Friday, 21 July 2017

Installing and removing python packages on macOS

Since python on macOS comes without the pip package manager, I was wondering how to install and remove packages.

As it turns out, there's an older »package manager« called easy-install that can be used to install, but not remove packages.

If you're happy installing packages system-wide, i.e. inside /Library/Python on macOS, you can run

# easy_install pyyaml

Installing into the user's package directory in $HOME/Library/Python can be done by

$ easy_install --user pyyaml

Removing packages isn't quite as straightforward as easy_install doesn't offer a command to do so. The manual (linked above) suggests to run

# easy_install -mxN pyyaml
prior to deleting a package, but I have not looked into what that entails.

Essentially, all that seems to be necessary is to delete the corresponding line from the package database, located at /Library/Python/2.7/site-packages/easy-install.pth, for example, and then delete the .egg file (a ZIP).

Monday, 5 December 2016

IPSec on Netgear R6300 using DD-WRT or OpenWRT

This is still WIP, so the following just represents a brain dump so I know where to pick up when I come back to this again.

It seems that the current state of Linux is that the KAME patches are integrated into the kernel. All that is required to run IPSec is to configure it correctly, which apparently can be done mostly in two ways using strongSwan or KAME's original racoon.

I'm unsure whether the kernel in DD-WRT v3.0-r29396 giga (04/04/16) contains everything needed to run strongSwan or racoon. Packages for strongSwan and ipsec-tools appear to be available via ipkg from OpenWrt once I enable jffs2 in the GUI under »Administration«.

Once either of them are running, the OpenWrt wiki has instructions for road-warriors to set up strongSwan or racoon.

The problem with running OpenWRT directly is that (as of 2016-02-08) there are no open-source drivers for the 5GHz module. Also note that DD-WRT for Netgear's R6300v1 is based on the brcm47xx branch of OpenWrt (as indicated for example by cat /etc/ipkg.conf) unlike R6300v2 which relies on bcm53xx. This is in spite of the CPU model of the former being reported as »Broadcom BCM5300 chip rev 1«.

Thursday, 3 November 2016

Logging https traffic using Raspbian

In order to intercept https traffic, it is necessary to run software on a router or access point that provides its own certificates to clients. Using Mirko Dölle's beautiful instructions, today I set up mitmproxy on a Raspberry Pi 2 running Raspbian based on Debian Jessie. I have an RT5572 based dual band wifi dongle that works very well with Raspbian which I am going to use for clients to connect while the Raspberry Pi 2 itself is connected to the internet via ethernet.

First, I set up Raspbian in the usual way. Then I modified the dhcpcd configuration to assign a static IP address to the wifi adaptor which is going to be my access point. I added the following lines to the end of /etc/dhcpcd.conf.

interface wlan0
static ip_address=192.168.6.1/24

Next, I added the hostapd package and created a configuration file for it:

# apt-get install hostapd
# cat >/etc/hostapd/hostapd.conf <<EOF
interface=wlan0
driver=nl80211
country_code=GB
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

ssid=rpi-mitm

# 802.11g on #8
hw_mode=g
channel=8

# encryption
wpa=2
wpa_passphrase=pleasehackme
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# gobbledigook
beacon_int=100
auth_algs=1
wmm_enabled=1
EOF

Before activating, one line in /etc/default/hostapd has to be adjusted:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

In order to assign IP addresses to clients and handle DNS forwarding, I then installed dnsmasq, again creating a configuration for it.

# apt-get install dnsmasq
# cat >>/etc/dnsmasq.conf <<EOF
interface=wlan0
dhcp-range=192.168.6.50,192.168.6.100,12h
EOF

Next, I activated package forwarding by uncommenting the following lines in /etc/sysctl.conf:

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

I then set up network address translation by adding a POSTROUTING rule for my WAN interface to the NAT iptables. This setting needs to be persisted by installing the iptables-persistent package.

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# apt-get install iptables-persistent

Then I restart all the services involved. I disable legacy Debian networking because it takes the wlan0 interface up which prevents hostapd from starting. This completes the setup of the access point.

# systemctl disable networking
# systemctl start hostapd
# systemctl start dnsmasq
# systemctl restart procps

In order to inspect client traffic through the access point, I installed mitmproxy. The version 0.10.1-2 installed by apt-get (on Jessie) is too old, so I install the current version 0.18.2 manually. Since Jessie only provides Python 3.4, I went with Python 2.7.

# apt-get install python-pip python-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev g++
# pip install mitmproxy

To run it, I add a couple of redirections to the inbound interface.

# iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
# iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
# mitmproxy -T --host

Install mitmproxy's certificate on the device by browsing to http://mitm.it/.

To deactivate the capture, it suffices to remove the iptables rules.

# iptables -t nat -F PREROUTING

Wednesday, 2 November 2016

Logging mobile apps using DD-WRT

Today, I wanted to log the transmissions of a mobile app. I logged into my DD-WRT router and ran the following command.

# tcpdump -i br0 -w moto.pcap host 192.168.5.119

The IP address shown is the address of my mobile phone in my local network.

I then copied the captured file moto.pcap to my desktop computer and opened it in Wireshark which provides a very nice visual way to inspect the transmitted data.

Wednesday, 22 June 2016

Songs that make me cry

Works almost every time: »Der Weg« by Herbert Grönemeyer, from »Mensch«. »Never ever« by All Saints works almost as well.

Saturday, 7 May 2016

Correct local domain and host-name DD-WRT setup

For a long time, I've struggled with inconsistent results for name queries on my local network. For example, sometimes OS X (El Capitan) couldn't ping a host by name while dig (host, nslookup) worked fine.

Also, I had never really tried to understand several options in the DD-WRT setup for domain and host names and the way they affected dnsmasq's configuration, the default DHCP and DNS server on DD-WRT.

My situation is that of a typical home user with a DHCP-assigned IPv4 address and no public host name or top-level domain.

As it turned out, I had got the setup wrong: the »hostname« and »domain name« on the main setup page refer to DHCP options sent to the ISP by the router's DHCP client, udhcpc. My ISP doesn't require any of those, so the fields should be left blank on my setup.

Instead, the right place to set the router's host name is the aptly-named »Router name« field.

The correct place to define the top-level domain of the local network is the »domain name« field in the »DHCP Server« section on the »Services« tab. In addition, »Used domain« must be set to »LAN and WLAN« instead of »WAN« because we don't actually have a »WAN« domain.

By the way, I chose »lan« as the name of my local domain because »local« has been specified for use by mDNS.

As a result, the router's host name is correctly entered into /etc/hosts (both with and without my local domain) and dnsmasq resolves names of local DHCP clients both in their short and long forms.

Tuesday, 3 May 2016

Use all USB3 ports of Intel DH87RL on El Capitan

Today I succeeded in enabling all of my Intel DH87RL motherboard's USB3 ports.

As it turns out, El Capitan's XHCI driver has a limit of 15 ports which was taken up by the board's USB2 ports, leaving just one USB3 port usable.

Since only 8 USB2 ports are actually physically accessible from the outside, disabling the unused ports makes more USB3 ports available.

In theory, this should happen automatically because OS X evaluates the board's DSDT which should flag the user-accessible ports. Needless to say, the DH87RL's DSDT is buggy, so this method fails. ioreg is a helpful tool to find out the current configuration.

Helpfully, Apple has implemented a port disabling feature to handle the case of buggy DSDTs. Examples can be seen by examining the existing plug-ins of the XHCI drivers, to be found at /System/Library/Extensions/IOUSBHostFamily.kext/Contents/PlugIns/AppleUSBXHCIPCI.kext/Contents/Info.plist. This file contains port specifications for each different computer model.

In order to create my own port specification for my DH87RL, I used the fact that the XHCI controller uses a label of 'XHC1' on Apple's DSDT's, while the DH87RL's XHCI is labelled 'XHC' by the DSDT. This allowed me to create my own kext by matching on the emulated model name 'iMac14,2' in combination with 'XHC'.

By trial and error I found out that the USB2 ports provided by the DH87RL are numbered 1, 2, 3, 4, 6, 8, 9 and A. I created a file /EFI/CLOVER/OEM/DH87RL/kexts/10.11/InjectUSB.kext/Contents/Info.plist with the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
 <key>CFBundleDevelopmentRegion</key>
 <string>English</string>
 <key>CFBundleGetInfoString</key>
 <string>1.0.1, Copyright © 2000-2014 Joki Inc. All Rights Reserved.</string>
 <key>CFBundleIdentifier</key>
 <string>org.joki.injector.usb.USBXHCIDH87RL</string>
 <key>CFBundleInfoDictionaryVersion</key>
 <string>6.0</string>
 <key>CFBundleName</key>
 <string>XHC1 injector for DH87RL</string>
 <key>CFBundlePackageType</key>
 <string>KEXT</string>
 <key>CFBundleShortVersionString</key>
 <string>1.0.1</string>
 <key>CFBundleSignature</key>
 <string>????</string>
 <key>CFBundleVersion</key>
 <string>1.0.1</string>
 <key>IOKitPersonalities</key>
 <dict>
  <key>iMac14,2-XHC1</key>
  <dict>
   <key>CFBundleIdentifier</key>
   <string>com.apple.driver.AppleUSBMergeNub</string>
   <key>IOClass</key>
   <string>AppleUSBMergeNub</string>
   <key>IONameMatch</key>
   <string>XHC</string>
   <key>IOProviderClass</key>
   <string>AppleUSBXHCIPCI</string>
   <key>IOProviderMergeProperties</key>
   <dict>
    <key>port-count</key>
    <data>FQAAAA==</data>
    <key>ports</key>
    <dict>
     <key>HS01</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>AQAAAA==</data>
     </dict>
     <key>HS02</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>AgAAAA==</data>
     </dict>
     <key>HS03</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>AwAAAA==</data>
     </dict>
     <key>HS04</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>BAAAAA==</data>
     </dict>
     <key>HS06</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>BgAAAA==</data>
     </dict>
     <key>HS08</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>CAAAAA==</data>
     </dict>
     <key>HS09</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>CQAAAA==</data>
     </dict>
     <key>HS0A</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>CgAAAA==</data>
     </dict>
     <key>SSP1</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>EAAAAA==</data>
     </dict>
     <key>SSP2</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>EQAAAA==</data>
     </dict>
     <key>SSP3</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>EgAAAA==</data>
     </dict>
     <key>SSP4</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>EwAAAA==</data>
     </dict>
     <key>SSP5</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>FAAAAA==</data>
     </dict>
     <key>SSP6</key>
     <dict>
      <key>UsbConnector</key>
      <integer>3</integer>
      <key>port</key>
      <data>FQAAAA==</data>
     </dict>
    </dict>
   </dict>
   <key>model</key>
   <string>iMac14,2</string>
  </dict>
 </dict>
 <key>OSBundleRequired</key>
 <string>Root</string>
</dict>
</plist>

After reboot, I could use all of my USB3 ports (for reference, numbered 9, A, B, C, D and E).