Category Archives: Tutorials

importing vm from virtualbox to qemu, and a small virt-aa-helper fight

I used ubuntu 20.04 or something

First, I used this tutorial to convert the vdi image to qcow2. I then installed qemu and libvirt and co on my new vm host system, moved the files there and used some long command I no longer remember to create a new virtual machine using some libvirt thing? I had to activate “default” network for that command to work, IIRC.

virt-viewer helped me connect to the vm’s screen, and it showed “booting from hard disk” and got stuck there, turned out I had to add an UEFI image because that’s what VirtualBox also used or smth. I used “virsh edit” for that IIRC, opening an xml file that was unexpectedly easy to read and modify, and this snippet in the <os> section helped:

<loader readonly="yes" type="pflash">/usr/share/OVMF/OVMF_CODE.fd</loader>

We did it, Reddit. This is all you need.
It’s tempting, but wrong, to add this too:


You absolutely should not add the <nvram> section, only the <loader> one. Seems like qemu will try to write into the <nvram>-located file, and if you give it the OVMF_VARS.fd file, virt-aa-helper will throw apparmor-looking errors. saying “error: skipped restricted file” and even “internal error: cannot load AppArmor profile”.

It might look like apparmor is shouting at you, but if you look at syslog and kernel.log messages carefully, it’s actually virt-aa-helper, an additional layer of defense and protection way before apparmor even gets a chance to react. Adding or editing apparmor profiles will do nothing!

Changing the virt-aa-helper’s behaviour requires recompiling libvirt, but you don’t have to – just don’t add any nvram store and let qemu/libvirt/whoever add its own store, it will appear on its own in the xml file next time you launch the machine, I think.

from there… don’t touch it, I guess? or touch it, I’m not a cop. Anyway, that’s how my 1h+ detour into apparmor finished, with “just remove the nvram section with the /usr/share default file”. Makes sense that each guest gets its own nvram that’s assigned automatically, tbf.

Convert .CAP file into a BIOS (UEFI) image you can use with an SPI programmer

So, you got a .CAP file and you want to flash over SPI. CAP file format is a universal format for sharing UEFI BIOS images that people can program through a BIOS menu, DOS prompt, or using a manufacturer-approved flash tool – some manufacturers are using this format already, let’s hope it catches on since finally having some standards is good. What if your motherboard’s BIOS is already dead or doesn’t support the CPU you’re trying to boot with, though? You need to boot the computer to flash a new .CAP, however, you can’t boot your computer until you flash that .CAP. You can use an SPI programmer to flash it, all using free and open-source software (flashrom) – on the hardware side, a Raspberry Pi will work, so will a CH341-based programmer from eBay. I use my Pi Zero-powered ZeroPhone for this since it already has all the tools and breaks out all the SPI pins needed.

But first, you need to extract the firmware file from the .CAP file. You can do that through Linux command-line:

dd bs=1024 skip=2 if=YOURFILE.CAP of=image.bin

Some insight:

root@zerophone-prototype:/home/pi/z370# ls
190701-first.bin TUF-Z370-PRO-GAMING-ASUS-2102.CAP
# "first" is a working BIOS image dumped from the SPI flash
# let's run dd on the .CAP file
root@zerophone-prototype:/home/pi/z370# dd bs=1024 skip=2 if=TUF-Z370-PRO-GAMING-ASUS-2102.CAP of=trimmed.bin
16384+0 records in
16384+0 records out
16777216 bytes (17 MB, 16 MiB) copied, 0.922419 s, 18.2 MB/s
# trimmed file size in bytes
root@zerophone-prototype:/home/pi/z370# du -B1 trimmed.bin
16777216        trimmed.bin
# original file size in bytes
root@zerophone-prototype:/home/pi/z370# du -B1 190701-first.bin
16781312        190701-first.bin
# the CAP file size
root@zerophone-prototype:/home/pi/z370# du -B1 TUF-Z370-PRO-GAMING-ASUS-2102.CAP
16785408        TUF-Z370-PRO-GAMING-ASUS-2102.CAP
# Interesting, the trimmed image is said to be 8192 bytes smaller than .CAP.
# Also, it's said to be 4096 bytes smaller than the original image
# Can we trust the du output here?
# Let's strip 3 blocks instead of 2 and check.
root@zerophone-prototype:/home/pi/z370# dd bs=1024 skip=3 if=TUF-Z370-PRO-GAMING-ASUS-2102.CAP
16383+0 records in
16383+0 records out
16776192 bytes (17 MB, 16 MiB) copied, 0.818545 s, 20.5 MB/s
root@zerophone-prototype:/home/pi/z370# du -B1 3.bin
16777216        3.bin
# I guess the answer is no.
# Let's check the signature, at least?
root@zerophone-prototype:/home/pi/z370# xxd 190701-first.bin | head
00000000: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000010: 5aa5 f00f 0300 0400 0802 105a 3003 3100  Z..........Z0.1.
00000020: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000030: f500 5c12 2142 60ad b7b9 c4c7 ffff ffff  ..\.!B`.........
00000040: 0000 0000 8002 ff0f 0300 7f02 0100 0200  ................
00000050: ff7f 0000 ff7f 0000 ff7f 0000 ff7f 0000  ................
00000060: ff7f 0000 ff7f 0000 ffff ffff ffff ffff  ................
00000070: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000080: 000f a000 000d 4000 0009 8000 0000 0000  ......@.........
00000090: 0001 0110 0000 0000 ffff ffff ffff ffff  ................
# This has the proper binary image signature. What about the trimmed file?
root@zerophone-prototype:/home/pi/z370# xxd trimmed.bin |head
00000000: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000010: 5aa5 f00f 0300 0400 0802 105a 3003 3100  Z..........Z0.1.
00000020: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000030: f500 5c12 2142 60ad b7b9 c4c7 ffff ffff  ..\.!B`.........
00000040: 0000 0000 8002 ff0f 0300 7f02 0100 0200  ................
00000050: ff7f 0000 ff7f 0000 ff7f 0000 ff7f 0000  ................
00000060: ff7f 0000 ff7f 0000 ffff ffff ffff ffff  ................
00000070: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00000080: 000f a000 000d 4000 0009 8000 0000 0000  ......@.........
00000090: 0001 0110 0000 0000 ffff ffff ffff ffff  ................
# Looks like we have what we need!

du issues notwithstanding, this file, once flashed into the chip using an SPI programmer, actually booted the motherboard. For a good measure, I then used the BIOS built-in flasher tool to flash the .CAP over this file, just in case there are actually some differences.

Warning: if the motherboard works (i.e. you just can’t boot it using the current CPU and you don’t have another CPU), please dump the original flash image before proceeding. Another warning: you might lose your MAC address, but there are tutorials available showing you how to add it, and there are also tutorials showing how to extract it from the original image if you need that.

Interested to know more about .CAP format? This article helped me a lot, it’s in Russian, so if you don’t know it, use your online/browser-builtin translation service of choice.

Black Swift board – connecting to WiFi network using UART

Hi! Today I’m showing you how to connect to a wireless network using serial console (or SSH over wired LAN, for that matter) in OpenWRT.

Disclaimer: this tutorial is mainly focused on Black Swift boards, which are nice boards running OpenWRT, but I believe it should apply to most of the OpenWRT boards.

Connecting to WiFi using serial connection might be necessary because you’ve got WiFi connection as the only other way to configure your board but you need to connect to the Internet somehow, for example, to download updates. Not to mention it is kinda is hard to change settings on a connection you’re using to change them, one wrong move/glitch and you’re cut off, needing to reboot the board and restart =( Say, you’ve got a Black Swift Pro board with USB-UART embedded, or you have connected an external USB-UART to your BSB Basic, doesn’t matter. What matters is that you’ve got a terminal at your service, and that ain’t going anywhere – even if WiFi goes down. … I like serial consoles. They’re reliable.

By the way, I’m overriding the UCI configuration. It’s temporary, so not gonna get saved anywhere. For UCI configuration there are many other guides, which I need not repeat here – these are plain old command line tools. If this guide gets outdated at some point, do not hesitate to contact me using comments or e-mail.

Say, your network interface is wlan0 – one can never be too sure, what if you were using an USB-WiFi dongle? If in doubt and things go wrong, check.
Now you need to issue a couple of commands to connect to your WiFi network of choice. I suggest you follow this guide, it has info about using different network encryption types with iw utility. For me, I had to use wpa_supplicant because my network is WPA2 protected. For this, I needed a file with network’s PSK, and that file is usually generated by wpa_passphrase command-line utility. BSB’s firmware provides no wpa_passphrase tool in the default image, however, you can run it on any Linux machine and then just copy the output over.

