We Keep Coding

Can't activate a USB HID Device on BeagleBoneBlack

Background:
I'm trying to figure out how to use ConfigFS to set up an HID device on BeagleBoneBlack.
I found the following example (www.isticktoit.net/?p=1383) on the web and tried it. The sample runs on a Raspberry Pi Zero. However, the sample does not work on my BBB. The following is the script that I wrote and which is executed as root. The script attempts to define a keyboard hid device.
#!/bin/bash
cd /sys/kernel/config/usb_gadget/
modprobe libcomposite
modprobe usb_f_hid
mkdir -p isticktoit
cd isticktoit
echo 0x1d6b > idVendor # Linux Foundation
echo 0x0104 > idProduct # Multifunction Composite Gadget
echo 0x0100 > bcdDevice # v1.0.0
echo 0x0200 > bcdUSB # USB2
mkdir -p strings/0x409
echo "fedcba9876543210" > strings/0x409/serialnumber
echo "Tobias Girstmair" > strings/0x409/manufacturer
echo "iSticktoit.net USB Device" > strings/0x409/product
mkdir -p configs/c.1/strings/0x409
echo "Config 1: ECM network" > configs/c.1/strings/0x409/configuration
echo 250 > configs/c.1/MaxPower
# Add functions here
pwd
mkdir -p functions/hid.xyz
echo 1 > functions/hid.xyz/protocol
echo 1 > functions/hid.xyz/subclass
echo 8 > functions/hid.xyz/report_length
echo -ne \\x05\\x01\\x09\\x06\\xa1\\x01\\x05\\x07\\x19\\xe0\\x29\\xe7\\x15\\x00\\x25\\x01\\x75\\x01\\x95\\x08\\x81\\x02\\x95\\x01\\x75\\x08\\x81\\x03\\x95\\x05\\x75\\x01\\x05\\x08\\x19\\x01\\x29\\x05\\x91\\x02\\x95\\x01\\x75\\x03\\x91\\x03\\x95\\x06\\x75\\x08\\x15\\x00\\x25\\x65\\x05\\x07\\x19\\x00\\x29\\x65\\x81\\x00\\xc0 > functions/hid.xyz/report_desc
ln -s functions/hid.xyz configs/c.1/
# End functions
ls /sys/class/udc > UDC
The error that I get is "ls: write error: Devicew or resource busy".
I am running Debian Jessie - Linux version 4.4.9-ti-r25
I did an lsmod and libcomposite and usb_f_hid are loaded.
The usb device controller, musb-hdrc-0.auto, is loaded.
Questions:
How can I tell which device is busy?
Where can I find the USB configfs defect bug list for BBB.
Is there a logging file and enabling parameter that would give me a clue as to what is happening?
Thanks for any help
David Glaser

The problem you are likely having with the beaglebone black is the cdc_acm driver. It is difficult to remove (well, not really now that I KNOW how to do it) if you don't know how because the steps aren't just laid out to find anywhere yet. I found this: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Phil-Polstra-One-device-to-Pwn-them-all.pdf
which led me to the following solution
#!/usr/bin/env bash
function checkModule(){
MODULE="$1"
if lsmod | grep "$MODULE" &> /dev/null ; then
echo "$MODULE" found.
return 0
else
echo "$MODULE" not found.
return 1
fi
}
if which 'systemctl' | grep "systemctl" &> /dev/null ; then
systemctl stop serial-getty#ttyGS0.service >/dev/null
fi
if checkModule "g_serial" == 0; then
modprobe -r g_serial
fi
if checkModule "usb_f_acm" == 0; then
modprobe -r usb_f_acm
fi
if ! checkModule "libcomposite" == 0; then
modprobe libcomposite
fi
basically, it stops the serial-getty service which allows you to remove the g_serial device and then this allows you to remove usb_f_acm. This in turn removes the libcomposite device, which you actually want to keep. Once this is done, you can likely do all the things you needed to do. I got a nice HID keyboard working this way (well, okay I guess its a KeygleBone Black now)... It is pretty dirt simple once you understand ALL of the pieces, but I'm having a little trouble tearing my device back down. I might not need to eventually, but I'd like to be able to do that and it seems that certain directories cannot be removed (namely the "strings" directories that I've created). This means I can't really fully tear down the device, but maybe I only need to:
echo "" > /sys/kernel/config/usb_gadget/my_gadget/UDC
to actually tear it down. I haven't worked that part out yet. There are also some C libraries, but I've got a bunch of python scripts that I want to use and I don't yet have python wrappers for those. But that probably isn't too much work.
I didn't want to forget to mention, that I tried to throw the above script into rc.local so the beaglebone black I am using would be "HID ready" on boot. There are probably better locations and methods to do this, but I just wanted to use rc.local because the above is a script, rc.local is a script, it should run on boot... But it doesn't... You have to make sure to make rc.local runable ( chmod 755 /etc/rc.local ) as well as modifying the default shell it wants to run (well, it always runs bash, but its method for running bash is the "POSIX" method, and that doesn't seem to work, so you have to force it to run bash in non-POSIX mode with:
#!/usr/bin/bash
Again, there are probably other better methods (I was lazy here and, well, I'm just old school), especially if your device is going to be an IoT device or anything linked to the net, so you might want to consider something else if you need this script to run on boot.
I did stupidly leave out one thing: I made sure the beaglebone black doesn't present its usual "disk" portion as well. I would put the details here, but frankly, those I'd have to track back down. I basically googled around for how to disable the beaglebone black disk. It isn't hard and amounted to me moving some file to another name so it doesn't find the "USB disk" configuration on boot. You can also change a line in the uboot config somewhere I believe, but I didn't really want to do that.
Found the file: /var/local/bb_usb_mass_storage.img
Well, it might be bbg_usb_mass_storage.img if it is a beaglebone green, but I just moved this file so it wouldn't present the mass storage device. That should allow you to do what you want.

regenerating certificates hangs on windows 7

I'm a total docker newbie and tried to get it working on my windows 7 64-bit machine.
The installation went okay, but the "Docker Quickstart Terminal" will not start up as expected. It seems to hang when trying to create the SSH key:
(default) Downloading https://github.com/boot2docker/boot2docker/releases/download/v
(default) 0%....10%....20%....30%....40%....50%....60%....70%....80%....90%....100%
(default) Creating VirtualBox VM...
(default) Creating SSH key...
Error creating machine: Error in driver during machine creation: exit status 1
Looks like something went wrong... Press any key to continue...
so I tried to regenerate the certificates in a cmd window and also this does not work:
>docker-machine regenerate-certs default
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Detecting the provisioner...
OS type not recognized
I've tried to deactivate my virus scanner and execute the cmd windows as admin without success.
Any ideas what to check? Are there any interesting logfiles?
here's the docker version output:
Client:
Version: 1.9.1
API version: 1.21
Go version: go1.4.3
Git commit: a34a1d5
Built: Fri Nov 20 17:56:04 UTC 2015
OS/Arch: windows/amd64
An error occurred trying to connect: Get http://localhost:2375/v1.21/version: dial tcp 127.0.0.1:2375:
ConnectEx tcp: No connection could be made because the target machine actively refused it.

If you don't have hyper-v activated (that is more a Windows 10 issue), and if your BIOS VT-X/AMD-v is enabled, then something else went wrong.
If docker-machine ls still lists the default machine, delete it: docker-machine rm default.
If you had (previous to your docker-toolbox installation) a VirtualBox already installed, try and:
uninstall completely VirtualBox
in C:\Windows\system32\drivers\, find and delete these five files (there may be less left, that is ok, delete them anyway):
vboxdrv.sys,
vboxnetadp.sys,
vboxnetflt.sys,
vboxusbmon.sys,
vboxusb.sys.
in regedit, key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\, delete these 5 folders (there may be less left, that is ok, delete them anyway):
VBoxDrv,
VBoxNetAdp,
VBoxNetFlt,
VBoxUSBMon,
VBoxUSB.
Then reinstall the latest VirtualBox.
Make sure:
you have the latest docker-machine copied somewhere in your PATH (the 0.5.3 has been released 22 hours ago: releases/download/v0.5.3/docker-machine_windows-amd64.exe).
%HOME% is defined (typically to %HOMEDRIVE%%HOMEPATH%)
From there, try manually to recreate the default machine like the quick-start script did:
docker-machine create -d virtualbox --virtualbox-memory 2048 --virtualbox-disk-size 204800 default
eval $($DOCKER_MACHINE env my_new_container --shell=bash)
docker-machine ssh my_new_container

I've now tried to create a Linux VM directly in VirtualBox and start it from there: also gets some time-out. So I think it's not related to docker.
I've found a VirtualBox bug-report that says, that this can happen when you have Avira installed.
Here's a discussion about the issue on the Avira forum - unfortunatly mostly in German.
One paragraph indicates that it may help to deactivate "Advanced process protection":
Configuration -> General -> Security and disable the option "Advanced
process protection". Click "Apply" and restart the device. You should
be able to run your VM in VirtualBox after that.
In my case this does not help, so I'll need to wait for a fix or completely uninstall Avira.

(defualt) DBG | Getting to WaitForSSH function...
(defualt) DBG | Using SSH client type: external
(defualt) DBG | &{[-F /dev/null -o PasswordAuthentication=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none docker#127.0.0.1 -o IdentitiesOnly=yes -i C:\Users\Ming.docker\machine\machines\defualt\id_rsa -p 58549] C:\Program Files\OpenSSH\bin\ssh.exe }
(defualt) DBG | About to run SSH command:
(defualt) DBG | exit 0
(defualt) DBG | SSH cmd err, output: exit status 255:
(defualt) DBG | Error getting ssh command 'exit 0' : Something went wrong running an SSH command!
(defualt) DBG | command : exit 0
(defualt) DBG | err : exit status 255
(defualt) DBG | output :

Is there a workaround for: "dtrace cannot control executables signed with restricted entitlements"?

It looks like in OS X 10.11 El Capitan, dtruss and dtrace can no longer do what they're meant to do. This is the error I get when I try to run sudo dtruss curl ...:
dtrace: failed to execute curl: dtrace cannot control executables signed with restricted entitlements
I've come across people noticing this problem but so far no solutions.
Is there a way to fix this or work around this?

Following up to Alexander Ushakov and Charles' answers:
Once you csrutil enable --without dtrace, there is an alternative to copying the binary: run the binary in one Terminal window and trace the Terminal process itself in another Terminal window.
In the first terminal window, find its PID:
$ echo $$
1154
In the second terminal window, begin the trace:
$ sudo dtruss -p 1154 -f
Back, in the first terminal window, run the process you want to trace:
$ ls
At this point, you should see the trace in the second window. Ignore the entries for the PID you are tracing (e.g., 1154), and the rest are for the process (and its descendants) you are interested in.
1154/0x1499: sigprocmask(0x3, 0x7FFF53E5C608, 0x0) = 0x0 0
1154/0x1499: sigprocmask(0x1, 0x7FFF53E5C614, 0x7FFF53E5C610) = 0x0 0
3100/0xa9f3: getpid(0x7FFF82A35344, 0x7FFF82A35334, 0x2000) = 3100 0
3100/0xa9f3: sigprocmask(0x3, 0x10BE32EF8, 0x0) = 0x0 0

For those who want to dtrace system shipped binary after csrutil disable, copyit to a directory that is not "restricted", for example, /tmp
CC#~ $ csrutil status
System Integrity Protection status: disabled.
CC#~ $ cp /bin/echo /tmp
CC#~ $ sudo dtruss /tmp/echo
SYSCALL(args) = return
thread_selfid(0x0, 0x0, 0x0) = 46811 0
csops(0x0, 0x0, 0x7FFF51B6CA20) = 0 0
issetugid(0x0, 0x0, 0x7FFF51B6CA20) = 0 0
shared_region_check_np(0x7FFF51B6A918, 0x0, 0x7FFF51B6CA20) = 0 0
stat64("/usr/lib/dtrace/libdtrace_dyld.dylib\0", 0x7FFF51B6BEA8, 0x7FFF51B6CA20 = 0 0
See #J.J's comment: https://apple.stackexchange.com/questions/208762/now-that-el-capitan-is-rootless-is-there-any-way-to-get-dtrace-working/224731#224731

As Andrew notices it's because of System Integrity Protection, also known as "rootless".
You can disable it completely or partially (enable just dtrace with some limitations).
Completely disable SIP
Although not recommended by Apple, you can entirely disable System
Integrity Protection on you Mac. Here's how:
Boot your Mac into Recovery Mode: reboot it and hold cmd+R until a progress bar appears.
Go to Utilities menu. Choose Terminal there.
Enter this command to disable System Integrity Protection:
$ csrutil disable
It will ask you to reboot — do so and you're free from SIP!
Partially disable SIP
Fortunately, SIP is not monolithic: it's built from many different
modules we can disable/enable separately.
Repeat steps 1 and 2 from «Completely disable SIP» section above. Now
in Terminal enter these commands:
$ csrutil clear # restore the default configuration first
$ csrutil enable --without dtrace # disable dtrace restrictions *only*
Reboot and enjoy your OS again.
Dtrace starts to work but you're still unable to attach dtrace to restricted processes

I would post this as a comment but I'm not allowed.
Disabling SIP is not necessary. Just copy the binary to an alternate location and it works just fine:
$ sudo dtruss ping google.com
dtrace: system integrity protection is on, some features will not be available
dtrace: failed to execute ping: dtrace cannot control executables signed with restricted entitlements
$ sudo cp $(which ping) .
$ sudo dtruss ./ping google.com
dtrace: system integrity protection is on, some features will not be available
SYSCALL(args) = return
PING google.com (172.217.10.78): 56 data bytes
^C
$ csrutil status
System Integrity Protection status: enabled.
For binaries that can still function normally after being copied, this is the best option as it captures the entire lifetime of the process and doesn't require disabling any protections.

Looks like completely disabling SIP still blocks dtruss for restricted processes:
$ /usr/bin/csrutil status
System Integrity Protection status: disabled.
$ sudo dtruss /bin/echo "blah"
dtrace: failed to execute /bin/echo: dtrace cannot control executables signed with restricted entitlements
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.11.2
BuildVersion: 15C50

See my answer on related question "How can get dtrace to run the traced command with non-root priviledges?" [sic].
DTrace can snoop processes that are already running. So, start a background process which waits 1sec for DTrace to start up (sorry for race condition), and snoop the PID of that process.
sudo true && \
(sleep 1; ps) & \
sudo dtrace -n 'syscall:::entry /pid == $1/ {#[probefunc] = count();}' $! \
&& kill $!
Full explanation in linked answer.

Is there a way to configure PuTTY or other terminal to flash the taskbar on next output to stdout?

I'm specifically looking for a solution for PuTTY but also interested for other terminal emulators, like Gnome Terminal.
My thought is it would be useful if I start a tar zxvf to be able to set a trigger on the terminal emulator, minimize it, and on next output to stdout/stderr I get a notification in the task bar that the command has finished.

This works for me:
echo -e "\a"
Then update your PuTTY session to use the Visual Bell, and set "Taskbar/caption indication on bell" to Flashing or Steady.
Then run this command after your tar completes:
tar xvzf file ; echo -e "\a"
Here is a screenshot: Save these settings as the default settings and/or the sessions' settings you have

Cannot execute commands on Windows server over SSH session with Plink

I am trying to use Plink for running commands on remote server. Both, local & remote machine are Windows. Though I am able to connect to the remote machine using Plink, i am not able to use the '-m file' option. I tried the following three ways but to no avail:
Try 1:
plink.exe -ssh -pw mypwd john.doe#server -m file.txt
Output:
Could not chdir to home directory /home/john.doe: No such file or directory
dir: not found
'file.txt' only contains one command i.e., dir
Try 2:
plink.exe -ssh -pw mypwd john.doe#server dir
Output:
Could not chdir to home directory /home/john.doe: No such file or directory
dir: not found
Try 3:
plink.exe -ssh -pw mypwd john.doe#server < file.txt
In this case, I get the following output:
Using username "john.doe".
****USAGE WARNING****
This is a private computer system. This computer system, including all
..... including personal information, placed or sent over this system
may be monitored.
Use of this computer system, authorized or unauthorized, constitutes consent
... constitutes consent to monitoring for these purposes.
dirCould not chdir to home directory /home/john.doe: No such file or directory
Microsoft Windows [Version x.x.xxx]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Program Files\OpenSSH>
After I get the above prompt, it hangs. Any help in this regard?

It seems like plink -m is working fine: the commands from file.txt are being sent to the server.
However, your SSH server is running a shell (probably bash because OpenSSH for Windows uses Cygwin) that does not understand the commands you are using, like move and dir. Because bash implements its own versions of those commands (mv and ls, respectively). As you discovered, you need to run cmd.exe /C out of the Windows directory for your SSH server to correctly interpret the meaning of your commands. The other option is to use the bash versions of the commands directly.

This is working now.
plink -ssh -pw xxx john.doe#server cmd.exe /c move c://sample//jd//file.txt c://test//

You are using OpenSSH over Cygwin on your Windows server.
The Cygwin emulates Unix environment on Windows.
So you have to use Unix, not Windows commands (e.g. mv not move or rename)
And you need to use Unix-like paths, not Windows paths (forward slashes in particular).
Moreover, your server seems wrongly configured.
Could not chdir to home directory /home/john.doe: No such file or directory
This is likely an incorrectly configured account. The error is not related to the commands you are executing.