Featured articles:

Buying stuff together

HKY USB-C PD, PD 3.0 power adapter for car/truck

Status: 📫 arrived (target ACKspace visit date: 24 September)

An automobile auxiliary power plug to USB-C for use in a car/camper/truck or just on a plain (sealed) lead acid battery for off-the-grid powering laptops, phones or other devices.

Input: 9V - 32V

Output: 5V3A 9V3A 12V3A 15V3A 19V5A 20V5A

Note: Doesn't seem to be compatible with Apple M1 macbooks, max operating temperature is 40°C

https://www.alibaba.com/product-detail/_11000003515203.html

(Replace a pushpin (📍) with your nickname (~~~)

MCH2022

Like many other hackerspaces, some of us (ACKspace) are also going to attend this conference. It would be awesome to attend the conference as Village:ACKspace (extension 150).

discussion page here, Telegram group invite only.

tips for the next time

• hackerspace stamp / flag / merchandise
• only collective consumables/disposables
• for stuff / infra, have a single owner / rental per item (tag)
• for larger groups
  • shopping list
  • receipt-only (or a local ACKbar)
  • division of tasks / assignment
• logistics is a thing to plan: we had 4 cars for 1 village + 4 people
• local transport (optionally battery powered)
• partytent is a never ending misery
• chat group invite based (have a gatekeeper)
• better infra
  • over top power and network
  • UPS is a blessing
  • shared (complex) password vault/separate keyfiles for local infra
  • use a firewall (optionally with DMZ)
  • VoIP connection to the existing infra

things to considerate

• transport
• tents/furniture/infra/tools

Current attendees

• computer1up, has car! DECT extension 151
• NetworkDoctor DECT extension 152
• PsychiC DECT extension 153
• xopr DECT extension 154

Current roles

• PsychiC: core orga (geen ruimte voor extra taken i.v.m. onregelmatige planning)
• Computer1up: transport, inkoop
• Xopr: assistent logistiek en financiën
• Xopr/Computer1up: keuken/corvee
• Xopr/Computer1up: lokale infra

report

From july 22-26, I went to a hacker camp.
This is how it went.

The camp was a 5 day event and consisted of 3 track tents, 2 workshop tents and 3500 hackers. They had a 200Gbit/s uplink to Amsterdam that connected to more than a dozen IP-transit providers and Internet Exchanges with a total capacity of 450Gbit/s. Your direct tent-uplink could be 10Gbit/s and had a 20Gbit/s connection to the main switches with everything set up redundant.

Preparations started Wednesday and Thursday night: gather stuff (it was roughly 0.7m³ of gear scattered everywhere on my property). I wanted to set up the VoIP as well, but alas, no time.

Friday: drop offspring off at the day care, strip car and fill it with gear. Leave at 9:30, arrive at 11:40. I should have gone to the toilet, because my bladder starts to hurt.

I took the Cyber bike, tied a toy wagon behind it and filled it with the party tent parts and other essentials. Meanwhile I bumped into computer1up and together we traveled to the soon-to-be village, where PsychiC conquered ground for it for about a week. There we met our newest member: TheNetworkDoctor; our inhabitants were united!

After the first transport iteration, we had a Gator shuttle service at hand, so together with one last cycle, we picked up everything in one go.

Time to build a village! With a bit of hands, the village tent was up in no time, and soon decorated with network, power and lights.

It took until the evening before I got the network part sort-of right: the Guerrilla VoIP switch had a default passwords with arbitrary configuration and the 16 port "smart managed" switch only worked with a Windows tool. The other downside was that the management interface was accessible on every VLAN, had a default password and accepts a magic reset packet, but luckily, the PoE worked as intended (only VLAN 1). I kept a management interface VLAN open and set all the rest to a semi random untagged VLAN. Next thing were the LED sleeve / torches: they were going on a /19 network, and I wasn't going to scan 8k addresses, so I've set up a mirror port for those two connections to sniff out a DHCP ACK. The first worked instantly: WireShark filtered on `dhcp` immediately handed over all the details, so the second one should be a breeze as well.. Well, nope. The traffic that was hitting the switch was too much for the poor ENC28J60 to handle (I was aware of this type of flaw since it chokes on ART-net packets the same way).

Steps to success were: power 1 LED sleeve, read the lease, unplug the ethernet connector and power the second sleeve to read the other lease. Simple. Now that this was working and running a torch animation, I had some spare time to register my DECT handset.

Meanwhile, the sun had turned over and it was Saturday.

After brushing my teeth, it was time to fix the VoIP. Default passwords are bad, so I chose a simple alternative to keep script-kiddies out. The day was 10 hours old and half of the village was still sleeping. The initial setup was letting the desk phone register to my VPS and let the VPS register at the local "telco". This way, it was easy for ACKspace to call the "offsite" extension, but the calls from DECT never came through.

The other half, including me, went to the bar on Flower fields to grab a coffee and wait until the rest was awake to join the bacon & eggs session. Time flies and at noon and a bit I had the VoIP rerouted so that it actually registered locally, and the offsite extension was forwarded to this number. With some testing, it seemed great success, so two hours later I've managed to forward all extension in a similar fashion.

Meanwhile, our village became an open house and a lot of people jumped in to say hi and admire the 3D-printer or asked to have something printed.

Then came the idea for a nice and simple hack: add an extra extension to manipulate the torch by calling them. Since torch in Dutch is fakkel, I registered 3225 (fACK) for intended puns. I wasn't going to write a SIP parser, so I've looked around and finally found something that seemed to work. I proudly shared a video at 1am to demonstrate it, but the library was pretty wonky and failed after a couple of calls/minutes. Let's call it a day.

Sunday was a bit of a relaxed day: roaming the terrain and peek at some talks. Meanwhile I was fixing spacenet because PsychiC's laptop on regular wifi acted up. Of course this was going over a VPN since I didn't want to reference the RADIUS server in any way.

Monday had a late start; some tiredness kicked in and everything went slow. After watching some talks on the stream, and ductaping the party tent together because the wind had ripped off all loops, we had a visit from Speakup, the DID number-block provider (trunk) at 3pm.

So if we could change the password for 8225 (vACK), because it was used last night to do several phone calls to Belarus. This made the number block go onto the blacklist. It took me an hour to install a firewall/router, reset the phone, rewire the cables and reconfigure everything, but we were up and running again.

After hanging around in the village, we got a visit from the mailperson from Chaos Post just around dinner time; I had received a greeting card. It stated:

TO:                                 FROM:
xopr                                Evil VoIP hacker
ACKspace
Torvalds Field
-----------------------------------------------------
Please let me back into your Polycom :(

Note that the capitalization of every word is 100% correct. This person had done its homework. We applaud his effort, I was seriously impressed and we thanked Evil VoIP hacker on IRC and Twitter and offered a beverage. My commitment is that the beverage offer still stands.

When we left the village for some partying, I put the greeting card on top of the phone together with a bag of sweets, but the "prize" was never picked up..

The next and final day for me consisted of packing everything, and start tearing down the local infra in a controlled manner, followed by the party tent. I had no time to watch any talk and all packing, transporting and eating took 8 hours (one roundtrip to the car was 2km of which I had to do 5)

All and all, we had a lot of fun, talked to a lot of strangers (and incidentally, some familiar persons).

The phone hack was done beautifully, and it reaffirmed that everything is a target, even snail mail.

How I think the hack went:

• Evil VoIP hacker downloads the phone book (number, description)
• They send `SIP OPTIONS` to determine it’s IP address (it was a public address)
• Next, do a port scan on all addresses
• Have a list at hand with common usernames/passwords (and a password list modified to include names and keywords of this event)
• Do a brute force login and extract the SIP credentials
• Call Belarus using the credentials (or even the phone itself as plausible deniability) to trigger blacklisting of the DID provider
• Find the “Village” wiki page that was name-referenced in the phone book entry
• Visit the hackerspace’s web page and see which nickname relates to VoIP activity
• Send a personal card to let you know they did research

Most interesting talk

There are so many different topics that it's hard to pick a favorite. One of the most interesting talks was pointing to a very simple problem: the e-signature of dynamic content documents and its legal validity. An honorable mention would be Reverse engineering Albert Heijn app: this was a fun talk and well presented.

Most interesting tech

Everywhere you look, there is tech, often combined with art. I've seen a dragon made out of emergency blankets, all kinds of light and mirror artwork and driving couches. The most interesting tech is actually anti-tech: how to use a rotary hammer to open electronic locks without damaging them (using a 3D printed knob-holder). The presenter did 7 locks in 90 seconds.

Most interesting stand

Note that there are not really stands that sell anything. If anything, they might ask for a donation and provide you something for free. My most interesting stand was the Arcade hall, where I did two games of flip the table on a Japanese arcade cabinet (equipped with a table).

What was reaffirmed

Everything is a target.

What needs more research

• a better way to combine both VoIP systems
• something something party-tent kite: they will never be a good alternative where there's wind

What have I leaned

• although all people are nice, some environments they are in are really hostile.
• always use complex passwords (you cannot escape a password manager or hardware token anymore)
• apply a firewall
• use a hardware firewall (router)
• have IPv6? firewall
• walking around with a laptop? firewall
• drop down and over top cable management (power/network)
• you cannot be too paranoid
• you might need intrusion detection as well

What can I learn more

• For events like these, it's good to have a list of items to bring, but also a list to do. This is something that needs work.
  • Local light art projects like Stoplichter
  • Better party tent walls
  • Hackerspace stamp / flag / merchandise
  • make a small battery powered transport vehicle that also has a hitch
• IPv6 is beautiful, but in some ways way more complex than a regular NAT/PAT router

What could other people learn

• Security costs time: use it or don’t participate at all
• EVERYTHING is a target: your phone, your VPS/VPN entry-point, postal mail, your badge (bluetooth/wifi)
• Power is a luxury: don’t expect uptime

What could $company learn

Visible hackers are really friendly and helpful, but also powerful in a way that nobody wants to see abused. Keep them happy or leave them at ease would be my approach.

WiPhone

Yay, WiPhone!

custom firmware

you can use the ACKspace modified firmware by setting https://ackspace.nl/WiPhone/WiPhone.ini into the ota.ini file (or via the telephone) Current applied patches:

• LoRa 868MHz
• ackspace.nl fake NAPTR (hardcoded IP)
• fix fiddly unlock (mentioned here)

Work in progress:

• LoRa menu (currently crashes the phone, don't use)

notes

• read documentation here
• report bugs at https://github.com/ESP32-WiPhone/wiphone-firmware/issues
• enable/disable automatic firmware settings at Menu » Settings » Firmware settings
• before you use LoRa, make sure to edit Hardware.h, look for RF95_FREQ and set it to 868MHz for EU:

#define RF95_FREQ 868.0 (See this (somewhat sparse) issue)

• enable UDP by adding u=UDP_SIP to an account in data/sip_accounts.ini (not yet tested)

Get started

• download source code
• run V="0.8.30"; unzip WiPhone-$V && rm -fr WiPhone && mv WiPhone-$V WiPhone
• open WiPhone/WiPhone.ino using Arduino
• once: set up IDE (see documentation for details):
  • Open preferences (CTRL+,) and add https://wiphone.io/static/releases/arduino_platforms/package_WiPhone_index.json (comma separated) into Additional Boards Manager URLs
  • go to Tools » Boards » Board Manager and install WiPhone
  • Arduino option Tools » ESP Sketch Data Upload: download ESP32FS-1.0.zip into the ~Arduino/tools directory with mkdir -p ~/Arduino/tools && unzip ESP32FS-1.0.zip -d ~/Arduino/tools
  • TODO: esptool.py serial: sudo pip install pyserial (check your default python version)
• Select Tools » Boards » Wiphone » Wiphone arduino
• compile with (CTRL+r)

custom mods

command line build

The provided repo contains several patches and a semi-automated build/upload process to create your own custom binary (without opening the Arduino IDE) This includes:

• caret cursor color fix
• lockscreen fix (mentioned here as well)
• LoRa 868MHz, menu is WIP
• ackspace.nl fake NAPTR (hardcoded IP)
• loudspeaker fix (mentioned here)

FSBrowser app

Work in progress by stuiterveer

NFC reader

Work in progress by Vicarious

5V injector

To charge the Wiphone (with 5V, including charging indicator), without using USB (since xopr's UART is broken), he soldered 2 cables with female dupont ends to the 5V rail (not VBUS). With troubleshooting, he also noted some useful pads/components, more or less reversed engineered: File:Wiphone testpads components.svg

Here is the result

• 

  Ground on the bottom pad indicating "-" 5V on the left side of the "big" resistor above the right pogo header (not yet done in the picture) Dabbed in hot glue on the solder joints and strategically slightly right/above the center polycarbonate bridge (not in picture)

• 

  Wifi antenna cover just fits on top. Dabbed in hot glue: strategically slightly right/above the center polycarbonate bridge

• 

  Female dupont connectors fit nicely through the QWIIC slot on the LoRa daughter board.

LoRa

• Meshtastic radio-settings
• RFM 95/96/97/98 datasheet (pdf)
• Adafruit Using the RFM9X Radio
• RadioHead RH_RF95 Class Reference
• LoRa channels
• LoRaWan US channels
• Semtech information page

ACKspace aankoopbudget

Project: Main Page
Featured:	Yes
State	Active
Members	Prodigity
GitHub	No GitHub project defined. Add your project here.
Description
Picture

ACKspace heeft een budget beschikbaar gesteld voor het kopen van spullen.

Het budget wordt ieder kwartaal met €50,- verhoogd.

Op deze pagina kan men aangeven welke spullen ze graag in de space willen zien.

Welke spullen er gekocht zullen worden, wordt bepaald door een telling van stemmen tijdens de deelnemersvergaderingen.

Het budget voor de pizza-meet van 4 april 2020 is €325,05

Het budget voor de pizza-meet van 3 oktober 2020 is €425,05

Het budget voor 3 oktober 2021 is €625,05

Het budget voor 2 juli 2022 is €675,05

Spelregels

• Alleen producten die in de tabel staan worden overwogen voor aankoop!
• Alle velden in de tabel moeten correct ingevuld zijn!
• Producten worden alleen van webshops gekocht!
• Prijs moet inclusief btw & verzendkosten zijn!
• Je stem is alleen geldig als je aanwezig bent op een deelnemersvergadering!
• Per deelnemersvergadering kan er maar max 1 product gekocht worden!
• Meeste stemmen gelden.
• Je kunt stemmen voor sparen als je meer geld in het potje wilt zien of voor stemonthouding als je onverschillig bent.
• Bestuur niet lastig vallen om producten in de tabel toe te voegen; doe het zelf.
• Bestuur bepaalt uiteindelijk hoe groot het budget is.

Aankopen die reeds zijn gedaan:

Items die niet meer relevant zijn of niet worden aangekocht:

ACKsession

synopsis

Vanaf heden (9-7-2022) is er elke:

• vóórlaatste zaterdag tussen 00:00 en 23:59 (de hele dag dus) een hacksessie evenement.

Het is dan de bedoeling om deze paar uurtjes exclusief te gebruiken om aan je project of willekeurige hack te werken, al dan niet als groepje. Gezien de huidige situatie is een virtuele space ingericht on als nog samen te werken zonder fysieke aanwezigheid te hoeven hebben. Je hoeft niet per se mee te doen, maar dit is natuurlijk hét moment om verder te komen met projecten.

• Heb je een idee, maar weet je niet hoe je het kunt uitwerken? Vraag het dan op de mailinglijst, IRC of Telegram groep.
• Kom je een onderdeel te kort? Mail het bestuur.
• Ben je op zoek naar inspiratie? Kijk eens op patches welcome of bij de geparkeerde projecten en voeg jezelf gewoon toe aan je nieuwe favoriete project
• Is iets, maar dan ook iets niet duidelijk? Gewoon vragen!

data

De volgende dagen zijn gekozen voor 2022:

• Zaterdag 21 mei
• Zaterdag 18 juni
• Zaterdag 23 juli
• Zaterdag 20 augustus
• Zaterdag 17 september
• Zaterdag 22 oktober
• Zaterdag 19 november
• Zaterdag 24 december (weekend van kerst)

De volgende dagen zijn gekozen voor 2021:

• Zaterdag 23 januari (met aansluitend een online movie night geplanned)
• Zaterdag 20 februari
• Zaterdag 20 maart
• Zaterdag 17 april
• Zaterdag 22 mei (pinksterweekend (Hackers on a Bike, anyone?))
• Zaterdag 19 juni (weekend van pinkpop)
• Zaterdag 24 juli (midden in de bouwvakvakantie)
• Zaterdag 21 augustus
• Zaterdag 18 september
• Zaterdag 23 oktober (een week voor halloween)
• Zaterdag 20 november
• Zaterdag 18 december (begin van de kerstvakantie, week voor CCC)

Spacestate sensors

This project ties strongly with the MQTT setup (to connect to the SpaceAPI) as it uses Tasmota^[1] on ESP devices for feature bang and ease of use.

Note that you're more than welcome to add any sensor (or actuator) that you might see fit for our hackerspace. Think: 3D printer nozzle temperature or filament weight, outside radiation, air quality, motion sensing, window opener and the likes; this project is proof anyone that can handle a screwdriver and PC can do this.

synopsis

Create a modular repository of sensors and outputs to keep an eye on temperatures (and/or other stuff), especially for monitoring the server room, and optionally, the [sl|h|st]ackspace(s), including the space state switch.

intro

After some iterations of the Space state switch and some versions of the Spacestate indicator, some different types of temperature sensors, it was time to make it easy on ourselves: switch to MQTT and use Tasmota^[1].

In most cases, an off-the-shelf ESP device will suffice, but since not all devices are not galvanically isolated from mains, it's more practical to use an ESP-12 PCB for things where contacts are bare (like the Space state switch).

Here are the steps to setup such a device

configuring a spacestate sensor from scratch

Most of this (apart from the MQTT configuration) only applies to the Spacestate sensor board (see image); it will setup a pinout template that matches the board.

• Under Configuration, click Configure Other
• Paste this template: {"NAME":"ACKsensor","GPIO":[0,0,0,0,0,0,0,0,1,0,0,0,1,1],"FLAG":0,"BASE":18} and check Activate
• Fill in Device Name (ACKtemp or ACKstate) and Friendly Name 1 (Space state switch or leave as is)
• Save (will reboot)
• Click Configure Module
• Make sure Module type is ACKsensor (0)
• Set functions for GPIO17 (ADC), GPIO16 (Typically Switch 1 or Button 1) and GPIO12 (DS18x20 which is connected to 3.3v using ~4k7 pull up) ^[2]
• Save (will reboot again)
• Click Configure MQTT
• Set Host (192.168.1.42), User (temperature or spacestate), Password (currently, only xopr knows these passwords), Topic (temperature, switch or spacestate) and Full Topic (ackspace/hackspace/%topic%/%prefix%/)
• Save (will reboot yet again)

notes and troubleshooting

GPIO16

Note that this pin is special (it lives on a separate register internally, but more important, its internal pull resistor is to ground (pull-down) ^[3][4][5]

ADC/GPIO17

Note that the analog in is 0-1V maximum; use a voltage divider to limit its input.^[6] and ^[7]

space state

To read a switch without having a corresponding relay one has to remember the default switch action is TOGGLE, which can be used in traveler-system (hotelschakeling) style: one can turn the light on with switch 1, turn it off with switch 2 (software) and turn it on with switch 1 again while the switch physically is in a different state. To change the behavior of the switch, use switchmode^[8]:

switchmode 1
restart 1

Note that if you need the reverse (switch connects to poweroff), you need switchmode 1. Also note that restart 1 is needed to store the configuration.

multiple switches on the spacestate sensor

By default, one can use a single switch/button without a relay set. If you want to provide MQTT state for multiple switches without having corresponding relay outputs, you need some rule magic;^[9]

Rule1 ON switch1#state DO publish ackspace/hackspace/%topic%/stat/RESULT {"POWER1":"%value%"} ENDON
Rule2 ON switch2#state DO publish ackspace/hackspace/%topic%/stat/RESULT {"POWER2":"%value%"} ENDON
Backlog Rule1 1; Rule2 1

other devices (switches)

Note that the space has a modified sonoff POW (old revision) that allows switching with a regular toggle switch while able to monitor the power usage. It uses the following template: {"NAME":"Dangerous POW","GPIO":[32,160,0,0,0,2592,0,0,224,2656,2688,288,0,0],"FLAG":0,"BASE":6} Note that while the GPIO is 5V relative to GND, it most likely is 225V above earth potential: insulate well and never connect it to your PC.

calibrating POW module

To calibrate a POW module (like in the hackcorner), you need the following^[10]:

• Multimeter (for measuring mains voltage)
• Resistive load (higher=better, like the 500W SMD rework station)

Steps:

• monitor mains voltage
• go to the sonoff console tab of the device
• turn on the hot air station and crank up the dial
• input the following (adjust the voltage and current accordingly)

for current, you use the formula: P/U*1000 = 500/227*1000 = in this case

VoltageSet 227
PowerSet 500
CurrentSet 2202.64
restart 1

recovery

When a device doesn't respond or won't connect to wifi, you might need to trigger recovery mode^[11] by:

• power it off for 30 seconds
• power on 7 times with less than 10 second interval

Note that this only works if SetOption65 is 0 (which one would have disabled if brown-outs occur often.

links

IX2412

Has a

• Mediatek MT7621AT
• 8GB SD card
• Winbond 25Q128JVSM 128Mbit serial flash
• USB2512B USB2.0 hub
• U-blox LILY-W131 wifi 2.4GHz, based on Marvell Avastor 88w8801
• Quectel EC25-E (Main, DIV, GNSS)

Power (over Ethernet) compatibility:
barrel plug: none 24V

Note: has a 4p pluggable terminal block 12-24V

connecting UART

• use 3.3V logic to be safe

Run terminal client in 56k 8N1: minicom -D/dev/ttyUSB0 -b57600 -os And make sure Hardware Flow Control is off: choose Serial port setup, f (to open the configuration menu, press Ctrl+a, o)

Uboot env

After pressing space to interrupt (within 1 second) you get:

Please choose the operation: 
   0: Load system code then write to Flash via Serial.
   1: Load system code to SDRAM via TFTP.
   2: Load system code then write to Flash via TFTP.
   3: Boot system code via Flash (default).
   4: Enter boot command line interface.
   7: Load U-Boot code then write to Flash via Serial.
   8: System Load UBoot to SDRAM via TFTP. (hidden in menu)
   9: Load U-Boot code then write to Flash via TFTP.

in the command line interface (4), you can continue booting with bootm bc050000

MT7621 # printenv
bootcmd=tftp
bootdelay=1
baudrate=(57600)
ethaddr="AA:BB:CC:DD:EE:FF"
ipaddr=192.168.1.1
serverip=192.168.1.2
stdin=serial
stdout=serial
stderr=serial

root password

The short answer is: it's on a "factory" partition in the flash, most likely located at 40000_HEX.

How to get root without copying the flash (only using serial):

• within the boot sequence at 3/4 of the log: search for "factory", most likely it reads something like:

[ 2.290000] 0x000000040000-0x000000050000 : "factory"

• remember 40000_HEX (and add 20_DEC so it becomes 40014_HEX
• reboot (either press and hold the reset button >4s or pulse X2 pin 2 and 7
• press space in the serial monitor (you have 1 second if it says Press space to enter the bootloader... ).
• press 4
• and type spi read 40014 10
  • it will return something like this:

  read len: 16

  38 4d 6d 42 52 32 35 6d 73 6d 0 0 0 0 0 0

• use an online converter or run this in a javascript console:

  "38 4d 6d 42 52 32 35 6d 73 6d 0 0 0 0 0 0".split(" ").filter(n=>n!=="0").map(n=>String.fromCharCode(parseInt(n,16))).join("")

You can also retrieve it from the bin file: dd bs=1 skip=$((0x40000+20)) count=10 if=ixrouter.bin 2>/dev/null | tr -d '\000'

Oh by the way, it's 8MmBR25msm

pins and connectors

X2

Labeled. located near reset button, 3.3v logic.

1. GND
2. RX
3. TX

X3

For programming/reading the SPI flash chip. Note that soldering a straight header will conflict with a SOIC clamp.

1. VCC
2. RST
3. CLK
4. DI
5. DO
6. CS
7. GND

To reset, connect pin 2 and 7 with a small resistor (used 180Ω)

open ports

PORT     STATE SERVICE
22/tcp   open  ssh
53/tcp   open  domain
9230/tcp open  unknown

firmware image

extraction

Used minipro on a TL866II+ with 8 pin SOIC clamp while keeping the board in reset (connecting X2 pin 2 and 7)

$ minipro -p W25Q128JV@SOIC8 -r ixrouter.bin --vcc=3.3 -y
Found TL866II+ 04.2.86 (0x256)
Warning: Firmware is out of date.
  Expected  04.2.128 (0x280)
  Found     04.2.86 (0x256)
WARNING: Chip ID mismatch: expected 0xEF4018, got 0xEF7018 (unknown)
Reading Code...  27.08Sec  OK

file information

To extract the image parts, you need sasquatch and jefferson additional to binwalk, see: binwalk dependencies

$ binwalk --signature --term ixrouter.bin

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------------------------------
78080         0x13100         U-Boot version string, "U-Boot 1.1.3 (Dec 21 2017 - 10:47:42)"
327680        0x50000         uImage header, header size: 64 bytes, header CRC: 0x4DD3DDDF, created:
                              2018-08-07 13:36:39, image size: 1213865 bytes, Data Address:
                              0x80001000, Entry Point: 0x80001000, data CRC: 0x82EB32CA, OS: Linux,
                              CPU: MIPS, image type: OS Kernel Image, compression type: lzma, image
                              name: "MIPS OpenWrt Linux-3.18.75"
327744        0x50040         LZMA compressed data, properties: 0x6D, dictionary size: 8388608 bytes,
                              uncompressed size: 3663424 bytes
1541609       0x1785E9        Squashfs filesystem, little endian, version 4.0, compression:xz, size:
                              6334418 bytes, 1478 inodes, blocksize: 262144 bytes, created: 2018-08-07
                              13:36:44
7929856       0x790000        JFFS2 filesystem, little endian

Note that xopr used mtd-utils but jffs2reader gives an Unsupported compression method! error.

generated config file

The config file, to be generated online and put on a stick looks roughly like this:

# Router configuration
# Generated by Xosperois Dimitri for ACKspace on Mon Jan 1 1900

ixrouter.wan.3g_apn={auto|MyApn}
ixrouter.wan.3g_pincode=[1234]
ixrouter.wan.3g_mtu={1200|1499}

ixrouter.wan.ip_use_dhcp={true|false}
ixrouter.wan.ip_address=[192.168.42.100]
ixrouter.wan.ip_netmask=[255.255.255.0]
ixrouter.wan.ip_gateway=[192.168.42.1]

[ixrouter.wan.dns_server=8.8.4.4]
[ixrouter.wan.dns_server=1.1.1.1]

ixrouter.wan.digital_input_mode=[disable_vpn_low]

ixrouter.wan.http_proxy_address=[10.0.0.1]
ixrouter.wan.http_proxy_port=[6667]
ixrouter.wan.http_proxy_authentication=[basic]
ixrouter.wan.http_proxy_username=[proxyuser]
ixrouter.wan.http_proxy_password=[6667]

ixrouter.wan.wlan_ssid=[publicwifi]
ixrouter.wan.wlan_key=[myfipassword]

ixrouter.wan.ixapi_entry_point=https://ixsec-api.ixon.net:443/
ixrouter.wan.ixapi_account_id=nnnn-nnnn-nnnn-nnnn-nnnn

ixrouter.lan.gateway_less_routing=true

ixrouter.lan.ip_address=192.168.140.1

convert to regular (4G) router

you need:

• IXrouter3
• mini (the regular) SIM card without an active pin code

steps:

• make it a fresh install, login and type:

  either firstboot -y && reboot now (soft factory reset)

  or umount /overlay && jffs2reset && reboot now (hard factory reset)

• login via ssh ( root@192.168.27.1) on LAN port (2-5) or 3.3v serial terminal header near the sim card slot
• disable ixagent completely:

  /etc/init.d/ixagent stop

  /etc/init.d/ixagent disable

• edit /etc/opkg/distfeeds.conf

  disable or remove src/gz chaos_calmer_ixpackages http://...

  add: src/gz chaos_calmer_luci http://archive.openwrt.org/chaos_calmer/15.05.1/ramips/mt7621/packages/luci

• insert wan cable (check IP lease) and run the following:

  opkg update

  opkg install luci-ssl Note that uqmi doesn't want to install command line, use luci system software to install

  unsure/future: opkg install luci-app-openvpn

• via luci (https://192.168.27.1), remove all network firewall zones and add:

  WAN (wan, wan6, wwan) masquerading & MSS clamping (maybe include sta_wan and sta_wan6)

  LAN (lan) allow forward to DESTINATION zones WAN

• save & apply

enable the 4G router

Note that when a sim card is present, it will connect automatically and be the primary route to internet.

• go to network interfaces and edit WWAN

  Protocol: DHCP client, switch protocol and set a nice hostname. Save & Apply

• click Connect
• if this doesn't seem to work (no RX data), either reboot, go to System Software and install (filter for) uqmi

  login with SSH and type the following:

  /sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode offline

  /sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode reset

  wait 20 seconds

  /sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode online

  /sbin/uqmi -d /dev/cdc-wdm0 --set-autoconnect enabled

enable wifi AP

By default (and using the cloud config generator), the U-blox wifi device is set to station (client) when booting. The script is at /lib/wifi/ublox.sh and it read properties generated via ixrouterconf2uci (not sure whether it's possible to trigger the correct data via the ixconfig). The driver is Marvell WiFi-Ex Driver (cfg80211)

To prepare for accesspoint mode, run the following:

uci set wireless.ap_lan_dev.channel='11'
uci set wireless.ap_lan_iface.ssid='ACKspaceWifi'
uci set wireless.ap_lan_iface.key='Nope. Nope nope nope nope nope.'

To switch, do this:

uci set wireless.ap_lan_dev.disabled='0'
uci set wireless.sta_wan_dev.disabled='1'

To apply the new wifi settings, run /etc/init.d/network reload and to permanently store them, use uci commit

spacenet

Not possible with the current (closed) driver+firmware

Short version: remove wpad-mini and install wpad. Rest might be command line settings only since the web interface for wifi doesn't play nice with the current setup.

setup openVPN (automatically connects)

Note that this will have OpenVPN connect automatically and DNS might give problems. If so, select both WAN and VPN in the second-to-last step.

To connect to the ACKspace VPN (tun), change the interface:

• go to Network Interfaces and Edit VPN
• under Physical Settings choose Custom interface: tun+
• Save & Apply
• go to Network Firewall and add a Zone:

  VPN (vpn) masquerading (possibly also MSS clamping)

• Save & Apply
• locate your ackspace.ovpn file and make sure it contains the following line:

  auth-user-pass /etc/openvpn/login.conf

• copy the file:

  scp ackspace.ovpn root@192.168.27.1:/etc/openvpn/ackspace.conf

• SSH into the router and create the following file containing username and password on a separate line: /etc/openvpn/login.conf
• /etc/init.d/openvpn restart
• finally, in Luci, go to Network Firewall -> Zone LAN and click Edit
• switch Allow forward to destination from WAN to VPN
• Save & Apply

custom scripts

These modified scripts restore some of the functionality that seems to be absent when not using the ixagent daemon.

#!/bin/sh /etc/rc.common

START=85
STOP=86
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
EXTRA_COMMANDS="run_monitor"
EXTRA_HELP=$(cat <<EOF
        run_monitor     Run the signal strength monitor
EOF
)

MONITOR_APP="/bin/sh /etc/rc.common /etc/init.d/wifi-monitor run_monitor"

LED_PATH="/sys/class/leds/ix2:%name:3g"
LED_NAME_RED=red
LED_NAME_BLUE=blue

UPDATE_DELAY=5

LED_MORSE_DELAY=300

log()
{
	echo "wifi-monitor: $1" > /dev/kmsg
}

get_signal_value()
{
	local value=`iwinfo mlan0 info | grep 'Quality'`

	if [[ "$value" == "${value/Link Quality//}" ]]; then
		# No value found
		echo "?"
		return
	fi

	echo "$value" | sed "s/.*Link Quality: //"
}

set_led_status()
{
	local led_name=$1
	local trigger=$2
	local arg=$3

	echo $trigger > ${LED_PATH/%name/$led_name}/trigger

	case $trigger in
	"none")
		echo $arg > ${LED_PATH/%name/$led_name}/brightness
		;;
	"morse")
		echo $arg > ${LED_PATH/%name/$led_name}/message
		echo $LED_MORSE_DELAY > ${LED_PATH/%name/$led_name}/delay
		;;
	"timer")
		echo $arg > ${LED_PATH/%name/$led_name}/delay_on
		echo $arg > ${LED_PATH/%name/$led_name}/delay_off
		;;
	esac
}

update_led()
{
	local signal=$(get_signal_value)
	VPN=$(route|grep tun|awk '{ print $2 }'|grep -v "*"|head -1)
	if [[ -n "$VPN" ]]; then
		ping -W 1 -c 1 $VPN > /dev/null
		VPN=$?
	fi
	if [[ -n "$VPN" ]]; then
		echo "none" > /sys/class/leds/ix2:blue:vpn/trigger
		echo 1 > /sys/class/leds/ix2:blue:vpn/brightness
	elif [[ -n "$(ps w|grep openvpn|grep -v grep)" ]]; then
		echo "timer" > /sys/class/leds/ix2:blue:vpn/trigger
		echo 500 > /sys/class/leds/ix2:blue:vpn/delay_on
		echo 500 > /sys/class/leds/ix2:blue:vpn/delay_off
	else
		echo "none" > /sys/class/leds/ix2:blue:vpn/trigger
		echo 0 > /sys/class/leds/ix2:blue:vpn/brightness
	fi

	# Check if cellular device is enabled multiwan, then dont override
	if [[ "1" == $(uci get mwan3.wwan.enabled) ]]; then
		signal="off"
	# Check if wireless device is enabled
	elif [[ "1" == $(uci get wireless.sta_wan_dev.disabled) ]]; then
		if [[ -x "/sbin/uqmi" ]]; then
			# get rsrq (bad -40 to -3 good) status
			RSRQ=$(/sbin/uqmi -d /dev/cdc-wdm0 --get-signal-info|grep rsrq|grep -Eo "\-[0-9]+")
			if [[ "$RSRQ" -ge -10 ]]; then
				# Excellent
				signal="5/5"
			elif [[ "$RSRQ" -ge -15 ]]; then
				# Ok
				signal="3/5"
			elif [[ "$RSRQ" -ge -20 ]]; then
				# Terrible
				signal="1/5"
			elif [[ "$RSRQ" -ge -40 ]]; then
				# None
				signal="0/5"
			else
				signal="pending"
			fi
		else
			signal="off"
		fi
	elif ! ifstatus sta_wan 2> /dev/null | grep -q "pending.*false"; then
		signal="pending"
		logger -t wifi "Interface 'mlan0' is pending"
	fi

	# Only update signal value when needed
	if [[ "$signal" == "$last_signal" ]]; then
		return
	fi

	case $signal in
            "pending")
		set_led_status $LED_NAME_RED  none 0
		set_led_status $LED_NAME_BLUE timer 1500
                ;;
            "0/5")
		set_led_status $LED_NAME_RED  timer 1500
		set_led_status $LED_NAME_BLUE none 0
                ;;
            "1/5")
		set_led_status $LED_NAME_RED  none 1
		set_led_status $LED_NAME_BLUE none 0
                ;;
            "2/5")
		set_led_status $LED_NAME_RED  none 1
		set_led_status $LED_NAME_BLUE none 1
                ;;
            "3/5")
		set_led_status $LED_NAME_RED  none 1
		set_led_status $LED_NAME_BLUE none 1
                ;;
            "4/5")
		set_led_status $LED_NAME_RED  none 0
		set_led_status $LED_NAME_BLUE none 1
                ;;
            "5/5")
		set_led_status $LED_NAME_RED  none 0
		set_led_status $LED_NAME_BLUE none 1
                ;;
            *)
		set_led_status $LED_NAME_RED  none 0
		set_led_status $LED_NAME_BLUE none 0
                ;;
        esac

	last_signal=$signal
}

start()
{
	service_start $MONITOR_APP
}

stop()
{
	log "Killing wifi signal strength monitor"

	SERVICE_SIG="KILL" service_stop $MONITOR_APP

	set_led_status $LED_NAME_RED none 0
	set_led_status $LED_NAME_BLUE none 0
}

run_monitor()
{
	log "Running wifi signal strength monitor"
	last_signal="off"

	while /bin/true; do
		sleep $UPDATE_DELAY

		update_led
	done
}

#!/bin/sh /etc/rc.common

APP="leds"

PID_FILE="/tmp/run/rc.button.reset.pid"
LED_PATH_R="/sys/class/leds/ix2:red:status"
LED_PATH_B="/sys/class/leds/ix2:blue:vpn"

log()
{
	echo "rc.button.reset $1" > /dev/kmsg
}

process_reset_button()
{
	# Start sleeping
	sleep 3 &

	local SLEEP_PID=$!

	# Put PID of sleep process to file
	echo $SLEEP_PID > $PID_FILE

	# Wait for sleep to finish
	wait $SLEEP_PID

	# If sleep was killed, do nothing
	if [ "$?" != "0" ]; then
		# Remove PID file so next push can work properly
		log "User let go before timeout - not resetting"
		rm "$PID_FILE"
		exit
	fi

	# User waited 3 seconds after pressing the button. Factory reset time

	# Update file so next button press knows it can't be stopped
	echo "TOOLATE" > $PID_FILE
	log "Waited long enough - factory resetting now"

	# Stop IXagent to get control of LEDs
	log "Stopping IXagent"
	/etc/init.d/ixagent stop

	# Inform user we've started to factory reset
	log "Setting LEDs"
	echo "timer" > $LED_PATH_R/trigger
	echo 50 > $LED_PATH_R/delay_on
	echo 50 > $LED_PATH_R/delay_off

	echo "timer" > $LED_PATH_B/trigger
	echo 60 > $LED_PATH_B/delay_on
	echo 60 > $LED_PATH_B/delay_off

	# Do a reset on the 3G module
	# Should improve stability and ease-of-use
	echo 0 > /sys/class/gpio/3g-perst/value

	# Do the actual factory reset
	jffs2reset -y
	if [ "$?" != "0" ]; then
		log "jffs2reset failed!"
	fi

	reboot
}

if [ "${ACTION}" = "pressed" ]; then
	if [[ -z "$(ps w|grep openvpn|grep -v grep)" ]]; then
		/etc/init.d/openvpn start
	else
		/etc/init.d/openvpn stop
    fi
	if [ -f "$PID_FILE" ]; then
		log "Ignoring pressed - already running"
		exit
	fi

	log "Starting reset"
	process_reset_button &
fi

if [ "${ACTION}" = "released" ]; then
	if [ ! -f "$PID_FILE" ]; then
		log "Ignoring released - not running"
		exit
	fi

	SLEEP_PID=$(cat $PID_FILE)

	if [ "TOOLATE" = "$SLEEP_PID" ]; then
		log "Button released after reset started"
		exit
	fi

	log "Stopping reset"
	kill $(cat $PID_FILE)
	if [ "$?" != "0" ]; then
		log "Kill failed"
		exit
	fi

	log "Reset stopped"
fi

return 0

oneliners

echo 0 > /sys/class/gpio/wifi-pd/value # disable wifi
echo 1 > /sys/class/gpio/wifi-pd/value && wifi reload # enable wifi
echo 0 > /sys/class/gpio/3g-perst/value # disable 3g (fast)
echo 0 > /sys/class/gpio/3g-power-enable/value # disable 3g (slow)

alternative power

It is possible to power the router with a USB-C powerbank for off-the-grid usage, ideal for a hackers on a bike tour. All you need is:

• a USB-C powerbank that supports >=12V
• USB-C to USB-C cable ZY12PDN USB-C Fast Charge Trigger Poll Detector, set to highest voltage possible (but lower than 24V)
• removable screw terminal connector (two or [1] pins) (see the green connector in this picture)

Tested on a fully charged Xiaomi Mi Powerbank 3 (20Ah) and had an uptime of 26:45h.

spacenet

Alternative power combined with a Unifi PoE hack, this could be used for a mobile spacenet. xopr's "event" accesspoint has spacenet on VLAN 6; it's easier to add a VLAN than to reprovision the accesspoint every time:

• in Network > Switch
  • Add, 6 off, tagged, tagged, tagged, tagged, off, tagged
  • Save, apply
• in Network > Interfaces
  • Add new interface...
  • Name: ACK
  • Protocol: Static
  • Covering: VLAN interface eth0.6
  • Next >
  • Setup DHCP server (first!)
  • IPv4 192.168.6.1
  • Netmask: 255.255.255.0
  • Advanced: Bring up on boot
  • Create firewall zone: LAN
  • Save & apply

Disable regular wifi with uci set wireless.sta_wan_dev.disabled='0' and apply with /etc/init.d/network reload. (TODO: verify that it's back up after reboot)>

TODO

• new firmware: determine DSA wan/lan layout location (U-boot?)
• new firmware: determine gpio pinout mapping
• new firmware: get/compile working U-blox LILY-W131 (Marvell Avastor 88w8801) driver+firmware
• new firmware: get/compile working Quectel EC25-E driver
• determine DNS requests when vpn is active (currently doesn't work)
• toggle/enable AP upon short reset
• determine external gpio

also see

• https://www.ic4.be/2019/07/04/de-ixrouter-onder-de-loep/

Freeplay Lanaken

Synopsis

We gaan een bezoekje brengen aan de Freeplay arcadehal in Lanaken, van niemand anders dan de enige echte Fabrizio!

Entree is € 15,00 p.p. Aanvang is om 19:45 op de parkeerplek bij de arcadehal. Adres: Industrieweg 1D 3620 Lanaken (B)

Voeg jezelf hieronder toe als je mee wilt:

1. computer1up
2. adnub
3. Thunder1410
4. Prodigity
5. Wolkje

Neem contact op met computer1up als je nog vragen hebt!

SpaceStateIndicator

My verry fancy space state indicator broke down, so i tried to recreate it using stuff i had laying around, which was a Wemos D1 R1 arduino clown to which i added a shield with a RGB led. There is also an output to drive a beeper that sounds if the space state changens to 'Open'

Pin Numbering on this board is a bit confusing but this how i did set it up.

(In this version i did not hookup the beeper anymore, although the software still supports it) The RGB Led is hooked up to the pins using 100 Ohm resistors which offers adequate current to give a clear indication.

In the code provided below the login credentials for your personal wifi router have to be setup. The flashy light sequence "Das blinken das lichtes| shows during startup if everything goes well. The following startup stages are implemented for diagnostics

Eventualy the Space indicator should show eighter Green for OPEN or Red for closed. If there is a problem in requesting the actual space state, the indicator shows Yellow. And it will remain dark if the server could not be connected.

The SpaceState is requested each 15 seconds, indicated by a show blue flash on the indicator

You can copy the code into a Arduino sketch Select for the board LOLIN(WeMos) D1 R1

If you can't find this board in your Arduino IDE most likely your setup has no support for ESP32 yet. In this case click on File->Preferences And add the following line to 'Additional Boards Manager' https://arduino.esp8266.com/stable/package_esp8266com_index.json

Then tools->Board->Board manager And perform a update. Afther this, you'd select the WeMos board and compile the sketch

// Title:       SpaceStateIndicator.ini
// Function:    Arduino Space State indicator for home
// Author:      CoolePascal (C) 2022 Common Licence dinges

// Board:       WeMos D1 R1
// Port:        ..
// CPU:         ESP-8266 (Warning, Select WeMos Board !)
// Programmer:  Arduino Gemma or WeMos D1

const char *ssid       = "YourWifiRouter";
const char *passwd     = "YourWifiPassword";

const char *host       = "ackspace.nl";
const int   port       = 443;
const char* streamId   = "....................";
const char* privateKey = "....................";

#define ACQUIRE_REPEAT_DELAY 15000
#define ACQUIRE_FLASH_DELAY  100

#define LEDR      D13
#define LEDG      D12
#define LEDB      D7
#define BELL      D8

#define OFF        0
#define LED_RED    1
#define LED_GREEN  2
#define LED_BLUE   4
#define LED_YELLOW 3
#define LED_BELL   8

#define SPACE_ACQUIRE   LED_BLUE
#define SPACE_OPEN      LED_GREEN
#define SPACE_CLOSED    LED_RED
#define SPACE_UNKNOWN   LED_YELLOW

#include <ESP8266WiFi.h>

// Set multi color led
void set_RGB(int rgb)
{
    digitalWrite(LEDR, (rgb&LED_RED)==LED_RED);
    digitalWrite(LEDG, (rgb&LED_GREEN)==LED_GREEN);
    digitalWrite(LEDB, (rgb&LED_BLUE)==LED_BLUE);
    digitalWrite(BELL, (rgb&LED_BELL)==LED_BELL);
}

// Dim the LED, flash once BLUE, then flash RED n times
void Signal(int n)
{
    int t=250;
    set_RGB(OFF);
    delay(t);
    set_RGB(LED_BLUE);
    delay(t);
    for(int i=0;i<n;i++)
    {
       set_RGB(OFF);
       delay(t);
       set_RGB(LED_RED);
       delay(t);
    }
    set_RGB(OFF);
}

// Hardware test
void hw_test()
{
     int t=750;
     set_RGB(LED_RED);
     delay(t);
     set_RGB(LED_GREEN);
     delay(t);
     set_RGB(LED_BLUE);
     delay(t);
     set_RGB(LED_YELLOW);
     delay(t);
     set_RGB(LED_BELL);
     delay(t);
     set_RGB(OFF);
     delay(t);     
}

// Initialize ports and Wifi connection
void setup()
{
    int l=1;
    
    delay(1000);
    pinMode(LEDR, OUTPUT);
    pinMode(LEDG, OUTPUT);
    pinMode(LEDB, OUTPUT);
    pinMode(BELL, OUTPUT);

    hw_test();

    set_RGB(LED_YELLOW);
    WiFi.mode(WIFI_STA);
    WiFi.begin(ssid, passwd);
    while(WiFi.status() != WL_CONNECTED)
    {
        if(l)
           set_RGB(LED_RED);
        else
           set_RGB(LED_BLUE);
        l=l==0;
        delay(300);   
    }
    set_RGB(LED_YELLOW);
}

// Main loop
void loop()
{    
    static int spacestate;
    static int spaceopen=0;
    int chime=0;
    
    WiFiClientSecure client;
    int clientresult=0;

    // Startup, try to connect
    if(client.connect(host, port))
    {
        unsigned long timeout = millis();

        String url = "/spaceAPI/";

        // Connected to server
        set_RGB(SPACE_ACQUIRE | spacestate);
        delay(ACQUIRE_FLASH_DELAY);

        client.print(String("GET ") 
                     + url + " "
                     + "HTTP/1.1\r\n" 
                     + "Host: " + host + "\r\n"
                     + "Connection: close\r\n\r\n");

        while(!clientresult)
        {             
            if(client.available() == 0)
            {
                if(millis() - timeout > 5000)
                {
                    clientresult=-1;
                    // Server connect timeout
                    Signal(8);
                }    
            }
            else
            {
                clientresult=1;
                spacestate=SPACE_UNKNOWN;
            }                 
        }

        // If connected to server
        if(clientresult==1)
        {
            // Read lines from page until done
            while(client.available()>0)
            {
                String line = client.readStringUntil('\n');
                int l = line.indexOf("\"state\":");
                if(l!=-1)
                {
                    if(line.indexOf("\"open\":true")>l)
                    {
                        spacestate = SPACE_OPEN;
                        if(!spaceopen)
                           chime=1;
                        spaceopen = 1;
                    }
                    else if(line.indexOf("\"open\":false")>l)
                    {
                        spacestate = SPACE_CLOSED;
                        spaceopen = 0;
                    } 
                }                
            }
        }    
        client.stop();
    }
    else
    {
       spacestate=OFF;
       BlinkError();
    }
    if(chime)
    {
        set_RGB(spacestate|LED_BELL);
        delay(100); 
    } 
    set_RGB(spacestate);
    delay(ACQUIRE_REPEAT_DELAY);   
}

MQTT

synopsis

Read sensors and do some space automation using the Message Queuing Telemetry Transport protocol.

Currently, you can see the solder table powerstrip connected in the power graph.

current status

The MQTT server can be found at 192.168.1.42, via the regular port (1883) as well as the TLS port (8883) and secure websockets at port 443 (subject to change). To connect securely, use the certificate authority chain

There is a sonoff Pow wifi switch in the space, (not yet) connected to a powerstrip near the soldering table (in a brown plastic case with a toggle switch on top of it).

The idea is to gradually add them to every power strip so we can:

1. measure (over)current
2. switch them off centrally if the space is closed (or notify the user that they are still on, for example, 3D printers).

It currently runs a modified version of the famous Tasmota firmware (the modification allows dangerous GPIO whist using the energy measurement).

NOTE: the switch is built in a box with an external toggle switch. This switch has potentially 240v on its contacts so don't open it and touch the contacts when it is plugged in! Also don't connect both serial and mains; things will break.

You can toggle it via wifi on h1r-2067.lan (subject to change), or by issuing a mosquitto_pub -L 'mqtt://username:password@192.168.1.42/ackspace/hackspace/h1r/cmnd/POWER' -m 'TOGGLE'

Read it's status by subscribing to the sensor topics: mosquitto_sub -L mqtt://ackspace:ackspace@192.168.1.42/+/+/+/tele/SENSOR Install mosquitto-clients to start experimenting. If you run into problems or find something interesting/broken, let xopr know.

topics

The proposed topic hierarchy is as followed: [base]/[room]/[device]/[prefix]/[type] Where both [prefix] and [type] come from Tasmota's topic definition (tele stat cmnd and SENSOR STATE RESULT POWER LWT respectively). Try to use all-lowercase names (with an exception of the last bit, often in CAPS),

At least ackspace, common, outside and services are supported as base. Services are a bit special; choose a category for room (i.e. voip) and an identifiable name for device (i.e. freeswitch); see the extra examples list of topics further below.

In the future, we can extend this to support something like offsite and the names of participants.

Since ACKspace doesn't have rooms at different levels, the second hierarchy level consist of the room, like slackspace, hackspace and stackspace. device is the name of the device (similar as Tasmota's %topic%) like spacestate, temperature, hackswitch or fluorescent1.

At least the following topics will be implemented first:

• ackspace/hackspace/spacestate/stat/RESULT (json power state)
  • ackspace/hackspace/spacestate/stat/POWER1 (string power state)
  • ackspace/hackspace/spacestate/tele/STATE (json state at interval)
• ackspace/hackspace/temperature/tele/SENSOR (json telemetry data)
• outside/courtyard/barbecue/tele/SENSOR (json telemetry data)

Extra examples:

• services/voip/freeswitch/tele/STATE (FreeSWITCH specific data, like caller id)
• services/network/bandwidth/tele/SENSOR (Current network bandwidth usage)
• offsite/xopr/whatever/topic/he/pleases (details might be negotiated for ease of use)

server setup

allow_anonymous false
password_file /etc/mosquitto/passwd
acl_file /etc/mosquitto/acls

listener 1883
protocol mqtt

listener 8883
protocol mqtt
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key

listener 443
protocol websockets
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key

user spacestate
topic write ackspace/+/spacestate/#

user temperature
topic write ackspace/+/temperature/#
topic write +/+/barbecue/#

user hackspace
topic write ackspace/hackspace/#
topic deny ackspace/+/spacestate/#

user slackspace
topic write ackspace/slackspace/#
topic deny ackspace/+/spacestate/#

user stackspace
topic write ackspace/stackspace/#
topic deny ackspace/+/spacestate/#

user myservice
topic write services/category/myservice/#

user ackspace
topic read #

Passwords are generated with: sudo mosquitto_passwd /etc/mosquitto/passwd [user]

todo

• add MOAR sensors (upgrade the current temperature sensors)
• MOAR sonoffs

  Telephone system:Number lookup

This script uses mod_cidlookup combined with a custom php page. It tests the number against a SQLite database, several reversed number lookup websites, the national telecommunications authority database and a coarse array of areas of the world, which are called in order of granularity. The script can be called both on outgoing and incoming calls

Telephone System

Create and/or implement a telephone communication system for fun and automation. It can provide conference and congress rooms, quickly notify if the space is closed and provide a quick and cheap way of communication.

2ABU6-G1

A.K.A. Minew, MS93MFZ_V1.0, MS93MF6_V1.2, MT7628, Thingoo, 2ABU6-G1 Thanks to Monadnock for a lot of the pin labels

snippets

play with the LEDs

kill the pubmsg service

kill -9 `ps w|grep watchdog_loop|grep -v grep|awk '{ print $1 }'`
kill -9 `ps w|grep autopubmsg|grep -v grep|awk '{ print $1 }'`
killall -9 pubmsg

Random color animation:

while true; do head -c96 /dev/urandom > /dev/ws2812 ; usleep 50000; done

Draw a (bad) VU meter:

echo -en '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\x00\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\xff\x00\xff\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' > /dev/ws2812

or use a custom built File:Fartnet.gz to listen as a fake artnet endpoint (source here) to get this:

connecting UART

New firmware has a script that install openssh-server, so UART is no longer required to get things up and running!

/!\ don't connect PoE and UART, you will fry the main board; there is a 43v difference in ground planes.

use 3.3V logic to be safe

For best results (prevent console glitches and boot loops), disconnect UART V_IN and connect regular (micro) USB power

Run terminal client in 56k 8N1: minicom -D/dev/ttyUSB0 -b57600 -o And make sure Hardware Flow Control is off: Ctrl+a, o, choose Serial port setup, f

install secure shell daemon

Connect to Minew AP (wifi).

Login with default credentials, if it doesn't work; hold reset pin atleast 30 seconds while booting device.

Update firmware (see below).

Configure Minew to use your network with wifi or ethernet in the Network tab.

Take note of IP address in Status tab.

Disconnect from Minew AP.

Visit http://thingoo/cgi-bin/installssh (you might need to fill in its IP address).

After it is installed you should be able to SSH to the device!

gain root access by #updating firmware and run the following:

opkg update
opkg install openssh-server
vi /etc/ssh/sshd_config

/etc/init.d/sshd restart

updating firmware

The current version at the time of writing is v3.2.2

• login to the router (http)
• go to tab Other (the last tab)
• scroll to FIRMWARE UPGRADE
  • either choose USB and put the firmware as thingoo-upgrade.bin on the root of a USB stick (case sensitive)
  • or choose put the firmware on a (local) webserver and fill in its URL (root:kakhoofd). Case sensitive: chances are, you have to rename the file thingoo-upgrade.bin!

root password

The password as of yet is unknown (you can flash other firmware with a known/empty password so no real problem).

The shadow hash is $1$Sevciuy0$CRuXyRAOWeathkwz1T00I1 (md5crypt) and is not in the 13GB Rocktastic12a password list, nor is it found by hashcat -O -a 3 -m 500 hash.txt -1 ?l?u?d ?1?1?1?1?1?1?1 --increment, which means, it either consists of punctuation marks/spaces (?s), or is 8 bytes long or longer, which the latter would take roughly a week on 8 × RTX3090s to verify.

troubleshooting

ModemManager

Some Linux distro's hijack the serial port for modem usage; when you're experiencing problems, try and disable the ModemManager service:

systemctl disable ModemManager.service
systemctl stop ModemManager.service

Hardware flow control

If your serial is working intermittently, make sure Hardware flow control is off; for minicom it's: Ctrl+a, o, choose Serial port setup, f

If your terminal glitches or if you have boot loops, make sure you have a proper power supply and don't mix several supplies (i.e. PoE, USB, UART)

pins and connectors

J1

SoM row near the UART (J8) header

1. USB D-
2. USB D+
3. GND
4. SD_D2 (MDI_TN_P4)
5. SD_D3 (MDI_TP_P4)
6. SD_CMD (MDI_RN_P4)
7. SD_CLK (MDI_RP_P4)
8. SD_CD (MDI_TN_P3)
9. SD_WP (MDI_TP_P3)
10. SD_D0 (MDI_RN_P3)
11. SD_D1 (MDI_RP_P3)
12. ETH TXON0 (MDI_TN_P0)
13. ETH TXOP0 (MDI_TP_P0)
14. ETH RXIN0 (MDI_RN_P0)
15. ETH RXIP0 (MDI_RP_P0)
16. GND
17. UART_RXD0 (GPIO#13)
18. UART_TXD0 (GPIO#12)
19. PWM_CH0 (GPIO#11, testpoint T11)

J1

SoM row near the SD card slot

1. I2C_SD (GPIO#5)
2. I2C_SCLK (GPIO#4)
3. I2S_CLK (GPIO#3)
4. I2S_WS (GPIO#2)
5. I2S_DO (GPIO#1)
6. I2S_DI (GPIO#0)
7. GND
8. UART_RXD1 (GPIO#46)
9. UART_TXD1 (GPIO#45)
10. WLED_N (GPIO#44)
11. LINK0 LED1 (GPIO43, active high)
12. LINK3
13. LINK4
14. WPS_RES_PBC
15. REF_CLKO (GPIO#38)
16. GND
17. GND
18. VDD (3.5v, testpoint T2)
19. VDD (3.5v, testpoint T2)

J8

UART, presumably 3.3v

1. Vin (tied to U10-8, EML3276 near SW2, also to testpoint DC4.5V=T20 via switch J13 in on-position)
2. RxD
3. TxD
4. GND

J12

related to nRF52

1. GND
2. V (3.3v, same potential as T23)
3. D ?
4. C ?
5. Reset?

CON1

IPEX/UFL for Bluetooth, connected to the middle antenna

CON2

Ribbon connector to WS2812 LEDs, flip up to release

notes

Power (over Ethernet) compatibility:
barrel plug: none 5V

Note: has a micro USB connector

also see

• product page
• Monadnock consultancy community blog
• FCC entry
• reference designs compared to the FCC internal pictures and Monadnock's pinout

Portable electronics workbench

Project: Main Page
Featured:	Yes
State	Completed
Members	Xopr
GitHub	No GitHub project defined. Add your project here.
Description	Workbench on-the-go
Picture

This project page is more of a reference to xopr's notes: About 4-4.5 years ago I needed to take measures to turn my guest bedroom/workshop/storage into a babyroom. To still be able to do some tinkering, I've decided to create a portable electronics workbench with small and fairly cheap tools:

• 170W laptop power brick
• DSO138 oscilloscope
• DPS3005 30V 5A lab power supply
• TS100 soldering iron
• multimeter
• some banana plug cables
• box with electronic hardware and dev boards
• various pliers and screwdrivers
• locks and handlebar from an old hardware case from back when it was popular to walk around with a desktop-pc-in-suitcase

I've designed the bench using Sketchup with 9mm MDF walls in mind.

• 

  Layout with measurements: blue is base, green is sliding top

• 

  Closed bench

• 

  Opened bench

The model I've created to derive the measurements from is here (zip)

notes

• the design is derived from measurements of the plastic compartment box on the back, the laptop PSU, multimeter and tools I had at hand or found useful
• everything that needed to be bolted down has been done with countersunk bolts to prevent obstruction or scratching the underlaying surface
• the "rubber" band that holds the tools and storage box came from a fabric or textile shop and is stapled onto the wood
• the left door has to close before the right, and will be held in place by the work area which in place is held closed by the lid of the sliding mechanism.
• when the sliding part is pulled out, it can rest on top of the base by placing it a bit forward (on the thicker walls that provide the sliding mechanism in the first place)
• paint MDF; use a lot of paint to reinforce the material since (hardware store quality) MDF is really soft. Note that you might have to accommodate for the thickness of the paint layer
• it actually might be way better/stronger to use 9mm triplex/multiplex
• keep the saw blade thickness in mind when slicing up the wood
• note that there is no storage room underneath the sliding part (a couple of sheets of instructions at most)
• the bench is designed with compactness in mind; it takes some time and effort to set it up and tear it down so it's not a "quick bench"

Visiting address:

ACKspace

Kloosterweg 1

6412 CN Heerlen

IRC:ircs://irc.libera.chat:6697/ACKspace

Mail: see the communication page

Telephone:+31-45-71-12345

(refresh table)