News items for tag shiny - Koos van den Hout

I was tuning across the 70cm amateur band and heard lots of weird noises around 433.92 MHz. Which is logical: that's the ISM band (industrial, scientific and medical) so lots of unlicensed low-power signals there.

That triggered me to update rtl_433 and see what I could receive. The answer after some searching how to build a running version: a lot. Including tire pressure monitoring sensors (TPMS) on a nearby car:

time      : 2019-11-16 15:33:25
model     : Toyota       type      : TPMS          id        : fb8c8bf9
status    : 128          pressure_PSI: 38.500      temperature_C: 6.000
mic       : CRC

There is indeed a Toyota parked across the street. I see three different values for 'id' suggesting that three wheels are 'awake' and reporting tire pressure data about every two minutes. According to eavesdropping the wheels, a close look at TPMS signals the sensors should only activate when the car is going faster than 40 km/h or when a special LF signal is active.

My wife bought a new inkjet printer because the previous one was failing. The new one is a HP deskjet 2630, and it has wifi support. Out of the box it was playing access-point on the busy 2.4 GHz band making it even more crowded so I asked her to disable the wifi. She used the printer nicely with the USB cable and asked me to look into putting it on the network so it can be in a different room and not in the way.

Today I had a look into that. I hoped it could be a wifi client. Yes it can. The first two explanations on how to set that up started with 'using the windows HP software'. The third one had 'press and hold the wifi button to connect using wps'.

So I enabled wps on the wifi network, did the wps mating and saw arpwatch note the new IPv4 addres in use.

For a laugh I tried whether it has an IPP server running. It has. So adding it under linux should not be completely impossible. Search for 'linux hp deskjet 2630' and notice it needs the hplip package. Which is already installed in my recent Ubuntu.

So I just opened the cups printer browser, saw the HP deskjet show up, selected that and printed a test page. Which came out correctly.

Typing this took longer than the actual steps I took, and searching websites with explanations took most of the time.

I'm still in the "what just happened?" stage, remembering long fights with printer drivers, network printing and losing everything at upgrades.

Update: Adding the printer in Windows 10 was harder, we needed to use the HP software to add it which tried to sell us "HP instant ink" service before allowing the printer to be used in Windows.

After getting to the magic number of getting contacts with 100 DXCC entities confirmed I applied for (and paid for) the ARRL DXCC award, the American Radio Relay League DX Century Club award.

So I guess I have to admit I'm a serious DX chaser!

Although FT8 does great work for weak signal reception on HF bands it's also nice for the 2 meter band and the 70 centimeter band. So after lots of tries with the 2 meter band I decided to give the 70 centimeter band another try. But, there is one thing: there aren't many stations active in FT8 on 70 centimeter and even when one is active in the nearby area that station may be on a different FT8 frequency. The real standard is not there yet.

Until now I've seen:

• 432.174 MHz
• 432.176 MHz
• 434.670 MHz

I check for activity via the PSKreporter site. My two FT8 on 70 centimeter contacts where on 432.174 and 432.176.

This morning I was looking on shodan for open remote desktop servers in the work network since RDP was mentioned as an attack vector in the latest GANDCRAP ransomware.

Searching for '3389' on shodan found something completely different: an open industrial control system (ICS) for tankstation gauges.

IN-TANK VOORRAAD        

TANK PRODUCT             VOLUME TC VOLUME   VULVOL   HOOGTE    WATER     TEMP
  1  UL 98                 9757      9693    10283    939.2      0.0    20.09
  2  EURO                 2...

According to The Internet of Gas Station Tank Gauges -- Take #2 - Rapid7 this was already a reported issue in January 2015 and according to their research it may be possible to do bad things with this access.

The above is from a gas station I can find on google maps.

Oh I found the way to search for open remote desktop servers on shodan: port:3389.

I noticed the Nomadic Research Labs site was cleaned up a bit more, so I searched again for the article that I read in August 1995 about Steven K. Roberts and his recumbent bicycle Behemoth: "Big Electronic Human-Energised Machine ... Only Too Heavy".

The scans are at BEHEMOTH in Kijk – Dutch Magazine. Interesting detail is that the top left text refers to a picture of a Challenge recumbent. I recently ordered a new Challenge recumbent! Maybe I should find out whether I can find that page of that magazine.

Several things can be related to seeing this article: buying the book Computing Across America, selecting a recumbent bicycle later in life and this idea in the back of my head of future recumbent cycling trips.

I had a serious case of 'ooooh shiny' today. I browsed a bit of Northern Canada news from CBC and found the article Dempster Highway drivers flock to new destination — the Arctic coast about the new Inuvik Tuktoyaktuk Highway which connects the Dempster Highway all the way to Tuktoyaktuk on the northern arctic coast.

So I started wondering whether people are cycling the Dempster Highway. Yes, they are. I found several travel stories, Cycling the Dempster Highway to Inuvik, Cycling the Dempster Highway Part 1: Hungrier than the bears - Tasting Travels and Dempster Highway to the Arctic about one cyclist who cycled from Vancouver to Inuvik on a recumbent.

I may have found some future cycling ideas there. Those ideas aren't really new, from time to time I get back to thinking about Computing Across America and Steven K. Roberts.

A while ago I found out about Ham Radio Signs who make custom signs with your callsign (or anything else). I really liked the idea and decided I would 'gift' myself one when I got my new callsign after upgrading to the full license. So after I was able to register PE4KH I ordered the ham radio sign for it in the style/colour I wanted. It arrived today and I'm happy with it.

It needs 12V-13.8V power but that is usually not a problem in an amateur radio environment!

Op sommige repeaters hoor ik mensen wel eens roepen dat ze "'m aan het haakje gaan hangen" als ze willen stoppen met meepraten. Dat verwijst naar het haakje of clipje waaraan de handmicrofoon opgehangen kan worden.

Ik had van een stukje koperdraad een simpel haakje gebogen maar dat was niet echt handig en viel wel eens van de plank af. Dus toch maar eens uitgekeken naar een echt goed beugeltje. Op de beurs in Rosmalen kon ik geen aanbieder vinden. On-line even gekeken en terecht gekomen bij Microphone Hang Up Clip for KMC-30,KMC-32,KMC-35,KMC-36 en nu kan ik 'm dus ook aan het haakje hangen!

Het is een hele nette microfoonhouder, die ook in een auto of boot zou werken, er zit een veer achter die de microfoon vasthoudt.

This evening when I had time to play with the radio the HF bands I can use were already going 'silent'. But I left the setup running om 14.070 MHz in fldigi in PSK31 mode. This is the recommended standard frequency for PSK31 in the 20 meter band, so a lot of people will try there first. I saw a CQ call from EA9BO and fldigi filled in the country as Ceuta & Melilla which I did not recognize.

Map of Ceuta and Melilla, from Ceuta-melilla.png, Wikimedia Commons, Anarkangel

Which means one thing: a contact with a new country! I was able to answer his call after he had contacts with a few other stations and he got my signals and we had a short QSO. Afterwards I looked up Ceuta & Melilla which are the two autonomous Spanish cities that are within Morocco.

Again amateur radio learns me new things about geography! I already have looked up a number of interesting city names in eastern parts of Europe because of what I received as the cities of radio amateurs I had contacts with.

Oh and this is the first contact on the African continent.

For a while I have been considering my wishes for a more elaborate amateur radio. What I want to do with it is continue and expand the use of amateur satellites, and try to get into PSK31 on HF, starting on the 20m band. So a list of must haves and should haves arose: all-mode, portable, computer assisted tuning, HF support, 2 meter and 70 centimeter and an increas of power from 5W.

Adding it all up and looking for a reasonable price I ended up considering the Yaesu FT-857(D). It's in the middle between the FT-817 (too low power, still 5 watts) and the FT-897 (too heavy: 3.9 kilograms). And a reasonable pricetag, were other amateur radio brands have nothing comparable or at a much higher pricetag. I went looking for a second-hand one and when we got back from holiday a nice one (FT-857 with DSP and installed filter, and a remote control+DTMF hand microphone) showed up from Communicatie Centrum Venhorst - Hilversum and I bought it. Picked it up this week, and I am learning using it. I listened to SO-50 this evening using this radio with a lot of wires on the table in the backyard.

