2012年11月30日 星期五

Pre-Alpha 0.2 Ubuntu Linux for UG802 and MK802 III

From:http://www.slatedroid.com/topic/41453-pre-alpha-02-ubuntu-linux-for-ug802-and-mk802-iii/

Title says it all. No hand holding at this stage as this is really for people who know what they are doing. In a few days I'll post a proper Alpha with more/some support!
Folks, I can't stress this enough: these pre-Alpha releases are only for people who have already cross-compiled the Linux kernel for an ARM device and are used to having things not working out-of-the box.
And no, it won't play movies nor will it run XBMC at this stage, and you can't play any games with it yet (no OpenGL support).

Present version is pre-Alpha 0.2

Download links:

Two parts

The kernel
ug802recovkernel.img (<10mb nbsp="nbsp" span="span">https://docs.google....ZjUwNzFjZ1lqMTg
The armhf Ubuntu 12.10 root filesystem
linuxroot.tar.gz (<1gb nbsp="nbsp" span="span">https://docs.google....UnM4RlllWGpScXc

(the Ubuntu rootfs includes the kernel source for the RK3066 kernel, that's why it's so big)

PLEASE MIRROR THESE FILES AND POST A LINK BELOW!

Requirements:

To install:
- Rooted Android stick and SuperUser.apk installed.
- Terminal emulator in Android.
- microSD card (4GB, 8GB or 16GB) or USB key.
- A Windows/Linux PC.
- RKAndroidTool v1.35 (Windows program to flash RK3066 devices).

If you have installed a Finless Android ROM on your Android stick using the Flash method then you already have everything you need to proceed with the installation.

The zip file that includes Bob's ROM also has the RKAndroidTools v1.35 and full, detailed installation instructions, so please get it!

To use Linux you'll probably need:
- USB 2.0 hub
- USB keyboard and mouse.
- HDMI monitor (Full HD capable i.e. 1920x1080@60Hz).
- An inexpensive USB WiFi b/g/n or Ethernet 10/100 adapter dongle.

Kernel Installation
(there are many ways to do this, here is a simple one that should take less than a minute)
- Install RKAndroidTools v1.35 on your Windows PC.
- Download the kernel.img file to your Windows PC. Rename it recovery.img.
- Connect Android stick to your PC and run RKAndroidTool v1.35.
- Open the terminal emulator and "su", then "reboot bootloader"
- RKAndroidTool should now detect Android stick.
- Flash only the new recovery.img to the recovery partition in the NAND. This takes 5 or 6 seconds, and your Android stick will immediately reboot into Android. THIS IS NORMAL.

Now that you have installed the Linux kernel in the recovery partition of your Android stick, you can dual boot Android or Linux.

To boot Linux, boot into Android, open the terminal emulator and "su", then "reboot recovery".

Notes:
* There is only one user defined: user ubuntu password ubuntu. Needless to say, change the password ASAP!
* The kernel config is available in /boot and also in /proc/config.gz.
* The kernel source is in the home directory of user ubuntu.
* And you have the nbench benchmark in /root.

Rootfs Installation
(again there are many ways to do this, here is a simple one)
Requires a Linux PC.
If you don't have a Linux PC, you can use the GParted LiveCD: http://gparted.sourc....net/livecd.php

1. Use GParted to create an ext4 partition of at least 4GB on a USB key or a microSD card. Label the partition linuxroot.

2. As root, extract the tarball, and copy (using cp -a) all the files in the extracted directory to the partition labeled linuxroot. This will create a Ubuntu root filesystem on the USB key or microSD card with all the proper permissions.

Changelog

- pre-Alpha 0.1: Initial release, requires microSD card.
- pre-Alpha 0.2: Simplified boot requirements. Can now boot from a root partition labeled linuxroot on any mass storage device accessible at boot time e.g. a 4GB USB key, a 8GB SD card in USB card reader plugged into the USB hub, or a microSD card in the microSD card slot. Should even boot from a USB hard disk, but haven't tested this. 

2012年11月14日 星期三

Captive Portal Using PHP and iptables Firewall on Linux


from:http://www.frozentux.net/documents/iptables-tutorial/all-old-domains-moved/

This experiment will show you, how to build a simple captive portal using PHP and iptables on Linux Ubuntu.
Most linux commands used in this experiment are suitable for Debian based Linux (just like what I use in this experiment, Ubuntu Linux). Some of them may have slight differences to be implemented on any other non-Debian-based Linux distros such as Centos, RHEL, or OpenSUSE.
Warning! I'm not responsible for any damages to your computer and/or your computer network configuration that caused by following this experiment. Do this AT YOUR OWN RISK! Use this article as educational and/or experimental purpose only. This articles is not intended for production use nor public use. But if you found any information in this article is useful, I will be very grateful.
First, here the basic concepts on how the captive portal works:
  1. Every user which is connected to the wireless hotspot are connected to the internet through a gateway.
  2. The gateway itself acts as a router and a firewall (and probably also acts as a portal webserver just like in this experiment).
  3. Every HTTP data packet destined to the internet from unauthenticated users are "marked" with a special code by the firewall so it can be intercepted (redirected) to the portal webserver.
  4. Portal webserver serves an authentication web page to the user transparently and identify the computer used by them.
  5. The user accept/authenticates themself with the webserver so their computer identity (in this case their network interface MAC address) are being entered into firewall's whitelist.
  6. As long as user's network interfaces are inside the firewall's whitelist, packets sent from them are not marked for intercepting. The packets are then forwarded by the router to the internet without being intercepted again to the web portal.
In this experiment I uses:
  • An Ubuntu 10.10 x86 Desktop Linux box. I prefer GUI while experimenting rather than a single workspace on Ubuntu Server.
  • Dual Core Intel CPU with 2GB of RAM.
  • Two network interfaces, one for the main internet connection, and one for the public accessible hotspot. Yes, you need at least two network interfaces to do this experiment.
  • The software itself for building the captive portal:
    • iptables, the common firewall
    • Apache2 web server, with PHP5 installed
    • MySQL server, for managing user credentials (for authenticative portal)
    • dhcp3-server as DHCP server and bind9 as DNS server, so users don't have to configure their computer  network configuration manually when they are connected to the hotspot. But I will not explain about how to configure these servers further.
    • Plus, I uses Panada PHP Framework to make web portal development much easier.
In this point forward, if you're following to practices this articles I assumes that you already have an ubuntu box installed and ready to use and all the required packages as well.

1. Build a linux box router

Configuring the network interfaces
I have two network interfaces, eth0 and eth1. eth0 is connected to the internet, and eth1 is connected to the hotspot access point LAN. I have this configuration on /etc/network/interfaces file:
# file: /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 192.168.3.1
network 192.168.3.0
netmask 255.255.255.0
The eth0 is connected to the internet and it's IP address is assigned by DHCP by the network. You may have to configure it manually if it's IP address is not assigned by DHCP. However the network interface (eth1) which is connected to the hotspot LAN has IP address 192.168.3.1 on 192.168.3.0/24 network. This will be going to be the portal IP Address and acts as user's gateway IP address.
You may edit the /etc/network/interfaces file by using nano or vi from command line as root. Change your network configuration to match your network settings, save the file and restart the networking services by issuing the following command to apply changes:
$ sudo /etc/init.d/networking restart
Enable IP forwarding (routing) on Linux Ubuntu so every packets from the hotspot are forwarded to the internet
Enable the IPv4 packet forwarding by uncommenting the following line on /etc/sysctl.conf file
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Masquerade any incoming packet on the firewall, using the following command:
$ sudo iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
At this point, any other computer connected to the hotspot (eth1) which is using your computer as gateway (192.168.3.1) are able to connect to the internet through your computer internet connection (eth0).

2. Build a (captive) portal

Capturing user IP and MAC address
a "splash" page is used for capturing the user IP and MAC address and display the page to user when they were redirected to this page by the portal system.
Here's an example on how to capture user's IP and MAC address using PHP:


From the example above, user's IP and MAC address are stored in variables $ip and $mac respectively. For getting their MAC address, we uses 'sudo /usr/sbin/arp -an' command. Please note that for this command to work, the linux user 'www-data' (default user for Apache webserver daemon') must be in the sudoers file.
Add www-data as sudoers in linux box
First, you have to be root to add user as sudoers. Execute this command:
$ sudo visudo
Then add the following line at the bottom of the file, so that www-data user can execute arp command without entering a password
www-data ALL=NOPASSWD: /usr/sbin/arp
Save the file.
Create a simple HTML form for user to submit (and agree the portal Terms of Service if any).
Here's an example of the form in PHP:
User's IP and MAC address are embedded in the form as hidden field for further processing in the firewall. Save the file with name index.php in the document root directory of your web portal. So now it's accessible from a web browser. Try http://localhost or http://192.168.3.1 from your linux box web browser to test the portal page as we will redirect user to this address.
Redirecting every "unknown user" HTTP traffic to the "splash" portal
I uses a similiar logic as explained by Andy Bev in his wiki but with some little differences. Here's the command on how to redirect every HTTP traffic to portal using iptables. PLease note that you have to be root in order to be able to modify the iptables table.
1. Create a new chain named 'internet' in mangle table with this command
sudo iptables -t mangle -N internet
2. Send all HTTP traffic from eth1 to the newly created chain for further processing
sudo iptables -t mangle -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j internet
3. Mark all traffic from internet chain with 99
sudo iptables -t mangle -A internet -j MARK --set-mark 99
4. Redirect all marked traffic to the portal 
sudo iptables -t nat -A PREROUTING -i eth1 -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination 192.168.3.1
OK from now on, every HTTP request from eth1 will be redirected to the portal page.
Bypass firewall redirection rules when users submit themself from the splash page
When user click the submit button from the portal splash page, their IP and MAC address will be submitted to the process.php file. In this file their MAC address will be "entered" into iptables firewall so that they won't be redirected to the portal splash page anymore. The logic is, executing the following command from PHP (process.php) so that the redirection logic in the firewall will be bypassed:
sudo iptables -t mangle -I internet 1 -m mac --mac-source USER-MAC-ADDRESS-HERE -j RETURN
And remove their "redirection" connection track. How? From Andy Bev wiki, we can do that with a simple script.
Create an executable file /usr/bin/rmtrack and put the following code inside
/usr/sbin/conntrack -L \
    |grep $1 \
    |grep ESTAB \
    |grep 'dport=80' \
    |awk \
        "{ system(\"conntrack -D --orig-src $1 --orig-dst \" \
            substr(\$6,5) \" -p tcp --orig-port-src \" substr(\$7,7) \" \
            --orig-port-dst 80\"); }"
Change the file permission to 755 or 700 for better safety with the following command:
$ chmod 755 /usr/bin/rmtrack
With those rmtrack, we can remove user's connection track with the following command
$ sudo rmtrack USER_IP_ADDRESS
Here's an example of process.php file:
Don't forget to add the following line to the sudoers file so that the iptables and rmtrack command can be executed by the web server:
www-data ALL=NOPASSWD: /sbin/iptables
www-data ALL=NOPASSWD: /usr/bin/rmtrack [0-9]*.[0-9]*.[0-9]*.[0-9]*
After the user had been logged in, they won't be redirected to the portal again because of the iptables bypassing rules command. That's it! Congratulations, A (very simple) captive portal using PHP and iptables has been successfully created.
How to remove the user from the iptables bypassing rules so that they have to be authenticated again?
Here's on how to do it. Delete user's bypassing iptables rules with the following command:
sudo iptables -D internet -t mangle -m mac --mac-source USER_MAC_ADDRESS -j RETURN
and remove their connection track (again):
sudo rmtrack USER_IP_ADDRESS
if you know user's IP address, both command can be easily done by a simple PHP script below:
Save it to a file named kick.php in your web server document root. Get into your web browser and put the following URL to the address bar to kick someone from the iptables bypassing rules:
http://192.168.3.1/kick.php?ip=USER_IP_ADRESS
And you're DONE!
Feel free to modify the code to suit your requirements or asks something you don't understand in making this (very simple) captive portal. I'll try to answer and explain if I able to.

wifidog firewall diagram


2012年11月12日 星期一

MK802 III 簡易root步驟


From:https://www.miniand.com/wiki/MK802+III/Root+in+Detail

What is this document ?

This document describes the method I used to root my MK802 III, written with enough detail that a layman should be able to follow it and root their own MK802 III. I have tried to make the instructions simple enough that you don't have to be an Android developer to complete this. This document does not presume any particular skill set on the part of the rooter. I unsuccessfully tried several other methods to root my MK802 III, before I came across ZhouDaShi. One of the most notable methods that failed was OneClickRoot. OneClickRoot insisted it had rooted the device and asked me to donate to the author. However, OneClickRoot had not actually rooted the MK802 III. OneClickRoot had itself convinced it had rooted the MK802 III, insisting it was already rooted when I tried to use some of it's alternate rooting methods.

What will I need ?

You will need:
  • 1 unrooted MK802 III
  • 1 MK802 III cable set. This includes an HDMI female to male adapter and a USB A to micro USB connector.
  • 1 Windows based PC with an available and fully powered USB bus (Desktop preferred). Most laptops do not provide a full 500 milliamps to the bus. If you only have a laptop available, I would advise using a powered USB hub for this process. The USB bus will have to completely power up the MK802 III.
  • 1 Monitor with HDMI input
  • 1 mouse, wired or wireless.

Step by Step Process

A. Download the Chinese android hacking program called ZhuoDaShi from HERE. Note: This program's user interface is pretty much all in Chinese, except for the word ROOT, which appears on some dialogs. Install the program on your Windows based PC (Note: On most of the install dialogs, you will want to click the button with the text (B) after the chinese characters. The two exceptions are the license agreement, where you must click the top radio button, then click the button with a (B) and the final dialog, where you must click the button with an (I) after the chinese characters). ZhuoDaShi will launch automatically once it installs.
B. Arrange all items in the What will I need list above in close proximity to your Windows PC. C. Connect the USB mouse or wireless dongle to the full sized USB port on the MK802 III. D. Connect one end of the HDMI adapter into the MK802 III and the other end into an HDMI input on your monitor. E. Connect the micro usb side of the MK802 III power connector to the MK802 III and the other end into a fully powered USB bus port on the PC. This will power up the MK802 III. F. Bring the ZhuoDaShi program to the foreground on your windows PC. The screen should look like this: ZhouDaShiInitialScreen Since ZhuoDaShi did not initially detect a connected Android device, it is in watchdog mode, monitoring your PC's USB bus for signs of an Android device running adb. We need to give it something to find. G. On the MK802 III, go to Settings->DEVICE->USB. To the right, you should see the text Connect to PC followed by a checkbox. Go ahead and check the box. This will automatically turn off WiFi on the MK802 III and start up the adb daemon on the USB bus. It will also start enumerating several file shares over the USB bus-1 for the SDCARD share which is actually a NAND partition on the MK802 III, one for the MicroSD media, if present, and one for each external share configured on the MK802 III. Windows may detect these shares and automatically install drivers to support them. ZhuoDaShi should now detect the MK802 III and display the following dialog: ZhouDaShiDetectedDevice H. Click in the area I have circled in purple. You are telling ZhuoDaShi to root the device. ZhuoDaShi will launch the following dialog as it runs the rooting script on the MK802 III using adb. ZhouDaShiAfterRooting Once ZhuoDaShi has successfully rooted the MK802 III, the indicator will change color to green to indicate it has successfully rooted the device. I. On the MK802 III, go to Settings->DEVICE->USB. Uncheck the box to the right of Connect to PC. If WiFi does not automatically turn on, then turn it on yourself. Once you have an internet connection established, proceed to the next step. J. Launch Google Play on the MK802 III and search for superuser. Select the Superuser app by ChainsDD (a free app) and install it. Once it has installed, search for busybox. Select the BusyBox Installer by JRummy Apps Inc (also a free app) and install it. K. Now run the Busybox Installer. The Busybox Installer will automatically select the most recent version of busybox available. However, on the second drop down dialog, where it asks you to Select install location, you will need to click on the drop down arrow and select /system/bin. Now click the install button and let it install. Note that if you ever run the Busybox installer, you will need to select the /system/bin folder as the install location. L. Congratulations !! Your MK802 III is now rooted and has the latest versions of superuser and busybox installed.
Note: I have tried to make this as accurate as possible, but I created most of this document from memory and it is very possible some steps may not be 100% accurate. I would appreciate any feedback from from anyone following this guide, so I can make it better. Thanks, TecKnight

2012年11月8日 星期四

UG802 解磚(unbrick)

解磚步驟其實很簡單 只要把外殼打開,可看到下面的圖



 在NAND Flash 旁的紅色圈圈內,把兩個接點暫時短路,然後接上USB.即可切換到flash mode.

之後再透過Flash tool直接去重刷image即可

------------------------------------------------------------------------------------------------------------
The method below may break your UG802's case and or destroy your device. Use at your own risk. We are not responsible if you hurt yourself or your device.
Tossible to recover from a boot loop by opening your UG802 and shorting 2 pads located near the NAND chip.

If rooted make sure that you uninstall the UG802 adb drivers.
Make sure that your UG802 is unplugged. 

1)Download Rockchip Batch Tools v1.5 and extract. Also download and extract the firmware you wish to put on your device.

2) Open your UG802 with a case opening tool or guitar pick. Be careful not to break your clips.

3) Locate your NAND chip and the 2 pads next to it. See pic above.


4)Short the pads while plugging the UG802 into your computer. Windows will detect a new device.

5) Widows will search for drivers and probably won't find any. You may have to open control panel --> device manager, right click on unknown device, and choose update driver. Install the windows drivers located in the Rockchip Batch Tool folder. If successful you will see a new device listed as RK30sdk. 

6)Start Rockchip Batch Tool v1.5 . Select your firmware "update.img" and choose "Restore". You could also choose Update which would format data and user.
7)When complete the status window will reflect Restore Done Success<1> Fail<0> This means that it finished properly.his method is a work in progress. We are hoping the manufacturer will provide us with a better option


Ref:http://www.armtvtech.com/armtvtechforum/viewtopic.php?f=12&t=13

Linux for MK802 安裝步驟 (Allwinner A10 CPU 不適用 RK3066)



請準備一張  8GB的 Micro SD card (建議可用Sandisk Class 4)

下載: Linux Image

Windows 用戶

1.將下載的Linux Image 用 7-zip 解開

2.插入你的SD card

3.用image writer把解開的image檔寫到你的SD card

4.退出你的SD卡 並放到你的 MK802/UG802/MK808上後開機

5.約30秒後就可以看到登入畫面了

6.預設登入帳號密碼為 miniand

DNSSEC安全技術簡介 作者:游子興 / 臺灣大學計算機及資訊網路中心網路組約聘幹事 DNS 是一套已經廣泛使用的Internet 服務,但因先天的技術限制導致容易成為駭客攻擊的目標。本文主要在介紹DNSSEC 之緣起與技術背景,及其使用的加解密技術如何確保資料的完整...