Saturday, August 24, 2013

Airplay video to a Raspberry pi - yes and no

Messing around with a Raspberry Pi recently used as a Wifi hotspot, led me to an idea for a box installed on the projector in a meeting room that creates a wifi network that you can join to send your screen to the projector without the need for annoying cables and adapters. It turns out that recent versions of XBMC support AirPlay. I first tried Raspbmc but had more luck with OpenELEC.


It works pretty well, and is able to use the tiny Edimax Wifi USB dongles to join my home network and do all the amazing XMBC stuff pretty well - I've spent the afternoon watching fantastic Apollo videos and TED talks.

If you turn on Airplay it works on my iPhone when I'm using apps like YouTube but not apps like ABC iView - why?

It turns out that Airplay is not just one thing, it's a combination of technologies and while YouTube works because the controlling client passes the HLS m3u8 url over to the XBMC server which then streams it from the server, clients with either secure video or doing video sharing are not able to stream to XBMC over the network.

I think the solution to my problem is to combine a Wifi hotspot, probably an Airport Express, with an Apple TV box, but where's the hacker fun in that? (I wish Apple would make an Apple TV box with some sort of "AirDrop" for video for use in meeting rooms).

Sunday, August 18, 2013

Reverse engineering network traffic with a Raspberry Pi

Sometimes it's useful to monitor traffic between a client and the server for debugging or to figure out how something works. In the past I've used a Linksys WRT54gl router which can be flashed to run OpenWRT. These devices don't have much free space so recently I've started using a Raspberry Pi for the same purpose. It's much more compact and more capable.


To create a Wifi hotspot with a Raspberry Pi, I followed the instructions at Adafruit. The system needs a dhcp server to give out addresses to wifi clients, hostapd to authenticate clients and some iptables commands to nat the addresses of TCP requests going through the device.

The Wifi USB dongle I purchased is an Edimax Nano USB WiFi adapter (EW-7811Un) which cost $35 over the counter. These seem to work well with the Pi's limited power budget and are capable of being a hotspot.

My network is called "honeypot".


The simplest way to snoop on what an app is doing is with tcpdump. I monitor traffic on the wireless interface and display the first part of each packet in ascii. The command is "sudo tcpdump -i wlan0 -A". Here's what I see on opening a TV guide app:


You can see they are talking to flurry and crashlytics, but the display is not very convenient for seeing what's going on.

A more friendly way to watch HTTP traffic is to use a proxy such as mitmproxy. Then set the proxy on the device to point to it. Now in our terminal we see a nice summery of each request.


Pressing return lets us drill in to the request and see the headers nicely formatted:


Pressing tab switches over to the response:


Lots of interesting things to learn in there! I typically then use the MacOS JSON Edit program for exploring json data (there's lots of tools around for this).

iOS apps seem to honour the proxy setting but I find that often Android apps do not, or only do some. It's possible to use iptables to set up a transparent proxy. I've got this mostly working although most https requests mostly seem to fail, here's my magic incantation:

#!/bin/bash
# start a transparent proxy
sudo sysctl -w net.ipv4.ip_forward=1
# clean old firewall
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X

# nat on the local lan
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# forward all requests to the proxy
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 433 -j REDIRECT --to-port 8080

mitmproxy -T --host

So, a $38 raspberry pi plus a $35 Edimax wifi dongle, makes a pretty nice Wifi hotspot with advanced network inspection capabilities.

Saturday, August 03, 2013

Knobless Wonder 7.16MHz SSB transceiver is on the air

I'm excited to report that my build of Peter, VK3YE's, simple fixed frequency "Knobless Wonder" transceiver is complete and I've just had my first contact with Stephen, VK2BLQ.


Aside from a few errors along the line of me pulling out incorrect component values a few times, the circuit was very simple to build. The major problem I had was that the RF transmit side was unstable due to some long runs of unshielded wire but that was fixed with some thin coax.


My thanks to Peter Parker for this excellent design and to Mal, VK2BMS and Stephen VK2BLQ for giving me signal reports.