Get the most out of your $100 handheld.
The Zipit Wireless Messenger is a Wi-Fienabled instant messaging (IM) device aimed at teens and sold at retail outlets. The Zipit requires a wireless Internet connection and an IM account on AIM, MSN, or Yahoo! Messenger. Since it uses Wi-Fi, it requires no contract or mobile phone carrier. Contrasted with the other handheld messengers out there, this is a pretty good deal with a $100 list price.
Under the hood, the Zipit is an ARM-based computer with an Agere 802. 11b/g card, running Linux with a custom-built instant messaging application. Because of its lineage, all of the kernel and driver modifications required to make it work have been released under the GPL.
As with any Linux device released on the market (and covered in this book), it didn't take long for folks out there to not only figure out what it was made of, but also start adding functionality. To do this, you will need to re-flash the device.
5.12.1. Flashing the Zipit
There are two ways to go about flashing the Zipit. The first method requires the addition of a serial port to knock the unit into debug mode. The details on this can be found at http://aibohack.com/zipit/serial.htm.
|
The second method is more simple.
The software-only hack requires the use of another computer. AiboHack has a simple loader (ZRS.EXE) that runs on Windows (http://aibohack.com/zipit/reflash.htm), but we're going to take a look at what's really going on behind the scenes and use our own tools.
5.12.1.1. Becoming the man in the middle.
For the Zipit to work as advertised, it must be connected to the Internet, contact its IM providers, and occasionally grab an updated version of firmware. It's this last step that makes everything possible. The first thing the Zipit does after finding a wireless network is to determine if it's on the Internet.
To do this, it first performs an HTTP HEAD request to http://zipitwireless.com. Yes, if their site ever goes down, all stock Zipits will die! Then, it contacts the autoupdate server at http://zipitwireless.net/~zippy/somerandomnumber.txt. If the text file returns a version number that is higher than its current version, it fetches a new .bin file and auto updates the device.
Since we're not interested in getting updates from the official mother ship, we will need to divert all of this action to our own machine. The best way to do this is if you are running your own DNS nameserver using BIND. You can set your local DNS server to be authoritative for the http://www.zipitwireless.net domain, allowing you to redirect all queries on your network to a web server of your choice. The examples that follow assume that your web server is powered by Apache.
5.12.1.2. Setting up the DNS.
Go into your /etc/named.conf and add the following lines:
zone "zipitwireless.com" { type master; file "/etc/bind/zipitwireless.com"; }; zone "zipitwireless.net" { type master; file "/etc/bind/zipitwireless.net"; };
You'll need some zone files too. Add the following lines to /etc/bind/zipitwireless.com:
$ORIGIN . $TTL 3600 ; 1 hour zipitwireless.com IN SOA ns0.ugp.org. root.ugp.org. ( 2004040420 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) IN NS n1gw.seattlewireless.net. IN A 216.254.21.186 $ORIGIN zipitwireless.com. www IN A 10.15.3.230
And add these lines to /etc/bind/zipitwireless.net:
$ORIGIN . $TTL 3600 ; 1 hour zipitwireless.net IN SOA ns0.ugp.org. root.ugp.org. ( 2004040420 3600 ; refresh (1 hour) 300 ; retry (5 minutes) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) IN NS n1gw.seattlewireless.net. IN A 216.254.21.186 $ORIGIN zipitwireless.net. www IN A 10.15.3.230
5.12.1.3. Setting up the web server.
Now that we've got the Zipit pointing to our web server, we need to have some files for it to fetch. Grab the AiboHack BURN3 image from http://www.aibohack.com/zipit/zipit_parts_burn3.zip. BURN3 is a filesystem image used for bootstrapping the OS. It comes with limited functionality, as well as zflash, which is used for the next step.
Put the burn3.txt and burn3.bin files in your web server's document root and create the following .htaccess file:
RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.+).txt$ /burn3.txt?$1 RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.+).bin$ /burn3.bin?$1
Once this is in place, it's time to power that Zipit up and see if everything works. If all goes well, it will connect to your new auto update server, then download and install the image. When it reboots, you'll get a login prompt.
5.12.2. zflash OpenZipit over NFS
Now that the box is bootstrapped, it's time to make it useful. OpenZipit is a bundle of OS and applications that comes with dropbear (SSH), weechat, and some small audio applications. There are several distributions out there for the Zipit, but this is the oldest stable distribution and is a great starting point with lots of features.
OpenZipit is available in the File Section of the Zipit Wireless Yahoo Group http://groups.yahoo.com/group/zipitwireless/ and is maintained by Ken McGuire (cynfab). You will need to have a NFS (Version 3) server to hold your images.
5.12.2.1. NFS setup.
NFS setup is fairly straightforward and can be set up on a wide variety of operating systems including Linux, BSD, and Solaris. In Linux, create an /etc/exports file with the following line:
/nfs *(rw,async)
You'll need to start the NFSserver. RedHat users can do this with service nfsd start; Debian and Ubuntu users can use /etc/init.d/nfsd start.
Grab the OpenZipit packages from the Yahoo Group and put zflash, loader.bin, zimage.dat and ramdisk.gz in your /nfs directory. zflash will need to be set as an executable:
chmod +x zflash
5.12.2.2. zflash.
