Reading (For Dummies)

Cisco switch secret features

The cat's out of the bag, so to speak.

A while ago, I bought a Cisco/Linksys SRW2016 switch. It's a nice gigabit, managed, 16-port switch. I bought it for doing some silly things in the house like vlan tagging, and dealing with large amounts of traffic.

The switch can be managed via a serial port on the front, or by telnet or ssh. The switch runs vxWorks under the hood, has an ARM 946ET processor if I recall correctly. So it's fairly capable, and it could definitely run ucLinux if someone were so inspired to port the kernel to it (the processor inside the switch lacks an MMU, so running a 'normal' ARM variant of linux would not work).

When you SSH to the device, you can hit Ctrl+Z. This suspends the normal menu-driven system and gives a shell prompt. From there, you can execute a few commands. 'lcli' gives an IOS-like command-line. 'mcli' gives a SNMP trap and mib editor (which is password protected, the passwords aren't published). 'debug' gives a very weird debugger, which allows you poke at i2c (it's definitely not your father's process debugger, I don't really get it). 'debug' is also password-protected.

I managed to extract the passwords from my device. I did it by un-ROS'ing a firmware update I downloaded from Cisco. I stared at the binaries extracted from this and figured out that they were lempel-ziv compressed, so I decompressed them. I was then able to find the accounts for the switch stored in one of the binary files (no disassembly needed, I just searched for strings, so hopefully I am clear of any wrongdoing with respect to the EULA that came with the firmware).

I was a little shocked about a few things: the passwords are stored in plaintext on the switch. In fact, all of the switch passwords, including normal user accounts, have their passwords stored in plaintext it seems. Bad, Cisco. Very bad, especially when the switch is already running openSSL. How hard would it be to store hashes of passwords? Second, I'm surprised that these features were left in at all. It doesn't seem like they were intended. They look like developer cruft. Tracking the communication that occurs between chips on the switch is probably not something the average admin cares to do.

I posted the passwords for these special functions on the LCLI wiki. Note that you need an account to log in to the switch with, so these aren't security bypasses. They would probably allow the ambitious to do a thorough RE job on the switch, though, without having to invest in hardware like a Bus Pirate.

Dying with music inside

I had an unusually musical weekend the last few days. Something I complain about often is that my current hometown has little available for live music. Summer is the season of the folk festival, but students are gone in the summer; thus, any folk festival would have no audience. Students make up about 80% of the population of the Palouse, after all.

The Birds on a Wire Fest to the rescue. The venues are indoors, which is kind of a bummer (though not really...while the daytime temp is in the 50-60s this time of year, once the sun sets it gets freezing outside). The music is good, though. Obviously I won't be hearing any of my favorite east coast artists, but there were a few Seattlites that I was interested to hear. I am thankful that this fest occurred, encouraged that their was good attendance, and hopeful of what next year may bring.

Saturday night Laura and I headed up the Fox Theater to check out the Martha Graham dance company. Modern dance tends to sketch me out a little bit -- I guess watching Lebowski's landlord reenact the downfall of Greece makes me think that the whole genre is a bit of a farce, but Martha's namesake did two very nice modern ballet pieces, highlights of the show.

Their Errand into the Maze was particularly awesome. My favorite play ever is Shakespeare's The Tempest, and the Graham minotaur reminds me in a strange way of what a powerful Caliban would be. If you do get a chance to check out Martha's company (particularly if they have a nice pit symphony playing), be sure to check them out.

Automatic gardening

I've decided to geek out a bit and build an automated garden-maintenance package.

It's kind of neat working for the company that I work for. We deal with a lot of automation equipment, and it gives me a lot of ideas. Recently, I've been considering adding some rain barrels to my house gutter system, and automating my garden watering. My work plays into this a little bit because my daily bicycle commute brings me past Decagon Devices (located on the same street as my office).

Decagon makes moisture detection equipment. Well, saying that Decagon makes moisture detection equipment is a bit like saying that Harley-Davidson makes scooters. Decagon's sensors are on NASA's Phoenix Scout surveyor (may it rest in peace).

Decagon's sensors are a little pricey...the lowest-end models cost about $110 each when purchased in small quantities...but they are much better than the "nails in gypsum" soil moisture sensors because they use alternating current. Over time, the homemade gypsum units tend to collect salts in the gypsum, which skews their accuracy by a long shot. I plan to pit gypsum against the Decagon units this summer. I'll be recording the measurements from both types of sensor starting on Labor Day. Hopefully this will be useful to the amateur hacker crowd in deciding how to automate their watering systems.

I'll be using an Arduino to monitor the soil moisture sensors, and I'll be shopping around for an electrical actuator to actually control the valve to the drip lines in my garden (the actuator will probably be operated by a relay connected to the Arduino, assuming that I can get things working). If everything goes well, I'll likely make (or buy) more sensors and rig up my entire landscaping with automatic soil monitoring and liquid dispensing equipment.

Now if I could only automate the weeding process...

Creative X-Fi Xtreme PCIE audio challenge

A few years ago, I bought a crappy little Dell Poweredge T105. I use it as my primary workstation. It was cheap (about $200), has a dual-core Opteron processor that supports virtualization, and came with 8 gigs of ram. It's a great little development box.

I bought a sound card for it immediately (and also a cheap video card, an ATI Radeon X1650). Since the computer only has 1x and 8x PCIE slots, I had to get the cheapest PCIE sound card that I could find. That was a Creative X-Fi Xtreme PCIE. I guess this card has a CA0110 chipset. ALSA for linux does not yet support this chip correctly (or rather, it must not support the PCIE to PCI bridge set on the card? I know very little about this PCIE stuff, being an embedded guy).

Today I throw down the gauntlet. If anyone can produce a patch for alsa to support this card, I will send them $100US. I figure a decent sound card will cost me at least that much. I have a USB sound card in this computer, but it does suck...it can barely play CDs without sputtering and popping. Produce a patch, email it to me (my email address can be found on my resumé, located at this domain name slash resume.pdf) and I'll work with you to make sure that it works. I'll mail you my sound card if you haven't got one (so long as you promise to mail it back when finished). Oh and send it to the ALSA people please. K thx.

Pascal's Paradox

A few days ago, a funny Seventh Day Adventist showed up on my door. He was a friendly enough fellow, and asked about my faith. "Atheist," I said, "and anyone that tries to tell me otherwise is probably trying to sell something."

Yeah, I like the Princess Bride. He scribbled this down in his notebook. Great, I'm probably on some kind of "prayer list" or something.

"Really?", he asked. "How can all of this subjective experience be just nothing?"

"Simple," I said, "I live my life, and then I die, and then there is nothing left to experience."

"What do you think Jesus was: son of god, historical figure, or work of fiction?"

"Probably a historical figure, but fiction seems more plausible at times."

"Well what about the objective reality?"

Obviously my time in government service left me entirely too...sober. I was growing impatient. "Look," I said, "I go through life and question every piece of information that gets thrown in front me. I don't win a lot of friends, but I do make a difference."

"You're familiar with Pascal's Wager?" he asked

Yeah, Pascal's Wager. I could use the official church jargon to explain why it is a retarded bet, akin to playing Russian Roulette (it's also a lot less exciting than Russian Roulette, I imagine). Instead, I argued with reason. "Religious people waste their entire lives praying and bowing and hoping things will happen. I make things happen, because I know that only people can make things happen. That is the fallacy of Pascal. Hope."

So today, I put my money where my mouth is. One of Laura's co-workers, Pablo, is from Chilé. His brother lives in a small town outside of Concepcion, as close to the epicenter of today's quake as possible. Pablo can't reach anyone in his family (most of his family lives near Santiago). I decided to donate my last paycheck to the Red Cross. Yeah, I probably can't afford it right now. I'm no saint, either. But money, more than prayers (or even yoga mats), is what folks in Haiti and Chile need right now.