Sharing Your Hotel WiFi Voucher With Yourself

If you are in a foreign country, away from home, staying at a hotel, chances are you have horrible data roaming. Whether it is speed or cost, you want to get connected to a wifi hotspot as soon as possible.

Security problems aside, one of the issues with paid (or given as a pre-paid voucher to staying guests) wifi is that the system has some form of access controls. Most often your browser will get hijacked and taken to the log-in page. When you authenticate, the hotspot associates your MAC address with the credentials you supplied, and you are free to browse the internet.

Well, what happens if this association is permanent? I.e. once you log in with your computer, only that computer can use the hotspot. What about your phone? What about other devices? In such case, you have purchased internet access, but the access is restricted to one appliance, instead of one person.

There may be terms and conditions which you could violate by bypassing the restriction. Read them and see if you’re allowed to connect other devices.

Meh. So how could we get around it?

Solution: share internet from this device.
So you got internet on your phone. Good. Share this access via cable or bluetooth (or wifi, perhaps) with your other devices. Problem solved! Quick and easy, if your phone supports it.
You could do this with your laptop as well, but you would probably need an external wireless network card as well.

Solution: use the same MAC address.
Note the MAC address of your phone, and then associate the account with your phone. When you want to use your laptop, simply change the MAC of your wireless interface to that of your phone. Disconnect your phone before you connect your laptop.
On Linux, you would run something like “sudo ifconfig wlan0 hw ether aa:bb:cc:dd:ee:ff”, where wlan0 is your wireless interface and the a-f is the MAC of your phone.

Extending the Wired Network Without any Cables

In the time before wireless, we used copper cables to get connected to the rest of the internet. That worked fine, until WiFi made us lazy cable-hating internet consumers. If you need cable connection, then the cat6 should be inside your walls. But preferably you shouldn’t have any cables at all. And if you’re living in a house where you can’t do cable management inside the walls, there are special ethernet-via-power-outlet appliances you can get as a workaround.

I don’t trust those appliances. They are lousy. But I needed a wired connection to my Raspberry Pi and NAS, which just happened to be in the other side of my apartment, some very-far distance from my router. How do I do that?

Well, I could ignore the fact that cables are an eye sore, and condition myself to not see a potential cable running along the walls (or across the floor, most likely). But I’d probably never hear the end of it whenever someone came to visit.

I could move the devices, although that wouldn’t be much fun.

I could try to fit the devices with WiFi. Finally, an idea which seemed promising! The Raspberry Pi could run a wireless adapter, and then bridge that via the ethernet port to the NAS. The speeds would be terrible, it would be rather unstable, and it would not support any additional network devices… but it would do the job.

Finally, I looked around and purchased a €10 wireless router which I then hooked up as a client to my existing wireless network. The configuration bridges the 4 ethernet ports with the rest of my network. It’s not as cheap as using a cable, but it’s a pretty inexpensive solution anyway. I haven’t benchmarked the speeds, but
I haven’t run into any issues thus far with it :).

This Blag Ain’t Dead Yet!

All right, all right, I admit there has not been a content update in quite a while now, but that doesn’t mean that the blog is dead! It’s still very much alive and still going strong with some a lot of daily visits.

The life signs might have been weak, but that doesn’t mean that the heart wasn’t beating. I’ve still been doing the required WordPress-maintenance; approving comments, updating, emptying the spam (some 14k messages per time!). So why didn’t I write?

I’d say time constraints. But that’s only half the truth.

I’d say that I’ve done nothing interesting, nothing that is worth writing about. But that simply wouldn’t be true.

It’s more a combination between having a lot of other engaging projects, together with already having too much stuff to write for other purposes.

Oh well.

Let’s see if we can get this blag moving again :).

Raspberry Pi – Is It Worth Getting One?

rpicluster

I’ve previously written a little bit about the Raspberry Pi, but mostly about specific things. And when I hear people talking about the RPI, it’s mostly about specific things. So, what about the whole picture? Is it worth getting a RPI?

Yes. Go get one if you don’t already have one.

Some uses:
Music player
Video player / handle a display (Synergy is available)
Lightweight HTPC
Gaming
Programming
Shell server
Hardware hacking / Prototyping
Web server
Cheap NAS
BitTorrent server
OwnCloud server
Security camera

You’re getting a cheap all-in-one computer with low power consumption and good connectivity capable of running more or less any simple service. If you’re into hardware hacking you got GPIO pins and quite a lot of community support and sample code to get started. I recently got a RGB LCD screen (warning: a lot of soldering required :3!).

Raspberry Pi is overall a good platform for a lot of purposes, which becomes its true strength. Because it often falls short compared to other platforms. You can run a web server with OwnCloud, but it will be slow. You can share your old external hard drive and use it as a NAS, but don’t expect any rapid transfers. There are a few games that will run, but the experience is better elsewhere. It can play music but the audio isn’t great and might feature some static.

I can’t complain on the video, though. It can play 1080p with audio via HDMI as long as the bitrate isn’t too high, which is amazing. 720p works flawlessly. There are images optimized for HTPC usage available. But then again, you want to play h.264. I haven’t tried any other codec, but unless there is hardware acceleration available, it will be sluggish.

The bottom line is that the Raspberry Pi is slow. The ARM processor isn’t very strong, especially with graphics. The included python games feature delay and feel non-responsive, and web browsing is impossible using an ordinary browser. The included lightweight browser makes a good job, but it still isn’t good enough. You will be disappointed with the performance if you have any expectations at all.

For the price, and seeing how well-balanced it is, it’s sure worth getting one. There are a lot of uses for a silent all-in-one computer. Sometimes a lot of horsepower isn’t required, and this is where the RPI shines.

Home Network Storage With Point and Click ZFS!

nas

I’ve kind of forgotten to post about my “new” NAS, which sort of replaced my old Buffalo Link Station Live 3Tb.

I had somewhat of a complicated relationship with the Link Station – on one hand it “did what it was supposed to”, but on the other hand it didn’t do anything else. Yes, it had a lot of nice features, but it couldn’t run them because then it would run out of system resources.

So when I upgraded my PC (as in bought a new one, reused the SSD and one drive), I was thinking of converting the leftover hardware into a NAS.

I wanted the following features:
* More than 3T storage in one logical drive
* One disk redundancy
* Portability (Can restore volume on another machine)
* Semi-future-proof
* Silent (as in I should be able to sleep with it on)
* Encryption

Since I’m mostly familiar with Linux, I looked into some software-RAID possibilities. The idea was that I could install a distro onto a flash drive, thereby saving an internal HDD slot, and run a software RAID creating both one logical drive and giving me redundancy.

While researching, a friend of mine lost his array due to software error (probably some human error too, perhaps) when the system drive got corrupted. I didn’t like the idea that some setups required configuration on the system disk because then the setup wouldn’t be portable in case of a system failure.

I’ve had my eye on ZFS for some time, but never got around to implementing it because of the hardware requirements. Suddenly ZFS looked like a much better option. Originally I kind of wanted to run services on my NAS as well, which probably wouldn’t be possible with the kind of memory ZFS requires. However, I knew that if I were to run a multitude of services on the same machine which also hosted all my files, I’d eventually break something important. So perhaps, I thought, it’d be better to just go for ZFS.

Point and click ZFS? FreeNAS!

FreeNAS works flawlessly for me, albeit a bit slow at times. That might not be FreeNAS fault, though, it could be my SATA controller. It’s currently hosting 3x1T and 3x3T of storage, shared over a gigabit interface.

The admin web interface is very responsive and the only operation that actually takes a while is volume mounting, which is to be expected. It’s only done once per reboot anyway. You have access to pretty much all configuration from there, and a (somewhat laggy) terminal. A regular console is available if you plug in a display and keyboard.

Finally, let’s round it up with a little bit of pros and cons.

Pros:
Point and click ZFS, with disk encryption and network sharing.
Extensive admin web interface.
Based on FreeBSD.
Can run from a CD or USB drive.