On the Zipit, you will need to type these commands after logging in by typing root at the login prompt. Substitute the IP address of your NFS server for the one in the example:
udhcpc mount -t nfs -o nolock -o tcp -o intr 10.15.3.230:/nfs /mnt cd /mnt ./zflash loader.bin zmage.dat ramdisk.gz
Type Yes at the prompt from zflash, and reboot when it tells you it's finished.
5.12.3. Customizing Your Image
Compiling Busybox apps isn't a task for the weak-at-heart, but setting up your configuration files, using some simple scripts and adding an application or two to OpenZipit is a good way to save your thumbs and give you a lot more bang for your C-note.
On your NFS host machine, mount the ramdisk.gz as a loopback device:
gunzip ramdisk.gz mount t loop ramdisk /mnt
Now, you can start editing your new filesystem. Once you're done, you will have to recompress the image:
umount /mntgzip 9 ramdisk
Lastly, you'll have to re-run zflash from the Zipit:
udhcpc mount -t nfs -o nolock -o tcp -o intr 10.15.3.230:/nfs /mnt cd /mnt ./zflash loader.bin zmage.dat ramdisk.gz
5.12.3.1. Modify the default settings.
OpenZipit doesn't have a password for root, and since it is read-only, passwd isn't going to do you much good. Either copy your encrypted password over from another machine or generate a CRYPT password to put in /mnt/etc/shadow. You can easily generate a CRYPT password using the JPRR CRYPT Password Generator (http://jpirr.nic.ad.jp/crypt_gen_web.html).
There is no good reason that I can possibly think of to leave telnetd running, so kill it:
rm /mnt/etc/init.d/S45/telnetd
There are already SSH host keys on the box, but if you care at all about security you will want to make your own:
ssh-keygen -t rsa -f /mnt/etc/dropbear/ssh_rsa_host_key ssh-keygen -t dsa -f /mnt/etc/ssh_dss_host_key mv /mnt/etc/init.d/dropbear /mnt/etc/init.d/S45dropbear
Change /mnt/etc/init.d/S45dropbear to convert your SSH keys rather than generate them:
# Check for the Dropbear DSS key if [ ! -f /etc/dropbear/dropbear_dss_host_key ] ; then echo Converting DSS Key… dropbearconvert openssh dropbear /etc/dropbear/ssh_dss_host_key / etc/dropbear/dropbear_dss_host_key fi
There are lots of Zipits out there, so why should they all have the same name?
echo bluebox > /mnt/etc/hostname
One of the first things you'll want to do is go to /mnt/root/.weechat/weechat.rc and set up your nickname and IRC server; otherwise, every time you run weechat, you will show up on irc.freenode.org as cynfab, which is amusing at first, but tedious and annoying over the long run.
5.12.3.2. Add useful scripts.
It's always a good idea to write a script to get you back to your development environment with some sane defaults so you don't have to type in the NFS commands each time. My dev box is a Corel Netwinder, but typing in the hostname or IP address just takes too long, so I put this script in /mnt/usr/bin/nw:
iwconfig eth0 essid swn-nodeone ifconfig eth0 10.15.3.243 netmask 255.255.255.0 broadcast 10.15.1.255 route add default gw 10.15.3.1 rdate -s 10.15.3.230 mount -t nfs -o nolock -o intr 10.15.3.230:/nfs /mnt
You'll also want to alias some common hosts that you ssh to often, add your personal SSH keys and so on. I've found that due to the limited space on the Zipit, any large-footprint applications such as mail, RSS readers, and web browsers do best on remote machines. ash executes .profile on login, not .bash_profile, so make all of your aliases there. If you feel like cleaning up, remove all the .bash files in /mnt/root.
Here's an alias that gives you a nice list of open access points:
echo "alias s='iwlist eth0 scanning|grep -B1 key:off|grep ESSID|cut -d\" -f2'" >> /mnt/root/.profile
You might also add a little script that attaches you to an open AP:
echo iwconfig eth0 essid $1 ;udhcpc > /mnt/usr/bin/c & chmod +x /mnt/usr/bin/c
5.12.3.3. Get some tunes going.
The audio card in the Zipit can't play anything above 64k without some skipping, and there isn't a lot of room for your MP3 collection, but it streams 56k Internet radio stations like a champ. You need to load the modules for the audio driver. Make a new file /mnt/etc/init.d/99local and include the following lines:
insmod ep7212_audiodma insmod wm8751l insmod zipitaudio
Set up your mixer:
echo mix='aumix -d /dev/zipm I' >> /mnt/root/.profile
The freebase application can play local files or streams. I like Groove Salad (Soma FM), so I always add this alias:
echo alias gs='freebase http://somafm-sc.streamguys.com:8066' >> /mnt/root/.profile
5.12.4. Hacking the Hack
So, now you have a pocketable Linux machine and some experience in customizing your images. You have rudimentary open AP scanning, so you're only a couple of keystrokes away from getting on the Internet at any given time. You have secure communications with Internet hosts over SSH, and you've got streaming Groove Salad.
What else can you do? Make it a remote control for iTunes? Control robots remotely? Those ideas and more are being discussed in the ZipitWireless Yahoo Group every day. You can also check out [Hack #60] to add a backlight to the screen.
What do you want to do with your Zipit? Once you figure that out, all that's left is to make it happen.
5.12.5. See Also
Bluetooth, Mobile Phones, and GPS
Network Discovery and Monitoring
Wireless Security
Hardware Hacks
Software Hacks
Do-It-Yourself Antennas
Wireless Network Design
Appendix A. Wireless Standards
Appendix B. Wireless Hardware Guide