Libreboot X200s Flashchip Replacement

Libreboot X200s Flashchip Replacement

In my first Libreboot post I talked about how awesome the project is and how I decided to order a Lenovo X200s on eBay to give it a try. While reading the documentation they talk about how the X200s using a WSON flash chip instead of a SOIC chip that the other laptops use. The downside to this is that they do not have a clip on programmer and it requires you solder directly to the pins. The author includes a note that you might be able to replace the chip with the one that comes in the X201.

http://libreboot.org/docs/install/x200_external.html#clip

For 8MiB capacity in this case, the X201 SOIC-8 flash chip (Macronix 25L6445E) might work.

Honestly this is not really a problem but I saw an opportunity to possibly help someone else and the project by giving this a try. If you were to brick the firmware after your initial flash you would have to open everything up and solder the board again. I ordered the two parts on Digikey: 1092-1065-ND for the recommended SOIC flash chip and 923655-08-ND for the test clip. It looks like you can get cheaper test clips online but I stuck with ordering from a single source.

The Process

The first step was to tear the laptop apart so I could easily get to the flash chip on the bottom. After that I wanted to carefully remove the original WSON package so if things do not work out I will be able to put it back on and not destroy the laptop. If you are new to soldering I would not recommend you try this project. The actually process of removing the WSON chip was a lot harder than I expected. You need to be careful not to get the chip and the board too hot. In the middle under the chip there is solder that needs to be heated up as well as the pins.

wsonIMG_20160104_233619862

Conclusion

I decided to abandon the process because it was much more difficult to remove the chip than it was to solder wires to it. If I had a hot air rework station and more experience this would have been possible without destroying the board.

I was also able to successfully flash the chip before it was connected to the motherboard. I actually grounded pins 3 and 7 during the flash process instead of hooking them up to 3.3V.

I think I will save my extra chips to see if I can replace the 4MBit ones that are on the Gigabyte motherboard I just got off eBay… article coming soon.

IMG_20160104_225730122

pfSense Firewall Upgrade

pfSense Firewall Upgrade

Recently I shutdown my 1U servers and decided to move them into the spare bedroom. To my surprise they were making less noise than I originally thought. A lot of the noise was coming from the pfSense firewall I recently replaced my ASA with. The server is an atom board with passive cooling mounted in an older Supermicro case.  All of the noise was being generated by the 200 watt power supply.

I did some bad calculations to determine how many watts the system was currently using then started researching some ways to quite down the power supply. There were a couple people online that swapped the power supply out with a similar unit but I did not think that would be enough. I knew there were fanless power supplies but did not know much about them. They are called PicoPSU and come in various wattage outputs but most of them are designed for larger cases and need at least 1.5U.

The lower wattage PicoPSU is supposed to fit a 1U case. They make these power supplies so small by moving the AC to DC conversion to a power brick like a laptop. I ordered the PicoPSU-120 + 102W Adapter Power Kit for $52 online and hoped it would be enough. It was difficult to find how much power would be used by the POE Gigabyte ethernet adapter that I installed to power my access points but I was able to borrow a Kill A Watt from a friend and got a good reading… although I will admit this was a day or two after I placed my order.

IMG_20151227_105407512

End Results

When I was planning the project I originally planned on removing the old power supply and fabricating a bracket to hold the power adapter. Once I got the server apart again and was looking at the back I decided that was a lot more trouble then it was worth. I also thought it might be nice to leave the old power supply in place for a manual fail over backup. I plugged the PicoPSU in and wired everything then decided to drill a 5/16th hole into the PCI bracket. This held the power adapter very nicely and looked cleaned.

The new setup works great. It is now impossible to tell if the firewall is running or not without taking a look or hoping online.

IMG_20151230_144358498
IMG_20151230_144435488

 

Why I Disabled Google Analytics

Why I Disabled Google Analytics

I decided to disable Google Analytics on my site and delete my account. I have also begun cleaning up other accounts I have online.

While it is kind of cool to look at the traffic and see things increase over time I also understand not everyone wants to be tracked. There has been an increasing call for security and privacy when using the internet. Personally I run Privacy Badger which is developed with the EFF. This browser plug-in can prevent sites from tracking you.

An example of tracking could be a website using your cookie information to see what other websites you or your web browser have been visiting. If a user is shopping online a website may be able to get an insight into the products you are looking to buy and how you are searching for them.

This is very hard to detect as an internet user. However, I ran into one example that is easy to see. While I was shopping at a popular geek website and thinking about buying a product I added it to my shopping cart. It is important to know that I have never shopped there before and did not have an account. I left the website without buying the product or creating an account. Amazingly the next day I received an email offering a 10% discount for the product I had left in my shopping cart. The online store stole cookie information from my Gmail account in order to be “super helpful” and offer me a discount if I returned.

