Completed System

Completed System

Completed System

With regards to the requirements for the system my part spec was as follows:

• One large reservoir – I got an 80 litre orange bucket for about R100
• Arduino + Ethernet shield – pretty stock standard
• 4x 10K resistors – used for the sensors
• 4x ‘sensors’ – sensors setup as before, coiled wire (soldered if you can) and taped on
• 8x galvanised steel washers – used as the actual sensors
• 2x transistors - used for the relay setup
• 2x relays - I used LT-5GS’ for this to switch the pumps on and off
• 2x Diodes – used for my relay setup
• 2x Water pumps - I used two (1 per pot) honestly because it was cheaper, although not as elegant as having a electrical valves and a more intricate watering system, mine were the 1.5A 12V bilge pumps (about R150 each)
• 2x Water pump power supplies – Obviously used for the pumps power, I used some cheap power adapters that didn’t cost much
• 1x Arduino power supply - See http://www.arduino.cc/playground/Learning/WhatAdapter for more information
• Wires, Tape, Tv Series, Patience -  essential in setting this up :)

After getting the above its important to setup the environment:

Overall this shouldnt cost much, apart from the Arduino and Ethernet shield. The relays are about R10 each at electronics123 (thanks to schalk from H4H for picking one up for me).

So the system can be divded into a few easy parts:

1. 1. Sensors ( to measure soil moisture levels )
   2. Pump system (relays, diodes, transistors)
   3. Ethernet webserver (used to pull the stats as well as turn the pumps on and off)

Sensors:

As before in the previous post – http://andrewmohawk.com/2011/10/07/automated-gardening-moisture-sensor/ the sensors are pretty simple to setup. I went and got a ton of electrical wiring for the pumps and so on and i needed rather long leads for the pots so I just used that. Basic idea is to simply wire up the galvanized washers as below:

Galvanized Sensors

Galvanized Sensors

The basic idea with these sensors is to measure the resistance via a 10K resistor across two portions of the soil, I’ve stolen a very nice picture of the setup of these from the internets and is as follows:

Arduino Sensor Diagram

(If someone has the original for this please let me know and I will link).

Anyway, once you have the sensors setup, I built 4- 2 per plant so i could measure the soil moisture at the top and bottom of the pots, you can simply wire them in as the above diagram. I wired mine up to analog ports 0-3.

Pump system (relays, diodes, transistors)

So this is obviously the more exciting part for me, since I get to play with something that I can turn on and off and get a more real world experience out of my digital life :) I had a few discussions about it with the guys from house4hack.co.za and they suggested i setup the relay in a standard way which is as follows:

arduino-relayarduino-relay

Basically use your data line connected to one of the Arduino digital ports and your relay as above. The transistor now allows you to use digitalWrite to turn the pumps on or off. Below is a closer picture of the one relay in place with the other removed:

Relay

You can see the sensor setup on the left of the board, relay one in the middle and the missing relay on the right. You can see the transistor and diode setup as well.

When connecting the power, its also important to make sure that you have the adapters the right way round, just use a multimeter to check you know which is the positive and which is the negative wire. We only bridge the positive via the relay, the ground/negative we leave as is:

Web setup:

So now we have a relay setup and the sensors, its really just a case of putting two and two together. We need a simple web interface that can do the following:

1. Give us the readings for all 4 sensors
2. Be able to control both pumps (switching on and off)

Ideally the system i have in mind is not completely controlled by the arduino, but also has  a PC element to manage the water by the average soil moisture over time. Id want it to be customisable in a way that i can set the time period (say 2-6 hours) where it averages the soil moisture and determines if the pumps should be turned on or off. This is the reason I really want the webserver to essentially just spit out the values and offer me the ability to turn the pumps on and off.

