USB Armory Hangs with flashing light

This forum is for discussion about general software issues.

USB Armory Hangs with flashing light

Postby echoblack » Thu Aug 03, 2017 2:26 am

Hello,

I followed the "Install" instructions on the following page word for word 3 times using 2 different USB Armory devices.

https://archlinuxarm.org/platforms/armv ... usb-armory

1. I then put the SD Card into the USB armory
2. I disconnect my Arch Linux laptop from my home network because it also uses the 10.0.0.0/24 network
3. I open terminal on Arch Linux laptop and run the command `dmesg -w`
4. I plugged the USB Armory into my Arch Linux laptop
5. I see the dmesg message "cdc_ether 2-2:1.0 enp0s20u2: renamed from usb0" followed by three lines of "cdc_ether 2-2:1.0 enp0s20u2: kevent 12 may have been dropped"
6. The USB Armory now has it's LED going "blink, blink, blink"
7. I then run the command `ip addr add 10.0.0.1/24 dev enp0s20u2`
8. I then see the dmesg message "IPv6: ADDRCONF(NETDEV_UP): enp0s20u2: link is not ready" followed by one line of "cdc_ether 2-2:1.0 enp0s20u2: kevent 12 may have been dropped"
9. The USB Armory still has it's LDE going "blink, blink, blink"
10. I then run the command `ping 10.0.0.1`
11. I then get the response that the destination is unreachable


This happens with both of my USB Armory devices. I am following the instructions to the letter, and not modifying anything in the default install .tar.gz. The fact that the LED just goes "blink, blink, blink" makes me think it is not booting correctly, however the USB Ethernet devices is being activated so the Linux kernel _must_ be being successfully loaded?

What do you think could be going wrong?

I have no idea what could be the problem. It is almost like the image http://os.archlinuxarm.org/os/ArchLinux ... est.tar.gz may be broken.
echoblack
 
Posts: 5
Joined: Thu Aug 03, 2017 2:03 am

Re: USB Armory Hangs with flashing light

Postby echoblack » Thu Aug 03, 2017 5:30 am

The usb networking device has status

$this->bbcode_second_pass_code('', '<NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000')

I have the exact same problem with the Void Linux image.

It works perfectly fine with the Debian image, but I really don't like Debian.
echoblack
 
Posts: 5
Joined: Thu Aug 03, 2017 2:03 am

Re: USB Armory Hangs with flashing light

Postby inversepath » Fri Aug 04, 2017 2:17 pm

Your USB armory is working correctly.

The blinking LED means the device is up and running and operational.

The error is that your network configuration is incorrect.

Please take a look at the following page: https://github.com/inversepath/usbarmor ... munication

You should assign 10.0.0.2 to your host-side network interface and *not* 10.0.0.1, which is the USB armory address.

Cheers
inversepath
 
Posts: 2
Joined: Fri Aug 04, 2017 2:15 pm

Re: USB Armory Hangs with flashing light

Postby echoblack » Fri Aug 04, 2017 8:47 pm

The USB Networking instructions found in the "Installation" section needs to be removed, because the ArchlinuxARM base tarball dose _not_ setup USB Networking.

https://archlinuxarm.org/platforms/armv ... usb-armory


The only way to access it is via the ttyACM0 serial interface. I can then connect to that with `minicom` configured for `115200 8N1` on the `ttyACM0` interface. Then I can login with `root root` and configure networking on the `usb0` interface.
Last edited by echoblack on Sat Aug 05, 2017 12:04 am, edited 3 times in total.
echoblack
 
Posts: 5
Joined: Thu Aug 03, 2017 2:03 am

Re: USB Armory Hangs with flashing light

Postby WarheadsSE » Fri Aug 04, 2017 8:53 pm

I'll have to confirm that. It _should_ have that up and configured, though it may have changed.

Do you have the USB serial (ACM0) once it boots?
Core Developer
Remember: Arch Linux ARM is entirely community donation supported!
WarheadsSE
Developer
 
Posts: 6807
Joined: Mon Oct 18, 2010 2:12 pm

Re: USB Armory Hangs with flashing light

Postby echoblack » Fri Aug 04, 2017 8:58 pm

@WarheadsSE

Nope, after using the ttyACM0 interface I can 100% confirm that there is nothing which would configure USB-CDC networking. That part needs to be removed from the installation instructions.
echoblack
 
Posts: 5
Joined: Thu Aug 03, 2017 2:03 am

Re: USB Armory Hangs with flashing light

Postby echoblack » Mon Aug 07, 2017 4:33 am

I've got my USB Armory all setup as a hardware security token with ArchlinuxARM

I came to the realization that melting the enclosure together prevents anyone from having direct access to the SDCard or GPOI pins and implanting keylogger/malware without me knowing. Basically, it is "tamper evident", so it dose not really matter that Secure Boot is hacked as long as the crypto is good.

This is better then a smart card, because the key can be read off of a smart card with an electron microscope if someone has physical access.

I have it setup so when I plug it into my laptop, the gpg-agent and ssh-agent sockets are forwarded to my laptop by ssh'ing into the armory using the OpenSSH UNIX Socket forwarding by using the "-L" flag a couple of times. My password manager is encrypted with gpg, so the gpg-agent socket forwarding (and the fact I have a copy of it on the armory) effectively makes this my secure password manager too.

I also recompiled GnuPG 2 with the --enable-large-secmem flag so I could create Quantum Safe 8192 bit RSA keys (for use with my password manager & file encryption) with the `--enable-large-rsa --batch --generate-key` combo and a startpage search. Now my USB Armory is significantly more secure than my YubiKey; Open Hardware, Open Sofware, 8192 RSA, ed25519, Bitcoin, Modero, and physical access will not result in malware and require the attacker to breake 2 AES 256 keys (30+ char pass) in order to decrypt any files.

I've also configured DHCP server on the armory so when I pug it into my laptop it automatically setups up the networking.
echoblack
 
Posts: 5
Joined: Thu Aug 03, 2017 2:03 am

Re: USB Armory Hangs with flashing light

Postby inversepath » Mon Aug 07, 2017 8:34 am

The Arch Linux image should configure USB networking, the statement that "there is nothing which would configure" it is incorrect.

So it's either not working in your case for some reason or got buggy in latest images, I just downloaded the latest .tar.gz and I can see:

/etc/systemd/network/gadget-deadbeef.network:
$this->bbcode_second_pass_code('', '
# systemd-networkd .network profile for gadget-deadbeef
[Match]
Name=usb0
MACAddress=de:ad:be:ef:00:01

[Network]
Address=10.0.0.1/24
Gateway=10.0.0.2
DNS=8.8.8.8
')

/etc/modules-load.d/gadget-deadbeef.conf:
$this->bbcode_second_pass_code('', '
# load the g_cdc module to get ethernet and serial (GS0 on device, ACM0 on host)
g_cdc
')

/etc/modprobe.d/gadget-deadbeef.conf:
$this->bbcode_second_pass_code('', '
# set a dev_addr to the ethernet of g_cdc, so we know to apply the right systemd-networkd profile.
options g_cdc dev_addr=de:ad:be:ef:00:01 iManufacturer="gadget-deadbeef"
')

On my Arch Linux installation this is what sets up the USB armory network on the device side.
inversepath
 
Posts: 2
Joined: Fri Aug 04, 2017 2:15 pm


Return to General

Who is online

Users browsing this forum: No registered users and 9 guests