Hippie Hacker: 2010

Monday, August 30, 2010

Home Brew solar powered cell phone towers now a reality

I knew it would be a big thing back when I saw software radios being introduced back in the late 90's that could run open software, but not setting up inexpensive cell phone networks has become a reality and I know I want to be involved. For around $4500 you can setup a cell phone tower that is solar powered, self contained and can be used to bring voice calling and texting to an area that has absolutely no service. Connect that to the internet, and you have international calling at extremely reasonable rates. Ability to set this up in a relief zone where there is no infrastructure? Priceless.

Tuesday, August 24, 2010

SHSH Blobs and Installing Older Versions of iOS

We have several iOS devices, and all of them are jailbroken. Apple put restrictions on what versions of their software you can run on the hardware you purchased from them. They literally say today you can install version X, but tomorrow you can only install version Y. When you try to install the operating system on your iPhone/iPod/iPad, they make you ask them (over the internet) if it's ok! I think that the walled garden they are trying to create started feeling like a prison long ago.

The technology they use to keep the door of the prison shut is based on digital signatures. You have to get an apple 'signature of permission' to install a particular version of the operating system that runs on the device. This signature is specific to both that exact device and software version combination. You can and should save these digital 'signatures of permission' so that you can install older software after apple decides to stop granting permission.

I recently had to do that myself using a combination of Firmware Umbrella and the fact that Saurik's Cydia retrieves and stores these signatures for you if you ask it to. If Saurik has your specific device + software version signature, then you can ask him for it when you try to install new software on your phone.

Basically you change your computer to go to Saurik's server at 74.208.10.249 when you ask to goto gs.apple.com. It pretends to be that apple server that hands out signatures (or that refuses to once they choose to force you to upgrade). I was stuck for a while until I realized that you need to put the device in DFU mode.

Even if you don't want to jailbreak for whatever reason, I would suggest saving your 'signatures of permission' (SHSH blobs) with Firmware Ubrella.

Homebrew Apple Club

Let's take a mental meandering back to the beginning of Apple in the mid '70s. The original Apple computers where hobby, for-fun machines. Heck the schematics for the Apple I were passed around at the early meetings of the Homebrew Computer Club and Wozniak himself (co-founder of Apple) would go to people's houses and help them build their own. Freely exchanging, modifying, and giving software and hardware designs back to the community was the norm.

Fast forward into the early 80's and you see a shift in that open culture. Most companies adopted copyright and restrictive licenses to limit or prohibit copying or redistribution. Richard Stallman had been modified the software for printers to work well at MIT before Xerox showed up with one of the first laser printers. He was quite frustrated when Xerox would not give him access to the source code so he could utilize the improvements he had used on the previous printers. For the first time we began to see centralized control of the functionality of the hardware we purchase.

Stallman went on to found the Free Software Foundation, and write the General Public License upon which Linux is based.

Free software is simply software that respects our freedom — our freedom to learn and understand the software we are using. Free software is designed to free the user from restrictions put in place by proprietary software, and so using free software lets you join a global community of people who are making the political and ethical assertion of our rights to learn and to share what we learn with others. - Working Together for Free Software

Not being able to share software shortly extended to not being able to share music, and then electronic books. Much of this being controlled by Digital Restrictions Management (DRM) software which limits how you can read, view, or listen to books, video, and music. Of course Apple is on the forefront of this.

Apple's iPod/iPhone/iPad software, now called iOS, is designed not only to control and restrict the books, music, and content you can listen too but also the applications. They would like to keep track of every piece of software you have and make sure you can only buy it from them. We've gone from sharing everything that can run on a computer with each other to requiring that you have a credit card and billing address tied to an iTunes account so that we can run even free applications!

The limitations that Apple puts on what we can run on the hardware we own are arbitrary and we are not bound by them. Essentially they would prefer us to sit inside a jail they control. It's a silly prison that it's very legal to just break out of. To break out of this jail, you just have to open the door. However they keep making the door harder and harder to open. The software they would prefer you run on your iPhone is one they completely control.

This is a big jump over the past 30 years from helping people build the hardware from scratch in their homes. Apple, I'm disappointed. You are becoming the dispensary of Information Purification Directives in your walled garden of iOS.
Why do I feel like I'm staring at a big iPad in the 1984 commercial?

Text of "1984"

Today, we celebrate the first glorious anniversary of the Information Purification Directives. We have created, for the first time in all history, a garden of pure ideology. Where each worker may bloom secure from the pests of contradictory and confusing truths. Our Unification of Thoughts is more powerful a weapon than any fleet or army on earth. We are one people, with one will, one resolve, one cause. Our enemies shall talk themselves to death and we will bury them with their own confusion. We shall prevail!

