#rtl_tcp | Explore Tumblr posts and blogs

shirlleycoyle · 6 years ago

Text

A Roundtable of Hackers Dissects ‘Mr. Robot’ Season 4 Episode 4: ‘File Not Found’

The fourth episode of Mr. Robot’s final season left a lot to be desired, but still gave us a little bit to talk about. We discussed [SPOILERS, obvs] social engineering, audio surveillance, signal jamming, operational security, encrypted chat rooms, and more. (The chat transcript has been edited for brevity, clarity, and chronology.) This week’s team of experts includes:

Emma Best: a former hacker and current journalist and transparency advocate with a specialty in counterintelligence and national security.

Jason Hernandez: Solutions Architect for Bishop Fox, an offensive security firm. He also does research into surveillance technology and has presented work on aerial surveillance.

Harlo Holmes: Director of Digital Security at Freedom of the Press Foundation.

Trammell Hudson: a security researcher who likes to take things apart.

Micah Lee: a technologist with a focus on operational security, source protection, privacy and cryptography, as well as Director of Information Security at The Intercept.

Dark Army Surveillance

Yael: So, uh, how obvious is that white van?

Harlo: I'd just like to say, really appreciate that Audacity hasn't changed in over a decade. Van guy definitely had it open.

Yael: So the best way to get audio surveillance is to put a bug in the actual room and then sit in a white van outside the building?

Jason: Yeah, seems like the kind of wireless microphone setup you can buy at a spy shop.

Harlo: We're seeing some terminal stuff for rtl_tcp, which is SDR (software defined radio) software. So yeah, it's a bug.

Yael: I guess one would think that if you were going to do this, you'd be discreet, so maybe it’d be less obvious breaking and entering and hanging out in a blue van or a green van or something. Something other than a white or black van. But maybe the point was for him to know he was being listened to?

Jason: I once had a chat with a DEA agent about surveillance and he said he preferred minivans—"nobody pays attention to minivans."

Emma: If you wanted to be discreet, you wouldn't even break and enter. You don't need to plant bugs inside buildings anymore.

Yael: How would you bug them?

Emma: For Elliot's situation, the window is a perfect vector. It's glass, I'm sure. Dark Army has access to the kinds of lasers and sensors needed to bug the room from that alone.

Yael: It sounded like when the "mic went out" they just had the bug too close to the speaker, but it's really hard to find bugs.

Micah: I think maybe while Elliot was talking, he was starting to jam signals at the same time to cause the Dark Army guy to get out of the van and investigate.

Yael: How do you do that?

Micah: Well, he'd have to know what frequency to jam, which you're right, isn't easy. But he could use an SDR radio himself to do the actual jamming.

Trammell: Maybe he was messing with the antenna. I think he had pulled the bug out from somewhere. It was sitting on the table with the note "they're listening. " So when Darlene came into the room, she saw the note and the bug.

Yael: I thought if he pulled the bug and brought it closer to the recording device, it could make that noise, but not if he left the bug there. And also I don’t know if that's true; I just know it happens sometimes with mics too close to recorders.

Harlo: I want to look at the man pages for that program, because if I recall correctly, the only options supplied were an IP address and a port for listening.

Cyprus Bank Op

Yael: So Darlene said Olivia was not authorized to transfer anything— “all their authentication goes through a proxy and everything else in their domain is read-only.” So they need to break into Virtual Realty. But I didn’t quite get what Virtual Realty was.

Emma: They didn’t say what Virtual Realty is yet. That was dangerously brief surveillance—only one day. Darlene only saw one shift of security officers; you can't generalize schedules off of that. And no prediction for Xmas, really. It's blind faith. Not that they have a choice.

Trammell: What was going on with Darlene’s OpSec? I realize she was venting and planned to erase the voicemail, but screaming the entire plan to the world while standing on the street was a serious WTF.

Harlo: VOICEMAIL. That's our lil OpSec fail. Maybe she’s on coke? Thus the rant? Then she realizes what she said was really really mean…

Trammell: V O I C E M A I L? Even in 2015, that's such a faux pas.

Harlo: LET'S TALK ABOUT OUR CRIMES ON AT&T'S VOICEMAIL PROGRAM. Like, I have never even left carrier metadata between me and my best friends. Because that's why Signal exists.

Emma: The whole thing was very poorly done on Darlene’s part, but realistically so, given the circumstances. They're all cracking, and they're not playing a long game anymore. They know they aren't getting away clean.

Yael: Yeah, I kind of feel like they're careless because they have nothing left to lose.

Emma: Nothing to lose and they HAVE to proceed, it's now or never.

Encrypted Chat

Yael: Do we, uh, want to talk about Dom’s Adium chat room?

Micah: Dom was using Adium as an IRC [Internet Relay Chat] client, but it also used to be a popular Jabber client for Mac that people would use for OTR-encrypted chats. But she was talking to the person on IRC, which doesn't have built-in encryption, and there was no sign of her using OTR in her private messages

Jason: Yeah, I think she connected to Freenode, which has publicly available/searchable chat logs.

