linux Archivi - Pasquale 'sid' Fiorillo

5 February 20255 February 2025

Bit4Shit – Autenticazione CNS e Firma Digitale su Linux Debian/Ubuntu

Anche se “l’anno di Linux sul desktop sarà l’anno prossimo” (cit.), ormai le distro moderne funzionano senza troppi problemi anche per gli utenti meno tecnici.
A complicare le cose, spesso, ci si mettono gli altri. Nello specifico la TS-CNS italiana (Tessera Sanitaria/Carta Nazionale dei Servizi) e il middleware sviluppato da Bit4id.

Normalmente ci sarebbe OpenSC per interagire con i certificati presenti all’interno della Smart Card, tramite le API PKCS#11 fornite dalla libreria opensc-pkcs11.so.
Ma la CNS italiana è “speciale” e quindi ha bisogno di un middleware proprietario. Ci pensa Bit4id ed è scaricabile da qui oppure da q u i come riportato anche nel Wiki di Ubuntu, ma voi non fatelo!.

Fantastico che ci sia la versione per Linux, ma il pacchetto .deb per le distro Debian/Ubuntu utilizza un PATH non standard e installa all’interno delle directory di sistema destinate alle librerie alcuni file (con estensioni .rc e .conf) non conformi agli standard, dove normalmente dovrebbero essere presenti esclusivamente file con estensione .so (ELF shared object).

A seguito dell’installazione, il sistema genera dei warning ogni qual volta venga eseguito ldconfig.

Ho segnalato la questione a Bit4id. Nel frattempo possiamo sfruttare InfoCert GoSign che si porta dietro la stessa libreria middleware (libbit4xpki.so) evitando così di installare il pacchetto buggato.

GoSign è un software per la firma digitale e, visto che supporta la TS-CNS, ha bisogno di quel middleware. InfoCert l’ha inclusa nel suo pacchetto di installazione di GoSign per Debian/Ubuntu.

Autenticazione CNS e Firma Digitale con TS-CNS su Linux Debian/Ubuntu, un’installazione pulita senza warning

Firma Digitale

Scaricare e installare InfoCert GoSign
Fine

Autenticazione CNS con Firefox

Scaricare e installare InfoCert GoSign se non l’avete già fatto
Aprire Firefox, andare su impostazioni, Privacy & Sicurezza, scorrere fino alla sezione Certificati e cliccare “Dispositivi di Sicurezza“

Cliccare su Carica
Inserire come Nome Modulo quello che volete, ad esempio Bit4id e come file /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libbit4xpki.so e date OK a tutto

Fine

Autenticazione CNS con Chrome o Chromium

Installare i tool necessari per gestire l’NSS Shared DB

sudo apt install libnss3-tools opensc-pkcs11

Aggiungere il middleware al DB tramite il comando

modutil -force -dbdir sql:$HOME/.pki/nssdb -add Bit4id -libfile /usr/lib/gosigndesktop/resources/app/node_modules/@ice/dike-core-js/node_modules/@ice/dike-core-linux/native/lib/libbit4xpki.so

Fine

Dev & Hacking

Tool non necessari al funzionamento di cui sopra, ma utili per interagire con la Smart Card

pcscd libpcsclite1 pcsc-tools libccid libnss3-tools opensc-pkcs11

22 March 201816 May 2022

Decoding Oregon Scientific RTGN129 with RTL-SDR [PART 1]

Oregon Scientific RTGN129 is a remote temperature and humidity sensor designed to be used with Oregon’s PRYSMA series stations.
It uses the standard 433MHz band so we can tune our RTL-SDR USB dongle to receive their signal. But how to decode it?

There are plenty of documentation about decoding Oregon’s devices, and Benjamin Larsson’s rtl_433 tool may decode many of 433.92MHz devices but, unfortunately, it didn’t support the RTGN129.

This is the great opportunity to skill myself in reverse-engineering of an “unknown” signal, so I decided to implement it into rtl_433 (Merged pull request: https://github.com/merbanan/rtl_433/pull/634).

From RTGN129 datasheet we have the confirmation that this device transmits at 433MHz.

Oregon uses several protocol versions (v1.0, v2.1, v3.0) so, first of all, we need to discover if our RTGN129 uses one of these. Protocol documentation are here and here.

Instead of using directly rtl_433 in analyze mode (-a flag), we’ll pretend it does not exist and we’ll go down to low level just for fun. A sort of simulated black-box approach.

There are several tools in the wild to analyze the radio signal from an RTL dongle, but one of the best, IMHO, is baudline.

You can use it in the “hacker’s way”, for example:

FR="433.944e6"; SR="2.5e6"; \
rtl_fm -f $FR -s $SR -g 30 -M am | \
baudline -reset -flipcomplex -samplerate $SR \
-basefrequency $FR -channels 2 -quadrature \
-format u8 -fftsize 2048 -stdin

First of all, we need to find the right PPM value to use in the next commands to calibrate our dongle.

rtl_test -p

So we can find the exact frequency of RTGN129 starting from the 433.92MHz:

FR="433.92e6"; SR="2.5e6"; \
rtl_sdr -p 130 -f $FR -s $SR -g 30 - | \
baudline -reset -flipcomplex -samplerate $SR \
-basefrequency $FR -channels 2 -quadrature \
-format u8 -fftsize 2048 -stdin

Where -p is our PPM, -f is the tuned frequency, -s is the sample rate, and -g is the gain (0 for auto). The last “-” before the pipe stands for “stdout”.
433.92e6 stands for 433.92 * 10^6 so 433.92MHz that is more readable than 433920000.

The above command shows you the baudline window. When you see the burst passing in the spectrogram press “pause” on your keyboard, center the signal in the spectrogram area (green background) with the mouse, than center it in the spectrum analyzer (black background) and read the exact frequency on the bottom-right area: 433.95Mhz

Right click on the spectrogram area, then select display, then click wafeform. Now we can see the waveform of the signal in the time domain. To zoom in/out you may use ALT + right and left arrows.

Navigating the waveform we notice that, when the signal is present, the frequency and the amplitude stills the same, and there are silence between two signal, just like in the On-Off Keying!

Basic digital modulation formats:

Now we use “rtl_fm” instead of “rtl_sdr” to demodulate the signal using AM demodulator:

FR="433.95e6"; SR="2.5e6"; \
rtl_fm -f $FR -s $SR -g 30 -M am | \
baudline -reset -flipcomplex -samplerate $SR \
-basefrequency $FR -channels 2 -quadrature \
-format u8 -fftsize 2048 -stdin

and finally visualize the demodulated bits!

If we decode it as “Manchester code” we read:

Instead of frustrating us overlaying red lines in gimp, as I did with the above image, we can use Universal Radio Hacker to decode the stream!

(to be continued …)

16 October 201716 May 2022

Shortening long periods of silence

If you need to shorten the long periods of silence in an audio file automatically, you can use “sox”, the swiss army knife of audio stuff.

sox input.wav output.wav silence -l 1 0.1 1% -1 2.0 1% \
&& ffmpeg -i output.wav -codec:a libmp3lame -qscale:a 2 output.mp3

Reference: The SoX of Silence

29 May 201716 May 2022

Good bye Debian, welcome Devuan!

On 25th May, after 2 years of hard work from the historical fork announce, Devuan Jessie stable has been released! This is a long term support release so it will be maintained until 2020.
This blog was running on Debian Wheezy until now, but this is the time to upgrade to Devuan!

We want linux FREE, simple, and stupid! Now Devuan is the new GNU+Linux universal distribution as Debian was infected by systemd.