minor
This commit is contained in:
parent
0ae97be204
commit
af7d5ed0ef
4
SDR.md
4
SDR.md
@ -3,6 +3,10 @@ SDR
|
|||||||
### links
|
### links
|
||||||
https://github.com/jopohl/urh/
|
https://github.com/jopohl/urh/
|
||||||
https://www.windytan.com/
|
https://www.windytan.com/
|
||||||
|
https://triq.net/bitbench
|
||||||
|
|
||||||
|
https://blog.atx.name/reverse-engineering-radio-weather-station/
|
||||||
|
https://docs.google.com/document/d/1yjAO3jTBa9lAFIuiteK_GLWh7-Xk-kSD2d0DUxQe_vU/edit
|
||||||
|
|
||||||
### flipper zero
|
### flipper zero
|
||||||
https://gist.github.com/paucoma/57080d2845ba4b21b980b90842c38eb1
|
https://gist.github.com/paucoma/57080d2845ba4b21b980b90842c38eb1
|
||||||
|
@ -63,6 +63,15 @@ sudo mkinitcpio -p linux
|
|||||||
- reboot and pray
|
- reboot and pray
|
||||||
- enable pcsc.socket
|
- enable pcsc.socket
|
||||||
|
|
||||||
|
### uefi update cd
|
||||||
|
1. download iso image
|
||||||
|
2. extract the upgrade image `geteltorito.pl -o r1qur08w.img r1qur08w.iso`
|
||||||
|
3. put it on the usb stick `dd if=r1qur08w.img o=/dev/sda bs=64K`
|
||||||
|
4. reboot to disable SecureBoot
|
||||||
|
5. reboot to boot
|
||||||
|
6. reboot (UEFI), reboot (EC) and reboot (reasons)
|
||||||
|
7. reboot to activate SecureBoot again
|
||||||
|
|
||||||
### git use credential store
|
### git use credential store
|
||||||
https://gist.github.com/maelvls/79d49740ce9208c26d6a1b10b0d95b5e
|
https://gist.github.com/maelvls/79d49740ce9208c26d6a1b10b0d95b5e
|
||||||
well, no:
|
well, no:
|
||||||
|
@ -23,9 +23,9 @@ VoLTE sowie WiFiCall kann erst mit neuem Update kommen, da der APN von 07 auf 03
|
|||||||
|
|
||||||
#### Odroid HC1 sdcard handling
|
#### Odroid HC1 sdcard handling
|
||||||
Mirror second bootstage
|
Mirror second bootstage
|
||||||
dd if=/dev/mmcblk0 of=/dev/sdc bs=512 count=8192
|
`dd if=/dev/mmcblk0 of=/dev/sdc bs=512 count=8192`
|
||||||
partclone (maybe some resize due different sdcard size is required)
|
partclone (maybe some resize due different sdcard size is required)
|
||||||
partclone.ext4 -N -b -s /dev/mmcblk0p1 -o /dev/sdc1
|
`partclone.ext4 -N -b -s /dev/mmcblk0p1 -o /dev/sdc1`
|
||||||
|
|
||||||
|
|
||||||
##### STM32 F103 clones
|
##### STM32 F103 clones
|
||||||
@ -93,6 +93,47 @@ mgos_sys_config.c:232 Loading conf9.json
|
|||||||
mgos_sys_config.c:306 Switching debug to UART-1
|
mgos_sys_config.c:306 Switching debug to UART-1
|
||||||
```
|
```
|
||||||
|
|
||||||
well, that it's all folks. The device can not connect to a wifi AP. The self-owned AP works so far, but it can not connect to a different AP, more precisely, it can not get an IP
|
well, that it's all folks. The device can not connect to a wifi AP. The self-owned AP works so far, but it can not connect to a different AP, more precisely, it can not get an IP. the guide explains it well: https://asperti.com/2022/shelly-firmware/
|
||||||
`68:C6:3A:F9:38:9C`
|
```
|
||||||
https://asperti.com/2022/shelly-firmware/
|
rBoot v1.2.1-cesanta1 - richardaburton@gmail.com
|
||||||
|
Flash Size: unknown
|
||||||
|
Flash Mode: DOUT
|
||||||
|
Flash Speed: 80 MHz
|
||||||
|
rBoot Option: Big flash
|
||||||
|
|
||||||
|
Writing default boot config @ 0x7000.
|
||||||
|
Booting rom 0 (0x8000).
|
||||||
|
syѕ<EFBFBD><EFBFBD>param error, use last saved param!
|
||||||
|
mismatch map 1,spi_size_map 15
|
||||||
|
emap1
|
||||||
|
map 1 err
|
||||||
|
system param partition error
|
||||||
|
ota2 partition <20>V2
|
||||||
|
Mo
|
||||||
|
Backup
|
||||||
|
|
||||||
|
Exception 20 @ 0x00000023, vaddr 0x00000020
|
||||||
|
A0: 0x4027d46a A1: 0x3fffeac0 A2: 0x0001c610 A3: 0x00000088
|
||||||
|
A4: 0x3ffe9818 A5: 0x00000004 A6: 0x40000000 A7: 0x3fffdca0
|
||||||
|
A8: 0x0000001e A9: 0x00000000 A10: 0x00000000 A11: 0x00000002
|
||||||
|
A12: 0x3ffee8ac A13: 0x3ffef024 A14: 0x3ffef0c2 A15: 0x00000023
|
||||||
|
|
||||||
|
(exc SP: 0x3fffe920)
|
||||||
|
```
|
||||||
|
however, the guide is not working completely. Some research later, I found out that rboot needs the flash size detection. Otherwise it seems to fail. you need to add `--fs detect` to get the flash size into rboot.
|
||||||
|
```
|
||||||
|
esptool -p /dev/ttyUSB0 --baud 115200 write_flash -fm dout --flash_freq 80m --fs detect 0x0 rboot.bin 0xBB000 fs.bin 0x8000 shelly-plug-s.bin 0x1FC000 esp_init_data_default_v08.bin
|
||||||
|
```
|
||||||
|
and should see this:
|
||||||
|
```
|
||||||
|
rBoot v1.2.1-cesanta1 - richardaburton@gmail.com
|
||||||
|
Flash Size: 16 Mbit
|
||||||
|
Flash Mode: DOUT
|
||||||
|
Flash Speed: 80 MHz
|
||||||
|
rBoot Option: Big flash
|
||||||
|
|
||||||
|
Booting rom 0 (0x8000).
|
||||||
|
V2
|
||||||
|
Mo
|
||||||
|
Backup
|
||||||
|
```
|
4
git_usage.md
Normal file
4
git_usage.md
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
## git
|
||||||
|
|
||||||
|
### git file permission ignore
|
||||||
|
`git config core.fileMode false`
|
108
gnuk.md
108
gnuk.md
@ -38,10 +38,10 @@ You could however use a Masterkey deployment, which adds overhead to your key ha
|
|||||||
alternative is:
|
alternative is:
|
||||||
- File encryption: https://github.com/FiloSottile/age https://github.com/FiloSottile/age/discussions/432
|
- File encryption: https://github.com/FiloSottile/age https://github.com/FiloSottile/age/discussions/432
|
||||||
- File signing: https://github.com/jedisct1/minisign/
|
- File signing: https://github.com/jedisct1/minisign/
|
||||||
- Mail Verschlüsselung: as intermediate solution: p≡p and a workaround: https://de.wikipedia.org/wiki/Autocrypt and DKIM by the mail provider
|
- Mail encryption: as intermediate solution: p≡p and a workaround: https://de.wikipedia.org/wiki/Autocrypt and DKIM by the mail provider
|
||||||
- git commit sign https://github.com/git/git/pull/1041
|
- git commit sign https://github.com/git/git/pull/1041
|
||||||
- linux login: pam-poldi -> pam-u2f
|
- linux login: pam-poldi --> pam-u2f
|
||||||
- full disk encryption Luks2: -> TPM2 + PIN (for device bundled storage) or FIDO2 based
|
- full disk encryption Luks2: --> TPM2 + PIN (for device bundled storage) or FIDO2 based
|
||||||
- SSH:FIDO2 openssh native support
|
- SSH:FIDO2 openssh native support
|
||||||
## Gnuk
|
## Gnuk
|
||||||
offical Repo: https://salsa.debian.org/gnuk-team
|
offical Repo: https://salsa.debian.org/gnuk-team
|
||||||
@ -68,8 +68,6 @@ https://s14-eu5.startpage.com/cgi-bin/serveimage?url=https:%2F%2Fembdev.net%2Fwi
|
|||||||
[new] https://gist.github.com/rot42/cd6ff46be45f0b7d7cd461a7bcc14d79
|
[new] https://gist.github.com/rot42/cd6ff46be45f0b7d7cd461a7bcc14d79
|
||||||
|
|
||||||
----------mailgroup questions----------------
|
----------mailgroup questions----------------
|
||||||
firmware upgrade with public RSA --> lost of all data?
|
|
||||||
upgrade manual?
|
|
||||||
get random data from gnuk more than 32byte?
|
get random data from gnuk more than 32byte?
|
||||||
https://raw.githubusercontent.com/comio/comio-overlay/master/app-crypt/scdtools/files/scdrand.service
|
https://raw.githubusercontent.com/comio/comio-overlay/master/app-crypt/scdtools/files/scdrand.service
|
||||||
https://github.com/vletoux/OpenPGP-CSP/issues
|
https://github.com/vletoux/OpenPGP-CSP/issues
|
||||||
@ -77,13 +75,13 @@ https://incenp.org/dvlpt/scdtools.html
|
|||||||
|
|
||||||
```
|
```
|
||||||
echo scd random 32 | gpg-connect-agent | xxd
|
echo scd random 32 | gpg-connect-agent | xxd
|
||||||
|
|
||||||
```
|
```
|
||||||
-----------------
|
--------------—
|
||||||
|
### best practise
|
||||||
Nutzer PIN erst mit Zertifikat
|
Nutzer PIN erst mit Zertifikat
|
||||||
adminless Modus mit PIN über 8 Zeichen, User Pin min 6 Zeichen PIN
|
adminless Modus mit PIN über 8 Zeichen, User Pin min 6 Zeichen PIN
|
||||||
|
|
||||||
---------UPGRADE----------—
|
#### regnual firmware upgrade
|
||||||
```bash
|
```bash
|
||||||
koelner ~/src/gnuk/tool $./upgrade_by_passwd.py ../regnual/regnual.bin ../src/build/gnuk.bin
|
koelner ~/src/gnuk/tool $./upgrade_by_passwd.py ../regnual/regnual.bin ../src/build/gnuk.bin
|
||||||
Admin password:
|
Admin password:
|
||||||
@ -126,10 +124,89 @@ koelner ~/src/gnuk/tool $./usb_strings.py
|
|||||||
Sys: 3.0
|
Sys: 3.0
|
||||||
```
|
```
|
||||||
|
|
||||||
-------
|
#### openocd firmware flash
|
||||||
|
```
|
||||||
|
Make Gnuk
|
||||||
|
cm@system-legacy:~/src/gnuk/src$ ./configure --vidpid=234b:0000 --target=BLUE_PILL --enable-factory-reset --enable-certdo
|
||||||
|
./configure --vidpid=234b:0000 --target=ST_DONGLE --enable-factory-reset --enable-certdo --disable-sys1-compat
|
||||||
|
cm@system-legacy:~/src/gnuk/src$ make -j4
|
||||||
|
cm@system-legacy:~/src/gnuk/src$ make build/gnuk-vidpid.elf
|
||||||
|
|
||||||
|
|
||||||
|
Flash Gnuk
|
||||||
|
0. build it like descibed in the offical documentation.
