Text cleanup

This commit is contained in:
2017-01-16 12:53:52 -05:00
committed by GitHub
parent 467c0127af
commit 9ed7833c55

View File

@@ -24,7 +24,7 @@ It works automatically on Windows, Linux and MacOs without any user interaction
</li>
<li>In the poisontap folder, replace the <i>pi_startup.sh</i> file with mine
<br/>
<code>mv -f hackpi/pi_startup.sh poisontap/</code>
<code>mv -f HackPi/pi_startup.sh poisontap/</code>
</li>
<li>Copy or clone <a href="https://github.com/lgandx/Responder">Responder</a> into your user's home folder (usually /home/pi)
<br/>
@@ -32,7 +32,7 @@ It works automatically on Windows, Linux and MacOs without any user interaction
</li>
<li>Move the umap folder from my repository into your user's home folder (usually /home/pi)
<br/>
<code>mv hackpi/umap ~</code>
<code>mv HackPi/umap ~</code>
</li>
</li>
<li>(optional) Make a backup of the <i>dwc2.ko</i> file in <b>/lib/modules/4.4.38+/kernel/drivers/usb/dwc2</b>
@@ -47,27 +47,27 @@ It works automatically on Windows, Linux and MacOs without any user interaction
<ul>
<li><i>config.txt</i>, located in /boot
<br/>
<code>sudo mv -f hackpi/config.txt /boot/</code>
<code>sudo mv -f HackPi/config.txt /boot/</code>
</li>
<li><i>modules</i>, located in /etc
<br/>
<code>sudo mv -f hackpi/modules /etc/</code>
<code>sudo mv -f HackPi/modules /etc/</code>
</li>
<li><i>rc.local</i>, located in /etc
<br/>
<code>sudo mv -f hackpi/rc.local /etc/</code>
<code>sudo mv -f HackPi/rc.local /etc/</code>
</li>
<li><i>isc-dhcp-server</i>, located in /etc/defaults
<br/>
<code>sudo mv -f hackpi/isc-dhcp-server /etc/defaults</code>
<code>sudo mv -f HackPi/isc-dhcp-server /etc/defaults</code>
</li>
<li><i>dhcpd.conf</i>, located in /etc/dhcp
<br/>
<code>sudo mv -f hackpi/dhcpd.conf /etc/dhcp</code>
<code>sudo mv -f HackPi/dhcpd.conf /etc/dhcp</code>
</li>
<li><i>interfaces</i>, located in /etc/network
<br/>
<code>sudo mv -f hackpi/interfaces /etc/network</code>
<code>sudo mv -f HackPi/interfaces /etc/network</code>
</li>
</ul>
</li>
@@ -81,37 +81,37 @@ For troubleshooting, you should be able to connect to your Raspberry Pi via the
<h2>How it works</h2>
<h3>Creating the ethernet gadget</h3>
The really simple way to do this on the Pi is to follow <a href="https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget/ethernet-gadget">this guide</a> and use `g_ether` kernel module. However, this is the old way of doing it and it would definitely not work at all on Windows. During all my test, the gadget was systematically recognized as a COM3 device. I couldn't even force newer versions of Windows (10) to use an Ethernet driver. Also, it's impossible to emulate more than one device at the same time.
The really simple way create a gadget on the Pi is to follow <a href="https://learn.adafruit.com/turning-your-raspberry-pi-zero-into-a-usb-gadget/ethernet-gadget">this guide</a> and use `g_ether` kernel module. However, `g_ether` is a legacy module that definitely does not work on Windows. During all my tests, the gadget was systematically recognized as a COM3 device. I couldn't even force newer versions of Windows (10) to use an Ethernet driver. Also, it's impossible to emulate more than one device at the same time.
So, I started with this <a href="http://isticktoit.net/?p=1383">great guide</a>, and used the `libcomposite` kernel module. This is far more advanced as it allows precise configuration of the gadget, as well as giving the ability to emulate more than one device at the same time.
I then found with this <a href="http://isticktoit.net/?p=1383">great guide</a>, which uses the `libcomposite` kernel module. This is far more advanced as it allows precise configuration of the gadget, as well as giving the ability to emulate more than one device at the same time.
I used an Ethernet gadget adapter as well as the serial adapter configuration. The serial adapter is very very useful, especially while testing the Ethernet configuration, as if you make a breaking change and can't ssh back to your Raspberry Pi Zero, you still can use the console: <br/>
I created an Ethernet gadget adapter as well as the serial adapter in a single configuration. The serial adapter is very very useful, especially while testing the Ethernet configuration, as if you make a breaking change and can't ssh back to your Raspberry Pi Zero, you still can use the console: <br/>
`sudo screen /dev/ttyACM0 115200`
To make the Ethernet gadget work on Windows, I used a little trick. When it's starting the adapter, it will look in its .inf files for a matching driver based on idVendor and idProduct (as well as bcdDevice for revision). Knowing this, I used <br/>
To make the Ethernet gadget work on Windows, I used a little trick. When Windows is communicating with the adapter, it will look in its .inf files for a matching driver based on idVendor and idProduct (as well as bcdDevice for revision). Knowing this, I used <br/>
```
echo 0x04b3 > idVendor
echo 0x4010 > idProduct
```
so that Windows would load its generic RNDIS driver <i>netimm.inf</i>.
However, this still wouldn't work for me, even though it appeared to be working for other people. Windows would load the drive but fail to start the adapter with a code 10 error.
However, this still wouldn't work for me, even though it appeared to be working for other people. Windows would load the driver but fail to start the adapter with a code 10 error.
Browsing a bit (a lot...) I determined that Windows would only reliably work with a RNDIS configuration. So I added an new configuration designed to emulate the RNDIS function. This configuration had to be the first one defined for Windows to work. Linux and Mac are smart enough to ignore it and load the seconde one, the CDC ECM configuration.
And lo and behold, it worked! Windows correctly loaded the driver and the adapter, with no manual intervention. But, it now didn't work on Linux anymore... great.
Browsing a bit (a lot...) I determined that Windows would only reliably work with a RNDIS configuration. So I added a new configuration designed to emulate the RNDIS function. This configuration had to be defined first for Windows to work. Linux and Mac (supposedly) are smart enough to ignore it and load the second one, the CDC ECM configuration.
And lo and behold, it worked! Windows correctly loaded the driver and the adapter, with no manual intervention. Unfortunately it didn't work on Linux anymore... great.
<h3>Bridge interface</h3>
I realized (thanks to the serial console) that each configfs configuration creates a new network interface (usb0, usb1 and so on). However, all the servers were listening exclusively on usb0, which was assigned to the RNDIS configuration. Linux ignored this configuration to load the CDC ECM one, where no servers (especially ISC-DHCP) were listening and no routes nor iptables rules were added.
The easy solution would have been to duplicate everything, but I decided to create a bridge interface instead, <code>br0</code>, which would be the master of all usbX</code> interfaces. Then, I would make the servers listen on that interface, as well as add the routes and iptable rules.
The easy solution would have been to duplicate everything, but I decided instead to create a bridge interface, `br0`, which would be the master of all `usbX` interfaces. Then, I would make the servers listen on that interface, as well as add the routes and iptable rules.
After a bit of fiddling around, it worked!
My gadget was now automatically recognized by Windows and Linux, without having to change anything to the configuration files. But, as there is always a but, you may have noticed that I stopped talking about Mac... and this is because since version 10.11, MacOs is no longer smart enough to load the CDC ECM configuration if it isn't the first one! I now needed a way to make the gadget recognize the host it was connected to via USB fingerprinting, so that I could better configure libcomposite.
My gadget was now automatically recognized by Windows and Linux, without having to change anything to the configuration files. Unfortunately (bis...) the gadget stopped working on MacOs, and this is because since version 10.11, it's no longer smart enough to load the CDC ECM configuration if it isn't the first one! I now needed a way to make the gadget recognize the host it was connected to via USB fingerprinting, so that I could better configure `libcomposite`.
<h3>OS fingerprinting</h3>
This is where the fun began. I had two big issues to overcome:
<ol>
<li>Find a way to dump, trace or sniff USB traffic on a USB controller set as a device</li>
<li>Find a way to dump, trace or sniff USB traffic on a USB controller set up as a device</li>
<li>The chicken and the egg problem: to trace USB traffic, the gadget needed to be set up, but to be set up correctly, I needed to trace USB traffic...</li>
</ol>
@@ -124,7 +124,7 @@ Clearly, this is not the most elegant way to do it, but I:
<li>Didn't want any other debugging messages</li>
</ul>
So, I made my change, recompiled the module, replaced the standard one with this one, and finally! I could see the USB Setup Requests in dmesg.
So, I made my change, recompiled the module, replaced the standard one with this one, and finally! I could see the USB Setup Requests in `dmesg`.
I now had to tackle on the next issue: the messages would only be shown when the gadget was initialized. But I wanted to see those messages before initializing the gadget so that it could be set properly!
So I got the idea: what if I loaded a "dummy" gadget at boot, let it generate USB trace data, then disable it and activate the "real" gadget? <br />