Category: Uncategorized

OpenVPN & OpenWRT – Secure Browsing from your mobile phone

Some time ago, I bought a TL-WR703N WiFi router for less than 15€. It came with a Chinese firmware that I overwrote with an OpenWRT image and connected to my ADSL router.

This device is really cool but once you flash it with an OpenWRT image you’ll find out that there’s almost no free space  (4MB total flash) so I decided to use an external USB memory to increase the available space and turn it into a useful gadget 🙂
WR703N

 

I used to have stunnel and OpenVPN servers running on my PC but since I didn’t want to have the computer on all day, I decided to replace it with this small device which makes no noise and consumes very low power (around 80mA/~0.4W with WiFi on if I disable the blue LED :))

First thing I did was setting up an AP and disable my router’s WiFi network since its antenna was surprisingly better and my old router doesn’t support WiFi n. So my devices at home would connect to the WR703N WiFi network which was bridged with the ethernet interface to the ADSL router.

After this introduction, I’ll explain how to set up an OpenVPN server to browse securely anywhere from your phone which is especially useful if you’re using free or untrusted wifi networks out there.

 

OpenVPN Diagram

OpenVPN Diagram

At the moment of writing, I’m on the latest OpenWRT version which is Attitude Adjustment 12.09, r36088.

Required packages:

  • openvpn-easy-rsa – 2.2.2-2 – Simple shell scripts to manage a Certificate Authority
  • openvpn – 2.2.2-2 – Open source VPN solution using SSL

 

1. Certificates and keys generation

The easy-rsa package helps you create the CA, server and client certificates but you can either create them yourself or use existing ones created somehow (as long as you keep your private keys secret 🙂

I created 2048 bit RSA certificates with the help of the easy-rsa tool:

Edit the /etc/easy-rsa/vars file and change the KEY_SIZE value to 2048

export KEY_SIZE=2048

Also, feel free to change the certificate public data such as the common name, country, etc.

 

root@OpenWrt:/etc/easy-rsa# build-ca
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/easy-rsa/keys
Generating a 2048 bit RSA private key
..................................+++
writing new private key to 'ca.key'
-----

Now generate the DH parameters and the server and client certificates signed by the previous CA.

build-dh
build-key-server server
build-key-pkcs12 daniiphone

Afterwards, all those files will be located under /etc/easy-rsa/keys and must be copied over to the openvpn directory:
root@OpenWrt:/etc/easy-rsa/keys# cp ca.crt ca.key dh2048.pem server.crt server.key /etc/openvpn/

The client certificate is not needed on the server side but we’ve generated it inside the WR703N and must be copied onto the client (in this case, my iPhone). We’ve generated the client certificate (daniiphone) in PKCS12 format which includes both the public certificate and the private key. It’s really important to protect it with a password because you’re gonna send it to your e-mail in order to import it from the OpenVPN iOS app. At the time of creating it, you’ll be prompted to enter a password.

 

2.  Server side configuration

I’ve configured the OpenVPN server as follows using uci (you can do it by editing /etc/config/openvpn file).

root@OpenWrt:/etc/openvpn# uci show openvpn
openvpn.myvpn=openvpn
openvpn.myvpn.enable=1
openvpn.myvpn.port=1194
openvpn.myvpn.proto=udp
openvpn.myvpn.dev=tun
openvpn.myvpn.ca=/etc/openvpn/ca.crt
openvpn.myvpn.cert=/etc/openvpn/server.crt
openvpn.myvpn.key=/etc/openvpn/server.key
openvpn.myvpn.dh=/etc/openvpn/dh2048.pem
openvpn.myvpn.ifconfig_pool_persist=/tmp/ipp.txt
openvpn.myvpn.keepalive=10 120
openvpn.myvpn.persist_key=1
openvpn.myvpn.persist_tun=1
openvpn.myvpn.status=/var/log/openvpn-status.log
openvpn.myvpn.verb=3
openvpn.myvpn.server=10.8.0.0 255.255.255.0
openvpn.myvpn.client_to_client=1
openvpn.myvpn.comp_lzo=1
openvpn.myvpn.push=route 192.168.1.0 255.255.255.0 dhcp-option DNS 192.168.1.1 dhcp-option DOMAIN 192.168.1.1

These settings tell the server to listen on UDP port 1194 (which needs to be forwarded in your ADSL router to the WR703N IP address) and sets the VPN network at 10.8.0.0/24 (clients will be assigned an IP address in this subnet).
The last line creates a default route to my lan network 192.168.1.0/24 and shall be replaced with your own configuration.

