Sunday, April 2, 2017

Console over RS232 on a Nortel 4550t switch

  1. straight, female-female cable (seriously check that it's straight, pins 2 and 3 must not be crossed)
  2. serial port (TTL-level devices don't seem to work - at least it didn't for me - so make sure it's a real RS232)
  3. some terminal program, putty works well enough
  4. select the right COM port, 9800 baud, 8N1...the bog-standard for slow serial

If you see text while the switch is booting, you're golden. If not, something is not working the way it's supposed to.
Before you can start wreaking havoc in the console, you have to wait for the switch to boot. There is a procedure to get console before boot, but that is generally useful only if you locked yourself out.
Once you get the ASCII-art logo, press CTRL+y, then type "en" or "enable". Let the typing begin.

Sunday, November 13, 2016

Using a Dell D220P-01

In case you don't know what a Dell D220P-01 is - it's a power supply for the SFF version of Dell's Optiplex 740 series PC. The neat thing about it is that unlike a traditional ATX PSU, this one is 12V only, so you get 220W @ 12V (18A) maximum and the PSU should not complain too much.
Another neat thing about them is that the PCs are legitimately junk, so you can get them even for free.
Stolen from
The pinout is in the picture, "P5" has to be connected to ground in order for it to turn on. Unlike newer server PSUs, this one can be connected straight from the start.
If you're like me and don't feel like butchering the connector, you'll need a breakout board. The connector is mechanically (!not electrically!) compatible with an 8-pin EPS12V power connector (plug is Molex 39-01-2080, PCB socket is  Molex 39-28-1083, terminals are Molex 39-00-0168 and Molex 44476-1111).
The 8-pin PCIe power connector is different with the placement of the square and hexagonal holes and is not mechanically compatible...not like that will stop the 200 pound gorilla from trying to jam it in...
Needles to say that if you plug this (and turn it on) into an EPS12V connector of a working motherboard, you will turn it into a non-working one, as the voltage is inconveniently reversed and the power supply will turn on. Results may vary from nothing at all to a spectacular fire and mini explosions of the caps.
stolen from
If your junkbox doesn't contain a motherboard with an 8-pin EPS connector, fret not, there is an alternative!
24-pin ATX...cut on the red lines...
stolen from wikipedia

Yep, it's not a true hack unless it involves a hacksaw!
side note - on any newer-ish junk motherboard, I suggest cutting the connector out, as the inner power layers use thicker copper (for heatsinking) and carry away heat from the soldering, making it very difficult.

As said earlier, plugging this PSU here to the MB is also not a good idea, although it should not turn on (results may vary). If the PSU does turn on, it will be short-circuited, if it "wins" over the short (burns through), it will send 12V to a 5V line...

Here's my quick and (really) gritty breakout board.

Yes, it's fugly, yes, it could've been nicer...I was going for "fugly, but functional". The crapton of solder should make sure that it can actually carry the 18A the PSU can deliver.
I kept the +12V rail from being at the edge, as it lowers the chance of an accidental short. The brass washers are actually soldered to the board.

Saturday, November 5, 2016

Smaller & lighter

While Totally not a bomb Mk II was useful for testing, it was a little too bulky even for the 1:10 car, so it was time to go shopping again...


  • 1x Raspberry Pi Zero 1.3
  • 1x 0.5mm pitch to 1mm pitch 15pin FPC cable
  • 1x TL-WN722N
  • 1x male RSMA connector with pigtail
  • some Kapton tape
  • enough 0.5mm sheet aluminium to make a box
  • ?x M2 screws
  • 1x XL6009 adjustable step up down Converter (DSN6000AUD)
The procedure:

1) Liberate the TL-WN722N out of it's plastic casing
2) perform UglyHack™ No.1 by desoldering the USB connector and solder on wires instead. Solder the other end fo the data lines into the USB port of the Rpi and solder the power to the power USB port of the Pi. PP1 is +5V, PP6 is gnd, PP22 is D+ and PP23 is D-. Twist the data lines to avoid weird shit from happening.
Grade-A hacking here!
the Kapton tape really is necessary...
Make liberal use of Kapton tape, covering all the exposed pads to avoid short circuits later.
3) Perform UglyHack™ No.2 by desoldering the RSMA connector and soldering on the pigtail one.
Again, Kapton tape is a must, not only as an electrical insulator, but also strain relief.

4) add the DC-DC power module (forgot pics, sry)
5) make an aluminium enclosure like so:
The other half is just a rectangular "U" shape, some of the holes are actually threaded.
6) Jam everything in, making sure that nothing is touching where it shouldn't.
In my implementation, the Pi is held a few mm away from the wall with screws and nuts on flexible washers. Some day I'll probably add a thermal pad between the main IC and the box, it does get warm.
The metal shield of the WiFi dongle is in direct contact with the wall to aid cooling, as it gets fairly hot when running with EZ-wifibroadcast. The DC-DC module is not even warm to the touch, so it can just float in the middle.
7) connect camera, strain-relive the cable so it doesn't get damaged.
Bottom scale is mm, top is inches.
Definitely could be made even smaller!

8) attach to desired mode of transport
Totally not a bomb Mk III
Camera holder needs to be adjustable...
Antennas for WiFi and RC
A few notes:
  • The antenna arrangement here is not ideal, the WiFi and RC systems interfere with each other, they should probably at least be further apart... (or I should use 5 GHz WiFi).
  • EZ-wifibroadcast on default runs outside of allowed WiFi bands (shhh, don't tell anybody...) and I keep it that way, there really isn't anything critical or even important using this band and it keeps the mutual interference with other WiFi to a minimum.
  • There are 5 GHz modules that are known to work with wifibroadcast if you want to avoid interference in the 2.4 GHz band.
  • The XL6009 module should safely operate between 4V to 30V. Pushing the voltage to the limits is asking for it.
  • The XL6009 is superior to LM2577 in that it runs at 400kHz instead of 50kHz, meaning the inductors can be much smaller.
  • If you feel lucky or actually know how to design a better DC-DC module, you can run both the dongle and Rpi directly on 3.3V. Be however aware, that if you fuck up, you'll fry them both.
  • If I ever make this smaller, I'll use one of the fancier DC-DC controllers that run at 1MHz, so the inductors are even smaller and the ripple is easier to filter out.
  • I advise using EZ-wifibroadcast as it boots much faster.
  • Last but not least, keep in mind that the sytem draws slightly over 2.5W and most of this is dumped as heat between the Rpi and the WiFi dongle, you have to allow air to flow around the box, otherwise it might overheat.

Saturday, April 16, 2016

Wifibroadcast - measuring latency on a laptop

My method of measuring the absolute latency scene-to-screen involves the camera looking at the receiver screen which is partially obstructed by a smartphone running a stopwatch, all being recorded by a Casio EX-F1 at 600fps.

The darker one is the smartphone screen, the lighter, grainy one is the laptop. I picked shots where both numbers are not blurred as they are changing.
Phone has an LCD, not AMMOLED display, so it tends to blur fast changing stuff. Both displays (phone and laptop) should be TFT, so about as fast as a consumer-grade LCD can be.

The mathematical average of these 10 shots is 197ms. Not too bad...

Sunday, April 10, 2016

Wifibroadcast receiving on a PC

Yup, you definitely can watch on a PC. (And there's no limit on how many! :D)
Tested on a Lenovo x230 running Ubuntu 14.01 LTS x64 with a TP-Link TP-WN722N.

Installing wifibroadcast:
open Terminal or some other commanline and input:

  • sudo apt-get install mercurial libpcap-dev iw
  • hg clone
  • cd wifibroadcast
  • make
If there's no screaming or error, you may proceed with connecting the wifi card and waiting until it lights up. Then proceed with setting it up:
  • cd $HOME/wifibroadcast
  • sudo ifconfig wlan1 down
  • sudo iw dev wlan1 set monitor otherbss fcsfail
  • sudo ifconfig wlan1 up
  • sudo iwconfig wlan1 channel 13
Run the program with:
  • sudo ./rx -b 8 -r 4 -f 1024 wlan1 | gst-launch-1.0 -v fdsrc ! h264parse ! avdec_h264 !  xvimagesink sync=false
Once there is a valid signal from the transmitter, the wifi LED will start flashing and shortly after you should see a window with the stream pop up. 
To infinity and beyond!

You can close it with ALT+F4 and stop the wifi with 

  • sudo ifconfig wlan1 down

To start it up again, repeat the setup (no need to install anything again) and run the program. Here I'm using wlan1, because I'm assuming that like me, you'll be using a laptop, so wlan0 will likely be taken by the internal wifi card. This may however not be the case, unless you are sure, check with ifconfig

Scripting it because typing everything is for noobs

1) create a new file (with no extension) and open with a text editor of your choice (I used gedit)
2) paste the following into it:
  • cd $HOME/wifibroadcast
  • ifconfig wlan1 down
  • iw dev wlan1 set monitor otherbss fcsfail
  • ifconfig wlan1 up
  • iwconfig wlan1 channel 13
  • ./rx -b 8 -r 4 -f 1024 wlan1 | gst-launch-1.0 -v fdsrc ! h264parse ! avdec_h264 !  xvimagesink sync=false
3) save to a convenient place, like /home
4) type the following into terminal, replacing "script_name" with the actual one you saved:
  • chmod 755 "script_name"
This gives the script read and write permissions.
5) to run the script, you only have to type:
  • sudo ./script_name
Again, replacing "script_name" with the actual one. You have to use sudo, because it needs permissions to tweak the wifi dongle. Without it, it'll never run.

Saturday, April 9, 2016

Dual boot for Windows 8 with Bitlocker and Ubuntu 14.01 LTS, UEFI version

  • Make sure you are booting in UEFI, not legacy mode. Seriously, check that shit.
  • Turn off secure boot.
  • Windows 8 goes first. For good measure, make sure the drive is GPT, not MBR. This can be done even in the install by clicking the "repair" and clicking your way to a commandline (tons of how-to's on teh interwebs)
  • If you need to make a UEFI-capable install USB flash, simply use diskpart to: 1) clean the drive 2) convert to GPT 3) create a primary partition DO NOT mark it active!!! 4) format it to FAT32 5) assign a letter. Close Diskpart, if you have a ISO somehow extract it (W8 and later can mount ISOs as a virtual drive; winzip can open it like an archive), dump the contents straight to the flash.
  • Create a patition for windows, make sure you leave enough space for Ubuntu, 10GB seems to be the recomended minimum. Windows installer should tell you that it's going to create additional pratitions, there should be a total of 4 including the one you made.
  • After the install and initial config, set up Bitlocker, save the keyfile outside the encryped drive, encrypt drive. Take ownership of the TPM. Reboot and make sure it works.
  • Disable fast boot, otherwise stuff WILL BREAK. There's little difference having it on for SSDs, magnetic drives are a different story though. The checkbox can be found in power management ->buttons setup ->the top "change what you can't now..." checkbox -> allow fast boot (uncheck).
  • Install Ubuntu. Bootable USB the same way as for windows. I chose 14.01 LTS, but I see no reason the newer versions would not work. Run the setup in "install alongside windows" mode. Partitions can be shrunk later. Make sure you note down all the passwords and pass phrases you set up. Test Ubuntu boot.
  • Test Windows boot. Most likely it will require you to input the key that you should have saved outside the encrypted drive. If you didn't, you're a dumbass and now have locked yourself out. Best start over.
  • boot Ubuntu, Change UEFI boot order via efibootmgr - in terminal type sudo efibootmgr -v  to see whats going on (you'll see quite a few  things with 4-digit numbers, and the boot order), then type sudo efibootmgr -o with the altered boot order. You'll most likely be switching the 2nd for the first. This is not fuck-up-resistant! You screw up - no worky worky!
  • If windows boot works, reboot again. If it keeps requesting you input the key every time you boot, you have to take ownership of the TPM again. If the greedy bastard keeps insisting you input the key over and over again despite you taking ownership of the TPM, something's fucked up and you have a long Google session ahead of you.
  • You will most likely not see any mention of Ubuntu during boot anymore, but fret not, try mashing whatever key brings up the boot menu before it starts booting, you should see "windows...something" and "ubuntu". This will be the way for choosing. Should also work for additional UEFI installs, the names seem to match the directories in the \EFI  
  • Turn secure boot back on
  • Install drivers and crucial software for both systems, make a disk image. Seriously, do that, the time you save when reinstalling is makes this worth it. Save the keys, passwords and passphrases with the image, as it's useless without them.
  • Enjoy your dual-boot.

This was done on a Lenovo x230 running an aftermarket SSD, Windows 8.1 and Ubuntu 14.01 LTS, all from UEFI-capable bootable USB flash drives. Both OSs run in secure mode with no bitching.
The boot menu is slow to load (10s for me), but that seems to be feature, not a bug.
Your results may vary, as i uderstand UEFI implementation is not perfectly the same for all PCs.

Thursday, April 7, 2016

Dual boot for Windows 8.1 and Ubuntu with encryption galore, MBR version

word of warning - this is for patient people only. If you are known to chimp out after 4 hours of something refusing to work as it's supposed to - I'd suggest something different...

On to the magic, why would you do this?
I have a Lenovo x230 laptop to which I cheaply bought windows 8.1. Once you get Classic Shell installed, it even mostly feels like W7 which boots insanely fast. I'll gladly admit that I'm a windows guy, it's what I feel at least slightly comfortable working with since I practically grew up with it. Venturing into Linux territory usually means Google is working overtime and it takes a fuckton of time to get anything done, because everything is different. Don't even get me started on OS X.
That being said, Linux allows for certain unicorns that are not possible (or horribly difficult) on Windows because of the way the drivers work. Monitor mode for WiFi adapters is one of those things, extremely useful if you wish to do any type of poking with WiFi, good or bad. It's what allows Wifibroadcast to shove packets into the WiFi adapter without caring where or if even at all the end up at. It also allows receiving mangled packets (only some chipsets though, Atheros has long history of that).

Why would you do it like I did?
These days, a healthy dose of computer paranoia tends to be quite reasonable, given how much sensitive info can be extracted out of your daily use PC. Just the windows password is the equivalent of a 1 meter high decorative fence around your house. Enough to make normies understand that you don't want them rummaging through your stuff, but obviously very easy to defeat by multiple methods. So, if you want something a little more resilient, there's encryption.
Now common 256bit AES is enough to make even American 3-letter agencies pissed (btw it's approved for use on top-secret information), your average tech-sawwy criminal has no hope in hell of defeating the encryption itself, (it's much easier to literally beat the password out of the owner) at least not in his lifetime.
Naturally, the one thing I was satisfied with on previous OS versions doesn't really work for W8, so I have to use Bitlocker. Because of how this thing works, IT needs to be the first thing to boot, otherwise it's a no-go. Yes, having to boot most of windows only to tell it that you want linux and letting it reboot is kinda silly now that I think about it, but until M$ acknowledges that they could do a better job on the bootloader, it's the only way of running it like this.
If it weren't for the Bitlocker part, you can happily use the automated install and let linux configure everything for you. But if you need your tinfoil hat, it's hacking time!

Loosely following this guide, (loosely meaning not everything was exactly acording to this guide, there were others as well...), I created 2 partitions for Linux, one for root, the other for swap. The root one needs some space to be usable, exact figure depends on what you want install, but mine is roughly 20GB. Swap should be more then happy with 4GB, although I used 8GB. Don't know why (the machine has 8GB RAM), but I saw this once the win was set up and I didn't feel like doing it again (can't move the boot partition without breaking booting).
Then I let windows create it's boot partition and gave it some reasonable space for C:, roughly 50GB and let it install. Once that's done and you have most of the stuff installed, turn Bitlocker on, configure the TMP, then turn it off again. (where have I heard that before...oh right, I have the misfortune to do IT support for a living...).
Once that's done, I'd suggest making an image of the machine, because if you fuck up the following steps, it's really hard to fix. Much easier to just restore. I personally like Clonezilla. I tend carry in on a multiboot flash along with other goodies.
Install your Linux of choice, but you can't use the "auto" install, you have to do it manually. Tell it to use the bigger linux partition as /root and format it to EXT4 and to use the swap as...swap. Install everyhing. Once that's done, DO NOT let it place the bootloader into the MBR (if you do, windows will not boot), instead plop it into the /root partition.
If you've customised the crap out of the thing during install and windows STILL boots, make another image, saves time if you fuck up the bootloader.

Now comes the "fun" part. (link to source)
Boot some kind of linux from a flashdrive, somehow determine what is your partition of interest (gparted has a nice GUI; or just fdisk -l) and make note of it, it has to be the /root (or whatever you stashed the bootlader into). Do dd if=/dev/sda1 of=/tmp/linux.bin bs=512 count=1 , replacing sda1 with the patition with the bootloader.
This will make and copy linux.bin into the tmp folder (it's in /root). From there, copy it either to a flash drive or if you feel like it, plonk it straight into the root of C:. Boot into windows.
Launch cmd with admin rights and do bcdedit , it should dump the current state.
Now, do bcdedit /create /d “GRUB” /application BOOTSECTOR , you can replace the "GRUB" with whatever you want to name the entry (it will show up as the selection of what to boot). You will get a long GUID in curly brackets, copy that shit.
Now, do bcdedit /set {GUID} device boot , {GUID} is what you should have copied from the previous step.
Next do bcdedit /set {GUID} PATH \linux.bin
then bcdedit /displayorder {GUID} /addlast to put it below the win8 selection,
then bcdedit /timeout 10 , the number is timeout in seconds. I recommend less, 5s is plenty enough.
The final step is bcdedit /set {LinuxID} device partition=C: , this tells it which actual partition it can find the linux.bin.
Once you feel you did all that you should, do bcdedit again and check that the second entry looks something like this:
Real-mode Boot Sector
identifier              {a33bafb4-fc1d-11e5-8259-3c970e62ae2e}
device                  partition=C:
path                    \linux.bin
description             Ubuntu
Obviously, the identifier will be diefferent and the description will be whatever you made it.
The device part is what took me almost 8 hours of trying various things, including different distros and what have you, only to realize that there is no way the system can know where to look for the bootloader. After extensively searching how to use the bcdedit /set , I found this, did it, tested it, found it working exactly as it should, did the "yatta!" and went on to post a comment to the M$ blog article, only to find THAT EXACT THING THAT TOOK SO LONG TO FIND was there all the time... read the comments...
If both systems boot, turn on bitlocker, make sure TPM is running (otherwise you'll have to manually input the long key every time) and let it encrypt.

Last but not least, make a partition on the remaing unused diskspace and format it to NTFS. Then install Truecrypt (or other encryption SW of your choice) on both systems and encrypt the partition, it will serve as a safe datastore that both systems can access.

Now make the final image of the machine and store it safe, unless you want to ever go through this again. Enjoy your reasonably secure dual boot system.