Getting Root On Linux Amplifier Adds New Inputs

February 3, 2022 by Tom Nardi 26 Comments

We remember when getting Linux on your average desktop computer was a tricky enough endeavor that only those with the most luxurious of graybeards would even attempt it. A “Linux box” in those heady days was more than likely an outdated machine salvaged from the dumpster, side panel forever removed, cranking away in a basement or garage. Fast forward today, and Linux is literally everywhere: from smartphones and luxury cars, to TVs and refrigerators. Ironically it’s still not on most desktop computers, but that’s a discussion for another time.

So when [Michael Nothhard] sent in the fascinating account of how he hacked his Linux-powered Bluesound Powernode N150 amplifier to unlock more inputs, the least surprising element was that there was a “smart amplifier” out there running the free and open source operating system. What piqued our interest was that he was able to bust his way in with relative ease and enable some impressive new capabilities that the manufacturer would probably have rather been kept under wraps.

Configuring the CM6206’s audio settings.

[Michael] explains that the N150 has a USB port on the back side of it, and that officially, it only works with mass storage devices and a handful of approved peripherals such as a Bluetooth dongle. But as he was hoping to connect some more devices to the input-limited amplifier, he wondered if he could get a USB audio adapter recognized by the OS. After using a known exploit to get root access, he started poking around at the underlying Linux system to see what kind of trickery the developers had done.

Based on a fairly common C-Media CM6206 chipset, the StarTech 7.1 USB audio adapter was picked up by the kernel without an issue. But to actually get it working with the amplifier’s stock software, he then needed to add a new <capture> entry to the system’s sovi_info.xml configuration file and make some changes to its default ALSA settings. With the appropriate files modified, the new USB audio input device popped up under the official Bluesound smartphone application.

At the end of the write-up [Michael] notes that you’ll need to jump through a few additional hoops to make sure that an upstream firmware update doesn’t wipe all your hard work. Luckily it sounds like backing up the configuration and returning it to the newly flashed Powernode is easy enough. We’ve certainly seen more elaborate methods of gaining control of one’s sound system over the years.

Linux Arcade Cab Gives Up Its Secrets Too Easily

February 1, 2022 by Dave Rowntree 9 Comments

Sometimes reverse engineering embedded systems can be a right old faff, with you needing to resort to all kinds of tricks such as power glitching in order to poke a tiny hole in the armour, giving you an way in. And, sometimes the door is just plain wide open. This detailed exploration of an off-the-shelf retro arcade machine, is definitely in that second camp, for an unknown reason. [Matthew Alt] of VoidStar Security, took a detailed look into how this unit works, which reads as a great introduction to how embedded Linux is constructed on these minimal systems.

Could this debug serial port be more obvious?

The hardware is the usual bartop cabinet, with dual controls and an LCD display, with just enough inside a metal enclosure to drive the show. Inside this, the main PCB has the expected minimal ARM-based application processor with its supporting circuit. The processor is the Rockchip RK3128, sporting a quad-core ARM Neon and a Mali400 GPU, but the main selling point is the excellent Linux support. You’ll likely see this chip or its relatives powering cheap Android TV boxes, and it’s the core of this nice looking ‘mini PC’ platform from firefly. Maybe something to consider seeing as though Raspberry Pis are currently so hard to come by?

Anyway, we digress a little, [Matthew] breaks it down for us in a very methodical way, first by identifying the main ICs and downloading the appropriate datasheets. Next he moves on to connectors, locating an internal non-user-facing USB micro port, which is definitely going to be of interest. Finally, the rather obvious un-populated 3-pin header is clearly identified as a serial port. This was captured using a Saleae clone, to verify it indeed was a UART interface and measure the baud rate. After doing that, he hooked it into a Raspberry Pi UART and by attaching the standard screen utility to the serial device, lo-and-behold, a boot log and a root prompt! This thing really is barn-door wide-open.

Is that a root prompt you have for me? Oh why yes it is!

Simply by plugging in a USB stick, the entire flash memory was copied over, partitions and all, giving a full backup in case subsequent hacking messed things up. Being based on U-Boot, it was a trivial matter of just keying in ‘Ctrl-C’ at boot time, and he was dropped straight into the U-Boot command line, and all configuration could be easily read out. By using U-Boot to low-level dump the SPI flash to an external USB device, via a RAM copy, he proved he could do the reverse and write the same image back to flash without breaking something, so it was now possible to reverse engineer the software, make changes and write it back. Automation of the process was done using Depthcharge on the Raspberry Pi, which was also good to read about. We will keep an eye on the blog for what he does with it next!

As we’ve covered earlier, embedded Linux really is everywhere, and once you’ve got hardware access and some software support, hacking in new tricks is not so hard either.

Linux Fu: Bash Strings

January 26, 2022 by Al Williams 40 Comments

If you are a traditional programmer, using bash for scripting may seem limiting sometimes, but for certain tasks, bash can be very productive. It turns out, some of the limits of bash are really limits of older shells and people code to that to be compatible. Still other perceived issues are because some of the advanced functions in bash are arcane or confusing.

Strings are a good example. You don’t think of bash as a string manipulation language, but it has many powerful ways to handle strings. In fact, it may have too many ways, since the functionality winds up in more than one place. Of course, you can also call out to programs, and sometimes it is just easier to make a call to an awk or Python script to do the heavy lifting.

But let’s stick with bash-isms for handling strings. Obviously, you can put a string in an environment variable and pull it back out. I am going to assume you know how string interpolation and quoting works. In other words, this should make sense:

echo "Your path is $PATH and the current directory is ${PWD}"

The Long and the Short

Suppose you want to know the length of a string. That’s a pretty basic string operation. In bash, you can write ${#var} to find the length of $var:


#/bin/bash
echo -n "Project Name? "
read PNAME
if (( ${#PNAME} > 16 ))
then
   echo Error: Project name longer than 16 characters
else
   echo ${PNAME} it is!
fi

Continue reading “Linux Fu: Bash Strings” →

Major Bug Grants Root For All Major Linux Distributions

January 26, 2022 by Bryan Cockfield 65 Comments

One of the major reasons behind choosing Linux as an operating system is that it’s much more secure than Windows. There are plenty of reasons for this including appropriate user permissions, installing software from trusted sources and, of course, the fact that most software for Linux including the Linux kernel itself is open source which allows anyone to review the code for vulnerabilities. This doesn’t mean that Linux is perfectly secure though, as researchers recently found a major bug found in most major Linux distributions that allows anyone to run code as the root user.

The exploit is a memory corruption vulnerability in Polkit, a framework that handles the privilege level of various system processes. It specifically impacts the program pkexec. With the proof-of-concept exploit (file download warning) in hand, all an attacker needs to do to escalate themselves to root is to compile the program on the computer and run it as the default user. An example is shown by [Jim MacDonald] on Twitter for those not willing to try this on their own machines.

As bad as this sounds, it seems as though all of the major distributions that this impacts have already released updates that patch the issue, including Debian, Ubuntu, Red Hat, Fedora, open SUSE, and Arch. There is also a temporary workaround that removes read/write permission from the pkexec program so it can’t run at all. That being said, it might be best to check that your Linux systems are all up-to-date and that no strangers have been typing random commands into the terminal recently.

Another Homebrew Linux Board Success Story

January 3, 2022 by Tom Nardi 26 Comments

It’s truly incredible what the hobbyist is now capable of. While it would have seemed all but impossible a few years ago, we’re happy to report that yet another dedicated hardware hacker has managed to spin up their own custom Linux single-board computer. Creator [Ian Kilgore] tells us the only goal when developing CATFOOD (yes, that’s the name) was to gain confidence with at-home board production, so it looks like a success to us.

To those who’ve been keeping an eye on this sort of thing, it will probably come as no surprise to hear [Ian] was inspired by the work of [Jay Carlson], who arguably kicked off this whole trend when he put together a bevy of homebrew Linux boards in an effort to compare different System-in-Package ICs. His incredibly detailed write-up of the experience and lessons learned along the way has emboldened other brave souls to take up the challenge.

The USB-C powered board uses an ARM i.MX 6ULL processor and features DDR3, NAND flash, and an Ethernet interface. That last one was the biggest deviation from the reference design, which meant it took a little fiddling to get right. For anyone playing along at home, [Ian] collected up the lessons learned while developing CATFOOD, bringing the whole learning experience full circle.

If you’re interested in more homebrew Linux SBCs, we’d highly recommend reading up on the WiFiWart developed by [Walker]. Over the course of about six months, we got to watch the open hardware board go from concept to a diminutive first prototype.

Linux For The Paranoid Does The Work For You

December 22, 2021 by Al Williams 42 Comments

We all know that our activity on the Internet is not that hard to track. It just annoys some people more than others. If you are really hardcore, you’ll learn all the ins and outs of networking to help cover your tracks, but what if you don’t want to invest that kind of time? Maybe, as [TechRepublic] suggests, try Kodachi Linux.

You could, of course, start with your own live image. Then when you boot, you could take the following steps:

Randomize your MAC Address
Establish a TOR connection through a VPN
Route all internet traffic through TOR and use DNS encryption
Set up a scheduled task to scramble your MAC address periodically

But that’s what Kodachi does without any real effort on your part.

The distribution is based on Ubuntu, so all the familiar tools are there. There are also a few security and privacy tools included like KeePass, Tox, OnionShare, i2p, and more. The desktop shows a summary of secure network information

Do you need Kodachi? Probably not, if you are a Linux guru. Plus, most people aren’t doing anything that’s that interesting. But if you want to protect your privacy or you are up to something, give Kodachi a try. Then again, if you are that paranoid, maybe that’s just what THEY want you to do. Make your own decisions. You can also check out the video review from [eBuzz Central] below.

Looking for more conventional Linux? Why not Rocky Linux? If you just want a VPN, you can always just use ssh.

Continue reading “Linux For The Paranoid Does The Work For You” →

Running Octoprint On A PinePhone Turns Out To Be Pretty Easy

November 30, 2021 by Donald Papp 11 Comments

3D printer owners have for years benefitted from using Octoprint to help manage their machines, and most people run Octoprint on a Raspberry Pi. [Martijn] made it run on his PinePhone instead, which turned out to be a surprisingly good fit for his needs.

While [Martijn] was working out exactly what he wanted and taking an inventory of what Raspberry Pi components and accessories it would require, it occurred to him that his PinePhone — an open-source, linux-based mobile phone — would be a good candidate for his needs. It not only runs Linux with a touchscreen and camera, but even provides USB, ethernet, and separate DC power input via a small docking bar. It looked like the PinePhone had it all, and he was right. [Martijn]’s project page gives a walkthrough of the exact steps to get Octoprint up and running, and it even turns out to not be particularly difficult.

[Martijn] is no stranger to hacking his PinePhone to do various things; we’ve already seen him add thermal imaging to his PinePhone. For those of you who are intrigued by the idea but don’t own a PinePhone? Check out the octo4a project, which allows running Octoprint on Android phone hardware.