Tracking and blocking BRW70188B

January 2, 2017

I’ve been monitoring wifi traffic on my network. I’ve seen a large amount sent up by one device, which was reported as starting with BR70188B (mac address 70:18:8b) with manufacturer HonHaiPr.

HonHaiPr is Hon Hai Precision Industry, which makes network devices. The one in question (with the name BRW70188Bxxyyzz) was from a Brother MFC-650DW that is on the network.

Now that I’ve identified the printer, what to do about it? It was spewing lots of uploaded data – perhaps just to the clients that printed from it, but I’m perhaps a little paranoid. (It seems strange that it’s uploading almost as much as gets downloaded to the printer, though.) So I decided to knock it off the Internet to see what happened.

First, I gave it a static IP address in my dhcpd.conf:

host mfc650dw {
    hardware ethernet 70:18:8B:xx:yy:zz;
    fixed-address 192.168.1.253;
    option host-name "mfc650dw";
}

Next, I updated it in DNS (db and db.rev files) just ’cause now that it’s static it’s handy to have a name to deal with.

Finally, I added a rule to my pf.conf:

block out log quick from 192.168.1.253/32 to ! 192.168.1/24

Now if the printer’s trying to send data up to the Internet, it’s not going to make it through the firewall.

After I did all this, the printer wouldn’t work – Brother apparently stores the IP address but doesn’t refresh if it can’t find it. So I needed to download the Brother Network Connection Repair Tool to tell the Windows printer driver to look for the printer again. Sheesh.

Advertisements

Translation of Evangeline Acadian Queen

December 3, 2016

Angèle Arsenault wrote this back in 1977, and I haven’t been able to find a translation that I really liked. So I had to do it myself. It’s from her album Libre (SPPS Disques, PS-19903) and was my first introduction to Acadia.

I’m going to talk to you of someone that you know
Yes but don’t deceive yourself, she did not come from the States
Even if a certain fellow who was called Longfellow
Popularized her two hundred years ago
She was called Évangéline, she was very very fine
She loved Gabriel on earth as if in heaven
They lived in Acadia, they were damned rich1
But one day the English were no longer satisfied
So they deported them, Gabriel disappeared
Discouraged2 Évangéline searched for him as long as she could
She searched for him in Acadia in Quebec in Ontario
Then in the United States in Florida in Idaho
Arriving in Louisiana with her cousin Diane
She said I have lost my time3
She was 75 years old4
Working a the hospital, she cared for the sick
Then she saw her Gabriel who was leaving for heaven
She jumped on his neck
And said thank you very much
At the hour that you’re interred I will be able to return
I’m going to invest in the companies of the future
So that the name of Évangéline will be bloody well known5

Évangéline Fried Clams
Évangéline Salon Bar
Évangéline Sexy Ladies Wear
Évangéline Comfortable Running Shoes
Évangéline Automobile Springs
Évangéline Regional High School
Évangéline Savings Mortgage and Loans
Évangéline The only French Newspaper in New Brunswick
Évangéline Acadian Queen

  1. This is “riches en maudit” in the original.
  2. This is “déconfortée”in the original.
  3. This proves that Angèle didn’t come from Clare, since she wrote “soixante et quinze” instead of “septante-cinq.”
  4. This is “A dit là j’perdrai pu mon temps.” It seems to indicate both past and future.
  5. This was the hardest to translate, “soit connu en câline.” Literally, “will be known in cuddly” but câline is a milder form of the sacre (expletive) câlisse or chalice.

Ubuntu 16.04.1 – cron mail not working

September 19, 2016

I recently ran into a strange issue. I wasn’t getting mail from cron – even though I could mail myself locally without incident. My cron daemon was running fine, and I had MAILTO=user specified in the crontab.

The first piece of advice everyone says when you search about this is “make sure you can send mail to yourself.” And I could – using mail or mailx and sending to andrew. And if you try searching for help after that, you get lost in the weeds of people trying to send mail to Gmail, and setting up postfix, and going insane.