Cons:
If something breaks you might have to bring up a terminal.
You can’t put files on the flash drive, i.e. scripts etc.
Could have been better at displaying system information, like S.M.A.R.T details and disk temperature.

Bottom line: go install FreeNAS if you need a file storage machine!

Move a VirtualBox Virtual Disk

It’s actually embarrassingly easy, really.

Go to File > Virtual Media Manager and select the disk you want to move. Make sure the machine using it is offline, and press Release. This will disassociate the disk form the machine. Then chose Remove and opt to keep the disk image. That’s important, because otherwise you’ll lose your data!

Proceed and move the disk file to the new location.

Open settings for the virtual machine using the disk, go to Storage, select Controller: SATA and tap the Add button below the list and chose Hard Disk. Opt to pick an existing disk and find yours using the file browser.

Done!

VirtualBox doesn’t allow you to import disks already mounted or already tracked by the platform. Every disk has a unique ID which identifies it, which means that simply copying and trying to attach the copy won’t work at all.

How to import the OWASP Broken Web Applications virtual machine in VirtualBox

Step 1

Download the OWASP BWA files: https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

Step 2

Create a folder and extract all files there. Probably a good idea to put the folder right next to your other virtual machines, if you have any. This folder shouldn’t move around.

Step 3

Open VirtualBox and create a new machine named OWASP BWA (or whatever) as Linux/Ubuntu. Set RAM to something appropriate (I’m using 2Gb because I can).

Use existing hard drive, select the files you just extracted.

Step 4

Run.

Optional

You might want to fiddle around with various settings, like bridging the network interface etc. It’s not recommended to allow anyone since OWASP BWA contains multiple security holes, though.

Recovering a WinRAR Archive Password

Passwords are great, and most of the time it’s safe to forget one of them. If you forget your password to some online service, you’re (almost always) able to restore it via some web interface. If you forget your Windows password (not including Windows 8, perhaps?) you’re able to alter or wipe it using some live system running off a CD or USB-thumbdrive.

Forgetting an encryption password is a bit worse, since the entire point of encryption is to make the information unreadable unless you have the right key. Some systems have recovery measues in place, but far from all. So if you forget the password to your RAR archive, what can you do?

Some of the compression archive formats support password protection (which is encryption), but this only covers how to recover WinRAR passwords.

And recovering is a nice word for cracking. And no, you’re not allowed to crack other people’s archives.

Step 1: Download cRARk

You’re able to get the software from cRARk.net for free. There are both Windows and Linux versions available, as well as with and without GPU support. While I havn’t had the pleasure of testing the GPU versions, generally utilizing the GPU makes the entire process a lot faster.

Step 2: Extract

Extract the archive. I’ll leave this to you. I reckon you must already be able to handle RAR files, since you are recovering the password for one =).

Step 3: Run

Open a terminal (or cmd.exe, if you are on Windows) and navigate to the folder where you extracted the archive. In Windows, you can hold Shift and right click – and then click “open command window here”.

On Linux using the non-GPU version, you can type:

./crark-hp -g15 -ptest.def myarch.rar

The first part is the binary (program) used. “./” indicates that we want to run the program named crark-hp in our current folder. You can try to use crark as well, but it failed to detect RAR version for my test archive.

“-g” defines the maximum character limit that the program will search through. “-g15” sets this limit to 15. You can use the “-l” flag to set the minimum limit. Note that no parameters have space between the flag and the value.

“-p” sets the password definition file. The standard is default.def, which you will have to create yourself. Specify it to make sure what rules you are running. More about this later on.

“myarch.rar” specifies the RAR file to use.

Step 4: Done (or not?)

cRARk will notify you when it has either found your password or exhausted the key space (searched everything and found nothing).

About password definition files

The password definition files basicly define what passwords should be used. We are performing a brute force attack, but can specify what set of characters to use. cRARk comes with good documentation on how to write this file, and what can be used to efficiently recover passwords. You can find the chapter on the definitions here.

An example would be (haven’t tested this one, beware typos):

$a = [abcdefghijklmnopqrstuvwxyz]
##
$a *

Or look at the sample english.def.

Cheers!