Adding BPF to my DHCP Server


Ages ago, i’ve written a small DHCP Server and Client in Go. DHCP has a few (surprising to me, back then) complications which force one to use raw sockets: A client needs to be able to perform an arp ping and receive replies of the server before its IP stack is configured. Likewise, the server needs to be able to see requests which are not adressed to its IP or MAC (since the client doesn’t know this information yet!…
Read more ⟶

Void Linux on Oracle Cloud Free Tier


I’ve recently noticed that Oracle (yes, oracle) offers a pretty nice ‘Always Free Tier’ cloud offering. Unfortunately, only Oracle Linux and Ubuntu are available, which is not really what i want. So i went ahead and wrote a small script which ’takes over’ an existing ubuntu installation: takeover.sh. Using the script is rather simple: First, create a new ubuntu minimal instance SCP the script to /tmp Login to the ubuntu host and (as root) execute sh /tmp/takeover.…
Read more ⟶

Wayland in 2023


I’ve been using Linux on the Desktop since probably around 1998. While i did try a few desktop environments (KDE, Gnome, GNUStep), i always came back to just using fvwm2 with a terminal (and netscape/mozilla/firefox). However, Xorg is dying and so i’ve moved on to Wayland about 2 years ago, settling on swaywm with foot or/and Alacritty. I never really liked the setup: While SwayWM felt quite okay on may laptop, i never liked it on my workstation and somehow ended up using wayfire which also always felt - ieks (just getting focus-follows-mouse working was a pain).…
Read more ⟶

Yubikey 5 on Void linux


I recently (finally) got myself a yubikey which i plan to use with pass - and hence gpg. In this article, we take a look into the basic setup required to make the yubikey work on void linux. Install required packages First, we need to install a couple of packets such as a pcsc daemon and the yubikey manager: $ xbps-install -Su u2f-hidraw-policy gnupg2-scdaemon yubikey-manager pcsc-ccid pcsclite Also make sure that your user is a member of the plugdev group to use the key via gnupg2 (more on that later).…
Read more ⟶

Aliexpress LTE / 4G Stick hacking - Part 2


In my previous post, we started to play a little bit with a cheap LTE stick from Aliexpress. We identified the APK responsible for serving the limited Web-UI and keen eyes might have spotted something unusual: So this APK claims to be signed by Google (well, ‘Android’) which seems odd. Well, not really: $ adb shell getprop ro.build.description msm8916_32_512-user 4.4.4 KTU84P eng.qwang.20220611 test-keys Did you notice something? Yes: test-keys. What are test-keys?…
Read more ⟶

Aliexpress LTE / 4G Stick hacking


I recently decided that i “need” an LTE USB stick to tinker around with, so i visited Aliexpress and bought one of the many available cheap devices. Weeks later, i was the proud owner of this thing: First impressions After plugging the device in, it appears as an ‘Android’ device, which is - interesting. $ lsusb |grep Android Bus 001 Device 017: ID 05c6:9024 Qualcomm, Inc. Android $ dmesg | grep usb [20388.…
Read more ⟶

nsjail with netns


Nsjail and netns I’ve been a long time user of nsjail which is a pretty handy tool to create linux namespaces. My common usecase for nsjail is to put services into their own, well, jail - by only giving them access to specific folders in the filesystem. As an example: The webserver which served you this page runs with the following configuration: mode: ONCE hostname: "nsjail-hostname" clone_newnet: false time_limit: 0 rlimit_cpu_type: INF rlimit_nofile: 4096 rlimit_fsize: 320960 uidmap { inside_id: "1099" outside_id: "psa-www" } gidmap { inside_id: "1099" outside_id: "psa-www" } mount { src: "/tank/websites" dst: "/web" is_bind: true } mount { src: "/usr/local/bin/psa-www" dst: "/psa-www" is_bind: true } # standard paths.…
Read more ⟶

Source based routing with wireguard


What this article is about? This article describes how to configure a linux router to send traffic from specific IPs to a non-default (wireguard) route. With such a setup, you will be able to use a VPN with ‘smart’ devices (A TV, Nintendo Switch, etc…) which do not have native wireguard support. Configure wireguard interface First, we configure a new wireguard interface which we will call sbr0. Note that we are not using wg-quick to bring the device up since we want to have full control over its configuration (and not use it as a default route anyway).…
Read more ⟶