03.07.21

How To Deal With Your Raspberry Spy — Part V: All The Rest

Posted in BSD, Free/Libre Software, GNU/Linux at 2:19 am by Guest Editorial Team

By Gavin L. Rebeiro

Contents

Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge
2.2 Apparatus

3 Fundamentals

3.1 Communication
3.2 Kernel Ring Buffer
3.3 Drivers
3.4 Operating Systems
3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media
4.2 Connecting Physical Components
4.3 Using Picocom
4.4 OS Installation

5 YOU ARE HERE ☞ Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: The final part of a series on liberating the Raspberry Spy from an untrustworthy OS that secretly adds Microsoft keys and proprietary software repositories of Microsoft (see Part I, Part II, Part III, and Part IV)

THIS part is mostly addenda.

Chapter 5: Thanks

We’d like to take the opportunity to thank you, the reader. We believe everyone deserves a computing education; however, the topics of computing freedom and how computing affects our basic human rights are neglected in computing education today; at E2EOPS PRESS we strive to change this. Our goal is to inform, educate, and inspire. Computing is also a lot of fun! We want everyone to experience the joys of computing. We hope you enjoyed this issue of our periodical as much as we enjoyed bringing it to you!

Our work requires research, equipment, and infrastructure to deliver. We strive for the best quality in all we do. If you would like to support us, there are several ways you can do so. Any support we get from you enables us to bring you the best we possibly can.

We distribute all our periodicals via peer-to-peer technology. There are things we publish that some people don’t want out in the open. Thus, if you can contribute to the peer-to-peer sharing, you would be helping us out immensely!

If you would like to support us by making a cash donation, we have a Paypal account that you can send donations to:

• https://www.paypal.com/donate?hosted_button_id=B5VPZJBKLL2S6

For those that like to use QR codes, you can use the following QR code to donate to our Paypal.

If you’d like to donate in some other way, you can send an email to donations@e2eops.io and have a chat with us about it.

For encrypted communications, you can use the OpenPGP Key provided in chapter 6.

And, as always, happy hacking!

