Windows 11 en una máquina vieja vía libvirt en Linux

Entre los requirimientos de Windows 11 están una CPU moderna, arranque EFI seguro y un dispositivo de seguridad TPM versión 2.0. A continuación os comentaré como lo instalé sin trucos en una máquina virtual dentro de una máquina que no tiene ni TPM ni arranque seguro EFI, así que el único requerimiento que cumplía era el tener una CPU algo moderna, con virtualización hardware, claro.

Para poder probar cosas con el Windows 11 en el trabajo he querido instalar Windows 11 como siempre hago con los Windows, es decir, en una máquina virtual dentro del sobremesa, hasta ahora siempre lo he hecho con VirtualBox, es cómodo y cumplía con lo que yo necesito.

Sin embargo en este caso, si queremos instalar Windows 11 sin trucos, necesitaremos un dispositivo de seguridad TPM, que no existe en VirtualBox, así que... he explorado un poco el mundo de libvirt usando por debajo KVM, que sí que nos permite usar un TPM software y el resto de cosas que necesita Windows 11 para funcionar.

He utilizado los paquetes de Bookworm (ahora en testing mientras no se convierte en la nueva estable) para contar con las últimas versiones y no tener que andar haciendo las cosas "a mano" editando los XML y tal, con las versiones de Bookworm se puede hacer todo en plan gráfico sin problema, con versiones anteriores igual también se puede, pero en algunas hay que tocar los XML a mano.

La cosa para mi ha sido instalar por un lado la parte de libvirt, instalé estos paquetes: virt-manager virt-viewer libvirt-daemon-driver-qemu libvirt-daemon-system libvirt-daemon-system-systemd libvirt-daemon-config-nwfilter libvirt-daemon-config-network libvirt-clients gir1.2-spiceclientgtk-3.0

Por otro lado para cumplir con los requerimientos del Windows 11 (TPM y arranque EFI) instalé: swtpm-tools ovmf

En algunas pruebas en alguna máquina muy "barebones" no tenía un polkit adecuado así que le instalé: lxpolkit Esto no será necesario en sistemas normales con interfaz gráfica ya que ya tendrán instalado un polkit, sino... el propio virt-manager os lo indicará con un error, sino... arrancarlo con "--debug"

Entre los requerimientos de Windows 11 están la CPU, que tiene que ser moderna y que el arranque sea EFI, por ello definiremos una nueva máquina en el virt-manager poniendo de arranque la ISO del Windows descargada de MS, dejaremos que detecte el operativo (detecta Windows 10, por ahora no tienen 11, pero nos sirve) y justo al final, antes de darle a finish, activaremos "Customize configuration before install" y ahí le ponemos en "overview" tendremos que cambiar el apartado "firmware" de BIOS a UEFI con arranque seguro (secboot), además iremos a la ventana "CPUs" y eligiremos en "Configuration" la opción "host-passthrough".

Si le dimos a "apply" en las opciones podemos volver a "overview" y comprobar en el xml que nos queda algo como esto:

machine=pc-q35-7.1 cpu mode='host-passthrough' ... firmware UEFI x86_64: /usr/share/OVMF/OVMF_CODE_4M.secboot.fd

El otro requerimiento que tiene Windows 11 y que no suelen cumplir las máquinas menos modernas es el TPM, pero al ser una máquina virtual usamos el TPM software que hemos instalado y listo. Para esto añadimos a la máquina un dispositivo nuevo de tipo TPM y modelo TIS, y listo, ya podemos darle a "Begin installation".

Esta configuración de máquina es con la tarjeta gráfica qxl, cuando terminemos la instalación de Windows será conveniente instalar en el Windows 11 las spice guest tools que podemos descargar de spice-space.org para tener un buen soporte del esta y el resto del hardware.

Una vez instalemos eso apagamos la máquina y en el virtual-manager en la ventana de la máquina virtual Windows 11, seleccionamos "view", "scale display" y marcamos "autoresize vm with window"

Listo, con esto Windows debería reconocer todo el hardware y hacer escalado de la pantalla al tamaño de nuestra ventana.

Programming Retevis RT46

So... some time ago we bought a pair of RT46 for the children, they work pretty well, however we found out on the instructions manual that we can change a lot of parameters through software programming, like disabling CTCSS/DCS so that we can hear other radios that don't have it enabled.

The first thing was to get the software from Retevis. They sent me an exe that looks to be compiled for Windows XP, bad luck there, but we have an old windows tablet around that maybe could run this.

So... we needed the cable and we found this schema:

To build this we would need a USB to 3.3v serial (like the cable I use for La Fonera) and a couple of connectors 2.5 and 3.5 mm audio connectors, wich came out of an old Nokia audio cable and other broken things, plus a 3 pin header, we had it all.

After a bit of soldering we had...

Which seemed ok, but the windows driver for that cable saying... "pl2303hxa phased out since 2012" didn't look ok, and in fact didn't work, we googled to Ruben's github and that solved it, we finally could read the values from the radio and write new ones there :-)

I tried to google some Linux stuff for this products but found none, maybe wine can help here, if I have the time I'll do some tests on this, any better hint?

Abriendo cerradura de manilla con tapa de acceso no visible

Buenas.

Hace poco tuvimos un problema con una de las manillas de una cerradura, resulta que se habían aflojado los tornillos, pero... los tornillos no se veían, no eran accesibles, estaban ocultos.

Obviamente eso significaba simplemente que había un embellecedor tapando los tornillos, pero el caso era... como se sacaba el embellecedor o que parte de la cerradura desmontar para poder acceder a los tornillos o a desmontar el embellecedor.

Pues bien, luego de darle muchas vueltas, buscar fotos, videos y demás cosas por la red... hicimos lo único que podíamos hacer, darle a la cabeza y luego... desmontar los embellecedores, porque.... tenían que estar como la lógica nos indicaba que tenían que estar, es decir...

El embellecedor estaba metido a presión y hubo que sacarlo con mucho cuidado para intentar dañar lo menos posible la pintura.

Pero al final salió y pudimos apretar los tornillos y solucionar el problema que llevaba meses manifestándose como una holgura.

Y eso es todo, espero que estas fotos sirvan para que otros no se tengan que romper tanto la cabeza como yo mirando videos y fotos que no llevaban a ningún lado, aquí no había agujeros ocultos ni nada por el estilo, solamente presión.

tcpping-nmap a substitute for tcpping based on nmap

I was about to setup a tcpping based monitoring on smokeping but then I discovered this was based on tcptraceroute which on Debian comes setuid root and the alternative is to use sudo, so, anyway you put it... this runs with root privileges.

I didn't like what I saw, so, I said... couldn't we do this with nmap without needing root?

And so I started to write a little script that could mimic what tcpping and tcptraceroute were outputing but using nmap.

The result is tcpping-nmap which does this. The only little thing is that nmap only outputs miliseconds while the tcpping gets to microseconds.

Hope you enjoy it :-)

SUV o la negación de un vehículo urbano deportivo

Está claro que los que acuñaron la etiqueta SUV lo hicieron para vender, y visto lo que se ve en las calles, lo han hecho de miedo.

Han conseguido que se vendan como churros coches más caros, que consumen más, son más inseguros para sus ocupantes y para los atropeyos, ...

El tema es que, hasta que se definió la equiqueta SUV, un coche urbano y deportivo era el Honda Civic, o incluso un Citroën C2, ¿que en que se parecen a un SUV?

En que tienen ruedas, más caras, por cierto, y que desgastan más la carretera, también por su peso y tal claro.

Hace mucho tiempo que quería escribir algo de los SUVs, si me veis conduciendo uno, será que no me ha quedado otra opción, y seguro que no será mío, sino... será que el covid me ha trincado y me ha dejado muy tocado de la cabeza.

No voy a describir todos los problemas que tiene un "SUV" los podéis leer por ahí, pero igual no hace falta, porque cuando vi este video dije... no hacen falta palabras, esto lo explica a la perfección.

https://twitter.com/JamesKPatterson/status/1474089696296906770

OpenWRT dist-upgrade, or how to update your OpenWRT automatically

I've been thinking in writing this post for a long time and with OpenWRT 21.02 hopefully coming I thought it was the perfect time so that you could benefit from it.

Those of us who run Debian love the way you can go from one version to the new one (Bullseye is coming this weekend, btw) without needing to reinstall the machine each time you update, a simple apt dist-upgrade will take care of everything.

I love Debian, but for the really small things I enjoy OpenWRT a lot and I've always missed the Debian dist-upgrade way of things on OpenWRT.

At work we have a lot of OpenWRT routers, so we had a quite automated way of managing things, so that when we had to update, we did the sysupgrade and then logged on the machine and executed something that installed back all the extra things we needed. It was then that I though... hey, what if we use the sysupgrade.conf thing to protect a service that would be run on the first boot of the device with the new version of OpenWRT and then this service would install all the packages we need?

And that's how the reinstall script (calling it a service would be too much) was born. This script will take care of reinstalling all the things that you tell him to install after a sysupgrade, so, all you need to do is to identify what extra packages you have installed and write the names on your /etc/reinstall.conf file, one package per line, also, if you want a service disabled, you would write its name prepending it with a "-", and that's it.

The only limitation that I've found that would annoy me is that reinstall needs network connection to work, so... if you need some of the extra packages to stablish the network connection (like a 4G connected router wich needs its drivers, a full wpa client to connect with WPA-EAP, ...), reinstall will fail, I suppose I could give an option to predownload the packages but that would need the target version of OpenWRT, so maybe that would mean that maybe reinstall should download the sysupgrade image itself along with the packages and launch the sysupgrade, ... well, who knows, maybe I end up writing a beast, but right now... it needs to be able to have network connection with OpenWRT out of the box to be able to reinstall

This is a /etc/reinstall.conf of one of my machines which runs as an AP, so I don't want dhcp or other stuff, but I want some extra packages to be able to access external storage and things like that:

-dnsmasq -uhttpd -odhcpd nmap diffutils usbutils kmod-usb-storage

BTW: this AP of mine is an ASL26555 with 16MB of RAM which has just been updated from the 19.07 series to 21.02.0-rc4 using reinstall without any problem.

So... you need the reinstall.conf file and we need the script itself, which is at the end of the post, you must save it as /etc/init.d/reinstall and then do a "chmod 755 /etc/init.d/reinstall", but as I told before... we must setup sysupgrade so that reinstall survives after it, so you must add to /etc/sysupgrade.conf at least the three reinstall lines that I have here on this example so that it ends looking something like this:

## This file contains files and directories that should ## be preserved during an upgrade. /etc/firewall.user /etc/crontabs/root /root /etc/init.d/reinstall /etc/rc.d/S99reinstall /etc/reinstall.conf

So... now you have it all setup... when you are going to do a sysupgrade... you must first do a "/etc/init.d/reinstall enable" in order to enable the service, so that it runs when sysupgrade reboots the device, that's when reinstall installs the wanted packages.

The service will log its actions on /root/reinstall.log by default, then disable itself so that it is not run anymore, and then reboot the machine so that it ends up right how you wanted it to be. After that you can log on the machine to see how everything went, and hopefully your log will look something like this:

_______ ________ __ | |.-----.-----.-----.| | | |.----.| |_ | - || _ | -__| || | | || _|| _| |_______|| __|_____|__|__||________||__| |____| |__| W I R E L E S S F R E E D O M ----------------------------------------------------- OpenWrt 21.02.0-rc4, r16256-2d5ee43dc6 ----------------------------------------------------- Downloading 'http://www.google.com' Connecting to 142.250.185.4:80 Writing to '/dev/null' Download completed (14036 bytes) Thu Aug 12 17:29:39 CEST 2021 Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/targets/ramips/rt305x/packages/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_core Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/targets/ramips/rt305x/packages/Packages.sig Signature check passed. Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/base/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_base Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/base/Packages.sig Signature check passed. Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/luci/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_luci Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/luci/Packages.sig Signature check passed. Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/packages/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_packages Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/packages/Packages.sig Signature check passed. Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/routing/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_routing Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/routing/Packages.sig Signature check passed. Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/telephony/Packages.gz Updated list of available packages in /var/opkg-lists/openwrt_telephony Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/telephony/Packages.sig Signature check passed. Disabling -dnsmasq Disabling -uhttpd Disabling -odhcpd Installing nmap Installing nmap (7.80-3) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/packages/nmap_7.80-3_mipsel_24kc.ipk Installing libpcap1 (1.9.1-3) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/base/libpcap1_1.9.1-3_mipsel_24kc.ipk Installing libstdcpp6 (8.4.0-3) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/targets/ramips/rt305x/packages/libstdcpp6_8.4.0-3_mipsel_24kc.ipk Installing zlib (1.2.11-3) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/base/zlib_1.2.11-3_mipsel_24kc.ipk Installing libpcre (8.44-3) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/base/libpcre_8.44-3_mipsel_24kc.ipk Configuring libpcre. Configuring libpcap1. Configuring libstdcpp6. Configuring zlib. Configuring nmap. Installing diffutils Installing diffutils (3.7-3) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/packages/diffutils_3.7-3_mipsel_24kc.ipk Configuring diffutils. Installing usbutils Installing usbutils (013-2) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/packages/usbutils_013-2_mipsel_24kc.ipk Installing librt (1.1.24-3) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/targets/ramips/rt305x/packages/librt_1.1.24-3_mipsel_24kc.ipk Installing libusb-1.0-0 (1.0.24-4) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/base/libusb-1.0-0_1.0.24-4_mipsel_24kc.ipk Installing libevdev (1.10.1-1) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/packages/libevdev_1.10.1-1_mipsel_24kc.ipk Installing libudev-zero (0.4.5-2) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/packages/libudev-zero_0.4.5-2_mipsel_24kc.ipk Installing usbids (0.347-1) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/packages/mipsel_24kc/packages/usbids_0.347-1_mipsel_24kc.ipk Configuring libevdev. Configuring librt. Configuring libusb-1.0-0. Configuring libudev-zero. Configuring usbids. Configuring usbutils. Installing kmod-usb-storage Installing kmod-usb-storage (5.4.137-1) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/targets/ramips/rt305x/packages/kmod-usb-storage_5.4.137-1_mipsel_24kc.ipk Installing kmod-scsi-core (5.4.137-1) to root... Downloading https://downloads.openwrt.org/releases/21.02.0-rc4/targets/ramips/rt305x/packages/kmod-scsi-core_5.4.137-1_mipsel_24kc.ipk Configuring kmod-scsi-core. Configuring kmod-usb-storage. Everything went Ok, reinstall has finished without errors.

I guess, that's all I have to say, hope you enjoy it, keep in mind that embedded devices are always tricky and that if your machine is not stable... you should probably not do automatic things like this on it, as always I take no resposability on anything, use it at your own risk, as for me, I trust OpenWRT so much that I have just reinstalled my ASL26555 from outside using it and everything went Ok ;-)

So... here is reinstall

Edit: Originally I had pasted the code in the page, but that was an error due to how bad blogger works, so... now I have published it on github and added the link to it

Flashing a Samsung stock ROM using heimdall from the command line.

I've read many times how to flash a Samsung official rom from Windows using Samsung's official tools and some other times I've read complex ways to do it using the Heimdall's grafical interface, ... but I never felt any of this ways was for me.

Fortunately I always flash custom ROMs instead, so I never had the need to flash a stock one, till recently, when I wanted to test andOTP on old Android versions, that's when I wanted to install the ancient stock versions of a couple of Samsung phones, and luckily I came to a quick commandline script that did it all for me.

WARNING: this procedure will wipe out all your data on the device in a way that you won't be able to recover it, I'm not resposable for any data loss or any damage to the device that any of the things I describe here may cause to the devices.

First of all you must unpack the stock rom (typically a zip file that inside has a whatever.tar.md5 file which is really a tar file, not a md5 one, so, you untar the tar.md5 file and you get the images of the phone's partitions (recovery.img, modem.bin, boot.img, ...) you can now remove that .tar.md5 file.

So... if you have clear that you are going to delete all your data on the phone and want to continue, I assume you have made a good backup of your data and you have verified that the backup is ok, or that you don't mind loosing it all. In any way...

You must start by wiping your data partition from your recovery or from the system itself by doing a factory reset and then going directly do the bootloader. The easiest way is by selecting reset to bootloader on the recovery after wiping data, or rebooting pressing the bootloader key convination for your device, but making sure that you didn't boot into the system after doing the wiping.

If you are sure you have formated data and booted directly to bootloader, you may need to confirm on bootloader that you want to "Continue" to flash your rom, that way you'll get to the "Downloading..." droid.

Now that we are on the bootloader on download mode we do:

heimdall print-pit --no-reboot > pit

and after we have downloaded the pit file:

heimdall flash --resume $(for i in *.*;do grep -B 1 $i pit|tr '\n' ' ';echo;done|sed "s/.*ame: \([^ ]*\) .*ame: \(.*\)/--\1 \2/"|tr '\n' ' ')

And you are done. The script will flash all the partitions that are included on the stock rom and after that it will reboot for the system to do its job after flashing, so... it will be a first time boot that will take a while, but that's it.

Just some side notes, using --no-reboot and then --resume has never really worked for me, maybe it was a problem with heimdall's version or my devices or whatever, in those cases the second heimdall command will fail, you must reboot to booloader again (without going to system, otherwise you'll have to format data again) and execute the flash command again without the --resume.