diff --git a/content/post/kobo-adventures.md b/content/post/kobo-adventures.md new file mode 100644 index 0000000..de2aa08 --- /dev/null +++ b/content/post/kobo-adventures.md @@ -0,0 +1,101 @@ +--- +title: "Kobo Adventures" +description: How to get root access on a Kobo without USB +date: 2026-02-10T22:52:20+01:00 +image: +math: +license: +hidden: false +comments: true +draft: true +--- + +TL;DR You can use the UART to access uboot, change the boot args, boot and change the password so you can log in and enable ssh/remote access. + +I like technology almost as much as I like a bargain. +For a while now I've been buying used kobos for friends and for personal projects. +Kobos are very friendly for tinkerers: a side-loading mode (no cloud), a simple mechanism to install apps and customize the system and a vibrant community. +This means you can easily install Koreader on it. +After using it on my kindle for years, I just can't use the stock reader. Ok, it's not such a big deal, but I really like the configurability and the extra niceties. + +Older kobos are even better, because most of them have an internal SD card instead of an eMMC, so you can easily recover if you mess up the system. +Sadly, newer devices (and h2o models) no longer have an SD card. +Supposedly, for waterproofing +Another recent change is that newer firmwares stopped allowing telnet and ssh access to the device by default. + +This post tells the story of how I managed to get remote access and install custom applications on a newer device with a missing USB port. + +## What I got + +I bought a used Kobo Libra H2O. +The listing said the battery would not charge well or at all after getting it replaced by an unofficial technician. +I risked it, hoping it would be a relatively easy port issue, and I would be able to get around it, even if I needed some ugly hack. + +My plan was to fix the port, or at least try, and get it to charge some way. + +* Fix the port +* Install Kobo + +## Fixing the port + +I will skip this section for now. + +Long story short: the connector that connects the motherboard to the USB daughterboard was broken. + +## Failed attempts + +* Hand-wiring a USB connector to contact points in the daughterboard. Either something else was broken or I was missing resistors/components. +* Downloading files from the browser +* Logging using UART + +What I didn't try: buying and soldering a new connector. +To be honest, I am not sure I would be able to properly solder it without melting the plastic parts. +Even then, I wasn't sure the rest of the board was functional, because my attempts to manually wire it had failed. + +## U-boot + +Connect the UART, reboot the reader and press a key while it boots. +You will be greeted by u-boot. + +U-boot can actually list your mmc contents, you can load files to memory and write them to specific locations. +If you know how to use that, great, just remove `.kobo/ssh-disabled` from the user partition and create a file named `.kobo/ssh-enabled`. +I personally don't feel too comfortable raw editing the contents of the file system, and I was afraid of breaking something. +Luckily, there is an easier way. + + +If you take a look at the environment, you will recognize some of the variables that are used for booting. +In particular, one of them has the linux boot parameters. +Use `setenv` to modify it to add this at the end: + +``` +single init=/bin/sh +``` +Now, boot from mmc. + +## Changing the root password + +Once booted, it is just a matter of changing the password: + +``` +passwd root +``` +There might be some warnings about weak passwords, but it will let you set it anyway. +The user partition is not mounted, and I got errors while trying to do it manually, so just `reboot`. + + +## Enabling remote access + +use `root` and the password you just set to log in the normal system. + +``` +# I believe these are the correct paths, but check before running the command +cd /mnt/onboard/ +rm .kobo/ssh-disabled +touch .kobo/ssh-enabled +reboot +``` + +## SSH + +Connect your Kobo to your wifi, and ssh to it. +You will be asked to change the password on your first login. diff --git a/content/post/pppoe-retriever.md b/content/post/pppoe-retriever.md new file mode 100644 index 0000000..8cd7e40 --- /dev/null +++ b/content/post/pppoe-retriever.md @@ -0,0 +1,70 @@ +--- +title: "Getting rid of your ISP's router" +description: +date: 2026-04-10T15:18:45+02:00 +image: +math: +license: +hidden: false +comments: true +draft: false +--- + +TL;DR (PPPoE retriever is a nice python multiplatform tool to get your PPPoE credentials)[https://guillermodotn.github.io/posts/Retrieve_PPPoE_credentials/#what-do-i-need] + +I recently moved to an ISP that provides provides an ONT+Router combo. +The ONT is a small device that connects a fiber cable to an ethernet one. +The router connects to the ONT through an ethernet cable. +The connection between the ISP and your router is established using PPPoE. +As part of the protocol, the router needs to send a username and password that identify you as a customer. + + +Before this, I had never had a separate ONT, so I had to run the ISP's router as a dumb bridge that forwards all traffic to my own OpenWrt router, which does all the work. +No WiFi, no actual routing. +This feels wasteful and unnecessary. +Besides, it doesn't look great. +So I was excited to get rid of the ISP's router this time. + +Apparently, my ISP will happily send you your credentials if you ask nicely. +They're also required by European law to give you access with your own device. +Still, once I knew the credentials are sent in plain text, I felt compelled to get it myself. + +The plan is simple: + +* Connect to your ISP's router WAN +* Pretend to be your ISP +* Get the credentials + +There are multiple posts that point to a python script to automate step 2 and 3. +It believe it does it like this: + +* It runs `pppd` to spin up a server in your machine. It needs to pass it a configuration file with the right ethernet device and VLAN. +* It uses tcpdump/similar to sniff the traffic during the exchange + +Other tutorials recommended using wireshark and looking for the credentials manually using your phone number or something similar. +Some users complained that the process is error prone, or that they could only get it to work using a Live CD of Kali or Ubuntu. + +The whole process seemed unnecessarily complicated. +From looking at PPPoE's protocol diagrams, it doesn't look that complicated. +So I decided to build a very simple PPPoE server that only does the first steps of authentication, and it spits out the credentials used. +When looking for existing implementations in go and python, I discovered something better. + + +[PPPoE Retriever](https://github.com/guillermodotn/pppoe-retriever) is even simpler than a mock server: it uses scapy to intercept the right packets and send the appropriate responses to the router. +So I ran it, [after sandboxing it using podman](https://github.com/balkian/pppoe-retriever/), and it worked flawlessly. + +With the user, password and VLAN at hand, I only had to create the appropriate device in OpenWRT (VLAN 802.1q on the WAN interface) and change my WAN interface to PPPoE over that device, with the appropriate user and password. + +This whole thing might seem a bit silly. +After all, I could have just called my ISP and be done with it. +But then I wouldn't have learned a little bit more about how my internet connection works. +I wouldn't have been reminded that less os more, or learned of an approach that could be useful in the future. +Lastly, I wouldn't get the feeling of doing the impossible/forbidden. + +Because the truth is I really enjoy hacking stuff. +Even when the hard (and smart) work is done by others. +Even when my only contribution is running a script. +Even when there is little to be gained. + +I like understanding how things work, and being able to customize them. +Even when I do not end up customizing or using them after all. diff --git a/content/post/scrcpy.md b/content/post/scrcpy.md new file mode 100644 index 0000000..8202db3 --- /dev/null +++ b/content/post/scrcpy.md @@ -0,0 +1,60 @@ +--- +title: "Scrcpy" +description: +date: 2026-03-05T20:53:35+01:00 +image: +math: +license: +hidden: false +comments: true +draft: true +--- + +There are multiple options to use your phone as a webcam in linux. +In the past I've used DroidCam. +It works relatively well, both with USB and over WiFi. +However, when I last tried it, circa 2020, the experience wasn't great. +First, latency was more than noticeable. +Then, resolution is limited unless you pay for the app (fair). +Lastly, the setup itself was a bit finicky and it didn't always work for me. + + +This time I went with [scrcpy](https://github.com/Genymobile/scrcpy), which in addition to replacing DroidCam, it can be used to view, control and record your phone's screen. +It can even create a virtual screen which won't show in your device but that will let you control it remotely. +Neat, huh? + +As a bonus, you don't even need to install any apps: you only need to have adb enabled in the developer options (which I always do anyways). + +Requisites: +- Enable adb debugging. It should also work with wireless debugging, but I've read complains about latency. +- Install scrcpy and adb in your PC. With nix you can run a shell with all the tools with: `nix-shell -p android-tools -p scrcpy` + +Create a loopback device for scrcpy: + +``` +# This creates /dev/video9 +sudo modprobe v4l2loopback video_nr=9 card_label="scrcpy" exclusive_caps=1 +``` + +In my case, I got exceptions unless I manually set the size (e.g., `-m1024`) or the camera size. +Some sizes will also lead to invalid video and other problems, so better find a valid camera size for your phone: + +``` +# Get a list of camera sizes +scrcpy --list-camera-sizes +``` + +In my case, I went with 1920x1440. +Then, you only need: + +``` +scrcpy --video-source=camera --camera-size=1920x1080 --camera-facing=back --v4l2-sink=/dev/video9 --no-playback +``` + +You can test it out with ffmpeg, vlc or your preferred video player: + +``` +ffplay -i /dev/video9 +``` + +If that works, you can explore using [autoadb](https://github.com/rom1v/autoadb) to launch scrcpy automatically when you connect your phone to your PC.