Harlo: The screen shows a little lock icon.

Lost in the Woods

Micah: This was very much a 404 File Not Found themed episode. Mr. Robot had this monologue: “Seems like we're always thinking of ourselves when looking for something that's lost. But we never think much about the lost. Whatever, whoever is unable to be found. Whether it’s a set of keys left somewhere and forgotten, a couple guys wandering aimlessly in the woods, or someone who's disappeared inside himself. What if that's what they wanted all along? Not to be found?”

Emma: Can we talk about the attempted social engineering at the gas station and the three different tactics they each used? Desperate and reserved, straightforward and insistent, and finally just snapping and losing his patience.

Yael: I feel like they COULD'VE used some social engineering. She totally would've given them a ride.

Trammell: There was an interesting minor point about what happens in a cashless society when the internet goes down. Always online systems fail in very brittle ways.

Harlo: I kind of like the idea of overusing the term “social engineering.” Like, where does one draw the line between social engineering, and saying-whatever-because-I-just-want-you-to-shut-up?

Yael: WHAT IS THE GODDAMN SHORTCUT?

Trammell: The shortcut was a bit tropy…

Yael: I just have to say that Tyrell telling Elliot he “didn't care” because he was wearing the standard hacker uniform (black hoodie) instead of an overpriced suit really pissed me off. As if everybody in expensive work clothes gives a shit.

Emma: I got the sentiment. I just think it was expressed poorly. To me it was Tyrell talking about how he thought he and Elliot/Mr. Robot were a team. But Elliot was never of that mindset and would never see Tyrell as his equal—which I felt was the other betrayal. Tyrell has always presented himself as someone with technical chops. In his first appearance, there's the bit about him still using Linux and surprising Elliot. But while he's far from incompetent, he's not on Elliot's level. And that realization hurt, along with learning that he didn't get the E-Corp position on his own. It was because of Elliot.

Yael: Oh, did he figure that out?

Emma: I thought he did from the discussion with Elliot, that it's Whiterose’s maneuvering, not him being recognized as valuable. And at this point he knows he's going to die. He's lost everything. His wife is dead, his son is gone…

Yael: I don’t even know what to say about this scene. Even before he got shot. Like… learn some survival skills? You're probably not going to die because it's cold out and you're walking for an hour? Also one of the things they teach in survival schools is "what's going to kill you first." You make decisions based on what will kill you first—so like, yes you might drink possibly contaminated water if the alternative is dying of dehydration. So, like, you don't bleed to death because you're worried about Dark Army at the hospital and how they'd kill you. Also, you're telling me there's no first aid supplies in that van? Like what the fuck.

Emma: The metrics of success are different here than in the usual survival situations. In the survival situations that those schools cover, your ONLY goal is to survive and help your cohorts survive. The remnants of FSociety see it as a struggle to save the world. Survival becomes secondary to success.

Yael: I think it was just badly written for Tyrell to go from "you don't care!" to, like, not caring.

Emma: Definitely a rushed final arc for Tyrell that could’ve been handled and explored better.

A Roundtable of Hackers Dissects ‘Mr. Robot’ Season 4 Episode 4: ‘File Not Found’ syndicated from https://triviaqaweb.wordpress.com/feed/

0 notes

ttrftech · 13 years ago

Text

Raspberry PiとRTL2832Uドングルを受信サーバとして使うためにrtl_tcpを修正した

前回Raspberry PiをRTL2832Uドングル用受信サーバとして使う方法を紹介しました。しかしながら実際に使用しようとした場合、安定して使用することができていませんでした。gqrxやgnuradioで構成したクライアントを使用して、rtl_tcpに接続したのち、一度切断、そして再接続しようとした時に、rtl_tcpが不正終了してしまい、いちいちコマンドを起動しなおす必要がありました。せっかく便利そうなリモート受信サーバなのですが、このままではちょっと残念な感じでした。そこで不具合の原因調査と修正を行いました。結果うまく安定して動作させることができるようになりました。また、受信サーバとして運用するには、マシンを起動したときに自動的にサービスが起動して欲しいものです。そのための起動スクリプトを作成しましたので、こちらもあわせて紹介します。

まずは不具合の状況ですが、Linuxマシン(Raspberry Piを使っています)にRTLドングルを接続、rtl_tcpコマンドを起動し、gqrxで接続を行いました。そうするとrtl_tcpコマンド側は以下のように動作していました。

$ rtl_tcp -a 0.0.0.0 Found 1 device(s). Found Rafael Micro R820T tuner Using ezcap USB 2.0 DVB-T/DAB/FM dongle Tuned to 100000000 Hz. listening... Use the device argument 'rtl_tcp=0.0.0.0:1234' in OsmoSDR (gr-osmosdr) source to receive samples in GRC and control rtl_tcp parameters (frequency, gain, ...). client accepted! set gain mode 1 set sample rate 1024000 set freq 82500000 set gain mode 0 set gain 490 ll+, now 1 ll+, now 2 ll+, now 3 ll+, now 4 ....

このように一度目は正常です。その後、gqrxの動作を止めると以下のようにrtl_tcpも停止し、接続の待ち受け状態に戻ります。

worker socket error Signal caught, exiting! comm recv socket error Signal caught, exiting! all threads dead.. listening...

この状態で再度gqrxで接続を行います。そうするとrtl_tcpコマンドは以下のように動作開始しようとするのですが、すぐに落ちてしまいます。

Use the device argument 'rtl_tcp=0.0.0.0:1234' in OsmoSDR (gr-osmosdr) source to receive samples in GRC and control rtl_tcp parameters (frequency, gain, ...). comm recv socket error Signal caught, exiting! Segmentation fault

このように再接続で落ちてしまうようでは受信サーバとして使うことは困難です。何度接続しても大丈夫なように安定していることが望まれます。

というわけで調べてみたところ、TCP接続が切断された時の処理に不完全なところがあるようでした。TCP切断でシグナルが発生したとき、複数のスレッドが存在していることが原因で、本来一度だけ呼ぶべきrtlsdr_cancel_asyncが、複数回呼ばれていることが原因のようです。とりあえず最小限の修正をしてみたところ、とりあえず落ちることがなくなりました。

修正したソースは、githubに上げておきます。本家osmocomにパッチの取り込みを依頼する予定です。

以下ビルド方法のメモです。

$ wget https://github.com/edy555/rtl-sdr/archive/rtltcpFixSegv.zip $ unzip rtltcpFixSegv.zip $ cd rtltcpFixSegv $ libtoolize --force $ autoreconf -i $ ./configure $ make $ sudo make install $ sudo make install-udev-rules $ sudo ldconfig

依存ライブラリのインストールなどについては前の記事を参照してください。

rtl_tcpを安定して動作させることがようになったら、今度はマシン起動時に自動的にサービス起動するようにしたいものです。Linuxのディストリビューションとしてdebian(実際にはその派生であるraspbian)を使っています。debianでは/etc/init.dに起動スクリプトを配置したうえで、update-rc.dコマンドにより設定することで、自動起動を行うことができます。

作成したスクリプトrtl_tcp.rcは、こちらになります。

上記のスクリプトをダウンロードし、/etc/init.dにrtl_tcpというファイル名でコピー、update-rc.dコマンドで起動設定を行います。

$ sudo cp rtl_tcp.rc /etc/init.d/rtl_tcp $ sudo update-rc.d -n rtl_tcp start 99 5

スクリプトをインストールしたら、下記のコマンドで手動でサービスの起動、再起動、停止、動作確認を行うことができます。

$ sudo /etc/init.d/rtl_tcp start $ sudo /etc/init.d/rtl_tcp restart $ sudo /etc/init.d/rtl_tcp stop $ sudo /etc/init.d/rtl_tcp status

このスクリプトは、コマンドをサービスとして動作させるために、debian標準のstart-stop-daemonコマンドを使っています。また、rtl_tcpコマンドは、uidとしてnobodyで動作させています。

以上rtl_tcpを安定動作させられるようになり、またサービスとして自動起動することができるようになりました。おかげさまでリビングのコタツでぬくぬくとワイヤレスのオペレーションが可能です。ご参考になれば幸いです。

メモと謝辞とリファレンス

サービスとして利用できるとはいえセキュリティ的脆弱性が存在する可能性が多分にありますので、外部のインターネットから接続可能な場所での運用は避けた方が良いと思われます。

SDR#からの使用に際しての不具合報告とWindows環境でのビルド確認に、@sdrfunさんのご協力をいただきました。ありがとうございました。

電源をいきなり切断しても大丈夫なように、AUFSなどを使ってファイルシステム��read onlyマウントすることもやってみ��いと考えています。

オリジナルのrtl-sdrの配布元osmocom-rtl http://sdr.osmocom.org/trac/wiki/rtl-sdr

keenerdさんのリポジトリ。精力的にアップデートされています。興味深いのはrtl_adsbというコマンドが追加されたことです。gr-air-modes, rtl1090に続くRTLドングルを使った第３のmode-b受信方法となりそうです。このリポジトリはosmocomに取り込まれるとrebaseされてしまうようですのでfork/cloneの際には注意が必要です。https://github.com/keenerd/rtl-sdr

修正したソースはこちら https://github.com/edy555/rtl-sdr/tree/rtltcpFixSegv

起動スクリプトrtl_tcp.rc https://github.com/edy555/rtl-sdr/blob/rtltcpFixSegv/rtl_tcp.rc

#rtl2832u #gnuradio #gqrx #rtl-sdr #rtl_tcp #debian #raspberry pi #raspbian

3 notes · View notes