pmeerw's blog

May 2019

Mon, 20 May 2019

Debugging a WWAN USB stick

What to do when a USB WWAN (UMTS) stick doesn't work? That is, network manager shown broadband as not enabled...

The kernel log looks good: 

[ 3313.057520] usb 2-1: New USB device found, idVendor=0e8d, idProduct=00a5, bcdDevice= 3.00
[ 3313.057528] usb 2-1: New USB device strings: Mfr=9, Product=10, SerialNumber=0
[ 3313.057536] usb 2-1: Manufacturer: MediaTek Inc
[ 3313.085587] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device
[ 3313.086142] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-0000:00:14.0-1, CDC MBIM, d2:9c:37:32:10:73
[ 3313.086885] option 2-1:1.2: GSM modem (1-port) converter detected
[ 3313.087140] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB0
[ 3313.087520] option 2-1:1.3: GSM modem (1-port) converter detected
[ 3313.087654] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB1
[ 3313.087924] option 2-1:1.4: GSM modem (1-port) converter detected
[ 3313.088050] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB2
[ 3313.088322] option 2-1:1.5: GSM modem (1-port) converter detected
[ 3313.090237] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB3
[ 3313.090693] usb-storage 2-1:1.6: USB Mass Storage device detected
[ 3313.143856] cdc_mbim 2-1:1.0 wwp0s20u1: renamed from wwan0
[ 3314.109400] scsi 3:0:0:0: Direct-Access     MEDIATEK  FLASH DISK      6225 PQ: 0 ANSI: 0 CCS
[ 3314.110360] sd 3:0:0:0: Attached scsi generic sg1 type 0
[ 3314.128902] sd 3:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[ 3314.131013] sd 3:0:0:0: [sdb] Attached SCSI removable disk
The ModemManager has a useful command-line tool, mmcli, that can be used to show status of the modem. Try mmcli -v -m 6 where 6 is an index of the modem: 
[20 Mai 2019, 18:56:55] [Debug] ModemManager process found at ':1.2'
[20 Mai 2019, 18:56:55] [Debug] Assuming '6' is the modem index
[20 Mai 2019, 18:56:55] [Debug] Modem found at '/org/freedesktop/ModemManager1/Modem/6'

[20 Mai 2019, 18:56:55] [Debug] Printing modem info...
  --------------------------
  General  |      dbus path: /org/freedesktop/ModemManager1/Modem/6
           |      device id: a67f08189ddc6295ad23160780ebeb06a0925a6c
  --------------------------
  Hardware |   manufacturer: MediaTek Inc
           |          model: Product
           |       revision: UW980_42M_ESMT_V101R01B08
           |   h/w revision: MTK2
           |      supported: gsm-umts
           |        current: gsm-umts
           |   equipment id: 355128006541593
  --------------------------
  System   |         device: /sys/devices/pci0000:00/0000:00:14.0/usb2/2-1
           |        drivers: cdc_mbim, option1
           |         plugin: Generic
           |   primary port: cdc-wdm0
           |          ports: ttyUSB0 (at), ttyUSB1 (at), cdc-wdm0 (mbim), wwp0s20u1 (net)
  --------------------------
  Status   |          state: failed
           |  failed reason: sim-missing
           |    power state: on
           | signal quality: 0% (cached)
  --------------------------
  Modes    |      supported: allowed: 2g, 3g; preferred: none
           |        current: allowed: any; preferred: none
  --------------------------
  IP       |      supported: ipv4, ipv6, ipv4v6
In this case, the SIM card seem to be missing (failed reason: sim-missing); or defective rather.

posted at: 21:26 | path: /configuration | permanent link

Sat, 18 May 2019

New PC build: Ryzen 5 2400G

I got a AMD Ryzen 5 2400G, Asus X370-A Prime mainboard, a pair of G.Skill F4-3000C16D (Aegis) 8 GB DDR4 RAM modules, a AData XPG SX8200 512 GB NVMe SSD (M.2-2280), be quiet Pure Power 11 400W power supply, all in a Chieftec Elox HC-10b case.

So far, so good; RAM is working at 3000MHz, CPU slightly overclocked at 3750 MHz.

The particular mainboard has two PCI slots (hard to find these days :-), and can take up to 4 RAM modules (max. 64 GB).

posted at: 19:03 | path: /review | permanent link

Thu, 16 May 2019

Epson ET-2710

Epson has a line of EcoTank inkjet printers which promises to bring the ink cost down thanks to ink tanks that can be poured into the printer, no ink cardridges. The printer is about 230 € (May 2019).

It is a multi-function device, i.e. printer/scanner/copier, with several limitations: no fax, no duplex, no automatic document feeder, no card reader. Higher priced models add these features. The printer does WiFi and WiFi Direct -- installation is a bit cumbersome due to the lack of a display.

Linux support is acceptable, Epson provides PPD files which integrate nicely with lsb, but does not support those files. Hard to find: http://download.ebz.epson.net/dsc/search/01/search/?OSC=LX Tested with Ubuntu 18.04.

The scanner part is also supported, I've so far tested the network support (should also work over USB): http://support.epson.net/linux/en/imagescanv3.php. Tested with Ubuntu 19.04.

posted at: 17:05 | path: /review | permanent link

Sat, 04 May 2019

Rewriting Windows binary with Python's pefile

Using Python module pefile to rewrite a Windows PE/PE+ file (I think both 32-bit and 64-bit are supported, tested 64-bit only). The goal is to append a new section, change the executable's entry point to the new section, jump back to the original entry point (OEP). 

#!/usr/env python3

import pefile

def adjust_SectionSize(sz, align):
  if sz % align: sz = ((sz + align) // align) * align
  return sz

pe = pefile.PE('../hello.exe')

last_section = pe.sections[-1]

new_section = pefile.SectionStructure(pe.__IMAGE_SECTION_HEADER_format__)

# fill with zeros
new_section.__unpack__(bytearray(new_section.sizeof()))

# place section header after last section header (assume there is enough room)
new_section.set_file_offset(last_section.get_file_offset() + last_section.sizeof())

new_section.Name = b'.test'
new_section_size = 100

new_section.SizeOfRawData = adjust_SectionSize(new_section_size, pe.OPTIONAL_HEADER.FileAlignment)
new_section.PointerToRawData = len(pe.__data__)

new_section.Misc = new_section.Misc_PhysicalAddress = new_section.Misc_VirtualSize = new_section_size
new_section.VirtualAddress = last_section.VirtualAddress + adjust_SectionSize(last_section.Misc_VirtualSize, pe.OPTIONAL_HEADER.SectionAlignment)

new_section.Characteristics = 0x40000000 | 0x20000000 | 0x20 # read | execute | code

# create new section data containing jump to OEP
reljmp = pe.OPTIONAL_HEADER.AddressOfEntryPoint - (new_section.VirtualAddress + 5)
print('rel jmp %08x' % (reljmp))
new_section_data = bytearray(new_section.SizeOfRawData)
new_section_data[0] = 0xe9
new_section_data[1:4] = reljmp.to_bytes(4, byteorder='little', signed=True)

# change address of entry point to beginning of new section
pe.OPTIONAL_HEADER.AddressOfEntryPoint = new_section.VirtualAddress

# increase size of image
pe.OPTIONAL_HEADER.SizeOfImage += adjust_SectionSize(new_section_size, pe.OPTIONAL_HEADER.SectionAlignment)

# increase number of sections
pe.FILE_HEADER.NumberOfSections += 1

# append new section to structures
pe.sections.append(new_section)
pe.__structures__.append(new_section)

# add new section data to file
pe.__data__ = bytearray(pe.__data__) + new_section_data

pe.write('../hello_patched.exe')

posted at: 10:33 | path: /programming | permanent link

Fri, 03 May 2019

Running x64dbg on Linux (wine)

x64dbg is an open-source x64/x32 for Windows, somewhat following the famous OllyDbg, but a lot more modern. This is based on the latest version of April 30, 2019.

Trying with Ubuntu 18.04 (wine 3.0-1ubuntu1) fails, running winetricks vcrun2013 helps a bit, however, x64dbg then fails when loading an executable (see bug report).

Using the wine-development package provides wine 3.6, and x64dbg works somewhat -- hurray.

posted at: 23:56 | path: /programming | permanent link

Made with PyBlosxom