Now we need to create a rule in the firewall to permit the VPN traffic. Add the following rule to the /etc/config/firewall file on the OpenWRT system:
config 'rule'
option 'target' 'ACCEPT'
option 'name' 'vpn'
option 'src' 'wan'
option 'proto' 'udp'
option 'dest_port' '1194'

In order to forward traffic from the VPN to the wan connection, we need to enable forwarding on the tun interface and create an NAT to the local interface:

iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.1.5

Replace the 192.168.1.5 with your OpenWRT lan IP address and start the openvpn service:

Enable OpenVPN service autostart
root@OpenWrt:~# /etc/init.d/openvpn enable
Start the service
root@OpenWrt:~# /etc/init.d/openvpn start

 

2.  Client side configuration

Now we need to setup the iPhone (it should work on Android phones or any computer running OpenVPN) to connect to our VPN server. First we need to transfer the .p12 file created in the first step and import it to the phone from an e-mail attachment.

Install Certificate

Install Certificate

Certificate Installed

Certificate Installed


Once you have successfully imported the certificate file to the iPhone, it’s time to load the OpenVPN configuration. In order to load it easily, create a .OVPN file like this one:

client
dev tun
proto udp
remote your-public-ip-address 1194
comp-lzo
redirect-gateway
<ca>
-----BEGIN CERTIFICATE-----
MIIE3zCCA8egAwIB/
....
oZEG
-----END CERTIFICATE-----
</ca>
nobind
persist-key
persist-tun
user nobody
group nogroup
resolv-restry infinite

Make sure you specify your public IP address and your CA certificate inside the configuration. This CA is needed because we have used a self-signed CA which is not trusted by the OS so if we didn’t include this certificate within the configuration, the OpenVPN client would not trust the certificate presented by the server during the TLS negotiation.

This .OVPN file has to be imported from an e-mail attachment directly into the OpenVNP app. Once imported, click on the green “Add” button to associate the previous certificate and its private key to this profile. In your configuration you should be able to see your remote IP address (or hostname) instead of “80.80.” which I’ve edited in the screenshots below.

Import OVPN file

Import OVPN file

Add imported certificate

Add imported certificate

 

OpenVPN Profile

OpenVPN Profile

OpenVPN connected

OpenVPN connected

Now that the tunnel has been setup, you should be able to see the “VPN” symbol on the status bar of your iPhone and all your traffic will be encrypted up to your home network. In order to test the connectivity and the forwarding rules, I try to access the OpenWRT Luci web configuration by typing the WR703N IP address in Safari:

OpenWRT Luci

OpenWRT Luci

Now, your iPhone is connected to your home network and all the traffic will go through your ADSL connection. Anyone trying to eavesdrop on the WiFi network will only be able to see tons of encrypted traffic.

It’s very important that you keep the CA private key secret in order to avoid “man-in-the-middle” attacks, as well as protect the .p12 file when you send it over to your phone.

L8 SmartLight – Our Kickstarter adventure!

It’s been quite a long time since I don’t update this blog. The reason why is that I’ve been too busy with L8 Smartlight, a new entrepreneurship project that some friends and I have started a few months ago.

We’re very proud of being the first Spanish project to be successful on Kickstarter and, now that the funding project is about to finish, we’re very keen on starting the production of this new gadget and looking forward to spreading the world with it!

So far, the project’s had sparked the interest of many important sites such as Mashable:

We’re currently working on fully supporting Bluetooth EDR and 4.0 to cover most of the smartphones in the Market. Also there’s still a long way to go to define all the APIs and functionality that will be hopefully ready in the next few months.

