Archiv der Kategorie: Arduino

the theoretical Uefi / Bios backdoor removal How2

Bei ASUS Mainboards / Motherboards wurde das komplette EFI spi flash immer erfolgreich neu überschrieben. Bei Apple’s MacbookPro oder anderen Latop’s ist es 1 . die zu beschreibende BINARY images Dateien zu erhalten bzw. an einen quelle download zu haben die etwas schwierigere Hürde bei diesem und das anstecken der Kontakt stellen pins/ füsschen des chips das eigentliche Problem da diese chips um einiges kleiner und zeitweise nicht so gut errreichbar bzw. verbaut sin als die in den PC’s spi flash Chips sind.

install flashrom and its dependencies to build

1. get flashrom build depends
apt install -y libusb-dev zlib1g-dev git-core build-essential cmake libtool autoconf automake libpci-dev libpci3 pciutils libftdi-dev


2. get flashrom itself best isto get  latest from git tag
git clone https://review.coreboot.org/cgit/flashrom.git
cd flashrom
make
make install
#ready to use check command 
flashrom -h

Connecting programmer with your 8soic clip nd the chip FLASH

3. get your flashrom connector if you aint got an ftdi or flasher( i always wanted to have an catflash but i hadnt so much money for that and now they aitn more actual bus pirate is an good allternate)  you can build one from arduino they aint so fast but its enough to get  a new uefi flash

4. get an 8soic or 8dio clip at digi-key.com

5. connect 8soic clip with the flasher and with the chi to get flashed together

Description Bus Pirate Dir. Flash chip Dir. Bus Pirate Description
(not) Chip Select CS 1 /CS VCC 8 +3.3v Supply
Master In, Slave Out MISO 2 DO (IO1) /HOLD (IO3) 7 +3.3v (not) hold (see datasheets)
(not) Write Protect +3.3v 3 /WP (IO2) CLK 6 CLK The SPI clock
Ground GND 4 GND DI (IO0) 5 MOSI Master Out, Slave In

Usage of flashrom with your programmer

6. start dumping and flashing
flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=1M -V

with -V you get info about chip connected
if all goes good and chip ist recognized you can start to dump flashrom with
-r BIOS.DUMP
this will read the chip and save the content as BIOS.DUMP filenname. before you wirte the cip you should read it 2 – 3 times and diff it if they are equal to know if an read errror has been made if alla are same you can start writing to flash chip with
-w BIOSFILE2WRITE2CHIP.BIN
you can add
-o logfilename.log
for saving the logoutput to an give filename 

  • beim start des os wird irgen ein proces bzw service willkürlich asugewählt dieser wird dann injektioert und hat einen listetinger lauschport offen

Related posts

gl-ar300m nand aka pineapple +oled(ssd1306)+rtl8187-ic2-gpio-custom full ubi storage access

haha

shit video of botloog without any notice of misfunctionor else without modding bootlog :)

DOWNLOAD:
gl-ar300m-NAND-oled-pineapple-20171017_235036.tar.7z

mirror1 mirror2  

endlich habe ich schon wieder einmal die pineapple firmware portiert. der mega geile gl-ar300m war einfach perfekt dafür.
zu beginn habe ich für den nor speiche die firmware mit openwrt  buildroot-cc gebaut. ging ohne probleme.

debian 8.9 (x64) VMWAREIAMGE OSBOXES:
su
apt-get update
apt-get install subversion build-essential git-core libncurses5-dev zlib1g-dev gawk flex quilt libssl-dev xsltproc libxml-parser-perl mercurial bzr ecj cvs unzip git wget sudo 
git clone https://github.com/domino-team/openwrt-cc.git
git clone https://github.com/devttys0/binwalk.git
cd binwalk
./debs.sh
sudo python3 setup.py install
 wget -O upgrade-1.1.3.bin https://www.wifipineapple.com/downloads/nano/1.1.3

raimond@osboxes:~/Downloads$ binwalk -te upgrade-1.1.3.bin

DECIMAL HEXADECIMAL DESCRIPTION
——————————————————————————–
512 0x200 LZMA compressed data, properties: 0x6D,
dictionary size: 8388608 bytes, uncompressed
size: 3420708 bytes
1134468 0x114F84 Squashfs filesystem, little endian, version 4.0,
compression:xz, size: 13089146 bytes, 2102
inodes, blocksize: 262144 bytes, created:
2016-10-28 05:42:31
cd _upgrade-1.1.3.bin.extracted/
cp -R squashfs-root ../../openwrt-cc/files
# sqzashfs-root kopieren und ins buildroot verzeichnis als files #kopieren dei anderen dateien sind kernel welche wir ja sleber baue #und deshaltb ned benötigen da wir ja ein anadere hardware haben #als das original
cd /home/raimond/openwrt-cc/
rm -rf files/lib/modules/3.18.36
rm -f files/sbin/modprobe
## onion omeaga feed for oled easy handle like on onion board #COMMING SOON pienapple on onion omega (looking forward to #get the new onion2 omeaga) coming soon
echo “ src-git onion https://github.com/OnionIoT/OpenWRT-Packages.git“ >> feeds.conf.default
./scripts/feeds upate -a
./scripts/feeds install -a
##############################
##from any orginal image cp from it 2 files
#/etc/fw_env.config
#/etc/config/ubootenv
# uboot env should have !!!!!!!!!!!!!!!!!
#boot_dev=on
#u can lookup with fw_printenv

#if not already set , setit with :
fw_setenv boot_dev on
############################
#
#
echo „/dev/mtd1 0x0 0x10000 0x10000“ > files/etc/fw_env.config
#####
cat << EOF >> files/etc/config/ubootenv
config ubootenv
option dev ‚/dev/mtd1‘
option offset ‚0x0‘
option envsize ‚0x10000‘
option secsize ‚0x10000‘
EOF
################
# so und mit diesen 2 dateien habe ich dann acuh keinen kernel #panic mehr welche ich beim #den ersten versuchen auf dem nand #speicher hatte
#i2c oled ssd1306 einfach an den i2c pins hängen und mit dem #zusatz der leztzen zeile in der rc.local im buildroot wird dann nach #dem ersten neustart nach dem flashen der gesmte inhalt der jetzt #noch vorhanden rc.local gelöscht was in der letzten zeile eben #geschciht davor werden eingige config gesetzt ich habe natürlich #noch den cli für i2c kernel modul zu loaden dazugeschrieben der #geht halt erst nach dem man das board neugestartethat erst was #sowieso von slebst neubootet nach erfolgereichen flashen.
#voila
#pineapplpe fw mit 128 m speicher :))
#display mit oled-exp help nachscahuen easy 2 use
#ist natürclich auch scohn in der firmware fdrinnen habe auch alle #module uinstalliert alle gehen üproblemlos ohne jegliche #prolemem
#habe auch die dhp network confgi s angebpasst damit die 2 ethnet #anschlüsse funkkionieren und den usb0 der bei der nano fw ist #habe ich vorerwrtmal drinnen stehen gelassen
cd ~/openwrt-cc
./scripts/feeds update -a
 ./scripts/feeds install -a
make menuconfig
make

for nand flash benütze die img datei welche nach erfolgreichen build im bin/ar71xx  zu finden ist

einfach mit binwalk die upgrade firmware geloaded  von wifipineapple nano 1.3  version

binwlak (pythonicht auf den nor speicher welcher ganz ohne probleme zu  bauen ging sonden auf den 128 mb großen nand speicher.

Related posts

ROBOT-ARM-5DOF

ROBOT-ARM-5DOF


http://github.com/bugsysunday/arm-robot-5dof

gui for robot-arm5dof only control window to see

 

Related posts

My ptz nano

#include <SoftwareSerial.h>
#define Pin13LED         8    //green
#include <printf.h>
#include <Servo.h>
SoftwareSerial portOne(1, 0); // RX, TX
Servo servo1;
Servo servo2;
int tx_led = 7;   //yellow
int sensorValue1 =0;
int sensorValue2 =0;
int sensorPin1=0;
int sensorPin2=1;
int maxPotValue = 1023;
int currentpos=1500;
int buttonPin =2;
byte byteReceived;
int byteNumber = 0;
int byteSend;
int minPulse1     =   600;   // minimum servo position
int maxPulse1     =   2400; // maximum servo position
int turnRate1  ;  // servo turn rate increment (larger value, faster rate)
int minPulse2     =   600;  // minimum servo position
int maxPulse2     =   2400; // maximum servo position
int turnRate2 ;  // servo turn rate increment (larger value, faster rate)
/** The Arduino will calculate these values for you **/
int centerServo1;
int newposX, oldposX;
int centerServo2;
int newposY, oldposY;
int pulseWidth1,currentposX;          // servo pulse width
int pulseWidth2,currentposY;          // servo pulse width
bool updatedebug= false;
const byte tiltDown = 0x10;
const byte tiltUp = 0x08;
const byte panLeft = 0x04;
const byte panRight = 0x02;

void setup(void)
  {
  pinMode(tx_led,OUTPUT);  
  Serial.begin(57600);
  printf_begin();
  //Xee= EEPROM.read(0);
  //mycam1.attach(mycam1_p);  // attaches the servo on pin 9 to the servo object X
  //mycam1.write(Xee);        //rafu runter X
  //Yee = EEPROM.read(1);      // lese x y von eeprom  
  servo1.attach(5);
  servo2.attach(6);
  centerServo1 = maxPulse1 - ((maxPulse1 - minPulse1) / 2);
  centerServo2 = maxPulse2 - ((maxPulse2 - minPulse2) / 2);
  pulseWidth1 =  centerServo1;
  pulseWidth2 =  centerServo2;
  turnRate1 = (maxPulse1- minPulse1)/720 ;
  turnRate2 = (maxPulse2- minPulse2)/720 ;  
  Serial.println("Arduino Serial Servo Control with Pelco D");
  Serial.println();
  }

void loop(void)
      {
      sensorValue1 = analogRead(sensorPin1);
      sensorValue2 = analogRead(sensorPin2);
      Serial.print("sensor1:");
      Serial.println(sensorValue1);
      Serial.print("sensor2:");
      Serial.println(sensorValue2);
      if(sensorValue1 >= 536 && sensorValue2 <= 488){
        rightup();}
      if(sensorValue1 >=536 && sensorValue2 >=536){
        rightdown();}
      if(sensorValue1 <=488 && sensorValue2 <=488){
        leftup();}
      if(sensorValue1 <=488 && sensorValue2 >=536){
        leftdown();}
      if(sensorValue1 >=536){
      panright();}
      if(sensorValue1 <= 488){
      panleft();}
      if(sensorValue2 >= 536){
      tiltup();}
      if(sensorValue2 <= 488){
        tiltdown();}
    }

      
void leftup(){
      oldposX=pulseWidth1;
      oldposY=pulseWidth2;
      newposX=pulseWidth1+turnRate1;
      newposY=pulseWidth2+turnRate2;
      if (newposX > maxPulse1){newposX = maxPulse1;}
      if (newposY < minPulse2){newposY = minPulse2;}
      while (pulseWidth1<newposX || pulseWidth2>newposY){
        if(pulseWidth1<newposX){pulseWidth1++;servo1.writeMicroseconds(pulseWidth1);}    
        if(pulseWidth2>newposY){pulseWidth2--;servo2.writeMicroseconds(pulseWidth2);}
    updatedebug = true;
    }
      delay(10);
    }
        
void rightup(){
    oldposX=pulseWidth1;
    newposX=pulseWidth1-turnRate1;
    oldposY=pulseWidth2;
    newposY=pulseWidth2-turnRate2;
    if (newposX < minPulse1){newposX = minPulse1;}
    if (newposY < minPulse2){newposY = minPulse2;}
    while(pulseWidth1>newposX ||pulseWidth2>newposY ){
      if(pulseWidth1>newposX){pulseWidth1--;servo1.writeMicroseconds(pulseWidth1);}
      if(pulseWidth2>newposY){pulseWidth2--;servo2.writeMicroseconds(pulseWidth2);}
    updatedebug = true;
    }
    delay(10);
  }
  
void leftdown(){
      oldposX=pulseWidth1;
      oldposY=pulseWidth2;
      newposX=pulseWidth1+turnRate1;
      newposY=pulseWidth2+turnRate2;
      if (newposX > maxPulse1){newposX = maxPulse1;}
      if (newposY < minPulse2){newposY = minPulse2;}
      while(pulseWidth1<newposX ||pulseWidth2<newposY){
        if(pulseWidth1<newposX){pulseWidth1++;servo1.writeMicroseconds(pulseWidth1);}
        if(pulseWidth2<newposY){pulseWidth2++;servo2.writeMicroseconds(pulseWidth2);}
      updatedebug =true;}
      delay(10);
    }
void rightdown(){
      oldposX=pulseWidth1;
      oldposY=pulseWidth2;
      newposX=pulseWidth1-turnRate1;
      newposY=pulseWidth2+turnRate2;
      if (newposX < minPulse1){newposX = minPulse1;}
      if (newposY < minPulse2){newposY = minPulse2;}
      while( pulseWidth1>newposX|| pulseWidth2<newposY){
        if(pulseWidth1>newposX){pulseWidth1--;servo1.writeMicroseconds(pulseWidth1);}
        if(pulseWidth2<newposY){pulseWidth2++;servo2.writeMicroseconds(pulseWidth2);}
        updatedebug = true;
      }
    delay(10);
  }


void panleft(){
    oldposX=pulseWidth1;
    newposX=pulseWidth1+turnRate1;
    if(newposX > maxPulse1){newposX = maxPulse1;}
      while(pulseWidth1<newposX){pulseWidth1++;servo1.writeMicroseconds(pulseWidth1);
      updatedebug = true;}
    delay(10);
  }
  
void panright(){
    oldposX=pulseWidth1;
    newposX=pulseWidth1-turnRate1;
    if (newposX < minPulse1) 
      {      
        newposX = minPulse1;
      }
    while(pulseWidth1>newposX)
      {
        pulseWidth1--;
        servo1.writeMicroseconds(pulseWidth1);
        updatedebug = true;
      }
    delay(10);
}
void tiltup(){
    oldposY=pulseWidth2;
    newposY=pulseWidth2-turnRate2;
    if (newposY < minPulse2) 
      {      
        newposY = minPulse2;
      }
    while(pulseWidth2>newposY)
      {
        pulseWidth2--;
        servo2.writeMicroseconds(pulseWidth2);
        updatedebug = true;
       }
    delay(10);
}
void tiltdown(){
    oldposY=pulseWidth2;
    newposY=pulseWidth2+turnRate2;
    if (newposY < minPulse2) 
      {      
        newposY = minPulse2;
      }
    while(pulseWidth2<newposY)
      {
        pulseWidth2++;
        servo2.writeMicroseconds(pulseWidth2);
        updatedebug = true;
      }
    delay(10);
}

void halt() {
  //sync  cam#  Command1  Command2  Data1  Data2 CheckSum
  byte  rec[7] = {0xFF, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01};  //This is the most basic instruction. Camera 1, four zeros and a check sum of one
  for (int i = 0; i < 7; i++) {
    Serial.print(rec[i], DEC);
  }
}


Related posts

Zumo 32U4 robot

my zumo in action

code available at  https://github.com/bugsysunday/zumo4sun

but it isnt really finish it still need some modification 

i just modifed the example from zumo library heading  to  an oppunent .

zumo 4 free space  alias zumo4sun

from https://www.pololu.com

 

 

Related posts