“A5/1 [the encryption scheme used in most cellular voice calls] has operated unchanged for the last 21 years but it has now reached its cryptographic end-of-life, engulfed by the march of Moore’s Law. However, the operational end-of-life of A5/1 may still be decades away as there are approximately 2 billion GSM subscribers, commanding about 80% of the global mobile market. This would be a tough product recall indeed. A5/1 is well-positioned to become the NT of the mobile crypto world, and I see the makings of a long tail of GSM vulnerability.” - Dr. Luke O’Connor at NoTricks: Another crack at open Rainbow Tables for A5/1

The ability to intercept and decrypt GSM cell phone conversations is now well within the reach of hobbyists.¹²

My friend Scott and I were discussing this sobering fact one night and we began wondering if any systems exist which provide end-to-end encryption for this insecure link.

Sure, there are plenty of solutions for people with access to cellular dataconnections, but what can voice call participants use to foil eavesdroppers?

We didn’t find any low-cost systems so we decided to create our own. OKCrypto is the Linux-based encrypting software modem that we’ve made. It consists of two components: the modem component and crypto component.

We needed the ability to send data before we could try sending  encrypteddata, so the first step was to design a simple software modem.

Rather than executing the modem code on the cell phones themselves, I decided to host the modem code on a the sender and receiver’s Linux systems. This design provides two benefits:

1. The modem code and crypto code has access to the rich Linux API.
2. Sensitive code and data are isolated from the both the cell phone itself and from the cell infrastructure. We have clean separation between trusted (PC) and untrusted (cell) environments.

Thus, the “real work” in OKCrypto is done on the PC – the cell phones simply allow the PCs to talk to each other. See figure 1 for an overview of the hardware involved in the system.

Conceptually, the modem is similar to the analog Plain Old Telephone Service (POTS) modems from the Bad Old Days before broadband service became popular. Instead of an audio coupler, we’re using Bluetooth to connect our PC to our phone line. Instead of custom hardware, our modem is comprised of some glue scripts and the software packages they connect – all running on a Linux PC.

The modem doesn’t provide an asynchronous full-duplex communication link like traditional modems. This modem’s operation is simpler: The sender’s modem dials the number of, and subsequently transmits a pre-prepared chunk of data to, the recipient’s modem. It then hangs up.

The modem uses Dual-tone multi-frequency (DTMF) signaling to encode the data it transmits. I chose DTMF because I was familiar with it and because Debian provides a package for Multimon. OKCrypto uses two utilities that Multimon provides:

1. gen – a DTMF generation utility (digits->wav file)
2. multimon – a DTMF detection utility (wav file->digits)

I’d been working on a few Bluetooth security projects at the time, so the Hands-Free Profile (HFP)³ came immediately to mind as a convenient way to transfer audio (and any data we’ve encoded in the audio) between a PC and a cell phone during a call.

-flickr size=”small” float=”right”-4153181752-/flickr-In most cases HFP is used to connect a a Bluetooth phone to a Bluetooth headset so that the headset can be used to make calls via the phone. See figure 2.

-flickr size=”small” float=”right”-4153181518-/flickr-In the PC world, HFP is typically used to connect a desktop computer to a bluetooth headset. See figure 3. In that configuration, the PC fulfills the first of two roles mandated by the HFP specification: the Audio Gateway (AG) role. The headset fulfills the hands-free (HF) role.

Support for the HF role in bluez, the Linux Bluetooth stack (pronounced “blue-zee”), is just now maturing⁴ so I went searching for a userspace implementation of the HFP protocol stack.

One of the best, chan_mobile, is distributed as an add-on to the popular open-source private branch exchange (PBX) Asterisk system. If you configure chan_mobile to use your cell phone, Asterisk can make both outbound calls and receive inbound calls with the phone.

Asterisk is the largest software component of the OKCrypto modem. It not only provides a reliable HFP HF role implementation which works with a wide array of modern phones (see above), but also many essential telephony operations:

1. Recording audio during a call. OKCrypto uses Asterisk’s built-in voicemail capabilities.
2. Transmitting audio during a call.
3. Pausing for a given time period.
4. Logging phone call details.

See figure 5 for an overview of the software components in the OKCrypto system. Note that the same software is used on both the sender and receiver’s PCs.

Let’s look at how we can use this modem to send a 16-byte binary file over a cellular voice connection.

First, the sender and recipient will need to perform some set-up steps:

1. 1. Acquire a Linux-supported computer and Bluetooth adapter. I found that using a virtual machine introduces latency that bluez/btusb cannot tolerate.
2. Acquire a HFP-capable cell phone.
3. Install Linux, SoX, Python, multimon, Asterisk, the Asterisk “add-ons”, GPG, and the OKCrypto scripts.
4. Pair cell phone with computer. Grant HFP access.
5. Configure chan_mobile
6. Start Asterisk Next, the sender can issue this command at a shell to send the file ‘/tmp/foo’ to the recipient at 585-555-3258.

   $ ./bin_to_int_seq.py /tmp/foo | ./ast_send.sh 5855553258 [...]
   $ cksum /tmp/foo 668417501 16 /tmp/foo

   She’ll notice her PC making a call with her phone, silently transmitting the data, and disconnecting. Behind the scenes, the OKCrypto scripts will…

7. Convert the bytes in /tmp/foo to a series of decimal digits.
8. Encode the digits as DTMF tones with gen from the multimon package. 1. Increase the pitch (time-independent) to prevent any intermediary systems (esp. Asterisk) from interpreting the tones.
9. Queue the final audio file for transmission by Asterisk.

The recipient will hear his phone ring once before his PC answers the call, records the audio, and disconnects. When the call is complete, Asterisk will invoke one of the OKCrypto scripts to…

1. Decrease the pitch to yield the original DTMF tones.
2. Decode the DTMF tones to a series of decimal digits.
3. Convert the digits to a series of bytes which is written to ‘/tmp/bar’.

   $ tr -d '\n' < /tmp/newest_vm.txt | ./int_seq_to_bin.py /tmp/bar [...]
   $ cksum /tmp/bar 668417501 16 /tmp/bar

Now that we can reliably send data, let’s make sure that it’s encrypted first. This turns out to be one of the simplest components of the system – many good crypto APIs are available.

I use GnuPG:

$ gpg --symmetric --force-mdc --cipher-algo AES256 filetoencrypt 

The `–force-mdc` option provides integrity checking – useful for handling transmission errors. Consider these GPG options carefully and make sure they fit your requirements.

Here are a few ideas we’re pursuing for the future of this project:

• Moving the modem code to the cell phone. This would simplify the setup but potentially risk security.
• Improving modem error rate. Data is often erroneously duplicated during transmission.
• Increasing the modem throughput. The current code averages a meager 10 bytes/second.
• Hiding the data within a steganographic channel in a normal voice conversation.
• Incorporating GPG into the OKCrypto scripts.
• Packaging the system as a LiveCD/Live flash drive.
• Implementing key exchange.
• Building an embedded device dedicated to OKCrypto.

I gained experience in the follow areas during the design, implementation. and testing:

• GSM, CDMA crypto. I suspect the cellular phone industry would make a great case study in protocol security by obscurity.
• Cellular voice codecs used by large carriers. Trivia: your calls only require ~10kbps.⁵
• Bluetooth HFP specification and available implementations.
• Debugging latency tolerances in virtual machine USB “passthrough” subsystems.
• The Twilio telephony API. I used Twilio when I only had one cell phone to debug with.
• Asterisk administration.

I’ve described a method to securely transmit data over any of the widely-available cell voice networks. The implementation requires only commodity hardware, open-source software, and minimal setup.

Be aware that transmitting data by “automated means” may violate the terms of your cellular service contract. I disclaim all liability. This information is provided for educational purposes only.

You can download the OKCrypto system here: http://www.unsyncopated.com/corral/okcrypto_v0.1.tar.gz

It is licensed under the LGPL.

• You’ll find lots of links to cell security architecture articles, Bluetooth HFP implementations, and Asterisk administration web pages on the wiki at Crypto Phone/Stacked Linux-based CPhone Brainstorming

Update 1/13/09 - Check out some technical notes on our recent progress with a faster and more reliable modem: OKCrypto/Progress Report for 01-09-2010

1. Open-Source Effort to Hack GSM John Blau – IEEE Spectrum Magazine – December 2009 issue
2. Subverting the security base of GSM Karsten Nohl – Hacking at Random – 8/15/2009
3. Bluetooth Hands-Free Profile (HFP) 1.5 – Bluetooth Special Interest Group – 11/25/2005
4. Comment #1 on Maemo bug #2754 – Johan Hedberg – 1/25/2009
5. Adaptive Multi-Rate audio codec – Wikipedia – 11/24/2009

The problem

You want to create local mirrors of the apt repositories that you use but you don’t have enough hard drive space to mirror every package. Or maybe you have a slow link and you don’t want to spend time downloading packages that you’re unlikely to need.

Only mirror packages whose popularity (as reported by popcon’s “installed” metric) matches a certain threshold.

I’ve been hacking without a network connection recently and one of the biggest pain points is not having access to my distro’s software package repository.

For example, while writing some Python screen-scraping code last week I realized I didn’t have the Python library I wanted to parse some HTML with – Beautiful Soup. Rather than postpone my work on the script until I found a weefee signal, it would have been nice to simply install the package from a local mirror of the repository.

I soon discovered two common tools that can be used to create a local mirror of a repository – Frans Pop’s debmirror and Dmitriy Khramtsov’s apt-mirror.

I chose apt-mirror, skimmed Alan Pope’s handy step-by-step guide and kicked off the mirror script…

$ sudo -u apt-mirror apt-mirror

[...]
52.7 GiB will be downloaded into archive.
Downloading 75 archive files using 10 threads...

ACK! That’s a lot of gibibytes.

Eventually I’d like a complete mirror, but for now, I only want the packages I’m likely to need. My broadband connection isn’t as “broad” as I would like.

The Debian Popularity Contest (“popcon”) came to mind and sure enough, Ubuntu also provides a flat text file containing the names of all packages sorted by the frequency with which they’re installed by users.

I downloaded this file and hacked up the primary apt-mirror perl script to consult the file, only mirroring binary and source packages if they meet a chosen popularity threshold.

Here’s the meat from a patch that applies cleanly to apt-mirror version 0.4.5-1ubuntu2:

sub should_process {
# print "should_process()\n";
my $pkg_name = shift;
my $section_name = shift;
my @popular_pkgs = @{ $_[0] };

# if the pkg isn't in the 'game' section...
if($section_name !~ /game/){
my %is_popular;
for (@popular_pkgs) { $is_popular{$_} = 1 };

if( $is_popular{$pkg_name} ) {
# print "processing popular pkg: " . $pkg_name . "\n";
return 1;
} else {
# print "skipping unpopular pkg: " . $pkg_name . "\n";
return 0;
}
} else {
# print "skipping game pkg: " . $pkg_name . "\n";
return 0;
}
}

# [...]

# open our popcon database
my $db_path = "/home/tz/Desktop/by_inst";
open(FILE,$db_path) or die "Can't open popcon db: $!";
my @data=; # beware record separator ($/) tweak below
close FILE;
my $num_comment_lines = 11;
my $threshold = 3000;
my $cur_line;
my @popular_pkgs;
# for each of the first $threshold lines, grab pkg name
foreach $cur_line (@data[$num_comment_lines .. ($num_comment_lines + $threshold)]) {
# print "cur_line: $cur_line";
my @tokens = split / +/, $cur_line;
# print "pkgname: " . $tokens[1] . "\n";
push( @popular_pkgs, $tokens[1] );
}

# [...]

if( should_process( $lines{"Package:"}, $lines{"Section:"},@popular_pkgs ) ) {
add_url_to_download($uri . "/" . $lines{"Directory:"} . "/" . $file[2], $file[1]);
}

Tweak the path to the flat file (`$db_path`) and the threshold (`$threshold`!) to suit your needs.