Radio setup - FT-857, PC power supply for 12V, laptop, Arrow antenna: ready for amateur satellites

It was clear I also need headphones to listen to amateur satellites on this radio so I'll get the parts to connect a headphone soon. Cables for computer assisted tuning and interfacing to a computer sound card are already ordered.

This radio also allows me to access SSB satellites, so I'll have to learn how to do that.

The good news about the SO-50 pass: there were QSOs going on, the person just calling CQ and never listening to the answers was missing.

There are great things happening at the moment: the NASA ISEE-3 satellite from 1978 is going to pass earth again in August 2014. Due to budget cuts and cleanups at NASA they decided to not do anything with the satellite. International Cometary Explorer - Wikipedia.

The first signals from this satellite were received in March: AMSAT-DL and Bochum Observatory Detect ISEE-3 Transmitters - Space College and since that moment people have been busy with it. The satellite was supposed to be switched off but it wasn't completely switched off and it receives enough solar power to overcome the lack of energy storage. A project was started named the ISEE-3 Reboot Project - Space College to get in touch with the satellite again and control it to make the course correction to return to the original orbit. With crowdfunding this project was able to get started quickly and the project received the control keys from NASA to be able to command the satellite. The first commands were successfull: Happy Dance Video: First Successful ISEE-3 Commanding - Space College when the satellite was ordered to send more telemetry data.

I'm following this story as I think it's great: commanding a satellite that has been in space for 36 years. The amateur radio angle is that recent developments in amateur radio have made this possible: the kind of specialized equipment that was needed in 1978 is now done with software defined radio and really good amplifiers.

Browsing from one hamradio web log to the other I came across this gem: Humorous Repeater IDs - KB6NU's Ham Radio Blog. Don AE5DW of Amateur Radio Newsline recorded some humourous IDs for repeaters.

Repeaters have to announce themselves on their output frequency on a regular basis (the rules for this can differ per country). Default is an output of the callsign in morse code or synthesized voice, but the above is what you get when you let someone with a good voice and experience in radio making.

After trying owx to talk to my Wouxun KG-UVD1P transceiver a co-worker who is a licensed radio amateur showed me CHIRP: an open source programming tool for amateur radio which does the programming of memory channels for different types of amateur radio sets with a friendly and easier to understand user-interface. For example I can select a set of channels from another channel list and paste them in my list.

Installing it on my laptop with Ubuntu was easy since chirp is available via the ubuntu-hams-updates ppa.

As a christmas present I got a hamradio transceiver, a Wouxun KG-UVD1P. I should not use it until I get the right amateur radio license! All the more reason to study for it and pass the exam.

Wouxon KG-UVD1P image from RadioPics Database

I plan to use it to work FM repeaters when I get my license. I hope to do long rides on the recumbent again and using this radio at the same time. It is a small radio, it fits in my hand. The speaker microphone should make use on the recumbent easy.

Otherwise I'm getting myself familiarized with it and trying to understand it all. I bought it with a speaker microphone and a programming cable and software. The software with the programming cable came on a recordable small-format CD-ROM and only mentioned Midland product numbers so I had to look up that the Wouxon KG-UVD1P is also known as the Midland CT790. This is Windows software and since the cable has a PL2303 serial/usb convertor you also need a driver for that. Programming repeater names and frequencies into the radio using the software is easy.

Having to use Windows isn't my idea of very usable hardware, so I searched whether someone had already done something and I found Open Wouxon (OWX) which allows reading the radio and writing it from Linux and other Unix versions. Reading over the serial/usb cable worked the first time:

$ owx-check -p /dev/ttyUSB0 
Found radio: KG669V
$ owx-get -p /dev/ttyUSB0 -o file.bin
Found radio: KG669V
Reading address 0x1FC0 (99% done)
$ cp file.bin backup.bin
$ owx-export -i file.bin -o wouxon.csv
$ vim wouxon.csv

and I was able to make some edits, writing data back gave me timeouts on the first few tries where the owx-check utility showed perfect communication with the radio.

$ owx-put -p /dev/ttyUSB0 -i file.bin -r backup.bin 
owx: Radio not responding
$ owx-check -p /dev/ttyUSB0 
Found radio: KG669V
$ owx-put -p /dev/ttyUSB0 -i file.bin -r backup.bin 
owx: Radio not responding
$ owx-check -p /dev/ttyUSB0 
Found radio: KG669V
$ owx-put -p /dev/ttyUSB0 -i file.bin -r backup.bin 
Found radio: KG669V
Skipping address 0x1FF0 (99% done) 

Strange, but in the end it all works.

