A Potential Memory Leak in Twisted

Recently I’m developing a server module with Python, the module will initiate thousands of connections to a Jabber server, and there’re many clients connect/disconnect to/from this module, so I’ve created a pool to hold all the connections.

To maintain such a pool, the module has to frequently construct object (when user connects) and deconstruct object (when user leaves), I implement the module using Twisted framework. After some tests, there seems memory leaks, this is not allowed for a server-side application, so I tried to hunt the leak down, after some tests I finally found where the problem exists.

Read More »

Execute Custom Script During QNAP Bootstrap

The QNAP NAS (in my case TS-209 II) uses an embedded Linux, during the system startup, a clean runtime environment is restored, then customized configurations are copied over to the default files, this makes a more stable system. After boot, the /etc folder is on a ramdisk (/dev/ram0), thus you can’t modify it as you usually do on a normal Linux.

If you wanna execute some custom scripts during system startup, you can’t simply edit /etc/rc*.d files because these files are on ramdisk. There’re some ways to let system execute your personal scripts during startup, the most dangerous way is to modify the initrd directly, in case you messed up something, your QNAP will be rendered useless unless doing a mtd restore through serial port.

I personally like to use pure software methods to do the trick.

Method 1

Utilize the autorun.sh script. This script is on /dev/mtdblock5, it is called each time system boots, so any modifications to it will take effect in the next reboot. To change its contents:

mount -o loop /dev/mtdblock5 /tmp/config

Then use your favorite editor to edit /tmp/config/autorun.sh, when you’re done, enter:

umount /tmp/config

This method is easy, but you can’t let the script do some cleanup before shutdown because the script is only called during system boot. If you would like some more controls, try the method shown below.

Read More »

Turn Your TS-209 II Into TS-209 Pro II (Risk-Free)

This post introduces an ideal and safe method to change a TS-209 II into a TS-209 Pro II, the basic idea is to fake the hardware type during system startup, thus make a perfect hack.

There’s a utility /sbin/config_util which is used for many purposes, including get/set hardware signatures, we’ll use it to change the box type.

The Method

SSH onto your TS-209 II, then enter:

mount -o loop /dev/mtdblock5 /tmp/config
cd /tmp/config

Read More »

Enable AD Support on TS-209 II

AD support is a feature available to QNAP TS-209 Pro II only. However, TS-209 II and TS-209 Pro II have exactly the same hardware specifications, the difference is in software. The two differences between a 209 II and a 209 Pro II are: support for NFS and AD (Active Directory).

I don’t know why QNAP sells the same thing in two prices. However, since they are only different in softwares, why pay extra $85 for the two additional software features when you can enable them by yourself ? In my last post I have described how to enable the NFS support on 209 II. This article describes how to enable the AD support on 209 II.

Read More »

Activate NFS Support on QNAP TS-209 II

The QNAP TS-209 II and TS-209 Pro II have the same hardware specifications, however, the firmwares are slightly different, the main differences are: NFS and ADS support are only available on TS-209 Pro II. Afte some investigation, I found it’s easy to enable NFS on TS-209 II. This post describes the way to achieve it.

SSH to TS-209 II and then take the following steps:

1. Enable NFS support in system configuration

setcfg NFS Enable 1

This will create an NFS section in system configuration file (/etc/config/uLinux.conf) and add an item under the section which enables NFS during bootstrap.

2. Create user for NFS

TS-209 II defaults to run NFS with UID=500 and GID=20, so let’s create a user for it:

addgroup -g 20 nfsgroup
adduser -u 500 -G nfsgroup nfs

Read More »

My Hanlin V3 Was Broken

UPDATE: After replacing the screen, it works again. The replacement cost about US$175, half the price of V3.

I bought a Hanlin V3 eReader two weeks ago, it utilises e-ink technologies (vizplex), it has a 6″ screen, 512M memory, 800×600 resolution, 4 gray scales, and handles 13 file formats. It’s a product of Jinke. The device worked great, but yesterday it was broken when it hit to the ground from about 30 feet high (caused by my dog, last time he pushed my iPhone down to the ground).