After a little poking around, I noticed this in my /var/log/mail.log:

Sep 12 04:28:01 myserver postfix/qmgr[2902]: A292710059B: 
   from=<root@myserver.mydomain.com>, size=800, nrcpt=1 (queue active)
Sep 12 04:28:01 myserver postfix/error[20839]: A292710059B:
   to=<andrew@myserver.mydomain.com>, orig_to=<andrew>, relay=none, delay=1.4,
   delays=1/0.12/0/0.25, dsn=5.0.0, status=bounced (myserver.mydomain.com)

I’ve been faking my domain name and it looks like when I upgraded to Ubuntu 16.04.1 things stopped working. (I have a sneaking suspicion that the upgrade process yanked the domain address out of /etc/hosts. But maybe cron changed and started using my FQDN instead of my local mail address.)

But even after changing my hosts file from:

127.0.1.1 myserver

to:

127.0.1.1 myserver myserver.mydomain.com

things weren’t mailing again. I finally changed my crontab to MAILTO=andrew@localhost instead. But that seems kind of bogus. If you’ve got better ideas (/etc/mailname maybe?) let me know.


Making use of GIMP plugins

September 1, 2016

(or how to draw an arrow with an outline)

As part of a project that I’m working on, I found myself drawing lots of red arrows with yellow outlines. To do this I was using the GIMP image editor.

This was tedious. I would draw a yellow arrow for the outline, then draw a red arrow slightly smaller, then merge down so I had one layer. I started wondering about scripting it.

First I started by just calling the FU_arrow.scm script with my values. It wasn’t hard to write a script that did that. In my case, I did:

    (FU-arrow image drawable
            80.0
            25
            TRUE
            75
            500 ; brush thickness
            FALSE ; use forst point as head
            FALSE ; delete path after arrow was drawn
            TRUE ; use new layer for arrow
            FALSE ; draw double headed arrow
            FALSE ; useless
            )

In other words, my plugin just called the FU-arrow plugin. Next I added a little bit of code around that:

    (gimp-image-undo-group-start image)
    (gimp-context-push)
    (gimp-palette-set-foreground '(255 255 0)) ; yellow
    (FU_arrow image drawable 80.0 ...) ; draw outer (bottom) layer
    (gimp-palette-set-foreground '(255 0 0)) ; red
    (FU_arrow image drawable 80.0 ...) ; draw inner (top) layer
    (gimp-context-pop)
    (gimp-image-undo-group-end image)

This saved the state and set the foreground colours appropriately so I didn’t have to, and also made it easy to undo in a single action.

You can see that I called FU_arrow twice. Next I needed to merge them down. For that, I used the facility in the arrow plugin that lets you create the arrow as a new layer. New layers are added at the top of the layer stack, so it’s fairly easy to grab that and work with it. The interesting code is:

    (set! current-layers (cadr (gimp-image-get-layers image)))
    (set! arrow-foreground-layer
      (vector-ref current-layers 0))

Once I have a handle on the foreground layer, I can use gimp-image-merge-down with CLIP-TO-BOTTOM-LAYER to merge the two layers:

(gimp-image-merge-down image arrow-foreground-layer CLIP-TO-BOTTOM-LAYER)

Because I know nobody else created a layer between the two layers I created, it’s easy to get a handle on the new layers the FU-arrow plugin made.

My total plugin is:

(define
  (script-fu-quick-arrow image drawable)
  (let *
       (
       (arrow-background-layer -1)
       (arrow-foreground-layer -1)
       (current-layers -1)
       )
    (gimp-image-undo-group-start image)
    (gimp-context-push)
    (gimp-palette-set-foreground '(255 255 0))
    (FU-arrow image drawable
			80.0
			25
			TRUE
			75
			500 ; brush thickness
			FALSE ; use forst point as head
			FALSE ; delete path after arrow was drawn
			TRUE ; use new layer for arrow
			FALSE ; draw double headed arrow
			FALSE ; useless
			)
    (set! current-layers (cadr (gimp-image-get-layers image)))
    (set! arrow-background-layer
	  (vector-ref current-layers 0))
    (gimp-palette-set-foreground '(255 0 0))
    (FU-arrow image drawable
			80.0
			25
			TRUE
			75
			1 ; brush thickness
			FALSE ; use first path as head
			TRUE ; delete path after arrow was drawn
			TRUE ; use new layer for arrow
			FALSE ; draw double headed arrow
			FALSE ; useless
			) ;script-fu-draw-arrow function call
    (set! current-layers (cadr (gimp-image-get-layers image)))
    (set! arrow-foreground-layer
	  (vector-ref current-layers 0))

    (if (= -1 arrow-foreground-layer) (gimp-message "Foreground is -1"))
    (if (= -1 arrow-background-layer) (gimp-message "Background is -1"))
    (gimp-image-merge-down image arrow-foreground-layer
         CLIP-TO-BOTTOM-LAYER )
    (gimp-context-pop)
    (gimp-image-undo-group-end image)
    ) ; let
  ) ;define

; Register with GIMP:

(script-fu-register "script-fu-quick-arrow"
  _"Quick Arrow"
  _"Draw a nearly arbitrary arrow in your image in red with a yellow outline. Arrow will be created in a separate layer. Needs FU_arrow.scm"
  "Andrew"
  "2016, Andrew"
  "2016-09-01"
  "*"
  SF-IMAGE       "The image"   0
  SF-DRAWABLE    "The drawable"   0
)

(script-fu-menu-register "script-fu-quick-arrow" "/Script-Fu/")

Quick edit: to install the script, copy it to the scripts directory. You can find that with Edit -> Preferences -> Folders -> Scripts (I used the user folder rather than the system folder). Then Filters -> Script-Fu -> Refresh Scripts. Et voilà!


Building Signalink Cables

June 13, 2016

Many of us have sound card interfaces for our radios that use the standard RJ-45 plug on one end and a custom connector for the radio on the other. If you’ve got more than one radio, it’s sometimes possible to buy additional interface cables. That can get pricey, though – and depending on the connector on your radio, an interface cable might no longer be available.

For many rigs it’s possible to buy a connector that ends in bare wire fairly cheaply. I hit eBay and found a cheapie Kenwood connector for $2.49 (“4 Wire Speaker Mic Cable for Baofeng UV5R Kenwood TK-240”).

Kenwood style connector with bare ends

While holding one of these in my hand, I noticed that the individual wires in the radio cable were roughly the same diameter as the wires in cat-5 network cable.

Before doing anything else I wrote down which wires connected to which pins on the radio. All of the wires in my cable had different colors, which made identification a lot easier. Next, I determined which pin in the RJ-45 plug should be connected to which wire. This varies depending on the radio connector and sound card interface you use. In my case, green went to the 2.5mm plug tip aka speaker, red went to the 3.5mm ring aka mic, black went to the 3.5mm sleeve aka PTT, and white went to the 2.5mm sleeve aka ground. I found this Tigertronics page useful.

Close-up of connector and wire

After that, I cut the interface cable straight across with diagonal cutters. My cable came with an integrated strain relief, and I cut that off as well. Then I carefully removed a little more than half an inch (about 13mm) of the cable jacket, being careful not to nick the wires inside.

Cable together but before crimping

I arranged the wires in the correct order they’d need to be into the RJ-45 plug. The wires were solid core, so I was able to spread them more or less into position. Next I inserted the cable into the RJ-45 plug, being careful to slip each wire into the appropriate channel. One or two recalcitrant wires needed persuasion with a pin to find the right home.

Once all the wires were in their channels, I pushed hard on the cable to ensure all the wires were as far forward in the plug as they would go. At this point I crimped the RJ-45 plug. There are two nice things about an RJ-45 crimp: there’s no need to strip the wires (the plug bites down on them to make the connection), and the crimp forces part of the plug’s shell against the cable, which keeps it in place.

Then came the moment of truth: I tested continuity of each pin on the connector. Success!

Completed cable

The radio’s connectors were in the right place, and I had a professional-looking interface cable for a radio that needed it.


Mounting a Pi with Wheezy read-only

April 6, 2016

A while back, I had a need to make a Raspberry Pi have a read-only filesystem. I used the instructions at: github.com/tvdzwan/hyperion/wiki/Make-Raspbian-Read-Only to do so.

Just in case that goes away or changes, here’s what I did:

dphys-swapfile swapoff
dphys-swapfile uninstall
update-rc.d dphys-swapfile disable
aptitude install unionfs-fuse

Then create an executable script as follows in /usr/local/bin/mount_unionfs:

#!/bin/sh
DIR=$1
ROOT_MOUNT=$(awk '$2=="/" {print substr($4,1,2)}' < /etc/fstab)
if [ $ROOT_MOUNT = "rw" ]
then
  /bin/mount --bind ${DIR}_org ${DIR}
else
  /bin/mount -t tmpfs ramdisk ${DIR}_rw
  /usr/bin/unionfs-fuse -o cow,allow_other,suid,dev,nonempty ${DIR}_rw=RW:${DIR}_org=RO ${DIR}
fi

Next, make / read-only and mount /etc and /var as ramdisk in /etc/fstab:

/dev/mmcblk0p1  /boot           vfat    ro                0       2
/dev/mmcblk0p2  /               ext4    ro,noatime        0       1
mount_unionfs   /etc            fuse    defaults          0       0
mount_unionfs   /var            fuse    defaults          0       0

Finally, make the magic directories:

cp -al /etc /etc_org
mv /var /var_org
mkdir /etc_rw
mkdir /var /var_rw
reboot

Recently, I had to add a user to a group. To do that, I used:

umount /etc
mount -o remount,rw /

to make /etc/ writable again.


Turning a Raspberry Pi 2 into a packet station

March 31, 2016

I keep thinking it’s a good idea for emergency communications to have a packet station. Since I’m cheap, I didn’t want to get extra hardware – instead I wanted to use what I had. Luckily, Dire Wolf is better than any hardware packet decoder out there. Here’s how I got a working packet station on a Pi 2 running Raspbian Jessie Lite.

  1. Connect the radio to the Pi. In my case, I had a spare Signalink SL1+ hanging around which made things easier. I  bought a Syba CMedia USB sound card to talk from the Pi to the Signalink, and a Kenwood speaker mic cable to talk from the Signalink to the radio. Here’s a useful hint: the diameter of the wires in the speaker mic cable are roughly the same as the diameter of the wires in regular Ethernet cable – meaning that you can (if you’re careful) strip the outer jacket, put the inner wires in the right places of an RJ-45 connector and crimp direct to them with no soldering at all.
  2. Download and build Dire Wolf. Instructions for doing so on a Pi are here. I mounted my home directory on a networked drive to make life easier.
  3. Configure Dire Wolf with your callsign (I used the SSID -15 after my call) and sound card. Be sure to avoid the “# ADEVICE – plughw:1,0” line – it looks a lot like the correct “ADEVICE  plughw:1,0” line, but takes input from stdin instead of the sound card.
  4. Run “direwolf” and tune the radio to 144.390 (APRS). Make sure you’re decoding packets. You might have to go to alsamixer and adjust input/output. Mine ended up being 51 for speaker, 29 and 12 for mic. Also adjust the radio volume so it’s not too high or too low. (Hit F6 to get your sound card, then F5 to see all devices. I’m not sure which mic I was using; I had two – a stereo and a mono one. The mono one was 29, the stereo one was 12.) It’s probably a good idea to turn off the squelch on the radio as well.
  5. sudo apt-get install ax25-tools ax25-apps
  6. Edit /etc/ax25/axports and set one line to:
    vhf   mycall-15 1200 255 2 VHF link (1200 bps)
  7. Make sure all the other lines in axports have # in front of them (it doesn’t like blank lines).
  8. Run “direwolf -p” to get the KISS port. It will show up as something like /dev/pts/2. Once it’s running, move to another terminal window.
  9. Change frequency to the freq that you’re going to use.
  10. sudo /usr/sbin/kissattach /dev/pts/2 vhf (your IP address in AMPR 44.0.0.0)
  11. sudo /usr/sbin/kissparms -p vhf -t 200 -s 20 -r 64 -l 50 -f n
    These parameters took a little tweaking. If the transmit delay (-t) was too big, things timed out. If it was too small, things stepped on each other. I had to adjust transmit tail delay as well (-l). I found this page useful for some values.
  12. sudo route del -net 44.0.0.0 netmask 255.0.0.0
    (because I’d set up a route beforehand and needed to nuke it)
  13. sudo /sbin/route add -net 44.0.0.0 netmask 255.0.0.0 dev ax0
  14. ping -i 10 (someone else’s IP who also has a machine on the AMPR 44.0.0.0 net)
  15. Assuming that works, you might want to apt-get install telnet telnetd talk talkd and try to log into your friend’s machine or have your friend log into yours.
  16. Last but not least: I ran into problems with arp. I increased the arp timeout in /etc/sysctl.d/local.conf:net.ipv4.neigh.default.base_reachable_time_ms=1200000