Yubikey 5 on Void linux
I recently (finally) got myself a yubikey which i plan to use with pass - and hence gpg.
In this article, we take a look into the basic setup required to make the yubikey work on void linux.
Install required packages First, we need to install a couple of packets such as a pcsc daemon and the yubikey manager:
$ xbps-install -Su u2f-hidraw-policy gnupg2-scdaemon yubikey-manager pcsc-ccid pcsclite Also make sure that your user is a member of the plugdev group to use the key via gnupg2 (more on that later).…
Read more ⟶
Aliexpress LTE / 4G Stick hacking - Part 2
In my previous post, we started to play a little bit with a cheap LTE stick from Aliexpress.
We identified the APK responsible for serving the limited Web-UI and keen eyes might have spotted something unusual:
So this APK claims to be signed by Google (well, ‘Android’) which seems odd. Well, not really:
$ adb shell getprop ro.build.description msm8916_32_512-user 4.4.4 KTU84P eng.qwang.20220611 test-keys Did you notice something? Yes: test-keys.
What are test-keys?…
Read more ⟶
Aliexpress LTE / 4G Stick hacking
I recently decided that i “need” an LTE USB stick to tinker around with, so i visited Aliexpress and bought one of the many available cheap devices.
Weeks later, i was the proud owner of this thing: First impressions After plugging the device in, it appears as an ‘Android’ device, which is - interesting.
$ lsusb |grep Android Bus 001 Device 017: ID 05c6:9024 Qualcomm, Inc. Android $ dmesg | grep usb [20388.…
Read more ⟶
nsjail with netns
Nsjail and netns I’ve been a long time user of nsjail which is a pretty handy tool to create linux namespaces. My common usecase for nsjail is to put services into their own, well, jail - by only giving them access to specific folders in the filesystem.
As an example: The webserver which served you this page runs with the following configuration:
mode: ONCE hostname: "nsjail-hostname" clone_newnet: false time_limit: 0 rlimit_cpu_type: INF rlimit_nofile: 4096 rlimit_fsize: 320960 uidmap { inside_id: "1099" outside_id: "psa-www" } gidmap { inside_id: "1099" outside_id: "psa-www" } mount { src: "/tank/websites" dst: "/web" is_bind: true } mount { src: "/usr/local/bin/psa-www" dst: "/psa-www" is_bind: true } # standard paths.…
Read more ⟶
Source based routing with wireguard
What this article is about? This article describes how to configure a linux router to send traffic from specific IPs to a non-default (wireguard) route. With such a setup, you will be able to use a VPN with ‘smart’ devices (A TV, Nintendo Switch, etc…) which do not have native wireguard support.
Configure wireguard interface First, we configure a new wireguard interface which we will call sbr0. Note that we are not using wg-quick to bring the device up since we want to have full control over its configuration (and not use it as a default route anyway).…
Read more ⟶
Fiber7 an einem IPv6 Linux router
Konfiguration unter Linux Dieser Artikel befasst sich mit der Konfiguration von IPv6 + Fiber7. Warum IPv6? Weil es zu IPv4 eigentlich nicht viel zu sagen gibt :-)
IPv6 auf dem Router einrichten Wir gehen von einem Router mit 2 physikalischen interfaces aus: wan0 und lan0.
Sysctl und router interface einrichten Zuerst stellen wir sicher, dass der Router sich nicht via SLAAC automatisch konfiguriert, da Init7 dies nicht (mehr) wirklich supported.…
Read more ⟶
Ejabberd cluster setup
Some notes about ejabberd clustering Setup the first node Note: If you are already running a single ejabberd node (called ejabberd@localhost) i’d recommend to simply dump mnesia and import it again: changing the node name might be too much work
We will call the first node ejabberd@first.example.com
Install erlang and ejabberd Create your ejabberd.cfg file In ejabberdctl.cfg: set INET_DIST_INTERFACE={10,0,0,1} (where 10.0.0.1 is the ip of first.example.com!) Start the node via ejabberdctl --node ejabberd@first.…
Read more ⟶
Dyson Pure Cool Link Internals
I got a Dyson Pure Cool Link fan a few days ago and started to tinker with it :-) (after having a look at the app and deleting it after ~5 Minutes. Ugh).
Device Overview Well: It is a Fan. But a fan with a remote control and Wifi!
Plug it in The fan can be used without all the Wifi stuff, but that wouldn’t be much fun. Unfortunately, you are forced to install Dysons app which has tons of ‘analytics-tracking’ built in.…
Read more ⟶