payment slip reader

Probably the first time I got in contact with one of the pen style payment slip readers, was when I was working for TCG. They only come with drivers for Windows and in the meantime also for Mac. I contacted their support more than once, asking for a linux driver. No success so far. So I decided to get one cheap from ricardo.ch (similar to ebay.com). I was really lucky, and got one that makes noise when shaking for CHF 5. A new one would cost more than CHF 200. They have a very effective way of making sure people buy new ones from time to time. They just don’t release drivers for the older devices on newer versions of Windows. Well, that happens a lot in the Windows world, that people are forced to buy new devices. So there are a lot of devices floating around on ricardo.ch which only run on WindowsXP 32bit. Mine is one of those, but since I want to use it on linux that should be no problem.

When I first plugged it in, the USB id was recognized correctly:

$ lsusb
...
Bus 002 Device 010: ID 0a93:0002 C Technologies AB C-Pen 10

But that was about it.

Trying to capture the communication on the USB port worked nicely with WireShark under ubuntu. But as I had no driver for it, there was not much communication to monitor. So I had to capture on a Windows box. Not so easy in a Windows-free zone. I have a VMWare virtual machine on my harddisk that I used some time ago to maintain an ancient project. But the outdated WMWare-Player could not run with my current installation. I had to upgrade it. It compiled the kernel modules with some minor help. But then the VM wouldn’t boot. I suspect, they changed the hardware they emulate. That would be no problem with linux, but Windows has real trouble with changing hardware. That was the same reason, I could not migrate that VM to VirtualBox some years ago. So, I installed a new Windows VM with VirtualBox. But now I could not figure out how to make the USB device accessible to the guest OS. The next try was qemu. It’s not as point and clicky as the other two products, but it’s really powerful and comes with loads of features. I grow to like it ever more. Continue reading “payment slip reader”

The cheapest netbook

When I read this blog post telling that there are netbooks available from china for $65, where it is possible to install a proper linux distro, I knew I must have one. Yes, the specs are lowest end, but even more so is the price. It has a WonderMedia 8650 system on a chip. That’s an ARM CPU running at 800 MHz with 256MB RAM. These chips are normally used for low end tablets, and you see that with other things. The netbook has a 7 inch screen with 800*480 pixels and runs Android 2.2. So the device could be described as a tablet with a keyboard, touchpad, wifi, ethernet and three USB host ports, but no touchscreen, accelerometer, GPS, camera nor bluetooth.

From AliExpress, I ordered a device that seemed to be the same as mentioned in the blog. Continue reading “The cheapest netbook”

Raspberry Pi – at last

The raspberry pi, for those living under a rock, is the $25 linux pc that was announced big almost a year ago. It has a 700Mhz ARM CPU, 256MB RAM and an OpenGL ES capable GPU. To enable hardware hacking it comes with lots of GPIO pins. All in all about the performance of a premium smart phone from three years ago. But at $25 !!! The primary focus are school children, and the foundation wants to bring the fun on computing back to the children. Like every geek who read about it, I couldn’t wait to get one. First, the launch was scheduled for September or October, then postponed to February. The foundation decided they would outsource the shipping to some big electronics companies. They told them that a lot of people would try to get one of the first 10’000 boards, but still they weren’t prepared at all. The websites of the pi foundation as well as farnell and rs components were down the entire day. I got up earlier that day, hoping to be amongst the lucky ones. Later I signed up for a pre order somewhere in the queue for an upcoming batch. As with the first batch, each person could still order only one board. Then about a month ago, I received a mail indicating that it was time to place the order. And today I finally received it. Continue reading “Raspberry Pi – at last”

