From af7d5ed0ef43a84baa66f0c9c9142921e43abcaf Mon Sep 17 00:00:00 2001 From: coelner Date: Sat, 14 Jan 2023 16:54:44 +0100 Subject: [PATCH] minor --- SDR.md | 4 ++ archlinux.md | 9 ++++ firmware_sammelbecken.md | 53 +++++++++++++++--- git_usage.md | 4 ++ gnuk.md | 112 ++++++++++++++++++++++++++++++++++----- lenovo_L13YOGA_G2_AMD.md | 2 +- openwrt-selfbuild.md | 2 + proxmox.md | 3 ++ 8 files changed, 168 insertions(+), 21 deletions(-) create mode 100644 git_usage.md diff --git a/SDR.md b/SDR.md index f31ac38..038ffe9 100644 --- a/SDR.md +++ b/SDR.md @@ -3,6 +3,10 @@ SDR ### links https://github.com/jopohl/urh/ https://www.windytan.com/ +https://triq.net/bitbench + +https://blog.atx.name/reverse-engineering-radio-weather-station/ +https://docs.google.com/document/d/1yjAO3jTBa9lAFIuiteK_GLWh7-Xk-kSD2d0DUxQe_vU/edit ### flipper zero https://gist.github.com/paucoma/57080d2845ba4b21b980b90842c38eb1 diff --git a/archlinux.md b/archlinux.md index 61cf31c..02a2085 100644 --- a/archlinux.md +++ b/archlinux.md @@ -63,6 +63,15 @@ sudo mkinitcpio -p linux - reboot and pray - enable pcsc.socket +### uefi update cd +1. download iso image +2. extract the upgrade image `geteltorito.pl -o r1qur08w.img r1qur08w.iso` +3. put it on the usb stick `dd if=r1qur08w.img o=/dev/sda bs=64K` +4. reboot to disable SecureBoot +5. reboot to boot +6. reboot (UEFI), reboot (EC) and reboot (reasons) +7. reboot to activate SecureBoot again + ### git use credential store https://gist.github.com/maelvls/79d49740ce9208c26d6a1b10b0d95b5e well, no: diff --git a/firmware_sammelbecken.md b/firmware_sammelbecken.md index 873c736..04e67a8 100644 --- a/firmware_sammelbecken.md +++ b/firmware_sammelbecken.md @@ -1,4 +1,4 @@ -Willkommen im Wiki. + Willkommen im Wiki. Hier wird ein Sammelsurium angelegt, welches Snippets für alles enthält, was mir über den Weg läuft. #### TS100 soldering iron @@ -23,9 +23,9 @@ VoLTE sowie WiFiCall kann erst mit neuem Update kommen, da der APN von 07 auf 03 #### Odroid HC1 sdcard handling Mirror second bootstage -dd if=/dev/mmcblk0 of=/dev/sdc bs=512 count=8192 +`dd if=/dev/mmcblk0 of=/dev/sdc bs=512 count=8192` partclone (maybe some resize due different sdcard size is required) -partclone.ext4 -N -b -s /dev/mmcblk0p1 -o /dev/sdc1 +`partclone.ext4 -N -b -s /dev/mmcblk0p1 -o /dev/sdc1` ##### STM32 F103 clones @@ -93,6 +93,47 @@ mgos_sys_config.c:232 Loading conf9.json mgos_sys_config.c:306 Switching debug to UART-1 ``` -well, that it's all folks. The device can not connect to a wifi AP. The self-owned AP works so far, but it can not connect to a different AP, more precisely, it can not get an IP -`68:C6:3A:F9:38:9C` -https://asperti.com/2022/shelly-firmware/ \ No newline at end of file +well, that it's all folks. The device can not connect to a wifi AP. The self-owned AP works so far, but it can not connect to a different AP, more precisely, it can not get an IP. the guide explains it well: https://asperti.com/2022/shelly-firmware/ +``` +rBoot v1.2.1-cesanta1 - richardaburton@gmail.com +Flash Size: unknown +Flash Mode: DOUT +Flash Speed: 80 MHz +rBoot Option: Big flash + +Writing default boot config @ 0x7000. +Booting rom 0 (0x8000). +syѕ��param error, use last saved param! +mismatch map 1,spi_size_map 15 +emap1 +map 1 err +system param partition error +ota2 partition �V2 +Mo +Backup + +Exception 20 @ 0x00000023, vaddr 0x00000020 + A0: 0x4027d46a A1: 0x3fffeac0 A2: 0x0001c610 A3: 0x00000088 + A4: 0x3ffe9818 A5: 0x00000004 A6: 0x40000000 A7: 0x3fffdca0 + A8: 0x0000001e A9: 0x00000000 A10: 0x00000000 A11: 0x00000002 +A12: 0x3ffee8ac A13: 0x3ffef024 A14: 0x3ffef0c2 A15: 0x00000023 + +(exc SP: 0x3fffe920) +``` +however, the guide is not working completely. Some research later, I found out that rboot needs the flash size detection. Otherwise it seems to fail. you need to add `--fs detect` to get the flash size into rboot. +``` +esptool -p /dev/ttyUSB0 --baud 115200 write_flash -fm dout --flash_freq 80m --fs detect 0x0 rboot.bin 0xBB000 fs.bin 0x8000 shelly-plug-s.bin 0x1FC000 esp_init_data_default_v08.bin +``` +and should see this: +``` +rBoot v1.2.1-cesanta1 - richardaburton@gmail.com +Flash Size: 16 Mbit +Flash Mode: DOUT +Flash Speed: 80 MHz +rBoot Option: Big flash + +Booting rom 0 (0x8000). +V2 +Mo +Backup +``` \ No newline at end of file diff --git a/git_usage.md b/git_usage.md new file mode 100644 index 0000000..905d090 --- /dev/null +++ b/git_usage.md @@ -0,0 +1,4 @@ +## git + +### git file permission ignore +`git config core.fileMode false` \ No newline at end of file diff --git a/gnuk.md b/gnuk.md index 9073182..fb17f3f 100644 --- a/gnuk.md +++ b/gnuk.md @@ -38,10 +38,10 @@ You could however use a Masterkey deployment, which adds overhead to your key ha alternative is: - File encryption: https://github.com/FiloSottile/age https://github.com/FiloSottile/age/discussions/432 - File signing: https://github.com/jedisct1/minisign/ -- Mail Verschlüsselung: as intermediate solution: p≡p and a workaround: https://de.wikipedia.org/wiki/Autocrypt and DKIM by the mail provider +- Mail encryption: as intermediate solution: p≡p and a workaround: https://de.wikipedia.org/wiki/Autocrypt and DKIM by the mail provider - git commit sign https://github.com/git/git/pull/1041 -- linux login: pam-poldi -> pam-u2f -- full disk encryption Luks2: -> TPM2 + PIN (for device bundled storage) or FIDO2 based +- linux login: pam-poldi --> pam-u2f +- full disk encryption Luks2: --> TPM2 + PIN (for device bundled storage) or FIDO2 based - SSH:FIDO2 openssh native support ## Gnuk offical Repo: https://salsa.debian.org/gnuk-team @@ -68,8 +68,6 @@ https://s14-eu5.startpage.com/cgi-bin/serveimage?url=https:%2F%2Fembdev.net%2Fwi [new] https://gist.github.com/rot42/cd6ff46be45f0b7d7cd461a7bcc14d79 ----------mailgroup questions---------------- -firmware upgrade with public RSA --> lost of all data? -upgrade manual? get random data from gnuk more than 32byte? https://raw.githubusercontent.com/comio/comio-overlay/master/app-crypt/scdtools/files/scdrand.service https://github.com/vletoux/OpenPGP-CSP/issues @@ -77,13 +75,13 @@ https://incenp.org/dvlpt/scdtools.html ``` echo scd random 32 | gpg-connect-agent | xxd - ``` ------------------ +--------------— +### best practise Nutzer PIN erst mit Zertifikat adminless Modus mit PIN über 8 Zeichen, User Pin min 6 Zeichen PIN ----------UPGRADE----------— +#### regnual firmware upgrade ```bash koelner ~/src/gnuk/tool $./upgrade_by_passwd.py ../regnual/regnual.bin ../src/build/gnuk.bin Admin password: @@ -126,10 +124,89 @@ koelner ~/src/gnuk/tool $./usb_strings.py Sys: 3.0 ``` -------- +#### openocd firmware flash +``` +Make Gnuk +cm@system-legacy:~/src/gnuk/src$ ./configure --vidpid=234b:0000 --target=BLUE_PILL --enable-factory-reset --enable-certdo +./configure --vidpid=234b:0000 --target=ST_DONGLE --enable-factory-reset --enable-certdo --disable-sys1-compat +cm@system-legacy:~/src/gnuk/src$ make -j4 +cm@system-legacy:~/src/gnuk/src$ make build/gnuk-vidpid.elf + + +Flash Gnuk +0. build it like descibed in the offical documentation. +1. connect STLink and then the blue pill itself (GND, 3.3V SWDCLK, SWDIO) +2. use openocd + +$ openocd -f interface/stlink-v2.cfg -f target/stm32f1x_stlink.cfg -OR- +$ openocd -f interface/stlink-v2.cfg -f target/stm32f1x.cfg + +3. telnet to openocd server +cm@system-legacy:~/src$ telnet 127.0.0.1 4444 +Trying 127.0.0.1... +Connected to 127.0.0.1. +Escape character is '^]'. +Open On-Chip Debugger +> stm32f1x unlock 0 +device id = 0x20036410 +flash size = 64kbytes +Target not halted +> reset halt +target halted due to debug-request, current mode: Thread +xPSR: 0x01000000 pc: 0x08000250 msp: 0x20005000 +> stm32f1x unlock 0 +target halted due to breakpoint, current mode: Thread +xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000 +stm32x unlocked. +INFO: a reset or power cycle is required for the new settings to take effect. +> reset halt +target halted due