Chapter 6: OpenPGP Key

At E2EOPS PRESS, we take your privacy seriously. If you want to send us an encrypted message, you can do so with the following OpenPGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF7JMNYBDACeCfa+NpFSOUOyIKqdZdtIjEZCaLzBKQmnqLJo/5BZZiCrGK8+
MYUfBz6iiEqEJf7N0R6Kg/esyIEy35uYdiLr66fg/sEXHk5eW/9Hanex/Igk9nmg
1+eGo1sk/MQh7lUNydqOHVokhjcPHleUGiJE/F0MjDvs/xTN1HYf1uhmJOZbpL/D
oTcTssL1BB2b95QfuUViX7I/+Xoe4VSaxdVlVGGCSI8jAPqb+0PYX6N2yHllFaRI
8D4cQkKpP5z2Y9m65ALWsR0M6GBUIeYe4QzfBVwuPg7TAiSpZWDC3vPIWFsC1zbL
NT4y6bxjv9gE0S3GVXZC/bTHuVL3FNrStnMFX0z8E4c19vyo9TyTxXLKC7Qy/dWJ
Nf+3tbgNQ7yR8MBwciyQho9MltrIFTz+JXZj7xCM0QiYgTo4rBl9eczaGLZwlOJn
sybs3Ia0ZTfm5yQAQ3eJ4yKKkiCjADF6fq6AVgV0D36wgBiZnVa+zbSteamUM7L8
JN4rzqfm587d+/0AEQEAAbQgR2F2aW4gTC4gUmViZWlybyA8Z2xyQGUyZW9wcy5p
bz6JAdEEEwEKADsCGwMCHgECF4AFCwkIBwIGFQoJCAsCBBYCAwEWIQTHhRt/mdsE
uRCTt6QUP5lU/9Mq/wUCXyPcLAIZAQAKCRAUP5lU/9Mq/xtpC/9nEcxWrB5e3W1o
Xl8W9uumnwG5o2ZUYfHtQ+QVpkowdQgEFPLTBicWRPnb61eaT/60hkhH68Gb1oVZ
BHHN3YNF9qqQHqOT1iAuP0nidkHXUaz4Bbl0wR8brvY2aJO4l03sOWztQHkAoo+u
wNohHM1lwqKYN+HRWm+JyTRxw/YHkYI1Rz1aN9hUNTax1HqAm5fSq+R/VKyUZ9tI
2D93p2PK+c1SEJS1goBnlJu4HW2T7NA7oUboKG0J4h2yBV6WtSgskFEWqYEBzvxw
ZaWzooOnJRPc+CibhRuH9VJvegRCkwZcNuZfHBKkh+d30LaJJlpifnu9ADs0PkXx
HUsHlgMjUbzjztFEBmAjS8PvKOG2nJxcv362749/M6vI7KP7ktf4i+3wZLe8BC5y
hSAAQtLUBC/IratA+4NSI8lxDlNB+rrFTXzYTVGscJWlACCK4l0xaXNC0OBcRosH
oFMgSogrXrQ2SsSu8oeVOjx/HOd8tThrCKd2nd40iG5Z3fftzP+5AY0EXskw1gEM
ANpbLPGSE9gjT8aAkcK0gIhNwTwR/X9T1YCKViiOYALCzPfGYMQqATSe/J7o/ysO
+lAB0B3NExdIbwh3knhoEsXdx9zNz18q827aCdLJVuq9kizXoCkWchJ0QjgacvNe
0jGZ+o3ULIMmnWztGzNixZaAiwzalWghFuiX4pG0su8TYAN1T6DGvdb+F1rx0xo8
tb3T8RaO0VZyji3zBBNXD1ECU6dmi0AJ0zD0S5iRIXIn+QfRR2oJu9ZSR6En7PS1
b4bhJ2OnBE4ZQ3mS4aHPaeIWbeCeq8EuaVQNyv5jT3wD18DIRigOxl9XJFy1IDO+
A45hz9FwxULH1QH5bZXRmkYfcxkLMqoMci0+8XxobpmILjkSHeAo4PR8KTHpNUXf
I7rJLpufYRTHf5votrJmgbea5bfnAlSoOXMlN2XZ9oJimOTfyzItCSwb0pkghnW0
Hyo3kd5RbDcZrd6RSSVWo/41gr8SXatlkpbnEYjktFGe2Nxls6qZAgA/lqKrS9ti
7wARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+ZVP/TKv8FAl7JMNYCGwwF
CQPCZwAACgkQFD+ZVP/TKv9XAwv9Heor5YuZalOcXXiGCrqYNHuQJLbDvUpTK6wI
t9peV4t6E8oiqb0/0ezLGQSlP8RkBKUkhslVn5M6cDIxdCAlZxUIOjF1tJyHrTua
wEayHO5q84tixa00+x2/mmaDy0ddZXc4gITLgZjN4J3e9GUww4N3TUVJTZDPF+mP
eFd2HlGj3AHLtNEfsEw4HvYNNzexnom66gdDrrCIBxWRgUD2aRQKxQOquFQt2zYS
dgOXVS0eyaN81uqFHVh+tvyBKkrK8D/recaPcCXAFSv9UUcQA6jEFdC9WEjgHD7J
nRrCwOGBTZ7IvYO5+rpyh/w8k6eZYhUm3UdXYuPsxaCsSL+OW46DBP0C5sKrhxZK
thZOhll4ZYrfX1Vv4awBAB6iMZ0i+i39AQPmpvUviFGUfLkHEEsarHgPDchaOv1p
0xa11jUxU5nkqfiQj5A4h4TMP0q9tGdf1puxRZqwp8T0Jc9uQAm6wUMaaaugiXn+
BQfF5XIfOiXZx9DThhqYwO4WztdEuQINBF87rdYBEAC66OFgJa3p9d6Ets5A3NVm
XxXkCBmgIg1HG44bmKz3o2xudRP6o3bbmVI06cmfGAVmKJ0voAVsgHMsTg30iZb3
D/X9iRYTB/1suyYIgP9cRxltLLMTL4LycmrCRCnTJSMThA1V2d5brmmrWcOPmqnT
CdbOjUD5OWzGsfIkP0t+Ef4v94j574WAvpGYd7Wf5o30JKNfdOjdLOVFdp6lV9mM
FxebC1lZ6uRSeL77/XZJC4ZQ8TzhgsdgnE4M1sKvaDO+DTS3pu7+Dh+ORFQ9TQDP
ZuMBpln3UBa1evVR8bF9SgqjGo2Al8K590xGNJEHzj+BGqEKjOVN05uMoplByMdZ
pD2lRMdqgIqVXiNtBSBhv1oGQhu5fxW11Xv4Kh5BzuOMLS/0KT2cdlk06eCgWZqT
/IM5ipKYpJJgtkJ/0sU+hLq+jilAr3ZhmkxCim+9uYOZ93ypy7QiW8ldbsGEDh5S
KcU+qWGNEMHhNwuHY9ChO1hcWi/q5/mZTKXG60/q6RZRI2QxbuKsX3c8GbEea2jU
Q+v4zFp/x7G1aPRTRtqOssvBtIikBiKWBEOBwYwqpEjD6IfmWVh8wlJZx/tcBRGF
0FGpyieGAFINaQIjKURm7bHkn4bQwIZkmbAssA6ZHcl9u6/u60155K4ifuf7ChyK
8H5n6vJq4AUxQkA8kADvnwARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+Z
VP/TKv8FAl87rdYCGyAFCQHhM4AACgkQFD+ZVP/TKv9Fwgv+P20Qu7USOJfaUVN4
I52GS6R8veww4aKY16ts3XlIUl3mqbH3KoB1T+YKuqoVrNCtGeXVD0AB+BJxxrQS
BFtYq4ZgPnSo7NQST6SWbWhzJmpfuhoInGb9l8v0mwD50DrOPjeZcX7TrQN4jWft
OJQkKviCYFCu36xa84FUYxTyvA5V4TpWAgPTUVBpf8BrI2Ktw3Wc1THHqcwIszec
Mr/mexDfdCa8G78u3rgX4kZPSGFwaGK339eqlb7rMtspkKQPPmm92lYdfV/icbvw
7iaMAirgYq72qzkuIV6GMUKsTa/1wkJ54yACaLXS9A3NXDVizErWHam9TG/ce/Ll
EPUsrXTesrhqZpaHHNxnfiQOXzocrldvvdYOxBeGfMQY7fftX8GgQwMjMi2kracr
hWc1mCSMSCerTWCtRfw0CK4Au6881rAAmXDwvjU586ezv1MdBqVmN7eOeeVVGdM1
/+S5QP//oK6MEkAS8y2ZP8A/3iMlYz+SBOUSD0AJ0RZEhkhr
=JMTx
-----END PGP PUBLIC KEY BLOCK-----

Appendix A: Malicious Hardware

While doing research for this issue, I often ran into USB-to-UART bridges of the “FTDI” variety. Upon further digging,
an ugly bit of history surfaced. The FTDI modules have a reputation for sabotaging people’s hardware.

Sadly, we live in a world where this sort of thing is the norm. Pay close attention to the products you buy. You need
to practice vigilance in order to defend your computing freedom. Remember, you have control over your wallet. Don’t support malicious actors, if you have the choice (in this case you almost certainly do).

Appendix B: Linux Kernel Source Tree Analysis

The directory trees rooted at /sys and /proc are mapping of Linux kernel data structures and interfaces; you can read up on these in the Linux kernel source tree from:

• linux/Documentation/filesystems/sysfs.rst
• linux/Documentation/filesystems/proc.rst

You don’t have a local, up-to-date, copy of the Linux kernel source tree? You really should. Note that some of this
documentation is hilariously out-of-date; use the git log on a file to see the last time parts of a file was given an up-date:

 $ git log -p filename

This should give you what you need. Since the Linux kernel is developed with Git, it pays dividends to learn at least
the fundamentals of Git.

It’s a frequent occurence that people ask me how to make sense of the Linux kernel. You need the following prerequisites:

• A familiarity with the C programming language. The syntax is easy to pick up for most people because a lot of the popular programming languages in use today are based on C. Most operating systems today are written in C; the same goes for embedded systems. If you don’t have a good grasp of C, you can kiss any hopes on working on this stuff goodbye. C is not as hard as people make it out to be; just look at real code and don’t waste your time on pointless exercises. Start with the smallest real-world programs you can find – like echo(1); once you get the simple stuff, get more ambitious and look at more complicated things. The following resource is also invaluable to the novice C programmer: C reference.

• To make sense of other people’s C code (particularly spaghetti), you need a good source code tagging system. I recommend GNU Global because it works well on most Bourne Shells. Using GNU Global will enable you to look up definitions for things like functions and structs in C code easily.

• You need to learn GNU Autotools to automate the workflow of building makefiles and such. The old “./configure && make && make install” ritual stems from GNU Autotools. Learn it and embrace it. You can build truly portable software once you learn the fundamentals of GNU Autotools. You won’t understand head nor tail of embedded programming with the Linux kernel (and several other things) unless you have a grasp on the rudiments of GNU Autotools.

• Whether you like it or not, Git is an essential part of Linux kernel development. Without a firm grasp of Git fundamentals, you won’t get anywhere. While you’re at it, you should look into the standalone utilities GNU diff and GNU patch; Git is essentially an abstraction on top of these tools.

You should now have enough pointers to begin acquiring knowledge about how to make sense of the Linux kernel (and a whole lot of other things). The aforementioned prerequisites abstract to OS and embedded development and being an effective operator of your computer. These are the tools you really need to know to get anywhere.

All of this stuff applies to several other things. Once you start learning them, you’ll see what I mean. It really isn’t a lot to take in. Knowledge of this stuff will last you a lifetime. Don’t fall for the IDE X or framework Y bullshit; those are moving targets and are deliberately broken to keep people reliant on the dictators for “support”. Educate yourself; it’s the only path to computing freedom. Become an operator; don’t be a mindless consumer.

Appendix C: Digital Multimeter Tests

As always, follow the instructions in the manual of your Digital Multimeter (DMM). RTFM extra carefully, otherwise you end up with magic smoke (why you were recommended spares).

There really are only two simple things you need to test on your UTUB:

• Voltage coming out of the UTUB TX and RX pins.

• Current from the TX and RX pins.

There’s not really much more to be said here. The one bit of general advice is to use a breadboard and some jump wires, if you have access to one; crocodile clip test leads for your DMM also make life easier. Basically, try making sure you don’t short circuit your UTUB by having DMM test leads too close to each other.

Make sure the test leads are plugged into the appropriate terminals of your DMM. Always make sure the fuse of a DMM terminal is sufficient for what you’re measuring.

You can find GPIO voltage specifications of the Raspberry Spy in the official GPIO guide. Make sure you cross-check with the right CPU model’s datasheet.

You may end up needing to buy some resistors to get the right voltage and current. You can find background information useful to the novice hardware hacker from the excellent Sparkfun tutorial on pull-up resistors; follow the appropriate links to fill out gaps in your knowledge. However, most UTUBs are usable out-of-the-box (OOTB) so you shouldn’t really have much issue here. But it doesn’t hurt (unless you zap yourself) to get a bit of electronics background knowledge since you’re playing around with wires and electricity!

Index

[Editor’s note: this corresponds to the PDF version of the document]

lsblk -f, 28
sd(4), 34
/dev/ttyUSB0, 23
/proc, 43
/sys, 43
FTDI, 41
apropos(1), 18
cmdline.txt, 29
config.txt, 29
console=fb, 29
cp210x, 23, 24
dmesg(1), 18-20, 22, 25
echo(1), 44
enable_uart=1, 29
grep(1), 20
lsmod(8), 20, 25
lspci -k, 26
lsusb -t, 26
mknod(1), 24
modinfo(8), 19, 20, 23
picocom(1), 17, 24, 32,
33, 35
ttyUSB0, 23, 24
usbcore, 23
usbserial, 23
DMM, 15
EHCI, 20
HCI, 20
idProduct, 25
idVendor, 25
jump wires, 14
kernel ring buffer, 18
KRB, 18
OHCI, 20
PCI, 20
QC, 15
textttmodinfo(8), 25
UART, 17
UTUB, 13, 14

03.06.21

Corporations Do Not Represent Communities and Activists, They Just Exploit Them, Discredit Them, and Hijack Their Hard Work

Posted in Deception, Free/Libre Software, GNU/Linux, Google, IBM, Microsoft at 11:39 am by Dr. Roy Schestowitz

sex-trolling

Video download link

Summary: The AstroTurfing and the Googlebombing campaigns of large corporations would have us believe that genuine activists are toxic and malicious people, whereas corporations exist to save the world from evil people; don’t fall for those Public Relations tactics (a gross inversion of narrative)

FOR quite a few years people have warned abut the hypocrisy of mega-corporations in the field of technology, arguing that they combat racism when they in fact profit from racism. Clyde W. Ford has mentioned this in relation to IBM, which he knows very well, and also Google [1, 2]. Even employees of those companies increasingly become aware that their salaries are paid by institutional racism. Some resign. Some don’t. Some just want to pay the mortgage.

Racism is a real and persistent issue, but it won’t be tackled by corporations that profit from racism. This past week Microsoft did a great deal of veiled racism to distract from its incompetence. The sad thing is that by hijacking popular movements against racism and sexism (Mozilla Corporation does this all the time, even yesterday) those corporations harm the grassroots efforts. They help portray the activists as corporate shills while at the same time berating and demonising real grassroots/community-led efforts.

The video above deals with this difficult subject. It’s considered difficult because of the risk of being taken out of context. In the video I mostly discuss issues we’ve long covered in Techrights and I also show the Googlebombing efforts undertaken by those most culpable. Shame on IBM, shame on Google (also for taking money from Bill Gates for reputation laundering, which he desperately craves and needs), and shame on Microsoft for attacking software freedom while bribing the Linux Foundation for openwashing and greenwashing.

How To Deal With Your Raspberry Spy — Part III: Fundamentals

Posted in BSD, Free/Libre Software, GNU/Linux at 6:12 am by Guest Editorial Team

By Gavin L. Rebeiro

Contents

Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge
2.2 Apparatus

3 YOU ARE HERE ☞ Fundamentals

3.1 Communication
3.2 Kernel Ring Buffer
3.3 Drivers
3.4 Operating Systems
3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media
4.2 Connecting Physical Components
4.3 Using Picocom
4.4 OS Installation

5 Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: Following the introductory and preliminary parts (Part I and Part II) we dive deeper into the steps taken to replace the Raspberry Pi’s GNU- and Linux-based OS with something like NetBSD

Now that you know what you need to get started, let’s gently walk through an overview of the fundamental ideas and topics that we’ll be engaging and experimenting with.

The order of topics may seem strange at first but things should make sense as you move on.

3.1 Communication

If we want two computers to communicate, there needs to be some protocol that they both speak.

If we want two computers to communicate, there needs to be a physical medium over which they can communicate.

Almost all computers and their peripherals communicate over USB these days. But when it comes to getting into the nitty-gritty details, you will often find UART humbly serving the same purpose it has for decades of computing. Fortunately for us, almost every embedded system these days supports UART; this includes the Raspberry Spy.

“Why bother with this anachronistic technology? Glad you asked!”We’ll be using our UTUB to install a new OS on our Raspberry Spy over a serial interface (UART). The program that we’ll be using to do this serial communication is picocom(1).

Why bother with this anachronistic technology? Glad you asked! Once you know how to operate something like a UTUB and a program like picocom(1), you can “break into” several devices and modify them how you wish. Routers, motherboards,
embedded systems, etc. all tend to have some sort of serial interface on them. Once you learn the basics, you are equipped to liberate yourself and gain more computing freedom.

But wait. Isn’t all this embedded stuff way too difficult and only for “experts”? HOGWASH! You can do it too. Don’t
fall for the propaganda. You are perfectly capable of doing a bit of serial hacking to liberate your devices. You paid for them, after all. You should be able to do whatever you want with them (and you will). Onwards!

3.2 Kernel Ring Buffer

What on earth is a “kernel ring buffer” (KRB)? Ever heard of dmesg(1)? dmesg(1) is what you use to read the KRB. Not so scary now. Is it?

Why is the KRB important? Well: when you plug in (or out) a device, you can see the messages show up in the KRB. If you learn how to pay attention to the KRB, when you are working with hardware, you will become a lot better at trouble-shooting your own problems. Take strings you don’t understand and plop them into your favourite search engine; try the apropos(1) command as well.

As we progress with our project, we’ll see how to leverage dmesg(1) to our advantage. Learning proper use of dmesg(1)
is an essential skill if you want to improve and maintain your computing freedom; dmesg(1) allows you to demystify the inner workings of your computer and get clues on how to fix problems yourself.

3.3 Drivers

Say you plug in your mouse or keyboard into your computer; or even plug them out. The software responsible for translating the physical signals from the mouse or keyboard, to the intermediary physical devices, to the more abstract layers of your operating system (like stuff you see on the screen) is called the kernel; this is the “Linux” part of GNU/Linux.

The kernel is the layer of software that sits between the physical hardware and the more abstract levels of software that gives you an “operating system”. When you plug in or out your keyboard or mouse, the Kernel has programs which recognise those types of devices and then loads the appropriate software required to use those physical devices; such software are called “device drivers”.

All of the above is a bit vague. Let’s take a look at what this looks like in practice; I’m going to plug out and plug back in my mouse while staring at dmesg(1):

1   # dmesg --human --follow
2   ...
3   [Feb19 17:26] usb 7-4: USB disconnect, device number 2
4   [ +25.036175] usb 7-4: new low-speed USB device number
            → 4 using ohci-pci
5   [ +0.193047] usb 7-4: New USB device found, 
            → idVendor=0461, idProduct=4d81, bcdDevice= 2.00
6   [ +0.000006] usb 7-4: New USB device strings: Mfr=0,
            → Product=2, SerialNumber=0
7   [ +0.000004] usb 7-4: Product: USB Optical Mouse
8   [ +0.007570] input: USB Optical Mouse as 
            → /devices/pci0000:00/0000:00:16.0/usb7/7-4/7-4:1.0/0 c
            → 003:0461:4D81.0005/input/input18
9   [ +0.000303] hid-generic 0003:0461:4D81.0005: 
            → input,hidraw3: USB HID v1.11 Mouse [USB Optical
            → Mouse] on usb-0000:00:16.0-4/input0

We’ll briefly analyse this output and introduce a few important tools in the process.

The first thing to note is this string “using ohci-pci”. It’s time to bring in the Linux-specific tool modinfo(8); let’s take a look at what we’re dealing with:

1 $ modinfo ohci_pci
2   name:        ohci_pci
3   filename:    (builtin)
4   softdep:     pre: ehci_pci
5   license:     GPL
6   file:        drivers/usb/host/ohci-pci
7   description: OHCI PCI platform driver

That output is quite self-explanatory. We see the name of the kernel module; we see that its a builtin kernel module (which means it’s compiled into the kernel). “softdep” stands for soft dependency. We see that the license is GPL. We see the location in the kernel source tree this kernel module resides. And, finally, we see a short description of the kernel module.

I hope, at the point, you’ve realised that “kernel module” is synonymous with “driver”. See? Not that complicated.

So what does this have to do with our USB mouse? Well: when it comes to interfaces, there’s usually a few things that sit between your device and the userspace of your operating system. I’ll leave it as a research project for you to figure out what “HCI”, “OHCI”, “EHCI”, “PCI”, etc. mean.

