I was trying to use VLC 3.2.2 for iOS to get to a hidden folder on a local network storage device. Some time after 3.2.0, SMBv1 stopped working right, and the VideoLan folks are working on it, but it got me thinking.

The NAS I use has a GUI web interface, and is Linux-based, so it should have some logging, simple or otherwise. Naturally it was disabled by default, because of course it was, and when I enabled it to see what it offered, I was a little surprised.

One of the various tabs showed connection attempts. which is exactly what I wanted to see. I was a bit shocked, then amazed, and puzzled, when every few seconds I saw another entry come up. These entries were from external IP addresses. They were dictionary login names trying to authenticate via SSH to my NAS. Hmm. What the hell.

First, I logged in to my router and looked at the ports I’d had specifically forwarded. Many of these were for services I wasn’t using, mostly attempts to get OpenVPN to work properly. I shrugged and deleted them all, knowing that I could add them later if needed. That didn’t slow things.

Next up I looked at the SSH settings on the NAS and decided that I wouldn’t disable the service, but rather change the port. If I need to get a shell on the NAS in the future, I can always look up the longer number and connect. Bam, that was like closing the door hard.

Relieved, I also still had a bit of a warning that I should keep watching the log and alas I did see some FTP attempts at connections. Click, Apply, and silence.

Not completely satisfied, I did some more research and found that the router I use has some clever UPnP services that automatically let connections through. Ah, okay, this made sense but how was it being….

Oh, the NAS was asking for ports to be opened via UPnP. Click, Apply, sigh.

It seems like my efforts to get OpenVPN working some months ago and default settings on the NAS and router meant that I’d made my NAS vulnerable to external attacks. Now, I’ll admit that I wasn’t super clever in disabling the default admin account and making a super complex password, but it also seems like no complex scripts had successfully connected and found their way in. At least, I hope. Any logs the system had made, if any, were likely not saved. It’s a device that I use somewhat often, and exfiltrating or messing with the system would have run alerts from my internet provider.

Check your devices. Make sure they’re only asking for what they should be given. Look at some logs for an hour or 24. Change your passwords, even on “internal” networks, because they’re only safe if you didn’t accidentally poke holes in your network to make them more public than you wanted.

I’ve had a long history with the iPod. My first was a 5GB, Macintosh-formatted, first-generation iPod with a Firewire interface. The battery wasn’t very good, and those models had a bad habit of breaking the Firewire plug, so it’s good that Apple figured things out with the later versions.

My next iPod was a 40GB Video model. Open box from Best Buy, it was probably still over $450 way back then, but man was it nice. I used it on planes, for a radio show, and in cars. I sold it later to get another one, an 80GB I think, then eventually got the mother of all iPods, the 160GB, in 2007. iPod Touch was next on the list, and I never really looked back when touch screens, wireless, and an App Store were available.

We didn’t realize it at the time, but those who were fascinated with the iPod and audio quality became fans of the device because it used various versions of the Wolfson DAC. Other sites have ranked the best iPods for sound, but all of them are before the 6th Generation iPod, which seemed to be a turn in form from Cupertino towards profit over quality.

Most iPods that weren’t flash based had actual hard drives, 1.8″ units from many manufacturers. Larger iPods sometimes had deeper cases to acommodate the thicker hard drives. 160GB seemed like a lot, and it is, but hard drives have many deficiencies to flash storage in 2019. Along with drive capacity, the amount of RAM onboard also varied, so a 30GB and 60GB iPod would have different total track and metadata capacities. Fun!

A friend mentioned off hand that he had a bunch of iPods. He wasn’t interested in them, and so they were just simply available if you wanted them. I took him up on the offer, and three of the four happened to be custom etched iPod 30GB 5G units. They may be 5.5, but the awkward part number doesn’t make it clear. Regardless, I was now in possession of some great hardware with weak batteries and failing hard drives.

iPod “Enhanced” 30G aka 5.5 PA447LL/A

To go with that aforementioned Wolfson DAC, I bought a used set of Etymotic ER-4B in-ear monitors for serious sound isolation. These were to get an awesome experience by blocking out as much noise as possible, while giving me a powerful, high-quality, balanced sound. The iPod featured a relatively powerful amplifier, and I was surprised at how well it drives the ER 4s.

Storage has been solved by one company in particular. They offer a 1-, 2-, and 4- SD card upgrade option that replaced the hard disk with a PCB housing one to four cards. An mSATA option, and CF are also available if you so desire. The PCBs are frequently in stock and ship from the UK. It can take a few weeks, and I’d probably recommend the shipping option with a tracking number too.

So, I ordered the iFlash Dual, a 128GB, 80MB/sec SD card, a replacement battery, and some tools. One after another, they showed up and piled around the iPod. The adapter arrived last, fashionably, which let me put everything together in a matter of minutes. See, I’d already done the hard part…

Getting the iPod open is tedious, but needs care. I followed a guide on the iFlash website, another two on YouTube, and yet another on the iFixit site. The latter, especially, let me to the best sequence of working the back cover off that I’d seen. With a single spudger and an old credit card, I was able to get the rear cover off in minutes without breaking anything or bending it up. What a relief!

Hard disk removal was simple and easy. Battery was a little trickier with the adhesive, but a patient prying motion along the long axis of the battery got it out in no time. That done, everything was pretty much the opposite of removal.

Put the SD card(s) in the PCB. Check. Get the PCB lined up, with the SD card facing DOWN. Check. Slide the drive cable in the slot and lock it down. Check. Battery leads bent down at the end and re-attached. Check.

I did have a foible with the drive connector, so I had to do it again, but the second time of asking, the iPod booted up. iTunes restored the iPod, and I’ve synced over 11,000 tracks to a nearly full iPod that now has 128GB of capacity.

Total cost was under $100. It helps that the iPod was no charge. Batteries are inexpensive, and SD storage per gigabyte gets more inexpensive every week. The most expensive items was the SD adapter, but it’s also the most important!.

The sound is very clear, even at 80% volume. The menus are SUPER fast. I’m looking forward to better battery life, quieter operation, and more than four times the capacity.

Would I recommend this? Only if you have an iPod 4th or 5th generation available for cheap/free/in a drawer. I would hesitate to do this on the 6G or 7G unless you’re simply interested in carrying a HUGE amount of music with you and are less concerned about subjective quality.

iFlash Dual – $40 : from iFlash.xyz directly

128GB Sandisk SD card – $22 – Amazon

Lenmar iPod battery – $11 – Amazon

One of the pitfalls of getting previously-used equipment is that there can be an unexpected roadblock to doing something trivial, like a BIOS update.

While testing the INTEL-SA-00086 Detection Tool, which is a simple and easy way to see whether or not your system is vulnerable to the Spectre and Meltdown vulnerabilities (as they’re currently defined), I found a system that was running the A20 version of the BIOS. A22 is the current version.

Trying to run the update utility resulted in a request for me to enter the BIOS admin password. This is a piece of equipment that I got from another area, and while I could contact them, the Latitude E6530 is old enough that I figured someone had reverse-engineered the BIOS password reset algorithm. I was not wrong.

As soon as I saw the interface for the site that solved my problem, I recognized it after seeing it several years before to resolve the same issue.

Going in to the BIOS, and entering the Security tab, and entering an incorrect password gives me what’s called the serial number, or service number, in the format of “1234567-595B “. This code, when used at https://bios-pw.org will give you a bunch of different passwords to try. Thankfully, these older machines have no attempt countermeasures, so one can simply mash in numbers over and over.

The second or third entry was the key for my machine, and instead of letting me change the password, or just unlocking it, the code removed the password entirely. Handy! Bummer, however, for people who think that an admin password is any more than a WEP-level block against access to a system or changing of settings.

The neat thing about the site is that it seems to be based on research from a few people, and that it’s source code is available on GitHub: https://github.com/bacher09/pwgen-for-bios


I’ve been using WiGlE for some time (<a href=”https://wigle.net/”>here<a>) for Wireless Network Mapping since late 2017, when d4rkm4tter finally convinced me to try it. As an old-school wardriver, I was intrigued.

My old rig was a Compaq iPac 36- or 3800-series with a PCMCIA sleeve, a Lucent Orinoco Gold card, and either a Yagi or Omni antenna. Microsoft Windows Mobile and ministrumbler was used on the software side. I kept those logs till this year, when I uploaded them to the worldwide database.

WiGlE works by looking for wireless networks, Bluetooth, and cell phone towers, then trilateralating them with GPS. It only works on Android for mobile phone devices, and Google’s Android Pie breaks it due to severe limits on how often the wireless can be polled.

Astonishingly, I was able to find a nice Pixel for $100 from someone who’d purchased an S9 to replace it. Seemed legit, and all was well. It came with a Tech21 case and had a 3M/Scosche metal magnet mount on it, which was handy. The USB A-C cable and LG charger was worth $15 alone.

Now the issues with Android Pie are known about in late 2018, and there’s not currently a workaround to keep WiGLE able to do it’s job. The Pixel had been updated to Android 9, but hey, this is a Google device so it’s super easy to unlock the bootloader and flash Oreo, right? Right? Well…

For some reasons, most of which are stupid, but some of which make sense, Google has partnered with Verizon in the US market for Pixel sales online and in stores. This has undoubtedly helped the Pixel line sell more phones, but it enrages users like me who want to have the true Google experience, on a Google device, but without the barriers. I remember the pain of Sprint Nexus S and Verizon Galaxy Nexus owners went through, and I was hoping someone had figured out a workaround.

Some quick work to get the Android Studio and following some guides got my phone connected and I was able to shake off some cobwebs to get the proper components downloaded. fastboot was able to see the phone, but in my case, under Developer Options, the item called “OEM Unlock” was greyed out. My worst fears were coming true.

I rapidly searched for a workaround and came to an insightful, relatively clear, and eventually rewarding thread on the wonder of sites that is XDA. The thread can be found <a href=”https://forum.xda-developers.com/pixel-xl/how-to/how-to-unlock-bootloader-verizon-pixel-t3796030″>here</a> and I suggest reading the main post and comments before proceeding with an unlock.

Now, with this guide I was able to unlock the Pixel. The most important step I needed to keep in mind is that “OEM Unlock” one, and patience at that point. When I checked it after following the adb command, it was still greyed out, but after a minute or two, it lit up and I was able to successfully unlock.

After a download of the Android 8.10 image from Google, and following some other instructions, I used the “flash-all” script to get Oreo installed, and cross the finish line.

While the battery may be a little tired on this two year old phone, I still like it and will be using this alongside my Verizon G6, whose bootloader remains hard locked and to which no workaround has been found.

WiGLE works great, and I’m finding some interesting results between the G6 and Pixel, especially given that they’re both using the same Qualcomm Snapdragon 821 SoC. Must be some different antenna designs and implementations between HTC and LG.

The Raspberry Pi is a wonderful platform, not only because it’s well supported, but that’s as a result of it’s price and flexibility. Lots of USB ports on the 2 and 3 models, HDMI, Ethernet, and now it also includes wireless and Bluetooth onboard.

I have been meaning to experiment a build a wireless repeater using a Pi, and finally got a chance (and the courage) to attempt this feat. It wasn’t easy, and this is by no means a comprehensive guide, but rest assured that if you get it to work, you’ll understand why.

I started with a Pi 3, 16GB Kingston micro SD card, and an external Atheros AR9271 based adapter from TP-Link and made for a TCL television. I got this from an infamous friend, @d4rkm4tter of the #WifiCactus and it’s “high-gain” antenna gives it extra reach for connecting to distant APs.

Raspbian Stretch was used, the full version because I’m not a full cli master, starting with the April 2018 image, then eventually using the October 2018 installer (which is nicer).

My intention is to use the external USB adapter to associate with a remote AP and get a connection. This would be bridged by the Pi and dnsmasq with the built-in wireless adapter on the Pi. My testing shows that the 802.11n Atheros adapter with the external antenna does indeed have improved gain.

I followed the guide found here: <a href=”https://pimylifeup.com/raspberry-pi-wifi-extender/”>PiMyLifeUp</a>

All of this was very helpful, and the guide is extremely well written and intended for the Pi2/3 owners. My only change to this guide, or difficulty with, was that I wanted to invert the adapter role, so changing “wlan0” to “wlan1” and vice-versa throughout was necessary.

The packages called dnsmasq and hostpad are the real workers here, and to the heavy lifting, routing, and interfacing with the adapters. I had some success with just following this setup, but also found that it didn’t _just work_ so the tinkering and frustration curve began.

One neat trick that I did learn from elsewhere is that hostpad can be run with a config file as an argument, which means that you’ll start the service with a verbose console feed, but it will let you know if the config file is working and whether the AP has started. When you see “AP-ENABLED” and few, if any errors, you’ll finally know you’re there.

As of this writing, I’ve been running the AP for several days. Performance is weak for throughput, at less than 10Mbps, but the application this is meant for, or would be used in, is a location that has very poor cellular coverage for non-Verizon customers. This application of the Pi can be configured in a place or situation where _some_ connection is an improvement over _none_.

Interestingly, the PW-4210D adapter does have a removable antenna, so the use of a parabolic, omnidirectional, or yagi antenna with an adapter is possible for a very long run. There are also more solid, cheaper wireless bridges available online, but if you’re a tinkerer like I am, and have the spare hardware, there’s something special in feeling like you’ve made a bucket of parts do something interesting.

