Saturday, 9 June 2018

Draytek router hacks and odd DNS

This is quite a common thing when you work in IT, you hear about exploits, hacks and malware doing the rounds. In fact you get slightly immune to it over the years, you hear so much about it, so many hacks and general attacks going on you start to ignore it all as noise. Risky? Yes, but unfortunately part of the territory.

Well, I'm in such a situation, I've seen so many releases about exploits or denial of service to Cisco, HP, Windows, Linux, Android and various hardware that I now don't often read them or if I do it's glancing due to workload and lack of time! So it had to be the case I'd be bitten by that lack of attention.
In this particular case it's due to a Draytek exploit, but I didn't know that at first. The issue? My HIVE home heating system wasn't connecting to the outside world, so I couldn't control my heating/hot water remotely!
Not exactly earth shattering, but being a techie I had to figure it out. So I started looking at the units (rebooted them all, obviously!), checking why they couldn't talk, and nothing seemed right, they looked fine, I could see them on my local network.

So I went to plan-B, change the gateway of the hive hub in my house to my server IP and then sniff the traffic it was sending and receiving to see if that gave any clues.
After changing the gateway for the device in my DHCP server and restarting the service, I watched the logs to see the hive unit get a new IP to confirm it had moved.
I then started to see something odd, complaints about NAK and an alternative DHCP server giving replies. I checked the IP and it was my Draytek router.



Now on my network, the draytek router does very little, it does FTTC to Ethernet conversion, does the PPP auth and then sends all the raw public stuff to my server. So why it would be handling DHCP is an odd question.
A while back when having DSL issues I did temporarily use it for DHCP whilst BT checked out problems, but I was sure it was set back!
So checking the web interface for the Draytek it revealed it DID have DHCP enabled, and then I spotted an odd DHCP DNS server address.
38.134.121.95
What is that address, not one I recognised. The secondary was my normal secondary DNS but that primary was odd.

I simply switched DHCP off to let my server do the work, suddenly the HIVE started to work. So it looks like it was that DNS entry to blame. I decided to search for it and then all the security advisories came up! I've pasted a couple here for info:

https://www.bleepingcomputer.com/news/security/draytek-router-zero-day-under-attack/
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks
https://www.ispreview.co.uk/index.php/2018/05/dns-vulnerability-strikes-popular-draytek-broadband-isp-routers.html

Not good, so it appears somebody had hacked my router, switched DHCP back on and set this rogue DNS server. But it's an odd thing to do. You can glean a certain amount of information from this hack, you can see what websites are being visited, and you can do a redirect to try and grab sensitive information.
For example, say our rogue server gave out their OWN IP address for something like your banks website, presented a fake banking website and got you to enter your details.
Now think of this on a larger scale, they'd only be able to re-create SOME banking websites, SOME online account websites on their hack servers, so it's quite a limited attack depending on what they're targeting and trying to achieve.

Now I suspect I've been lucky here, being in the UK there are fewer websites I suspect the attackers will have re-created or redirected. I'm also curious what their aim was, but nobody seems to know much about it.
The IP is innocent enough, hosting webspace in the USA, so I suspect it will have been shutdown quite some time ago, and checking DNS queries today to it fail, so looks like it's been stopped. But even so, that's odd, and how long was it sniffing my traffic?

My guess is it's been a couple of weeks for me. That's when I had "odd" behaviour, the HIVE hub stopped connecting, etc.

The answer? PATCH, I went to Draytek and updated my firmware, which is something we all have to start getting used to. Keep updating, keep patching, etc.
What a chore! Maybe there is a better way, but for now we have to be aware, and watch for this sort of thing and not let it wash over us!

Saturday, 19 May 2018

Cheap car radio antenna

For a while my car radio reception has been pretty poor. I suspect it's a poor ground somewhere on the aerial, the aerial itself is a loop in one of the rear windows, so all sorts of problems are potentially there. Also with it being a large car, the wiring run will be long too which won't help.

So rather than fix the problem (!) I decided to look for alternatives, as I know you can buy cheap antennas that fix to windscreens, hidden away, etc, and have an amplifier in it too.
So I trawled various websites and there is very little on reviews on what is good and bad! So I decided to take a look and take a chance on a cheaper powered unit.

This was what I thought I'd try, as it was cheap but still had powered circuitry in it and from a UK seller.

It arrived quickly which was good, so I fitted it into the car. It arrived looking like this:

Two wires marked red and black were for 12v power to it, then it had the standard round connector for antenna into the radio.
I wired it up, and placed it on top of the dashboard, powered on.

Signal was TERRIBLE, really bad. To be honest a bit of wire was probably about the same quality. I'm not sure why it was so pathetic, but it really wasn't working at all.
I checked connections, power, etc, to be sure but no it just was a pile of junk.

So after removing it and swapping back I thought I'd take a look inside the boxes. To my surprise there was actually electronics in there (I was half expecting an empty box!)


I'm going to take a look a the components and circuit as I'm not sure exactly what it's doing. From what I can see there are a few resistors and a couple of either gates or diodes on there, so i'm going to try and figure the circuit out and see what it was trying to do!

The other end looked pretty unremarkable:



I should have known better really!

Sunday, 29 April 2018

Fitting an Android head unit into a Vauxhall Corsa D (2011)

This came about when I tried to fit an aftermarket stereo into my Wife's Vauxhall Corsa (An Xtrons, see the blog post here http://www.thebmwz3.co.uk/2018/02/xtrons-3-single-din-car-radio.html ).



However after just a short amount of use it turned out to be a really poorly made unit, and so I was looking for an alternative to fit that wouldn't cost much. Luckily a friend at work was selling his old android double-din head unit so I bought that off him.

It's a typical cloned android head unit, but had the advantage of having various physical buttons, and I knew it to work well from my friend at work, so I bought it, not really thinking it through. Got it home and take a look at the size:


Here you can see the xtrons unit still in, with it's plastic surround and the new unit. You'll notice the Vauxhall panel is tapered at either side, so it isn't a straight rectangular fit, so this may prove difficult!

First steps were to remove the old xtrons unit, this just clips in so just pull it out and the bracket came with it. Disconnected all the power and audio connections from it so we've got it free (Apart from the power cables which were wired in, due to the Vauxhall radio connector not having an ignition power wire, more on that later).

So now I got the chance to see what the fit might start to look like:


So it did start to fit in the hole, but this was as far as it went at first. On each side of the head unit there were the mounting brackets with clips, luckily these were just screwed into place, so removing those and the unit slid all the way back:



Not exactly a perfect fit though, and so make it fit flush would mean taking the Dremel to the dashboard. I had considered this, since it's something I've done in my Chrysler, however in this case that plastic bezel around it is actually almost the entire lower section of dashboard, so to replace would mean replacing almost the whole plastic dashboard trim, not something I wanted to pay out for, nor do should I want to return it to factory for when it gets sold.

Therefore I thought we'd just live with it not being flush, and work to mounting it as securely as possible. In this case the only solution would be either from the top or bottom of the radio. Luckily there were a few screw holes in the top of the unit, so these would act as our securing points.

So to get to the top of the radio, above the radio is the air vent, door lock and passenger air-bag cancel button unit (in silver on this edition), so this needed to come off.

***WARNING : Before you do this DISCONNECT the battery. I didn't and when you disconnect the airbag disable button it triggers the airbag warning system which needs an SRS code reader/reset to remove!***

** EXTRA NOTE - After almost 2 months the airbag light has gone out of it's own accord, so it does reset, it just takes a VERY long time **


To remove this panel the first thing you do is remove the small speaker grill from the top (This has the lump that looks like an alarm sensor), that pops out using a thin screwdriver. Once out you'll see a single hex screw. Once that's undone you gently prise and pop the clock display piece out. You'll see from the photo above the clock display is separate to the silver vent housing, so that clips out (It folds upwards towards the windscreen). The clock has a clip connector behind it, so does the speaker. The speaker is a pop/plug connector that just pulls out. The clock connector has a mini lever on it you press and turn to disconnect.

Once that's out you can then remove the further 3 hex screws which hold the air vent unit in, this again is clipped in at either side of the vents and then with two clips downwards towards the radio position. This whole unit then comes out, again the connector at the back for the airbag, etc, is a mini lever that once you release the clip on it, turning the lever will disconnect it and let you remove it. REMEMBER: DISCONNECT BATTERY FIRST!
You can see the connector in the middle of this photo:


That's the unit removed, so now we have the plastic surround that the radio sits against (It's the piece with the connector sitting on it, so that's the top of our radio mount). In this case I thought the easiest was to drill two small holes into this, and then use a screw through this plastic piece and into the radio to hold it in place.



Once the screws were in and tested I turned to the wiring. Luckily the connector Vauxhall uses is almost identical to the one used by Ford, so this was just a clip in plug.

The above is similar to what I used, you need the antenna power/can unit for the Vauxhall Corsa. Clipping the main block into the factory car connector was easy, however as I found before, there is NO ignition switched power on this factory connector (It uses the CANBUS car network to control it), therefore the alternative wire I'd put in from elsewhere was needed again. This was a separate wire I put in that provided power from the ignition, and so would control the radio on/off, etc. So I cut the wires that went to the connector and wired these into my ignition. Wired in the power to the antenna amplifier block (the silver can), and added the rear reversing camera connections to it (Already fitted a while ago). Turned the ignition on and it all powered up perfectly! Audio was good, and actually really loud for the car, using only 4/5 volume setting and it was perfect.

To fit it back in I fastened the two screws in place that holds the radio in, then refitted the silver fascia and then the top clock/plastic. Something else I found, the silver fascia was a difficult fit back in, due to the radio being slightly larger, so potentially this might not fit properly in future, will keep an eye on it and see if it pops back out!
There is also the heater/blower vents at the back which are soft plastic, make sure you check at the back and line them up as they can easily be squashed when you push the fascia back in if it's not fully lined up.

However, not a bad piece of work and the results are pretty good, even though it sticks out a bit!






Tuesday, 24 April 2018

Daylight running LEDs (DRL) and indicator signals on Chrysler

This is a short post on fitting daylight running LEDs to my Chrysler Grand Voyager 2.8CRD. This should work with most editions of the GV, I'd expect right up to the newer facelift editions, so right through to 2007/2008 I believe.

So the first step is ordering the right DRLs, I went for ones that have DRL and indicator function built in, as some information suggests when indicators are on the DRL should switch off to avoid confusion to oncoming drivers, I also like this 'look' where the DRL goes off, the indicator flashes and when indicators are cancelled then the DRL will come back on. This needs units with a little electronics but you can buy these for around £10 easily in the UK. I went for the longer 60cm lights, and went with the light 'bar' type where the LEDs are inside a plastic diffuser to give a more even illumination.
The next job was how to connect into the indicators, I took the headlight unit out (3 flathead screws at the top of the headlight assembly), undid one bolt that holds the plastic facia of the bumper around them for easier access and the headlight comes out. Checking the connector I identified the wire and spliced a wire into it using push/crimp connectors.
That connection goes to the orange wire on the DRL for that side, you then run two other wires, one is ground to either the nearest grounding point, or a post on the battery terminal. The other needs to feed back to an ignition switched live, I went for in the fusebox a small piggy-back fuse splitter and connected this to the cigarette lighter/acc socket fuse. This allows the DRLs to be on whenever the ignition switch is on (Remember the DRLs are very low current draw).

Fitting them, I had the option of above or below the existing lamp, both are relatively easy, but to squash the led bar in nicely I went for underneath, which gives good results, the light actually shines a little through the existing lens so it partially lights the main light up in duller weather.

Results were good.
Here you can see the position of the LED tubes underneath the lens.


It took a little pushing/pulling to get in the right place, I'm not 100% happy as they're not even over the whole headlight lens but I'm going to fix that by moving them around and possibly using dots of superglue to hold them against the headlight.

These are pretty bright when on and give off a nice glow:


And when the indicator is on the white DRLs go out and replaced by a flashing (in time with your indicator flash) orange bar:

(Catching the flash was difficult, here you can see the 'off' part of the sequence, hence it's not as bright as it actually looks!)




All in all for £10 and an hours work it went really well!

Monday, 16 April 2018

Letsencrypt Google Chrome and blogger

Here's something new, my blogger site (on my personal domain) now has HTTPS support! This was added by Google, and has been something talked about for years.

The tricky part from Google's point of view is that this is on my own domain, so adding an HTTPS would normally involve certificate chains, authorisation from the domain owner to validate who you are, etc.
But it works! And looking into it, you can see how. The certificate is from Letsencrypt. This is a novel certification body that are completely free and willing to 'certify everyone', they do basic checks that you own the domain (Uploading a file to the website, changing your DNS records, etc) and then will issue a short-term certificate (A few months) so you need to keep re-certifying.
I've done this a few times on my own servers, and running a script to keep generating the certificate is easy enough.

So that seems to be how Google and Blogger are doing it, generating Letsencrypt certificates for the customer blog domains. This also gives further weight to letsencrypt knowing that one of the 'big boys' like Google are using them for blogger blog's.

So enjoy, and use my blog on HTTPS now https://www.thebmwz3.co.uk/

Wednesday, 21 March 2018

Alienwork IK watch review

Hi folks,
This is my review of the Alienwork IK stainless steel watch, if you read below you can also get a discount if you order using my discount code!
The watch comes in great packaging which you can use if you're giving the watch as a present, it's inside a protective plastic pouch and then inside a soft folding wallet, you can see them below:


The watch itself is really well made, and feels 'solid' which probably comes from the fact that it uses a stainless steel casing and watch strap.
I'm not normally somebody who wears a watch, so I don't like something that feels too heavy or restrictive on my wrist (In fact I'm really weird about anything touching my wrists, but that's another blog entry!) so I was a little weary when it arrived and I felt it had a bit of weight to it, and the metal strap.

However, I'm really impressed! I've been wearing it for several days and I've not noticed any discomfort or really found any issue with wearing it. I've adjusted the strap down to my very thin/narrow wrists. The strap adjusts very small, you unclip it and move the adjustment down as far as you want, so if it fits me, it'll fit anyone!
The watch keeps time beautifully and is very stylish, looks good, especially the one I got in all black with the milanese band.


All in all I'm really impressed with it, and wearing it every day now, which for a non-watch wearer is a huge improvement!

If you'd like to order one then you can using the Amazon link below:
https://www.amazon.co.uk/dp/B01D8KBMUU
And if you use the discount code: L7K45I3S
You can get 50% off the product cost! Which makes it really good value too (RRP around £20)

Note: This was a sponsored blog post from Alienwork

Thursday, 15 March 2018

MightyText for tablets on android

I've been using MightyText for a while now, it's an app you install on your phone and register with, it then sends your SMS to their servers and you can login to your account from your browser and send/receive messages.
It works really well, just does what it's supposed to, and despite that meaning 'they' have a copy of all your text messages, it's a great idea and I use it regularly to type a message from my computer instead of phone screen.

Therefore when I needed an app for my tablet I went for MightyText for tablets, thinking this is great, an app for the tablet that will work the same, let me send and receive. However, everytime I tried to use it, you couldn't see the messages as the screen was so cluttered:


This is the popup window that appears when a message comes in. The text of the message is missing, it should appear below the time and above the "Type message" prompt, but due to the screen being in landscape orientation it appears like that.

If you then open MightyText itself you see messages, but again not much room:


You can make the message out this time, but only the first line of it. If you then go to reply the keyboard then squeezes the screen so none of the message is visible.

This initially just looks like how the dialogues are generated and perhaps the font/text being used. I therefore contacted MightyText about it:

17/02/18:
    Hi, the view on the tablet app causes messages to not be visible due to a
    very small message window due to all the other dialogues.
    I've attached a couple of photos showing both the popup message alert and
    the main window.
    Please can advise how to fix this display problem?

And I got a reply from their tech support:
20/02/18:
Sorry to hear that. Just confirming, is your Tablet in landscape mode when you 
see this issue?

Which I confirmed, and I then received this reply:
20/02/18:
Got it, this is currently the expected behavior. We may change this in the future.

So that's it, basically they know this, they do it on purpose (Expected behaviour?) and that they aren't really doing anything about it.

Really disappointing this, so I'm on the lookout for a similar app that will work correctly on my tablet screen.

Monday, 12 February 2018

Xtrons 3" Single Din Car Radio

This was something I bought for my wife as a present, to upgrade her car radio. She has a Vauxhall Corsa and wanted similar to mine to play music from an SD-card or USB stick.
I searched and found the XTRONS 3" HD Car Stereo 1 DIN Head Unit Radio MP3 Player USB SD AUX FM + Camera input.

This looked ideal, single DIN to fit a facia for her car, inputs for USB, SD card and AUX too, FM tuner (No CD but that's generally not a problem) and it had phone buttons too.

It was at a decent price too (Under £80), so I ordered it as a present. It was only when I got to fitting it that the problems began.

Firstly, no i hadn't noticed the writing along the bottom of this photo stating "Attention: this car stereo doesn't have Bluetooth function", so I'd missed that, my fault, so I was annoyed at myself already!
After powering it up for the first time, I found the first problem. It's so non-intuitive to use. The arrows don't search/scan on FM at all, there are two preset station buttons 1 and 2, there are up to 10 but you have to get to them by cycling through using the arrow buttons.
It also doesn't have RDS, Radio text or anything like that, so whilst tuned into a station you only get the frequency displayed. This also means it won't auto-hop between frequences if you cross regions or anything like that.

The physical buttons are clicky and rattle in their sockets, which doesn't give a good feel, but it's a nice positive click when you press them which is good for driving. The multi functions of the buttons aren't very intuitive, so you have to work out long-pressing and short pressing do two different actions which isn't always obvious to get into the menu you want.

The volume button presses in, and a short press allows tone and balance control, a long press gets you into the setup menu.

I fed a rear camera into it, and selected reverse (I already had the wiring in) and the radio did switch to a video input and muted the audio, but no matter what I did, I constantly had "NO SIGENAL" showing. Yes that was spelt incorrectly! I'm going to investigate further to verify the camera signal input, but it did work (from a dashcam) so I'm not sure if there is something wrong with the head units camera/reverse input signal.

After tuning to the FM stations I wanted, I stored them into 1 and 2, the signal was good (The antenna conversion kit I used had an inline booster so this probably helped get a really good signal) and the audio was decent quality with a good bit of volume.
The volume adjustment wasn't great, it uses a huge volume scale, so you have to twist the volume knob many turns before you went between very quiet to very loud!

Going into the setup menu, there was little to configure, date/time, language and audio preferences (balance, fader, equaliser settings) so nothing really needed to tweak in there. You can set brightness and contrast separately though to get the best out of the 3" screen, which was back-lit well and pretty clear.

Boot up speed was quick, from standby and from completely disconnected, which you'd expect as the unit isn't running any complex operating system, it appears to be running it's own custom firmware from xtrons.

All in all, I'm pretty disappointed, it was supposed to be an upgrade but I'm sat wondering if due to it's difficult to navigate UI and clunky buttons that it's not really an upgrade at all. I was even contemplating putting the Vauxhall unit back in as I was that unhappy with the results I'd achieved in an afternoon of wiring.
(The Vauxhall wiring is not great, there is no switched +12v from ignition so you have to manually wire into the aux/cigarette lighter socket)

UPDATE1 - The very next day after installation we went out to the car and was going to show the unit off to my wife for the first time. Turned ignition on, radio powered on and the radio channel I left it on started playing, but the screen was totally white. Several power on and off's and it just wouldn't do anything. So this wasn't a good sign, it appears the screen has given up, with less than 1hr of use!
The next day my wife used the car and the screen came on, so I'm not sure if this is related to temperature or it's got an intermittent fault.

UPDATE2 - The screen has failed again with a totally white display.


UPDATE3 - March 2018 - It's a pile of trash! Don't waste your money. The white screen issues continue and more often than not it's a white screen (I think it's related to temperature, cold temperatures) and even when it's not the biggest problem.
You cannot navigate folders/choose songs from folders. The music from SD/USB simply searches the Sd card/USB for all music it can play, and then gives that to you in a huge list. You can skip songs, but without being able to jump, search or choose with any more refinement, that's as good as it gets.

Avoid at all costs is my advise on this one!

Chrysler dash bulb replacements

This is a quick bit of info on how I replaced the bulbs on my Chrysler Grand Voyager 2.8CRD, this may seem odd, but Chrysler in their infinite wisdom decided to solder bulbs straight onto most circuit boards, so panel illumination is handled by this design.
So when the bulbs give up, the panel goes dead and you can't easily replace them, so I've done a few replacements over the years trying to find the best solution and I think I have now found it! Replacing with LEDs is the obvious solution, but getting small and 12v versions was the challenge.

First, here's the challenge. This is the heated seats, wiper and emergency indicators panel, easily removed from the dashboard with 3 hex screws, then gently unclipping the back of the unit (Keep it flat, the buttons are held in but you need to keep them in the same position to avoid complications when putting back together).
Once open you can see the front of the circuit board as below. You can see one blue panel illumination LED shown, the hazard bulb has been removed, adn the right heated seat I've placed an LED bar/hobby LED bar to give an idea on scale.


So the problem, remove the old blue bulbs (They're white bulbs with a blue rubber cover over them) and replace, however they are small and not very tall, so a regular LED would be too big, and also these run at 12v so need to have an inline resistor somewhere too.
The LED bar shown is a hobby/train set illumination which at first looked ideal, it had an inline resistor and two LEDs on a flexible circuit, however even this small size was too big to comfortably fit.

So the second solution was to use SMD LEDs, and I found some in the form of replacement speedo/cluster illumination panels.

These come with the base black plastic fitting for your dash, then the green plastic casing topped with a square SMD LED and inline resistor. Gently pulling the package apart we can see this:


This was perfect, cutting the legs down to just at the resistor let it sit around the same height as the original bulbs. Cover one leg with heatshrink to avoid any shorts when you push it back together, solder it onto the main board and problem solved!
For reference, when you have the board sat like the top image, positive is on the LEFT, so I wrapped the negative lead in heatshrink and soldered it on, you can see the end result below:



These worked great, fit back in no problems and they look super bright. The problem now is that the rest of the dashboard illumination is too dark by comparison!



NOTE: On the above the one missing indicator was the hazard warning LED, this was due to a mistake when soldering, so I've removed and replaced that one and now it's lit up!

The parts I used were old, from Amazon but you can probably source similar parts easily.

https://www.amazon.co.uk/dp/B00NQ6TIEY/ref=cm_sw_r_cp_awdb_t1_8zlGAbK0ZS683

There are many similar on ebay which are much smaller (You could use SMD resistors too on the back of the LED package, which would make them much more compact) so hope this helps!


Friday, 9 February 2018

Cheap Fitness Bands

I've recently been in the market for a fitness band for myself, at Christmas I bought my wife a fitness band from China and she's been impressed with it. Looking at the accuracy it's never perfect, sleep and active amounts seem to be out but in the main it works, picks up heartrate, etc, so does the job nicely.
All of these fitness bands use BLE which is Bluetooth Low Energy, so they don't have much smarts themselves, they rely on a phone/tablet to sync with and do the main work, but they will store data whilst out of reach and then sync the data back (Seems to be no information on how much/how long it will cope though!).

Xiaomi Miband 2
So onto the tests and comparisons. Firstly the one I bought my wife was the Xiaomi Miband 2:
They generally retail around the £30 in the UK (Importing from China you can almost halve that amount, but expect Chinese instructions!). Setting it up is easy, just install the app to your phone - MiFit and let it search and find the band. After that it's pretty much done.
The build of this fitness band is really good, the strap easy to fit and feels secure, and easily fixed. The Miband 2 fits into the strap so it's easily changeable. To charge you remove it from the band and clip it into it's little charger wire, this is probably the worst design feature if I'm being picky as you can lose the charger cable/cradle, and you might not carry it everywhere with you, but this is really minor.

The screen is OLED and nice and clear, the finger/touch button then cycles through the different screens showing you: Time, Steps/Pedometer, Heart-Rate. When on Heart-Rate it will start the detection, flashing the cursor on screen whilst it calculates and after a few seconds it displays heart rate. Again a downside here is it only samples once seemingly, so it can mis-read.
The unit will also notify you to incoming calls or messages, displaying the number on the screen and vibrating, it doesn't display the message, phonebook of who is calling, so it's more of a notification than being anything more than that.
The app MiFit is clear, yet simplistic. You can also change the settings for the band by switching settings on and off, changing units, etc. Notifications can be set on and off here too so you can disable the TXT, phone, etc if you don't need them. On the main screen you get the steps counter, distance, estimated calories, etc.

We took time to go through it and it covers everything you want to view regularly, so in summary it gives you all the basics. It also lets you set (and alert you) to your goals, and map your sleep. We're unsure how accurate the sleep tracker is though with no frame of reference other than anecdotal!

Otherwise this is a very capable band, and one part to note is the amazing battery life. This unit lasts at least a week! That's constant wrist wearing, syncing and looking at the screen occasionally.
This is amazing for a gadget these days, lasting this amount of time and really is a superstar feature.

ID115 fitness band
This is the cheap band that I decided to buy, it's readily available, mine was bought from ebay for around £10. The band itself is much simpler than the above, but the app seems to have a few more features. Firstly the physical appearance:
The first thing to note is that this is NOT exactly what it looks like! There appears to be a few variations to the casing, button and display. Mine looks very close to the above, but by default the display is vertical not horizontal,
The app you use for this is "DayDay Band" and is again a pseudo-Chinese application, that lets you join the band to your phone, set the band up, setup notifications, etc. By default is shows you your Steps and goals, estimated Calories, etc. Sleep data on Deep, Light and Awake times, and finally your heart rate results and a BEGIN button to do an immediate detection.
In settings you can enable the Lost function, posture reminder, screen time, bright screen and alarm clock. Note that sometimes these settings do crash the application, I'm not sure if this is a buggy application, or means the feature isn't available on my band. A few settings are interesting, firstly the heart beat option where it will do monitoring every 2 hours, which is an improvement on the other application. It also appears to take several samples of your heart rate and averages them out, I assume this is to avoid false readings as much as possible. It also has the ability to export data to Google Fit, although it's a manual export rather than automatic, but again this works as you'd expect.
The app displays the 3 main areas on a large screen, and is easy to follow:


The downsides to this, firstly the band itself, it uses quite a rigid plastic band with a push-fit to secure. I found it quite difficult to fasten onto my very skinny wrists (using the smallest hole setting), but this is more just awkward, and it never seems to sit fully flush which may affect my heart rate values. This is partly because of the plastic tabs that fasten the band onto the strap, these are solid plastic 'ears' and so don't flex, meaning the band has to lay flat along this part until the strap then bends round.
This photo slightly shows the issue:
Each end of the band sticks out slightly. It's worse on my wrist which is thinner than that!
One advantage is the charging method, you unclip the strap and there is a USB connector built into the plastic, which you just plug straight into a USB connector. Whilst it's not a great fit, so you need to align it and make sure it's not knocked, this does allow you to charge wherever you can find a USB socket which is handy.
another disadvantage so far is the battery life. I'm only getting 1-2days out of the band so charging it a lot more than I expected, which of course means I lose data whilst charging.
I think this is because I have the periodic heart rate monitor enabled, which uses battery power, and also that when you move your arm around the display lights up. I've yet to be able to display the display lighting up as whenever you go into this setting the app crashes, I need to investigate this a little further which may help the battery life. Still nowhere near the other units amazing battery life. This is probably the one feature that lets this unit down unfortunately.
So all in all they are very capable little units, and at the price they are very well priced.

UPDATE - March 2018
So after living with the units for a while now, the biggest issue has appeared from the ID115 band. It's battery life. It gives up after just over a day, takes ages to charge and so is becoming less and less useful as time wears on, I feel it's on charge more than it's on my wrist, so for this instance I'd not recommend it for normal use.

Wednesday, 7 February 2018

More on the Hizpo Android car radio/headunit

After a few months of ownership I thought it was about time to write an update, to give you an idea what I thought, where I was with it and how I've solved a few problems, also some interesting bits I've discovered along the way.
Firstly, my thoughts on it, to me it's a great unit, yes it requires some tweaks that the average user won't be able/willing to do so would I recommend it to end-users, probably not, but for the more seasoned Android/Linux tweaker, I'd say yes definitely worth it. I've found after making a few tweaks the unit performs excellently, plays music from SD without effort, Radio, navigation and I'm starting to increase the functionality I'm using.

So my current position with the the Hizpo Android (MTCD_XRC sofia3gr) is:

  • Radio functioning
  • Startup and shutdown almost instantly as the unit sleeps/wakes at ignition
  • Very little idle draw due to sleep working well
  • Music from SD-card working
  • Navigation using Google Maps working without crashes and navigation audio mutes radio during navigation events, maps notifications, travel times, traffic, etc
  • Navigation using Waze - slightly slow, GPS seems to drift and audio doesn't mute radio, this appears to be issues with Waze not the head unit
  • Automatic bluetooth tethering to phone to provide internet access to headunit working
  • Bluetooth connection to phone working reliably
  • Reverse camera - switches when in reverse and mutes car radio.
  • Calls work, however small issue when radio/music is playing and you answer a call, the remote end doesn't hear you, seems the phone doesn't switch to the right bluetooth profile (Not sure if this is phone or head unit problem)
  • adb over wifi with root working
  • SU/root access working
  • Ability to have apps/services run after wake (Newly tested!)
And the problems
  • Occasional hang (I think this is related to my car battery going low and working hard at starting the big diesel engine, so it dips power too low and the unit crashes) - It normally automatically reboots after a minute or so and recovers itself
  • At full/hard reboot (not wake after sleep) needing to set the Kernel OOM settings each time, need to find the right hook to script this
  • No steering wheel control - This is due to not having the ODB connection, and probably not being able to interface with Chryslers' proprietary protocols.
  • Small plastic dimple on volume knob - from mould manufacture, just needs slight sandpapering to solve.
  • Phonecall quality - Several people have mentioned my audio quality isn't great on phone calls, need to check as I've plugged in an external mic and not sure if it's this or the bluetooth stream to the phone
So now onto how I achieved some of my goals!

Apps terminating/closing:
The first being apps terminating themselves. Tracking this down it was due to the Kernel OOM killer, there are various settings you set (by echo'ing them to the /proc filesystem) that control how light/heavy this operates. By default this unit only has 1Gb of RAM so manufacturer has set this to be a bit too protective, killing foreground apps too often. Google maps is a good example, it uses a lot of resources so even when it's the only app running it will get killed. I found using the app "Kernel Adiutor" by Grarak is excellent, lets you tweak the settings easily and the presets are ideal for this. So load it up, grant it root access and then from the menu choose "Low Memory Killer" and for me I choose the preset very_light. Apply on boot doesn't appear to work (I believe it tries to hook into rc.local or similar init.rc but these don't work on this platform), so for now whenever I have a cold/full boot I have to re-apply. This should be easily solved.

ADB over wifi:
This one is a simple one to get right, firstly get your wifi working, I joined the car headunit to

Automatic bluetooth tethering:
This one I had working manually but I wanted it automatic. So firstly, get it working manually. On your phone go into Settings, bluetooth and firstly make sure you have the devices paired. Once paired go into MORE on your phone and go into "Mobile network sharing", and into "Bluetooth tethering", follow the prompts to set it up and let it enable. With the car head unit, go into bluetooth and you'll see your paired device. Click the gear icon and you can then tick the "Internet" access box. It should tick and stay ticked (If it unticks then it means that your phone isn't accepting the link so go back and check the sharing). If it stays ticked click OK and test, you should be able to access the internet. Now you've got manual working, it's time for automatic! I found the "blueballs.apk" app on xda-developers did the job, this keeps the connection running when your specified bluetooth device is connected. (https://forum.xda-developers.com/android-auto/mtcd-software-development/bluetooth-settings-launcher-t3504526) Install this on your phone first and set it up, tick the box for your car unit. Then to install it on the head unit follow the guide:

adb connect <ip address of head unit>
adb push BluetoothTethering.apk /sdcard/
adb shell
$ su
# mount -o remount,rw /system
# mkdir /system/priv-app/BluetoothTethering
# cp /sdcard/BluetoothTethering.apk /system/priv-app/BluetoothTethering/
# chmod 755 /system/priv-app/BluetoothTethering
# chmod 644 /system/priv-app/BluetoothTethering/BluetoothTethering.apk
# sync
# reboot
Then the app will autostart and show a bluetooth icon along the top status bar. This worked great for me, and bluetooth tethering worked straight away, after sleep, etc.

Apps being killed by sleep:
This one is a tricky one, when the device goes into sleep (When ignition is turned off) it will terminate most services and apps, sync filesystems so the system can sleep correctly. Unfortunately this causes a problem, as the method it uses to terminate the services will not resume them (The app receives an ondestroy which terminates and doesn't re-spawn). This is a problem for bluetooth background apps, etc, so the solution appears to be with the bluetoothtethering method above, install the app using root privileges to the /system/priv-app/ as these will be restarted automatically. I've not fully tested other applications with this other than the above bluetoothtethering though.

Discovering how it's all working:
Underneath the head unit is a fairly typical android build, so using adb over wifi I poked about and found how it's basic file structure, boot process, etc, works. It is pretty standard Android with very little changed. It's running "toybox" which is a busybox like clone for file and system functions that you can hook into.

Some additional debugging, shows how the unit functions, watching adb and logging we can see the suspend and wakeup calls:

[ 6145.758644] suspend step=12
[ 6145.758723] PM: suspend exit 2018-02-06 19:59:09.947279628 UTC
[ 6145.758787] suspend step=13
[ 6195.758443] PM: suspend entry 2018-02-06 19:59:59.946989170 UTC
[ 6195.758557] suspend step=1
[ 6195.758607] PM: Syncing filesystems ... done.
[ 6195.777951] PM: Preparing system for mem sleep
[ 6195.783221] Freezing user space processes ... (elapsed 0.010 seconds) done.
[ 6195.793560] Freezing remaining freezable tasks ... (elapsed 0.006 seconds) done.
[ 6195.800118] suspend step=2
[ 6195.800173] PM: Entering mem sleep
[ 6195.800225] Suspending console(s) (use no_console_suspend to debug)
[ 6195.805419] rpmb_rpc: rpmb partition suspended
[ 6195.868220] xgold-sdhci e2800000.emmc: Set tap values to mode 0, val = 0x080400f5
[ 6195.870533] PM: Wakeup pending, aborting suspend
[ 6195.870590] active wakeup source: alarm
[ 6195.870663] PM: Some devices failed to suspend, or early wake event detected
[ 6195.993203] xgold-sdhci e2800000.emmc: Set tap values to mode 1, val = 0x08040004
[ 6195.995946] xgold-sdhci e2800000.emmc: Set tap values to mode 5, val = 0x000400b5
[ 6195.996857] rpmb_rpc: rpmb partition resumed
[ 6195.997746] PM: resume of devices complete after 127.017 msecs

And the normal process listing (With the unit at idle):