I’ll try to update the status on the L8 project in this blog but, we’ll make sure that the latest information will be available right away at Kickstarter

Dani

SecuDroid – Android Anti Theft Loss app Review

SecuDroid - Anti Theft/Loss app for Android

Google is now activating over 500,000 devices each day, growing at 4.4% week on week. This huge raise, led to a big explosion of apps being downloaded from the Android Market, which – at the time of this writing – is 6,148,593,955 (more info at http://www.androlib.com/appstats.aspx).

Among these, there is one particular kind of application which is potentially useful for every single Android user: an app which allows you to locate, track or find your phone in case of theft or loss. SecuDroid is one of those must-have apps which you’d better not need to use, but you’ll definitely be glad to have it when somebody steals your phone or you lose it somewhere.

 Features: 

  • Location information including accuracy, speed and altitude 
  • Periodic tracking
  • Silent pictures using either the front or back camera
  • Remote Lock & Wipe functions
  • SIM card change notification 
  • FindMe Ringtone
  • Invisible Mode
  • E-mail integration  

FAQ: 

  • How does SecuDroid work?

SecuDroid sleeps silently in your Android device waiting for commands sent from any cellphone by SMS. The answer to these comands will be sent by SecuDroid either by e-mail or by SMS.

These SMS will not show up on your phone because they are intercepted by SecuDroid, so the thief will not suspect that you are on your way to recover your phone.

  • How can I be sure that nobody will be able to track me if I install SecuDroid?

When you request an action from SecuDroid you must precede the command with a password. This password can be changed at any times from the SecuDroid configuration window and, by default, it is set to “PW” (without quotes).  Anyone who knows this password will be able to track you or even wipe your data off your phone.

  • How can I hide SecuDroid so that noone knows that it’s there?

SecuDroid will appear as “eNotes” under the installed applications list. Also, you will be able to remove the launcher icon from the configuration window.

  • If I remove the launcher icon, how can I modify the settings?

You’ll be able to launch the configuration window by dialing a pre-configured code from the stock phone app. This code, by default, is 3535 but you can change it at any times.

  • Will SecuDroid be able to determine my location even if GPS is off?

In order to switch GPS on, Android enforces the user to do it manually. However, SecuDroid will enable the GPS hardware without user interaction (by tricking the OS) to get the location and, afterwards, it will switch it off automatically to hide itself. Nonetheless, it is highly recommended that you test this feature in your particular device because this is likely to be avoided by Android in the future. In this case, just leave the GPS setting on (no impact on battery life) or you’ll only get positions based on GSM towers triangulation.

  • Somebody stole my phone and I want to find out who, will the thief be able to locate the pictures in the phone storage?

No. Pictures are stored temporally without image extensions and they will be erased right after being sent

  • If I take a picture remotelly, will the thief hear the camera shutter sound?

SecuDroid will take pictures silently by disabling the shutter sound. However, some devices are impossible to get the shutter sound disabled due to legal restrictions so you must make sure how your device works by testing it first. You’ll probably be able to disable it by some other means like rooting your phone and removing the sound but SecuDroid doesn’t encourage you to root your phone unlike other apps.

  • The FindMe function is pretty cool but what if I left the phone in silent/vibration mode?

Just send a BEEP command to your phone and SecuDroid will ring loud for 60 seconds or until you switch the screen on/off no matter what the previous state was. After this command, volume will be set at maximum leve so you’re free now to call and find out where the sound comes from

  • Just realized that I lost my phone with critical information. How can SecuDroid help me?

Before trying to track or locate your phone, you should lock it with a password to make sure that noone can access to your sensitive data or even make calls. If you feel that the information inside your phone is even more important than the device itself, wipe the data within a few seconds by issuing a WIPE command.

  • Transparency is really important. Does SecuDroid include any phone-home component that could compromise my privacy?

SecuDroid does NOT include any phone-home component. You can be completely sure that SecuDroid will not connect to a 3rd party server and will not use your location or personal information in any ways.

  • What e-mail account does SecuDroid use to send the pictures and location info to?

