Posts by chewitt

**chewitt** · Botnets and LibreELEC **chewitt** October 24, 2016 at 7:13 PM

1. The packaging of LE/OE ultimately prevents this issue being solved. The OS password file is inside a read-only compressed file. If you can figure out how to write to things inside the read-only file, we welcome the PR on GitHub. The compromise to minimise attack surface (in the context of 99%+ installs being domestic behind router NAT/firewall and without IP/port forwarding) is that SSH access is off by default. We also advise users NOT to expose LE directly to the internet.

2. In LE/OE a malicious add-on has root access to the OS and can do what it likes. This is partly a failing of Kodi (no sandbox) and partly a failing of LE (where everything runs as root). Neither situation is likely to change in the medium-term and if you have root/admin access to any OS (Win, Mac, Linux, even ye olde OS/2 warp) there are enough binary OS tools for any competent attacker to wreak havoc; we are not unique. There are current examples of add-ons that maliciously attack other add-ons (pirate stream repo's trying to break their competitors). There are also examples of add-ons that take content from the local system and upload it to torrent networks without asking. I am not personally aware of examples of anything that co-opts the box into a botnet, but it is technically possible; hence Kodi Krypton has a new feature to auto-block the installation of add-ons from zip files (which is how you install pirate repo installers which host dubious add-ons) unless you opt-out. In the long-term there are thoughts on how to sandbox things, but that's a complex discussion. TL/DR; be careful what you install and where you install it from, same as every other OS.

3. As per #1, keep SSH off unless it's being used, use key-auth not password auth, and do not expose/connect the box directly to the Internet.

NB: Shodan searches reveal a small number of fcukwits who have exposed the SMB or UPnP shares of their LE/OE boxes to the Internet. It's hard to say how that correlates to the number of SSH exposed systems there are without actually self-scanning for them (and I'm not Brian Krebs) but from the number of SMB systems I believe the number is not statistically significant enough to represent a worthwhile/economic opportunity for the actors who perpetrate these attacks; they are normally looking for "low hanging fruit" that provide much larger device counts. This is obscurity not security but it still counts, sort of. On the positive, I have been periodically checking the LE/OE system count via Shodan for some time and the number has not grown proportionally with the size of either project's installed base. I can also assure you that both LE and Kodi teams take security and privacy seriously; both teams have vocal people with professional security credentials on their staff.

**chewitt**

WPA2-Enterprise should be supported but the GUI for configuration was never implemented in our settings add-on as the developers in the team who created the add-on never had access to such a network to test with (not very common in domestic scenarios). If you do things under the hood it should be possible to use; but this will require you to experiment. Start with "connmanctl" .. something like:

connmanctl
agent on
scan wifi
services
connect <name of service> <= tab autocomplete works here

When you connect to a normal network it asks for username/pass when connecting. I've never had an Enterprise network to test against, but maybe it asks you for all the required information. If yes, please report back

If not, have a look at Talk:Wireless network configuration - ArchWiki and Google for other examples of configuration and do some experiments. We store connman service configuration in /storage/.cache/connman/

NB: You will of course need an SSH connection via Ethernet to set this up. It's no issue to have two active connections; Ethernet takes precedence.

**chewitt** · MSI VOX USB2.0 TV BOX **chewitt** October 24, 2016 at 4:16 PM

You need to run "lsusb | paste" via SSH and share the URL generated so we can see what chipset is in the box as the website has no useful info.

**chewitt**

You can use /storage/.config/autostart.sh to force values in /storage/.cache/ssh/sshd.conf; autostart is executed early in the boot sequence before networking and things like SSH are started.

**chewitt** · Sound Issue **chewitt** October 24, 2016 at 3:40 AM

garoto any update?

**chewitt** · Sound Issue **chewitt** October 23, 2016 at 2:36 AM

LibreELEC Testbuilds for x86_64 (Kodi 17.0) <= please update to this build and confirm audio is working?

**chewitt** · updating **chewitt** October 22, 2016 at 3:42 PM

Official:Forum rules/Banned add-ons - Official Kodi Wiki

Good luck

**chewitt** · tethering issue **chewitt** October 22, 2016 at 8:38 AM

In that case your issue is not related to the thread you commented upon which is solely related to the WeTek Play.

Update to the latest v7.90.007 alpha image and run "journalctl -b0 --no-pager | paste" then share the URL here so we can see the system log.

**chewitt** · Can't play video file **chewitt** October 22, 2016 at 7:31 AM

Please pastebin a complete debug log not just the snippet you think is important.

**chewitt** · VNC Add-on **chewitt** October 22, 2016 at 7:16 AM

If you need Xorg compatible VNC you can update to current Krypton LE-alpha builds and install the TigerVNC add-on. This add-on will not be backported to Jarvis.

**chewitt** · Sound Issue **chewitt** October 22, 2016 at 7:07 AM

# CONFIG_SND_VIA82XX is not set

There is no kernel driver set in the current kernel. I'll ask milhouse if he can add this to his next build so you can test.

**chewitt** · edit libreelec setup file **chewitt** October 22, 2016 at 6:23 AM

There's already thousands of pages on the internet that explain how to use tar so to eliminate PEBKAC issues it's probably easier to stick with the GUI tools in Kodi. So: Restore the backup. Install the add-ons from the Kodi GUI. Take a new backup. Job done.

**chewitt** · PL-2303 USB to Serial with Odroid C2 **chewitt** October 22, 2016 at 6:20 AM

linux: add PL2303 serial support to Odroid_C2 by chewitt · Pull Request #858 · LibreELEC/LibreELEC.tv · GitHub <= so it should be in v7.90.008 which is pending Kodi v17b4 release.

**chewitt** · tethering issue **chewitt** October 22, 2016 at 6:07 AM

Dora are you using WeTek Play or some other hardware?

**chewitt** · updating **chewitt** October 22, 2016 at 4:04 AM

The OS is booted and Kodi is running so you can SSH in and get log files. Heck you don't even need to log-in, you can access the logfiles samba share and it will create a zip file with everything - although I'd prefer to see the "cat /storage/.kodi/temp/kodi.log | paste" URL as that's easier for me or any other staff member to work with.

btw, I hope you mean 'Add-ons' on the TV and not TVaddons .. because anything to do with that crapware repo is an automatic support refusal.

**chewitt**

Code

Option      "UseDisplayDevice" "DFP-0"
  Option      "ConnectedMonitor" "DFP-0"
  Option      "CustomEDID" "DFP-0:/storage/.config/firmware/edid/edid.bin"
  Option      "UseEDID" "true"
  Option      "IgnoreEDID" "false"

those are all nVidia-specific instructions, xorg.conf files are nowhere near as standardised as you're assuming.

**chewitt**

The xorg.conf you are/were using will only work on an nVidia GPU not Intel.

**chewitt**

vpeter is using the same based version of Kodi that all other LE builds are using which will include that fix, so it may be a different issue?

Posts by chewitt

Botnets and LibreELEC

WPA2-Enterprise with username/password?

MSI VOX USB2.0 TV BOX

Changing SSH Port and Other System Settings

Sound Issue

Sound Issue

updating

tethering issue

Can't play video file

VNC Add-on

Sound Issue

edit libreelec setup file

PL-2303 USB to Serial with Odroid C2

tethering issue

updating

Update to LibreELEC no HMDI out any more.

Update to LibreELEC no HMDI out any more.

Minor PVR search fix (rejected upstream because Kodi v16.x is EOL)