Recover FreeOTP Codes

First you have to instal adb and get it running on your smartphone.

$ adb shell

Afterwards issue the following command. Be aware that the output will be saved in the same folder:

adb backup -f freeotp-backup.ab -apk org.fedorahosted.freeotp

Use the Android Backup extractor to get decrypt the ab file:
https://github.com/nelenkov/android-backup-extractor

abe.jar unpack freeotp-backup.ab freeotp-backup.tar

Unpack the .tar file and the only file you care about ist tokens.xml.

Use the following pyton script to get the tokens ( assuming tokens.xml is in the same folder as your python script):

#!/usr/bin/env python

import base64, json
import xml.etree.ElementTree as ET

verbose = False

root = ET.parse ('org.fedorahosted.freeotp/sp/tokens.xml').getroot()
for secrets in root.findall ('string'):
    name = secrets.get ('name')
    if name == 'tokenOrder':
        continue

    secret_json = secrets.text
    print ("secret name: {}".format(name))
    if verbose: print ("secret json: {}".format(secret_json))
    token = json.loads(secret_json);
    token_secret = token["secret"]
    if verbose: print("token secret: {}".format(token_secret))
    secret = bytes((x + 256) & 255 for x in token_secret)
    if verbose: print("token secret bytes {}".format(secret))
    code = base64.b32encode(secret)
    print("token secret base64: {}".format(code.decode()))

Keep processes running after ending ssh session

  1. Create a ssh connection to your linux station.
  2. Type screen and then start the process you want. (assumption, screen is installed)
  3. Press Ctrl-a and then Ctrl-Shift-D.
  4. You can now log out of the ssh session.
  5. In case you can come-back later you can type screen -r. This will resume your screen session and you can see the output of your processes.

php and apache2 on Ubuntu (clean install for composer)

I had multiple issues in getting a clean setup for composer.

WARNING: Module json ini file doesn't exist under /etc/php/7.2/mods-available
Moodle requires the json PHP extension. Please install or enable the json extension.

And many more.

In order to get a clean set-up. I fully uninstalled php and apache2 . The purge command is the trick here as it also removed configuration files.
Please pay attention in your environment. This means all your apache and php configuration is gone afterwards. If you want to keep it make backups of  the most important files like php.ini and apache2.conf

Afterwards execute the following commands.

sudo apt purge php*

sudo apt purge apache2*

sudo apt install apache2

sudo apt install php libapache2-mod-php php-mysql

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer

 

Headless Raspberry Pi

Step 1. Download a lite Raspbian image

Download the version you need. As we want to install a headless version download the Raspian XXXXX Lite version.

Step 2. Copy the image

From a Linux terminal use the following command to find your SD Card:

sudo fdisk -l

This will show you something like

Disk /dev/sdc 14.86 Gib ......

Ensure you select here the correct disk.

Afterwards copy the image with the following comand. Replace /dev/sdX by the correct path.

sudo dd bs=4M if=2019-07-10-raspbian-buster.img of=/dev/sdX conv=fsync

Step 3. Enable ssh

To activate ssh at the first start you just have to create a file ssh in the boot folder.

touch /run/media/your_username/boot/ssh

The path above might be different on your system.

Step 4. Add network info

Create a file in /run/media/your_username/boot/ called: wpa_supplicant.conf.

sudo nano /run/media/your_username/boot/wpa_supplicant.conf

Then paste the following into it (replace your country code, SSID and Password):

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev 
update_config=1 
ap_scan=1 
fast_reauth=1 
country=JP 
network=
{ ssid="network SSID" 
  psk="network password" 
  id_str="0" 
  priority=100 
}

Step 5. Find your Raspberry Pi in your network

One solution is to login to your router.

In case you do not have access to your router you can scan your ip range with nmap. Use the following command and search for your Raspberry Pi:

sudo nmap -sP 192.168.0.0/24

Adjust 192.168.0.0 to your ip range. In many cases it is 192.168.1.0 or 192.168.100.0

Step 6. Login to your Raspberry Pi

Use the following command to login:

ssh pi@192.168.0.150

Password by default: raspberry

 

ip route for wifi

In case you want to route the traffic of your linux machine of a specific IP through a specific interface ip routecommand should be used.

One example below asuming wlp2s0 is your wifi.

sudo ip route add 155.100.200.0/24 via 192.168.1.1 dev wlp2s0

This will lead all the traffic with target ip range 155.100.200.0/24 trough the interface of your wifi (assuming 192.168.1.1 is the wifi router).

I did not yet found a solution to route the traffic of a target “domain” through a specific interface. Happy for any input.

 

Pi-Backup automation

My Raspberry Pi has many little applications and it happend already 2 times that the microsd was not working anymore. Therefore I decided to automate a weekly backup for my NAS.

To get the job done. First you have to mount your NAS towards your Raspberry Pi.

  1. Make a mount towards the NAS
    Create the folder /mnt/backup
  2. Edit the the fstab file
    sudo nano /etc/fstab
  3. In my case it looks liket this
    //192.168.100.2/folder/on-your-nas /mnt/backup cifs iocharset=utf8,uid=1001,gid=1001,x-systemd.automount,x-systemd.requires=network-online.target,vers=1.0,credentials=/home/user/.ds414-pi-backup.creds
  4. create a file for the credentials
    nano ~/.ds414-pi-backup.creds
    You might want to set chmod / chown permission to ensure nobody else can check your .creds file.
  5. It should look like this
    username=myNASUSER
    password=myPassword
  6. To make your changes in the fstab effect type
    sudo mount -a

Test your shared drive. You might want to re-start to check if the mount works fully automatically.

Once the shared drive is working download the following great script. https://github.com/lzkelley/bkup_rpimage
The script is fully based upon input from : The Raspberry Pi Backup Thread.

  1. Put the file in the desired location. I have it in /mnt/backup
  2. Make the script executable
    chmod +x /mnt/backup/bkup_rpimage.sh
  3. Test the script. I run it with the following command
    sudo ./bkup_rpimage.sh start -L backup-$(date +%Y-%m-%d).log -czd /mnt/backup/$(uname -n)-$(date +%Y-%m-%d).img
  4. Create a file calling the bkup_rpimage.sh with the correct variables
    nano /mnt/backup/backup_pi.sh
    The following content
    #!/bin/bash
    SHELL=/bin/bash
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/games:/usr/games
    . /mnt/backup/bkup_rpimage.sh start -czdl /mnt/backup/$(uname -n)-$(date +%Y-%m-%d).img
    chmod +x /mnt/backup/backup_pi.sh
    This will create a backup file, gzip it and removing the unzipped version once finished. Furthermore, it will ad a log file into the folder. The PATH part has to be adjusted to your needs.

    Pay attention to change the PATH variable to your needs. You can find out more about your PATH by just typing env , or you use echo $PATH. Be aware that the cronjob is running with the user of the crontab. In this szenario I decided for root as the script needs multiple permissions only root has. 
    Therefore, the PATH has to be set correctly.
     
  5. Create a cronjob in order to automate the backup
    sudo crontab -e
  6. Add the following line at the end of the crontab file
    0 3 * * 1 /mnt/backup/backup_pi.sh
    This will create a cronjob running every week at 3 a.m

In order to test the script you can also change the cronjob to be executed each minute. Just type * * * * * instead of 0 3 * * * * within the crontab.

Usefull stuff:

In order to see the currently running cronjobs:

ps fauxww | grep -A 1 '[C]RON'

# Then use
Sudo kill PID

To see the furhter logging details: 

sudo tail /var/log/syslog

Restore of the Backup:

In order to restore the backup on a new sd card I just used the following program:
https://www.raspberrypi.com/news/raspberry-pi-imager-imaging-utility/

You just have to select “custom img” and select the previously unzipped gz file.