Category Archives: English

Sony Xperia X Compact Modding

I decided to write this post since I couldn’t find any single page that lists all the “secrets” you need to know when modding your Sony Xperia X Compact (XC) codenamed “Kugo” in a concise manner and in a single place. And after half a year when I last tinkered with my XC, I had forgotten about all the details again, so I had to research them again anyway…

I give credit to the following XDA people (but not limited to them, I apologize to those who I might have forgotten):

General Approach

The general approach when modding your phone is the following:

  1. Flash custom recovery
  2. Backup current installation/data
  3. (Optionally: flash latest stock firmware)
  4. (Optionally: flash custom recovery that works with your new stock firmware)
  5. Root
  6. Flash other mods or use “root” apps

Custom Recovery

Fastboot Mode

First let’s explain what “fastboot mode” is: Fastboot is both a tool and a protocol for writing data directly to your phone’s flash memory. In practical use, it is used to flash images such as recoveries, bootloaders, and kernels to your Android device.

The “fastboot” tool (as well as “adb” which is also needed when tinkering with your Android smart phone) is part of the Android “platform tools,” which you can download directly from Google (roughly 4M only).

To bring your phone into fastboot mode, perform the following steps:

  1. Switch the phone off.
  2. Hold “Volume up” and connect your phone to the USB port of your PC. The notification LED should first light up in red, then blue, and provided you have correctly installed drivers, you will be able to use fastboot commands.
    Note that the screen will remain black. You can check whether you are in fastboot mode with the following command:

    $ fastboot devices
    BH901XXXXX    fastboot

    If you see output similar to the above, you have successfully put your phone in fastboot mode.

Continue reading Sony Xperia X Compact Modding

Get certificates for “internal” hosts from Let’s Encrypt

I have a pretty large internal IT “landscape” in my house, and as an IT pro I want everything to be clean and “safe.” So even internally I’m using official SSL (or I should say “TLS”, as SSL 2.0 or 3.0 is deprecated since many years…) certificates for my router, WiFi access points, NAS devices, intranet server, etc., using host names in my own domain. I host this domain DNS-wise myself on a root server I rent from Hetzner.

Before the StartSSL disaster I got my certs from them. Afterwards I switched to WOSign, but now that they had their scandal as well, what to do?!

Well, Let’s Encrypt, a free public CA, is something I’m using anyway for my root server since they started operating. But to verify ownership of a domain name you had to run a web server on that respective host — something I can’t easily do for my internal hosts, as they have private IP addresses only, and their host names are not even publicly visible (they don’t have  a public A record, only one visible in my internal LAN). Even for my router’s externally visible host name I can’t easily use an HTTP-based challenge, as for security reasons I don’t want to operate a web server there.

By chance I came across the dns challenge that is now available in Let’s Encrypt’s certbot. This challenge works by deploying a TXT record that certbot requests to be under this domain name. Once you did this, you tell Let’s Encrypt to check, and if they find the TXT record this proves that you have authority over the domain.

Using it is quite straight forward:

# certbot certonly --manual -d hostname.internal.bergs.biz --preferred-challenges "dns"
[...]
Please deploy a DNS TXT record under the name
_acme-challenge.hostname.internal.bergs.biz with the following value:

YrAE-fmu-Zjsdhsjhd328723hjdhjcjHJJHJhds

Once this is deployed,
-------------------------------------------------------------------------------
Press Enter to Continue

A few seconds later I had successfully received my certificate.

So now I will write a script that will run periodically on my intranet server, and that will retrieve the then-current certificates for my internal hosts from my root server, and deploy them internally.

Hard drive slot does not matter in Synology

You can read all over the internet that it’s important to put your hard drives into their original slots, e. g. when you migrate to a new Synology device, or when you need to remove the drives to add memory.

This is simply not true.

As expected DSM, which is a flavor of “Linux,” will automatically discover your physical partitions based on the GUIDs each partition has, and then reassemble your volumes. I just tested this (i. e. intentionally put the drives into the device in the wrong order) with a JBOD volume, and I had no issues whatsoever. I cannot see why this should be different with SHR or RAID-5, for example.

If you have also tested this, please let me know how it went for you.

Securely erase Drives on Synology NAS

I had to erase an external hard drive, a WD My Book, because I had to return it due to defects. So I searched on the web how to do that on a Synology DS916+ NAS, but I could not easily find the solution. Therefore I did a more generic search how to do it under Linux, and came across the tool “shred” which I had used years ago for the last time.

I checked on my NAS, and the tool was readily available. So I ran the following command to securely erase the (external) hard drive:

 shred /dev/sdq1

Hope this helps people who need to accomplish the same.

Stop Windows from waking up from Sleep for Updates

Since I have Windows 10 on my PC, I have a very annoying behavior, namely that Windows wakes up from sleep in the middle of the night to perform a reboot to install updates.

There is many “hacks” on the Internet how to disable this, but the only “proper” way seems to be by defining a Group Policy:

  • Run Group Policy Editor: gpedit.msc
  • Open branch Computer Configuration\Administrative Templates\Windows Components\Windows Update\
  • Set node Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates to Disabled

This should stop your PC from resuming from sleep to install updates.

Please let me know if this helped.

Monitoring Microsoft SNDS Status

If you operate a mail server, you should be aware of its “reputation,” because a bad reputation can give you issues sending email to certain recipients.

Microsoft operate a set of services called “Smart Network Data Services (SNDS)” to protect their own email services. If they see spam or other “malicious” activity from your address space, they might put you on a blacklist, and based on that reject email from you. It is easy to register yourself so that you can query the status of your IP address space. Just visit the above site and get started.

I created a quick’n’dirty monitoring script for Nagios to monitor the status of my IP address space in SNDS. Whenever there is data for one of my IP addresses, this script will return a WARNING status, so that I can look into it.

The script looks like follows:

#!/bin/bash

URL='https://postmaster.live.com/snds/ipStatus.aspx?key=12345678-1234-1234-1234-0123456789ab'

content="$(curl -s $URL)"
size=${#content}

if [ $size -gt 0 ]; then
    echo "WARNING:SNDS status seems to be UNHEALTHY"
    exit 1
fi

echo "OK:SNDS status is OK"
exit 0

You also need command and service definitions in Nagios as follows:

define command{
        command_name    check_snds
        command_line    /usr/local/lib/nagios/plugins/check_snds
}

define service {
        host_name                       my_host
        service_description             SNDS
        check_command                   check_snds
        use                             generic-service-internal
        notification_interval           0 ; set > 0 if you want to be renotified
}

Now, Nagios will monitor the “reputation” of your address space for you.

Migrating from Synology DS415+ to DS916+

Today I migrated from a Synology DS415+ (upgraded to 8 GB myself) to a brand-new, unused Synology DS916+ (8 GB factory equipped.)

I followed the instructions given by Synology, but as my actual experience was considerably different (actually easier!) from what supposedly should have happened, I’m documenting them here for reference.

I started by upgrading the old unit to the latest DSM version, and then shutting it down. I moved all four hard drives to the new unit, making sure the same order of the drives in the drive bays was maintained.

I then switched on the new unit and launched the web UI in a browser. This is what I got:

synology-migration-01 Continue reading Migrating from Synology DS415+ to DS916+

Capture MiniDV tapes via Firewire

Until some years ago I was using a Canon MiniDV camcorder to record home videos, but since then I had switched to one using SD cards. I have about 40 tapes left which I wanted to capture for “posterity”, but it turned out that it was not as easy as I thought…

My first try was to do it on my (somewhat elderly) MacBook Pro. It still has a Firewire (IEEE 1394) port, and I quickly found out on the Internet that I should be able to grab video from the camera using iMovie. Well, that was indeed pretty straight-forward, apart from that I had strange issues with some tapes. For some tapes, iMovie would simply report “No data from device”, even though the tapes played well on the camcorder. I would write a large number of very small files to the Mac, instead of relatively few large ones that I expected according to the source material.

So I searched for alternatives.

I quickly came across a tool called WinDV which I had actually used 10 years ago already. :-) Turned out that the tool still works under Windows 10, which I found pretty amazing, and that it could capture some tapes I couldn’t capture using iMovie. Still, there were some tapes that not even WinDV could capture…

I resumed my search for a suitable tool, and then came across DVgrab, which runs under Linux (Ubuntu in my case). Apart from installing it, there was nothing to do, no device nodes to create, no permissions to be modified, etc.

To make a long story short, DVgrab seems to be the perfect tool for me. Completely non-interactive, which is a big pro in my eyes because it eliminates human error (to make sure settings are the same all the time), and it finally could capture the tapes the other tools couldn’t capture. I have no clue why they failed, as the tapes seemed to contain all the required info (actual, correct timecode).

Just for reference, this is the command-line I used:

dvgrab --autosplit --timestamp --size 0 --rewind Florida-

These parameters make sure the input is split automatically into separate files (starting with “Florida-“) if a discontinuity in the timecode is detected, the tool includes the timestamps from the timecode in the filenames, it creates files of unlimited size (otherwise it would split output in 1 GB chunks), and it will rewind the tape prior to capturing it. Output files will be named like  follows:

-rw-r--r-- 1 rabe rabe 149M Jan 26 21:32 Florida-2009.05.06_13-55-15.dv
-rw-r--r-- 1 rabe rabe  69M Jan 26 21:32 Florida-2009.05.06_14-25-25.dv

It can be that simple!

I hope you enjoyed this blog post. Please leave a message  if it was in any way helpful.

Synology refuses to admit annoying “Cloud Sync” Bug

Since about half a year I’m struggling with a very annoying bug in Synology’s “Cloud Sync” package I’m running on my expensive Synology DiskStation DS415+ NAS. It is still present as of today’s DSM 6.0.2-8451 Update 2.

I would like to backup my photos to my Amazon Drive/CloudDrive. As an Amazon Prime customer I can store an unlimited number of images, and only images — other files, like *.xmp sidecar files, will count against my general 5 GB limit.

The problem is that Synology’s Cloud Sync will upload the sidecar files, even though I explicitly only select “Images” to be backed up (and *.xmp is not part of Images, as I will show you!). Continue reading Synology refuses to admit annoying “Cloud Sync” Bug

Update U-Boot on TP-Link TL-WDR4300

A couple of days ago while I was working from home my trusted TP-Link TL-WDR4300 seemed to have died suddenly (just a couple of days after the two year warranty had expired!) — at least this was the result of my initial investigations.

The symptom I had is that suddenly my internet connection seemed to be down — which was surprising enough, as since I upgraded to VDSL2 vectoring my line was rock-solid, and it normally dropped only once a month or even once every couple of months. When I tried to find out what happened I noticed that my router was inaccessible, I couldn’t even ping it. I thought it had crashed, so I power-cycled it to reboot it, but it didn’t come up…

So my conclusion was that it had died.

I quickly reconfigured a Linksys WRT1200AC which I bought a couple of months ago as a spare device, meant to replace the current router “one day”, and put it into operation…

Today I spent some time investigating what actually happened. I wanted to use the serial console of my rev. 1.7 device (the PCB is rev. 1.3), but found that there was no connector in place for the UART, just the holes in the PCB.

dav

So I quickly soldered in the pins, and connected the router to a laptop.

sdr

To my surprise the router booted without any issue at all. I played around with it until I was sure that there was absolutely no problem — I thought the file system in the flash memory might have been corrupted, but everything was ok.

So now that I had opened the device and connected a laptop to the serial console, I thought it would be a good occasion to update the U-Boot boot loader to a modified one by “pepe2k” that adds a lot of very useful features.

I used the instructions pepe2k provided on Github, specifically the part where he describes how to install via TFTP from the serial console. The “biggest challenge” was to find where to download the actual boot loader binary. Finally I found it here.