Mounting a Pi with Wheezy read-only

April 6, 2016

A while back, I had a need to make a Raspberry Pi have a read-only filesystem. I used the instructions at: github.com/tvdzwan/hyperion/wiki/Make-Raspbian-Read-Only to do so.

Just in case that goes away or changes, here’s what I did:

dphys-swapfile swapoff
dphys-swapfile uninstall
update-rc.d dphys-swapfile disable
aptitude install unionfs-fuse

Then create an executable script as follows in /usr/local/bin/mount_unionfs:

#!/bin/sh
DIR=$1
ROOT_MOUNT=$(awk '$2=="/" {print substr($4,1,2)}' < /etc/fstab)
if [ $ROOT_MOUNT = "rw" ]
then
  /bin/mount --bind ${DIR}_org ${DIR}
else
  /bin/mount -t tmpfs ramdisk ${DIR}_rw
  /usr/bin/unionfs-fuse -o cow,allow_other,suid,dev,nonempty ${DIR}_rw=RW:${DIR}_org=RO ${DIR}
fi

Next, make / read-only and mount /etc and /var as ramdisk in /etc/fstab:

/dev/mmcblk0p1  /boot           vfat    ro                0       2
/dev/mmcblk0p2  /               ext4    ro,noatime        0       1
mount_unionfs   /etc            fuse    defaults          0       0
mount_unionfs   /var            fuse    defaults          0       0

Finally, make the magic directories:

cp -al /etc /etc_org
mv /var /var_org
mkdir /etc_rw
mkdir /var /var_rw
reboot

Recently, I had to add a user to a group. To do that, I used:

umount /etc
mount -o remount,rw /

to make /etc/ writable again.

Advertisements

Turning a Raspberry Pi 2 into a packet station

March 31, 2016

I keep thinking it’s a good idea for emergency communications to have a packet station. Since I’m cheap, I didn’t want to get extra hardware – instead I wanted to use what I had. Luckily, Dire Wolf is better than any hardware packet decoder out there. Here’s how I got a working packet station on a Pi 2 running Raspbian Jessie Lite.

  1. Connect the radio to the Pi. In my case, I had a spare Signalink SL1+ hanging around which made things easier. I  bought a Syba CMedia USB sound card to talk from the Pi to the Signalink, and a Kenwood speaker mic cable to talk from the Signalink to the radio. Here’s a useful hint: the diameter of the wires in the speaker mic cable are roughly the same as the diameter of the wires in regular Ethernet cable – meaning that you can (if you’re careful) strip the outer jacket, put the inner wires in the right places of an RJ-45 connector and crimp direct to them with no soldering at all.
  2. Download and build Dire Wolf. Instructions for doing so on a Pi are here. I mounted my home directory on a networked drive to make life easier.
  3. Configure Dire Wolf with your callsign (I used the SSID -15 after my call) and sound card. Be sure to avoid the “# ADEVICE – plughw:1,0” line – it looks a lot like the correct “ADEVICE  plughw:1,0” line, but takes input from stdin instead of the sound card.
  4. Run “direwolf” and tune the radio to 144.390 (APRS). Make sure you’re decoding packets. You might have to go to alsamixer and adjust input/output. Mine ended up being 51 for speaker, 29 and 12 for mic. Also adjust the radio volume so it’s not too high or too low. (Hit F6 to get your sound card, then F5 to see all devices. I’m not sure which mic I was using; I had two – a stereo and a mono one. The mono one was 29, the stereo one was 12.) It’s probably a good idea to turn off the squelch on the radio as well.
  5. sudo apt-get install ax25-tools ax25-apps
  6. Edit /etc/ax25/axports and set one line to:
    vhf   mycall-15 1200 255 2 VHF link (1200 bps)
  7. Make sure all the other lines in axports have # in front of them (it doesn’t like blank lines).
  8. Run “direwolf -p” to get the KISS port. It will show up as something like /dev/pts/2. Once it’s running, move to another terminal window.
  9. Change frequency to the freq that you’re going to use.
  10. sudo /usr/sbin/kissattach /dev/pts/2 vhf (your IP address in AMPR 44.0.0.0)
  11. sudo /usr/sbin/kissparms -p vhf -t 200 -s 20 -r 64 -l 50 -f n
    These parameters took a little tweaking. If the transmit delay (-t) was too big, things timed out. If it was too small, things stepped on each other. I had to adjust transmit tail delay as well (-l). I found this page useful for some values.
  12. sudo route del -net 44.0.0.0 netmask 255.0.0.0
    (because I’d set up a route beforehand and needed to nuke it)
  13. sudo /sbin/route add -net 44.0.0.0 netmask 255.0.0.0 dev ax0
  14. ping -i 10 (someone else’s IP who also has a machine on the AMPR 44.0.0.0 net)
  15. Assuming that works, you might want to apt-get install telnet telnetd talk talkd and try to log into your friend’s machine or have your friend log into yours.
  16. Last but not least: I ran into problems with arp. I increased the arp timeout in /etc/sysctl.d/local.conf:net.ipv4.neigh.default.base_reachable_time_ms=1200000

Turning a Raspberry Pi 3 into an iBeacon

March 29, 2016

Wow, that was easy. Straight out of the box, you can turn your Raspberry Pi 3 into an iBeacon. All you need is Raspbian Jessie – it’s got hcitool installed.

Here’s how to do it. First, decide on your iBeacon UUID and major/minor. For instance, I picked at random:

UUID: c9407f30-f5f8-466e-aff9-25556b57fe6d
Major: 179
Minor: 3

Next, convert the UUID to 16 byte big-endian hex, and convert major/minor to 4 byte big-endian hex:

UUID: C9 40 7F 30 F5 F8 46 6E AF F9 25 55 6B 57 FE 6D
Major: 00 B3
Minor: 00 03

Plug those numbers into the magic command:

sudo hcitool cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 UUID Major Minor C8

For example:

sudo hcitool cmd 0x08 0x0008 1E 02 01 1A 1A FF 4C 00 02 15 C9 40 7F 30 F5 F8 46 6E AF F9 25 55 6B 57 FE 6D 00 B3 00 03 C8

Finally, turn advertising on with:

sudo hcitool cmd 0x08 0x000A 01

or turn it off with

sudo hcitool cmd 0x08 0x000A 00

That was too easy!

Incidentally, the 4C 00 is the magic bit that says it’s an Apple product, 02 means iBeacon, 15 is the (hex) length of the remaining data. The trailing C8 is the two’s complement of the transmit power at 1m, so c8 is -56. More details can be found at:
https://stackoverflow.com/questions/18906988/what-is-the-ibeacon-bluetooth-profile.


Setting up a static IP for a Raspberry Pi over wifi using OpenBSD dhcpd

May 1, 2015

Like the rest of the world, I wanted to have a static IP for a Raspberry Pi that was on a wifi network. Like the rest of the world, I couldn’t figure out how to do it after three attempts. At that point, like the rest of the world I gave up and decided to make my DHCP server do the work instead of the Pi.

Here’s how I did it:

1. On the Pi, edit /etc/wpa_supplicant.conf and add:

network={
    ssid="My_SSID"
    psk="My_wifi_password"
}

2. Reboot and get an IP address through DHCP.

3. Confirm that I can see the world with the DHCP address.

4. ifconfig wlan0 and copy down the hardware Ethernet address for wlan0 (let’s pretend it was 00:11:22:33:44:56).

5. Go to the box running DHCP, and add a stanza inside my shared-network:

       host myserver {
               hardware ethernet 00:11:22:33:44:56;
               fixed-address 192.168.1.17;
               option host-name "myserver";
       }

6. Kill and restart the DHCP daemon.

7. Reboot the pi and confirm it’s getting the right static IP address now.


Setting up Direwolf/Xastir on a Raspberry Pi

March 22, 2015

A long time ago I set up Soundmodem for Ubuntu. Recently, I tried setting up an igate using WB2OSZ’s Direwolf instead. Things are much nicer these days.

The Direwolf site includes a very nice guide to setting up a Raspberry Pi as an igate, so I won’t go over it here. Instead, this is just to record the steps I took to set up my Raspberry Pi v2 as an igate server.

1. Set up the Raspberry Pi to run Raspbian
2. Follow along with the setup guide:

sudo apt-get remove --purge pulseaudio # I didn't need to do this since it wasn't installed, but better safe than sorry
sudo apt-get install libasound2-dev xastir # Note that I'm installing xastir at the same time - this is different from the direwolf guide
cd ~
git clone https://www.github.com/wb2osz/direwolf
cd direwolf
git checkout 1.2
make
sudo make install
make install-rpi
make install-conf

Next, make sure the sound card is plugged into USB (I used the bottom slot). When I plugged it in, the system rebooted, so it’s probably smart to shut down before plugging the sound card in. For a sound card, I used the Syba SD-CM-UAUD USB Stereo Audio Adapter, C-Media Chipset from Amazon.

From there, run
aplay -l
to see:
card 1: Device [C-Media USB Audio Device], device 0: USB Audio [USB Audio]

Now I know the device is card 1 device 0. We’re almost ready to edit direwolf.conf. First, though – something that wasn’t documented on the Direwolf site. Igates need a secret code so they can log into the tier 2 servers. It’s based on your callsign, and there’s a utility called callpass in Xastir that will compute it for you.

callpass {my-real-call}

This gives you a 5 or 6 digit integer that you should remember. I’ll call it {my-code}.

Now edit direwolf.conf:

  1. uncomment ADEVICE plughw:1,0 – if you got a different number from aplay above, you might have to modify it.
  2. change MYCALL NOCALL to MYCALL {my-real-call}-10. I used -10 because that’s the APRS SSID for igates. (APRS SSIDs are documented here.) In the direwolf.conf that I got, the NOCALL had a ^J after it; I had to take that out
  3. uncomment IGSERVER noam.aprs2.net (maybe use a different server if you’re not in North America)
  4. uncomment IGLOGIN and change it to IGLOGIN {my-real-call} {my code}
  5. direwolf

Yay, you’re igating. But what’s around? Set up Xastir for that:

  1. xastir
  2. In the first menu that comes up, set your callsign to {my-real-call}-10 and (if desired) set your lat/long/position ambiguity
  3. Interface -> Interface Control, Add, Networked AGWPE, Add. Leave Pass-code blank, save and Start. Now you’re getting APRS from over the air displayed on your Xastir maps.
  4. Not enough for you? Interface -> Interface Control, Add, Internet Server, Add. Set Pass-code to {my-code}, save and Start. Now you’re getting APRS from the network as well.
  5. Want to see it on maps? I wasn’t able to get all the maps going, but things worked when I picked Maps -> Map Chooser and selected only Online/osm_tiled_mapnik.geo and worldhi.map.

Setting up Raspbian on a Pi

February 26, 2015

These instructions are for Wheezy. You can find updated instructions for Jessie here.

I’ve been working on setting up a Raspberry Pi to do APRS using Dire Wolf and Xastir. That actually works fairly well, and I’ll write something about it later – this post is because I was using a flaky SD card, which decided to croak at an inopportune moment. Consequently, I had to reinstall Raspian again.

Since it’s easier to write it down than to remember, here’s what I did:

Burn the image

  1. Get the Raspbian image from the Raspberry Pi downloads page.
  2. Unzip it on a Linux box (mine saw the SD card as /dev/sdb, use your SD card device and don’t wipe your hard drive)
  3. Pop the card out of the Linux box and into the Pi

The command to write that I used:

sudo dd if=2015-01-31-raspbian.img of=/dev/sdb bs=4M

Configure the Pi

When the Pi boots into raspi-config, do the following:

  1. Expand Filesystem
  2. Change User Password
  3. Internationalisation Options / Change Locale, pick en_US UTF-8
  4. Internationalisation Options / Change timezones, pick yours
  5. Internationalisation Options / Change Keyboard Layout, pick US PC 104, accept defaults

Set up the network

I have my Pi configured with a static IP. The first time I boot I attach a network cable.

  1. Edit /etc/network/interfaces so the wired interface is static
  2. My /etc/resolv.conf was configured automatically by dhcp and was right
  3. Now would be a good time to edit /etc/hostname as well

The iface eth0 stanza in my interfaces file looks like:

iface eth0 inet static
address 192.168.17.15
netmask 255.255.255.0
gateway 192.168.17.1

Update the OS

This takes a while, but you can continue on while this is happening.

sudo aptitude update
sudo aptitude dist-upgrade

Add my user

I don’t like to use the default user, so I add my own.

  1. sudo adduser myuser
  2. edit /etc/group to add my user to all the pi groups (including sudo)
  3. log out, log in – make sure I can sudo with the new user
  4. prevent login as pi

To prevent the pi login, I do:

sudo vipw -s

and replace the password for pi with *.

