NetBSD on Airport Express

Just stumbled on this article https://jcs.org/2018/06/12/airport_ssh and I just had to try it out on my Airport Express, even though the method was for the Extreme.
It worked like a charm, as easy as:

python -m acp -t 192.168.234.189 -p xxx --setprop dbug 0x3000
python -m acp -t 192.168.234.189 -p xxx --reboot

Dmesg:


ry = 49844 KB
mainbus0 (root)
cpu0 at mainbus0: Marvell 88F6183 rev 2 (ARMv5TE core) [88F6183 Rev 3]
cpu0: WB enabled EABT
cpu0: 32KB/32B 1-way Instruction cache
cpu0: 32KB/32B 4-way write-back Data cache
cpu0: This kernel does not fully support this CPU.
cpu0: Recompile with "options CPU_ARMV5TE" to correct this.
mbus0 at mainbus0 base 0xf1020000 irq 0: AHB to MBUS Bridge
mvaud0 at mbus0audio0 at mvaud0: full duplex, mmap, independent
mv_audiodec_init: bypassed
mvdevb0 at mbus0 target 1, irq 15: Device Bus
com0 at mvdevb0 offset 0x2000, irq 3: ns16550a, working fifo
com0: console
com1 at mvdevb0 offset 0x2100, irq 4: ns16550a, working fifo
mvtwsi0 at mvdevb0 offset 0x1000, irq 5: Two Wire Serial Interface
mvtwsi0: I2C clocked at 94.696 Khz
iic0 at mvtwsi0: I2C bus
stdflash_orion_match: flash width 4213/0
stdflash0 at mvdevb0 DevCS1: Onboard SPIBootFlash
this is a spansion part...we should check the spansion specific subid (6 entries)
FLASH look for .... 0) 1/2018/20/2018
FLASH look for .... 1) 1/2018/c2/2017
FLASH look for .... 2) 1/2018/c2/2018
FLASH look for .... 3) 1/2018/c2/2013
FLASH look for .... 4) 1/2018/ef/4018
FLASH look for .... 5) 1/2018/1/2018
FLASH SUPPORTED.... 1/2018/5/0
flash0 at stdflash0 00000000-00700000, untranslated, read/write
flash1 at stdflash0 00700000-00e00000, untranslated, read/write
flash2 at stdflash0 00e00000-00f40000, translated, read/write
flash3 at stdflash0 00f40000-00f80000, untranslated, read/write
flash4 at stdflash0 00f80000-01000000, untranslated, read/write
applgpio0 at mvdevb0 offset 0x0000GPIO_interrupt_pin_ex: flipping pin 17.
GPIO_interrupt_pin_ex: flipping pin 3.
(board-revision=-1)
mvgec0 at mbus0 target 7, irq 22: Gigabit Ethernet Global Controller
gec0 at mvgec0 unit 0, irq 18: Gigabit Ethernet Controller, Unit 0
gec0: MAC address: 00:16:cb:00:51:81
makphy0 at gec0 phy 8: Marvell 88E3016 Gigabit PHY, rev. 0
makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
mvusb0 at mbus0 target 5, irq 16: ARC USB-HS Host/Device Controller
mvusb0: Core revision 4.0
ehci0 at mvusb0 irq 17, host mode: USB Host Controller
ehci0: EHCI version 1.0
usb0 at ehci0: USB revision 2.0, available bus power 500 mA
uhub0 at usb0
uhub0: ARC USB-HS Core EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
ehci0: self-powered device addr 1 (config 1) power 0 mA. Available power 500 mA (root)
uhub0: 1 port with 1 removable, self powered
mvpcie0 at mbus0 target 4, irq 10: PCI Express Controller
mvpcie_attach() - bus_num = 0, if_num = 0.
PEX0 interface detected Link X1
mvpcie0: INTn interrupting on irq 11
pci0 at mvpcie0 bus 0
pci0: i/o space, memory space enabled
mv0 at pci0 dev 1 function 0
mv0: interrupting at INTA
mv0: load firmware image (96740 bytes)
wlan: mac acl policy registered
mv0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
mv0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps
mv0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps
mv0: 11na MCS: 15Mbps 30Mbps 45Mbps 60Mbps 90Mbps 120Mbps 135Mbps 150Mbps 30Mbps 60Mbps 90Mbps 120Mbps 180Mbps 240Mbps 270Mbps 300Mbps
mv0: 11ng MCS: 15Mbps 30Mbps 45Mbps 60Mbps 90Mbps 120Mbps 135Mbps 150Mbps 30Mbps 60Mbps 90Mbps 120Mbps 180Mbps 240Mbps 270Mbps 300Mbps
mv0: versions [driver 0.8.7.0 hw 5 fw 3.7.2.2] (regioncode 16)
mv0: multi-bss support
mvidma0 at mbus0 target 6, irq 24: IDMA Controller
mvidma0: DMA Assist enabled for copyin/copyout and copy/zero page on channel 3
mvaud1 at mbus0 target 5audio1 at mvaud1: full duplex, mmap, independent
mv_audiodec_init: bypassed
clock: hz=100 stathz=0 profhz=0
md0: internal 10240 KB image area
IPsec: Initialized Security Association Processing.
boot device:
root on md0a dumps on md0b
root file system type: ffs
WARNING: no TOD clock present
WARNING: using filesystem time
WARNING: CHECK AND RESET THE DATE!

Filesystem:

Filesystem Size Used Avail Capacity Mounted on
/dev/md0a 9.7M 7.7M 2.0M 79% /
/dev/flash2a 1.1M 41K 1.0M 3% /mnt/Flash
mfs:141 15M 512B 14M 0% /mnt/Memory

Running processes (with airtunes enabled):

PID TTY STAT TIME COMMAND
0 ? DKs 0:00.01 [swapper]
1 ? Is 0:00.02 init
2 ? DK 0:05.30 [stdflash0]
3 ? DK 0:00.00 [usb0]
4 ? DK 0:00.00 [usbtask-hc]
5 ? DK 0:00.00 [usbtask-dr]
6 ? DK 0:00.01 [pagedaemon]
7 ? DK 0:00.04 [ioflush]
8 ? DK 0:00.01 [aiodoned]
9 ? DK 0:00.01 [sfdaemon]
18 ? DK 0:00.02 [physiod]
96 ? Ia 0:00.03 /sbin/sntpd -client=time.apple.com
97 ? I 0:00.35 /sbin/wpa_supplicant -K -M -F /var/log/hostap_wlan1.log -D net80211 -i wlan1 -c /etc/hostap_wlan1.conf
99 ? I 0:00.01 /sbin/iCloudd
141 ? Ss 0:00.03 mount_mfs -s 32768 swap /mnt/Memory
164 ? Ia 0:00.02 /sbin/airtunesd -i bridge0
175 ? Is 0:00.00 /usr/sbin/inetd -l
183 ? Is 0:00.01 /usr/sbin/cron
245 ? Sa 0:01.54 /sbin/mDNSResponder -d
253 ? I 0:00.74 /usr/sbin/sshd -D -e
271 ? Ss 0:00.87 sshd: root@ttyp0
415 ? I 0:00.03 /sbin/link_local bridge0
467 ? I 0:00.04 /sbin/dhclient -q -d
505 ? I 0:00.06 /sbin/snmpd -f -DALL -c /etc/snmpd.conf -p /var/run/snmpd.pid
539 ? Ia 0:00.22 /sbin/printd -i -d local.
604 ttyp0 R+ 0:00.00 ps -ax
627 ttyp0 Ss 0:00.05 -sh
94 tty00- S 0:00.06 svscan /var/sv
107 tty00- Ia 0:08.53 /sbin/ACPd -nofork
108 tty00- I 0:00.02 supervise dnscache
110 tty00- I 0:00.01 supervise walldns
112 tty00- I 0:00.01 supervise log
113 tty00- I 0:00.01 supervise log
116 tty00- I 0:00.01 cat -
118 tty00- I 0:00.02 cat -
184 tty00 Is+ 0:00.04 -sh
186 tty01 Is+ 0:00.05 -sh

It runs SNMP daemon:

snmpwalk -c public 192.168.234.189| head

SNMPv2-MIB::sysDescr.0 = STRING: Apple AirPort - Apple Inc., 2006-2012. All rights Reserved.
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.255
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2064754916) 238 days, 23:25:49.16
SNMPv2-MIB::sysContact.0 = STRING: default_user@contact.domain
SNMPv2-MIB::sysName.0 = STRING: airport-express
SNMPv2-MIB::sysLocation.0 = STRING: defaultlocation
SNMPv2-MIB::sysServices.0 = INTEGER: 12
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (3) 0:00:00.03
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-MIB::snmpMIB
SNMPv2-MIB::sysORID.2 = OID: TCP-MIB::tcpMIB

It seems to have racoon installed, pppoe.
PF is enabled by default:

airport-express# pfctl -s all
FILTER RULES:
block drop all
pass on lo0 all flags S/SA keep state
pass out proto tcp from any to any port = domain flags S/SA keep state
pass out proto udp from any to any port = domain keep state
pass out inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
pass out inet6 proto ipv6-icmp all icmp6-type routersol keep state
pass in inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
pass in inet6 proto ipv6-icmp all icmp6-type routeradv keep state
pass out inet proto icmp all icmp-type echoreq keep state
No queue in use

Interesting huh?

IPsec (OSX to Linux) with Certificates

Got around to setting up IPSec between my OSX and Linux server, it worked just fine with PSK (pre-shared key), but failed when using certificates, the error on the server side was:

generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]

I enabled debugging of racoon on OSX (add the 2 lines to file /etc/racoon/racoon.conf)

log debug;
path logfile "/var/log/racoon.log”;

and got:

Jul  3 10:33:48  racoon[19904] : created CERT payload
Jul  3 10:33:48  racoon[19904] : use ID type of DER_ASN1_DN09000000 3032310b 30090603 55040613 02504c31 0d300b06 0355040a 13044b75
62613114 30120603 55040313 0b4b7562 61206950 686f6e65
Jul  3 10:33:48  racoon[19904] : hmac(hmac_sha2_256)
Jul  3 10:33:48  racoon[19904] : error -25308 errSecInteractionNotAllowed.
Jul  3 10:33:48  racoon[19904] : failed to sign.
Jul  3 10:33:48  racoon[19904] : failed to get sign
Jul  3 10:33:48  racoon[19904] : failed to allocate send buffer
Jul  3 10:33:48  racoon[19904] : IKE Packet: transmit failed. (Initiator, Main-Mode Message 5).
Jul  3 10:33:48  racoon[19904] : sending vpn_control ike failed message - code=65535  from=local.
Jul  3 10:33:48  racoon[19904] : failed to process packet.
Jul  3 10:33:48  racoon[19904] : Phase 1 negotiation failed.

The error seemed to indicate issues signing the message, so I started poking around, and realised that racoon may simply have no permissions to my private key, the fix was easy:

in Keychain Access, find the private key portion of your certificate, double click on the private key and in the “Access Control” tab, add a new application to the permission list, you may need to press Command+Shift+G to open “go to location”, enter “/usr/sbin” and then find a “racoon” binary.

Save and you should be good to go.

Schrödinger’s cat – that is – How we got out of our apartment lease – at no cost.

…And we moved… Kind of…

After nearly 10 years in Japan, we decided it was time for a new challenge and moved to Los Angeles, where I already had my new job lined up.

The plan was pretty simple – arrive on July 20th, over the next 3-4 weeks settle down, buy a car, rent an apartment and get ready for my first day at work coming on August 15th.

After intensive apartment search we found one that was:

  • In a good school district (critical, even though LA has one big districts, schools give priority to kids from the nearby “attendance zone”)
  • Affordable (I would rather say expensive by Japanese standards for what is was, but here it was a *steal*)
  • Big enough
  • Walkable to nearby shops (can’t get used to driving 20 minutes or more for groceries)

We signed our lease on Friday the 29th and thought that was all… not…

The management gave us an EPA brochure educating about lead poisoning, risk and prevention (which is mandatory for buildings built before 1978), and also handed us a paper declaring that they do not know whether there is any lead risk in the building – “there may or may not be any”.

We did sign the lease thinking it can’t be bad, and then later inspected the unit again for cleanliness and other issues.

We had several that we requested be solved – mold spots on the shower silicone seals, cracked tiles, etc – nothing major but we expect the unit to be clean for move-in.

Then we spent a long time reading about lead and associated risks, and found that there were some areas in the apartment that could be problematic – paint rubbing on door hinges, cracked paint below the sink, chipped on the balcony railing etc.

We contacted the management asking to have the unit tested for lead in the paint.

They came back on Monday – said they won’t do that, and because they won’t be able to fulfil our demanding needs, they offered to void our lease and give us the deposit and rent back. (we haven’t moved into the unit yet)

Don’t get me wrong – our intention wasn’t to cancel the lease, we just wanted to ensure the unit was safe for us, we really did want to keep our lease and move in.

I’ve been thinking about management’s attitude, and interestingly it reminds me of Schrödinger’s cat experiment…

They DON’T WANT TO KNOW whether there is any lead in the building – if there was, by law they would have to disclose it to all the tenants and remedy the problems using very expensive lead certified contractors, and from that time onward any repairs would have to be conducted in lead-safe way.

Unless the building is tested for lead, it’s assumed to be safe, but once lead is proven to exist – that puts the owner into very expensive spiral, crazy huh?

California really needs a law reform, many other states enforce the landlord to ensure the unit is lead-safe when children below age of 6 live there.

In CA, the ONLY way to force the landlord to test the unit and resolve problems is to WAIT UNTIL SOMEONE GETS LEAD POISONING, get tested and use that as a proof… We were not willing to that…

Minimig – Amiga clone, hand soldered

I decided to build a Minimig – a clone of Amiga, it can act as Amiga 500, 500+ or 600, with up to 4MB total RAM.

The interesting thing is that it uses an actual 68000 CPU – clocked at 7 or 50MHz in Turbo mode.

Other proprietary Commodore chips are implemented in FPGA.

I also built an ARM controller board – which replaces the small PIC micro, serves as SD card interface and feeds the FPGA with initial bitstream.

I’ve also included 3 hardware mod’s – additional 2MB RAM (sitting on top of original chips), SD high speed interface and lastly – joint stereo/separate stereo switch.

This was my first time soldering such a fine pitch (and expensive) chip – wasn’t all that hard.

pins.JPG

FullSizeRender.jpg

arm.JPG

running.JPG

wb.JPG