03.07.21

How To Deal With Your Raspberry Spy — Part V: All The Rest

Posted in BSD, Free/Libre Software, GNU/Linux at 2:19 am by Guest Editorial Team

By Gavin L. Rebeiro

Contents

Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge
2.2 Apparatus

3 Fundamentals

3.1 Communication
3.2 Kernel Ring Buffer
3.3 Drivers
3.4 Operating Systems
3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media
4.2 Connecting Physical Components
4.3 Using Picocom
4.4 OS Installation

5 YOU ARE HERE ☞ Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: The final part of a series on liberating the Raspberry Spy from an untrustworthy OS that secretly adds Microsoft keys and proprietary software repositories of Microsoft (see Part I, Part II, Part III, and Part IV)

THIS part is mostly addenda.

Chapter 5: Thanks

We’d like to take the opportunity to thank you, the reader. We believe everyone deserves a computing education; however, the topics of computing freedom and how computing affects our basic human rights are neglected in computing education today; at E2EOPS PRESS we strive to change this. Our goal is to inform, educate, and inspire. Computing is also a lot of fun! We want everyone to experience the joys of computing. We hope you enjoyed this issue of our periodical as much as we enjoyed bringing it to you!

Our work requires research, equipment, and infrastructure to deliver. We strive for the best quality in all we do. If you would like to support us, there are several ways you can do so. Any support we get from you enables us to bring you the best we possibly can.

We distribute all our periodicals via peer-to-peer technology. There are things we publish that some people don’t want out in the open. Thus, if you can contribute to the peer-to-peer sharing, you would be helping us out immensely!

If you would like to support us by making a cash donation, we have a Paypal account that you can send donations to:

• https://www.paypal.com/donate?hosted_button_id=B5VPZJBKLL2S6

For those that like to use QR codes, you can use the following QR code to donate to our Paypal.

If you’d like to donate in some other way, you can send an email to donations@e2eops.io and have a chat with us about it.

For encrypted communications, you can use the OpenPGP Key provided in chapter 6.

And, as always, happy hacking!

Chapter 6: OpenPGP Key

At E2EOPS PRESS, we take your privacy seriously. If you want to send us an encrypted message, you can do so with the following OpenPGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF7JMNYBDACeCfa+NpFSOUOyIKqdZdtIjEZCaLzBKQmnqLJo/5BZZiCrGK8+
MYUfBz6iiEqEJf7N0R6Kg/esyIEy35uYdiLr66fg/sEXHk5eW/9Hanex/Igk9nmg
1+eGo1sk/MQh7lUNydqOHVokhjcPHleUGiJE/F0MjDvs/xTN1HYf1uhmJOZbpL/D
oTcTssL1BB2b95QfuUViX7I/+Xoe4VSaxdVlVGGCSI8jAPqb+0PYX6N2yHllFaRI
8D4cQkKpP5z2Y9m65ALWsR0M6GBUIeYe4QzfBVwuPg7TAiSpZWDC3vPIWFsC1zbL
NT4y6bxjv9gE0S3GVXZC/bTHuVL3FNrStnMFX0z8E4c19vyo9TyTxXLKC7Qy/dWJ
Nf+3tbgNQ7yR8MBwciyQho9MltrIFTz+JXZj7xCM0QiYgTo4rBl9eczaGLZwlOJn
sybs3Ia0ZTfm5yQAQ3eJ4yKKkiCjADF6fq6AVgV0D36wgBiZnVa+zbSteamUM7L8
JN4rzqfm587d+/0AEQEAAbQgR2F2aW4gTC4gUmViZWlybyA8Z2xyQGUyZW9wcy5p
bz6JAdEEEwEKADsCGwMCHgECF4AFCwkIBwIGFQoJCAsCBBYCAwEWIQTHhRt/mdsE
uRCTt6QUP5lU/9Mq/wUCXyPcLAIZAQAKCRAUP5lU/9Mq/xtpC/9nEcxWrB5e3W1o
Xl8W9uumnwG5o2ZUYfHtQ+QVpkowdQgEFPLTBicWRPnb61eaT/60hkhH68Gb1oVZ
BHHN3YNF9qqQHqOT1iAuP0nidkHXUaz4Bbl0wR8brvY2aJO4l03sOWztQHkAoo+u
wNohHM1lwqKYN+HRWm+JyTRxw/YHkYI1Rz1aN9hUNTax1HqAm5fSq+R/VKyUZ9tI
2D93p2PK+c1SEJS1goBnlJu4HW2T7NA7oUboKG0J4h2yBV6WtSgskFEWqYEBzvxw
ZaWzooOnJRPc+CibhRuH9VJvegRCkwZcNuZfHBKkh+d30LaJJlpifnu9ADs0PkXx
HUsHlgMjUbzjztFEBmAjS8PvKOG2nJxcv362749/M6vI7KP7ktf4i+3wZLe8BC5y
hSAAQtLUBC/IratA+4NSI8lxDlNB+rrFTXzYTVGscJWlACCK4l0xaXNC0OBcRosH
oFMgSogrXrQ2SsSu8oeVOjx/HOd8tThrCKd2nd40iG5Z3fftzP+5AY0EXskw1gEM
ANpbLPGSE9gjT8aAkcK0gIhNwTwR/X9T1YCKViiOYALCzPfGYMQqATSe/J7o/ysO
+lAB0B3NExdIbwh3knhoEsXdx9zNz18q827aCdLJVuq9kizXoCkWchJ0QjgacvNe
0jGZ+o3ULIMmnWztGzNixZaAiwzalWghFuiX4pG0su8TYAN1T6DGvdb+F1rx0xo8
tb3T8RaO0VZyji3zBBNXD1ECU6dmi0AJ0zD0S5iRIXIn+QfRR2oJu9ZSR6En7PS1
b4bhJ2OnBE4ZQ3mS4aHPaeIWbeCeq8EuaVQNyv5jT3wD18DIRigOxl9XJFy1IDO+
A45hz9FwxULH1QH5bZXRmkYfcxkLMqoMci0+8XxobpmILjkSHeAo4PR8KTHpNUXf
I7rJLpufYRTHf5votrJmgbea5bfnAlSoOXMlN2XZ9oJimOTfyzItCSwb0pkghnW0
Hyo3kd5RbDcZrd6RSSVWo/41gr8SXatlkpbnEYjktFGe2Nxls6qZAgA/lqKrS9ti
7wARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+ZVP/TKv8FAl7JMNYCGwwF
CQPCZwAACgkQFD+ZVP/TKv9XAwv9Heor5YuZalOcXXiGCrqYNHuQJLbDvUpTK6wI
t9peV4t6E8oiqb0/0ezLGQSlP8RkBKUkhslVn5M6cDIxdCAlZxUIOjF1tJyHrTua
wEayHO5q84tixa00+x2/mmaDy0ddZXc4gITLgZjN4J3e9GUww4N3TUVJTZDPF+mP
eFd2HlGj3AHLtNEfsEw4HvYNNzexnom66gdDrrCIBxWRgUD2aRQKxQOquFQt2zYS
dgOXVS0eyaN81uqFHVh+tvyBKkrK8D/recaPcCXAFSv9UUcQA6jEFdC9WEjgHD7J
nRrCwOGBTZ7IvYO5+rpyh/w8k6eZYhUm3UdXYuPsxaCsSL+OW46DBP0C5sKrhxZK
thZOhll4ZYrfX1Vv4awBAB6iMZ0i+i39AQPmpvUviFGUfLkHEEsarHgPDchaOv1p
0xa11jUxU5nkqfiQj5A4h4TMP0q9tGdf1puxRZqwp8T0Jc9uQAm6wUMaaaugiXn+
BQfF5XIfOiXZx9DThhqYwO4WztdEuQINBF87rdYBEAC66OFgJa3p9d6Ets5A3NVm
XxXkCBmgIg1HG44bmKz3o2xudRP6o3bbmVI06cmfGAVmKJ0voAVsgHMsTg30iZb3
D/X9iRYTB/1suyYIgP9cRxltLLMTL4LycmrCRCnTJSMThA1V2d5brmmrWcOPmqnT
CdbOjUD5OWzGsfIkP0t+Ef4v94j574WAvpGYd7Wf5o30JKNfdOjdLOVFdp6lV9mM
FxebC1lZ6uRSeL77/XZJC4ZQ8TzhgsdgnE4M1sKvaDO+DTS3pu7+Dh+ORFQ9TQDP
ZuMBpln3UBa1evVR8bF9SgqjGo2Al8K590xGNJEHzj+BGqEKjOVN05uMoplByMdZ
pD2lRMdqgIqVXiNtBSBhv1oGQhu5fxW11Xv4Kh5BzuOMLS/0KT2cdlk06eCgWZqT
/IM5ipKYpJJgtkJ/0sU+hLq+jilAr3ZhmkxCim+9uYOZ93ypy7QiW8ldbsGEDh5S
KcU+qWGNEMHhNwuHY9ChO1hcWi/q5/mZTKXG60/q6RZRI2QxbuKsX3c8GbEea2jU
Q+v4zFp/x7G1aPRTRtqOssvBtIikBiKWBEOBwYwqpEjD6IfmWVh8wlJZx/tcBRGF
0FGpyieGAFINaQIjKURm7bHkn4bQwIZkmbAssA6ZHcl9u6/u60155K4ifuf7ChyK
8H5n6vJq4AUxQkA8kADvnwARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+Z
VP/TKv8FAl87rdYCGyAFCQHhM4AACgkQFD+ZVP/TKv9Fwgv+P20Qu7USOJfaUVN4
I52GS6R8veww4aKY16ts3XlIUl3mqbH3KoB1T+YKuqoVrNCtGeXVD0AB+BJxxrQS
BFtYq4ZgPnSo7NQST6SWbWhzJmpfuhoInGb9l8v0mwD50DrOPjeZcX7TrQN4jWft
OJQkKviCYFCu36xa84FUYxTyvA5V4TpWAgPTUVBpf8BrI2Ktw3Wc1THHqcwIszec
Mr/mexDfdCa8G78u3rgX4kZPSGFwaGK339eqlb7rMtspkKQPPmm92lYdfV/icbvw
7iaMAirgYq72qzkuIV6GMUKsTa/1wkJ54yACaLXS9A3NXDVizErWHam9TG/ce/Ll
EPUsrXTesrhqZpaHHNxnfiQOXzocrldvvdYOxBeGfMQY7fftX8GgQwMjMi2kracr
hWc1mCSMSCerTWCtRfw0CK4Au6881rAAmXDwvjU586ezv1MdBqVmN7eOeeVVGdM1
/+S5QP//oK6MEkAS8y2ZP8A/3iMlYz+SBOUSD0AJ0RZEhkhr
=JMTx
-----END PGP PUBLIC KEY BLOCK-----

Appendix A: Malicious Hardware

While doing research for this issue, I often ran into USB-to-UART bridges of the “FTDI” variety. Upon further digging,
an ugly bit of history surfaced. The FTDI modules have a reputation for sabotaging people’s hardware.

Sadly, we live in a world where this sort of thing is the norm. Pay close attention to the products you buy. You need
to practice vigilance in order to defend your computing freedom. Remember, you have control over your wallet. Don’t support malicious actors, if you have the choice (in this case you almost certainly do).

Appendix B: Linux Kernel Source Tree Analysis

The directory trees rooted at /sys and /proc are mapping of Linux kernel data structures and interfaces; you can read up on these in the Linux kernel source tree from:

• linux/Documentation/filesystems/sysfs.rst
• linux/Documentation/filesystems/proc.rst

You don’t have a local, up-to-date, copy of the Linux kernel source tree? You really should. Note that some of this
documentation is hilariously out-of-date; use the git log on a file to see the last time parts of a file was given an up-date:

 $ git log -p filename

This should give you what you need. Since the Linux kernel is developed with Git, it pays dividends to learn at least
the fundamentals of Git.

It’s a frequent occurence that people ask me how to make sense of the Linux kernel. You need the following prerequisites:

• A familiarity with the C programming language. The syntax is easy to pick up for most people because a lot of the popular programming languages in use today are based on C. Most operating systems today are written in C; the same goes for embedded systems. If you don’t have a good grasp of C, you can kiss any hopes on working on this stuff goodbye. C is not as hard as people make it out to be; just look at real code and don’t waste your time on pointless exercises. Start with the smallest real-world programs you can find – like echo(1); once you get the simple stuff, get more ambitious and look at more complicated things. The following resource is also invaluable to the novice C programmer: C reference.

• To make sense of other people’s C code (particularly spaghetti), you need a good source code tagging system. I recommend GNU Global because it works well on most Bourne Shells. Using GNU Global will enable you to look up definitions for things like functions and structs in C code easily.

• You need to learn GNU Autotools to automate the workflow of building makefiles and such. The old “./configure && make && make install” ritual stems from GNU Autotools. Learn it and embrace it. You can build truly portable software once you learn the fundamentals of GNU Autotools. You won’t understand head nor tail of embedded programming with the Linux kernel (and several other things) unless you have a grasp on the rudiments of GNU Autotools.

• Whether you like it or not, Git is an essential part of Linux kernel development. Without a firm grasp of Git fundamentals, you won’t get anywhere. While you’re at it, you should look into the standalone utilities GNU diff and GNU patch; Git is essentially an abstraction on top of these tools.

You should now have enough pointers to begin acquiring knowledge about how to make sense of the Linux kernel (and a whole lot of other things). The aforementioned prerequisites abstract to OS and embedded development and being an effective operator of your computer. These are the tools you really need to know to get anywhere.

All of this stuff applies to several other things. Once you start learning them, you’ll see what I mean. It really isn’t a lot to take in. Knowledge of this stuff will last you a lifetime. Don’t fall for the IDE X or framework Y bullshit; those are moving targets and are deliberately broken to keep people reliant on the dictators for “support”. Educate yourself; it’s the only path to computing freedom. Become an operator; don’t be a mindless consumer.

Appendix C: Digital Multimeter Tests

As always, follow the instructions in the manual of your Digital Multimeter (DMM). RTFM extra carefully, otherwise you end up with magic smoke (why you were recommended spares).

There really are only two simple things you need to test on your UTUB:

• Voltage coming out of the UTUB TX and RX pins.

• Current from the TX and RX pins.

There’s not really much more to be said here. The one bit of general advice is to use a breadboard and some jump wires, if you have access to one; crocodile clip test leads for your DMM also make life easier. Basically, try making sure you don’t short circuit your UTUB by having DMM test leads too close to each other.

Make sure the test leads are plugged into the appropriate terminals of your DMM. Always make sure the fuse of a DMM terminal is sufficient for what you’re measuring.

You can find GPIO voltage specifications of the Raspberry Spy in the official GPIO guide. Make sure you cross-check with the right CPU model’s datasheet.

You may end up needing to buy some resistors to get the right voltage and current. You can find background information useful to the novice hardware hacker from the excellent Sparkfun tutorial on pull-up resistors; follow the appropriate links to fill out gaps in your knowledge. However, most UTUBs are usable out-of-the-box (OOTB) so you shouldn’t really have much issue here. But it doesn’t hurt (unless you zap yourself) to get a bit of electronics background knowledge since you’re playing around with wires and electricity!

