Why do I tell you this? Because there comes a time in every hacker’s life when you wish for more, to create something of intrinsic value rather than endlessly find faults in the works of others. For me, that was turning grain, water, hops, and yeast into something greater than the sum of its parts. It’s an avenue to share, to serve others, to create. It’s also something to trade for milk and bread when the zombies come!
Ingredients
Beer, like most things in life, can be as simple or as complex as you wish it to be. But at its core, this beverage started with four primary ingredients, each just as important as the next: grain, water, hops, and yeast.
Grain Or even more generally, any cereal where its grain can be cultivated and finally sugars can be extracted. But more than just simple grain, grain that has undergone the malting process. Grains are made to germinate by soaking in water, and are then halted from germinating further by drying with hot air, as shown in Figure 1. By malting grains, enzymes are produced that are required for converting the starches into sugars. This is important to know, as not just any grain will do for the beer brewing process. These sugars which are extracted from the malted grains will eventually be turned to alcohol during fermentation, as in Figure 2.
Water Arguably the most critical component, water makes up 95% of the final product and can contribute as much to the taste and feel of the brew as the grains, hops, and yeast. Books have been written and rewritten on the subject of brewing water and will not be rehashed here. Good water must be clean, plentiful and free of chlorine.
Hops Starting in the ninth century, brewers began using hops in place of bittering herbs and flowers as a way to flavor and stabilize their brew. Hops are the female flowers of the hop plant with training bines that set forth like ivy or grapes. The hop cone itself is made of multiple components, but most important to brewing are the resins that are composed of alpha and beta acids. Alpha acids in particular are critical due to their mild antibiotic/bacteriostatic effect that favors the exclusive activity of brewing yeast over microbial nasties swimming about. See Figure 3.
Beta acids contribute to the beer’s aroma and overall flavor. These acids are extracted during the brewing process by boiling.
Yeast Single-celled organisms with an amazing ability to convert carbohydrates (sugars) into CO2 and alcohol, yeast is the literal lifeblood of beer, as fermentation changes sugary and otherwise boring sugar water (wort, or young beer) into glorious brew.
For brewing there are two main types of yeasts: “top-cropping” where the yeast forms a foam at the top of the wort during fermentation and is more commonly known as “ale yeast” and “bottom-cropping” where the yeasts ferment at lower temperatures and settle at the bottom of the vessel during fermentation, commonly known as “lager yeast.”
Yeast can be cultivated from the wild or known/safe sources. They can even be collected and nurtured from bottle-conditioned brews, Belgian varieties in particular.
Brewing Process
The brewing process is often fifteen minutes of frantic activity followed by an hour of drinking, cleaning, and a bit of conversation. Simplistically, the steps are to first extract fermentable sugars from the malted grains with hot water (mashing), then to boil and reduce the fermentable sugar water (wort) while adding hops at specific timing intervals. The wort is then reduced to a safe temperature and moved to a fermentation vessel, into which yeast is pitched and the liquid stored at a consistent temperature, allowing the fermentation process to occur. Finally, the beer is packed and conditioned for future consumption and enjoyment.
There is quite a bit of science and wizardry that takes place in these five steps. I would like to take you through this process with one of our own recipes at Binary Brew Works. These days you can’t have a brewery without an India Pale Ale (IPA), a beer that at its origin was heavily hopped to make the journey by ship from England to India. This heavy-handed hop addition creates a highly bitter, but hopefully aromatic and balanced brew that is popular today.
Gathering the Ingredients For our IPA, appropriately named TCP/IPa, the following ingredients are used and scaled for a thirty gallon (114 liter) batch. Scaling at this volume is 1:1, so halving the numbers for a fifteen gallon (57 liter) batch will yield similar results.26
TCP / IPa
FERMENTABLES:
2 Row 70 lbs
Caramel Malt 60L 6 lbs
Flaked Wheat 6 lbs
HOPS:
Cascade 8 oz @ 60 mins
Citra 16 oz @ 15 mins
Yeast:
Wyeast 1056
Preparing the Mash Water In a brewing kettle, bring the water to what is known as strike temperature. The volume of water depends on other parameters such as grain absorption rates, equipment losses, and evaporation. Using a brewing water calculator is recommended. For this recipe, approximately 45 gallons (170 liters) of strike water are needed to get the desired 30 gallons (114 liters) of finished product. Your striking temperature is typically 10–15°F (5–7°C) higher than your target mash temperature. In this case, 170°F (77°C) for a target 160°F (71°C).
Mashing In a separate vessel called a mash tun, the prepared grains are waiting for inclusion of the strike water. The mash tun is often a modified cooler or other insulated vessel that can contain the volume of both the grain and the striking water. In single infusion mashing, water is added to the grains, stirred, and typically left to sit for an hour to allow for the extraction of fermentable sugars. Fifteen minutes of frantic moving of water, stirring, and cleaning is then followed by an hour of drinking your last batch of beer.
Boiling Once the mashing is complete, the sugar water “wort” has to be extracted and placed into the boiling kittling, oftentimes the same kettle used to heat the strike water. This can be accomplished in a number of ways, mostly through the use of mesh false bottoms or other straining mechanisms to prevent, as much as possible, solid grain matter from entering the boiling kettle.
Once extracted, the wort is brought to a boil and held there for an hour to an hour and a half. The addition of hops through the boiling process adds to the bitterness and flavor of the beer, so it is critical to follow hop addition timings as this has a huge effect on the final product. For TCP/IPa, two hop additions are used. Cascade hops are widely used in the industry and therefore readily available to the brewer. They provide the bittering required for an IPA while imparting the characteristic spicy and citrus flavor expected for the style. Citra hops are added towards the end of the boil to add the strong citrus and tropical tones of flavor and aroma. Remember, the earlier the hop addition, the more bittering oils are extracted from the hop. Later additions provide more flavor and aroma without adding bitterness.
Cooling You now have a boiling pot of wort that must be cooled down to pitching temperature as quickly as possible. This is the most critical stage of the process! At 212°F (100°C), all types of nasties that can ruin your beer are boiled away. But as the wort is cooled, there is an increased risk of bacteria or other infections. Cleanliness of the brewery and its equipment is key from this point forward.
Cooling can be accomplished by a number of heat transfer methods. At smaller volumes, coiled copper tubes shown in Figure 4 are submerged into the boiling wort to sanitize, and the cold water is passed through, cooling the wort to the target temperature. At larger volumes, heat transfer equipment gets bigger and beefier, but serves the same purpose. Most ale yeast pitches between 70 and 75 degrees Fahrenheit (22°C).
Fermentation Yeast are beautiful little creatures. Through a metabolic process, yeast convert sugars into gas (CO2) and alcohol. This process must take place in a sanitary vessel where no interference from other microbes can ruin our wort. Temperature control of the vessel and the surrounding room is critical to the overall taste and feel of the final product. Some styles, such as the saison, are purposefully fermented at the highest temperatures (80–85°F, 27–29°C) allowed by the yeast. Fermentation at this temperature produces a spicy profile.
<
br /> For lagers, yeast ferment at lower temperatures common to basements and cellars and produce a funky flavor. Not my preference, but fun nonetheless if you have the equipment or climate to ferment at this temperature.
And like magic, our sugary wort is churned, eaten, and converted into glorious beer.
Packaging Once the fermentation process is nearly complete, the beer can be stored and chilled. Carbonation comes next, with various methods available to the home brewer. Bottle conditioning is the process of introducing a priming sugar back into the wort just prior to bottling. Take careful notes and measurements at this point, as too much sugar can create explosive “bottle bombs.”
Investing in a used kegging system can help tremendously. Not only does this simplify cleaning, it also allows the brewer to force carbonate the keg. Attaching a CO2 tank and selecting the appropriate PSI level can quickly and more evenly carbonate your brew to the target levels. Plus there’s nothing like having fresh, cold beer on tap.
Creating a final product from raw ingredients is a very fulfilling process. The basic process of extracting sugars from grain, adding hops, fermentation, and drinking is just the surface of a complex, diverse, and creative industry. For the homebrewer, not only serves as a way to make and enjoy beer, but also as a social tradition where drinks and conversations are had over a boiling pot of wort. Go forth, become a brewer, and enjoy the miracle of your own beer!
9:9 Shenanigans with APRS and AX.25 for Covert Communications
by Vogelfrei
This little document details some shenanigans involving APRS and its underlying AX.25 protocol, including but not limited to covert channels, steganography, avoiding detection by normal users and leveraging Internet infrastructure for worldwide covert communication.
Covert channels in radio packet protocols have been investigated in the past.27 Although the regulations for amateur radio operation explicitly forbid hiding, encoding, or encrypting communications in any form, it is nonetheless a challenging and fruitful field for experimentation.
I had been researching the topic for a while, and informally mentioned this to my neighbors Travis and Muur, who—it turned out—had been working on PSK31. They requested an article to follow theirs, PoC‖GTFO 8:4. So enjoy this short piece, and look out for more elaborate tricks and tools for all your booklegging communication needs, because the world is almost through!
The APRS protocol (Automatic Position Reporting System), originally developed by Bob Bruninga (WB4APR), has its roots in the necessity to track the position and telemetry data of vehicles, weather stations, and hikers.
APRS is built on the AX.25 protocol, an amateur variant of the commercial X.25 protocol you’ll fondly remember from Phrack 45:8. Despite the amateur nature of its deployment, there is an impressively large infrastructure of Internet gateways, digipeaters, weather stations, and other kinds of nodes. The International Space Station (ISS) itself has an APRS-capable digipeater on-board, and radio operators across the globe engage in packet radio messaging through the station and other satellites.
Perhaps the most interesting feature of APRS, besides the fact that it supports exchanging all kinds of information, is the way the data is routed between uncoordinated nodes over large areas. It is this decentralized, connection-less nature that makes APRS ideal for covert communication purposes.
Frequencies and Equipment
Now that you have a general idea of what APRS is and what it might be useful for, you should know which frequencies are designated for APRS transmissions. Frequencies vary by country, but as a general rule, North America uses 144.390 MHz while Europe and Africa use 144.800 MHz. The International Space Station is nearby, at 145.825 MHz.
For testing and experimentation purposes, start with a cheap hand-held radio such as the Baofeng UV5R from China. It is capable of transmitting in the 2m and 70cm bands, and can easily be connected to your computer’s sound card. This will allow you to immediately test software modems and get your feet wet with APRS and other packet radio protocols.
If you would like to get fancy, I recommend two additional pieces of equipment. Get a dual-band radio with TNC support, such as the Kenwood TM-D7xx or TH-D72A. The TNC will interpret packets in hardware, freeing you from DSP headaches. You will also want a general purpose wide-band receiver with discriminator (unadulterated audio) output; ordinary folks call this a scanner.
The Protocol
As mentioned before, APRS uses AX.25 for transport. More specifically, APRS data is contained in AX.25 Unnumbered Information (UI) frames, in the information field. The protocol is completely connectionless; there is neither state nor any expectation of a response for a given packet.28 This is rather handy for simple systems, since you will only need a single packet consumer, and the rest of your state machine is entirely up to you. Because of its simplicity, APRS can be easily implemented in microcontrollers.
A simple APRS message packet looks as follows:
N0CALL-9>N1CALL-9,WIDE1-1,WIDE2-2::N1CALL-9 :This is a test for APRS messages{1
Dissecting its structure, we will find:
The path element: N0CALL-9>N1CALL-9,WIDE1-1,WIDE2-2
A colon (:) delimiting the end of the path and the beginning of the packet data.
The packet type identified by a single character, also a colon, for messages.
After that, whatever format the packet type specifies. In the case of a message, a colon-delimited recipient callsign, followed by the text and a { bracket followed by a number, indicating the line of the message, starting at one.
Figure 9.14: APRS Data contained in the AX.25 information field
The comment field is also susceptible to abuse, limited to printable ASCII data as the specification demands, “The comment may contain any printable ASCII characters, except | and ~, which are reserved for TNC channel switching.” Depending on the DTI, the Comment field is used to include additional information besides what is sent in the Data field, mostly for telemetry uses. Coordinates are encoded using Base-91.
The wealth of information provided in the original protocol specification should be more than enough to figure out ways to conceal your own data in different packet types. Of particular interest are the mechanisms for compressed coordinates and telemetry, weather reports, and bulletin messages. While these have size limitations, leveraging the unused DTIs as described in the next section allows for crafty ways to chain multiple packets together.
Abusing Unused Data Type Identifiers (DTI)
The APRS protocol defines multiple DTIs as unused or forbidden. These are often ignored by software and TNCs in actual radios, making them an ideal target for creative reuse. Because it would be trivial to detect and actively monitor for intentional use of the unused DTIs, a better approach is to leverage them in a way that provides somewhat plausible deniability.
Prepare APRS Data contents for a given DTI.
Find the nearest unused DTI, possibly identifying ones which require the least amount of bits to corrupt so that the DTI isn’t too far from the one corresponding to the data we have prepared.
Proceed to send the packet contained an invalid DTI that is unused yet contains seemingly valid data for an adjacent DTI.
Unused DTIs that are one position away from another include 0x21 and 0x22. (Position without timestamp versus unused.) Table 9.1 contains some of the interesting unused identifiers up for grabs; please refer to the APRS Protocol Reference for the rest of them.29 DTIs involved in TNC operation should be avoided, unless the TNC behavior can be abused constructively.
The benefit of hiding data in an otherwise valid APRS Data segment with an incorrect (unused) DTI is that clients—including built-in TNCs—will ignore the packet and not attempt to decode its contents.
ID
Data Type
Adjacent DTI
0x22
Unused
0x21 (position without timestamp or WX) and 0x23 (WX)
0x26
Reserved (“map feature”)
&nb
sp; 0x25 (MicroFinder) and 0x27 (Mic-E or TM-D700 data)
0x28
Unused
0x27 and 0x29 (Item)
0x41-0x53
Unused
Only adjacent (0x40 and 0x54)
0x2c
Experimental / Unused
(none)
0x2e
Reserved (Space weather)
0x2f (position with timestamp sans messaging)
0x30-0x39
Do Not Use
0x3a (Message)
Table 9.1: Unused Data Type Identifiers in the APRS Protocol
Figure 9.15: AX.25 Unnumbered Information (UI) frame structure
Third-party and User Defined Packets
Two special DTIs exist that allow for packet-in-packet protocol tricks: the third-party and user-defined packets. These have special quirks associated with them, and the way TNCs handle them is not standardized. This is both a good and a bad thing. For instance, the Kenwood TM-D7xx’s built-in TNC will ignore third-party packets entirely if it cannot parse them.
However, Internet Gateways will also ignore all user-defined packets and impose additional restrictions the third-party DTI. This is the biggest motivator for actually reading the source code of APRS Internet gateway software. For example:
PoC or GTFO, Volume 2 Page 4