Herewith is my Arduino Code:

//These includes are for the webduino addon for Arduino
#include "SPI.h"
#include "Ethernet.h"
#include "WebServer.h"

//Define the MAC and IP for our interface
static uint8_t mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
static uint8_t ip[] = { 192, 168, 1, 210 };
 
//Prefix
#define PREFIX "/"
WebServer webserver(PREFIX, 80);
 
//Define which digital ports are used for which pump (mine are ports 3 and 4)
#define pump1 3
#define pump2 4

//Variables used to indicate whether the pumps are on (1) or off (0)
static int relayPump1 = 0;
static int relayPump2 = 0;
 
//Variables used to store the moisture readings
int moisture_val1 = 0;
int moisture_val2 = 0;
int moisture_val3 = 0;
int moisture_val4 = 0;
 
//Variables used to store the analog ports used for the sensors (mine are 0-3)
int moisture_sensor1 = 0;
int moisture_sensor2 = 1;
int moisture_sensor3 = 2;
int moisture_sensor4 = 3;
 
//Toggles the first pump
void pumpOne(WebServer &server, WebServer::ConnectionType type, char *, bool)
{
  server.httpSuccess();
  if (type != WebServer::HEAD)
  {
    relayPump1 = !relayPump1;
    switchPumps();
  }
}
 
//Toggles the second pump
void pumpTwo(WebServer &server, WebServer::ConnectionType type, char *, bool)
{
  server.httpSuccess();
  if (type != WebServer::HEAD)
  {
    relayPump2 = !relayPump2;
    switchPumps();
  }
}
 
//List the statistics for the webserver
void getStats(WebServer &server, WebServer::ConnectionType type, char *, bool)
{
  server.httpSuccess();
  if (type != WebServer::HEAD)
  {
 
    moisture_val1 = analogRead(moisture_sensor1);
    moisture_val2 = analogRead(moisture_sensor2);
    moisture_val3 = analogRead(moisture_sensor3);
    moisture_val4 = analogRead(moisture_sensor4);
 
    server.print("Pump one: ");
    server.print(relayPump1);
    server.print("
Pump two: ");
    server.print(relayPump2);
    server.print("
Sensor 1: ");
    server.print(moisture_val1);
    server.print("
Sensor 2: ");
    server.print(moisture_val2);
    server.print("
Sensor 3: ");
    server.print(moisture_val3);
    server.print("
Sensor 4: ");
    server.print(moisture_val4); 
 
  }
}
 
//Main loop
void loop()
{
 
  /* process incoming connections one at a time forever */
  webserver.processConnection();
}
 
//switch the pumps
int switchPumps()
{
	if(relayPump1 == 1)
	{
	  digitalWrite(pump1,HIGH);
	  //Serial.println("Pump1 Activated");
	}
	else if(relayPump1 == 0)
	{
	  digitalWrite(pump1,LOW);
	  //Serial.println("Pump1 De-Activated");
	}
 
	if(relayPump2 == 1)
	{
	  digitalWrite(pump2,HIGH);
	  //Serial.println("Pump2 Activated");
	}
	else if(relayPump2 == 0)
	{
	  digitalWrite(pump2,LOW);
	  //Serial.println("Pump2 De-Activated");
	}
 
	return 0;
}
 
//Setup the server - switch the pumps to OUTPUT
void setup()
{
  pinMode(pump1,OUTPUT);
  pinMode(pump2,OUTPUT);
 
  Ethernet.begin(mac, ip);
  webserver.setDefaultCommand(&getStats);
  webserver.addCommand("pumpOne", &pumpOne);
  webserver.addCommand("pumpTwo", &pumpTwo);
  webserver.addCommand("stats", &getStats);
 
  /* start the webserver */
  webserver.begin();
 
}

Completion:

Once I’d completed the above sensors and arduino’s, I popped them into the waterproof container and was good to go with my final testing environment and container:

However my ethernet shield seems to have overheated and popped itself and the arduino, so I will need to get a replacement for them (feel free to donate me yours :D). Once i have this I will definitely include the server side code to manage the watering and web interface as well.

-AM

What i wanted was:

What I got was:

So recently I was playing with my arduino and thinking about this, and got the idea to try and create an automated gardening system where my plants where automatically given water/light/etc without me having to worry about it. There are some fantastic resources online like http://www.instructables.com/id/Garduino-Gardening-Arduino/ and http://makeprojects.com/Project/Garduino-Geek-Gardening/62/1.

