Differences

This shows you the differences between two versions of the page.

--- project:kernellab [2019/07/16 10:18] – created maxfx
+++ project:kernellab [2020/04/19 16:31] (current) – maxfx
@@ Line 1: / Line 1: @@
+{{template>:project:infobox | name=KernelLAB | image=freebsd.jpg?200| sw=BSD| hw=BSD| status=suspend| founder= [[user:maxfx]]| interested=[[user:ctxz]]\\ [[user:ruza]]\\ [[user:malanius]]\\ [[user:rainbof]]\\ [[user:ray]]\\ [[user:corgi]\\ [[user:foonix]] }}
-{{template>:project:infobox | name=KernelLAB | image=freebsd.jpg?200| sw=BSD| hw=BSD| founder= [[user:maxfx]]| interested=[[user:ruza]]\\ [[user:malanius]]\\ [[user:rainbof]]\\ [[user:ray]]\\ [[user:foonix]] \\ [[user:ctxz]] | status=active }}
 ~~META:
-status = active
+status = suspend
 &relation firstimage = :project:freebsd.jpg
 ~~
-======= KernelLAB =======
+======= The KernelLAB =======
-<WRAP center round todo 60%>
+* **A Lab for everyone to participate in**
-TODO: Next Kernel, New OS, Reverse engineering  ...
-</WRAP>
-====== Goals and ideas project KernelLAB ======
+* Kernel to every family
- * More information about Kernels, OS Systems, network layer, how to porting
+* Provide more insight about the architecture of kernels, operating systems, network layers, and porting
- * Porting or Run kernel for other unfriendly android mobile phones, tablets, Embedded system
+* Porting or running kernels on android phones, tablets and other various embedded systems
+* Developing our own Kernel, new operating systems, Reverse Engineering, Security, ACPI, EFI,
+===== Contact us! =====
+Core Team to table -> interested
+====== BSD Way ======
+ * Why BSD ? THe BSD kernel has many interesting features for hacking and tuning, as well as optimization
- * More routers with BSD
+ * [[https://brmlab.cz/project/kernellab/bsd | BSD Way - Introduction]]
+===== Project -  Making a new FreshPorts - ITS DONE =====
+==== Goals and ideas of this project ====
-====== Introduction to BSD ======
+ * More information about packages for FreeBSD and for users other operation system.
- * Last project with BSD kernel
+ * Record is on page talknight and slide is here: https://brmlab.cz/_media/event/maxfx-freebsd_ports.pdf
-[[https://brmlab.cz/project/bsd/freebsd | General information about FreeBSD]]
+ * Freebsd-how-to-make-a-new-package:  [[https://mirror.vpsfree.cz/videohrach/video/brm/lightning_talks/lt-2018-08/2018-08-02-freebsd-how-to-make-a-new-package.mp4]]
-======= Project One - Making a new FreshPorts - It DONE =======
+===== Project - Goodbye android! - ITS DONE =====
-===== Goals and ideas project =====
- * More information about package for FreeBSD and for users other operation system.
- * Information how make a new ports to mainstream
+==== Goals and ideas of this project  ====
+ * In this project we attempt to boot and install BSD on the Medion P10356 tablet, which houses a Intel® Atom™ Z3735F CPU (Bay Trail) and comes with Android installed by default
- * More information also [[https://brmlab.cz/project/bsd/freebsd#making_a_new_port | making a new port]]
+==== Challanges ====
+ * Altough the tablet houses an x86_64 architecture CPU, it does not expose its UEFI menu and hence does not allow anyone to boot from an external drive.
- * record is on page talknight and slide is here: https://brmlab.cz/_media/event/maxfx-freebsd_ports.pdf
+==== How we hacked the device ====
-======= Project Two - Welcome to router - 10% =======
+{{ :project:kernellab:img_20190815_221602.jpg?400|}}
-===== Goals and ideas project =====
+After countless odd attempts to enter the UEFI menu (such as attaching an external keyboard and pressing a bunch of F- keys), we believed that we had to replace the Android bootloader ([[https://firmware.intel.com/blog/linux-efi-boot-stub | Intel Boot Stub]]) with a standard UEFI Linux bootloader, such as Grub, or a universal bootloader, such as U-Boot. This would be a very difficult and risky process, since tampering with the bootloader can easily result in a hard-brick. At around this point we also popped open the device and searched for a UART header, which we found, yet never ended up being able to obtain data from. After some research we have quickly realised that the "easiest" way to port U-Boot onto an android device is to flash it as a boot image, so that it is chainloaded by the android bootloader. For this to be possible, we also had to root the device in order to obtain valuable information. Fast forwards and we found a somewhat working version of TWRP which booted on our device, but refused to expose the ADB shell and failed to mount certain partitions.
- * Run FreeBSD OS on routers
- * I am preparing talk to taklnight
-======= Project Three - BSD monitoring =======
+Our plan was to fix the semi-working TWRP recovery by unpacking it, and substituting the kernel image with that of the stock recovery. Typically, whenever flashing a recovery or kernel to the tablet, we would reboot the device into bootloader mode, either by holding down the volume down button at start, or simply executing:
-===== Goals and ideas project =====
+<code>adb reboot recovery</code>
-Monitoring BSD family for security issues, patches between bsd family.
+via adb. This would typically put the tablet into "fastboot" mode where it would display a Android lying on its back, however this time it simply displayed:
-More information about patches and issues between FreeBSD, OpenBSD, NetBSD and  next ...
+<code>
+Entering DnX mode.
+Awaiting fastboot command...
+</code>
+Meaning the device entered "Intel DnX mode" which is a mode that exposes a minimal fastboot interface and allows the [[https//01.org/node/2463 | Intel® Platform Flash Tool]] to perform a full factory reset.
-=== FreeBSD ===
+Since we simply wanted to flash our patched recovery, we attempted to execute:
- * Security advisores https://www.freebsd.org/doc/handbook/security-advisories.html
- * https://vuxml.freebsd.org/freebsd/
+<code>
+fastboot flash recovery patched-recovery.img
+</code>
-=== OpenBSD ===
+However, as already mentioned, the fastboot interface exposed by the Intel DnX mode is limited, and thus the command failed.
- * OpenBSD advisores [[https://www.openbsd.org/security.html]]
+Here is where the fun begins...
-=== NetBSD ===
+If flashing recovery from the DnX mode was not an option, perhaps booting into it might work, and so we tried:
- * NetBSD advisores [[https://www.symantec.com/connect/articles/recent-security-enhancements-netbsd]]
+<code>
+fatboot boot patched-recovery.img
+</code>
- * [[https://linux.slashdot.org/story/16/10/29/1620236/netbsd-project-releases-netbsd-702?sdsrc=rel]]
+And suprise suprise, while we did not boot into TWRP, we booted into something much nicer, and that is, the devices UEFI menu :)
-=== DragonFly ===
+From here it was a simple piece of cake. The first thing we did was to disable quick boot and quiet boot. Now the device would no longer display the MEDION logo upon boot, but rather a boot screen that allows you to enter the UEFI settings by pressing ESC at boot. Then we flashed a FreeBSD, Linux distribution onto our SD card and attempted to boot into it. Oddly, that did not work (perhaps we didn't use the correct partition table?), however we never found out since we accidentally broke the sdcard slot after that (Good job CTXz...). Desperate to continue we searched for a USB hub (the only USB 2.0 port was already reserved by our keyboard as the touchscreen doesn't work) or micro USB to USB converter. Thankfully we found an old keyboard that has a USB hub embedded. After flashing BSD onto a USB stick we inserted it into the keyboard, and voila, an entry for the USB was shown in the UEFI boot options. After a few minutes of waiting, likely due to the speed of the USB hub, BSD successfully booted :).
- * DragonFly advisores
+TL;DR;
+We accidentally discovered that you can boot into the hidden UEFI settings by attempting to boot into a boot- or recovery image in the DnX fastboot mode.
-======= Project Four - Goodbye android! - work in progress =======
+{{ :project:kernellab:img-20190720-wa000000000.jpeg?400|}}
-===== Goals and ideas project  =====
+==== Steps to enter the UEFI settings on your MEDION P10356 ====
- * First idea is ,that run kernel on android tablet
-======= Project Five - KernelCOn, BSDCON, BSDdays in prague =======
+  - Reboot into fastboot mode
+  - Flash the following TWRP image: https://drive.google.com/open?id=1-GK9W-l42V035VrPbPEhUm4ypoYzC8Bw
+  - Boot into TWRP
+  - Reboot into fastboot mode once again, this time the tablet will boot into Intel DNX fastbot mode
+  - Attempt to boot into the TWRP image (altough any other image will do too) via 'fastboot boot <YOUR IMAGE>'
+  - The tablet should now enter the UEFI settings
+  - Optionally, from the settings you may disable "UEFI fast boot", which will allow you to enter the BIOS by pressing ESC during boot
-===== Goals and ideas project  =====
+==== Restoring the UEFI Firmware ====
- * Kernel, BSDdays motivation talk about serurity problem, features ...
+{{ :project:kernellab:img_20190815_221322_1.jpg?400|}}
-====== OpenBSD ======
+While we attempted to install FreeBSD, OpenBSD and Linux onto the tablet we had accidentally disabled the internal graphics card within the UEFI settings (this comes from the fact that users should not even be able to access the UEFI settings). Unfortunately, after that we were no longer able to change UEFI settings back, as the display was now simply blank. Out of desperate hope, we dumped the UEFI ROM from SPI chip, and attempted to re-enable the internal GPU by altering the UEFI binary. Thankfully, this was not necessary after we found a stock UEFI binary in the MEDION P10356 recovery package that can be obtained from [[https://www.medion.com/de/servicebackend/_lightbox/software_details.php?did=16956 | here]] (look for ifwi.bin). After flashing the UEFI binary from the recovery package via SPI using a RPi, the UEFI settings were reset and the display worked again.
-===== Goals and ideas project =====
-** OpenBSD ** The practical paranoid
-====== DragonFly ======
-** DragonFly ** Hacking cluster and HAMMER2 filesystem