to debug-request, current mode: Thread +xPSR: 0x01000000 pc: 0x08000250 msp: 0x20005000 +> flash write_bank 0 /home/cm/src/gnuk/src/build/gnuk-vidpid.bin 0 +flash write algorithm aborted by target +flash write failed at address 0x8000002 +flash memory not erased before writing +error writing to flash at address 0x08000000 at offset 0x00000000 +> stm32f1x mass_erase 0 +stm32f1x mass erase complete +> flash write_bank 0 /home/cm/src/gnuk/src/build/gnuk-vidpid.bin 0 +target halted due to breakpoint, current mode: Thread +xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000 +wrote 114688 bytes from file /home/cm/src/gnuk/src/build/gnuk-vidpid.bin to flash bank 0 at offset 0x00000000 in 3.447206s (32.490 KiB/s) +> reset halt +target halted due to debug-request, current mode: Thread +xPSR: 0x01000000 pc: 0x08003264 msp: 0x20005000 +> stm32f1x lock 0 +target halted due to breakpoint, current mode: Thread +xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000 +stm32x locked +> reset +> shutdown +shutdown command invoked +Connection closed by foreign host. +``` +one liner +``` +openocd -f interface/stlink.cfg \ +-c 'transport select hla_swd' \ +-f target/stm32f1x.cfg \ +-c 'adapter_speed 400' \ +-c init \ +-c 'reset halt' \ +-c 'stm32f1x unlock 0' \ +-c 'reset halt' \ +-c 'stm32f1x mass_erase 0' \ +-c 'flash write_bank 0 /home/koelner/Downloads/gnuk.bin 0' \ +-c 'stm32f1x lock 0' \ +-c reset \ +-c shutdown +``` + +#### links https://github.com/gl-sergei/u2f-token https://riseup.net/en/security/message-security/openpgp/best-practices ------- +https://blog.josefsson.org/tag/openpgp/ + ## gnuk root key station rpi zero WH 1.1, CPU-Kühler, USB-A Mod, USB Hub Hat, 1.44 LCD with Buttons @@ -141,14 +218,21 @@ additional installed software: vim.tiny, vim, stress, gnupg, libccid, opensc, sc activate timedatectl 4 register i2c-rtc and usb-serial, login with dietpi:dietpi -------------- +``` root@gnupg-root:~# cat hwmon-ds3231.sh #!/usr/bin/env bash rtctemp=$(cat /sys/class/i2c-adapter/i2c-1/1-0068/hwmon/hwmon0/temp1_input) rtctemp=$(bc -l <<< "$rtctemp / 1000") -echo "RTC temp = $rtctemp" ------------ - +echo "RTC temp = $rtctemp" +``` +``` +root@gnupg-root:~# cat hwmon-ds3231.sh +#!/usr/bin/env bash +rtctemp=$(cat /sys/class/i2c-adapter/i2c-1/1-0068/hwmon/hwmon0/temp1_input) +echo "$rtctemp / 1000" | bc +echo "RTC temp = $rtctemp" +``` + First run Check for RNG pool create encrypted storage for the gpg folder [on a removable device] diff --git a/lenovo_L13YOGA_G2_AMD.md b/lenovo_L13YOGA_G2_AMD.md index 23956a7..076f61c 100644 --- a/lenovo_L13YOGA_G2_AMD.md +++ b/lenovo_L13YOGA_G2_AMD.md @@ -15,4 +15,4 @@ My own system: https://linux-hardware.org/?probe=6dfbd97685 1. keyboard backlight https://wiki.archlinux.org/title/Keyboard_backlight#On_GNOME 2. keyboard FN keys 3. bluetooth daemon disabled by default -4. touchscreen not detected - suddenly then it appears \ No newline at end of file +4. touchscreen not detected - suddenly then it appears - and again gone \ No newline at end of file diff --git a/openwrt-selfbuild.md b/openwrt-selfbuild.md index 3f8e880..515fb68 100644 --- a/openwrt-selfbuild.md +++ b/openwrt-selfbuild.md @@ -136,6 +136,8 @@ fi ## package list #### useful packages ``` +ath10k-firmware-qca988x base-files busybox ca-bundle dnsmasq dropbear firewall4 fstools kmod-ath10k kmod-ath9k kmod-gpio-button-hotplug kmod-nft-offload kmod-usb-ledtrig-usbport kmod-usb2 libc libgcc libustream-wolfssl logd mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail swconfig uboot-envtools uci uclient-fetch urandom-seed urngd + wget-ssl curl wireguard-tools diff --git a/proxmox.md b/proxmox.md index f29a44a..754753d 100644 --- a/proxmox.md +++ b/proxmox.md @@ -1,4 +1,7 @@ ## Proxmox +### subscription nag screen +https://johnscs.com/remove-proxmox51-subscription-notice/ +`sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service` ### packages tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils