kristoff

You mean "copy the photos you have taken but you not want in your device if you would get checked on your way back out to a server in a hostile country " ?

99.99% if the normal tourists do not have a personal server to store their photos. They use a commercial cloud. By using your personal server, you behave differently from 99.99% of the tourists.

" Why do you keep your images to your personal server and not the cloud? What do you have to hide? "

HI, Thanks for the info (and also thanks to PoVog).

My experience with mqtt is limited. I once set up a ejabberd server to try it out. It works but -as I mainly interested in federated chat- it was not that interesting. There was a lot less traffic and the rooms that exist that had traffic had a big issue with moderation (i.e. spam content). The S/N ratio of the discussions was a lot less then on matrix or other platforms.

I also notice it was missing some features that are do are present in matrix, like the ability to edit messages. From how I understand it, the modulator nature of XMPP is a nice idea but as there is a large diversity on clients and the features they support, it does seems to come down to only the lowest common domininator to really work well.

As I have just set up a pi5 as my new selfhosting-server, I might give it a try again, and see how well the transports (like slidge as mention by PoVog) work.

Concerning the URL issue, as explained, it kind-of looks like a normal side-effect of the principle of server authentication. Alsom your use-case (one server, one client) it not the normal goal why chat-servers are build. Even in a non-federated use, you have multiple clients connecting to it. Cchanging the server hostname will impact all clients, so is probably a very rare scenario. I did see you use synapse. I do not know if you dendrite or conduit have the same behaviour.

perhaps a stupid question, but are there bridges for XMPP ? My impression is that XMPP is as good as empty (I do use it mainly as a federated service). Is there still a lot of active development on the XMPP side of things?

I do not understand your point with 'you cannot change the URL'. If you use matrix as non-federated and just the only user, what is the problem that you need to change the URL when you need to set up a new server on a new URL? Not being able to change the server at the same URL seems like a logical concequence of authentication, be it for server-to-server communication as for client-to-server communication.

I think I read something about that but I do not know the details.

It fhat is true, that would be good news. Thanks for the info. 👍

There was an example of an ethical hacker that bought up old email-domain names of police offices, city councils (name of city changed due to Mercer) and so on. He received quit a few mails with quite sensitive data.

Well, let's look at this high-level. Let's look at how (say) FSK decoding is done. Let's concider a audio signal of 1200 and 2200 Hz.

From what I've seen of oldl RTTY machines, how it was done in the beginning was simply by filtering: you take the audio, create two audio filters, one at the low frequency and one at the high frequency. Then, on both outputs you do signal detection (AM demodulation) and you get two voltages. Compair them (or subtract one from the other) and you get your data.

Another option, if the two frequencies are sufficient close together and you can filter the signal that you only have that signal and no other stuff, if simply do FM demodulation. After all, FM modulation is that you take in a voltage and output a sinewave of a certain frequency. The higher the input voltage, the higher the frequency. So, invert that, if you input a signal of either 1200 or 2200 Hz into a FM demodulator, you will a voltage that is (say) 1 volt for the 1200 Hz tone and 1.5 volt for the 2200 Hz. Then set a threshhold at 1.25 volt (which you can determine by taking the average of all the voltages of -say- the last 10 seconds), and you can determine if you have received a "0" or a "1" tone.

Another option, if you work with an SDR and you have IQ data, if to first downconvert the audio. The middle between 1200 and 2200 Hz is 1700 Hz. Create a sinewave of -1700 Hz (yes, minus 1700 Hz, negative frequencies!) and mix it with the received signal. As a result, you will get a signal of either -500 Hz or +500 Hz. (*) FM demodulate that, and you get a negative or a positive voltage.

(*) 1200 - 1700 = -500, 2200 -1500 = +500

Now, in this case, the signal is quite far apart (7 KHz) and there are kind of other signals inbetween these two carriers. If you have a SDR, you can just take in the complete signal (say, sample at 20 Ksps), filtering out all the unwanted signals and then process it like any other FSK signal (as described above). Another option I guess would be to use two receivers (two sessions to a websdr), set one at 7.061 (500 Hz below the lowest) and the other at 7.067 (1500 Hz below the highest tone). Apply filtering that you remove all other signals. Your computer should then play out two tones: a 500 Hz for the lowest carrier and a 1500 Hz tone for the highest carrier. Mix and record the audio, and then then process it like a normal FSK signal.

Yes, .. signal-processing can be fun.

Ah. Concerning the signal itself and the meaning of the bits. I heared your latest podcast episode after I wrote my previous post. I agree. Perhaps it simply do not mean anything. We live in strange times, so it can be anything, .. or nothing :-)

Concerning this particular article, perhaps the vulnerability here are not a mallicious software packages, but the management of these software repo's.

Should it be possible to upload a package on a repo with 99% of the same name as one that already exists without some additional checks?

I do not mind banning hammers for the visitors or a museum, especially if there is an exhibition of art that is concidered "unacceptable" by a certain group of people.

I run a small setup on a seperate server segment (2nd router behind my main router) so it is on the internet. I run nextcloud, an dendrite and conduit instance (matrix chat-server servers), a mastodon and go-to-social instance (fediverse), bitwarden (password manager), and others.

If there is a service that you do not want to be publically accessable by everybody but you do want to access from everywhere on the internet yourself, check out client-side TLS (https) certificates. The server does is accessable from the internet put only people who have a TLS certificate on their client signed by you can access it. For services that do not require incoming connections from other machines (e.g. nextcloud, bitwarden, ... but no federated services like matrix-chat or the fediverse) that is a very good option to protect your servers.

011111001101110001011101001100101010100100100010100001001101000111110101101001010011111100000001101101010001001011110010110001000110011000111000011000001110110000101011001001110011101010111111110110110011110001101011100100001111011101111010000010000001011 0111110011011100010111010011001010101001001000101000010011010001111101011010010100111111000000011011010100010010

Hi Otto,

First of all, it is just me or is the wav-file on your github repo actually empty (just 2 byes)?

Concerning the data you receive. Nice capture finding out it is a repetative pattern.

As said, I am not at all a SIGINT expert, but let's see how far we can go with this/

So, what next? Question 1: OK, we've got a repetative pattern, so it is probably a data packet that is repeated continuesly (or multiple data-frames that happen to be all the same) But where does the packet actually start?

One important thing about digitale communication to keep in mind when dealing with digital communication: synchronisation, synchronisation and even more synchronisation!

Although the transmission has a fixed bitrate (and hence, timing), the receiver will mever have exactly the same frequency as the transmitter, so it must continuously adapt it own timingf to that of the transmitter. It does that by looking for bit-transistions and correct any error of its onw timing to that. So what you really want to avoid is large number of all-zero and all-one patterns, or at least, in actual data of the frame.

If you look at the bitstreaming, you see that '0000000 ... 1101101010' pattern.

The 7 consecutive 0 bits probably are a no-data indication.

The following bits are -I guess- the 'start of frame' pattern that indicates .. well, the start of the frame. Note that there are a lot of 0-1 alternations in that pattern. That helps the receiver synchronise itself to the received bitstream. The slight variation on it (i.e. the additional ´1' in front of it) might be there to avoid 'false positive' start-of-frame detections.

Now, as for the rest of the packet. As you have only one single packet, it is very difficult to determine its exact meaning. For that, you need to have multiple packets with different data in it.

Hope this helps a bit

edit: Hum .. just noticed there is actually a 8 all-1 bit pattern in the fransmission. A 2nd marker pattern ? strange!

Kristoff (ON1ARF)

I used inspectrum mainly with raw IQ-files from gqrx, so the c16 format is indeed correct.

For me, the great thing about the tool is that it is very visual. (*)

It allows you to get an idea what kind of signal you are looking at (on-off, FSK, PSK, ...) and get a rought idea about timing. That then gives you information to better apply the proper filtering in urh and work from there on. It also allows you to see any "abnormallities" .. e.g. I once came across a signal that sounded to be two-tone FSK, but after closer investigation, you could see that the two tones overlapped (in the time domain).

Concerning the bitstream you demodulated, I am not at all an expert in SIGINT, but I guess we can do some basic research like search forrepeating pattern (that could indicated a start-of-frame indicator), maximum number of consecutive all-0 or all-1 (that can indicate bit-stuffing) etc. The problem with unknown digital signals is that the number of variations of different processing-techniques is almost infinite: scrambling (not encryption, but scrambling) , FEC, ...

(*) The visual element of inspectrum is the reason why I use it in a workshop I give. The workshop I do is similar to the one done by Mike Walters that is on youtube: https://www.youtube.com/watch?v=tGff31uGXQU