notes when trying to display xps files with evince
(however mupdf has less bugs and is supported by homebrew as well)

  • brew install evince does not support xps file format (xps option disabled at compile time)
    (check PATH variable, put /usr/local/bin as first entry if homebrew and macports are installed and errors like Python.h not found occur even if python has been freshly installed by homebrew)
  • an example for own brew formulas can be found here
  • copy /usr/local/Library/Taps/homebrew/homebrew-core/Formula/evince.rb to
    /usr/local/Library/Taps/homebrew/homebrew-x11/
  • edit /usr/local/Library/Taps/homebrew/homebrew-x11/evince.rb:
    uncomment the lines from bottle do to end using  # to disable prebuilt binaries
    add “–enable-xps”, to configure arguments
    and add line depends_on “libgxps”
  • run brew search evince which should find homebrew/x11/evince
  • run brew install homebrew/x11/evince

Bare metal recovery: Making the hard disk with image data bootable – update of this post; requires a licensed version of trueimage 2016 home (to be able to either download the acronis standalone iso from acronis or to create the iso with acronis media builder).

Step 1: Initialization of the disk using windows diskpart (compare this post); all data on this disk gets erased; tested with diskpart of windows 10:

  • list disk
  • select disk 1 (be careful to select the external disk which will be erased)
  • clean
  • convert gpt (automatically creates a 100 MB msr partition which remains unused)
  • create partition efi size=512
  • format fs=fat32 quick label=EFI
  • create partition primary size=2048 (bootloader and acronis)
  • create partition primary (use remaining space for image data)
  • exit

Step 2: Continue with linux; tested with ubuntu 16.04.

Step 2: Prepare and format the hard disk:

  • sudo su
  • gdisk -l /dev/sdb (be careful to select the external disk which has been prepared in step 1)
  • use df -h to show if any partitions of /dev/sdb are mounted and unmount them
  • gdisk /dev/sdb (be careful to select the external disk – replace sdb by your disk sd… in the instructions below!)
    • p
    • t
      3 <enter> (sets type of partition 3 to linux; do not set the data partition 4 to linux – else trueimage won’t allow to read/write tib files)
    • x
    • a
      3
      2 <enter> (set gpt partition flag bios bootable, used by extlinux boot loader)
    • w
  • mkfs.ext2 -L BootExtHD /dev/sdb3
  • mkfs.ext4 -L DataExtHD /dev/sdb4

Step 3: Install extlinux to make the hard disk bootable in bios mode:

  • mount /dev/sdb3 /mnt
  • mkdir /mnt/extlinux
  • extlinux -i /mnt/extlinux
  • touch /mnt/extlinux/extlinux.conf
  • mcedit /mnt/extlinux/extlinux.conf (compare these instructions on reboot.pro)
    • DEFAULT ti2016
      SAY booting TrueImage 2016 from USB disk with extlinux
      LABEL ti2016
      KERNEL /acronis/dat10.dat
      APPEND quiet force_modules=usbhid lib80211=off
      INITRD /acronis/dat11.dat,/acronis/dat12.dat
    • my machine crashes if lib80211.ko gets loaded (ti2016 build 6571)
      else parameter lib80211=off is not neccessary
  • dd if=/usr/lib/syslinux/mbr/gptmbr.bin of=/dev/sdb (add a syslinux/extlinux compatible mbr to the hard disk)

Step 4: Install grub to make the hard disk bootable in (u)efi secure boot mode; assumes that ubuntu 16.04 has been installed with grub efi boot loader and that loading of unsigned kernel (modules) has been enabled:
mokutil –disable-validation (has to be run as root, disables kernel validation at reboot; boot loader grub then complains insecure boot.)

  • mount /dev/sdb2 /mnt2
  • mkdir /mnt2/EFI
  • copy /boot/efi/EFI/ubuntu to /mnt2/EFI/ubuntu
  • edit /mnt2/EFI/ubuntu/grub.cfg
    • run: blkid /dev/sdb3
    • replace the uuid filesystem number in grub.cfg by the UUID number shown by blkid
    • remove grub hint hd0,gpt6 (in case your ubuntu (boot) partition is sda6)
    • replace set prefix=($root)’/boot/grub’
      by set prefix=($root)’/grub’
    • e.g.:
      search.fs_uuid 4164bfdd-bfbe-464a-9e7f-1ec096f84c2d root
      set prefix=($root)'/grub'
      configfile $prefix/grub.cfg
  • umount /mnt2
  • mkdir /mnt/grub
  • copy the contents of directory /boot/grub/ to /mnt/grub/
  • delete /mnt/grub/grubenv
  • edit /mnt/grub/grub.cfg
    • set default="0"
      set timeout="10"
    • taken from ubuntu:
      function load_video {
      if [ x$feature_all_video_module = xy ]; then
      insmod all_video
      else
      insmod efi_gop
      insmod efi_uga
      insmod ieee1275_fb
      insmod vbe
      insmod vga
      insmod video_bochs
      insmod video_cirrus
      fi
      }
    • taken from ubuntu (but replace filesystem UUID number ):
      font=unicode
      insmod part_gpt
      insmod ext2
      search --no-floppy --fs-uuid --set=root 4164bfdd-bfbe-464a-9e7f-1ec096f84c2d
      load_video
      gfxmode text
    • again using these instructions on reboot.pro:
      menuentry "Acronis TruImage Home 2016 on USB disk" {
      set quiet=1
      set gfxpayload=1024x768x32,1024x768
      set mbrcrcs=on
      # bug: kernel module lib80211 crashes kernel in build 6571 (ti 64bit)
      linux /acronis/dat10.dat lib80211=off quiet force_modules=usbhid
      initrd /acronis/dat11.dat /acronis/dat12.dat
      boot
      }

Step 5: Copy acronis trueimage 2016 from iso to hard disk:

  • mkdir /mnt/acronis
  • loop mount the acronis iso file (e.g. mount -o loop acronis.iso /mnt2)
  • copy the files dat10.dat, dat11.dat and dat12.dat to directory /mnt/acronis
  • umount /mnt

Step 6: enable to boot on a mac mini

  • The builtin boot selector of a mac mini expects the grub efi file inside the efi partition at it’s official place:
    EFI/boot/bootx64.efi (or EFI/boot/bootia32.efi: see step 7)
  • to configure grub as official boot loader simply copy
    MokManager.efi, shimx64.efi, grubx64.efi and grub.cfg
    from EFI/ubuntu/ to EFI/boot/ and
    rename shimx64.efi to bootx64.efi
  • Now the boot selector of OS X on a newer mac mini (e.g. late 2012) shows
    an USB disk with subtitle EFI Boot (keep alt/option key pressed on power on to start the boot selector)

Step 7 (optional): enable to boot on older mac minis (late 2007, 5.1)

  • These systems work with 32 bit efi (grub-mkimage -O i386-efi -d /usr/lib/grub/i386-efi -o grubia32.efi ...)
  • Trial & error showed that grubia32.efi created in ubuntu 16.04 (apt-get install grub-efi-ia32-bin) did load acronis true image, but keyboard and mouse remained disabled
  • Multiple sources (like this blog: My Solution How To Boot A Linux Live System) describe that grubia32.efi contained inside zip archive ISO-2-USB EFI-Booter for Mac 0.01 beta works fine
  • For some reason unknown to me this older version of grub does not block keyboard and mouse;
    but it’s command initrd does not load multiple files
  • Copy dat11.dat and dat12.dat into one file dat1112.dat:
    cp dat11.dat dat1112.dat
    cat dat12.dat >> dat1112.dat

    and in grub/grub.cfg replace
    initrd /acronis/dat11.dat /acronis/dat12.dat
    by
    initrd /acronis/dat1112.dat
  • Copy the older version of grub (local copy) to EFI/boot/bootia32.efi
  • Now it boots as described in step 6. But be prepared to wait 3 minutes until the efi32 bios has loaded the 85 MB initial ramdisk of acronis trueimage 2016

Step 8: Try to boot from this hard disk on efi and on bios systems.

  • Without step 6 on one of my systems the builtin boot selector did not show my usb disk,
    but it did show an entry boot from efi file:

    • this allowed to navigate into /EFI/ubuntu on the usb disk
    • then shimx64.efi had to be selected

 

Running a dual boot system with OS X and Windows 10 an ExFAT data exchange partition is useful.

But from time to time (after some months in my case) theExFAT partition is gone:

  • OS X and Windows 10 list a raw partition instead of an ExFAT partition

Repair in OS X using the terminal:

  • sudo su
  • diskutil list
    (this should display a “Microsoft Basic Data” partition with the size of the disappeared ExFAT partition;
    the name column is empty; the identifier like disk0s3 has to be used in the next step)
  • fsck_exfat disk0s3
    (replace disk0s3 by your ExFAT partition)
  • when asked by fsck_exfat to repair your “Main boot region” answer “y”
  • diskutil mount disk0s3
    (replace disk0s3 by your ExFAT partition)
  • now yourExFAT partition should be back in Finder
    (which can be verified on the console with: ls /Volumes)

Details taken from this discussion.

Repair attemps on Windows could use chkdsk d: /f
(replace d: with the windows drive letter of your disappeared ExFAT partition;
use <windows key> + x to open an administrative console.)

Hardware: multiple avm fritz!box router, isdn telephones attached to these routers

  • normal internet connection: router can register sip numbers
    – the router gets a public ip on the wan side
  • mobile data connection: router fails to register most voip providers
    – mobile data modems/routers get a private ip (at least in my setup)
    – private ip means listening for incoming traffic is not possible
    – smartphone clients (e.g. bria) seem to be able to use push notifications to enable incoming calls (with optional codec g729 good voice quality and rather low data rates)
  • openvpn connection through mobile data to a server with public ip:
    – router can register sip numbers and outgoing calls work
    (until the firewall of the mobile provider gets active if voip by mobile data is forbidden)
    – incoming calls are still a problem; maybe the vpn tunnel responds to slowly.
  • reliable incoming calls by usb gsm modem with voice sim card attached to the router
    – fritzbox 7270v2 and higher of voice connections by voice capable usb gsm data sticks