I began planning something i’d want, and ideally it would have to be this:

• Moisture control for water
• Water pump to water them
• Light sensors for Lights and LEDs (red and blue for optimal growth)
• Humidity to keep my plants cosy
• Interface via LCD/Web to see how things are doing (if more water is needed etc)
• Solar panel to allow the system to be completely stand alone

I looked at some of the things and it appears that the solar panel wont be powerful enough to power the relay for the pump as well as the LEDs, so thats out initially till i find a better plan. And I think that the LEDs can be avoided for now with me probably going to have this thing outside.

First things first, i decided to look at the moisture sensor, since thats what i’d initially need to make the water system work. Basically it checks the moisture levels in the soil and if the soil is too dry it will need to either turn on a water pump or change a valve or something to let the water flow. So i started looking around and you can buy moisture sensors for a few hundred bucks, but ACTUALLY they just measure resistance in soil so you can easily do this with a 2 pieces of wire, a resistor and some nuts (although these may not be required):

Basic Requirements

After this just strip either end of the wire and coil one side round one of the nuts (its essentially our ‘sensor’), you will need two pieces per sensor. Basically looks like this:

Next you want to connect this to the Arduino. One ‘sensor’ is connected to your 5V source. The other ‘sensor’ is connected to one side of the resistor along with a line to an analog port. The other side of the sensor is merely connected to the ground of the Arduino.

You can then read the resistence by simply doing something like: soilMoisture = analogRead(0) if it was connected to analog port 0.

Heres a video I made of a single sensor, and you can see the value changing as I pour water into the pot:

Of course just 1 sensor is cool, but we can do better, we can place 3 sensors at different levels of the pot and monitor the changes in resistence as the water trickles down to the roots, I also have an LCD connected to mine as you saw in the previous video to watch the changes. Here is the a 3 sensor system to watch the water adding resistance at depths.

3 Sensor Setup

And finally a video of it working:

Also the code for this for my Arduino:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

#include <LiquidCrystal.h>
LiquidCrystal lcd(12, 11, 5, 4, 3, 2);
 
int moisture_val1 = 0;
int moisture_val2 = 0;
int moisture_val3 = 0;
 
int moisture_sensor1 = 0;
int moisture_sensor2 = 1;
int moisture_sensor3 = 2;
 
String moistureString = "";
 
void setup() {
  // set up the LCD's number of columns and rows: 
   lcd.begin(16, 2);
}
 
void loop() {
  lcd.clear();
  lcd.print("Soil Sensor:");
  lcd.setCursor(0, 1);
  moisture_val1 = analogRead(moisture_sensor1);
  moisture_val2 = analogRead(moisture_sensor2);
  moisture_val3 = analogRead(moisture_sensor3);
 
  moistureString = "";
  moistureString = moisture_val1;
  moistureString = moistureString + "/";
  moistureString = moistureString + moisture_val2;
  moistureString = moistureString + "/";
  moistureString = moistureString + moisture_val3;
  moistureString = moistureString;
 
  lcd.print(moistureString);
  delay(1000);
}

Cheers,
Andrew

UPDATE

Decided to go with the Spy badges, what do you think?

Sorry guys, I noticed that I haven’t been getting any pasteLert updates, and i just realised why (see above picture for my reaction).

Change line 4 in truncPastes.php from:

mysql_query(“truncate pastebin”);

To:

mysql_query(“delete from pastebin”);

Explanation:

Truncate automatically resets the auto-incrementing IDs so that when the table was truncated pastes started from ID 0 again, which when checked against what the last ID sent to the user was obviously lower. Sorry for the headache, to fix it, apply the above then run:

update alerts set LastID = 0;

Mah bad,
-AM

Archive for pasteLert

So i finally got round to putting the source together and writing this out. We’ve been really busy with Blackhat training at work and so on and i’m generally just lazy. Also releasing now mostly because the mysql database on my linode keeps crashing, its just too small a box to keep *all* pastebin entries. The code is messy, so expect arb/no commenting but its pretty straight forward, feel free to shoot through any questions you have. Also i messaged pastebin to see if they’d implement something like this or let me do it, but i didnt get any responses to any of the messages :(

Anyway, here is the basic rundown:

• Setup your mysql, create a database ‘pastebin’ – Google will give you this info :D
• Drop the structure in, its in the archive as pastebinStructure.sql. mysql -u root -p pastebin < pastebinStructure.sql
• Extract the archive to its own directory in your webroot, preferably ‘pasteLert’ :)
• Change the setdb.php file to your mysql details. Edit alerts.php to include your email and location information rather than mine
• Setup the crons as below

Crons:

Basically there are 4 cron jobs that you need to add:

• pullPastebin.php – this will go to http://www.pastebin.com/archive.php and get the pasteIDs and add them to `pastebin`.`pastebin`, I generally run this every 2 minutes and my cron looks like this:
  • */2 * * * * php /var/www/html/andrewmohawk.com/pasteLert/pullPastebin.php
• pullPastes.php – this script then goes and pulls each paste with a random delay between 0-5 seconds (see line 14 if you want to change that). I generally let this run every 10 minutes and looks as follows:
  • */10 * * * * php /var/www/html/andrewmohawk.com/pasteLert/pullPastes.php
• sendAlerts.php – this script sends out the alerts via email, this is really up to you, obviously as close to 10 minutes means its as close to when you have the data, mines at 15 mins:
  • */15 * * * * php /var/www/html/andrewmohawk.com/pasteLert/sendAlerts.php

Cron Part 2!
So the reason my box was falling over was that every day i’d push all the pastebin’s from that day into another table (pastebinOldData). Essentially i have now changed mine to stop doing this and rather truncated the daily log instead of saving the data.  You however hopefully have a bigger box and can store all the data, or you can always just truncate the data, so you need to pick one of the two files, either truncPastes.php or rotatePastes.php.

Truncate:
0 1 * * * php /var/www/html/andrewmohawk.com/pasteLert/truncPastes.php

Rotate:
0 1 * * * php /var/www/html/andrewmohawk.com/pasteLert/rotatePastes.php

I think that pretty much covers it, feel free to mail in what you are looking for if you need any help.

Kthnx,
Andrew

Hey guys,

So here is my latest project, extending from the previous pasteScraper to do something a little different with the pastebins. Essentially i recreated google alerts but with a bit more searchiness (yes, i make up words now too).

How it Works

• I enumerate all new pastes from http://www.pastebin.com/archive/ every minute and add them to a ‘download’ queue.
• New pastes are then downloaded to a local database
• Alerts are periodically cron’d
• Search functionality is via a fulltext search of pastes

What does it give me?

• The ability to search for *anything* on pastebin.com
• Semi-realtime searches
• Email alerts when your term is hit!
• RSS feeds for searches
• The ability to search with AND keywords in pastebins

How it is all going to fall apart

I dont really see this as a long term project, merely something that shows a PoC for how much stuff is leaking out via PasteBin.com and how cool it really is. Some issues i see that may happen with this:

• People will switch to more secure pastebins that don’t allow indexing, don’t have archive pages and arent indexed by search engines
• My small linode will fall to pieces because the fulltext like queries are painfull
• Pastebin.com will not be impressed with me doing this and start blocking it

Linkage

http://andrewmohawk.com/pasteLert/, feel free to play/comment/etc :)

-AM

p.s. Thanks to Chris Hadnagy and Roelof Temmingh :D

“Oh why andrew, why?” you might say, but as I shrug, this was not my fault. So a while back Samy Kamkar produced his geolocation proof of concept code which works awesomely at being able to take an AP MAC Address to GPS Co-ordinates. Sadly now however Google location services seem to be broken at the moment with both Samy’s and my code being horribly broken with the results either being the same GPS Co-ordinates or 0,0.

This happened of course only *after* i had completed my app (had to do multithreading and slap a design on it) .

But anyway, here is the basic idea of it:

• Recieve in a NON GPSd airodump-ng csv file
• Parse out all of the AP MAC Addresses
• Take these to GPS co-ordinates to street addresses via opennominatim
• Return this response either as a KML file (plotted on google earth)
• OR as a text file to simply display the results

So anyway, you can have a look at the application over at http://andrewmohawk.com/airodumpvsgeo/ . Currently still in my shite naming ‘convention’ this one is called “AirodumpvsGEO”.

