Group-Office auf all-inkl mit SSL-Proxy stellt für ihre Webspace-Kunden ein Installations-Tool bereit mit dem man die Groupware Group-Office ( mit einem Klick installieren kann.

Will man die Daten (email, Kalender, usw.) per HTTPS abrufen, kann man den kostenlosen SSL-Proxy von all-inkl nutzen. Dazu muss nur eine Subdomain angelegt werden die auf das Installations-Verzeichnis von Group-Office zeigt. Für die Subdomain muss der Radio-Button der Option SSL Proxy aktiv auf ja stehen.


Subdomain: (verweist auf
URL mit SSL-Proxy:

Beim Aufruf über die URL mit SSL-Proxy kommt es jetzt jedoch zu einem Fehler:

Could not load the application javascripts. Check the „host“ property in config.php and see if the „file_storage_path“ folder and it’s contents are writable.

Um diesen zu beheben müssen in der config.php (<Install-Verzeichniss>/config.php) nur zwei Zeilen verändert werden:


Automatische Umleitung zu HTTPS
Will man sich das tippen der etwas länglichen HTTPS-URL ersparen, kann man mit einer .htaccess-Datei und vier Zeilen eine einfache Umeleitung von der Subdomain erstellen:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-FORWARDED-SERVER} !^ssl-account\.com$ [NC]
RewriteRule ^(.*)${HTTP_HOST}/$1 [R=301,L]


Diese Zeilen werden in eine Datei namens .htaccess im Installations-Verzeichnis von Group-Office abgespeichert.

Weitere Infos:

My Firefox add-ons

Firefox Logo

Firefox Logo (Source:

Mainly a reminder for myself when I’m on a new system, but also my recommendations.
These are the categories right now:

  • Privacy and Anti-Advertisement
  • Browser Protection
  • Pentesting
  • Translation
  • Look ‘n Feel


Linux tool collection

Some nice linux software I use (so rarely that I’m afraid to forget them ;))

Look ’n feel

Conky (

Conky is a free, light-weight system monitor for X, that displays any information on your desktop. Conky is licensed under the GPL and runs on Linux and BSD.

File manager

Double Commander (

Double Commander is a cross platform open source file manager with two panels side by side. It is inspired by Total Commander and features some new ideas.


fwbackups (

fwbackups is a feature-rich user backup program that allows you to backup your documents anytime, anywhere. It is completely free to download and use without any sort of trial or restrictions. In fact, fwbackups is open-source, which means anybody can use, share it and improve it. If you would like to help develop or test fwbackups, see the developer’s page.


gscan2pdf (

Great tool for converting files into pdf and more. I like it for its compressing-features. gscan2pdf also saves the selected or all pages as a PDF, DjVu, TIFF, PNG, JPEG, PNM or GIF.

pdfmod (

You can reorder, rotate, and remove pages, export images from a document, edit the title, subject, author, and keywords, and combine documents via drag and drop.

small and fast pdf-viewer.

pdfchain (
(re-)combines pdf-files and single pages. This GUI is based on the powerful command-line tool pdftk.

…to be continued

NXP MiFare Chip – Präsentation



Meine Slides zum Thema MiFare Chips als pdf: MiFare Präsentation.

Die Präsentation ist auf 20 Minuten ausgelegt und enthält folgende Themen:

  • NXP MIFARE Portfolio
    • MIFARE Classic
    • MIFARE Ultralight
    • MIFARE DESFire
    • MIFARE Plus
  • MIFARE Classic im Detail
    •  Speicherlayout
    •  Access Control List (ACL)
    • Authentisierung
    • Pseudo Random Number Generator
    • Replay Angriffe
    • Der Algorithmus Crypto1
    • Brute Forece Angriffe
    • Relay Angriffe
    • Sonstige Schächen
    • MIFARE Classic Standard Keys
  • Quellenangaben

Momentan habe ich zu diesem Vortrag leider kein ausgearbeitetes Skrip. Aber meine (chaotischen) Notizen sind zumindest ein Anfang: MiFare Präsentation – Notizen

Cross Site Scripting – Präsentation

Meine fünf Minuten Präsentation, die das Thema Cross Site Scripting (XSS) kurz einführt:

Hier der Direktlink zu prezi:

Mit den Tools konnte ich relativ fix anschauliche Beispiele für eine Demo aufbauen:

Enigmail’s Pinentry: copy and paste problem

Using Enigmail to encrypt your emails with GnuPG (GPG) in combination with a password manager will give you a hard time.
Enigmail’s tool Pinentry, which is used to enter your passphrase for encryption, refuses to insert phrases from the clipboard.
So the usual way, copying the password from your manager to the input field, won’t work.

There is a solution for KeePass Password Safe version 1.x (and 2.x): Auto-Type.
Edit your GPG passphrase entry in KeePass and add the following two lines to the Notes field:
Auto-Type: {PASSWORD}
Auto-Type-Window: pinentry

When the Pinentry Window appears next time, trigger the KeePass Auto-Type function with: Ctrl + Alt + A.
Your KeePass Databes must be open and decrypted at this moment.
The shortcut can be changed in KeePass 1.x: Tools > Options > Advanced > Auto-Type.
If the shortcut doesn’t work or you don’t want to use it you can also right click your key in keepassx and hit „run autotype“.

I’m sure there is a similar (when not the same) way in KeePass 2.x, I just couldn’t test it yet.

Why is copy and paste blocked? The blocking protects you from attacks by (java) scripts reading and submitting the clipboard content.

For Linux users:
If the passwords, written by keepassx autotype function, keep getting rejected, keepass is probably using the wrong keyboard layout. You can test what autotype is writing by using a normal texteditor as target instead of the passwordfield which hides the input under the *stars*. I didn’t find a satisfying solution yet, but a workaround: set the layout to what you need it to be by typing:
setxkbmap XY
XY is the country code – for example de for germany.

Setting up a WPA(2) personal WLAN with netcfg and wpa_supplicant

…using Arch Linux with systemd

Make sure your the WLAN card-driver is running correctly:
Find the name of your WLAN interface:
ip link
Bring it up:
ip link set [wlan0] up

Install configuration tools:
pacman -S netcfg
pacman -S wireless_tools
pacman -S wpa_supplicant
pacman -S wpa_supplicant_gui

Generate a new fille /etc/wpa_supplicant.conf with the following two lines
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network

Add the users that should be allowed to login to WLANS to the group network:
gpasswd -a [user] network

Run the wpa_supplicant_gui to find your WLAN (scan button), configure it, enter your key, connect and safe (don’t forget to press save in the gui) the infos in /etc/wpa_supplicant.conf

Copy the example configuration from /etc/network.d/examples/wireless-wpa to /etc/network.d/[mynetwork] (wireless-wpa is the example for WPA(2) personal with PSK).
Make sure the INTERFACE paramter in the file is set correctly.

Add the netcfg unit to systemd in order to load the the profile (/etc/netwok.d/[mynetwork]) at boot.
systemctl enable netcfg@[mynetwork]

Or start it manually:
netcfg [mynetwork]
dhcpcd [NIC]

PS: If you want to find accesspoints without using a GUI:
iwlist wlan0 scan | less

Encrypt external HDD / flash drive with dm-crypt & LUKS

To encrypt the whole HDD or only one partition on an internal or external drive, there is always the same procedure. I have tested the following steps on an Arch Linux with systemd and GRUB2 running.

1. Find the correct device (eg. /dev/sdb1 as a second interal SATA-HDD):


2. Consider overwriting your old or even new device. Find some hints in the Arch wiki.

3. Create the partitions you need. If you want to encrypt the whole disk, create only one big partiton using the whole space.


or whatever you prefer.

4. Encrypt the partition using LUKS, for example with AES 256 bit keylength:

cryptsetup -c aes-xts-plain64 -y -s 512 luksFormat /dev/sdXY

5. Open it, so it will be in /dev/mapper/mycryptedhdd:

cryptsetup luksOpen /dev/sdXY mycryptedhdd

6. Set up a filesystem on it:

mkfs.ext4 /dev/mapper/mycryptedhdd

7. Test mounting:

mount /dev/mapper/mycryptedhdd /mnt/
df -h

8. umount and close container:

umount /mnt/
cryptsetup luksClose /dev/mapper/mycryptedhdd

Automount encrypted HDDs with LUKS on bootup

1. Add a new line in /etc/crypttab (man crypttab) to encrypt and open it under /dev/mapper/mycryptedhdd during bootup. (This equals the manual step 5 form above):

mycryptedhdd	UUID=00000000-0000-0000-0000-000000000000	none	tries=3

Field 1: Choose a name for your LUKS container
Field 2: Identify the disk / partition you want to open (find your UUID with: $ blkid /dev/sdXY, or enter the path like /dev/sdXY)
Field 3: Path to the keyfile, or „none“ if you only use passwords
Field 4: Write your password wrong this often

2. Add a new line in /etc/fstab (man fstab) to automatically mount the LUKS container generated by crypttab:

/dev/mapper/mycryptedhdd		/mnt/tv      ext4        defaults    0   2

Field 1: Path to the LUKS container you created with the crypttab
Field 2: Path to the folder you want your LUKS container to be mounted to (folders must exist)
Field 3: Used filesystem (the one you used above in step 6)
Field 4, 5, 6: rtfm (man fstab) or trust the values I used

3. That’s all. Consider using keyfiles or take a look at PasswordAgents if you start hating to type your password ;)

Windows 7 als Wireless Access Point / Repeater

Um unter Win 7 die WLAN-Verbindung mit anderen Geräten zu teilen (z.B. als Repeater-Funktion oder um den Zugriff auf einen Hotspot zu ermöglichen) muss ein virtueller Netzwerkadapter erzeugt werden.

Die Konfiguration der künftigen SSID und des passenden WPA2-Schlüssels passiert in einer Kommandozeile mit Admin-Rechten über:

netsh wlan set hostednetwork mode=allow ssid="CHANGE1" key="CHANGE2" keyUsage=persistent

Danach wird das Netz gestartet:

netsh wlan start hostednetwork

Unter Systemsteuerung\Netzwerk und Internet\Netzwerkverbindungen ist jetzt eine neue Drahtlosnetzwerkverbindung vom Typ Microsoft Virtual WiFi Adapter zu finden.

Der nächste Schritt ist die Freigabe des physikalisch vorhandenen Adapters für für Netzwerkzugriffe von außen. Dazu müssen per Rechtsklick die Eigenschaften des Adapters geöffnet und im Reiter Freigabe die Kästchen angehakt werden. Im Dropdown-Menü Heimnetzwerkverbindung wird der eben neu erstellte Virtual WiFi Adapter (Drahtlosnetzwerkverbindung #) ausgewählt.

Windows 7 als Repeater / Accesspoint einsetzen

WLAN-Adapter Freigabe

Dem auf auf DHCP konfigurierten Client wird beim connecten eine IP aus dem Bereich zugewiesen.

Infos über die gehosteten Netzwerke gibt es per:

netsh wlan show hostednetwork

Da der Virtual WiFi Miniport nach jedem Neustart erneut aktiviert werden muss habe ich mir folgende Befehle als Batch-Datei gespeichert:

netsh wlan set hostednetwork mode=allow ssid="CHANGE1" key="CHANGE2" keyUsage=persistent
netsh wlan start hostednetwork
netsh wlan show hostednetwork
timeout /T 15 > nul

Achtung diese muss ebenfalls mit Admin-Rechten ausgeführt werden.

Mehr Details über diese Funktion sind unter aderem im Microsoft Windows 7 Blog zu finden.

Arch Linux installation with full disk encryption using LVM, LUKS and GRUB2

This is gonna be a „quick“ walk-through on how to install Arch Linux with a nearly (/boot won’t be) fully encrypted HDD.
I have tested this guide with the archlinux-2012.09.07-dual.iso which uses systemV and archlinux-2012.10.06-dual.iso which was the first one using systemd, so this tutorial covers both init daemons.

Update: This article got translated to Swedish. Thx Sam!

The tutorials I found were all outdated or caused problems because of one of the following:

  • The former included Arch Linux Installation Framework (AIF) executed by /arch/setup is no longer included in the Arch Linux-isos, the command will only respond with: „no such file or directory“.
  • GRUB2 replaces GRUB legacy and needs to be configured differently.
  • The keyboard layout didn’t fit to mine so i got some problems entering my passphrase;)

Let’s start…

Arch Linux Logo

Arch Linux Logo from