I'm starting to provide Chinese / English versions of some posts, switch with the Language menu above. 我开始提供部分文章的中文、英文翻译,请使用顶部语言菜单切换。

Disabling TR069 on a Youhua PT926G Fiber Optic Modem

This post explains the procedure to disable TR069 on a Youhua PT926G fiber optic modem, to prevent China Telecom from pushing config/firmware updates, and void your changes of switching to bridging mode, or setting port forward rules.In the WAN settings of the management portal of this modem, the TR069 connection can neither be modified or removed. But with a simple patch on the management portal's code, you can break the limitation on the modem.First, you should follow my previous post: Hacking a Youhua PT926G Fiber Optic Modem, to obtain the Telnet Root password.Then Telnet in, run su and type in the password to get to Root Shell. When you do that correctly, the commandline will prompt #.Then follow these steps:Type cp /home/httpd/web/net_eth_links.asp /var/ and hit Enter....
Illustration

Planning Ahead: Using Post-Quantum Cryptography

On the modern Internet, most websites already support HTTPS. The SSL/TLS encryption protocol will encrypt user's request and the website's response, so that malicious users along the way cannot steal or tamper with the information. One important component of SSL/TLS protocol is asymmetric cryptographic algorithms. For these algorithms, the key is separated into a public key and a private key, with the public key being public and the private key being protected carefully.Accessing a HTTPS website usually follows these procedures:The website sends its public key (as a certificate) to the browser.The browser will verify the public key, in case that a man-in-the-middle modified the key in order to block or tap into the communication.The browser (or the operating system)...

Selfhosting a DNS Root Server

With the scale of conflict between China and the United States increasing, on some social media websites in China, some users started expressing concerns on United States cutting China's access to DNS root servers, or removing China's domains in the root servers, in order to break China's Internet.By now, there are many analysis on the matter that states that this is unlikely to happen. Most of them focus on the following two points:DNS root servers use Anycast to broadcast their IPs, and there are root servers present in China that won't be affected by the network cut;For the United States, shutting down root servers cause more trouble than benefit, both economically and politically.Yet today I'm going to present another point:...
Illustration

How to Kill the DN42 Network (Updated 2020-08-28)

DN42 is an experimental network, where everyone helps everyone. Nobody is going to blame you if you screwed up. You may seek help at DN42's IRC channel, mailing list or the unofficial Telegram group.Since DN42 is a network for experimentation, a lot of relatively inexperienced users also participate in it. Therefore, occasionally an inexperienced user may misconfigure his/her system and impact the whole DN42 network, or even shut it down.As a more experienced user, here I will teach new users about some operations that can kill the network, and about defense against such misconfigurations that everyone can set up against peers.WARNING: You should not actually perform these operations in DN42. You should focus more on protecting yourself against them....

Hacking a Youhua PT926G Fiber Optic Modem

This post explains the prodecure to obtain such privileges from a Youhua PT926G fiber optic modem, without disassembling the device or using serial port converters.Super Admin users on Web UI (telecomadmin)Telnet's root user accessFTP accessFYI I obtained the device from China Telecom, Guangdong Shenzhen.Log on as Super Admin ¶If you directly access the modem's IP (http://192.168.1,1), you will see such a login page to the modem:Here you can login with account name useradmin and the password labeled on the back of the modem, but there's not much you can do one logged in. The only useful thing seems to be Wi-Fi setting.But a nmap scan reveals much more:$ nmap -v 192.168.1....

An Elegant "Scripture of Safety" Generator

This post is about a meme in China that may require some cultural background to understand.Since the content is related to the specific language used, there are minor differences between the Chinese and English versions.What's "Scripture of Safety"? ¶The Scripture of Safety (平安经) is a book written by He Dian, the (now former) official of Jilin Public Security Department, China. The content in the book is simply a repetition of the phrase "Wish XXX safe" (XXX 平安), yet the book is sold at a high price. The public speculates that publishing and purchase of the book serves as a mean of bribe.The content of The Scripture of Safety is formatted as: (from Wikipedia (Chinese))“眼平安,耳平安,鼻平安”"Wish eyes safe, ears safe,...
Illustration

Intel and NVIDIA GPU Passthrough on a Optimus MUXless Laptop

Abstract (Spoiler Alert!) ¶I successfully passed through Intel's GVT-g virtual GPU, as well as the dedicated NVIDIA GPU itself, into a virtual machine on Lenovo R720 gaming laptop.However, due to the limitation of the architecture itself, this GPU passthrough scheme is severely limited. For example, the dGPU is unusable in many games, and the peformance is still relatively worse despite the complicated setup it needs.Therefore, you may attempt the passthrough purely for the fun of tinkering, but I don't recommend using it for anything important.Why? ¶I do my daily routines, including as web browsing and coding, on Arch Linux, and I rarely boot into the dual-booted Windows that exists alongside Linux. But sometimes I had to boot to Windows when, for example,...
Illustration

Graduation Design - Sensor Network Development Log

Welcome to my third development log. In the two previous logs, I discussed the pitfalls I met in the RoboMaster competition and FPGA course final project.This time I will be talking about my graduate design project, an air quality sensor network built by a 3-person group. The whole project is structured as follow:Obtain data from installed sensor modules and upload to InfluxDB running on serverSensors we used:MiCS6814, measures NO2, CO and NH3Analog outputBME680, measures temperature, humidity, atmospheric pressure and TVOCI2C interfacePMS5003, measures particle mattersUART serial outputExtra modules:ATGM336H, global positioning module with GPS+BeiDou supportUART serial outputESP8266, widely used Wi-Fi moduleUART serial outputMH-CD42,...

Configure BGP Confederation & Fake Confederation in Bird (Updated 2020-06-07)

Changelog ¶2020-10-01: Add warning to not filter private ASNs within internal network2020-06-07: Add limitations of Bird confederation, and a way to simulate confederation2020-05-17: Initial versionComparison of BGP Interconnection Schemes within an ISP ¶Most ISPs, or Internet Service Providers, use BGP protocol to exchange their route information. Each ISP will obtain an ASN (Autonomous System Number) from the regional NIC (Network Information Center, e.g. APNIC, RIPE), for example China Telecom's ASN is 4134. Then, ISPs connect their boundary routers via physical links (copper line, fiber, satellite link, etc), and configure BGP protocol on the boundary routers, so they will tell the other part that: "I'm AS4134, and I can provide access to the IP block of 202.101.0.0/18"....

x32 ABI and Docker Containers

History of x86 & x86_64, and x32 ABI ¶Most of the personal computers and servers we use nowadays use the x86_64 architecture, whose specification was released by AMD in 2000, and the first processor released in 2003. Since x86_64 is a 64-bit architecture, in x86_64 each register in the CPU can hold 64 bits of data (or 8 bytes). Before x86_64 went popular, most computers use Intel processors and the corresponding x86 architecture / ISA, a 32 bit architecture whose registers hold 32 bit of data (or 4 bytes).One significant improvement of the 64 bit architecture is the improved memory addressing ability. Computers usually follow such a routine while accessing the memory: write the memory address to be accessed into a register,...