If you don’t have a Linux PC with this tool nearby, there’s also this option:
1. Take this configuration:

    #psk="passphrase" #network password goes here, but this is not necessary

2. Generate the PSK part on this website
3. Fill in the fields according to the field names and save this in a file.

Then, you have to start wpa_supplicant like this:
wpa_supplicant -iwlan0 -cwpa.conf, where wpa.conf is the file you’ve just generated.

Hit Ctrl^Z when you can see it has connected to the right AP to free the terminal, then send wpa_supplicant to background with bg command.
You can use iw dev wlan0 link to verify you’ve connected to the wireless network, if you’ll be unsure about that.

Check if DNSMASQ is running – it’s most likely serving DHCP addresses on the wireless network you just connected to, you’d want to avoid that.
ps |grep dnsmasq
Once you know the PID, just kill it.

Okay, now getting the address by DHCP.
udhcpc -i wlan0

We should have basic connection. Check network connectivity now:

However, we don’t have DNS working, the reason is that DNSMASQ is used as a caching DNS server and therefore it made itself a system-wide DNS server, and we just had to shut it down. We need to edit /etc/resolv.conf and replace “” in there with any DNS server, be it your router, your provider’s DNS or one of public DNS addresses. I chose When done, test it:
If the results are reasonable, you’re good to go. Now, set up whatever you need to set up. For me, I finally could do opkg update – I’ll tell you about that one later =)


Bonus: connecting USB-UART to the Black Swift board

(Basic, as the Pro boards have USB-UART on the board)

  1. A USB-UART dongle with suitable logic levels – 3.3V max. If in doubt, plug it in and check RXD and TXD lines’ levels from the ground. None should be above approx. 3.3V.
  2. A couple of sufficiently thin wires (I used male-male breadboarding wires, as you can see on the pictures below). If you don’t have headers attached to your BSB, you can solder those wires right into the connection holes on the BSB.



You can safely swap the RXD/TXD lines, and you might need to because different manufacturers label them differently. If you plug in the board but see nothing in the terminal, most likely that’s what you need to do.

UART parameters: 115200, 8n1


Tip – if you don’t have 5V line on your connector, you most definitely won’t burn your GPIO by connecting wires to it accidentally 😉


I was surprised that my BSB breakout had GPIO columns swapped. I soldered UART wires incorrectly the first time before my gut feeling warned me I should check the pinouts before plugging it all in.


The wires – beware, they are plugged in wrong holes on this picture!


End result, up and running great.

Oh, and if you will have problems running a counterfeit USB-UART adapter based on PL2032, like the one I used, I highly recommend visiting this site for drivers. Worked like a charm on Windows 8 x64.

Compiling the latest Arduino IDE for Raspberry Pi

I now have started to use Raspberry Pi 2 with Raspbian Jessie as my desktop PC, and it does all the things I need it to do pretty well. Except… Well, Raspbian is stuck with Arduino IDE 1.0.5, even Jessie. Honestly, it sucks – the newest is 1.6.4 (, not version. Screw Did you know we’ve gotten a sketch autosave feature somewhere around 1.5? If I’d have known, I could have gotten some of my sketches saved when Arduino IDE crashed. Oh, BTW, 1.0.5 also crashes. Why are we stuck with it is incomprehensible.

Even more incomprehensible given that Arduino IDE happily compiles on Raspberry Pi 2 with just a build.xml file (ant build system file) slightly modified to add a new architecture, as well as some pre-compiled files replaced by the ones compiled for ARM. I won’t go into details much, since I hope that Arduino maintainers accept my build.xml modifications  and do what’s necessary to support ARM architecture. If they won’t, I’ll post complete build instructions myself. I’ll describe what needs to be done though.

  1. First, dependencies. Honestly, I have installed a lot of packages while trying many different ways to run Arduino IDE (including getting Linux x32 tarball and trying to replace libs one by one, which was probably stupid), so I just don’t know which from what I’ve installed is necessary and which isn’t. If you absolutely need it before it’s supported, you can always use tools like apt-file to determine necessary packages by using their filenames. I guess that ‘apt-get build-dep arduino’ will bring most of them.
  2. Then, there’s . You’ll need to install libastylej-jni package – it’s something that Arduino IDE sources have to download from website. I have modified build.xml so that it’ll copy the installed instead of unzipping the bundled version. You’ll also have to install avr-gcc and avrdude, as well as libusb-dev.
  3. Now’s building. You can use the official tools and instructions for building Arduino IDE, except that, as for now, the working build.xml is in my Arduino repository copy. It’s forked from version 1.6.5, but I’m sure it’ll work with the next versions as well. As for now, you might just clone my  repo instead of official:
    git clone
    You should be able to just run ‘ant’ and relax while it compiles. Then use ‘ant run’ to run the thing, at least for the first time (haven’t researched if it does something first run-specific). After first run, at least, it should be perfectly safe to just  run it as ‘linux/work/arduino‘ (from ‘build’ directory) or even move the ‘linux/work’ directory somewhere and name it ‘arduino-1.6.5’.
  4. To have the “Compile” and “Upload” functions working, you need to replace all the files in ‘build/linux/work/hardware/tools/avr/bin‘ by their symlinks in /usr/bin.  You’ll also want the ‘build/linux/work/hardware/tools/avr/etc/avrdude.conf‘ to point to ‘/etc/avrdude.conf‘. Here’s an one-liner that you have to execute in the bin directory to make symlinks:

    for i in *; do echo $i; rm $i; ln -s /usr/bin/$i $i; done

If you try this approach and it doesn’t work, there’s a possibility I have forgotten something. Do post an error message in the comments – I’ll try to solve it =) There might be some problems because I’m using Raspbian Jessie, when most of you will use Raspbian Wheezy, so I figure some packages might need to be grabbed from testing repositories in case there’s a problem with them in Wheezy.

One more problem solved, and Raspberry Pi is one step closer to being a suitable work PC replacement for a guy like me. I’d say web browsers are still a major problem though. On Raspbian Jessie, as for now, both Epiphany, Iceweasel and Chromium crash randomly from time to time. A browser that crashes randomly isn’t a good browser for me. If you’re searching for a browser too, try Luakit. It’s Webkit-based, fast, never crashed since. You can see the latest HTML5 test of it here.

What I use for making GIFs in tutorials – small yet powerful collection of free tools as a starters kit

I’ve recently got a job making tutorials, and it seems that I’ve already found a set of free tools that help. I’ll be updating this post, should my opinion change =)

Soooo… I’ve had a task of making GIF depicting a process in Eagle CAD. I need free tools, being a poor student who, however, doesn’t want to crack software just because it’s the first thing I’ve found. Also, I use Windows XP, so, for example, Snipping Tool isn’t available to me.

Continue reading

Where and how should Linux begginers start

I have constantly been working with Linux for over 2 years from now. I remember how I started, messing up my system from the very first try to get to know Linux (my PC OS was indeed a little bit fragile back then), and how I continued from there, experimenting, messing things up and restoring them to their previous states – and gaining experience in huge portions through all the way forward. Now I’m the one who’s capable of teaching people about how things work and how to work with things.

I’ve decided to write a short guide from my experience for those who are trying not only to use, but also to understand what lies behind a nice-looking desktop of Linux PC and what all those words people type in console to solve problems are about. So, if you’d like to understand how a Linux system works and thus are ready to dive into a world of Linux – I’ve prepared some tips for a good start.
1) Get yourself a dedicated Linux machine.

One of the options to choose from…

…and here’s another one worth considering.

Seriously, buying yourself an old PC/laptop/RPi/something else has never been so easy. Why not using a virtual machine? Well, VM is OK – unless you’re trying to experiment, which is what I’m talking about now. Of course, both VM and separate PC are similar – you can mess everything up but nothing happens to your main PC, so they free you of fear of experimenting 😉 But VM doesn’t somehow motivate you, at least, that’s what my experience is.
Why? It hasn’t got any real use. All the Linux PCs have one or multiple. And VM relies on the host PC – that means the same downtime. Downtime ain’t that good for your Linux server – not because it’s a word many system administrators in bigger companies are afraid of 😉 It’s just because your server has less time for performing some tasks. Thus, it’s much harder to give your server a real use.
Why should yours have one?

2) Make it do something useful.
Useful things are the outcome of your practice and experimenting that you really see. Your best indicator of how your training goes. If you have set up your Linux PC as a router, it will work for you. If you make your VM a router, you’ll turn it off to conserve energy and plug in your Linksys router instead. That’s not exactly useful. Make this machine do something in your home that doesn’t yet exist or make it replace something that already works. Making yourself rely on this machine is good – you’ll be trying to improve it to make it suit your needs. What tasks could one possibly have with a dedicated Linux machine?

  • Home router (gateway)
  • File server (All your files still belong to you, but you can access them from everywhere)
  • Backup machine (never losing your files again! Or, at least, having more or less recent copy =) )
  • Torrent server (breaking the law with so much ease)
  • Audio streaming server (your favourite radio station playing your own music…)
  • Audio streaming client (…or your favourite internet radio station always playing at home)
  • Audio playing client (imagine speakers connected to one machine and this machine receiving sound from all other PCs)
  • Web-server (platform for your practice in developing web-sites, or, maybe, even for your own public blog or 9Gag clone)
  • Info station (like laptop always turned on and showing weather conditions on its screen)
  • Alarm clock (your wakeup is no longer defined by those default 10 alarm tunes in your mobile phone)

Could be this, or….
[Madskillz] Home automation centre (imagine turning on the teapot while you’re 5 miles away from home!)
[Logan’s Loophole] Robotic barista mixing drinks as you wish to
[Control freak] Surveillance camera control centre
[IMPOSSIBRU] Device automatically hacking every network available out there (no link, sorry)
[Super Intelligent] Your own Artificial Intelligence Unit, just one Debian package away! [Lie]

Ok, you got the point. You could also combine things, like torrent&file server, hacking
neighbours’ networks in free time – how is that to you? But one thing is definite – it should do something. You’ll be pleased by your results, you’ll get more experience and those cool real-life features that no VM could provide will make you want more of those features.

Being in a never-ending circle of getting experience – does it get any more cooler?

3) Be prepared for the mistakes

Things break. Happens to everybody, sometimes it’s the user’s fault, sometimes it’s all about developers’ typos –  but still, you will make mistakes, and if you’re new to Linux –
mistakes will be unavoidable, Linux needs some additional knowledge. Either way, you’ll be sometimes forced to fix things. Sometimes it will be much better to just start everything again, waiting for an hour as OS is being reinstalled…
BTW – great power of Linux is that even in case of major problems it hardly needed to reinstall OS itself, but the thing is you’ll need to do this if you experiment as you’ll learn to mess things up much earlier than you’ll learn to do them right, and sometimes learning to repair and repairing is much harder than to recognise just why this happened and learn to never do this again, so you need to decide if that all debugging and fixing is worth it. Not to mention that trying to fix a problem for hours
makes you frustrated – if you have the possibility to somehow roll back, either by restoring a backup or simply reinstalling, you’ll save your nerve cells.

As a conclusion for this – don’t throw out your
installation CDs 😉

4) Make backups as long as you do something good

Well, under this picture there’s one more story hidden.

Backups are not necessarily large files containing full snapshots of your system. Sometimes it’s OK just to save link to instructions that helped you set up Linux gateway. Sometimes it’s good to backup your command-line history as this will remind you which commands you’ve used to do this or that. Sometimes you’d want to backup your /etc/ directory somewhere else – it’s your server and you have some configs there that you worked on for hours, combining options to ensure the solution is perfect. Why’d you want to lose them? And, provided that you experiment, you might lose them, so ensure you don’t.

Simple cp command in cron to always attached flash drive should be enough.

5) Don’t be afraid of command line

Picture not necessarily related

See, Linux is kind of based on command line and heavily depends on it, unlike Windows, where you can hardly do anything from it. So if you want to learn Linux, you need to learn all those commands. As we all know, practice is the best kind of learning – so remember that GUI shouldn’t always be your assistant in doing things. In Linux, GUI utilities that help you do stuff can’t do anything that can’t be done from the CLI – keep that in mind when you, for example, configure “pulseaudio” and need to download many, many GUI tools that’d help you do that.

It doesn’t necessarily mean that you need to use only CLI in the beginning – it’s hard to just switch. Yet commands aren’t that hard to learn. It’s possible that after some time you’ll be willing to learn some new awesome commands that your system is able to process. Also, feeling when you don’t need to move your hands from the keyboard to the mouse is awesome, at least for me 😉
Not even mentioning your increased typing speed after mastering command-line tools.

I guess that’s all by now. The next article you’ll probably find useful will be telling about Linux distribution that I am using – Debian. I’d like to tell you about the most important things – why I chose Debian, why I’m still using it, and why I think you should at least try it, as well as give some basic overview of Debian as a system. And, should you have questions about this article – just ask!