The next crucial bit of driver information here is the “hid-generic” part; find out what this kernel module does with modinfo(8).

The next thing I want you to do is have a look at the output of the Linux-specific tool lsmod(8); Note the column headers. grep(1) through the lsmod(8) output for the following strings:

• usbhid
• hid_generic
• hid

The “USB HID v1.11 Mouse” from our dmesg(1) output should give us a good idea of what’s going on here. Don’t know what
“USB HID” means? Look it up. Find out what the above kernel modules do, from the stuff you’ve already learned so far.

Let’s take a look at some sample lsmod(8) output:

1 $ cat <(lsmod | head -n 1) <(lsmod | grep hid)
2 Module                     Size Used by
3 mac_hid               16384  0
4 hid_generic           16384  0
5 usbhid                57344  0
6 hid                  135168  2 usbhid,hid_generic

You’ve now got a bit of background knowledge to make sense of what’s going on when you plug things in and out of your GNU/Linux unit.

3.4 Operating Systems

We’re going to be a bit adventurous with our choice of OS to put on the Raspberry Spy. We’re going to go with NetBSD; this is a great OS for embedded systems and one you should be familiar with if you plan on doing any embedded work.

NetBSD is an OS with its own kernel and userspace. Thus, NetBSD runs the NetBSD kernel and NetBSD userspace utilities; this is in contrast to the Linux kernel and GNU userspace (GNU/Linux)1.

NetBSD is quite a beginner-friendly BSD because it has ample documentation; the fact that NetBSD has the primary focus of portability also means you can learn a great deal about portability from several perspectives.

A side note here. Avoid usage of package managers. They are bad for your freedom; to most people, package managers are entirely opaque systems that turn the computer operator into a mere consumer. Learn how to build your software from source code. This way you see all the dependencies2.

The opaque package manager is exactly how the Raspberry Spy Foundation smuggled in spyware into the Raspberry Spy. If you build all your programs from source code, you would be less vulnerable to these espionage tactics3.

You should be the operator of your computer, not a “user”. A “user” is effectively being “used” because they are treated like stupid consumers that get dictated to by other people. Don’t fall for this “user” trap. Be the operator of your computer; take back control; education is the true path to computing freedom.

Note that a lot of these operating systems we’re talking about follow some version of the POSIX specification (with varying degrees of compliance).

3.5 Special Files

It’s important to understand how special files relate to device drivers. What’s a special file? Glad you asked.

Let’s take a look at our friend dmesg(1) as we plug in our UTUB:

1  [Feb22 12:13] usb 7-1: new full-speed USB device number
    → 3 using ohci-pci
2  [ +0.202882] usb 7-1: New USB device found,
    → idVendor=10c4, idProduct=ea60, bcdDevice= 1.00
3  [ +0.000006] usb 7-1: New USB device strings: Mfr=1,
    → Product=2, SerialNumber=3
4  [ +0.000003] usb 7-1: Product: CP2104 USB to UART
    → Bridge Controller
5  [ +0.000003] usb 7-1: Manufacturer: Silicon Labs
6  [ +0.000003] usb 7-1: SerialNumber: 010C48B4
7  [ +0.024088] usbcore: registered new interface driver
    → usbserial_generic
8  [ +0.000010] usbserial: USB Serial support registered
    → for generic
9  [  +0.003272] usbcore: registered new interface driver
    → cp210x
10 [  +0.000025] usbserial: USB Serial support registered
    → for cp210x
11 [  +0.000081] cp210x 7-1:1.0: cp210x converter detected
12 [  +0.010528] usb 7-1: cp210x converter now attached to
    → ttyUSB0

Bit of a mouthful. Let’s break it down into pieces that we can actually digest:

• Take a look at the Linux kernel modules usbcore, usbserial, and cp210x with modinfo(8). Not so scary now. Is it?

• Next, have a look at the line “usb 7-1: cp210x converter now attached to ttyUSB0”. You should understand all the lines leading up to this one; however, we need to do a bit of digging to find out what this whole “ttyUSB0” business is about. We’ll look into some other helpful things in the process.

Here we have a special file called ttyUSB0; So uh where is this file? Let’s see:

1  $ find / -name "ttyUSB0" 2> /dev/null
2  /dev/ttyUSB0
3  /sys/class/tty/ttyUSB0
4  /sys/devices/pci0000:00/0000:00:16.0/usb7/7-1/7-1:1.0/t c
       → tyUSB0
5  /sys/devices/pci0000:00/0000:00:16.0/usb7/7-1/7-1:1.0/t c
       → tyUSB0/tty/ttyUSB0
6  /sys/bus/usb-serial/devices/ttyUSB0
7  /sys/bus/usb-serial/drivers/cp210x/ttyUSB0

The path we really want here is “/dev/ttyUSB0”4. Time to do a quick check:

1  $ ls -al /dev/ttyUSB0
2  crw-rw---- 1 root dialout 188, 0 Feb 22 12:13
      → /dev/ttyUSB0

The “c” in “crw-rw–” tells us that this is a character file. The “188, 0” tells us that the “major” and “minor” number, respectively, of this special “character file”. These files are created with mknod(1). The following can be a useful pointer, when you are lost:

1  $ file --mime /dev/ttyUSB0
2  /dev/ttyUSB0: inode/chardevice; charset=binary

Good stuff. We’re getting somewhere. To find a full list of what these major and minor numbers refer to, we can have a look in the Linux kernel source tree:

1  $ less linux/Documentation/admin-guide/devices.txt
2 ...
3  188 char       USB serial converters
4           0 = /dev/ttyUSB0     First USB
                    → serial converter
5           1 = /dev/ttyUSB1     Second USB
                    → serial converter
6             ...
7 ...

That’s that part demystified. Isn’t learning great? Now you know where to get the right numbers if you want to use mknod(1) manually on GNU/Linux systems5.

Now what does all of this mean? We essentially have “cp210x” which is a discrete Linux kernel module; this Linux kernel module is then “attached” to the special file ttyUSB0; it’s this special file ttyUSB0 that the program picocom(1) will be attached to, in order to perform serial communications.

