minor

2023-01-14 16:54:44 +01:00 · 2023-01-14 16:54:44 +01:00 · af7d5ed0ef
commit af7d5ed0ef
parent 0ae97be204
8 changed files with 168 additions and 21 deletions
--- a/SDR.md
+++ b/SDR.md
@ -3,6 +3,10 @@ SDR
 ### links
 https://github.com/jopohl/urh/
 https://www.windytan.com/
+https://triq.net/bitbench
+
+https://blog.atx.name/reverse-engineering-radio-weather-station/
+https://docs.google.com/document/d/1yjAO3jTBa9lAFIuiteK_GLWh7-Xk-kSD2d0DUxQe_vU/edit

 ### flipper zero
 https://gist.github.com/paucoma/57080d2845ba4b21b980b90842c38eb1
--- a/archlinux.md
+++ b/archlinux.md
@ -63,6 +63,15 @@ sudo mkinitcpio -p linux
    - reboot and pray
 - enable pcsc.socket

+### uefi update cd
+1. download iso image
+2. extract the upgrade image `geteltorito.pl -o r1qur08w.img r1qur08w.iso`
+3. put it on the usb stick `dd if=r1qur08w.img o=/dev/sda bs=64K`
+4. reboot to disable SecureBoot
+5. reboot to boot
+6. reboot (UEFI), reboot (EC) and reboot (reasons)
+7. reboot to activate SecureBoot again
+
 ### git use credential store
 https://gist.github.com/maelvls/79d49740ce9208c26d6a1b10b0d95b5e
 well, no:
--- a/firmware_sammelbecken.md
+++ b/firmware_sammelbecken.md
@ -1,4 +1,4 @@
-Willkommen im Wiki.
+   Willkommen im Wiki.

 Hier wird ein Sammelsurium angelegt, welches Snippets für alles enthält, was mir über den Weg läuft.
 #### TS100 soldering iron
@ -23,9 +23,9 @@ VoLTE sowie WiFiCall kann erst mit neuem Update kommen, da der APN von 07 auf 03

 #### Odroid HC1 sdcard handling
 Mirror second bootstage
-dd if=/dev/mmcblk0 of=/dev/sdc bs=512 count=8192
+`dd if=/dev/mmcblk0 of=/dev/sdc bs=512 count=8192`
 partclone (maybe some resize due different sdcard size is required)
-partclone.ext4 -N -b -s /dev/mmcblk0p1 -o /dev/sdc1
+`partclone.ext4 -N -b -s /dev/mmcblk0p1 -o /dev/sdc1`


 ##### STM32 F103 clones
@ -93,6 +93,47 @@ mgos_sys_config.c:232   Loading conf9.json
 mgos_sys_config.c:306   Switching debug to UART-1
 ```

-well, that it's all folks. The device can not connect to a wifi AP. The self-owned AP works so far, but it can not connect to a different AP, more precisely, it can not get an IP
-`68:C6:3A:F9:38:9C`
-https://asperti.com/2022/shelly-firmware/
+well, that it's all folks. The device can not connect to a wifi AP. The self-owned AP works so far, but it can not connect to a different AP, more precisely, it can not get an IP. the guide explains it well: https://asperti.com/2022/shelly-firmware/
+```
+rBoot v1.2.1-cesanta1 - richardaburton@gmail.com
+Flash Size:   unknown
+Flash Mode:   DOUT
+Flash Speed:  80 MHz
+rBoot Option: Big flash
+
+Writing default boot config @ 0x7000.
+Booting rom 0 (0x8000).
+syѕ<EFBFBD><EFBFBD>param error, use last saved param!
+mismatch map 1,spi_size_map 15
+emap1
+map 1 err
+system param partition error
+ota2 partition <20>V2
+Mo
+Backup
+
+Exception 20 @ 0x00000023, vaddr 0x00000020
+ A0: 0x4027d46a  A1: 0x3fffeac0  A2: 0x0001c610  A3: 0x00000088
+ A4: 0x3ffe9818  A5: 0x00000004  A6: 0x40000000  A7: 0x3fffdca0
+ A8: 0x0000001e  A9: 0x00000000 A10: 0x00000000 A11: 0x00000002
+A12: 0x3ffee8ac A13: 0x3ffef024 A14: 0x3ffef0c2 A15: 0x00000023
+
+(exc SP: 0x3fffe920)
+```
+however, the guide is not working completely. Some research later, I found out that rboot needs the flash size detection. Otherwise it seems to fail. you need to add `--fs detect` to get the flash size into rboot.
+```
+esptool -p /dev/ttyUSB0 --baud 115200 write_flash -fm dout --flash_freq 80m --fs detect 0x0 rboot.bin 0xBB000 fs.bin 0x8000 shelly-plug-s.bin 0x1FC000 esp_init_data_default_v08.bin
+```
+and should see this:
+```
+rBoot v1.2.1-cesanta1 - richardaburton@gmail.com
+Flash Size:   16 Mbit
+Flash Mode:   DOUT
+Flash Speed:  80 MHz
+rBoot Option: Big flash
+
+Booting rom 0 (0x8000).
+V2
+Mo
+Backup
+```
--- a/git_usage.md
+++ b/git_usage.md
@ -0,0 +1,4 @@
+## git
+
+### git file permission ignore
+`git config core.fileMode false`
--- a/gnuk.md
+++ b/gnuk.md
@ -38,10 +38,10 @@ You could however use a Masterkey deployment, which adds overhead to your key ha
 alternative is:
 - File encryption: https://github.com/FiloSottile/age https://github.com/FiloSottile/age/discussions/432
 - File signing: https://github.com/jedisct1/minisign/
- Mail Verschlüsselung: as intermediate solution: p≡p and a workaround: https://de.wikipedia.org/wiki/Autocrypt and DKIM by the mail provider
+- Mail encryption: as intermediate solution: p≡p and a workaround: https://de.wikipedia.org/wiki/Autocrypt and DKIM by the mail provider
 - git commit sign https://github.com/git/git/pull/1041
- linux login: pam-poldi -> pam-u2f
- full disk encryption Luks2: -> TPM2 + PIN (for device bundled storage) or FIDO2 based
+- linux login: pam-poldi --> pam-u2f
+- full disk encryption Luks2: --> TPM2 + PIN (for device bundled storage) or FIDO2 based
 - SSH:FIDO2 openssh native support
 ## Gnuk
 offical Repo: https://salsa.debian.org/gnuk-team
@ -68,8 +68,6 @@ https://s14-eu5.startpage.com/cgi-bin/serveimage?url=https:%2F%2Fembdev.net%2Fwi
 [new] https://gist.github.com/rot42/cd6ff46be45f0b7d7cd461a7bcc14d79

 ----------mailgroup questions----------------
-firmware upgrade with public RSA --> lost of all data?
-upgrade manual?
 get random data from gnuk more than 32byte?
 https://raw.githubusercontent.com/comio/comio-overlay/master/app-crypt/scdtools/files/scdrand.service
 https://github.com/vletoux/OpenPGP-CSP/issues
@ -77,13 +75,13 @@ https://incenp.org/dvlpt/scdtools.html

 ```
 echo scd random 32 | gpg-connect-agent | xxd
-
 ```
-----------------
+--------------—
+### best practise
 Nutzer PIN erst mit Zertifikat
 adminless Modus mit PIN über 8 Zeichen, User Pin min 6 Zeichen PIN

---------UPGRADE----------—
+#### regnual firmware upgrade
 ```bash
 koelner ~/src/gnuk/tool $./upgrade_by_passwd.py ../regnual/regnual.bin ../src/build/gnuk.bin
 Admin password: 
@ -126,10 +124,89 @@ koelner ~/src/gnuk/tool $./usb_strings.py
       Sys: 3.0
 ```

-------
+#### openocd firmware flash
+```
+Make Gnuk
+cm@system-legacy:~/src/gnuk/src$ ./configure --vidpid=234b:0000 --target=BLUE_PILL --enable-factory-reset --enable-certdo
+./configure --vidpid=234b:0000 --target=ST_DONGLE --enable-factory-reset --enable-certdo --disable-sys1-compat
+cm@system-legacy:~/src/gnuk/src$ make -j4
+cm@system-legacy:~/src/gnuk/src$ make build/gnuk-vidpid.elf
+
+
+Flash Gnuk
+0. build it like descibed in the offical documentation.
+1. connect STLink and then the blue pill itself (GND, 3.3V SWDCLK, SWDIO)
+2. use openocd 
+
+$ openocd -f interface/stlink-v2.cfg -f target/stm32f1x_stlink.cfg  -OR-
+$ openocd -f interface/stlink-v2.cfg -f target/stm32f1x.cfg
+
+3. telnet to openocd server
+cm@system-legacy:~/src$ telnet 127.0.0.1 4444
+Trying 127.0.0.1...
+Connected to 127.0.0.1.
+Escape character is '^]'.
+Open On-Chip Debugger
+> stm32f1x unlock 0
+device id = 0x20036410
+flash size = 64kbytes
+Target not halted
+> reset halt
+target halted due to debug-request, current mode: Thread 
+xPSR: 0x01000000 pc: 0x08000250 msp: 0x20005000
+> stm32f1x unlock 0
+target halted due to breakpoint, current mode: Thread 
+xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000
+stm32x unlocked.
+INFO: a reset or power cycle is required for the new settings to take effect.
+> reset halt
+target halted due to debug-request, current mode: Thread 
+xPSR: 0x01000000 pc: 0x08000250 msp: 0x20005000
+> flash write_bank 0 /home/cm/src/gnuk/src/build/gnuk-vidpid.bin 0
+flash write algorithm aborted by target
+flash write failed at address 0x8000002
+flash memory not erased before writing
+error writing to flash at address 0x08000000 at offset 0x00000000
+> stm32f1x mass_erase 0
+stm32f1x mass erase complete
+> flash write_bank 0 /home/cm/src/gnuk/src/build/gnuk-vidpid.bin 0
+target halted due to breakpoint, current mode: Thread 
+xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000
+wrote 114688 bytes from file /home/cm/src/gnuk/src/build/gnuk-vidpid.bin to flash bank 0 at offset 0x00000000 in 3.447206s (32.490 KiB/s)
+> reset halt
+target halted due to debug-request, current mode: Thread 
+xPSR: 0x01000000 pc: 0x08003264 msp: 0x20005000
+> stm32f1x lock 0
+target halted due to breakpoint, current mode: Thread 
+xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000
+stm32x locked
+> reset
+> shutdown
+shutdown command invoked
+Connection closed by foreign host.
+```
+one liner
+```
+openocd -f interface/stlink.cfg \
+-c 'transport select hla_swd' \
+-f target/stm32f1x.cfg \
+-c 'adapter_speed 400' \
+-c init \
+-c 'reset halt' \
+-c 'stm32f1x unlock 0' \
+-c 'reset halt' \
+-c 'stm32f1x mass_erase 0' \
+-c 'flash write_bank 0 /home/koelner/Downloads/gnuk.bin 0' \
+-c 'stm32f1x lock 0' \
+-c reset \
+-c shutdown
+```
+
+#### links
 https://github.com/gl-sergei/u2f-token
 https://riseup.net/en/security/message-security/openpgp/best-practices
------
+https://blog.josefsson.org/tag/openpgp/
+
 ## gnuk root key station 

 rpi zero WH 1.1, CPU-Kühler, USB-A Mod, USB Hub Hat, 1.44 LCD with Buttons
@ -141,14 +218,21 @@ additional installed software: vim.tiny, vim, stress, gnupg, libccid, opensc, sc
 activate timedatectl 4
 register i2c-rtc and usb-serial, login with dietpi:dietpi

-------------
+```
 root@gnupg-root:~# cat hwmon-ds3231.sh 
 #!/usr/bin/env bash
 rtctemp=$(cat /sys/class/i2c-adapter/i2c-1/1-0068/hwmon/hwmon0/temp1_input)
 rtctemp=$(bc -l <<< "$rtctemp / 1000")
-echo "RTC temp = $rtctemp" 
-----------
- 
+echo "RTC temp = $rtctemp"
+```
+```
+root@gnupg-root:~# cat hwmon-ds3231.sh 
+#!/usr/bin/env bash
+rtctemp=$(cat /sys/class/i2c-adapter/i2c-1/1-0068/hwmon/hwmon0/temp1_input)
+echo  "$rtctemp / 1000" | bc
+echo "RTC temp = $rtctemp"
+```
+
 First run
 Check for RNG pool
 create encrypted storage for the gpg folder [on a removable device]
--- a/lenovo_L13YOGA_G2_AMD.md
+++ b/lenovo_L13YOGA_G2_AMD.md
@ -15,4 +15,4 @@ My own system: https://linux-hardware.org/?probe=6dfbd97685
 1. keyboard backlight https://wiki.archlinux.org/title/Keyboard_backlight#On_GNOME
 2. keyboard FN keys
 3. bluetooth daemon disabled by default
-4. touchscreen not detected - suddenly then it appears
+4. touchscreen not detected - suddenly then it appears - and again gone
--- a/openwrt-selfbuild.md
+++ b/openwrt-selfbuild.md
@ -136,6 +136,8 @@ fi
 ## package list
 ####  useful packages
 ```
+ath10k-firmware-qca988x base-files busybox ca-bundle dnsmasq dropbear firewall4 fstools kmod-ath10k kmod-ath9k kmod-gpio-button-hotplug kmod-nft-offload kmod-usb-ledtrig-usbport kmod-usb2 libc libgcc libustream-wolfssl logd mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail swconfig uboot-envtools uci uclient-fetch urandom-seed urngd
+
 wget-ssl
 curl
 wireguard-tools
--- a/proxmox.md
+++ b/proxmox.md
@ -1,4 +1,7 @@
 ## Proxmox 
+### subscription nag screen
+https://johnscs.com/remove-proxmox51-subscription-notice/
+`sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service`

 ### packages
 tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils