The antennas are back! Wardriving in a Tesla.

antennas on tesla
This project was cannibalized over a year ago.  With Raspberry Pi as difficult to get ahold of as they’ve been, i thought this project might never come back to life.  I launched a number of pi liberating ideas with some success.  I now have enough for both fun personal projects and to get my work done.  I felt i should explain the name wardriving.  It is a variation on wardialing.   Wardialing was trying phone numbers, looking for interesting things on the phone.  Wardriving is similarly driving around looking for interesting things in the air.

pi family

My wardriver is not pictured above, but these Pi are ready for whatever comes next.  I’ve recovered an assortment of different Pi from original B+ (pi-hole) to a 2GB Pi 4 (broken helium miner).  One of the best parts of this setup is the early Pi 3 (not B+).  This was a lucky find as it consumes less energy and produces much less heat.  With only 6 radios running (including GPS) the lower performance hasn’t been an issue, but the reduced power has been incredible.  Early testing has me getting an additional 20-40% battery life vs the original pi 4 configuration.  my cable management has also improved with this iteration.  The setup fits in a small box in my trunk instead of a tangled mass of wires in a large bin (prototyping is fun).  The reason power is so important because, believe it or not, the amperage you can pull out of a Tesla for accessories is limited.  Without an alternator dumping piles of unclean energy i am forced to resort to BYOB (bring your own battery).  I got a monster battery to power the Pi 4 and even more radios and accessories of the original prototype.

war driver pi in a box

It is fun using the ADSB live tracker in Los Angeles as there are always planes above.  Next step will be DJI drone tracking and some sort of dashboard indicator/control.  I started a WiGLE account, it’s off to a pretty good start.  i found a few APs, but i’m still figuring out how to share BT.  maybe i’ll join the #HardHatBrigade group.

war driver kismet data sourceswar driver kismet screen
be3n wigle stats
Kismet Live ADSB tracking in Malibu

acme.sh is the ultimate DNS/SSL toolset! i have wasted my life!

I’ve been automating SSL renewals for almost as long as i’ve been deploying them.  for the most part, it is very smooth and easy to do.  (thanks mostly to certbot and the hard work over at let’s encrypt)  The trouble comes up with non publicly addressable servers and other custom setups. cough cough. . . Unifi. . . cough cough.

I recently discovered a tool that makes all those complicated setups as easy as the original certbot installs. acme.sh is that tool.  two lines!  not since screen have i regret any time i spent not using such a tool.

./acme.sh –renew -d “unifi.domain.com”

./acme.sh –deploy -d “unifi.domain.com” –deploy-hook unifi

Pro Tools users struggling with plugin licenses after activation try this. . .

Antares Auto-Tune screen

Users of Antares plugins, or others using Codemeter license manger may be locked out of their licences in Pro-Tools.  The licenses show up in the various license managers, but Pro-Tools says NO. This is due to added file system security of Mojave.  Add Pro Tools to the “Full Disk Access” list in Security & Privacy System Preference. That should solve the problem.  good luck.

@defcon just retweeted me!

In a tweet by @todayininfosec we were all reminded of this day in 1999 when @Dildog and the cDc crew presented Back Orifice 2000 (BO2K) to a delighted crowd at Defcon 7.  It was quite a show complete with music, projectors, lights, lasers, and even a Speak-n-Spell.  It was a lot of fun, and i was elated to be there. i replied early with my memories, but then i remembered that i had found some photos while cleaning. . .so i posted them. These were film prints from an instamatic (as was the style at the time), so they didn’t come out great!  they do offer a tiny keyhole through which we may peer into the past.  i am glad it is bringing joy.  Then @defcon (the official conference account) retweeted. *blush*

Defcon Retweets Me

 

Defcam 2.0 Preparation and more from Defcon 27!

DC27 Defcam2 - link UP

So I did not “complete” my hat until very late Friday when i finally got it to announce its link status on its new set of 14 segment displays.  It performed admirably all weekend.  Thanks to Paul for safely transporting it to and from Vegas. I must also thank Stephen for his late night help on Wednesday. (tacos are not enough)  Without his amazing soldering, i’d still be trying to figure out what i had done wrong.  Here are some pictures from that night and the con to follow. . .