You can also see where the different parameters like “idVendor” and “idProduct” come from by taking a look at the appropriate path in the Linux kernel source tree:

1  find ./ -regex ".*cp210x.*"
2  ./drivers/usb/serial/cp210x.c
3  $ less drivers/usb/serial/cp210x.c
4  ...
5  { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs
        → factory default */
6  ...

On GNU/Linux systems, you should also take a look at the path /usr/share/misc/usd.ids:

1  $ less /usr/share/misc/usb.ids
2  ...
3  10c4 Silicon Labs
4  ...
5           ea60 CP210x UART Bridge
6  ...

Now let’s have a look at what it looks like when we pull out our UTUB:

1  $ dmesg --human --follow
2  ...
3  [Feb22 15:45] usb 7-1: USB disconnect, device number 3
4  [ +0.000384] cp210x ttyUSB0: cp210x converter now
       → disconnected from ttyUSB0
5  [ +0.000164] cp210x 7-1:1.0: device disconnected

There you have it! You should understand what’s going on in that output, with your new knowledge of Linux kernel internals. Remember, tools like lsmod(8), modinfo(8), and dmesg(1) are the first things you should look at when you plug things in and out of your GNU/Linux box. This stuff is incredibly simple, if you know where to look; now you know where to look! No need to be afraid.

Finally, we have the commands:

 $ lscpi -k

and

 $ lsusb -t

You now know enough to figure out yourself what you get from lspci -k and lsusb -t6.

You now have a healthy dose of knowledge injected into your grey matter to enable you to handle special files on GNU/Linux systems7.
_____
1 Technically, there’s also different bootloaders to worry about but we’re going to ignore bootloaders for now as we have enough to deal with. It’s also very unfair to GNU to just call it “userspace”; GNU gave the world things like the GNU Compiler Collection and GNU Autotools – things without which much of software today wouldn’t exist; there seems to be mass amnesia in the computing world around this, whether it be deliberate or not. And guess what? GNU was about freedom, first and foremost.
2 i.e., how much junk the software you want to use depends on. It’s a great way to filter out bloatware. You will also be able to learn to spot “common denominator” programs software of a certain type depends on. Often, this will enable you to refine your criteria for a program in order to find exactly what you need – opposed to what you think you need (or what others make you think you need).
3 However, don’t think you’re entirely immune, if you compile everything from source. Much has been infiltrated at the source code level.
4 The other paths are just as interesting. See Appendix B for details on the specifics.
5 A skill every GNU/Linux operator should have.
6 Don’t know what the options mean? RTFM.
7 Some of this special file handling knowledge applies to other POSIX-like operating systems as well, with minor details changed.

03.05.21

How To Deal With Your Raspberry Spy — Part II: Introduction

Posted in Free/Libre Software, GNU/Linux, Hardware at 9:01 pm by Guest Editorial Team

By Gavin L. Rebeiro

Contents

Cover

Copyright

1 Acknowledgements

2 YOU ARE HERE ☞ Introduction

2.1 Prerequisite Knowledge
2.2 Apparatus

3 Fundamentals

3.1 Communication
3.2 Kernel Ring Buffer
3.3 Drivers
3.4 Operating Systems
3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media
4.2 Connecting Physical Components
4.3 Using Picocom
4.4 OS Installation

5 Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: Following Part I, published a few hours ago, let’s examine what happened from a technical perspective and what can be done about it technically

We don’t want to be spied on; what happens when we’re faced with an operating system that spies on people? We throw it in the trash where it belongs! I am boycotting the Raspberry Spy myself (you’re free to join me in doing so) but I don’t want people to waste hardware that they already have. So we’re going to walk through an interesting path of installing a different operating system on the Raspberry Spy; I want to show you a few things that will empower you to take greater control over your computing.

We’ll gently walk through and explore the following: how to install an operating system on an embedded device (a Raspberry Spy, in this case) over a USB-to-UART bridge (UTUB). This is the main project we’ve got on our hands. Don’t worry if you’ve never touched embedded systems before; everything here is accessible to people with a modest set of prerequisite knowledge and some basic apparatus.

We’ll delve into things with more depth as we move forward with our project; if you don’t understand something when you first encounter it, just keep reading.

2.1 Prerequisite Knowledge

There’s not much prerequisite knowledge required. Here’s what you need to know:

• A basic grasp of how to operate a shell on a GNU/Linux system. GNU Bash is an example. You don’t need to know how to write shell scripts. Knowledge of how to use the shell interactively will suffice.

That’s it. Really. Anything else you need you will pick up on the way.

2.2 Apparatus

You will need the following apparatus:

• A Raspberry Spy. I’ve got the Raspberry Spy Model 3 B+ so that’s what I’ll be using in this project.

• A working Internet connection.

• A USB thumb drive (used as boot media) for the Raspberry Spy.1

• A power supply for the Raspberry Spy.

• A USB-to-UART bridge (UTUB). I’ve got a CP2104 from Silicon Labs; this is widely available and you can pick it up from an online retailer. You want a module that has all the necessary pins and peripherals already packaged into one, neat, unit. I believe the specific module I have is by WINGONEER.

• 3 female-to-female jump wires.

• A computer with any recent GNU/Linux installed on it. The computer needs to have a working USB port.

• A generic microSD card reader/writer. I have an Anker AR200.

It’s likely that you already have the apparatus to operate your Raspberry Spy. Just acquire the additional bits that you don’t already have. The list here is just for completeness.

Here’s some extra equipment that will make your life easier:

• When you’re dealing with electronics, you should heed the old idiom of “two is one and one is none”. Get spares of whatever you can, as a rule.

• A digital multimeter (DMM) with spare fuses for the multimeter. Being able to do some quality control (QC) before you hook up your UTUB to your hardware is going to give you peace of mind. Don’t skimp on the spare fuses for the DMM; it’s easy to forget how much current you’ve got flowing through a circuit and fry the DMM’s fuse by accident2.

