Time-Shift: Veritas liberabit vos
The truth shall set you free

Posts Tagged ‘Personal’

One, Two, Trimix

Thursday, August 5th, 2021

It’s been about 8 years now, since I started my journey as a diver. From PADI OWD over CMAS**/*** to Trainer-C and dive Instructor in 2019, all of my diving “career” has been pretty much standard. Last year then I took my first steps into the area of technical diving with the DTSA TEC Basic certification. A few weeks ago finally I stepped up the game a notch by attaining my first Trimix certification (DTSA Trimix* / CMAS Normoxic Trimix Diver).

Apart from the Apnoe, Sidemount, UW photography / videography and rebreather certifications, this pretty much brings me close to having all the certifications in VDST. A DTSA Trimix** (CMAS Hypoxic Trimix Diver) is certain to follow at some point in the future. But at the moment I want to invest more time into honing my diving skills and furthering my instructor levels (diving instructor level 2 and instructor for technical diving are both in the making 😉 ).

Curaçao 2015 – A vacation to remember.

Sunday, November 13th, 2016

Finally found the time to add the picture of my Curaçao vacation from 2015 to the album. This truly was one awesome vacation. Curaçao… I’ll be back!

 

The connection horror or how I hacked my own data

Sunday, November 29th, 2015

A lot of people know the situation: You get a new and fast Internet connection. But your provider is a support nightmare. He hands you a practically black boxed router that automatically gets its connection data from the Internet and you have no chance of ever getting this data. After all.. why would you.. isn’t it much easier this way? Well.. let me tell you a little secret the providers don’t like to be advertised that much: Not only do they push the configuration to your new router, but they can also change it ANYTIME they want. If you have a regular setup like most people it looks like this:

Network

(Given, not everyone has a NAS at home. But they become more and more common as the devices become more simple and the data people want to store (like e.g. Audio and Video Data) needs to be shared between devices in the network. So for the sake of this article lets assume the regular user has some kind of network capable storage. Technically even a smartphone or a wifi enabled HiFi system is a network attached data storage but lets keep it simple). In this kind of setup that we see in the above picture, the Router that you use is the only barrier between your data (or device that holds your data) and the Internet. Suddenly a device you though just “provides you with internet access” becomes the only thing between your privacy and total disclosure of your private data to the world! Worse yet: even if you are as naive as to assume you provider will never do you harm, will never be hacked and never be forced by the government to give them access to your data, there is hardly a month were security groups in the Internet and from companies don’t find horrific bugs in common router firmware. With the providers being the only ones who can update your router, you have to put total trust in them to do so in a timely manner. Sadly they usually are way behind when it comes to updating the devices. So obviously this is a setup that is not acceptable. A possible solution would look like this:

g10Its possible but it has a few rather bad downsides:

  • You waste power for a device you practically don’t use (the provider router).
  • The provider (or someone who hacked it) can still do stuff to the other router and close ports or mess with connections.
  • You still need to use the provider router for the SIP connection because you don’t have the login data for that.
  • Your connection speed might drop from having two firewalls and 2 NAT systems behind each other.
  • In worst case scenarios you can’t open ANY Ports towards your network because your provider doesn’t want it.

Its obvious that the best solution would be to have your own router (for me this is my Gentoo server) and telephone system (Asterisk in my setup) running that you can maintain and implement your own security plan as needed. When I switched my Internet provider this week (for a lot more speed) I had exactly this problem. They just give you a router (FritzBox) and nothing else. For me it was clear from the beginning that I was going to use my own solution as I have been for the last 4 years. This is the story of how I managed to do just that.

My first idea (that I had before I even had the thing in my hands) was to hack the router right after it had downloaded the configuration from my provider. I knew from articles in the Internet that there was a slim chance of getting a telnet daemon running on the FritzBox and connecting to that. However when the device was done downloading the data, it became clear pretty fast that this door was slammed shut by my provider. In fact there was no getting into that router from any angle. It took me the better part of a day to realize that this idea was a dead end.

I needed a new plan… and I had one. I knew from experience, that most companies don’t take security that seriously. So I though to myself: “Why should that router send all the login data encrypted over my DS Line?”. After all who really has the capabilities to sniff a very high frequency modulated signal in a cable that is mostly under ground (yes the government has, but they can just get that data if they want to). Fortunately the FritzBox has a sniffing program integrated for all Interfaces designed for customer support problems (horrifying I know but in that moment.. pure gold!). It records all packets send over a specified interface in the wireshark format. No sooner said than done I had a neat amount of PPPOE packages on my hard drive recorded during the login procedure via DSL. It didn’t take me to long to find the data that I was looking for. 3 different PPPOE connections. One for the Internet line, one for the voice channel and a third one for the TR-096 channel (provider remote access for touter configuration)! It was unencrypted as I though and the passwords and usernames where plaintext *Place facepalm and happy dance here*.

The last thing that was missing, was the username and password for the sip connection to my provider. And here I hit another dead end again. While PPP login using unencrypted PAP authentication is not that unusual, the SIP protocol has per standard an encrypted HTTP Digest challenge as login procedure. Though I could easily get the username (it was unencrypted of course :-/) it proved impossible to get the password this way (Technically it wasn’t impossible, but I would have had to put an immense amount of CPU/GPU time and energy into reverse calculating that has to a password password. Considering it turned out to be 8 characters long, that might have taken month, if not more, of a permanently running cracking program). But I was not about to give up that easily. After all as Jean-Luc Piccard once said: “Things are always impossible until they’re not!”. I needed yet another plan.

I remembered that though I did not know that password, neither did my router when I first unpacked it. I started digging into the TR-096 protocol. And there I found the weak link I was looking for. Although TR-096 uses HTTP as means of transport it is recommended to use HTTPS for obvious security reasons. My provider of course did not. When I saw the CPE management URI starting with http:// I knew I was onto the solution. I set my router back to its original state and disconnected the DSL cable. After rebooting the box, I immediately started the sniffer on the Internet line.

At first I was only getting rather useless PPPOE session data (PADI;PADO;PADR,PADS) or chunks of TCP data that wasn’t readable. I already became somewhat frustrated when the sniffer hit gold.A series of HTTP packages! I quickly put them together (they where fragmented) and the result looked something like this:

POST /live/CPEManager/CPEs/Auth_Basic/avm/ HTTP/1.1
Host: ***.***.***.***:80
Content-Length: 2776
Content-Type: text/xml; charset=”utf-8″
SOAPAction: “cwmp:Inform”

<soap:Envelope xmlns:soap=”http://schemas.xmlsoap.org/soap/envelope/” xmlns:soap-enc=”http://schemas.xmlsoap.org/soap/encoding/” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema” xmlns:cwmp=”urn:dslforum-org:cwmp-1-0″>
<soap:Header>
<cwmp:ID soap:mustUnderstand=”1″>100</cwmp:ID></soap:Header>
<soap:Body>
<cwmp:Inform>
<DeviceId>
<Manufacturer>AVM</Manufacturer>
<OUI>00040E</OUI>
<ProductClass>FRITZ!Box</ProductClass>
<SerialNumber>************</SerialNumber></DeviceId>
<Event soap-enc:arrayType=”cwmp:EventStruct[4]”>
<EventStruct>
<EventCode>7 TRANSFER COMPLETE</EventCode>
<CommandKey></CommandKey></EventStruct>
<EventStruct>
<EventCode>M Download</EventCode>
<CommandKey>*************</CommandKey></EventStruct>
<EventStruct>
<EventCode>4 VALUE CHANGE</EventCode>
<CommandKey></CommandKey></EventStruct>
<EventStruct>
<EventCode>1 BOOT</EventCode>
<CommandKey></CommandKey></EventStruct></Event>
<MaxEnvelopes>1</MaxEnvelopes>
<CurrentTime>0001-01-01T00:02:00</CurrentTime>
<RetryCount>1</RetryCount>
<ParameterList soap-enc:arrayType=”cwmp:ParameterValueStruct[8]”>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceSummary</Name>
<Value xsi:type=”xsd:string”>InternetGatewayDevice:1.4[](Baseline:2, EthernetLAN:1, ADSLWAN:1,ADSL2WAN:1, Time:2, IPPing:1, WiFiLAN:2, DeviceAssociation:1), VoiceService:1.0[1](SIPEndpoint:1, Endpoint:1, TAEndpoint:1), StorageService:1.0[1](Baseline:1, FTPServer:1, NetServer:1, HTTPServer:1, UserAccess:1, VolumeConfig:1)</Value></ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceInfo.HardwareVersion</Name>
<Value xsi:type=”xsd:string”>*********************</Value></ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceInfo.SoftwareVersion</Name>
<Value xsi:type=”xsd:string”>************</Value></ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceInfo.SpecVersion</Name>
<Value xsi:type=”xsd:string”>1.0</Value></ParameterValueStruct>
<ParameterValueStruct>
<Name>InternetGatewayDevice.DeviceInfo.ProvisioningCode</Name>
<Value xsi:type=”xsd:string”>*****</Value></ParameterValueStruct>
<ParameterValueStruct>

….

Of course there was real data in there. I just put the stars in to cover up sensitive information. Somewhere in this chunk of data (apart from all the config data that I already had from my other sniffing attempts) if found two junks that where like the second coming for me on this day:

<Name>InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.Line.1.SIP.AuthUserName</Name>
<Value xsi:type=”xsd:string”>*************</Value>

<Name>InternetGatewayDevice.Services.VoiceService.1.VoiceProfile.1.Line.1.SIP.AuthPassword</Name>
<Value xsi:type=”xsd:string”>*************</Value>

Bingo! The last puzzle pieces to my odyssey! As a last measure of verification, I flashed my router with a de-branded firmware and entered the data that I had collected in the appropriate interfaces (to make sure that there was no other special stuff in that old firmware that was needed to make the connections). And it worked like a charm. Even though it might not seem like such a big deal for some.. for me those two days of hacking to get my own data (after all I pay for that connection) was quite an experience in itself. Especially since I was successful! Another win for free choice and against oppression :-P.

And the moral of the story? Thank god most ISP’s are to lazy to implement real security. If all those connections would’ve been encrypted, it would’ve been nearly impossible to get all that data. Crazy and scary at the same time :-P.

Unending

Monday, August 12th, 2013

After some (rather dreadful) month Kartuga will be closed on August 31. This day will also see the layoff of most of the TBG staff. Most of us (if not all) have already been released from work and are trying to find new jobs and new opportunities in other places. Working with you has been a blast! Here’s to you guys & girls!

The last month has started with quite some action, as Kartuga was actually almost saved (not by the publisher mind you). I want to take this opportunity to thank all of those (especially our bosses) who tried their best to make that happen. After all Kartuga was (and for that matter will be) our baby. Its very sad that those efforts where in vain. Eventually we had to say our goodbyes to team and studio.

Now all that remains is the usual struggle to find a new employer and have all the nasties that come with that assignment. If you by any chance are working for a game studio that needs a good and dedicated programmer specialized in Game Logic and Unity3D don’t hesitate to send me an E-Mail. I don’t bite (most of the time :-P). I also make cocktails as a hobby so thats you opportunity to get 2 in one *gg*.

Unexpected Poetry

Thursday, November 15th, 2012

You ever had a moment where suddenly a line of poetry pops into your mind and you can not stop spinning it further until its just right? I have those moments now and then. Usually I get a pretty decent Rhyme together and then just forget about it. Last Sunday I watched “The legend of the Guardians” (don’t ask) just before going to bed (actually while being in bed). And suddenly I had one of those moments. And when I was done I had a pretty strong urge to write it down. So I got up and did. But ever since I didn’t really know what to do with it. And because it kind of speaks to my soul I decided to post it here. Maybe someone else likes it to ;-).

To Arms

To arms we call, to arms and then to war.
Together and united shall we stand.
Cause what we can not find in peace we will find nevermore.
And fight alongside bravely till the end.

In terror and despair this day be burned,
into the memory of those who live.
Let blades be fiercely be dashed until the war is turned.
Be sorry that we only got one life to give.

Through songs be echoed our righteous deed.
Remember all the good that we have done.
Be written down in books and carved in stone to read.
And may one day a legend it become.

Bachelor Thesis online

Monday, August 29th, 2011

Since I’ve got my Bachelor diploma I’ve released my bachelor thesis and the practical solution as binary and source code here. Please be aware that the source code is released under GPL, but the written thesis may only be used for personal education. If you want to publish my thesis in any way please contact me first. The thesis handles displacement mapping in Direct X 11 using hull and domain shader. It makes use of almost every new Direct X 11 feature (Tessellation, Compute Shader). If you have any questions concerning my work please don’t hesitate to contact me or leave a comment. I’ll be happy to explain or help with you work if I can.