We shall prevail indeed...

Monday, August 23, 2010

Boulder Bohemian will code for karma - Boulder Daily Camera

The Daily Camera did an article on me about two years ago. I sure do miss my '79 VW Bus Wally, but the spirit moves on as a friend told me about the song "free" by the Zac Brown Band. It's a fairly repetitive song, but does reflect Shalom and my life pretty well up to this point:

So we live out in our old van
Travel all across this land
Me and you

And we'll end up hand in hand
somewhere down on the sand
just me and you

Chorus:
Just as free
Free as we'll ever be
And ever be

We drive until the city lights
dissolve into a country sky

lay underneath the harvest moon
Do all the things that lovers do
Just me and you

Chorus...

No we don't have a Lot of money
No we don't have a Lot of money
No we don't have a Lot of money (X 10)
All we need is love

Chorus..

So we live out in our old van
Travel all across this land
Me and you

Thursday, January 28, 2010

Ecualyptus from scratch via kickstart

I'm trying to record a bit about my research into cloud managment, so I used my old Apple MacPro quad Xeon to give it a try on Centos.
I started out with a Centos 5.4 vanilla install cd (X86_64) and a kickstart file that looked something like this:


install
cdrom
lang en_US.UTF-8
keyboard us
network --device eth0 --bootproto dhcp
## I had multiple network cards... disabled the second one
# network --device eth1 --onboot no --bootproto dhcp
## commenting out the password, set your own
# rootpw --iscrypted 120394871aoeu097123
## for simplicity, disabled firewall and selinux
firewall --disabled
selinux --disabled
authconfig --enableshadow --enablemd5
timezone --utc America/Chicago
## My machine had 4 1Tb drives which I put into a big raid-10
## I clear out all data on all drives, edit to your own liking
#bootloader --location=partition --driveorder=sda,sdb,sdc,sdd
#clearpart --all --initlabel --drives=sda,sdb,sdc,sdd
# part raid.100000 --size=500 --ondisk=sda
# part raid.100001 --size=500 --ondisk=sdb
# part raid.100002 --size=500 --ondisk=sdc
# part raid.100003 --size=500 --ondisk=sdd
# part raid.100007 --size=1 --grow --ondisk=sdd
# part raid.100006 --size=1 --grow --ondisk=sdc
# part raid.100005 --size=1 --grow --ondisk=sdb
# part raid.100004 --size=1 --grow --ondisk=sda
# raid /boot --fstype ext3 --level=RAID1 --device=md0 raid.100000 raid.100001 raid.100002 raid.100003
# raid pv.100008 --fstype "physical volume (LVM)" --level=RAID10 --device=md1 raid.100004 raid.100005 raid.100006 raid.100007
# volgroup vg --pesize=65536 pv.100008
# logvol swap --fstype swap --name=SystemSwap --vgname=vg --size=8000
# logvol / --fstype ext3 --name=SystemRoot --vgname=vg --size=19968
%post
## The post install is where it gets interesting
## Change to virtual termial 3 then download the eucalyptus rpms and install
exec < /dev/tty3 > /dev/tty3
chvt 3
echo
echo "################################"
echo "# Running Post Configuration   #"
echo "################################"
(
set -x
# /dev/hda and /dev/hdb are cdrom drives on this box, don't allow lvm to look for them
sed -iksinstall 'sX    filter = \[ "a/\.\*/" \]X    filter = \[ "r|/dev/hda|", "r|/dev/hdb|", "a/\.\*/" \]X' /etc/lvm/lvm.conf
system-config-securitylevel-tui --disabled -q
system-config-securitylevel-tui --selinux=disabled -q
ntpdate pool.ntp.org

#yum install -y xen
sed -iksinstall 's/#(xend-http-server no)/(xend-http-server yes)/' /etc/xen/xend-config.sxp
sed -iksinstall 's/#(xend-address localhost)/(xend-address localhost)/' /etc/xen/xend-config.sxp
service xend restart

#yum install -y java-1.6.0-openjdk ant ant-nodeps dhcp bridge-utils

echo options loop max_loop=256 > /etc/modprobe.d/moreloops.conf
depmod -a
rmmod loop
modprobe loop

mkdir -p /root/euca
cd /root/euca
curl -O "http://eucalyptussoftware.com/downloads/releases/eucalyptus-1.6.1-centos-x86_64.tar.gz"
tar xvfz eucalyptus-1.6.1-centos-x86_64.tar.gz
rpm -Uvg eucalyptus-1.6.1-centos-x86_64/eucalyptus-1.6.1-rpm-deps-x86_64/*rpm
rpm -Uvg eucalyptus-1.6.1-centos-x86_64/*rpm

curl -O http://eucalyptussoftware.com/downloads/releases/euca2ools-1.1-centos-x86_64.tar.gz
tar xvfz euca2ools-1.1-centos-x86_64.tar.gz
rpm -Uvg euca2ools-1.1-centos-x86_64/*rpm

