Category Archives: UNIX

NetBSD on Airport Express

Just stumbled on this article https://jcs.org/2018/06/12/airport_ssh and I just had to try it out on my Airport Express, even though the method was for the Extreme.
It worked like a charm, as easy as:

python -m acp -t 192.168.234.189 -p xxx --setprop dbug 0x3000
python -m acp -t 192.168.234.189 -p xxx --reboot

Dmesg:


ry = 49844 KB
mainbus0 (root)
cpu0 at mainbus0: Marvell 88F6183 rev 2 (ARMv5TE core) [88F6183 Rev 3]
cpu0: WB enabled EABT
cpu0: 32KB/32B 1-way Instruction cache
cpu0: 32KB/32B 4-way write-back Data cache
cpu0: This kernel does not fully support this CPU.
cpu0: Recompile with "options CPU_ARMV5TE" to correct this.
mbus0 at mainbus0 base 0xf1020000 irq 0: AHB to MBUS Bridge
mvaud0 at mbus0audio0 at mvaud0: full duplex, mmap, independent
mv_audiodec_init: bypassed
mvdevb0 at mbus0 target 1, irq 15: Device Bus
com0 at mvdevb0 offset 0x2000, irq 3: ns16550a, working fifo
com0: console
com1 at mvdevb0 offset 0x2100, irq 4: ns16550a, working fifo
mvtwsi0 at mvdevb0 offset 0x1000, irq 5: Two Wire Serial Interface
mvtwsi0: I2C clocked at 94.696 Khz
iic0 at mvtwsi0: I2C bus
stdflash_orion_match: flash width 4213/0
stdflash0 at mvdevb0 DevCS1: Onboard SPIBootFlash
this is a spansion part...we should check the spansion specific subid (6 entries)
FLASH look for .... 0) 1/2018/20/2018
FLASH look for .... 1) 1/2018/c2/2017
FLASH look for .... 2) 1/2018/c2/2018
FLASH look for .... 3) 1/2018/c2/2013
FLASH look for .... 4) 1/2018/ef/4018
FLASH look for .... 5) 1/2018/1/2018
FLASH SUPPORTED.... 1/2018/5/0
flash0 at stdflash0 00000000-00700000, untranslated, read/write
flash1 at stdflash0 00700000-00e00000, untranslated, read/write
flash2 at stdflash0 00e00000-00f40000, translated, read/write
flash3 at stdflash0 00f40000-00f80000, untranslated, read/write
flash4 at stdflash0 00f80000-01000000, untranslated, read/write
applgpio0 at mvdevb0 offset 0x0000GPIO_interrupt_pin_ex: flipping pin 17.
GPIO_interrupt_pin_ex: flipping pin 3.
(board-revision=-1)
mvgec0 at mbus0 target 7, irq 22: Gigabit Ethernet Global Controller
gec0 at mvgec0 unit 0, irq 18: Gigabit Ethernet Controller, Unit 0
gec0: MAC address: 00:16:cb:00:51:81
makphy0 at gec0 phy 8: Marvell 88E3016 Gigabit PHY, rev. 0
makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
mvusb0 at mbus0 target 5, irq 16: ARC USB-HS Host/Device Controller
mvusb0: Core revision 4.0
ehci0 at mvusb0 irq 17, host mode: USB Host Controller
ehci0: EHCI version 1.0
usb0 at ehci0: USB revision 2.0, available bus power 500 mA
uhub0 at usb0
uhub0: ARC USB-HS Core EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
ehci0: self-powered device addr 1 (config 1) power 0 mA. Available power 500 mA (root)
uhub0: 1 port with 1 removable, self powered
mvpcie0 at mbus0 target 4, irq 10: PCI Express Controller
mvpcie_attach() - bus_num = 0, if_num = 0.
PEX0 interface detected Link X1
mvpcie0: INTn interrupting on irq 11
pci0 at mvpcie0 bus 0
pci0: i/o space, memory space enabled
mv0 at pci0 dev 1 function 0
mv0: interrupting at INTA
mv0: load firmware image (96740 bytes)
wlan: mac acl policy registered
mv0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
mv0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
mv0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
mv0: 11na MCS: 15Mbps 30Mbps 45Mbps 60Mbps 90Mbps 120Mbps 135Mbps 150Mbps 30Mbps 60Mbps 90Mbps 120Mbps 180Mbps 240Mbps 270Mbps 300Mbps
mv0: 11ng MCS: 15Mbps 30Mbps 45Mbps 60Mbps 90Mbps 120Mbps 135Mbps 150Mbps 30Mbps 60Mbps 90Mbps 120Mbps 180Mbps 240Mbps 270Mbps 300Mbps
mv0: versions [driver 0.8.7.0 hw 5 fw 3.7.2.2] (regioncode 16)
mv0: multi-bss support
mvidma0 at mbus0 target 6, irq 24: IDMA Controller
mvidma0: DMA Assist enabled for copyin/copyout and copy/zero page on channel 3
mvaud1 at mbus0 target 5audio1 at mvaud1: full duplex, mmap, independent
mv_audiodec_init: bypassed
clock: hz=100 stathz=0 profhz=0
md0: internal 10240 KB image area
IPsec: Initialized Security Association Processing.
boot device:
root on md0a dumps on md0b
root file system type: ffs
WARNING: no TOD clock present
WARNING: using filesystem time
WARNING: CHECK AND RESET THE DATE!

Filesystem:

Filesystem Size Used Avail Capacity Mounted on
/dev/md0a 9.7M 7.7M 2.0M 79% /
/dev/flash2a 1.1M 41K 1.0M 3% /mnt/Flash
mfs:141 15M 512B 14M 0% /mnt/Memory

Running processes (with airtunes enabled):

PID TTY STAT TIME COMMAND
0 ? DKs 0:00.01 [swapper]
1 ? Is 0:00.02 init
2 ? DK 0:05.30 [stdflash0]
3 ? DK 0:00.00 [usb0]
4 ? DK 0:00.00 [usbtask-hc]
5 ? DK 0:00.00 [usbtask-dr]
6 ? DK 0:00.01 [pagedaemon]
7 ? DK 0:00.04 [ioflush]
8 ? DK 0:00.01 [aiodoned]
9 ? DK 0:00.01 [sfdaemon]
18 ? DK 0:00.02 [physiod]
96 ? Ia 0:00.03 /sbin/sntpd -client=time.apple.com
97 ? I 0:00.35 /sbin/wpa_supplicant -K -M -F /var/log/hostap_wlan1.log -D net80211 -i wlan1 -c /etc/hostap_wlan1.conf
99 ? I 0:00.01 /sbin/iCloudd
141 ? Ss 0:00.03 mount_mfs -s 32768 swap /mnt/Memory
164 ? Ia 0:00.02 /sbin/airtunesd -i bridge0
175 ? Is 0:00.00 /usr/sbin/inetd -l
183 ? Is 0:00.01 /usr/sbin/cron
245 ? Sa 0:01.54 /sbin/mDNSResponder -d
253 ? I 0:00.74 /usr/sbin/sshd -D -e
271 ? Ss 0:00.87 sshd: root@ttyp0
415 ? I 0:00.03 /sbin/link_local bridge0
467 ? I 0:00.04 /sbin/dhclient -q -d
505 ? I 0:00.06 /sbin/snmpd -f -DALL -c /etc/snmpd.conf -p /var/run/snmpd.pid
539 ? Ia 0:00.22 /sbin/printd -i -d local.
604 ttyp0 R+ 0:00.00 ps -ax
627 ttyp0 Ss 0:00.05 -sh
94 tty00- S 0:00.06 svscan /var/sv
107 tty00- Ia 0:08.53 /sbin/ACPd -nofork
108 tty00- I 0:00.02 supervise dnscache
110 tty00- I 0:00.01 supervise walldns
112 tty00- I 0:00.01 supervise log
113 tty00- I 0:00.01 supervise log
116 tty00- I 0:00.01 cat -
118 tty00- I 0:00.02 cat -
184 tty00 Is+ 0:00.04 -sh
186 tty01 Is+ 0:00.05 -sh

It runs SNMP daemon:

snmpwalk -c public 192.168.234.189| head

SNMPv2-MIB::sysDescr.0 = STRING: Apple AirPort - Apple Inc., 2006-2012. All rights Reserved.
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.255
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2064754916) 238 days, 23:25:49.16
SNMPv2-MIB::sysContact.0 = STRING: default_user@contact.domain
SNMPv2-MIB::sysName.0 = STRING: airport-express
SNMPv2-MIB::sysLocation.0 = STRING: defaultlocation
SNMPv2-MIB::sysServices.0 = INTEGER: 12
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.2 = OID: TCP-MIB::tcpMIB

It seems to have racoon installed, pppoe.
PF is enabled by default:

airport-express# pfctl -s all
FILTER RULES:
block drop all
pass on lo0 all flags S/SA keep state
pass out proto tcp from any to any port = domain flags S/SA keep state
pass out proto udp from any to any port = domain keep state
pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
pass out inet6 proto ipv6-icmp all icmp6-type routersol keep state
pass in inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
pass in inet6 proto ipv6-icmp all icmp6-type routeradv keep state
pass out inet proto icmp all icmp-type echoreq keep state
No queue in use

Interesting huh?

IPsec (OSX to Linux) with Certificates

Got around to setting up IPSec between my OSX and Linux server, it worked just fine with PSK (pre-shared key), but failed when using certificates, the error on the server side was:

generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]

I enabled debugging of racoon on OSX (add the 2 lines to file /etc/racoon/racoon.conf)

log debug;
path logfile "/var/log/racoon.log”;

and got:

Jul  3 10:33:48  racoon[19904] : created CERT payload
Jul  3 10:33:48  racoon[19904] : use ID type of DER_ASN1_DN09000000 3032310b 30090603 55040613 02504c31 0d300b06 0355040a 13044b75
62613114 30120603 55040313 0b4b7562 61206950 686f6e65
Jul  3 10:33:48  racoon[19904] : hmac(hmac_sha2_256)
Jul  3 10:33:48  racoon[19904] : error -25308 errSecInteractionNotAllowed.
Jul  3 10:33:48  racoon[19904] : failed to sign.
Jul  3 10:33:48  racoon[19904] : failed to get sign
Jul  3 10:33:48  racoon[19904] : failed to allocate send buffer
Jul  3 10:33:48  racoon[19904] : IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).
Jul  3 10:33:48  racoon[19904] : sending vpn_control ike failed message - code=65535  from=local.
Jul  3 10:33:48  racoon[19904] : failed to process packet.
Jul  3 10:33:48  racoon[19904] : Phase 1 negotiation failed.

The error seemed to indicate issues signing the message, so I started poking around, and realised that racoon may simply have no permissions to my private key, the fix was easy:

in Keychain Access, find the private key portion of your certificate, double click on the private key and in the “Access Control” tab, add a new application to the permission list, you may need to press Command+Shift+G to open “go to location”, enter “/usr/sbin” and then find a “racoon” binary.

Save and you should be good to go.

DIY 13W3 to VGA(D-SUB) adapter

While waiting for my Octane2 to arrive, I started preparations and made myself a 13W3 to DSUB Adapter.

There are plenty of adapters on the market, but most of them are either:

  • wrong way (to use 13W3 monitor with VGA Video card)
  • SUN-specific (some of them work with older SGI machines, but due to wrong routing of a couple signals, those do not work with newer machines like Octane)
  • There are (but difficult to find) SGI-specific adapters with only A1,A2,A3 signals routed.

So, what to do – there are usually few options:

  • Buy SUN adapter, and modify it to work (this usually involves dissecting the molded plug and rerouting some cables inside).
  • Buy a 13W3 -> BNC adapter, along with BNC -> VGA (that’s the best solution if you have monitor with BNC).
  • Make your own :)

Being a DIY guy, I decided to sacrifice some cheap old VGA cable I found in the box, bought a couple of 13W3 plugs with mini-BNC’s and started soldering. I was actually surprised I could buy 13W3 plugs, sockets and those mini-BNC’s with no problem at all (I did have to ask the clerk for more because the boxes in the store were empty – they had a bunch in stock – if I recall, 100 JPY for each mini-BNC + 300 JPY for the plug).


The operation is fairly simple:


  1. Strip off the D-SUB cable on one end – if it’s molded be careful not to cut yourself – there will probably be metal shielding which really likes to cut your fingertips :P (which hurts A LOT).
  2. Find out which cables are for R,G,B and their shielding – even my cheap cable had them clearly separated each with it’s own shielding (if yours doesn’t – throw it away and buy another one – you won’t get good picture without each color properly shielded), Red had pink color, Blue was Blue, and Green was white – so finding out what is what wasn’t hard either.
  3. Put BNC protective caps first and strip off the shielding from each of those 3 cables. My cable had foil with outer plastic wrapping on each.
  4. Make sure you have the caps – otherwise you will end up desoldering and probably melting the cable.
  5. Do you really have the caps on ?
  6. Solder the signal cables into 13W3 mini-BNC’s, then wrap the shielding around nicely and solder into each BNC outer casing,
  7. You may need to file the shielding solder nice and round so that cap has snug fit – if you do it well, it will fit all the way with a little click at the end.

I didn’t buy the plastic enclosure yet, looking at dimensions of my plug, any DB25 sized should work.

My small advice – DO NOT insert mini-BNC’s into the plug (I was tempted and this made it a bit harder, also you can’t remove it once it’s in place), solder them while loose.

Use third hand – if you do put mini-BNC’s into the plug – they rotate which just makes it harder.

At every step, make sure you didn’t melt signal’s isolation and there is no short between any of the pins.

Once you’re done, verify the cable:

  • A1 (RED) signal should lead to pin 1 (top left) on the DSUB.
  • A1 (RED) shielding should lead to pin 6 (middle row left) on the DSUB.
  • A2 (GREEN) signal should lead to pin 2 (top 2nd from the left) on the DSUB.
  • A2 (GREEN) shielding should lead to pin 7 (middle row 2nd from the left) on the DSUB.
  • A3 (BLUE) signal should lead to pin 3 (top 3rd from the left) on the DSUB.
  • A3 (BLUE) shielding should lead to pin 8 (middle row 3rd from the left) on the DSUB.


That’s all – 3 shielded cables should to the trick.

In addition, I would also recommend soldering cable’s outer shielding into the metal casing of the plug. (If you don’t – it will probably work, but you will end up with some interference.)

If you fancy (or if you monitor doesn’t support Sync-On-Green), you may need to solder Sync signals into respective ports (I didn’t need to, and this has not been confirmed to work):

Pin 3 – C. Sync / Gnd goes to pin 10 on DSUB

Pin 4 – H. Sync goes to pin 13 on DSUB

Pin 5 – V. Sync goes to pin 14 on DSUB


Some pictures below:

13W3 plugs:

Male plug: this is what goes on your cable.

Note order of BNC: from the left (Blue)A3, (Green)A2, (Red)A1

plug_13w3_numbers2.JPG

Female socket – this is what your SGI Workstation already has.

Note order of BNC: from the left (Red)A1, Green(A2), Blue(A3)

socket_13w3_numbers.JPG


Mini-BNC: this is what goes into your plug assembly – you can see the inner soldering point. Please also note the latch – once you insert into the assembly it’s permanent.

plug_bnc_back.JPG

And the front

plug_bnc_front.JPG

This is how the protective cap looks like – put it on the signal cable BEFORE soldering, and then after filing the outer solder a bit – push to fit – it should click, there’s no need to solder the cap together with the BNC.

socket_bnc_back_cover.JPG

The below is the MALE part – this is what your Workstation already has.

socket_bnc_front.JPG


And this is how it looks when finished (here with protective cap off)


bnc_cap_closeup.JPG

Here ready to be closed and used.

done_soldering_bnc_with_caps.JPG

Flashing and hacking the android phone for Japanese Softbank network.

polish english 

So, i went to Google Developer Day 2009 last tuesday and got free HTC Magic GDD2009 phone – limited edition.
It’s very cool toy, has everything i need, but as usual here, MMS/Mail does not work when using normal cellphone SIM card.

The Story:

Here, in Japan, people use E-mails to communicate (more popular than SMS), but these are not ‘real’ emails – these are MMS’s converted to emails on the fly by provider.
So, by sending email to addres xx@softbank.ne.jp, their server will find who is recipient and convert it to MMS, sending to this person.
Vice-versa, by sending email from phone, it actually is MMS that you send, and provider will convert it to e-mail outside the network.

The way MMS receiving works: special SMS comes to the phone, it contains first 1024 bytes of message and some data instructing it to download the rest – this remaining part is being downloaded via standard HTTP protocol, but this is when problem starts – Softbank blocks HTTP User-Agent of unknown phones (not being sold by them).

Another (and the most annoying) problem i encountered, is the android device itself, the edition i have, does not support sending MMS at all.

Solutions:

Step 1:

Make backup of your current device (you can skip it if you’re too lazy or confident ;-) ):

Please follow these instructions: http://android-dls.com/wiki/index.php?title=Magic_Rooting

(You can download fastboot from HTC page given in step 2).

You just need to download Magic modified recovery image,

http://www.droiddeveloper.com/hrbuilds/recovery-new.img.zip

unzip it, copy to device and boot your device using it:

adb push recovery-new.img /sdcard/recovery-new.img
adb shell sync

Then, once you have the file on SD card, reboot your android, and while it starts keep “BACK” and “POWER” pressed – android will enter fastboot mode, then type:

fastboot boot recovery-new.img

Your android will run this recovery image which allows you few things, like update from sdcard, make backup etc.

Choose the option to backup nandroid.
It will place backup of your current device onto the SD card – might be worth keeping :-).

YOU DO NOT need to ‘root the magic’ or do any other steps from this instructions – these steps are for other purposes, not applicable here.

Step 2:

Making android support MMS (if your provider does not block user agent this is the only and final step):

This will flash your device to the same version as Google IO event, you get few features like Voice synthesis (voice search and voice dial), Amazon MP3 access – these are not present in Japanese version.
But, the drawback is – You will not have Japanese language support anymore.

First, make sure you really need to enable MMS, go to Messaging application, start typing, and press menu, if you DO NOT have options lile ‘add subject’, ‘attach’ – then you DO need it.

Flash it using these instructions from HTC website: http://www.htc.com/www/support/android/google-io-device.html

You DO NOT need worry that instructions is for Google IO edition and not GDDC09 – these phones are in fact different but there are ways around it.

I recommend using fastboot method (its not at all hard),

You will need to downlaod fastboot binary (available at HTC), and 2 of these images: Radio Image and System Image.

Follow instructions for Radio Image installation, most likely your device will boot after it completes but you will get permanent android starting logo,
please have your USB cable connected and adb showing logging – you will see that it tries to boot all over again – THIS IS OK – no need to panic.

Place radio image onto your card by typing:

adb push <radio-image-package>.zip /sdcard/update.zip
adb shell sync

Boot into recovery mode by holding HOME while it reboots, Then choose ALT+s on the screen, next HOME+BACK, device should reboot, it might not start at this point by just showing you android logo – this is ok, no need to panic…

Once you have radio package downloaded and flashed , time to flash it with system image – this is little tricky:

Push the image onto SD card:
adb push <system-image-package>.zip /sdcard/update.zip
adb shell sync
Boot into Fastboot (BACK+POWER while you start it) – MAKE NOTE OF ‘hboot’ version – you will need it very shortly.

You can safely try to flash system image, but it will fail due to incompatible HBOOT version (they require 1.33.3004, and you have probably 1.33.3005).
No need to worry here, we can make it happen :-).

So, what you need to do, is to UNPACK your system image to a folder, edit the file android-info.txt, change the require version-bootloader to your hboot version (1.33.3005 most likely), save it, and compress all the files in this directory into new zip file (all of them need to be in the ‘root’ of zipfile).

So, now you have compatible system image that will work well on your device, try flashing it now, DO NOT FORGET to select options to clean userdata and cache – this is required, without it, your device will boot only to android logo and keep hanging there.

Step 3:

Modifying User-Agent string in the MMS client (this *MAY* be enough to complete only this step and it might as well make your device support MMS’s – i have done all steps though):
(GGDC09 version has MMS disabled, and i am not sure whether just changing MMS app is enough to enable this).

Geeky version:

Download android source, follow instructions to compile it, apply this patch:

--- packages/apps/Mms/src/com/android/mms/transaction/HttpUtils.java  2009-06-12 23:56:28.000000000 +0900
+++ packages/apps/Mms/src/com/android/mms/transaction/HttpUtils.java  2009-06-12 23:47:20.000000000 +0900
@@ -220,7 +220,7 @@
 
     private static AndroidHttpClient createHttpClient() {
         AndroidHttpClient client
-                = AndroidHttpClient.newInstance("Android-Mms/0.1");
+                = AndroidHttpClient.newInstance("SoftBank/1.0/705NK/NKJ002/SN001 Android-Mms/0.1 Profile/MIDP-2.0 Configuration/CLDC-1.1");
         HttpParams params = client.getParams();
         HttpProtocolParams.setContentCharset(params, "UTF-8");
         return client;

(It will only change your User-Agent string reported to MMS gateway, will not touch the one in web browser).

Compile the source again, and install new Mms app using adb:

adb install -r ./out/target/product/generic/system/app/Mms.apk

Lazy version:

Download this file, and install using adb:

adb install -r Mms.apk

Do not forget to configure your APN (you will find instructions and passwords on the internet), remember NOT TO set apn type to “mms” – didn’t work for me this way.

All the files you need, are also mirrored Here:http://kubatyszko.com/filez/

Useful links:

Rooting HTC Magic – creating backup

HTC Google IO device support page

Android source

Further work: change more of android source, to have nice settings under MMS app, to edit UserAgent :-D.

Enjoy :-)

——-

UPDATE!!!

Thanks to Roberto Jung Drebes , now i know that there’s no need to flash GGDC09 with anything to get MMS working, all it takes is to use my MMS.app (or compile your own) – just the way i suspected.

Also, he found that setting apn type as ‘mms’ – doesn’t work unless you already have other apn with type ‘default’ – this way it works very well. Good way to ensure you don’t end up with huge phone bill due to data transfer…