Clarence's Wicked Mind

Tuesday, April 24, 2018

SSL connections with RTL8710

If you tried to compile any SSL example (e.g. WiFiSSLClient) that comes with Ameba Arduino, you will probably get an error saying "RTL8710 do not support SSL".

Some people say it is because RTL8710 is not powerful enough (!?) to handle SSL. But in fact, you edit the gcc linker blacklist file to get around it. On Linux, the file is probably at

~/.arduino15/packages/realtek/hardware/ameba/2.0.4/variants/rtl8710/linker_scripts/gcc/symbol_black_list.txt

The original file contains:

rom_ssl_ram_map RTL8710 do not support SSL
analogReadResolution RTL8710 do not support ADC
analogRead RTL8710 do not support ADC

You can see that the RAM table referenced by SSL ROM is being blacklisted. Make a backup of the file and delete the first line.

Tried to compile WiFiSSLClient and it work probably on my RTL8710.

Sunday, April 22, 2018

Sony SRS-XB30 and WH-H800 supported codecs

For reference, here is the negotiation traffic captured when connecting to a Sony SRS-XB30 bluetooth speaker.

localhost:~> sudo hcidump avdtp
HCI sniffer - Bluetooth packet analyzer ver 5.49
device: hci0 snap_len: 1500 filter: 0x400
< AVDTP(s): Discover cmd: transaction 14 nsp 0x00
> AVDTP(s): Discover rsp: transaction 14 nsp 0x00
    ACP SEID 1 - Audio Sink
    ACP SEID 2 - Audio Sink
    ACP SEID 3 - Audio Sink
< AVDTP(s): All Capabilities cmd: transaction 15 nsp 0x00
    ACP SEID 1
> AVDTP(s): All Capabilities rsp: transaction 15 nsp 0x00
    Media Transport
    Media Codec - SBC
      16kHz 32kHz 44.1kHz 48kHz 
      Mono DualChannel Stereo JointStereo 
      4 8 12 16 Blocks
      4 8 Subbands
      SNR Loudness 
      Bitpool Range 2-53
    Content Protection
      02 00 
    Delay Reporting
< AVDTP(s): All Capabilities cmd: transaction 0 nsp 0x00
    ACP SEID 2
> AVDTP(s): All Capabilities rsp: transaction 0 nsp 0x00
    Media Transport
    Media Codec - MPEG-2,4 AAC
      MPEG-2 AAC LC 
      44.1kHz 48kHz 
      1 2 Channels
      0bps VBR
    Content Protection
      02 00 
    Delay Reporting
< AVDTP(s): All Capabilities cmd: transaction 1 nsp 0x00
    ACP SEID 3
> AVDTP(s): All Capabilities rsp: transaction 1 nsp 0x00
    Media Transport
    Media Codec - non-A2DP (LDAC)
      3C 07 
    Content Protection
      02 00 
    Delay Reporting
< AVDTP(s): Set config cmd: transaction 2 nsp 0x00
    ACP SEID 1 - INT SEID 1
    Media Transport
    Media Codec - SBC
      44.1kHz 
      JointStereo 
      16 Blocks
      8 Subbands
      Loudness 
      Bitpool Range 2-53
> AVDTP(s): Set config rsp: transaction 2 nsp 0x00
> AVDTP(s): Delay Report cmd: transaction 0 nsp 0x00
    ACP SEID 1 delay 240.0ms
< AVDTP(s): Open cmd: transaction 3 nsp 0x00
    ACP SEID 1
< AVDTP(s): Delay Report rsp: transaction 0 nsp 0x00
> AVDTP(s): Open rsp: transaction 3 nsp 0x00

By comparison, here is info when connecting a Sony WH-H800 Wireless Headphones:

localhost:~> sudo hcidump avdtp
HCI sniffer - Bluetooth packet analyzer ver 5.49
device: hci0 snap_len: 1500 filter: 0x400
< AVDTP(s): Discover cmd: transaction 8 nsp 0x00
> AVDTP(s): Discover rsp: transaction 8 nsp 0x00
    ACP SEID 1 - Audio Sink
    ACP SEID 5 - Audio Sink
    ACP SEID 6 - Audio Sink
    ACP SEID 3 - Audio Sink
    ACP SEID 2 - Audio Sink
< AVDTP(s): All Capabilities cmd: transaction 9 nsp 0x00
    ACP SEID 1
> AVDTP(s): All Capabilities rsp: transaction 9 nsp 0x00
    Media Transport
    Media Codec - SBC
      44.1kHz 48kHz 
      Mono DualChannel Stereo JointStereo 
      4 8 12 16 Blocks
      4 8 Subbands
      SNR Loudness 
      Bitpool Range 2-53
    Content Protection
      02 00 
    Delay Reporting
< AVDTP(s): All Capabilities cmd: transaction 10 nsp 0x00
    ACP SEID 5
> AVDTP(s): All Capabilities rsp: transaction 10 nsp 0x00
    Media Transport
    Media Codec - non-A2DP (LDAC)
      3C 07 
    Content Protection
      02 00 
    Delay Reporting
< AVDTP(s): All Capabilities cmd: transaction 11 nsp 0x00
    ACP SEID 6
> AVDTP(s): All Capabilities rsp: transaction 11 nsp 0x00
    Media Transport
    Media Codec - non-A2DP (Unknown)
      32 00 00 00 00 
    Content Protection
      02 00 
    Delay Reporting
< AVDTP(s): All Capabilities cmd: transaction 12 nsp 0x00
    ACP SEID 3
> AVDTP(s): All Capabilities rsp: transaction 12 nsp 0x00
    Media Transport
    Media Codec - non-A2DP (aptX)
      44.1kHz 48kHz 
      Stereo 
    Content Protection
      02 00 
    Delay Reporting
< AVDTP(s): All Capabilities cmd: transaction 13 nsp 0x00
    ACP SEID 2
> AVDTP(s): All Capabilities rsp: transaction 13 nsp 0x00
    Media Transport
    Media Codec - MPEG-2,4 AAC
      MPEG-2 AAC LC MPEG-4 AAC LC 
      44.1kHz 48kHz 
      1 2 Channels
      320000bps VBR
    Content Protection
      02 00 
    Delay Reporting
< AVDTP(s): Set config cmd: transaction 14 nsp 0x00
    ACP SEID 1 - INT SEID 1
    Media Transport
    Media Codec - SBC
      44.1kHz 
      JointStereo 
      16 Blocks
      8 Subbands
      Loudness 
      Bitpool Range 2-53
> AVDTP(s): Set config rsp: transaction 14 nsp 0x00
< AVDTP(s): Open cmd: transaction 15 nsp 0x00
    ACP SEID 1
> AVDTP(s): Open rsp: transaction 15 nsp 0x00

Monday, April 16, 2018

glibc broken on openSUSE Tumbleweed aarch64 201803

The glibc on Tumbleweed was broken since the March 2018 release. Any call to resolve IPv4 will cause core dump. Seems to be hitting an ARM erratum. Details discussion can be found here.

The glibc RPMs released on 2018-04-10 seems resolved the issue. Since DNS won't work on the affected machine, will need to manually specify IP addresses in the hosts file or copy the files to the machine and run zypper to install updates.

Here are the steps for the second approach:

- Download the RPMs from repository to another machine

glibc-2.27-4.2.aarch64.rpm

glibc-devel-2.27-4.2.aarch64.rpm

glibc-extra-2.27-4.2.aarch64.rpm

glibc-locale-2.27-4.2.aarch64.rpm

- Copy the files to the affected machine via scp. Then remote to the affected machine and execute the followings.

- Temporarily disable remote repositories to avoid auto refresh that will cause core dump when running zypper install.

sudo zypper lr  # list repositories

sudo zypper mr -d 1  # disable the first repository

sudo zypper mr -d 2  # disable the rest

......

- Install the RPMs

sudo zypper in glibc-2.27-4.2.aarch64.rpm glibc-devel-2.27-4.2.aarch64.rpm glibc-extra-2.27-4.2.aarch64.rpm glibc-locale-2.27-4.2.aarch64.rpm

- Re-enable remote repositories

sudo zypper mr -e 1  # disable the first repository

sudo zypper mr -e 2  # disable the rest

......

- Reboot and check. Run "sudo zypper dup" to update other packages

Wednesday, March 28, 2018

Generate noise

Found this interesting post on generating noise using Linux command line. Great way to burn-in headphone?

play -n synth brownnoise synth pinknoise mix synth sine amod 0.3 10

Monday, February 12, 2018

Running Monero miner with Mesa clover

Try to run Monero miner with OpenCL on my old Linux rig. The xmr-stak supports the official AMD APP SDK. But since I only have access to the relatively old hardware (AMD Kabini) running Mesa clover, a quick patch is needed to make it works.

Code changes available on github. Basically the changes are:

(1) add detection for Mesa platform vendor
(2) modify the OpenCL kernel. Mesa clover supports OpenCL 1.1 only. Also, although cl_amd_media_ops and cl_amd_media_ops2 are defined, some functions are missing and need definitions.

Just for reference, on my AMD Kabini 5350, the hash rate on GPU is around 18H/s when running GPU only. Once added CPU mining, the GPU hash rate drops to about 12H/s. And the CPU hash rate is round 28H/s.

This rig definitely not suitable if mining for profit. But OK to support the Monero network.

Config for GPU:

gpu_threads_conf" : [
  // gpu: AMD KABINI (DRM 2.50.0 / 4.14.15-2-default, LLVM 5.0.1) memory:1302
  // compute units: 2
  { "index" : 0,
    "intensity" : 128, "worksize" : 8,
    "affine_to_cpu" : true, "strided_index" : true
  },

],

Also note that the radeon module may complain about lockup when executing long running OpenCL kernels. Add "radeon.lockup_timeout=0" Linux kernel parameter to disable the watchdog.

