Status update:

be3n wardriving wigle map

Half a million Wifi access points discovered!  I’ve also integrated the Raspberry Pi Foundation 7 inch touch display into the phone compartment on my Tesla center console.  This allows me to see the status of the scan as well as change operating modes.  There are almost no light leaks with the lid closed, but at night the screen is washed out in photos. A usb port was added for convenience.  I will want to clean up the USB port and add some physical buttons.

wardriving interface lid closewardriving interface at nightnightwardriving interface added usb

The antennas are back! Wardriving in a Tesla.

antennas on tesla
This project was cannibalized over a year ago.  With Raspberry Pi as difficult to get ahold of as they’ve been, i thought this project might never come back to life.  I launched a number of pi liberating ideas with some success.  I now have enough for both fun personal projects and to get my work done.  I felt i should explain the name wardriving.  It is a variation on wardialing.   Wardialing was trying phone numbers, looking for interesting things on the phone.  Wardriving is similarly driving around looking for interesting things in the air.

pi family

My wardriver is not pictured above, but these Pi are ready for whatever comes next.  I’ve recovered an assortment of different Pi from original B+ (pi-hole) to a 2GB Pi 4 (broken helium miner).  One of the best parts of this setup is the early Pi 3 (not B+).  This was a lucky find as it consumes less energy and produces much less heat.  With only 6 radios running (including GPS) the lower performance hasn’t been an issue, but the reduced power has been incredible.  Early testing has me getting an additional 20-40% battery life vs the original pi 4 configuration.  my cable management has also improved with this iteration.  The setup fits in a small box in my trunk instead of a tangled mass of wires in a large bin (prototyping is fun).  The reason power is so important because, believe it or not, the amperage you can pull out of a Tesla for accessories is limited.  Without an alternator dumping piles of unclean energy i am forced to resort to BYOB (bring your own battery).  I got a monster battery to power the Pi 4 and even more radios and accessories of the original prototype.

war driver pi in a box

It is fun using the ADSB live tracker in Los Angeles as there are always planes above.  Next step will be DJI drone tracking and some sort of dashboard indicator/control.  I started a WiGLE account, it’s off to a pretty good start.  i found a few APs, but i’m still figuring out how to share BT.  maybe i’ll join the #HardHatBrigade group.

war driver kismet data sourceswar driver kismet screen
be3n wigle stats
Kismet Live ADSB tracking in Malibu

Upgrading to Unifi Dream Machine Pro.

Unifi Dream Machine Pro

I’ve been using Ubiquiti equipment since the original PowerStation.  I took it to the next level with Unifi.  I slowly acquired more and more equipment until their controller software had such an incredible sight into my network and it’s workings.  An insight that makes maintenance and  troubleshooting effortless.  Moving from the USG Pro to UDM Pro i immediately enjoy the faster speeds and the fancy touch screen panel.  What i don’t like is it’s complete lack of integration with non-local controllers and the missing features in its switch component.

Unifi panel showing link aggregation

As you can see from this image, i am a fan of link aggregation.  It is an inexpensive way to maximize existing  infrastructure and improve network performance.  Unfortunately, the 8 ports on the UDM are currently incapable of this feature.  I was hoping to remove one of the switches from my closet as i move links to the UDM, but it was not to be.  This seems like a serious oversight for a Pro branded unit.  I am hoping they fix this with a future update, but will not be holding my breath.

Defcam 2.0 Preparation and more from Defcon 27!

DC27 Defcam2 - link UP

So I did not “complete” my hat until very late Friday when i finally got it to announce its link status on its new set of 14 segment displays.  It performed admirably all weekend.  Thanks to Paul for safely transporting it to and from Vegas. I must also thank Stephen for his late night help on Wednesday. (tacos are not enough)  Without his amazing soldering, i’d still be trying to figure out what i had done wrong.  Here are some pictures from that night and the con to follow. . .

DC27 Defcam - Return to operationDC27 Defcam2 - PreparationDC27 Defcam2 - new headerDC27 Defcam2 - PrototypingDC27 Defcam2 - CompleteDC27 Flight - Solar CollectorsDC27 - Nixie Badge
DC27 Villages - Rogues Village - Shuffle TheoryDC27 Talks - Detecting Mac MalwareDC27 Villages - Hacking a BoatDC27 - Badge Rick
Continue reading “Defcam 2.0 Preparation and more from Defcon 27!”

Status update:

I’m back in Vegas for Defcon and it’s going swimmingly. so much so that i might get some actual swimming in.

Patrick Wardle Speaking at Defcon 27Thanks to the late night help of Professor Franklin i have improved and redeployed the Defcam!be3n at defcon 27 with defcam streaming hat?

Hosted Unifi controller with Let’s Encrypt SSL take 2!

Unifi Dashboard with SSL

UPDATE 11-09-21:  Discovered the amazing acme.sh toolcheck it out!

I visited this idea months ago, but for anyone who implemented it, it has been a nightmare.  Each subsequent Unifi controller update broke the https in new and exciting ways.  After remaining a very squeaky wheel with Ubiquity support, they’ve pushed out a version that should permanently resolve the problems. They even made promises of native Let’s Encrypt support.  All this will prove true of false with time, but for now i wanted to share my working procedure for Unifi controller version 5.9.32.

This solution required me to become more familiar with Java’s keytool then i would have otherwise.  Unifi has a hardcoded keytool path and password, don’t change that (thanks Corey F @ubnt). i don’t think alias matter, but they must be consistent.  I used mykey.  We start by generating a key and a code signing request for our domain.  For permissions reasons, we will want to do this as root. . .
cd /var/lib/unifi
keytool -genkeypair -alias mykey -keyalg RSA -keysize 2048 -keystore keystore -dname "CN=custom.domain.name" -storepass aircontrolenterprise

Now we export the csr file we will give to Let’s Encrypt.
keytool -certreq -alias mykey -keystore keystore -file custom.domain.name.csr -ext san=dns:custom.domain.name -storepass aircontrolenterprise

Now we run the interactive certbot script to prove the domain is actually yours before they hand out a cert.  Follow the instructions you can use DNS or hosting a file to verify.
certbot certonly --manual --csr custom.domain.name.csr

Continue reading “Hosted Unifi controller with Let’s Encrypt SSL take 2!”

Back to reality after another amazing DEFCON!

I met a pile of incredible people.  Bought some amazing toys (for science), some i’ve even got working.  Saw some talks and demos.  Talked to some of my heroes and listened to even more.  I saw Ladar Levison talk about epoxying your ports and adding thermite to your hard drives.  I played with the ECU of a fake car!  now i just have finish building the DarkNet Badge!  enjoy my pictures. The hat data is still being analyzed.  I’ll try to build something out of it eventually.


DEFCON26 - Badge Acquired DEFCON26 - Car Hacking Village Badge DEFCON26 - Blockchain Badge DEFCON26 - Show us what you got?! Battlefield Las Vegas - Mac-10 Battlefield Las Vegas - Tank Collection Battlefield Las Vegas - Tank crushing car Battlefield Las Vegas - Tank crushing car close
Continue reading “Back to reality after another amazing DEFCON!”

Stepping back into Wireless Security

wifi-crack Believe it or not, my home network actually used Radius authentication many years ago. Before I got a Nest (which still cannot connect to anything that isn’t open, WEP, or WPA/WPA2).  At the time, I assumed the Nest app talked directly to the thermostat.  Not true.  It just needs internet to talk to it’s servers where it receives the commands and preferences from the app.  Armed with that knowledge and recent revelations about the security of WPA2, I set to the task of reimplementing Radius on my network.  First, I needed to asses which devices, like the Nest, would be unable to make the transition.  Luckily, most of these devices don’t need anything more then internet access.  One was moved to a hard line and the last attached to a Radius capable wireless bridge.  I added a internet only wireless network for my embedded devices and moved my privileged network to Radius authentication. It was time to change my password anyway. Stay safe!

Continue reading “Stepping back into Wireless Security”

My favorite products play well together!

DiskStation and Amplifi

Ubiquity’s Amplifi wifi mesh system is awesome and incredibly easy to setup. It also looks great next to Synology’s DiskStation product line.  Together they make the most amazing Time Capsule replacement. The functionality doesn’t stop there.  The DiskStation does so much more then just backup.  As a backup however, it allows you to mirror the disks for extra protection as well as synchronize between other servers, DiskStations, cloud storage, or even AWS S3!  Getting nearly 200Mbit everywhere!  Already backing up three computers.  What other services should I add to the Synology?