03.07.21

How To Deal With Your Raspberry Spy — Part V: All The Rest

Posted in BSD, Free/Libre Software, GNU/Linux at 2:19 am by Guest Editorial Team

By Gavin L. Rebeiro

Contents

Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge
2.2 Apparatus

3 Fundamentals

3.1 Communication
3.2 Kernel Ring Buffer
3.3 Drivers
3.4 Operating Systems
3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media
4.2 Connecting Physical Components
4.3 Using Picocom
4.4 OS Installation

5 YOU ARE HERE ☞ Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: The final part of a series on liberating the Raspberry Spy from an untrustworthy OS that secretly adds Microsoft keys and proprietary software repositories of Microsoft (see Part I, Part II, Part III, and Part IV)

THIS part is mostly addenda.

Chapter 5: Thanks

We’d like to take the opportunity to thank you, the reader. We believe everyone deserves a computing education; however, the topics of computing freedom and how computing affects our basic human rights are neglected in computing education today; at E2EOPS PRESS we strive to change this. Our goal is to inform, educate, and inspire. Computing is also a lot of fun! We want everyone to experience the joys of computing. We hope you enjoyed this issue of our periodical as much as we enjoyed bringing it to you!

Our work requires research, equipment, and infrastructure to deliver. We strive for the best quality in all we do. If you would like to support us, there are several ways you can do so. Any support we get from you enables us to bring you the best we possibly can.

We distribute all our periodicals via peer-to-peer technology. There are things we publish that some people don’t want out in the open. Thus, if you can contribute to the peer-to-peer sharing, you would be helping us out immensely!

If you would like to support us by making a cash donation, we have a Paypal account that you can send donations to:

• https://www.paypal.com/donate?hosted_button_id=B5VPZJBKLL2S6

For those that like to use QR codes, you can use the following QR code to donate to our Paypal.

If you’d like to donate in some other way, you can send an email to donations@e2eops.io and have a chat with us about it.

For encrypted communications, you can use the OpenPGP Key provided in chapter 6.

And, as always, happy hacking!

Chapter 6: OpenPGP Key

At E2EOPS PRESS, we take your privacy seriously. If you want to send us an encrypted message, you can do so with the following OpenPGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF7JMNYBDACeCfa+NpFSOUOyIKqdZdtIjEZCaLzBKQmnqLJo/5BZZiCrGK8+
MYUfBz6iiEqEJf7N0R6Kg/esyIEy35uYdiLr66fg/sEXHk5eW/9Hanex/Igk9nmg
1+eGo1sk/MQh7lUNydqOHVokhjcPHleUGiJE/F0MjDvs/xTN1HYf1uhmJOZbpL/D
oTcTssL1BB2b95QfuUViX7I/+Xoe4VSaxdVlVGGCSI8jAPqb+0PYX6N2yHllFaRI
8D4cQkKpP5z2Y9m65ALWsR0M6GBUIeYe4QzfBVwuPg7TAiSpZWDC3vPIWFsC1zbL
NT4y6bxjv9gE0S3GVXZC/bTHuVL3FNrStnMFX0z8E4c19vyo9TyTxXLKC7Qy/dWJ
Nf+3tbgNQ7yR8MBwciyQho9MltrIFTz+JXZj7xCM0QiYgTo4rBl9eczaGLZwlOJn
sybs3Ia0ZTfm5yQAQ3eJ4yKKkiCjADF6fq6AVgV0D36wgBiZnVa+zbSteamUM7L8
JN4rzqfm587d+/0AEQEAAbQgR2F2aW4gTC4gUmViZWlybyA8Z2xyQGUyZW9wcy5p
bz6JAdEEEwEKADsCGwMCHgECF4AFCwkIBwIGFQoJCAsCBBYCAwEWIQTHhRt/mdsE
uRCTt6QUP5lU/9Mq/wUCXyPcLAIZAQAKCRAUP5lU/9Mq/xtpC/9nEcxWrB5e3W1o
Xl8W9uumnwG5o2ZUYfHtQ+QVpkowdQgEFPLTBicWRPnb61eaT/60hkhH68Gb1oVZ
BHHN3YNF9qqQHqOT1iAuP0nidkHXUaz4Bbl0wR8brvY2aJO4l03sOWztQHkAoo+u
wNohHM1lwqKYN+HRWm+JyTRxw/YHkYI1Rz1aN9hUNTax1HqAm5fSq+R/VKyUZ9tI
2D93p2PK+c1SEJS1goBnlJu4HW2T7NA7oUboKG0J4h2yBV6WtSgskFEWqYEBzvxw
ZaWzooOnJRPc+CibhRuH9VJvegRCkwZcNuZfHBKkh+d30LaJJlpifnu9ADs0PkXx
HUsHlgMjUbzjztFEBmAjS8PvKOG2nJxcv362749/M6vI7KP7ktf4i+3wZLe8BC5y
hSAAQtLUBC/IratA+4NSI8lxDlNB+rrFTXzYTVGscJWlACCK4l0xaXNC0OBcRosH
oFMgSogrXrQ2SsSu8oeVOjx/HOd8tThrCKd2nd40iG5Z3fftzP+5AY0EXskw1gEM
ANpbLPGSE9gjT8aAkcK0gIhNwTwR/X9T1YCKViiOYALCzPfGYMQqATSe/J7o/ysO
+lAB0B3NExdIbwh3knhoEsXdx9zNz18q827aCdLJVuq9kizXoCkWchJ0QjgacvNe
0jGZ+o3ULIMmnWztGzNixZaAiwzalWghFuiX4pG0su8TYAN1T6DGvdb+F1rx0xo8
tb3T8RaO0VZyji3zBBNXD1ECU6dmi0AJ0zD0S5iRIXIn+QfRR2oJu9ZSR6En7PS1
b4bhJ2OnBE4ZQ3mS4aHPaeIWbeCeq8EuaVQNyv5jT3wD18DIRigOxl9XJFy1IDO+
A45hz9FwxULH1QH5bZXRmkYfcxkLMqoMci0+8XxobpmILjkSHeAo4PR8KTHpNUXf
I7rJLpufYRTHf5votrJmgbea5bfnAlSoOXMlN2XZ9oJimOTfyzItCSwb0pkghnW0
Hyo3kd5RbDcZrd6RSSVWo/41gr8SXatlkpbnEYjktFGe2Nxls6qZAgA/lqKrS9ti
7wARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+ZVP/TKv8FAl7JMNYCGwwF
CQPCZwAACgkQFD+ZVP/TKv9XAwv9Heor5YuZalOcXXiGCrqYNHuQJLbDvUpTK6wI
t9peV4t6E8oiqb0/0ezLGQSlP8RkBKUkhslVn5M6cDIxdCAlZxUIOjF1tJyHrTua
wEayHO5q84tixa00+x2/mmaDy0ddZXc4gITLgZjN4J3e9GUww4N3TUVJTZDPF+mP
eFd2HlGj3AHLtNEfsEw4HvYNNzexnom66gdDrrCIBxWRgUD2aRQKxQOquFQt2zYS
dgOXVS0eyaN81uqFHVh+tvyBKkrK8D/recaPcCXAFSv9UUcQA6jEFdC9WEjgHD7J
nRrCwOGBTZ7IvYO5+rpyh/w8k6eZYhUm3UdXYuPsxaCsSL+OW46DBP0C5sKrhxZK
thZOhll4ZYrfX1Vv4awBAB6iMZ0i+i39AQPmpvUviFGUfLkHEEsarHgPDchaOv1p
0xa11jUxU5nkqfiQj5A4h4TMP0q9tGdf1puxRZqwp8T0Jc9uQAm6wUMaaaugiXn+
BQfF5XIfOiXZx9DThhqYwO4WztdEuQINBF87rdYBEAC66OFgJa3p9d6Ets5A3NVm
XxXkCBmgIg1HG44bmKz3o2xudRP6o3bbmVI06cmfGAVmKJ0voAVsgHMsTg30iZb3
D/X9iRYTB/1suyYIgP9cRxltLLMTL4LycmrCRCnTJSMThA1V2d5brmmrWcOPmqnT
CdbOjUD5OWzGsfIkP0t+Ef4v94j574WAvpGYd7Wf5o30JKNfdOjdLOVFdp6lV9mM
FxebC1lZ6uRSeL77/XZJC4ZQ8TzhgsdgnE4M1sKvaDO+DTS3pu7+Dh+ORFQ9TQDP
ZuMBpln3UBa1evVR8bF9SgqjGo2Al8K590xGNJEHzj+BGqEKjOVN05uMoplByMdZ
pD2lRMdqgIqVXiNtBSBhv1oGQhu5fxW11Xv4Kh5BzuOMLS/0KT2cdlk06eCgWZqT
/IM5ipKYpJJgtkJ/0sU+hLq+jilAr3ZhmkxCim+9uYOZ93ypy7QiW8ldbsGEDh5S
KcU+qWGNEMHhNwuHY9ChO1hcWi/q5/mZTKXG60/q6RZRI2QxbuKsX3c8GbEea2jU
Q+v4zFp/x7G1aPRTRtqOssvBtIikBiKWBEOBwYwqpEjD6IfmWVh8wlJZx/tcBRGF
0FGpyieGAFINaQIjKURm7bHkn4bQwIZkmbAssA6ZHcl9u6/u60155K4ifuf7ChyK
8H5n6vJq4AUxQkA8kADvnwARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+Z
VP/TKv8FAl87rdYCGyAFCQHhM4AACgkQFD+ZVP/TKv9Fwgv+P20Qu7USOJfaUVN4
I52GS6R8veww4aKY16ts3XlIUl3mqbH3KoB1T+YKuqoVrNCtGeXVD0AB+BJxxrQS
BFtYq4ZgPnSo7NQST6SWbWhzJmpfuhoInGb9l8v0mwD50DrOPjeZcX7TrQN4jWft
OJQkKviCYFCu36xa84FUYxTyvA5V4TpWAgPTUVBpf8BrI2Ktw3Wc1THHqcwIszec
Mr/mexDfdCa8G78u3rgX4kZPSGFwaGK339eqlb7rMtspkKQPPmm92lYdfV/icbvw
7iaMAirgYq72qzkuIV6GMUKsTa/1wkJ54yACaLXS9A3NXDVizErWHam9TG/ce/Ll
EPUsrXTesrhqZpaHHNxnfiQOXzocrldvvdYOxBeGfMQY7fftX8GgQwMjMi2kracr
hWc1mCSMSCerTWCtRfw0CK4Au6881rAAmXDwvjU586ezv1MdBqVmN7eOeeVVGdM1
/+S5QP//oK6MEkAS8y2ZP8A/3iMlYz+SBOUSD0AJ0RZEhkhr
=JMTx
-----END PGP PUBLIC KEY BLOCK-----

Appendix A: Malicious Hardware

While doing research for this issue, I often ran into USB-to-UART bridges of the “FTDI” variety. Upon further digging,
an ugly bit of history surfaced. The FTDI modules have a reputation for sabotaging people’s hardware.

Sadly, we live in a world where this sort of thing is the norm. Pay close attention to the products you buy. You need
to practice vigilance in order to defend your computing freedom. Remember, you have control over your wallet. Don’t support malicious actors, if you have the choice (in this case you almost certainly do).

Appendix B: Linux Kernel Source Tree Analysis

The directory trees rooted at /sys and /proc are mapping of Linux kernel data structures and interfaces; you can read up on these in the Linux kernel source tree from:

• linux/Documentation/filesystems/sysfs.rst
• linux/Documentation/filesystems/proc.rst

You don’t have a local, up-to-date, copy of the Linux kernel source tree? You really should. Note that some of this
documentation is hilariously out-of-date; use the git log on a file to see the last time parts of a file was given an up-date:

 $ git log -p filename

This should give you what you need. Since the Linux kernel is developed with Git, it pays dividends to learn at least
the fundamentals of Git.

It’s a frequent occurence that people ask me how to make sense of the Linux kernel. You need the following prerequisites:

• A familiarity with the C programming language. The syntax is easy to pick up for most people because a lot of the popular programming languages in use today are based on C. Most operating systems today are written in C; the same goes for embedded systems. If you don’t have a good grasp of C, you can kiss any hopes on working on this stuff goodbye. C is not as hard as people make it out to be; just look at real code and don’t waste your time on pointless exercises. Start with the smallest real-world programs you can find – like echo(1); once you get the simple stuff, get more ambitious and look at more complicated things. The following resource is also invaluable to the novice C programmer: C reference.

• To make sense of other people’s C code (particularly spaghetti), you need a good source code tagging system. I recommend GNU Global because it works well on most Bourne Shells. Using GNU Global will enable you to look up definitions for things like functions and structs in C code easily.

• You need to learn GNU Autotools to automate the workflow of building makefiles and such. The old “./configure && make && make install” ritual stems from GNU Autotools. Learn it and embrace it. You can build truly portable software once you learn the fundamentals of GNU Autotools. You won’t understand head nor tail of embedded programming with the Linux kernel (and several other things) unless you have a grasp on the rudiments of GNU Autotools.

• Whether you like it or not, Git is an essential part of Linux kernel development. Without a firm grasp of Git fundamentals, you won’t get anywhere. While you’re at it, you should look into the standalone utilities GNU diff and GNU patch; Git is essentially an abstraction on top of these tools.

You should now have enough pointers to begin acquiring knowledge about how to make sense of the Linux kernel (and a whole lot of other things). The aforementioned prerequisites abstract to OS and embedded development and being an effective operator of your computer. These are the tools you really need to know to get anywhere.

All of this stuff applies to several other things. Once you start learning them, you’ll see what I mean. It really isn’t a lot to take in. Knowledge of this stuff will last you a lifetime. Don’t fall for the IDE X or framework Y bullshit; those are moving targets and are deliberately broken to keep people reliant on the dictators for “support”. Educate yourself; it’s the only path to computing freedom. Become an operator; don’t be a mindless consumer.

Appendix C: Digital Multimeter Tests

As always, follow the instructions in the manual of your Digital Multimeter (DMM). RTFM extra carefully, otherwise you end up with magic smoke (why you were recommended spares).

There really are only two simple things you need to test on your UTUB:

• Voltage coming out of the UTUB TX and RX pins.

• Current from the TX and RX pins.

There’s not really much more to be said here. The one bit of general advice is to use a breadboard and some jump wires, if you have access to one; crocodile clip test leads for your DMM also make life easier. Basically, try making sure you don’t short circuit your UTUB by having DMM test leads too close to each other.

Make sure the test leads are plugged into the appropriate terminals of your DMM. Always make sure the fuse of a DMM terminal is sufficient for what you’re measuring.

You can find GPIO voltage specifications of the Raspberry Spy in the official GPIO guide. Make sure you cross-check with the right CPU model’s datasheet.

You may end up needing to buy some resistors to get the right voltage and current. You can find background information useful to the novice hardware hacker from the excellent Sparkfun tutorial on pull-up resistors; follow the appropriate links to fill out gaps in your knowledge. However, most UTUBs are usable out-of-the-box (OOTB) so you shouldn’t really have much issue here. But it doesn’t hurt (unless you zap yourself) to get a bit of electronics background knowledge since you’re playing around with wires and electricity!

Index

[Editor’s note: this corresponds to the PDF version of the document]

lsblk -f, 28
sd(4), 34
/dev/ttyUSB0, 23
/proc, 43
/sys, 43
FTDI, 41
apropos(1), 18
cmdline.txt, 29
config.txt, 29
console=fb, 29
cp210x, 23, 24
dmesg(1), 18-20, 22, 25
echo(1), 44
enable_uart=1, 29
grep(1), 20
lsmod(8), 20, 25
lspci -k, 26
lsusb -t, 26
mknod(1), 24
modinfo(8), 19, 20, 23
picocom(1), 17, 24, 32,
33, 35
ttyUSB0, 23, 24
usbcore, 23
usbserial, 23
DMM, 15
EHCI, 20
HCI, 20
idProduct, 25
idVendor, 25
jump wires, 14
kernel ring buffer, 18
KRB, 18
OHCI, 20
PCI, 20
QC, 15
textttmodinfo(8), 25
UART, 17
UTUB, 13, 14

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2021/03/07/raspberry-spy-the-rest/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Bill Gates Exposed

    While publishers like ZDNet worked hard (on Microsoft's budget) to distract us from real scandals many nefarious things were happening; are we witnessing the fall of Gates?

  2. Welcome to ZDNet's 'Linux' Section...

    ZDNet, which defamed RMS to help distract from Bill Gates scandals, is doing what the sponsors (IBM, Microsoft, Linux Foundation) pay for

  3. Europe's Second-Largest Institution, the EPO, is Partly Based in the United States

    The EPO has outsourced its operations, including its 'courts', to the United States; this seems to be the so-called 'New Normal'

  4. You Look for Linux News and Instead It's Microsoft Noise and Openwashing

    Imagine trying to go about doing your own 'business', only to be confronted by paid-for plugs (sponsored) by the people trying to undercut/undermine your business; welcome to "Linux" in 2021

  5. Links 11/5/2021: Maui 1.2.2 and Tor Releases

    Links for the day

  6. The Next Generation of Free Software (or Software Freedom) Activism, Tackling Newer Problems

    New challenges as labour rights and human rights are further eroded, thanks to 'high' 'tech' with its very 'innovative' 'features'

  7. Mass Litigation Over the Salary Adjustment Procedure (SAP), Basically an Attack on All EPO Staff, Even EPO Pensioners

    “Importance of a binding and unambiguous erga omnes declaration” stressed by staff representatives of the EPO in a new letter to Benoît Battistelli‘s successor of choice, António Campinos, who has done nothing so far except attacking (or robbing) EPO staff, even EPO pensioners

  8. EPO 'Dialogue' With Staff Representatives is as Dead as 'Dialogue' With the Union

    “Yet another failure of social [sic] dialogue [sic] for Mr Campinos,” according to staff representatives, who rightly bemoan the Office president not giving a damn about staff; things quickly deteriorate in Europe’s second-largest institution, which does even worse things than granting loads of illegal European software patents (harming software producers and users alike)

  9. The FSF Needs to Reject OSI (and Open Source) Along With Much-Needed Rejection of the GNOME Foundation (Not the Same as the GNOME Project)

    Response to a good little speech (unscripted apparently) by Geoffrey Knauth, who explained his position on Open Source about a year ago

  10. Links 11/5/2021: Bodhi Linux 6.0, Coreboot 4.14, and DragonFly BSD 6.0

    Links for the day

  11. IRC Proceedings: Monday, May 10, 2021

    IRC logs for Monday, May 10, 2021

  12. Keynote by FSF President Geoff Knauth and Executive Director John Sullivan

    To quote the source: “FSF president Geoff Knauth became the president of the FSF in 2020, but has served on the FSF board of directors for over twenty years. FSF executive director John Sullivan started work with the FSF in 2003, and has never stopped since, with past roles including the FSF’s first Campaigns Manager and later the Manager of Operations.”

  13. Richard Stallman on Companies That Are “Only Pretending to be American Companies”

    Dr. Richard Stallman, the Free Software Foundation's founder, speaks about US politics being captured and dominated by large and multinational corporations in pursuit of just money and power

  14. Last Night's Talk by Richard Stallman About Software Freedom

    An inspiring new talk reminds many of us why loads of people continue to support the founder of the Free Software Movement

  15. Links 10/5/2021: Huawei's GNU/Linux Laptops and Kotlin 1.5.0

    Links for the day

  16. Richard Stallman on Writing rm, ls, and cp (Also Working on Bison)

    Dr. Richard Stallman, the Free Software Foundation's founder, explains what programs he developed in the eighties

  17. Raise the Roof

    Out comes the taxpayers’ subsidy, assured; with military the sky is the limit (and bailout guaranteed)

  18. Richard Stallman Replatformed 10 Hours From Now

    Link to the talk (when it goes live)

  19. [Meme] Bill Says, Bill Saves

    Bill Gates seems more likely to be indicted than to win a presidential election/term

  20. IRC Proceedings: Sunday, May 09, 2021

    IRC logs for Sunday, May 09, 2021

  21. According to the Wall Street Journal, Bill Gates’s Relationship with Jeffrey Epstein Caused the Bill-Melinda Divorce (While the Media Deflected to Dr. Stallman, Using a Phony 'Scandal')

    It’s becoming rather obvious that there’s real substance to accusations that Mr. Gates was in some sense enabling Jeffrey Epstein; while Gates-funded media told us that he was saving us from climate change and a pandemic (PR stunts for empathy and sympathy) Melinda worked really hard to distance herself from him, the father of her kids

  22. [Meme] Bill, What's Your Opinion?

    While it's ludicrous to insinuate that Mr. Gates somehow "started" COVID-19 he certainly "rode the wave" for reputation laundering purposes, profit, and distraction from scandals that precede the epidemic in China (and caused his marriage to break down)

  23. Links 10/5/2021: SystemRescueCD 8.03, KeePass 2.48 Released

    Links for the day

  24. How We Process and Upload Videos Hosted in Techrights

    With ffmpeg as the Swiss army knife (and various other utilities/programs ‘in between’) it’s possible to automate much of the pipeline associated with video production and self-hosting

  25. Richard Stallman's Free Software Speech in 2020 (FSF Turning 35)

    We've re-encoded (as WebM) the likely sole/only speech Richard Stallman gave about his movement last year; today seems like a suitable time to republish it because tomorrow a British university/group will replatform him (to use their term)

  26. The Chaos Theory

    Making GNU/Linux less stable and less predictable isn't good for GNU/Linux users; but it certainly helps sell Red Hat support contracts and vexation inside the community weakens Red Hat's competitors

  27. Gemini and Techrights: Still Growing in Gemini Space and Always Supporting/Loving the Protocol

    As we continue to expand in Gemini space (where our very large site became a very large and likely the largest capsule) it's worth explaining some of the overlooked merits of the protocol; unlike the World Wide Web (WWW) it does not impose things on the user/visitor, who is more or less in charge

  28. Links 9/5/2021: KDE Frameworks 5.82.0 Release and Patents Related to COVID Subjected to Waivers

    Links for the day

  29. Act More 'Professional' to Appease Mobs

    We should all think alike, dress alike, and like everybody (especially the business overlords)

  30. IRC Proceedings: Saturday, May 08, 2021

    IRC logs for Saturday, May 08, 2021

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts