Archive for category Hacking

Building a Linux-based HTPC Part 2

Posted by grymoire in Hacking, Linux, Technology on January 29, 2011

Ordering my P7H57D-M EVO HTPC

This is a continuation of Part 1 of my adventures in building an Open Source HTPC.

I did a lot of price comparison, and purchased parts from Amazon (for the chassis), ExcaliberPC (for the power supply), and SuperWarehouse for the motherboard, CPU and memory. Amazon also sold the power supply at a good price, but they wanted $50 shipping!

SuperWarehouse review – not good

Well, I am not pleased with SuperWarehouse. . I used them because they had free shipping if the order was over $300. When I ordered the motherboard, the web site said they had one board in stock. Then I get an email saying it’s backordered. So I said I wanted the CPU and memory anyway. They didn’t ship the order for 8 days, or even let me know when they planned to ship it.  Everything else I ordered, even after all of the changes, and still nothing from SuperWarehouse. I canceled the order by email. The email reply was that “Sorry. The order is submitted. We can’t cancel it.” So I called them in person, and talked to someone, who canceled it. And to top it all off, they charged my credit card! Yes, they never shipped me anything, yet I find a charge on my credit card. I send an email, and they quickly responded, but charging credit cards before the parts are in stock is just wrong.

The rest of the vendors

I had to find another vendor for the mobo. I next went to FuturePowerPC. I ordered the mobo which was in stock. Get an email – out of stock. I next tried NextDayPC, and they said they had 24 units in stock. I placed the order, and they did not have any in stock! What type of !#@% inventory system do they use that has 24 missings motherboards!!! Their website lies.

Sigh… I looked around some more. I called one vendor, who said the mobo was obsolete. He wanted to sell me the -PRO version. I checked the Asus web site, and looked some more, to see that they have a Asus p7h57d EVO as well as Asus p7h55d EVO. Unlike the P7H55D boards, of which there are 10 variations,  the P7H57D board only has the -EVO version. It looked like this verison “had a few more months of tweaking” according to bit-tech. When I started looking for the P7H57D-EVO, Amazon had it for the lowest price, and quick delivery, so I used them.

I looked for another vendor for the CPU, and decided on buy.com. I’d normally pick Amazon, but sometimes Amazon delays shipping for a week, and the CPU and memory became critical because I had all of the other parts. Despite the delays that Amazon has in shipping, and despite the fact that I don;t have a Prime membership, Amazon has been very dependable. I placed all orders in one day, and after several days of waiting, anc cancelling, and choosing Amazon to ship a second order, the stuff from Amazon came faster that many of the other vendors shipping FexEx (8 days for the PSU).

I also decided to order the memory directly from Crucial, because of the good experience I had returning the old memory. This was not a pleasant experience. I used the same credit card for a dozen purchases. When I tried to use the same card on Crucial, they insisted on getting a SecureCode number from MasterCard. I did not sign up for this with MasterCard, and frankly, I don’t want the service. If I did, then the other 10 orders I placed would have been rejected.  What good is a service that prevents you from doing business with 95% of the vendors out there? As far as I know, Crucial is the only vendor that requests this. To add to the frustration, this extra requirement poped up in a new tab on my browser. I typically have 20 tabs open at once, and I didn’t notice the new tab. I repeated the entire purchase process several times, worrying that by reloading the page, I’d be charged twice.

So I finally completed my purchase using PayPal, which I did not want to do.

Additionally, when I used Crucial to suggest a memory board for my system, none of the parts seemed to match the list of parts on Asus’s Qualified Vendor List. But Crucial had a guaranty, so I will try the one they recommend. Well, it didn’t work, even though I used their oin-line tool to select a memory card. I contacted them, and they gave me a RMA. However, I the package has to arrive within 10 business days.

I ordered a Dual Channel DVI-D cable from J&R. They also wanted MasterCard SecureCode. I used PayPal instead. Grrr.

After placing the order for the Motherboard, I started looking at the P8H67-EVO. Perhaps this would have been a better choice. Here’s a tip. Always look at Amazon’s rankings of products. The P8P67d is a LGA1155 mobo. But the parts are already ordered. Oh well.

During the assembly/diagnosis process, I needed to get replacement parts. This is a real pain in the butt. Asus tells me to swap out the CPU and memory first. So how do I do that? Do I wait 2 weeks to get a replacement CPU?

And then wait another two weeks to get a replacement memory?

Some advice on buying components

Method #1 -Build with a buddy

You may want to find someone who wants to do the same thing as you. This may be near impossible, but if you have two of everything, diagnosing a problem is much easier.

Method #2 – Buy 2, and return one

You can order duplicates of every part, and then return the parts that you don’t need. Some vendors might be nicer than others. It’s a crap-shoot.

Method #3 – Buy from Amazon

FuturePowerPC.com sucks

I ordered the CPU from them because of the price.  I waited 10 days, to discover the CPU had not shipped, and I would not have discovered that unless I contacted them to find out the status.

NextDayPC.com sucks

They said they had 24 in stock. I orderd the product to find out they are out of stock.

buy.com sucks

Delivery was fast. Returns was easy. What was the problem? After returning the CPU, their web site says it takes 7-10 days to process the return. I contacted them to get the status, and then I found out that the CPU is out of stock. I got a refund. But if I had not contacted them, I don;t know when I would have found out.

Amazon.com rocks!

After dealing with a dozen vendors, Amazon is the best.  When I returned the Motherboard, Amazon sent me a replacement before I returned the original motherboard. They also gave me a month to return the second motherboard.

The reasons I didn’t first choose Amazon:

  • Other stores offered faster delivery. I don’t have Amazon prime, and I didn’t want to wait 10 days for my parts.
  • Other stores had cheaper prices. One dealer offered free shipping if I spent $300.
  • Other stores do not change state tax.

Advantages to using Amazon

  • Returns are easy and free
  • They will send you replacements before you ship the broken part back. Therefore you may be able to diagnose problems by having two units of each kind.
  • The popularity of the device is very useful. If you are buying some part that is rare, or unpopular, then you might be in trouble. It might be obsolete. Amazon can help you make sure you are using mainstream technology.
  • Amazon provides comparisons to similar products, and to related products. 99% of the time the “some people buy this instead of this” is useless to me because it rarely gives you unbiased views. It’s usually the same vendor that is suggested, but just a variation of the same product. But this is useful at times. For instance, when you buy a CPU, it reminds you of faster/slower versions of the same CPU.

If I had ordered from Amazo initially, I would have had all of the parts, and the replacement parts by now. But it’s been a month, and I still do not able to successfully boot.

Here’s how I assembled the PC. Continued.

, , , , , , ,

4 Comments

Building a Linux-based HTPC

Posted by grymoire in Hacking, Technology on January 23, 2011

My old box, an ASUS Pundit P1-AH2,  that I bought from Monolith, died.

It’s my primary server. I use it for a file server, computer server, DVD burner, backup server, and since it’s always up and running, I use it as a HTPC. It running mythbuntu (mythtv on Ubuntu), so I can record TV shows, and stream then back onto any PC in the house.

Frankly, I had a lot of problems with it, in particular, in the stability of the OS, support for video, sound, etc.  I just bought a memory upgrade from Crucial, upgraded the memory, rebooted the machine, and the system failed to boot. At first I was able to get to the BIOS prompt, but while trying to diagnose the problem, the system failed to boot altogether. It was 3 years old, and the chassis was falling apart, so I felt I might as well replace it.

I contacted Crucial, and they accepted my memory back for a refund. Great company!. So, this documents the process I used to replace the system with a new PC.

Requirements

Everyone makes decisions based on what they want. Here is my list which influenced by decision.

  • HTPC style chassis – I want it to be uncluttered and quiet.
  • Custom built – I want the ability to replace parts that fail. The Pundit had to be scraped when it failed. I’d rather just replace the Motherboard, the CPU or whatever.
  • Support for Firewire/IEEE 1394. – I have FireWire disks I use for backup. Perhaps I could have used a PCI card, but this saves a slot.
  • Support for VGA monitors – I have an old monitor I would like to use, as I tend to run the system  headless.  I also want to add HDMI monitors later. This gives me flexibility.
  • Ability to have more than one hard disk. My last box only had space for one disk. Well, disks fail. I’ve had this happen twice. When you are limited to one internal disk, replacing a 1.5TB disk with a 2TB disk is a pain. The equipment is scattered all over the floor. I want to be able to get additional disks, pop them in, and then remotely format, mount, and backup the data. I can set up  disk to be a clone of another.Having more than one internal disk means moving data between SATA disks is easy. I power down the system,plug in a disk, power up, and then I can finish the rest remotely, on the command line. So having space for more than one SATA drive is useful.
  • Ability to be a home-based file server. Since it can support many disks, I wanted to be able to use it to store shared files, media, photos, etc.

Trade-offs

  • My current HTPC captures analog data, not digital. I want to retain this ability, but I wanted the ability to upgrade to digital later.
  • I wanted a system that was inexpensive to start, but I can upgrade to a more powerful system later.
  • I am willing to pay more for price to get good quality components that will be useful 3 years from now.

My shopping list

Based on the above, I did some research, and made up a shopping list:

  • Asus P7H57D-M EVO – 3 year warranty ( first looked at a p7h55-M-EVO)
  • Intel Core i3-550 Processor with 4 MB Cache, 3.20 GHz Clock Speed, LGA1156 Socket BX80616I3550 – 3 year warranty
  • Corsair 4GB Dual Channel Corsair DDR3 Memory for Intel Core i5 Processors (CMX4GX3M2A1600C9) – limited lifetime warranty – i would have preferred to get memory from Crucial, but the vendor didn’t offer it, and I wanted to take advantage of the free shipping if the product was > $300.
  • Silverstone LC17B
  • SeaSonic 650W Power Supply X650 Gold – 5 year warranty (a 350W PSU is the minimum). Maybe this is overkill, but I didn’t want an underpowered PSU.  A review is here.
  • 4-port USB PCI Bracket
  • Motherboard (mobo) speaker to make it easier to debug any boot problems.

The total was Initially  $643 including tax and shipping. I already have a disk, a DVD Burner,  and a Haughpauge TV tuner.There’s a $20 rebate for the Silverstone case.

Because I used a Clarkdale CPU, I don’t need a graphics board. When CPU’s and RAM becomes cheaper, I can upgrade later. The Silverstone is built for silent operation, with 2 built-in standard 80mm fans, and I can add more cooling. The power supply has intelligent cooling as well. Yes, I know I spent a lot on the power supply, but I won’t have to upgrade this for years.

The Intel LGA1156 seems like the right decision for now. The LDA 1155 are pricier.  The ASUS EVO board supports FireWire and eSATA. The Asus document Linux Status Report For ASUS Desktop Motherboard says Ubuntu 9.04 is supported. Asus also provides a power calculator.

Hardware Revolution described a HTPC I can build for $500, but other sites warned that an Atom-based motherboard, while cheaper, have to struggle with graphics. The $500 HTPC used an  all-in-one mother board, with a PSU, but the ability to upgrade was limited. What happens when you run out of CPU power?

Upgradability

As I said, I wanted a system that will be able to grow

  • 6 DATA disks (up to 6Gb/s!) w/RAID support. + 2 Sata3 ports (But note that SATA3 support is limited in Linux.)
  • Intel i5, i7, quad core CPU
  • Graphics card
  • Up to 16 GB of RAM
  • HD TV Tuner

Also supported is

  • 2 IEEE 1394 ports (1 on front, one using extra connector at back)
  • 14 USB ports (2 are USB 3.0, and 12 are USB 2.0)
  • Two simultaneous monitors (VGA, DVI, HDMI).
  • 40-pin PR_EIDE for Ultra DMA 133/100/66
  • PS/2 (COM)
  • SPDIF (Digital Audio) (requires connector/port
  • ALC889/ HD Audio (front) – settable by the BIOS

It looks like a good plan. This is the first time I built a PC from scratch. Let’s see how deep this rabbit hole gets.  See Part 2.

, , , , ,

1 Comment

Should I change my name?

Posted by grymoire in Hacking on October 14, 2010

I was thinking of legally changing my last name to </body>. What do you think?

For your entertainment, see Bruce Schneier’s post on the Swedish write-in vote.

Of course, I’m a big fan of Bobby Tables‘s Mom.

1 Comment

The new attack vector – HID

Posted by grymoire in Hacking, Security on September 11, 2010

After attending Black Hat 2010/DEFCON 18, the world-famous hacking convention, I will make a prediction of a large number of attacks using USB devices being discovered for the next few years.

USB drives can be dangerous. If you store sensitive information on one and lose it, you should assume the information will be seen. Hint: encrypt the data.

It’s also a great way for penetration experts to break into a computer system. Leave a USB drive in the parking lot, and install some malware (e.g. using Switchblade)  that executes when the USB drive is plugged into the computer. Presto! And the malware is installed. This works because most computers are set up to automatically run the programs on a USB drive when one is plugged in. This is dangerous, and I suggest you disable this autorun feature. Even worse is the U3 USB drives, which can write into your computer’s registry, or into the filesystem, without asking.  How convenient, especially for the evil-doer. Then again, you can also have a program called “Install” and it’s amazing how many smart people will click this just to see what is on the USB stick.

This autorun “feature” also works on network mapped drives, which is how the Conficker virus spreads. The best solution is to completely disable autorun, which is a tip from US-CERT to prevent viruses from spreading.

Problem solved, right? Not really. I predict that there will be a lot of new attacks on computer systems from a new threat – the keyboard. Or rather, a keyboard-like device.  Or more accurately, a Human Interface Device.

Andrian Crenshaw, AKA IronGeek was given a Phantom Keystroker at Schmoocon 2010. This device acts looks like a USB stick, but acts as a keyboard. It randomly does annoying things like changing CAPSLOCK, moving the mouse, inserting garbage characters. In other words, it’s a great practical joke: it drives the victim crazy. Cool, but a hacker would like to be able to reprogram the device to do more  sinister things. While looking into the possibility, Adrian learned about the Teensy device, which is a low-cost ($18) Arduino-like device that does exactly that.  Adrian started exploring the possibilities with it to attack a computer and I learned about this on pauldotcom. Yes, you do need physical access to the device, but the Teensy is very small, and easy to hide.

Adrian was the first to look into this as far as I can tell. However, at  Black Hat 2010/DEFCON 18, I saw several  presentations all using the HID interface.  Clearly the time has come. The talks were

Unlike a U3 USB drive, a HID (or Human Interface Device) does not require any driver. The HID is typically  a keyboard, or a mouse. It could also be a joystick, a bar code scanner, a camera, a keypad, etc. For more information see the Apple docs and the HID usage Table (PDF). This means the device can  type whatever it wants. In other words, the device acts like an evil secret keyboard, and the operating system allows it to do so. How nice.

Here are some of the things you can do with this technology:

  • Make a device that once every 5 minutes, it moves the mouse one pixel to the left, and then move it one pixel to the right.  If someone expects their computer to lock the screen automatically, the program will prevent it from happening.
  • Run a batch or script file. And Microsoft, bless its heart, has added almost everything you need  to PowerShell, which is standard on newer operating systems. Launch a power shell and change the configuration of the computer. It is limited to 140 characters a second, and the user might see a window pop up. Either wait for them to be out of the room, or misdirect them (drop hot coffee i their lap).
  • Go to a remote website and download and install program.
  • Hook up a wireless interface to it, like Monta did. Wait for the person to be distracted, and press a button, and run a program.
  • Adrian hooked up a photodiode to his device. It waits until the lights turn off before it does anything. Evil likes the dark.

I predict that next year we will find out a lot about ways this technology can be used to compromise computers. There are several reasons for this:

  1. It’s cheap. The software is free, and as I said, the Teensy is $18.
  2. It’s small. Adrian put a device and a hub inside a transparent mouse. The device also had colored LEDs that would flash based on activity. A mouse with flashing LEDs – that’s a cool gift. It also attacked your computer. Many keyboards have built-in hubs. Put one of these inside a keyboard. There’s plenty of room.
  3. It can be reprogrammed to appear to be any device.  Most businesses allow users to swap keyboards and mice. You need some heavy duty paranoid software to detect unusual and unexpected HID devices, which usually means rigid military-like systems.
  4. Since it can pretend to be any device, it is an excellent way to attack device drivers. After all, drivers don’t expect devices to suddenly claim to move a million pixels to the left. But a Teensy device can create events that do this. Every keyboard and mouse driver is now a possible entry (vector) into a computer.
  5. HID events can be sent to the computer even when the screen is locked, and the computer will respond. Richard Rushing showed someone at Microsoft some examples, and they were surprised. Expect a patch for this.

In other words, those that care about security must be careful of what USB devices they plug into a computer. Those clever USB toys you see may really be an evil device.  And it’s hard for the computer to protect itself. We use HID-enabled devices all the time. We can’t just disable the: nothing would work.

Expect that many drivers for USB devices will be found to have security holes, because they never expect those devices to suddenly turn  evil. Already people are finding ways to use this technology. The PS3-Groove uses a Teensy to jailbreak a Playstation PS3.  The TI84 Calculator can also be used to jailbreak the PS3.

Adrian has a new paper on malicious USB devices.

I will update this site as I find out more.

Irongeek gave an update on pauldotcom.

 

And here’s a new example.

 

Update -

Another Teensy-like device, from AdaFruit

http://www.ladyada.net/wiki/products/atmega32u4breakout/index.html?s[]=teensy

Update July 14

Teensy PDF Dropper And Blocking it

, , , ,

No Comments