-AM

So i popped off a mail to yahoo to ask how i could get a key to share and they basically said i can just use mine. So i quickly repackaged the pasteScraper with my key so now its as simple as extracting the zip in your webroot directory and browsing to it :)

Get the new one here

Of course you can still use the one on my site over at http://www.andrewmohawk.com/pasteScrape/

Enjoy!
-AM

So last week some time Chris Hadnagy linked me to the following URL: http://info.vmware.com/content/opt-out which was pretty interesting last week. Basically it allowed someone to full in their email address to manage their VMWare subscriptions, i noticed a couple of things from the next pages:

• The fields auto populated with details like Name, Phone Number etc (i know, without auth and only an email address – worriedface)
• Another tab became available that allowed you to update your details – again, no auth, scary

So i whipped out the good old firebug and started looking through the ajax calls till i came across this little gem:

http://now.eloqua.com/visitor/v200/svrGP.aspx?pps=50&amp;siteid=524&amp;DLKey=<strong>&lt;sessionkey&gt;</strong>&amp;DLLookup=%3CC_EmailAddress%3E<strong>&lt;email_address&gt;</strong>%3C/C_EmailAddress%3E&amp;ms=59

and the resulting page looked something like:

function GetElqContentPersonalizationValue(strDataField)
{
var strTemp = '';
//alert('Data Field: ' + strDataField);
if(strDataField == 'C_EmailAddress' || strDataField == 'EmailAddress')
{strTemp = 'andrewmohawk\x40gmail.com';}
if(strDataField == 'C_FirstName' || strDataField == 'FirstName')
{strTemp = 'Andrew';}
if(strDataField == 'C_LastName' || strDataField == 'LastName')
{strTemp = 'MacPherson';}

Yeah, great info straight in that.. EEEK! So being the script kiddie (seriously, scripting languages FTW) i wrote a tiny PHP application to pull this info and display.

However the issue was that if you could update someones account, then you could simply change their email address, do a password reset and gain access to a commercial account giving people access to software that someone else paid loads for — this isnt cool so i didnt put the link out. However this week VMWare have removed the update page and the auto-populating fields — yet my scraper still works so i figured i’d put it out.

I’ve specifically left out the sessionkey to make it at least not a trivial cut and paste to get info yourself since it may still be possible to update from that code.

Just another leak i guess. But if anyone has any other links/ideas/stuff for me to play with, contact form’s on the left :)

Cheers,
Andrew

Click here to search the VMWare user database!

Basically, go to http://www.andrewmohawk.com/pasteScrape/ and try some of these:

1. “gmail/facebook Password” – free facebook/gmail/whatever accounts
2. “rbot” – find rbot config files, including the passwords and the irc network that it connects to, ie, if you have an irc client you get a free botnet
3. “enable password” – Cisco goodness
4. “BEGIN PGP” – pgp keys anyone?
5. “DB_PASSWORD” – loads of database passwords
6. “Shellcode” or “Exploit”

You get the idea :)

Enjoy my readme  after the break :D
INDEX
————-
1 // What is PasteBinScraper?
2 // How does it work?
3 // How do i use it?
4 // How do i install?
5 // Extending
6 // TODO
7 // Thanks

1. What is PasteBinScraper
—————————
Originally concieved as a method to enumerate various pastebins (slexy,pastie,pastebin,gisthub) as a response to corelans
pastenum – http://www.corelan.be/index.php/2011/03/22/pastenum-pastebinpastie-enumeration-tool/, its changed slightly to a more general enumerator.
Pastenum is a ruby application that runs client side to enumerate various bins, this just took it a bit further by putting it in a web application
as mine kept crashing trying to load the previous results.

Think of it as a means of searching various pastebins for information.

Pro Tip:
Try “facebook password”,”gmail password”,”password enable”,”scada”,etc

2. How does it work?
———————
PasteBinScraper works in one of two ways:

Using Yahoo!BOSS Search API:
Basically does <term> site:<site> and returns all the results with highlighting of the phrases.
eg. go to yahoo, and search for “DB_PASSWORD site:pastebin.com”

Using Cusom Scraping Scripts:
At the moment i’ve just included a basic (read ugly, badly coded) script to enumerate pastie.org (i did speak to the owner to ask if it was alright!),
essentially the frontend simply calls the script and returns the results under one of the tabs. It calls the script with a ‘q’ GET parameter so something like

http://<server>/libs/myscript.php?q=Search+Term

These scripts are all located in the libs/ directory under the root.

3. How do i use it?
——————-
Err, type in a phrase top right and click search :D The tabs will show which have loaded and once you see the ‘show’ button you can simply click on it
to view the results :)

4. How do i install?
——————–
Pretty simple, pull the archive from wherever (not sure where it will be hosted at time of writing this) and extract it to somewhere within your
webservers (apache/iis/etc) webroot… something like /var/www/PasteBin/

Next change your config file (libs/config.php) and add the yahoo API key (get it at http://developer.yahoo.com/search/boss/ – its free!)
^ its line 14 :)

You can then simply browse to it and go :)

For it to work you will need a webserver that has php, php5-curl and you may want to change the ‘memory_limit =’ field in your php.ini to something like
memory_limit = 128MB. This is because the multi-threaded requests take a bit of mem :)

If you are on ubuntu basically its:
sudo apt-get install apache2 php5 libapache2-mod-php5 php5-curl
(but most hosts should have this)

5. Extending
—————
Extending is a relatively simple process whereby you either add a site, or you add a custom script.

Within libs/config.php you will see two arrays under the pastebin section:

/* PasteBin Section
--------------------
Please note there needs to be the same number of identifiers as types... *duh*
*/
$PasteBin_Identifiers = array(
"Pastie.org",
"Pastebin.com",
"Codepad.org",
"Slexy.org"
);
 
//Types can either be 'yahoo' (for doing term site:identifier) or a custom script, like 'mypastie.php'
$PasteBin_Types = array(
"pastie.php",
"yahoo",
"yahoo",
"yahoo",
);

Basically you want to add to both of these to extend it. $PasteBin_Identifiers is an array of the sites to enumerate and $PasteBin_Types defines the method.
For the types you can set it as a specific script (which you need to put in libs/) such as ‘pastie.php’ in the default application. Alternatively you can use
the keyword “yahoo” to tell the app to use a search engine.

So with the above definitions if i wanted to add gist.github.com to search aswell and i didnt want to code anything i would change them as follows:

Before:
——-

$PasteBin_Identifiers = array(
"Pastie.org",
"Pastebin.com",
"Codepad.org",
"Slexy.org"
);
$PasteBin_Types = array(
"pastie.php",
"yahoo",
"yahoo",
"yahoo"
);

After:
——

$PasteBin_Identifiers = array(
"Pastie.org",
"Pastebin.com",
"Codepad.org",
"Slexy.org",
"gist.github.com"
);
$PasteBin_Types = array(
"pastie.php",
"yahoo",
"yahoo",
"yahoo",
"yahoo"
);

BAM! now refresh the interface and you will notice it updated and now has a new tab – with just 2 lines added! :)

Alternatively if you wanted to code something up you would place your script in the libs/ directory and then change it to the following:
Before:
——-

$PasteBin_Identifiers = array(
"Pastie.org",
"Pastebin.com",
"Codepad.org",
"Slexy.org"
);
$PasteBin_Types = array(
"pastie.php",
"yahoo",
"yahoo",
"yahoo"
);

After:
——

$PasteBin_Identifiers = array(
"Pastie.org",
"Pastebin.com",
"Codepad.org",
"Slexy.org",
"gist.github.com"
);
$PasteBin_Types = array(
"pastie.php",
"yahoo",
"yahoo",
"yahoo",
"my_gist_script.php"
);

again, BAM! etc etc

6. TODO

——–

6.1 The app definitely needs to be checked for anything dodgy (xss etc). (if you find it, PLEASE dont own my box, i will cry.)

6.2 ‘API’ functionality — something to just change the output to be xml so that other applications can use it (although they have the code anyway -shrug-)

6.3 Rework the code into a real framework (but im lazy and just like coding PoC stuff)

6.4 Suggestions?

7. Thanks

———–

Just wanna say thanks to the corelan guys for getting me off my ass and doing something else (hey 2 days is better than 0).

Thanks for the motivation from nullthreat,corelanc0d3r,ekse,singe,etc. Josh from pastie.org for giving me the A-OK etc.

If theres any changes/stuff/hatemail feel free to mail me (andrew@andrewmohawk.com) or @andrewmohawk.

Payments in alchoholic beverage form, attractive females and other will be considered.