brmlab

User Tools

Site Tools

You are here: Hackerspace Prague » Projects » BrmDoor
project:brmdoor:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
project:brmdoor:start [2018/10/06 19:48] – Remote access abyssalproject:brmdoor:start [2020/08/16 18:42] – [Restart brmdoor remotely] abyssal
Line 67: Line 67:
  
 <code> <code>
-cd brmdoor_libnfc/; ./import_jendasap_cards.py /path/to/cards.txt brmdoor.sqlite''+cd brmdoor_libnfc/; ./import_jendasap_cards.py /path/to/cards.txt brmdoor.sqlite
 </code> </code>
  
Line 80: Line 80:
 <code> <code>
 git commit -m "Added card for member Ctulhu" 1234_member_uid_file git commit -m "Added card for member Ctulhu" 1234_member_uid_file
 +</code>
 +
 +===== Adding a new Desfire with authentication to JendaSAP and import to brmdoor =====
 +
 +This is similar to above, but has extra step in programming the Desfire.
 +
 +<note important>
 +The Desfire needs to be programmed with correct signature first, otherwise brmdoor will reject it.
 +</note>
 +
 +Writing a signature on a Desfire card (can be done on raspi or using PN532 reader that is in the lab). You must know the private Ed25519 key matching the public key in brmdoor's config to be able to program the Desfire correctly.
 +
 +<code>
 +./write_signed_ndef_on_desfire.py private_key_in_hex
 +</code>
 +
 +Similar to above, but you add line "desfire" instead of "card" in JendaSAP:
 +
 +<code>
 +desfire 04631982cc2280
 +</code>
 +
 +The parse.py mentioned above will also create ''cards_desfire.txt''. Copy the ''cards_desfire.txt'' to brmdoor and run on brmdoor raspi:
 +
 +<code>
 +cd brmdoor_libnfc/; ./import_jendasap_cards.py --desfire /path/to/cards_desfire.txt brmdoor.sqlite
 +</code>
 +
 +==== Checking that the signature on Desfire ====
 +
 +Can be done with brmdoor, PN352 reader on PC or also on mobile app that can show NFC NDEF data:
 +
 +<code>
 +cd brmdoor_libnfc/; ./test_nfc.py desfire-ndef4
 +</code>
 +
 +You should see something like:
 +
 +<code>
 +{"brmdoorSignature": "ebb7191d3a1133e375bd4bcfe9b271b8246d086c6c93f0753a3a09c6bbc253e7fc3e2fc34f3351989c8b31bd9937747e05173f9377f57a445e7f61c74b4d7388"}
 +</code>
 +===== Restarting brmdoor remotely =====
 +
 +If brmdoor stops responding for some reason, restart it using:
 +
 +<code>
 +systemctl restart brmdoor.service
 +</code>
 +
 +In order to get to brmdoor from outside, you'll need to find a hop server accessible from outside, like bbs.brmlab.cz
 +
 +Sample entry in ''~/.ssh/config'':
 +
 +<code>
 +Host = bbs.brmlab.cz
 +VerifyHostKeyDNS = yes
 +User = root
 +IdentityFile = ~/.ssh/your_key
 +ForwardX11 = no
 +UsePrivilegedPort = no
 +Protocol 2
 +
 +Host = brmdoor-external
 +ProxyCommand = ssh bbs.brmlab.cz nc %h 22
 +Hostname = 192.168.77.30
 +Port = 22
 +User = root
 +IdentityFile = ~/.ssh/your_key
 +ForwardX11 = no
 +UsePrivilegedPort = no
 +Protocol 2
 </code> </code>
  
Line 236: Line 307:
 ===== Remote access from outside brmlab ===== ===== Remote access from outside brmlab =====
  
-Add following to your ~/.ssh/config, edit your key if necessary (Jenda needs to add it on hrach.eu and somebody on brmdoor):+Add following to your ~/.ssh/config, edit your key if necessary (the key needs to be added on brmbar and on brmdoor):
  
 <code> <code>
project/brmdoor/start.txt · Last modified: 2023/09/17 20:35 by abyssal