Wednesday, December 28, 2016

The dead (RadioShark) walks again!

One of the problems with Linux is that people cannot leave well enough alone. There's always someone that comes along, claiming that they have a "new and improved" method for performing a specfic task. It doesn't matter that their solution is non-universal. In this case, libhidapi (the replacement for libhid) is non-functional on Ubuntu (there's too many issues with using it). Since libhid was considered legacy, support for it was removed from Ubuntu.

For us not-really-a-good-programmer types, this can be a problem. In my case, the code for the inherited RadioShark is no longer compilable (even though the kernel recognizes the device and loads the proper kernel module for it).

Getting the RadioShark v1 working on Ubuntu 16.04.1 turned out to be a happy accident on my part. It shouldn't work but does. It relies heavily on the fact that people included compilied binaries with their code (as always, run at your own risk). I use this because it gives me a starting point at which I can sniff USB traffic and reverse engineer what needs to be sent to the RadioShark to control it. The bad news is that the provided source code still will not compile.


Following are the employed steps, just in case you're interested.

1) Grab libhid-dev_0.2.15+2006.325-2.2ubuntu1_i386.deb.tar.gz, which is attached to the forum post at:

2) Create a working folder, move the tarball into it, and untar the tarball. This creates three files:

  • libhid0_0.2.15+20060325-2.2ubuntu1_i386.deb
  • libhid-dev_0.2.15+20060325-2.2ubuntu1_i386.deb
  • python-hid_0.2.15+20060325-2.2ubuntu1_i386.deb

The third is not needed, unless you plan on using Python to control the RadioShark (and I doubt that it'll work in any case).

3) Use dpkg to install (first) the libhid0 file, then the libhid-dev files. Both will spit up errors about configuration but the libraries get installed. Note: you may need to run "apt-get install pkg-config" before using dpkg, and "apt-get -f install" afterwards.

4) Download the shark 1.0 tarball from:

5) Untar the tarball and cd to shark-1.0/bin/linux/i686. By default, the blue LEDs on the RadioShark should come on when you plug in the device. Run the following to see if you have control over the device:

  sudo ./shark -blue 0
  sudo ./shark -red 1

6) Tune a station by running:

  sudo ./shark -fm 98.7


1) If you hear nothing (not even static), open your PulseAudio volume control. Under "Input devices", you should see an entry for "Radio SHARK Analog Stereo", with a moving level meter underneath it. If the volume control is greyed out, hover your mouse to the left of the button with the lock on it. Another button should show up (this is the mute button). Click it to unmute the stream.

2) If there's no "Radio SHARK" entry in the PulseAudio Volume Control's "Playback" tab, run the following as your user:

  pactl load-module module-loopback

To make the above permanent, add the following to the end of /etc/pulse/

  load-module module-loopback

Update: The above does not work with USB 3.0 interfaces. Luckily, I have a computer with both USB 3 and USB 1.x/2.x buses.

Monday, December 26, 2016

Why it (crypto) is what it is

This week's Cron.Weekly newsletter included a pointer to Laurens Van Houtven's Crypto 101 web site. The site includes: a download link for his pending book and a You-tube link to his lightning-stlye PyCon 2013 talk, which discusses how we got "here" and "why". Even if you don't read the book, I recommend watching the video.

I'm reading the book now. The forward indicates that the book discusses the video's topics in greater detail, as well as providing hands-on experiment so that they reader can understand how specific types of crypto are considered broken. Will make additional commentary on the book later.

One initial comment that I can make: I wish this book had been around in the 70's, when I first learned Boolean math. We went into great detail on logic circuit design (including PCB fabrication) and LVH's book would have been a nice addition to the curriculum (I have the impression that it might be a good "foundation" book for that old curriculum).

Update: LVH's blog is here.

Saturday, December 24, 2016

RadioShark v1 on Ubuntu 16.04.1

Friend gave me a RadioShark v1 and a challenge (get it working on a current Linux distro). Woke up a bit early this morning and started pounding on it. Per usual practice, I started with other people's code (this is where I am now). It works because the tarball maintainer ( included a statically linked binary.

The tuning and LED functions work but (also as usual) there's bugs: no matter what command (other than "-h"), the binary stalls for 60+ seconds before it executes and returns. This doesn't affect the audio though.

Reversing this is going to be a challenge because Ubuntu no longer supports libhid, which was primarily a 32-bit library. I'm hoping that I can either port the code to use the libhid-api library or bypass the library calls altogether. If you know me, you'd realize that my preference is for the latter.

For now, I'm enjoying listening to local stations while catching up on a backlog for the document manager. Will take a first crack at tracing/debugging later today. I'm also wondering if plugging a USB1 device into a USB3 bus might have something to do with it.

Thursday, December 1, 2016

What was I reading in November 2016?

November was one of those very busy months, even with a couple holidays in the middle. I had a lot of fun with a NodeMCU, after a friend talked me into acquiring one (looking forward to acquiring and ESP32 now). Because of it, I'm revisiting all of my experimentation with I2C devices, this time without the Raspberry Pi! The home server is back online with (mostly) new hardware. Had to shuffle some peripherals to get it to work properly. (I now have two spare MSI video cards (w/ noisy fans) in my junk box. Anyone want 'em?)

I also acquired a Vocore1+Dock. Haven't had time to play with it much but I'm wanting to turn it into a portable access point for those ad-hoc/early evening demos for small groups/classes. (Note to self: the Vocore2 is out!)

December's looking to be similar to November. I'm considering burning some of my vacation time, just to take a break (have been burning the candle in the middle as well as the ends). In any case, I'm likely to need the time to set up the VMs and network for next semester's class.'

Other: A few weeks ago, I used Amazon Drop for the first time. They installed a Drop in a couple of the local grocery stores. I like it as I no longer have to worry about deliveries disappearing from the front steps.

Other: Only two more classes in this semester. Some of you still haven't given your presentation. Considering taking points from those that wait until the last minute (or maybe giving extra credit to those who present early?).

In any case, this past month's reading...


- Cryptanalysis of Enigma


- YBlog - Learn Vim Progressively Knowing Vi/Vim is a survival skill. You may not like Vi/Vim, but it's everywhere. You should know (at least) the basics. It's sizable enough that you cannot learn it all even in a single semester.
- The Mirai Botnet is Proof the Security Industry is Broken - Methinks that Max has given up. (Hint: if a service is that valuable, you should be runnning a local, non-public (or controlled-access) instance of it.


- So you think you know C? - (Partially a note to self) It's good to have reminders that you should remain humble.
- Bugsnag Blog - Benefits of using tmux - From the Know-your-tools department...


- C for Python Programmers
- Leonard Cohen Dead at 82


- Gridmaster - Learn Spreadsheets by Doing - Training!
- Docker user? Haven't patched Dirty COW yet? Got bad news for you.
- Would California be more successful as an independent country rather than as a state? - (sigh) And who's not catching on that wanting to set up your own government, because you don't like the current one, only amounts to you switching sides. Short version: you're incorrectly assuming that everyone in California agrees with you. Move on (or wait here). Another election will come around shortly. (Meh.)
- New attack reportedly lets 1 modest laptop knock big servers offline - This was a configuration issue. Blaming Cisco accomplishes nothing. Note that the author doesn't explain the different ICMP packet types. Also, with 1 TB of traffic, it isn't just endpoint firewalls that are "straining"...
- What So Many People Don't Get About the U.S. Working Class - Missed point: what about the internal shenanigans revealed. Why isn't that "influence" was used to skew the primaries for both parties also being discussed?
- Cubietruck: Ubuntu SSD install and boot from disk - This is a nice stepping-stone method to installation of Ubuntu 16.04 on the Cubietruck.


- The 7 most vexing problems in programming


- A Theory of Taxonomy
- Metasploitable3: An Intentionally Vulnerable Machine for Exploit Testing
- Killing Lara Croft
- Practical Cryptography


- Oracle and Dyn
- At Sea- The sailor's verion of "Fun with Flags".


- How Install Microsoft SQL Server on Ubuntu / RHEL / Centos / Docker - Don't run off bellowing that MS works with Linux just yet. This is a limited version of MS SQL.


- JTAG Mobile Phones - I'll add: being able to solder small "stuff" is important.


- Wells Fargo says that its customers gave up right to sue by having their signatures forged - Wait! Wut?
- DNS leak test
- Learning to Read x86 Assembly Language


- Hackers Breached San Francisco's Transit System and Demanded a Ransom
- An Ivy League professor explains chaos theory, the prisoner's dilemma, and why math isn't really boring

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.