PrintNightmare Windows CVE-2021-1675

Featured

So Microsoft wanted to make it easy for a standard user to install a Printer without Administrator rights. There is a huge bug with the PrintSpooler service that has a huge vulnerability that was a EoP (Elevation of Privilege) affecting Windows 7 to Server 2019.

However this escalated to a RCE (Remote Code Execution). RCE refers to a bug by which cybercriminals can break into your computer in the first place, without needing any password for any account on your computer.

Microsoft released an update to fix it

At the same time this was going on a Zero-day exploit was on the rise. Researchers from the cybersecurity company Sangfor were going to present their paper about Print Spooler Bugs at the 2021 Black Hat conference in August but decided to release it early. Since the Print Spooler was recently patched they thought it would be alright since the vulnerability was fixed.

Well come to find out it was something completely different hiding in the exploit that wasn’t patched. In other words there were two security holes in it. One was patched and the other was not.

The Sangfor crew inadvertently documented an as-yet-undisclosed RCE bug, thus unintentionally unleashing a zero-day exploit. The researchers apparently took down the offending information once the mistake was figured out but by then it was too late, because the exploit code had already been downloaded and republished elsewhere. Pandora’s box had already been opened, and it was too late to close it up again.

The only way to fix this until a patch release is to disable the Print Spooler. However this will disable printing and can’t print anything. It’s good practice anyway to disable the Print Spooler if you don’t have a printer to free up resources in Windows but if you use a printer all the time you’re kind of screwed until then.

This is one of the many reasons why I left Windows in the dust and use Linux. Granted there are exploits in Linux as well but they are typically targeted on older software packages and an easy update fixes it. If it’s a major one it is typically fixed within hours after it has been known to the world.

Installing pfSense on a PC Engines APU2

Featured

The APU2 came in and now I can install pfSense and share the knowledge.

First things first. The APU2 does not have a Video Out such as VGA or HDMI. It’s a headless System that uses RS-232 to run it until pfSense is installed. The options for this is to use either a DB9 Null Modem Cable if the System you’re going to connect has Serial/RS-232 or use a modern USB to Serial Cable.

For this install the Host Machine is my Desktop running Debian Linux. I am also using a USB to Serial Cable Adapter. It uses the CH341-UART chip. Keep in mind you will need a DB9 Null Modem Adapter, a simple Gender Changer Adapter isn’t going to work. for the connection software wise I am going to use GNU Screen.

We need to download pfSense. Make sure to follow the image below.

After it downloads uncompress the file and use dd (DiskDump) to write to a USB Thumb Drive. The Thumb Drive shows up as /dev/sdc but this varies system to system. If anything insert the Thumb Drive and run sudo dmesg and it should show up last and will say /dev/sd* whatever the * is is the Thumb Drive, could be sdb, sdc, sdd and so on.

For my System I issued this command.

sudo dd if=~/Desktop/pfSense-CE-memstick-serial.img of=/dev/sdc

While it was writing to the Thumb Drive I gathered the rest of the equipment together. Do not power on the APU2 just yet. When the Thumb Drive is ready plug it into the APU2. Launch GNU Screen with this command. Remember I am using a USB 2 Serial Adapter so yours might differ.

screen /dev/ttyUSB0 115200

With Screen running you can now power on the APU2. When you turn it on you should see Text pop up in the window. Select F10 to bring up the Boot Menu and select the Thumb Drive. It will take a couple of minutes to load up but it should go directly into the Installer. From there just follow the prompts and install pfSense like you would on a typical PC.

When finished installing you’ll need to reboot the APU2 and this time hit F10 again and select Manage Payload. This will bring you to a BIOS setup and just tell it to boot from whatever Media you installed pfSense onto. If you skip this part then it will only Boot into MemTest86.

After that it should work and you can then start programming it via the Web UI.

Here is a couple of shots of my APU2.

So far I am impressed. I plan installing it this Weekend and see how it goes.

Featured

S-100 Z80 Progress

I didn’t like the first revision of the Schematic so I redid the whole thing. I came across a Z80 Trainer made by Dr. Baker and used that as the basis of the new Schematic. I also used the circuit for the VT132 Project for a Terminal VGA and USB Keyboard.

Control Panel
CPU and Clock
RAM and ROM
IO Board
Serial Terminal for Video and Keyboard

These are not final. I need to review these and make sure everything is in the right order. I also need to import the S-100 BUS.

Featured

New CCTV System

I decided to buy the CCTV equipment. I bought a Reolink 5MP Pan Tilt Zoom Camera for the Driveway and a Reolink 5MP with Audio Turret Camera for the Lanai. My Boss let me buy a Hikvision Door Bell at cost and it was on sale from the distributor for $98.00. It’s the only one I can find that has ONVIF currently. I also have a couple of Hikvision IP Cameras I will use for Indoor use.

For now I plan to use MicroSD Cards for recording and push it to Shinobi that is running on the Home Assistant Server. For now I will use a TP-Link 5 Port PoE Switch. I really don’t see adding anymore Cameras since the placements I have chosen should cover everything. Except one area that has the A/C unit.

I am a bit worried since I heard A/C unit thefts are on arise in my area but I got that covered. I traded a A/C Tech 25ft of Coax for 25ft of outdoor rated cable used for A/C systems so I can make a dummy line that connects to the Alarm Panel so when someone cuts it the Alarm goes off, I have it programmed as a Duress so the Central Station sends out the Cops without Verification. Also used longer Tapcons to attach the unit into the Cement Pad. I also stripped out the Nut Driver portion of the Tapcons so the only way to get them out is with a Flat Head or a Cutting Wheel. Besides the Driveway Camera and Lanai Camera would catch anyone going to the side of the House anyway.

Anyway, back on topic here. I will probably run the Cabling to the Master Closet or Garage and then run a Single Line to the Living Room since the TV stand is getting full. Since the pfSense box has one more open port I can dedicate that to the CCTV and give access to Home Assistant.

I already got a friend that wants to buy my old Analog DVR and I will probably give the Ring to my Mother.

Featured

Lost art of Cable Management – Cable Lacing

Used in Telcom, NASA and Avionics a almost lost art of Cable Management called Cable Lacing. Instead of using Zip Ties or Tape a Waxed Coated Cotton String is used for the whole length of a Wire Rack or Wire Harness/Bundle.

In my honest opinion this looks a lot cleaner and better then a hundred Zip Ties and doesn’t leave a sticky residue like Tape does. It’s also pretty darn cheap, just don’t buy the “Electronics Grade” stuff. The 1mm size that is used for Jewelry is cheaper and it is the exact same stuff. You can also use thinner stuff but you’ll have to double wrap the bundle.

I found a little Video on YouTube that covers how to do it. The man in the Video has a terrible accent but you just to need to watch rather then listen.

A few Tips I have with this Method. Have the knots closer then what I have in the example photo. If the Cabling is running flat then you can get away with knots further away but when you go into turns and twists you want the knots closer or it will look like this.

Just like anything new you will be slow and it will look like crap but with practice it will look better and you’ll get much faster.

Featured

Fresh install Debian 10 Linux

When I install Linux I end up spending a lot of time tweaking it the way I like it. No matter the Distribution I end up doing stuff like this. Mostly because Out of the Box is for the novice user. Most end Linux users do the same thing.

I typically start with just the base install to make sure all of my hardware is in working order such as Chipset, CPU Microcode, Networking and USB. Easier to catch the issues when it’s a plain Command Line Interface. Also much easier to redo the install to Unstable if the Kernel is too old to see brand new hardware. Unstable isn’t really Unstable, it’s just newer Software that is still experimental. For a example Ubuntu uses a mixture of Unstable and LTR (Long Term Release).

When partitioning I keep things simple and use a single Partition for everything. Now if I am doing this to a system that has Multiple Hard Drives I’ll move things around such as putting the /home directory onto a different drive. Back in the day I use to toss in a old drive just to be used for SWAP but these days I see no performance gains. A EXT4 Partition is just find and no need to go into the world of ZFS and GPT since ZFS eats RAM and GPT will bite you in the ass in the end.

After I verify everything is working I’ll edit the APT sources file and add the contrib and non-free entries, update the mirrors and upgrade. Install Xorg and whatever Window Manager I want. Currently I am giving KDE Plasma a spin and it has a few nice features but I like using the Awesome WM.

Before anything else I once again verify my Video and Audio is working correctly. I’ll run the glxgears program or just look at the OpenGL Information. To test Audio I’ll just load something up in YouTube, a few times in the past the Audio would work fine within the Window Manager but YouTube, Steam and VLC would be deaf. So if YouTube works then there shouldn’t be issues with anything else.

Now I can start adding my custom tweaks and such.

I add my user to the sudoers file and make sure the hostname for the system is final. Also install ntp if Xorg’s install didn’t include it.

su
apt install binutiles sudo ntp ufw fish vlc
nano /etc/sudoers


under root’s entry add
[username] ALL=(ALL:ALL) ALL
Save and exit.

exit

I start by changing the Command Line Shell. Debian uses a modified version of BASH called DASH. Works alright but after you start playing with other types of Shells you end up staying away from it. I use to use Zsh but I converted to FISH. After installing fish I then issue chsh -s /usr/bin/fish then launch it. From there I go into ~/.config/fish and edit the config.fish file and add my alias entries.

alias ls="ls -lahp"
alias dir="ls -lahp"
alias shutdown="sudo shutdown now"
alias reboot="sudo reboot"
alias update="sudo apt update"
alias upgrade="sudo apt upgrade"
alias purge="sudo apt autoremove"
alias edit="nano"
alias G="grep"
alias S="sudo"

After tweaking commands to my liking I’ll add more software I attend to use such as Htop, Bleachbit, Guake, and KDE Connect.

Over time I end up installing neofetch, screen, Arduino IDE, Sublime Text and GCC, Firefox and vBox.

Once in a blue moon I’ll screw up and spend a good few hours fixing it or just end up reinstalling everything.

Featured

Limit Unwanted Network Connections

I’m slowly putting together a Network Administration suite for the Raspberry Pi. Came across a little jewel called Evil Limiter. It’s a Python 3 Script that can do a ARP scan of a Network and give you a IP Address on the Network that you know shouldn’t be there or you have a User sucking up too much Bandwidth. So instead of Deauthing the user you can Throttle or even Block the User. For a example you can Limit a User to 100Kbit/sec or even totally block them.

This could be handy for enforcing say the Kids Internet usage during the Spring/Summer Break or even at work when Steve should be working on a report but is too busy watching Netflix or YouTube.

Now this tool is considered a DoS (Denial of Service) Attack so be careful how you use it and deploy it.

Featured

Building a Z80 Computer

Every hardcore Electronics Engineer and Computer Nerd has a bucket list and there is a Homebrew Retro Computer on that list. I could cheat and buy a RC2014 kit but building it from total scratch is even better.

Now you just don’t order/buy/find the parts and slap it all together. You have to study up on the subject. There is a PDF floating around called “Build your own Z80 Computer” by Steve Ciarcia. Then you have Grant Searle’s Website that is loaded with tons of Schematics and ideas for a minimal chip count Z80 running BASIC and CP/M.

To start off the build I am going to build a curd version of the Zeta256 and branch off of that by adding memory, UART, ROM and so forth.

Hardware upgrades for the Dell Optiplex 3010 – Part 2

I rewired the Alienware Water Pump to work with the CPU Fan connector and it works well. The 120mm Fan that was on the radiator is a four pin Fan that senses PWM and Tach. The Motherboard has that for the case fan as well however the Motherboard doesn’t push enough current to spin the Fan.

I had to make a Y cable to use the Fan. The 12V and Ground is coming from the Power Supply and the other two pins for PWM and Tach are connected to the Motherboard. I knew this would work because back in the day I seen power supplies that had a PWM signal that would connect to the Motherboard so the Power Supply Fan can be controlled by the Motherboard and also sense the RPM speed.

The GPU I have lined up uses two PCI-E 6 Pin connections adding 12volt rails and round to the GPU Card.
The Power Supply is a Cooler Master RS-350 and the specs list it as a 350Watt Power Supply and says it has a PCI-E plug but mine doesn’t. Don’t know if I have an older revision or what. I could make an adapter but I don’t want to over current the Power Supply. However after digging around I found a Radeon RX 550 that doesn’t require a PCI-E power connection. The card was untested and I have no idea how I even got it. The Card does indeed work so I am going to use it.

Now to wire up the Power Switch to use the Case’s buttons. I did this by following this diagram I found.

What I did with mine was I wired the PWR LED to the Power Button since it lights up and then wired the DIAG LED to the Hard Drive LED.

The only thing left is to put on some thermal compound for the Water Block. I currently misplaced that stuff I had and it’s probably too old anyway.

Hardware upgrades for the Dell Optiplex 3010

So last year a friend gave me this Dell Optiplex 3010 SFF that had no RAM or hard drive. I was able to get 16GB of RAM and drop in a i7 CPU. Since then it has been my Home Assistant server and some times use it as additional system to connect to remote services.

I have noticed this thing has been running very slow. My guess that i7 is running a bit hot since I am using the same heatsink when it had an i5 CPU. Also I would like to install a SSD into the system.

The i7 CPU came out of an older Alienware PC and I also kept the Water cooling system as well. However that will not fit into the super small case of the 3010 SFF.

So the idea is to transplant the system into a bigger case. I have one of those Walmart CYBERPOWERPC Gaming PC cases I acquired around the same time I got the 3010 SFF. However that case is missing the glass side panel but it shouldn’t matter since it will be on the Rack.

The old 3010 case didn’t have a mount for the heatsink, it used studs on the chassis so I used some M3 screws, washers and nuts. I tried to use some springs as well but they were too long and I couldn’t find a proper tool to make them shorter. It’s almost done. I need to do some more wire management and rewire the power button and pump. I found out the Pump uses a different pinout.

While I was at it I tossed in a 2TB drive with the SSD.

Low Voltage Tech Laptop bag kit

With my Job I attend to use my phone a lot for stuff but since we are starting to do Control4 and other stuff that requires a Laptop I thought I would put together the correct stuff needed.

Laptop Specs
Doesn’t have to be the fastest Laptop out there. I have a Thinkpad T420 with an Intel i7, 8GB of RAM and SSD. It currently has Windows 10 but I plan to reformat it and slap on Linux and have VirtualBox with Windows 10 on it.

USB Dongles
USB to Ethernet (I have Ethernet on the laptop but two Ethernet ports come in handy for IP Cameras and such)
USB to RS232
USB to HDMI Capture (Can plug AV Receivers and DVRs in and use my Laptop display as a Monitor)

Adapters
RS232 Null Modem
Two Serial to RJ45
Serial gender changer adapter

Cables
6ft Ethernet Cable
15ft Ethernet Cable
Power Strip
Power Extension Cable

Networking Equipment
PoE 5 port Switch
Cheap Router with DD-WRT
WiFi Extender

This is stuff I typically use or wish I had when doing jobs. I currently don’t have the PoE switch, Router and USB to HDMI Capture dongle. I currently have to lug around a 24inch LCD for connecting into DVRs and use as a Monitor when working with AV equipment in closets.
The Router I have chosen is the TP-Link AC750 Portable Nano and for the Switch a TP-Link TL-SF105P 5 port switch. I already have a TP-Link RE205 extender.

I also need to start carrying around a MicroSD card, SD Card and Thumb Drive to upload firmware updates to equipment.

All of this stuff doesn’t fit in a Laptop Bag. I use a Tool bag backpack I bought from Walmart for 20 bucks. Holds everything well but I need to find my slim foam laptop bag to protect the laptop a little better when it’s inside the backpack.

Vizio 55″ TV repair

So I bought a non-smart 55″ Vizio 4K TV a couple of years ago.

For the past couple of months that TV has gotten a lot of hours, mostly due to my Grand daughter with Peppa Pig playing in a loop. Well I came home the other day and noticed the picture was very dim and there was a dark line a quarter way up the screen. I know from previous experiences that the back lighting was going out.

I found replacement LED strips but they want 50 bucks for them. However I know it can be done cheaper. So I took apart the TV that I may add is very scary because the 55inch LCD panel has to be taken apart to get to the back lighting. I found out the LEDs are typical 3030 white LEDs. I went on Digikey and for a total of 84 3030 white 4000k LEDs would only cost me 20/30 bucks. The little lens on each LED pops off easily and I can use some super glue to reattach them.

As far as I know it is getting the correct voltage to the LEDs and if it was the power supply then I would of lost the whole back light. Not to mention I took the two strips that were not powering up and used my bench power supply and got nothing.

I haven’t fixed the TV just yet. I need to order the LEDs but waiting for Payday to do so. In the meantime I put a Philips 55″ TV in the Living Room, it’s not 4K and huge compared to the Vizio but none of my equipment is 4K currently.

All in one Lab – Failure

So last night it was cool enough in the Garage to finish this project. Spent four hours wiring up the power and mounting the PSU. I doubled and tripled checked everything and powered it up for the first time. The Pi4 didn’t post IE: nothing came up on the display.

As I was about to turn it off the magic smoke let loose from the Pi. I quickly pulled the power and even after a minute later I reached for the USB-C power connector from the Pi and the cable was very hot to the touch and felt like a freshly cooked spaghetti noodle.

So that means something shorted out and that Pi had a bunch of current passing into it.

Now I am out of a 8GB Pi 4. The only thing I can possibly think of what shorted out was the GPIO Breakout board. I didn’t use the supplied ribbon cable and used an old PC IDE ribbon cable. However I could of sworn I did a continuity test with it when I first hooked it up.

I’ll probably buy another Pi and try again.

Vista Series Alarm and dual Tuxedo Keypads issue.

A few times at work the sales guys for some stupid reason will sale a customer two Tuxedo Keypads instead of a single Tuxedo and 6290W touch screen.

For one if you use it as a Smart Home controller for Z-Wave you can only enroll one to Alarmnet so there is no point to setup the Keypad as a secondary Z-Wave Controller. Also currently it doesn’t have an option to be a secondary controller.

The other issue is power. If you plan to use two of these you’ll need an additional 12V power source with a bonded ground to the main Panel. You can run one from the Panel and have the second on it’s own power supply but you would need a power supply that has a battery backup, it’s not professional let alone I think not up to code if it’s not on a backup battery.

I had to wait a good two hours on hold from Alarmnet when I was trying to get the TC 2.0 App to sync to the Panel with two Tuxedos. I had completely forgot that these new Keypads will automatically address themselves on the ECP Bus and TC 2.0 is after all a virtual keypad that is defaulted to Address 2. So when the second Keypad finds an open address it will select address 2. The easiest solution is to move the virtual keypad to address 5. To do this in the main Panel programming you hit *189 and enter 1150. This will move the TC 2.0 virtual keypad address to Address 5.

If anything don’t install two Tuxedo keypads. If the customer wants touch screens then use the 6290W with a single Tuxedo or skip the Tuxedo and use a VAM (VISTA Automation Module).

Minecraft with the Kids

It’s been a while since I played Minecraft with the Kids. So long I had no idea they released a new version that lets you play cross-platform. So Windows, Android and Consoles can play together. Kinda stupid since they left out Linux and MacOS.

So I created a new dedicated server that runs the “Bedrock Edition” and I also got it running in Linux.

I used this for the Server and this for playing in Linux.

Keep in mind the Server lacks a few things such as the Experimental add-ons such as Caves & Cliffs and a few other options. The few Docker containers I tried were either out of date or didn’t work right so I oped for the bare metal version. Also I can’t figure out how to add texture packs, mods and such to the Server as well, seems it’s only the Vanilla version.

The Kids and I had the difficulty set to Hard and used seed “-2141551899” that put us in a Bamboo Jungle. With it in a jungle setting you have a lot of mobs hiding under the trees so we had to build tree houses. The kids were using Phones with PS4 Game Pads and a couple were on their PS4, I was on my Laptop.

In all it was fun and we plan to make this a regular family thing.

Scene Control & DIY Scene Controller for Home Assistant

Alright, In the last post I mentioned about Automations and Scenes. How the differ and what you can do with them.

As we know Home Assistant is the hot thing for DIY Home Automation and I honestly see the lack of a Scene Control Keypad. Granted you can use Voice Commands and a Phone/Tablet but how about a little Touch Screen or Buttons like a Keypad to control Scenes.

This Scene Control I want to build isn’t too fancy. I would like a Touch Screen but a simple Keypad is just fine. It’s easier and could possibly fit into a existing Light Switch location.

A Scene Control doesn’t have control a Load directly but it can if you want to replace a Light Switch and add more functionality. For a example say you want four buttons on the keypad that does control a Load directly. You have a button permanently tied to a Relay and the other three buttons programmed as Binary Sensors. Why Binary Sensors for the other three buttons? This makes programming much easier. Say you push button two it will close the circuit to a HIGH State since this would be a Normally Open state pulled to Ground and in Programming the Scene when it sees this button go HIGH it will trigger the event you want.

For a Example I have my Scene Control Keypad at the Front Door that has two existing light switches that control the Lights Outside, Porch Light and the Garage Coach Lights. I want my Scene Control Keypad there and I decide to have the Top Button control the Porch Light and have three extra buttons. I want Button Two to turn off all of the Lights in the Common Area of the House such as the Dinning Room, Kitchen, Living Room and Foyer.

I got my specifications now I would need the Hardware.

It’s super simple. A AC to DC converter to take the Line Voltage from 110 AC and convert it to 3.3 DC. A bulk Cap to smooth things out along with a decoupling cap to help fight transient noise. Typical ESP8266 12-E Module with Reset and Flash buttons. A single SPDT Relay switching the Ground side with a Flywheel Diode for protection. GPIO held to LOW and when a button is pressed brings the GPIO selected HIGH.

The only issue I see currently is a case to put it all into and fit into a existing Light Switch box. You could modify an old smart light switch or 3D print a case.

It’s universal for ESPHome and Tasomota.

ESPHome example code. Not sure if it works, just pulled it out of my butt.

esphome:
  name: Scene Control Common
  platform: ESP8266
  board: esp12e

wifi:
  ssid: "MY WIFI"
  password: "3kaf2brP0IE6"

  # Enable fallback hotspot (captive portal) in case wifi connection fails
  ap:
    ssid: "Scene Control Common"
    password: "3kaf2brP0IE6"

captive_portal:

# Enable logging
logger:

# Enable Home Assistant API
api:

ota:

binary_sensor:
  - platform: gpio
    pin:
      number: GPIO4
      mode: INPUT_PULLUP
      inverted: true
    id: button_1
    on_press:
      then:
        - light.toggle: light_1

  - platform: gpio
    pin:
      number: GPIO12
      mode: INPUT_PULLUP
      inverted: true
    id: button_2
    name: "Scene Control Binary 2"

  - platform: gpio
    pin:
      number: GPIO13
      mode: INPUT_PULLUP
      inverted: true
    id: button_3
    name: "Scene Control Binary 3"

  - platform: gpio
    pin:
      number: GPIO14
      mode: INPUT_PULLUP
      inverted: true
    id: button_4
    name: "Scene Control Binary 4"

  - platform: status
    name: "My Scene Control Status"

output:
  - platform: gpio
    pin: GPIO16
    id: relay_1

light:
  - platform: binary
    name: "Scene Control Load"
    id: light_1
    output: relay_1

Now Home Assistant is weird when it comes to creating a simple Scene. The Scene configuration is pretty much useless in my opinion and creating a automation is easier. It seems they didn’t split up the automation and scenes up very well.

alias: Goodbye
description: ''
mode: single
trigger:
  - platform: state
    entity_id: binary_sensor.Scene_Control_Binary_2
    from: 'off'
    to: 'on'
condition: []
action:
  - service: switch.turn_off
    data: {}
    entity_id:
      - switch.dining_light
      - switch.kitchen_light
      - switch.living_room_light
      - switch.family_room_light
      - switch.sitting_light

So when Home Assistant sees the Scene Control 2 button is pressed it will call the switch turn off service to turn off the four lights.

For a Welcome Scene you can make the Scene Control 3 button a Welcome or you can use anything to trigger the Welcome such as disarming the Alarm System or unlocking the Front Door if you have a smart lock. For my own Welcome Scene I have it set for when the Alarm gets disarmed from Away mode it will turn on what I call the sitting light (Little can light on the right side of the Dining room) and it looks like something like this.

alias: Alarm Welcome
description: ''
mode: single
trigger:
  - platform: state
    entity_id: binary_sensor.vistaalarm_away
    from: 'on'
    to: 'off'
condition: []
action:
  - service: switch.toggle
    data: {}
    entity_id: switch.sitting_light

It’s a nifty Scene however there is always someone Home so my Alarm System is hardly ever used for Away Mode. So I would probably would use the Scene Control keypad.

alias: Scene Welcome
description: ''
mode: single
trigger:
  - platform: state
    entity_id: binary_sensor.Scene_Control_Binary_4
    from: 'off'
    to: 'on'
condition: []
action:
  - service: switch.turn_on
    data: {}
    entity_id: switch.sitting_light

Notice how with the Alarm Welcome I used Toggle and with the Scene Welcome I used ON for the service call for the light. This way if some one is home and the light is already on it doesn’t turn it off.

If I was to have a Scene Control Keypad in the Master Bedroom I could have a Goodnight Scene. This would lock the Front Door, Arm the Alarm for Stay and turn off all of the lights and slowly dim the light in the master to 0%. To add a second Scene Control keypad I would need to modify the ESPHome code so Home Assistant would label things more cleanly. It’s simple by editing the name fields.

Now if you don’t want to build a Scene Control Keypad you can just buy this and program it. I never tried one but heard good things.

How to plan out Home Automation

I get asked all the time about Smart Homes and I always fall back to the question “What do you want it to do?”

A lot of people want a Smart Home but don’t know where to start or what to use it for. The Sales guys at work a few times sold a Smart Home package just to control outside lighting for Sunrise and Sunset when all it could take was a day/night sensor. Or we install a Smart Home package and the customer doesn’t want any Scenes or Automation and just wants to control stuff with an App.

If that is all you want then you don’t need a Smart Home but some Smart Devices. However if you want to do things such as having Automation and Scene control then a Smart Home is what you want.

Automation VS Scene
People attend to get confused when they hear those two words. A Automation is a event tied to a schedule of some sort such as Outdoor Lighting Control for Sunset and Sunrise, Lighting to turn on at a certain brightness in the Morning or the TV tuning into your Favorite show at 6:00pm on Thursdays.
A Scene is a triggered event that controls multiple things such as a “Netflix & Chill” scene that will turn on the TV, Turn on the Surround Sound, load up the Netflix App on a Roku and Dim the lights to 0%.

When you think about it you’re mostly using Scenes rather then Automation. A typical Smart Home will have a couple of Automations while the rest can be around ten if not more Scenes.

A lot of times at work we will sale a Home Automation package that is an option with the Alarm System. The Package will have a Light Switch, Door Lock and a Thermostat for the A/C. I program in a couple of Scenes for the customer such as Goodbye that when the Alarm is set for Away it will lock the Door, Turn off the Light by ramping down the brightness with in a minute to 0% and set the Thermostat to Away. When the Alarm is tripped for the delayed entry the Light will turn on at 30%. There is also a Goodnight scene that will Arm the System for Night mode and Locks the Door and if the Light is on it Ramps down to 0% with in a minute.

For the DIYer and you want to turn your Home into a Smart Home you need to think about the future a little bit. I know most people don’t go balls deep at first but overtime will have many smart devices that could impact things. If you plan to have over fifty devices then you need something better then say a Raspberry Pi. Reason why I mention this is because say you have a light and you run a Scene it could have a very noticeable Delay of a few seconds but you’ll hit it again thinking it didn’t trigger and when you run the Scene again it will trip up and cause issues. In the past I recommended a Dell Optiplex 3010. It’s a PC that is direct cheap second hand and can be upgraded. Granted it’s not as small as a Raspberry Pi but its smaller then a full size Desktop. Not to mention you can run other things on it as well such as a Plex Server or whatever.
I’ve said it before and i’ll say it again. Try and stick with one or two protocols and try and keep it out of the Cloud as much as possible.

I always ask in detail to a customer on what they want and I write it down. I’ll even shoot some ideas here and there. A couple of times I got full rein on the Automations and Scenes, just had to ask the customer on what their day to day life is like when they are home. I have one customer that randomly travels but wanted random lights to turn on/off to look like she was home. Couldn’t really make it totally random but close enough by issuing different lights to Toggle ON on certain days of the month.

On the next post I will talk more about Scene Control and even plan out a DIY Scene Controller that can tie into Home Assistant.

Messing with a Hikvision DS-7308HFI-ST

So I was bored yesterday and decided to mess with my old Analog DVR. On the back of the unit there is an RS232 Serial port. I used a Null Modem and a Serial to USB cable and with Gnu Screen I can see the console output.

In the Console I can drop to a Root user and Linux Prompt. The Partitions on the system has three, two are Flash and the other is sda. I can write to the Root however it doesn’t retain it so when the system reboots all changes I make are gone. I also can’t mount the sda partition. There isn’t a block device for it located in /dev and even when I create one it says it doesn’t exist.

I found out this thing uses a old ARM9 based CPU and copied over a newer build of Busybox via a FTP download from my laptop. However as I said before if I reboot or shutdown it looses it. It seems U-Boot is loading up everything into RAM.

Sadly there isn’t any Firmware to Download however I found a newer Firmware from Hikvision’s EU portal but there could be a chance I could screw things up since in the EU they use PAL rather then NTSC. However I do not plan to use this as a DVR anymore. So I downloaded the Firmware and used Binwalk and was able to start poking around with the Firmware update file.

binwalk --signature --term digicap.dav

This is what it spat out.

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
636           0x27C           LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 10700800 bytes
3451895       0x34ABF7        uImage header, header size: 64 bytes, header CRC:
                              0xFD390BA, created: 2014-04-03 11:18:55, image
                              size: 2093804 bytes, Data Address: 0x80008000,
                              Entry Point: 0x80008000, data CRC: 0x2F6970A5,
                              OS: Linux, CPU: ARM, image type: OS Kernel
                              Image, compression type: none, image name:
                              "Linux-3.0.8"
3451959       0x34AC37        Linux kernel ARM boot executable zImage
                              (little-endian)
3462611       0x34D5D3        LZMA compressed data, properties: 0x5D,
                              dictionary size: 33554432 bytes, uncompressed
                              size: -1 bytes
3753094       0x394486        MySQL MISAM compressed data file Version 3
5545763       0x549F23        LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 4567040 bytes
6534421       0x63B515        gzip compressed data, from Unix, last modified:
                              2014-12-02 13:20:32
6545535       0x63E07F        LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 2365440 bytes
7249055       0x6E9C9F        LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 4300800 bytes
8393008       0x801130        uImage header, header size: 64 bytes, header CRC:
                              0xC57B103E, created: 2014-03-10 12:19:46, image
                              size: 899756 bytes, Data Address: 0x0, Entry
                              Point: 0x0, data CRC: 0x24B2576D, OS: Linux,
                              CPU: ARM, image type: RAMDisk Image, compression
                              type: lzma, image name:
                              "ramdisk_1.00.22_localhost.locald]"
8393072       0x801170        LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 4194304 bytes
9292828       0x8DCC1C        Executable script, shebang: "/bin/sh"
9292877       0x8DCC4D        Unix path: /home/hik/logo.tar.lzma -C /home/app
9292914       0x8DCC72        Unix path: /home/app/showlogo
9292947       0x8DCC93        Unix path: /home/hik/misc.tar.lzma -C /home/app
9293263       0x8DCDCF        Unix path: /home/hik/3532.tar.lzma -C /home/app
9293303       0x8DCDF7        Unix path: /home/app/3532
9293334       0x8DCE16        Unix path: /home/app/3532
9293399       0x8DCE57        Unix path: /home/hik/dvrCmd.tar.gz -C /usr/bin/
9293449       0x8DCE89        Unix path: /home/hik/app.tar.lzma -C /home/app
9293498       0x8DCEBA        Unix path: /home/hik/hicore.tar.lzma -C /home/app
9293542       0x8DCEE6        Unix path: /home/app/t1 /usr/bin/
9293568       0x8DCF00        Unix path: /home/app/ntfs-3g /usr/bin/
9293599       0x8DCF1F        Unix path: /home/app/pppd /usr/bin/
9293627       0x8DCF3B        Unix path: /home/app/pppoe /usr/bin/
9293666       0x8DCF62        Unix path: /home/hik/webs.tar.lzma -C /home/app
9293716       0x8DCF94        Unix path: /home/hik/hisi.tar.lzma -C /home/app
9293801       0x8DCFE9        Unix path: /usr/bin/t1
9293828       0x8DD004        Unix path: /usr/bin/dvrCmd/dvrtools
9293989       0x8DD0A5        Unix path: /home/app/modules
9294007       0x8DD0B7        Unix path: /usr/bin/dvrCmd/loadModules load3531
9294051       0x8DD0E3        Unix path: /home/app/modules
9294075       0x8DD0FB        Unix path: /home/app/logo.jpg
9294100       0x8DD114        Unix path: /home/app/cvbs.jpg
9294125       0x8DD12D        Unix path: /home/app/fpga_load.ko
9294154       0x8DD14A        Unix path: /home/app/fpga*.bit
9294180       0x8DD164        Unix path: /home/app/showlogo
9294245       0x8DD1A5        LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 2293760 bytes
11595562      0xB0EF2A        LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 7127040 bytes
14121746      0xD77B12        LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 153600 bytes
14218444      0xD8F4CC        Microsoft executable, portable (PE)
14336204      0xDAC0CC        Microsoft executable, portable (PE)
14650577      0xDF8CD1        Microsoft executable, portable (PE)
14653212      0xDF971C        LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 10700800 bytes
18103039      0x1143AFF       uImage header, header size: 64 bytes, header CRC:
                              0x5EF237EF, created: 2014-02-18 05:48:24, image
                              size: 1925796 bytes, Data Address: 0x80008000,
                              Entry Point: 0x80008000, data CRC: 0x2CF36A1F,
                              OS: Linux, CPU: ARM, image type: OS Kernel
                              Image, compression type: none, image name:
                              "Linux-3.0.8"
18103103      0x1143B3F       Linux kernel ARM boot executable zImage
                              (little-endian)
18113755      0x11464DB       LZMA compressed data, properties: 0x5D,
                              dictionary size: 33554432 bytes, uncompressed
                              size: -1 bytes
20028899      0x1319DE3       LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 4567040 bytes
21017577      0x140B3E9       gzip compressed data, from Unix, last modified:
                              2014-12-02 13:22:08
21028694      0x140DF56       LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 665600 bytes
21187159      0x1434A57       LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 3809280 bytes
22185682      0x15286D2       uImage header, header size: 64 bytes, header CRC:
                              0xC2EFFF2F, created: 2014-03-10 12:14:37, image
                              size: 940257 bytes, Data Address: 0x0, Entry
                              Point: 0x0, data CRC: 0x38F85892, OS: Linux,
                              CPU: ARM, image type: RAMDisk Image, compression
                              type: lzma, image name:
                              "ramdisk_1.00.23_localhost.locald]"
22185746      0x1528712       LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 4194304 bytes
23126003      0x160DFF3       Executable script, shebang: "/bin/sh"
23126052      0x160E024       Unix path: /home/hik/logo.tar.lzma -C /home/app
23126089      0x160E049       Unix path: /home/app/showlogo
23126153      0x160E089       Unix path: /home/hik/dvrCmd.tar.gz -C /usr/bin/
23126203      0x160E0BB       Unix path: /home/hik/hisi.tar.lzma -C /home/app
23126243      0x160E0E3       Unix path: /home/app/modules
23126261      0x160E0F5       Unix path: /usr/bin/dvrCmd/loadModules load3521
23126374      0x160E166       Unix path: /home/hik/app.tar.lzma -C /home/app
23126423      0x160E197       Unix path: /home/hik/hicore.tar.lzma -C /home/app
23126475      0x160E1CB       Unix path: /home/hik/misc.tar.lzma -C /home/app
23126516      0x160E1F4       Unix path: /home/app/t1 /usr/bin/
23126542      0x160E20E       Unix path: /home/app/ntfs-3g /usr/bin/
23126573      0x160E22D       Unix path: /home/app/pppd /usr/bin/
23126601      0x160E249       Unix path: /home/app/pppoe /usr/bin/
23126640      0x160E270       Unix path: /home/hik/webs.tar.lzma -C /home/app
23126725      0x160E2C5       Unix path: /usr/bin/t1
23126752      0x160E2E0       Unix path: /usr/bin/dvrCmd/dvrtools
23126917      0x160E385       Unix path: /home/app/modules
23126941      0x160E39D       Unix path: /home/app/logo.jpg
23126966      0x160E3B6       Unix path: /home/app/cvbs.jpg
23127030      0x160E3F6       LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 7127040 bytes
25653214      0x1876FDE       LZMA compressed data, properties: 0x5D,
                              dictionary size: 8388608 bytes, uncompressed
                              size: 153600 bytes
25749912      0x188E998       Microsoft executable, portable (PE)
25867672      0x18AB598       Microsoft executable, portable (PE)
26182045      0x18F819D       Microsoft executable, portable (PE)

With dd I can extract files from the Firmware, modify them and inject them back in.

So I downloaded an older Firmware (Still newer that is on the DVR) and I plan to write that to the DVR and make sure it still works then I can modify the newest firmware. For fun I want to turn this DVR into something else since the unit can support five hard drives and has tons of GPIO to play with.