Correcting the date in the EXIF meta data of a jpeg image

Lots of cameras have a wrong date configured. Mine is even worse: It has a dead internal battery, so it looses the date and time every time I turn it off. When you take a picture, the wrong date is saved to the meta data tags of the resulting photographs. Afterwards, you import them with a photo management tool such as shotwell, and they show up in the wrong place. Sorting doesn’t give you a chronological order. So I was looking for a simple tool to fix the embedded dates. I found exiv2. To install it, type:

sudo apt-get install exiv2

Strangely, it seems to allow only shifting the timestamp and not explicitly setting it. But that’s ok, it is probably the more common case. To adjust the timestamp from 25.7.2009 to 17.6.2012 execute the following:

exiv2 ad -Y3 -O-1 -D-8 ~/Pictures/2009/07/GOPR050*.JPG

recovering files from a repurposed harddrive

Recently, I was searching for a bunch of photographs on all of my harddisks, and couldn’t find them. I know they had been there on the old notebook and on the old computer, and I thought I had copied them over. I could also not find them on any of my backup harddisks. Neither could I find any of the backup DVD’s containing the files that I was searching.

So I wanted to see if I could salvage them from an old hard-disk that I formatted and re-purposed. Actually, I installed a new operating system on that harddrive, but didn’t use it a lot. So, with regular tools that query the filesystem directly, you wouldn’t find a trace. From an eposide of hak5 I remembered that scalpel is a tool for just that. Scalpel is a data forensics tool, that scraps through all the blocks of a raw harddisk, searching for headers and footers of known file formats. This works fine as long as the blocks belonging to a file are arranged linearly, which is not always the case. So I did a quick read up on how it works, and gave it a try.

Here is a good tutorial.

Basically, all I had to do is un-commenting the line with the jpg header definition, and run scalpel on the raw device file (e.g. /dev/sdc1 ) while providing an output folder. That way, thousands of jpeg’s were restored. Lots of them were corrupted due to them not being linearly distributed on the disk. But still lots of files were usable. I’m still looking for the backup DVD’s, but at least I have a fall-back now.

Update 30. July 2014:

If the partition is still intact, testdisk might lead to better results.

Full disk encryption with the crypto stick

Last week I finished the udacity applied cryptography course. I did not as well as in the other courses, nonetheless I learned a lot and it was (as always) really interesting. We learned about symmetric and asymmetric encryption, hashes as well as key exchange and management. Each week in addition to the regular homework, we got a challenge question. For most of them, I invested some time, but then had to surrender. Well, I still managed to complete some of the challenges. The most fun for me was a side channel attack on the diffie hellman key exchange protocol. We had information on how many multiplications were required for the fast exponentiation of the RSA key on one end. That was enough to decypher the secret message. It was a good illustration of what has to be taken into account when developing real world cryptographic algorithms. And it reminded me of how some smart cards were hacked by closely monitoring the power consumption.

Now, it was time to put my crypto stick to use. My netbook still ran Ubuntu Maverick due to the horrible graphics card (gma500). So I waited for the release of Linux Mint 13 LTS. In the 3.3 line of kernels there is a poulsbo driver already included.

First I prepared the crypto stick according to this tutorial. After initially generating the keys on the stick for maximum security, I let myself convince to generate them on the computer to be able to make backups. I could not regenerate the authentication key so far, and thus I can’t use it for ssh at the moment. I’m still looking for a solution on that.

Then I installed the operating system along with the full disk encryption according to this tutorial. At first it didn’t work, but then I discovered that there was a mount command missing in the tutorial and thus the generated ramdisk was not written to the correct boot partition.

Here is how it works (as I understand it):

  • grub loads the kernel along with the initial ramdisk which contains everything necessary to communicate with the card.
  • The ramdisk also contains the keyfile for the encrypted root partition. Upon entering the correct pin, the smart card decrypts the key file (asymmetrically).
  • The key file in turn is used to (symmetrically) on the fly decrypt (and encrypt) all accesses to the root partition.

It was new to me how to put stuff into the vmlinuz ramdisk. Apparently the script to ask for the key and decrypt the key file, as well as the keyfile itself and all the other required stuff can be added by installing a hook that is executed whenever a new ramdisk is created. For example when installing a new kernel.

Not that I would have something stored on the harddisk, that would require such a level of security. But it’s interesting to set up and see how it works in action. The crypto stick adds a fair bit of security. As it has a smart card built in, a trojan couldn’t get hold of the private key, and a 2048 bit key is way harder to crack than a password that one can remember and type in every time.

Installing to an external harddisk with qemu

The harddisk of my aunt’s pc was broken, and I had an old disk around that I could use for replacement. Now I wanted to install it prior to go there. Of course there is the option to take my harddisk out, and use my PC to install her harddisk. But I wanted to use my machine for other things during that time. So I checked, if I can configure VirtualBox to use an external harddrive connected with an IDE to USB converter. I didn’t find such an option. So I read up a bit on qemu. I used qemu before, and quite liked it. Qemu is fully commandline which is cool sometimes, while other times I like to have a GUI such as with VirtualBox. This time it didn’t matter, I only needed to be able to install an iso onto the external harddisk. And it’s as easy as this:

sudo qemu -boot d -cdrom ~/Downloads/linuxmint-12-gnome-dvd-32bit.iso -hda /dev/sdc -m 512

The sudo is only required because as a regular user I don’t have write permissions on /dev/sdc.

edit 5.Aug 2012:

On Ubuntu 12.04 replace qemu with qemu-system-i386 or qemu-system-x86_64

OpenCL First Steps

There is an increasing noise about GPGPU computing and how much faster than CPU (even parallel) it is. If you didn’t hear about all that, GPGPU is about using the computer’s graphics card(s) to do general purpose computations. The key to the performance lies in the parallel architecture of these devices. From what I read, an average graphics card has 64 parallel units, but they are not as versatile as the CPU of which a typical PC these days has 4 cores. That means, if the task is well suited, it can boost performance significantly, but if not, it’s nothing more than a lot of wasted work.

So I wanted to see for myself. To get started I read the book “OpenCL Programming Guide“. It gave a good overview. But now it was time to give it a try.

Continue reading “OpenCL First Steps”

Screen went black

This morning, I had a short moment of horror when I turned on my Netbook. After the ubuntu splash screen, it went black and didn’t respond to any keys. The only response was for the power key, where it displayed the ubuntu splash screen again and shut down.

My Acer aspire one has the dreaded Intel gma500 poulsbo graphics card. This graphics chipset was bought by Intel, and it’s absymal driver support has embarassed them ever since. It is also the reason I still run maverick on the netbook. Knowing that, I was even more horrified by the screen turning black.

First thing was trying to boot an older kernel. In case you’re not presented with a grub menu, press shift after the BIOS.  Didn’t help, not even in recovery mode.

So I booted to a console, and examined

$cat /var/log/apt/history.log | tail

Start-Date: 2012-01-24  21:15:04
Commandline: apt-get install python-pyopencl
Install: nvidia-current:i386 (260.19.06-0ubuntu1, automatic), nvidia-settings:i386 (260.19.06-0ubuntu1, automatic), python-pyopencl:i386 (0.92~beta+git20100709-1ubuntu1), python-pytools:i386 (10-7, automatic), python-decorator:i386 (3.2.0-1, automatic)
End-Date: 2012-01-24  21:20:26

The only thing I installed yesterday was python-pyopencs as it was the only package in the repository that seemed like a starting point to experiment with OpenCL. It has dependencies to nvidia drivers, but I didn’t think that installing these would break my system.

So, all I had to do was “apt-get purge python-pyopencs nvidia-current nvidia-settings” and the system would boot again normally.

It’s amazing how a linux system that doesn’t boot can almost always be saved relatively easily. With a Windows system that has the same symptoms you’re fucked.

Running debian on a nas dongle [updated]

I used a nas dongle from ARP for a while to share an USB harddisk, and I always wondered about what’s inside. It’s a nifty little device that works reasonably well. It needed a reboot from time to time, and it had some issues with the filesystem. Because of the FAT filesystem it couldn’t store large files, but what I missed most was ssh. Not ssh itself, but scp, sftp and rsync. I knew that without further information it would be impossible to add these. But so far I couldn’t find out anything on the internet. Then somehow I found a blog post with a device that looked similar from the outside but was sold more like a hacker device. So I went to figure out if it’s the same. It looked similar from the inside as well. So, it is probably really a bifferboard. The pins for the serial console matched, which was even more proof…

The boot messages with the stock firmware look like this:  $ minicom -b 115200 -D /dev/ttyUSB0

Continue reading “Running debian on a nas dongle [updated]”