Tessellation Demo

Tessellation Demo

Tessellation Demo low tessellation

Tessellation Demo low tessellation

Tessellation Demo wireframe mode

Tessellation Demo wireframe mode

Tessellation Demo low tessellation wireframe

Tessellation Demo low tessellation wireframe

To Game or not to Game

Monday, May 9th, 2011

Finally my childhood dream has come true. I’m a professional game developer ;). Ok… ok I’m a game development intern… but hey.. I’m going there step by step. My first week as intern at EA Phenomic has come and passed and I’m loving every second of it. I can now do what every (crazy) child is dreaming of. I create the games that we love so much and have so much fun playing. What better job there is ;)?

How to make your geek happy

Wednesday, December 1st, 2010

Well its that time of the year again isn’t it? Where the snow is falling, everyone is lingering around fireplaces and.. oh yea.. Christmas presents. Its always the same problem. What in gods name should I get for XY. The worst choice of all is of course: what to get your geek? Be it a friend, your boyfriend, brother or whatever.. geeks are hard to satisfy! Most of the times they will get that strange look in the face after opening your present. You know.. that look that says: thank you but WTF should I do with that piece of s****.  So be at ease, because I’ve got just the tip for you ;-). Take a look at http://www.getdigital.de/ . Most of the stuff there will make your geek happy. OK you’ve got to know him at least a little bit the make a decent choice. But hey.. life can’t be THAT easy :-P. After all getDigital has introduced a nice wish-list feature (just in time for Christmas). If you can convince your geek to put some stuff onto it you’ll just have to choose and buy. I love technology at work :-P.

P.S. I’ve got myself quite some stuff from getDigital.de. Some was a gift (like my 30cm plush tux that is following me to every amarok booth). Some I gave to myself (I’m a heavy tea drinker and the frozen tux mug is my best tea cup).

To trust or not to trust

Friday, August 13th, 2010

One of the major problems society is facing in the age of connectivity is TRUST.

Whom do you trust? Would you trust me with your life? Certainly not. What about your computer and all the Data on it? I doubt it. Would you trust me with your music player? You may be surprised to hear that but to a small part some of you already do 😛 (I’m coding for Amarok).Now a Question to all of you Amarok users: whom of you did read ALL the source code and search for bad or dangerous parts someone put in there? I certainly didn’t (and I’ve already read a lot of Amarok’s source code). So in the end even here all comes down to TRUST.

So why am I writing about this anyway? As you may (or may not) have noticed the little “s” behind behind my “http” is vanished. I did this because some of my readers complained because their browser complained because their browser doesn’t TRUST me and my self signed root certificate. So there we are again.. now back to TRUST.

Back in medieval times man would trust other man by their word. But not every man.. just the ones who where rich like hell (or at least a little rich :-P). Poor peoples word meant nothing. Lets go ab bit forward in time. Say 20. century. you’d think humanity has evolved into a species of understanding and equal rights? You’d be disappointed. There is still a system of classes and still we trust people with money (gentleman) more or less by their word and those who are poor are not trustworthy. So what about today? Equal rights for all? Trust for the poor. I’ll have to disappoint you again. Today (at least certificate and IT wise which is the area my blog is about) we trust those who are buying (for quite some money, and thus are “rich”) a certificate from companys who do not much else then SELLING TRUST for money (And thus degrading certificates to a “certificate of having enough money to be trustworthy”).

So where does that leave us today? Back in medieval times I guess.

HTC Desire Root

Thursday, May 6th, 2010

Finally Rooted my HTC Desire ;o). Using this tutorial it was really rather easy (Thx Paul for this quite fast work after coming back from the DomRep). After the process I finally got all the features I always wanted my phone to have! OpenVPN Support without any hassle (using “OpenVPN Settings” from the Market) and a running Mail Client by simply putting my own CA into the secure CA Storage of the device. Sure its not very easy to access the system partition of the Desire. But once you’ve got the files you need in place all is well. I’m a happy geek now (my girlfriend is not so happy with me using the new phone all the time :-P).