𑇢^^^°<

Network setup for KVM guests

Fri, 12 Apr 2024 02:00:00 +0200

Network setup for KVM guests

[toc]

Host

Bridge setup

Install 'bridge-utils' :

sudo apt-get install bridge-utils                                                                                                  16h 7m

Add bridge device :

# 'br0' can be watherver you like.
brctl addbr br0

Edit '/etc/network/interfaces' to add a bridge device and configure it on startup :

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
# Change eth0 to refelct your actual if name
allow-hotplug eth0
# Disable DHCP on physical device and use it on br0 instead
iface eth0 inet manual

 # Bridge setup
iface br0 inet dhcp
  bridge_stp off
  bridge_maxwait 0
  bridge_fd      0
  # Add physical interface and all vnetX virtual interfaces (in 0-99 range)
  bridge_ports eth0 regex vnet[0-9]?[0-9]
  # You can set the bridge device MAC address with
  #bridge_hw XX:XX:XX:XX:XX:XX

If your DHCP server is configured to deliver fixed IP adresses based on MAC, replace eth0's MAC with br0's on your router in order to give it the same local IP.

Virsh : use bridge for network

Create an xml file with the following content : nano /tmp/br0.xml

<network>
  <name>br0</name>
  <forward mode="bridge"/>
  <bridge name="br0" />
</network>

Then set it as network :

virsh net-define /tmp/br0.xml

and start/autostart it :

virsh net-start br0
virsh net-autostart br0

You can also use 'virt-manager' and set your network via the XML editor.

(Optional) Add a route to your public IP range

# Edit to reflect your actual IP range and bridge device name
sudo ip route add 0.0.0.0/32 dev br0

See Configure a local and public IP below for the matching configuration on the guest.

Guest

(Optional) Basic nftables ruleset

The following ruleset accepts SSH and HTTP(s) by default.

In your '/etc/nftables.conf':

#!/usr/sbin/nft -f

flush ruleset                                                                    

table inet firewall {

    chain inbound_ipv4 {
        # accepting ping (icmp-echo-request) for diagnostic purposes.
        # However, it also lets probes discover this host is alive.
        # This sample accepts them within a certain rate limit:
        #
        # icmp type echo-request limit rate 5/second accept      
    }

    chain inbound_ipv6 {                                                         
        # accept neighbour discovery otherwise connectivity breaks
        #
        icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept

        # accepting ping (icmpv6-echo-request) for diagnostic purposes.
        # However, it also lets probes discover this host is alive.
        # This sample accepts them within a certain rate limit:
        #
        # icmpv6 type echo-request limit rate 5/second accept
    }

    chain inbound {                                                              

        # By default, drop all traffic unless it meets a filter
        # criteria specified by the rules that follow below.
        type filter hook input priority 0; policy drop;

        # Allow traffic from established and related packets, drop invalid
        ct state vmap { established : accept, related : accept, invalid : drop } 

        # Allow loopback traffic.
        iifname lo accept

        # Jump to chain according to layer 3 protocol using a verdict map
        meta protocol vmap { ip : jump inbound_ipv4, ip6 : jump inbound_ipv6 }

        # Allow SSH on port TCP/22 and allow HTTP(S) TCP/80 and TCP/443
        # for IPv4 and IPv6.
        tcp dport { 22, 80, 443} accept

        # Uncomment to enable logging of denied inbound traffic
        # log prefix "[nftables] Inbound Denied: " counter drop
    }                                                                            

    chain forward {                                                              
        # Drop everything (assumes this device is not a router)                  
        type filter hook forward priority 0; policy drop;                        
    }                                                                            

    # no need to define output chain, default policy is accept if undefined.
}

source:Simple ruleset for a server

(Optional) Configure a local and public IP

Setup a guest with two network interfaces ; one for local IP and one for public IP.
You should get two network interfaces in the host, e.g ; enp1s0 and enp2s0.

In '/etc/network/interfaces' :

auto lo
iface lo inet loopback

# Use DHCP for enp1s0 to get a LAN IP
auto enp1s0
iface enp1s0 inet dhcp

# Set static public IP on enp2s0
auto enp2s0
iface enp2s0 inet static
  # Edit to fit your range
  address 0.0.0.1
  broadcast 0.0.0.255
  netmask 255.255.255.255

Then reboot the guest to apply these settings.

