Hacking Agestar NCB3AST: Day 2

The first thing that I want to do today is to unbrick my NCB3AST. To unbrick it, I need to have a RS232 TTL converter. After waking up late, and doing some other weekend business, I went to Icon in Chiang Mai. I bought a data cable for Alcatel 511 (actually almost any data cable that isn’t mini USB would be fine, this is the one that I found), and after looking around, I found the schematics for the data cable. It helps me to decide where should I connect each cable guided by the close up photo from Chris.

I still doesn’t understand why my new image won’t boot, it always stops with:

undefined instruction
pc : [<00500004>]    lr : [<0d05ae60>]
sp : 0d05af00  ip : 00500000  fp : 0cf00000
r10: e8bd0070  r9 : 00000000  r8 : 00000108
r7 : 00613226  r6 : 00900000  r5 : 54420005  r4 : 00000004
r3 : 0cf00000  r2 : 0003a530  r1 : 00000001  r0 : 0003a7d4
Flags: nZcv  IRQs off  FIQs off  Mode SVC_32

The default boot command is

cp.l 0x10020000 0xcf00000 0x1f0000;go cf00000

After quite a long time, I realized that if i just type:

go 0x10020000

The kernel will be loaded just fine. I don’t understand why the firmware won’t work when the kernel is copied to cf00000 and then booted. If i have a debugger, then this memory debugging stuff can be much easier to solve.

Continue reading “Hacking Agestar NCB3AST: Day 2”

Hacking NCB3AST: Day 1

I will consider yesterday as day 1 in hacking the the my NAS drive NCB3AST, since I just started concentrating on this. Chris Baird gave me some pointer to look at WRVS440N Linux kernel source code and also gave me some info about the boot loader and serial port (this will be useful in Day2). What I did on Day 1 was looking at several firmware files and comparing it to the /dev/mtd0-3. My conclusion was:

  1. The size of the binary file is always 8 mb
  2. The first 128 kb is the ARMBoot boot loader
  3. After the boot loader is the kernel image, which is init.o + bzImage + initrd.gz
  4. There is no special header
  5. There are some offsets where you need to put some "0101" and "Supercom" string  (It seems the location is constant)
  6. Looking at the source code of init.o (init).S I can know where to get and put the initrd to modify the firmware
  7. Unfortunately if I made init.gz that is larger than the original firmware, the device won’t boot.

So at the end of day one, my NAS was bricked. It is not completely bricked as I can still use it as a "harddisk casing". When it is bricked, I can still access my data in the harddrive, the USB mass storage device is recognized as JM20337 USB2.0 to SATA & PATA Bridge.

Continue reading “Hacking NCB3AST: Day 1”

Agestar NAS NCB3AST

I found this quite cheap NAS (around 87 USD) few days ago when buying a new hard drive. This is cheap by Chiang Mai’s standard, because if you buy cheaper stuff from the Internet, you will need to pay a lot for shipping cost and tax. This NAS runs Linux but unfortunately they don’t provide the source code. Someone have managed to open this NAS, and connect serial port to it, while another guy find a way to access the shell by modifying samba configuration. I have managed to compile a simple hello world application and run it on the device using http://sources.nslu2-linux.org/sources/arm-920t_le.tar.bz2. I am planning to do more hacking on this device this weekend, and will write more about it.

Bluetooth USB Belkin F8T012xx1

I bought Bluetooth USB Belkin F8T012xx1 to be used in my desktop (using Debian). At first I thought that this thing doesn’t work, but apparently it is misdetected as pegasus Ethernet driver. I thought the best solution was to remove pegasus.ko (in /lib/modules), but everythime I upgraded the kernel, the file will show up again. I can see this happening using dmesg

pegasus: v0.6.14 (2006/09/27), Pegasus/Pegasus II USB Ethernet driver

The best solution is to add this line:

blacklist pegasus

to

/etc/modprobe.d/blacklist

Wake On LAN

I have two computers at home connected to my WRT54GL (a variant of WRT54G) through cables. Using SSH i can easily shut down my computer, and using Wake On Lan, I can wake them up again when I need them. Here are some of my notes after setting up the wake on LAN:

  1. You need to activate wake on LAN feature in the BIOS.
  2. You need to set your network card to wake on LAN using ethtool. This command needs to be inserted to your startup/network script, because in each restart you will need to set it again.
  3. Some network card will wake using the program wol, but some must use etherwake.
  4. Wake on LAN only works in cable/wired connection (wireless connection will not work).

LINKSYS WRT54GL

Any geek having the LinkSys WRT54GL will definitely install Linux on it. I bought this device on September 2007, and a week after using it, I started to hack it. First it was just installing DD-WRT, then I tried to add an SD card to it. The DD-WRT mmc driver has the limitation of only supporting SD card up to 1 GB (My 2GB kingston can not be detected), so I reflash using OpenWRT.

DD-WRT is very easy to use. The web interface is great, but as a former Linux administrator, I’d rather handle things trough command line. If you are a command line lover like me, then OpenWRT is better. With OpenWRT driver, I can use my 2GB SD card with higher speed. Now I can use my router for downloading some stuff that takes a long time to download (such as things that are in the Torrent with few seeders).

I connect this router to 2 of my PCs. One of the PC is used for my everyday task, and the other one is my media center. I can wake one or both of my computer through this router (very useful and convenient for me).

Switching from Fedora to Debian

Fedora is good, and gets updated every 6 months, but sometimes I think it is too fast for me. In every new version, they will change some daemon that breaks a lot of things that I have painfully set up in the previous version. After thinking about it, I try to use Debian. After few weeks using it, I already felt comfortable with it. I am also happy because I found a nearby Debian mirror in Thailand (http://www.debianclub.org) which is very fast to access from my home. Here are some things that you may need to know about debian:

Network configuration is at /etc/network/interfaces
Some useful apt-get commands are:
apt-get install packagename
apt-get remove packagename
apt-get clean (otherwise you will use a large disk space for package cache)

some useful dpkg commands:
dpkg -l to list all installed packages
dpkg -L packagename to list files in that package
dpkg -S /path/to/file to check to which package that file belongs

Another useful command is update-alternatives to update alternatives for a program (use this after installing java, etc)

I found a link about someone asking for Debian tips (he is a FreeBSD guy), and the answers he gets is quite good, I think the answers are applicable to anyone switching from another Unix or another Linux distro to debian): http://www.debian-administration.org/articles/234.

Adobe Flex Builder 3 Expiring too Fast

My friend installed the exact same DMG image to install the beta version of Adobe Flex Builder 3 beta 2, but when tried to use it, it says that the Beta has expired. We have the exact same hardware, and same software (Mac OS X, 10.4/Tiger). The Flex Builder does not show when it expired in the message (only: Beta Expired). It took me quite a long time to realize that the SDK says:

computer:~ tc3$ /Applications/Adobe\ Flex\ Builder\ 3/sdks/3.0.0/bin/mxmlc thinkcubic.mxml
Loading configuration file /Applications/Adobe Flex Builder 3/sdks/3.0.0/frameworks/flex-config.xml
This beta will expire on Thu Jan 31 00:00:00 ICT 1465.
Error: Beta expired.

While it should be

Loading configuration file /Users/tc4/flex/frameworks/flex-config.xml
This beta will expire on Thu Jan 31 00:00:00 ICT 2008.

It expires 543 years ago!. So why does this happen?. One hint: he is Thai. He prefers to use the Thai language on his computer. Thai people use Buddhist calendar, which differs 543 years from the Gregorian calendar.
Continue reading “Adobe Flex Builder 3 Expiring too Fast”

Useful Thai Sites in English

I just moved to Chiang Mai Thailand last month, and I really need a lot of information about this city, but the problem is that most stuff are written in Thai. Here are some English Language sites that I find useful (especially Chiang Mai related):

Don’t forget, Nokia Maps has a map of Chiang Mai for free. You can read more about it here

.