DIY – Page 2 – Baker Street Forensics

Raspberry Pi Forensics Hacking Gadget

Ever since the 2021 iPad models with USB-C chargers came out, I’ve been intrigued by the notion of Raspberry Pi gadgets. In short, these are Raspberry Pi devices that draw their power, and/or networking from the USB-C port on the iPad Pro.

Having awakened my tinkering spirit with the internet speed monitor project, I was looking for another project. I had one unused Raspberry Pi Zero W in a box of spare Pi parts, so that’s where I started.

I chose Kali for the distribution to use because there are images specific to various Raspberry Pi hardware models, and because the distribution itself supports many popular Linux tools for Forensics and Reverse Engineering. REMnux is my default Linux for malware poking, but to date it’s only supported on Intel architectures.

Know from the start you’re not going to be using this device for processing on the scale of Enron, but for access to a wider toolset when on the go, and especially for training I think it’s a pretty cool setup. If you’re looking to set up a mobile development environment, or still run Kali but with more oomf – there’s number of resources to do so using a Pi 4. Since the Pi Zero W is powered by a USB-micro, it cannot support networking (iPad to Pi) over the USB port. Later models like the Pi 4 (USB-C powered) are capable, but at the time of the project, all mine be were occupied. In this case we’ll be connecting to the Pi over WiFi via SSH.

Grab the image for Pi Zero W (or whatever’s applicable for the model you’re running from https://www.kali.org/get-kali/#kali-arm. There’s plenty of documentation on enabling SSH if it isn’t by default. On this particular build for the Pi, it was. You’ll also want to install tightvncserver.

Depending on which Pi hardware version you’re using, the Pi will have different capabilities. Notably lacking on the Pi Zero W, the resources to run any modern browser. But since I have the iPad that it’s running from it’s not like I’m missing it at all.

Kali supports the installation of what they call meta-packages. These are specific sets of tools or features to support different capabilities (Bluetooth hacking, wireless hacking, etc.) For my build I chose the reverse engineering and forensics packages as those are the tools I’m most interested in experimenting with.

I had a bit of trial and error when it came to the physical USB connections. Originally I had a series of USB-C connecting adapters, terminating with a USB-C to USB micro adapter. When I had this franken-jack plugged into the iPad the Pi wouldn’t power up. However if I had a USC-C cable connected to the jack, or between the jack and the iPad, I could get power (just with a cable I didn’t need.) At some point I had the idea of introducing a USB-A into the mix and voila, power to the Pi. All that said, the final hardware combo consisted of a USB-C (male) to USB-A (female) 180 degree adapter, and a USB-A (male) to USB-Micro (male) adapter.

The 180 degree adapter enables a very low profile while having a reasonable gap for ventilation, even when connected to a Magic Keyboard.

Plug the device into the USB-C port on the iPad a give it a minute or two to boot up.

For SSH on the iPad there’s no better than Blink.

I don’t have VNC running at boot to save on resources, but I have a script in my home directory to quickly turn it on when GUI access is needed.

For VNC I use Jump Desktop, and have a configuration saved for VNC tunneled over SSH.

Raspberry Pi Internet Speed Monitor

DIY, Python, Raspberry Pi, Steampunk

I was looking wistfully at the Lack Rack from my arm chair, admiring the (faux) copper conduit that covered the primary inbound internet link to the switch. I thought it would be cool looking to have an antique steam gauge attached to the piping. Two things caused that idea to quickly change – 1. the going prices for antique steam gauges right now, 2. once I was thinking about it as a gauge I thought an ‘internet speed gauge’ would be perfect. Alas, even if said gauge could be acquired without breaking the bank, converting MBPS to PSI and making it functional is above my level of engineering. So on to the next best thing – a Raspberry Pi hack.

Materials:

Raspberry Pi (3 or 4) with Raspbian 32-bit OS
Case with 3.5 in LCD Display
Copper spray paint 😉
Attention to detail at the command line

Speedtest CLI

Once you’ve got your Raspberry Pi up and running start with the Installing the Speedtest CLI instructions at https://pimylifeup.com/raspberry-pi-internet-speed-monitor/. Complete steps 1-6. When the article gets to Writing our Speed Test Python Script, you can skip that section. I do recommend it from a learning perspective, but the code from that step won’t be used in the final project.

Assuming this is a new installation, you will need to install InfluxDB and Grafana. Complete the respective instructions for each.

Installing InfluxDB: https://pimylifeup.com/raspberry-pi-influxdb/
Setting up Grafana: https://pimylifeup.com/raspberry-pi-grafana/

Continue with the primary article’s instructions for Using Grafana to Display your Speedtest Data.

If you’ve made it along this far, you should have a working Grafana dashboard displaying Upload Speed, Download Speed, and Ping (Latency). If you’re hitting a glitch – go back through what you’ve coded and double check that any references to the user (default = Pi) are accurate for the user on your device. You should be seeing updated data based on the frequency you specified in crontab -e.

Install Grafana Kiosk

Next, we want to set up our device as a kiosk, and have it boot and display the Network Speed dashboard automatically.

Install Grafana Kiosk from https://github.com/grafana/grafana-kiosk. For my installation I used the ARM v6 grafana-kiosk.linux.armv6 release.

Running the Dashboard on startup:

We’re going to use a yaml file to store our dashboard configuration:

Create a new file, config.yaml and populate it as such:

general:
  kiosk-mode: full
  autofit: true
  lxde: true
  lxde-home: /home/(user)
target:
  login-method: local
  username: admin
  password: (password)
  playlist: false
  URL: http://localhost:3000/d/bdf20d32-c4ff-4578-a3f4-7a38e1f722b9/network-speed?orgId=1
  ignore-certificate-errors: false

Be sure to substitute the proper ID wherever you see (user). The URL for the dashboard can be copied from the web interface of the dashboard.

Edit /home/(user)/.config/lxsession/LXDE-pi/autostart

Add a line: (one line, may show as wrapped)

@/usr/bin/grafana-kiosk -lxde-home /home/(user) -c /home/(user)/config.yaml

Save & Exit.

Now when you reboot the Pi, the dashboard should come up full screen after login.

Steampunk or Cyberpunk ?

DFIR, DIY

Had some fun being crafty this weekend and made some design updates on the Lack Rack. I added some Steampunk elements to go with the rest of the office. Bonus – I finally figured out a display means for my retired laptop sticker collections.

Lack Rack part III: the Final chapter

DIY

If you caught the last blog installment you’ve seen that I’m a big proponent of the Steve Jobs “one more thing” methodology.

To ‘finish out’ (as if) the rack design I’ve made two more modifications. The first was reversing the switch positioning and doing some OCD-level cable maintenance.

The last, and the piece de resistance in my opinion, was removing one of the original lower shelves and replacing it with a bank that holds 4 Raspberry Pi. (Pies?)

In case your curious the Pi’s are configured for:

Pi-hole (security, DNS, ad-blocking)
HOOBS (home automation)
NEMS (a Nagios instance for monitoring)
Kali (shenanigans and attack emulation)

That should hold me over for a little while. And I’m really pleased with the results.