Information wants to be free...

OpenVPN Setup for Android

There are probably many ways to do this, but this is what worked for me in the end, after several trials and errors. I ended up making a "standalone" server solution based on running in GNU Screen to avoid messing too much with my existing server.

I started by downloading the EasyRSA scripts to help generating certificates and such. Then ran the following commands:

./easyrsa init-pki
./easyrsa build-ca
./easyrsa build-server-full server
./easyrsa build-client-full client
./easyrsa gen-dh
          

You will have to enter a CA key passphrase and PEM passphrase, keep those for later.

Once the files are created, copy them into a new location where everything will be stored, in my case the "openvpn" directory under my home directory:

mkdir ~/openvpn
cp pki/ca.crt ~/openvpn/
cp pki/dh.pem ~/openvpn/
cp pki/issued/client.crt ~/openvpn/
cp pki/issued/server.crt ~/openvpn/
cp pki/private/ca.key ~/openvpn/
cp pki/private/client.key ~/openvpn/
cp pki/private/server.key ~/openvpn/
          


The OpenVPN server configuration file must be created manually, at ~/openvpn/server.cfg with the following contents:

ca ca.crt
cert server.crt
key server.key
dh dh.pem
dev tun
ifconfig 10.8.0.1 10.8.0.2
tls-server
port 1194
proto udp
comp-lzo
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "ifconfig 10.8.0.2 10.8.0.1"
mode server
verb 4
client-config-dir ccd
          


Create a new directory "ccd" under the directory structure and create the file ~/openvpn/ccd/client with the following single line:

iroute 10.8.0.0 255.255.255.0
          


To be able to start things easily and open the necessary parts of the firewall a script like this can be used, placed at ~/openvpn/start.sh:

#!/bin/sh
screen -S openvpn -d -m sudo openvpn server.cfg

sudo iptables -A INPUT -p udp --dport 1194 -i eth0 -j ACCEPT
sudo iptables -A INPUT -i tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -d 10.8.0.0/255.255.255.0 -j ACCEPT
          

This particular server already has iptables setup for NAT and such, so that is not present in this configuration.

Finally, the Android OpenVPN application requires a matching "ovpn" file with the client configuration. I had to make this one by manually looking something like this:

client
dev tun                             
proto udp
remote my.openvpn.server.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
<cert>
-----BEGIN CERTIFICATE-----
<contents of client.crt file>
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
<contents of client.key file>
-----END ENCRYPTED PRIVATE KEY-----
</key>
<ca>
-----BEGIN CERTIFICATE-----
<contents of ca.crt file>
-----END CERTIFICATE-----
</ca>
          


Topic: Configuration, by Kjetil @ 18/08-2019, Article Link

Commodore 64 Game Cheats

I recently tried out the same tricks from my older article about DOS games, but for a Commodore 64 game instead. This time using the VICE emulator for Blagger by Alligata, a game I could never finish as a kid.

I present some of the steps I used to create the "cheat" patch for infinite lives.
1) Start the game (should start with 5 lives) and go into the VICE monitor.
2) Dump the memory and state of the C64 with the "dump" command.
3) Continue the game, and just loose 1 life.
4) Re-enter the monitor and dump the memory and state again with the "dump" command.
5) Convert the dumps to hex and do a diff on them, to see what has changed. It may take a while to find what you are looking for, which may require additional dumps.
Eventually I found this suspicious memory area, where two values were decremented twice:

101c101
< 00000740  20 20 20 20 1e 57 57 1e  57 57 1e 7a 3a 3b 42 43  |    .WW.WW.z:;BC|
---
> 00000740  20 20 20 20 1e 57 57 1e  57 57 1e 7a 3a 3b 44 45  |    .WW.WW.z:;DE|
          

Although this is at address 0x74e and 0x74f in the dump file, the actual memory addresses are 0x6ca and 0x6cb due to the format of the dump.
6) Now, with an address to look at, set a watch point on this in the VICE monitor.
7) Continue the game again and loose another life.
8) The monitor should now stop execution automatically if done correctly. In my case it displayed:

(C:$1102) w $06ca
WATCH: 1  C:$06ca  (Stop on load store)
(C:$1102) x
#1 (Stop on  load 06ca)  076 050
.C:0de6  AE CA 06    LDX $06CA      - A:01 X:44 Y:00 SP:f6 ..-....C  184810550
.C:0de9  CA          DEX            - A:01 X:44 Y:00 SP:f6 ..-....C  184810550
(C:$0de9)
          

This assembly instruction (DEX) means the memory area is being decremented, exactly what we are looking for.
9) After investigation of the assembly code in that area I found two decrement instructions. These could be patched with NOP (No Operation) instructions (6502 machine code 0xEA) from the VICE monitor like so:

(C:$0e0c) > $0de9 ea
(C:$0e0c) > $0dea ea
          

10) Now, when continuing to play the game, any lost life is simply ignored.

To apply a patch like this permanently, do it on the file (in this case a PRG file) instead of directly in memory of course. The code location will be different, so it must be searched for manually.

Topic: Configuration, by Kjetil @ 02/07-2019, Article Link

VPN Through SSH Tunnel

Not just VPN through an SSH tunnel, but also a Wi-Fi hotspot that directs all traffic through it! I needed this to be able to reach the Google Play store on my Android phone in China. I used two WLAN interfaces for this, but it should be possible with one WLAN and one wired connection as well.

VPN through SSH tunnel principle diagram.


Here are the complete steps, with the contents of the files listed after. Many of the commands are started through screen sessions, since they are daemons that will keep running.

First of all, make sure the interface that will be used to connect to the remote SSH server is up and running, then connect to the server and create the SSH tunnel for port 1194, which is used for VPN:

ssh user@your-ssh-server.com -L 127.0.0.1:1194:127.0.0.1:1194
          


One the remote server, enter the following commands:

# Start OpenVPN server:
screen -S openvpn -d -m sudo openvpn server.cfg

# Forward all the traffic from the OpenVPN tunnel interface:
sudo iptables -A INPUT -i tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -d 10.8.0.0/255.255.255.0 -j ACCEPT

# Enable IP forwarding on server:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
          


Back on the local machine, enter the following commands:

# IP address for Wi-Fi hotspot:
sudo ifconfig wlan0 192.168.8.1 netmask 255.255.255.0

# Start DHCP server for Wi-Fi hotspot:
screen -S dnsmasq -d -m sudo dnsmasq --conf-file=dnsmasq.conf --no-daemon

# Start Host-AP deamon:
screen -S hostapd -d -m sudo hostapd hostapd.conf

# Start OpenVPN client:
screen -S openvpn -d -m sudo openvpn client.cfg

# Let the SSH connection bypass the VPN default route:
SSH_IF='wlan1'
SSH_IP=`host your-ssh-server.com | sed -e 's/.*address //'`
GW_IP=`route -n | grep "^0.0.0.0" | grep $SSH_IF | sed -e 's/0.0.0.0 *//' | sed -e 's/ .*//'`
sudo route add $SSH_IP gw $GW_IP $SSH_IF

# Override the DNS resolver:
sudo cp resolv.conf /etc/resolv.conf

# Enable IP forwarding on local machine:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

# Enable NATing through the tunnel interface from the Wi-Fi hotspot:
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
          


That should be it, now the phone can connect to the local Wi-Fi hotspot and reach the Internet through the remote SSH server.

Some useful commands for troubleshooting:

sudo iptables -L -v -n
sudo tcpdump -i tun0
          


OpenVPN client configuration. (client.cfg):

remote 127.0.0.1
proto tcp-client
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key
redirect-gateway local def1
route 192.168.0.0 255.255.255.0
          


OpenVPN server configuration. (server.cfg):

dev tun
local 127.0.0.1
proto tcp-server
ifconfig 10.8.0.1 10.8.0.2
secret static.key
          


New DNS resolver configuration, using the Google DNS. This is important because it could have been set by a local DHCP client to a Chinese DNS resolver. (resolv.conf):

nameserver 8.8.8.8
          


DHCP server configuration. (dnsmasq.conf):

interface=lo,wlan0
no-dhcp-interface=lo
dhcp-range=192.168.8.20,192.168.8.254,255.255.255.0,12h
          


Host-AP Wi-Fi hotspot configuration. These are the more important options, I have excluded lots of others. (hostapd.conf):

interface=wlan0
driver=nl80211
ssid=YourSSID
hw_mode=g
wpa=2
wpa_passphrase=YourPassphrase
wpa_key_mgmt=WPA-PSK WPA-EAP
          


Topic: Configuration, by Kjetil @ 10/06-2018, Article Link

Renesas GCC Toolchains

The gcc-renesas.com webpage has good information on how to build the Renesas RX and RL78 toolchains, but the GCC versions used there are a little outdated. And in addition, some patches are applied.

