Obtain and Decrypt Cambium WiFi Router Password

By default the passwords are “encrypted” so you can not tell what the password is.

No way to view cnPilot WiFi password in the Web UI

We covered decrypting the passwords from the config file from cambium cloud. But what about a local router that is not connected to the cloud. What then?

Thankfully everything you need is on the router. We’ll need to use the command line tools.

1. Enable SSH

First verify that SSH is enabled.

Enable SSH n cnPilot

2. SSH into router

You may need to specify the “diffie-hellman-group1” option if it throws an error.

ssh admin@192.168.11.1 -o KexAlgorithms=+diffie-hellman-group1-sha1

3. Extract Encrypted WiFi Password from config

The config file is stored in “etc/cambium/bkup-config.txt”

cat etc/cambium/bkup-config.txt | grep 

This should dump the encrypted password(s).

Example Output.

WPAPSK1=[c760ba8ffe65c669]
RTDEV_WPAPSK1=[c760ba8ffe65c669]

4. Decrypt WiFi Password

Now we can decrypt the password. Replace the string at the end with the encrypted string

3des_hex -d c760ba8ffe65c669

It should now display the decrypted password

# 3des_hex -d c760ba8ffe65c669
12345678#

Note that it puts the # symbol after the password and if you try to type something in, it clears the line. you can use the following to have cleaner output.

echo $(3des_hex -d c760ba8ffe65c669 )

That will print the password on it’s own line

# echo $(3des_hex -d c760ba8ffe65c669 )
12345678
#

How to Stop a Continuous Ping on Cambium Radio

The Cambium equipment comes with a nice little ping utility when you SSH to it. Very simple to use. Maybe we should say too simple.

usage: ping <host>
       ping -n <count> <host>
                count = 0 for continuous ping

So if I want to continuously ping a website, say incredigeek.com, I can put in the following

ping -n 0 incredigeek.com

Hit return and we are off to the races. But wait. I can’t get it to stop. Ctrl + C, doesn’t do anything, Ctrl + D or Ctrl +Z don’t help either.

Okay well fine. We’ll launch another terminal and ssh into it again and see what we can do. Excellent, now we are in aaand… wait… why are the ping results showing up here too? Help!!!

Buried in the heart of the helpful help command are these lines.

       ping -- Send ICMP ECHO_REQUEST packets to network hosts
    pingend -- End ICMP ECHO_REQUEST packets to network hosts

You don’t say. Well lets try typing in pingend with all the commotion going on in the terminal.

SSH+> pingend
Ping statistics for 142.250.191.206:
        Packets: Sent = 3, Received = 3, Lost = 0 (0% loss)

Well good to know. Saves having to reboot the device.

Adding Email Disclaimer for Entire Domain on WHM/cPanel

Email Disclaimer

Altermime is a small utility that allows you to append a disclaimer to all outbound emails on a cPanel server.

1. Installing altermime

You should be able to copy and paste the following commands in. You’ll need to be root.

cd /usr/local/src/ 
wget pldaniels.com/altermime/altermime-0.3.10.tar.gz 
tar xvfz altermime-0.3.10.tar.gz 
cd altermime-0.3.10 
make 
make install

2. Setup Disclaimer Text

Create two disclaimer files. One is text and the other is for HTML.

Text file

nano /usr/local/etc/exim/textdisclaimer

Add your disclaimer text.

-------------
incredigeek.com

HTML File

Create the HTML disclaimer file with

nano /usr/local/etc/exim/htmldisclaimer

And add your disclaimer HTML to the file. Example:

<p>
-----
<br />
  <a href="http://www.incredigeek.com">incredigeek.com </a>
</p>

3. Modify Exim Configuration

Now that we have the disclaimer files set up, we can move on to configuring Exim so the disclaimer text gets added to every email sent out.