Monday, January 29, 2018

User LEDs on Beaglebone Black running FreeBSD

According to the DTS, the GPIO pins for the four user LEDS are pin 21-24 under gpioc1.

So, to turn them on:

sudo gpioctl -f /dev/gpioc1 21 1
sudo gpioctl -f /dev/gpioc1 22 1
sudo gpioctl -f /dev/gpioc1 23 1
sudo gpioctl -f /dev/gpioc1 24 1

Or, access them via the led driver under /dev/led

% ls -lA /dev/led
total 0
crw-------  1 root  wheel  0x33 Feb  3 15:58 beaglebone:green:heartbeat
crw-------  1 root  wheel  0x34 Feb  3 15:58 beaglebone:green:mmc0
crw-------  1 root  wheel  0x35 Feb  3 23:44 beaglebone:green:usr2
crw-------  1 root  wheel  0x36 Feb  3 15:58 beaglebone:green:usr3

Thursday, January 18, 2018

Running openSUSE Tumbleweed on Odroid C2

Testing out arm64 with openSUSE Tumbleweed on Odroid C2. The installation is pretty simple. Follow the steps to prepare the micro-sd card. The latest image can be found here.

The device tree of openSUSE seems a bit different from other distributions. e.g.:

- temperature: /sys/devices/platform/scpi/scpi:sensors/hwmon/hwmon0
- blue LED: /sys/devices/platform/leds/leds/c2:blue:alive

Sunday, October 8, 2017

Enable FIDO U2F on Linux

By default, only root can access the FIDO U2F device on Linux. To change this:

Insert the U2F device. Note the device number and execute the following command to print out the info. e.g.

sudo udevadm info -a /dev/usb/hiddev1

Take note of the attributes. e.g. for my HyperFIDO device:

......

ATTRS{idProduct}=="0880"

ATTRS{idVendor}=="096e"

ATTRS{ltm_capable}=="no"

ATTRS{manufacturer}=="HS"

ATTRS{maxchild}=="0"

ATTRS{product}=="HyperFIDO Token"

......

Create a new rule file under /etc/udev/rules.d and grant permission to all users. e.g. create a file named "10-fido-key.rules" and add the followings:

SUBSYSTEMS=="usb", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0880", TAG+="uaccess"

Re-insert the U2F device.

Sunday, October 1, 2017

Let's Encrypt with Google Cloud Platform

Assuming you already have an application deployed to Google App Engine with a custom domain. Now you want to add https with certificates generated from Let's Encrypt. Here are the steps on how to do it.

(1) Setup your Let's Encrypt client:
git clone https://github.com/letsencrypt/letsencrypt

(2) Generate the certificate. For example, to get a certificate for www.acme.com:
sudo ./letsencrypt-auto certonly --manual -d www.acme.com

Answer a few questions and the script will pause. You will then need to upload a validation file to www.acme.com to confirm that you indeed own the domain.

Create a file containing just this data:
_Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw.XOAQHxnBJFCW1KHWhsYsaRmc_BaKnwNpuNYbS8o2gdY
And make it available on your web server at this URL:
http://www.acme.com/.well-known/acme-challenge/_Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw
-------------------------------------------------------------------------------
Press Enter to Continue

(3) Create and upload the file to App Engine. Create the folder .well-know/acme-challenge in your application tree. Then create the specified file and content. In this example, the file name is
_Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw

and the content is _Pwd8uL9_Joz0O2HNlbyb5nBnrcqvmGj02gX2PfJYhw.XOAQHxnBJFCW1KHWhsYsaRmc_BaKnwNpuNYbS8o2gdY

In your app.yaml file, include the /.well-know folder as static content:

handler:
......
- url: /.well-known
static_dir: .well-known
......

Then deploy your app:
gcloud app deploy app.yaml

(4) (Optional) Test the URL with your browser that the validation file is deployed successfully.

(5) Go back to the console where the Let's Encrypt client is paused. Press Enter to continue the execution. If everything worked out, the certificate and private key will be generated.

(6) Deploy the certificate to GCP. In your browser, go to the GCP console > App Engine > Settings. Select "SSL certificates". Click "Upload a new certificate".

Dump the content of the certificate and paste it in the text area:
sudo cat /etc/letsencrypt/live/www.acme.com/fullchain.pem

For the private key, you will need to convert the format to RSA before pasting:
sudo openssl rsa -in /etc/letsencrypt/live/www.acme.com/privkey.pem

Finally, check the box to enable this certificate with your custom domain.

Wednesday, September 6, 2017

OpenSUSE Tumbleweed on AMD APU Kabini

In order to have Tumbleweed GUI working on Kabini, one needs to install the kernel-firmware package.

Recently moved my Linux workstation to an old AMD APU platform with Kabini (Athlon 5350). The installation completed successfully, but the console goes blank and X cannot use the radeon driver and fallback to VESA.

After some digging, found that although the radeon and amdgpu modules are loaded, there are error messages in dmesg saying that some firmwares cant be loaded.

The problem can be easily fixed by installing the kernel firmware:

sudo zypper install kernel-firmware