Update everything else

Once the dist-upgrade has completed and it’s time to reboot:

sudo /sbin/shutdown -r now

Now you can log in again and upgrade the firmware:

sudo rpi-update
sudo /sbin/shutdown -r now

Get things I know I’ll need

I like to have an emacs clone:

sudo aptitude install zile
zile ~/.bash_aliases
alias emacs='zile'

I also like tightvncserver:

sudo aptitude install tightvncserver
tightvncserver
(set password)

Finally, make emacs the default editor by appending this to ~/.bashrc:

export EDITOR=/usr/bin/zile

That’s about it.


Trying to resurrect a dead Linksys WRT54GS router

September 1, 2014

I recently went through heroic efforts to bring a dead Linksys WRT54GS router back to life. These routers are great for Broadband Hamnet so I really wanted to get it working, but no dice.

But I don’t want to forget what I did, so I’m documenting it here.

Fix the hardware

The first problem was that the router made a strange buzzing sound. I opened the router and discovered that LX2 in particular, but also LX1 (two chokes at the power supply input) were actually vibrating when I put my finger on them. In addition, the capacitors near it were hot to the touch.

This was described in this post as an electrolytic capacitor problem. Sure enough, when I replaced CX2 with a new 220 uF 25 V electrolytic capacitor, the device settled down. At this point, the power LED was flashing (a bad sign) but at least it was now flashing at a regular speed. While I was soldering, I took the time to add a 12-pin header to the router’s JTAG port.

Reflash the Firmware

Following the unbrick article here, I wasn’t able to ping the router. No matter what, I’d get “destination host unreachable” – even though my IP was the same as the router, ostensibly. So I figured flashing was required.

I started out by trying to get a SEGGER J-Link talking to the JTAG port. I used the pinouts for the WRT54G described here for the WRT54GS, and the pinouts for the J-Link described here. Note that RESET on the J-Link is nSRST on the WRT54GS.

After I’d done that, I wasn’t able to get the J-Link talking. It looks as if the J-Link software wants to talk only to devices it knows about – or at least, that’s all I could figure out about it. Trying to set it to MIPS mode to impersonate EJTAG didn’t yield any success either.

So it was time for a different option. I didn’t have a parallel port handy, but I did have a Raspberry Pi. And a wonderful individual has taken the time to port tjtag to the Raspberry Pi. I cloned the Git repo to my Pi and built it. I had to use:

git clone git://github.com/oxplot/tjtag-pi.git

to grab the Git repo, since https wants an auth key and I don’t have one. After that I followed the Setup instructions and got tjtag built.

I connected things up as described in the wiring diagram, and had success! I was able to probe the router. (I had to run sudo ./tjtag -probeonly instead of just ./tjtag.)

Then I went off to the tjtag instructions here. The first few times I did:

sudo ./tjtag -backup:cfe

I got different results. It appears that tjtag on the Pi spends so much time sending output to the console that it messes up its timing. So I redirected the output to /dev/null, and after that I got consistent backups.

Once I had an nvram backup, I tried erasing the nvram:

sudo ./tjtag -erase:nvram

This worked, but didn’t solve my problem. So I thought I might have had a corrupted CFE. I located the CFE for my router here and modified it to have my IP addresses using imgtool_nvram. I used the following command:

imgtool_nvram.exe wrt54gs1.0-CFE.
BIN et0macaddr=00:11:22:33:44:55 il0macaddr=00:11:22:33:44:56

(substituting my real MAC address and one higher than it.) Then I dumped that back on the Pi as CFE.BIN, and did:

sudo ./tjtag -flash:cfe > /tmp/out

That worked, but still no joy in Mudville after I did the flash. No matter what, when I pinged I got destination unreachable. I wondered if it was Windows messing with me, so I booted to Kali to see what happened there. Still no dice.

Finally, I thought it might be a bad kernel, so I nuked it:

sudo ./tjtag -erase:kernel

Even with that, the router’s still not responding. Other than re-reflashing the CFE on the assumption that the bad kernel corrupted it, I’m out of ideas.

Drat, I thought I had it when I saw the instructions about setting the address with arp. (arp -s 192.168.1.1 aa-bb-cc-dd-ee-ff if you’re on Windows.) But even when I did that (using the MAC address that I flashed), I still had nothing. I even stuffed Wireshark on the end to listen for any packets. He’s dead, Jim.