Links

Sources

https://wiki.debian.org/KVM#Setting_up_bridge_networking
https://wiki.debian.org/BridgeNetworkConnections#Configuring_bridgingin.2Fetc.2Fnetwork.2Finterfaces
https://wiki.debian.org/QEMU#Networking
https://manpages.debian.org/bookworm/bridge-utils/bridge-utils-interfaces.5.en.html
https://wiki.libvirt.org/VirtualNetworking.html

Related discussions

https://serverfault.com/questions/536114/libvirtd-getting-vps-to-use-existing-bridge
https://unix.stackexchange.com/questions/245628/configure-public-ip-addresses-in-kvm-vms
https://serverfault.com/questions/846834/how-to-assign-public-ip-to-kvm-virtual-machine-from-29-subnet#846986
https://serverfault.com/questions/461070/assign-public-and-private-ip-addresses-for-a-kvm-guest

GNU/Linux - Numériser une VHS SECAM/PAL avec le son et l'image sous Linux avec un Dazzle DVC90

Sat, 22 Apr 2023 02:00:00 +0200

Numériser une VHS SECAM/PAL avec le son et l'image sous Linux avec un Dazzle DVC90

Résumé

Bien que ce périphérique soit bien supporté sous Linux, la plupart des logiciels de capture (guvcview, obs, xawtv...) auront du mal à capturer le son de vos sources.
Il est pourtant possible d'enregistrer l'image et le son avec VLC et quelques options spécifiques V4L2.

Cette solution devrait s'appliquer à toute la famille des Dazzle DVC80, DVC100, DVC110, etc.

Le périphérique

Le périphérique est un Pinnacle Dazzle DVC90 et utilise le pilote em28xx.

lsusb

Bus 001 Device 007: ID 2304:0207 Pinnacle Systems, Inc. Dazzle DVC90 Video Device

dmesg

  kernel: usb 1-1: new high-speed USB device number 127 using xhci_hcd
 kernel: usb 1-1: New USB device found, idVendor=2304, idProduct=0207, bcdDevice= 1.00
 kernel: usb 1-1: New USB device strings: Mfr=2, Product=1, SerialNumber=0
 kernel: usb 1-1: Product: DVC90
 kernel: usb 1-1: Manufacturer: Pinnacle Systems GmbH
 mtp-probe[414253]: checking bus 1, device 127: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1"
 mtp-probe[414253]: bus: 1, device: 127 was not an MTP device
 kernel: em28xx 1-1:1.0: New device Pinnacle Systems GmbH DVC90 @ 480 Mbps (2304:0207, interface 0, class 0)
 kernel: em28xx 1-1:1.0: Video interface 0 found: bulk isoc
 kernel: em28xx 1-1:1.0: chip ID is em2710/2820
 kernel: em28xx 1-1:1.0: EEPROM ID = 1a eb 67 95, EEPROM hash = 0x3cac3c11
 kernel: em28xx 1-1:1.0: EEPROM info:
 kernel: em28xx 1-1:1.0:         AC97 audio (5 sample rates)
 kernel: em28xx 1-1:1.0:         300mA max power
 kernel: em28xx 1-1:1.0:         Table at offset 0x06, strings=0x0e98, 0x2e6a, 0x0000
 kernel: em28xx 1-1:1.0: Identified as Pinnacle Dazzle DVC 90/100/101/107 / Kaiser Baas Video to DVD maker / Kworld DVD Maker 2 / Plextor ConvertX PX-AV100U (card=9)
 kernel: em28xx 1-1:1.0: analog set to isoc mode.
 kernel: em28xx 1-1:1.1: audio device (2304:0207): interface 1, class 1
 kernel: em28xx 1-1:1.2: audio device (2304:0207): interface 2, class 1
 kernel: usbcore: registered new interface driver em28xx
 kernel: em28xx 1-1:1.0: Registering V4L2 extension
 kernel: usbcore: registered new interface driver snd-usb-audio
 mtp-probe[414330]: checking bus 1, device 127: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-1"
 mtp-probe[414330]: bus: 1, device: 127 was not an MTP device
 (udev-worker)[414336]: controlC2: Process '/usr/bin/alsactl restore 2' failed with exit code 99.
 systemd[1705]: Reached target Sound Card.
 kernel: saa7115 7-0025: saa7113 found @ 0x4a (1-1:1.0)
 kernel: em28xx 1-1:1.0: Config register raw data: 0x12
 kernel: em28xx 1-1:1.0: AC97 vendor ID = 0xffffffff
 kernel: em28xx 1-1:1.0: AC97 features = 0x6a90
 kernel: em28xx 1-1:1.0: Empia 202 AC97 audio processor detected
 kernel: em28xx 1-1:1.0: V4L2 video device registered as video1
 kernel: em28xx 1-1:1.0: V4L2 extension successfully initialized
 kernel: em28xx: Registered (Em28xx v4l2 Extension) extension

/proc/asound/cards

 2 [DVC90          ]: USB-Audio - DVC90
                      Pinnacle Systems GmbH DVC90 at usb-0000:00:14.0-1, high speed

Obtenir de la vidéo et de l'audio dans VLC

Dans VLC, choisir l'option "Convertir/Enregistrer" dans le menu "Média".
Dans la nouvelle fenêtre, passer dans l'onglet "Périphérique de capture" tab, choisir "/dev/video1" comme périphérique vidéo (à adapter en fonction de votre configuration).
Choisir "hw:2,0" comme périphérique audio.
Choisir "SECAM L" pour du SECAM en france.
Cocher "Montrer plus d'options" en bas à gauche de la fenêtre.

Dans le champ "modifier les options", utiliser la ligne suivante

# La doc de ces options est dispo ici:  https://wiki.videolan.org/Documentation:Modules/v4l2/
# Changer v4l2-input a 0 pour du composite, 1 pour du s-video.
# Changer DVC90 to DVC80/100/110 en fonction de votre peripherique.
# Changer v4l2-standard et v4l2-fps en fonction de la source.
:v4l2-standard=SECAM :input-slave=alsa://plughw:DVC90 :v4l2-input=1 :v4l2-width=720 :v4l2-height=576 :v4l2-fps=25 :no-v4l2-audio-mute :live-caching=300

Cliquer sur le boutton "Convertir/Enregistrer"
Cocher "Afficher le flux de sortie" et "Désinterlacer", éditer les options des codecs si besoin, et choisir un fichier de sortie.
Cliquer sur "Démarrer".

English version: https://gist.github.com/ABelliqueux/f5eef886b1fe09e78f12b590b119c1ec
Source: https://debian-facile.org/viewtopic.php?id=25505

GNU/Linux - Udev & systemd - Running a graphic environment when a USB device is plugged in

Thu, 19 Jan 2023 01:00:00 +0100

GNU/Linux - Udev & systemd - Running a graphic environment when a USB device is plugged in

Summary :

At a GNU/Linux console prompt, no GUI. When a USB device of type HID (keyboard/mouse mainly) is plugged in, we want the X server to start and launch VLC's graphical interface, fullscreen, no borders. When this device is removed, VLC is shut down and the X server too, and we end up back at the console prompt.

Proposed solution:

Udev rules are triggered when the USB device is plugged/unplugged to create a file in '/tmp' named '.vlc_gui'.
A systemd user service starts a script on startup.
This script uses inotifywait to monitor a file's creation/deletion in the '/tmp' folder, and act accordingly;
Start/close a minimal graphical environment with openbox running VLC.

1. Udev configuration

Run script on USB HID (mouse/kb) connect

We want a rule that triggers when a device has SUBSYSTEM=="usb" and DRIVER=="usbhid".

In '/etc/udev/rules.d/01-vlc_gui.rules' :

# On plug
ACTION=="add" SUBSYSTEM=="usb", DRIVER=="usbhid", RUN+="/usr/bin/touch /tmp/.vlc_gui"
# On un-plug
ACTION=="remove" SUBSYSTEM=="usb", RUN+="/usr/bin/rm -f /tmp/.vlc_gui"

The rules above create a '.vlc_gui' file in '/tmp' when a usbhid device is plugged in, and removes it when unplugged.

Change read permissions on tty7

By default, permissions on '/dev/tty*' are 0620 (crw--w----). So members of group tty can write, but not read to ttys. This will be a problem for the X server, so we need to change those permissions to have read writes for our group too.

Let's change the permissions on the tty that we need to 0660 (crw-rw----) so that we can run our X session on it.

Inspect how udev sees your TTY (tty7 here):

udevadm info --attribute-walk --path=/sys/class/tty/tty7

looking at device '/devices/virtual/tty/tty7':
    KERNEL=="tty7"
    SUBSYSTEM=="tty"
    DRIVER==""
    ATTR{power/control}=="auto"
    ATTR{power/runtime_active_time}=="0"
    ATTR{power/runtime_status}=="unsupported"
    ATTR{power/runtime_suspended_time}=="0

So we want a rule that matches 'KERNEL=="tty7"' and 'SUBSYSTEM=="tty"' and set it to mode '0660':

SUBSYSTEM=="tty", KERNEL=="tty7", MODE:="0660"

Notice the immutable operator ":=" for "MODE"; it makes shure this won't be changed by another rule.

Udev rules order read

Test which rules are triggered by a specific device with :

udevadm test /class/tty/tty7

Reload and apply the new rules with :

udevadm control --reload-rules
udevadm trigger

Of course, don't forget to add your user to the 'tty' group :

sudo adduser USERNAME tty

On some system, you might have to use usermod :

sudo usermod -a -G tty USERNAME

then log out/in and check with groups that 'tty' appears in the listed groups.

2. Systemd user unit

We can create user units in '~/.config/systemd/user/', e.g :

nano ~/.config/systemd/user/vlc_gui.service

[Unit]
Description=VLC GUI launcher service

[Service]
# %h specifier resolves to user home (~ equivalent)
ExecStart="%h"/vlc_gui.sh
Restart=always

[Install]
WantedBy=default.target

Reload the units with systemctl --user daemon-reload
and start/enable the service with
systemctl --user start vlc_gui.service / systemctl --user enable vlc_gui.service.

More about systemd specifiers:
https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers

Starting a user unit as root

If running systemd version >= 248 (2021-03), you can start a user unit as root, i.e ;
using sudo systemctl or in a root shell, with e.g:

sudo systemctl --user --machine USERNAME@ start foo.service

On prior versions, you have to use either
su - USERNAME -c 'systemctl --user start foo.service' or
runuser -l USERNAME -c 'systemctl --user start foo.service' instead.

3. inotifywait : watch for a file's creation/deletion

Install the tool :

sudo apt-get install inotify-tools

Create the script :

In '~/vlc_gui.sh' :

#!/usr/bin/env bash

inotifywait -m /tmp -e create -e delete |
while read directory action file; do
    if [[ "$file" == ".vlc_gui" ]]; then 
        if [[ "$action" == "CREATE" ]]; then
            echo "Starting VLC GUI."
            # Start X environment on tty7
            DISPLAY=:0 startx -- vt7 &
        elif [[ "$action" == "DELETE" ]]; then
            echo "Killing VLC GUI"
            pkill vlc
        fi
    fi
done

Don't forget to set execution bit : sudo chmod +x ~/vlc_gui.sh

4. Minimal X environment & Launching VLC

Install the following packages :

sudo apt-get install -y --no-install-recommends --no-install-suggests xinit xserver-xorg xserver-xorg-core xserver-xorg-input-evdev xserver-xorg-input-kbd openbox feh

Xinit config

We start the X environment with startx, which sources "~/.xinitrc".
Let's start openbox session there.

cp /etc/X11/xinit/xinitrc ~/.xinitrc

Then in "~/.xinitrc" :

#!/bin/sh

# /etc/X11/xinit/xinitrc
#
# global xinitrc file, used by all X sessions started by xinit (startx)

# invoke global X session script
. /etc/X11/Xsession
exec openbox-session

Set execution bit :

sudo chmod +x ~/.xinitrc

Openbox configuration

Now Openbox config files are in '~/.config/openbox' and there are two of them :

autostart.sh

In '~/.config/openbox/autostart.sh' :

#!/bin/bash

# Exit openbox when VLC is closed
vlc --vout=gles2 && openbox --exit
# on rpi with 3d kms driver, can be --vout=drm_vout

Set execution bit :

sudo chmod +x ~/.config/openbox/autostart.sh

rc.xml

cp /etc/xdg/openbox/rc.xml ~/.config/openbox/

We want the VLC gui launching fullscreen, with no window decoration. In openbox's <applications> section of '~/.config/openbox/rc.xml', l.656, add:

    <application name="vlc" role="vlc-main">
        <decor>no</decor>
        <maximized>yes</maximized>
    </application>

Troubleshooting

Udev rules

You can increase udev's log verbosity with sudo udevadm control --log-priority=debug
then run journalctl -f to see if an error message comes up when plugging/unplugging the USB HID.

Xserver

You can see what's going on by launching journalctl -f in a SSH session, then plug/unplug the USB HID.
If you encounter an error with the X server complaining about permission to tty7 like this

(EE) xf86OpenConsole: Cannot open virtual console 7 (Permission denied)

try rebooting.

Slow mouse cursor

If you experience laggy mouse cursor movements, you can try adding usbhid.mousepoll=0 to '/boot/cmdline.txt'.

Other values you might want to try are :

value	speed
0	device request
X	1000/X Hz

source: https://peppe8o.com/fixing-slow-mouse-with-raspberry-pi-os/

Rpi config.txt - Safe overclocking values

Thu, 12 Jan 2023 01:00:00 +0100

Rpi config.txt - Safe overclocking values

To get a little boost out of your RPI while being conservative for applications where you need reliability and avoid data corruption, I found these values to do the job.

This goes in '/boot/config.txt' :

# SD card reader OC (expect 20% rio improvement)
# Samsung Pro/Evo+ is recommended
# default value : 50
# value needs to be an int divisor of core_freq
# NEEDS A UHS-1/Class10 SD CARD !
# dtparam=sd_overclock=100
# To check the sd card clock once booted :  cat /sys/kernel/debug/mmc0/ios | grep 'actual clock'

[pi4]
# Run as fast as firmware / board allows
arm_boost=1
dtoverlay=disable-bt
dtoverlay=vc4-kms-v3d
max_framebuffers=2

# Apply to rpi3, rpi3+, cm3
[pi3]
# Safe OC values
# gpu_freq : Sets core_freq, h264_freq, isp_freq, v3d_freq and hevc_freq together
# default values :
# arm_freq 1200
# gpu_freq 400
# sdram_freq 450
arm_freq=1300
gpu_freq=462
sdram_freq=500
over_voltage=3
# NEEDS A UHS-1/Class10 SD CARD !
dtparam=sd_overclock=66
# Disable bluetooth
dtoverlay=disable-bt
# Enable DRM VC4 V3D driver
dtoverlay=vc4-kms-v3d
max_framebuffers=2


# Override OC values for 3+ models
[pi3+]
# Defaults values : 
# arm_freq 1400
# gpu_freq 400
# sdram_freq 500
arm_freq=1500
sdram_freq=550

[pi1]
# default values
# arm_freq 700
# gpu_freq 250
# sdram_freq 400
arm_freq=1000
gpu_freq=400
sdram_freq=500
over_voltage=6


[all]
# This much is needed for 1080p playback
gpu_mem=64
# Force HDMI Full HD
hdmi_group=1
hdmi_mode=16 # fullHD@60
# Avoid SD card corruption
boot_delay=1
# Disable rainbow splash and power warnings
avoid_warnings=1
disable_splash=1

Some links

RPI's official doc on overclocking : https://www.raspberrypi.com/documentation/computers/config_txt.html#overclocking-options
SD overclocking guide : https://www.jeffgeerling.com/blog/2016/how-overclock-microsd-card-reader-on-raspberry-pi-3
SD card benchmarks : https://www.pidramble.com/wiki/benchmarks/microsd-cards

Rpi 3A+/3B+/4B wifi - BCM4345 and CTRL-EVENT-ASSOC-REJECT

Sat, 07 Jan 2023 01:00:00 +0100

Rpi 3A+/3B+/4B wifi - BCM4345 and CTRL-EVENT-ASSOC-REJECT when using handshake offloading

I encountered an issue with the wifi on my 3A+/4B not willing to connect to my AP, while my 3B was perfectly happy with it. Turns out it's a driver issue with 'brcmfmac' and the BCM4345 chipset that's in newer RPI models.
I'm using raspios bullseye (2022-09-22-raspios-bullseye-arm64-lite.img.xz).

wpa_supplicant kept insisting that CTRL-EVENT-ASSOC-REJECT, i.e:

sudo wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0
Successfully initialized wpa_supplicant
wlan0: Trying to associate with **:**:**:**:**:** (SSID='foo' freq=2417 MHz)
wlan0: CTRL-EVENT-ASSOC-REJECT bssid=**:**:**:**:**:** status_code=16
wlan0: Trying to associate with **:**:**:**:**:** (SSID='foo' freq=2417 MHz)
wlan0: CTRL-EVENT-ASSOC-REJECT bssid=**:**:**:**:**:** status_code=16
wlan0: Trying to associate with **:**:**:**:**:** (SSID='foo' freq=2417 MHz)
wlan0: CTRL-EVENT-ASSOC-REJECT bssid=**:**:**:**:**:** status_code=16
[etc]

Why is this happening ?

After a LOT of troubleshooting and tests, and web searching, I stumbled upon several interesting pages and bug reports :

A wiki page in IWD's wiki kernel.org : https://iwd.wiki.kernel.org/offloading- mirror with an explanation as to why this happens
A bug report linked in the page above : https://lore.kernel.org/linux-wireless/e1ff2a8eef465eaa76e8d00503d04e0fdd61a878.camel@gmail.com/ - mirror
Another bug report on launchpad.net https://bugs.launchpad.net/raspbian/+bug/1929746 - mirror

From the wiki linked above :

Certain drivers support offloading the 4-way handshake as well as SAE/WPA3 into the firmware. For drivers which do not support user space driven Authenticate/Associate frames this is the only way to enable features such as SAE/WPA3 or Fast Transition roaming. Handshake offloading (both WPA2 and WPA3) is enabled in IWD by default for drivers which advertise support. The driver support, however, can be disabled on brcmfmac which will be discussed further. Handshake offloading has only been tested on the brcmfmac driver, and this wiki page assumes this driver is being used.

If you are using brcmfmac and are experiencing problems such as not being able to connect to a network which you previously could, you may want to disable handshake offloading.

The brcmfmac driver has a module parameter called 'feature_disable'. It expects a hex value (bitmask) where each bit corresponds to a feature [...]. The features we care about here are 'SAE' and 'FWSUP'. These features (when enabled) are listed in /sys/kernel/debug/ieee80211//features so you can first see if your card even supports these before trying to debug further.

On the rpi 3A+ and 4B, here'is what /sys/kernel/debug/ieee80211/<phy>/features gives us :

# cat /sys/kernel/debug/ieee80211/phy0/features
Features: 001428d6
    MCHAN
    PNO
    P2P
    TDLS
    SCAN_RANDOM_MAC
    MFP
    FWSUP
    DOT11H
    FWAUTH

Quirks:   00000000

To turn off offloading you need to remove the brcmfmac module, then reinsert it with the feature_disable option:

sudo rmmod brcmfmac
sudo modprobe brcmfmac feature_disable=0x82000

This will disable both SAE (0x80000) and FWSUP (0x02000). You could disable just one, but this is not suggested due to a bug which prevents EAPoL frames from being forwarded after offloading is used for the first time.

The workaround

You can resolve the issue by using only feature_disable=0x02000 if you're sure you won't ever have a WPA3/SAE AP around, but due to the bug mentionned above, you might want to be on the safe side and disable SAE as well while this bug exists.

sudo rmmod brcmfmac  
sudo modprobe brcmfmac roamoff=1 feature_disable=0x82000

Driver options on boot

If that fixes things for you and you want to make this setting persistent, you can create a file with these options in '/etc/modprobe.d', e.g ;

echo 'options brcmfmac roamoff=1 feature_disable=0x82000' | sudo tee /etc/modprobe.d/brcmfmac.conf

This will make sure the settings are applied when the driver loads.

The 3A+/3B+/4B are equipped with a BCM4345 chipset so this should solve wifi issues with those models.

Rpi pico - SHA1ving the yack with micropython RP2040

Fri, 23 Dec 2022 01:00:00 +0100

Rpi pico - SHA1ving the yack with micropython RP2040

So for those of you wondering how to get sha1 back in (u)hashlib on the rp2 port, it can be enabled by defining MICROPY_PY_UHASHLIB_SHA1 in 'ports/rp2/mpconfigport.h', after the #include directives (l.36)
, i.e :

[...]
#include "pico/multicore.h"
#include "mpconfigboard.h"

#define MICROPY_PY_UHASHLIB_SHA1 (1)
// alternatively, use
//  #define MICROPY_PY_NETWORK          (1)  
// for a full network stack ( adds ~145KB to firmware file size )

// Board and hardware specific configuration
[...]

then compile according to the instructions in raspberry-pi-pico-python-sdk.pdf, chapter 1.3.

The resulting filesize with only SHA1 enabled is ~10KB more.

For convenience, a pre-compiled firmware for the Rpi Pico with sha1 available in hashlib is hosted here :

MicroPython_v1.19.1-782-g699477d12-dirty_2022-12-23.uf2
sha1sum : 079d695acfbaec80261b9e2c6127f63580ebe25e
sha256sum : 9cfc1013015096f71420b56339aa3405d1f5ae6cd563149a6e9db06af4adeb10
md5sum : 85d433f5d0516b411ee28bf14d27fe11

Of course, don't use SHA1 for new stuff as it's deprecated, etc.

PS4 - Remote play without a PSN account

Sun, 06 Mar 2022 01:00:00 +0100

PS4 - Remote play without a PSN account

For whatever reason, some genius at Sony thought it would make sense to make having an activated PSN account mandatory in order to be able to use remote play.
Since firmware 7.0, you must provide your PSN account ID, which is a unique 8 bytes identifier tied to your PSN account.

I don't want to offer Sony my private data just for the privilege to use remote play on my lan, so I was glad to find that you can avoid creating a PSN account and still be able to register new devices.

It does need your PS4 to be jailbroken for at least a few minutes though, and generating a fake account ID, which I guess if you ever plan on using a real PSN account, could have unforeseen consequences. You've been warned.

Steps

Jailbreak your PS4
Install Apollo Save Tool (also available via the HB store
Open 'Apollo Save Tool', then go to 'User tools', 'Activate fake account'. You should see something like :

Activate Offline Account YourUserName (0000000000000000)

Close then re-open 'Apollo', go back to 'User tools' and write down the generated ID (the hexadecimal string between the parenthesis)
You then have to convert this 16 characters hexadecimal string to int, then to base64. Here is a python one liner :

python -c 'import base64;print( "Your 8 bytes, base64 encoded account ID is : " + base64.b64encode(int( "1a2b3c4d5e6f7a8b", 16 ).to_bytes(8, "little")).decode())'

Make sure to replace 1a2b3c4d5e6f7a8b with your generated ID
The base64 ID will look like that : i3pvXk08Kxo=. Alternatively, use the following script :
https://gist.github.com/ABelliqueux/30f03a6bd8dcc087c4319a529d934b1b
or run it online:
https://trinket.io/python3/352d094d9c

Install and launch Chiaki
On your PS4, go to Settings > Remote play connection settings > Add device
Back in chiaki, connec to your PS4, and when asked to register, enter the base64 account ID you found earlier and the 8 digits PIN number that's displayed by your PS4.
Enjoy.

Bonus : Fix Android's broken Dualshock 4 layout

What I wanted to achieve was use the libre software chiaki on my old android tablet. While the client works great, it looks like the default layout for the Dualshock 4 on android is sub-optimal, not to say sucky. At least you can connect your DS4 via bluetooth as a regular gamepad, and not need a 3rd party app like for the DS3, so there's progress there.

To fix the layout, you need to own your hardware, which means it has to be rooted, since we'll be accessing some system files.
You also have to enable developer mode and USB debugging, and install ADB on your computer.

You then have to put a file with the correct layout in /system/usr/keylayout.

Steps

Download the layout file from here and extract the two kl layout files it contains.
Connect your android device to your computer
Copy the .kl files from your computer to your device with your file browser, for example in your download folder ; /storage/emulated/0/Download
In a terminal/cmd, launch and ADB shell on your device with :
```
adb shell
```
Switch to super user by typing:
```
su
```
Remount /system with read-write permissions :
```
mount -o remount,rw /system
```
Copy the new layout files to the /system/usr/keylayout folder :
```
cp /storage/emulated/0/Download/*.kl /system/usr/keylayout/
```
Make sure the permissions on the files are correct :
```
chmod 644 /system/usr/keylayout/Vendor_054c*.kl
```
Reboot your device
```
reboot
```

Your DS4 should now be mapped correctly.

Sources & More

Pics : https://www.digitaltrends.com/gaming/how-to-stream-from-your-ps4-to-your-pc/
Android keylayout : https://forum.xda-developers.com/t/root-dualshock-4-correct-keymaps-controller-bug-fix-kl-file.2817223/page-2
MODDED WARFARE's tutorial series on PS4 jailbreak : https://invidious.fdn.fr/playlist?list=PLn7ji3VsPy3Gryq_sCOMp6H87jXywCMPI
Real PSN account ID script : https://github.com/thestr4ng3r/chiaki/issues/158

Making your Vibram 5 fingers last - Update

Sat, 05 Feb 2022 01:00:00 +0100

Making your Vibram 5 Fingers last - Update

As I mentionned in my previous article, here comes the time to get back to this rubber insole hack with some numbers.

So here is the result after 355km in them insoles, ~1600km total for the shoes :

That's not bad as it means this makes the shoes last about 1/3rd of their typical mileage longer. I can no longer use the left shoe though, as the little finger has become separated from its siblings :(

Making your Vibram 5 fingers last

Fri, 24 Dec 2021 01:00:00 +0100

Making your Vibram 5 Fingers last

I noticed that after ~1000km, my V-trails 's soles tend to develop holes around the metatarsal heads area.
Wether it's due to a slight over-suppination on my part or thiner material in this particular spot, all ten pairs I owned had this particular outcome.

These have around 1200km in them ;

Clocking roughly 2500km/year, this means I wear out two pairs a year. That's a lot of money at ~150€ / pair, and more importantly, a lot of waste in the long run (pun intended). It recently occured to me (about time...) that I could do something to further increase the usability of my gear.

Custom, tailor-made, pure synthetic rubber insoles

Using a salvaged wheelbarrow innertube, I traced the shape of my feet on the rubber and cut insoles, that I was able to fit in the shoes quite easily.

I was worried the insole would fold in the shoe while running, but this did not occur during my last runs so I guess this is viable.
I expect this solution to increase usability by a few hundred kilometers. And it did

Bookeen Cybook Orizon : Tear Down and Serial IO

Fri, 19 Nov 2021 01:00:00 +0100

Hacking with the Bookeen Cybook Orizon Tear down and Serial connection

Let's connect via Serial to this device, setup the wireless card, and enable an ssh server on it.

Connecting SIO

The serial connection is on the debug connector JA901 at the bottom left of the board :

Pinout is (right to left with the battery on bottom) :

Pin	Usage
1 TX1	UNUSED
2 RX1	UNUSED
3 TX0	SERIAL TX
4 RX0	SERIAL RX
5 TX3	UNUSED
6 RX3	UNUSED
7-13	?
14-16 GND	SERIAL GND
16-18 VDD	SERIAL VCC (3.3V)

You can then use minicom to login :

sudo minicom -b 115200 -D /dev/ttyUSB0

FnX Bootloader for s3c2416 build on confucius version master_6376fd19638ef062_b360
    Build time "Mon, 11 Oct 2010 14:15:38 +0200"
               Copyright (C) 2010 Bookeen
     Detected: Bookeen Cybook Orizon, A00/A01/A022;FnX - Bookeen Cybook Orizon - Terminal
Battery level: [====================================    ]
         Info: Battery condition reasonable
         Info: Reset/boot due to Software reset I0: 00000000...
     Starting: Uncompressing Linux..........................................................................
          ***: Cybook Linux Starting...
          ***: Prepare filesystem...
          ***: Does software want to update? No
          ***: Check if user want to update...
          ***: Verify partitions...
fsck 1.41.9 (22-Aug-2009)
rootfs: clean, 1177/38456 files, 120508/153600 blocks
boot: clean, 15/3840 files, 9958/15360 blocks (check deferred; on battery)
privatefs: recovering journal
privatefs: clean, 66/2560 files, 1516/10240 blocks (check deferred; on battery)
          ***: Continue booting.....
          ***: Doing critical nasty things......
          ***: Starting BooReader...

Welcome to your Cybook Orizon!
CybookOrizon login: root
login[872]: root login on 'ttySAC0'
[root@CybookOrizon ~]#

Keep the device awake

You need to either power the device via micro USB, or kill processes ebrmain and boordr :

pkill ebrmain 
pkill boordr

Wifi connection

Firmware loading

You can load the wifi firmware and enable the wifi interface (which will apear as 'eth0') with the init script that's in /etc/init.d :

/etc/init.d/wireless start

[root@CybookOrizon ~]# ifconfig                                                                                                 
eth0      Link encap:Ethernet  HWaddr 00:27:13:F7:E3:F7                                                                         
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1                                                                    
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0                                                                    
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                                                                  
          collisions:0 txqueuelen:1000                                                                                          
          RX bytes:58 (58.0 B)  TX bytes:0 (0.0 B)

Connecting to a network

You can use iwlist scan to search for your network, which you can then connect to using wpa_supplicant.

Edit /etc/network/interfaces and add the following lines :

auto eth0                                                                                                                       
iface eth0 inet dhcp

Create the file /etc/wpa_supplicant.conf that should contain :

network={
    ssid="yourSSID"
    psk="yourPSK"
}

Then run wpa_supplicant -Dwext -ieth0 -c/etc/wpa_supplicant.conf & and once connected, use the network init script :

/etc/init.d/network start

You should now be connected to your Wireless AP.

SSH connection

By default the root account has no password, so you should change it in order to be able to connect via SSH :

passwd # then type your password two times

Finally, you can start the dropbear ssh server with /etc/init.d/dropbear start.

As this is quite an old version of dropbear, the generating utility dropbearkey only comes with rsa/dss, and the only available key exchange algorithm is SHA-1, which was disabled in openssh 8.8.

If you plan on using an ssh key to login, you'll have to re-enable those algorithms :

ssh -o KexAlgorithms=diffie-hellman-group1-sha1 -o HostkeyAlgorithms=ssh-rsa -i .ssh/bookeen_rsa_key root@10.10.10.10

Have fun :)

CPU info

cat /proc/cpuinfo        
Processor   : ARM926EJ-S rev 5 (v5l)
BogoMIPS    : 199.47
Features    : swp half thumb fastmult edsp java 
CPU implementer : 0x41
CPU architecture: 5TEJ
CPU variant : 0x0
CPU part    : 0x926
CPU revision    : 5
Cache type  : write-back
Cache clean : cp15 c7 ops
Cache lockdown  : format C
Cache format    : Harvard
I size      : 16384
I assoc     : 4
I line length   : 32
I sets      : 128
D size      : 16384
D assoc     : 4
D line length   : 32
D sets      : 128

Hardware    : Cybook Orizon
Revision    : 0100
Serial      : 0000000000000000

Hardware components

SOC : S3C2416
Screen: Sipix AUO 6" 800x600 A0608E02
Display controller : AUO K-1900
Video DRAM : Etron Tech EM686165VE-7H
Wifi/Bluetooth : USI WM-BN-BM-01-0
Storage : Hynnix H26M210010AR e-NAND 2GB Flash
Memory : 32MB
CPU : 200 Mhz

Misc

bootsplash screen

The boot splash picture is in /boot/ and is a 600x800 greyscale, indexed 16 colors bmp file (filesize 240,1 KB).

If using gimp to edit it, make sure to check the compatibility option "Do not write colorspace information".

Then, to replace it, you first have to mount /boot as rw ;

mount /boot
mount -o remount,rw /boot

then edit your boot splash pic, and put it on the device as /boot/bootsplash.bmp via ssh:

scp bootsplash.bmp CybookOrizonIP:/boot/

Screensaver and thumbnail file formats

The file format is t4b, and you can find some scripts to convert from an to this format here :

https://github.com/ABelliqueux/t4b-tools

The default screen saver pictures are in /mnt/app/res/ds.
Most UI assets are in /mnt/app/res/img.

Wifi + SSH at boot

In order to enable Wireless, connect to your AP and start the SSH server automatically at boot, you can create a script in /etc/init.d with this content :

# Start ALL the things !
#

case "$1" in
  start)
    echo "Killing useless processes..."
    pkill ebrmain
    pkill boordr
    echo "Enabling wireless"
    /etc/init.d/wireless start
    echo "Connecting to AP..."
    wpa_supplicant -B -Dwext -ieth0 -c/etc/wpa_supplicant.conf
    sleep 3
    echo "Init network"
    /etc/init.d/network stop
    /etc/init.d/network start
    echo "Starting SSH..."
    /etc/init.d/dropbear start
        ;;
  stop)
    echo -n "Stopping all the things !"
    /etc/init.d/dropbear stop
    /etc/init.d/network stop
    /etc/init.d/wireless stop
        ;;
  restart|reload)
        "$0" stop
        "$0" start
        ;;
  *)
        echo $"Usage: $0 {start|stop|restart}"
        exit 1
esac

exit $?

Make sure the script has the right owner/permissions :

chmod 755 /etc/init.d/*
chown default:default /etc/init.d/*

Then, remove/backup the existing symlinks in /etc/rc.d :

rm /etc/rc.d/*

and create a new one to your script :

ln -s /etc/init.d/custom /etc/rc.d/S05custom

Input

The Cybook's physical buttons (up, left, down, right, middle and on/off/sleep) can be accessed from /dev/cyio
Pressing a button triggers the following packets :

Button	Packet content HEX	ASCII
Left	6B 80 10 6C	l
Up	6B 80 10 75	u
Right	6B 80 10 72	r
Down	6B 80 10 64	d
Center	6B 80 10 65	e
Sleep	6B 80 10 6F	o

Pictures

Links

http://wiki.mobileread.com/wiki/Cybook_Orizon
https://www.e-ink-info.com/why-did-bookeen-use-sipix-and-not-e-ink-their-upcoming-orizon-reader
https://web.archive.org/web/20101203015220/http://www.fwma.de/pmwiki/pmwiki.php?n=Main.OYO
https://shkspr.mobi/blog/2013/04/disassembling-an-ereader/
https://wiki.techinc.nl/OYO_Hacking
https://web.archive.org/web/20141218033547/http://ownyo.de/
https://p2k.unkris.ac.id/IT/2-3065-2962/Qisda-ES900_21112_p2k-unkris.html