 ________________________________________
/ As you can see, I also modified the    \
| script to skip games. Games tend to be |
| large and there aren't many that I use |
\ often, except perhaps cowsay(1) :]     /
 ----------------------------------------
    \               ,-----._
  .  \         .  ,'        `-.__,------._
 //   \      __\\'                        `-.
((    _____-'___))                           |
 `:='/     (alf_/                            |
 `.=|      |='                               |
    |)   O |                                  \
    |      |                               /\  \
    |     /                          .    /  \  \
    |    .-..__            ___   .--' \  |\   \  |
   |o o  |     ``--.___.  /   `-'      \  \\   \ |
    `--''        '  .' / /             |  | |   | \
                 |  | / /              |  | |   mmm
                 |  ||  |              | /| |
                 ( .' \ \              || | |
                 | |   \ \            // / /
                 | |    \ \          || |_|
                /  |    |_/         /_|
               /__/

• Download popcon db file, rather than expect that it already exists on disk.
• Read desired popularity threshold from mirror.list rather than using a hard-coded value.
• Read desired sections as above.
• Speed holes! My perl-fu is weak.

• I found a faster mirror half-way through creating my local mirror. Renaming `/var/spool/apt-mirror/{mirror,skel}/${OLD_MIRROR` to `/var/spool/apt-mirror/{mirror,skel}/${NEW_MIRROR}` was sufficient.
• If you try to install a package from your local mirror which doesn’t exist, you’ll get a 404 error – nothing catastrophic happens.
• Beware permissions issues. Avoid running apt-mirror as root rather than the prescribed `apt-mirror` user.
• debmirror has a `–exclude-deb-section` option

1. Find all the photos that you’ve been tagged in and…
2. Download each photo to a chosen directory.

It worked fine for me after I fixed a trivial tkinter bug.

Right now I’m adapting photograbber to download entire albums for me. Here’s the crucial code that requests a collection of “photo” records using Facebook Query Language (FQL):

photos = self.facebook.fql.query("SELECT pid, aid, src_big FROM " \
"photo WHERE pid IN (SELECT pid FROM photo_tag WHERE subject=" + \
str(self.facebook.uid) + ")")

Changing the query to…

"SELECT pid, aid, src_big FROM photo WHERE aid IN (SELECT aid " \
"FROM album WHERE owner IN (SELECT uid FROM user WHERE name=\"" + \
FriendName + "\") AND name=\"" + AlbumName + "\")"

… did the trick. Caveat coder: the album IDs that you see in your browser while surfing Facebook aren’t the same IDs that you should use in your FQL queries. If you slip up, you might receive this misleading message: “FacebookError: Error 600: An unknown error occurred in FQLPhotoTable::get_ids_for_queries: should never have a pid or aid without a uid”

Keep Facebook’s terms of service in mind when interacting with their site – you don’t want a “cease and desist” letter like Vincent Cheung received for his “FaceDown” application.

If all else fails, you might have some luck with a PHP script called “FBCMD” as illustrated here. There’s also a .NET standalone app: The RajitSS Album Downloader.

I’ll spare you my internet balkanization rant – Fred Vogelstein made the argument far better in the June issue of Wired: Great Wall of Facebook – The Social Network’s Plan to Dominate the Internet – and Keep Google Out.

$ stream.sh 1370

I usually edit small scripts like that with `nano(1)`. Rather than type the entire path to the script when I need to edit it (`nano ~/prog/sh/stream.sh`) I just say `nano $(which stream.sh)` i.e. “edit whichever file is in the `$PATH` with that name”.

It’s actually a brain-saver with more verbose names, I promise `:]`.

“Step by Step” by Chronos on di.fm‘s chillout station as recommended by DJ JMULV

• An article on Zsh(1) completion from Linux Magazine
• mikas blog – Blog Archive – mika’s advent calendar – day 19: zsh completion

One of the software tools I’m using to do this is called cdparanoia. It’s a solid little app from the venerable Xiph.org multimedia project with an entertaining but informative console interface. An excerpt from `cdparanoia(1)`:

