domingo, 31 de mayo de 2009

My empirical experience with new Ubiquiti Products

(Perdonad los hispano-hablantes porque publico este artículo que tenía escrito para un foro inglés y no lo he traducido de momento al español...)


My name is Yago Fernandez Hansen, and I am a computer IT security specialist, and before this, I am a 802.11 technologies’ enthusiast. I’ve been working for years (since the beginning of these technologies) in implementations, equipment and security. I work very actively learning, deploying and teaching. I have also to say that I am a fan of Ubiquitis’ products, and therefore I buy every new equipment deployed by them. The main reason for this, is that one can find the best quality products for a relative good price by Ubiquiti. So I have known every product branded “Ubiquiti” from their beginnings. The last products they have created are the result of well done things in the past, and the way they are working is very creative. This article is not only good publicity for the brand; I am an independent consultant, so I have to value not just the positive things, also the negative ones. My opinion is that Ubiquiti is growing so quickly that they have to take care of the consequences of this. They have to maintain not just the stocks (now difficult to get some products), also the qualified technical support and forum. I know that this is a difficult thing in the actual years, but do not let it go down.

So, I was testing in my lab the new products I’ve bought from this brand (RouterStation with SR2, XR2 and XR5 minipci cards installed, Bullet2HP, and two boards from another manufacturers). The reason why I am testing these parts is that I am trying to deploy an appliance as a practice for a new book that I am beginning to write, about Wi-Fi security auditing. What I am going to describe here is not the full process of deploying it, but just my personal opinion about the products, and mostly the problems I found, and the way to solve them. As they are very new products, maybe not as tested as they should be, there are many unanswered support questions about them. Because I could find myself some of the answers to solve that problems, I have to share them as usually the people do with the Internet community.

Ubiquiti Bullet2HP



This was my best option for doing my small appliance, as it is small, powerful, very good quality components, rugged, and outdoor prepared. This is a very innovative product that I will use as outdoor AP and PPP Wi-Fi station, and the price is also acceptable for this kind of product. I did read in someone’s blog, and also in Ubiquiti help support forum, that it was possible to reflash it with OpenWRT, as it comes with AirOS operating system and Web configurator. AirOs is a good option; I use it for every “normal” Wi-Fi deployment. It is very light, stable and powerful OS for Ubiquiti products based on Linux. But that’s not what I wanted, so I heard about OpenWRT compatibility and I decide to reprogram its memory with this OpenSource Linux and so I did it. Based on some manuals I got about reflashing Ubiquiti products, I did it, but what was the problem? I could make it work and boot with a very light OpenWRT prepared for Ubiquiti hardware, but after doing this I had no extra free memory space for anything. I could not free any memory (Bullet includes 4/16Mb ROM/RAM) and they have not momentary plans to upgrade it. That was the end of my practices with Bullet, and I was very sad about it. The next test will be with PicoStation2HP that includes a board with more memory in. As conclusion: nice product to use it “as is”.


Ubiquiti RouterStation

This is a relatively new product, similar to others you can find from Mikrotik, and I do not want to compare both, as they have their own market and maybe (not now) in the future they will compete in the same segment of the market. But as RouterStation and future RouterStation Pro are both in their beginnings, Ubiquiti have to work more in the software (OS) for them as they are factory flashed with OpenWRT OS. This is not a problem, either is a positive thing, but please, do not just flash it and include it in the OpenWRT site. You have to work a little more in optimizing it and doing a stable repository for it. After knowing well its hardware and reading a ton of manuals, Wikis, forums and blogs I began to work in my new RouterStation based Appliance and everything worked as thought (alright). I used to have some pain about configuring OS and software packages without a local keyboard and monitor, not just having one Ethernet port (and a RS-232 without converter and cable). I was scared about loosing LAN connectivity in one of my tests. But there wasn’t any problem. In first place, I installed in the three slots: a Ubiquiti SR2, a XR2 and a XR5 minipci card. I did install some OpenWRT repository IPK packages and they worked well. As it was finished for the moment, and I was happy enough for it’s functionality and power. So I decided, as I usually do, to update and upgrade its Linux (here with “opkg update” and “opkg upgrade” and I saw a big list of system packages upgrade coming from the stable repository. After some minutes, as it was finished, I decided to reboot (I come from Windows OS) and … It was the last time I could log into RouterStation. Oh dear! Now I could feel what was the problem of not having a monitor connected to it… I tried with every default IP address named in manuals or blogs, but no connectivity. I began to read more and more documentation about debricking this boards (JTAG was not a good solution, sending to USA also not…). I found very strange procedures using about three consoles to do different things at the same time, but I think I was not as quick as I should. The thing that I could notice with Wireshark connected and sniffing is that every time that I booted up it was sending three ARP requests asking for 192.168.1.20 address. But after that: nothing. It is the ROM preloader module that is announcing itself. I opened an instance of the TFTP32 wonderful software and I putted it in TFTP client mode pointing to the 192.168.1.20 address, I explored for the RS-OpenWRT.bin file in the file box and I took out LAN POE connector. After that I pressed with one hand the reset button and introduced the until some of the lights (specially RF) lighted on. Very quick I pushed the “put” button in TFTP32 to send the file, and … Bingo! It began to send the new binary ROM to the RouterStation. It’s very important not to use the OpenWRT Atheros AR71xx binary file of the repository: you have to use the bigger one that’s in the Ubiquiti support forum or you will be for days installing modules and packages needed, for example, for the Atheros cards.



The other problem with Ubiquiti Wi-Fi cards is something that is affecting many other professional Wi-Fi products. I understand the importance of the legality in the use of the Wi-Fi products, but there must be a limit in the application of these laws for the hardware and software manufacturers. As in the DVD films industry there are some Regulatory Domains that regulate the use of frequencies and TX power limits in the different countries and regions. But if I am deploying a product to be sold in many different countries I have to have the keys to software programming it to be used in all the places I could sell them. In the precedent years it didn’t matter if I bought a card in UK, Spain US, or China. I could use it wherever, but now with the actual madwifi-ng, ATH5K or ATH9K it is difficult to do it. I know I can hack the source code of the modules patching them and then compiling them. But Ubiquiti cards that I had came from factory with 00h Regdomain (Not Enumrd) that used to work for every country. Now in Spain I could not get working the 13 permitted channels. And when I talk about Wi-Fi auditory we have to get the full spectrum analyzed in both 2.4 and 5 Ghz to know if there’s a transmitting station in these channels that are not allowed. So please, work a little more in the drivers include in the flashed distribution. I had to change card’s regdomain to Japan to get the 14 channels working.

Conclusion: Ubiquiti RouterStation is very young product with possibly a great future. We’ll keep watching them grow.

PS: After some of these upgrade problems Ubiquiti has released a new wiki manual for the RouterStation explaining what happens with the upgrade and other interesting things. I know that one have to read everything to be informed, but that was a big failure with the bootloader from Ubiquiti/openWRT.

I have received an email of Ubiquiti Tech Support (Mike Ford) department explaining that they don't give any support for Open-WRT, and I have criticized this actitude because they announce the OpenWRT distribution as a part of their products. I don't aprove that private enterprise use the openSource community for their interest without helping it.

(Sorry for my mistakes when I write in english language)

Bienvenidos todos los que entrais con buen pie en mi blog

Llevaba meses mascullando la idea de crear un blog para poder transmitir a los demás esas interesantes experiencias que voy viviendo cada día gracias a mi trabajo, mis amigos, mis conocidos y mis ganas de experimentar, etc. No se si a alguien le podrá interesar lo que tengo que contar, pero a mí si que me va a gustar contarlo aquí. Me voy a tomar este blog como un método psicológico para desahogar mi alma y liberarme de esas frustraciones que a veces me atenazan, pensando en lo desaprovechado que a veces me siento, cuando no puedo ocupar o comunicar mi conocimiento y experiencia.

Soy una persona de esa antigua generación que se inicio en la informática de pre-adolescente, mediante aquellas arcaicas pero entretenidas máquinas de la época del commodore 64 o el spectrum. Mi primer PC fue un 8088, y aprendí todo sobre MS-DOS, Novell Netware, DATALAN, Cobol, Basic... algo que ahora a muchos le suena como artículos de museo. Pero desde entonces no he parado de estudiar y aprender todo lo relacionado con la informática profesional, y desde hace ya unos buenos años especialmente con la seguridad. Es por eso que hablo de mi experiencia que veo bien empleada, cuando me dedico a dar cursos o conferencias o a escribir artículos o libros. Pero cuando no hago nada de esto durante días, semanas... siento "el mono" de transmitir o colaborar con otros profesionales y de hacer algo productivo. Durante estos periodos de tiempo, lo que hago es estudiar y aprender nuevas cosas para mantenerme al día.

La famosa "Crisis" nos quita, pero también nos da. Nos da otra visión de las cosas, de la vida y a mí, también ha dado bastante más tiempo libre para poder aumentar mis conocimientos en el mundo de la seguridad informática, que es mi trabajo, pero también mi pasión.

Mi intención en este blog es contar un poco mi experiencia semanal con temas relacionados con la seguridad y el hacking, pero también mis pensamientos y mis vivencias. Que sean de interés general o no, que lo decida cada uno, pero por lo menos daré la bienvenida desde aquí a mis amigos y colegas de profesión.

Yago Fernández Hansen