Quick and easy: Debian and Ubuntu major upgrade

Ubuntu

Update system: sudo apt update && sudo apt upgrade
Remove unnecessary packages and configuration files: sudo apt autoremove --purge
Reboot sudo reboot
Install update manager (mostly already installed): sudo apt install update-manager-core
Check for new Version: sudo do-release-upgrade -c
Start upgrade: sudo do-release-upgrade and follow terminal prompts

Debian

Update System sudo apt update && sudo apt full-upgrade
Reboot sudo reboot
Update release package repos: sudo sed -i'.bak' 's/bullseye/bookworm/g' /etc/apt/sources.list (for 11 to 12, replace names with the right versions!)
Start upgrade: sudo apt update && sudo apt dist-upgrade
Reboot: sudo reboot

Quick and easy: Reset root password

Reboot machine and press <shift> to configure GRUB
Select the entry you normaly boot, e.g. Ubuntu and press <e> to temporary modify the entry
Search the line which begins with linux /boot/vmlinuz[...]
Remove everything and including the ro, e.g. ro quiet splashor ro maybe-ubiquity
Replace it with rw init=/bin/bash
Press F10 to boot the system
Use passwdto change the root password

Add Let’s Encrypt (certbot) to FileWave MDM on Debian

Install certbot
apt update && apt install certbot
Make sure http (80) is open on the machine
Run sudo certbot certonly --standalone and follow the assistant

Create script /usr/local/bin/certbot-renew.sh with the following content:

#!/bin/bash
FQDN="filewave.example.com"
/bin/certbot renew
cp -uf /etc/letsencrypt/live/${FQDN}/fullchain.pem /usr/local/filewave/certs/server.crt
cp -uf /etc/letsencrypt/live/${FQDN}/privkey.pem /usr/local/filewave/certs/server.key
yes | /usr/local/filewave/python/bin/python /usr/local/filewave/django/manage.pyc update_dep_profile_certs
/usr/local/bin/fwcontrol server restart
exit 0

Make script excutable with sudo chmod +x /usr/local/bin/certbot-renew.sh
Run script for testing /usr/local/bin/certbot-renew.sh
Add new job to /etc/crontab:
```
0 5 * * 6 root /usr/local/bin/certbot-renew.sh
```
[via]https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-11[/via]
[via]https://www.reviewmynotes.com/2022/10/filewave-and-lets-encrypt.html[/via]

Counter Strike: Source won’t start on NixOS

After the latest update of my NixOS machine, Counter Strike: Source wont start. Starting Steam from console shows the following error message

[...]
src/tcmalloc.cc:278] Attempt to free invalid pointer 0x94d1af0 
/home/user/.local/share/Steam/steamapps/common/Counter-Strike Source/hl2.sh: line 73: 14550 Aborted                 (core dumped) ${GAME_DEBUGGER} "${GAMEROOT}"/${GAMEEXE} "$@

I could fixed the problem by

copy the libmimalloc.so from Half-Life 2 bin-folder (/home/user/.local/share/Steam/steamapps/common/Half-Life 2/bin/libmimalloc.so) to Conter-Strike: Source bin-folder
Rename existing libtcmalloc_minimal.so.4 to libtcmalloc_minimal.so.4~ or similar
rename libmimalloc.so to ibtcmalloc_minimal.so.4

The game now starts 🙂

Fixing Windows Hello PIN on Windows 11 (0x80090016)

This is the second time, my Lenovo X13s (Windows-on-ARM) machine wont boot and ask for the BitLocker key. After using the recovery key, and login with password, i can't set a new Windows PIN which is needed for biometric (fingerprint or face recognition) login. I get the error message Something went wrong. Try again later (0x80090016).

tl;dr

To fix this, you need to delete the folder C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC and reboot the system. After that, i was able to set a new PIN.

Steps

takeown /f C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /r /d y

icacls C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC /grant administrators:F /t

Delete C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\NGC
Reboot

Quick and dirty DHCP and TFTP Server

Install dnsmasq
Identify network device ìp link
set temporary static ip address ip a add 192.168.0.66/24 dev <devicename>

Run

sudo dnsmasq -d -i <devicename> -p 5333 --listen-address=192.168.0.66 -K --dhcp-range 192.168.0.100,192.168.0.200,12h --enable-tftp --tftp-root=</path/to/tftp/dir/>

Enable sshd for root on Ubuntu Live

Set keyboard layout with setxkbmap <lang>
Update package repo with sudo apt update
Install sshd and vim with sudo apt install openssh-server vim
Update sshd config with sudo vim /etc/ssh/sshd_config
- Set PermitRootLogin yes
- Set PasswordAuthentication yes
Set password for root with sudo passwd root
Restart SSHD service sudo systemctl restart ssh.service
Login via ssh to machine

Resize a LUKS encrypted root partition

Resizing the partition used by the encrypted volume

parted /dev/sda

(parted) print
[...]
Number  Start   End    Size   File system  Name                  Flags
 1      1049kB  525MB  524MB  fat16        EFI system partition  boot, esp
 2      525MB   256GB  256GB               Linux filesystem