The screen no longer reacts, here’s a photo of what it looks like now:

Before I sent it for screen replacement, I managed to take a look at what’s inside it, so I disassembled it and took some photos:

Read More »

Mails From A Fraud Victim

I have nothing to do with your purchase. I have nothing to do with any site that sells iLiberty+ or other unlocking applications. My official domain is: insideiphone.com (I no longer use zjlotto.com since May 2008).

Recently I have received quite some emails complaining about their puchases. In short, they didn’t know iLiberty+ is freeware and bought it from some fraud site (one of which is www.unlocksiphone.com) and thougt I’m the owner of that fraud site. The following is one of the mails I have received:

From: George Mindrinos

the program try to go to recovery mode and
stuck.i have 3g iphone v.2.
the site says can unlockit and i paid.then the site redirects to you.finally can you help me or
is a cheat.
thanks in advance

My reply:

Sigh……Why can’t people read properly ? I have put a clear
clarification on my blog which says iLiberty+ can NOT
jailbreak/activate/unlock 3G/2.0.

Read More »

A Seczone Filled With 0xFF

I’ve been sort of busy doing some Python stuffs so this blog has not been updated for days, besides I’m lazy sometimes :) Okay, this is a story about what has happened to my 1st-gen iPhone, the story may prevent you from doing stupid things like me :)

Last week, I was trying the firmware 2.0 on my 1st-gen iPhone (bootloader 3.9, firmware 1.1.4), after some successful “normal” operations, I decided to try some “abnormal” situations, so I messed my iPhone in the following manner:

Restore to 2.0
Restore to 1.1.4
Downgrade baseband
Erase baseband
Unlock the AnySim way
Unlock the IPSF way

The above operations were taken multiple times and might not be in the displayed order (I couldn’t recall the exact steps I took), I used the following tools during the above operations:

Read More »

gzDecryptor, A Small Firmware Tool

UPDATE: In firmware 2.0.5A258f, the ramdisk is no longer a 8900 file, it’s just a normal ramdisk (slightly prepended/appened), so this tool will not work (currently) on 2.0.5A258f has been updated to support the latest firmware 2.0 5A258f. UPDATE: Works on 5A274d as well.

UPDATE: Fixed a bug that causes decryption failure if there are spaces in path/filename.

UPDATE: Added a routine to fix the generated DMG.

This is a small tool to simplify some firmware related jobs. Normally, you will take the following steps when you’ve got a new firmware:

1. Decompress firmware
2. Decrypt ramdisk
3. Extract rootfs decryption key
4. Decrypt rootfs
5. Extract important files

If you are on Mac OS X, you are lucky because you can easily find all the needed tools for the above jobs, and you can write an easy wrapper script to automate these jobs, but on Windows, there seems no such a tool yet, that’s why I write this small tool, gzDecryptor, check the following snapshot:

Read More »

First Chinese Handwriting IME On iPhone

Chinese mobile device users must know HWPen, a famous Chinese handwriting IME, it’s a very good input method, and offers the easiest Chinese input experience on a mobile device. Before I switch to iPhone, my favorite mobile phone was Dopod, and I always use HWPen as my first choice for Chinese input on my Dopod.

Ever since I switched to iPhone, I found I was in a situation that there’s no handwriting IME for me to input Chinese, so my favorite Chinese input method became iCosta Pinyin, a small and fast IME. I even wrote an article about it several weeks ago (check This Link) and analyzed some of the technique behind it. Basically, it overrides some system calls to implement the Chinese input.

The situation is changing, now HWPen has come to iPhone, as a former supporter I of course gave it a try. I downloaded the package (HWPen.zip) and extracted it, there’s no executables in it, so I was not expecting an application to setup parameters/environment for it, a quick check on its installation plist showed it interposes the libHWIME.dylib before SpringBoard is loaded, so it uses the similar technique just like other IMEs (e.g. iCosta). The scan on libHWIME.dylib showed it utilizes Korean keyboard, so it’ll not conflict with other IMEs that also use internal keyboards because other IMEs often utilize Japanese keyboard.

Read More »