Notes to self for future breakage involving `intel-microcode` updates

The latest update of intel-microcode package on Ubuntu broke some systems (mine in particular), and was the occasion to learn a bit more about initrd images and Ubuntu boot procedure.

So, here are some notes of things that may be useful for future problems.

The initrd image is mini-filesystem used to boot the OS. It’s a kind of trampoline root fileystem used by the kernel to initialize/activate/configure some hardware and/or features (e.g. full disk encryption, etc.)

Thus, this initrd contains binaries that might need to be updated. This process is automatically performed by Ubuntu when you install your package updates, with some packages triggering a rebuild of this initrd to incorporate the new and updated binaries.

So, when you install an update of intel-microcode, the initrd image is rebuilt to incorporate the new microcode files.

Ubuntu’s initrd seems a bit different from what I used to tinker with in my earlier days in the sense that they are not a CPIO archive, but a kind of aggregate incorporating the microcode binaries (that are applied first-most) and a « classical » initrd archive in CPIO format.

So, to introspect an initrd you’ll have to use something like binwalk to get the offset of the initrd archive, extract it, then you’ll have a « classical » CPIO image.

In the case of this microcode update, the initrd filesystem image was not the culprit, but rather theses microcode firmware/files.

I managed to recover my system by booting from a bootable USB live OS, mounting and chrooting into the broken system, reverting the intel-microcode to the previous version which in turn triggered a rebuild of the initrd image incorporating this previous microcode.

From issues/tickets I learned that I also could have disabled the loading of the microcode by appending the dis_ucode_ldr flag to the kernel from Grub.

Finally, here is the issue on GitHub: microcode-20200609 Release, at least 06-4e-03, hangs user’s system

Publié dans system | Laisser un commentaire

Configuring Linux VM with french MacBook Pro keyboard and VMware Fusion

At last, I found the right keyboard mapping for Linux VMs runing in VMware Fusion with a french MacBook Pro keyboard!

[FR]

$ sudo dpkg-reconfigure keyboard-configuration

Modèle du clavier :                       "PC générique 105 touches (intl)"
Pays d'origine du clavier :               "Français"
Disposition du clavier :                  "Français - Français (Macintosh)"
Touche destinée à se substituer à AltGr : "Touche Alt de gauche"
Touche compose :                          "Touche « logo » de gauche"

[EN]

$ sudo dpkg-reconfigure keyboard-configuration

Keyboard model:                "Generic 105-key (Intl) PC"
Country of origin of keyboard: "French"
Keyboard layout:               "French - French (Macintosh)"
Key to function as AltGr:      "Left Alt"
Compose key:                   "Left logo key"
Publié dans system | Laisser un commentaire

Siara Systems leaking CPE’s MAC addresses?

After a DSL/network outage, I launched a tcpdump on the ethernet interface to see if pppd was renegotiating the PPPoE session, and I saw all these LCP Term-Request frames that seems to come from other customers’ equipments (given the various source MAC addresses) and destined to a Siara Systems equipment (which I guess is a DSLAM, or core router, on which all these equipments are connected).

Is this an expected behavior to receive all these LCP Term-Request frames?

Here is a sample of unique/sorted frames captured during the DSL/network outage:

Continuer la lecture

Publié dans Uncategorized | 2 commentaires

Building a Netgear DM111Pv2 firmware without scfgmgr

Lately you found that your DSL modem/router was wide open, and you want to fix it.

Looking for a way to close this « back » door, I noticed that most of Netgear’s firmwares source codes are available from their site http://kb.netgear.com/app/answers/detail/a_id/2649.

Perhaps we could recompile a firmware with a « fixed » version of scfgmgr?

Looking in the DM111P firmware, you’ll find that the despicable scfgmgr is bundled as a binary in target.tar.bz2, so it cannot be edited and recompiled to get rid of it’s infamous behaviour.

However, perhaps we can simply neutralize it (in the target overlay) hoping that there won’t be any wrong side effects with the overall working of the firmware?

So, here is a try at rebuilding a firmware (version 2.00.27_WW) with a neutralized /usr/sbin/scfgmgr.

WARNING: Use these directives at your own risk. I’m not liable for any damage to your computer system or loss of data. blah blah blah …Insert here the usual disclaimers… blah blah blah.

Continuer la lecture

Publié dans network | Laisser un commentaire

Netgear DM111P backdoor?

After reading @elvanderb‘s tweet about a backdoor in his Linksys WAG200G, I checked my Netgear DM111P DSL modem (running firmware V2.00.27_WW) and found that TCP/32764 was opened and responding in a similar way.

The admin’s HTTP password is also exposed in clear through the scfgmgr process listening on TCP/32764:

$ perl -e 'print pack("(III)<", 0x53634d4d, 0x01, 0x00)' \
| nc 192.168.0.1 32764 \
| perl -n0e 'chomp;print"$_\n"' \
| grep ^http_

Output:

http_username=admin
http_password=***password*in*clear***
http_timeout=5

Continuer la lecture

Publié dans code, network | Laisser un commentaire

Problème de connexion à eurosportplayer.fr avec Safari ?

Si vous n’arrivez pas à vous connecter au player Eurosport avec Safari sur Mac OS X (vous retournez sans cesse sur la page de login), et que vous avez un nom/prénom avec un (ou des) accent(s), le problème peut venir de là.

Quand vous validez la page de login du player eurosport, le serveur envoi un cookie « PlayerAuth » avec une chaîne de la forme « guest=0&pseudo=Àlâïn Gérârd », avec votre nom/prénom encodé en UTF8.

Le problème est que Safari ne supporte pas les caractères non-ASCII dans les cookies, et donc le cookie n’est pas pris en compte par Safari, et il n’est pas retransmis avec les requêtes HTTP suivantes. On revient donc en boucle sur la page de login.

Pour contourner cela, il faut alors ouvrir une session avec Firefox, allez dans votre profil et changer le nom/prénom par des versions sans accents. Sauvegardez le profil, et vous devriez alors pouvoir vous connecter avec Safari.

http://stackoverflow.com/questions/5327341/strange-problem-with-cookies-in-safari-and-asp-net
http://stackoverflow.com/questions/1969232/allowed-characters-in-cookies

Publié dans code | Laisser un commentaire

Il est toujours aisé d’être logique. Il est presque impossible d’être logique jusqu’au bout.

Le mythe de Sisyphe, Albert Camus

Publié le par me | Laisser un commentaire

Les mots « sensationnel », « impressionnant », qu’on emploie couramment aujourd’hui, sont de ces mots qui peignent une époque. Nous ne supportons plus la durée. Nous ne savons plus féconder l’ennui. Notre nature a horreur du vide.

PAUL VALÉRY – LE BILAN DE L’INTELLIGENCE

Publié le par me | Laisser un commentaire

Pluie et orage

Pluie et orage, le matin, en marchant le long d’une rivière.

Publié dans Uncategorized | Laisser un commentaire

Roland Garros

Terre ocre battue,
Service et balle de match ;
Bientôt les vacances.

Publié dans haïku | Laisser un commentaire