MSX on Internet... via Wifi, 2019 edition

Page 1/2
| 2

By konamiman

Paragon (1044)

konamiman's picture

20-08-2019, 09:08

Back in 2011 I published a post in which I explained how I got Internet on my MSX via WiFi, by using an ObsoNET and a router with wireless access point capabilities. Here's an updated version, using smaller and cheaper hardware, and the story of how I got there.

I've been recently to Osaka for holidays, and one of the typical tourist activities I do when I'm there is to visit electronics shops, of course. And that's what catched my eye this time in one of these:

https://www.dropbox.com/s/ubn94pcjh2dv60j/PiZeroStarterKit.jpg?raw=1

Yep, a Raspberry Pi Zero W starter kit, complete with power source, OTG cable, SD card with Rapsbian and a nice case. Then a weird idea crossed my mind: couldn't I just connect this thing to my MSX using an Ethernet cable, and then magically get Internet access via WiFi, and perhaps even somehow (hint: stunnel) get support for TLS connections in the process? Not yet knowing the answer to these questions I bought the thing, you know, before I could give myself the opportunity to change my mind.

Only after making the purchase I discovered that it wasn't going to be that easy.

  • The Pi Zero doesn't have any Ethernet port. Duh! No problem, USB adapters exist and are cheap (4€ in eBay for example).
  • You can't just connect a thing via Ethernet and magically have that thing use the Pi's WiFi for internetworking. Some configuration is needed (DHCP and IP tables, basically).
  • stunnel does a great job at providing indirect support for TLS, and I used that trick in the past for MSX Trivial Dropbox. But it's a cumbersome process since you need to configure each and every site you want to TLS-access in stunnel, assigning them custom port numbers; and you need to connect to the stunnel machine IP on those custom ports, instead of the real servers you want to connect to, from the MSX. I discovered that the SOCKS protocol, supported by stunnel, would be a great way to improve this and allow transparent TLs support (from the point of view of the MSX); but that came with a catch too.

The obvious problem with the stunnel+SOCKS approach was that I needed to modify InterNestor Lite to support SOCKS. Not a big deal. But there was another not-so-obvious problem: the official stunnel doesn't support SOCKS the way I needed. What it does is to use TLS to encrypt the connection with the client (the MSX in this case), and connect to the server (with the TLS enforcing service) using plain TCP. I needed exactly the opposite.

However I really wanted to do the thing. So I began to work, and in a little less than two months I managed to:

  1. Research and learn how to configure a Raspberry Pi as an Ethernet-to-WiFi bridge.
  2. Add support for SOCKS to InterNestor Lite.
  3. Issue a pull request for stunnel (which luckily is written in plain C!) so that it supports SOCKS+TLS the way I needed.
  4. Compile that custom stunnel for the Raspberry Pi (yeah, that was a feat on itself!)

The result is the new version of InterNestor you all know and a document explaining how to configure the Pi.

This is my proof-of-concept setup, the cable that goes out of the picture is powering the Pi. Yes, I know, the table is not especially clean, I'm sorry.

https://www.dropbox.com/s/vcxzhvyh3tp3ktt/HardwareSetup.jpg?raw=1

That's what happens when I try to retrieve the main page of konamiman.com.

https://www.dropbox.com/s/h5se7argnpbtoka/NoHTTPS.jpg?raw=1

As you see, it works... except that konamiman.com is an https-only site (I didn't want modern browsers to flag my site as "dangerous") and so it's requesting a redirection to the HTTPS endpoint, something that InterNestor doesn't support out of the box.

Except... if we do this little weird trick:

https://www.dropbox.com/s/d0uc4xqga6h7bs8/ConfiguringSOCKS.jpg?raw=1

With this I'm instructing InterNestor to act as a SOCKS client for TLS connections, using the Pi as the SOCKS server. And with this...

https://www.dropbox.com/s/v78a2tlrbbjjkh9/HasHTTPS.jpg?raw=1

And boom! Tricky and cheaty and whatever you want to call it, but that's it: Internet via WiFi and with TLS support using a plain old ObsoNET, and without any need to configure and use ad-hoc endpoints in stunnel. How cool is that?

BONUS TRACK

In the original 2011 post I included a picture of the younger Konamiboy wondering what that thing with a stick and buttons was. That's how he looks nowadays. He looks somewhat... different, I wonder why.

https://www.dropbox.com/s/ib2cqwnbmlmkgpr/Telemachote.jpg?raw=1

Login or register to post comments

By OeiOeiVogeltje

Paragon (1309)

OeiOeiVogeltje's picture

20-08-2019, 12:45

isnt this a similar thingy?

By konamiman

Paragon (1044)

konamiman's picture

20-08-2019, 13:29

OeiOeiVogeltje wrote:

isnt this a similar thingy?

Not exactly. In MSXPi the MSX and the Pi communicate directly via Pi's I/O pins, while my thing is just an out-of-the-box Pi connected to the MSX via Ethernet. Using MSXPi for networking would require a custom TCP/IP UNAPI implementation, but on the other hand, MSXPi provides of course much more possibilities besides networking.

By sdsnatcher73

Hero (641)

sdsnatcher73's picture

20-08-2019, 17:25

Hi konamiman, just wondering but couldn’t someone just run stunnel on a local server (instead of the Pi)? It seems all InterNestor needs is IP connectivity to the socks server. Sure you don’t have WiFi then, but still...

By konamiman

Paragon (1044)

konamiman's picture

21-08-2019, 10:31

Sure thing! I forgot to mention it, but if you look at the documentation git you'll see that there's a stunnel_x64 file, that's the modified stunnel compiled for Linux PCs.

Also, you can use stunnel acting as a SOCKS server for non-TLS connection by adding this to stunnel configuration file:

[socks_server]
protocol = socks
accept = 1081
PSKsecrets = /home/pi/stunnel.secrets

[socks_server_non_ssl_endpoint]
client = yes
accept = 1080
connect =  localhost:1081
PSKSecrets = /home/pi/stunnel.secrets

then running this in your MSX:

inl tcp x1 <PC IP>:1080

By edoz

Prophet (2179)

edoz's picture

21-08-2019, 20:40

Nice story! And thank you for sharing! It is a very nice solution for this. Currently i am working on a email client and having the same issues with encryption. There are no unsecured emails server anymore on the net. And if you install one your provider is seeing you as a spammer or hacker. Unfortunately i do it in SymbOS where i have no access to your library. I tried stunnel solution as wel but i never got it working. Your network stack is just so cool! To bad im totally into SymbOS.

By Louthrax

Prophet (2093)

Louthrax's picture

21-08-2019, 21:02

Hi Konamiman,

Have you been able to identify the part of code that performs the cryptographic (and to slow for MSX) computations during your researches ?

If that's C code, I'd like to know how much time it would take on a real MSX machine ? Maybe on turboR, using hardware MUL/DIV, it would not be so long ?

Just curious !

By konamiman

Paragon (1044)

konamiman's picture

22-08-2019, 10:29

I don't remember the details but the offending part was the calculation of modulo operations between insanely big numbers. I found an implementation in C and managed to modify it to compile for Z80, then triggered a test run... and gave up after waiting for like 10 minutes. I don't think that implementing it in pure assembler or using the R800 instructions would make any difference for practical purposes. And trust me, I'd love to be proven wrong. Smile

By Grauw

Ascended (8507)

Grauw's picture

22-08-2019, 14:12

Neat stuff Konamiman!

Regarding performance of crypto; decryption happens real-time on PCs and mobile platforms. The algorithms are designed to perform sufficiently well to be usable in real time with many active connections, nowadays transferring megabytes of data per second. Even considering more modern CPU speeds, 10+ minutes seems too much, so I’m also curious about it Smile. (It seems you issued a challenge!)

My light understanding of TLS is that the initial key exchange uses a (slow) asymmetric cipher, and the data transfer uses a (faster) symmetric cipher. I assume here you were referring to the key exchange, right?

By Louthrax

Prophet (2093)

Louthrax's picture

22-08-2019, 16:24

Yes, this looks like a super cool end-of-summer challenge (even more if the heavy computation is done only once) !

Konamiman, I'm sure you'd have many people interested by investigating that (at least me). And who knows, MSX could be the first 8bit machine natively doing TLS communication (even if that's super slow) ?

We would just need the C function in question (or only its prototype and what it's supposed to do).

By Louthrax

Prophet (2093)

Louthrax's picture

22-08-2019, 16:28

konamiman wrote:

In the original 2011 post I included a picture of the younger Konamiboy wondering what that thing with a stick and buttons was. That's how he looks nowadays. He looks somewhat... different, I wonder why.
https://www.dropbox.com/s/ib2cqwnbmlmkgpr/Telemachote.jpg?raw=1

He's wearing SOCKS ;) ?

Page 1/2
| 2