If you increase the loglevel to, say, debug, then you’ll get the script which Fon send you and supposes you to execute. If you change your password via the Fon webinterface, you’ll see your new password in that script.
So if you want to disturb the Fon network, you can iterate over all Fon MACs and receive the possible made configuration changes. By that, you’ll get the new passwords as well, of course…
Another funny thing is that the Fon server sends you their banner, if you explicitely request a shell:
In [1]: import pyfonclient
In [2]: c = pyfonclient.Client()
In [3]: c.connect()
In [4]: channel = c.client.invoke_shell()
In [5]: channel.recv_ready()
Out[5]: True
In [6]: buf=""
In [7]: while channel.recv_ready(): buf += channel.recv(1)
...:
In [8]: print buf
Linux fonesfat02 2.6.18-6-amd64 #1 SMP Sun Feb 10 17:50:19 UTC 2008 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
In [9]:
You might know that FON thing, which basically provides you with WiFi on many places. They give you an access point which they suppose you to run and provide that WiFi to others. Then you are eligible to use other peoples WiFi.
The given access point connects itself with a script to the main server and tells it, that it’s online. The server then grants you access to other WiFis.
If you flash the access point, which is called “fonera”, with e.g. OpenWRT then you’ll lose that script. This in pretty bad because you *do* provide free WiFi to the people (unless you don’t run an open WiFi) but lose the right to use others.
There are sites outtherewhichdescribe, howto do the “heartbeat” yourself, but they have major drawbacks:
They are written in Bash
The key used is in dropbear format, and not OpenSSH
Also note, that you can receive the files from the Fon development site and steal that heartbeat thing from there.
Thanks to this site I found a way to convert the dropbear key to the OpenSSH format (/usr/lib/dropbear/dropbearconvert dropbear openssh fonkey fonkey.ssh), but that bash thing is still ugly. Also, to use OpenSSH, you have to fiddle with permissions of the keyfile, etc.
So in order to run that heartbeat thing properly on, say, your PC, you don’t want to depend on dropbear or “nvram” to get the MAC address of your wireless interface. You might want to run the following script, of course you have to adapt the variables first. I try to get rid of Bash, but I still have a few problems with Pythons SSH package: I can’t send something to “stdin”, like “echo 'foo' | ssh bar” does.
#!/bin/sh
#
# version 1.1.0
THINCLIENTPATH="/tmp" # path of this file
ROOTHOME="/tmp/root" # root's home dir
SSHPATH="/usr/bin/ssh" # path to ssh
KEY="/tmp/fonkey.ssh.1" # private key for fetching the info from the FON server
THINCLIENTOUT="/tmp/.thinclient.sh" # output file
THINCLIENTOUTDEFAULT="33" # default size of the output file
THCLVER="1.0"
CHILLVER="1.0-1"
FONREV="2" # /etc/fon_revision
FIRMWARE="0.7.2" # taken from /etc/banner (without Beta)
DEVICE="fonera"
USER="openwrt"
SERVER="download.fon.com"
PORT="1937"
FONSIG="$SERVER ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0zJFtj5NtrVsj8+qG0dtPE8WpHHDpTXp5+d3vvtSS7Hx7vYHyrfN/8PBVrrYOgl4dySY65sGtq34EU04VN4a7xQHSKJBunDUSQ/2Xz+eyo53LCVeFy1zNRCmB6jrFlJQvl5yviLvXmMtOGxG8Z1dfu4qavfGtBxwtwxKPKuiyhs="
cat > $KEY <> $ROOTHOME/.ssh/known_hosts
}
exec_cron_mode () {
check_env
sleep "$((0x$(head /dev/urandom |hexdump |awk '$2 > 0 {print $2}'|head -n1) % 10))"
echo "mode='cron' wlmac='$MAC' mac='$ETMAC' fonrev='$FONREV' firmware='$FIRMWARE'" | $SSHPATH -T ${PORT:+ -p $PORT}${KEY:+ -i $KEY} "${USER}@${SERVER}" > $THINCLIENTOUT
echo "sent: mode='cron' wlmac='$MAC' mac='$ETMAC' fonrev='$FONREV' firmware='$FIRMWARE'"
exec_check_thinclient
}
exec_start_mode () {
sleep 10 # make sure WAN is up and crond is running
check_env
[ -f "/tmp/crontab" ] || touch /tmp/crontab
[ `grep -c thinclient /tmp/crontab` = "0" ] && echo "24,54 * * ** root $THINCLIENTPATH/thinclient cron > /dev/null 2>&1 &" >> /tmp/crontab
echo "mode='start' wlmac='$MAC' mac='$ETMAC' fonrev='$FONREV' firmware='$FIRMWARE' chillver='$CHILLVER' thclver='$THCLVER' device='$DEVICE'" | $SSHPATH -T ${PORT:+ -p $PORT}${KEY:+ -i $KEY} "${USER}@${SERVER}" > $THINCLIENTOUT
echo "sent: mode='start' wlmac='$MAC' mac='$ETMAC' fonrev='$FONREV' firmware='$FIRMWARE' chillver='$CHILLVER' thclver='$THCLVER' device='$DEVICE'"
exec_check_thinclient
}
exec_check_thinclient () {
if [ -f $THINCLIENTOUT ]
then
THINSIZE="$(wc -c < $THINCLIENTOUT)"
if [ $THINSIZE = "0" ]
then
echo "Something is wrong, $THINCLIENTOUT is empty"
elif [ $THINSIZE != "33" ]
then
echo "Something is different in $THINCLIENTOUT:"
cat $THINCLIENTOUT
else
echo "$THINCLIENTOUT is the default one, deleted"
rm $THINCLIENTOUT
fi
else
echo "Something is wrong, $THINCLIENTOUT does not exist!"
fi
}
case "$1" in
cron)
exec_cron_mode
;;
start)
exec_start_mode
;;
check)
exec_check_thinclient
;;
*)
echo "Usage: `basename $0` {cron|start|check}"
exit
esac
I applied for a stipend from the DAAD, the “German Academic Exchange Service”, in November. They must have liked my application because they invited my to the “next round” in the former capital Bonn.
