Captive Portal

Read more


#White Hacking: Wemos & Captive Portal using MicroPython

At the beginning of October I wrote a blog article called White Hacking: WeMos and SquirelCrawl!. I used the WeMos (ESP32) and the firmware provided by Hacker Arsenal to do a captive portal. As you known, a captive portal is a web page which is displayed to newly connected users before they are granted broader access to network resources [

This time, I've implemented the captive portal (system) using MicroPython on the ESP32. This implementation allows you to upload more than one file. This means, e.g. you can upload CSS and JavaScript files for better web page style and more interaction with the user (e.g. using jquery). However, you should not forget that the WiFi speed of the ESP32 as an access point is very limited. You should always optimize the web page!

Python Code: https://github.com/lemariva/uPyPortal

Portal optimization is required! This is only a sample and a very beta code. The portal is far away from stable :S, but it works.

Disclaimer

I assume no responsibility for the usage of this code and post. I repeat again, the book "The Hacker Playbook 2: Practical Guide to Penetration Testing - Peter Kim" says

Just remember, ONLY test systems on which you have written permission. Just Google the term “hacker jailed” and you will see plenty of different examples where young teens have been sentenced to years in prison for what they thought was a “fun time.” There are many free platforms where legal hacking is allowed and will help you further educate yourself.

Virus Macro

Read more


#Security: Phishing with Macros once again!

And once again! Word files with Macro! But this time, I was the first one to report it to VirusTotal and Hybrid-Analysis! :)

Virus Macro!
Fig 1: VirusTotal report! Just only two: Fortinet sells hardware, and Qihoo-360 is in China (:S)...

Here you have the e-mail. The sender is this time the "BOSS Last Name" (A nice improvement! :P) without address, or something like that!

WiPy & Geolocalization

Read more


#MicroPython & #WiPy2.0: Geolocation using WLAN

I was surfing the services that Google offers, I found the Geolocation API. As Google describes the API: it returns a location and accuracy radius based on information about cell towers and WiFi nodes that the mobile client can detect. As I was writing the last post using MicroPython, I thought the WiPy 2.0 could be a nice "mobile client".

To use the API you need to get an API key from Google. As a standard user of the API, you get:

  • 2,500 free requests per day, and
  • 50 requests per second, per user.

I thought I could play with it to test the accuracy of the geolocation.

Python Code: https://github.com/lemariva/uPyGeo

If you’re not up to speed with MicroPython, Wipy see earlier articles in here.

Wemos & Amazon Echo

Read more


#MicroPython: WeMos and Amazon Echo (Alexa) - Switching LED Colors!

I don’t have any Belkin WeMo system or Philips Hue light bulbs. However, I have two ESP32 running MicroPython (see my last article), and a W2812b LED strip, and I thought I should be able to say, "Echo/Alexa, turn on the kitchen light" or "Echo/Alexa, turn on the blue light" and It should work with this setup.

And... it works as you can see in this video!

If you are interesting in only using the code, then click here. Otherwise, you can read the complete story... ;)

Python Code: https://github.com/lemariva/uPyEcho

If you’re not up to speed with MicroPython, Wipy see earlier articles in here.

Wemos MicroPython

Read more


#MicroPython: Getting started!

Another quick tutorial, this time for MicroPython on ESP32. You can find all the information that I'm writing in this post in different articles on the Internet but I've not found anything that summarizes all the topics. That is why I am writting this post. I included some links at the end of each topic to extend the info. Feel free to visit them if you want more info, or write a comment I will try to respond it.

Python Code: https://github.com/lemariva/ESP32-MicroPython

MicroPython & Board

What's MicroPython?

Quoting the official micropython page results in the following

MicroPython is a lean and efficient implementation of the Python 3 programming language that includes a small subset of the Python standard library and is optimised to run on microcontrollers and in constrained environments.

As you see, in my last posts (sorry about the link, I need some pagekit taxonomy!), I have been programming the Wipy 2.0. This board is a tiny MicroPython enabled WiFi & Bluetooth IoT development platform.

Fortunately, there is a port of MicroPython for the ESP32, and this time I've installed the firmware on the Wemos board. The development tool includes a ESP-WROOM-32 microcontroller.

WeMos white Hacking

Read more


#White Hacking: WeMos and SquirelCrawl! (update 17.10.2017)

I was surfing the web for new hacking software and hardware tools and I found the Hacker Arsenal website. This website offers "ARTILLERY FOR CYBER WARRIORS" as they said; it is basically hardware and firmware for pentester. In summary, they have actually three products especially for Wi-Fi Sniffing.

Python Code: https://goo.gl/YuT5qm

I found the Winx-Portable on the website and I thought I have something like that. I look for the boards that I've recently bought, and I find the WeMos WiFi ESP32 Development Tool. The boards are identical. Then, I tested the available firmware and they worked on my board.

nRF24Things&SensorTag-Things

Read more


#ProjectDIVA: nRF24Things working on Android Things DP5.1

I've updated the code of the nRF24Things application. The application is now working on Android Things DP5.1. There is a Bug on DP5.1 related to the SPI units. You can read more on my last post here.

