Difference between revisions of "2ABU6-G1"

From Hackerspace ACKspace
Jump to: navigation, search
(added firmware with known password)
(added fake artnet driver, added original root password info)
Line 2: Line 2:
 
|Featured=Yes
 
|Featured=Yes
 
|State=Active
 
|State=Active
|Members=User:Da Syntax, User:Xopr
+
|Members=Da Syntax, Xopr
 
|Description=Minew BLE/Wifi Gateway
 
|Description=Minew BLE/Wifi Gateway
 
}}
 
}}
Line 11: Line 11:
 
==== play with the LEDs ====
 
==== play with the LEDs ====
 
kill the pubmsg service
 
kill the pubmsg service
  /etc/init.d/pubmsg stop
+
  kill -9 `ps w|grep watchdog_loop|grep -v grep|awk '{ print $1 }'`
 +
kill -9 `ps w|grep autopubmsg|grep -v grep|awk '{ print $1 }'`
 +
killall -9 pubmsg
  
 
Random color animation:
 
Random color animation:
Line 19: Line 21:
 
Draw a (bad) VU meter:
 
Draw a (bad) VU meter:
 
  echo -en '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' > /dev/ws2812
 
  echo -en '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' > /dev/ws2812
 +
 +
or use a custom built [[file:fartnet.gz|binary]] to listen as a fake artnet ([https://gist.github.com/xopr/669844a23ee061ca5d7a49fb7521e948 source here]):
 +
  
 
=== connecting UART ===
 
=== connecting UART ===
Line 42: Line 47:
  
 
=== updating firmware ===
 
=== updating firmware ===
 +
The current version at the time of writing is v3.2.2
 
* login to the router (http)
 
* login to the router (http)
 
* go to tab <code>Other</code> (the last tab)
 
* go to tab <code>Other</code> (the last tab)
 
* scroll to <code>FIRMWARE UPGRADE</code>
 
* scroll to <code>FIRMWARE UPGRADE</code>
 
** either choose USB and put the firmware as <code>thingoo-upgrade.bin</code> on the root of a USB stick
 
** either choose USB and put the firmware as <code>thingoo-upgrade.bin</code> on the root of a USB stick
** or choose put the firmware on a (local) webserver and fill in its [{{filepath:thingoo-upgrade.bin}} URL] (root:kakhoofd)
+
** or choose put the firmware on a (local) webserver and fill in its [{{filepath:thingoo-upgrade.bin}} URL] (root:kakhoofd).
 +
 
 +
=== root password ===
 +
The password as of yet is unknown (you can flash other firmware with a known/empty password so no real problem.
  
 +
The shadow hash is <code>$1$Sevciuy0$CRuXyRAOWeathkwz1T00I1</code> (md5crypt) and is not in the 13GB [https://labs.nettitude.com/tools/rocktastic/ Rocktastic12a] password list, nor is it found by <code>hashcat -O -a 3 -m 500 hash.txt -1 ?l?u?d ?1?1?1?1?1?1?1 --increment</code>, which means, it either consists of punctuation marks/spaces (<code>?s</code>), or is 8 bytes long or longer, which the latter would take roughly a week on 8 &times; RTX3090s to verify.
  
 
=== troubleshooting ===
 
=== troubleshooting ===

Revision as of 15:20, 23 July 2021

Project: 2ABU6-G1
Featured: Yes
State Active
Members Da Syntax, Xopr
GitHub No GitHub project defined. Add your project here.
Description Minew BLE/Wifi Gateway
Picture
No project picture! Fill in form Picture or Upload a jpeg here

A.K.A. Minew, MS93MFZ_V1.0, MS93MF6_V1.2, MT7628, Thingoo, 2ABU6-G1 Thanks to Monadnock for a lot of the pin labels

snippets

play with the LEDs

kill the pubmsg service

kill -9 `ps w|grep watchdog_loop|grep -v grep|awk '{ print $1 }'`
kill -9 `ps w|grep autopubmsg|grep -v grep|awk '{ print $1 }'`
killall -9 pubmsg

Random color animation:

while true; do head -c96 /dev/urandom > /dev/ws2812 ; usleep 50000; done

Draw a (bad) VU meter:

echo -en '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' > /dev/ws2812

or use a custom built File:Fartnet.gz to listen as a fake artnet (source here):


connecting UART

/!\ don't connect PoE and UART, you will fry the main board; there is a 43v difference in ground planes.

use 3.3V logic to be safe

For best results (prevent console glitches and boot loops), disconnect UART VIN and connect regular (micro) USB power

Run terminal client in 56k 8N1: minicom -D/dev/ttyUSB0 -b57600 -o And make sure Hardware Flow Control is off: Ctrl+a, o, choose Serial port setup, f

install secure shell daemon

gain root access by #updating firmware and run the following:

opkg update
opkg install openssh-server
vi /etc/ssh/sshd_config

make sure PermitRootLogin yes is set for (ch)easy login

/etc/init.d/sshd restart

updating firmware

The current version at the time of writing is v3.2.2

  • login to the router (http)
  • go to tab Other (the last tab)
  • scroll to FIRMWARE UPGRADE
    • either choose USB and put the firmware as thingoo-upgrade.bin on the root of a USB stick
    • or choose put the firmware on a (local) webserver and fill in its URL (root:kakhoofd).

root password

The password as of yet is unknown (you can flash other firmware with a known/empty password so no real problem.

The shadow hash is $1$Sevciuy0$CRuXyRAOWeathkwz1T00I1 (md5crypt) and is not in the 13GB Rocktastic12a password list, nor is it found by hashcat -O -a 3 -m 500 hash.txt -1 ?l?u?d ?1?1?1?1?1?1?1 --increment, which means, it either consists of punctuation marks/spaces (?s), or is 8 bytes long or longer, which the latter would take roughly a week on 8 × RTX3090s to verify.

troubleshooting

ModemManager

Some Linux distro's hijack the serial port for modem usage; when you're experiencing problems, try and disable the ModemManager service:

systemctl disable ModemManager.service
systemctl stop ModemManager.service

Hardware flow control

If your serial is working intermittently, make sure Hardware flow control is off; for minicom it's: Ctrl+a, o, choose Serial port setup, f

If your terminal glitches or if you have boot loops, make sure you have a proper power supply and don't mix several supplies (i.e. PoE, USB, UART)

pins and connectors

J1

SoM row near the UART (J8) header

  1. USB D-
  2. USB D+
  3. GND
  4. SD_D2 (MDI_TN_P4)
  5. SD_D3 (MDI_TP_P4)
  6. SD_CMD (MDI_RN_P4)
  7. SD_CLK (MDI_RP_P4)
  8. SD_CD (MDI_TN_P3)
  9. SD_WP (MDI_TP_P3)
  10. SD_D0 (MDI_RN_P3)
  11. SD_D1 (MDI_RP_P3)
  12. ETH TXON0 (MDI_TN_P0)
  13. ETH TXOP0 (MDI_TP_P0)
  14. ETH RXIN0 (MDI_RN_P0)
  15. ETH RXIP0 (MDI_RP_P0)
  16. GND
  17. UART_RXD0 (GPIO#13)
  18. UART_TXD0 (GPIO#12)
  19. PWM_CH0 (GPIO#11, testpoint T11)

J1

SoM row near the SD card slot

  1. I2C_SD (GPIO#5)
  2. I2C_SCLK (GPIO#4)
  3. I2S_CLK (GPIO#3)
  4. I2S_WS (GPIO#2)
  5. I2S_DO (GPIO#1)
  6. I2S_DI (GPIO#0)
  7. GND
  8. UART_RXD1 (GPIO#46)
  9. UART_TXD1 (GPIO#45)
  10. WLED_N (GPIO#44)
  11. LINK0 LED1 (GPIO43, active high)
  12. LINK3
  13. LINK4
  14. WPS_RES_PBC
  15. REF_CLKO (GPIO#38)
  16. GND
  17. GND
  18. VDD (3.5v, testpoint T2)
  19. VDD (3.5v, testpoint T2)

J8

UART, presumably 3.3v

  1. Vin (tied to U10-8, EML3276 near SW2, also to testpoint DC4.5V=T20 via switch J13 in on-position)
  2. RxD
  3. TxD
  4. GND

J12

related to nRF52

  1. GND
  2. V (3.3v, same potential as T23)
  3. D ?
  4. C ?
  5. Reset?

CON1

IPEX/UFL for Bluetooth, connected to the middle antenna

CON2

Ribbon connector to WS2812 LEDs, flip up to release

notes

  • the gateway doesn't work with a Ubiquiti 24v passive PoE injector

also see