So instead I tried to build the toolchains from scratch directly from the GNU sources, and also get the benefit of the newer GCC version 7 instead of GCC version 4.

My efforts were successful and I have automated it into a single script. Simply change the TARGET variable to build either RL78 or the RX toolchain. It installs everything into a separate directoy in /opt/ on the filesystem. Take a look:

#!/bin/bash
set -e

TARGET="rl78-elf"
#TARGET="rx-elf"
PREFIX="/opt/gcc-${TARGET}/"

export PATH="${PREFIX}bin:$PATH"

# 1) Prepare build directories:
if [ -d build ]; then
  echo "Old build directory detected, please remove it."
  exit 1
else
  mkdir -p build/autoconf
  mkdir -p build/binutils
  mkdir -p build/gcc
  mkdir -p build/gdb
  mkdir -p build/newlib
fi

# 2) Get sources:
if [ ! -d source ]; then
  mkdir source
  cd source
  wget "https://gnuftp.uib.no/autoconf/autoconf-2.64.tar.bz2"
  wget "https://gnuftp.uib.no/gcc/gcc-7.3.0/gcc-7.3.0.tar.xz"
  wget "https://gnuftp.uib.no/gdb/gdb-8.1.tar.xz"
  wget "https://gnuftp.uib.no/binutils/binutils-2.30.tar.xz"
  wget "ftp://sourceware.org/pub/newlib/newlib-2.5.0.tar.gz"
  tar -xvjf autoconf-2.64.tar.bz2
  tar -xvJf gcc-7.3.0.tar.xz
  tar -xvJf gdb-8.1.tar.xz
  tar -xvJf binutils-2.30.tar.xz
  tar -xvzf newlib-2.5.0.tar.gz
  cd ..
fi

# 3) Build autoconf:
cd build/autoconf
../../source/autoconf-2.64/configure --prefix=$PREFIX
make
sudo make install
cd ..

# 4) Build binutils:
cd binutils
../../source/binutils-2.30/configure --target=$TARGET --prefix=$PREFIX --enable-maintainer-mode --disable-nls --disable-werror
make
sudo make install
cd ..

# 5) Get gcc sources:
if [ ! -d ../source/gcc-7.3.0/gmp ]; then
  cd ../source/gcc-7.3.0
  ./contrib/download_prerequisites
  cd ../../build
fi

# 6) Build gcc (step 1):
cd gcc
../../source/gcc-7.3.0/configure --target=$TARGET --prefix=$PREFIX --enable-languages=c,c++ --disable-shared --with-newlib --enable-lto --disable-libstdcxx-pch --disable-nls --disable-werror
make all-gcc
sudo make install-gcc
cd ..

# 7) Build newlib:
cd newlib
../../source/newlib-2.5.0/configure --target=$TARGET --prefix=$PREFIX --disable-nls
make
sudo make install
cd ..

# 8) Build gdb:
cd gdb
../../source/gdb-8.1/configure --target=$TARGET --prefix=$PREFIX --disable-nls
make
sudo make install
cd ..

# 9) Build gcc (step 2):
cd gcc
make
sudo make install
          


Topic: Configuration, by Kjetil @ 03/03-2018, Article Link

Fluxbox Styles

I almost exclusively use the Fluxbox window manager on my systems. Recently I have looked into how to create custom styles, and have finally been able to boil it down into something that's easy to manage.

Here's a desktop screenshot of a style I made:

Custom Fluxbox Style


But the most interesting part is the trimmed down style file:

*.textColor: #009900
*.color: black
*.focus.color: #009900
*.focus.textColor: black
*.focused.color: #009900
*.focused.textColor: black
*.font: glisp
*.borderWidth: 1
*.borderColor: #009900

menu.bullet: triangle
menu.bullet.position: right
menu.title.color: #009900
menu.title.textColor: black
menu.title.justify: center
menu.frame.color: black
menu.frame.textColor: green
menu.hilite.color: #009900
menu.hilite.textColor: black
menu.frame.disableColor: grey50

window.button.focus.picColor: black
window.button.unfocus.picColor: green

window.*.focus: raised gradient vertical
window.*.focus.colorTo: #00ee00
toolbar.*.focused: raised gradient vertical
toolbar.*.focused.colorTo: #00ee00
menu.title: raised gradient vertical
menu.title.colorTo: #00ee00
          


In the corner of the screenshot you'll also notice conky running. Here is the conkyrc file creating a similar colorscheme to match the Fluxbox style.

alignment top_right
background yes
border_width 1
cpu_avg_samples 2
default_color green
default_outline_color green
default_shade_color green
draw_borders no
draw_graph_borders yes
draw_outline no
draw_shades no
use_xft no
xftfont DejaVu Sans Mono:size=12
gap_x 5
gap_y 5
minimum_size 300 5
net_avg_samples 2
no_buffers yes
out_to_console no
out_to_stderr no
extra_newline no
own_window no
own_window_class Conky
own_window_type desktop
own_window_transparent yes
stippled_borders 0
update_interval 1.0
uppercase no
use_spacer none
show_graph_scale no
show_graph_range no
double_buffer yes

TEXT
${color green4}Uptime:$color $uptime
${color green4}Battery:$color $battery ${battery_bar}
${color green4}RAM Usage:$color $mem/$memmax - $memperc% ${membar 4}
${color green4}CPU \#1:$color ${cpu cpu1}% ${cpubar cpu1 4}
${color green4}CPU \#2:$color ${cpu cpu2}% ${cpubar cpu2 4}
${color green4}CPU \#3:$color ${cpu cpu3}% ${cpubar cpu3 4}
${color green4}CPU \#4:$color ${cpu cpu4}% ${cpubar cpu4 4}
${color green4}Processes:$color $processes  ${color green4}Running:$color $running_processes
${color green4}Wired:$color ${addr eth0}
${color green4}Wireless:$color ${addr wlan0}
          


A final recommendation when using styles like this is to make sure that the "ls" command does not produce garish results. This setting helps:

export LS_COLORS='rs=00:di=01:ln=00:mh=00:pi=01:so=01:do=01:bd=01:cd=01:or=31;01:mi=00:su=00:sg=00:ca=00:tw=00:ow=00:st=00:ex=00:'
          


Topic: Configuration, by Kjetil @ 21/10-2017, Article Link

GR-KURUMI Makefiles for Linux

Here's some follow-up information on the GR-KURUMI microcontroller reference board mentioned in the previous article.

On the official Gadget Renesas pages you can find an online editor and compiler refered to as the "Web Compiler", but in case you want to build the sources on your own Linux box then some more work is required.

First of all, download and build the RL78 GCC toolchain. Follow this advice.

Second, you will need the linker script, crt0 and header files which are specific for the RL78. I got this from the Gadget Renesas Web Compiler by downloading an example project.

Finally, here is an example of a simplified Makefile, based around compiling the source file "led.c" into the binary file "led.bin", which can be flashed:

TOOL_PATH:=/path/to/RL78-Toolchain/prefix/bin

CFLAGS = -c -Os -ffunction-sections -fdata-sections -I. -Icommon
LDFLAGS = -Wl,--gc-sections -nostartfiles

led.bin: led.elf
	$(TOOL_PATH)/rl78-elf-objcopy -O binary $^ $@

led.elf: led.o crt0.o
	$(TOOL_PATH)/rl78-elf-gcc $(LDFLAGS) -T common/rl78_R5F100GJAFB.ld $^ -o $@

crt0.o: common/crt0.S
	$(TOOL_PATH)/rl78-elf-gcc $(CFLAGS) $^ -o $@

led.o: led.c
	$(TOOL_PATH)/rl78-elf-gcc $(CFLAGS) $^ -o $@

.PHONY: clean
clean:
	rm -f *.o *.elf *.bin
          


Here is the led.c example, which I have mostly just copied from the Internet and not written myself:

#include <iodefine.h>
#include <iodefine_ext.h>

#define LED_CYAN_PIN    PM1.BIT.bit7
#define LED_MAGENTA_PIN PM5.BIT.bit1
#define LED_YELLOW_PIN  PM5.BIT.bit0
#define LED_CYAN        P1.BIT.bit7
#define LED_MAGENTA     P5.BIT.bit1
#define LED_YELLOW      P5.BIT.bit0

__attribute__((interrupt))
void wdti_handler(void)
{
}

__attribute__((interrupt))
void it_handler(void)
{   
    LED_CYAN    ^= 1;
    LED_MAGENTA = 0;
    LED_YELLOW  ^= 1;
}

void main(void)
{
  asm("di");

  LED_CYAN_PIN    = 0;
  LED_MAGENTA_PIN = 0;
  LED_YELLOW_PIN  = 0;

  LED_CYAN    = 0;
  LED_MAGENTA = 0;
  LED_YELLOW  = 0;

  /* Setup clocks */                                      
  CMC.cmc = 0x11U; /* Enable XT1, disable X1 */
  CSC.csc = 0x80U; /* Start XT1 */
  CKC.ckc = 0x00U;

  /* Interval timer */
  OSMC.osmc = 0x80U;  /* Supply fsub to Interval Timer */
  RTCEN = 1;
  ITMK  = 1; /* Disable interrupt... */
  ITPR0 = 0; /* High pri... */
  ITPR1 = 0;
  ITMC.itmc = 0x8FFFU; /* 270ms... */
  ITIF = 0; /* interrupt request flag... */
  ITMK = 0; /* Enable interrupt... */

  asm("ei"); /* Enable interrupts */

  for(;;)
  {
    asm("stop"); /* STOP mode. */
  }
}
          


Topic: Configuration, by Kjetil @ 23/09-2017, Article Link

Slackware 14.2 on a USB-stick

It's exactly 10 years since the first post on this website.

Anyway, I discovered that installing Slackware on a USB-stick wasn't as easy as it was last time in 2012, and those instructions are no longer valid for newer versions like 14.2. The main problem is that the kernel no longer contains built-in support for USB mass storage and the extended file systems.

Here are the updated steps:

1. Boot a host machine with the original Slackware DVD.

2. Insert the USB-stick into the host machine and use fdisk to create a large single Linux (0x83) partition on it.

3. Run the Slackware setup program and choose the newly created USB-stick partition as the target, with an ext4 file system.

4. Near the end of the setup process, skip the step involving installation of the LILO boot loader!

5. Unplug the USB-stick and put it into another fully functional Slackware 14.2 box.

6. Mount and chroot into the USB-stick filesystem. (In my case this was at /dev/sdc1 mounted on /mnt/sdc1):

mount /mnt/sdc1
mount -o bind /proc /mnt/sdc1/proc
mount -o bind /sys /mnt/sdc1/sys
mount -o bind /dev /mnt/sdc1/dev
chroot /mnt/sdc1
          


6. Configure and update the Linux kernel, by following these steps:

cd /usr/src/linux
make menuconfig # Do the necessary changes as described below.
make
make modules
make modules_install
make install # Will fail on LILO install, but just ignore this since kernel image is still copied to /boot.
          

In menuconfig, make sure to change these from module to built-in:
* xHCI HCD (USB 3.0) support
* EHCI HCD (USB 2.0) support
* USB Mass Storage support
* Second extended fs support
* The Extended 3 (ext3) filesystem
* The Extended 4 (ext4) filesystem

7. Modify /etc/fstab on the USB-stick and make sure that the root file system uses the correct partition device on the target machine. (e.g. /dev/sdb1)

8. Create the file /boot/extlinux.conf on the USB-stick and input contents similar to this:

default Linux
prompt 1
timeout 100
label Linux
  kernel vmlinuz
  append root=/dev/sdb1 rootwait vga=normal vt.default_utf8=0
          


8. Exit the chroot environment:

exit
umount /mnt/sdc1/proc
umount /mnt/sdc1/sys
umount /mnt/sdc1/dev
          


9. Install the boot loader on the USB-stick with the "extlinux" command like this: "extlinux -i /mnt/sdc1/boot". (Replace /mnt/sdc1 with correct mount point if necessary.)

10. Unmount the USB-stick and overwrite the master boot record on it with a command like this: "cat /usr/share/syslinux/mbr.bin > /dev/sdc". (Replace /dev/sdc with correct device if necessary.)

Topic: Configuration, by Kjetil @ 28/07-2017, Article Link

4096 Byte Sector Mount

Using a large hard disk of over 2TB on a USB enclosure, and then attempting to use the same disk on a regular Serial ATA interface may not work at all. The issue lies in the USB enclosure using some trick to convert 512 byte sectors to 4096 byte sectors when displaying the disk to the OS. I present here the solution to mount and read such a disk with Linux.

I have used a 4TB disk with a small partition to experiment.
When the disk is connected to the USB enclosure, Linux reports it with 4096-byte logical blocks:

usb 2-1.2: new high speed USB device using ehci_hcd and address 4
usb 2-1.2: New USB device found, idVendor=174c, idProduct=5106
usb 2-1.2: New USB device strings: Mfr=2, Product=3, SerialNumber=1
usb 2-1.2: Product: USB to ATA/ATAPI bridge
usb 2-1.2: Manufacturer: Asmedia
usb 2-1.2: SerialNumber: 30700000000000000A22
scsi9 : usb-storage 2-1.2:1.0
scsi 9:0:0:0: Direct-Access     WDC WD40 EZRZ-00WN9B0     80.0 PQ: 0 ANSI: 0
sd 9:0:0:0: Attached scsi generic sg6 type 0
sd 9:0:0:0: [sdf] 976754646 4096-byte logical blocks: (4.00 TB/3.63 TiB)
sd 9:0:0:0: [sdf] Write Protect is off
sd 9:0:0:0: [sdf] Mode Sense: 23 00 00 00
sd 9:0:0:0: [sdf] Assuming drive cache: write through
          


But when connected on the SATA interface, Linux reports it with 512-byte logical blocks:

ata6.00: ATA-9: WDC WD40EZRZ-00WN9B0, 80.00A80, max UDMA/133
ata6.00: 7814037168 sectors, multi 0: LBA48 NCQ (depth 0/32)
ata6.00: configured for UDMA/100
ata6: EH complete
scsi 5:0:0:0: Direct-Access     ATA      WDC WD40EZRZ-00W 0A80 PQ: 0 ANSI: 5
sd 5:0:0:0: [sdd] 7814037168 512-byte logical blocks: (4.00 TB/3.64 TiB)
sd 5:0:0:0: [sdd] 4096-byte physical blocks
sd 5:0:0:0: [sdd] Write Protect is off
sd 5:0:0:0: [sdd] Mode Sense: 00 3a 00 00
sd 5:0:0:0: [sdd] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
          


Attempting to mount the partition directly will fail because of the sector (block) mismatch:

# mount /dev/sdd1 /mnt/sdd1
mount: /dev/sdd1 is write-protected, mounting read-only
NTFS signature is missing.
Failed to mount '/dev/sdd1': Invalid argument
The device '/dev/sdd1' doesn't seem to have a valid NTFS.
Maybe the wrong device is used? Or the whole disk instead of a
partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around?
          


To get around this, we need to use a loopback device, but first some calculations must be done, based on the start and end sectors of the partition. This data can be gotten with e.g. fdisk:

# fdisk -l /dev/sdd
Disk /dev/sdd: 3.7 TiB, 4000787030016 bytes, 7814037168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x52205024

Device     Boot Start   End Sectors  Size Id Type
/dev/sdd1         256 25855   25600 12.5M 83 Linux
          


Using 4096 byte sectors, we get the start sector at byte: 4096 * 256 = 1048576
And a byte size of: 4096 * 25600 = 104857600

Using these numbers, the partition can be mounted like so:

losetup --verbose --offset 1048576 --sizelimit 104857600 /dev/loop0 /dev/sdd
mount /dev/loop0 /mnt/loop
          


And after use, unmounted like so:

umount /mnt/loop
losetup -d /dev/loop0
          


Topic: Configuration, by Kjetil @ 17/05-2017, Article Link

Libvirt for KVM Guest

Referring to the Buildroot-based KVM Guest earlier, here is a way to set it up using libvirt: The virtualization API. Using libvirt instead of just QEMU gives additional flexibility, like easier pinning of physical CPUs to VCPUs and so on.

This setup also assumes that the root filesystem is already laid out in /tmp/kvm_guest, to be shared using the 9P protocol. Due to the fact that many files in the root filesystem are owned by root, the whole virtualization also needs to be run as root, or else the host will not allow access to the shared files.

Here is the XML configuration file for libvirt, some paths and the UUID may need to be changed. I named it "kvm_guest.xml":

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <name>kvm_guest</name>
  <uuid>00000000-0000-0000-0000-000000000000</uuid>
  <memory unit='KiB'>131072</memory>
  <currentMemory unit='KiB'>131072</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <os>
    <type arch='x86_64' machine='pc-i440fx-2.6'>hvm</type>
    <kernel>/tmp/buildroot/kvmguest/output/images/bzImage</kernel>
    <cmdline>root=/dev/root rw rootfstype=9p rootflags=trans=virtio console=hvc0</cmdline>
  </os>
  <features>
    <acpi/>
  </features>
  <cpu mode='custom' match='exact'>
    <model fallback='allow'>kvm64</model>
  </cpu>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/bin/qemu-system-x86_64</emulator>
    <controller type='pci' index='0' model='pci-root'/>
    <memballoon model='none'/>
    <console type='pty'>
      <target type='virtio' port='0'/>
    </console>
    <interface type='ethernet'>
      <mac address='00:00:de:ad:be:ef'/>
      <target dev='tap0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </interface>
  </devices>
  <qemu:commandline>
    <qemu:arg value='-chardev'/>
    <qemu:arg value='stdio,id=char0'/>
    <qemu:arg value='-device'/>
    <qemu:arg value='virtio-serial'/>
    <qemu:arg value='-device'/>
    <qemu:arg value='virtconsole,chardev=char0'/>
    <qemu:arg value='-fsdev'/>
    <qemu:arg value='local,id=fs0,path=/tmp/kvm_guest,security_model=none'/>
    <qemu:arg value='-device'/>
    <qemu:arg value='virtio-9p-pci,fsdev=fs0,mount_tag=/dev/root'/>
  </qemu:commandline>
</domain>
          


It can then be started and accessed like so:

sudo /etc/rc.d/rc.libvirt start
sudo virsh create kvm_guest.xml
sudo virsh console kvm_guest
          


The rc.libvirt script is possibly Slackware specific, your system may have a different way to start the libvirt daemons.

Topic: Configuration, by Kjetil @ 04/03-2017, Article Link

Bluray on Slackware

Here's information on how I was able to play encrypted Bluray disks on Slackware using a custom MPlayer.

This statement from the MPlayer homepage is vital:
"MPlayer does support encrypted BluRay playback, though not all steps are handled by MPlayer itself. The two alternative methods use the URL schemes bd:// (always supports decryption, but you need the key for each and every disk in ~/.dvdcss/KEYDB.cfg and only works well with very simple BluRays, similar to dvd:// vs. dvdnav://) and br:// (uses libbluray and should support the same as VideoLAN in the link below but that is untested)."

I only got it to work with the "br://" scheme. The MPlayer package that follows the default Slackware installation does NOT link to libbluray, so I had to download and compile it manually, and then use this separate MPlayer binary for Bluray playback only. Prior to this, I had already installed libbluray, libbdplus and libaacs on the system.

I launch it with the following helper script:

#!/bin/sh
if ! fgrep /mnt/cdrom /proc/mounts > /dev/null; then
  mount /mnt/cdrom || exit 1
fi

# Enable debugging info for libbluray:
export BD_DEBUG_MASK="0xFFFFFFF"

# NOTE: Set the BLURAY_TITLE variable to change titles.
# NOTE: Use -chapter <id> argument to change chapters.
export BLURAY_TITLE=0
exec ~/opt/mplayer-bluray-bin br://$BLURAY_TITLE//mnt/cdrom "$@"
          


Finally, you will need to have an updated KEYDB.cfg file at ~/.config/aacs/KEYDB.cfg and hope that the VUK (Volume Unique Key) has been discovered for your Bluray disc.

Topic: Configuration, by Kjetil @ 18/02-2017, Article Link

Older articles

Newer articles