-->

hobbydev dotnet_gadgeteer

I like gadgets and electronics. Programming against hardware and interact with the real world makes it much more fun I think. I bought a .NET Gadgeteer kit set some time ago but hadn’t much time to spend on it. Now it’s time to break that cycle and actually do something with it.

Setting up dev environment

As this will be more experimenting than actual development I decided to use my spare laptop for this task. I installed the latest version of .NET Micro Framework which can be found in the official site. My kit is GHI Electronics’ FEZ Spider Starter Kit which can be ordered from here: https://www.ghielectronics.com/catalog/product/297. I also needed to install device drivers and Spider mainboard SDK which all could be found on GHI’s website.

Updating the Firmware

Since I bought the device .NET Micro Framework release v4.2 and I wanted to work with the latest version. Turns out it’s a quite complicated process! I tried a bunch of tools but finally managed to upgrade my framework by using FEZSpiderMainboardUpdater.exe application which can be found under the legacy apps from GHI.

Spider updater

Down to coding

After installing every bit it was time to develop my first program to explore its capabilities. For this I used the excellent “Getting started with the FEZ Spider Kit”. You can find the link below in Resources section. What you do is basically designing your gadget using the designer that’s installed in the Visual Studio and comes with the Gadgeteer project. Then you connect the actual hardware components in the same way. After this you run it just like a regular project. It first compiles and deploys the project to the device then runs it. You can even debug your source code even though it’s running on the mainboard.

Mainboard Diagram

After I completed the gadget described in the guide, I got a rather strange and annoying error called “MMP error”. After Googling it a little bit I found the link for the workaround: http://netmf.codeplex.com/workitem/221. After copying the config file the problem was resolved. The source code for the sample project is just a few lines which can be seen below:

Gadgeteer source code

The application is quite simple: You press the button and the camera takes a picture and displays on the screen. You can see a sample screenshot below:

Gadgeteer sample Output

So far so good. I now have the environment ready and I have to check all the components and find out what they are capable of and hopefully come up with a cool project idea to make all this worthwhile.

Resources

security wifi_pineapple, network
There is a new version of this article in my new blog published for WiFi Pineapple Mark VII: WiFi Pineapple Mark VII: Unboxing and Setup

One of the online shows I enjoy is Hak5.org’s podcast (http://hak5.org). Hak5 also manufactures tools for penetration testers. WiFi Pineapple (https://wifipineapple.com/) is one of the devices they manufacture. It is a “hotspot honeypot” and its most powerful feature is something called a Karma attack.

What is Karma Attack?

Simply put when our wireless devices keep sending out probe requests searching for the networks they “know” to re-associate. Normally all APs that don not have the SSID that’s probed for simply ignore these packets. But not WiFi Pineapple! It runs a modified firmware and replies to all probe requests claiming that it is the network our device is looking for. The modified firmware is called Jasager (yes-man in German) which explains a lot I think.

Build or Buy One

Base WiFi Pineapple costs $99. You can buy one from here: http://hakshop.myshopify.com/collections/gadgets/products/wifi-pineapple

Wi-Fi Pineapple

If you like getting your hands dirty to dig deeper you can build one on your own. The firmware is a free download. The router inside WiFi Pineapple is an Alfa AP121U which costs around £40 or you can go with the bare board which costs around £20 (here on Amazon) Also you need to flash it via serial port and you need a USB TTL cable (here on Amazon) They have a great step-by-step tutorial (see References down below). After following the instructions you can have your own homemade WiFi Pineapple within 20 minutes.

So what is the risk?

If you have a habit of using unsecured wireless networks than you are under risk. As by default most devices try to connect to previous networks automatically, there is a chance to connect to attacker’s AP as it is faking to be your old friendly network that you used to be connected. Good news is that pineapple doesn’t support Karma attack for protected networks. So if you manage to stay away from open networks then you are off the hook. But still it doesn’t hurt to be careful and watch out closely to where you are connecting.

Resources

sysops cloud_computing, system_administration, owncloud

Evernote has been recently hacked. Dropbox has been hacked many times. Who knows what’s going in the other services we are using. So I decided to phase out my cloud service providers and create my own cloud. There are bunch of ways of running this tool. For instance, you can just download a VM image with everything installed. I decided to start from scratch and perform a manual installation on a new Ubuntu server. It’s very easy. First we need to install dependencies:

apt-get install apache2 php5 php5-gd php-xml-parser php5-intl
apt-get install php5-sqlite php5-mysql smbclient curl libcurl3 php5-curl

Then extract the downladed compressed file:

tar -xjf path/to/downloaded/owncloud-x.x.x.tar.bz2
cp -r owncloud /path/to/your/webserver

Set the directory permissions:

chown -R www-data:www-data /path/to/your/owncloud/

Enable .htaccess by settings AllowOverride to “All” in /var/www directory in Apache config which is in /etc/apache2/sites-enabled/000-default on Ubuntu Finally run mod_rewrite:

a2enmod rewrite
a2enmod headers

I got these instructions from Admin Manual which can be found here: ownCloud Admin Manual It’s quite straighforward. Then all we have to do is navigate to login page, create an admin account and start uploading files:

Own Cloud

My favourite features are:

  • Ability to share password protected links with specific users
  • Ability to set expiry date to shared files
  • Ability to sync mulitple local folders (it doesn’t have to mimic the directory structure of server, you can select and map separate folders)
  • Supports plugins. A simple note taking plugin is quite helpful to take and sync notes. Also I installed YubiAuth plugin which supposedly enables using my Yubikey with it. But couldn’t make it work yet. My only negative observation about it is SMTP settings didn’t work. When I tried to send someone a link of shared file I got a bizarre error. On their forums I saw other people having similar problems. To me it’s not a crucial issue (as a single user, who am I going to mail anyway) but for an organization it may quickly become an annoying issue.