DC27 Defcam - Return to operationDC27 Defcam2 - PreparationDC27 Defcam2 - new headerDC27 Defcam2 - PrototypingDC27 Defcam2 - CompleteDC27 Flight - Solar CollectorsDC27 - Nixie Badge
DC27 Villages - Rogues Village - Shuffle TheoryDC27 Talks - Detecting Mac MalwareDC27 Villages - Hacking a BoatDC27 - Badge Rick
Continue reading “Defcam 2.0 Preparation and more from Defcon 27!”

Status update:

I’m back in Vegas for Defcon and it’s going swimmingly. so much so that i might get some actual swimming in.

Patrick Wardle Speaking at Defcon 27Thanks to the late night help of Professor Franklin i have improved and redeployed the Defcam!be3n at defcon 27 with defcam streaming hat?

New security updates overtake jailbreak advantages.

There are just so many privilege escalation fixes in the latest iOS 12.2 update. I finally removed the jailbreak from my primary device and updated.  Privilege escalation is when an unprivileged or user process (like an app from the app store or even a web page*) gets root or even kernel authority.  This is when bad turns to worse because it can do and see anything with any of the device’s data or sensors.   Since even the big trusted apps have been caught tracking or stealing data, I simply couldn’t leave myself unprotected any longer.

I’ll still of course keep a development device jailbroken on 12.1.2 for all of the reasons. It was a wonderful experience, only slightly beta. I appreciate all the hard work by everyone in the scene. I think i am going hate seeing the home bar again the most.

* web pages are often sandboxed separately from the app itself. Some might argue that a webpage would first have to escape the sandbox before it could escalate privileges. this is true, but i would respond that sandbox escape is just another form of privilege escalation, only one level down. There are also over a dozen webkit fixes in this update.

Hosted Unifi controller with Let’s Encrypt SSL take 2!

Unifi Dashboard with SSL

UPDATE 11-09-21:  Discovered the amazing acme.sh toolcheck it out!

I visited this idea months ago, but for anyone who implemented it, it has been a nightmare.  Each subsequent Unifi controller update broke the https in new and exciting ways.  After remaining a very squeaky wheel with Ubiquity support, they’ve pushed out a version that should permanently resolve the problems. They even made promises of native Let’s Encrypt support.  All this will prove true of false with time, but for now i wanted to share my working procedure for Unifi controller version 5.9.32.

This solution required me to become more familiar with Java’s keytool then i would have otherwise.  Unifi has a hardcoded keytool path and password, don’t change that (thanks Corey F @ubnt). i don’t think alias matter, but they must be consistent.  I used mykey.  We start by generating a key and a code signing request for our domain.  For permissions reasons, we will want to do this as root. . .
cd /var/lib/unifi
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -keystore keystore -dname "CN=custom.domain.name" -storepass aircontrolenterprise

Now we export the csr file we will give to Let’s Encrypt.
keytool -certreq -alias mykey -keystore keystore -file custom.domain.name.csr -ext san=dns:custom.domain.name -storepass aircontrolenterprise

Now we run the interactive certbot script to prove the domain is actually yours before they hand out a cert.  Follow the instructions you can use DNS or hosting a file to verify.
certbot certonly --manual --csr custom.domain.name.csr

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL take 2!”

Back to reality after another amazing DEFCON!

I met a pile of incredible people.  Bought some amazing toys (for science), some i’ve even got working.  Saw some talks and demos.  Talked to some of my heroes and listened to even more.  I saw Ladar Levison talk about epoxying your ports and adding thermite to your hard drives.  I played with the ECU of a fake car!  now i just have finish building the DarkNet Badge!  enjoy my pictures. The hat data is still being analyzed.  I’ll try to build something out of it eventually.


DEFCON26 - Badge Acquired DEFCON26 - Car Hacking Village Badge DEFCON26 - Blockchain Badge DEFCON26 - Show us what you got?! Battlefield Las Vegas - Mac-10 Battlefield Las Vegas - Tank Collection Battlefield Las Vegas - Tank crushing car Battlefield Las Vegas - Tank crushing car close
Continue reading “Back to reality after another amazing DEFCON!”