Bonn Hauptbahnhof
I got some LIDL train tickets on eBay for 70 Euros (thanks Mezzo), which were 55 as they were sold by LIDL. Flying wasn’t an option due to the airports, both Hamburg and Koeln-Bonn, being located outside the cities and would have brought travel overhead which takes time as well. I enjoyed my non-stop train trip and arrived in Bonn after almost 5 hours.
Altes Rathaus in Bonn
Hostel
Akademisches Kunstmuseum
After a short stroll through the city, I went to my Hostel: Max Hostel in the old town. They seem to be rather new since they were obviously surprised that I arrived. The guy at the reception left a clueless but happy impression. That Hostel offers a kitchen with Pasta and coffee for free! Especially the latter is pretty important 😉 Though, I was not amused by the fact, that the showers were on the outer floor, where everybody is on his street shoes.
But the beds were pretty good and I slept nearly 11 hours.
Maybe that’s due to my long walking trip through Bonn. I got lost several times on my way to the museums but that wasn’t too bad as I could see Bonns living district with beautiful old houses.
Altbau in Bonn
If you are ever going to Bonn, don’t miss the “Haus der Geschichte”! An excellent Museum covering different aspects of German history.
Boennsch Koelsch
Before I went to bed, I had a few big Schnitzel together with Beer^W “Koelsch”. Last time I had a Koelsch it reminded me of water rather than beer but this brand, “Boennsch” was quite good.
Boennsch PubKommunisten-Nazi
Questions
Uni Club
So I went to the Uni Club Bonn to have a talk to the selection committee. Other students were already waiting in front of the talking room. The amount of administrative overhead to select the ones who will receive the stiped is impressing. They do that selection talk thing the whole day, from 10:00 to 18:00, in 4 rooms in parallel.
But let’s get to the guts of that talking. I tried to prepare for that discussion with googling facts about it. I didn’t find much so I’m going to list the questions and the atmosphere. If you have questions left, feel free to drop me a line.
I was called to come into the room and I was pretty nervous. I haven’t been so nervous even right before exams. I was invited to have a seat in front of a table with ready-to-drink water. The committee sat in front of a separate table and they counted 7 people. The committee was introduced to my by one of them. She introduced each member: Four of them were professors from different places in Germany, one student who got the stipend a year ago and two DAAD executives. And then it already begun. The professor asked four or five questions at once:
Main university building
Why I was studying computer science
Why I am interested in computer security
Why I want to go to Dublin
Why the DAAD should give the stipend to me and not to anybody else
I began saying that I hope to not forget any of these questions. The prof immediately said that he asked so many question at once so that I can talk for a long time…
So I told my story: I am interested in computer science since I was a child, I got in touch with security very early, blablabla. Of course I forgot a few points, e.g. why I wanted to go to Dublin and why *I* should be sponsored.
But my talking drifted into a nice dialogue. I told them about the situation on my home university, especially that our security staff has gone and they asked a couple of questions like whether the professorship is going to be replace or whether I was able to do a diploma thesis at my home university.
Rheinland dreht zu Fasching durch
Other questions include
Where do I see myself in 5 years
Where do I see the best university for computer security
What kind of experience I had in computer science and what my (university) projects were about
What would I have studied if I wouldn’t have taken computer science
Which news of the last week moved me
While the whole talking was in German, the student suddenly asked in English me why I needed so much time for my studies. We discussed like one minute or two after we switched to German again.
While I was pretty happy coming out of that room after 15 minutes, I think I didn’t perform very well. The more I think about it, the less I like my answers.I didn’t set any particular weights and gave unnecessary answers which are not of any interest.
The atmosphere, however, was okay. Everybody seemed interested and had a pile of paper in front. Nobody picked on a particular shortcoming and were high level in general.
Weirde Abkuerzung
So I missed to make a few points and while I think about my answers afterwards, I think I could have given smarter ones. But we’ll know more in about three weeks, because the DAAD executive said, that they’ll send a mail then.
I was about to go to the Arithmeum and the Haus der Geschichte but unfortunately they were closed on Mondays 🙁 So I went to have lunch and a beer before I went to the railway station to get home.
I just received a mail where some dude told that he reported himself to the Police. He accused himself of “obtaining posesssion” and “creating” passwords which could be used for a crime afterwards. He supposes that to be illegal due to the famous german“Hackerparagraph” §202c.
He says he downloaded and printed an article from the New York Times (maybe he meant this one?) which listed the 20 most common passwords on MySpace.
Also he used pwgen to generate passwords himself.
His first try to denounce himself failed because the police officer said that *this* wasn’t justiciable. The second attempt, though, succeeded. He offered his police report as downloadable PDF.
I have to say: Respect Mr. Balls of Steel! I am eager to see how that’s turning out.
