Bonum Certa Men Certa
Links 6/3/2021: Linux 5.12 RC2 and OpenSUSE Tumbleweed Woes | Links 6/3/2021: “SLS” Mitigation and Exiv2/KDE Project

How To Deal With Your Raspberry Spy -- Part III: Fundamentals

By Gavin L. Rebeiro

Contents



Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge 2.2 Apparatus

3 YOU ARE HERE ☞ Fundamentals

3.1 Communication 3.2 Kernel Ring Buffer 3.3 Drivers 3.4 Operating Systems 3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media 4.2 Connecting Physical Components 4.3 Using Picocom 4.4 OS Installation

5 Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: Following the introductory and preliminary parts (Part I and Part II) we dive deeper into the steps taken to replace the Raspberry Pi's GNU- and Linux-based OS with something like NetBSD

Now that you know what you need to get started, let’s gently walk through an overview of the fundamental ideas and topics that we’ll be engaging and experimenting with.



The order of topics may seem strange at first but things should make sense as you move on.

3.1 Communication

If we want two computers to communicate, there needs to be some protocol that they both speak.

If we want two computers to communicate, there needs to be a physical medium over which they can communicate.

Almost all computers and their peripherals communicate over USB these days. But when it comes to getting into the nitty-gritty details, you will often find UART humbly serving the same purpose it has for decades of computing. Fortunately for us, almost every embedded system these days supports UART; this includes the Raspberry Spy.

"Why bother with this anachronistic technology? Glad you asked!"We’ll be using our UTUB to install a new OS on our Raspberry Spy over a serial interface (UART). The program that we’ll be using to do this serial communication is picocom(1).

Why bother with this anachronistic technology? Glad you asked! Once you know how to operate something like a UTUB and a program like picocom(1), you can “break into” several devices and modify them how you wish. Routers, motherboards, embedded systems, etc. all tend to have some sort of serial interface on them. Once you learn the basics, you are equipped to liberate yourself and gain more computing freedom.

But wait. Isn’t all this embedded stuff way too difficult and only for “experts”? HOGWASH! You can do it too. Don’t fall for the propaganda. You are perfectly capable of doing a bit of serial hacking to liberate your devices. You paid for them, after all. You should be able to do whatever you want with them (and you will). Onwards!

3.2 Kernel Ring Buffer

What on earth is a “kernel ring buffer” (KRB)? Ever heard of dmesg(1)? dmesg(1) is what you use to read the KRB. Not so scary now. Is it?

Why is the KRB important? Well: when you plug in (or out) a device, you can see the messages show up in the KRB. If you learn how to pay attention to the KRB, when you are working with hardware, you will become a lot better at trouble-shooting your own problems. Take strings you don’t understand and plop them into your favourite search engine; try the apropos(1) command as well.

As we progress with our project, we’ll see how to leverage dmesg(1) to our advantage. Learning proper use of dmesg(1) is an essential skill if you want to improve and maintain your computing freedom; dmesg(1) allows you to demystify the inner workings of your computer and get clues on how to fix problems yourself.

3.3 Drivers

Say you plug in your mouse or keyboard into your computer; or even plug them out. The software responsible for translating the physical signals from the mouse or keyboard, to the intermediary physical devices, to the more abstract layers of your operating system (like stuff you see on the screen) is called the kernel; this is the “Linux” part of GNU/Linux.

The kernel is the layer of software that sits between the physical hardware and the more abstract levels of software that gives you an “operating system”. When you plug in or out your keyboard or mouse, the Kernel has programs which recognise those types of devices and then loads the appropriate software required to use those physical devices; such software are called “device drivers”.

All of the above is a bit vague. Let’s take a look at what this looks like in practice; I’m going to plug out and plug back in my mouse while staring at dmesg(1): 

1   # dmesg --human --follow
2   ...
3   [Feb19 17:26] usb 7-4: USB disconnect, device number 2
4   [ +25.036175] usb 7-4: new low-speed USB device number
            → 4 using ohci-pci
5   [ +0.193047] usb 7-4: New USB device found, 
            → idVendor=0461, idProduct=4d81, bcdDevice= 2.00
6   [ +0.000006] usb 7-4: New USB device strings: Mfr=0,
            → Product=2, SerialNumber=0
7   [ +0.000004] usb 7-4: Product: USB Optical Mouse
8   [ +0.007570] input: USB Optical Mouse as 
            → /devices/pci0000:00/0000:00:16.0/usb7/7-4/7-4:1.0/0 c
            → 003:0461:4D81.0005/input/input18
9   [ +0.000303] hid-generic 0003:0461:4D81.0005: 
            → input,hidraw3: USB HID v1.11 Mouse [USB Optical
            → Mouse] on usb-0000:00:16.0-4/input0


We’ll briefly analyse this output and introduce a few important tools in the process.

The first thing to note is this string “using ohci-pci”. It’s time to bring in the Linux-specific tool modinfo(8); let’s take a look at what we’re dealing with: 

1 $ modinfo ohci_pci
2   name:        ohci_pci
3   filename:    (builtin)
4   softdep:     pre: ehci_pci
5   license:     GPL
6   file:        drivers/usb/host/ohci-pci
7   description: OHCI PCI platform driver


That output is quite self-explanatory. We see the name of the kernel module; we see that its a builtin kernel module (which means it’s compiled into the kernel). “softdep” stands for soft dependency. We see that the license is GPL. We see the location in the kernel source tree this kernel module resides. And, finally, we see a short description of the kernel module.

I hope, at the point, you’ve realised that “kernel module” is synonymous with “driver”. See? Not that complicated.

So what does this have to do with our USB mouse? Well: when it comes to interfaces, there’s usually a few things that sit between your device and the userspace of your operating system. I’ll leave it as a research project for you to figure out what “HCI”, “OHCI”, “EHCI”, “PCI”, etc. mean.

The next crucial bit of driver information here is the “hid-generic” part; find out what this kernel module does with modinfo(8).

The next thing I want you to do is have a look at the output of the Linux-specific tool lsmod(8); Note the column headers. grep(1) through the lsmod(8) output for the following strings:

● usbhid ● hid_generic ● hid

The “USB HID v1.11 Mouse” from our dmesg(1) output should give us a good idea of what’s going on here. Don’t know what “USB HID” means? Look it up. Find out what the above kernel modules do, from the stuff you’ve already learned so far.

Let’s take a look at some sample lsmod(8) output: 

1 $ cat <(lsmod | head -n 1) <(lsmod | grep hid)
2 Module                     Size Used by
3 mac_hid               16384  0
4 hid_generic           16384  0
5 usbhid                57344  0
6 hid                  135168  2 usbhid,hid_generic


You’ve now got a bit of background knowledge to make sense of what’s going on when you plug things in and out of your GNU/Linux unit.

3.4 Operating Systems

We’re going to be a bit adventurous with our choice of OS to put on the Raspberry Spy. We’re going to go with NetBSD; this is a great OS for embedded systems and one you should be familiar with if you plan on doing any embedded work.

NetBSD is an OS with its own kernel and userspace. Thus, NetBSD runs the NetBSD kernel and NetBSD userspace utilities; this is in contrast to the Linux kernel and GNU userspace (GNU/Linux)1.

NetBSD is quite a beginner-friendly BSD because it has ample documentation; the fact that NetBSD has the primary focus of portability also means you can learn a great deal about portability from several perspectives.

A side note here. Avoid usage of package managers. They are bad for your freedom; to most people, package managers are entirely opaque systems that turn the computer operator into a mere consumer. Learn how to build your software from source code. This way you see all the dependencies2.

The opaque package manager is exactly how the Raspberry Spy Foundation smuggled in spyware into the Raspberry Spy. If you build all your programs from source code, you would be less vulnerable to these espionage tactics3.

You should be the operator of your computer, not a “user”. A “user” is effectively being “used” because they are treated like stupid consumers that get dictated to by other people. Don’t fall for this “user” trap. Be the operator of your computer; take back control; education is the true path to computing freedom.

Note that a lot of these operating systems we’re talking about follow some version of the POSIX specification (with varying degrees of compliance).

3.5 Special Files

It’s important to understand how special files relate to device drivers. What’s a special file? Glad you asked.

Let’s take a look at our friend dmesg(1) as we plug in our UTUB: 

1  [Feb22 12:13] usb 7-1: new full-speed USB device number
    → 3 using ohci-pci
2  [ +0.202882] usb 7-1: New USB device found,
    → idVendor=10c4, idProduct=ea60, bcdDevice= 1.00
3  [ +0.000006] usb 7-1: New USB device strings: Mfr=1,
    → Product=2, SerialNumber=3
4  [ +0.000003] usb 7-1: Product: CP2104 USB to UART
    → Bridge Controller
5  [ +0.000003] usb 7-1: Manufacturer: Silicon Labs
6  [ +0.000003] usb 7-1: SerialNumber: 010C48B4
7  [ +0.024088] usbcore: registered new interface driver
    → usbserial_generic
8  [ +0.000010] usbserial: USB Serial support registered
    → for generic
9  [  +0.003272] usbcore: registered new interface driver
    → cp210x
10 [  +0.000025] usbserial: USB Serial support registered
    → for cp210x
11 [  +0.000081] cp210x 7-1:1.0: cp210x converter detected
12 [  +0.010528] usb 7-1: cp210x converter now attached to
    → ttyUSB0


Bit of a mouthful. Let’s break it down into pieces that we can actually digest:

● Take a look at the Linux kernel modules usbcore, usbserial, and cp210x with modinfo(8). Not so scary now. Is it?

● Next, have a look at the line “usb 7-1: cp210x converter now attached to ttyUSB0”. You should understand all the lines leading up to this one; however, we need to do a bit of digging to find out what this whole “ttyUSB0” business is about. We’ll look into some other helpful things in the process.

Here we have a special file called ttyUSB0; So uh where is this file? Let’s see: 

1  $ find / -name "ttyUSB0" 2> /dev/null
2  /dev/ttyUSB0
3  /sys/class/tty/ttyUSB0
4  /sys/devices/pci0000:00/0000:00:16.0/usb7/7-1/7-1:1.0/t c
       → tyUSB0
5  /sys/devices/pci0000:00/0000:00:16.0/usb7/7-1/7-1:1.0/t c
       → tyUSB0/tty/ttyUSB0
6  /sys/bus/usb-serial/devices/ttyUSB0
7  /sys/bus/usb-serial/drivers/cp210x/ttyUSB0


The path we really want here is “/dev/ttyUSB0”4. Time to do a quick check: 

1  $ ls -al /dev/ttyUSB0
2  crw-rw---- 1 root dialout 188, 0 Feb 22 12:13
      → /dev/ttyUSB0


The “c” in “crw-rw--” tells us that this is a character file. The “188, 0” tells us that the “major” and “minor” number, respectively, of this special “character file”. These files are created with mknod(1). The following can be a useful pointer, when you are lost: 

1  $ file --mime /dev/ttyUSB0
2  /dev/ttyUSB0: inode/chardevice; charset=binary


Good stuff. We’re getting somewhere. To find a full list of what these major and minor numbers refer to, we can have a look in the Linux kernel source tree: 

1  $ less linux/Documentation/admin-guide/devices.txt
2 ...
3  188 char       USB serial converters
4           0 = /dev/ttyUSB0     First USB
                    → serial converter
5           1 = /dev/ttyUSB1     Second USB
                    → serial converter
6             ...
7 ...


That’s that part demystified. Isn’t learning great? Now you know where to get the right numbers if you want to use mknod(1) manually on GNU/Linux systems5.

Now what does all of this mean? We essentially have “cp210x” which is a discrete Linux kernel module; this Linux kernel module is then “attached” to the special file ttyUSB0; it’s this special file ttyUSB0 that the program picocom(1) will be attached to, in order to perform serial communications.

