Android binary blobs and hadidi

While fiddling with cyanogenmod builds I was curious if the binaries in the TheMuppets repo for LGE binaries correspond to the current offerings of google.

The official binaries come in three self extracting tarball/shell files for the three companies providing the drivers and I wanted to quickly check against a checkout of the TheMuppets binaries.

As I had no tool handy to do the job and my python os getting rusty anyway I cobbled together what I wanted and pushed it to github: https://github.com/asmw/hadidi.

All of the files not in the official binaries seem to have to do with Widevine DRM.

P.S. hadidi has some extra options like selecting the hash algorithm, printing hashes or being quiet and communicating through the exit code.

P.P.S. Binary Blobs Suck

Using your OpenPGP card with Debian (Update 1)

Introduction

For some time now I’ve had an OpenPGP (version 2) smart-card laying in my drawer, waiting to be used.

When I bought it a couple of months ago I wanted to use the card together with a card-reader featuring a pin-pad. What I had at hand at that time was a Reiner SCT cyberJack standard combined RFID and smart-card reader with alleged Linux support. I never got that one to work properly. (Looking at some mailing list posts the situation could be better now, I might give the reader a second chance one day)

So I went ahead and bought an SCM ChipDrive pinpad pro (SPR 532), as those are supposed to work according to the docs.

My current reader:
spr532

 

Anyhow, I couldn’t get the setup working the way I wanted. The reader worked, and I could use the card by entering the PIN on the computer, but I could not get gpg to use the pin-pad on the card-reader. I tried different versions of gpg (1.4, 2.0, packages, self-built …) to no avail.

Frustrated I banished the card to my drawer.

Lately I’ve been working on a project at work which involves a cryptographic smart-card and decided to give it another shot.

So here’s a HOWTO getting your OpnPGP 2.0 smart-card working on Debian stable (7.1) using a SCM Chipdrive pinpad pro. The results are probably transferable to other distributions.

If you have any ides for improvements, please let me know.

HOWTO

  • I assume you have already set it up. If not follow the docs
  • Install Debian stable (I chose all defaults for a desktop install)
  • Attach the reader
  • Install additional packages: gnupg2 gpgsm
  • Launch a terminal
  • Import your cards public key: gpg2 –import yourpubkey.gpg
  • If your are not using a fresh install and have the pcscd package installed and the pcscd daemon running. Stop it for now (service pcscd stop). This has to be done before launching the agent. (Update: doesn’t seem to be required)
  • Add the following line to your ~/.gnupg/scdaemon.conf: enable-pinpad-varlen
  • Start a gpg-agent: eval $(gpg-agent –daemon)
  • Run gpg2 –card-status to make the card known.
    • If it isn’t check your setup, this should work out of the box
    • There might be issues with using the key on the card if you already have a secring (~/.gnupg/secring.gpg). If you have troubles, try moving it out of the way.
  • Create a test file: echo “I’m a test file.” > test.txt
  • Test the card: gpg2 –detach-sign –output test.sig test.txt

You should then hear a beep from the reader and get a pin entry pop-up with a signature count:

Screenshot from 2013-09-08 16:45:28

Enter your pin on the reader and admire your new signature.

As a side note: Realize that you are putting your keys on a proprietary piece of hardware with a proprietary operating system. If you are bothered by that read on here: http://www.fsij.org/gnuk/

Note to self: remote kernel updates

Whenever you feel the urge to remotely switch the kernel of a system you have no physical access to for another week because you ‘really need feature XYZ now‘: don’t.

*Sigh* I really wanted that iptables module. See what it got me.

Update:
Turns out everything went ok with the machine itself, but the static DHCP entry didn’t do its job.
Meh

Note to self: debian packages

On a clean debian system I need to install these:
apt-get install tmux vim openvpn openssh-server iotop htop bash-completion avahi-daemon aptitude fail2ban elinks gnomint

…and purge nano…
aptitude purge nano