Support

Blog

May
16

SSL Updates

Flattr this!

The SSL certificate for the all servers have been updated to use a wildcard certificate.

We *finally* changed over to use a wildcard cert, as pricing has come down enough to not warrant having separate certificates per server.
Our new wildcard certificate is valid until 2019.

What does this mean for you?

The bad news
Really old browsers won’t be able to open our site
If you are an XP user running IE6, you won’t be able to load our encrypted sites anymore. We strongly suggest you upgrade though if you fall into that category!
Same goes for those running Android 2.x (which is equally ancient in computer terms).

The good news
Email is now encrypted point to point using AES256 SHA encryption where possible, and webmail is SHA256 encrypted from server to your browser.
Mail servers that support it (i.e. all of ours, plus the major providers like Google, Yahoo etc, will send encrypted mail to our servers).
Mail Headers will include things like the below if encryption is supported –
Received: from usa4.computersolutions.cn (162.210.36.26) by mail.computersolutions.cn with AES256-SHA encrypted SMTP;

Lastly – our new cert gets us a test rating of A at the SSL Labs site.
https://www.ssllabs.com/ssltest/analyze.html?d=computersolutions.cn&latest

Screen Shot 2016-05-16 at 1.15.56 AM

Flattr this!

Despite having friends that have broken limbs skateboarding, I decided to buy myself an Electronic Longboard.
I’m still a kid at heart, despite my ongoing age…

Screen Shot 2015-09-18 at 10.11.00 AM

The board I chose to buy is what looks like a copy of the Boosted Board. The design is different though, but its close enough to look like a copy of sorts. Mine is from a company called BenchWheel out of Hangzhou, and although mildly expensive, isn’t too bad in Electric Skateboard pricing terms, especially in comparison to the similarly specced Boosted board at $1499.

I was originally planning to get the Stary board, as its made in Shanghai, and I was watching their Kickstarter, but sadly they don’t seem to want to sell it locally.
So, I scanned Taobao for similar products, and decided on the BenchWheel, as it looked reasonable quality-wise compared to the other options.

BenchWheel is currently available on Taobao for 2899RMB (about 450$USD odd at this moment in time)

They have 2 models for sale – the B board, which is a standard longboard, and the C board, which is a skinnier board at the ends.

Screen Shot 2015-09-18 at 10.11.45 AM

I bought my BenchWheel on Monday, had it delivered on Wednesday (the magic of Taobao), and have been riding it for a whole 2 days now. I’ve never ridden a skateboard or longboard before, and I’m finding it very easy to ride. I’m already comfortable using it on the road for short trips in light traffic here in Shanghai. Took me about 5 minutes to find my balance, and after about an hour riding around my compound avoiding pedestrians and small rodent sized dogs I felt comfortable enough to take it outside on the street with the bigger traffic.

So far I’m quite happy with it. Top speed is faster than I want to go still, and the battery life is quite decent @ +-20km. The entire bottom length of the board is essentially battery.

Having played with most of the things available here, from e-scooters to airwheel’s, I think a Longboard is the most fun/ practical in daily use, especially for last mile from metro -> home.

All in all, it feels like a decent quality item. The parts are solidly built, and it doesn’t feel like cheap crap.
I haven’t tried a Boosted board or other US brand boards though, so can’t compare to those, but I do know what cheap crap feels like, and this isn’t that.

Some notes on using it
The BenchWheel has a carry handle, but I think there needs to be something smoother around the handle as the sandpaper gets rough.
Its light enough to carry short distances, which is good.

Remote control feels comfortable to use. The speed acceleration is good – its not crazy from stopped, it feels like they ramp up in a curve rather than giving you full throttle immediately. Braking on the other hand feels like they give you too much – you need to be more careful braking as its almost too fast on the controller.

Controller could do with some labelling, there are way too many leds that show different colors (red or green).
The bottom 3 show board battery status. The top two are speed allegedly, although they do flash when the board isn’t sync’d.
The remote and the board time out if not used and left on. The lights stay on, but the remote does nothing. Turning both off then on again resolves that. Looks like it does that when left 3-5 minutes unused. I’ve already hit that once or twice tonight talking to people about the board and not using it for a few minutes, then it doesn’t want to work.

My manual is in Chinese, and the instructions are not very clear – I had initial issues syncing the remote with the board despite reading the instructions, and repeating the steps a couple of times.
Their online support was good (aliwang), and I resolved it, but the manual needs to be much clearer.

I’ve actually had a go at making a better english manual here – http://computersolutions.cn/downloads/benchwheel/

I’ll re-iterate, this is really fun to ride. I’m actually excited to go out and ride around, which is good.
I’ve also been quite lucky in that I haven’t fallen yet. Having a brake and not going too fast helps a lot, as you can just jump off if you feel like falling.

Some tech details
N5065 270KV motors x 2 – Not sure what brand, haven’t opened it up yet.
Batteries in a 6S 4P (22.2V nominal @ 6 x 3.7V/ 25V peak/ 20v get off the board before you kill the batteries 😉 ) config using 18650’s @ 8800MAH / 210WH
Wheels are 80x45mm 78A hardness
Board is 920x240x15mm
7.9KG total weight.
Has a carrying handle cut out in the board (useful!)

Dual motors @ 1800W

Expanded view
Screen Shot 2015-09-18 at 8.59.16 AM

Underside view
TB278_6eXXXXXawXXXXXXXXXXXX_!!25106345.jpg

Whats missing
It feels like a strong version 1.0
That said this is whats missing:

    • Lighting – they need to add underlighting to the board (they actually came out with some the day after I bought mine, grr!, so will be adding mine when it arrives in my next taobao shopping order).
      Carrying handle – great idea, but the board sandpaper surface chafes, so it needs some smoother tape around the handle area.
      Design – There are tons of cool skateboard designs. BenchWheel have completely ignored that and gone with a horridly bad logo font choice and rather basic and bland black board color. This totally needs some work. Luckily you can buy cool stuff on taobao, so thats a fairly easy remedy.
      Packaging – Very white box. Mine actually came slightly damaged, although the board was fine. They need to work on that.
      Battery indicator – The Marbel board has a battery indicator on the board. They need to add something either on the top of the board, or underneath the board with a bar for charge value like you get on electric mopeds and scooters. I might mod mine to add that, as thats fairly easy to do. There is a battery indicator on the remote, but its not too accurate / useful.
      Manual – the existing one isn’t so clear on a few things, even in the Chinese manual.
  • Some action shots below.

    20921767554_59ae162d35_k

    21356686058_7bec4abf8a_k

    21356301820_795dd6d824_k

    20923405313_3799292a18_k

    Full set on Flickr

    Video:

    Flattr this!

    Some of our clients are experiencing delivery issues to some domains that use Gmail/Google for their email.

    I previously covered that here – http://www.computersolutions.cn/blog/2015/04/gmail-and-other-google-hosted-mail-delivery-issues/

    The issue is that China is still blocking Gmail/ Google hosted mail, and the recipient domain hasn’t setup their MX records correctly.

    This is fine for servers outside of China, where all of googles mail servers (should) work, but breaks things for those inside China, where only a few servers are reachable.

    Google hosted mail settings are here: https://support.google.com/a/answer/33915?hl=en

    You’ll note that there are 5 different email servers that are listed in priority order.

    Priority Mail Server
    1 ASPMX.L.GOOGLE.COM.
    5 ALT1.ASPMX.L.GOOGLE.COM.
    5 ALT2.ASPMX.L.GOOGLE.COM.
    10 ALT3.ASPMX.L.GOOGLE.COM.
    10 ALT4.ASPMX.L.GOOGLE.COM.

    For mail servers, the higher number is more important, so a priority of 1 will be the first server tried, then the next highest number, and so on.

    If I try to connect to the servers from China.

    telnet ASPMX.L.GOOGLE.COM 25
    Trying 74.125.200.27…
    (times out)

    telnet ALT1.ASPMX.L.GOOGLE.COM 25
    Trying 173.194.72.26…
    (times out)

    telnet ALT2.ASPMX.L.GOOGLE.COM 25
    Trying 74.125.25.26…
    (times out)

    telnet ALT3.ASPMX.L.GOOGLE.COM 25
    Trying 64.233.169.26…
    Connected to ALT3.ASPMX.L.GOOGLE.COM.
    Escape character is ‘^]’.
    (yay, we have a winner!)

    telnet ALT4.ASPMX.L.GOOGLE.COM 25
    Trying 74.125.70.27…
    Connected to ALT4.ASPMX.L.GOOGLE.COM.
    Escape character is ‘^]’.
    (yay, we have a winner!)

    So, we can see that alt3, alt4 work, but none of the others do (as of 9th September 2015 from Shanghai)

    So, some rudimentary testing shows that some servers work, and some do not.
    How does that apply to real world examples.

    Lets look at a non-working domain – ihg.com

    dig mx ihg.com

    ;; ANSWER SECTION:
    ihg.com. 600 IN MX 100 aspmx3.googlemail.com.
    ihg.com. 600 IN MX 50 alt1.aspmx.l.google.com.
    ihg.com. 600 IN MX 50 alt2.aspmx.l.google.com.
    ihg.com. 600 IN MX 100 aspmx2.googlemail.com.
    ihg.com. 600 IN MX 10 aspmx.l.google.com.