(parted) resizepart
Partition number? 2
End?  [512GB]? '100%'

(parted) print
[...]
Number  Start   End    Size   File system  Name                  Flags
 1      1049kB  525MB  524MB  fat16        EFI system partition  boot, esp
 2      525MB   512GB  512GB               Linux filesystem

(parted) q

Boot machine from a bootable USB linux system (Arch Linux-, Ubuntu or similar USB installer)
Open and resizing the encrypted LUKS volume

cryptsetup open /dev/sdb1 sdb1_crypt
cryptsetup resize sdb1_crypt

Resize the physical device

pvresize /dev/mapper/sdb1_crypt

Resize the logical device

lvextend -l +100%FREE /dev/mapper/vg-root

Resizing the file-system of the volume

resize2fs /dev/mapper/vg-root

Reboot. You are done.

Compile and use Proxmark3 on NixOS (nix-shell)

To compile and use proxmark3 on NixOS you need some packages. I created a nix-shell file with all needed dependencies.

Copy this file as shell.nix to the cloned proxmark3 folder and run sudo nix-shell. Continue then the normal compile guide.

with (import <nixpkgs> {});
mkShell {
  buildInputs = [
    lz4
    readline
    bzip2
    ocamlPackages.ssl
    gcc-arm-embedded
  ];
}

Examples

Proxmark Version/HW Info/Test connection

hw ver

Clone EM4100 to T5577 (Iceman Repo)

lf search
lf em 410x clone --id 0011223344
lf em 410x reader

Clone MIFARE Classic (Iceman Repo)

hf search
hf mf info
hf mf csetuid -u 00AA11BB

Clone EM4100 to T5577 (Offical Repo)

lf search
lf em 410xwrite 0011223344 1
lf em 410xread

Useful information about NixOS

Since a few years i use NixOS as my favorite Linux distribution. NixOS is a Linux distribution based on the Nix package manager and build system. It supports reproducible and declarative system-wide configuration management as well as atomic upgrades and rollbacks, although it can additionally support imperative package and user management. See NixOS Wiki.

Upgrade to new version

Review the NixOS release notes to ensure you account for any changes that need to be done manually. In particular, sometimes options change in backward-incompatible ways.
sudo nix-channel --add https://nixos.org/channels/nixos-22.05 nixos (Change version tag if necessary)
sudo nix-channel --update
sudo nixos-rebuild --upgrade boot
Reboot to enter your newly-built NixOS.

It‘s perfectly fine and recommended to leave system.stateVersion value in the configuration at the release version of the first install of this system. You should only bump this option, if you are sure that you can or have migrated all state on your system which is affected by this option. Before changing this value read the documentation for this option (e.g. man configuration.nix or on NixOS Options).

[via]https://unix.stackexchange.com/a/491772[/via]

Clean up system

sudo nix-collect-garbage --delete-older-than 30d

[via]https://matthewrhone.dev/nixos-package-guide#cleanup-old-packages-user-wide[/via]

Upgrade Kernel to latest version

Add boot.kernelPackages = pkgs.linuxPackages_latest; to your configuration.nix

Use pipewire for Audio (with Bluetooth)

sound.enable = false;
hardware.pulseaudio = {
  enable = false;
  package = pkgs.pulseaudioFull;
};
security.rtkit.enable = true;
services.pipewire = {
  enable = true;
  alsa.enable = true;
  alsa.support32Bit = true;
  pulse.enable = true;
  # If you want to use JACK applications, uncomment this
  #jack.enable = true;

  # use the example session manager (no others are packaged yet so this is enabled by default,
  # no need to redefine it in your config for now)
  #media-session.enable = true;
  config.pipewire = {
    "context.properties" = {
      #"link.max-buffers" = 64;
      "link.max-buffers" = 16; # version < 3 clients can't handle more than this
      "log.level" = 2; # https://docs.pipewire.org/#Logging
      #"default.clock.rate" = 48000;
      #"default.clock.quantum" = 1024;
      #"default.clock.min-quantum" = 32;
      #"default.clock.max-quantum" = 8192;
  };
  media-session.config.bluez-monitor.rules = [
    {
      # Matches all cards
      matches = [ { "device.name" = "~bluez_card.*"; } ];
      actions = {
        "update-props" = {
          "bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ];
          # mSBC is not expected to work on all headset + adapter combinations.
          "bluez5.msbc-support" = true;
          # SBC-XQ is not expected to work on all headset + adapter combinations.
          "bluez5.sbc-xq-support" = true;
        };
      };
    }
    {
      matches = [
        # Matches all sources
        { "node.name" = "~bluez_input.*"; }
        # Matches all outputs
        { "node.name" = "~bluez_output.*"; }
      ];
      actions = {
        "node.pause-on-idle" = false;
      };
    }
  ];
};
};