preface

In the campus network, community network and other environments, the operator's optical cat is usually remotely managed by the Technical Report - 069 (TR069) and the remote maintenance system (RMS). These systems will modify your optical cat configuration without your knowledge, or even reset your optical cat without your knowledge, leading to the failure of your network configuration, or even the loss of all devices. Therefore, it is necessary to shield these remote management mechanisms.

However, unfortunately, the new version of Optical Cat has already fixed all vulnerabilities that can delete TR069 and RMS, including but not limited to:

• It is impossible to delete TR069 directly through the panel
• It is impossible to delete TR069 or modify the configuration of the interface in a disguised way by F12 or by changing the package or contracting
• The configuration of RMS is dead. It is impossible to disable or modify RMS by modifying the configuration file
• There is no loophole or back door that can open Telenet without dismantling the machine
• You can't even disassemble the Telenet, because uart_en=0

This article will introduce a new idea: Intentionally create IP collision The access to the RMS service is abnormal, so that the optical cat can not pull the remote configuration normally. This method can not only prevent the configuration from being modified remotely, but also prevent the office from modifying the password of your optical cat super administrator, so as to achieve the consolidation of permissions This question I raised in V2EX 。

Click Read Full Text →

The system recovery mechanism enabled by Windows by default creates shadow copies on a regular basis, usually when software and system updates are installed or uninstalled. Volume Shadow is actually what we often refer to as "snapshot" on Linux. It provides us with a view of the status of the file system at a certain point in time by using the copy on write (CoW) mechanism. By using this view, we can retrieve data that has been accidentally deleted or overwritten recently, and it can also be used in some electronic forensics scenarios. In fact, system recovery is achieved by using the snapshot mechanism to restore files to a previous state.

be careful: Because the shadow copy has a serious bug, This method is not reliable ！ The retrieved file data may be incomplete or need to be manually spliced. This method is only used in emergencies or evidence collection scenarios, and should not be used as a substitute for backup software.

prerequisite: System recovery is not disabled, the file system is NTFS, and there are available system recovery restore points

The file system views at these past points in time can be accessed by linking the shadow copy to the regular disk partition using soft links.

Click Read Full Text →

Once the WireGuard tunnel is established, the domain name will not be re resolved. Once the IP address of the server changes, the tunnel will be broken.

As of the final revision of the article, WireGuard has not provided the dynamic DNS resolution (DDNS) client script under Windows. So if you want to implement it, if you want to use WireGuard under Windows to change the IP domain name frequently, you must write a dynamic DNS resolution script yourself.

I am based on Scripts on the Web A magic change has been made, adding the following features:

• Only enabled WireGuard tunnels will be processed, and unopened tunnels will not be processed
• It can be installed as a service with built-in delay function
• Add various judgment conditions and error handling for error correction

Click Read Full Text →

background

Generally speaking, if we divide another network segment, traffic needs to be routed through the gateway. For example, the LAN segment is 172.20.0.0/24 , and then we created a virtual machine 172.20.1.0/24 Network segment, where the IP address of the network card of the PVE server is 172.20.0.3 To enable LAN devices to directly access the IP segment of the virtual machine 172.20.1.0/24 , you need to add a static route on the gateway device, pointing to 172.20.1.0/24 , as shown in the figure below.

Admittedly, this allows LAN devices to directly access the IP segment of the virtual machine without setting a proxy, but it has one disadvantage: All traffic accessing the virtual machine needs to be processed by the gateway ！ This causes the CPU load of the gateway to become higher, and the network bandwidth of the gateway will also be occupied by the traffic of the intranet accessing the virtual machine.

Note that the IP address of the network card of the PVE server is 172.20.0.3 , and the LAN are on the same network segment. Is there any way to directly access the LAN devices 172.20.1.0/24 Segment, direct arrival 172.20.0.3 Instead of going through the gateway?

The answer is yes, that is Static route active push 。 This function can be set directly on LUCI on OpenWRT, and can be modified on other Linux distributions /etc/dnsmasq.conf To achieve.

Click Read Full Text →

symptom : When opening the video/picture folder, it will be stuck in the "Loading" interface for a long time, or directly stuck. At this time, open the Task Manager and observe that explorer.exe The CPU utilization rate of is very high, and some disks are used.

At first, I thought I put the video and picture folders in OneDrive, but the problem still exists after moving the folders out of OneDrive. Later, it was accidentally observed that there was no such problem when opening this folder on the library, so it was doubted whether it was due to sorting/grouping.

resolvent : Right click the folder, select Sort ->None, and then select Group By ->None. The problem is solved.

The root cause of this problem is that we use the attribute that needs to read the EXIF of the image and the video file itself for sorting. Explorer needs to open all files in this directory (for example, for photos, it needs to look for EXIF), find the required information, and then display it after sorting. If we select "None", we do not need to read the file itself, but display it directly.

Of course, in this case, the grouping will disappear? So is there any alternative? The answer is yes. The root cause of this problem is that we use the attributes that need to read the image EXIF and the video file itself to sort. Then we can use the attributes supported by the file system itself to sort. For example, for "date" (the date is the EXIF date of the photo, and the file needs to be read), we can use "modification date" to sort (the modification date is the file writing time of the file system), so that the file itself does not need to be read. Of course, the two are not completely equivalent, but in general, they are the same.

Click Read Full Text →

Particular attention : Reproduction in any form is prohibited!

This driver can solve the problem of Bluetooth audio encoder like Windows shit, and provide Bluetooth LDAC audio encoder support under Windows to headphones that support Sony LDAC protocol. Personal cracking version, not the latest version The function is not bad anyway. The authorization mechanism of the new version has been changed, but I have been working on a paper recently, so I don't have time to study it. If I'm interested, I can study it by myself (it doesn't work anyway 🤣）。

be careful ：

• LDAC has high requirements for Bluetooth signals. For example, my laptop's own LDAC 990Kbps energy card for Bluetooth can be used to buy an external USB Bluetooth card.
• If you think that LDAC causes too high delay when playing games, you can switch to SBC encoder in its panel.
• Since the modified driver has no signature, most competitive games with anti cheating will refuse to start (basically, they can't play except CSGO). Some games will refuse to start even when the driver is only installed but not loaded (name and criticize Battlefield 2042). Therefore, if there is a need to play competitive games, it is not recommended to use any cracking version.

Click Read Full Text →

After an unexpected power failure and restart, it was found that Qunhui indicated that the hard disk was damaged, but actually the hard disk was still normal, S M. The A.R.T. status is also good, but data cannot be written. The system status is reported as "serious", and Qunhui's program also refuses to work.

Let's treat the symptoms first and then the root cause.

Symptom: method of repairing storage space failure

1. Through SSH Direct login The root account. If it is not convenient to log in to root directly, execute:

    cd / sudo -i

   For the virtual machine Black Qunhui, if SSH hangs up, it's OK. Open it Pipeline mode Serial port connection of (for example \\. \pipe\dsm ）, and then use Putty or Xshell Run as administrator Connect the pipe.

2. Check the problematic storage pool, and you can see that sdc3 hinder [E] Indicates that he is in an error state:

 cat /proc/mdstat

Click Read Full Text →

This article will share some ideas about the campus network (WireGuard/SoftEther VPN Server based on UDP 53 port VPN three-layer white whoring, Socks 5 white whoring+scientific Internet access two in one four layer white whoring), that is, to use the campus network like ordinary users without spending a penny.

2023/2/23: Update the NAT command and L2TP method of each platform configuration, and introduce some infeasible ideas that can be abandoned directly according to the previous reply in the comment area

prerequisite

The ideas listed below all require the use of a campus network server as a transit. Therefore, a computer (raspberry pie also works) should be placed in a network environment (usually an office area or laboratory network) that can access the Internet without paying and certification; Or have the right to use any school server.

The overall idea is to find a place in the school to set up a server to transfer traffic

Various ideas

VPN three-layer white whoring based on UDP 53 port

principle : UDP 53 is the port used by the DNS protocol. In order to enable HTTP hijacking and jump to the login page, the portal authentication must enable the browser to perform DNS resolution normally. Therefore, the UDP 53 port traffic will also be released without authentication and payment.

characteristic ： No campus network authentication required , you do not need to purchase a campus network, and you do not need a campus network account. In addition, because VPN has encryption, it can overcome the defect that open Wi Fi network communication is not encrypted at all.

The two ideas listed below are Layer 3 (IP) VPN methods, which can forward all Layer 3 messages, so they support the ICMP protocol (ping can be used).

be careful : If you want to use UDP 53 port, the network you are on must not DNS hijacking If your network has DNS hijacking (for example, the "DNS Redirection" function under OpenWRT DHCP/DNS is DNS hijacking), this method will fail.

Implementation idea 1: WireGuard

I particularly recommend this scheme 。 WireGuard is a nearly stateless VPN protocol. It is zero sense when switching networks, and does not need to reconnect VPN. It is especially useful for computers that often sleep wake up. You can surf the Internet immediately after waking up. In addition, WireGuard is a pure kernel implementation on Linux and Windows operating systems, with extremely high performance.

method : Set up a wireguard server, and then the port listens on 53

There are many tutorials and one click packages for building Linux server. But if you want to build a Windows server, you must Read my previous article 。

shortcoming : The setup is really complicated. In addition, the configuration file is really obscure for people who do not understand the computer network

Click Read Full Text →

This article is divided into two sections, namely, how to use Hyper-V switches on Windows Support VLAN ； And how to use the Hyper-V switch function to create multiple virtual network cards Single line multi dial overlay network speed 。 You can only use the Hyper-V switch instead of the Hyper-V virtual machine, so this will not affect the performance of your computer. None of the above functions requires network card driver support.

design sketch:

ℹ️ Windows 10 is required to use Hyper-V features professional edition Or above, if you use the home version, you can disconnect the network Change Product Key , and then upgrade to the professional version in place through KMS server activation.

Click Read Full Text →

symptom

When using Android phones to make calls to some phone numbers, the operator automatically plays a video RBT, which causes the phone to automatically switch to a video call. However, due to some bugs, the phone automatically hangs up, and the call cannot be made

That is, when you make a call, a few seconds after the bell rings, you will be prompted that an operator video call is in progress, and then you will be prompted that the call is over. The other party can hear the ring for a short time.

Click Read Full Text →

In the era of the devaluation of undergraduate education, postgraduate study has become a daily topic. However, the cost of postgraduate examination is very high. Even if you do not participate in offline training classes or pure online courses, it often costs more than 10000 yuan. Just as my offline friends complained about my blog's too many technical articles How can there be so many? I really never write about complex technology Taking advantage of the fact that the admission notice is still hot, let's share how to take the postgraduate entrance examination with ultra-low cost today.

My expenses for postgraduate entrance examination:

What's more, there is no such low option in the questionnaire on postgraduate entrance examination expenses on Xuexin Online.

Click Read Full Text →

Ubuntu 21.10 has been defaulted part PipeWire is installed and used for WebRTC. We only need to install the Bluetooth audio encoder required by PipeWire and replace the default PulseAudio sound system to automatically enable LDAC/AAC/AptX support.

Click Read Full Text →

Problems to be solved

A virtual machine is running in a VMWare workstation. How can I bridge this virtual machine to a VLAN on the host's network?

Common usage scenarios

Single arm soft routing with only one network interface, and the host is Windows, the virtual machine software is VMware Workstation, and OpenWrt is run in the virtual machine

You need to use VLAN on one network port to realize PPPoE dialing on the virtual WAN port and Internet service on the virtual LAN port.

method

1. Download the corresponding VLAN setting software according to the brand of the host network card. Realtek and Intel network cards are known to provide such software. The software of Realtek network card is Realtek Ethernet Diagnostic Utility
2. The following takes the Realtek network card as an example. If your network card manufacturer does not provide VLAN setting software, please go directly to the end of the article
3. Set the VLAN number you want to use on the host, and the software will create a virtual network card. Remember the network card name and adapter name

Click Read Full Text →