quantium cracking

i just finished listening to “Episode 176: Quantum Computing” [1] and this is really a great podcast. like the whole SE-Radio btw!

this podcast really inspired me and on the way back from work, i was thinking about the possibility to exploit software using quantum computing.

quantum cracking that is. it would work like this: assume you have a program or function which gets input. the ultimate goal is to find some input which will crash the program. using a quantum computer this is probably not that hard to compute.
i could imagine that quantum computing could also be used for software verification, which is actually quite the opposite of what quantum cracking would be.

so when quantum computers arrive we do not only lose AES/RSA but our computers will be open to everyone with such a system. hopefully such systems spread soon, which might compensate the negative effect, maybe with quantum cryptography.

but as martin laforest says: at the end of the day i still don’t know when this technique will arrive. but when it arrives it will turn security upside down.

the most promising aspect of quantum computing, which is mentioned in the podcast, is that it will enable detailed quantum research which i consider a very cool thing as it will help to understand what goes down there.




what is this

since i might require such an setup more often i post it here, so i don’t forget it (see [1]).

this guide works great for fdisk+mdadm+LVM but it did not work for parted lately using ubuntu server. i don’t know why, maybe because of the raid controller?

in case someone removes the commands from the nixos wiki, here are the commands again:

  mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1

  pvcreate /dev/md0
  vgcreate myvolgrp /dev/md0
  lvcreate -L 1G -n boot myvolgrp
  lvcreate -L 5G -n system myvolgrp

  mkfs.ext4 -n boot /dev/myvolgrp/boot
  mkfs.ext4 -n system /dev/myvolgrp/system

  mount -L system /mnt
  nixos-option --install

  cat /etc/nixos/configuration.nix
    { mountPoint = "/";
    { mountPoint = "/boot";

advantages of this setup

  • no special partition required either something like /dev/sda1 or /dev/sdb1 where /boot would be placed on
  • LVM can be used for anything
  • still mdadm is below, which is a good thing
reminds me though that i should check if /etc/nixos/configuration.nix is capable of installing grub in several partitions already. usually it is only installed in /dev/sda given by this example:
   boot.loader.grub = {
    # Use grub 2 as boot loader.
    enable = true;
    version = 2;

    # Define on which hard drive you want to install Grub.
     device = "/dev/sda"; # here is only one partition given


[1] https://nixos.org/wiki/Soft-RAID_mdadm_(/dev/md0),_LVM_(PVs,VGs,LVs)

[2] https://nixos.org/wiki/Encrypted_Root_on_NixOS

what is this?

i bought an UPS with two ports: serial and usb. and because i did not know much about the UPS (AEG – PROTECT HOME VA 600) i started to look at the communication protocol. turns out there are lots of good tools for serial line interception but nearly none for the usb stuff. sadly the driver i wrote isn’t needed at all as an email to the nut-ML revealed that this UPS uses the Q1 protocol which is already supported pretty well using the blazer_usb and blazer_ser module.

anyway it was pretty interesting to hack on NUT using debian and later nixos. so here is a guide how to log/analyze serial traffic and how to write a simulator for either side.

and not to forget: thanks to Arnaud Quette for his ups/nut support. there is also a brief nut setup introduction, see [1].

sniff serial port data between UPS and PC

  1. set serial settings to:
    – enable serial port
    – port number com 1 irq 4 io port 0x3f8
    – port mode: host device
    – port/file path: /tmp/interceptty
  2. maybe correct the permissions to /tmp/interceptty
  3. interceptty -s ‘ispeed 2400 ospeed 2400’ -l /dev/ttyS0 | tee mylog | interceptty-nicedump
  4. on the linux host:
    tail -F mylog | grep “<“
  5. start virtualbox vm with a windows xp installed
     ignore this virtualbox warning: “Ioctl failed for serial device ‘/tmp/interceptty’ (VERR_INVALID_PARAMETER). The device will not work properly.”. it works anyway, at least on my system (using ubuntu 10.10 with standard virtualbox).

using the virtual python UPS

  1. on the server side open /dev/remserialVM
    remserial -d -p 23000 -s “2400 raw” -l /dev/remserialVM /dev/ptmx 
  2. on the client side (same host), do:
    remserial -d -r -p 23000 -s “2400 raw” -l /dev/remserialPY /dev/ptmx
  3. chmod 0777 /dev/remser*
  4. change the virtualbox serial settings:
    – port mode: host device
    – port/file path: /dev/remserialVM
  5. then format a ‘message’ with a hexeditor also called “hexeditor”
  6. start the vm
  7. then send the formated message:
    cat message > /dev/remserialPY
  8. if the message was received by the windows ups monitoring software (it will think that the message it received originated from the UPS and not that it was crafted manually)
note: instead of manually sending messages, i also used the script: ./simulate-ups.py which does that automatically.
note: simulate-ups-monitor.py can be used in an analog way but simply using the ups with a real serial port. i should mention btw, that i was using both a usb2serial adapter and an old computer which still contains one of those ancient serial ports.


import serial
ser = serial.Serial('/dev/remserialPY', 2400)

line = ''

def process_command(cmd):
        print " < incomming: " + cmd
        if cmd == "Q1":
                print "REQUEST FOR DATA FROM USV"
                n = ("20").decode("hex")
                d = ("0d").decode("hex")
                a = ("28").decode("hex") + \
                    "000.0" + n + \
                    "000.0" + n + \
                    "000.5" + n + \
                    "005" + n + \
                    "00.0" + n + \
                    "00.6" + n + \
                    "25.0" + n + \
                    "00000001" + d

while True:
        ch = ser.read(1)
        if ch == "\x0d":
                line = ''
                line = line + ch


import serial
import re
import time
import sys

ser = serial.Serial('/dev/ttyS0', 2400)
#, serial.EIGHTBITS, serial.PARITY_NONE, serial.STOPBITS_ONE, 0)

line = ''

def write(cmd):
        #print "sending " + cmd;

def print_status(status):
                print "status is: Unknown|LostCom|Normal|ScheduledShutdown|60SecsShutdown|ActiveShutdown|CriticalPowerFail: " + status

def process_command(cmd):
        valid = re.compile(r"\([0-9][0-9][0-9].[0-9] [0-9][0-9][0-9].[0-9] [0-9][0-9][0-9].[0-9] [0-9][0-9][0-9] [0-9][0-9].[0-9] [0-9][0-9].[0-9] [0-9][0-9].[0-9] [01][01][01][01][01][01][01][01]")
        if valid.match(cmd):
                #print status + " : VALID REPLY FROM USV   ->    " + cmd
                #(239.5 239.5 235.6 000 49.9 13.6 25.0 00001001
                netz_eingang=cmd.split(' ')[0].lstrip('(')
                netz_unknown=cmd.split(' ')[1]
                netz_ausgang=cmd.split(' ')[2]
                percent=cmd.split(' ')[3]
                hz=cmd.split(' ')[4]
                bat_voltage=cmd.split(' ')[5]
                temperature=cmd.split(' ')[6]
                bits=cmd.split(' ')[7]
                print status + " " + cmd
                print "invalid reply detected: " + cmd

write( ("51310d").decode("hex"))

while True:
        ch = ser.read(1)
        if ch == "\x0d":
                write( ("51310d").decode("hex"))
                line = ''
                line = line + ch

simulate the UPS monitor

# ./simulate-ups-monitor.py
VALID REPLY FROM USV -> (241.5 241.4 237.5 000 49.9 13.5 25.0 00001001
VALID REPLY FROM USV -> (241.5 241.4 237.5 000 49.9 13.5 25.0 00001001
VALID REPLY FROM USV -> (241.4 241.4 237.5 000 49.9 13.5 25.0 00001001


so would i buy a AEG Protect Home VA 600 again? currently there is no ‘time left’ estimation and therefore i shutdown the system either after 25 seconds or on LB (low battery) but after reloading the batteries the shutdown usually is triggered by the 25 seconds rule after a state change to OB (on battery). i think this is a decent setup and therefore i would probably buy that UPS again. but i don’t really have a clue about UPS devices so there might be much better ones in the same price range, maybe someone on the NUT/UPS ML can make a better recommendation.

what i really dislike is that this product ships with linux support BUT not with NUT support. i later realized that they created their own linux software. what a waste of time, i would rather love to get the specification and then use NUT instead – probably this is the case for nearly all the users seeing that this devices has linux support. but my request to get the specification was simply ignored, so i think there are better vendors out there.

another interesting aspect of nut is how complex the integration in the system is.


[1] https://nixos.org/wiki/How_to_setup_UPS/NUT


purple_podcasts from harenome razanajato

here is another bunch of documentaries which i forgot in the last posting…

space science related documentaries

energy related

i’ve just finished a wiki page on how to develop arbitrary software on nixos [1] (thanks to viric!). as this is fundamentally different to all other linux and non linux operating systems i think this is worth a posting about this subject in my blog.

the interesting aspect is that nix/nixos provides such a development environment per project so one is not forced to pollute the system environment with the ongoing changes which always lead to horrible side effects as regression (you know when old habits stop working as a tiny update of libX breaks tool Z).

the way it is used is covered by [1] already.

a slightly more complex example


     1  {
     2    packageOverrides = pkgs : with pkgs; rec {
     3      # example environment from viric
     4      sdlEnv = pkgs.myEnvFun {
     5        name = "sdl";
     6        buildInputs = [ stdenv doxygen SDL SDL_image SDL_ttf SDL_gfx cmake SDL_net pkgconfig ];
     7      };
     9      # a custom library NOT included in nixpkgs (maybe later it is but assume for this example it is not)
    10      libnoise = callPackage ./libnoise.nix {};
    12      # this is the needed environment for development of my spring random map generator
    13      # type 'load-srmg-env' to load it after installing it using 'nix-env -i env-srmg'
    14      srmgEnv = pkgs.myEnvFun {
    15        name = "srmg";
    16        buildInputs = [ stdenv doxygen cmake libnoise qt4 ];
    17      };
    18    };
    19  }

in the ~/.nixpkgs/config.nix expression i added a custom library which is then available with nix-env, this way it can be installed using (nix-env -i libnoise).

the interesting point is that line 2 contains the rec keyword indicating that all 3 attributes in the attribute set (line 2 to 18) may recursively reference each other. this is required as the the srmgEnv on line 14 where the buildInputs lists libnoise.

the libnoise expression is outsourced (line 10) into the file libnoise.nix (listed below).


     1  {stdenv, doxygen, fetchgit, cmake}:
     3  stdenv.mkDerivation rec {
     4    name = "libnoise-1.0.0";
     6    # i also change bits in the library and therefore i like to have it local
     7    # in case i change anything this needs to be done to reflect the change
     8    # 1. make the change 
     9    # 2. use 'git add file_which_has_changed'
    10    # 3. use 'git commit'
    11    # 4. use 'git log' to find the most recent rev
    12    # 5. paste the copied rev in the rev field below
    13    # 6. reinstall the libnoise 
    14    src = fetchgit {
    15      url = /home/joachim/Desktop/projects/libnoise;
    16      rev = "8b5b89b7241a112dfe0b387f7589ea9a2df00b02";
    17      sha256 = "";
    18    };
    20    buildInputs = [ cmake doxygen ];
    22    meta = {
    23      description = "libnoise";
    24      homepage = "http://www.github.com/qknight/libnoise";
    25      license = "LGPL2";
    26      maintainers = with stdenv.lib.maintainers; [qknight];
    27    };
    28  }

the libnoise.nix file is interesting as it references a local git repository. it also lists what to do in order to alter the package.

once the srmg-env is installed (nix-env -i env-srmg) it can be used using: load-srmg-env. as mentioned in [1] this environment will then behave as if one had used ubuntu linux and then installed all the required libraryies.


as i noted in [1] nix will soon get a toggle (nix-build –run-env ‘<nixpkgs>’ -A xterm, see [2]) which will clone the environment of virtually any sourceScription on the system. this means one can hack on any software easily by injecting code into the build chain on an arbitrary position – still, this changes won’t be persistent, meaning:

  • after reinstallation of the sourceScription the former version will be installed
  • the environment will not last a reboot of the system (not 100% sure about this)

still it is one step towards the concept of the midstream platform (mentioned in my diploma thesis) and is a great way to test a quick hack.

update: 23.5.2012

another interesting potential property is that tools like kdevelop could be patched to automatically see all the include paths of a complete project and therefore are able to provide automatic code completion without having too much manual effort.


kdevelop can do that already! when importing the project’s ‘CMakeLists.txt’, kdevelop reads the ‘found’ entries and therefore collects all the library paths!


[1] https://nixos.org/wiki/Howto_develop_software_on_nixos

[2] https://github.com/NixOS/nix/commit/7f38087f35e6f74a73bfdb28da8acd8930565d51


purple_podcasts from harenome razanajato

here is a bunch of documentaries which i would like to point out because of their exceptional quality:

space science related documentaries

  • BBC SPACE (very good) but i can’t provide a link as i can’t find any… *bummer*
    • BBC Space/1 – Star Stuff
    • BBC Space/2 – Are We Alone
    • BBC Space/3 – Staying Alive
    • BBC Space/4 – New Worlds
    • BBC Space/5 – Black Hole
    • BBC Space/6 – Boldly Go

note: for all this nasa missions i wonder how they get all the funding. and why there is so much military involvement (especially in ‘extreme astronomy’)?

energy related

note: if you are interested in a sustainable concept on how to solve the energy problem with 100% renewables, read the books from hermann scheer:

podcasts (audio only)

a few different podcasts i liked very much:

n900 findings

315px-Nokia_N900-1repairing the n900 camera

i own a nokia n900 and i’m very happy with it. some time ago it fell of my pocket and then the 5mega pixel camera didn’t work anymore as well as the flashlight. i’m a big fan of QR codes and i was often using the flashlight so this was a problem.

the funny thing is that reflashing the device [2] made it work again. now i wonder why the camera is working again. the camera module is plugged to the n900 as can be seen in the videos on youtube, just search for it [3]. maybe while hitting the ground the camera was disconnected from the device while the device was running and that screwed the firmware? i don’t have a clue but i think it is worth mentioning.

0. symptoms

once the camera was not working i had problems:

  • starting the n900 (coldstart) if still connected to any charger, it simply would not boot
  • starting the camera application; it would report something like: camera device not ready or something similar and instantly close the widget
  • flashlight did not work anymore

1. the backup

1.1 create a backup using the backup tool coming with the n900

this is a really great tool, don’t forget to check all the 4 points in the list ‘what to backup’.

also consider to read [4] (i didn’t do that but on this page there are some screenshots of the backup util i’m referring to).

1.2 dpkg and a list of all files in ‘opt’

maybe that is of use later so i note down all files and installed packages:

ls -la opt > opt_fils

dpkg -l > dpkg_l

1.3 now make a backup of all files

as i also develop for the n900 i had already a working ssh root login:

rsync -av –progress –delete n900:/home/user .



./flasher-3.5 -F ../RX-51_2009SE_10.2010.13-2.VANILLA_PR_EMMC_MR0_ARM.bin -f

3. FIASCO/Rootfs


./flasher-3.5 -F ../RX-51_2009SE_20.2010.36-2_PR_COMBINED_MR0_ARM.bin -f -R

4. restoring the backup

once the device was booted after the udpate the camera was working. what a relief! but i didn’t know where to copy the backup as the folder using the ‘mass storage usb’ feature was nearly empty. so i created a new one and connected it again using usb later. after the backup directory was migrated to the device i disconnected the usb cable and restored my 50mb backup. took quite some time and after the final reboot the device also installs the software which was removed in step 2 and 3. i decided to skip this and to install only needed software manually.

note: after the backup is restored and the n900 restarted the wlan starts working again.

5. restoring the applications

a list of software i installed:

  • gainroot
  • openssh client and server
one these applications are installed plug in the usb adapter and set the device into ‘pc suite mode’ and use gainroot to type:
ifconfig usb0 up
on the host computer type:
ip a add dev usb0
ip l set usb0 up
ssh root@
to find applications use the app catalog on the n900 but to find the associated package i did:
apt-cache search adblock | grep plus
(and similar commands)
all other applications can be installed using apt-get via usb or wlan:
  • rsync
  • adblock plus
  • adflashblock-css
  • agenda timer
  • battery-eye
  • countdown timer
  • datetoday home desktop widget
  • evopedia
  • flashlight
  • convert
  • gpsjinni
  • headphone daemon
  • healthcheck
  • htop
  • iptraf
  • irssi
  • mad-developer
  • mappero
  • mbarcode
  • mbarcode qr code plugin
  • mbarcode webrequest plugin
  • mbarcode wifi plugin
  • mclock
  • mstardict
  • nmap
  • ogg support
  • orrery
  • password safe
  • personal ip address
  • quicknote
  • recaller
  • tuner
  • view contact info with bigger font
  • wifieye
  • wifi switcher
  • foreca weather applet
using the ssh shell one can type this on the device as root:

apt-get install adblock-plus-1.0
apt-get install adflashblock-css agenda rsync
apt-get install battery-eye wifi-switcher countdowntimer datetoday-home-widget evopedia flashlight-applet
apt-get install gpsjinni headphoned healthcheck htop network-monitor irssi mad-developer
apt-get install maemo-mapper mbarcode-plugin-qrcode mbarcode-plugin-wifi mbarcode-plugin-webrequest mbarcode mbarcode-core
apt-get install mclock mstardict nmap ogg-support decoders-support orrery pwsafe
apt-get install personal-ip-address quicknote recaller tuner contact-zoom wifieye foreca-weather-applet

other software i newly installed
  • monav
  • snuggle
  • wallet
  • mdbus2
again – using the ssh shell one can type this on the device as root:

apt-get install monav-routing-daemon snuggle qtwallet mdbus2

6. remove the photo click sound and the intro animation

ssh into the n900 and type:

rm ./opt/usr/share/hildon-welcome/media/Hands-v32-h264.avi ./home/opt/usr/share/hildon-welcome/media/Hands-v32-h264.avi

rm /usr/share/sounds/camera_snd_title_*wav


random notes

  • after the reinstallation everything is much faster now. the settings dialog loads twice as fast and the desktop feels much smoother.
  • application load times are similar to before
  • for some programs i had to copy files from my backup to the device manually:
    • my documents
    • evopedia dumps
    • monav map data
    • my camera pictures
    • osm2go
    • mstardict
    • music
    • quicknote
  • monav is probably one of the coolest programs for the n900, thanks very much to Christian Vetter and Christoph Eckert


[1] http://maemo.cloud-7.de/Gallery-N900-exploded/

[2] https://wiki.maemo.org/Updating_the_tablet_firmware#Updating_.26_Flashing_your_device

[3] http://www.google.de/search?q=Nokia+N900+Disassemble&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:de:official&client=firefox-a

[4] http://prokonsul.blogspot.com/2011/01/make-backup-and-restore-from-it-on-n900.html

[5] http://natisbad.org/N900/n900-commented-hardware-specs.html