www.shivaserv.fr

Some stuff about OpenSource & Linux...

No comments

It's quite simple to create a wifi access point with hostapd on Linux.
But when we want to create multiple SSID using the same adapter, it's quite tricky if you don't know correctly how to do it.

This tuto is under Debian 9.

We will assume wlan0 is our dongle, and we want to create 2 SSID.
wlan0 will be used for the first one, and wlan0_0 for the second.

On the network interface configuration file, create the interfaces, as "allow-hotplug".

auto wlan0
iface wlan0 inet static
  address 10.0.0.1
  netmask 255.255.255.0

auto wlan0_0
allow-hotplug wlan0_0
iface wlan0_0 inet static
  address 10.0.1.1
  netmask 255.255.255.0

For the hostapd configuration, create the file /etc/hostapd/hostapd.conf, and declare it as "DAEMON_CONF" on /etc/default/hostapd.

Here, we will create two "test" SSID :

interface=wlan0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
hw_mode=g
channel=ac_survey            # the channel to use
ieee80211d=1          # limit the frequencies used to those allowed in the country
country_code=FR       # the country code
ieee80211n=1          # 802.11n support
ieee80211ac=1         # 802.11ac support
wmm_enabled=1         # QoS support


ssid=Mifirstwifi
wpa=2
wpa_passphrase=mygreatpassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
beacon_int=100
auth_algs=1

bss=wlan0_0
ssid=MysecondWifi
wpa=2
wpa_passphrase=mysecondgreatpassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
beacon_int=100
auth_algs=1


Now, you need to configure your DHCP server ;) See the config of the soft you're using.. (isc-dhcp-server, dnsmasq... ).
Don't forget your firewall too.

That's it ;)

No comments

Hi all,

Some weeks ago I've worked on some kernel compilation for the BananaPi, first version.

I was trying to use the mainline kernel, to use the newer functionalities on it, and avoid using old kernel from the original sources.

I've put all my work on my github:

https://github.com/ouafnico/BananaPi-Archlinux

I explain here how to make your own compilation, and choose the needed components on the defconfig panel.
Then, how to integrate this kernel to the Archlinux ARM image.

Enjoy :)

No comments

Hi everyone,

Today I'm going to show you some dangers on Android email applications you can find on the play store.

What you need to know about mails: your mails are stored on a mail server somewhere, according to your provider. If you're using Gmail, they are on Google's servers. Most of the people are using Gmail, or Microsoft (hotmail, msn, outlook), or mails from their internet provider.
When you're using a mail application, like stock mail app on your iPhone, or stock mail app on your Android, the application connects directly on the mail server, using standard protocols like IMAP or POP.
To send an email, the app is contacting the SMTP server with the SMTP protocol.

alt

The danger with malicious apps: they are not contacting your mail server directly, they give your login information (mail address and password) to a dedicated server, which will do the connection to the mail server, and download all your mailbox. Then, your phone is only refreshing or getting email through this dedicated server, using HTTP or HTTPS access (like web browsing). It's not a bad idea, except ALL your mails are downloaded by someone else, and someone else knows your password!

alt

I tried some emails app with my old Nexus phone. I made a fake mail account on my own mail server. I will connect these app on it, and I will see which IP addresses access my mail server on live on the logs...

AquaMail: seems good, directly connected.

MyMail: can't choose a personal IMAP mail :D So I can't test. Goodbye!

BlueMail: Bingo! First one :p After configuring the app, some externals IP addresses are connecting on the server: 54.90.147.202, 54.157.199.199. According to whois, these are Amazon IP addresses, but don't have more info.. On the server, my phone is connecting too on the server. Why these external IP? After the app removal, I still have access attempts...

TypeApp: looks the same as BlueMail graphically.. it's not good! Tada!! Same thing. IP addresses on my mail server: 54.165.87.200 and 54.205.181.135. Amazon servers! After the app removal, I still have access attempts too...

MailDroid: seems good :)

SolMail: Seems good too.

GMX Mail: Seems good!

Mail.ru: Jackpot! Access from 94.100.181.39, 94.100.177.59, 5.61.237.13, 185.5.137.195, 185.5.137.192, 94.100.178.38 ... All from Russia. In contrary with TypeApp or Bluemail, which does external access and direct access from the phone, when you refresh the mails on Mail.ru's app, it's only a Russian IP which is connecting to the mail server.. never the phone.

So, for my part, I can't trust this kind of applications, which are not using the standard way.

Maybe the application which are doing external accesses are not all bad, but sorry I can't trust this. Nothing can prove me all my personal data is not used for something else (commercial?), and removed when I remove the app.

When you think an app like Mail.ru is used by 10 Millions users and more...


This is the best advice I can tell: always be careful with applications you're using.
You can use for example K9mail, open source software and very trusty app.

No comments

Hi!

After the previous article about PGP, here are some real use of encryption.

On Android, you can easily encrypt your emails, using the Open Source email app "K9-Mail'. See my previous post about Android Email App, where you will understand that protecting your privacy is very important, especially using Email App.

To permit K9-Mail to encrypt/decrypt emails, install the application "OpenKeyChain" from F-Droid or the Play Store. This is of course an Open Source software, so no secrets and no backdoors. This application allow you to manage private/public PGP keys, and use them in other applications.

After installing it, start the app. The first screen will ask you to create or import your private key. If you already got one, with USB put your private key on the phone (and remove it after the process!). Do not send the private key on your phone using mails... don't forget the criticity of private key :) If you don't have one, follow the wizard to create your own key. Don't forget to export it after, and backup it!

alt

When the key is created/imported, you will see it on the main screen.

alt

Now, in the parameters on the left, enable the link to the contacts. The app will ask you to allow contact access (say yes). I will allow on K9-Mail, and other app, to search for a key when you use a contact name.

alt
alt

On K9-Mail, you can now enable the encryption. Go to "Account settings", and "Cryptography". Choose OpenKeyChain app on the OpenPGP application, and select your key. You can enable the signing support for unencrypted mails too.

alt
alt

Now your K9-Mail is ready to decrypt mails for you, or sign mails.

But what about encrypting mails for other people? Like explained on previous article, to encrypt a mail for Alice, Bob (you) need Alice's public key.

On the OpenKeyChain, touch the "+" button. You can scan a QR code from other application, or import a file, or search on PGP server.

alt

When the file is imported, it will appear with an orange exclamation mark, because the key must be validated. You can use the key, but don't forget to validate with the real person the validity of the key.To do that, touch the key, and confirm the key scanning the QR code from the real person's application.

Now, on K9-Mail, when you will send an email to a person, the app will propose to encrypt the mail if the public key exists for this person.

Enjoy !!

No comments

PGP, or Pretty Good Privacy, is a software for encryption. It is used to encrypt or sign documents, mails or even disks.
PGP uses the standard OpenPGP.

How it works?

PGP can works with symmetrical or asymmetrical keys. In our case I will explain asymmetrical keys.
An asymmetrical key is a private key, and a public key. The private key is the main key. Like her name, she's private and must not be given to anyone. The private key permit to generate a public key. The public key, is public and can be given to anyone. We can't regenerate the private key from the public key. The keys have a creation date, an expiration date (or not), the mail of the owner, and an ID (like a signature).
The private key can encrypt and decrypt. The public key can only encrypt.
A lot of software allow to create a private and public key.

alt

OK, and what I do with those keys?

In practice, if Bob want to send an email, or encrypted file to Alice, he will need to ask Alice's public key. With this, Bob encrypt the data for Alice and, send it. Only the possessor of the private key, associated to this public key, can decrypt the data, so only Alice will be able to decrypt with his private key. We can't decrypt a data with the public key.

alt

Great. But, how to get the public key?

Yes indeed. If you need to contact Alice, to get the key, it's not very convenient. But PGP servers exists. A PGP server is a catalog of public keys. Everyone can upload his own public key on it. PGP servers are synchronized between them. On the PGP server, you can search for words, and download the public key.
For information: no public key can be removed from a PGP server. If the owner want to disable the published public key, he need to generate a revocation certificate, from his private key, and send it to the PGP server. The public key will continue to appear, but a message will show she's revoked. For example, you can check https://pgp.mit.edu/.

Nice this PGP server... but who can assure me, Bob's public key on the PGP server is really owned by my Bob?

You can't. That's why you need to confirm with the real bob, like face to face, the signature.

OK. I understand how it works. But why can I need to encrypt data?

You're right. Maybe most of the people will don't need to use this, and I'm pretty sure a big part of them didn't even know PGP exists.
You could use encrypted data to send an email with privacy information. Same, you could encrypt secret documents.
In the reality, the networks your emails will travel may not be always encrypted by the connection, and you can't never be sure they are. Using an encrypted mail allow you to do not worry about the quality of the security of the network your emails will use.
Same, you can encrypt it to be sure only Bob can read it.

In a other articles, I will provide some real example of PGP encryption, like how to use encrypted mails on software (like Thunderbird on a PC, or K9-Mail on an Android device), encrypt some data on Gnome, encrypt a disk/partition/container...

(Credits for pictures: Wikipedia / https://en.wikipedia.org/wiki/Public-key_cryptography)