linuxdevices reports on OpenEZX, quote from Motorola executive

linuxdevices.com reports about OpenEZX. In that report, it quotes Motorola's chief architect of mobile devices: Motorola had no immediate plans to support native Linux applications on its phones, in part due to carrier concerns about network health, security, and interoperability..

This is just not true. In fact, the A780 as it ships in Germany comes with a native GPS navigation and routing application called "CoPilot". Also, since the whole GSM stack runs on a different CPU than the Linux OS, there are no security/interoperability/network health concerns that I could think of.

Also, I have received reports that Motorola actually distributes a Linux SDK to selected third party vendors. Parts of those SDK's (the header files for the EZX libraries) have actually leaked, which support the position that there is a SDK.

In many ways, the EZX phones are a combination of a traditional Neptune-based Motorola GSM phone, plus a Linux-based PDA. Therefore, if any native Linux apps on the PDA half could influence the 'network health' in a negative way, then any other Neptune based phone could, too.

librfid gets native CCID support

To my surprise, Werner Koch (author of gnupg) has jumped into the 'librfid' project by contributing his USB CCID low-end driver to it. Using this driver, it should be possible to use librfid directly on the reader, instead of going via OpenCT. There's nothing wrong with OpenCT, as it is the only way to support contact-based and contactless operation at the same time. However, for development and testing, most people don't really need that feature.

Unfortunately it only works theoretically, must be some minor difference in device initialization that causes breakage.

2.6.14 is out, 2.6.15 has opened.

This means that I've immediately pushed three netfilter related changesets, the biggest (307k unified diff, roughly 10k lines of code) was nf_conntrack.

Given the specific situation that David Miller is on holidays, and we have Arnaldo Carvalho de Melo maintaining the network stack meanwhile, Linus hasn't accepted that huge patch in the first round, since he lacked explanation why such a monster was required.

I hope my comments will convince him that nf_conntrack really is the way to go.... let's hope we'll have nf_conntrack mainline in one or two days.

I hope Yasuyuki (the main author behind nf_conntrack) will make a big party with his USAGI friends once that happens ;)

Adding S/M support to libmrtd

If you've now thought about something sexual, I have to disappoint you. At least this time I'm talking about ISO/IEC 7816-4 SM (secure messaging) ;) For those not familiar with cryptographic smart cards: SM is similar to what SSL/TLS do for TCP.

The code for re-formatting the 7816-4 APDU's into further levels of ASN.1, including padding rules, encrypting, authentication, ... has become quite complex. It's also not finished yet, and I already fear testing/debugging of that beast.

ISO 19794-5 parser completed

The next milestone of the libmrtd project, a ISO/IEC 19794-5 parser. ISO/IEC 19794-5 is titled "Biometric Data Interchange Formats - Part 5: Face Image Data" and provides an international standard for facial images and related information (such as angle of the face, MPEG4 feature animation point, encoded information about medical glasses, eye patches, etc.).

Using this parser it is possible to extract all the image metadata plus the JPEG image itself from DataGroup2 of an ePassport. I've tested it with two passport samples from different vendors, and it works fine.

The next milestone are cryptographic routines for checking the document signature (Passive Authentication) and Active Authentication. Also, Basic Access Control needs a lot of testing.

Big Brother Awards 2005

Today, the sixth "Oscar awards for data leeches" will be awarded. The BBA is a "negative award" or "anti award" for persons, organizations, companies, government agencies that disrespect civil liberties, data protection and privacy.

I've always been a big fan of those awards (which are now even awarded in a number of countries outside of Germany, too). They provide an excellent opportunity to publicly point at (and rant about) those who further restrict the [digital] freedom of individuals.

This year I'm going to be present at the ceremony for the first time.

The modularity of iptables - or "ipt_SYSRQ"

One of the best early design choices of iptables was its support for plugin matches and plugin targets. Over the last five years, we have seen some 100 of such user-developed special-purpose plugins.

One that I find particularly funny is ipt_SYSRQ, a target module that allows you to issue the "magic sysreq" command via a network packet. This way you can sync, unmount and reboot a otherwise stuck machine that still responds to interrupts.

Obviously quite dangerous, but the author includes a time stamp and a cryptographic signature, so replay attacks can only occur in a very small time frame.

It's definitely a cool hack, although I'm not sure whether I'd want to put this on a production system or not.

FreeDOS project uncovers GPL violations in DR-DOS 8.1

The FreeDOS project has discovered multiple GPL violations in the commercial and proprietary DR-DOS 8.1 product.

FOSS.in/2005: Linux Bangalore outgrowing itself!

Today, FOSS.in (the event formerly known as Linux Bangalore) has released their first list of confirmed international speakers.

I could hardly believe my eyes, it is truly amazing. Is this the event that I've been to in 2003, as one of the only two non-Indian (and non-Indian origin) speakers?

Now they have a line-up including Jonathan Corbet, Brian Behlendorf, Jeremy Zawodny - and last but not least Alan Cox!

Please don't misunderstand me, there is no 'quality ranking' of conferences based on their number of foreign speakers. But this at least proves that FOSS.in has become an equal event in the line of Linux Kongress, UKUUG or even OLS.

As of now, the number of Indian Free Software developers, maintainers or even project leaders is still very small. This especially holds true when you consider the size of the Indian IT industry today...

So getting together the FOSS enthusiasts in India, and the international "FOSS veterans" should create a very creative environment and provide an excellent opportunity for lots of people to get motivated, to get involved, to write code, to join the Free Software community.

Public launch of the OpenMRTD.org project

Readers of this blog will already know it since quite some time: I've been working on a RFID stack, a library for accessing electronic (biometric) passports, as well as a matching frontend application.

anyway, since librfid now has stable support for ISO14443A and B (both used for ePassports), and libmrtd now successfully parses EF.COM, EF.DG1 and EF.DG2, I think it was about time to do a public announcement and a homepage for OpenMRTD.org.

OpenEZX wiki was launched

Thanks to my friends at maintech, The OpenEZX project now has a Wiki.

I've only added some very basic information, but I hope that developers and users especially from motorolafans will contribute soon.

One of the important things we need soon is a project logo, for both the website and the wiki. Volunteers welcome :)

Brian about a possible GPL violation

In his blog, Brian points out that the Barracuda Spam Firewall 300 seems to be violating the GPL.

It's not yet clear what kind of software they actually include, but if a customer (who has received a binary copy of the GPL licensed Linux kernel) calls them up and explicitly asks for the source and then gets fishy answers like those pointed out in Brian's blog, then there's certainly something wrong.

librfid now deals with Mifare Classic

After having finished Mifare ultralight support (and being able to read out a champions league ticket from last year), I've now implemented Mifare Classic support (i.e. Mifare 1k/4k) for librfid. Authentication and reading seems to work, I haven't looked into write/inc/dec support yet.

It seems like librfid is doing quite fine at the moment, I'll continue working on the ePassport related libmrtd tomorrow. So I hope there will be another interesting announcement tomorrow ;)

Linux wireless drivers

I've been in contact with Imre from openwrt.org for quite some time, especially since he's now actively maintaining a lot of stuff on the ftp.gpl-devices.org ftp server.

Today I had a look at the current status of OpenWRT, and I was delighted to see that there is a lot of progress. Apart from the 2.4.x kernels with proprietary WLAN drivers for Broadcom platforms (like the wrt54g), they now work on supporting TI AR7 based systems and also on soekris hardware.

What is even more interesting are

• The bcm43xx driver project, aiming at at free software Broadcom wireless driver
• The bcm-specs project, trying to write specifications for the Broadcom wireless chipsets

I really hope that those projects will receive all the support they need, and at some point in the future we'll have excellent free software support for all those devices. If only the vendors were more cooperative from the beginning...

My GPG/PGP key did not expire!

I receive many emails indicating that my GPG/PGP key has expired.

This is not true, about a year ago I altered its validity to extend beyond the original expiry date at some point on October 2005. I chose this way since it was possible (rather than creaging a completely new key).

Please re-downlaod the key from your favourite keyserver. If the problem persists, please tell me which keysever still gives you a key with an expiry date, so I can fix it by re-sending my current key to that keyserver.

Thanks for your cooperation.

Massive Response to OpenEZX announcement

When I launched the OpenEZX page two days ago, I didn't expect such a massive (press) response to it.

All I did was to write a small announcement to my weblog, and it was picked up by a lot of press, such as lwn.net and golem.de.

Looks like this blog is read by a lot of people, and there's nothing I can't post here that doesn't get immediately distributed to a lot of places. Amazing ;)

Also, I've even received multiple requests for EZX-based consulting. Apparently there are companies who're interested in a 'fully programmable GSM phone'.

On a side-note, even Bruce Perens has now bought an A780 since he thinks it's "fun to hack". David Miller is pondering to buy one after his holidays in Korea... Let's only hope that they will actually find some time to get work on the EZX phone done. It's vital to have some basic running code ASAP in order to get more people to hack on stuff like the user interface.

After two days of full-time EZX kernel hacking, I now have a compiling 2.6.14-rc4 based kernel that has already half of the EZX-specific drivers merged.

I didn't really test to flash that kernel to a phone yet, mostly because I currently don't have an original E680 firmware that I could flash into the device if anything goes wrong. Also, before trying ti flash the kernel, I'd preferably like to have JTAG running. I'll publish my kernel tree as soon as I have confirmed it actually boots on the device.

Unfortunately I also have real work to do, and today is a full-time gpl-violations.org day, the weekend will probably be spent with some more librfid hacking. Stay tuned for some more OpenEZX news next week.

Installing a Request-Tracker for gpl-violations.org

Since a number of issues were already lost on the legal@lists.gpl-violations.org list, and there's now actually more people getting involved in the project (mainly Armijn), I've installed Request Tracker for the project.

Anyone who has new gpl violations to report, please contact license-violation@gpl-violations.org instead of the new mailing list.

Please do not report any old cases (that have been posted to the list) to the request tracker, I've already added all those old cases as tickets to the new system.

There are other (more advanced) Linux Phone projects

Since I'm getting that much coverage, I want to redirect some of that in the direction of the already-existing (and way more advanced, as of now) Linux phone projects.

There are multiple mobile phone projects at handhelds.org, esp. for the iPAQ H6315 and the HTC BlueAngel.

I didn't know about any of these projects so far, but I'll certainly look at their codebase and see whether any of the high-level (user interface) code could be re-used. But let me finish the low-level driver/operating system part first :)

Adding Mifare Ultralight support to librfid

Since (as opposed to MiFARE Classic) the Philips proprietary MiFARE Ultralight RFID Transponder is actually documented quite well, I've added support for it to librfid. In theory it should work (I've implemented it just like the data sheet says), but unfortunately the transponder doesn't reply to READ/WRITE commands yet :(

The reason for implementing MiFARE ultralight is mainly to have a closer look at the Champions League Tickets from last year, since they are the "beta test" for the Soccer World Championship here in Germany next year.

Restructuring the netfilter.org project homepage

Some years ago, the netfilter project only had the kernel side netfilter/iptables code, and the userspace iptables program. Then we added patch-o-matic(-ng), and more recently there were a number of more sub-projects growing, like ipset, all the nfnetlink-related code, ctnetlink, etc.

Unfortunately the homepage design didn't really cope with the fact that there is now a more hierarchical structure with many sub-projects.

It was always my hope that some "new webmaster" would take care of it. Unfortunately we still don't have a webmaster, so I spent some time on it today. You can see the results at www.netfilter.org.

OpenEZX.org project launched

Today I've started a small preliminary homepage about my A780/E680 hacking efforts at openezx.org. This also means that the old a780-hackers@lists.gnumonks.org list was renamed to openezx-devel@lists.gnumonks.org.

Expect no big news for some time, since I'm mostly working on porting/merging all EZX specific stuff into a 2.6.14-rc4 kernel.. a quite big job that will certainly take some time.

Stay tuned.

E680 has arrived

I've managed to obtain a 2nd hand E680 phone, which is based on the same Motorola EZX platform as the A780. The E680 are only sold in Asia, so the device I now have is actually a Chinese model.

Next on the plan for A780/E680 hacking is playing with the JTAG port, and trying to flash a non-OEM non-branded non-chinese firmware into the E680.

Once JTAG is running, I will be trying to port the drivers to a 2.6.14-ish kernel and compile and install that more recent kernel.

Hanging out at 0sec in Bern

0sec 1.0 (the first incarnation of a security conference / hacker meet-up in Berne, Switzerland) has concluded today. Despite spending an enormous amount of time writing new netfilter and librfid code, I've had some interesting discussions and met a number of interesting people.

What I found especially interesting is all the work on syscall proxying that Uberwall are doing. I need to look into that stuff in more detail.

A780 batteries/charger dead?

I'm unable to recharge any of my two A780 batteries, at least not via USB. Since I'm travelling, I cannot try with the real power-supply charger. Let's hope I can somehow resolve this, and it isn't really some damage to the phone's built-in charging controller :(

On the A780 hacking front, I've now successfully confirmed that there are indeed JTAG pads on the PCB, both for the PXA270 and for the ARM7TDMI, which is great news.

I also think there is still hope that the USB device port could actually be used as a host port. At least the PXA270 supports various options for OTG. Now the big question is only whether this is compatible with Motorola's overloading of the USB (called Enhanced Mini USB).

net-2.6.15 tree has opened

Since DaveM is on holidays, Acme is now in charge of running the net-2.6.15 tree. I've already submitted nf_conntrack, the ip_conntrack hash table resizing code from Rusty, as well as "revisions" support for {arp,ip6}_tables.

I'm also basically finished with x_tables now. Everything has been merged with a post-nf_conntrack tree, and all the conntrack related matches/targets have been ported to x_tables.

Now I need to do some serious testing (including nfsim), before it can be submitted, too.

Linux Kongress

After my delayed trip back from Seville, I'm now in Hamburg for Linux Kongress. This turns out to be an extremely busy event, I have two 'regular' presentations, one full-day tutorial, and also have to host a number of sessions as "session chair" on behalf of the organization committee.

This means that there is practically no progress in either the usbdevio fix nor in the current x_tables work. However, I found some time to fix a couple of 14443B related problems in librfid.

Somehow I have the feeling that Linux Kongress has lost some of it's spirit over the last couple of years, which is sad. Especially sad, since the first Linux Kongress 12 years ago was the first time that Linux Kernel hackers have ever met.

Tomorrow I'll be leaving for 0sec in Bern/Switzerland, which I'm looking forward to.

Stuck in Seville

Iberia decided to reschedule my flight without informing me, even though that change was executed more than one month ago. They claim to have informed my travel agent. Not surprisingly, my travel agent claims never to have received such information.

This means that I'm stuck for one more day in Seville, since the next flight is only leaving at 7am tomorrow morning. Since Iberia claims it was not their fault, they're also not willing to cover any accommodation expenses.

Pablo Neira was friendly enough to invite me to stay at his place for the extra night, which means I don't have to fight with Iberia and the travel agent for any expenses.

Unfortunately I was scheduled to travel to Hamburg tomorrow, so I have to alter my train reservation and somehow make sure I'll still be in Hamburg at Linux Kongress for my tutorial.

I'm starting to get sick of those travel irregularities. This means I'm again back to my (old) plan of cutting down the number of conferences next year.

More netfilter work at workshop coding day 1

After having terminated the traditional workshop part, we've today had day 1 of the workshop.netfilter.org hacking sessions.

Despite the different topic, I spent the better part of the day with Michael Bellion and Henrik Nordstrom working out the details of nf-hipac / nfnetlink integration.

Apart from that, there's now a nf_conntrack header cleanup in my git tree, I've ported ebt_[u]log to nf[netlink]_log, fixed some minor Kconfig issues, merged some patches from Yasuyuki and Pablo, and pushed forward a round of fixes and updates to DaveM.

Second day of netfilter workshop

If I would start to write about everything that we discussed or only about the results from the discussions and presentations, I would probably need all night to write this blog entry.

It's been a very productive two days, and I'm looking forward to the hacking session that will happen on the next two days. Some of the TODO items for the hacking session will be:

• nfnetlink-enabling nf-hipac
• resolving some header file issues for 2.6.14 / nfnetlink
• using Gandalf's hashtrie as conntrack hash
• nfnetlink-enabling ipset
• using string search api for pattern matching in conntrack helpers
• completing userspace conntrack helpers using nfnetlink_{queue,conntrack}

Ok, have to stop for now, too much exciting stuff keeping me busy here :(

ulogd2 is working

I've managed to bring ulogd2 to a state where it finally does something. The dynamic key resolval/linking of plugin stacks is working, and some basic plugins (NFLOG input, IPV4 packet interpreter (BASE), LOGEMU output) are working, too.

So the remaining work will mostly be in the plugin area. We're currently missing

• ctnetlink input
• packet->flow aggregation (basically 'nacctd')
• IPFIX input and output
• convert the old mysql/pgsql/sqlite output plugins

If you're interested, patches are always welcome. The code can be downloaded via svn from http://svn.gnumonks.org/branches/ulog/ulogd2/.

Heading off to workshop.netfilter.org

Tomorrow morning at 8am, I'll be leaving for workshop.netfilter.org, the annual netfilter developer workshop.

For the first year, we actually have presentations that are intended for sysadmins (aka 'users'). I'm missing the first day of this user event, but am obviously present for the two day workshop/discussions and the two days of hacking following up the official workshop.

I want to publicly thank Pablo Neira for organizing this years event. We've now had workshops every year since 2002. They've been very low-profile and small so far. But look at this year's event. It actually has a homepage that's worth mentioning, and the sponsors seem to be literally lining up..

Looking forward to meet lots of fellow hackers, especially those whom I haven't met since last years workshop.

ulogd2 about to hit alpha state

Yet another of my projects that never received the amount of attention that was required is ulogd2. If you already know the ulogd-1.x series, then you know it as an efficient packet filter policy violation logging daemon, with backends for files, syslog and various SQL databases.

ulogd2 is much more than that. It's more abstract, and more universal. It's no longer limited to receiving packets from the ULOG target, but is fully modularized, with modules for ULOG, NFLOG (see linux-2.6.14), IPFIX, ctnetlink, ... Now you might wonder why there is something like IPFIX and ctnetlink? That's because ulogd2 can also process (aggregate, export) per-flow information.

The most difficult part of the implementation is the dynamic creation of "plugin stacks", but I think I wrote about this earlier in my blog.

The good news is, that just before I went to bed, ulogd2 compiled for the first time ;) This means I've waded through the tons of errors and warnings created by all the changes introduced since it forked off ulogd-1.x about a year ago.

Now there are some bits of missing functionality here and there, and certainly a large bunch of bugs. But if you are a software developer, you know it's much easier (and rewarding) once the beast actually runs :)

More A780 hacking

Today was a very exciting day of more A780 hacking. You know, from time to time it's quite good to do something else than stupid netfilter development or the like ;)

So what I've been able to do? Well, I analyzed most of the device drivers from userspace side. I now know the key-codes of every keypad or other button/wheel/dial on the device, I know the touch screen and framebuffer. I can control the three different backlights.

Then I've learned a bit more about the architecture of the phone. The Xscale processor (PXA270 Bulverde) actually uses USB to talk to the Neptune chip. Neptune is a DSP with a synthesized ARM7TDMI on-chip. The PXA270 runs in host mode, the Neptune in device mode.

Interestingly, the Motorola developers have debugging callbacks in the stock kernel. So by registering a simple kernel module with the USB rx/tx functions, I now have hexdumps of the USB traffic between those two chips (also called AP and BP).

Then I called the a780, and I immediately received some nice hexdumps in the kernel ring buffer. The first thing I could spot was "IP: "+4930xxxxxxxx",1\r\n". There it was, the incoming phone number :)

Some other nice guy at motorolafans.com has managed to replace the proprietary userspace Bluetooth code with the stock Linux BlueZ codebase. He's working on Bluetooth keyboard support... that would really be nice. Using a Bluetooth keyboard with the Qonsole terminal emulator (or even a framebuffer console) of your phone :)

I'm really confident that the AP<->BP protocol can be worked out fairly quickly. Once this is done, we can start developing our own "phone" programs, and get rid of all the bloated embeddedQT and Java crap that is running on the phone. It has 48MB of physical ram, and the database daemon has a resident size of 2.7MB, the address book 4.5MB, the "phone" program has 6.6MB. This is really ridiculous...

At the end of the road, I'm dreaming of something small and efficient, running uClibc, busybox, DirectFB, ...

The USB device port of the device is called "Extended Mini USB (EMU)", because it apparently can be switched in more than half a dozen of different modes (by assigning various pull-up/pull-down resistors). Apart from a USB device, it can for example run a UART on that port. However, since the USB host port is already used for Bulverde<->Neptune communication, I don't think it is possible to run the phone in USB host mode. This basically rules out attaching a stock 802.11 wifi USB adapter, which is very sad.