less ./b00010111/blog

Arch Linux - Raspberry Pi => New Tor Relay

It seems my recent tor relay setup is broken, cause the corresponding tor package for wheezy keeps throwing sec faults.
My new setup is still with the Raspberry pi but I moved from wheezy to Arch Linux now.

The setup process is nearly the same as for the setup with wheezy:
Download the current version of Arch Linux for Raspberry Pi from the download page, extract the archive and copy it to your SD card.

1
2
3
4
5
6
unzip ArchLinuxARM-2014.01-rpi.img.zip
Archive:  ArchLinuxARM-2014.01-rpi.img.zip
  inflating: ArchLinuxARM-2014.01-rpi.img
.
.
sudo dd bs=1M if=ArchLinuxARM-2014.01-rpi.img of=/dev/sdb

Again you can use “df -h” before and after you connected you SD card to figure out which path you have to use for the “of” parameter of the “dd” command.
After copying is completed just insert the SD card into the Raspberry Pi, connect the network cable and power it up. Again you will be able to find out the IP address by looking at you DCHP server or you simply guess it based on your own IP address. We again assume the IP to be 192.168.1.139. connect to it and change the password.

1
2
3
4
5
6
7
ssh root@192.168.1.139
# default password: root
# accept the host key
.
.
passwd root
# follow on screen instructions.

Next steps on the way to a running tor relay are updating the system and installing tor.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
pacman -Syu
# wait until command is finished and follow on screen instructions
.
.
pacman -S tor
# same deal as above... follow instructions and wait until finished
.
.
#adding user for tor
useradd arch-tor
#change password, use some random here, we don't need it.
passwd arch-tor
.
#restart the Pi
systemctl reboot

After reboot is finished and you have reconnected with your new root password it is time to edit the tor config file. Open the file “/etc/tor/torrc” with you favourite editor and configure at least these settings according to your needs:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
RunAsDaemon 1 #makes Tor run as a deamon
ORPort 443
DirPort 80
ExitPolicy reject *:* # to be a node only
Nickname XXX # choose something here
RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
ContactInfo XXX # enter your contact infos here
User arch-tor
DataDirectory /var/lib/tor
Address XXX # enter the external IP or the domain for your tor relay here 
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /torlog/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /torlog/debug.log

I recommend to have the “notices.log” enabled until you have seen your tor relay has successfully start up. After you are sure your relay runs correctly I recommend to disable logging completely.

Now for the final step we want to make sure that tor restarts after a reboot automatically. Therefore we need to edit the file “/usr/lib/systemd/system/tor.service” and correct the settings:

1
2
3
[Service]
User=root
Type=forking

After saving the file you need to run the following command to start tor after a reboot:

1
systemctl enable tor

Finally create a directory for the log-file according to your config and make sure it is read- and writable by the user “arch-tor”.

1
2
mkdir /torlog
chown arch-tor /torlog/

To test your new setup restart again and check the tor notice log (/torlog/notices.log) for errors or success. If you see warnings according to your system-clock in the notices log ignore them; tor will start correctly after your clock got synced. If your tor relay started correctly don’t forget to edit the config and remove logging. Restart again and you are up and contributing.

Remove Protection From PDF

I did not tested this extensively and it might be old but when I needed this and searched for it I did not found this solution. So it might not work for you and I might be bad in search on the Internet.
But as I tend to forget things like this I write this quick post and next time I need to remove print etc. protection from a PDF file: I know where to look.

Take the PDF and make a backup copy of it.
Rename the PDF file to a PostScript file. (Change extension from pdf to ps)
Run the PostScript file through ps2pdf and ignore the errors.

1
ps2pdf input.ps output.pdf

Done.

Trying this sounds much better then buying software or upload the PDF to a could service. And anyhow this will only take a few minutes and if it fail, you can still buy software or put your sensitive information in the cloud and at risk.

Expanding to Full SD Card

… or why sometime the solution is so obvious that I’ am unable to see it.
I was recently set up my other Raspberry Pi to be a pentesting box, just for the sake of doing it. So I dd’ed the image to the SD card, stated the Pi and was unhappy. I wasn’t able to use the whole SD card. Only the original image size was available to get used by me.
So how to solve it?
I asked the world wide web and found something, but it didn’t worked out for me. I’ am pretty sure it was me doing the procedure wrong. But anyways - My problem wasn’t solved. After a bit of further search the net I found an easy solution. I didn’t documented the link, but the steps.

1
2
3
4
5
6
wget http://http.us.debian.org/debian/pool/main/l/lua5.1/lua5.1_5.1.5-4_armel.deb
wget http://http.us.debian.org/debian/pool/main/t/triggerhappy/triggerhappy_0.3.4-2_armel.deb
wget http://archive.raspberrypi.org/debian/pool/main/r/raspi-config/raspi-config_20121028_all.deb
dpkg -i triggerhappy_0.3.4-2_armel.deb
dpkg -i lua5.1_5.1.5-4_armel.deb
dpkg -i raspi-config_20121028_all.deb

For those of you how are a bit familiar with the Raspberry Pi and the offered operating systems offered for it: “YES, you can simple install raspi-config and run it. And yes truly obvious!”
So the solution to my problem was to simply install & run raspi-config and use the functionality of it to resize and use the complete SD card.

Setting Up a Tor Node on a Raspberry Pi

If you ever though about running a Tor node and contribute some bandwidth to the community, but you don’t have a dedicated machine to do so or the machine would be terribly loud, there is an incredible easy way available for you. You can buy yourself one of these tiny, power-saving and absolutely quite Raspberry pi’s and setup a Tor node with it. I will describe how I have done this in the following.

My shopping list:
Power Supply link
SD card (2 GB or larger) link
Raspberry pi link
Housing for the pi link
extra cooler link

I added the links to amazon as well; not that this is always the best choice to buy, but it will get you an idea what to buy. I have chosen a bit of a faster SD card to not have to wait to long while copying the data to the SD card.
All sum-up to 82,27 € for the complete setup.

images

The additional cooler is completely optional. I usually order these extra coolers because they tend to be really cheap and therefore “Why not?”. To open the housing there are four clips on the bottom side. Just push them a bit to the outside and it will open.

images

Simply stick the cooler on the processor and push the Raspberry pi into the bottom housing. The complete assembly can be done without any screws, which is kind of nice. In the picture above you can see how it should look like after these steps. The picture below shows your new Tor node after closing the housing. I have chosen the backside because you are able to see the mentioned four clips in this perspective.

images

Having all this done you can start downloading the image for the SD card. I have gone with Raspbian “wheezy” which you can download here. While the download finishes you can start to search the SD card reader. I think I have more than 3 of these things, but I personally never can find one when needed. If you are on Windows you can use win32diskimager to clone the operating system to the SD card. I assume that you are sitting on a *nix box for the following commands. As image names or size may be changing over time the output should look similar to this but has not to exact this output:

1
2
3
unzip 2012 – 07-15-wheezy-raspbian.zip
Archive:  2012 – 07-15-wheezy-raspbian.zip
  inflat­ing: 2012 – 07-15-wheezy-raspbian.img

Now it is time to have a look to which device we would like to clone the freshly decompressed image file. df -h will show you which filesystems are present, now plug in your card reader/writer with the SD card inserted and run df -h again. From the difference of both outputs you will know which device you has to unmout to clone. It is simply that file system, that wasn’t present beforehand. Another hot tip on *nix: It should be something similar to /dev/sdb or /dev/sdc.

1
2
3
4
5
6
7
8
9
df -h 
.
.
.
df -h 
.
.
.
umount /dev/sdb

All data on the SD card will be overwritten, so please think now if there is data on it you might need later on. Otherwise, if the SD card is already empty or the data isn’t needed anymore, clone the OS to SD card.

1
2
3
4
sudo dd bs=1M if=2012– 07-15-wheezy-raspbian.img of=/dev/sdb
 1850+0 records in
 1850+0 records out
 1939865600 bytes trans­ferred in 198.319278 secs (9781528 bytes/sec)

After starting the cloning process, you can get yourself a coffee. There is enough time to get it while cloning. After the transfer is finished, take your SD card and insert it to the Raspberry pi. This is a thing I really liked, you are able to insert or remove the SD card without opening the housing.

Now it is time to wire up your Raspberry and connect power and Ethernet. It will boot up and fetch itself an IP Address form the DCHP server in your network. You can find out the IP Address by looking at the DHCP Server, ping through the whole network or you simple know which IP Address it has to get. Let’s assume that my node got the internal IP Address 192.168.1.139.

1
2
ssh pi@192.168.1.139
# default password raspberry

Default username for connecting is “pi” and the default password is “raspberry”. You definitely want to change the default password as the next step right?

1
passwd pi

This should do the trick and you can set a secure password now.

As a next step we want to add the Tor project package source and then add the gpg key used to sign the packages.

1
2
3
4
5
6
7
8
sudo vi /etc/apt/sources.list
# use new password for the pi user here
# add this line to your source list
deb http://deb.torproject.org/torproject.org wheezy main
# save file and exit
# know add the key
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Now we can get up really close to it. Install the Tor package and do not forget to update all packages before.

1
2
3
4
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install deb.torproject.org-keyring
sudo apt-get install tor

As the package is prepared to have Tor running with the user “debian-tor” you can either change the permissions to meet another user or you create this user on your system.

1
2
sudo adduser debian-tor
sudo passwd debian-tor

Let’s go for adding the “debian-tor” user to the system and set a random password for him. For editing the configuration of Tor you need to edit the file “/etc/tor/torrc”. Choose your favourite editor, which is either already installed or you should be able to install it via apt-get, and edit the configuration to fit your needs. At least you should have to have this lines adopted:

1
2
3
4
5
6
7
8
9
RunAsDaemon 1 #makes Tor run as a deamon
ORPort 9001 #or 443 if you can offer this service on that port
DirPort 9030 #or 80 if you can offer this service on that port
ExitPolicy reject *:* # to be a node only
Nickname xxx #you can chose whatever you like
RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
ContactInfo \ # Do not use your day to day e-mail address here, make up a new one.
User debian-tor # give Tor the info under which user it should run

I personally prefer to disable all logging on that divice as much a possilble, there I commented every line regarding logging out. Saving the file and restart your raspberry.

1
sudo shutdown -r now

After your Pi has successfully restarted, the Tor process is already started and you should have a look at /var/log/tor/log for any problems around building circuits, connectivity or access on the configuration file. I recommend to setup a dedicated IP on your DCHP for the Tor node or configure your node to use a static one. As this highly depends on the DCHP server you are using I will not cover this here. And you are done. Incredibly easy right?

Changed Search Engine to Duckduckgo

I recently changed the search engine of this blog to duckduckgo. I thought it would be a good idea, cause duckduckgo promise not to be the omnipresent data collector. If we could believe them…. I think it does not matter if we believe them or not. We can simply choose between a) we know they collect and b) the promise not to collect. What is the worst case for b)? They collect and lie to us. So worst case for b) is, it is equal to a). I personally would go for b) then.
Therefore I change my _config.yml file the following way:

1
simple_search: https://duckduckgo.com/

After newly generating the content it simple works.

Kali Linux in VirtualBox

A while ago Kali Linux was released by offensive security. Kali Linux is the successor of the broadly known pentest distribution BackTrack. More info on Kali Linux can be found on www.kali.org.
As I was curious about the new look and feel I started to create a VM with VirtualBox and install Kali Linux to it. I choose to start with the 32 bit version, cause I still need a fully installed Windows to update the BIOS of my actual working machine. But 3 GB Ram, 1 core and 30 GB of disk space should fit the needs very well.

Starting the VM you get a warm welcome with the boot menu. images

Let’s choose “Graphical install” for now. Having this choose a standard and not untypical installer process guides you through the setup of language, keyboard setting and so on. After giving the machine a hostname and domain where it is located in, the first “I like” moment appeared. You now have to set the root password within the install process. images

To be honest… everyone dealing with a distribution made for pentesting should know that the default password has to be changed immediately and everyone dealing with a distribution made for pentesting should at least know how to google the needed command to change the root password … BUT how many of you have never ever run a backtrack machine with the root password “toor” ?

The next step brings me to the next “I like” moment. It is now a standard option to use encrypted LVM partitions. Very convenient!

images

So we go for it, choose to put all files in one partition and save the new partition schemata to the disk. Now we start waiting until the disk is fully erased. This took a bit longer than I expect, but after two “I like” moments so far, I don’t want to start complaining about peanuts. 30 GB of disk space needed nearly 90 minutes. You will be able to skip this step over by hitting the cancel button. I tried it without having any problems further on.
Afterwards you set your full disk encryption password and the installer guides us through the rest of the installation process. Nothing unusual or surprising.

And TADA…… nope that is not a running VM with Kali Linux. It is a VM starting up and throwing errors. I then tried to install Kali Linux several times without success and a bit of time went through. A few weeks later I got another day with enough motivation to work again on my VM problem.
I started to google around and found a blog post on raidersec.blogspot.co.at describing how to install Kali Linux on VirtualBox. At the end of the blog post the solution was described. You simple need to check one box that seems to be not activated by default. If you right click on your brand new VM, hit settings and select the “System” entry you will see a tab called “Processor”. Activate the “Processor” tab and check the box called “Enable PAE/NX”.

images

Save the settings and start your VM. It should now start without errors and present a login screen. I the end I would recommend to create the VM, enable PAE/NX and start to install the system afterwards.

Funny “feature” in Octopress.

While playing around with my brand new octopress I was thinking of the title for the blog. While I was experimenting I entered 00010111 as title, which is basically the domain. After generating the preview and refreshing my browser window I was a bit surprised. The title said “4169“, obviously not what I had I mind. But… WTF?
After checking if I really had set the title to 00010111 in the config file, i tried 00000001 which brought me to the new title “1“. Okay that was expected. I tried a bit more: 00000010 => 8; 00000011 => 9. Correct … the zeros and ones were parsed based to 8, if you are leaving out the surrounding quotes.
A quick twitter conversation with @octopress and it was clear that this is no easter egg. What a pity. YAML simply sees the title as a number if you are leaving out the quotes and not as a string.

It’s Alive

So finally it is done: I moved my blog from Drupal to Octopress. I did not migrate the old posts form the Drupal blog, this would not have been worth the effort. Due to the good documentation it was quit easy to get started playing around with Octopress. In the end I only did some minor changes to the default theme to get satisfied with the look.
So let’s see if I will use the blog more than the old one.