Recounting Recent: Lucid Flight

Lucid Dreaming app for Android

Lucid Flight is an android app I wrote in Kotlin to assist in lucid dreaming. I’m working on an iOS version in swift and plan to add both to their stores once leisure allows some refinement. The source code is private so the following shows functionality and demonstrates concept.

Lucid Flight app icon | Flying after ‘waking up’ is a quintessential lucid dream

Lucid dreaming has become pretty well known recently but to briefly summarize, it is realizing that you are dreaming while you are dreaming. Given that we sleep for about one third of our lives, gaining the ability to be conscious during our sleep greatly lengthens and enriches our lives. Lucid dream research and scholarship continues being published.

LaBerge, Stephen, et al. “Lucid Dreaming: Physiological Correlates of Consciousness during REM Sleep.” The Journal of Mind and Behavior, vol. 7, no. 2/3, 1986, pp. 251–258. JSTOR, Accessed 22 May 2020.

The benefits of lucid dreaming are far vaster than I want to go into here but suffice it to say that it is awesome, in the literal sense of the word. I chose the name and icon because flying once lucid is one of the most common and most exhilarating experiences.

simple animated vector graphic for load screen

All the incomplete lucid dreaming devices of recent years inspired me to create this. Several have gained full funding on Kickstarter and similar platforms and never released a product. Starting at $200+ dollars makes them cost prohibitive to many as well. Better to use the phone and (hopefully) fitness tracker we already have.

Basically they are masks or devices that take readings from your body in order to determine when you enter the dream stage of sleep. The devices then trigger signals to your dreaming body that you can learn to recognize within the dream state and use as cues to realize you are dreaming.

“[…] dreaming can be viewed as the special case of perception without the constraints of external sensory input. Conversely, perception can be viewed as the special case of dreaming constrained by sensory input.” -Stephen LaBerge

Integration with google fit api’s heart rate data provides data for the apps prediction of REM entry

Some of the Lucid Dream devices use EEG brain signals, some watch for eye movement with sensors over the eyes. Lucid flight predicts REM with heart rate data. Ouraring has an image showing precisely how in their article on heart rate while sleeping.

Resting heart rate curve

Ouraring ignores the sharp peaks in sleeping heart rate for this curves abstraction but the sharp peaks are exactly what lucid flight looks for. Spikes in heart rate are from entry into dreams.

The strategy is to predict REM then signal the sleeper they’re dreaming but not so loud it wakes them completely. Most use lights and some also use sound. The app allows users to customize their dream alarm. The highly customizable alarm allows users to find the sweep spot between waking and being easily recognizable within dreams. Like how shining a flashlight on a dreamers face can trigger the appearance of an oncoming train if it doesn’t wake them.

Heart rate data is in a scrolling view above min, mean, and max for testing adjustments to the REM prediction algorithm.

The middle toggle activates dream detection mode. The bottom three toggles control whether the alarm strobes the flashlight and screen brightness, plays a recorded sound or default tone, and third whether the alarm causes vibration.

Options allow users to record a custom message which the alarm plays back. As well as changing alarm length and previewing the alarm.

Lucid dreaming is very difficult for most people and learning to recognize dream signals while you are dreaming is hard. Nonetheless, having some software and hardware’s help can seriously accelerate the learning curve.

The biggest predictor of successful lucidity is a strong motivation to learn. To that end the app home screen displays inspirational messages about lucid dreaming.

TEA – tiny algorithm but done with big heart

This is an implementation of the tiny encryption algorithm written in python for a computer and network security class. Our professor had specific rudimentary requirements for how it was to be implemented. I expanded upon the assignment by including testing and extra functionality then refactored. The code is public on my github.

This post is somewhat technical but I will explain everything simply for anyone unfamiliar with the concepts. I will introduce and then explain so bear with me if this looks like gibberish at first.

The tiny encryption algorithm is one of the simplest serious block encryption algorithms. The algorithm works on 64 bit blocks of plain text at a time using a 128 bit key. In the diagram above the plain text is divided into two 32 bit blocks L0 and R0 and the 128 bit key is divided into four 32 bit blocks K0-K3. The formula is represented below.

The Encryption uses repeated application of the pair of rounds shown in the diagram above, defined here for rounds i and i+1 starting with i=1
δ Delta is a predetermined constant
田 denotes addition-mod-232
⊕ denotes XOR (exclusive or)
>> denotes logical shift in given direction

All of the variables are declared as unsigned 32-bit integers, I do this in python by importing c_uint32 from ctypes library. An unsigned 32-bit integer is a binary number with 32 places for 1’s or 0’s and is always positive. The program takes input in hexadecimal base 16 format which extends 0-9 with letters A-F. Meaning F in hexadecimal equals 15 in our standard base 10 and 1111 in base 2 binary.

Hexadecimal is much easier for us humans to deal with because rather than having to write each place (bit) as a 1 or 0 we can represent 4 binary places (4 bits) at a time with 1 hexadecimal digit. This allows us to represent ‘10011111111101010111100111100101’ as 9FF579E5. Convention is to write hexadecimal with a prefixed ‘0x’ so 0x9FF579E5.

A logical shift, >> in the formula as well as within the code, is a bit-wise operation that shifts all of the bits of its operand. This means that all of the places (bits) of a number in binary are shifted.

example of logical shift left by 1 from Wikipedia

Addition-mod-232 means that the values are added together and then divided by 232 and the remainder is the result. Another way of thinking about this is that the two values are added together and if they are more than 232 then 232 is subtracted from the total for the result. The processor performs this differently with overflow and wrapping but this is a simple way to represent the math.

XOR, exclusive or, is represented in the formula as ⊕ and within the code by ^ the caret. XOR is a binary operation that compares bit to corresponding bit and the result evaluates to 1 only if exactly one of the bits is a 1. This means the result is 1 only if one of the bits ‘or’ the other is 1 but not if both are 1. I am reiterating this to differentiate it from the usual logical ‘or’ where it is also 1 if both values are 1.

My implementation is verbose in order to try and grok the algorithm. The assignment was to write a program to perform one pair of encryption rounds and to then decrypt the 64 bit ciphertext which after one pair of rounds is L2 and R2 in the diagram. Also recall that K0-K3 are 32-bit blocks of the 128-bit key.

If not familiar with grok, it is a fantastic term. From Robert A. Heinlein's book Stranger in a Strange Land,

'Grok' means to understand so thoroughly that the observer becomes a part of the observed —to merge, blend, intermarry, lose identity in group experience.

Looking again at the diagram, the first step after getting input and setting up all of the variables is to determine L1 and R1. Following the directional arrows we start by taking R0 into three branches and performing a logical shift left by 4 on one and a logical shift right by 5 on another. The logical shift left branch is then added using addition-mod-232 with K0 and the right branch with K1. The third R0 is also added-mod-232 with Delta1. All three branches are then XOR’ed and the result is added-mod-232 to L0 for the value of R1. L1 is an unchanged R0.

Delta is a predetermined constant. In practice it would usually be a magic number but was determined for the assignment

The next round is essentially the same using the new starting points of L1 and R1 with the next blocks for addition. K2 is added to the logical shift left branch, K3 for the logical shift right branch, and Delta2 for the third branch.

Since the assignment was to only do one round, the ciphertext in L2 and R2 can then be decrypted by reversing the process. Reversing the arrows on the diagram we take L2 to perform the three operations on to XOR together. Then perform a subraction-mod-232 with R2. This gives us R0 and L1 which we then use to determine L0 through the same process but with the earlier key blocks and delta.

Decryption algorithm, 曰 denotes subtraction-mod-232

Then again with the L1/R0 bit-string to find L0

In practice it’s recommended to run the algorithm for 64 Feistel rounds (32 pairs of rounds). Feistel refers to the symmetric structure of the algorithm, as clearly seen within the diagram. Also in practice the predetermined Delta would be a magic number, a number chosen to demonstrate that there are no possible hidden properties to it. There are a few weaknesses to TEA which have removed it from common use in cryptography. The code is decent, it’s at 96% coverage on the testing.

Recounting Recent: Kali NetHunter

After fixing a couple of my old broken android phones, playing around with unlocking the boot-loader, rooting them and installing custom ROM’s I decided to optimize an android for use with Kali NetHunter.

Monitor mode on NetHunter. Detecting two access points with WEP encryption in my neighborhood. These could be cracked in like 8-30 minutes.

Kali Linux NetHunter is an open source android penetration testing platform. Check out Offensive Security’s NetHunter page for more information.

NetHunter has versions available for many android devices. Nexus, OnePlus, Galaxy, Gemini, LG, HTC, some Sony’s and the list goes on. If trying this out make sure to do ample research on the device you are considering because CPU chipset varies on the same android phones between carriers. The wiki on gitlab lists the supported devices.

Also pay attention to the WiFi chipset because only a few inboard WiFi chips can be used for monitor mode, otherwise the phone will need an external adapter for WiFi penetration. To use the inboard chips we’ll have to modify the kernel and firmware but even if using an external adapter be sure to verify compatibility.\

I went with the Hawaii Nexus 6P as it supports inboard monitoring mode and Offensive Security sold me with their description for it. Also being able to get one on ebay for 50 something dollars is pretty compelling when some of the other options are still hundreds. (*note the following is all specific to the Hawaii Nexus 6P)

I reinstalled NetHunter while writing this post. These instructions are pretty good, it’s the installation.txt file from:

Kali boot animation

A few notes to simplify the process.

You need android sdk platform tools fastboot from android studio. Downloading all the files above into the sdk platform tools folder will simplify a lot so that you don’t need to include paths to run fastboot or paths for the files to flash.

If you have issues with the shell script just look within the scripts and ran each command from the shell.

You need to download the twrp recovery image separately, just google the img name.

You will need a usb connected external storage for step 5 because the 6P has no SD card slot.

An add-on for the lineageOS in order to enable root-access to apps is also needed which can be downloaded from the link above. Flash the add-on and then enable developer options and you can grant root access to apps.

flashing Kali

XDA developers forum is the best resource I’ve found for all of this. You can find support and instructions for all the other possible devices on their forum as well.

Recounting Recent: Docker Swarm on Raspberry Pi cluster

This is a docker swarm on a cluster of raspberry pi’s running OpenFaaS. FaaS stands for Functions as a Service, from Wikipedia it is “a category of cloud computing services that provides a platform allowing customers to develop, run, and manage application functionalities without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.” Allowing developers to execute code in response to events without having to build out the typical infrastructure.

From Alex Ellis the creator of OpenFaas, “The idea is to make it as simple possible to create a function that is built for, deployed to and run on Docker Swarm or Kubernetes, while providing a workflow that integrates directly with the Docker ecosystem.”

6 raspberry pi 4’s with pimoroni blinkt, gigabit switch, Anker power supply

This allows us to turn anything into a serverless function that runs through Docker Swarm on Linux or Windows. It allows us to upload functions, modular chunks of code, into the cloud and execute independently.

The Pimoroni Blinkt LED’s on the raspberry’s allow for a visual display of the load on each, above is a demo of this scaling up.

Below is a demo of the LED’s showing a rolling update.

And then scaling the service back down to zero.

Headless Raspberry Pi setup

A headless setup allows us to use the raspberry over the network without a monitor, keyboard or mouse. We can install a more lightweight operating system without a GUI (graphical user interface). Saving on hardware costs and the machines resources. The headless Linux install I’m using is based on Debian and designed specifically for Raspberry Pi hardware. You can download it here:

The headless variant as of writing this is Buster Lite. After downloading we need to flash the image onto a microSD card for the raspberry. The easiest way to do this is with balenaEtcher which can be downloaded here:

Etcher automatically unmounts the card so after flashing the image remove then replace the microSD card. To enable SSH you need to create a file entitled SSH on the root partition of the SD named ‘boot’. On mac or Linux you can do this in the command line by navigating to the boot partition and then using command ‘touch ssh’ which will create a file of that name if it does not already exist:

touch ssh

If you are connecting to the pi via Ethernet cable you can skip this next step.

To connect via wifi you need to create another file in the boot partition named:


With contents:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev


Change the country code, ssid and psk (pre-shared key) to your own. The password is only stored here in plain text upon first boot, the Pi will move this file automatically.

Recounting Recent: Hardening the Raspberry Pi

Adding an ‘ssh’ file to a fresh flash on Raspbian enables Secure Socket Shell on its first boot. This ‘headless’ control over the network doesn’t need a mouse, keyboard or monitor and lets us use a light weight operating system.

The defaults on Raspbian are username: pi and password: raspberry, it’s a good idea to change these.

To SSH into our pi we need to know the IP address. Logging into your router and checking the devices list is an easy way to do so. It can often be reached by browsing to page:

If you haven’t changed your routers login credentials I strongly suggest that you do so. The defaults can be found located on your router or online.

The IP address of the pi can also be determined using nmap to scan the subnet set to -T4 for greatest speed:

nmap -sV -T4

Once we know our pi’s IP address we can connect to it via ssh. On windows we may need to install a client to do this, PuTTY.exe is the most commonly used. On Mac or Linux devices SSH clients are installed by default and should run out the box from command line with:

ssh [email protected]

Of course substituting whatever our pi’s IP address actually is. We will then be prompted for a password which is ‘raspberry’ by default. We can then use the command ‘passwd’ to change the password for our default user pi.

I prefer to set my own password for the root account and then relock root as well as disallowing remote root login unless I need it for something. To do so:

sudo passwd root

By default the pi account has passwordless sudo, we can change this by editing the file /etc/sudoers.d/010_pi-nopasswd to be ‘pi ALL=(ALL) PASSWD: ALL’

sudo nano /etc/sudoers.d/010_pi-nopasswd


cntl + x, y, enter

Since we’re running the pi headlessly we can use the command ‘sudo raspi-config’ to change the host name, change the memory split to the gpu to 16, verify/change our locality, enable predictable network names and a bunch more.

It’s a good idea to create a new user and lock user pi although changing to ssh key based authentication is secure regardless. Just to note deleting user pi rather than locking it can cause some issues. If creating a new user it will need to be added to groups:

sudo adduser new-user-name-here

sudo usermod -aG groups-here-seperated-by-commas,sudo,adm new-user-name-here

Then logout of pi into the new user, lock pi, lock root.

sudo passwd -l pi

sudo passwd -l root

For ssh key authentication we need to generate keys if we haven’t before. We can do so on our machine(not ssh’d into the pi) with the following command (for a 4096 bit key):

ssh-keygen -t rsa -b 4096

Then we can add them to the pi with:

ssh-copy-id -i ~/.ssh/ [email protected]

Disabling password based access to the raspberry prevents anyone without the key from being able to connect. To do so edit /etc/ssh/sshd_config and make sure the password authentication line reads PasswordAuthentication no.

sudo nano /etc/ssh/sshd_config

We can then reboot the pi to make sure all our changes take effect with ‘sudo reboot’