brmlab

User Tools

Site Tools

You are here: Hackerspace Prague » Projects » BrmDoor
project:brmdoor:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
project:brmdoor:start [2018/07/24 19:25] – Support for uploading status to VPS in SpaceAPI.net format, mapping publicly available on brmlab.cz abyssalproject:brmdoor:start [2020/08/05 18:45] – [Adding a new Desfire to JendaSAP and import to brmdoor] abyssal
Line 67: Line 67:
  
 <code> <code>
-cd brmdoor_libnfc/; ./import_jendasap_cards.py /path/to/cards.txt brmdoor.sqlite''+cd brmdoor_libnfc/; ./import_jendasap_cards.py /path/to/cards.txt brmdoor.sqlite
 </code> </code>
  
Line 80: Line 80:
 <code> <code>
 git commit -m "Added card for member Ctulhu" 1234_member_uid_file git commit -m "Added card for member Ctulhu" 1234_member_uid_file
 +</code>
 +
 +===== Adding a new Desfire with authentication to JendaSAP and import to brmdoor =====
 +
 +This is similar to above, but has extra step in programming the Desfire.
 +
 +<note important>
 +The Desfire needs to be programmed with correct signature first, otherwise brmdoor will reject it.
 +</note>
 +
 +Writing a signature on a Desfire card (can be done on raspi or using PN532 reader that is in the lab). You must know the private Ed25519 key matching the public key in brmdoor's config to be able to program the Desfire correctly.
 +
 +<code>
 +./write_signed_ndef_on_desfire.py private_key_in_hex
 +</code>
 +
 +Similar to above, but you add line "desfire" instead of "card" in JendaSAP:
 +
 +<code>
 +desfire 04631982cc2280
 +</code>
 +
 +The parse.py mentioned above will also create ''cards_desfire.txt''. Copy the ''cards_desfire.txt'' to brmdoor and run on brmdoor raspi:
 +
 +<code>
 +cd brmdoor_libnfc/; ./import_jendasap_cards.py --desfire /path/to/cards_desfire.txt brmdoor.sqlite
 </code> </code>
  
Line 129: Line 155:
 of json is in under "state" key - "open" (boolean) and "lastchange" (Unix timestamp).  of json is in under "state" key - "open" (boolean) and "lastchange" (Unix timestamp). 
  
 +Currently to be compatible with old URL (https://status.brmlab.cz/brmd/brmstatus.json) 
 +for the spaceAPI.net since we can't change it and can't submit new, there is alias
 +in ''/etc/apache2/sites-available/status.brmlab.cz.conf'' to directory ''/home/brmdoor-web/spaceapi-status'' where status file is
 +uploaded by brmdoor (it's over SFTP with internal-sftp chroot, ssh-key login, so that in case of compromise of brmdoor there
 +is not much the attacker could do with it (and password can't be bruteforced).
 ===== PIN assignments ===== ===== PIN assignments =====
  
Line 229: Line 260:
   * Setting topic is not finished (python-irc has fairly bad API to retrieve topic)   * Setting topic is not finished (python-irc has fairly bad API to retrieve topic)
  
 +===== Remote access from outside brmlab =====
 +
 +Add following to your ~/.ssh/config, edit your key if necessary (the key needs to be added on brmbar and on brmdoor):
 +
 +<code>
 +Host = brmbar-external
 +VerifyHostKeyDNS = no
 +Hostname = hrach.eu
 +Port = 22715
 +User = brmlab
 +IdentityFile = ~/.ssh/id_rsa
 +ForwardX11 = no
 +UsePrivilegedPort = no
 +Protocol 2
 +
 +Host = brmdoor-external
 +ProxyCommand = ssh brmbar-external nc -q1 %h 22
 +Hostname = 192.168.77.247
 +Port = 22715
 +User = root
 +IdentityFile = ~/.ssh/id_rsa
 +ForwardX11 = no
 +UsePrivilegedPort = no
 +Protocol 2
 +
 +</code>
 +
 +Then ssh brmdoor-external will get you brmdoor shell.
  
project/brmdoor/start.txt · Last modified: 2023/09/17 20:35 by abyssal