rete di casa e raspberry pi - home netwoork and raspberry pi
Post on 29-Jan-2018
63 Views
Preview:
TRANSCRIPT
Home network and Raspberry PiHome network and Raspberry Pi
Daniele AlbrizioDaniele Albriziodaniele@albrizio.itdaniele@albrizio.it
By Evan-Amos - Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=56262833
2
What exactly is Raspberry Pi?
● The Raspberry Pi Foundation is a charity founded in 2009 to promote the study of basic computer science in schools, and is responsible for developing a single-board computer called the Raspberry Pi, the UK's best-selling PC of all time.
3
Raspberry Pi 3 2016
● 1.2 GHz 64-bit quad-core ARM Cortex-A53● 500 MHz SDRAM● SoC Broadcom BCM2837● GPU Broadcom VideoCore IV @ 250 MHz (BCM2837: 3D
part of GPU @ 300 MHz, video part of GPU @ 400 Mhz), 1080p30 H.264/MPEG-4 AVC high-profile decoder and encoder
● 1GB SDRAM shared with GPU● 4xUSB 2.0● 15-pin MIPI camera interface (CSI) connector
4
Raspberry Pi 3 2016
● HDMI (rev 1.3), composite video (3.5 mm TRRS jack), MIPI display interface (DSI) for raw LCD panels
● Analog audio via 3.5 mm phone jack; digital via HDMI
● MicroSDHC slot● 10/100 Mbit/s Ethernet
5
Raspberry Pi 3 2016
● 17 x GPIO● 300 mA (1.5 W) average when idle, 1.34 A (6.7
W) maximum under stress ● Powered by 5 V via MicroUSB or GPIO header● Bluetooth 4.1● 802.11n wireless
6
Privacy concerns in a home network
● What are all my devices really doing on my network?
● Are all network flows licit?● What can I do to limit information leakage and
uncontrolled behaviour?
7
Needs
● Insulate my (trusted?) DSL router and main PC from wireless untrusted devices like smart-phones and IoTs (forwarding, NAT, hostapd)
● Traffic Analisys and consciousness (wireshark)● Firewalling (iptables at the moment)● Bonus:
– ADs removal (Pi-hole)
8
9
Shopping list
● Raspberry Pi 3● Heat sinks● Case● SDCard● Usb power supply
10
Base Distro
● Raspbian (base)● Kali (some VA and security testing)
● https://www.offensive-security.com/kali-linux-arm-images/● https://docs.kali.org/kali-on-arm/install-kali-linux-arm-raspberry-pi
– # dd if=kali-xxxxx-rpi.img of=/dev/sdX bs=512k
– Where sdX is your sdcard device: please be absolutely sure of which is your sdcard device before flashing: data loss danger.
● Insert your SDcard and power on your Raspberry
11
First steps
● Bind the Raspberry IP on your DSL router dhcp (reservation)
● Access via ssh using user:root pass:toor keyboard/monitor-less
● Install hostapd, tcpdump, isc-dhcp-server– sudo apt install hostapd tcpdump isc-dhcp-server
● Install PC authorized key in the raspberry (optional)– ssh-copy-id -i ~/.ssh/id_rsa.pub root@kalihost
12
Disable Network Manager for Wi-Fi interface to avoid conflicts
● service network-manager restart
#/etc/NetworkManager/nm-system-settings.conf[main]plugins=ifupdown,keyfile
[ifupdown]managed=false
[keyfile]unmanaged-devices=mac:8a:70:95:99:99:99
13
Configure NAT and IP address
● for the wireless lan interface
# file /etc/network/interfacesauto wlan0 iface wlan0 inet static address 10.5.5.1 netmask 255.255.255.0 post-up iptables -t nat -A POSTROUTING -s 10.5.5.0/24 -o eth0 -j MASQUERADE
By Yangliy at English Wikibooks - Transferred from en.wikibooks to Commons., Public Domain, https://commons.wikimedia.org/w/index.php?curid=61795881
14
IP Forwarding (like a router)
● In /etc/sysctl.d/99-sysctl.conf– net.ipv4.ip_forward=1
● Reload parameters– sysctl -p /etc/sysctl.conf
● Verify the parameter is “1”– cat /proc/sys/net/ipv4/ip_forward
15
Enable DHCP server on wlan0
● Enable dhcp server upon boot– sudo update-rc.d isc-dhcp-server enable
● Start the dhcp server– sudo isc-dhcp-server start
#/etc/dhcp/dhcpd.confsubnet 10.5.5.0 netmask 255.255.255.0 { range 10.5.5.26 10.5.5.36; option domain-name-servers 10.5.5.1; #option domain-name-servers 8.8.8.8, 8.8.4.4; option domain-name "internal.example.org"; option routers 10.5.5.1; option broadcast-address 10.5.5.255; default-lease-time 600; max-lease-time 7200;}
#/etc/default/isc-dhcp-serverINTERFACESv4="wlan0"
16
Enable Wi-Fi Access Point
● Insert DAEMON_CONF="/etc/hostapd/hostapd.conf" in /etc/default/hostapd
● Modify and customize hostapd.conf (see next slide)● Enable startup on boot
– sudo update-rc.d hostapd enable
● Start the access point– sudo service hostapd start
17
/etc
/hos
tapd
/hos
tapd
.con
f interface=wlan0driver=nl80211ssid=traphw_mode=g
ieee80211n=1wmm_enabled=1# Low priority / AC_BK = backgroundwmm_ac_bk_cwmin=4wmm_ac_bk_cwmax=10[…]
macaddr_acl=0ignore_broadcast_ssid=0wpa=1wpa_passphrase=lamiapassphrasesegretawpa_key_mgmt=WPA-PSKwpa_pairwise=TKIP CCMPrsn_pairwise=CCMPieee80211w=n#ap_isolate=1
channel=6acs_num_scans=5acs_chan_bias=1:0.8 6:0.8 11:0.8chanlist=1 6 11
By Maripo GODA - Own work, CC BY-SA 3.0,https://commons.wikimedia.org/w/index.php?curid=18774788
18
Traffic dump and sniff
● Use the following script to remotely dump (on your PC) traffic from your raspberry and show it in your local wireshark– Your raspberry being 192.168.1.5 and your pc being
192.168.1.10#!/bin/shssh root@192.168.1.5 tcpdump -U -s0 \'not\(\(host 192.168.1.5 and port 22\)or\(host 192.168.1.10 and port 22\)\)' \-i wlan0 -w - | wireshark -k -i -
19
Wireshark
● Industry standard sniffer● Provides highlighting, correlation, decoding,
filtering, etc..● Multiplatform (linux, windows, mac)● Provides statistics and flow analysis
20
I need you
● Connectivity hungry apps as soon as a smartphone connects:
21
Connectivity Check without SSL
● GET /generate_204 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36
Host: connectivitycheck.gstatic.com
Connection: Keep-Alive
Accept-Encoding: gzip
● HTTP/1.1 204 No Content
Content-Length: 0
Date: Fri, 27 Oct 2017 18:48:06 GMT
22
YeeLight strange pattern
● I tought I bought a LAN controlled light● A WAN one I got
23
Who the hell is this one?
● $ geoiplookup 52.221.85.229– GeoIP Country Edition: SG, Singapore
● $ host 52.221.85.229– 229.85.221.52.in-addr.arpa domain name pointer
ec2-52-221-85-229.ap-southeast-1.compute.amazonaws.com.
24
Further findings
● Telegram uses non TLS encryption on tcp port 80
● Whatsapp sometimes uses google dns 8.8.8.8 to reach its servers
25
Ads and Privacy
● Profiling– Cookies
– Referrals
– Javascripts
– Biometrics (fingerprinting of mouse movements orkeyboard typing)
By Nicolasbuenaventura - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=32181778
26
Bonus track: Pi-Hole
● Advertising blackholing● On-the-access-point● Web interface● Extensive statistics● Customizable lists, white and black ones● Disable button
27
Install Pi-hole
● Download and install Pi-hole– curl -sSL https://install.pi-hole.net | bash
● Customize /etc/pihole/setupVars.conf for using wlan0 addresses– PIHOLE_INTERFACE=wlan0– IPV4_ADDRESS=10.5.5.1/24
● Change Pi-hole web interface management password– pihole -a -p somepasswordhere
● You can also remove the password by not passing an argument– pihole -a -p
● Head your browser at http://192.168.1.5/admin
28
29
30
31
32
33
34
35
36
37
38
Spare space for fun
● Security Webcam using motion● Plenty of GPIO space
39
What we learned to improve our privacy consciousness
● What is Raspberry● How to install Kali Linux on Raspberry Pi 3● Setup a wireless router using NAT and DHCP● Sniff and read realtime traffic pattern● AD’s suppression● ...
40
Quest'opera è stata rilasciata con licenza Creative Commons Attribuzione - Non commerciale - Condividi allo stesso modo 3.0 Italia. Per leggere una copia della licenza visita il sito web http://creativecommons.org/licenses/by-nc-sa/3.0/it/ o spedisci una lettera a Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Alcune immagini hanno licenze d’uso differenti e sono indicate sulle immagini stesse.
Daniele Albriziodaniele@albrizio.it
Questions?Questions?
41
Further readings
● Yeelight hardware and software reverse engineered – https://hackernoon.com/inside-the-bulb-adventures-in-reverse-engineering-smart-bulb-firmware-1b81ce2694a6
– https://github.com/OpenMiHome/mihome-binary-protocol
top related