Bonum Certa Men Certa

How To Deal With Your Raspberry Spy -- Part V: All The Rest

By Gavin L. Rebeiro

Contents



Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge 2.2 Apparatus

3 Fundamentals

3.1 Communication 3.2 Kernel Ring Buffer 3.3 Drivers 3.4 Operating Systems 3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media 4.2 Connecting Physical Components 4.3 Using Picocom 4.4 OS Installation

5 YOU ARE HERE ☞ Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: The final part of a series on liberating the Raspberry Spy from an untrustworthy OS that secretly adds Microsoft keys and proprietary software repositories of Microsoft (see Part I, Part II, Part III, and Part IV)

THIS part is mostly addenda.

Chapter 5: Thanks



We’d like to take the opportunity to thank you, the reader. We believe everyone deserves a computing education; however, the topics of computing freedom and how computing affects our basic human rights are neglected in computing education today; at E2EOPS PRESS we strive to change this. Our goal is to inform, educate, and inspire. Computing is also a lot of fun! We want everyone to experience the joys of computing. We hope you enjoyed this issue of our periodical as much as we enjoyed bringing it to you!

Our work requires research, equipment, and infrastructure to deliver. We strive for the best quality in all we do. If you would like to support us, there are several ways you can do so. Any support we get from you enables us to bring you the best we possibly can.

We distribute all our periodicals via peer-to-peer technology. There are things we publish that some people don’t want out in the open. Thus, if you can contribute to the peer-to-peer sharing, you would be helping us out immensely!

If you would like to support us by making a cash donation, we have a Paypal account that you can send donations to:

● https://www.paypal.com/donate?hosted_button_id=B5VPZJBKLL2S6

For those that like to use QR codes, you can use the following QR code to donate to our Paypal.

If you’d like to donate in some other way, you can send an email to donations@e2eops.io and have a chat with us about it.

For encrypted communications, you can use the OpenPGP Key provided in chapter 6.

And, as always, happy hacking!

Chapter 6: OpenPGP Key



At E2EOPS PRESS, we take your privacy seriously. If you want to send us an encrypted message, you can do so with the following OpenPGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF7JMNYBDACeCfa+NpFSOUOyIKqdZdtIjEZCaLzBKQmnqLJo/5BZZiCrGK8+
MYUfBz6iiEqEJf7N0R6Kg/esyIEy35uYdiLr66fg/sEXHk5eW/9Hanex/Igk9nmg
1+eGo1sk/MQh7lUNydqOHVokhjcPHleUGiJE/F0MjDvs/xTN1HYf1uhmJOZbpL/D
oTcTssL1BB2b95QfuUViX7I/+Xoe4VSaxdVlVGGCSI8jAPqb+0PYX6N2yHllFaRI
8D4cQkKpP5z2Y9m65ALWsR0M6GBUIeYe4QzfBVwuPg7TAiSpZWDC3vPIWFsC1zbL
NT4y6bxjv9gE0S3GVXZC/bTHuVL3FNrStnMFX0z8E4c19vyo9TyTxXLKC7Qy/dWJ
Nf+3tbgNQ7yR8MBwciyQho9MltrIFTz+JXZj7xCM0QiYgTo4rBl9eczaGLZwlOJn
sybs3Ia0ZTfm5yQAQ3eJ4yKKkiCjADF6fq6AVgV0D36wgBiZnVa+zbSteamUM7L8
JN4rzqfm587d+/0AEQEAAbQgR2F2aW4gTC4gUmViZWlybyA8Z2xyQGUyZW9wcy5p
bz6JAdEEEwEKADsCGwMCHgECF4AFCwkIBwIGFQoJCAsCBBYCAwEWIQTHhRt/mdsE
uRCTt6QUP5lU/9Mq/wUCXyPcLAIZAQAKCRAUP5lU/9Mq/xtpC/9nEcxWrB5e3W1o
Xl8W9uumnwG5o2ZUYfHtQ+QVpkowdQgEFPLTBicWRPnb61eaT/60hkhH68Gb1oVZ
BHHN3YNF9qqQHqOT1iAuP0nidkHXUaz4Bbl0wR8brvY2aJO4l03sOWztQHkAoo+u
wNohHM1lwqKYN+HRWm+JyTRxw/YHkYI1Rz1aN9hUNTax1HqAm5fSq+R/VKyUZ9tI
2D93p2PK+c1SEJS1goBnlJu4HW2T7NA7oUboKG0J4h2yBV6WtSgskFEWqYEBzvxw
ZaWzooOnJRPc+CibhRuH9VJvegRCkwZcNuZfHBKkh+d30LaJJlpifnu9ADs0PkXx
HUsHlgMjUbzjztFEBmAjS8PvKOG2nJxcv362749/M6vI7KP7ktf4i+3wZLe8BC5y
hSAAQtLUBC/IratA+4NSI8lxDlNB+rrFTXzYTVGscJWlACCK4l0xaXNC0OBcRosH
oFMgSogrXrQ2SsSu8oeVOjx/HOd8tThrCKd2nd40iG5Z3fftzP+5AY0EXskw1gEM
ANpbLPGSE9gjT8aAkcK0gIhNwTwR/X9T1YCKViiOYALCzPfGYMQqATSe/J7o/ysO
+lAB0B3NExdIbwh3knhoEsXdx9zNz18q827aCdLJVuq9kizXoCkWchJ0QjgacvNe
0jGZ+o3ULIMmnWztGzNixZaAiwzalWghFuiX4pG0su8TYAN1T6DGvdb+F1rx0xo8
tb3T8RaO0VZyji3zBBNXD1ECU6dmi0AJ0zD0S5iRIXIn+QfRR2oJu9ZSR6En7PS1
b4bhJ2OnBE4ZQ3mS4aHPaeIWbeCeq8EuaVQNyv5jT3wD18DIRigOxl9XJFy1IDO+
A45hz9FwxULH1QH5bZXRmkYfcxkLMqoMci0+8XxobpmILjkSHeAo4PR8KTHpNUXf
I7rJLpufYRTHf5votrJmgbea5bfnAlSoOXMlN2XZ9oJimOTfyzItCSwb0pkghnW0
Hyo3kd5RbDcZrd6RSSVWo/41gr8SXatlkpbnEYjktFGe2Nxls6qZAgA/lqKrS9ti
7wARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+ZVP/TKv8FAl7JMNYCGwwF
CQPCZwAACgkQFD+ZVP/TKv9XAwv9Heor5YuZalOcXXiGCrqYNHuQJLbDvUpTK6wI
t9peV4t6E8oiqb0/0ezLGQSlP8RkBKUkhslVn5M6cDIxdCAlZxUIOjF1tJyHrTua
wEayHO5q84tixa00+x2/mmaDy0ddZXc4gITLgZjN4J3e9GUww4N3TUVJTZDPF+mP
eFd2HlGj3AHLtNEfsEw4HvYNNzexnom66gdDrrCIBxWRgUD2aRQKxQOquFQt2zYS
dgOXVS0eyaN81uqFHVh+tvyBKkrK8D/recaPcCXAFSv9UUcQA6jEFdC9WEjgHD7J
nRrCwOGBTZ7IvYO5+rpyh/w8k6eZYhUm3UdXYuPsxaCsSL+OW46DBP0C5sKrhxZK
thZOhll4ZYrfX1Vv4awBAB6iMZ0i+i39AQPmpvUviFGUfLkHEEsarHgPDchaOv1p
0xa11jUxU5nkqfiQj5A4h4TMP0q9tGdf1puxRZqwp8T0Jc9uQAm6wUMaaaugiXn+
BQfF5XIfOiXZx9DThhqYwO4WztdEuQINBF87rdYBEAC66OFgJa3p9d6Ets5A3NVm
XxXkCBmgIg1HG44bmKz3o2xudRP6o3bbmVI06cmfGAVmKJ0voAVsgHMsTg30iZb3
D/X9iRYTB/1suyYIgP9cRxltLLMTL4LycmrCRCnTJSMThA1V2d5brmmrWcOPmqnT
CdbOjUD5OWzGsfIkP0t+Ef4v94j574WAvpGYd7Wf5o30JKNfdOjdLOVFdp6lV9mM
FxebC1lZ6uRSeL77/XZJC4ZQ8TzhgsdgnE4M1sKvaDO+DTS3pu7+Dh+ORFQ9TQDP
ZuMBpln3UBa1evVR8bF9SgqjGo2Al8K590xGNJEHzj+BGqEKjOVN05uMoplByMdZ
pD2lRMdqgIqVXiNtBSBhv1oGQhu5fxW11Xv4Kh5BzuOMLS/0KT2cdlk06eCgWZqT
/IM5ipKYpJJgtkJ/0sU+hLq+jilAr3ZhmkxCim+9uYOZ93ypy7QiW8ldbsGEDh5S
KcU+qWGNEMHhNwuHY9ChO1hcWi/q5/mZTKXG60/q6RZRI2QxbuKsX3c8GbEea2jU
Q+v4zFp/x7G1aPRTRtqOssvBtIikBiKWBEOBwYwqpEjD6IfmWVh8wlJZx/tcBRGF
0FGpyieGAFINaQIjKURm7bHkn4bQwIZkmbAssA6ZHcl9u6/u60155K4ifuf7ChyK
8H5n6vJq4AUxQkA8kADvnwARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+Z
VP/TKv8FAl87rdYCGyAFCQHhM4AACgkQFD+ZVP/TKv9Fwgv+P20Qu7USOJfaUVN4
I52GS6R8veww4aKY16ts3XlIUl3mqbH3KoB1T+YKuqoVrNCtGeXVD0AB+BJxxrQS
BFtYq4ZgPnSo7NQST6SWbWhzJmpfuhoInGb9l8v0mwD50DrOPjeZcX7TrQN4jWft
OJQkKviCYFCu36xa84FUYxTyvA5V4TpWAgPTUVBpf8BrI2Ktw3Wc1THHqcwIszec
Mr/mexDfdCa8G78u3rgX4kZPSGFwaGK339eqlb7rMtspkKQPPmm92lYdfV/icbvw
7iaMAirgYq72qzkuIV6GMUKsTa/1wkJ54yACaLXS9A3NXDVizErWHam9TG/ce/Ll
EPUsrXTesrhqZpaHHNxnfiQOXzocrldvvdYOxBeGfMQY7fftX8GgQwMjMi2kracr
hWc1mCSMSCerTWCtRfw0CK4Au6881rAAmXDwvjU586ezv1MdBqVmN7eOeeVVGdM1
/+S5QP//oK6MEkAS8y2ZP8A/3iMlYz+SBOUSD0AJ0RZEhkhr
=JMTx
-----END PGP PUBLIC KEY BLOCK-----


Appendix A: Malicious Hardware



While doing research for this issue, I often ran into USB-to-UART bridges of the “FTDI” variety. Upon further digging, an ugly bit of history surfaced. The FTDI modules have a reputation for sabotaging people’s hardware.

Sadly, we live in a world where this sort of thing is the norm. Pay close attention to the products you buy. You need to practice vigilance in order to defend your computing freedom. Remember, you have control over your wallet. Don’t support malicious actors, if you have the choice (in this case you almost certainly do).

Appendix B: Linux Kernel Source Tree Analysis



The directory trees rooted at /sys and /proc are mapping of Linux kernel data structures and interfaces; you can read up on these in the Linux kernel source tree from:

● linux/Documentation/filesystems/sysfs.rst ● linux/Documentation/filesystems/proc.rst

You don’t have a local, up-to-date, copy of the Linux kernel source tree? You really should. Note that some of this documentation is hilariously out-of-date; use the git log on a file to see the last time parts of a file was given an up-date:

 $ git log -p filename


This should give you what you need. Since the Linux kernel is developed with Git, it pays dividends to learn at least the fundamentals of Git.

It’s a frequent occurence that people ask me how to make sense of the Linux kernel. You need the following prerequisites:

● A familiarity with the C programming language. The syntax is easy to pick up for most people because a lot of the popular programming languages in use today are based on C. Most operating systems today are written in C; the same goes for embedded systems. If you don’t have a good grasp of C, you can kiss any hopes on working on this stuff goodbye. C is not as hard as people make it out to be; just look at real code and don’t waste your time on pointless exercises. Start with the smallest real-world programs you can find - like echo(1); once you get the simple stuff, get more ambitious and look at more complicated things. The following resource is also invaluable to the novice C programmer: C reference.

● To make sense of other people’s C code (particularly spaghetti), you need a good source code tagging system. I recommend GNU Global because it works well on most Bourne Shells. Using GNU Global will enable you to look up definitions for things like functions and structs in C code easily.

● You need to learn GNU Autotools to automate the workflow of building makefiles and such. The old “./configure && make && make install” ritual stems from GNU Autotools. Learn it and embrace it. You can build truly portable software once you learn the fundamentals of GNU Autotools. You won’t understand head nor tail of embedded programming with the Linux kernel (and several other things) unless you have a grasp on the rudiments of GNU Autotools.

● Whether you like it or not, Git is an essential part of Linux kernel development. Without a firm grasp of Git fundamentals, you won’t get anywhere. While you’re at it, you should look into the standalone utilities GNU diff and GNU patch; Git is essentially an abstraction on top of these tools.

You should now have enough pointers to begin acquiring knowledge about how to make sense of the Linux kernel (and a whole lot of other things). The aforementioned prerequisites abstract to OS and embedded development and being an effective operator of your computer. These are the tools you really need to know to get anywhere.

All of this stuff applies to several other things. Once you start learning them, you’ll see what I mean. It really isn’t a lot to take in. Knowledge of this stuff will last you a lifetime. Don’t fall for the IDE X or framework Y bullshit; those are moving targets and are deliberately broken to keep people reliant on the dictators for “support”. Educate yourself; it’s the only path to computing freedom. Become an operator; don’t be a mindless consumer.

Appendix C: Digital Multimeter Tests



As always, follow the instructions in the manual of your Digital Multimeter (DMM). RTFM extra carefully, otherwise you end up with magic smoke (why you were recommended spares).

There really are only two simple things you need to test on your UTUB:

● Voltage coming out of the UTUB TX and RX pins.

● Current from the TX and RX pins.

There’s not really much more to be said here. The one bit of general advice is to use a breadboard and some jump wires, if you have access to one; crocodile clip test leads for your DMM also make life easier. Basically, try making sure you don’t short circuit your UTUB by having DMM test leads too close to each other.

Make sure the test leads are plugged into the appropriate terminals of your DMM. Always make sure the fuse of a DMM terminal is sufficient for what you’re measuring.

You can find GPIO voltage specifications of the Raspberry Spy in the official GPIO guide. Make sure you cross-check with the right CPU model’s datasheet.

You may end up needing to buy some resistors to get the right voltage and current. You can find background information useful to the novice hardware hacker from the excellent Sparkfun tutorial on pull-up resistors; follow the appropriate links to fill out gaps in your knowledge. However, most UTUBs are usable out-of-the-box (OOTB) so you shouldn’t really have much issue here. But it doesn’t hurt (unless you zap yourself) to get a bit of electronics background knowledge since you’re playing around with wires and electricity!

Index



[Editor's note: this corresponds to the PDF version of the document]

lsblk -f, 28 sd(4), 34 /dev/ttyUSB0, 23 /proc, 43 /sys, 43 FTDI, 41 apropos(1), 18 cmdline.txt, 29 config.txt, 29 console=fb, 29 cp210x, 23, 24 dmesg(1), 18-20, 22, 25 echo(1), 44 enable_uart=1, 29 grep(1), 20 lsmod(8), 20, 25 lspci -k, 26 lsusb -t, 26 mknod(1), 24 modinfo(8), 19, 20, 23 picocom(1), 17, 24, 32, 33, 35 ttyUSB0, 23, 24 usbcore, 23 usbserial, 23 DMM, 15 EHCI, 20 HCI, 20 idProduct, 25 idVendor, 25 jump wires, 14 kernel ring buffer, 18 KRB, 18 OHCI, 20 PCI, 20 QC, 15 textttmodinfo(8), 25 UART, 17 UTUB, 13, 14

Recent Techrights' Posts

Microsoft Actually in Trouble, Microsofters Unable to Obey Judges' Orders
For the second time in a week, Microsofters are unable to obey orders
Over at Tux Machines...
GNU/Linux news for the past day
Microsoft's Debt Exploded by 15.4 Billion Dollars in the Past 9 Months Alone (Despite All the Layoffs)
As of minutes ago, at 6PM on a Friday, the numbers are made public
LLMs as Attack Method Against Free Software and Programming
DDoS in "hey hi" (slop) clothing
Google as a 'Bullshit Generator' Disguised as Intelligence
It'll probably cause Google to get sued a lot, both by individuals and companies
As Expected, Google in the UK Now Experiments With Slop Instead of Web Search
At this point more people ought to stop and think: Does Google's search engine deserve trust?
 
Upcoming OSI Scandal Series
The OSI is a rogue actor because it serves Microsoft in exchange for money
Slopwatch: The Issue Persists, But the Consensus in the Media Changes as Google Enrages It With LLM Plagiarism
We've meanwhile assessed the latest output from Linuxiac
IRC Proceedings: Friday, August 01, 2025
IRC logs for Friday, August 01, 2025
Links 02/08/2025: İstanbul Retail Inflation Reaches 42.48%, US FBI Opens Office in New Zealand
Links for the day
Gemini Links 02/08/2025: ZFS, LLM Hype, and Fake Modules
Links for the day
Links 01/08/2025: Health, Conflict, and Attacks on Freedom of the Press
Links for the day
Meeting (Webchat) With Maria Arranz Gomez, Florian Grundies, Jürgen Janda and Konstantinos Kortsaris Confronts EPO Management About Breaking Promises and Crushing Workers
The lack of consistent messages suggests plans other than what's advertised and the lack of consultation (secrecy) likewise
Links 01/08/2025: "The Great British Firewall" and U.S. Army Sponsors Palantir
Links for the day
For Second Day in a Row, Top Story in The Register MS is "Microsoft Says"
The editor in chief exercises control over everybody else
Stability and Reliability, Backward Compatibility
I don't fancy relying on social control media as "sources"
What "the News" Looks Like in 2025
The "says" (or "sez") phenomenon
History Will Be Distorted, Sometimes Intentionally, Under the Guise of Intelligence (Manipulated/Curated Slop)
Militarised misinformation or military-grade chaff is a national security threat, even domestically
Financial Engineering Companies: A Company Worth 4 Trillion Dollars Would Not Borrow 100+ Billion Dollars at Interest Rates Like Today's
Many headlines perpetuate the lie Microsoft had just 2 waves of layoffs
Microsoft is Googlebombing "Linux" While Paying Former News Sites to Publish SPAM
How much lower will IDG sink?
The Data You Don't Give Away is Your Advantage
stop sharing data that does not need to be shared
Being Obedient or Doing the Right Thing
The world always changes for the better because of people who think "Outside the Box", not the cogs
Gemini Links 01/08/2025: Happy Hacking Keyboards and New Gemini Arrivals
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 31, 2025
IRC logs for Thursday, July 31, 2025
Sabotaging Linux on Behalf of Microsoft With UEFI 'Secure' Boot (De Facto Remote 'Kill Switch'), Then Defaming, Stalking and Harassing Critics of 'Secure' Boot for 12 Years, Then SLAPPing Their Spouses and Them
The sorts of stubborn lunatics we've been dealing with
Moving on in Techrights, Geeks Gonna Geek
In the coming weeks we plan to focus (as we explained last week) on patents, GNU/Linux issues, and the occasional philosophical essays
Slopwatch: Google News Has Lost the Plot
Almost the majority of articles returned for "Linux" are fakes
Links 31/07/2025: Australia Restricts YouTube Access, Personal Privacy at Risk
Links for the day
Links 31/07/2025: Spotify Collapses and Spotify Now Forcing Some Users to Undergo Face-Scanning
Links for the day
A Lot of Supposedly "Successful" Businesses Are Just Debt-Racking Vessels Without Any Prospects of Financial Sustainability
The probability of bankruptcy of any business is more than 0%
theregister.com: The Voice of Microsoft US?
It basically sold out
Yes, You Can Love and Adore Things Whilst Also Criticising Them
Is society being divided and groomed/primed to be resistant to constructive criticism?
Links 31/07/2025: War in Ukraine, Security News, and Cyberattacks Against Journalists on the Rise
Links for the day
Gemini Links 31/07/2025: Fake Money and Gemini Diaries
Links for the day
An Illusion and Cult Worship of Magnitude (Ubiquity as "Victory")
GNU has been around for over 40 years and it'll likely continue to exist for another 40 (in some form)
Google: From Pointing to Relevant Sites to Pointing to Social Control Media to Actually Parroting Social Control Media as "Facts"
Google has become a misinformation company
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 30, 2025
IRC logs for Wednesday, July 30, 2025