|
||||||
|
1. connect STLink and then the blue pill itself (GND, 3.3V SWDCLK, SWDIO)
|
||||||
|
2. use openocd
|
||||||
|
|
||||||
|
$ openocd -f interface/stlink-v2.cfg -f target/stm32f1x_stlink.cfg -OR-
|
||||||
|
$ openocd -f interface/stlink-v2.cfg -f target/stm32f1x.cfg
|
||||||
|
|
||||||
|
3. telnet to openocd server
|
||||||
|
cm@system-legacy:~/src$ telnet 127.0.0.1 4444
|
||||||
|
Trying 127.0.0.1...
|
||||||
|
Connected to 127.0.0.1.
|
||||||
|
Escape character is '^]'.
|
||||||
|
Open On-Chip Debugger
|
||||||
|
> stm32f1x unlock 0
|
||||||
|
device id = 0x20036410
|
||||||
|
flash size = 64kbytes
|
||||||
|
Target not halted
|
||||||
|
> reset halt
|
||||||
|
target halted due to debug-request, current mode: Thread
|
||||||
|
xPSR: 0x01000000 pc: 0x08000250 msp: 0x20005000
|
||||||
|
> stm32f1x unlock 0
|
||||||
|
target halted due to breakpoint, current mode: Thread
|
||||||
|
xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000
|
||||||
|
stm32x unlocked.
|
||||||
|
INFO: a reset or power cycle is required for the new settings to take effect.
|
||||||
|
> reset halt
|
||||||
|
target halted due to debug-request, current mode: Thread
|
||||||
|
xPSR: 0x01000000 pc: 0x08000250 msp: 0x20005000
|
||||||
|
> flash write_bank 0 /home/cm/src/gnuk/src/build/gnuk-vidpid.bin 0
|
||||||
|
flash write algorithm aborted by target
|
||||||
|
flash write failed at address 0x8000002
|
||||||
|
flash memory not erased before writing
|
||||||
|
error writing to flash at address 0x08000000 at offset 0x00000000
|
||||||
|
> stm32f1x mass_erase 0
|
||||||
|
stm32f1x mass erase complete
|
||||||
|
> flash write_bank 0 /home/cm/src/gnuk/src/build/gnuk-vidpid.bin 0
|
||||||
|
target halted due to breakpoint, current mode: Thread
|
||||||
|
xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000
|
||||||
|
wrote 114688 bytes from file /home/cm/src/gnuk/src/build/gnuk-vidpid.bin to flash bank 0 at offset 0x00000000 in 3.447206s (32.490 KiB/s)
|
||||||
|
> reset halt
|
||||||
|
target halted due to debug-request, current mode: Thread
|
||||||
|
xPSR: 0x01000000 pc: 0x08003264 msp: 0x20005000
|
||||||
|
> stm32f1x lock 0
|
||||||
|
target halted due to breakpoint, current mode: Thread
|
||||||
|
xPSR: 0x61000000 pc: 0x2000003a msp: 0x20005000
|
||||||
|
stm32x locked
|
||||||
|
> reset
|
||||||
|
> shutdown
|
||||||
|
shutdown command invoked
|
||||||
|
Connection closed by foreign host.
|
||||||
|
```
|
||||||
|
one liner
|
||||||
|
```
|
||||||
|
openocd -f interface/stlink.cfg \
|
||||||
|
-c 'transport select hla_swd' \
|
||||||
|
-f target/stm32f1x.cfg \
|
||||||
|
-c 'adapter_speed 400' \
|
||||||
|
-c init \
|
||||||
|
-c 'reset halt' \
|
||||||
|
-c 'stm32f1x unlock 0' \
|
||||||
|
-c 'reset halt' \
|
||||||
|
-c 'stm32f1x mass_erase 0' \
|
||||||
|
-c 'flash write_bank 0 /home/koelner/Downloads/gnuk.bin 0' \
|
||||||
|
-c 'stm32f1x lock 0' \
|
||||||
|
-c reset \
|
||||||
|
-c shutdown
|
||||||
|
```
|
||||||
|
|
||||||
|
#### links
|
||||||
https://github.com/gl-sergei/u2f-token
|
https://github.com/gl-sergei/u2f-token
|
||||||
https://riseup.net/en/security/message-security/openpgp/best-practices
|
https://riseup.net/en/security/message-security/openpgp/best-practices
|
||||||
------
|
https://blog.josefsson.org/tag/openpgp/
|
||||||
|
|
||||||
## gnuk root key station
|
## gnuk root key station
|
||||||
|
|
||||||
rpi zero WH 1.1, CPU-Kühler, USB-A Mod, USB Hub Hat, 1.44 LCD with Buttons
|
rpi zero WH 1.1, CPU-Kühler, USB-A Mod, USB Hub Hat, 1.44 LCD with Buttons
|
||||||
@ -141,13 +218,20 @@ additional installed software: vim.tiny, vim, stress, gnupg, libccid, opensc, sc
|
|||||||
activate timedatectl 4
|
activate timedatectl 4
|
||||||
register i2c-rtc and usb-serial, login with dietpi:dietpi
|
register i2c-rtc and usb-serial, login with dietpi:dietpi
|
||||||
|
|
||||||
-------------
|
```
|
||||||
root@gnupg-root:~# cat hwmon-ds3231.sh
|
root@gnupg-root:~# cat hwmon-ds3231.sh
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
rtctemp=$(cat /sys/class/i2c-adapter/i2c-1/1-0068/hwmon/hwmon0/temp1_input)
|
rtctemp=$(cat /sys/class/i2c-adapter/i2c-1/1-0068/hwmon/hwmon0/temp1_input)
|
||||||
rtctemp=$(bc -l <<< "$rtctemp / 1000")
|
rtctemp=$(bc -l <<< "$rtctemp / 1000")
|
||||||
echo "RTC temp = $rtctemp"
|
echo "RTC temp = $rtctemp"
|
||||||
-----------
|
```
|
||||||
|
```
|
||||||
|
root@gnupg-root:~# cat hwmon-ds3231.sh
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
rtctemp=$(cat /sys/class/i2c-adapter/i2c-1/1-0068/hwmon/hwmon0/temp1_input)
|
||||||
|
echo "$rtctemp / 1000" | bc
|
||||||
|
echo "RTC temp = $rtctemp"
|
||||||
|
```
|
||||||
|
|
||||||
First run
|
First run
|
||||||
Check for RNG pool
|
Check for RNG pool
|
||||||
|
@ -15,4 +15,4 @@ My own system: https://linux-hardware.org/?probe=6dfbd97685
|
|||||||
1. keyboard backlight https://wiki.archlinux.org/title/Keyboard_backlight#On_GNOME
|
1. keyboard backlight https://wiki.archlinux.org/title/Keyboard_backlight#On_GNOME
|
||||||
2. keyboard FN keys
|
2. keyboard FN keys
|
||||||
3. bluetooth daemon disabled by default
|
3. bluetooth daemon disabled by default
|
||||||
4. touchscreen not detected - suddenly then it appears
|
4. touchscreen not detected - suddenly then it appears - and again gone
|
@ -136,6 +136,8 @@ fi
|
|||||||
## package list
|
## package list
|
||||||
#### useful packages
|
#### useful packages
|
||||||
```
|
```
|
||||||
|
ath10k-firmware-qca988x base-files busybox ca-bundle dnsmasq dropbear firewall4 fstools kmod-ath10k kmod-ath9k kmod-gpio-button-hotplug kmod-nft-offload kmod-usb-ledtrig-usbport kmod-usb2 libc libgcc libustream-wolfssl logd mtd netifd nftables odhcp6c odhcpd-ipv6only opkg ppp ppp-mod-pppoe procd procd-seccomp procd-ujail swconfig uboot-envtools uci uclient-fetch urandom-seed urngd
|
||||||
|
|
||||||
wget-ssl
|
wget-ssl
|
||||||
curl
|
curl
|
||||||
wireguard-tools
|
wireguard-tools
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
## Proxmox
|
## Proxmox
|
||||||
|
### subscription nag screen
|
||||||
|
https://johnscs.com/remove-proxmox51-subscription-notice/
|
||||||
|
`sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service`
|
||||||
|
|
||||||
### packages
|
### packages
|
||||||
tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils
|
tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils
|
||||||
|
Loading…
Reference in New Issue
Block a user