Open up WHM and go to Exim Configuration Editor -> Advanced Editor

Exim Advanced Editor

A. Configuring Routers Configuration

Find the ROUTERS CONFIGURATION section. We will add some configuration in the “Section: PREROUTERS

Add disclaimer to Single Domain

Paste in the following to add the disclaimer to a single domain. Replace “incredigeek.com” with your domain.

disclaimer:
driver = dnslookup
domains = ! +local_domains
transport = ${if eq {$sender_address_domain}{incredigeek.com}{disclaimer_smtp}{remote_smtp}}
no_more
Add Disclaimer to Single Domain

Add Disclaimer to Entire Server (Optional)

If you would rather apply the disclaimer to the entire server, use the following.

disclaimer:
driver = dnslookup
domains = ! +local_domains
transport = disclaimer_smtp
Add Disclaimer to Entire Server

B. Configure Transports Configuration

Once we have that added we can find the “TRANSPORTS CONFIGURATION” section and under the first “Section: TRANSPORTSTART” add

disclaimer_smtp:
driver = smtp
transport_filter = /usr/local/bin/altermime  --input=- --disclaimer=/usr/local/etc/exim/textdisclaimer --disclaimer-html=/usr/local/etc/exim/htmldisclaimer
size_addition = 1
Add Disclaimer to TRANSPOTSTART

That should be everything that you need. Send a test email to an external email account to verify that it works.

Note that it looks like sending an email locally to email addresses on the same domain or to yourself bypass the filter and do not get the disclaimer added.

The following links were helpful for getting this set up.

https://forums.cpanel.net/threads/howto-footer-disclaimer-in-outgoing-mails.98465/

https://pldaniels.com/altermime/

Get list of IP DHCP Leases from Mikrotik RouterOS Command Line

Sometimes it is nice to have a list of just the IP addresses and the hostname or mac address. Can be especially helpful when you are trying to get a list of devices to do a bulk update in LibreNMS. Helpful LibreNMS links for renaming and showing down devices

we are going to run the command to pull the DHCP information and then use Unix utilities to parse the data out.

Replace dhcp8 with the correct dhcp server in the mikrotik.

First, SSH into your Mikrotik router.

ssh user@mikrotik

Next we’ll want to go to the ip dhcp-server lease directory

/ip dhcp-server lease

Now we can run the following command to loop through and pull out all the info we need.
You can change the info like “mac-address” for something like “status”. You can use Tab to see what options are available. Just delete mac-address and hit tab twice.

:foreach i in=[find] do={ :put ([get $i address].",".[get $i mac-address].",".[get $i server].",".[get $i host-name ])}

Found the above helpful info from the following pdf file.

https://mum.mikrotik.com/presentations/PH18/presentation_5113_1516612695.pdf

How to Find Yesterdays Date in Linux

The wrong way to find yesterdays date:

I had a command that was used to see if. It used some arithmetic operators to subtract 1 from the current day. That would give us yesterdays day which we could then use to check if a backup was created then.

day=$(date +%d) ; date=$(($day - 1)) ; echo "yesterday date is $date"

It worked great, unless you happened to be on the 8th or 9th of the month. Looks like bash is interpreting 08 and 09 in octal format. https://stackoverflow.com/questions/24777597/value-too-great-for-base-error-token-is-08

-bash: 08: value too great for base (error token is "08")

The better way

Fortunately there is an easier and more reliable way to do this. Using the date command, you can specify yesterday and it will print out yesterdays date.

date --date=yesterday +%d

Much easier to use.

Some more info.

https://www.cyberciti.biz/tips/linux-unix-get-yesterdays-tomorrows-date.html?cf_chl_captcha_tk=N9iBfod_b0qUxjB2jIGlETgiZ.JXSxGpLmvQ83CzBvY-1636407896-0-gaNycGzNBmU

https://stackoverflow.com/questions/18180581/subtract-days-from-a-date-in-bash

Linux commands for CPU, RAM and GPU info

Some helpful commands for showing hardware information on Linux.

Show memory speed

sudo dmidecode --type 17

Show CPU Frequency in MHz

cat /proc/cpuinfo | grep MHz

Show a bunch of system info with inxi, may need to install it.

inxi 

Another cool program is screenfetch. Gives a nice overview of system specs

sudo dnf install screenfetch

and run with

screenfetch

Decrypting Cambium router config passwords

In the cambium cloud you can retrieve a config from a router, modify it and reapply it or make a template from it. All the passwords are “encrypted” so you can’t read what the WiFi password is for example.

Example config line looks like

WPAPSK1=[c760ba8ffe65c669]

Looks like it uses some sort of des3 hex encryption.

Fortunately there is a utility on the routers we can use to decrypt the encrypted string.

First we need a router that we can SSH into.

Info on the encryption

The Cambium router uses the 3des_hex utility to decrypt and encrypt strings

It is located /sbin/3des_hex

Decrypting a password

Decrypting is super easy.

3des_hex -d "c760ba8ffe65c669"

Replace the key with the key you want to decrypt.

Encrypting a password

Not really sure if this would ever be needed, but you can use the -e option to encrypt a string

3des_hex -e "12345678"

More info.

It looks like it needs the lib file “/lib/libuClibc-0.9.33.2.so”

/sbin/3des_hex is where the main file is stored though.

The config_manager.sh script in /sbin has the functions that encrypt and decrypt the config lines.

TMP_FILE="/tmp/tmp_cfg"
TMP_FILE2="/tmp/tmp_cfg2"
TMP_FILE_DECRYPT="/tmp/tmp_cfg_decrypt"
TMP_MFK_FILE="/tmp/multi_function_key.cfg"
decrypt_key="asdfghjkl";
SNMP_DECRYPT_FILE="/etc/cambium/cambium_default.decrypt"
DotFactoryFile="/etc_ro/DoNotFactory.name"

# when security encrypt enable , decrypt.
handle_file_dec()
{
        local enc_enable=`dev_manage_stat_get has_config_enc`
        if [ "$enc_enable" != "1" ]; then
                return 0
        fi
        SecParamListFile="/etc_ro/ConfigFileSecParam"
        [ -x "/sbin/3des_hex" ] || return 0
        [ -f $SecParamListFile ] || return 0
        [ -z "$1" ] && return 1
        awk -F '=' 'ARGIND==1{pname[$0]}ARGIND>1&&($1 in pname){print $0}' $SecParamListFile $1 > $1.tmp
        awk '{if($0~/.+\=\[.*\]/){sub("\=","\|");print $0;}else{print $0}}' $1.tmp > $1.tmp1
        rm -f $1.tmp
        awk -F'|' '{if($2~/\[.*\]/){len=length($2);value=substr($2,2,len-2);while(("3des_hex -d \""value"\""|getline line)>0){printf("%s=%s\n",$1,line);}close("3des_hex -d \""value"\"");}else{print $0}}' $1.tmp1 > $1.tmp2
        rm -f $1.tmp1
        echo "" >> $1
        cat $1.tmp2 >> $1
        rm -f $1.tmp2
}

Unity Fails to Build iOS Game due to “LocationService” being used

Ran into an interesting problem while trying to compile a Unity project for iOS. It failed to build because

“LocationService class is used but Locations Usage Description is empty. App will not work on iOS 10+.
UnityEngine.GUIUtility:ProcessEvent (int,intptr,bool&)”

LocationService class is used but Locations Usage Description is empty

Well as far as I know there is not anything calling or requesting location services. I probably could have just put a reason for requesting the service under the build options in Project Settings. But why “use” something we don’t need?

Using the handy grep tool from a terminal, I was able to search through the project for “LocationService” and that returned a couple hits for files in the PlayMaker folder.

Looks like PlayMaker has a couple preconfigured “scripts” for Starting, Stopping, and Requesting Location.

Deleting the following four C# files resolved the error and it built fine afterwards.

GetLocationInfo
StopLocationServiceUpdates
StartLocationServiceUpdates
ProjectLocationToMap

You can find these files in your project under Assets > PlayMaker > Actions > Device