USER      PID   PPID  VSIZE  RSS   WCHAN            PC  NAME
root      1     0     3060   628   SyS_epoll_ 00000000 S /init
root      2     0     0      0       kthreadd 00000000 S kthreadd
root      3     2     0      0     smpboot_th 00000000 S ksoftirqd/0
root      5     2     0      0     worker_thr 00000000 S kworker/0:0H
root      7     2     0      0     rcu_gp_kth 00000000 S rcu_preempt
root      8     2     0      0     rcu_gp_kth 00000000 S rcu_sched
root      9     2     0      0     rcu_gp_kth 00000000 S rcu_bh
root      10    2     0      0     smpboot_th 00000000 S migration/0
root      12    2     0      0     smpboot_th 00000000 S watchdog/0
root      13    2     0      0     smpboot_th 00000000 S watchdog/1
root      14    2     0      0     smpboot_th 00000000 S migration/1
root      15    2     0      0     smpboot_th 00000000 S ksoftirqd/1
root      17    2     0      0     worker_thr 00000000 S kworker/1:0H
root      19    2     0      0     smpboot_th 00000000 S watchdog/2
root      20    2     0      0     smpboot_th 00000000 S migration/2
root      21    2     0      0     smpboot_th 00000000 S ksoftirqd/2
root      23    2     0      0     worker_thr 00000000 S kworker/2:0H
root      25    2     0      0     smpboot_th 00000000 S watchdog/3
root      26    2     0      0     smpboot_th 00000000 S migration/3
root      27    2     0      0     smpboot_th 00000000 S ksoftirqd/3
root      29    2     0      0     worker_thr 00000000 S kworker/3:0H
root      31    2     0      0     rescuer_th 00000000 S khelper
root      32    2     0      0     vdump_thre 00000000 S vdump Thread
root      33    2     0      0     console_th 00000000 S kconsole
root      34    2     0      0     rescuer_th 00000000 S writeback
root      35    2     0      0     ksm_scan_t 00000000 S ksmd
root      36    2     0      0     rescuer_th 00000000 S bioset
root      37    2     0      0     rescuer_th 00000000 S kblockd
root      38    2     0      0     hub_thread 00000000 S khubd
root      54    2     0      0     fmdev_fifo 00000000 S iui_fm
root      55    2     0      0     ion_heap_d 00000000 S system-heap
root      56    2     0      0     mvpipe_dev 00000000 S ion_secvm_handl
root      57    2     0      0     irq_thread 00000000 S irq/303-rk818
root      58    2     0      0     rescuer_th 00000000 S rk81x_otg_work
root      59    2     0      0     rev_thread 00000000 D rev_thread
root      60    2     0      0     rockchip_f 00000000 S fb-vsync
root      61    2     0      0     kthread_wo 00000000 S rockchip-fb
root      62    2     0      0     cpufreq_in 00000000 S cfinteractive
root      63    2     0      0     irq_thread 00000000 S irq/320-car-rev
root      64    2     0      0     irq_thread 00000000 S irq/321-car-acc
root      65    2     0      0     rescuer_th 00000000 S rk81x-battery-w
root      66    2     0      0     rescuer_th 00000000 S car_wq
root      67    2     0      0     rescuer_th 00000000 S goodix_wq
root      89    2     0      0         kswapd 00000000 S kswapd0
root      90    2     0      0     fsnotify_m 00000000 S fsnotify_mark
root      91    2     0      0     rescuer_th 00000000 S crypto
root      105   2     0      0     rescuer_th 00000000 S bl_wq
root      106   2     0      0     irq_thread 00000000 S irq/40-rga
root      107   2     0      0     vnvm_serve 00000000 S vnvm
root      108   2     0      0     mvpipe_dev 00000000 S VUSB_SE_FE_MEX_
root      110   2     0      0     down_inter 00000000 S vsec
root      111   2     0      0     rescuer_th 00000000 S idi_error_work_
root      112   2     0      0     irq_thread 00000000 S irq/110-vpu.177
root      113   2     0      0     irq_thread 00000000 S irq/111-vpu.177
root      114   2     0      0     irq_thread 00000000 S irq/38-hevc.178
root      115   2     0      0     rescuer_th 00000000 S dwc2
root      116   2     0      0     rescuer_th 00000000 S uether
root      117   2     0      0     rescuer_th 00000000 S adv_wq
root      119   2     0      0     rescuer_th 00000000 S dm_bufio_cache
root      121   2     0      0     mmc_queue_ 00000000 S mmcqd/0
root      122   2     0      0     mmc_queue_ 00000000 S mmcqd/0boot0
root      123   2     0      0     mmc_queue_ 00000000 S mmcqd/0boot1
root      124   2     0      0     mmc_queue_ 00000000 S mmcqd/0rpmb
root      125   2     0      0     rescuer_th 00000000 S binder
root      126   2     0      0     intel_adc_ 00000000 S adc-thread
root      128   2     0      0     oct_thread 00000000 S OCT Thread
root      129   2     0      0     rescuer_th 00000000 S dvd_wq
root      130   2     0      0     irq_thread 00000000 S irq/108-dsp_int
root      131   2     0      0     irq_thread 00000000 S irq/107-dsp_int
root      132   2     0      0     irq_thread 00000000 S irq/99-dsp_int3
root      133   2     0      0     rescuer_th 00000000 S ipv6_addrconf
root      134   2     0      0     rescuer_th 00000000 S fuel_gauge.187
root      136   2     0      0     rescuer_th 00000000 S deferwq
root      139   2     0      0     irq_thread 00000000 S irq/283-jack_ir
root      140   2     0      0     irq_thread 00000000 S irq/284-button_
root      141   2     0      0     rescuer_th 00000000 S f_mtp
root      142   2     0      0     rescuer_th 00000000 S setExposure_que
root      143   2     0      0     rescuer_th 00000000 S measurement_que
root      144   2     0      0     rescuer_th 00000000 S bat_hal-0
root      147   1     2540   288   poll_sched 00000000 S /sbin/ueventd
root      150   2     0      0     worker_thr 00000000 S kworker/1:1H
root      151   2     0      0     kjournald2 00000000 S jbd2/mmcblk0p14
root      152   2     0      0     rescuer_th 00000000 S ext4-rsv-conver
root      153   2     0      0     worker_thr 00000000 S kworker/0:1H
root      154   2     0      0     worker_thr 00000000 S kworker/2:1H
root      158   2     0      0     worker_thr 00000000 S kworker/3:1H
root      159   2     0      0     kjournald2 00000000 S jbd2/mmcblk0p15
root      160   2     0      0     rescuer_th 00000000 S ext4-rsv-conver
root      164   2     0      0     kjournald2 00000000 S jbd2/mmcblk0p13
root      165   2     0      0     rescuer_th 00000000 S ext4-rsv-conver
logd      166   1     15360  3644  sigsuspend 00000000 S /system/bin/logd
root      167   1     12664  1416  hrtimer_na 00000000 S /system/bin/vold
root      173   2     0      0     kauditd_th 00000000 S kauditd
root      182   1     2932   268   SyS_epoll_ 00000000 S /sbin/healthd
root      183   1     4308   612   SyS_epoll_ 00000000 S /system/bin/lmkd
system    184   1     4116   572   binder_thr 00000000 S /system/bin/servicemanager
system    185   1     59340  3680  SyS_epoll_ 00000000 S /system/bin/surfaceflinger
root      186   1     2284   8     hrtimer_na 00000000 S /sbin/watchdogd
radio     187   1     5648   560   SyS_epoll_ 00000000 S /system/bin/rpcServer
root      193   2     0      0     rescuer_th 00000000 S cfg80211
root      194   2     0      0     worker_thr 00000000 S kworker/u9:1
shell     196   1     4328   584   n_tty_read f7672b80 S /system/bin/sh
radio     197   1     16668  1080  hrtimer_na 00000000 S /system/bin/rild
radio     198   1     16156  704   hrtimer_na 00000000 S /system/bin/rild
root      199   1     17372  1476  hrtimer_na 00000000 S /system/bin/netd
root      200   1     4936   832   __skb_recv 00000000 S /system/bin/debuggerd
drm       201   1     25160  1192  binder_thr 00000000 S /system/bin/drmserver
media     202   1     138240 10172 binder_thr 00000000 S /system/bin/mediaserver
root      203   1     4216   672   unix_strea 00000000 S /system/bin/installd
keystore  205   1     7692   936   binder_thr 00000000 S /system/bin/keystore
system    206   1     7960   680   binder_thr 00000000 S /system/bin/pluginservice
system    207   1     4276   572   atdev_ioct 00000000 S /system/bin/startIpcsd
radio     208   1     6536   532   fmdev_fifo 00000000 S /system/bin/fmd
gps       209   1     4328   632   sigsuspend 00000000 S /system/bin/sh
root      210   1     827376 28380 poll_sched 00000000 S zygote
system    211   1     7364   844   binder_thr 00000000 S /system/bin/gatekeeperd
root      212   1     4240   716   hrtimer_na 00000000 S /system/xbin/perfprofd
root      214   1     8612   1080  poll_sched 00000000 S /system/vendor/bin/crashlogd
root      216   1     6560   812   devkmsg_re 00000000 S /vendor/bin/log-watch
root      238   1     3876   180   __skb_recv 00000000 S daemonsu:mount:master
gps       253   209   21528  2160  futex_wait 00000000 S /system/bin/lbsd
root      258   1     6196   368   __skb_recv 00000000 S daemonsu:master
radio     279   1     15060  764   hrtimer_na 00000000 S /system/bin/rpc-daemon
root      284   2     0      0     kjournald2 00000000 S jbd2/mmcblk0p5-
root      285   2     0      0     rescuer_th 00000000 S ext4-rsv-conver
radio     286   1     8300   740   nvmdev_ioc 00000000 S /system/bin/nvm_useragent
shell     294   1     9360   184   poll_sched f7703b80 S /sbin/adbd
root      338   2     0      0     irq_thread 00000000 S irq/289-gnss_wa
root      340   2     0      0     irq_thread 00000000 S irq/291-gnss_er
root      342   1     4328   632   sigsuspend 00000000 S /system/bin/sh
root      363   342   5572   940   __skb_recv 00000000 S /system/vendor/bin/logcatext
root      422   2     0      0     irq_thread 00000000 S irq/293-wlan_ir
system    558   210   879544 85412 SyS_epoll_ 00000000 S system_server
root      707   2     0      0     mvpipe_dev 00000000 S VUSB_SE_FE_LINK
root      708   2     0      0     n_tty_read 00000000 S VUSB_SE_FE_LINK
root      709   2     0      0         msleep 00000000 D VUSB_SE_FE_MODE
root      742   2     0      0     rescuer_th 00000000 S vs-2
media_rw  799   167   7900   600   inotify_re 00000000 S /system/bin/sdcard
radio     802   210   697124 33080 SyS_epoll_ 00000000 S com.android.phone
u0_a21    818   210   746476 54508 SyS_epoll_ 00000000 S com.android.systemui
u0_a9     1088  210   669656 22552 SyS_epoll_ 00000000 S com.android.externalstorage
u0_a22    1374  210   958284 23208 SyS_epoll_ 00000000 S com.google.android.googlequicksearchbox:interactor
u0_a43    1393  210   707868 41320 SyS_epoll_ 00000000 S com.android.inputmethod.latin
u0_a10    1437  210   859896 77880 SyS_epoll_ 00000000 S com.google.android.gms.persistent
root      1456  1     4328   476   sigsuspend 00000000 S /system/bin/sh
system    1467  210   672660 23476 SyS_epoll_ 00000000 S android.microntek.canbus
root      1504  2     0      0     rescuer_th 00000000 S vs-0
root      1514  1456  86168  1972  poll_sched 00000000 S /system/bin/adb-ec
u0_a10    1521  210   691816 29600 SyS_epoll_ 00000000 S com.google.process.gapps
root      1551  1     4328   632   poll_sched 00000000 S /system/bin/sh
u0_a22    1577  210   973232 35336 SyS_epoll_ 00000000 S com.google.android.googlequicksearchbox:search
u0_a13    1645  210   702792 44380 SyS_epoll_ 00000000 S com.android.launcher
u0_a10    1674  210   1059600 81412 SyS_epoll_ 00000000 S com.google.android.gms
root      1818  258   6196   176   __skb_recv 00000000 S daemonsu:10087
u0_a60    1858  210   696304 41280 SyS_epoll_ 00000000 S com.microntek.radio
system    1911  210   668872 23420 SyS_epoll_ 00000000 S com.intel.soundprofile
u0_a40    2013  210   670856 21412 SyS_epoll_ 00000000 S android.rockchip.update.service
u0_a10    2252  210   788532 24856 SyS_epoll_ 00000000 S com.google.android.gms.ui
u0_a37    2455  210   694508 41236 SyS_epoll_ 00000000 S com.microntek.bluetooth
root      2670  258   7228   176   __skb_recv 00000000 S daemonsu:10092
u0_a10    4729  210   805684 42848 SyS_epoll_ 00000000 S com.google.android.gms:snet
root      6102  2     0      0     worker_thr 00000000 S kworker/3:0
root      6439  2     0      0     worker_thr 00000000 S kworker/3:1
root      6576  2     0      0     worker_thr 00000000 S kworker/u8:3
root      7158  2     0      0     worker_thr 00000000 S kworker/2:0
root      7235  2     0      0     worker_thr 00000000 S kworker/1:2
root      7289  2     0      0     worker_thr 00000000 S kworker/u8:1
root      7298  2     0      0     worker_thr 00000000 S kworker/u9:0
u0_a10    7359  210   801780 51212 SyS_epoll_ 00000000 S com.google.android.gms.unstable
root      8029  2     0      0     worker_thr 00000000 S kworker/0:2
root      8059  2     0      0     worker_thr 00000000 S kworker/u8:2
root      8100  2     0      0     worker_thr 00000000 S kworker/2:2
root      8101  2     0      0     worker_thr 00000000 S kworker/1:0
root      8149  2     0      0     worker_thr 00000000 S kworker/0:0
root      8155  2     0      0     worker_thr 00000000 S kworker/2:1
root      8158  2     0      0     worker_thr 00000000 S kworker/1:1
root      8177  2     0      0     worker_thr 00000000 S kworker/u9:2
root      8188  2     0      0     worker_thr 00000000 S kworker/3:2
u0_a8     8294  210   684960 33392 SyS_epoll_ 00000000 S android.process.media
root      8341  2     0      0     worker_thr 00000000 S kworker/u8:0
root      8342  2     0      0     worker_thr 00000000 S kworker/u8:4
root      8343  2     0      0     worker_thr 00000000 S kworker/u8:5
root      8345  2     0      0     worker_thr 00000000 S kworker/u8:6
root      8377  2     0      0     mmc_queue_ 00000000 S mmcqd/1
bluetooth 8379  210   719896 40080 SyS_epoll_ 00000000 S com.android.bluetooth
wifi      8386  1     8788   3228  poll_sched 00000000 S /system/bin/wpa_supplicant
media_rw  8415  167   8148   2156  inotify_re 00000000 S /system/bin/sdcard
root      8437  2     0      0     irq_thread 00000000 S irq/286-btif_mu
root      8438  2     0      0     irq_thread 00000000 S irq/288-btip_wa
u0_a93    8585  210   701280 38720 SyS_epoll_ 00000000 S za.co.henry.hsu.adbwirelessbyhenry
root      8626  2     0      0     worker_thr 00000000 S kworker/0:1
u0_a1     8765  210   672964 29124 SyS_epoll_ 00000000 S com.android.providers.calendar
root      8793  2     0      0     worker_thr 00000000 S kworker/1:3
shell     8798  294   4328   1468  sigsuspend f7734b80 S /system/bin/sh
shell     8802  8798  4224   1136           0 f7744b80 R ps
The next task is to identify what is called at boot time. Looking at the root filesystem we can see:

-rw-r--r--  1 browna browna    1144 Feb  6 20:18 default.prop
-rw-r--r--  1 browna browna 1477328 Feb  6 20:17 init
-rw-r--r--  1 browna browna     369 Feb  6 20:17 init.bluetooth.rc
-rw-r--r--  1 browna browna     346 Feb  6 20:17 init.coredump.rc
-rw-r--r--  1 browna browna     554 Feb  6 20:17 init.crashlogd.rc
-rw-r--r--  1 browna browna     686 Feb  6 20:17 init.debug-charging.rc
-rw-r--r--  1 browna browna     178 Feb  6 20:17 init.debug.rc
-rw-r--r--  1 browna browna     891 Feb  6 20:17 init.environ.rc
-rw-r--r--  1 browna browna     300 Feb  6 20:17 init.gnss.normal.rc
-rw-r--r--  1 browna browna     323 Feb  6 20:17 init.gnss.ptest.rc
-rw-r--r--  1 browna browna    1790 Feb  6 20:17 init.hct.rc
-rw-r--r--  1 browna browna     198 Feb  6 20:17 init.kernel.rc
-rw-r--r--  1 browna browna     207 Feb  6 20:17 init.ksm.rc
-rw-r--r--  1 browna browna    1477 Feb  6 20:17 init.logs.rc
-rw-r--r--  1 browna browna      95 Feb  6 20:17 init.log-watch.rc
-rw-r--r--  1 browna browna   22934 Feb  6 20:17 init.ptest.rc
-rw-r--r--  1 browna browna   26697 Feb  6 20:17 init.rc
-rw-r--r--  1 browna browna    1089 Feb  6 20:17 init.recovery.sofiaboard.rc
-rw-r--r--  1 browna browna     334 Feb  6 20:17 init.sofia3gr_car.rc
-rw-r--r--  1 browna browna   22899 Feb  6 20:17 init.sofiaboard.rc
-rw-r--r--  1 browna browna    9977 Feb  6 20:17 init.sofiaboard.usb.rc
-rw-r--r--  1 browna browna     249 Feb  6 20:17 init.stt_trace.rc
-rw-r--r--  1 browna browna    1921 Feb  6 20:17 init.trace.rc
-rw-r--r--  1 browna browna    9283 Feb  6 20:17 init.usb.configfs.rc
-rw-r--r--  1 browna browna    5339 Feb  6 20:17 init.usb.rc
-rw-r--r--  1 browna browna    1601 Feb  6 20:17 init.wifi.normal.rc
-rw-r--r--  1 browna browna     537 Feb  6 20:17 init.wifi.ptest.rc
-rw-r--r--  1 browna browna     322 Feb  6 20:17 init.zram.rc
-rw-r--r--  1 browna browna     342 Feb  6 20:17 init.zygote32.rc
(Ignore the user/group there, that's because I transferred these to sdcard and onto my laptop to review). The files of note here:
init - ELF 32-bit LSB executable - This is the main init process
init.rc - This looks like the main setup for the environment, it imports the other rc files first, environments, usb, hardware and then runs through various "on init" and other tasks.
In the init.rc there are stanzas that contain different functions, near the bottom are "service" tasks that appear to call daemons and set their user, group and restart/pid functions. Above that are on property settings which I'm unsure what these function as. There in also an "on boot" stanza, which looks the most useful, this seems to bring up loopback interface, set memory permissions, file and system ownership, etc. In several other sections there are "trigger boot" and similar commands which refer to the different stanzas, so based around this, the last one to be called is the "boot" section.
From Android documentation you can add backgrounded exec calls, so the suggestion is using
exec_background [ <seclabel> [ <user> [ <group>\* ] ] ] -- <command> [ <argument>\* ]
Which when added to the boot stanza this should allow you to call your own scripts and commands. My suggestion is to use it like this:
on boot
[other on boot entries]
  exec_background root root -- /etc/rc.local
NOTE: This is currently untested!

Good luck, and I'd love to hear your experiences in the comments.

Monday, 29 January 2018

Chrysler Grand Voyager 2.8CRD rear drum backing plate

Here's a quick one after a recent panic with my Chrysler Grand Voyager 2.8CRD (This will be the same on all caravan/models up to and around the 2006 facelift change). At the rear the handbrake operates an ancient style drum brake.
The drum brake is adjusted through a small toothed wheel you access from the inside of the backing plate, and often will be seized up or just plain useless, so taking the whole thing apart cleaning it, freeing it and sorting will help you achieve better hand brake operation (And help you pass MOT) however there is something that seems to rust and fail. The backing plate.


On here you can see the two brake pads at either side. These have a pivot point in the middle which is held in by a spring and a pin with a forked end and spade fitting. The idea is you push it on (allen key) against the spring push through a slot and twist to lock it.

That's the spring and the pin you can see the wide end to the top of the photo that pushes into the backing plate to secure it.
And now on mine below you'll see the problem:

That hole rusts and becomes wider, eventually the pin just pushes straight through and stops holding the brake pad in place, rendering it useless.

Panic then sets in as you need to replace the whole backing plate, which would be a pain as taking the hub off and all sorts! Replacements are also difficult to find and expensive as it's a whole chunk of metal and depending on what you can find may require the bearing or not. Either way it would be tricky to replace and could be pricey.
Below is one I'd found on ebay:


So what is the solution? Some cars have a similar design but have a slotted washer that goes on the rear of this backing plate to act as the binding point, this seemed ideal as a retro-fit, so a slight modification of it (Flattening it out) and that works great. At the same time using different springs helped as the standard fitting kit for rear brakes has a spring that at fully compressed is only just the right length to let the pin push through, a different compression spring works better allowing the pin to push through further and get a better purchase without as much tension on the spring.


This is what we used, unfortunately I don't have a reference for them as they were in my dads pile of bits from other cars and jobs in the past. We flattened them in the vice and they worked great for this!