Latest Entries »

Raspis is down

Raspis server is down due to power maintenance on site. Sorry for inconvenience. Will update when power comes back up.

Comments have been fixed

Thanks to one fellow user (whose name I will not mention) for informing me that the comment function was broken. This was due to a problem in server configuration which has now been fixed.

I’ve also added an extra captcha field (in form of a simple math expression) to help reduce comment spam because it seems that spambots can easily beat reCaptcha checks.

Zebra power maintenance

Zebra server is down due to power maintenance on the site. Sorry for inconvenience.

Zebra is down

Zebra server is down due to issues with ISP. Should be rectified shortly.

Farewell to the old server. Long live KVM !

The old virtual server, which ran (and a number of other sites and services) will be shut down today. Although, it’s just an OpenVZ container running on someone else’s Linux box, it’s still a bit sad for me to shut down a server that I have maintained for nearly 10 years. It was the first ever VPS that I’ve ever maintained.
However, times have changed since and continuing to rent that server at the same price no longer makes economical sense when I can get a KVM with more memory, disk space and (best of all) freedom for less.

KVM offers much more freedom compared to OpenVZ. For example, I have bought a secondary IP for the KVM server and… assigned it to another KVM server which runs on a different machine. How did I do it ? I’ll tell you in the next post.

New server up !

If you can read this, is now live on a new server !
The old server will be decommissioned on September 1st.

UPDATE: IP changed once again, from test server to main one.

Zebra is down – power issues

Zebra server is down due to a power failure.

UPDATE: 4:00 PM EET: back online.

Raspis is offline – possible hardware failure

Raspis is offline, most likely due to a hardware failure. I will need to get to the server physically to fix it, so the server will remain down until tomorrow evening at the very least.
Sorry for the inconvenience caused.

UPDATE: Oct 8th, 20:30 EEST: Back online.

A quick update on my AC810 adventures.

I’ve decided against zRAM – that would require a kernel rebuild and this device has no recovery mode.
Even though “free” showed only a few MB free (max I saw was like 20 MB, usually it shows 5-6 MB), I’ve never ran out of memory when running any software on the device.

Installed some additional software on the device, all built from source, including dependencies:
TUN driver, bash shell, latest hostapd, latest OpenSSL, nano editor and OpenVPN.
I didn’t overwrite any stock binaries just to be safe and instead used a simple wrapper script (which uses LD_LIBRARY_PATH) to run newly installed software.

An interesting idea came to mind when building OpenVPN – what if I could just take one of the WiFi APs (this device has two, one for 2.4 GHz and one for 5 GHz band) and bridge it to a TAP interface instead of doing routing to a tunnel ? Devices connecting to the bridged WiFi would then connect directly to my home network instead of being routed through a tunnel.
A true home WiFi away from home experience without any setup required !
Since OpenVPN is CPU-bound, I’m not expecting to get full speed, but around 40 mbps should be achievable with good 4G reception. More than enough for my needs (remote work and game streaming).

At first, I wanted to preserve dual-band WiFi and create a third SSID (WiFi driver claims to supports this) for the VPN bridge, but Qualcomm’s binary driver has a bug which causes WPA authentication responses from the client device to always be sent to the primary WiFi SSID instead of the secondary SSID, which causes authentication failures. Third SSID only works as Open WiFi which won’t do for me.
I have explored a possibility of using ath10k open source driver from Driver Backports instead of the binary blob (this device seems to use Atheros QCA6174 for WiFi) but again, I cannot install it without rebuilding the kernel due to cfg80211.ko being built into kernel which conflicts with Driver Backports.

So in the end, I had to dedicate one of the existing WiFi APs for VPN bridge. I’ve decided to use the 5 GHz AP for VPN bridge for now and leave 2.4 GHz AP for normal WiFi use but I’m not sure whether I will leave it that way.

UPDATE: OpenVPN was doing 24mbps max with CPU maxed out and a lot of packet loss. Switching from OpenVPN to SoftEther increased speeds to over 40mbps (and zero packet loss). Maybe it can do even more, will need to test in a different location with better 4G reception.
SoftEther was pain in the but to cross-compile (required manual editing of Makefile) and get working though and I also needed to use preloadable_libiconv hack to get past the iconv() stuff as libc on the modem did not have gconv enabled.

I’ve recently bought myself a Netgear AC810 mobile hostpot. It is a rather old model but it’s lightyears better than those cheap Huawei soapbar-style modems which our ISPs provide. Also, since 4G is not my main connection and is only used on-the-go, I didn’t want to invest in a higher-end model, like Nighthawk M1 or M2.

Now, since I’m a computer geek, I wanted to take a look what’s under the hood of that small black box with an LCD screen on it.
I know that this thing, like most 4G routers out there runs some version of Linux. Now how do I access the shell ?
After some research, I found that there’s an AT terminal running on port 5510. Since this modem uses a Qualcomm chipset, it is probably based on the same software as those Sierra Wireless modems. Fortunately, the unit I have had all advanced AT commands (which are usually locked by a password, which in case of my model should be “whistler”) unlocked out the box.
But AT!CUSTOM=? returned an error. So there is some lock present. Fortunately, a keygen is available to enable custom commands on Qualcomm/Sierra Wireless modems. (use model MDM9x40)

With this keygen, I was able to unlock AT!CUSTOM commands (commands will again be locked after a reboot). On my particular unit, AT!CUSTOM=”ADBENABLE”,1 succeeded but did not actually enable ADB. But AT!CUSTOM=”ENABLETELNET”,1 did enable Telnet. I was able to get a password-less root shell on port 23. Bingo !

Now, for the specs:
SoC: Qualcomm MDM9640 (aka. Snapdragon X12), single core ARM Cortex-A7, 1.19 GHz
RAM: 160 MB
Storage: 512 MB, divided into multiple partitions, usable space is formatted as UBIFS. There’s a total of about 126 MB of usable free space available. Root is writable as are most other locations.
Kernel: Linux 3.10.49

Router’s interface is purely web-based. Even the LCD interface is done using a tiny DirectFB based web browser (WebKit based, judging from the logs) which simply loads a web page ( during boot. This browser seems to have some kind of custom API accessible via JavaScript. I have not yet fully reverse-engineered it but I do plan to do so.

For compiling custom software, Linaro v13.08 ARM toolchain should work, it has the same version of libc (eglibc 2.17) as that used on the router:
There are GPL sources provided, but compiling GCC toolchain from schratch is a large amount of work and the result probably wouldn’t work any better than the Linaro toolchain.

I was pleasantly surprised that Netgear developers have enabled the option to include a kernel configuration in /proc/config.gz, this should help greatly when building new modules for modem’s kernel. /proc/config.gz is a very rare sight on production devices. This modem is the first device I’ve ever seen to have /proc/config.gz enabled out of the box.

What I’ve done so far:
* Customized dropbear SSH server, (replace MIPS compilers with ARM ones in the build script) which works without relying on getpwnam(). Now, I can add a password and stop relying on Telnet for shell access.

* zRAM module. OS is extremely poorly optimized. With GUI and SSH running there’s only about 5 MB of RAM free !
* DnsCrypt for secure DNS lookups.
* OpenVPN client for VPN passthrough.
* Password lock for LCD UI

Will update.

Copyright © 2008-2024 DDS Central. Powered by WordPress. Theme: Motion (modified by DDS Central)