linux

MuStack MicroVM: An Overcomplicated Solution to a Problem That Doesn't Exist

I have a habit of diving headfirst into projects that are fun but maybe not super useful. A project I worked on a few months ago  MuStack MicroVM (msmv) —a project that took far more effort than necessary to create something that, in all honesty, I’ll probably never use again. But hey, at least it works, right?

 

So, What Exactly is msmv?

At its core, MuStack MicroVM is a minimalistic Linux virtual machine build system. Think Docker, but without all the convenience and with way more manual labour involved. It's designed to create lightweight, secure, and isolated virtual machines for testing environments. Perfect if you're someone who enjoys the thrill of complexity, like building a ship in a bottle—but digitally. Plus, I'm a sucker for naming projects with an acronym.

Tags

Remote code execution on no-name wifi repeaters: Part 2

After bricking the last wifi repeater in my last post, I was determined not do that again. At least not intentionally.

This time around, I purchased the same model as before (U13) as well as three more units of a different model, for $10 and $7 CAD respectively. The goal here is to get root access via SSH/telnet and use these devices as general purpose Linux single board computers. With an ethernet port, built in power supply and wifi, these boards are great for single-purpose servers.

 

New hardware

 

These models kept popping up in recommended items in the Aliexpress app, so I thought I would check it out. Just like the previous model, there's no technical information about these devices or who makes them. All we know is that there's an ethernet port, it has 2.4Ghz wifi...and that there's a WPS button. Some listings display the brand as iMice but nothing turns up on Google. 


Searching around YouTube, I was able to find branded devices using the same hardware:

  • MECO WIFI Wireless Signal Amplifier 
  • Accmor 300Mbps 802.11 n Wireless WiFi Repeater
  • AMAKE Wifi Repeater 300M Range Extender
  • NoyoKere Wifi Repeater 300Mbps Range Expander
  • Seaidea 300Mbps Wireless-N Mini Wifi Repeater
  • iMeshbean® Wifi Repeater 300M Range Extender
  • NINISEI Wifi Router/Repeater
  • F&M Wireless-N 300Mbps 2.4G Wifi Repeater
  • PIX-LINK WR03 Wireless WiFi Repeater 
  • Wi-Fi Repeater XY-300MZJ1

One funny misspelling is the username "admim" on the sticker:

The 4 LED model seems to differ from the 7 LED model, and on the latter model listing the seller displays the chipset as RTL8196E with 16MB flash and 128MB RAM.

Software


Plugging the device into the wall, and going to the printed address (192.168.11.1) we get a very familiar web admin UI. This time, the manufacturer decided to use orange instead of blue.

Tags

Getting root access on a $10 Aliexpress Wifi repeater

I have a fixation of buying little electronic trinkets and gadgets on foreign websites for cheap prices. Something about the cost of such little things, and that it takes 3-4 weeks to arrive to my door, provides me with excitement when I visit the post office to pick up my parcels. Lately, I purchased some ESP32 and ESP8266 boards for around $3, and various other programmers and jumper cables for around the same price point. It makes experimenting with a new project fun and inexpensive (great if you like to drop projects after a month too).

In the hot summer we're having out here, I like to sit in my yard and read online tech news and blogs on my phone. Being the hedonistic person I am, I cannot wait 3-4 seconds for a page to load. The wifi coverage at my house is sufficient in doors, but when I go 150 yards away, it can be abysmal. 

 

The purchase



So, in my regular late night Aliexpress shopping sprees, I found a $10 ($7 USD) wifi repeater that might fit the bill. 

It seems the price has gone up since I purchased the device

There's really no information about this device, anywhere. No model number. These seem to get the model numbers of AC1200M and also U13 if you poke around Aliexpress. If you look on Amazon, you'll find the exact same model selling for over double. It seems to connect this device to your wifi network, you use the WPS button and voila, it connects and you have a repeated signal.

So when it finally arrived the other day, I plugged it into the wall, followed the not-so-cryptic instruction manual and I was on my way. 

Tags

Small software and fun with an ESP8266

I enjoy building small, self-contained software for the pure joy of simplifying what you build. Building complex software is easy; small and maintainable software is not (not always anyway).
To take that same vein of thought, I have been working on a floppy-sized Linux distro (fluxflop) for the pure fun of how small I can build the Linux kernel, while keeping it usable. Running make tinyconfig is easy enough, but how small can you truly make the kernel? 

In my quest to find any resources on this, I stumbled upon Linux Tiny. It's a set of patches (with the intention of getting the patches merged into mainline to make future builds easier) that can slim down the kernel and add additional Kconfig options for reducing the compiled size. The project has not been updated since approx 2007 and uses Linux 2.6.23.0. Backporting these patches (whats the opposite of backport with newer software? haha) would take time and it's not guaranteed that the patch intention would work the same. Well, with too much time on my hands, I dug deep and did just that. You can see the git repo here with updated patches for Linux 6.9. Now, they are not guaranteed to work for everyone and every arch, but for i386 I was able to shave off about ~80KB which doesn't seem like much, but it all adds up in the end. For fluxflop, I was able to trim bzImage down to 712KB, and an aarach64 kernel down to about 820KB. 

I found this presentation that Matt Mackall gave in 2004 for the introduction of Linux Tiny. In the slides, it is mentioned that the Linux kernel produced, with net, EXT2, a NIC (not mentioned which one) and IDE, was 363KB! Very impressive. For my project, that 712KB is without /dev/ram, no filesystems, network capabilities, VGA and not even PS/2. All over serial too, so good luck having it be any use on a desktop box. Still, this is something to aim for. I would be curious to replicate the results in the presentation to build a 720KB floppy-sized Linux distro.
 

Tags

Linux 4.15.2 on SnackLinux

Quick update to SnackLinux, rolled out Linux 4.15.2 with Busybox 1.28.0. Also switched over to x86_64 only (for now at least) since it simplifies a lot of things. I removed the need to staticly link everything and get rid of that niche, since a few other smaller distros cover that (Alpine Linux for example). Again, this simplifies building packages and running into less issues. Check it out on Github for build instructions, or the getting started page on getting SnackLinux running.

Remote code execution with Hitron CGNM-2250

Edit: This has been fixed in the latest firmare update 4.5.10.25

The routers that you receive from your ISP are almost always garbage: not many options to configure and pitiful wifi range. The router/modem that Shaw customers receive is the Hitron CGNM-2250 thankfully isn't completely terrible, 802.11ac plus gigabit ports. I was poking about and researching the model and came upon an exploit for a similar model version for remote code execution. The CGNM-2250 is vulnerable as well, for reference my software version is 4.5.8.20 with hardware version 1A. The input for the ping utility through the web interface isn't sanitized so you can enter arbitrary input. I discovered that it has a few basic utilities, including Dropbear.

SnackLinux update

SnackLinux now has a whopping 31 packages, which include a (somewhat) working gcc toolchain and other fun GNU utilities (vitetris included!). I was able to add Docker support as well, which is just tarballed userland. Getting a working gcc toolchain was a bit of a pain in the butt. Pain in the butt because musl doesn't play nice with every piece of software out there, since most (that I have encountered anyway) think we're using glibc. And since SnackLinux is focused on every packaging being staticly compiled, not every package plays nice with that either. For example, there is a Python 2.7.9 package in the repository that is missing quite a few modules, see below:

Nimrod language

 I have recently discovered the Nimrod programming language. I usually don't branch out on languages because, well, stuff you don't know can be scary. I'm surprised how easy it is to get going though, it reminds me quite a bit of Python. I put up a test project on Github that fetches the weather for a given location.

Tags

Building a distro that almost works

 For the most part, SnackLinux works. I've been having problems with Busybox, so I've made packages for coreutils, binutils, sed, grep and gawk. When compiling anything, I get:


segfault at 0 ip    (null) sp bfdb1cbc error 4 in busybox[8048000+e8000]

or something along the lines of that. I used the newest Buildroot, 2013.11, to create a new toolchain and cross compile uClibc 0.9.33 for SnackLinux. I have yet to recompile Busybox yet, but I'm working on getting gcc natively working on SnackLinux. Once that is completed, I should be able to compile SnackLinux from within SnackLinux.