OUTPUT SMILIES
:-)  Normal operation, low/no jitter
:-|  Normal operation, considerable jitter
:-/  Read drift
:-P  Unreported loss of streaming in atomic read operation
8-|  Finding read problems at same point during reread;
     hard to correct
:-0  SCSI/ATAPI transport error
:-(  Scratch detected
;-(  Gave up trying to perform a correction
8-X  Aborted read due to known, uncorrectable error
:^D  Finished extracting

PROGRESS BAR SYMBOLS

    No corrections needed
-   Jitter correction required
+   Unreported loss of streaming/other error in read
!   Errors  found  after stage 1 correction; the drive is
    making the same error through multiple re-reads, and
    cdparanoia is having trouble detecting them.
e   SCSI/ATAPI transport error (corrected)
V   Uncorrected error/skip

The interface is a testament to the poor reliability of the little plastic discs. I’ve found, however, that I’d rather learn of a fatal scratch on some rare dub reggae disc from it rather than by a Zsh core dump message.

The UI also uses an interesting variation on the throbber/baton: main.c – cdparanoia-3.10+debian~pre0.

Long live the console.

cp /etc/slop/gunk.conf /etc/slop/gunk.conf_before_v2_upgrade

Since the first portion of the second argument is always the same as the first argument (the green text), it bugged me to have to do tab completion for it. Luckily, zsh and bash provide an event designator for the current command line (ie the one you’re currently typing). It is !# and it works just like the other events (eg !! is the previous command). See Zsh Documentation – History Expansion. Bash’s syntax is very similar.

So now when I want to make a crude backup like above, I use something like this:

cp /etc/slop/gunk.conf !#:1_before_v2_upgrade

Speaking of Intel, kudos to them for having the best website of any motherboard manufacturer I’ve bought from. Their motherboard pages have

• High resolution pictures of the boards.
• Detailed specs for each available “configuration”.
• BIOS updates (including old ones) in 4 different formats including bootable CDs.
• 3 effective ways to identify an Intel board (BIOS string, sticker label on board, part number)
• Detailed information on where temperature sensors are located.

They also support the Linux community by releasing quality open-source graphics drivers. Very, very nice.

If you want to install Ubuntu on a 965-based Intel board like the DQ965GF, I recommend the third Fiesty Fawn milestone, Herd 3. With Herd 3, you get the 2.6.20 kernel which supports KVM, a loadable kernel module to support hardware virtualization (scoooore!).

Because the 965 chipset is new, there are still some kinks. At first the installer crapped out and left me with:

BusyBox [ver] Built-in shell (ash)
Enter 'help' for a list of built-in commands.

/bin/sh: can't access tty; job control turned off

Later on, I got garbled X graphics.

The solution to these problems was to add “vga=771 all-generic-ide pci=nommconf” to my kernel options line after booting to the install CD (hit F6 when the installer while you’ve got the “Start or install Ubuntu” menu item selected). Your final options line should read “file=/cdrom/preseed/ubuntu.seed boot=casper initrd=/casper/initrd.gz vga=771 all-generic-ide pci=nommconf quiet splash –”. I removed “quiet” and changed “splash” to “nosplash” also.

Windows XP Profession rebooted every time it tried to load “mup.sys” during bootup. The fix was to change the BIOS setting for Configure SATA As” (Advanced Tab -> Drive Configuration) from “AHCI” to “IDE”. Note that this will nix any benefit you get from SATA.

Some of these links were helpful:

• Configure SATA as [Standard IDE] or [AHCI] ???
• How To: Install Fedora Core 6 On Intel DG965SS Motherboard

#env LESS = -i --prompt="%f (%pb%, %lmth line, %L lines)$"

After I executed `lesskey` to apply the new settings to `.less`, I started seeing error messages like these whenever I tried to use the pager:

• `-” must be followed by 1 or 2 chars Missing filename (“less –help” for help)`
• `There is no -’ option (“less –help” for help)`

It turns out that the problem is with the quote characters. Unlike `bash`, you don’t have to worry about `lesskey` interpreting the `$` or `%` characters. Thus, you don’t need to “protect” them with quotes.

Removing the quotes fixed the problem and now `less` tells me where I’m at in the file in terms of percentage, line number, and total lines: `/etc/passwd (68 14th line, 33 lines)`