AlertMe Hub - Yes, it's Linux

Extending the system, interesting uses and API twiddling.
tfm55x
Posts: 1
Joined: Mon Oct 07, 2013 6:57 pm

Re: AlertMe Hub - Yes, it's Linux

Post by tfm55x » Mon Oct 07, 2013 7:13 pm

duncanmcbryde wrote:Hi guys, I'm playing around with the Alertme nanohub. I thought I'd share with the community a bit on how to get to the linux command prompt, as I was struggling to follow Sorphin's steps to get to the command line. Perhaps someone will find the steps handy
.
.
<snip>
.
.


I noted the output of configure, in case it may be useful to me or someone else

Code: Select all

hubOsCmd : linux
linuxCmd : console=ttyAM1,115200 root=/dev/mtdblock3 rootfstype=yaffs2,ext2
appSvr1 : hubsrv1.ash.uk.alertme.com:443
appSvr2 : hubsrv1.ash.uk.alertme.com:443
imgSvr1 : imgsrv1.ash.uk.alertme.com:443
imgSvr2 : imgsrv2.ash.uk.alertme.com:443
tstSvr1 : imgsrv1.ash.uk.alertme.com:443
tstSvr2 : imgsrv2.ash.uk.alertme.com:443
deployId : 1
built : 2011/05/20-17:02:03_by_00@InTech_for_AlertMe.com
macAddr : 00:1C:2B:01:D2:8D
ipAddr : 0.0.0.0 (auto)
SIMICCID : 
APN : 
spiKeys : good keys
Use "configure" to boot into a shell without requiring the password

Code: Select all

configure linuxCmd console=ttyAM1,115200 root=/dev/mtdblock3 rootfstype=yaffs2,ext2 init=/bin/sh rw
Boot into linux with the linux command, and you should find yourself sitting at a busybox shell

Code: Select all

Loading linux...
MD5 checksum passed
Operator key passed
Loading ramdisk...

<Snip>

BusyBox v1.4.1 (2011-05-31 17:52:47 BST) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

/bin/sh: can't access tty; job control turned off
/ $
If you are using the Lowe's Iris hub, take note of the following default settings (via configure cmd):

Code: Select all

hubOsCmd : linux
linuxCmd : console=ttyAM0,115200 root=/dev/mtdblock3 rootfstype=yaffs2,ext2
appSvr1 : hubserver.irissmarthome.com:443
authSvr : auth.irissmarthome.com:443
imgSvr1 : imgserver.irissmarthome.com:443
imgSvr2 : 
tstSvr1 : imgserver.irissmarthome.com:443
tstSvr2 : 
deployId : 2
built : 
ssh : off
macAddr : 00:1C:2B:02:81:55
ipAddr : 0.0.0.0 (auto)
spiKeys : good keys
In particular, note this one important change to duncanmcbryde's 'configure LinuxCmd' string (the console is on ttyAM0, instead of ttyAM1):

Code: Select all

configure linuxCmd console=ttyAM0,115200 root=/dev/mtdblock3 rootfstype=yaffs2,ext2 init=/bin/sh rw

habile2
Posts: 6
Joined: Mon Aug 20, 2012 4:38 pm

Re: AlertMe Hub - Yes, it's Linux

Post by habile2 » Sat Oct 19, 2013 4:09 pm

tickett wrote:Damn, my AlertMe hub that came with my home energy pack doesn't have ssh(d). But I was able to patch into the console the way you described and change the root password.

Any clever ideas how I might get sshd running? It does have wget on- but i'm not sure if such a thing as a precompiled dropbear/sshd exists?
I'm not sure about 'clever' but the closest I could get was enabling telnet. For sshd I think you'd need a replacement BusyBox.

For telnet here's what worked for me:

- Added /usr/sbin/inetd to /etc/init.d/rc.network start()
- Created /etc/inetd.conf with a single line: telnet stream tcp nowait root /usr/sbin/telnetd telnetd

There is also a user 'default' with no password. So rather than change the root password I added another user with same UID/GID of 0/0 that I could 'su' to.

C.

duncanmcbryde
Posts: 3
Joined: Sat Jul 20, 2013 1:43 pm

Re: AlertMe Hub - Yes, it's Linux

Post by duncanmcbryde » Sun Nov 03, 2013 5:24 pm

Hi Guys,

I started playing around with the alertme hub, but then Real Life (TM) got in the way and I set it aside for quite a while without progress. I'm attempting to dump the memory with the alterme hub, and now I'm truly outside my comfort zone :) I'm using the "dump" command in the boot environment and I'm seeing a lot of empty memory. The output looks like

Code: Select all

HubBoot v1.01, processor ID 9231EF52
Cold reset
HubOS v0.71 Copyright (C) AlertMe.com 2007-09
>
Bad reset count : 0
Loading system from NAND in 5 seconds
[OS] Mains power now on
System Start aborted
>dump 0 ffffffffff

00000000 92 53 00 00 FF FF FF FF 03 00 00 00 00 00 00 00 .S..............
00000010 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000020 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000080 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000090 00 00 00 00 00 00 00 00 05 00 00 00 FE 5A FE 5A .............Z.Z
000000A0 44 41 47 4A 00 00 00 00 FF FF FF FF 40 00 00 00 DAGJ........@...
000000B0 40 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 @...............
000000C0 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................

<snip>
..
00000270 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
00000280 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
...

00000640 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
And repeats between 00 and FF. I guess I'm only dumping a small section of the memory so far. I'm reading through the manual for the Cirrus Logic microcontroller and found this

From http://www.cirrus.com/en/pubs/manual/EP ... de_UM1.pdf
4.1.1.1 Memory Map
The normal Boot ROM base address base is 0x8009_0000. It will alias on 16 kbyte intervals.
When internal boot is active, the Boot ROM is double decoded and appears at its normal
address base and at address 0x0000_0000. At address 0x0000_0000 plus the current offset,
the Boot ROM can write the BootModeClr bit to remap itself back to 0x8009_0000 plus the current
offset. Execution then continues with the instruction at the next Boot ROM address in
0x8009_0000 space.
I can either attempt to spend the next few days attempting to dump all the memory, or I could attempt to dump from some specific memory locations. However I'm not quite sure how to specify the dump locations I'm going to have a bit more of a play. Perhaps someone can point me towards some firmware dumping guide?

Thanks, Duncan

duncanmcbryde
Posts: 3
Joined: Sat Jul 20, 2013 1:43 pm

Re: AlertMe Hub - Yes, it's Linux

Post by duncanmcbryde » Wed Nov 06, 2013 1:25 pm

Here's the (incomplete) output of the dump command in Bzip2 format. I left the dump command run for about 20 hours while recording the terminal and saving to a text file. The uncompressed text file is 622 MB, which is a bit large to post! I tried uploading a bzip compressed file to this board, but it crashed. XZ has the best compression on linux and should work on unix systems and 7-zip. This board does not allow .xz files to be posted, so I uploaded it to dropbox.

https://dl.dropboxusercontent.com/u/4161065/dump.hex.xz

Here's MD5sum for file integrity

Code: Select all

e35e946ed337d5981c415dbccff670b6  dump.hex
dea9bfae277441a1a8442cafb57dc338  dump.hex.xz

hsmade
Posts: 1
Joined: Sat Feb 01, 2014 2:54 pm

Re: AlertMe Hub - Yes, it's Linux

Post by hsmade » Sat Feb 01, 2014 2:56 pm

Just activated the console on my nano x5. To get ssh running, just type:
config spiflash.ssh 1
/etc/init,d/rc.sshd start

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest