Dobrica Pavlinušić's random unstructured stuff
USB armory Mk II: Revision 18


Wiki which claims that there is binary release for Mk II is lying. You have to compile your own.

https://github.com/inversepath/usbarmory-debian-base_image

dpavlin@klin:~/usb-armory/usbarmory-debian-base_image$ ls -al usbarmory-mark-two-debian_stretch-base_image-20191013.raw
-rw-r--r-- 1 root root 3670016000 Oct 13 13:30 usbarmory-mark-two-debian_stretch-base_image-20191013.raw

dpavlin@nuc:/mnt/klin/home/dpavlin/usb-armory/usbarmory-debian-base_image$ dd if=usbarmory-mark-two-debian_stretch-base_image-20191013.raw of=/dev/sdb bs=1M

dpavlin@nuc:~$ dmesg
[764607.538898] usb 2-1: new high-speed USB device number 34 using xhci_hcd
[764607.689068] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a2, bcdDevice= 4.19
[764607.689078] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[764607.689082] usb 2-1: Product: RNDIS/Ethernet Gadget
[764607.689100] usb 2-1: Manufacturer: Linux 4.19.78-0 with 2184000.usb
[764607.900916] cdc_subset: probe of 2-1:1.0 failed with error -22
[764607.902622] cdc_subset 2-1:1.1 usb0: register 'cdc_subset' at usb-0000:00:14.0-1, Linux Device, ae:47:47:81:a0:a4
[764607.902666] usbcore: registered new interface driver cdc_subset
[764607.902711] cdc_ether: probe of 2-1:1.0 failed with error -16
[764607.902732] usbcore: registered new interface driver cdc_ether
[764607.914234] cdc_subset 2-1:1.1 enp0s20u1i1: renamed from usb0

dpavlin@nuc:~$ sudo ifconfig enp0s20u1i1 10.0.0.2 netmask 255.255.255.0

dpavlin@nuc:~$ sudo iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

dpavlin@nuc:~$ ssh usbarmory@10.0.0.1
# password is usbarmory

usbarmory@usbarmory:~$ uname -a
Linux usbarmory 4.19.78-0 #1 PREEMPT Sun Oct 13 11:05:18 UTC 2019 armv7l GNU/Linux
usbarmory@usbarmory:~$ cat /proc/cpuinfo
processor	: 0
model name	: ARMv7 Processor rev 5 (v7l)
BogoMIPS	: 109.09
Features	: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt vfpd32 lpae
CPU implementer	: 0x41
CPU architecture: 7
CPU variant	: 0x0
CPU part	: 0xc07
CPU revision	: 5

Hardware	: Freescale i.MX6 Ultralite (Device Tree)
Revision	: 0000
Serial		: 0000000000000000
usbarmory@usbarmory:~$ free
              total        used        free      shared  buff/cache   available
Mem:         512204       25588      436744        7624       49872      467984
Swap:             0           0           0


boot select switch

Switch near sdcard select booting from emmc or microsd (silkscreen is somewhat poor, but by default bafore removing sticker it will boot from sdcard)

If it's closer to sdcard, it will boot from sdcard

image delivered on device

Password for image delivered with device is not usbarmory (?)

In fact, it doesn't have usbarmory user in /etc/passwd, but has it in /etc/shadow, go figure!

root@usbarmory:/# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
_apt:x:104:65534::/nonexistent:/bin/false
messagebus:x:105:108::/var/run/dbus:/bin/false
sshd:x:106:65534::/run/sshd:/usr/sbin/nologin
interlock:x:1000:1000::/home/interlock:/bin/bash
lcars:x:1001:1001::/home/lcars:/bin/bash

root@usbarmory:/# cat /etc/shadow
root:*:18068:0:99999:7:::
daemon:*:18068:0:99999:7:::
bin:*:18068:0:99999:7:::
sys:*:18068:0:99999:7:::
sync:*:18068:0:99999:7:::
games:*:18068:0:99999:7:::
man:*:18068:0:99999:7:::
lp:*:18068:0:99999:7:::
mail:*:18068:0:99999:7:::
news:*:18068:0:99999:7:::
uucp:*:18068:0:99999:7:::
proxy:*:18068:0:99999:7:::
www-data:*:18068:0:99999:7:::
backup:*:18068:0:99999:7:::
list:*:18068:0:99999:7:::
irc:*:18068:0:99999:7:::
gnats:*:18068:0:99999:7:::
nobody:*:18068:0:99999:7:::
systemd-timesync:*:18068:0:99999:7:::
systemd-network:*:18068:0:99999:7:::
systemd-resolve:*:18068:0:99999:7:::
systemd-bus-proxy:*:18068:0:99999:7:::
_apt:*:18068:0:99999:7:::
messagebus:*:18068:0:99999:7:::
sshd:*:18068:0:99999:7:::
usbarmory:$6$rcyB4m4EPv$udqWloCZH/Av1IkJVuZHyWMhw/fYkhLGevlo17C3x6qMemSHUmPPAQrvc0SaY.yWVIIU0ADL0g54MZmidcxFn.:18068:0:99999:7:::
lcars:$6$iFljmotV$gnK66oZpz7BD3BqlFpPWoY/Q1tey8in75868neosxypKswjSoNDQotiMBZ9hh.vQBDyltA08z2Vji/QjElv4g.:18072:0:99999:7:::
interlock:!:18072:0:99999:7:::

After adding usbarmory account, running apt upgrade (since image has old kernel) device isn't bootable any more (at least it's not detected by host in which it's plugged in).

Let's try to rebuild image for emmc and flash it.

Well, re-build fails with patches allready applied errors in linux source, so let's wipe it:

root@813046ba7c77:/opt/armory# rm -Rf linux-* u-boot-2019.07*

root@813046ba7c77:/opt/armory# make all V=mark-two IMX=imx6ull BOOT=eMMC -j 8

pads on board

documentation again claims that schematics is available, but it isn't for mk2

https://github.com/inversepath/usbarmory/tree/master/hardware

from changelog thouse pads might be jtag (since it's enabled in u-boot), but without schematics who knows...

sdcard vs emmc speed

root@usbarmory:/mnt/klin/home/dpavlin/usb-armory/usbarmory-debian-base_image# hdparm -Tt /dev/mmcblk[01]

/dev/mmcblk0: # -- sdcard
 Timing cached reads:   664 MB in  2.00 seconds = 331.99 MB/sec
 Timing buffered disk reads:  34 MB in  3.03 seconds =  11.21 MB/sec

/dev/mmcblk1: # -- emmc
 Timing cached reads:   716 MB in  2.00 seconds = 357.40 MB/sec
 Timing buffered disk reads: 128 MB in  3.04 seconds =  42.17 MB/sec

community

https://groups.google.com/forum/#!forum/usbarmory

https://hackaday.com/2019/09/29/usb-armory-mkii-a-usb-c-thumb-drive-based-linux-computer-for-pentesters/

led heartbeat off

https://photos.app.goo.gl/rRrzfbbs4GGjt3ePA

very bright and annoying in dark room

sbarmory@usbarmory:/sys/class/leds/LED_WHITE$ cat trigger
none kbd-scrolllock kbd-numlock kbd-capslock kbd-kanalock kbd-shiftlock kbd-altgrlock kbd-ctrllock kbd-altlock kbd-shiftllock kbd-shiftrlock kbd-ctrlllock kbd-ctrlrlock mmc0 mmc1 cpu cpu0 [heartbeat]

root@usbarmory:/sys/devices/soc0/leds/leds/LED_WHITE# echo none > trigger