You can also see where the different parameters like “idVendor” and “idProduct” come from by taking a look at the appropriate path in the Linux kernel source tree: 

1  find ./ -regex ".*cp210x.*"
2  ./drivers/usb/serial/cp210x.c
3  $ less drivers/usb/serial/cp210x.c
4  ...
5  { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs
        → factory default */
6  ...
On GNU/Linux systems, you should also take a look at the path /usr/share/misc/usd.ids: 

1  $ less /usr/share/misc/usb.ids
2  ...
3  10c4 Silicon Labs
4  ...
5           ea60 CP210x UART Bridge
6  ...


Now let’s have a look at what it looks like when we pull out our UTUB: 

1  $ dmesg --human --follow
2  ...
3  [Feb22 15:45] usb 7-1: USB disconnect, device number 3
4  [ +0.000384] cp210x ttyUSB0: cp210x converter now
       → disconnected from ttyUSB0
5  [ +0.000164] cp210x 7-1:1.0: device disconnected


There you have it! You should understand what’s going on in that output, with your new knowledge of Linux kernel internals. Remember, tools like lsmod(8), modinfo(8), and dmesg(1) are the first things you should look at when you plug things in and out of your GNU/Linux box. This stuff is incredibly simple, if you know where to look; now you know where to look! No need to be afraid.

Finally, we have the commands: 

 $ lscpi -k


and 

 $ lsusb -t


You now know enough to figure out yourself what you get from lspci -k and lsusb -t6.

You now have a healthy dose of knowledge injected into your grey matter to enable you to handle special files on GNU/Linux systems7. _____ 1 Technically, there’s also different bootloaders to worry about but we’re going to ignore bootloaders for now as we have enough to deal with. It’s also very unfair to GNU to just call it “userspace”; GNU gave the world things like the GNU Compiler Collection and GNU Autotools - things without which much of software today wouldn’t exist; there seems to be mass amnesia in the computing world around this, whether it be deliberate or not. And guess what? GNU was about freedom, first and foremost. 2 i.e., how much junk the software you want to use depends on. It’s a great way to filter out bloatware. You will also be able to learn to spot “common denominator” programs software of a certain type depends on. Often, this will enable you to refine your criteria for a program in order to find exactly what you need - opposed to what you think you need (or what others make you think you need). 3 However, don’t think you’re entirely immune, if you compile everything from source. Much has been infiltrated at the source code level. 4 The other paths are just as interesting. See Appendix B for details on the specifics. 5 A skill every GNU/Linux operator should have. 6 Don’t know what the options mean? RTFM. 7 Some of this special file handling knowledge applies to other POSIX-like operating systems as well, with minor details changed.
Links 6/3/2021: Linux 5.12 RC2 and OpenSUSE Tumbleweed Woes | Links 6/3/2021: “SLS” Mitigation and Exiv2/KDE Project

Recent Techrights' Posts

Amended Input From Software Freedom Institute for EU Consultation on Free Software
"On 3 February 2026 Software Freedom Institute lodged a submission with the European Commission's inquiry into Open Digital Ecosystems"
Nadella's Mindless PR Spam Ahead of the Layoffs 'Snowball' (Adding Up Batches) Turning Into an Avalanche
Based on recent observations, the more puff pieces we see about Nadella, the closer we get to Microsoft "pulling the trigger" on mass layoffs
When Happens to Red Hat If (or When) IBM Collapses
IBM is in flux because its CFO is now implicated in what seems like accounting fraud
With an IBM Company Down Over 75% After Apparent Accounting Fraud the IBM Insiders Want Answers From James Krabanaugh
He has no technical qualifications
A "horrible week (hebdomada horribilis?) for the Solicitors Regulation Authority" (SRA)
The SRA is part of the SLAPP problem
EPO's Central Staff Committee (CSC) on EPO Social Dialogue
They've refrained from mentioning the industrial actions
The Register MS is Promoting Ponzi Scheme for Financial Fraud/Accounting Fraud Company, The Register MS Gets Paid to Do This
Published 6 hours ago
IBM's Kyndryl Managed to Fall to Less Than a Quarter of Its Past Year's High
Imagine IBM falling to $75
Links 10/02/2026: Media Freedom Feels Dead in Hong Kong and Grammys, Superbowl Becoming Politics
Links for the day
 
