eMobile, NetworkManager and You

While being in Ireland I happened to have access to an Irish eMobile SIM card and USB modem. The modem was a Huawei e173 and it worked perfectly well on a recent Ubuntu installation. Even the USB modeswitch worked out of the box 🙂

However, I couldn’t dial up with any of my Linux machines while I double checked that it worked on Windows using their software. The NetworkManager wouldn’t list the settings for eMobile and every other setting from Meteor didn’t work. The NetworkManager in debug mode revealed that the connection got cut just after the PPPd requested configuration settings. I tried to change the PPPd settings for hours with no success.

Funnily enough, not even my N900 could connect to the Internet using the predefined connection. That was named “Meteor DATA” and used “data.mymeteor.ie” as APN.

Also very interesting, that I couldn’t find the neccessary dial up information *anywhere* on the web. The eMobile.ie site is utterly unstructured and didn’t allow me to find any sensible information at all. I sent them an email but I still haven’t receive any answer.

After having had access to a Windows box with their software again, I found out that it uses the APN: “broadband.eircommbb.ie“. Putting that into the NetworkManager makes it dial up *yay*!

So I hope this information is useful for anybody wanting to use their eMobile SIM Card with their Linux based system. I also prepared a patch for mobile-broadband-provider-info so you should be able to click the connection via NetworkManager easily 🙂

IRISS Conference 2009

I had the joy to attend the first annual IRISS Conference 2009 which is a for free conference held by IRISS, the Irish CERT.

It was about cybercrime in general and there were speaker from e.g. SANS, IRISS -the local cert- or Team Cymru which I already enjoyed at DNF CERT Conf at the beginning of the year.

One talk I attended was by a local polices cybercrime investigation team. He basically talked about the goodness of creating movement profiles with GSM data and ISP keeping IP to customer data to catch criminals…

Then we participated in HackEire, a Capture the Flag style contest. We ran second. Not too bad for our sucky preparation and the fact that we spent more than an hour to make a Mac share its 3G uplink with two Linux Notebooks over (encrypted -didn’t work-) WiFi. The game network was 10.0.1.0/23 and the Mac automatically and not changable was 10.0.2.0/24. Although the networks overlapped by one bit I expected it to work for the majority of the packets being sent. But we failed. Hard. So hard, that the Mac couldn’t take part in the game anymore… I need to polish either my understanding of networking or my passion for hating Apple.

This CtF, however, was a bit different since there was one virtual network for everyone. I.e. no team had an own server or an own virtual network. There were four machines which were supposed to be owned in a given order. That wasn’t immediately clear and there were many tarpits to waste a lot of time. I.e. a Kernel in a supposed-to-be vulnerable version which is not exploitable, or a separate PHP user for the Webserver with a locked down home directory, tempting you to mess around with PHP scripts to investigate.

And the end of the day, the contest was about collecting secret keys to decrypt a file afterwards. The secret keys were more or less obviously lying around once the machine has been pwned. Passphrases to that secret keys were either user passwords or otherwise easily guessable strings.

The Machines were:

  1. Linux Webserver. To be 0wned with a password being served on a page from the webserver. A bit obfuscated though, so that one had to use the source. Once SSHed to that host, secrings were lying around in ~/gnupg/. Also, weird processes were running that connected to a strange host outside the network (4) to send a password over the wire.
  2. BIND on windows (sic!). To be pwned via the conficker exploit. Also, one should crack a users password using THCs Hydra.
  3. Linux Mailserver. With SSH Server only visible when coming from (1). Log in with password from (2). Machine was running an old kernel, thus sooner or later you g0t root. Then search for keyring in home directories. Also, crack the shadow using a John that’s capable of cracking SHA256 (i.e. not the most recent version shipped with Ubuntu).
  4. “hidden” DB server on Windows, only connectable from (1). You could find that machine by looking at the network interfaces of (1). You’d see that it has a second interface with a different IP thus inviting you to scan the new subnet. Luckily, there was an smbclient on (1) and with credentials from (1), one could enumerate all users (smbclient -L). Then, with the other credentials found on (1), connect and get keyring as well as final encrypted file.

That final file could be decrypted using keys and passphrases obtained earlier. Out came an ELF binary that looked, smelled and quacked like “ls”. However, it contained a steganographically hidden text file. Using a standard stego tool shipped with Backtrack, it’s possible to obtain the very final CSV file.