• A 2M or longer USB extension cable. Male-to-female is what you want here. You plug in the male part to your computer and the female part is open for receiving the UTUB. This makes life a lot easier (and safer).

• Nitrile gloves. Helps keep you safe.

• Safety goggles. Again, doesn’t hurt to be careful.

You should now have everything you need to get started!
_____
1 If you’ve got a Raspberry Spy that can only accept an SD card as boot media, you don’t need to fret too much. The procedure is the same; you just write the OS image to an SD card instead of a USB thumb drive. Fixing quirks of SD card installations are, however, out of scope of this project; you should refer to the relevant documentation, IRC chats, and mailing lists. I will provide links to boot-media-specific information, when we discuss boot media; this should give you a starting point to troubleshoot issues.
2 Real fuses were harmed during the making of this document.

03.03.21

Free Software Calling

Posted in Free/Libre Software at 8:38 pm by Dr. Roy Schestowitz

I have freedom to leave the home once a day to poop twice or thrice

Summary: Fewer people are willing to “put up with the shit” given by so-called ‘Big Tech’, seeing that it’s mostly about social control rather than enablement or emancipation

FREE software is needed for a Free (as in freedom) society. What’s a free society? Glad you asked! Over the past (almost) 12 months we in the UK have been mostly confined to small spaces, discouraged from meeting other people. At the same time encryption was being demonised as a tool of terrorism, so most person-to-person communication was wiretapped or at least recorded.

“Free will requires an understanding that one isn’t under pressure, whether real or perceived, e.g. the freedom to express particular unpopular viewpoints, even over the telephone.”What’s so horrible about that? Let’s examine what the Stasi Museum says or is intended to remind citizens of Germany. I haven’t gone inside, but I went past it 2 years ago. “The museum has approximately 100,000 visitors per year,” says Wikipedia.

Free will requires an understanding that one isn’t under pressure, whether real or perceived, e.g. the freedom to express particular unpopular viewpoints, even over the telephone. What’s unpopular isn’t unlawful. As we noted half a decade ago, EPO examiners became quite mortified by the phones on their desks, correctly assuming everything can be recorded and may/will be used against them. That’s a symptom of freedom being lost; it’s a supine, oppressed society being made ever more subservient, unwilling to even talk about corruption (by those who might be listening).

So what’s Free (libre) software? That’s software that doesn’t actually care if a government mandates back doors in encryption or bans real E2EE.

At this moment in time we need more, not less, privacy and free speech. We need software that respects our freedom instead of spying on us. If you haven’t had time to explore software freedom, there may never be a better time in the future. Lock-downs have given most people a lot more spare time (I myself have had a highly productive year). To get started visit gnu.org and learn some of the motivations for it all. Don’t be misled by corporate front groups of monopolies (e.g. the Linux Foundation, which acts as a middleman for monopolies looking to hook up with media so as to whiten their bad reputation).

Software freedom isn’t about cost-saving even though it can, in practice, reduce spendings (there’s more to life than money). Ask people in long-repressed countries how much they value autonomy and real freedom (if they ever experienced any). With surging censorship (there’s huge uprising against social control media, including YouTube) it’s clear that we’re only losing, not gaining, freedom. Unless we walk away from the state- (and sometimes military-) sponsored cabal looking to control minds and hearts by misinformation, spying, and censorship.

What Free Software Organisations Can Learn From Australia’s Rape Crisis

Posted in Australia, Free/Libre Software at 12:34 pm by Guest Editorial Team

Reprinted with permission from Daniel Pocock

IN a few previous blogs, I’ve quoted the following clause from the Association for Computing Machinery (ACM) Code of Ethics, to emphasize what is wrong with Codes of Conduct:

professionals should be forthright about any circumstances that might lead to either real or perceived conflicts of interest or otherwise tend to undermine the independence of their judgment.

The latest news from Australia is that the Attorney General is one of the suspects. A woman made an allegation of rape and then committed suicide. Both the federal and state police have declined to investigate the case. Many cases end this way, only approximately three percent are successfully prosecuted. He explains why he should not resign from his post on the basis of an accusation alone.

We see a similar trend in Australian football. Only very few players have been taken to trial.

For just about any other leadership figure his arguments may be acceptable. For the minister responsible for enforcing the law, there is a perceived conflict of interest.

It was less than two years ago that the High Court of Australia gave a verdict acquitting Cardinal George Pell of his conviction for abuse. It was probably the most widely publicised verdict in the history of Australian justice. If the allegations against the Attorney General ever proceed to trial, he may perceive himself facing the High Court at some time in the not too distant future. As Attorney General, he is also responsible for recommending the appointment of judges to the court.

High court justices: High Court of Australia, justices, Cardinal George Pell

There is a possibility that this man will be involved in choosing his judge. No other citizen would have this influence in the same situation.

This is where people may perceive a conflict of interest, or to put it bluntly, the average man on the street can smell a rat.

Australian Parliament House, dead rat

We have finally come full circle and we see a G20 country being run like a free software organization.

To say there is a perceived conflict of interest is not an accusation of wrongdoing. The trial may never happen. Nonetheless, this type of thing erodes confidence.

We’ve seen exactly the same thing in multiple free and open source software organizations. We see people publicly boasting about it. Ironically, one of the most hideous incidents occurred in the FOSDEM Legal and Policy issues dev-room. A speaker stood up and used cat pictures to ridicule other volunteers, including somebody volunteering at the very same event. In the same talk, the speaker admits making unilateral judgments about volunteers. She talks about making judgments in disputes where she was a party to the dispute.

Credible organizations seek independent and impartial assistance to mediate or advise in the situations described by de Blanc.

Molly de Blanc, cat behind bars, FOSDEM 2019, bullying, harassment, abuse, enforce, code of conduct

When people ask about romantic relationships or business relationships between decision-makers in large free-software organizations, these are questions about perceived conflicts of interest. These are not invasions of privacy nor are they accusations of actual wrongdoing. The perception or risk of wrongdoing is enough to justify those questions. That is exactly what Stephanie Taylor of Google was complaining about recently in the Outreachy and GSoC conflict of interest scandal. Taylor thought the relationship itself was justification to expel a student yet people stubbornly refuse to disclose their relationships in so many other situations.

Ironically, when Cardinal Pell arrived at the County Court for his sentencing in 2018, he was carrying a character reference from Australia’s former Prime Minister, John Howard. Even if the allegations were false, the fact remains that of 8,000 cases of child abuse investigated in the recent Royal Commission, almost a third involved the Catholic Church. Many of these occurred on Pell’s watch, while he was Arch-Bishop. It may have been prudent for the former Prime Minister to hold back the reference until the survivors receive answers.

GNU/Linux News Sites Need to Promote Software Freedom, Not Binary and Proprietary Blobs Merely Compiled for GNU/Linux

Posted in Deception, Free/Libre Software, GNU/Linux at 8:56 am by Dr. Roy Schestowitz

Video download link

Summary: There has been lots of proprietary fluff in GNU/Linux ‘news’ sites so far this week; it merits an explanation or clarification, e.g. why we should generally reject proprietary stuff and instead promote Free/libre alternatives

THE trend that has been getting a tad worrying so far this week is a sort of openwashing or the promotion of proprietary software for GNU/Linux (or both at the same time). To some people the vision — or the ultimate goal — isn’t shared by the traditional userbase. Maybe they think the goal of GNU/Linux was all along just to emulate Windows (but cost a little less). Free software and code hackers, e.g. GNU developers (and Linux also, a decade or so later), didn’t work for 30+ years developing Free/libre software just so that they can save $50 on a Windows licence… there are altruistic motives and philosophical/ideological reasons.

“In the case of Evernote, it’s purely proprietary, so we should advocate Free alternatives to it (free as in freedom).”There’s something particularly amusing about proprietary software being pushed in a site called “It’s FOSS” (maybe they can rebrand as “It’s PROPRIETARY”), both today and yesterday, as we note in the video above. The video covers Evernote [1, 2] and ONLYOFFICE [1, 2], based on three separate sites (most of them called “Linux” something).

ONLYOFFICEMaybe this reaffirms the long belief that we need to say “GNU/Linux” not just because of fairness or attribution but as means of reminding people what we really strive for and what makes us special/unique (some foolishly thinks swapping masters, e.g. moving from Microsoft to Apple, is the important objective).

In the case of Evernote, it’s purely proprietary, so we should advocate Free alternatives to it (free as in freedom). In the case of ONLYOFFICE, it is a little complicated. Their products are proprietary software and those have some “community” code on proprietary Microsoft GitHub. That does not, however, make ONLYOFFICE “open source” but a classic case of openwashing. We covered this issue in greater depths around 2019 and we’ve spoken of openwashing since 2007 or 2008.

03.02.21

Pocock on Removing Cognitive Bias Around Consent

Posted in Deception, Free/Libre Software at 9:30 am by Dr. Roy Schestowitz

Reprinted with permission from Daniel Pocock

Having helped a number of groups in the Balkans, I’ve visited Tirana quite a few times and walked past the home of former dictator Enver Hoxha. Pictures of his basement were recently published around the world. Prisoners would be brought there, bound and drugged to be interrogated.

In Australia, when we hear about an intoxicated woman being taken into the defence minister’s office in the middle of the night some people seem to think it is more like a date gone wrong than the ordeals of those prisoners in Albania. In the mind of a victim, it is nothing like a date.


Enver Hoxha mansion, Tirana, Albania, Brittany Higgins, Bruce Lehrmann, defence minister, sofa

Yet everybody else just went about their duties as if this was business as usual. A few days later, the Minister conducted a meeting with the victim in the same location as the assault.

If the victim couldn’t even sign the security log, how could the security staff imagine she would perform any normal duties? What, then, was the justification for her to be granted entry?

Did visitors to Enver Hoxha’s villa sign the security book? Were they invited back for tea?


Australian Parliament House, leaked security log

The woman concerned has demonstrated incredible courage by making her story public and that makes it even more compelling for people to ask questions like that.

When I wrote about the falsification of abuse claims against Jacob Appelbaum, I was thinking about the way such vendettas undermine the credibility of real abuse victims. The people who use the word abuse for just about every minor spat in the free, open source software community are stealing from the experiences of women like those coming forward in Australia today.


Chanel Contos, Kambala, Instagram

It is worth looking at the 70 page log of anonymous abuse reports from young women in Sydney and comparing it to the the falsified accusations against Jacob Appelbaum. The difference is immediately obvious.

One of the most startling scenes I saw in the Balkans was a man raising his voice at female volunteers in exactly the same manner as one of the more controversial members of Australia’s parliament. Yet whenever other men try to defend women in these cases, we are accused of rocking the boat or subject to counter accusations.

It is interesting how the blog I posted in November opens with a woman’s story about consent in a different context. Education about consent is the key demand of Chanel Contos and her friends. How can society give young people any credible education about consent when we have the constant surveillance of social media, invasive imaging systems at airports and all these other unwanted intrusions on a daily basis?

In 2015, security staff at Melbourne Airport were disciplined after a pat down search of the Foreign Minister, Julie Bishop. In the context of consent, does a deliberate pat down search from these bullies feel any less desirable than unwanted physical contact ordered by a machine?


Melbourne Airport

Reforming views of consent requires much more than the improved school curriculum these women are rightly asking for.

After my observations in the Balkans, one of the choices I made was to invest some of my time during the pandemic in the online course on Data, Economics and Development Policy now offered by MIT. Although it has a much stronger focus on data, it considers some of the same issues addressed by the course Miss Contos decided to pursue at University College London. It is an uncanny coincidence, although it was many years before the current crisis, I completed my high school education at one of the schools for boys that Miss Contos has drawn attention to. Many men from every corner of Australian society share the concerns of these women.

Enrolments in this semester of the MIT DEDP MicroMasters are closing between 9 and 12 March. People can start immediately online doing just a single subject or all five.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts