Latest Entries »

RaspberryPI and Yubikey

As the last Package available for Rasbian got some “small problems” regarding
ykclient return value (106): Server response signature was invalid (BAD_SERVER_SIGNATURE)
it is necessary to build it by your own untill the packages are updated.

1. Install tools

apt-get install autoconf libtool automake make libcurl4-gnutls-dev libykclient3 libusb-1.0-0-dev libpam-dev

2. Create Temp Folder for git clones

mkdir /root/temp

3. Build YubiKey C Library

cd /root/temp/apt
git clone git://github.com/Yubico/yubico-c.git
cd /root/temp/yubico-c
autoreconf --install 
./configure && make check && make install

4. Build yubico-c-client

cd /root/temp/
git clone git://github.com/Yubico/yubico-c-client.git
cd /root/temp/yubico-c-client
autoreconf --install 
./configure && make check && make install

5. Build yubikey-personalization

cd /root/temp/
git clone git://github.com/Yubico/yubikey-personalization.git
cd /root/temp/yubikey-personalization
git submodule init
git submodule update
autoreconf --install
./configure && make check && make install

6. Build yubico-pam

cd /root/temp/
git clone git://github.com/Yubico/yubico-pam.git
cd /root/temp/yubico-pam
autoreconf --install
./configure && make check && make install

7. Get the first 12 Chars

read -p "Enter OTP: " s && echo ${s:0:12}

8. Get Yubikey API Key and ID

9. Create “THE MASTER FILE”

mkdir /etc/yubikey_mappings/
vim /etc/yubikey_mappings/authorized_yubikeys

Enter the desired username with the 12char from Step 7
Example: mustermann:dwjdwakdjkaw

10. Edit /etc/pam.d/sshd to include the Yubikey Modul:

vim  /etc/pam.d/sshd

Insert the following line at the beginning. (Replace the Values from the Api ID and Key from Step 8

 auth required /usr/local/lib/security/pam_yubico.so id=nnnnn key=kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk authfile=/etc/yubikey_mappings/authorized_yubikeys debug

11. Modify /etc/ssh/sshd_config to include the follwing:

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

12. Append the folling at the end of the line containing pam_unix.so in /etc/pam.d/common-auth

try_first_pass

Example:

auth    [success=2 default=ignore]      pam_unix.so nullok_secure try_first_pass

13. DEBUG DEBUG
In case you want to see something:

touch /var/run/pam-debug.log
chmod go+w /var/run/pam-debug.log

14. Restart SSH and Test

/etc/init.d/ssh restart

Login in while viewing the /var/run/pam-debug.log
You need to enter your password and before hitting enter use the yubikey to generate the otp and login.

Thanks to:
https://v00d00.co/2013/08/10/yubikey-ssh-2-factor-authentication-with-ubuntu-13-04/

After installing the Crazyflie Headless Client on my RPI as described here. I noticed that the YAW axis was mapped on the right shoulderbutton but it was impossible to use it.

Below you can find a config which maps it back to the right stick.

{
  "inputconfig": {
    "inputdevice": {
      "updateperiod": 10, 
      "name": "xbox360_mode1", 
      "axis": [
        {
          "scale": -1.0, 
          "type": "Input.AXIS", 
          "name": "thrust", 
          "key": "thrust", 
          "id": 3
        }, 
        {
          "scale": 1.0, 
          "type": "Input.AXIS", 
          "name": "yaw", 
          "key": "yaw", 
          "id": 5
        }, 
        {
          "scale": 1.0, 
          "type": "Input.AXIS", 
          "name": "roll", 
          "key": "roll", 
          "id": 0
        }, 
        {
          "scale": -1.0, 
          "type": "Input.AXIS", 
          "name": "pitch", 
          "key": "pitch", 
          "id": 1
        }, 
        {
          "scale": -1.0, 
          "type": "Input.BUTTON", 
          "id": 0, 
          "key": "pitchcal", 
          "name": "pitchNeg"
        }, 
        {
          "scale": 1.0, 
          "type": "Input.BUTTON", 
          "id": 3, 
          "key": "pitchcal", 
          "name": "pitchPos"
        }, 
        {
          "scale": 1.0, 
          "type": "Input.BUTTON", 
          "id": 7, 
          "key": "estop", 
          "name": "killswitch"
        }, 
        {
          "scale": -1.0, 
          "type": "Input.BUTTON", 
          "id": 2, 
          "key": "rollcal", 
          "name": "rollNeg"
        }, 
        {
          "scale": 1.0, 
          "type": "Input.BUTTON", 
          "id": 1, 
          "key": "rollcal", 
          "name": "rollPos"
        }, 
        {
          "scale": 1.0, 
          "type": "Input.BUTTON", 
          "id": 6, 
          "key": "exit", 
          "name": "exitapp"
        }
      ]
    }
  }
}

Move the original xbox360_mode1.json to xbox360_mode1.json.orig and create a new one with the content from here.

Note:
The config file can be found in: $INSDIR/crazyflie-pc-client/lib/cfclient/configs/input
for example:

/home/bitcraze/projects/crazyflie-pc-client/lib/cfclient/configs/input

The right command for activating the Xbox Controller is:

echo xbox360_mode1 > /home/bitcraze/controller.conf

Wlan Dioder Hack

Hi,
i have created a “WLAN Ikea Dioder”.

wlan_dioder

You need

  • Ikea RGB Dioder
  • Arduino pro mini
  • Sparkfun FTDI Basic Breakout
  • TP-Link TL-MR3020 or TPLink WR703N
  • Some Cables

In this article we use the TP-Link TL-MR3020 mini router.

Implementation:

1. “Modify” the Dioder to gain access to the circuit and remove the microcontroller:

dioder_circuit

2. Install OpenWRT on the TP Link mini Router as described in the OpenWRT Wiki: http://wiki.openwrt.org/toh/tp-link/tl-mr3020

3. Configure the Openwrt as desired but enable ssh access!

4. Execute the following steps on the MR3020:

  • Packages:

opkg update
opkg install kmod-usb-serial-ftdi

  • Busybox:

Get the Busyboy as described here

After unzipping:

mv busybox /bin/busybox.stty && ln -s /bin/busybox.stty /bin/stty
chmod +x /bin/stty

  • “Dioder Script”

place the following code into /www/cgi-bin/dioder then execute
chmod +x /www/cgi-bin/dioder

#!/bin/sh -ax

SP=/dev/ttyUSB0
CMD=";$QUERY_STRING"

RED=`echo "$QUERY_STRING" | grep -oiE "(|[?&])red=[0-9]+" | cut -f 2 -d "=" | head -n1`
GREEN=`echo "$QUERY_STRING" | grep -oiE "(|[?&])green=[0-9]+" | cut -f 2 -d "=" | head -n1`
BLUE=`echo "$QUERY_STRING" | grep -oiE "(|[?&])blue=[0-9]+" | cut -f 2 -d "=" | head -n1`

echo "Content-type: application/json"
echo ""

if [ -z "$RED" ] || [ -z "$GREEN" ] || [ -z "$BLUE" ]; then
    echo "{ 'status': 'error', 'msg': 'missing color' }"
else
        [ "$(stty -F $SP -a | grep speed | cut -d ' ' -f 2)" != "9600" ] && stty -F $SP raw speed 9600 -crtscts cs8 -parenb -cstopb

         if [ "$RED" -gt "255" ]; then
                RED="255"
         fi
         if [ "$GREEN" -gt "255" ]; then
                GREEN="255"
         fi
         if [ "$BLUE" -gt "255" ]; then
                BLUE="255"
         fi

         if [ ${#RED} -lt 3 ]; then
                if [ ${#RED} -eq 2 ]; then
                        RED=0$RED
                fi
                if [ ${#RED} -eq 1 ]; then
                        RED=00$RED
                fi
         fi
         if [ ${#GREEN} -lt 3 ]; then
                if [ ${#GREEN} -eq 2 ]; then
                         GREEN=0$GREEN
                fi
                if [ ${#GREEN} -eq 1 ]; then
                        GREEN=00$GREEN
                fi
         fi
         if [ ${#BLUE} -lt 3 ]; then
                if [ ${#BLUE} -eq 2 ]; then
                        BLUE=0$BLUE
                fi
                if [ ${#BLUE} -eq 1 ]; then
                        BLUE=00$BLUE
                fi
         fi

         CMD=";$RED,$GREEN,$BLUE;"

               echo $CMD > $SP
                    echo "{ 'status' : 'success', 'msg' : 'done' }"
fi

5. Load the following Arduino sketch:

String Input;

int rValue = 0;
int gValue = 0;
int bValue = 0;

int OldRValue = 0;
int OldGValue = 0;
int OldBValue = 0;

int RedStepAmount = 0;
int GreenStepAmount = 0;
int BlueStepAmount = 0;

int currentRed = 0;
int currentGreen = 0;
int currentBlue = 0;

#define rLedPin 9
#define gLedPin 11
#define bLedPin 10
#define STEPS 10

void setup()
{
  pinMode(rLedPin, OUTPUT);
  pinMode(gLedPin, OUTPUT);
  pinMode(bLedPin, OUTPUT);

  analogWrite(rLedPin, 0);
  analogWrite(gLedPin, 0);
  analogWrite(bLedPin, 0);

  Serial.begin(9600);
  Serial.println("Started");
}

void loop()
{
  while (Serial.available()) 
  {
    delay(3);  //delay to allow buffer to fill 
    if (Serial.available() >0) 
    {
      char c = Serial.read();  //gets one byte from serial buffer
      if(c  != ';')
      {
        Input += c; //makes the string readString
      }
      else
      {
        ParseInput();
      }

    } 
  }

}

void ParseInput()
{
  if (Input.length() == 11) 
  {
    rValue=Input.substring(0,3).toInt();
    gValue=Input.substring(4,7).toInt();
    bValue=Input.substring(8,11).toInt();

    Serial.print("Got: ");
    Serial.println(Input); 
    Serial.print("Red: ");
    Serial.println(rValue);
    Serial.print("Green: ");
    Serial.println(gValue);
    Serial.print("Blue: ");
    Serial.println(bValue);
    Fade(rValue,gValue,bValue);
  } 
   Input="";
}

void Fade(int TargetR, int TargetG, int TargetB)
{

RedStepAmount = (TargetR - OldRValue) / STEPS;
GreenStepAmount = (TargetG - OldGValue) / STEPS;
BlueStepAmount = (TargetB - OldBValue) / STEPS;

currentRed = OldRValue;
currentGreen = OldGValue;
currentBlue = OldBValue;
for (int i = 0; i < STEPS; i++) {
   currentRed += RedStepAmount;
   currentGreen += GreenStepAmount;
   currentBlue += BlueStepAmount;
   setColourRGB(currentRed,currentGreen,currentBlue);
   delay(40);
}
setColourRGB(TargetR,TargetG,TargetB);

OldRValue = TargetR;
OldGValue = TargetG;
OldBValue = TargetB;

if(TargetR == 0 && TargetG == 0 && TargetB == 0)
{
  setColourRGB(0,0,0);
}
}void setColourRGB(unsigned int red, unsigned int green, unsigned int blue) {
  analogWrite(rLedPin, red);
  analogWrite(gLedPin, green);
  analogWrite(bLedPin, blue);
 }

6. Connect the Cables from the Dioder to the arduino pins defined in the sketch and Add an resistor (120 ohm)   between 5v and reset to prevent auto reset on serial connection…

dioder_arduino

7.  Connect the arduino to the FTDI Adapter to the MR3020 and call:

http://$mr3020ip/cgi-bin/dioder?RED=000&GREEN=000&BLUE=255

(I love the blue light ;))

If it is not working check if the serial adapter was recognized by the mr3020 with the dmesg command. You should see a message similiar to this:

[ 10.430000] usbserial: USB Serial Driver core
[ 10.480000] USB Serial support registered for FTDI USB Serial Device
[ 10.480000] ftdi_sio 1-1:1.0: FTDI USB Serial Device converter detected
[ 10.490000] usb 1-1: Detected FT232RL
[ 10.490000] usb 1-1: Number of endpoints 2
[ 10.500000] usb 1-1: Endpoint 1 MaxPacketSize 16384
[ 10.500000] usb 1-1: Endpoint 2 MaxPacketSize 16384
[ 10.510000] usb 1-1: Setting MaxPacketSize 64
[ 10.510000] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0

If not check your FTDI Adpater and the loaded modules.

NOTE:
If you do not like the “fading” just replace the Fade function in ParseInput() with setColourRGB.

Source:

MR-3020 Busybox and cgi:  http://32leav.es/?p=1130

Dioder Hacking: http://hardy.dropbear.id.au/blog/2012/09/hacking-the-ikea-dioder-in-ten-minutes-flat

Hi,

here are some short code snipets how i use the open.sen.se API within perl:

use LWP::UserAgent;
use JSON;
use strict;
use warnings;

my $ua = LWP::UserAgent->new;
my $SENSE_API_KEY = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' ;


sub SendToSenSe
{
        # Get parameters
        my $value = $_[0];
        # Remove the newline....
        chomp $value;
        my $feed_id = $_[1];
        chomp $feed_id;
        my %datalist = ('feed_id' =>  $feed_id, 'value'=>  $value );
        my $json = encode_json \%datalist;
        #print $json, "\n";

        # Create a request
        my $req = HTTP::Request->new(POST => "http://api.sen.se/events/?sense_key=".$SENSE_API_KEY);
        $req->content_type('application/json');
        $req->content($json);
        # Pass request to the user agent and get a response back
        my $res = $ua->request($req);

        # Check the outcome of the response
        if ($res->is_success) {
            return $res->content, "\n";
        }
        else {
        return $res->status_line, "\n";
        }

}

sub GetFromSenSe
{
        my $feed_id = $_[0];

        # Create the request
        my $req = HTTP::Request->new(GET => "http://api.sen.se/feeds/$feed_id/last_event/?sense_key=".$SENSE_API_KEY);
        $req->content_type('application/json');
        #$req->content($json);
        # Pass request to the user agent and get a response back
        my $res = $ua->request($req);

        # Check the outcome of the response
        if ($res->is_success) {
            return $res->content, "\n";
        }
        else {
        return $res->status_line, "\n";
        }

}

Using:

SendToSenSe(25.0000,1234);
GetFromSenSe(1234);

More informations to Sen.se: http://open.sen.se

Dev infos: http://open.sen.se/dev/