Openvpn tunnel server side (official howto):

  • apt-get install openvpn
  • enable ipv4 forwarding
  • set iptable rules (reference1, reference2)
    – nat routing from tunnel interface to wan interface
    – disable direct forwarding from wan to tunnel
    iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
    iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    iptables -A FORWARD -j REJECT
  • create keys following this tutorial (and it’s openvpn sample config file) using easy-rsa
    (which is part of the debian openvpn package); no passwords except for ca signing key
    – inside easy-rsa directory, edit vars file and run
    source vars; ./clean-all; ./build-ca; ./build-key-server your_server_name;
    ./build-key-pass client_name1;
    (openssl rsa -in client_name1.key -des3 -out client_name11.3des.key for mobile clients)
    ./build-dh
    openvpn –-genkey –-secret keys/ta.key

Openvpn tunnel client side:

  • use freetz to modify the router firmware and add openvpn (plus dropbear server)
    (might be tricky with older routers with only 4MB flash; needs squashfs 128kb block size
    and many of the removal patches; be prepared to recover your router with rukerneltool)
  • detailed howto here; (64 bit linux needs sudo apt-get -y install libc6-dev-i386 lib32ncurses5-dev gcc-multilib lib32stdc++6);
  • to fetch the current stable version:
    svn co http://svn.freetz.org/branches/freetz-stable-2.0 freetz-2.0
  • make menuconfig; make
  • the freetz web interface allows to configure openvpn udp tunnel client
    – use certificates and tls auth (ta.key goes into “static key” field)
    – redirect client traffic
  • additional note: echo “clear_id 87” > /proc/tffs allows to remove the message
    unsupported changes (reference); freetz has an option to do this from web interface.

Receiving calls with usb data modem in voice mode (e.g. with huawei e1552; at command configuration): ippf forum thread

  • voice capability might have to be unlocked with dc_unlocker
    (tool shows status of usb modem (free) and is able to unlock voice (paid))
  • testing voice capability with huawei mobile partner software on windows might require editing of config\PluginsConfig.xml to enable (voice) call menu entry (reference)
  • huawei sticks with newer firmware (“hilink”) act as router and not as modem; this seems to block voice modem usage (reference)
  • alternative: raspberry pi with asterisk (RasPBX) with chan_dongle (openvpn tunnel described here)
  • to make the option gsm voice telephony appear on a fritzbox router, attach the usb data stick, open menu Internet / Mobile Connection, enter SIM PIN number (if set) and press apply; press refresh until the data stick is booked into a mobile network; then press again apply; if the data stick has (enabled) voice capability and is supported by the fritzbox router, then the menu entry gsm voice calls should appear
  • fritzbox routers with vendor branded firmware might disable gsm voice (which requires installation of generic avm firmware with rukerneltool)
  • if the firmware of the fritzbox router is modified by freetz the program minicom can be installed to display sms messages (reference)
    – ls -l /var/gsm/ displays which ttyUSBN (N=0,1,2…) is the data port (huawei e1552: USB0)
    – stty -F /dev/ttyUSB0 displays the baudrate setting of this port (which is accessed by umtsd; in my setup baudrate 9600 is used)
    – minicom -o -b 9600 -D /dev/ttyUSB0 allows to send at-commands (ctrl+a e enables local echo)
    – at+cmgl=”all” displays all SMS stored on the SIM card
    – at+cmgr=4 displays SMS with index 4 (described in detail here)
    – the commands might fail and have to be repeated if umtsd gets active at the same time

Using firmware evb1_06x from fatcatlab.com; hardware is a beaglebone black (revision c) with evb cape.
(To access the firmware image from linux, unzip it and run fdisk -l evb1_06x.img, multiply the start position of partition 2 by 512 and run mount -o ro,offset=53477376 evb1_06x.img /your_mountpoint)

Console access: the ethernet port fetches an ip address by dhcp; telnet allows access as root without password
(Adress fetched by dhcp is also shown on serial console of beaglebone; only accessible when evb cape is removed.)

To upload files to the beaglebone black with evb cape
python -m SimpleHTTPServer 8080 (cd to directory which has content to be downloaded)
wget http://your_server_ip:8080/filename
(builtin busybox unzip does not keep symlinks and executable attributes)

Toolchain used to build evb1_06x firmware:
uname -r displays 3.12.10-ti2013.12.01 and kernel_config is available in /proc/config.gz
which is TI SDK 7.0 (forked github repository of linux kernel here). The ti download page for sdk 7.0 is somehow hidden because the current sdk version is sdk 8.0 and later; the toolkit uses 32 bit binaries and here is listed which libraries (might) have to be installed on 64 bit ubuntu 14.04.

  • apt-get install libc6:i386 libx11-6:i386 libasound2:i386 libatk1.0-0:i386 libcairo2:i386 libcups2:i386 libdbus-glib-2.0-0:i386 libgconf-2-4:i386 libgdk-pixbuf2.0-0:i386 libgtk-3-0:i386 libice6:i386 libncurses5:i386 libsm6:i386 liborbit2:i386 libudev1:i386 libusb-0.1-4:i386 libstdc++6:i386 libxt6:i386 libxtst6:i386 libgnomeui-0:i386 libusb-1.0-0-dev:i386 libcanberra-gtk-module:i386 gtk2-engines-murrine:i386
  • uses linaro toolchain (gcc 4.7, 2013.03): download
    (copy contents into /usr/ except /usr/share/aclocal|gdb|locale)
  • create directories /opt/bbb/lib and /opt/bbb/usr/include and create symlinks
    inside /opt/bbb/lib for all files in /usr/arm-linux-gnueabihf/libc/lib/arm-linux-gnueabihf/:
    d=/usr/arm-linux-gnueabihf/libc/lib/arm-linux-gnueabihf
    cd $d; for f in *; do cd /opt/bbb/lib; echo ln -s $d/$f; cd $d; done
    and inside /opt/bbb/usr/include for all files in /usr/arm-linux-gnueabihf/[libc/usr/include|]:
    d=/usr/arm-linux-gnueabihf/libc/usr/include
    cd $d; for f in *; do cd /opt/bbb/usr/include; echo ln -s $d/$f; cd $d; done
    d=/usr/arm-linux-gnueabihf/libc/usr/include/arm-linux-gnueabihf
    cd $d; for f in *; do cd /opt/bbb/usr/include; ln -s $d/$f; cd $d; done
  • sdk source code: download
    (copy linux-3-12-10-ti2013.12.01 to /usr/src)
  • precompiled sdk binaries: download
    (contains tisdk-rootfs-image-am335x-evm.tar.gz with all binaries of the sdk root file system)
  • getting started guide: pdf document
  • handling PRU: overview

To test the kernel build environment, backup .config and copy kernel_config to .config, then run:
cd /usr/src/linux-3.12.10-ti2013.12.01
export ARCH=arm CROSS_COMPILE=arm-linux-gnueabihf-
make oldconfig
And to prepare external and/or internal module compilation run
make clean
make prepare
make zImage (this is required to create that part file Module.symvers which belongs to modules built into the kernel; else modules compile but fail to load with exec error)

For access point mode with rtl8192cu chipsets like edimax ew-7811un wireless usb adapter (ap.tar.zip) the driver from realtek has to be used (module 8192cu_ko; version patched for newer kernels on github). The Makefile has to be edited:
CONFIG_PLATFORM_I386_PC = n
CONFIG_PLATFORM_ARM_BEAGLEBONE = y
… (and after ifeq ($(CONFIG_PLATFORM_I386_PC), y) … endif):
ifeq ($(CONFIG_PLATFORM_ARM_BEAGLEBONE), y)
EXTRA_CFLAGS += -DCONFIG_LITTLE_ENDIAN
KSRC := /usr/src/linux-3.12.10-ti2013.12.01
ARCH := arm
KVER:= 3.12.10
endif
Then run
make
arm-linux-gnueabihf-strip –strip-debug 8192cu.ko
Copy the module to /lib/modules/3.12.10-ti2013.12.01/extra/ and run depmod -a

UNUSED and kept for reference: The module coming with the linux kernel source does not allow access point mode (error: ioctl[SIOCSIWMODE]: Operation not supported):
make menuconfig to select the ew-7811un kernel module (micro wifi usb dongle)
Device Drivers > Network device support > Wireless LAN > Realtek rtlwifi family of devices
<M>   Realtek RTL8192CU/RTL8188CU USB Wireless Network Adapter
and run make modules (rtl8192cu_ko):
Copy modules to /lib/modules/3.12.10-ti2013.12.01/extra/ and copy rtl8192cufw.bin to /lib/firmware/rtlwifi/
modprobe rtl8192cu; ifconfig -a
should show interface wlan0

Modified hostapd binary which works as access point with ew-7811un:
Go to realtek downloads (which is referenced here), select RTL8188CUS and download the linux driver.
This archive contains wpa_supplicant_hostapd-0.8_rtw_r7475.20130812.tar.gz (in wpa_supplicant_hostapd/ directory)
export CC=arm-linux-gnueabihf-gcc
export LDFLAGS=”-L/opt/bbb/lib -L/opt/bbb/usr/lib”
export CFLAGS=”-I/opt/bbb/usr/include -I/opt/bbb/usr/include/arm-linux-gnueabihf”
export PKG_CONFIG_PATH=/opt/bbb/usr/lib/pkgconfig
(the exported variables shown above are used for all compilations below!)
cd wpa_supplicant_hostapd-0.8_rtw_r7475.20130812/hostapd
make; make install DESTDIR=/opt/bbb

Compile dnsmasq-2.73 (dnsmasq):
export CC  as shown for hostapd and edit the Makefile to set prefix = /usr
edit src/config.h: uncomment HAVE_BROKEN_RTC and comment out HAVE_TFTP
make; make install DESTDIR=/opt/bbb

To install the access point on the beaglebone, download and extract ap.tar.zip (reference):
wget https://blog.spblinux.de/wp-content/uploads/2015/07/ap.tar.zip
unzip ap.tar.zip
tar -C / -xf ap.tar
and edit the wlan0 entry of /etc/network/interfaces:
iface wlan0 inet static
address 10.0.0.1
netmask 255.0.0.0
(or copy interfaces.ap to interfaces if file interfaces has not yet been edited)
Change of settings might require a reboot. The wlan driver kernel module 8192cu.ko is automatically loaded at boot time.

Editor nano (nano.tar.zip):
First compile libncurses-5.9 with
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –with-shared –enable-widec –enable-pc-files –with-ticlib
make; make install DESTDIR=/opt/bbb
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –with-shared –disable-widec –enable-pc-files –with-ticlib
make; make installDESTDIR=/opt/bbb
Then compile nano-2.4.2 with
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –enable-utf8
make; make install DESTDIR=/opt/bbb
Install on beaglebone by:
wget https://blog.spblinux.de/wp-content/uploads/2015/07/nano.tar.zip
unzip nano.tar.zip
tar -C / -xf nano.tar

Compile midnight commander (mc.tar.zip) approximately following this reference
(use mc -a in case of missing line drawing characters; might disappear by switching from telnet login to ssh login)
libz (zlib-1.2.8)
CHOST=arm-linux-gnueabihf ./configure –prefix=/usr
make; make install DESTDIR=/opt/bbb
libiconv (libiconv-1.14)
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc
make; make install DESTDIR=/opt/bbb
libgettext (gettext-0.19.4)
#bug: make fails if libiconv.la and libiconv.so* from /opt/bbb/usr/lib
# are not symlinked to /usr/lib (at least on a system without installed libiconv)
OLDPWD=$PWD
cd /usr/lib
ln -s /opt/bbb/usr/lib/libiconv.la
ln -s /opt/bbb/usr/lib/libiconv.so
cd $OLDPWD
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –enable-shared –disable-csharp –disable-java –disable-openmp –disable-c++ –disable-native-java –with-libiconv-prefix=/opt/
make; make install DESTDIR=/opt/bbb
[ -L /usr/lib/libiconv.la ] && rm /usr/lib/libiconv.la
[ -L /usr/lib/libiconv.so ] && rm /usr/lib/libiconv.so
libffi (libffi-3.2)
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc
make; make install DESTDIR=/opt/bbb
glib (glib-2.45.3)
echo “glib_cv_stack_grows=no” >config.cache
echo “glib_cv_uscore=no” >>config.cache
echo “ac_cv_func_posix_getpwuid_r=yes” >>config.cache
echo “ac_cv_func_posix_getgrgid_r=yes” >>config.cache
LIBFFI_CFLAGS=”-I/opt/bbb/usr/lib/libffi-3.2.1/include” LIBFFI_LIBS=”-L/opt/bbb/usr/lib -lffi” ./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc -C –with-libiconv=gnu
make; make install DESTDIR=/opt/bbb
slang (slang-2.1.4)
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc
make: make install DESTDIR=/opt/bbb
midnight commander (mc-4.8.14)
GLIB_CFLAGS=”-I/opt/bbb/usr/lib/glib-2.0/include -I/opt/bbb/usr/include/glib-2.0″ GLIB_LIBS=”-L/opt/bbb/usr/lib -lglib-2.0″  ./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc  –with-slang-includes=/opt/bbb/usr/include –with-slang-libs=/opt/bbb/usr/lib –with-libiconv-prefix=/opt/bbb/usr –with-libintl-prefix=/opt/bbb/usr
make; make install DESTDIR=/opt/bbb
[ -L /usr/lib/libiconv.la ] && rm /usr/lib/libiconv.la
[ -L /usr/lib/libiconv.so ] && rm /usr/lib/libiconv.so
On the beaglebon fetch mc.tar.zip with wget and extract it:
wget https://blog.spblinux.de/wp-content/uploads/2015/07/mc.tar.zip
unzip mc.tar.zip
tar -C / -xf mc.tar

ssh server dropbear (dropbear-2015.67)
./configure –host=arm-linux-gnueabihf –prefix=/usr –sysconfdir=/etc –with-zlib=/opt/bbb/usr/lib
make; make install DESTDIR=/opt/bbb
make scp; cp scp /opt/bbb/usr/bin
On the beaglebone (dropbear.tar.zip), first set a password for root user,
then fetch dropbear.tar.zip with wget and extract it:
passwd
wget https://blog.spblinux.de/wp-content/uploads/2015/07/dropbear.tar.zip
unzip dropbear.tar.zip
tar -C / -xf dropbear.tar
reboot
Now scp can be used to transfer files.
(The first login by ssh will take about a minute because dropbear creates a key in /etc/dropbear)

Hardware settings (pinmux), defined by device tree file am335x-boneblack.dtb in folder /boot:
Use dtc in /usr/src/linux-3.12.10-ti2013.12.01/scripts/dtc to convert the binary dtc file to am335x-boneblack.dts
dtc -I dtb -O dts am335x-boneblack.dtb  -o am335x-boneblack.dts
Here is an online Device-Tree Overlay Generator which helps to understand pinmux settings.
(The beaglebone black reference manual documents the expansion header pin names:
Expansion Header P8 Pinout, Expansion Header P9 Pinout, tables 12, 13 on pages 84, 86)

The current pinmux setting can be fetched from debugfs with
cat /sys/kernel/debug/pinctrl/44e10800.pinmux/pins |sed “s,(44e108, ,” |sed “s,(44e109,1,” |sed “s,.0) 000000,: ,”
Firmware evb1_06x runs with these settings: pins.txt (more info; compact list of bbb expansion header pinout)
(The sed commands replace the memory offset 44e10pqr by relative offset used by dts file entries
pinctrl-single,pins = <0xpqr 0x10>;)

  • motors A, B, C, D use ehrpwm2B, ehrpwm2A, ehrpwm1B, ehrpwm1A
  • sensors A, B, C, D use uart4, uart2, uart1, uart5
  • lcd uses spi1

Receive your own ads-b signals and display them on a map like flightradar24.com does.

Required hardware: tv-usb-receiver with rtl2832u chipset (like this offer with rafael r820t2 tuner); router tplink tl-mr3020; small portable charging device. – In this blog entry you find a photography of a similar setup.

Software: openwrt (14.07 barrier braker)  with libsdr and dump1090 (both available as openwrt packages).

Installation:

  • Install openwrt on tl-mr3020 as decribed by openwrt wiki here.
  • Connect with telnet to 192.168.1.1 and set a root password with passwd.
  • Change network settings to enable (preferably wired) internet access; (login as root with ssh and/or use the web interface); you might want to disable the dhcp server on interface “LAN”. – Configuration files are in /etc/config/.
    (In case you get locked out: power off; power on again; while led blinks quickly move the switch on the router; blinking gets faster and you are in safe mode with telnet login and default ip 192.168.1.1; run mount_root and repair settings with command uci)
  • Install packages (as described here and here): opkg update; opkg install librtlsdr; opkg install dump1090
    The router has only 4MB onboard flash storage; 640k is configured as writable overlay; librtlsdr (+dependencies) and dump1090 increased used overlay space from 216k to 364k.
  • run dump1090 without arguments to check if the tv-stick gets recognized

Configuration as wireless access point serving data only from 10.0.0.1 (no internet access using this accesspoint):

  • Enable wifi in web interface (open accesspoint without password in my case)
  • define a new “interface “WIFI” inside the web interface. Use the physical settings tab of interface “WIFI” and of interface “LAN” to ensure that only eth0 is bound to “LAN” and only wireless is bound to “WIFI”
  • use setting network / firewall, create a new zone wifi with input: accept, output: accept, forward; reject (no masquerading, no clamping); add interface “WIFI” to this zone; do not allow interzone forwarding:
    Clients of the access point are not allowed to get  internet access and they cannot access the lan zone.
  • Enable the dhcp server on interface “WIFI”, use advanced dhcp server settings to send empty dhcp options 3 and 6 by writing 3 instead of 3,1.2.3.4 into the first dhcp-options field and 6 into the second option-field. This tells the client that this access point does not offer a default gateway or a dns server: that is, no internet access through this access point (reference).
  • Connect your mobile phone to the access point using dhcp and enable internet access by mobile data.
    The mobile browser should have access to 10.0.0.1 (openwrt config page) and to any internet page.

Display ads-b messages of airplanes in reach of your antenna:

  • simple terminal view: connect by ssh to the router and run
    dump1090 –interactive
  • browser view:
    first connect with ssh and run
    dump1090 –net –quiet &
    then open http://10.0.0.1:8080 with your browser
    and use ssh to stop dump1090 with command killall dump1090
  • the cpu load on the router seen by command top is about 60%. So cpu power seems to be sufficient.

Refinement: move openwrt web interface to port 8088 and run dump1090 on port 80:

  • ssh into the router and run
    sed “s,:80′,:8088′,g” /etc/config/uhttpd
    if the output is correct run sed with option -i (=edit in place)
    sed -i “s,:80′,:8088′,g” /etc/config/uhttpd
  • to create a shell script called dump which starts dump1090 with options run (inside /root directory)
    echo “#!/bin/sh” >dump
    echo “#” >dump
    echo “dump1090 –net –quiet –net-http-port 80 &” >dump
    chmod +x dump
  • now dump1090 can be started after ssh login as root by running
    ./dump
    and the webpage produced by tcpdump1090 is available at http://10.0.0.1

Some screenshots of output of dump1090 can be found on this page (written in german).

Using the buttons of the router:

The current states of all buttons can be shown with
cat /sys/kernel/debug/gpio
3 way switch positions:

  • cat /sys/kernel/debug/gpio |grep gpio-18 |sed ‘s,^.*in *,,’
    lo = middle, hi = left or right
  • cat /sys/kernel/debug/gpio |grep gpio-20 |sed ‘s,^.*in *,,’
    lo = left, hi = right or middle

and to monitor the button change events the directory /etc/hotplug.d/button has to be created. Then any script inside this directory gets sourced by the script /sbin/hotplug-call. The environment variables $BUTTON, $ACTION and $SEEN are set

  • $ACTION: pressed, released
  • $BUTTON:
    wps: push button with led,
    BTN_0: switch: released = middle position, pressed = left or right
    BTN_1: switch: released =left, pushed = middle or right
    fast switching from left to right: no event for BTN_0 (remains pressed)
  • $SLEEP: seconds since last action for this button

Example script to monitor button events:

  • mkdir /etc/hotplug.d/button
  • echo ‘echo button $BUTTON with action $ACTION and seen $SEEN>>/tmp/buttons.log’ >buttonlog.sh
  • tail -f /tmp/buttons.log

Scripts to toggle wifi with wps button and to start and stop programs (reference)

  • /etc/hotplug.d/button/00-button.sh
  • /usr/sbin/BTN_0_pressed and /usr/sbin/BTN_1_pressed
  • /usr/sbin/handler_wifi_toggle.sh
  • /usr/sbin/handler_dump1090.sh
  • /usr/sbin/handler_rtl_tcp.sh
  • /usr/sbin/handler_stop.sh
  • all scripts have to be made executable with chmod +x
    and the suffix .txt should be removed
  • to attach the handler scripts to hardware buttons wps/left/middle/right
    (left: triggered by quickly moving the mode switch from right to left
    right: triggered by quickly moving the mode switch from left to right
    middle: triggered by moving the mode switch to the middle)
    uci add system button
    uci set system.@button[-1].button=wps
    uci set system.@button[-1].action=released
    uci set system.@button[-1].handler=handler_wifi_toggle.sh
    uci set system.@button[-1].min=1
    uci set system.@button[-1].max=3
    uci commit system

Additions:

  • Install rtl-sdr package from this source: download to your computer, then copy it per scp to the router. Install it with opkg install rtl-……_ar71xx.ipk
    • look at the bottom of this page to stream the signal of the tv-receiver with rtl_tcp
    • rtl_tcp -a 192.168.4.1 -n 8 -b 8
  • as receiver osmocom fft analyzer can be used (osx install requires macports: port install gr-osmosdr +full; port install gr-fosphor; port install Gqrx)
    osmocom_fft -W -s 2000000 -f 144000000 -a ‘rtl_tcp=192.168.4.1:1234’
    optionally with -W or -S or -F
    (sample rate 2 MHz gives 30% cpu load on the router)
    Tested with wired connection.
  • fm radio receiver gqrx runs with
    Device settings:
    device: rtl_sdr spectrum server
    device string (as displayed by rtl_test): rtl_tcp=192.168.4.1:1234
    sample rate: 1500000 (automatically set by gqrc)
    bandwidth: 0 MHz
    LNB LO: 0 MHz
    (Reboot router if transmission does not work properly)
    Receiver options: WFM (stereo)
    Input controls LNA gain: sensitivity of tuner
    Audio: Gain 0 dB
    Wired connection
  • fm radio receiver sdr# on windows 8.1:
    wireless connection
    sample rate 1.024 MSPS
    start rtl_tcp to listen on wireless interface
    rtl_tcp -a 10.0.0.1 -n 8 -b 8

Features of Mediawiki extended with free version of BlueSpice:

code sourcery is now part of of mentor.com:

– command line binary arm toolchain is somehow hidden in favour of the (non free) codebench product of mentor.com

. os x binary toolchain based on code sourcery sources offered by http://www.carlson-minot.com/

– on their download page they offer a build script which reference the code sourcery source archives
arm-2014.05-28-arm-none-eabi.src.tar.bz2
arm-2014.05-28-arm-none-eabi-i686-pc-linux-gnu.tar.bz2

– using google reveals download links for these source archives at http://sourcery.mentor.com/public/gnu_toolchain/
http://sourcery.mentor.com/public/gnu_toolchain/arm-none-linux-gnueabi/
http://sourcery.mentor.com/public/gnu_toolchain/arm-none-eabi/

 

Rooting: there are some fine guides like this. The first step, unlock bootloader, resets the phone to factory: backup data first. (To see developer options on the phone: settings / about / tap 7 times on the last line / build number). In developer options: activate oem-unlock to unlock the boot loader and later usb debug mode to allow adb shell access.

  • fastboot and adb shell (reference): windows installer (=minimal fastboot and adb; tested: flashing with fastboot needs cmd window with admin rights); linux: apt-get install fastboot; osx: google mfastboot-v2 download.
  • twrp for moto e 2nd 4g: reference; download (version 2015-03-08)
  • supersu 2.46 (2015-03-29) from chainfire.eu: download
  • search for moto e 2nd logo.bin to hide the unlocked bootloader warning (fastboot flash logo logo.bin)

USB OTG: moto e 2nd 4G (xt1524) does support usb on the go (check settings / storage with attached usb storage device)

Tools (from google playstore):

  • Android Terminal Emulator (even tapping works with mc, if enabled in settings, using terminal type xterm). On first start run
    su -c ” supolicy –live ‘allow untrusted_app untrusted_app_devpts chr_file setattr’ “
  • sshelper ssh daemon (comes with busybox)
  • Midnight Commander Installer (installation requires busybox in /system/xbin/)
    Use terminal emulator to copy busybox to system app directory /system/xbin/:
    su; mount -o remount,rw /system
    cd /data/data/com.arachnoid.sshelper/bin; cp -a * /system/xbin/
    Then edit shell script /system/xbin/mc (e.g. with mc editor)
    export TERM=xterm
    /system/xbin/mc.real $@
  • juicessh ssh client
    currently needs a policy modification
    su -c ” supolicy –live ‘allow untrusted_app untrusted_app_devpts chr_file setattr’ ”
    (or permissive selinux mode) to access /dev/pts. Run in terminal emulator:
    su; setenforce 0 (and reenable with setenforce 1; getenforce shows status)
    or  with ssh:
    su -c sh -i; setenforce 1
    then logout and login again
  • Root Explorer: file manager

Screencast:

  • YouMap: duplicates screen to rplay software on raspberry pi
  • with raspberry pi configured as wlan access point and connected to the internet by ethernet both screencast and internet access use the same wlan connection
  • transmission is very stable and efficient in terms of battery life. But the first connection might have to be tried multiple times: turn on server, connect to rplay device (stop server, disconnect device, repeat from beginning). – Much better than google chromecast app and stick (phone not in list of supported devices, 2015-03).

Compiler

  • C4droid with gcc and sdl plugin
  • recommended to use bluetooth keyboard
  • working directory is:
    /data/data/com.n0n3m4.droidc/files/
    and uses temp.c and temp as compiled binary
  • storage directory is
    /storage/emulated/legacy/
  • in depth tutorial for qt app
  • selinux support:
    copy libselinux.so from /system/lib/ to
    /data/data/com.n0n3m4.droidc/files/gcc/arm-linux-androideabi/lib/
  • download selinux header files from android.googlesource.com: platform/external/libselinux: include (e.g. android-5.1.0_r3)
  • create directory selinux inside
    /data/data/com.n0n3m4.droidc/files/gcc/arm-linux-androideabi/include
  • copy the header files into this directory
  • In C4droid settings / G++ arguments add after -lz: -lselinux; stored in
    /data/data/com.n0n3m4.droidc/shared_prefs/com.n0n3m4.droidc_preferences.xml
  • test selinux with (idea from serverfault.com)
    #include <stdio.h>
    #include <stdlib.h>
    #include <selinux/selinux.h>
    int main() {
    security_context_t con;
    if (getcon(&con) < 0) {
    perror(“Cannot getcon”);
    return 1;
    }
    printf(“%s\n”, con);
    freecon(con);
    return 0;
    }
  • this program should compile and run with output:
    u:r:untrusted_app:s0
  • if and only if enforcing mode of selinux is active
    su -cn u:r:system_app:s0 test
    allows to run the program test in a different security context (su is part of supersu)

Android build environment:

 

 

Mallory is a comfortable python based man in the middle tool. Using a patched version (mallory.diff) version with PyOpenSSL sockets adds SNI support.

Importing the ca certificate (mallory/src/ca/ca.cer) into a mobile device, allows to see all ssl encrypted traffic of the mobile device. (Import: either upload ca.cer to a webserver or send it as an email attachment; clicking on ca.cer installs the ca certificate.)

Installation on a raspberry pi with raspbian and configured access point:

apt-get install mercurial
apt-get install python2.7-dev python-setuptools
apt-get install python-pyasn1 python-netfilter libnetfilter-conntrack-dev
easy_install pynetfilter_conntrack
# ??? apt-get install libnetfilter-conntrack3-dbg

hg clone http://bitbucket.org/IntrepidusGroup/mallory
ln -s /usr/lib/arm-linux-gnueabihf/libnetfilter_conntrack.so /usr/lib/libnetfilter_conntrack.so.1

apt-get install python-pip python-m2crypto python-qt4 pyro-gui
apt-get install libffi-dev
pip install pyopenssl
apt-get install python-twisted-web python-qt4-sql libqt4-sql-sqlite sqlite3
pip install netlib
apt-get install python-imaging
apt-get install python-paramiko

Apply patch (which uses some code of this fork, especially the global config class commit, restoring of iptables when closing mallory gui. additionally it transfers code of mitmproxy into mallory to get SNI support)

Instructions to get started with mallory can be found here and here. – Acquiring of dhcp leases on client side currently only works when mallory gui is closed.

The rules and the streams tab in mallory gui might be unreliable. But mallory writes all packets into a sqlite3 database, which can be browsed on the advanced tab (db view, create sql, then execute).  – You could use sqlitebrowser as gui to view the data (apt-get install sqlitebrowser).

ipt.sh mallory2.diff mallory2cap.py.diffOn the bottom of this article you find a script which converts the mallory sqlite db into a pcap file which can be read by wireshark. (here with some error handling added: patch)

This patch adds a plugin to mallory to download the ca certificate at http://ip_of_mallory_host:8080. (Furthermore this patch fixes some issues in http.py)

The script ipt.sh allows to start and stop port redirection for mallory. This script and mallory (cd mallory/src; python mallory.py) have to be run as root. The mallory gui (cd mallory/src; python launch_gui.py) runs as normal user, if port redirection is done by ipt.sh.