From a Globalping probe to ... something else

September 2, 2023 Article 1275 words 6 mins read

A friend who read my how to turn a Ripe.net probe into a OpenWRT router article gave me a Globalping hardware probe to play with, two conditions attached: don’t expose any private information that might be hardcoded into the probe and return it with the same firmware. Because of his request, I’ll do this the “paranoid” way (no boot logs, no SD card manufacturer shown, no default firmware upload, etc) so this will basically be a short tutorial of how to connect one device to another via serial console and various hardware information about the probe.

What is a Globalping hardware probe, you might be asking yourself right now. Well, it’s pretty simple:

Globalping is a platform that allows anyone to run networking commands such as ping, traceroute, dig, curl and mtr on probes distributed all around the world. Our goal is to provide a free and simple service for everyone out there to make the internet faster. You can use it to optimize your anycast network, monitor your latency, debug routing issues and even check for censorship in different countries. source

Globalping is a service from jsDelivr and allows users to perform network tests (such as ping, mtr, dig, etc.) on probes all over the world through a simple HTTP RESTful API. It’s very similar to a much older RIPE Atlas hardware probe and people who know me would understand that I will not connect such a device to the Internet from my LAN unless heavily sedated (which is not the case right now) but it is what it is. It mostly likely doesn’t do anything nefarious but it definitely opens your local network to a whole new world of pain.

It does have a serial number and it’s probably tied to the identity of the person it’s sent to.

The probe seems secure, there is no shell access on it and you can only ssh into the logs user account to view … logs. Once you connect it to the Internet and power it up, figure out its IP from your home router and connect to it:

$ ssh logs@x.x.x.x

Package

probe inside a tiny metal case that’s quite pretty
1x 32GB SD card.
1x short CAT5e Ethernet cable
1x USB-A to MicroUSB power cable
1x AC adapter
instructions
some stickers for your laptop if you’re into that kind of fetish

Hardware

Opening the metal case can be done easily, there are 4 screws on each side and you only need to remove one side-panel to slide out the heatsink with the board secured on top. No glue involved!

The Globalping probe is actually a generic NanoPI NEO V1.4 SBC with 512MB RAM.

Component	Description
CPU	Allwinner H3, Quad-core Cortex-A7 Up to 1.2GHz
RAM	512MB DDR3
Ethernet	10/100M
MicroSD slot	✓
GPIO	2.54mm pitch 36pin. It includes UART, SPI, I2C, IO etc
Power supply	DC 5V/2A

Guide

I have to admit I didn’t expect to have serial console pins on the board (not really familiar with the NanoPi hardware) and I was prepared to dump the flash from the uBoot prompt but fortunately the pins were present and usable.

You should make a copy of the original SD card, just in case. Pop it inside a computer and use dd to make a copy image (and make sure you have 32GB of free space on the disk):

$ sudo dd if=/dev/sdb of=globalping.img bs=4M status=progress

Zip it somewhere for safekeeping and binwalking, but there is nothing special about that image.

Start by downloading a Linux image: you can use DietPI, Armbian, Debian, Ubuntu, OpenWRT, Android, etc. I decided to use the FriendlyWRT “distro” provided by FriendlyElec. Unzip the h3_sd_friendlywrt_4.14_armhf_20210512.img.zip file to reveal a ~1GB image file that will be written to a new SD card. Make sure your SD card is /dev/sdb or adjust the line below.

$ sudo dd if=h3_sd_friendlywrt_4.14_armhf_20210512.img of=/dev/sdb bs=2M conv=fsync

Eject the SD card when it’s done writing.

Since NanoPi NEO does not have a HDMI connector you will need to find a USB-to-Serial converter (like a Sparkfun FTDI Basic 3.3V for example) and connect 3 pins (RX, TX and GND) from your probe to the USB-to-Serial board.

For the Sparkfun FTDI Basic 3.3V board, the connection is done like this: RX to TX, TX to RX, GND to GND.

NanoPI NEO	Sparkfun FTDI
1 (GND)	GND
3 (UART0_TX)	RXI
4 (UART0_RX)	TXO

Connect the USB-to-Serial board to a free USB port on your computer and install minicom.

$ sudo apt update && sudo apt install minicom

Figure out which of the connected serial devices is your USB-to-Serial converter:

$ sudo dmesg | grep tty
[  43013.659214] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0

Start minicom and connect it to your serial device:

$ sudo minicom -D /dev/ttyUSB0 -b 115200

Insert the newly-written SD card into the microSD slot on the NanoPI, connect the MicroUSB power cable and you will get serial output from the board after few seconds. After it’s done booting press ENTER and you’ll get into the root console, use the ip utility to find out NanoPI’s IP address (if you didn’t forget to plug the Ethernet cable into your router).

Once you have the IP it’s just a matter of entering that address into a browser on a machine that’s on the same LAN and you’ll get inside the OpenW… I mean FriendlyWRT’s LuCi interface.

Important

Do not forget to pick a new root password when you first login into LuCi else the Russian and Chinese (never the American ones, no sir!) hackers will spread your nudes all over the Internet.

Also, if you installed a stock OpenWRT firmware you will need to resize the root partition and filesystem else it won’t use the whole SD card (provided you have a SD card bigger than 256MB). FriendlyWRT doesn’t have this problem but you will need to upgrade a bucketload of stuff with opkg if you use FriendlyElec’s alternative.

# opkg update
# opkg install parted losetup resize2fs
# parted -s /dev/mmcblk0 resizepart 2 100%
# losetup /dev/loop0 /dev/mmcblk0p2
# resize2fs -f /dev/loop0
# reboot

If you use the squashfs OpenWRT image the steps above won’t work.

Globalping API

I didn’t bother too much with the API (like I said, I will not connect the probe to the Internet under any circumstances) but if you want to play with it use Postman, Globalping’s interface or cURL to perform API requests. Assume all requests are logged.

To do a ping to google.com from Brazil (BR country code) first do a request to https://api.globalping.io/v1/measurements to get a request ID.

$ curl --location 'https://api.globalping.io/v1/measurements' \
	--header 'Content-Type: application/json' \
	--data '{"type":"ping","target":"google.com","measurementOptions":{},"locations":[{"country":"BR","limit":1}],"inProgressUpdates":true}'
{
  "id": "8J5o398DhgRea92H",
  "probesCount": 1
}

And afterward do a GET request to https://api.globalping.io/v1/measurements/REQUEST_ID where REQUEST_ID is the id from the previous API call.

$ curl --location 'https://api.globalping.io/v1/measurements/8J5o398DhgRea92H'
{
    "id": "8J5o398DhgRea92H",
    "type": "ping",
    "status": "finished",
    "createdAt": "2023-04-20T12:09:05.125Z",
    "updatedAt": "2023-04-20T12:09:06.312Z",
    "target": "google.com",
    "probesCount": 1,
    "locations": [
        {
            "country": "BR"
        }
    ],
    "results": [
        {
            "probe": {
                "continent": "SA",
                "region": "South America",
                "country": "BR",
                "state": null,
                "city": "Sao Paulo",
                "asn": 47787,
                "longitude": -46.6361,
                "latitude": -23.5475,
                "network": "EDGOO NETWORKS LLC",
                "tags": [],
                "resolvers": [
                    "private"
                ]
            },
            "result": {
                "status": "finished",
                ...
            }
        }
    ]
}

If you’re wondering by now if there are any probes inside North Korea, no there aren’t, feel free to check, the ISO 3166 country code for North Korea is KP. But there are probes in Russia and China.

Photos

Additional links

author sizeof(cat)

created September 2, 2023

words 1275

tags #hardware, #nanopi, #openwrt