├── .vscode └── settings.json ├── images ├── Script-Flow.png ├── Pi-Network-Gadget.png ├── Pi-Network-Non-Zero.png ├── AVS-Device-Registration.png └── RaspberryPi-NDIS-Gadget.png ├── userconf.txt ├── legacy ├── alexa-voice-service-sdk-run.sh ├── alexa-voice-service-sdk-setup.sh ├── enable_uart_g_ether.sh ├── create_custom_host.sh ├── enable_ssh_restrict_interface.sh └── README.md ├── led-heartbeat-enable.sh ├── ufw-firewall-enable.sh ├── LICENSE.md ├── hostname-custom-serial-set.sh ├── README-Utility-Scripts.md ├── .gitignore ├── aircrack-install.sh ├── alexa-smart-screen-voice-sdk-run.sh ├── README.md ├── alexa-smart-screen-voice-sdk-setup.sh ├── Enable-Ethernet-Gadget.ps1 ├── README-AVS.md └── README-Provision-and-EtherGadget.md /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "files.eol": "\n", 3 | } -------------------------------------------------------------------------------- /images/Script-Flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/freemansoft/RaspberryPi/HEAD/images/Script-Flow.png -------------------------------------------------------------------------------- /images/Pi-Network-Gadget.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/freemansoft/RaspberryPi/HEAD/images/Pi-Network-Gadget.png -------------------------------------------------------------------------------- /images/Pi-Network-Non-Zero.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/freemansoft/RaspberryPi/HEAD/images/Pi-Network-Non-Zero.png -------------------------------------------------------------------------------- /images/AVS-Device-Registration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/freemansoft/RaspberryPi/HEAD/images/AVS-Device-Registration.png -------------------------------------------------------------------------------- /images/RaspberryPi-NDIS-Gadget.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/freemansoft/RaspberryPi/HEAD/images/RaspberryPi-NDIS-Gadget.png -------------------------------------------------------------------------------- /userconf.txt: -------------------------------------------------------------------------------- 1 | pi:$6$c70VpvPsVNCG0YR5$l5vWWLsLko9Kj65gcQ8qvMkuOoRkEagI90qi3F/Y7rm8eNYZHW8CY6BOIKwMH7a3YYzZYL90zf304cAHLFaZE0 2 | -------------------------------------------------------------------------------- /legacy/alexa-voice-service-sdk-run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | 7 | if [ ! -f "$HOME/avs-device-sdk/startsample.sh" ] ; 8 | then 9 | echo "You have to set this. Try alexa-voice-service-sdk-setup.sh" 10 | exit 1 11 | fi 12 | 13 | # we couldn't do this in the build process because of the script that is supplied as part of this 14 | # edit config file 15 | cd $HOME/avs-device-sdk/build/Integration 16 | if ! grep -q "gstreamerMediPlayer" AlexaClientSDKConfig.json; then 17 | cp AlexaClientSDKConfig.json AlexaClientSDKConfig-$(date -d "today" +"%Y-%m-%d-%H%M%S").json 18 | sed -i "s/^{/{\n \"gstreamerMediaPlayer\":{\n \"audioSink\":\"alsasink\"\n },/" AlexaClientSDKConfig.json 19 | fi 20 | 21 | # Run the sample 22 | cd $HOME/avs-device-sdk 23 | sudo bash startsample.sh -------------------------------------------------------------------------------- /led-heartbeat-enable.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # Change the behavior of the status led to be a pattern 7 | led_trigger="heartbeat" 8 | led_trigger_modprobe="modprobe ledtrig_heartbeat" 9 | 10 | if [ $(id -u) -ne 0 ] 11 | then echo "Please run as root" 12 | exit 1 13 | fi 14 | 15 | # it is weird but it is leds/leds as of 2020/11 16 | rc_local_orig="^exit 0" 17 | rc_local_target="# Blink status LED in heartbeat pattern\n$led_trigger_modprobe\necho $led_trigger > /sys/devices/platform/leds/leds/led0/trigger\n\nexit 0\n" 18 | if ! grep -q "$led_trigger" /etc/rc.local; then 19 | echo "Enabling $led_trigger style led blinking via rc.local" 20 | sed -i "s|$rc_local_orig|$rc_local_target|g" /etc/rc.local 21 | else 22 | echo "Hearbeat style led blinking via rc.local already enabled" 23 | fi 24 | -------------------------------------------------------------------------------- /ufw-firewall-enable.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # Enable the firewall as the following 7 | # block inbound 8 | # allow outbound 9 | # allow inbound on usb0 - gadget 10 | 11 | if [ $(id -u) -ne 0 ] 12 | then echo "Please run as root" 13 | exit 1 14 | fi 15 | 16 | apt-get update 17 | apt-get -y install ufw 18 | echo "Blocking all inbound" 19 | echo "Blocking all outbound" 20 | sudo ufw default allow outgoing 21 | sudo ufw default deny incoming 22 | # enable anything over the usb0 port and eth0 - only Zero supports usb0 23 | echo "Allowing inbound on wired connections usb0 and eth0" 24 | sudo ufw allow in on usb0 25 | sudo ufw allow in on eth0 26 | 27 | #sudo ufw allow proto tcp from any to any port 80,443 28 | 29 | # start the firewall without prompting 30 | ufw --force enable 31 | ufw status verbose 32 | 33 | # wlan is blocked/disabled on headless(?) installs for security reasons? 