Now, you might be thinking well that is a nice and reasonable way to benefit their customers and for the most part I would agree. Privacy Badger allows you to white list domains if you wanted to use their tracking features. Without the plug-in and privacy conscious browsers there are so many other malicious ways this data could be used.

CISPA, which has been known by other names, has been repeatedly spoken out against by the American people. It is pretty much a surveillance bill that will let companies share your information in the name of security. Unfortunately with the year end budget package a technology bill was tossed into the mix and my understanding is many people considered this a must pass “Omnibus” package. The EFF does a much better job than I can explaining the bill but I am going to take steps to protect my privacy because of it. Those steps may include switches services and in this case to stop storing data.

More information here:
https://www.eff.org/deeplinks/2015/12/statement-finalized-congressional-cybersecurity-bill

Installing Debian on a Libreboot X200s

Installing Debian on a Libreboot X200s

The Libreboot documentation located here provides some really good information for helping you installing your Linux distro. Before I flashed my laptop I had installed Ubuntu to test everything and make sure it worked well. After I finished flashing it I tested various things like sleep and booting from my tails USB drive. Next it was time to install Debian on the primary hard drive.

Booting ISOLINUX images (manual method)

For whatever reason my tails flash drive booted with no problems using Parse ISOLINUX menu (USB) but the Debian flash drive only loaded the background and would not boot. After looking again at the documentation I found the manual method.

These are the commands I had to run for my Debian 8.2 AMD64 USB drive:

cat (usb0,msdos1)/isolinux/txt.cfg

set root=’usb0,msdos1′
linux /install.amd/vmlinuz vga=788
initrd /install.amd/initrd.gz

boot

I used an encrypted LVM partition layout during the installation. An interesting thing about Libreboot is it uses a GRUB payload built into the firmware. Therefore when you tell your installation to setup the GRUB boot record that information is basically ignored.

Again… they have more information to help you through this! http://libreboot.org/docs/gnulinux/grub_cbfs.html 

I have been pretty impressed by their documentation and it has had information about all the things I have run into along the way. Of course it is not specific information regarding my linux distribution but it is fairly easy to figure out from what they have provided and then people like me can publish stuff for those who are a little newer to linux.

Search for GRUB configuration (grub.cfg) outside of CBFS

This option worked for me to boot Debian. At first I had planned on updating the GRUB payload in the firmware. I started working on that process and later decided it was a lot of hassle. For one, if I decide to update to a newer Libreboot release I will have to do this over again along with switching out the MAC address. Two, if I decide to install another Operating System the configurations may not match.

Another option was to add a symlink called libreboot_grub.cfg which points to the installed grub.cfg. It is important for this to be a symlink instead of a copy because this file can change during upgrades.

$ cd /boot/grub/
$ ln -s grub.cfg libreboot_grub.cfg

This is what I ended up doing. Simple, quick, effective.

Building my own Tastic RFID Thief, Part 2

Building my own Tastic RFID Thief, Part 2

I received my printed circuit boards and wrapped up my Tastic RFID Thief and wrote a review on the ordering process from OSH Park. I started soldering on the components and things fit well. If I were doing the project over again I would have ordered a socket to solder to the board instead of soldering the Arduino Nano directly although I am not sure if that would make it too tall.

IMG_20151205_133227872

I did not take as many pictures as I could have but I wanted to avoid modifying the HID case as much as possible. I ended up drilling out the hole in the back to fit a small switch and wired up the batteries in a series. They are secured using thick 3M double sided tape. I had a small issue with the tape coming loose so I used some sand paper to rough up the surfaces.

IMG_20151205_150023724_HDR

Libreboot X200s

Libreboot X200s

I wrote a small blog post explaining a little bit about the project. They provide a list of things to get started here! I received all my hardware sooner than I expected considering it was ordered right before Christmas.

Hardware:
  • Laptop, X200s – Ordered on eBay for under $100.
  • BeagleBone Black, Rev. C – I found mine on Amazon for just under $60.
  • External 3.3V DC Power Supply – I had this lying around from another project. It was designed to supply 3.3V or 5V power to a breadboard.
  • Misc wire

bbb-imageI found their documentation to be pretty straight forward and most of the time I do not believe in duplicating efforts. I am hoping to add more pictures and information that people might find helpful.

Read More Read More

The Libreboot Project

The Libreboot Project

libreboot-logoThe other day I discovered a project called Libreboot. Their goal is to provide free and open software to replace your current BIOS or UEFI boot firmware. Many people will wonder why there is a need for this and those are the people that this project probably is not meant for at this time. Closed source software is commonly referred to as a binary blob. This is because it is difficult to understand how it is programmed and what it is running behind the scenes which makes it hard to impossible to audit.

Most recently it was discovered that Juniper firewalls have had a back door programmed in them since about 2013. It is easy to imagine that the back door would have been caught if their operating system was open source since more people could be reviewing the code on a regular basis. A group of developers would have had to review the code changes through source control such as Git.

So Libreboot has many advantages in that sense which they lay out on their website. Here is a small quote from them:

Why use libreboot?

Many people use non-free boot firmware, even if they use GNU/Linux. Non-free BIOS/UEFI firmware often contains backdoors, can be slow and have severe bugs, where you are left helpless at the mercy of the developers; you have no freedom over your computing.

At this time the most supported hardware is older because it sounds like Intel is not very friendly to this movement and does not like to release documentation or information about their products. I ordered a Lenovo X200s so I could attempt to follow the documentation and run this freedom software. The laptop was less than $100 on eBay and should support most daily work. I am also planning a trip to Def Con 24 in 2016 so this will be good hardware to bring instead of my work laptop.

Once I get everything I have some other blog post ideas so check back if you are interested.

Arduino 4way-if ESC Flashing

Arduino 4way-if ESC Flashing

While I was researching ESC flashing I ran across a YouTube video of someone using the Arduino 4-way interface and a custom built cable to flash multiple ESCs all at once. The idea is once an aftermarket firmware is flashed to an ESC it needs to be upgraded when new releases come out. There are also other settings that can be changed to help performance in some cases. His setup worked (I can’t find the video to link it…) but I thought it could be improved on by using an Arduino ProtoShield. The cable just seemed a bit flimsy and did not look like it would hold up over time so I ordered the Bare PCB ProtoShield from SparkFun for $4.95.

reader-connected

Read More Read More

Ordering Printed Circuit Boards – OSH Park

Ordering Printed Circuit Boards – OSH Park

Positivesosh_logo

  • Easy!
  • Quick
  • Cheap
  • Made in the USA

OSH Park made the ordering process so easy. I simply uploaded the zip file containing the board documents and it automatically processed everything. I was able to review what I uploaded to verify it looks good then place my order. I didn’t need to know board size, number of layers, thickness, or anything that some other ordering places require.

Negatives

  • Must order at least 3

Neutral

  • Can’t pick board colors

Personally I do not mind the purple boards but I could see some people wanting a specific color for some projects.

Recommendation

Timeline: Keep in mind Thanksgiving was during this period and may have slowed down the process.

  • Nov 19th – Placed Order
  • Nov 19th – Assigned to Panel and sent to fab
  • Nov 30th – OSH Park received from fab
  • Nov 30th – OSH Park shipped to me
  • Dec 5th – Arrived at my house

Yes, I would definitely recommend OSH Park for ordering custom printer circuit boards. Just for kicks, I uploaded the SparkFun Arduino Shield but to order three it was more expensive than ordering from SparkFun. If you need more options and know what you are doing then it might be better to check elsewhere but for a new developer that just wants a quick custom board this is a fantastic place to go. I am not an expert, by any means, but quality looks great to me.

Is Simply Enabling SSL Enough?

Is Simply Enabling SSL Enough?

aplusWhen I decided to actually start blogging again–even though I get very little traffic–I thought it was important to enable SSL because I believe in encryption. There was a time when anyone, with little to no IT knowledge, could sit at a Starbucks and intercept login information for anyone using the wireless. Nowadays that traffic is encrypted by default because of a push to increase security and protect your users. Now it is frowned upon it accept login credentials without SSL being configured. To keep this post short I will not get into information on what some people are calling the next cryptowars.

I moved this blog to a VPS provider and setup a simple LAMP stack with all the latest updates. Then from there I restored my blog and, finally, configured encryption. Good enough, right? Everything is fully up-to-date and encrypted so what is next? I came across various hardening guides and a free tool from Qualys called SSL Labs. This tool is capable of scanning a website from the outside and provides an in-depth look at the SSL configuration. I was a bit surprised when my website returned a C grade but after reviewing the report it made a lot of sense.

Configuration Issues

  • SSL 3 enabled (POODLE attack) – Grade capped to C
  • Accepts RC4 ciphers – Grade capped to B
  • Server does not support Forward Secrecy
  • Cert Chain contains anchor
  • Incorrect SNI alerts

Read More Read More