Wednesday, 27 April 2016


I noticed by chance in early April that Google Public DNS (the people) now offer DNS-over-HTTPS. I thought this would a nice little addition for privacy but it seems so new that nothing out there supports it! A few weekends later, I now have a little proxy daemon and for the past week I've been running it on my OpenWRT router without issue! It's not perfect but I've uploaded the code here if anyone is interested.

Cleanups, some security auditing and test coverage work needed but I feel it's working well enough to release it to others at this stage. Hope it's helpful to someone else!

Friday, 4 December 2015

Old Mac Mini runs old OpenSSH with broken cipher set

I couldn't find much about this on the interwebs but I happen to know an OpenSSH developer so I went straight to the experts here.

Basically, if you run OpenSSH on a mac mini, you shouldn't trust Apple to give you updates and you're implementation may well be full of holes. The latest OpenSSH version is 7.1 and my 2009 mac mini with all the updates was reporting
$ ssh -V
OpenSSH_5.5p1, OpenSSL 0.9.8n 24 Mar 2010
Wow... That's not good.

If you MUST run with this version and you want to be security conscious (and NSA paranoid) so you've restricted your allowed cipher list on your client machines, note that aes128-gcm is advertised by this broken Apple build but not actually supported by the binary. This will look like an immediate disconnection after connecting. You have this problem if your system.log contains:

$ tail -n 100 /var/log/system.log| grep fatal
Dec 4 11:16:09 macmini.lan sshd[27028]: fatal: matching cipher is not supported: [preauth]

The quick fix (you should probably upgrade OpenSSH anyway, somehow..) is to add a cipher line to /etc/sshd_config as follows:
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour

Hope that saves someone else some confusion. :D

Wednesday, 18 February 2015

Playing with the ESP8266

We live in amazing times. For $2.50 each I got some ESP8266 on AliExpress and flashed nodemcu on them with minimal fuss. I've now got kilobytes of flash spare on a WiFi device with 10 digital IO, 1 analog input and a standby current draw of 78 micro amps!

Thanks to the author of this for the instructions. Basically just put the FTDI adapter in 3.3v mode and get breadboarding with the magic pinouts described on the esptool github page and flashed the latest firmware binary blob. Reboot and I get a Lua prompt via minicom. Worked flawlessly.

Next up, DS18B20 temperature sensor, an I2C humidity sensor and some soldering. :)

Saturday, 10 January 2015

Reverse-engineering Efergy's internet-connected smart power meter

I just got myself one of these Efergy Home Hub Online things. I'm super impressed with the physical build quality. Sadly though, nothing's perfect. With this unit two fundamental things bothered me, both which are addressable to some degree.

1. Problematic DHCP?

I plugged it in and the network port came alive. Data LEDs blinked but the solid red light indicating the device was booting stayed on forever. I changed the Ethernet cable, port, lots of reboots, turned my 1Gbit ports down to 100Mbit... Nothing. It turned out whatever DHCP client they've implemented doesn't seem to work with a Fritz Box 7390. I've never seen this issue before. I returned the first unit thinking it was bad. When the second unit did the same thing I tried shoving the Ethernet cable into the Ethernet port of my desktop and fired up udhcp. To my surprise, that did the trick. Now I need to figure out some way to get this on my network without forwarding traffic through my desktop that isn't always on.. Urgh!

2. The all-your-data-are-belong-to-us cloudy thing.

Everything these days seems to want to provide an app. That alone isn't a problem, but in order to serve data to the app, your data generally lives in the cloud and this is where I reach for my tin-foil hat and begin the fun little process of reverse engineering the protocol this thing uses. :D

I don't think there is anything sinister going on here. I just want control of my data and would like my device to continue to work if (or rather when) the manufacturer decides to stop hosting it. The web interface this thing provides is pretty slick and there is both an iPhone and Android app but when it comes to my personal data, I'd rather hold it myself, thanks! So on that note...

The solution: Reverse Engineering!

The hardware I presume was actually produced by Efergy but it seems that the software for the "hub" device was provided by a company called Hildebrand based out of London and it's Hildebrand that actually receive the raw meter readings and store them on their servers. The Efergy website hosts the interface but the raw data goes to a domain that is registered to Hildebrand.

Boot Sequence

I have a box stamped with HK 1.1 Firmware AU on the bottom of it. I can't guarantee other regions behave the same way but here goes.
  1. DHCP request is broadcast to network. Device waits for a repsonse.
  2. DHCP response received. Device starts resolving using DHCP-provided DNS server the hostnames "" and "" where "aabbccddeeff" is the MAC address of the device.
  3. Device requests from the resovled sensornet host IP the URL https://<ip>/get_key.html. Response is HTTP/200 of the form "TT|ALPHANUMERIC"
  4. Device requests from the same host IP the URL "https://<ip>/check_key.html?p=TT&ts=
    0000019D&h=<some hash>. HTTP/200 with an empty response is returned.
  5. Device starts posting periodically to https://<ip>/h2 with "Content-Type: application/eh-data" and content of the form: "123456|1|EFCT|P1,0.00.".
  6. Device periodically also sends requests to https://>ip>/h2 with "Content-Type: application/eh-ping" and an empty body, presumably just to let the service know it's alive.
Some other nice tidbits:
  • SSL is used but certificates are never checked so MITM is very easy to do to read the data.
  • The "ts" GET argument in check_key.html is not a timestamp. I've seen it go backwards and always seems close to zero. I suspect it's irrelevant as we can return "success" on any data. We don't really care about authentication here.
  • The data format seems to be "<Sensor ID> | 1 | <sensor type> | <INPUT>,<Reading>."
  • I suspect unit of measurement to be in milliamps but haven't yet confirmed this. The user will have to take voltage and power factor into account to work out kW and kW/h.

Update: A fake cloudy thing.

I had a Raspberry Pi that I wasn't doing much with so I turned it into my data logger by running my own DHCP, DNS and HTTPS servers, each pointing the device to the rPi instead of the hildebrand servers. I have a USB to Ethernet dongle to talk to the hub and the rPi ethernet adapter to talk to my LAN. Win! Source code is on github here.

Saturday, 20 September 2014

Graphing HDD health with smartctl

I proudly built myself a front door for my TV cabinet recently - the very same TV cabinet that houses my NAS. Two weeks later and two crashes of my NAS box (that coincidentally uses my drives for swap), I discover 2 of my 4 HDD's had started giving errors, one had completely died. Turns out this thing called "ventilation" is important after all! *shrugs*

Saturday, 15 June 2013

rPi + tvheadend + shepherd

My home TV setup involves a file server (FreeNAS), a Mac Mini running XBMC and a Raspberry Pi running TVHeadend.

In setting up the rPi side of this, I came across a lot of scattered instructions so I thought I'd bring them together. Nothing is particularly difficult but I suspect I'll be doing this again at some stage in the future so for the sake of myself and others...

Sunday, 19 May 2013

The state of 3D printing

The world of 3D printing has intrigued me for years. An industrial designer friend of mine has been tinkering with 3D printed prototypes and objects for a few years now and I've been surveying the state of things for a while. I particularly liked the look of theForm1 on kickstarter although the limited choice of material is a potential issue. Anyway, for whatever reason, after a few hours of trawling shapeways, I feel compelled to rehash my favourites:

8. I have trouble believing the claim that this actually works. The sheer number of components here and the tolerances they must have is incredible.

7. An elegant chopstick holder that would look at home at the most sophisticated dinner table.
With hashi 1

6. A lens cap holder that attaches to your camera strap. Ingeniously simple and useful and it looks so professional it's hard to tell from the picture what the object actually is.

5. A Galaxy S3 case + credit card holder + money clip + bottle opener. Seriously, I wish I had a Galaxy S3 right now.

4. A blast from my childhood past! Evil tentacle!

3. Serious jewellery. Sure, you have to take it to a professional jeweller to get it properly made but the fact the designs like this can be based on a 3D printed base is still very impressive.

2. You can actually get stuff printed in stainless steel now. Awesome!
Size example

1. This mug looks incredible. Printed in ceremic, the detail is amazing. The price is the only reason I've held back and I assume these will drop significantly with time.