Nerfnet Tunnels TCP/IP Over NRF24L01 Radios

There’s an excellent chance you’ve already worked with the nRF24L01. These little modules are an easy and cheap way to shuffle data across a 2.4 GHz radio link at a respectable rate, making them great for remote control projects. But after seeing that others had experimenting with using these radios to transmit digital audio, [Andrew Rossignol] got to wondering if some software trickery could push the envelope even further.

The result is nerfnet, a Linux program that allows you to tunnel TCP/IP over a pair of nRF24L01 modules. The link appears as a virtual interface, meaning everything happens transparently as far as other programs are concerned. Anything that uses TCP/IP to communicate on Linux can take advantage of this low-cost link, albeit at speeds that most of us haven’t had to deal with in decades.

Though it’s not quite as bad as you might think. Latency is around 50 ms, and after some tweaks, [Andrew] has been able to squeeze almost 300 Kbps out of the link. That’s more than enough for terminal work, and some light audio and video streaming isn’t out of the question.

In terms of range, he was able to maintain a fairly reliable connection at a distance of up to 60 meters (200 feet) outdoors. It might not sound like much, but again, you’ve got to take the cost of these radios into account. If you’re looking to SSH into a Raspberry Pi weather station you’ve got in the backyard, a pair of these could get the job done for just a couple of bucks.

The blog post [Andrew] has put together explains the software in fantastic detail if you’re interested in the nuts and bolts of it all. But if you just want to play around with the idea, you just need to connect some nRF24L01 modules to a pair of Raspberry Pis with short SPI wires to cut down any interference, and follow the instructions. Ideally the radios would have external antennas, but it’s not strictly required.

We’ve seen these modules pushed into service as impromptu Bluetooth Low Energy transmitters in the past, but nothing quite like this. While the latency and bandwidth offered by this technique might seem antiquated to modern eyes, it could be the perfect dedicated communication channel for your sensors, smart devices, or home automation projects.

Continue reading “Nerfnet Tunnels TCP/IP Over NRF24L01 Radios”

Linux-Fu: Applications On The Web

Did you know you can run remote Linux GUI programs in a browser with HTML5 support? It’s even secure because you can use SSH tunneling and that little trick means you don’t even need to open additional ports. If this sounds like gibberish, read on, it’s actually pretty easy to get up and running.

I recently was a guest on a Houston-based podcast, and the hosts asked me if the best thing about writing for Hackaday was getting to work with the other Hackaday staff. I told them that was really good, but what I like best was interacting with people (well, most people) in the comments. That sometimes you’d post an article and someone would bring a topic up in comments that would really knock your socks off. This is how I wound up with this nearly ideal remote access solution, that requires nothing on the remote side but a web browser.

A while back I posted about keeping programs running after log off on a Linux box. The post was mostly about non-GUI programs but you could use NX or VNC to handle it. In the comments, someone mentioned how unhappy they’d been with recent copies of NX and another commenter called [Screen for X11] posted about a tool called xpra.

Continue reading “Linux-Fu: Applications On The Web”

A Red Teamer’s Guide To Pivoting

What is hacking and what is network engineering? We’re not sure where exactly to draw the lines, but [Artem]’s writeup of pivoting is distinctly written from the (paid) hacker’s perspective.

Once you’re inside a network, the question is what to do next. “Pivoting” is how you get from where you are currently to where you want to be, or even just find out what’s available. And that means using all of the networking tricks available. These aren’t just useful for breaking into other people’s networks, though. We’ve used half of these tools at one time or another just running things at home. The other half? Getting to know them would make a rainy-day project.

Is there anything that ssh and socat can’t do? Maybe not, but there are other tools (3proxy and Rpivot) that will let you do it easier. You know how clients behind a NAT firewall can reach out, but can’t be reached from outside? ssh -D will forward a port to the inside of the network. Need to get data out? There’s the old standby iodine to route arbitrary data over DNS queries, but [Artem] says dnscat2 works without root permissions. (And this code does the same on an ESP8266.)

Once you’ve set up proxies inside, the tremendously useful proxychains will let you tunnel whatever you’d like across them. Python’s pty shell makes things easier to use, and tsh will get you a small shell on the inside, complete with file-transfer capabilities.

Again, this writeup is geared toward the pen-testing professional, but you might find any one of these tools useful in your own home network. We used to stream MP3s from home to work with some (ab)use of netcat and ssh. We keep our home IoT devices inside our own network, and launching reverse-proxies lets us check up on things from far away without permanently leaving the doors open. One hacker’s encrypted tunnel is another man’s VPN. Once you know the tools, you’ll find plenty of uses for them. What’s your favorite?

Thanks [nootrope] for the indirect tip!

DNS Tunneling: Getting The Data Out Over Other Peoples’ WiFi

[KC Budd] wanted to make a car-tracking GPS unit, and he wanted it to be able to phone home. Adding in a GSM phone with a data plan would be too easy (and more expensive), so he opted for the hacker’s way: tunneling the data over DNS queries every time the device found an open WiFi hotspot. The result is a device that sends very little data, and sends it sporadically, but gets the messages out.

This system isn’t going to be reliable — you’re at the mercy of the open WiFi spots that are in the area. This certainly falls into an ethical grey zone, but there’s very little harm done. He’s sending a 16-byte payload, plus the DNS call overhead. It’s not like he’s downloading animated GIFs of cats playing keyboards or something. We’d be stoked to provide this service to even hundreds of devices per hour, for instance.

If you’re new here, the idea of tunneling data over DNS requests is as old as the hills, or older, and we’ve even covered this hack before in different clothes. But what [KC] adds to the mix is a one-stop code shop on his GitHub and a GPS application.

Why don’t we see this being applied more in your projects? Or are you all tunneling data over DNS and just won’t admit it in public? You can post anonymously in the comments!

It’s Not A Bridge, And Not A Tunnel. Or, Maybe It’s Both?

The gist of the idea is to suspend an underwater tunnel from floating pontoons. By the time you finished reading that sentence, you probably already had a list of things in your head that seem to make this a terrible idea. After all, it does seem to combine the worst aspects of both underwater tunnels and bridges. But, the idea may actually be a good one, and it’s already being seriously considered in Norway.

Continue reading “It’s Not A Bridge, And Not A Tunnel. Or, Maybe It’s Both?”

Surviving A Hacker Conference

concrowd

With another hacker conference looming in front of us, it’s time to start thinking about hardware security. Hacker conventions have the most hostile network you’ll ever encounter. [Security4all] points out that 25C3 already has an extensive page on securing your hardware. It starts from the ground up with physical security, BIOS passwords, and locking down bootloaders. There’s a section on securing your actual OS and session. Finally, they cover network usage. It mentions using SSH for dynamic forwarding, which we feel is a skill everyone should have. We’ve used it not just for security, but for bypassing brainless bandwidth restrictions too. There’s also the more trick transparent version. Every piece of data you bring with you, you risk losing, so they actually recommend just wiping your iPhone and other devices before attending. It’s important to remember that it’s not just your own data at risk, but everyone/thing you communicate with as well.

Detecting ISP Throttling


ISPs have recently become very aggressive towards their customers. They’ve been blocking or altering traffic to prevent you from using specific programs or protocols. Google’s Senior Policy Director recently stated that they’re developing tools to allow people to detect ISP interference. A couple other groups have been building tools as well: The Network Neutrality Squad just released the second beta of their Network Measurement Agent. The tool currently detects spoofed packets by monitoring the round trip time of the connection; early reset packets will have lower than average RTT. If you want to go more in depth, the EFF has published a guide for using Wireshark to do the detection. We’ve even heard rumors of people building tools to tunnel a session inside of one that looks completely different.

[photo: nrkbeta]