    You should easily be able to see 2 things.
    1 – that the MX records are not as per Google settings.
    2 – that the 2 working MX records are not listed.

    This means that while their MX records probably work oversea’s, they will not be deliverable from China. They need to amend their MX records to Googles recommended settings.

    Lets look at another example.

    dig mx rsms-west.com

    ;; ANSWER SECTION:
    rsms-west.com. 6238 IN MX 30 alt2.aspmx.l.google.com.
    rsms-west.com. 6238 IN MX 10 aspmx.l.google.com.
    rsms-west.com. 6238 IN MX 40 aspmx2.googlemail.com.
    rsms-west.com. 6238 IN MX 50 aspmx3.googlemail.com.
    rsms-west.com. 6238 IN MX 20 alt1.aspmx.l.google.com.

    Once again, we can see that the alt3, and alt4 servers are missing, and unfortunately none of the other listed servers are connectable from China.

    Lastly, lets look at a working server

    dig mx teamsequel.com

    teamsequel.com. 12878 IN MX 1 ASPMX.L.GOOGLE.com.
    teamsequel.com. 12878 IN MX 5 ALT1.ASPMX.L.GOOGLE.com.
    teamsequel.com. 12878 IN MX 5 ALT2.ASPMX.L.GOOGLE.com.
    teamsequel.com. 12878 IN MX 10 ALT3.ASPMX.L.GOOGLE.com.
    teamsequel.com. 12878 IN MX 10 ALT4.ASPMX.L.GOOGLE.com.

    You can see that they have the correct Gmail settings as per Gmail / Google settings page, and mail to them is deliverable (as alt3, alt4 are currently not being blocked by the beneficent government of China).

    Unfortunately as this is an issue that is out of our control (MX records are incorrect, and China is being difficult), we cannot mitigate against it. The affected domains will need to amend their MX records appropriately as per the page here- https://support.google.com/a/answer/33915?hl=en.

    Flattr this!

    I have a couple of older Mac Pro desktops that I tend to.
    As my machines usually get upgraded to the max, they’re still pretty darn useful.
    Currently they’re all Dual Quad Core 3Ghz / 16G Ram 1,1->2,1 flashed, which is more than enough for dev purposes.

    Sadly though, they still have the original graphics cards – rather crappy 7300GT’s.

    One of the issues with the Mac Pro 1,1 is that in Yosemite* the original graphics cards aren’t really supported.

    *Sure Yosemite isn’t really supported either, but it does work after a bit of EFI boot mangling.

    You can work around things, by having a newer NVidia card (i.e. anything 6XX and above), but then you lose boot graphics till the OS loads drivers.

    As I sort of quite need boot graphics due to the bootloader side of things getting borked on occasion, I thought I’d source myself a compatible card.

    There aren’t really that many options unfortunately for vintage equipment, its mostly 8800GT’s that are at least 5 years+, and priced at silly money.

    There are other options though – certain PC graphics cards are usable.

    As a Mac Pro 1,1 (2,1), it needs a card that:
    #1 – Shipped on a Mac Pro 1,1 or 2,1 (so that AMD created an _EBC_ based Mac BIOS).
    #2 – Has a flashable BIOS. This rules out most of the NVidia’s of that era, so its a select number of ATI cards.

    Netkas.org is a good source of reading for that sort of thing.

    ATI 4870 appears to be flashable, and wasn’t too “$$ bills yo!” on Taobao

    So, sourced myself a 4870 1G card (235RMB w/shipping), and set to work.

    There is a wealth of information out there about flashing, but unfortunately all the links appear to be pretty dead.

    The general consensus is to dump the original firmware, then patch it yourself. There are tools for this, but they don’t really work. Cindori’s Zeus et al..

    I tried to do this inside the Mac Pro itself, but it wasn’t having any of it, and didn’t like the perfectly fine DOS USB key(s) I made. Luckily I also had a Windows box available to dump / flash.

    Fun and games with PSU connectors later, I booted off a DOS boot disk, used ATIFlash to dump my original rom, then shutdown again.

    IMG_0068

    Stuck the USB key back in my laptop, used a ROM I found inside Zeus (show package contents, copy the 4870EFI.ROM out) + patch that with my dumped rom using fixrom.py from here – http://forum.netkas.org/index.php/topic,692.0.html and the patch instructions here – http://forums.macrumors.com/threads/race-to-dump-the-4870-rom-whos-first.661681/page-14#post-7297669

    Copied the patched rom back onto the USB, rebooted off again into the DOS boot disk on my Window box, and flashed the new patched EBC rom bios.

    IMG_0069

    A few minutes of recabling later on the Mac, I got a nice boot screen off the card.

    Works fine in OSX too (sleep etc appear to be fine).
    IMG_0070

    As this was a royal pain in the ass, I have the pre-patched rom here – ROM

    Its specifically for the 4870 card I have, so don’t randomly flash to your 4870 card, unless the part number matches. My P/N is below.

    Radeon HD4870 1G Dual DVI
    PN 288-20E85-230AC

    Enjoy.

    Flattr this!

    As I haven’t posted in a while, I thought I would publish a few tips and tricks for Apple computers.
    All of the tips below are done inside Terminal.

    I find most of them useful, don’t blindly copy and paste unless you understand what you’re doing.
    Some of them can be accomplished in the OSX Gui, some cannot.

    —-

    Getting access to the Beta’s for OS X
    Accessing public beta’s via Software update (on Yosemite)
    sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL https://swscan.apple.com/content/catalogs/others/index-10.10beta-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog.gz

    softwareupdate -l

    Accessing all available beta’s via Software update (on Yosemite)
    sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL https://swscan.apple.com/content/catalogs/others/index-10.10seed-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog.gz

    softwareupdate -l

    Resetting Software Update catalog to the defaults (eg if you used one of the above 2 catalogs)
    sudo softwareupdate –clear-catalog

    Making TextEdit default to plain text mode for new documents
    defaults write com.apple.TextEdit RichText -int 0

    Change the default Finder location to your home folder (~/)
    defaults write com.apple.finder NewWindowTarget -string "PfLo" && \
    defaults write com.apple.finder NewWindowTargetPath -string "file://${HOME}"

    Make the save panel expanded by default
    defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true

    Turning off the warning when changing file extensions
    defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false

    Check for software updates daily
    defaults write com.apple.SoftwareUpdate ScheduleFrequency -int 1

    Show the icons for drives, network drives, and usb disks on the desktop
    defaults write com.apple.finder ShowExternalHardDrivesOnDesktop -bool true && \
    defaults write com.apple.finder ShowHardDrivesOnDesktop -bool true && \
    defaults write com.apple.finder ShowMountedServersOnDesktop -bool true && \
    defaults write com.apple.finder ShowRemovableMediaOnDesktop -bool true

    Disable creation of .DS_Store files on network shares
    defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true

    Unhide the user Library folder
    chflags nohidden ~/Library

    Enable AirDrop over Ethernet and on unsupported Macs
    defaults write com.apple.NetworkBrowser BrowseAllInterfaces -bool true

    Flattr this!

    Update

    Google has added another MX (mail server) for Google Hosted mail – alt4.gmail-smtp-in.l.google.com.

    This does not currently appear to be blocked (unlike their other 4 MX servers), so we have removed the forwarding, and mail is transiting normally.


    China has completely blocked gmail hosted mail as of today [28th April 2015]

    This means that all mails heading to google’s servers is now blocked from Chinese ISP’s like ourselves.

    Symptoms will include bounce messages where our server has given up retrying to send out the mail, as the remote server is not accessible over the Chinese internet.

    EG –

    Hi. This is the qmail-send program at mail.computersolutions.cn.
    I’m afraid I wasn’t able to deliver your message to the following addresses.
    This is a permanent error; I’ve given up. Sorry it didn’t work out.

    :
    Sorry, I wasn’t able to establish an SMTP connection. (#4.4.1)
    I’m not going to try again; this message has been in the queue too long.

    In the interim, we have added forwarding for all gmail addressed mail to transit through our oversea’s mail servers in the USA.

    This should solve email delivery issues for gmail addresses – essentially anything addressed to someone @gmail.com

    We are looking at solutions for resolving delivery to other google hosted mail clients, this will take some time to come up with a usable solution. In the interim, we can manually add routes on a server by server basis.

    Be aware that this specific issue is out of our control, and we can only mitigate against it.

    Examples of google hosted mail clients from recent queries/failure notices:

    teamsequel.com – Their mail is served by google.

    dig mx teamsequel.com

    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mx teamsequel.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11757 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;teamsequel.com. IN MX ;; ANSWER SECTION: teamsequel.com. 2320 IN MX 5 ALT1.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 5 ALT2.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 10 ALT3.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 10 ALT4.ASPMX.L.GOOGLE.com. teamsequel.com. 2320 IN MX 1 ASPMX.L.GOOGLE.com.

    dreamonproductions.com – their mail is served by google.

    dig mx dreamonproductions.com

    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mx dreamonproductions.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35828 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;dreamonproductions.com. IN MX ;; ANSWER SECTION: dreamonproductions.com. 3600 IN MX 5 alt1.aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 1 aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 10 aspmx2.googlemail.com. dreamonproductions.com. 3600 IN MX 5 alt2.aspmx.l.google.com. dreamonproductions.com. 3600 IN MX 10 aspmx3.googlemail.com.

    Flattr this!

    The Mercury MAC1200R (TPLINK WR6300) is one of the cheapest AC based routers on the planet, as I have a few AC devices I thought I’d buy one to try out. They’re available for under RMB120 or so online.

    Mercury hardware is TPLink hardware, albeit using a different name. Same stuff, same factory, different casing.

    The router has 64M ram, and 8M flash. CPU / Wifi AR9344 / QCA9882

    OpenWRT says it has support, so I had a quick go at taking a look at flashing one.

    First steps:

    Open up the unit (remove the 2 screws underneath, then use a spare credit card or similar to jam open the plastic case).

    The serial headers are to the right of the SoC.
    You’ll need a rs232 to ttl or usb to ttl adaptor.

    pl2303

    gnd, tx, rx

    Pin 1 is GND
    Pin 2 is TX (connect to rx)
    Pin 3 is RX (connect to tx)
    Pin 4 is VCC (don’t connect).

    Port speeds are 115200,8,n,1

    Connect up, and you should see a flurry of activity on boot.

    To get into the bootloader (uBoot), you’ll need to type tpl
    May take a few tries, so prepare to pull power and retry again, and again till you get in.

    uboot

    You’ll need a TFTPD server running on 192.168.1.100 to push files over. My Mac no haz ethernet (and Thunderbolt to Ethernet is crud), so I use my venerable X40 and tftpd software.

    Firmware is up here. (Or you can compile your own) -> http://pan.baidu.com/s/1hqkVOfa

    Firmware locations in flash (see below)
    printenv
    bootargs=console=ttyS0,115200 root=31:02 rootfstype=jffs2 init=/sbin/init mtdparts=ath-nor0:256k(u-boot),64k(u-boot-env),6336k(rootfs),1408k(uImage),64k(mib0),64k(ART)
    bootcmd=bootm 0x9f020000
    bootdelay=1
    baudrate=115200
    ethaddr=0xba:0xbe:0xfa:0xce:0x08:0x41
    ipaddr=192.168.1.111
    serverip=192.168.1.100
    dir=
    lu=tftp 0x80060000 ${dir}u-boot.bin&&erase 0x9f000000 +$filesize&&cp.b $fileaddr 0x9f000000 $filesize
    lf=tftp 0x80060000 ${dir}db12x${bc}-jffs2&&erase 0x9f050000 +0x630000&&cp.b $fileaddr 0x9f050000 $filesize
    lk=tftp 0x80060000 ${dir}vmlinux${bc}.lzma.uImage&&erase 0x9f680000 +$filesize&&cp.b $fileaddr 0x9f680000 $filesize
    stdin=serial
    stdout=serial
    stderr=serial
    ethact=eth0

    Environment size: 686/65532 bytes

    Upload to the uBoot

    U-Boot 1.1.4--LSDK-10.1.389 (Apr 9 2014 - 15:23:02)

    U-Boot DB120
    Wasp 1.2

    DRAM: 64 MB
    Flash Manuf Id 0xef, DeviceId0 0x40, DeviceId1 0x17
    flash size 8MB, sector count = 128
    Flash: 8 MB
    Using default environment

    In: serial
    Out: serial
    Err: serial
    Net: ag934x_enet_initialize...
    No valid address in Flash. Using fixed address
    No valid address in Flash. Using fixed address
    wasp reset mask:c02200
    WASP ----> S27 PHY
    s27 reg init
    : cfg1 0x80000000 cfg2 0x7114
    eth0: ba:be:fa:ce:08:41
    athrs27_phy_setup ATHR_PHY_CONTROL 4 :1000
    athrs27_phy_setup ATHR_PHY_SPEC_STAUS 4 :10
    eth0 up
    WASP ----> S27 PHY
    s27 reg init lan
    ATHRS27: resetting s27
    ATHRS27: s27 reset done
    : cfg1 0x800c0000 cfg2 0x7214
    eth1: ba:be:fa:ce:08:41
    athrs27_phy_setup ATHR_PHY_CONTROL 0 :1000
    athrs27_phy_setup ATHR_PHY_SPEC_STAUS 0 :10
    athrs27_phy_setup ATHR_PHY_CONTROL 1 :1000
    athrs27_phy_setup ATHR_PHY_SPEC_STAUS 1 :10
    athrs27_phy_setup ATHR_PHY_CONTROL 2 :1000
    athrs27_phy_setup ATHR_PHY_SPEC_STAUS 2 :10
    athrs27_phy_setup ATHR_PHY_CONTROL 3 :1000
    athrs27_phy_setup ATHR_PHY_SPEC_STAUS 3 :10
    eth1 up
    eth0, eth1
    Setting 0xb8116290 to 0x30602d0f
    Autobooting in 1 seconds
    db12x>

    db12x> tftpboot 0x81000000 image.bin
    eth1 link down
    enet0 port4 up
    dup 1 speed 100
    Using eth0 device
    TFTP from server 192.168.1.100; our IP address is 192.168.1.111
    Filename 'image.bin'.
    Load address: 0x81000000
    Loading: #################################################################
    #################################################################
    #################################################################
    #################################################################
    #################################################################
    #################################################################
    #################################################################
    #################################################################
    #################################################################
    ##############################
    done
    Bytes transferred = 3145732 (300004 hex)
    db12x> erase 0x9f020000 +0x3c0000
    Erasing flash... ............................................................
    Erased 60 sectors
    db12x> cp.b 0x81000000 0x9f020000 0x3c0000
    Copy to Flash... ............................................................done
    db12x> bootm 9f020000

    It should boot into OpenWRT, you can flash from there.


    ...[long kernel bootlogs redacted]

    - init complete -

    BusyBox v1.22.1 (2014-12-15 18:46:26 CST) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    _______ ________ __
    | |.-----.-----.-----.| | | |.----.| |_
    | - || _ | -__| || | | || _|| _|
    |_______|| __|_____|__|__||________||__| |____|
    |__| W I R E L E S S F R E E D O M
    -----------------------------------------------------
    BARRIER BREAKER (14.07, r42625)
    -----------------------------------------------------
    * 1/2 oz Galliano Pour all ingredients into
    * 4 oz cold Coffee an irish coffee mug filled
    * 1 1/2 oz Dark Rum with crushed ice. Stir.
    * 2 tsp. Creme de Cacao
    -----------------------------------------------------

    cat /proc/mtd
    dev: size erasesize name
    mtd0: 00020000 00010000 "u-boot"
    mtd1: 0010206c 00010000 "kernel"
    mtd2: 006cdf94 00010000 "rootfs"
    mtd3: 004d0000 00010000 "rootfs_data"
    mtd4: 00010000 00010000 "art"
    mtd5: 007d0000 00010000 "firmware"

    I highly recommend replacing the bootloader with an unlocked one.
    i.e. this one – https://github.com/pepe2k/u-boot_mod

    Bootloader sits at 0x9f000000 and is 64kb in size.
    Suggest load in ram at 0x80060000 like they do, and flash from there.

    eg from the bootloader –

    tfpboot 0x80060000 uboot.bin
    erase 0x9f000000 +0x20000
    cp.b 0x80060000 0x9f000000 0x20000

    Pray that it didn’t mess up (or you need an spi flasher…), and reboot!

    Other bits n bobs –

    You’ll need to adjust the opkg.conf file

    ssh into the router @ 192.168.1.1 / root / root

    mv /etc/opkg.conf /etc/opkg.conf.orig

    echo 'dest root /
    dest ram /tmp
    lists_dir ext /var/opkg-lists
    option overlay_root /overlay
    src/gz barrier_breaker_base http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base
    src/gz barrier_breaker_management http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/management
    src/gz barrier_breaker_oldpackages http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages
    src/gz barrier_breaker_packages http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/packages
    src/gz barrier_breaker_routing http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/routing
    src/gz barrier_breaker_telephony http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/telephony
    src/gz barrier_breaker_luci http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/luci

    #src/gz barrier_breaker_base http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/base
    #src/gz barrier_breaker_management http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/management
    #src/gz barrier_breaker_oldpackages http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/oldpackages
    #src/gz barrier_breaker_packages http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/packages
    #src/gz barrier_breaker_routing http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/routing
    #src/gz barrier_breaker_telephony http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/telephony' >> /etc/opkg.conf

    …and install Luci (the openwrt webui)

    opkg update
    opkg install luci

    You should be able to visit http://192.168.1.1 and start changing settings.

    Screen Shot 2014-12-30 at 12.32.24 AM

    Screen Shot 2014-12-30 at 12.32.34 AM

    Flattr this!

    While it is the season to be jolly, its also apparently the season for us to move datacenters!

    Our network provider has told us (on rather short notice!) that we need to vacate our current datacentre, and move to a newer larger centre. Its not all bad news though, as it means a chance to refresh equipment, and upgrade services.

    We’ll be moving equipment to a newer Shanghai Telecom datacenter in Waigaoqiao on Saturday 27th December. Most of the work has already been done as we’ve setup new equipment for servers, and tested migrating some clients already.

    Moving servers does mean we will incur some downtime for some clients on Saturday though.
    We will need to change DNS records for you to point to the new location, and migrate some data to new servers.

    We anticipate this taking a few hours.

    Please bear with us while we migrate services on Saturday 27th December.

    Flattr this!

    Yet another SSL vulnerability has hit the news – the Poodle SSLv3 vulnerability.

    Our servers are already patched against this (we’ve disabled SSLv2 and SSLv3 functionality, and use TLS).

    You can check this on the 3rd party site here –

    https://www.ssllabs.com/ssltest/analyze.html?d=mail.computersolutions.cn&s=211.144.68.16

    Unfortunately this now means that Windows XP and IE6 are no longer supported.

    Our rating from the SSLLabs checker is below.
    Note that the A- rating is due to our certificate, not our security!

    (We can only update that in 2016 when it comes up for renewal).

    Screen Shot 2014-10-16 at 12.16.32 AM

    SSL negotiation in use on our server
    Screen Shot 2014-10-16 at 12.13.43 AM

    Flattr this!

    In January, I upgraded to 100M fibre, and paid upfront for the year (RMB2800).

    While I was on vacation, my FTTB at home stopped working, so we called Shanghai Telecom.

    What had actually happened was that there was a screwup with the account setup, and they’d put me on a monthly bill *and* 100M.
    After 6 months, they decided that I hadn’t paid my bill, and cancelled my 100M fibre account!
    Staff eventually sorted it out, and Telecom gave us a 6 month credit.
    Even so, I ended up coming back to a crappy E8 wifi + modem setup and my router set to use DHCP.

    The Shanghai Telecom unit was setup for a maximum of 16 wifi devices, and uPNP was disabled, sigh.

    I prefer to use my own equipment, as I generally don’t gimp it, so I called Telecom to ask for my “new” account details so I could replace it.

    Unfortunately the technician had changed the password, and the 10000 hotline didn’t have the new pass, or the LOID.

    I called the install technician who’d installed it in my absence, but he wasn’t very helpful, and told me I couldn’t have it. Surprise…

    What to do.

    I took a look at their modem, and thought it should be fairly easy to try get the details from it.

    Did a bit of googling, and found that it had an accessible serial port, so opened up the unit, and connected it up.

    After a bit of cable fiddling, got a connection @ 115200 / 8n1

    Cable pinout should be –
    GND | MISSING PIN | TX | RX | VCC

    I’ll add some photos later.

    With some more fiddling around, I got terminal access (accidentally!) with some prudent Ctrl C/ Ctrl Z’ing during the boot process as something crashed and I got a terminal prompt.
    Its vxware, although the boot process does look quite linuxy.

    Lots of interesting commands..

     > ls -al
    telnetd:error:341.568:processInput:440:unrecognized command ls -al
     > help
    ?
    help
    logout
    exit
    quit
    reboot
    brctl
    cat
    loglevel
    logdest
    virtualserver
    ddns
    df
    dumpcfg
    dumpmulticfg
    dumpmdm
    dumpnvram
    meminfo
    psp
    kill
    dumpsysinfo
    dnsproxy
    syslog
    echo
    ifconfig
    ping
    ps
    pwd
    sntp
    sysinfo
    tftp
    voice
    wlctl
    showOmciStats
    omci
    omcipm
    dumpOmciVoice
    dumpOmciEnet
    dumpOmciGem
    arp
    defaultgateway
    dhcpserver
    dns
    lan
    lanhosts
    passwd
    ppp
    restoredefault
    psiInvalidateCheck
    route
    save
    swversion
    uptime
    cfgupdate
    swupdate
    exitOnIdle
    wan
    btt
    oam
    laser
    overhead
    mcpctl
    sendInform
    wlanpower
    zyims_watchdog
    atbp
    ctrate
    testled
    ipversionmode
    dumptr69soap
    lan2lanmcast
    telecomaccount
    wanlimit
    namechange
    userinfo
    localservice
    tcptimewait
    atsh
    option125Mode
    eponlinkper
    setponlinkuptime
    loidtimewait
    phonetest
     

    First up, dump the nvram

    > dumpnvram
    ============NVRAM data============
    nvramData.ulVersion=6l
    nvramData.szBootline=e=192.168.1.1:ffffff00 h=192.168.1.100 g= r=f f=vmlinux i=bcm963xx_fs_kernel d=1 p=0 c= a= 
    nvramData.szBoardId=      XPT2542NUR
    nvramData.ulMainTpNum=0l
    nvramData.ulPsiSize=64l
    nvramData.ulNumMacAddrs=10l
    nvramData.ucaBaseMacAddr=??Umo
    nvramData.pad=
    nvramData.ulCheckSumV4=0l
    nvramData.gponSerialNumber=             
    nvramData.gponPassword=           
    nvramData.cardMode=-1
    nvramData.cardNo=  000000000000000000
    nvramData.userPasswd=telecomadmin31407623
    nvramData.uSerialNumber=32300C4C755116D6F
    nvramData.useradminPassword=62pfq
    nvramData.wirelessPassword=3yyv3kum
    nvramData.wirelessSSID=ChinaNet-WmqQ
    nvramData.conntrack_multiple_rate=0
    ============NVRAM data============
    

    Nice, got the router admin pass already.
    – nvramData.userPasswd=telecomadmin31407623
    (user is telecomadmin).

    I actually needed the login details, this turned out to be via

     > dumpmdm 

    This dumped a rather large xml style file with some interesting bits

    [excerpted are some of the good bits – the whole file is huge]


    FALSE
    e8ftp
    e8ftp
    21
    TRUE
    FALSE
    TRUE
    e8telnet
    e8telnet
    23
    FALSE
    admin
    v2mprt

    Hmm, telnet, and a password!
    Telnet is not enabled by default, nor is FTP.

    It also had the pppoe user/pass which was what I was looking for, and the LOID, which I needed to stick into my modem.
    Score.

    While that was pretty much all I needed, I decided to enable Telnet and FTP to play around.

    Ok, so how do we enable telnet?

     > localservice
    usage:
       localservice show: show the current telnet/ftp service status.
       localservice telnet enable/disable: set the telnet service enable or disable.
       localservice telnetAccess enable/disable: allow access telnet in wan side or not.
       localservice ftp enable/disable: set the ftp service enable or disable.
       localservice ftpAccess enable/disable: allow access ftp in wan side or not.
    
     > localservice telnet enable
     
    > localservice show
    Current local services status:
    Ftp Service: Disable
    Ftp Allow Wan Access: No
    Telnet Service: Enable
    Telnet Allow Wan Access: No
     
    > localservice ftp enable
    
    > localservice show
    Current local services status:
    Ftp Service: Enable
    Ftp Allow Wan Access: No
    Telnet Service: Enable
    Telnet Allow Wan Access: No
     > save
    config saved.
    
    

    reboot the modem, and see if we can login via ethernet

    telnet 192.168.1.1
    Trying 192.168.1.1...
    Connected to broadcom.home.
    Escape character is '^]'.
    BCM96838 Broadband Router
    Login: telecomadmin
    Password: 
    Login incorrect. Try again.
    Login: e8telnet
    Password: 
     > 
    

    Cool, so we now have full access to the device.

    There also seems to be a remote monitoring system config’d via devacs.edatahome.com, which maps to a Shanghai Telecom ip.

       http://devacs.edatahome.com:9090/ACS-server/ACS
          http://devacs.edatahome.com:9090/ACS-server/ACS
          hgw
          hgwXXXX1563
    

    and something else called itms.

    itms
     itmsXXXX5503
    

    I’ve XXX’d out some of the numbers from my own dump, as I suspect its device / login specific.

    I got what I needed though, which was admin access to the modem, despite Shanghai Telecom not telling me.

    Would really be nice if they just gave you the PPPoE user/pass and LOID, but that would be too easy…

    On my modem, the following were the default passwords:

    Console Access (via serial port)

    User: admin
    Pass: v2mprt

    Once in console, you can enable Telnet and FTP.

    Telnet (not enabled by default)
    User: e8telnet
    Pass: e8telnet

    FTP (not enabled by default)
    User: e8ftp
    Pass: e8ftp

    To show the http password from console (either local, or via telnet).
    dumpnvram

    url: http://192.168.1.1
    http user: telecomadmin
    http pass: (as per nvram, mine was telecomadmin31407623 )

    Once in you can see all the important bits. Probably easier to grep the xml file from

    dumpmdm

    Took me about an hour or so to get to that point, I’m running on my own equipment again, and its not gimped. Worth my time!

    Archives

    Categories

    Tags

    PHOTOSTREAM