainly like real-time strategy C&C, WarCraft, StarCraft style games.
I ordered a Kogan Agora Pro in December.
6) Media streaming device (something like Apple TV)
I mainly ordered this one because it is really cheap in comparison with the G1.
Looking forward to play with it. It will be interesting to see how the whole
android thing goes this year.
I want a device to put audio/video into my living room without the need for
a computer (my media center is too noisy after all). I have a Zenega/S100 in my bed room which is really great but can't play high bit rate content.
today I've build a dsniff
package for the iPhone (if jailbroken). It took me a real long time to
get it to work since I had to configure all the required libraries and dsniff
to work on OS X, something I never did before. Dsniff basically is just a
test package for me to get into the whole iPhone software business. Also it
is a nice software package I like to have installed on all my devices (Nokia Maemo tablets and now iPhone).
The package is available from my iPhone page over here: http://www.mulliner.org/iphone/repository. I'll try to get included into the Cydia installer with my repository but until now you need to download the .deb file and run: dpkg -i dsniff.deb (on your iPhone).