The manual of the Wouxon KG-UVD1P gives me the idea that this radio is one where a lot is done in software. It can be programmed to go outside hamradio bands for other uses. The manual is somewhat terse and the English used isn't too great, but it works for me.

I found this review of the Wouxon KG-UVD1P by N9EWO which has more on longer use and compares it with other amateur radio sets. I'll post updates on this after I get to actually use it.
Reviews of the Wouxon KG-UVD1P at eham.net

Wouxon KG-UVD1P manufacturer webpage

Vandaag een PTT Ericsson model 51 DTMF geleerd met behulp van de DTMF omzetter van picbasic.nl met ondersteuning voor PTT Ericsson model 51. Een wandtoestel wat een ontwerp is uit 1951. Het toestel wat we onderhanden hadden had een productiedatum 'VII 1964', vermoedelijk dus juli 1964. De PTT W65 is de opvolger hiervan.

Na het werkend krijgen van de DTMF omzetter hebben we het toestel aangesloten op een Cisco ATA 186 die gekoppeld is met de asterisk testcentrale zodat we de sprekende klok in asterisk en het weerbericht in asterisk konden bellen. En natuurlijk de telefoon laten rinkelen!

One thing I love to do here at BA HQ is feature beautiful, time-lapse videos of the night sky. The advent of high-definition digital cameras has led to an explosion of these videos. If the photographer takes care, the result can be an ethereally lovely and (ironically) other-worldly feel to the animation.

My pal Christoph Malin is one such photographer. He is a member of The World At Night, a global effort to make more people aware of the beauty of the night sky. Over the past year and a half, he’s been traveling to the volcano island of La Palma, one of the Canary Islands off the coast of Morocco, filming the landscape and skyscape there. He generated over a terabyte of raw images (!!) and put them together to create this gorgeous time lapse video, Island in the Sky.

You want to watch this in HD and fullscreen.
Via Time-lapse video: clouds and stars over the volcanic La Palma Canary Island

Interesting article/presentation: Pen tester builds wifi war-bike about a motorcycle with war-driving capabilities based on kismet coupled with a heads-up display driven via a Raspberry Pi.

The video in the article of the presentation is not very good, and I can't find a website about this project at the moment.

Ik heb meegedaan aan de hackcontest ter ere van 20 jaar SURFcert. Ik vond het belangrijk om mee te doen omdat de Universiteit Utrecht betrokken is geweest bij de opzet van SURFcert.

De contest bestond uit twee delen: een eerste deel waarin een ketting van puzzels opgelost moesten worden. Deze challenge was afgeleid van een van de Dragon Research Group challenges. Elke stap leverde een URL op naar de volgende stap. Een stap met een qr-code met een gemenigheidje er in (de meeste qr-code software leest geen gespiegelde qr-codes), een stap met een .pcap file waar een sessie met urls uit gehaald moesten worden, een stap met een .exe file die een ROT-47 versleutelde url bevatte (waarbij de wat meer op windows gerichte onderzoeker een decompiler zou gebruiken) en een jpg file met een url erin gestopt met steganografie met encryptie.

Het tweede deel was een 'capture the flag': het inbreken in een niet geheel up-to-date windows computer met metasploit en dan het daarop vinden van 5 'flag files'. De inbraak lukte met een msrpc exploit en daarna ging het vinden van de eerste 2 files vlot voor mij. De 3e en de 4e kon ik vinden nadat ik van de meest recent ingelogde gebruiker op het systeem alle 'Recent Document' links aan het volgen was.

Het eindresultaat was dat ik gewonnen heb! Surfnet maakte het gelijk bekend: Spannende hackcontest SURFcert gewonnen door Koos van den Hout.
Juist die gedachtensprongen die nodig waren om alles op te lossen maakte het leuk en uitdagend voor me.

Interesting google ad: "Thank you for helping us measure IPv6", linking to Measuring IPv6 - APNIC. Yes, that was a session over IPv6 from home.