I've tried to update the SensorTag-Things application but I didn't work. DP5.1 has still problems with Bluetooth. Due to the crash by debugging, I found and reported another bug to Google. Read here.

20171003 virus capture macro min

Read more


#Security: Phishing with Macros once again!

Yesterday I received again an email from an address that should look like my boss email address.

Dienstag, 3. Oktober 2017 08:34
Guten Abend,

In der Anlage das SEPA Formular und die neue Rechnungsanschrift.
http://uk-timber.co.uk/Angebot-OMHZG-046754/


Viele Grüße
Boss Name
Android Things

Read more


#Tutorial: Getting started with Android Things

As the title says, this is a getting started with Android Things. It should be my first post, but, it's better now than never. I'm posting this to summarize the steps to install Android Things on your Raspberry Pi.

Google announced Android Things on December of 2016. It's a modified version of the Android that we all know, but for Internet of Things (IoT) devices. The architecture of the SDK is described in the following figure:

Android Things Architecture
Fig.: Android Things SDK architecture (Source: Google)

As you can see, the core Android framework (the level below the Apps) is extended with additional APIs provided by the 'Things Support Library' (in orange). These APIs enable the integration of the apps with the new IoT devices.

Payload Macros Word

Read more


#Security: Phishing with Macros! (updated)

Hi!

Yesterday I received an email from an address that should look like my boss email address. It was something like this: "Boss.Name@our-institute.uni-hannover.de nancy@hillstar.brcoxmail.com" with the subject: Rech QK - 163-DA7666 Riva, Mauro and a text saying:

Guten Tag, Riva, Mauro

Als Anhang erhalten Sie Ihre Rechnung. (something like "You receive your invoice as an attachment.")

Rech:
http://blackbox-es.com/Rechnung-26375407950/ (don't click this link --> read all the post!!!)

Herzliche Grüße (Grüße: Grüße)

boss.name@our-institute.uni-hannover.de
Android Things

Read more


#ProjectDIVA: Android Things DP5.1!

Hi!

Android Things DP5.1 is out! and the bugs were fixed!!! You can check the release notes here!.

You don't need to change the config.txt for the display settings and the debugger issues were solved and it is working again (tested! - it stops at the breakpoints)!

You can download the zipped image using the Android Things Console! Check this post for more information!

There are some problems with my two Android Things repositories and the applications are not working as expected :( but I will be updating the GitHub repositories this weekend!

Stay tuned! and have a nice friday!

Android Things DP5

Read more


#ProjectDIVA: Android Things DP5! (updated 24.08.2017)

Hi!

Android Things DP5 is out and of course, new features are available.

The most important features are:

  • Runtime Pin Configuration
  • OpenGL 2.0 Support (that means hardware acceleration on the RPI!)
  • ViewWeb is available!

This time you need to use the Android Things Console to download the image as follows:

  1. Go to: Android Things Console and sign in using your Google credentials
  2. Click on: Create a new Product
  3. Go to: Factory Image
    • Select: Empty Bundle (if you don't have any app) and the Android Things v. OIR1.170720.015
    • Click on: Create Build Configuration
  4. Make a coffee or just wait a couple of minutes
  5. You get the .zip file which contains the .img file
  6. Use Win32DiskImage (Windows) or dd command (Linux/Mac) to flash the image on the micro-sd (click here for more info)

Update:

Problems were solved with Android Things DP5.1! Check here!


Unfortunately, I am having some problems with this version. The first problem... (continue reading!)

SensorTag Android Things

Read more


#ProjectDIVA: SensorTag Hub

Hi again!

Two posts in one day! Now the SensorTag CC2650 is running on Android Things. The Raspberry Pi 3 can be used as a sensor hub, and the SensorTag can be connected to it using BLE. I modified the original app and now it is working on Android Things! Minimal changes were required, especially on the files related with the user interface. Moreover, WebView is still not supported on Android Things.

SensorTag Android!

Read more


#TI: SensorTag CC2650

Hi there!

I've created a new repository for the Texas Instrument SensorTag CC2650. I updated the open source TI repository, which can be found here.

Due to licensing restrictions (I do not know which ones) Texas Instruments was no longer able to keep the open source code in sync with the SensorTag application in Google Play. That means, the new version in Google Play has more features than this one. But this is open source, and can be modified and extended! I am planning to collect the sensor data and publish on a Google Cloud IoT PubSub topic.

The new code can be found here:

Java  Code: https://goo.gl/ZcUkA2


#ProjectDIVA: nRF24Things Rev. 0.3

I've recently updated the nRF24Things project. I introduced some changes to the database main table (sensors) and to the handler class DatabaseHandler. Additionally, I added a second table for the payloads (payload). The two tables are related using the foreign key nodeID. I added some search options for the payloads: search by payloadID, nodeID etc.


Android Things
nRF24Things: https://goo.gl/SNnhxq

The main idea of this project is to measure the humidity, temperature, air quality etc. of a room with multiple sensors (may be using the PiCoBo's) inside and outside of it, and the doors and windows status, and with this information create a room data model to estimate and predict the room conditions. It is a big project; I start with the data logging.

  • 1
  • 2