Raspberry Pi SSH over Bluetooth

Dec 13, 2019

This post was inspired by the write up about PITA from evilsocket where they describe a way to connect and SSH into a Raspberry Pi using Bluetooth. I decided to try to reproduce that part of the write up, ran into some issues but finally got it working. This has only been tested on a Pi Zero W so far but should work fine on other models as well.

Let’s start by installing some dependencies:

apt install pulseaudio pulseaudio-module-zeroconf alsa-utils avahi-daemon pulseaudio-module-bluetooth bluez
git clone https://github.com/bablokb/pi-btnap.git
# install btnap as a server
./pi-btnap/tools/install-btnap server

Edit the bluetooth configuration file /etc/systemd/system/bluetooth.target.wants/bluetooth.service and disable the SAP plugin by changing the ExecStart line as follows:

ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap

Set the name that the device will present over bluetooth /etc/bluetooth/main.conf

[General]

# Defaults to 'BlueZ X.YZ', if Name is not set here and plugin 'hostname' is not loaded.
# The plugin 'hostname' is loaded by default and overides the Name set here so
# consider modifying /etc/machine-info with variable PRETTY_HOSTNAME=<NewName> instead.
Name = <ENTER THE NAME HERE>

Note the dhcp-range configured for dnsmasq by running cat /etc/dnsmasq.conf. Edit the btnap configuration file at /etc/btnap.conf with the following:

MODE="server"
BR_DEV="br0"
# Note the BR_IP you set here as it is the device IP you'll be using
# to connect to the Pi over SSH
BR_IP="192.168.20.99/24"    # make sure in the range defined in dnsmasq.conf
BR_GW="192.168.20.1"        # make sure in the range defined in dnsmasq.conf
ADD_IF="" 
REMOTE_DEV="" 
DEBUG=""

Enable the following services at boot and restart them:

systemctl enable bluetooth
systemctl enable btnap
systemctl enable dnsmasq
systemctl enable hciuart

service hciuart restart
service bluetooth restart
service dnsmasq restart
service btnap restart

Before being able to connect to the raspberry Pi via bluetooth, the device which will be used must be paired and trusted. To do this enable bluetooth on your device and ensure it is visible to devices around it. Start bluetootctl, turn scanning on then find your device in the list of devices. Copy its MAC address then pair and trust it. The steps are demonstrated below:

bluetoothctl
> agent on
> scan on
... wait for your device to show up ...
...
... now pair with its address
> pair aa:bb:cc:dd:ee:ff
... and trust it permantently ...
> trust aa:bb:cc:dd:ee:ff
... wait ...
> quit

“Free up” the wlan0 interface to be used for other purposes by editing the file /etc/network/interfaces as follows:

auto lo
iface lo inet loopback

# enable for bluetooth access
allow-hotplug wlan0
iface wlan0 inet static

# enable for wifi access
# uto wlan0
# iface wlan0 inet dhcp
# wpa-ssid "<SSID>"
# wpa-psk "<PSK>"

Disable wpa_supplicant and reboot:

service wpa_supplicant disable
reboot

After reboot, find the Raspberry Pi on your device’s bluetooth list and connect to it. Open an SSH client and connect to the board on the address set above (192.168.20.99 unless a different one was set). If you’re using an Android phone you may need to place it in airplane mode otherwise the SSH connection does not complete (remember to turn on bluetooth once in airplane mode).

Secure the SSH server as you normally would, for example by disabling password authentication.

Deploying Buscador on ESXi

May 24, 2019 by Danny

Buscador is a Linux distribution created by David Westcott and Michael Bazzell of IntelTechniques to help with OSINT investigations. What Kali Linux is to penetration testing, Buscador is to OSINT and you can read abot the tools included on their site linked above.

Both VirtualBox and VMWare images are provided in OVA format however the latter is only compatible with VMWare workstation out of the box and not ESXi. The manifest file within the OVA contains a SHA-256 checksum to verify the integrity of the virtual machine and virtual disk files within the OVA.

ESXi does not support SHA-256 and expects a SHA-1 hash resulting the the following error message when attempting to deploy Buscador on an ESXi hypervisor: “The OVF package is invalid and cannot be deployed

To replace the signatures follow VMWare’s KB 2151537. In a nutshell:

  1. Download and install the OVFTool from VMWare’s Site
  2. Run the command ovftool.exe --shaAlgorithm=SHA1 /path/to/Buscador.ova /path/to/Buscador-SHA1.ova
  3. Deploy the new Buscador-SHA1.ova file.

Start flight simulator with higher priority

Dec 4, 2014 by Danny

A peculiar issue of Microsoft’s Flight Simulator X is that at times ATC forgets to vector me in to my final destination leaving me cruising at 2000′ burning fuel going away from the airport. There are other troubles with the FSX ATC but this one will be the focus of this quick article. Before we go on please make sure you understand what you are doing and what the consequences can be. I am not responsible for any issues you may run into and the changes below may lead to system instability.

One way to get around ATC forgetting about your flight is to run FSX with higher process priority. If you are not familiar with what this means, Microsoft has a technical description on their website. An extremely over-simplified explanation is that in Windows (and other operating systems) each process started gets a certain amount of time from the processor to do its work. Processes with higher priority get a larger amount of time while those with lower priority get a smaller amount of time. The central processing unit goes around in “circles” to each process and says “Go!” “Stop!” and the process does its work in the time between the two prompts. Process priority can be manually or programmatically be changed (a process can say “I need more dedicated time”). With a higher priority a process has faster access to memory and storage and is able to perform its operations faster and be more precise.

Manually Changing Priority

To change the process priority manually you can use a program like SysInternals Process Explorer.

  1. Start your process (Flight Sim X in this case)
  2. Start Process Explorer
  3. Find the executable in the list of processes (“fsx.exe”)
  4. Right-click on it, select “Set Priority” then “Realtime: 24” or “High: 13”

Changing the process priority using Process Explorer

I would recommend experimenting with the High and Realtime setting. Running the process in Realtime will give it priority over a lot of other processes which could lead to system instability.

Automating Changing the Priority

Changing the priority manually is simple enough to do but what if you forget to do it and only remember 4 hours into a flight? Alt-Tabbing out of Flight Simulator if it’s running in full-screen mode is gutsy and can cause it to crash plus it takes away from the experience. Luckily processes can be given a priority at start time with a few simple lines of batch script:

@ECHO OFF
echo "Start FSX with realtime priority"
:: Start FSX with realtime priority
start "D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\" /REALTIME "D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"

The end result is the same as in the previous section: the process “fsx.exe” will be running with realtime priority.

To use the script above simply open Notepad (Click Start and search for Notepad), copy and paste the script above into the Notepad window and save it with a “.bat” extension. You may need to change some parameters to match your system.

The “start” command I use has the following syntax:

start "{Path to Flight Simulator X directory}" /{PRIORITY; for all possible values <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms685100%28v=vs.85%29.aspx">see here</a>} "{Path to Flight Simulator X executable}"

I like to enclose paths in quotes to make sure they are resolved properly.

Bonus Chatter

This can be applied to any other program as well, flight simulator or otherwise. All you have to do is change the paths to point to your executable of choice.

One thing to note is that the priority assignment only applies to the parent process, it does not get transferred to child processes spawned by the parent process. For example in the image above, while “fsx.exe” will run in Realtime, with priority 24, “aircarriers.exe” and “javaw.exe” below it will not. This is important for simulators such as DCS World where the Launcher is a different process than the singleplayer and multiplayer environments.

There are also other priority values which can be assigned to processes. The full list can be found in the Scheduling Priorities article on the Microsoft website. The “start” command supports the following priority classes:

  • BELOWNORMAL – Start application in the BELOWNORMAL priority class.
  • NORMAL – Start application in the NORMAL priority class.
  • LOW – Start application in the IDLE priority class.
  • ABOVENORMAL – Start application in the ABOVENORMAL priority class.
  • HIGH – Start application in the HIGH priority class.
  • REALTIME – Start application in the REALTIME priority class.

Find out more about the “start” command by running “start /?” in a command prompt.

One last tip if you record games: I often forgot to start FRAPS or DxTory until just before I wanted to take a screenshot or start recording. The same script which sets the priority of the process can be used to start other, supporting programs. To start FRAPS I added start "" "D:\Fraps\fraps.exe" before starting FSX. I also put in a time out of two seconds to allow FRAPS to initialize before starting FSX by adding timeout /t 2 to the script. My final script is:

@ECHO OFF
echo Start FRAPS
:: Start FRAPS
start "" "D:\Fraps\fraps.exe"
echo Wait 2 seconds for FRAPS to load
:: Wait for FRAPS to load (2 seconds)
timeout /t 2
echo Start FSX with realtime status and affinity on all but processor 0
:: Start FSX with realtime status and affinity on all but processor 0
start "D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\" /REALTIME /AFFINITY 0xFE "D:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe"

As always if this is has helped or you have further questions leave a comment below!