Hardware components | ||||||
 |
| × | 1 | |||
 |
| × | 1 | |||
_wzec989qrF.jpg?auto=compress%2Cformat&w=48&h=48&fit=fill&bg=ffffff) |
| × | 1 | |||
 |
| × | 1 | |||
Software apps and online services | ||||||
 |
| |||||
 |
| |||||
So this semester I've been studying in-depth the relationship between the microcontroller and the modules and sensors it uses to communicate with the world. In parallel with my studies, I've been researching and studying way too much of cybersecurity and have been learning in depth Python.
During my Python course, I read :
"Simple is better than Complexe. But Complexe is better than Complicated"
And yeah, any coder can agree with that. But it is probably not the simple way that teaches the best. So having that phrase in the back of my mind for a few weeks, I finally decided to try something complexe, for the sake of learning how to make it reliable and avoid complicating it. I guess the difference between complexe and complicated is that of the underlying understanding one has of the subject, so I'll go in depth through this project and God only knows how long this can take.
I doubt that this project is for you, because if it ends up being what I have in mind, there may be a thousand other better ways of doing. But that's not the objective here. I am aiming for a complexe communication system between three microcontrollers (MKR1000, Mega 2560 and Raspberry Pi B) to simply control a robot car through SSH on my computer.
And in the end, it would be great to see if it's possible to exploit some vulnerability in the communication between the R-Pi and the MKR1000 using Kali. We'll see.
The Main (vague) initial IdeaThe idea is to have my computer connected to a headless raspberry pi through ssh, which in turn is connected as a client to a server created by the mkr1000 which in turn is connected through serial to the Mega, who controls the motor chassis. Sounds Complexe? Good.
Maybe you know how to make a headless raspberry pi, but maybe you don't. I didn't so I'll explain it anyway. I'll explain pretty much everything that i found interesting and didn't know. So...basically every step of the way :)
I) Headless Raspberry PiA Raspberry Pi is pretty much a computer. Without a screen, without a keyboard, without speakers, without a webcam to join your math course over zoom :(
But, it is rarely used as your everyday laptop per se. It is the weapon of choice of Mr. Robot (season 1, ep 5). It is the perfect computer for IoT (sometimes it can be an overkill but just ignore that).
In our case, we'll use it as a bridge between my computer and the MKR1000, but I don't want to complicate the process by connecting a screen and a keyboard to the R-Pi. So in my research i found out that I could connect to it throught SSH without connecting a screen even once! (ignore the ssh, we'll get there, just be happy that you can connect the R-Pi without a screen or keyboard).
So I hope that you are wondering why in earth would I need another computer that I cannot access files, program, or watch my math course over zoom?
Well, to complexify things.
So, a R-Pi being a computer, we need to install an OS on it. We'll just use Raspbian Pi OS because Linux, what else? You'll need an SD card, more than 8gb, and download the Raspberry Pi Imager :
https://www.raspberrypi.org/software/
So it is perfectly straightforward. The isssue is, if you connect the sd card directly on the raspberry pi and turn it on, but the ssh connection won't be enable by default, and we don't want to connect a keyboard and a screen just to enable it, not once, not ever, we just want the possibility of an ssh connection out of the box.
To do so, it is incredibly simple. Just open in the file explorer the sd card (which should be call boot ) and add an empty text file called ssh. This .txt file tells the R-Pi that we want the ssh connection from the start, without complicating things. Now, to setup the wireless or ethernet connection on the R-Pi, create a text file called wpa_supplicant.conf and fill it with the following, changing the paramaters to your country, ssid(wifi's name) and password :
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
scan_ssid=1
ssid="your_wifi_ssid"
psk="your_wifi_password"
}Then boot it up, and we'll dive into ssh now.
II) SSH: Secure ShellI remember as a kid inventing with my best buddies some coded language so we could talk about specific things in front of people we shouldn't. It was mainly giberrish, nothing too smart of course, but it did the trick. We could pass the information between us, in the presence of others, without them decoding the information. And that's what SSH basically is, the coded language, the secured communication protocol two individuals use to pass sensitive (or not) information on an unsecure area.
So, formally:
SSH is a cryptographic network protocol for operating network services securely over an unsecured network
SSH in this project is two times useful: first it lets me connect to the Headless R-Pi , and second it is secure, so it would be interesting far away in the futur to see how to find either a vulnerability in the connection ( which right now I haven't seen any way of hack into an SSH connection without getting the password through Social Engineering, so, per se, we don't actually hack the SSH connection but trick people into giving the password of the connection to us).
If you are curious about social engineering hacking and attacks, check this podcast:
It sounded complicated at first when i heard SSH and cryptographic communication/connection but it was less complexe than I thought. I'll come back to this paragraph later to explain it better.
And to use SSH? Incredibly simple. On Windows, start by installing Putty which is a telnet and ssh client:
I think that in Linux there's no need for it. Mac I have no idea.
Enter raspberrypi.local or raspberrypi in the host name. In my case raspberrypi was the one that worked.
Now if everything went okay, you should get a warning window, just ignore it, and a terminal should open with a console asking for a login and password. This is the default user and password:
login as: pi
pi@raspberrypi's password: raspberryAnd there you go! That terminal right there controls your R-Pi through SSH ! And if you know some Linux, everything is possible with a terminal. A quick ls command shows the default folders of Raspbian.
Warning: you should absolutely change the password as soon you get access to the R-Pi. If by any chance an attacker runs a network scan on your network, they will most definitely see the port 22 either open or restricted (i'll check out what Kali's nmap shows in the near futur for this connection) and try the default password... which would grant direct access to your R-Pi and god only knows what a hacker would do next.
If you're having any trouble with my explanation, check out this guide, it was really helpful:
https://www.tomshardware.com/reviews/raspberry-pi-headless-setup-how-to,6028.html
III) MKR1000 ServerWhat is a Server? In a few words, it is basically some software and hardware somewhere in the planet providing a certain service to another software and hardware somewhere else in the planet.
For example, let's say that your computer doesn't have the required hardware to make a mathematical operation, say 2 + 2. But you absolutely need this operation done for your master thesis. What now?
I was as you would normally do, you'll ask someone else to do it for you. So, through the internet, you would connect to a Server that does have that calculation power. Servers provide various functionalities, which we call services such as sharing data, resources or performing computation for a client. When we connect to a server to ask for such a help, we are the clients, and our services demands are called requests, and the 2+2 result that we asked the server to do for us is called the response.
This is a client-server model implemented as a request-response model.
There are several other models, but we'll implement this one. As users, we request something and we wait for the response. As servers, we wait for a client to connect, we receive it's request and we give them the appropriate response.
How do we implement a Server with such a small MCU such as the MKR1000? I was quite surprised when I received the MKR1000 and learned that I could just run a server on it. At the time, having no computer science basis and almost no MCU knowledge, I just assumed that to start servers one would need huge huge huge data centers, take the example below:
But then again, we're not starting a Social Media Platform, that need's to store on the server side all the information, photos, videos, number of likes, passwords, usernames, relationship status and favorite colour of billions of accounts.
We just receive the commands to execute (=requests) on the Arduino Mega. So yeah, the MKR1000 will do perfectly :)
Well yeah, but how do you start? Go check out the Server.ino code, explore by yourself and you'll identify some of the concepts we talked about earlier. This is what we see when we visit the IP that is shown on the Arduino Serial Monitor :
We now have the client server established, we'll adapt it later to receive and accept commands to control the Mega once we've established the Serial communication between them :)
IV) Mega Motor ControlThere are many types of motors out there. DC, Step, Servo, etc, etc. I'll be using two DC because they're quite easy to control with a motor shield.
If you have some knowledge of EM fields and induced currents, this link shows a great animation of how the DC motors I'll be using work. We will be using a motor shield on the Mega to control them.
V) Serial CommunicationSerial Communication is a huge deal in the MCU's universe. It is a communication process where we send the data one bit at a time in a sequenced fashion, over a communication channel or a computer bus. Let's take the arduino for exemple:
char mystr[10];
void setup() {
Serial.begin(9600);
}
void loop() {
Serial.readBytes(mystr,5);
Serial.print("Arduino Says : ");
Serial.println(mystr);
delay(1000);
}If we run this code and open the Serial Monitor on the Arduino IDE, we can send a string to the arduino and it will store it on mystr (which in this case only has a buffer size of 10, we'll check that later on the python client and the kali part of this process, and check out what a bufferoverflow is maybe?) and then send mystr to the PC over the USB. Run the code, and send whatever string you want, you'll see this:
So Serial communication comes in many flavors and colors. We'll study the UART communication protocol, which stands for Universal Asynchronous Reception and Transmission. Being asynchonous, there is no clock that manages and synchronize the output bits from the sender to the receiver. The communication takes places through three signals : Tx (transmitted serial data), Rx (received serial data) and ground.
So let's say that we connect the MEGA's Tx and Rx to the MKR1000 Rx and Tx, and we ground them together. The serial communication through UART would be:
- The receive process starts with the falling edge of the start bit.
- The receiver waits for 8 clock cycles, in order to establish a sampling point that is near the middle of the bit period.
- The receiver then waits 16 clock cycles, which brings it to the middle of the first data-bit period.
- The first data bit is sampled and stored in the receive register, and then the module waits another 16 clock cycles before sampling the second data bit.
- This process repeats until all data has been sampled and stored. The rising edge of the stop bit returns the UART interface to its idle state.
To go into more detail, i would highly recomend checking this links and this link.
V) Arduino-side synthesisWe already know how to setup a server and receive requests from a client on the MKR1000. We already know how to control the motors with the arduino mega and the motor shield. We just saw how to setup a serial communication between the arduino's. Now we just need to tweek here and there from these different exemples to get what we wanted :
To control the Arduino Mega Motor shield through client requests passed to the MKR1000 server through our web browser. Check out the MKR1000.ino and MEGA.ino files on the git, search for what we discussed earlier, it'll be clearer then. Here's the result (for now :) ) :
Comments