Pavol Rusnak #cypherpunk #hacker #openhw #privacy #bitcoin #newmediaart

TREZOR support in Tails 3.0

Tails project released a first beta version of their upcoming 3.0 release based on Debian 9 Stretch. See their call for testing for the official announcement.

There are lot of interesting changes, but the important one for me is that TREZOR now works out of the box in Electrum. No need to install any extra packages or create custom udev rules. As a bonus, you can use TREZOR from command line using trezorctl command.

PS: You cannot use TREZOR with our official TREZOR Wallet in Tails, because TOR Browser is configured in a way that it cannot reach TREZOR Bridge which is running as a localhost service.


If you want to test the release in QEMU like I do, follow these steps:

  1. download ISO image from the announcement above (currently tails-amd64-3.0-beta1.iso)
  2. install QEMU
  3. run lsusb | grep TREZOR, you should see line similar to this: Bus 002 Device 035: ID 534c:0001 SatoshiLabs Bitcoin Wallet [TREZOR]
  4. note the numbers 002 and 035, this is the physical address of the USB device
  5. run qemu-kvm -m 2048 -cdrom tails-amd64-3.0-beta1.iso -usb -device usb-host,hostbus=2,hostaddr=35 where 2 and 35 are numbers from step above
  6. if you run lsusb in Tails you should see the TREZOR device in the listing as well

You should never ever run Tails in a virtual machine, this is just for testing!!!

33C3 Highlights

These are my highlights from 33C3 (33rd Chaos Communication Congress):

Console Hacking 2016 - PS4: PC Master Race

thumb

Retail Surveillance / Retail Countersurveillance

thumb

Machine Dreams

thumb

Community - Social Life & Life in the early 21st century

thumb

Making Technology Inclusive Through Papercraft and Sound

thumb

Beyond Virtual and Augmented Reality

thumb

Bootstraping a slightly more secure laptop

thumb

Dieselgate - A year later

thumb

Software Defined Emissions

thumb

Wheel of Fortune - Analyzing Embedded OS Random Number Generators

thumb

radare demystified

thumb

Technicolor Web of Sound on Spotify

technicolor

My friend is a big fan of psychedelic music from the 60s and 70s. Recently, he told me about the (now defunct) internet radio he really enjoyed listening to: Technicolor Web of Sound. He also mentioned that the website has a list of all artists and their songs that used to be in the rotation. I immediately got an idea to scrape the list and convert it to Spotify playlist.

And here’s the result:

Enjoy!

PS: The playlist does not contain all songs, only the ones that are available on Spotify. Also it might contain bogus entries, because it is autogenerated. Please, send me an email in case something is wrong. Thanks!

Temporal space-time anchors

I guess I was around 15 when I came up with an idea. I thought it was quite ordinary and didn’t bother to think about it more. Recently, it came to me again out of the blue. With much better access to the net, I tried to find someone else who came up and documented this idea, but I failed. So here it goes:

Suppose, you are out with your friends and you want to mark a particular point in time (and space). Maybe something interesting happened and you don’t want to discuss it immediately or you just want to make some space-time reference point for past and future events. All you need to do is just say: “I’m creating an anchor” or just “anchor” later on (when your friends are aware of the concept).

When you are with your friends later again, you can use this anchor in your conversations. Some examples:

  • “We went to sleep 5 hours after the anchor.”
  • “What was the song that played 15 minutes before the anchor?”
  • “Let’s tell Peter, we’ll meet him at the anchor in 30 minutes.”
  • “There is a nice church 500 meters south from the anchor.”
  • “Do you remember the nice clouds that appeared when I created the anchor?”

More people can create an anchor and one person can create more anchors during one day, but I generally don’t recommend it as it gets messy easily. :-)

Running SSH on a Raspberry Pi as a Hidden Service with Tor

Have you ever tried to solve the following problem? I did. Many times.

You have just finished installing a brand new Internet node, but you need to connect to it (usually using SSH) to perform some tasks. The issue is that this node usually lies behind NAT, does not have a public IP, its local IP keeps changing or even worse even the public IP is changed by ISP from time to time.

This problem is usually solved by port forwarding on a router that has the public IP, but this is not very usable in more complex network environments.

Another option is to create a VPN where you connect your node, but this requires quite a big effort to get it working (both server and client side).

There is another way, which I find quite easy and elegant at the same time. Let’s use a Hidden Service created via Tor network! We don’t really need anonymity in this case, but it comes as a nice bonus.

I will use Raspberry Pi and Raspbian Jessie in this example, but this should work almost anywhere with small changes.

  • Login to Raspberry Pi and enable SSH daemon if it was not enabled (it is on by default in Raspbian).

  • All commands below should be run as root, so either spawn a root shell using sudo -i or prepend each line with sudo.

  • Update the system and install Tor package:

apt-get update
apt-get install tor
  • Edit the Tor configuration file /etc/tor/torrc and add the following lines:
HiddenServiceDir /var/lib/tor/sshd/
HiddenServicePort 22 127.0.0.1:22
  • Create the directory you specified above for the SSH hidden service:
export SERVICE_DIR=/var/lib/tor/sshd/
mkdir $SERVICE_DIR
chmod 700 $SERVICE_DIR
chown debian-tor.debian-tor $SERVICE_DIR
  • Enable and start the Tor service:
systemctl enable tor
systemctl start tor
  • If everything went OK, you are able to print the hidden service hostname using:
cat $SERVICE_DIR/hostname
  • Which should print something like this:
vxbdqtv2ber7js5y.onion
  • Your node is now available from anywhere in the world using this onion address! But how do we connect to it?

  • You need to install and start Tor on your local computer in a similar fashion you got it running on Pi, but don’t create a hidden service there.

  • Once Tor is running locally, open your SSH config (~/.ssh/config) and add the following:

Host *.onion
  ProxyCommand /usr/bin/nc -xlocalhost:9050 -X5 %h %p
  • If you are having problem with nc/netcat above (various distributions ship different variants), you can use socat instead:
Host *.onion
  ProxyCommand /usr/bin/socat STDIO SOCKS4A:localhost:%h:%p,socksport=9050
  • Finally, you can now connect to your node using SSH and the hostname from above:
ssh pi@vxbdqtv2ber7js5y.onion
  • Congratulations!

The Internet of Things is so 2015. Let’s give a big welcome to the “Darknet of Things” or #DoT. :-)


If you want to make your connections even more secure using HiddenServiceAuthorizeClient option, see this Nurdletech post.

Trick using host wildcard in SSH config is inspired from rtyler’s post.

For further reading I recommend Hidden Service Configuration Instructions from Tor project website.