Tuesday, 23 May 2017

JOURNEY TO THE FREEDOM PART III.

Liberating cell/mobile phone

 

Have you heard abour Replicant OS? If not read the details here:

Wikipedia about Replicant
Replicant home page



The telephony and SMS technologies themselves are bad from security point of perspective, but many people are sacrificing their privacy and freedom also in other ways which nowadays smartphones provide as features.

Why to use Replicant over Android/iOS

Since all the reasons have been written/published already I'd like to highlight article from replicant's page :

Freedom/privacy issues 

In short: Mobile devices such as phones and tablets are taking and increasingly important part in our computing, hence they are particularly subject to freedom and security concerns. These devices are actually full computers with powerful hardware, running complete operating systems that allow for updates, software changes and installable applications: this makes it easy to run free software on them. Mobile devices are often used for communications and provide hardware features that are sensitive when it comes to privacy and security: GPS, camera, microphone, etc, in addition to storing the user's data. Hence, they are particularly subject to being used to spy on the user.

Other useful details 

Please check also following links to get an overview and supported devices by Replicant
FAQ
Supported devices

Replicant 6.0 was released on 13 May 2017 and is based on LineageOS 13.0 which is based on Android 6.0. Here is the changelog .

What device to choose ?

The situation is the same as with Libreboot - only few devices are supported and all of them are fairly outdated. So it's up to you, but be sure to pick up from list of supported devices. I've chosen Samsung Galaxy S3 i9300 - those are easy to get and are fairly cheap now (50-100E). Also it's probably the best one to choose among other supported devices due to release date and hardware it has. Also all the important features are working in order to use it as cell phone with Replicant.

Installation


You will need:
Replicant supported device + usb cable
PC running Linux OS (In my case it was elementaryOS 0.3.2)
Heimdall installed in Linux (in my case heimdall v1.4.0)
Internet connectivity

Installation steps.
There's good documentation on Replicant forums for each device. All the details for Galaxy S3 are grouped here
Installation details for Galaxy S3 i9300 are documented here. Following text is basically copied from replicant's installation guide with little corrections/additions and my screenshots included.

It is possible to install Replicant when using internal phone storage or using SD card. Also it's up to you whether you're going to use ADB or heimdall to flash. I'm going to use heimdall, internal storage and precompiled Replicant image. For convenience it's good to perform all steps as root.

Step 1. Download all necessary files & checksums

You can find the files here. So I had to download 5 files in total. I have used wget to download it to my PC.

Step 2. Make sure you have added the Replicant release key to your GPG keyring

- details here

Step 3.  Check the signature of the files and check the checksum of the files.  

Do not install anything if it doesn't match !




Step 4. Copying the files to the phone

1. Make sure the device is started up and has an Android system running
2. Connect the USB cable to both the computer and the device
3. Enable USB mass storage on the device
4. Mount the mass storage on the computer
5. Copy the replicant-6.0-i9300.zip file at the origin of the mass storage

Please note that the path names may differ on your system (you will have to find the correct one once you connect device to the PC)


6. Safely unmount the mass storage on the computer
7. Disable USB mass storage on the device

Step 5. Preparing the device

1. Make sure the device is completely turned off and the USB cable is disconnected from the device
2. Start the device by holding the following key combination: Volume down, Select, Power
3. Hold the key combination until the device shows a Warning message


4. Confirm that you want to download a custom OS (using volume up)
5. Make sure the device is in Downloading mode

6. Connect the USB cable to both the computer and the device

Step 6. Installing recovery images

1. Install the recovery image to the device:

 

2. Make sure that the device reboots to recovery after "Releasing device interface.." output  by IMMEDIATELY holding the following key combination: Volume up, Select, Power


You have to be quick with pressing those buttons as the phone is rebooted automatically after heimdall flashing is finished. Also if Recovery menu doesn't come up and Samsung logo keeps blinking, just release the buttons and it will proceed to recovery.

Step 7.  Factory reset

A factory reset is necessary if you switch from the factory image or a different Android distribution to Replicant. You also need to do a factory reset when upgrading to a new major release (e.g. from Replicant 4.2 to Replicant 6.0). Only when updating to a new minor release (e.g. from Replicant 6.0 0001 to Replicant 6.0 0002), a factory reset is usually not required.
1. Select Factory reset
2. Select Wipe data (keep media)
3. Confirm the data wipe by selecting Yes
4. Press the back key (if necessary) to get back to the general menu

Step 8. Installing replicant image

1. Select Apply update
2. Select Choose from emulated
3. Select the system zip: replicant-6.0-i9300.zip
Note: if your device was running Android 4.2 and later, it may be located in the 0 directory
4. Confirm the installation


 It takes some time to install but shouldn't take too long.

Step 9. Completing the installation

1. Press the back key (if necessary) to get back to the general menu
2. Select Reboot system now to reboot the device

It will take some time until it boots up to the UI for the first time so don't panic


Your device should now be running Replicant!

Screenshots right after it boots:


Things to note

- check again what is not working in current release here
- even though not all of the things are working it is stable/usable enough for daily use
- you may encounter minor hiccups/lags and/or app crashes from time to time
- there's no PlayStore nor any google apps/services (guess why :) ), there's "appstore" called F-Droid instead (learn more about F-Droid here)
- there's not convenient update of Replicant, you will have to follow nearly the same procedure when updating to newer release







Things I did after installation

- Encrypted the phone
- Installed the apps I need (I'm using xabber for XMPP, will have to search for mail client)
- checked the recommendations here



Isn't it nice to have up to date Android security patch level on device which was released back in 2012 ? How many of you can say the same about your older and/or recently release devices ?


Update 3.11.2017:  When updating to the most recent release of Replicant (Replicant 6.0 0002 ) it turned out that using the "emulated storage" when choosing which image to use for update is not working on encrypted device. ADB sideload method must be used instead.

Saturday, 21 January 2017

JOURNEY TO THE FREEDOM PART II.

Liberating PC

 

0. Preparation and optional steps

Optional steps are marked as optional, all the other ones are mandatory. Also review Part I. of this series.

SSD (optional 69,99) - you might want to keep the original disk, but SSD will speed it up significantly.
I've chosen Silicon Power SSD S55 240 GB, due to its price and performance. It's often performing in the same performance level as more expensive models. You can read the review for example here Silicon Power SSD review (czech language), or you can find the reviews in your language on the internet. One note: according to the reviews the 240GB version perfoms better than the 120GB one.

Thermal grease 5- I will need to change the original grease due to its age and performance. I picked up well known and one of the best: Arctic MX4 (specs here). You can also borrow one from a friend as you will not spend all of it for this task.

OS and installation media - I have created bootable live USB with Trisquel 7 on it. I'm not using CDs for installation due to the speed and also using the USB is more convenient in terms of experimenting with various OS installations. I've used tool called Unetbootin to create the live bootable USB, but there are many other ways on how to do it using plenty of different tools and using Windows/GNU+Linux or MacOS. The reason to choose Trisuqel was that it seems to be widely used in the community which (hopefully) means better support. You can also choose different OS which is fully free when you take a look on the list in the 1st part of this series.

Installation of Trisquel 7 - I have installed it on the SSD right after I replaced it. The replacement of HDDs itself takes few minutes. I want to have the Trisquel installed before I flash the Libreboot just to be sure, although nowadays it's possible to reinstall OS when using Libreboot  without reflashing the ROM. Installation itself is pretty straightforward - you can find the guide here.

Determining the ROM size (optional) - This step is optional if you're going to follow my recommendations to buy both 8 and 16pin SOIC clips because there are 2 possible ROM sizes available on these laptops - 8Mb (16pin) and 4Mb (8 pin). You can get the size by booting any live linux distro and running: dmidecode | grep ROM\ Size . My is 8MB one so now I know which SOIC clip to use without disassembling the laptop.


EC update - It is recommended that you update to the latest EC firmware version as per Libreboot documentation before flashing to Libreboot. Fortunately my T400 had already the newest version of EC (checked by Lenovo tool in Windows 7 OS). Can be done in Linux as well, instructions here.

RAM (optional) -  according to the specs and rules mentioned in Part I.  I was able to buy 2x2GB for 20 which are compatible with Libreboot.


Checking Odroid C1 GPIO compatibility with the Raspberry  Pi - Odroid C1 specs . Since all of the tutorials on the internet are written for Raspberry Pi, I've decided to use my Odroid C1 to demonstrate it can be done with it as well. This is mandatory in order to know what to connect and where even though the GPIO on C1 is compatible with Raspbbery PI. I've put together excel table with pin layout and cable colors based on my setup on SOIC clip which is shown below.

SOIC clips
GIANT WARNING - if you don't have HUGE amount patience and don't want to loose many hours trying I suggest you tu buy POMONA clips instead of the clips I've bought - Pomonca 5250 (8pin) and Pomona 5252(16pin). The reason I've bought SOIC clips from China was the price  (cca 4x cheaper than Pomona). I did one mistake at the time of ordering as I didn't notice that the pins on chinese clips are way too close to each other to use them with the jumper cables without modification.


Comparation of Chinese and Pomona(blue) clips:



If you have already ordered the same clips as I did, or you just think that 20$ is way too much for 1 piece of little plastic thing, you will need to modify those clipsand wires as I did. The basic concept is to connect the jumper wires in the way that they they are isolated from each other so there is no short circuit at the end.

How I did it:
The first thing to do is to remove black plastic cover at one end from the jumper wires. After that you will need to use pliers to push the naked connector to make it thinner a little bit more to have enough space for all the jumper wires. If you push it too much you will not be able to conenct it to the clip pins. It takes some practice and few damaged/unusable wires to get used to it. Next step is to use heat shrinkable tube for every 2nd wire to insulate it. The reason to use it on every 2nd only is again to have as much free space between the pins as possible. I've bought the thinnest shrinkable tubes available in my city. Final step is to fix all the connected jumper wires altogether - I've used bigger heat shrinkable tube to fix them with the clip. The reason for this is simple - you don't want to touch exposed wires when flashing and you don't want the wires to be moving and potentially disconnecting from the clip during the manipulation.
   Of course you need to use multimeter to ensure that there's no short circuit at the end between any of the pins and to ensure that you have connectivity from the end of connected jumper wire and the corresponding connector on the clip. DO NOT try to flash the chip without verifying these with multimeter.










I. Laptop disassembling

I've used following video to disassembly the laptop fully. As mentioned in the Part I, the T400 model requires complete disassembly to expose the chip. Experienced user can do it in ~ 1 hour, so it may take few hours to disassembly it completely for non-experienced users. You can use following link to see step-by-step disassembly with photos as well. I have also taken some photos during the process with my smartphone as this model contains many small parts / cabling so I can use it later on when building it back .





II. Locating the SOIC chip and connecting the SOIC clip

The chip itself is located between the chipset chip and ram slots as shown here (photos taken from here:


Second picure also shows the pin numbering and orientation on this 16pin chip. I have downloaded Odroic C1 GPIO specs and also the Macronix chip diagram: 













Be sure to have your Odroid/Raspberry/any flashing device powered off before connecting the SOIC clip to the BIOS chip.

Odroid C1 GPIO numbering is printed on the board so it can be easily determined how to connect to the correct pins when  using the previous tables:











After I have connected everything and checked 2-3 times if the order is correct I have turned on my Odroid C1. Btw I have Ubuntu 16.04 running on my Odroid, Also I have connected it to my LAN via ethernet cable so I can do the flashing  remotely via SSH so I don"t have to attach any display to the Odroid.

III. Flashing

I suggest you to do everything as a root to have full permissions. 
First thing to do was to download flashrom/other utilities needed and extract them:









I had to download libreboot ROM which had to match my bios chip size as well:



Then I needed to load SPI modules in order to be able to read/modify the ROM as I didn't see any spi device under /dev. After little bit of digging I've found following on Odroid forum, so I just had to execute following:

root@odroid:~# modprobe spicc
root@odroid:~# modprobe spidev
root@odroid:~# ls /dev/spidev0.0
/dev/spidev0.0
root@odroid:~#

So now when I have the modules loaded, I've tested to read the ROM chip afterwards which was not successful at a first time, so I had to power off Odroid, check if the clip is connected correctly and repeat the check again. Luckily it was successful for the 2nd time :) and I saw following:


Next step was to change the MAC address inside the libreboot image to match the MAC of the integrated gigabit LAN I have on the T400. This MAC can be found either on the sticker located on the motherboard and/or sticker on the back of laptop. You can see couple of my typos :).


Of course, in case of any problems I had to do the backup of the original Lenovo ROM. This procedure also involves rom read check - saving at least 3 attempts to read the original ROM and comparing their md5sums. All the sums must mach and you must not continue without md5sums being the same for all the attempts. As you can see I had luck and all the attempts to read the ROM yielded into the same result and all the md5sums matched. So I was confident that the setup is 100% correct:



Now let's proceed to the flashing itself. I was lucky enough to get it flashed on the 1st attempt, but that's not always like that as per Libreboot documentation:

"You might see errors, but if it says Verifying flash... VERIFIED at the end, then it's flashed and should boot. If you see errors, try again (and again, and again); the message Chip content is identical to the requested image is also an indication of a successful installation. "

Also it's recommended to use short jumper wires for better signal, in my case I've used 10cm ones, This makes the manipulation complicated though. But that's maybe why I've done it on the 1st attempt:


IV. Assembling the laptop back.

Nothing special here, I just had to be careful as there are few tiny parts. Also I have changed the thermal grease for CPU and northbridge on the motherboard during the process.
  As I was not sure whether the whole process was really successful I did try to boot it without palmrest and keyboard fully assembled back, I just connected the wires. Btw I've used the same video to assemble it as to disassemble it among with photos taken during the disassembling. Also photos from Libreboot documentation are helpful as well.

V. Boot it!

So I held my breath and pushed the power button. Voila ! It booted successfully :


























And a screenshot from Trisuqel 7 booted via Libreboot:


















Conclusion

Now I have my hardware paired with pure free software, but journey to the freedom is only at the beginning. There are many other challenges awaiting to free myself from the proprietary world where possible. I will share my progress here, so you can expect bunch of other blogs related to this topic in the future. I'm going to flash the MB with 4mb chip (8pin) as well so I  will put a brief update here.



Sources used:
https://libreboot.org/docs/install/t400_external.html
https://github.com/bibanon/Coreboot-ThinkPads/wiki/X200-X201-Hardware-Flashing
https://github.com/bibanon/Coreboot-ThinkPads/wiki/Hardware-Flashing-with-Raspberry-Pi
http://pi4j.com/pins/odroid-c1.html