I not only liked the fact that they posted hints on the wall every now and then, but also that they actively walked around, talking to the teams and helped them actually achieving stuff. In fact, I wouldn’t even have thought about transferring zones from that BIND instance using AXFR or checking the machines whether they have an smbclient installed.

While we were playing, I bricked my sudo by trying to add a line without knowing the syntax. I couldn’t do sudo nano /etc/sudoers afterwards as it couldn’t parse the file, effectively leaving me without root access. I think I’ll better use visudo now…

Ireland vs. France

Heh, the following conversation might not have happened (unless the Consulat Général De France is located in “Joker Street”, but anyway, it’s hillarious. Either read the quotes or find the (largish) Image:

Ireland-vs.-France

20 October 2009

Dear Sir,

I am writing to you on behalf of the French President, Monsieur Nicolas Sarkozy. Following the recent announcement of the World Cup play-off match between our two countries, the President has requested that you provide a VIP box for the game as he is very keen to attend.

Yours faithfully,
Jacques du Maurier
Directeur
Consulat Général de France
12-24 Rue des Blaguer
74139 Paris
France

23.10.09

Dear Mr. Du Maurier,

Thank-you for your recent letter concerning box arrangements at Croke Park. We are delighted that President Sarkozy wishes to attend and look forward to welcoming him. We would just like some clarification regarding the VIP box as there are a number of options available. Do you have any preferences re: size?

Yours faithfully,
Bill O’Leary
Liaison officer
Department of Diplomatic Affairs
28 St. Stephens Green South
Dublin 2
Ireland

26.10.09

Dear Mr. O’Leary,

Thank-you for your prompt response. We were not aware that the boxes at the stadium came in different sizes. Do the dimensions have any bearing on one’s enjoyment of the game?

Yours faithfully,
Jacques du Maurier

29.10.09

Dear Mr. Du Maurier,

The overall match experience will certainly be influenced by the President’s choice of box. The first box is 30cm high and will allow the President to see most of the Croke Park pitch, though he may not be quite able to see play in the North-West quadrant. The second box is 60cm, but whilst this would afford the President a panoramic view of the pitch, it will also make him visible to Press photographers which may compromise his privacy.

Yours faithfully,
Bill O’Leary

2 Novembre 2009

Dear Mr. O’Leary,

There appears to have been some confusion. When we requested a “VIP box” for our President, we were not looking for a box for him to stand on. Whilst we expect the foreign press to make humorous remarks about the President’s diminutive stature, we do not expect this from an official representative of the Irish government department.

Yours faithfully,
Jacques du Maurier

5.11.09

Please accept our apologies and those of the Executive Hospitality Committee at Croke Park. There was certainly no intentional attempt at humour on our part and we hope that you will accept this as a genuine misunderstanding. Naturally, we will make a VIP ‘Executive’ box available to the President, with full security and hospitality arrangements in place. The boxes will then be placed discreetly inside.

Yours faithfully,
Bill O’Leary

9 Novembre 2009

Sir,

In light of the lack of respect we feel your office has displayed in response to an official request from a visiting Head of State, the President has decided to watch the match in Paris instead. Rest assured that we will be lodging a formal complaint regarding your conduct at the highest levels.

Jacques du Maurier

12.11.09

Fair enough. We look forward to seeing the boys in green give your lot a good hammering.

Bill

Free SMS

This could be interesting to anyone sending texts (SMS): In Ireland, I guess every operator has a so called webaccess which allows you to send up to a certain number of texts for free. Worldwide. That’s kinda handy because sending a SMS via normal GSM mode easily costs you 10ct. A data connection, however, should be much cheaper  (around 4ct. with O2 Ireland, not even 1ct with Simyo in Germany). You only need credentials to log into their website, so no SIM card is (directly) needed.

Because using the web sucks you want to have a nice and clean interface which you can program and extend yourself. Luckily, there are at least two projects, helping you to send SMS comfortably.

One for your PC is o2sms which is really handy. It’s a Perl script and easily useable:

mkdir -p ~/svn/ ~/bin/
svn co https://o2sms.svn.sourceforge.net/svnroot/o2sms
cat > ~/bin/o2sms <<EOF
#!/bin/sh

pushd ~/svn/o2sms/trunk/o2sms3/lib/
../bin/o2sms $@
popd
EOF

You have to have ~/bin/ in your path of course. I put the following in my /etc/profile:

if [ -d $HOME/bin ]; then
  PATH=$HOME/bin:$PATH
fi

If you don’t have  a PC at hand, you will find Cabbage useful. It’s a J2ME application for you mobile phone and it’s quite easy to use.

You might even find an (semi) open wireless network using the J2ME app which calculates WEP Keys of Eircom routers, so that you don’t even have to spend the money on the data connection. The algorithm is describere here and you can find a Perl or Python, as well as a C++ implementation here.

On O2, you can send free SMS via normal GSM, so it would be a pity if you had to use the Webtexts. As I discovered that sending SMS via a serial connection is easy, I started to write PySMS. It’s still work in progress, but it actually parses your o2sms configuration file so that you can use send_sms instead of o2sms to send your SMS. To get it working right you might want to enter your phones Bluetooth address in /etc/bluetooth/rfcomm.conf. Mine reads:

rfcomm2 {
  bind yes;
  device 00:FO:OB:AR:BA:ZZ;
  channel   2;
  comment "Mah Mobile";
}

Dunno exactly how to determine the channel, but I guess sdptool browse should show “Dial-Up Networking” as service name for the channel.

I’d really like to have a wrapper around send_sms and o2sms which decides for me whether it sends the SMS via GSM, Web or both. But my main problem, beside the lack of time, is that I can’t snoop on stdin to pass it to a second program afterwards. Since I don’t really know if stdin must be read, I can’t read it myself and just send it twice. Also, subprocess.Popen is not particucarly happy accepting anything else than stdin or a string. So if you have a solution to this problem, please show up 🙂

The next step is to write a simple webinterface against this o2sms library and have free SMS for everyone 🙂

Ireland, Blasphemy €25.000 and other rules

I was rather shocked as I read this article about a law passing the Dáil which fines blasphemy with 25.000 Euro. If I didn’t know better I’d say this couldn’t happen in an European country, but astonishingly such things happen within the EU. Now I’m a bit afraid being Ireland as an atheist.

Freshly draught Guinness (~5€)
Freshly draught Guinness (~5€)

So yes, I moved to Dublin, Ireland to study at the DCU 🙂 If you want to visit me, have lunch or a pint, don’t hesitate to ring me 🙂 I haven’t seen so much of Ireland myself so far, but I’ve been into bloody cold Irish Sea…

Also, The Pirate Bay is blocked by Eircom, the largest ISP in Ireland. They use an IP based filter, not only  a DNS based one. So they actually interfere with my communication which I assumed to be unconstitutional. But luckily, I have a tunnel set up which gives me free access to the world.

Cliff in Howth near Dublin
Cliff in Howth near Dublin

Besides the panic about the swine flu, another weird thing is Irish bureaucracy. My impression is that the people don’t really think beyond their utterly extensive and most of the times really stupid rules. For example, I tried to register at the University by paying 2000 Euros study fees. It failed because my credit card apparently has a limit of something less than that. The registry advised me to wire the money and print a screenshot of the online banking site. Of course I didn’t know a) how I could connect my laptop to the internet, b) how or where to print and c) log on to anything because I wasn’t even a student yet. Luckily, I have some friends at that university, that helped me out so I could finally register… It appears, that the rules are generally made to be ignored. They probably want to have them just in case they need to file a case against you. So as I applied at the university, I had been offered a conditional offer which was to be accepted by some specified date. I couldn’t, however, fulfill the condition and time to discuss that was running out. They told me that the date could generally be amended. I don’t think it’s good to have rules which are known to not be enforced and just needed to have something against you just in case…

The pubs in Dublin are great, although they have to close rather early, like around 02:00 o’clock. Also, you can’t get beer after 22:00 in a shop *sigh*. Yes, Irland might have a drinking problem, but treating everybody like a small child obviously doesn’t help it.

Beerprice dropped from ~20€ to 12€
Beerprice dropped from ~20€ to 12€

DAAD result

I got my result from the DAAD after I have been there a few weeks ago!

Turns out, I won’t get the stipend, but I am on kind of a list, if anybody drops out. I consider that rather unlikely so I’ll concentrate on other methods to get some money. By the way: If you have some spare money and don’t know what to do with it, consider giving it to me 😉

Anyway, I still need a language test from IELTS before I can apply at the DCU and start looking for a space to live.

DAAD Recall

Journey

I applied for a stipend from the DAAD, the “German Academic Exchange Service”, in November. They must have liked my application because they invited my to the “next round” in the former capital Bonn.

Bonn Hauptbahnhof
Bonn Hauptbahnhof

I got some LIDL train tickets on eBay for 70 Euros (thanks Mezzo), which were 55 as they were sold by LIDL. Flying wasn’t an option due to the airports, both Hamburg and Koeln-Bonn, being located outside the cities and would have brought travel overhead which takes time as well. I enjoyed my non-stop train trip and arrived in Bonn after almost 5 hours.

Altes Rathaus in Bonn
Altes Rathaus in Bonn

Hostel

Akademisches Kunstmuseum
Akademisches Kunstmuseum

After a short stroll through the city, I went to my Hostel: Max Hostel in the old town. They seem to be rather new since they were obviously surprised that I arrived. The guy at the reception left a clueless but happy impression. That Hostel offers a kitchen with Pasta and coffee for free! Especially the latter is pretty important 😉 Though, I was not amused by the fact, that the showers were on the outer floor, where everybody is on his street shoes.
But the beds were pretty good and I slept nearly 11 hours.
Maybe that’s due to my long walking trip through Bonn. I got lost several times on my way to the museums but that wasn’t too bad as I could see Bonns living district with beautiful old houses.

Altbau in Bonn
Altbau in Bonn

If you are ever going to Bonn, don’t miss the “Haus der Geschichte”! An excellent Museum covering different aspects of German history.

Boennsch Koelsch
Boennsch Koelsch

Before I went to bed, I had a few big Schnitzel together with Beer^W “Koelsch”. Last time I had a Koelsch it reminded me of water rather than beer but this brand, “Boennsch” was quite good.

Boennsch Pub
Boennsch Pub
Kommunisten-Nazi
Kommunisten-Nazi

Questions

Uni Club
Uni Club

So I went to the Uni Club Bonn to have a talk to the selection committee. Other students were already waiting in front of the talking room. The amount of administrative overhead to select the ones who will receive the stiped is impressing. They do that selection talk thing the whole day, from 10:00 to 18:00, in 4 rooms in parallel.
But let’s get to the guts of that talking. I tried to prepare for that discussion with googling facts about it. I didn’t find much so I’m going to list the questions and the atmosphere. If you have questions left, feel free to drop me a line.

MozarthausI was called to come into the room and I was pretty nervous. I haven’t been so nervous even right before exams. I was invited to have a seat in front of a table with ready-to-drink water. The committee sat in front of a separate table and they counted 7 people. The committee was introduced to my by one of them. She introduced each member: Four of them were professors from different places in Germany, one student who got the stipend a year ago and two DAAD executives. And then it already begun. The professor asked four or five questions at once:

Main university building
Main university building
  • Why I was studying computer science
  • Why I am interested in computer security
  • Why I want to go to Dublin
  • Why the DAAD should give the stipend to me and not to anybody else

I began saying that I hope to not forget any of these questions. The prof immediately said that he asked so many question at once so that I can talk for a long time…
So I told my story: I am interested in computer science since I was a child, I got in touch with security very early, blablabla. Of course I forgot a few points, e.g. why I wanted to go to Dublin and why *I* should be sponsored.
But my talking drifted into a nice dialogue. I told them about the situation on my home university, especially that our security staff has gone and they asked a couple of questions like whether the professorship is going to be replace or whether I was able to do a diploma thesis at my home university.

Rheinland dreht zu Fasching durch
Rheinland dreht zu Fasching durch

Other questions include

  • Where do I see myself in 5 years
  • Where do I see the best university for computer security
  • What kind of experience I had in computer science and what my (university) projects were about
  • What would I have studied if I wouldn’t have taken computer science
  • Which news of the last week moved me

While the whole talking was in German, the student suddenly asked in English me why I needed so much time for my studies. We discussed like one minute or two after we switched to German again.

While I was pretty happy coming out of that room after 15 minutes, I think I didn’t perform very well. The more I think about it, the less I like my answers.I didn’t set any particular weights and gave unnecessary answers which are not of any interest.

The atmosphere, however, was okay. Everybody seemed interested and had a pile of paper in front. Nobody picked on a particular shortcoming and were high level in general.

Weirde Abkuerzung
Weirde Abkuerzung

So I missed to make a few points and while I think about my answers afterwards, I think I could have given smarter ones. But we’ll know more in about three weeks, because the DAAD executive said, that they’ll send a mail then.

I was about to go to the Arithmeum and the Haus der Geschichte but unfortunately they were closed on Mondays 🙁 So I went to have lunch and a beer before I went to the railway station to get home.

Das Bier danach
Das Bier danach
Creative Commons Attribution-ShareAlike 3.0 Unported
This work by Muelli is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported.