I am not responsible if your devices send you back in time, explodes, implodes, bricks or flies into space from the use of any software I put up.



Sunday, August 24, 2014

Revamping OpenWRT customisation Style

Currently my OpenWRT repo is in a mess.
This is because there is a lot of changes in the upstream repo, lot of things is moved and I cannot keep track of the changes so I think it is time to relook how to solve this problem.

This best way is to reduce my customisation as a patchset.
So I only need to maintain very little things and if upstream changes the patchset can detect and fail so I can fix it very quickly.
The patchset is also detailed and list all the changes, great for you guys if you ever want to checkout what are the changes.

So this week I have to dig out all my past changes and search high and low for them and compile it into a working patchset for easy maintenance and automation.

So it means I might be abandoning the repos for the long term benefits.

Sunday, June 15, 2014

USB 3.0 Controller Firmware Update

Nowadays upgradable firmware is in all devices.
For those who don't know that USB 3.0 Firmware is actually upgradable, the additional features you can unlock makes doing this worthwhile.

Why do you want to upgrade firmware?

There would be new features available to newer firmware and upgrading firmware is as easy as ABC.
For example new firmware from ASMedia for ASM1051 supports 3 TB HDD.

You can also unlock additional features that the vendor lock out by default.

Lastly vendors especially External Mobile Harddisk manufacturers use old firmware, from my experience disk copy is much faster after upgrade.

How to upgrade firmware?

What you need:
  • Find out the USB 3.0 Controller Chip Make and Model most of the time they are either JMicron or ASMedia.
  • Download the firmware updates from station-drivers.com
  • Windows OS to flash the firmware
  1. Open up the casing should be a no brainer if you are able to put a Harddisk Drive in. If you are not able to open it up try Google for the make and model
  2. Look at the controller IC there should be a Controller IC.
  3. The IC is usually very distinct and obvious. Read the Serial Model the picture below reads: ASMedia 1061.
  4. Find the firmware online Station-Drivers has all the harddisk controller firmware updates from JMicron and ASMedia.
  5. Download the firmware. Before you flash backup your Device ID, Serial Number, make and model in case it is erased during flashing. The firmware update tools runs on Windows so download and flash it accordingly. Should be a no brainer to do so being a point and click application. You can also custom configure what you want to enable in the firmware using the additional config tool.
A few reference to the USB 3.0 controller used by certain External Harddisk Enclosure which I use and know. If you know of any other USB Controller list post in the comments and I will update this list.

Vantec NexStar 3 SuperSpeed NST-280S3-BK 2.5" harddisk enclosure uses JMicron JMS 539 USB 3.0 Controller

Connectland BE-USB3-ZH3532 3.5" harddisk enclosure uses ASMedia ASM1051 USB 3.0 Controller

 Hitachi Touro Mobile 2.5" harddisk uses
ASMedia ASM1051 USB 3.0 Controller

Tuesday, June 10, 2014

OpenWRT on GRC ShieldsUP

This post will describe how to configure your Openwrt Router to pass the GRC ShieldsUP test.

By default Openwrt is already safe but GRC has certain assumptions on what it means to be secured.

Their test requires the Router to behave as follows
  1. Drop all unsolicited packets sliently
  2. Do not respond to pings
So we need to make the following adjustments

As shown below make the default policy 'drop'
We also need to make the internet facing policy to drop
However if you have a separated guest network it is ok to set it to reject because it is not internet facing.

We also need to set our Router to ignore WAN pings
However we still want to be able to ping internet host like Google etc to ensure that we can still test our connectivity.
Instead of deleting the rule we change it to accept only echo-reply.
When we ping internet routers and servers we send echo-request ICMP packets to them and they reply with echo-reply ICMP packets.
What this change does is if any internet systems try to ping the router by sending echo-request packets it is dropped sliently but we send the packets and receive replies it is accepted.
However this is assuming that internet systems will not spoof an echo-reply packet to our router which may not be true.