You can configure a GMail account from SecuDroid settings window and this will be the account used to send the answers to remote requests. If, for example, this account is removed or you change the password, the answers will be sent back via SMS (or MMS if a picture was requested). The default destination e-mail address is also configured and has not necessarily to be a GMail address.

Details: http://www.secudroidapp.com/secudroid
Instructions: http://www.secudroidapp.com/instructions
FAQ: http://www.secudroidapp.com/faq

Silvestre & uXbot – Line Following Champions

Last week, we attended two of the most important championships in Spain with Silvestre and uXbot.

SilvestreuXbot

  • In Hispabot, the track had a ramp which was pretty challenging for our robots since they were not designed with this in mind. The major problem was that the robots got blind for a while in their way up and also in their way down. This problem was worse for Silvestre since it’s larger and its sensors spent more time in the air, reason why the uXbot managed to get to the top of the podium with Silvestre right behind him on the 2nd place.
  • Robolid hold a really crowded championship with around 80 robots taking part in the robotrackers category and 20 robots in the Line Following contest. Silvestre and uXbot had to fight with most of the best robots in Spain and they finally won with Silvestre in the 1st place and uXbot 2nd.  On a side note, a new electronic system was used during the contest to measure lap times, average and top speeds and Silvestre’s top speed was over 5 meters per second (18 km/h)!

The most remarkable features of the robots are:

  • DC Maxon motors
  • FPGA to accurately read the quadrature signals from the encoders and real-time processing (Silvestre)
  • Inertial sensors
  • Track learning: the algorithm takes about 2-2.5 laps to identify when the lap starts over and extract the characteristics and speed-up/braking points.
  • Adaptative behaviour: Throughout the laps, the robots modify their parameters (speed, speed-up/braking points,…) for each part of the track. This allows the robot to adapt themselves to the track conditions (dust, creases, …)

Below you can see a video from the training days to the final round of the latest contest. Some slow motion parts show how the robots performed over the ramp at Hispabot and how they had to fight with the skids right after the downhill 😉

D.

uXbot Bluetooth Bootloader

I’ve never liked to use an external hardware to program microcontrollers, so one of the reasons to choose the LPC1343 microcontroller for the uXbot robot was its internal USB MSC bootloader which enables users to download their firmwares by dragging & dropping files into a flash drive. However, when you’re working in your robot, sometimes it’s a pain to pick it up and plug it to the PC, specially when you’re a lazy engineer 🙂 so here I want to introduce you a tiny Bluetooth Bootloader for the uXbot robot.

Bootloader Flash Layout

As you can see, the bootloader resides at the end of the flash memory and whenever the user code jumps into it, it copies itself to RAM before starting the flashing process. This way, the bootloader can also be updated from the bootloader itself 🙂 In the video below you can see a demo of the bootloader in action. From the uXbot Manager PC application the firmware is downloaded into the robot’s memory (via Bluetooth, of course) and the new code can start running right after the process is completed (less than 2 seconds to download a ~2KB firmware).  The user code jumps into the bootloader whenever the button is pressed but the application can enter the bootloader remotely or by any other means.

Stay tunned.

Daniel

ARM Cortex-m3 – Remote debugging using GDB (1)

One of the things I’ve found more interesting and useful in Robotics is debugging.

Most of the time we use to print out traces through a serial port and, the luckiest ones, who own a JTAG emulator, can dig deeper into their bugs but always with a cable plugged.

So, now thanks to the excellent Espardino project and the help of its author, Ajo, who is a very good friend of mine, I decided to write my own stub for the ARM cortex-m3 architecture. You can check out more information about Espardino’s remote monitor here.

Also, the following are a nice source of information I used to write this stub:

The video below shows a debugging session of the stub running inside the LPC1343 ARM Cortex-M3 of the uXbot robot. The GDB is connected to a tiny application which acts as a bridge between the TCP connection and the bluetooth link to the robot. Given that this application is listening on a TCP port, the GDB debugger can be running somewhere else (on my iPhone? ;)) and it would still work.

In my next article I will get more into detail about the stub itself and the exception handling.

Daniel

FPGA – Actel ProASIC3 First Steps

I want to show you how easy is to start playing around with FPGAs. The following example is based on the Actel A3P250 Devel board programmed with the microJTAG board.

The idea is simple: we’re going to design a PWM module and make the on-board leds flashing at different rates. The RTL design of the PWM module is shown in the picture below:

PWM component RTL

Let’s have a look at the components inside the PWM module:

PWM Module RTL

As you can see the 10-bit PWM module has got one register, a 10-bit counter and one comparator. To test our module, I’ll write a simple VHDL code:

-- test.vhd
library IEEE;
use IEEE.STD_LOGIC_1164.ALL;
use IEEE.STD_LOGIC_ARITH.ALL;
use IEEE.STD_LOGIC_UNSIGNED.ALL;

entity example2 is
    Port (

                LEDS:out STD_LOGIC_VECTOR(3 downto 0);
                CLK_in: in STD_LOGIC;
                RESET_in: in STD_LOGIC

           );
end example2;

architecture Behavioral of example2 is

component pwm is
    Port (

        CLK_in:     in std_logic;
        PWM_in:     in std_logic_vector(9 downto 0);
        PWM_load:   in std_logic;
        PWM_reset:  in std_logic;
        PWM_out :   out std_logic

        );
end component;

      signal counter: natural range 0 to 48000;
      signal result: STD_LOGIC_VECTOR (9 downto 0);
      signal pwmout: STD_LOGIC;
      signal clk_div: std_logic;

begin

    pwm1 : pwm port map ( CLK_in => CLK_in, PWM_in => result,
 PWM_load => '1', PWM_reset => not RESET_in,
 PWM_out => pwmout);

   process(CLK_in,RESET_in,counter)
    begin
         if (RESET_in='0') then

            counter <= 0;
            clk_div <= '0';

        elsif (CLK_in'event and CLK_in='1')    then

            if (counter = 47999) then
                clk_div <= not clk_div;
                counter <= 0;
            else
               counter <= counter + 1;

            end if;
        end if;

    end process;

    process(clk_div, result)
    begin
        if (clk_div'event and clk_div='1')    then
            result <= result + 1;
        end if;

    end process;

    LEDS <= (others => pwmout);

end Behavioral;

The frequency divider makes the ‘result’ signal increment every 48K*2 ticks of the main clock (24MHz). The ‘result’ signal is connected to the input of the PWM module which will load its value every time it changes because the LOAD signal is always ‘1’.

The result will be that every 4ms, the PWM input will increment by 1 from 0 to 1023 (10 bit value). The PWM output – which is connected to all LEDs in the  board – will take all values after 4 seconds and the cycle will repeat continuously.

You can download the whole source code from the link below:

VHDL Source code

The A3P250 Devel kit was a present from my friend Ajo and I want to thank him for such a nice board 🙂

Daniel

SMS Text messages, character count and cellphones

I’ve been playing around with SMS PDUs encodings and recently observed some curious things regarding the way that cellphones treat the text messages when they include special characters.First look at these two tables of the GSM alphabet:GSM7 Alphabet

GSM7 Alphabet (special)
The tables above show the GSM Alphabet using a 7-bit encoding which implies a maximum number of 160 characters per text message. However, sometimes this is a little bit more tricky and the count is not so straightforward:
If, for instance, you type a character from the second table, it needs to be escaped with the escape character 1) 0xB1, and it will take two characters instead of one. What happens if your text message contains 160 characters and one of them is a ‘]’?
Simple: You will get charged for two text messages because you’re exceeding the maximum length of a simple PDU.
Usually your cellphone won’t warn you about this and you will send it anyways without knowing the fact that this text message will cost twice than you think. The same happens with the ‘€’ symbol and some other not showing up in the table above.If you have a closer look at the tables, you might realize that the ‘é’ symbol appears but where are ‘á’,’í’,’ó’ and ‘ú’? The GSM alphabet was originally designed by France and they only use ‘é’ so if you want to use accents, there’s no way using this encoding.
I have tested some cellphones and they behave in two different ways:

  1. Removing those characters with accents (except ‘é’) and substituting them by the same character without accent.
  2. Using a 16-bit UNICODE encoding to allow sending every character (in this case, the maximum length of the textmessage is 70 characters).

In case 1, the only ‘side-effect’ is that the recipient of the text message won’t get your accents and you can send up to 160 characters.
In case 2, your cellphone won’t warn you and you might send up to 160 characters thinking that it will take just one text message.However, again, you will be charged for up to 3 text messages without knowing it! The recipient will get a multi-part message showing all the characters you sent with no modification.
Here you can see the decoding of a PDU (using PDUSpy) of a text message sent with accents and encoded using UCS2:

  • PROTOCOL IDENTIFIER (0x00)
  • MESSAGE ENTITIES : SME-to-SME
  • PROTOCOL USED : Implicit / SC-specific
  • DATA CODING SCHEME (0x08)
  • AUTO-DELETION : OFF
  • COMPRESSION : OFF
  • MESSAGE CLASS : NONE
  • ALPHABET USED : 16bit UCS2

If the accents are removed from the original text message, the cellphone will automatically use the GSM7 alphabet and you will be allowed to send up to 160 characters in just one PDU (you will get charged once).All in all, be careful and if possible make some research to figure out what your cellphone does and check it against your bill because you will probably save some (or a lot of) money.
Cheers,
D.

Setting up iPhone SDK on a Virtual Machine

Disclaimer: All the information posted is intended for illustrative and educational purposes only. I just want to show you that it’s possible to set up the iPhone SDK on a Virtual Machine. Please, BUY an Apple Mac OS X License if you are going to use this and BUY a Mac computer (Apple’s EULA agreement states that you cannot run Mac OS X under non Apple hardware).

In this post I will try to explain how to set up the SDK for iPhone OS 3.1 on a PC running Windows (Vista 64 in my case). From the readme file of the SDK you can read:

Xcode 3.1.4, when used for Mac-only development, is compatible with Intel and PowerPC Macs running Mac OS X Leopard 10.5 and later. Use of the iPhone SDK requires an Intel-based Mac running Mac OS X Leopard version 10.5.7 or later.

So we need a Leopard 10.5. By googling a little bit you will realize that there are some modified ready-to-use Leopard images out there that you can download and run out of the box on VMWare.

I’m running a 10.5.2 version (which takes about 5 mins to boot on my quad core). Once you get a Mac OS X running on your PC, you can download the free iPhone SDK from developer.apple.com and install it.

Mac OS X Leopard on VmWare under Vista

The iPhone SDK for OS 3.1 won’t install under a version prior to 10.5.7 so I had to ‘trick’ the installer rather to update the Mac OS X which seems to be a painful process. To do this, you have to modify the /System/Library/Core Services/SystemVersion.plist and change both the ProductUserVisibleVersion and ProductVersion keys to 10.5.7.

With this done, I selected just the SDK for 3.1 (to save space in my hard disk) and the installation process begins.

Custom Install  And 3.5 hours later….  Install Succeeded

Once you have the iPhone SDK installed, you can run Xcode (from SpotLight) and launch a new project using a template just to try it out on the iPhone Simulator:

Xcode and simulator   Xcode and simulator (2)

At this point you can develop your own iPhone applications and test them on the simulator. Also, if you joined the Apple developer program (the standard one is $99) you can test them in your iPhone as well.

If you’re planning to play around with the SDK I strongly recommend you to sign up on the iPhone Dev Center because there are lots of resources available: Getting started documents, videos,  sample code, etc.

More to come,

Daniel

Windows Mobile – Routing audio through the Earpiece (PPC / SmartPhone)

Hello,

I’ve developed a little application that switches the audio output from the rear speaker to the front one and viceversa. This is useful for VoIP applications which are quite unusable without headphones since the audio comes from the back speaker. It just runs for 10 minutes and it’s supposed to work at least with the latest HTC models.

Download PocketPC Trial version:

PPC-AudioSwitch.zip

Download SmartPhone Trial version:

SmartPhone-AudioSwitch.zip

Don’t hesitate to contact me for any further information.

Daniel