Go, do it.

Password managers like LastPass, Dashlane, Keepass, and 1Password (among others) are increasingly popular. Browsers, however, have been able to hold and store passwords for quite a long time.

Most of us use Firefox Sync or Chrome’s Google sign-in to keep things closer than a password manager is, with an eye towards simplicity rather than outright security. Sure, browsers have password requirements to use their vaults, but…

On a new PC, in Firefox, I’m struggling to get the browser to ask to save passwords. This is weird, as I’ve always seen the prompt when I enter a new password for a site, or update one. Not this time. In an effort to try again, perhaps thinking that a stored login was causing the issue, I clocked Remove All, and told Firefox to go ahead and remove all of the passwords.

Bear in mind that I’d put in text to filter this list down to two, a login item with and without “www” in the URL. So, it was showing a list of two items. Remove all would remove these two, right? Nope.

I got annoyed when Firefox stopped responding, and eventually got the message that a script was taking longer to run than expected, etc. I didn’t think more of this until I tried again to get Firefox to remember the site, and after it didn’t suggest saving the password, I checked the Saved Logins again only to find a completely empty list.

Oops. Breathe.

New PC is less than a month old. Old PC is right there. Sync loves to be tidy, so make sure it’s not connected to a network because, sure as anything, it’s going to remove them from that PC too if it can.

Open Firefox on the in-tact PC, enter “about:support” and look for the Profile Folder entry and click the Open Folder button. Search for “logins.json”, “key3.db” and “key4.db”.

I copied these to a USB stick, put that in the new PC, immediately put a backup elsewhere in the cloud, then closed Firefox on the new PC after opening that same profile folder on thew new PC. After copying all three files to the folder on the new PC, I held my breath, started Firefox, checked in Options for Saved Logins and saw a full list again.

Whew.

Now to get LastPass installed and export these to somewhere else more secure and cull the list of heavily-outdated passwords.

Oh, and yeah, figure out why Firefox isn’t asking to update or save new passwords…

I’ve had the unusual opportunity to get several used, late 2000s HP printers for use at work. Normally we get these new, fresh out of the box, and they’re maintained from that point. This has led to some interesting issues with firmware updates.

Anyone familiar with updates to firmware on HP printers made in the last decade knows that there are several ways to do these. The first is to install the printer locally on a Windows computer and run the updater program against this installed device. This works, and works well, but only if the firmware on the device supports it. Second is to use a built-in updater located on the printer’s web server, which is a feature on the higher-end Enterprise devices. Third is via FTP. Yeah, FTP.

After installing the printer as a local device, I have seen situations where the installer program will not work with a network printer object, whether it’s WSD or a TCP mapping. Usually this is resolved by plugging a device directly in to the printer, installing the local version, then running the program.

When this doesn’t work, however, FTP is still an option. It’s simple, and easy, but also a bit scary because this port is open by default, has no username or password, and allows a binary transfer directly to the devices. Even after a firmware update to a version less than 18 months old, this port remains open.

This works, and gets around the frustrating update process that most end users would use, but hey, at least isn’t not TFTP.

Today we shut off zZq’s jabber server after 12 years. Unsurprisingly GTalk/Hangouts started off offering federation with independent XMPP servers only to disable it early 2017 after most people had migrated to Google. Sadly this more or less rendered zZqIM useless. Only 3 users regularly logged in, which didn’t justify the cost of the server to keep it running. The last holdouts have finally migrated to Hangouts.

With the money saved we will most certainly use it for alcohol and pour one out in honor of another lost friend.

 

zZqIM circa 2006

I have tried, and when the iPhone X is replaced by a newer, larger version, I’ll be back, but till then…

The iPhone 8 Plus is larger than I want it to be, but the screen is more important than FaceID, or the swiping gestures, or the one and only time I sent an Animoji to someone.

the [PRODUCT]RED iPhone 8 Plus is perhaps the best looking iPhone of all time, and it will be mine. If I’m going to pay an extra $10 per month to be in T-Mobile’s Jump! OnDemand plan, I’m going to use the hell out of it and have zero regrets.

The “RED” phone on the 8 and 8 Plus has a black bezel, which, let’s be honest, is THE RIGHT COLOR. White bezels are for basic people who like Rose Gold and Silver and whatever other weak colors are out there that aren’t Space Grey.

So, the minute I can switch from the wonderful, but just-a-bit-too-small iPhone X, I’m going to. Likewise, the minute I can switch from the 8 Plus to the X2 Plus (or whatever it’s called), I will.

I purchased my first iPhone for use as a daily device in February 2016. It was a 128GB Space Grey iPhone 6 S Plus, second-hand, from someone who had purchased it from and used it on Verizon.  This was great, because until some time in 2018, Verizon had kept their phones carrier-unlocked starting some years earlier.

Eighteen months on, and not terribly interested in the iPhone 7, the 8 was now a big step up. The X, as tempting as it looked, was just a bit too much different for me to look at it seriously. What I mostly wanted from a replacement phone was exactly the device I had in my hand already, just better. The 9 Plus was that.

I shopped locally for used/new devices on some classifieds and fished for fresh devices. This was also tempered by the fact that I could just go to T-Mobile or Apple and buy the phone outright. The price difference was minimal, but the risk wasn’t. I’ve been diligent in buying used phones, though not going as far as IMEI checks. There’s just a _feeling_ you get sometimes which makes you avoid things…

So, when a Space Grey 64GB iPhone 8 Plus, new in box, on T-Mobile popped up for $600, I had the hook in my mouth. This was $200 bucks off the MSRP, not taking sales tax into consideration. It also had two-years of AppleCare+ to boot. It looked too good to be true, but the seller sounded very reasonable and wasn’t being cagey, but neither was I asking the questions I should have.

Deal done, I swapped my SIM card in and got to using the phone. it was everything I’d wanted, with no surprises, and all was well. Figuring that my luck was just good, and that the device’s past wouldn’t catch up to it, I thought little more of it than to tell it as a story.

The story didn’t end there.

In late March 2018, after owning the 8 Plus for six months, I glanced at my phone one evening and saw the “No Service” message displayed next to my WiFi signal. Curious, I poked around, restarted the phone, and it showed the same message. The following day I didn’t look much at the device, but did get a phone call successfully, which was unusual in retrospect. Another day in, and I figured I’d call T-Mobile to find out what was going on.

The very helpful representative walked me most of the way through resolving this, which he was confident amounted to a security issue. In finalizing the steps to unlock the device, which had, according to the T-Mobile site, been reported “Lost or Stolen”, he hesitated. This was something different, and I mentioned that I thought I’d been the third party in the scenario where insurance fraud was concerned. The phone, as it sat, was now useless on any carrier in North America, and T-Mobile could not do anything about it permanently. Any unlock would be re-locked quickly. Oops.

Six months in my phone was now a 5.5″ 64GB iPod Touch with a REALLY nice camera setup. This was annoying, but I was quickly self-deprecating and admitted that it was silly and stupid of me to buy the device in that situation, knowing that the risks were high.

The representative noted my long tenure at T-Mobile, offered a generous amount of credit for signing up to get a new, working device, and eventually worked with me to pick up a new iPhone X less than 10 miles from my house. This was a pretty painless process, and even though I was at fault, everyone was very willing to work with me. A good deal is sometimes too hard to pass up, and the hook is seated very firmly in the cheek.

New iPhone X in hand, now I needed to decide what to do with the 8 Plus. i could keep it as a browsing device, with a great camera, or for parts if I did decide the X wasn’t for me (still undecided). I mostly wanted to ignore it for a few days, and try to get used to the smaller X screen, then return to it when I settled on what i was going to do.

A few days later, I typed “iPhone 8 Plus b” into eBay and found a whole list of phones with bad IMEI and ESN numbers for sale, and many sold. The prices were good, really good. More of the population of the planet is covered by wireless carriers that do not care about whether a device was paid for in the United States than those who do. Interesting.

I took a deep breath, listed the device after taking some comprehensive photos, found a reasonable price and listed it. The next morning I had an offer, then another, and another. These offers were good, and very close to the asking price. Maybe I should have sold it for more?

Either way, I will end up with a reasonable amount of money from the device which I could not use, even after PayPal and eBay take their slices (not insubstantial). All told, I actually did really well.

I’m undecided on whether I’ll keep the X or wait to trade it for an 8 Plus. The X has so many changes to what an iPhone has been for the past 4-5 years that it’s incredible, while holding it, to consider how damned good it is. It’s great, and I like everything, save for it’s size.

In the end, I was able to turn an unfortunate situation into what amounts now to a nearly-free iPhone 8 Plus for 6 months. Sure, there were some minefields to traverse on eBay and with T-Mobile, but those are places I’m comfortable going in to.

Got a phone with a bad IMEI/ESN? Find out what it’s worth on eBay and sell it. Most of the world doesn’t care, and if you’re clever and diligent, you can send it on it’s way and move on.