sysadmin on irq5 test

sysadmin on irq5 testhttps://irq5-7854a1fdb9f4.pages.dev/tag/sysadmin/Recent content in sysadmin on irq5 testen-usTue, 04 Jan 2022 23:52:00 +0000Setting Up a Zigbee Sensor Networkhttps://irq5-7854a1fdb9f4.pages.dev/2022/01/setting-up-a-zigbee-sensor-network/Tue, 04 Jan 2022 23:52:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2022/01/setting-up-a-zigbee-sensor-network/<p>The advantage of Zigbee devices is that they are very low power, and they communicate in a wireless mesh network. The sensors are small and can work off a CR2032 coin cell for at least 2 years, maybe more. Depending on the type of sensor, they cost around US$10 and are readily available from various manufacturers, such as Xiaomi, Aqara (pictured below) or IKEA under their TRÅDFRI range of products.</p><p>You typically pair these sensors with a <em>Zigbee gateway</em>, which speaks the IEEE 802.15.4 protocol and relays the information (e.g. sensor readings) to either your mobile app or stores it in the cloud (or the gateway itself). But as you can imagine, a Raspberry Pi with the right adapter can do this job and offer more flexibility.</p><p><picture><source srcset=/posts/2022/img/zigbee-apu4-0888.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2022/img/zigbee-apu4-0888.jpg alt width=1280 height=853></picture></p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2022/01/setting-up-a-zigbee-sensor-network/#more">Continue reading…</a></p>Custom Firmware for the Xiaomi AX3600 Wireless Routerhttps://irq5-7854a1fdb9f4.pages.dev/2020/08/custom-firmware-for-the-xiaomi-ax3600-wireless-router/Mon, 10 Aug 2020 23:53:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2020/08/custom-firmware-for-the-xiaomi-ax3600-wireless-router/<p>As I have <a href=https://irq5-7854a1fdb9f4.pages.dev/2020/07/xiaomi-aiot-wireless-router-ax3600-review/ rel=noopener>mentioned in the review</a>, the stock firmware on the <strong>Xiaomi AX3600 wireless router</strong> is extremely limiting. On top of that, the firmware is also locked to install only authorized updates from the manufacturer. If you have been following the blog, you will know that I like <a href=https://irq5-7854a1fdb9f4.pages.dev/tag/asuswrt/ rel=noopener>the flexibility that ASUSWRT provides</a> for customizing my router.</p><p>While there is currently an on-going effort to try and port vanilla OpenWRT for this router, I suspect that might take some time. In this post, I describe how to workaround the lousy firmware and configure the router with the advanced features I need.</p><h1 id=router-disassembly>Router Disassembly</h1><p>It is recommended to have UART access handy, in case something bad happens and you need to recover your router, or if you want access to U-Boot, the bootloader. This would require you to crack open your router, so you might only want to do this if necessary. <strong>Feel free to skip this section if you are not interested in the hardware, or don’t need low-level access.</strong></p><p><picture><source srcset=/posts/2020/img/50192590117_c462cfd63a_7171.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2020/img/50192590117_c462cfd63a_7171.jpg alt="router top view, with cover opened" width=1023 height=682></picture></p><p>You need to unscrew 5 screws, 4 of which are hidden under the rubber feet, and one under the center sticker label. In the disassembled top view photo here, you can see the screw holes at the corners, as well as a missing chunk in the center of the heatsink for the mating screw post, directly aligned with the AIoT antenna and indicator LEDs.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2020/08/custom-firmware-for-the-xiaomi-ax3600-wireless-router/#more">Continue reading…</a></p>Xiaomi AIoT Wireless Router AX3600 Reviewhttps://irq5-7854a1fdb9f4.pages.dev/2020/07/xiaomi-aiot-wireless-router-ax3600-review/Mon, 13 Jul 2020 00:00:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2020/07/xiaomi-aiot-wireless-router-ax3600-review/<p>I recently bought the <strong>Xiaomi AIoT AX3600 wireless router</strong> to experience WiFi 6 (or 802.11ax). This WiFi 6 router has been touted as having very good hardware specs for under US$100. After checking out a few reviews, it looked like you could achieve close to Gigabit speeds over a wireless link, which was pretty exciting. It reminded me of the time I upgraded my home network to Gigabit and could finally copy large files over the network quickly. I decided to get my hands on one and evaluate it with some speed tests around the house.</p><p><picture><source srcset=/posts/2020/img/ax3600-router.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2020/img/ax3600-router.jpg alt="the Xiaomi AX3600 wireless router" width=1280 height=853></picture></p><p>I don’t have any compatible WiFi 6 devices yet, so I ordered an Intel AX200NGW wireless card to replace the one in my laptop. These cards typically go for US$15 on AliExpress or eBay.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2020/07/xiaomi-aiot-wireless-router-ax3600-review/#more">Continue reading…</a></p>Detailed Wireless Client Stats with collectdhttps://irq5-7854a1fdb9f4.pages.dev/2019/08/detailed-wireless-client-stats-with-collectd/Thu, 01 Aug 2019 11:59:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2019/08/detailed-wireless-client-stats-with-collectd/<p>collectd has always been able to grab interface traffic statistics from Linux. But what if we want to collect data about individual WiFi clients that connect to it? How much bandwidth is each of the clients using?</p><p>That information is already being recorded by the wireless driver; all we need to do is to query it. Turns out you can do that with the <code>wl</code> utility. This is Broadcom’s proprietary tool to control and query the wireless interfaces.</p><p>To do this, first use <code>wl</code> to get associated stations:</p><pre><code>wl -i eth2 assoclist </code></pre><p>Given a particular MAC address that is associated to the AP, query its info using <code>sta_info</code>:</p><div class=highlight role=region aria-label="code block" translate=no><pre tabindex=0 class=chroma><code class=language-fallback data-lang=fallback><span class=line><span class=cl># wl -i eth2 sta_info d4:a3:00:aa:bb:cc </span></span><span class=line><span class=cl>STA d4:a3:00:aa:bb:cc: </span></span><span class=line><span class=cl> aid:2 </span></span><span class=line><span class=cl> rateset [ 6 9 12 18 24 36 48 54 ] </span></span><span class=line><span class=cl> idle 0 seconds </span></span><span class=line><span class=cl> in network 16 seconds </span></span><span class=line><span class=cl> state: AUTHENTICATED ASSOCIATED AUTHORIZED </span></span><span class=line><span class=cl> flags 0x11e03b: BRCM WME N_CAP VHT_CAP AMPDU AMSDU </span></span><span class=line><span class=cl> HT caps 0x6f: LDPC 40MHz SGI20 SGI40 </span></span><span class=line><span class=cl> VHT caps 0x43: LDPC SGI80 SU-BFE </span></span><span class=line><span class=cl> tx data pkts: 663916 </span></span><span class=line><span class=cl> tx data bytes: 68730715 </span></span><span class=line><span class=cl> tx ucast pkts: 155 </span></span><span class=line><span class=cl> tx ucast bytes: 42699 </span></span><span class=line><span class=cl> tx mcast/bcast pkts: 663761 </span></span><span class=line><span class=cl> tx mcast/bcast bytes: 68688016 </span></span><span class=line><span class=cl> tx failures: 0 </span></span><span class=line><span class=cl> rx data pkts: 234 </span></span><span class=line><span class=cl> rx data bytes: 73557 </span></span><span class=line><span class=cl> rx ucast pkts: 192 </span></span><span class=line><span class=cl> rx ucast bytes: 62971 </span></span><span class=line><span class=cl> rx mcast/bcast pkts: 42 </span></span><span class=line><span class=cl> rx mcast/bcast bytes: 10586 </span></span><span class=line><span class=cl> rate of last tx pkt: 866667 kbps </span></span><span class=line><span class=cl> rate of last rx pkt: 780000 kbps </span></span><span class=line><span class=cl> rx decrypt succeeds: 195 </span></span><span class=line><span class=cl> rx decrypt failures: 1 </span></span><span class=line><span class=cl> tx data pkts retried: 19 </span></span><span class=line><span class=cl> tx data pkts retry exhausted: 0 </span></span><span class=line><span class=cl> per antenna rssi of last rx data frame: -61 -56 -59 0 </span></span><span class=line><span class=cl> per antenna average rssi of rx data frames: -61 -56 -57 0 </span></span><span class=line><span class=cl> per antenna noise floor: -104 -98 -98 0</span></span></code></pre></div><p>The “easy way” is probably to write a shell script, invoked via the <a href=https://collectd.org/wiki/index.php/Plugin:Exec rel=noopener target=_blank class=external>Exec plugin</a> that calls <code>wl</code> multiple times (once per interface, and once for each WiFi client) and uses <code>grep</code> or <code>awk</code> to get the information we need. This won’t be performant, of course.</p><p><code>wl</code> itself does have quite a fair bit of overhead. It does some verification of the provided interface name. It checks for the Broadcom driver magic to ensure that the interface is a Broadcom device. It then needs to convert the MAC address from the argument string to binary, and vice-versa. Sure, that’s not really much “these days”, but we can definitely do better.</p><p>Instead, let’s short-circuit the process and write a plugin that directly collects the data, without going through <code>wl</code>. This way, we avoid creating several new processes for every query.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2019/08/detailed-wireless-client-stats-with-collectd/#more">Continue reading…</a></p>ONV PD3401G PoE Splitter Teardown & Reviewhttps://irq5-7854a1fdb9f4.pages.dev/2019/04/onv-pd3401g-poe-splitter-teardown-review/Tue, 02 Apr 2019 11:59:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2019/04/onv-pd3401g-poe-splitter-teardown-review/<p>Continuing my <a href=https://irq5-7854a1fdb9f4.pages.dev/tag/poe rel=noopener>PoE series</a>, I bought the <strong>ONV PD3401G</strong>, an active PoE splitter that is capable of extracting up to 60W (24V @ 2.5A) from the PSE. It is housed in a small aluminum extruded case that can be DIN rail mounted. This splitter is comparatively low-cost, about US$35, and more importantly, is capable of passing through Gigabit.</p><p>ONV seems to be quite a reputable company, so I believe their products shouldn’t be too badly designed. This unit can also be easily purchased on Aliexpress without having to go through some obscure distributor.</p><p><picture><source srcset=/posts/2019/img/47507377741_54f9e66587_2813.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2019/img/47507377741_54f9e66587_2813.jpg alt="ONV PoE splitter, side view" width=1280 height=853></picture></p><p><picture><source srcset=/posts/2019/img/33630711828_27cb5770a8_2819.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2019/img/33630711828_27cb5770a8_2819.jpg alt="ONV PoE splitter, front view" width=1280 height=853></picture></p><p>Internally it uses the <a href=https://www.analog.com/en/products/lt4275.html rel=noopener target=_blank class=external>LT4275A</a> (marking <code>LTGBT</code>) for PD interfacing. The <code>A</code> variant of this chip supports up to 90W of power. On the power supply side, it uses a <a href="https://www.onsemi.com/PowerSolutions/product.do?id=NCP1034" rel=noopener target=_blank class=external>NCP1034</a> synchronous buck converter. The NCP1034 is capable of handling up to 100V, which is more than sufficient for PoE.</p><p>Looking inside, the in/out Ethernet ports are connected via a transformer, in order extract power from the center taps of each pair. We can see that the PCB traces for the input port pairs are thicker to carry the higher currents. Large beefy diodes form rectifier bridges for the data pairs.</p><p><picture><source srcset=/posts/2019/img/46783600124_a981bb08b6_2807.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2019/img/46783600124_a981bb08b6_2807.jpg loading=lazy alt="PCB, top side" width=1280 height=853></picture></p><p>Surrounding the input port on the underside, there are a lot of unpopulated components; those were supposed to offer input protection, probably using some TVS of some kind. these are marked <code>RD1</code> ~ <code>RD8</code>, one for each Ethernet wire.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2019/04/onv-pd3401g-poe-splitter-teardown-review/#more">Continue reading…</a></p>Extending ASUSWRT Functionality, Part 2https://irq5-7854a1fdb9f4.pages.dev/2018/12/extending-asuswrt-functionality-part-2/Fri, 28 Dec 2018 00:11:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2018/12/extending-asuswrt-functionality-part-2/<p>Following up from <a href=https://irq5-7854a1fdb9f4.pages.dev/2012/12/hacking-functionality-into-asuswrt-routers/ rel=noopener>my earlier post</a>, Asus has released faster and beefier routers. But perhaps the more important change here is that they have moved from MIPS in the RT-N56U to ARM in newer routers. I have also upgraded to the <strong>RT-AC68U</strong> for better reception and hopefully to fix the poor battery life experienced by my Android tablet.</p><p><picture><source srcset=/posts/2018/img/asus-routers.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2018/img/asus-routers.jpg alt="the Asus N56U and AC68U routers, side by side" width=1023 height=682></picture></p><p>After upgrading, I noticed that the method I described back then no longer works. Someone also noticed this, as they <a href=http://koolshare.cn/thread-105955-1-1.html rel=noopener target=_blank class=external>translated key portions of my post</a> into Chinese, while pointing out some of the steps that didn’t work.</p><p>In this post, I’ll summarize the key changes required to get it working again.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2018/12/extending-asuswrt-functionality-part-2/#more">Continue reading…</a></p>PoE: Quick Guide & Cheap Hardwarehttps://irq5-7854a1fdb9f4.pages.dev/2018/06/poe-quick-guide-cheap-hardware/Wed, 06 Jun 2018 12:45:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2018/06/poe-quick-guide-cheap-hardware/<p>I have been looking around for Power over Ethernet (PoE) devices to supply power to some networking hardware that will be located in a remote location, without a convenient power outlet. These networking hardware do not have built-in PoE support, so I have to find both an <em>injector</em> and a <em>splitter</em> device.</p><p>PoE is typically found on enterprise networking equipment, which usually means a higher price tag. Not wanting to spend a ton on PoE hardware, I did some research to understand what was required to make it work.</p><p>Hopefully this will help you understand PoE, how it works, and what to look out for when shopping for PoE hardware that are suitable for your needs.</p><h1 id=poe-quick-guide>PoE Quick Guide</h1><h2 id=active-vs-passive>Active vs Passive</h2><p>Passive adapters are very simple, and you will see them mostly as an RJ45 socket with pigtails for power and Ethernet. These adapters do not contain or require any circuitry, which also explains why they are the more inexpensive option between the two.</p><p><picture><img src=https://c2.staticflickr.com/2/1756/41507595985_0a4a94cca6_o.jpg alt="Photo of a passive PoE injector & splitter pair, sold on Adafruit"></picture></p><p><strong>Active PoE</strong> (the <em>real</em> Power over Ethernet) on the other hand requires some negotiation between the two devices, called the PSE (power sourcing equipment) and the PD (powered device).</p><p>There are several PoE standards. 802.3af, 802.3at and the newer 802.3bt. The difference is mainly in the maximum power is made available to PDs:</p><ul><li>802.3af - 15.4W</li><li>802.3at - 30W</li><li>802.3bt - 60W to 100W</li></ul><p>802.3bt was just ratified in the last year (2017). In the time span before the 802.3bt standards was ratified (~8 years!), some companies like Linear Technolgy & Cisco Systems took it upon themselves to find other means of carrying up to 60W. The result was <a href=http://www.analog.com/media/en/technical-documentation/technical-articles/ltc_nov11_psde.pdf rel=noopener target=_blank class=external><em>LTPoE++</em></a> and <a href=https://www.cisco.com/go/upoe rel=noopener target=_blank class=external><em>UPOE</em></a>, an evolution of the existing 802.3af/at standards, but may not be compatible with the final standard arrived at by committee.</p><h2 id=mode-a-or-b>Mode A or B</h2><p>The Cat5 cable has 8 wires, forming 4 twisted pairs. For 10/100Mbps, only 2 pairs are used: pair 1/2 for Tx and pair 3/6 for Rx.</p><p>The modes refer to how power is delivered to the device:</p><ul><li>Mode A: pairs 1/2, 3/6</li><li>Mode B: pairs 4/5, 7/8</li></ul><p><picture><source srcset=/posts/2018/img/poe-modeAB.png.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2018/img/poe-modeAB.png alt="PoE mode A & B wiring diagram" width=1305 height=494></picture></p><p>Mode A uses the data pairs for power. This mode is well suited for very old cabling which didn’t connect all 4 pairs end-to-end. You might see some manufacturers calling this mode <em>End-span</em> wiring. To carry power over the same data cables, <em>phantom power delivery</em> is used (more on this later).</p><p>Mode B uses the unused (or spare) pairs for power. You might see this being referred to as <em>Mid-span</em>. This type of wiring is easier because it knows the pair is not carrying any data and thus can be wired directly.</p><p>Unlike mode A, mode B in this form cannot be used to carry power for Gigabit networks, because a Gigabit connection will require all 4 pairs for data transmission. Power must therefore be delivered via centre-tapped transformers, or what is known as <em>phantom power</em>. How this works is explained in a 1944 US Army <a href="https://www.youtube.com/watch?v=H4NDVkjT9mg" rel=noopener target=_blank class=external>video on telephone electronics</a>.</p><h2 id=power-capacity>Power Capacity</h2><p>The committee decided that two pairs of Cat5 wire should only carry up to 30W of power; which two pairs will depend on whether mode A or B wiring is used.</p><p>For higher power capacity like 802.3bt (PoE++) or the non-standards-based <em>UPOE</em> and <em>LTPoE++</em>, the other 2 pairs will be paralleled up, making use of all 4 pairs to carry higher currents.</p><p><picture><source srcset=/posts/2018/img/poe-4wire.png.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2018/img/poe-4wire.png loading=lazy alt="PoE wiring diagram for 4-pair based PoE" width=638 height=488 class=half></picture></p><p>For Gigabit Ethernet (1000Mbps), because all 4 pairs are used to carry data, power (regardless of which pairs used) must be delivered via phantom power delivery.</p><h2 id=why-use-active-poe>Why use Active PoE?</h2><p>In short, because it is safer.</p><p>It was designed with the consideration that not all network equipment can accept power, whether via the data pairs or spare pairs.</p><p>During the detection phase, the PSE will apply 2.7V to 10V to check for a known resistance. This voltage is low enogh and also for a brief period such that it wouldn’t matter if the device on the other end is shorted. A device that was not designed for PoE would thus never see any higher voltage beyond the detection phase.</p><p><picture><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2018/img/poe-phases.png loading=lazy alt="Graph depicting voltage vs time during various PoE phases" width=902 height=683 class=half></picture></p><p>In contrast, passive PoE makes the full voltage and current available on the data/spare pairs. If the remote end is using a <em>magnetics</em> configuration that shorts out the centre taps, the 30W of power would just melt the port (one would assume).</p><p>Integrated PSE controller chipsets will also contain features like overcurrent protection, thermal cut-offs and surge protection, etc. which all contribute towards keeping your PDs safe from harm.</p><h1 id=finding-low-cost-poe-hardware>Finding Low-Cost PoE Hardware</h1><p>It was quite a daunting task, trawling AliExpress for PoE injectors & splitters. The description or specifications for items are also not accurate; it’s like finding a USB cable listed as capable of carrying 2A when in fact it does not.</p><p>While passive injectors are the cheapest option, most of them are not meant for Gigabit Ethernet. Recall that <em>Mode B</em> wiring is the easiest and most low-cost method for building a passive device, and that is what you will mostly find. This wiring configuration does not pass through all 4 pairs and thus cannot be used for Gigabit.</p><p>Most active PoE splitters output 12V, or 5V via USB. This is largely due to the fact that these devices were meant for IP cameras, which operate at that voltage. If your target device uses a non-standard voltage, you will have difficulty finding a suitable (and yet low-cost) splitter.</p><p>Here’s a list of hardware I’ve found; which one is suitable for you depends on your requirements:</p><ul><li>Do you need 1000Mbps, or just 10/100Mbps would suffice?</li><li>What voltage does your target device require?</li><li>How much power does it require? 13W, 30W?</li></ul><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2018/06/poe-quick-guide-cheap-hardware/#more">Continue reading…</a></p>Crypto-Erasing BitLocker Driveshttps://irq5-7854a1fdb9f4.pages.dev/2018/05/crypto-erasing-bitlocker-drives/Thu, 10 May 2018 12:45:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2018/05/crypto-erasing-bitlocker-drives/<p>These days with larger and larger drive capacities, erasing stored data takes longer and longer. Another problem is also the inability to do so when the time comes, due to bad sectors or hardware failures. Just because the data is not accessible by you does not mean that it is also inaccessible to someone else with the know-how.</p><p><strong><em>Cryptographic erasure</em> to the rescue!</strong></p><p>Crypto erase simply erases the encryption key that is used to encrypt the data on your drive. This is the <a href=https://irq5-7854a1fdb9f4.pages.dev/2014/04/encrypt-all-the-drives/ rel=noopener>primary reason why</a> I encrypt my drives.</p><p>Oddly, I have not found anyone talking about BitLocker crypto erasure or doing it. The closest I have seen is <a href=https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/manage-bde-forcerecovery rel=noopener target=_blank class=external><code>manage-bde -forcerecovery</code></a>, which removes all TPM-related key protectors. This is briefly described in a TechNet article titled <a href=https://technet.microsoft.com/en-us/library/cc512654.aspx rel=noopener target=_blank class=external>BitLocker™ Drive Encryption and Disk Sanitation</a>.</p><p>But what if we are not running Windows? What if the disk is not a Windows boot drive that is protected by a TPM key protector?</p><p>In order to erase the (key) data, we first need to know how the data is stored on disk. For open-source FDE implementations, this is easy because the disk format is well-documented, but BitLocker is not exactly open.</p><h1 id=bitlocker-disk-format>BitLocker Disk Format</h1><p>BitLocker was first introduced in Windows Vista and has gone through changes since then. Some changes were made to the format in Windows 7, but has largely remained unchanged through Windows 8 till 10.</p><p>For LUKS, it is simple - there is a LUKS header at the start of the disk, followed by the encrypted volume data. For BitLocker, it is slightly more involved, probably due to backward-compatible design considerations.</p><p>The header at the start of the partition is a valid boot sector (or boot block), so not all BitLocker information can be stored within. Instead, this volume header points to the FVE metadata block where most of the data is kept. In fact, there are 3 of these for redundancy. This metadata block is what holds all the key material.</p><p>The metadata blocks are spaced (almost) evenly apart, located near the start of the volume.</p><div class=highlight role=region aria-label="code block" translate=no><pre tabindex=0 class=chroma><code class=language-fallback data-lang=fallback><span class=line><span class=cl># blwipe -offset 0x2010000 bitlocker-2gb.vhd </span></span><span class=line><span class=cl>metadata offset 0: 0x02100000 </span></span><span class=line><span class=cl>metadata offset 1: 0x100c8000 </span></span><span class=line><span class=cl>metadata offset 2: 0x1e08f000 </span></span><span class=line><span class=cl>metadata block 0 (size 65536): parsed OK </span></span><span class=line><span class=cl>metadata block 1 (size 65536): parsed OK </span></span><span class=line><span class=cl>metadata block 2 (size 65536): parsed OK</span></span></code></pre></div><p>The first metadata block <em>usually</em> begins at <code>0x02100000</code>. This illustration depicts the locations for a 2 GB volume:</p><p><picture><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2018/img/fve-md-disk-layout.png alt="Diagram of disk layout with FVE metadata blocks marked out" width=1145 height=279></picture></p><p>If there are 3 of these blocks, how do we know know which ones contain valid data?</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2018/05/crypto-erasing-bitlocker-drives/#more">Continue reading…</a></p>Replacing a Linux RAID Drivehttps://irq5-7854a1fdb9f4.pages.dev/2017/07/replacing-a-linux-raid-drive/Tue, 11 Jul 2017 23:59:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2017/07/replacing-a-linux-raid-drive/<p><picture><source srcset=/posts/2017/img/wd-red-drives.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2017/img/wd-red-drives.jpg alt="NAS drives" width=1023 height=682></picture></p><p>I have been running a software RAID array at home for some time now. It’s a single network storage where I consolidate all my files. I manage this array <a href=https://raid.wiki.kernel.org/index.php/RAID_setup rel=noopener target=_blank class=external>manually using the <code>mdadm</code> command</a>. Some people choose to buy a NAS storage box which hides all of the implementation details behind a nice Web GUI, but it’s essentially the same thing under the hood.</p><p>It operates with 4 drives using Linux software <strong>RAID 5</strong>, which means it can tolerate a single drive failure, but failures don’t always take out an entire drive. They usually manifest as bad sectors in a drive. As an illustration, the RAID 5 array below can still operate properly (meaning no data loss, yet) with bad sectors on two of its drives:</p><p><picture><source srcset=/posts/2017/img/raid5.png.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2017/img/raid5.png alt="RAID 5 array with damaged blocks" width=800 height=313></picture></p><p>As long as the other drives in the array doesn’t develop bad sectors in the same <em>stripe</em>, the data can still be reconstructed from the remaining good blocks. This means that you can somewhat leave the drive as it is for a period without replacement, but of course you are taking a risk.</p><p>I thought I’d share my experiences with drive replacements thus far.</p><h1 id=detecting-drive-problems>Detecting Drive Problems</h1><p>Most Linux distributions provide the <code>raid-check</code> script for periodic RAID <em>scrubbing</em>. This is basically a background cron job that tells the kernel to start checking the RAID array. For RHEL/CentOS systems, this should occur every weekend.</p><p>During this scrubbing process, all drives within the array are read and their parity blocks are computed, to ensure that everything tallies.</p><p>It is during this verification process that sometimes causes hard drive errors to show up. Typically when a drive encounters a problem during read, the hardware returns an error, which will then be logged by Linux. They can look like these:</p><div class=highlight role=region aria-label="code block" translate=no><pre tabindex=0 class=chroma><code class=language-fallback data-lang=fallback><span class=line><span class=cl>ata3.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 </span></span><span class=line><span class=cl>ata3.00: irq_stat 0x40000001 </span></span><span class=line><span class=cl>ata3.00: failed command: READ DMA EXT </span></span><span class=line><span class=cl>ata3.00: cmd 25/00:00:d8:10:27/00:02:05:00:00/e0 tag 8 dma 262144 in </span></span><span class=line><span class=cl> res 51/40:1f:b8:12:27/00:00:05:00:00/e0 Emask 0x9 (media error) </span></span><span class=line><span class=cl>ata3.00: status: { DRDY ERR } </span></span><span class=line><span class=cl>ata3.00: error: { UNC } </span></span><span class=line><span class=cl>ata3.00: configured for UDMA/133 </span></span><span class=line><span class=cl>ata3: EH complete </span></span><span class=line><span class=cl> . </span></span><span class=line><span class=cl> . (repeats) </span></span><span class=line><span class=cl> . </span></span><span class=line><span class=cl>sd 2:0:0:0: [sdc] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE </span></span><span class=line><span class=cl>sd 2:0:0:0: [sdc] Sense Key : Medium Error [current] [descriptor] </span></span><span class=line><span class=cl>Descriptor sense data with sense descriptors (in hex): </span></span><span class=line><span class=cl> 72 03 11 04 00 00 00 0c 00 0a 80 00 00 00 00 00 </span></span><span class=line><span class=cl> 05 27 12 b8 </span></span><span class=line><span class=cl>sd 2:0:0:0: [sdc] Add. Sense: Unrecovered read error - auto reallocate failed </span></span><span class=line><span class=cl>sd 2:0:0:0: [sdc] CDB: Read(10): 28 00 05 27 10 d8 00 02 00 00 </span></span><span class=line><span class=cl>end_request: I/O error, dev sdc, sector 86446776</span></span></code></pre></div><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2017/07/replacing-a-linux-raid-drive/#more">Continue reading…</a></p>Netbooting Your Raspberry Pihttps://irq5-7854a1fdb9f4.pages.dev/2016/08/netbooting-your-raspberry-pi/Tue, 09 Aug 2016 00:29:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2016/08/netbooting-your-raspberry-pi/<p>A very long time ago, I set up and played around with <em>diskless machines</em>. These are basically PCs can boot up an operating system fully without hard disks. All the operating system files come from a server on the network. It was amazing (well, to me at least)!</p><p>Back then, Ethernet cards used to have a DIP/PLCC socket, which allowed you to insert an <a href=http://etherboot.org/wiki/romburning rel=noopener target=_blank class=external>EEPROM on which you burn a boot ROM</a>. Fortunately I didn’t have to do any of that because the network cards at that time already came with <a href=https://en.wikipedia.org/wiki/Preboot_Execution_Environment rel=noopener target=_blank class=external>PXE ROMs</a> built-in, just as they do today. To activate this, you just need to select the network card’s option ROM in the boot order, or make it higher up in the boot priority.</p><p><picture><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2016/img/3com-boot-rom-socket.png alt="line drawing of a 3Com network card, with the location of its boot ROM socket pointed to with a label" width=640 height=576 class=half></picture></p><p>As part of the boot process, the network card will request an address from the DHCP server, which also tells the client where it can find the TFTP server with the next boot stage. The ROM will download this file from the TFTP server and start executing it.</p><p>That’s how Linux ultimately gets started from the network.</p><p>An announcement was made recently <a href=https://www.raspberrypi.org/blog/pi-3-booting-part-ii-ethernet-all-the-awesome/ rel=noopener target=_blank class=external>on the Raspberry Pi blog</a> that you can achieve total network boot, just like on the PC, without any SD cards.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2016/08/netbooting-your-raspberry-pi/#more">Continue reading…</a></p>Bruteforcing LUKS Volumes Explainedhttps://irq5-7854a1fdb9f4.pages.dev/2014/11/bruteforcing-luks-volumes-explained/Wed, 19 Nov 2014 02:01:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2014/11/bruteforcing-luks-volumes-explained/<p>Some weeks back, we were forced to reboot one of our server machines because it stopped responding. When the machine came back up, we were greeted with a password prompt to decrypt the partition. No problem, since we always used a password combination (ok, permutation) that consisted of a few words, something along the lines of “john”, “doe”, “1954”, and the server’s serial number. Except that it didn’t work, and we forgot the permutation rules AND whether we used “john” “doe” or “jack” “daniels”.</p><p>All the search results for bruteforcing LUKS are largely the same – “use <code>cryptsetup luksOpen --test-passphrase</code>”. In my case, the physical server is in the server room, and I don’t want to stand in front of the rack trying to figure all this out. My question is, can I do this offline on another machine? None of those blog entries were helpful in this regard.</p><h2 id=the-luks-header>The LUKS Header</h2><p>To answer this question, I took a look at the LUKS header. This header is what provides multiple “key slots”, allowing you to specify up to 8 passwords or key files that can decrypt the volume. <a href=https://gitlab.com/cryptsetup/cryptsetup rel=noopener target=_blank class=external>cryptsetup</a> is the standard userspace tool (and library) to manipulate and mount LUKS volumes. Since LUKS was designed based on TKS1, the <a href=https://gitlab.com/cryptsetup/cryptsetup/-/wikis/TKS1 rel=noopener target=_blank class=external>TKS1 document</a> referenced by the cryptsetup project was very helpful. After consulting the documentation & code, I came up with the following diagram that describes the LUKS key verification process:</p><p><picture><source srcset=/posts/2014/img/luks-encryption-flowchart.png.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2014/img/luks-encryption-flowchart.png alt="LUKS encryption flowchart" width=1200 height=396></picture></p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2014/11/bruteforcing-luks-volumes-explained/#more">Continue reading…</a></p>Creating Minimal Throw-away CentOS 6 VMshttps://irq5-7854a1fdb9f4.pages.dev/2014/08/creating-minimal-throw-away-centos-6-vms/Sun, 24 Aug 2014 02:23:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2014/08/creating-minimal-throw-away-centos-6-vms/<p>Whether you are using CentOS for a build server or simply testing out a new configuration, you can quickly create a VM (virtual machine) that is under 1GB. You can do this without downloading any special tools or ISO files – just the CentOS installation DVD and VirtualBox (or VMware if you prefer).</p><p>I like the text-based console, so you won’t be getting a GUI or fancy Linux desktop with this one. Given its small size, you could also archive the entire environment (or even several of them) for future use without having to waste gigabytes of free space. These environments also serve as a base which can be upgraded or added onto to provide more functionality later.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2014/08/creating-minimal-throw-away-centos-6-vms/#more">Continue reading…</a></p>Encrypt All the Driveshttps://irq5-7854a1fdb9f4.pages.dev/2014/04/encrypt-all-the-drives/Tue, 08 Apr 2014 01:50:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2014/04/encrypt-all-the-drives/<p>I have always been an advocate on storage security (all types of security, actually). I like how iOS devices keep all files encrypted, even if you do not set a passcode on the device. They do this to facilitate quick erasure of files on the device – to erase all the data, they simply wipe the master key.</p><p>Erasing magnetic storage media isn’t difficult, but it is time-consuming. For solid state media such as SSDs and flash drives, the wear-leveling makes it difficult to ensure that all flash blocks have been securely overwritten. The answer to this is to encrypt everything.</p><p><picture><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2014/img/encrypt-all-the-drives.png alt="Encrypt all the drives!! (meme)" width=439 height=327 class=noinvert></picture></p><p>Recently I have been busy building a Linux-based NAS and I decided to put this to practice.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2014/04/encrypt-all-the-drives/#more">Continue reading…</a></p>Implementing EAP-SIM at Homehttps://irq5-7854a1fdb9f4.pages.dev/2013/12/implementing-eap-sim-at-home/Mon, 23 Dec 2013 00:57:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2013/12/implementing-eap-sim-at-home/<p>EAP-SIM is one of the authentication methods that can be used in an 802.1x or WPA Enterprise network. Specifically, it relies on the user’s SIM card to process a presented challenge. This has been used by some telcos to provide WiFi service without having to maintain a separate set of credentials. However, not all phones support EAP-SIM.</p><p><picture><source srcset=/posts/2013/img/eap-sim-7433.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2013/img/eap-sim-7433.jpg alt="Phone displaying EAP-SIM as a WiFi authentication method" width=640 height=359></picture></p><p>Since I’m already using a RADIUS setup at home, the use of EAP-SIM will eliminate the need to install my CA certs onto each device. But of course, there is still a fair bit of work to do…</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2013/12/implementing-eap-sim-at-home/#more">Continue reading…</a></p>Hacking Functionality into ASUSWRT Routershttps://irq5-7854a1fdb9f4.pages.dev/2012/12/hacking-functionality-into-asuswrt-routers/Mon, 10 Dec 2012 00:10:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2012/12/hacking-functionality-into-asuswrt-routers/<p>This weekend, I spent some time to replace my aged Linksys WRT54G wireless router, which is running DD-WRT. The WRT54G is slow by today’s wireless standards and since I sync my iOS devices wirelessly, the speed was getting quite unbearable. When I bought my Macbook Pro in 2007, it already has draft 802.11n support and fast-forward to 2012, my iPad (1st generation) and iPhone 5 both support the 5GHz band.</p><p>The <strong>ASUS RT-N56U</strong> wireless router ranks up there on wireless performance, and the “feature” I was really after was a router that can run an alternative firmware such as Tomato or DD-WRT. The really good news is, I figured out how to get the functionality I wanted while still using the official ASUS firmware.</p><p><picture><source srcset=/posts/2012/img/asus-top.jpg.webp type=image/webp><img src=https://irq5-7854a1fdb9f4.pages.dev/posts/2012/img/asus-top.jpg alt="ASUS router photo" width=1024 height=683></picture></p><p>For proper reviews and better photos, you might want to check out these other reviews:</p><ul><li>SmallNetBuilder: <a href=http://www.smallnetbuilder.com/wireless/wireless-reviews/31436-asus-rt-n56u-black-diamond-dual-band-gigabit-wireless-n-router-reviewed rel=noopener target=_blank class=external>ASUS RT-N56U Black Diamond Dual-Band Gigabit Wireless-N Router Reviewed</a></li><li>FoxNetwork: <a href=http://www.foxnetwork.ru/index.php/en/component/content/article/82-asus-rt-n56u.html rel=noopener target=_blank class=external>ASUS RT-N56U or hardware NAT acceleration</a><br>(I quite like their professionally taken product photos and their reverse-engineering work)</li></ul><p>Read on to find my short review, as well as how you can run your own programs on the router without using a third-party firmware.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2012/12/hacking-functionality-into-asuswrt-routers/#more">Continue reading…</a></p>SFF Server Build (Part 1): Short Cableshttps://irq5-7854a1fdb9f4.pages.dev/2011/08/sff-server-build-part-1-short-cables/Mon, 01 Aug 2011 01:07:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2011/08/sff-server-build-part-1-short-cables/<p>After 10 years, I decided to replace my 633MHz home server with something more modern. The fans on the system were making a lot of noise, especially the Slot-1 CPU cooler fan, which I don’t think I can find a replacement for. Also, the motherboard was very choosy about the power supply, meaning I could not use the newer, more energy efficient supplies; the voltage monitors claim the voltage is out of the acceptable range and refuses to continue beyond the POST screen.</p><p>I chose the MicroATX form factor, and the most compact case is the <strong>Silverstone SG02F</strong> because it places the power supply on top of the board. Most other cases I’ve seen have a similar layout to an ATX tower, but with a height reduction.</p><p>The wires are long and unwieldy because they assume you are using a normal ATX case, in which case you need relatively long cables depending on how the case is laid out. However when building a SFF machine like this, it gets really untidy. I decided to reduce the length of the cables.</p><p>Here’s the before photo of the wiring - the worst offenders are the SATA cables, the case front panel wires, and the SATA power connector.</p><p><picture><img src=//farm7.static.flickr.com/6023/5990616965_4064d4855b_z.jpg alt></picture> <span class=caption>Wiring (before)</span></p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2011/08/sff-server-build-part-1-short-cables/#more">Continue reading…</a></p>GNU patch and Windows UAChttps://irq5-7854a1fdb9f4.pages.dev/2011/06/gnu-patch-and-windows-uac/Sun, 26 Jun 2011 00:15:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2011/06/gnu-patch-and-windows-uac/If you’re looking for the GNU patch on Windows, you would probably have found the GnuWin32 project. If you try to run this program on Windows Vista or 7, you will be prompted with the UAC dialog, asking you to run the program with administrative rights. Windows Vista, when they introduced the User Access Control (UAC) feature, tried not to break existing programs by detecting which ones require administrative access. The usual suspects are installers that are probably named *setup.<p><a href="https://irq5-7854a1fdb9f4.pages.dev/2011/06/gnu-patch-and-windows-uac/#more">Continue reading…</a></p>iOS Profiles & Encrypted Backupshttps://irq5-7854a1fdb9f4.pages.dev/2011/01/ios-profiles-encrypted-backups/Fri, 14 Jan 2011 11:59:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2011/01/ios-profiles-encrypted-backups/When I got my iPhone, it uses a 4-digit passcode to protect its contents. Unsatisfied with this, I found the iPhone Configuration Utility (iPCU), which was the only way at that time to enable complex passcodes (passwords) on the phone. After creating a profile and uploading it to the phone using the iPCU, my backups were all forced to be encrypted. Encrypted backups are not good for tinkering because you need to decrypt the files before you can edit them, and you need to re-encrypt them for it to be restored to the phone.<p><a href="https://irq5-7854a1fdb9f4.pages.dev/2011/01/ios-profiles-encrypted-backups/#more">Continue reading…</a></p>mdns-repeater: mDNS across subnetshttps://irq5-7854a1fdb9f4.pages.dev/2011/01/mdns-repeater-mdns-across-subnets/Sun, 02 Jan 2011 03:51:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2011/01/mdns-repeater-mdns-across-subnets/<p><strong>Update 21-Sep-2011: Added an <a href=#Installation rel=noopener>Installation</a> section and updated the binaries on Bitbucket.</strong></p><p>As you may know, I have a couple of Apple devices. Apple is fond of using Multicast DNS (mDNS) for their service discovery. The recent addition to these services being AirPrint (wireless printing service) and AirPlay (wireless audio/video streaming) from your iOS devices.</p><p>My home is setup in such a way that the wired and wireless networks are on 2 separate subnets. mDNS uses a multicast address that is “administratively scoped”, meaning the packets will not travel across subnets. I tried fiddling around with iptables rules and looked around for how I can route these packets across the subnets, but to no avail.</p><p>There is another solution - a repeater daemon that sits on the router and repeats packets between the 2 subnets. <a href=http://avahi.org rel=noopener target=_blank class=external>Avahi</a> is used to provide mDNS services and it has a reflector mode that does exactly this. A more lightweight solution was <a href=http://www.smittyware.com/linux/tivobridge/ rel=noopener target=_blank class=external>TiVoBridge</a>, which supposedly performs the same task but it’s much smaller. I tried to compile and set up TiVoBridge, but it required a config file and I couldn’t really get it to work the way I wanted it to. There’s an even lighter-weight solution called <a href=http://svn.ninux.org/svn/ninuxdeveloping/say/trunk/ rel=noopener target=_blank class=external>SAY</a>, but it uses libpcap.</p><p>Enter <a href=http://bitbucket.org/geekman/mdns-repeater/ rel=noopener target=_blank class=external>mdns-repeater</a> - a small Linux daemon that does exactly what I want it to do. I have a Linksys WRT54G which runs dd-wrt. This program was intended to be compiled for and installed on the Linksys router. As with all other programs that run on the router, it requires no configuration.</p><p>The default dd-wrt configuration has 2 interfaces - <code>vlan1</code> for the WAN interface and <code>br0</code> for the wireless interface (and 4-port switch). The program accepts the arguments <code>vlan1</code> and <code>br0</code> and begins repeating packets from <code>vlan1</code> to <code>br0</code> and vice-versa. I can now get my iOS devices to detect wired servers like a print server for AirPrint.</p><p><em>mdns-repeater</em> is released under GPLv2. Feel free to change it to repeat whatever protocol you want. Patches to add functionality and bug fixes are welcome. You can contact me via bitbucket.org, or if you clone the repository my email is in the commits.</p><p><a href="https://irq5-7854a1fdb9f4.pages.dev/2011/01/mdns-repeater-mdns-across-subnets/#more">Continue reading…</a></p>Copying files between users in Windows 7https://irq5-7854a1fdb9f4.pages.dev/2010/09/copying-files-between-users-in-windows-7/Sat, 11 Sep 2010 18:17:00 +0000https://irq5-7854a1fdb9f4.pages.dev/2010/09/copying-files-between-users-in-windows-7/I’ve recently installed Windows 7 on my desktop and I’m trying to migrate files from the laptop’s hard disk. Whenever I try to copy files from a folder that I do not have permissions to, it asks me if I want to gain “permanent access” to the folder and its contents, which means to alter the folder permissions to take ownership of the folder & files. Why would I want to do that?<p><a href="https://irq5-7854a1fdb9f4.pages.dev/2010/09/copying-files-between-users-in-windows-7/#more">Continue reading…</a></p>