With Firefox Measured at 2% in the United Kingdom Time is Running Out for Web Site Support for Gecko/Servo Users
The open Web is rapidly dying while Mozilla celebrates and champions slop
Lawsuit reactions: EFF behaviour reveals zombification, censorship
Reprinted with permission from Daniel Pocock
Links 11/02/2026: $700 Billion Slop Bill, Social Control Media Under Political Fire for Deliberate Health Harms
Links for the day
Mobbing at the European Patent Office (EPO) - Part VI - Attacks on Staff and Attacks on the Law Merit Another New Series
new series coming shortly
IBM's Financial Engineering (Accounting Fraud) Shell, Kyndryl Holdings Inc, is Insolvent
If this was done by the very same people who still run IBM, can we expect any better from "Sugar Daddy" IBM?
2026 a Very Productive Year and We Have Many Big Stories to Tell
maybe we'll produce 8,000 new articles/pages by year's end
Clownflare is in Trouble as Its Debt More Than Doubled in Less Than a Year, Expect Further Enshittification
Clownflare isn't free
After the Next Wave of Microsoft Layoffs Washington State Could be #1 for US Layoffs
Microsoft Corp shares were down yesterday
EPO's Local Staff Committee The Hague (LSCTH): The EPO is Generally “Managed by Excel” (Microsoft)
The current management has basically defined corruption to be "success"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 10, 2026
IRC logs for Tuesday, February 10, 2026
Google Still Helping the Slop Pyramid Scheme, Encouraging Plagiarism Too
Google is a plagiarism company and it wants public solidarity for plagiarism by LLMs
Gemini Links 10/02/2026: "The Luminous Dead", Matrix, and Containers
Links for the day
Kyndryl CFO Harsh Chugh Comes From IBM (17+ Years)
Who would want such a position?
IBM RAs (or PIPs) in London, England?
They try to keep the lid on it
International Buybacks Machines
Will the current US administration/regime look into IBM's accounting or only its mini me's?
IBM Could be the Next Kyndryl, a Dinosaur With Accounting Fraud
Many shareholders (or even pension funds) are taking a big hit today
Ian Murdock Died in San Francisco 10 Years Ago. Cops Led to His Death.
10 years ago Ian Murdock died after cops had messed him up
US/Europe divergence: health & safety, criminality & Debian harassment culture: Open Digital Ecosystems submission F33370170
Reprinted with permission from Daniel Pocock
Links 10/02/2026: Splinternets and "Meta Goes to Trial in a New Mexico Child Safety Case"
Links for the day
Russia and China Best Off Without GAFAM
What if they abandoned GAFAM?
Will Finns Put Out the Online Cigarettes?
More people recognise that the child porn site formerly known as "Twitter" and Cheeto/Pooh-tin controlled TikTok are no longer trustworthy
As the US Economy Sags Microsoft Layoffs Carry on (Now in Larger Waves Like 15,000 Per Season or 30,000+ Per Year)
They try to avoid "negative" topics
GNU/Linux at 3.99% in Australia
now that Australians can no longer keep Vista 10
Microsoft Windows Falling
analytics.usa.gov Shows Rapid Erosion of Windows Market Share Since 'End of 10' (Vista 10)
Microsoft Windows Hits All-Time Low in The Netherlands in 2026
Europe needs to rid itself or wean itself off GAFAM
SRA: SLAPPs From Russian War Criminals and American Men Who Strangle Women Are Acceptable
The SRA, by inaction, is complicit in this
The Solicitors Regulation Authority (SRA) Delusion - Part IV - Machos in Charge of the House (and System), Even If the Faces Are Female (Optics)
basically a Windows/Microsoft (US) shop
From Weber Shandwick (Microsoft PR) to Brett Wilson LLP (Hired Gun of the Serial Strangler of Microsoft)
they basically tried to charge me a lot of money for a PR project of someone who strangled women
The Solicitors Regulation Authority (SRA) is Not a Regulator, It's Part of the Litigation "Industry" in the UK (They Overlap Each Other)
Does nothing except talk about SLAPPs
Brett Wilson LLP Seems to Have Done for Roberto Foa What It Did a Year Earlier for the Serial Strangler from Microsoft
Repeat abusers (of the legal system) will misuse it as long as regulators do nothing
In Finland, Microsoft Falls Behind Yandex (Russia)
Bing has had many layoffs in recent years
Security More Advanced in Geminispace Than on the Web (Bloat)
For real security, use Geminispace capsules, not Web sites
Slop at Microsoft is a Miserable Failure, Now Microsoft Takes the "Vista Route" (Paying People to Say Good Things About It)
This is brainwash, it's meant to delay the implosion of the bubble
Rumours About February 2026 Microsoft Layoffs: Silent Layoffs or 30,000 Culled Tomorrow
Sooner or later (and soon) Microsoft will need to say something and file some WARN notifications
GNU/Linux at 12% in Guam, Based on statCounter (Compared to 2-3% a Year Ago)
Guam's "uptick" in GNU/Linux usage started weeks after "end of 10"
Where We Stand With the Winter Series
We'll need to protect names and sources
Fighting Slop With the Public Domain (and Why Slopfarms Perish Faster Than New Ones Appear)
We can combat the nonsense by producing more human-made works until the slop bubble implodes
After Employee Reviews at IBM Staff Expects Another Large Wave of PIPs and "RAs" (Layoffs)
From what we can see in the "public Web"
Gemini Links 10/02/2026: "The Last Messiah", Discord for Adults
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, February 09, 2026
IRC logs for Monday, February 09, 2026
Is Europe Abandoning Digital Opium?
GAFAM-controlled social control media
Mobbing at the European Patent Office (EPO) - Part V - Strongest Strike Under António Campinos
SUEPO Munich is also reminding people of the threat of PIPs
Microslop is Slop, Slop is Considered "Quality"
no wonder Microsoft's stuff breaks down so often
thelayoff.com Deletes On-Topic Discussions (Layoffs) While Leaving in Tact Pro-Corporate Trolling Made by LLMs (Slop)
Who at thelayoff.com deems spam made by LLMs (slop) to be on-topic and unworthy of zapping, whereas actually on-topic and authentic threads get routinely deleted?
Gemini Links 09/02/2026: Great Salt Lake Ecological Observatory and Offpunk 3.0 "A Community is Born" Release
Links for the day
Links 09/02/2026: Mass Plagiarism and Pollution/FakeCoin Company Nvidia Contacted Anna’s Archives, Narges Mohammadi Gets Second Prison Sentence
Links for the day
GNU/Linux May Have Grown to 7% in Equatorial Guinea
Has there been some kind of mass migration there or is this just noise in the data?
Links 09/02/2026: Russia Intentionally Killing Civilians, Jimmy Lai Effectively Sentenced for Life for Publishing News
Links for the day
Microsoft Competitions, Addictions, and Popularity Contests Are Not Going to Help Perl, They'll Waste Everybody's Time and Give Microsoft More Control Over Its Competition
Microsoft does not like Perl
A Can of WORMS - Part IV - They Would Even Attack RMS for Criticising Autocrats (Saying This is "Politics")
Conforming to society's perceived expectations isn't how effective activism can ever be done or was ever done in the recent past
Gemini Links 09/02/2026: The Exploration Myth and Making JavaScript Fun
Links for the day
EPO Outrage and Maintaining the Pressure
A vending machine does not fall over after a first push
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, February 08, 2026
IRC logs for Sunday, February 08, 2026
"Low Performer" and "Underperformer" as Harmful Misnomers That Damage a Company's Reputation
Misnomers need to be avoided or called out