Index

[Editor’s note: this corresponds to the PDF version of the document]

lsblk -f, 28
sd(4), 34
/dev/ttyUSB0, 23
/proc, 43
/sys, 43
FTDI, 41
apropos(1), 18
cmdline.txt, 29
config.txt, 29
console=fb, 29
cp210x, 23, 24
dmesg(1), 18-20, 22, 25
echo(1), 44
enable_uart=1, 29
grep(1), 20
lsmod(8), 20, 25
lspci -k, 26
lsusb -t, 26
mknod(1), 24
modinfo(8), 19, 20, 23
picocom(1), 17, 24, 32,
33, 35
ttyUSB0, 23, 24
usbcore, 23
usbserial, 23
DMM, 15
EHCI, 20
HCI, 20
idProduct, 25
idVendor, 25
jump wires, 14
kernel ring buffer, 18
KRB, 18
OHCI, 20
PCI, 20
QC, 15
textttmodinfo(8), 25
UART, 17
UTUB, 13, 14

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2021/03/07/raspberry-spy-the-rest/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 21/4/2021: VirtualBox 6.1.20, GCC 11.1 Release Candidate, Nginx 1.20.0

    Links for the day

  2. IRC Proceedings: Tuesday, April 20, 2021

    IRC logs for Tuesday, April 20, 2021

  3. Some People Who Asked to Be Removed From the Slanderous Hate Letter Against the FSF Are Still Being Denied Removal (But Not All)

    I am aware of some people (evidence is in the public domain for all to see) who asked to be removed from the hate list; their requests have not yet been processed, or simply denied. Maybe they should ask again. There are silent and selective changes.

  4. Overt Abuse and Mischaracterisations by Bully de Blanc

    The campaign to ruin the FSF and silence its founder, Richard M. Stallman (RMS), goes months prior to the hate letter set up by Bully de Blanc, her boss, and the Microsoft-sponsored OSI; they just attack the licence (GPL/copyleft) and they try to redefine things for the corporations which fund them

  5. According to StatCounter, This Month GNU/Linux Market Share on Desktops/Laptops Exceeded 2% (Based on Sites They Monitor)

    StatCounter does not monitor everything and not every machine connects to the Web, but in relative terms, based on the chart above, no doubt GNU/Linux continues growing relative to other operating systems (chart plotted based on the latest raw data, rendered in LibreOffice Calc)

  6. At the EPO, Lawlessness Has Become “a New Normal”

    Without as much as a real consultation with those who are impacted (by the EPO's gross infringements) the management of the EPO rushes ahead again, enjoying zero oversight, no legal review, and no accountability or scrutiny of any kind

  7. Links 20/4/2021: Tails 4.18 and Mark Surman in Mozilla's Board of Directors

    Links for the day

  8. Microsoft as a Censorship Machine Working to Undermine Free Software and Code Sharing (Also Sharing in General)

    Microsoft is, as usual, a tool of destruction rather than creation; it seems to be better at ruining things and censoring things, notably things that compete against Microsoft or pose a threat to Microsoft's business model (and close partners, such as RIAA)

  9. Phoronix Needs to Exercise Caution and Stay Vigilant/Careful of Microsoft

    Taking note or lessons from the blunder of Raspberry Pi (back in February), Phoronix should be careful of Microsoft 'freebies' as they're never free and there are strings attached, destined to alienate longtime supporters

  10. IRC Proceedings: Monday, April 19, 2021

    IRC logs for Monday, April 19, 2021

  11. Links 20/4/2021: EasyOS Dunfell 2.7.1, Phoronix Takes Microsoft 'Freebies', Microsoft Trying to Steal Credit for Linux on Mars

    Links for the day

  12. Richard Stallman on How UPC is a Trojan Horse for Software Patents in Europe

    Dr. Richard Stallman, the Free Software Foundation's founder, offers his analysis of the Unitary Patent (or UPC) and what it means for software patents in Europe now that the EPO increases its influence over continental law

  13. Technology Can Make Life Worse, Even in the Public Sector, Not Just the Private Sector

    There are growing concerns — increasingly justified concerns as a matter of fact — that customer service is universally going away and “COVID” has become the impenetrable shield or a cover in the face of facts, laws, and basic rights

  14. Links 19/4/2021: LibreSSL 3.3.2, OpenSSH 8.6, Firefox 88

    Links for the day

  15. Time to Move to Gemini, Wherever/Whenever Possible, as the World Wide Web is a Burden on Everybody

    A 30-minute rant about what the Web has become and the promise of gemini:// (designed to simplify everything, enable self-hosting, preserve privacy, and empower communities rather than military-connected monopolies)

  16. The Number of Signatures in the Anti-FSF Petition is Decreasing, Not Increasing

    A reader has notified Techrights that belatedly, perhaps where people’s job is at risk (we’ve heard of stories and situations wherein the employer’s view and a worker’s view diverge), the GNOME Foundation/OSI did in fact remove some people from the hate letter they had set up for their monopolistic sponsors. We do, however, still see some names in there of people who asked to be removed, so it must be a very selective process. They don’t want to lose face, so they must have made it very difficult to revoke one’s name. Exceptional circumstances? We have checked to confirm, based on the available archives, and indeed that number decreased since 10 days ago, whereas 6,415 people have thus far signed the support letter (it's still growing), so we’ve just re-plotted the chart.

  17. IRC Proceedings: Sunday, April 18, 2021

    IRC logs for Sunday, April 18, 2021

  18. How Many People Developed GNU (Maybe Hundreds) in the 1980s

    Dr. Richard Stallman, the Free Software Foundation's founder, explains how code was managed and contributed in the early days of GNU

  19. Links 19/4/2021: Linux 5.12 RC8, GNU Poke 1.2, EndeavourOS 2021.04

    Links for the day

  20. Proprietary Software (BT Hub) Has Ruined My Whole Day

    While we did have some plans to publish long articles, those plans were curtailed or at least delayed due to the fact our sole device at home not to be controlled by us (a so-called 'Smart' Hub from BT) decided to break itself and by doing so bring productivity to a standstill (that firmware update, silently installed without notice or any form of consent, managed to screw with the local network)

  21. IRC Proceedings: Saturday, April 17, 2021

    IRC logs for Saturday, April 17, 2021

  22. Tolerating the Intolerant and Lacking Tolerance for Opposing Views

    The person who shouted...

  23. Letter of Support for Richard Stallman - Doing Better in Community

    "How do you support someone you’ve known for years who is unfairly attacked and publicly maligned?"

  24. Richard Stallman on Rejecting Workplace Bureaucracy in the 1970s

    Dr. Richard Stallman, the Free Software Foundation's founder, explains what inspired him to get involved in non-software matters

  25. Renata Avila: Trying to Understand the Lynching of Stallman

    Reproduced from the original

  26. Breaking News: EDPS Admits That It is Powerless to Investigate Claims of GDPR Non-compliance at the EPO

    Nobody is truly in charge at the EDPS (and in Europe at large); they say EPO is "company" and all one can do is kindly ask the EPO itself to obey the law and stop outsourcing European data to American military contractors

  27. Links 17/4/2021: Linux 5.13 in Sight, Holland Warming up to Free Software

    Links for the day

  28. Richard Stallman Vilified by Those Who Don't Know Him, Says Sylvia Paull

    Republished "In Support of Richard Stallman"

  29. [Meme] Linux Foundation Can't Use Linux

    Two examples from yesterday, highlighting what a bunch of hypocrites run the marketing operation now disguised as ‘research’; Jason Perlow from Microsoft signed/published this newsletter highlight from the failing “Linux” Foundation — a foundation that calls itself “Linux” while its newsletter is still hosted by Microsoft Windows+proprietary IIS and this latest report is made with proprietary software on a Mac

  30. [Meme] Haters Gonna Hate, Don't Apologise to a Libelling Mob

    As was already pointed out before, you cannot appease a mob by talking back to it, certainly not by issuing an apology (putting oneself in a position of weakness)

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts