Routers, NAT and Packets, Oh My!

The last couple of days have been spent destroying my home network, much to the anger of my family for lack of interwebs. From the last post, it was suggested to try out OpenWRT on my router which is essentially a minamalistic version of Linux designed for use with a variety of routers. From their documentation, users and IRC channel, I was told I could record all packet data using tcpdump and pass-through all connections to the iPhone to save on having to build a home-made bridge to do the work. Unfortunately, I tried this several times which almost bricked my router and took several hours to get back online. In the end, I had to revert to the previous configuration but I have decided to upgrade the firmware on both the router (Zyxel Prestigue – 3.0) and the Wireless AP (Linksys WAP54G).

As it stands, this was a postitive move. The upgraded firmware gave me SUA configuration options in the NAT configuration. This allowed me configured a pass-through forwarding all connections from the WAN to the LAN to a specific IP address. I tested this without the bridge and ran tcpdump on the iPhone itself, NOT’ing the IP addresss I was sshing from to avoid heaps of packets showing up from the SSH connection.

tcpdump -w ~/Media/test.pcap host not 192.168.1.33

This was tested to ensure that the NAT on the router wasn’t translating ALL addresses and connection attempts as they wre being passed-through. The last thing I’d need is a heap of adresses originating from within the network. The test was conducted and the test.pcap file was transferred and exmained using Wireshark. This proved successful. I also attempted opening an SSH connection from redbrick.dcu.ie via their proxy server and threw a few bad passwords at it to see what the login attempts would look like. This looked promising.

The following is a screenshot of the analysis with some of the packet info:

.. and some of the packets extracted via tcpdump:

This all looks good. The next step is to a unix box, forward all traffic to it and bridge two interfaces together. I can then begin to sniff on the bridged interface (br0) and record the data. This may be ideal to store into a MySQL db for easier extraction/analysis.

GCC on iPhone – Progress? (Continued)

I EVENTUALLY managed to get back to where I was yesterday after I hit a bump in the road where I stepped back and could no longer compile simple applications on my Mac OSX destined for the iPhone arch. This time, I have created a simple script called ‘gcc2’ which sets all the appropriate options.

#!/bin/sh

GCC=”/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc”

ISYSROOT=”/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.3.sdk”      #3.1.3

EXPECTED_ARGS=3

# check num of args supplied

if [ $# -ne $EXPECTED_ARGS ]

then

#print usage

echo “Usage: `basename $0`: no input files”

exit -1      #exit on error

fi

# e.g. gcc -arch armv6 -isysroot $ISYSROOT -o test test.c

$GCC -arch armv6 -isysroot $ISYSROOT $1 $2 $3

Additionally, I have attached my bash_history file for setting up the environment etc.

abnev-lpt2:iphone-gcc abnev$ cat test.c

#include <stdio.h>

int main() {

printf(“Hello, World!\n”);

return(0);

}

abnev-lpt2:iphone-gcc abnev$ /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc -arch armv6 -isysroot /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.3.sdk/

abnev-lpt2:iphone-gcc abnev$ /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc -arch armv6 -isysroot /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.3.sdk -o test test.c

abnev-lpt2:iphone-gcc abnev$ cd ~

abnev-lpt2:~ abnev$ mkdir bin

abnev-lpt2:~ abnev$ cd bin

abnev-lpt2:bin abnev$ pico gcc2

abnev-lpt2:bin abnev$ PATH=$PATH:/Users/abnev/bin

abnev-lpt2:bin abnev$ chmod 755 gcc2

abnev-lpt2:bin abnev$ gcc2

arm-apple-darwin10-gcc-4.2.1: no input files

abnev-lpt2:bin abnev$ cp ~/test.c .

abnev-lpt2:bin abnev$ gcc2 -o test test.c

abnev-lpt2:bin abnev$ ./test

-bash: ./test: Bad CPU type in executable

abnev-lpt2:bin abnev$

Just an extra note, to make sure the environment would be set up after reboots etc I modified my ~/.profile to include the correct PATH environment variables pointing towards ~/bin where gcc2 now resides. This was done by adding/changing the line:

export PATH=/opt/bin:/opt/local/bin:/opt/local/sbin:$PATH

to

export PATH=/Users/abnev/bin:/opt/bin:/opt/local/bin:/opt/local/sbin:$PATH

I’ll continue trying to get it to compile using libpcap.

GCC on iPhone: Part II

Still having iPhone GCC woes. I managed to install gcc including the 2.x toolchain from cydia using a fake-libgcc. However, there are still errors when compiling even the simplest of programs.

abnev-ip1:~/Media root# gcc -o test test.c

ld: library not found for -lgcc_s.10.5

collect2: ld returned 1 exit status

According to http://code.google.com/p/iphonedevonlinux/wiki/Installation it is possible, but I’ll need to download the 3.0 SDK. Unfortunately, the 2.0GB~ download is a little too much for my 1MB line at home so it’ll have to wait until I get to DCU. In other news, I did manage to install tcpdump and ran a quick test to make sure it was all working OK.

1:33:38.903154 IP 192.168.1.50.ssh > 192.168.1.52.49387: P 1867428674:1867428866(192) ack 2428888530 win 32942 <nop,nop,timestamp 845296227 63933475>

21:33:38.909314 IP 192.168.1.52.49387 > 192.168.1.50.ssh: . ack 192 win 65535 <nop,nop,timestamp 63933481 845296227>

21:33:39.919579 IP 192.168.1.50.62892 > dns1.cwm.dublin.eircom.net.domain: 46550+[|domain]

21:33:40.219556 IP dns1.cwm.dublin.eircom.net.domain > 192.168.1.50.62892: 46550 NXDomain*[|domain]

21:33:40.227206 IP 192.168.1.50.58897 > dns1.cwm.dublin.eircom.net.domain: 9756+[|domain]

21:33:40.628665 IP dns1.cwm.dublin.eircom.net.domain > 192.168.1.50.58897: 9756 NXDomain*[|domain]

21:33:40.634025 IP 192.168.1.50.ssh > 192.168.1.52.49387: P 192:496(304) ack 1 win 32942 <nop,nop,timestamp 845296245 63933481>

21:33:40.639611 IP 192.168.1.52.49387 > 192.168.1.50.ssh: . ack 496 win 65535 <nop,nop,timestamp 63933498 845296245>

21:33:41.640218 IP 192.168.1.50.59648 > dns1.cwm.dublin.eircom.net.domain: 29753+[|domain]

21:33:41.858044 IP dns1.cwm.dublin.eircom.net.domain > 192.168.1.50.59648: 29753[|domain]

21:33:41.864215 IP 192.168.1.50.ssh > 192.168.1.52.49387: P 496:624(128) ack 1 win 32942 <nop,nop,timestamp 845296257 63933498>

21:33:41.865938 IP 192.168.1.50.ssh > 192.168.1.52.49387: P 624:1200(576) ack 1 win 32942 <nop,nop,timestamp 845296257 63933498>

21:33:41.869402 IP 192.168.1.52.49387 > 192.168.1.50.ssh: . ack 624 win 65535 <nop,nop,timestamp 63933510 845296257>

21:33:41.870228 IP 192.168.1.52.49387 > 192.168.1.50.ssh: . ack 1200 win 65535 <nop,nop,timestamp 63933510 845296257>

21:33:42.867115 IP 192.168.1.50.ssh > 192.168.1.52.49387: P 1200:1920(720) ack 1 win 32942 <nop,nop,timestamp 845296267 63933510>

21:33:42.873265 IP 192.168.1.52.49387 > 192.168.1.50.ssh: . ack 1920 win 65535 <nop,nop,timestamp 63933520 845296267>

Success (sort of) for now.

GCC on the iPhone

Originally, before upgrading to 3.1.3, it was possible to download and install GUN C Compiler via Cydia which worked without a problem. It was also possible to install libpcap via Cydia and a test was conducted to access the wireless interface. Inspecting ‘ifconfig’ while connected to my home network allowed me to identify the network interface of interest.

abnev-ip1:~ mobile$ ifconfig

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet 127.0.0.1 netmask 0xff000000

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255

ether f8:1e:df:ad:ec:5a

pdp_ip0: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1450

inet 10.52.79.5 –> 10.52.79.5 netmask 0xffffffff

pdp_ip1: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024

pdp_ip2: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024

pdp_ip3: flags=8011<UP,POINTOPOINT,MULTICAST> mtu 1024

en1: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500

ether 0a:0b:ad:0b:ab:e0

This again matches the same as OSX. Writing some quick C code a test was conducted with success.

#include <stdio.h>
#include <pcap.h>

int main(int argc, char *argv[])
{
pcap_t *handle; /* Session handle */
char *dev; /* The device to sniff on */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
struct bpf_program fp; /* The compiled filter */
char filter_exp[] = "port 23"; /* The filter expression */
bpf_u_int32 mask; /* Our netmask */
bpf_u_int32 net; /* Our IP */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char *packet; /* The actual packet */

/* Define the device */
dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
/* Find the properties for the device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
net = 0;
mask = 0;
}
/* Open the session in promiscuous mode */
handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf);
if (handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", somedev, errbuf);
return(2);
}
/* Compile and apply the filter */
if (pcap_compile(handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
if (pcap_setfilter(handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(handle));
return(2);
}
/* Grab a packet */
packet = pcap_next(handle, &header);
/* Print its length */
printf("Jacked a packet with length of [%d]\n", header.len);
/* And close the session */
pcap_close(handle);
return(0);
}

This successfully captured and printed the packet length. However, since the upgrade to 3.1.3 this is no longer available. Further investigation showed that libgcc support was removed and is no longer available for the latest version. Following some threads, a google project was found which aims to port gcc over to the iPhone. http://code.google.com/p/iphone-gcc/wiki/Installing. In the mean time, a meeting has been set up with the supervisor (Stephen Blott) to discuss the various approaches I’d like to take towards the development of this project.