) 2>&1 | /usr/bin/tee /var/log/post_install.log
chvt 1


%packages
@base
@core
@editors
@emacs
@text-internet
@xen
keyutils
iscsi-initiator-utils
trousers
bridge-utils
fipscheck
device-mapper-multipath
emacs
emacs-nox
-aspell
-bluez-utils
-emacs-leim
-psgml
-emacspeak
-slrn
-fetchmail
-mutt
-cadaver
-gnome-applet-vm
ntp
httpd
swig
java-1.6.0-openjdk
ant
ant-nodeps
dhcp
bridge-utils

When the system comes up, run the following to get a simple standalone eucalyptus running.


# make sure these services are started
service eucalyptus-cloud start
service eucalyptus-cc start
service eucalyptus-nc start

# Might want to replace 127.0.0.1 with your external IP
euca_conf --register-walrus 127.0.0.1
euca_conf --register-cluster mycluster 127.0.0.1
euca_conf --register-sc mycluster 127.0.0.1
euca_conf --register-nodes "127.0.0.1"
euca_conf --get-credentials euca-admin-cred.zip
mkdir ~/.euca
unzip euca-admin-cred.zip -d ~/.euca

Download the euca-centos-5.3 image and untar it, the bundle, upload, and register the kernel, ramdisk, and machine images.


# source eucarc
. .euca/eucarc

#kernel
euca-bundle-image  --kernel true --image ./euca-centos-5.3-x86_64/xen-kernel/vmlinuz-2.6.27.21-0.1-xen
euca-upload-bundle --bucket centos-kernel-bucket             --manifest /tmp/vmlinuz-2.6.27.21-0.1-xen.manifest.xml
euca-register                                           centos-kernel-bucket/vmlinuz-2.6.27.21-0.1-xen.manifest.xml

#ramdisk
euca-bundle-image  --ramdisk true  --image ./euca-centos-5.3-x86_64/xen-kernel/initrd-2.6.27.21-0.1-xen
euca-upload-bundle --bucket centos-ramdisk-bucket                  --manifest /tmp/initrd-2.6.27.21-0.1-xen.manifest.xml
euca-register                                                centos-ramdisk-bucket/initrd-2.6.27.21-0.1-xen.manifest.xml

#euca machine image
euca-bundle-image --image ./euca-centos-5.3-x86_64/centos.5-3.x86-64.img
euca-upload-bundle --bucket centos-root-bucket --manifest /tmp/centos.5-3.x86-64.img.manifest.xml
euca-register centos-root-bucket/centos.5-3.x86-64.img.manifest.xml

Keep trace of the emi, eki, and eri id's that are created and use them to start a new instance of centos:


#ssh keypair creation
euca-add-keypair adminkey > ~/.ssh/id_rsa
euca-describe-keypairs
# KEYPAIR adminkey 95:d5:6a:de:a5:7c:6e:35:ed:61:1b:bf:2c:c9:54:6d:a7:f5:c6:24

euca-run-instances emi-XXXXXXX --kernel eki-XXXXXXX --ramdisk eri-XXXXXX -t c1.medium -k adminkey

Still a work in progress, but feel free to comment.

You call youself a Hacker! Isn't that bad?

I'm am somewhat a mix of the Hacker Manefesto and aWhite Hat hacker.

That would be the movie equivalent of John Wayne hanging with the Easy Rider crew. Good? Yes. Knows how the 'other side' thinks? Yes.

I've written security application frameworks for several companies over the years. I also attained a CCIE in Security and know networking pretty well. I've got some killer ideas for some new applications, but I have to find the right folks to work with. Using this branding is a way to limit my market down to those folks I'd like to work with.

How do you make money?

You think I'm in this for the Money?

While I like having enough bread to keep gas in the van, keep the dog fed, and pay rent, but I don't like to ask the non-profit's I work for for money. Eventually I'd like do be able to fund myself with grants and contributions from people who have seen the impact of my work and want to spread the love.

For now, the interim approach is to use my skills as a 'Paid Professional Paranoid' and 'Internet Plumber' to get contract work. The gimmick here is that for each hour I contract out to a normal organization, I pledge to work an hour for a nonprofit to help them with security and efficiency. Hence getting the street cred with the other people out there doing good to find the bread I need to keep the van running.