34 | # TODO: should verify wireless set to "yes" before trying to set to "no" 35 | rfkill list 36 | rfkill unblock wlan -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | Copyright (c) 2022 Joe Freeman joe@freemansoft.com 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining 4 | a copy of this software and associated documentation files (the 5 | "Software"), to deal in the Software without restriction, including 6 | without limitation the rights to use, copy, modify, merge, publish, 7 | distribute, sublicense, and/or sell copies of the Software, and to 8 | permit persons to whom the Software is furnished to do so, subject to 9 | the following conditions: 10 | 11 | The above copyright notice and this permission notice shall be 12 | included in all copies or substantial portions of the Software. 13 | 14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -------------------------------------------------------------------------------- /hostname-custom-serial-set.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # 7 | # WRITE DOWN THE NEW GENERATED HOSTNAME BEFORE REBOOTING! 8 | # 9 | # Sets the hostname to pi- 10 | # bonjour hostname will be pi-.local 11 | # host entry will still exist for raspberrypi.local 12 | # 13 | # based on https://pricklytech.wordpress.com/2013/04/24/ubuntu-change-hostname-permanently-using-the-command-line/ 14 | 15 | if [ $(id -u) -ne 0 ] 16 | then echo "Please run as root" 17 | exit 1 18 | fi 19 | 20 | hostname_orig=$(cat /etc/hostname) 21 | pi_serial=$(cat /proc/cpuinfo | grep Serial | cut -d ' ' -f 2 | sed s/0//g) 22 | hostname_new="pi"-$pi_serial 23 | 24 | if ! grep -q $hostname_new /etc/hostname; then 25 | echo "Changing hostname from $hostname_orig to $hostname_new - Will take effect immediately. Reboot requred for DNS refresh." 26 | sudo sed -i "s/$hostname_orig/$hostname_new/g" /etc/hostname 27 | sudo sed -i "s/$hostname_orig/$hostname_new $hostname_orig/g" /etc/hosts 28 | hostname $hostname_new 29 | else 30 | echo "No change made. Name already set to $hostname_new" 31 | fi 32 | 33 | -------------------------------------------------------------------------------- /README-Utility-Scripts.md: -------------------------------------------------------------------------------- 1 | These scripts are copied to the /boot partition of any SD card configured by the Pi-Zero ethernet gadget powershell script. 2 | They will need to be manually copied or `git clone...` onto other devices 3 | 4 | # Additional scripts copied to boot partition 5 | A set of **optional** utility scripts will have been copied to the boot partition. 6 | 7 | ## Useful Utilities 8 | 9 | These must be run with `sudo` 10 | 11 | | | script | purpose | 12 | | - | - | - | 13 | | `sudo /boot/hostname-custom-serial-set.sh` | Recommended | Sets the hostname of the pi to pi-. Updates /etc/hostname and /etc/hosts | 14 | | `sudo /boot/led-heartbeat-enable.sh` | Optional | Changes the trigger for the Pi-Zero onboard status led to be a heartbeat pattern | 15 | | `sudo /boot/ufw-firewall-enable.sh` | Recommended | Enables the firewall blocking all inbound traffic on wlan0 while leaving hardwire eth0 / usb0 open to SSH | 16 | 17 | * The `ufw-firewall-enable.sh` script reqiures internet access either via wifi or via connection sharing (tested on mac) 18 | 19 | # Air crack experimentation 20 | All of these must be run with _sudo_ 21 | | | script | purpose | 22 | | - | - | - | 23 | | Speciality | aircrack-install.sh | Converts this pi to an aircrack machine with monitor mode | 24 | 25 | # Other notes 26 | You can reduce the O/S update times by uninstalling components. The Raspberry Pi 400 comes with a lot installed. You can save over 2GB of SD card space with: 27 | ```bash 28 | sudo apt-get purge wolfram-engine 29 | sudo apt-get autoremove 30 | ``` -------------------------------------------------------------------------------- /legacy/alexa-voice-service-sdk-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # cannot run headless unless pipe "YES" in for license agreement 7 | # 8 | 9 | # assumes in ~ 10 | default_config_file_name="config.json" 11 | 12 | if [ $(id -u) -eq 0 ] 13 | then 14 | echo "Please do not run as root" 15 | exit 1 16 | fi 17 | 18 | # assumes in ~ 19 | default_config_file_name="config.json" 20 | ls $HOME/$default_config_file_name 21 | if [ ! -f "$HOME/$default_config_file_name" ] ; 22 | then 23 | echo "Create config.json using the Amazon portal https://developer.amazon.com/en-US/docs/alexa/alexa-voice-service/input-avs-credentials.html" 24 | exit 1 25 | fi 26 | 27 | cd $HOME 28 | mkdir $HOME/avs-device-sdk 29 | cd $HOME/avs-device-sdk 30 | 31 | # cannot run headless 32 | wget https://raw.githubusercontent.com/alexa/avs-device-sdk/master/tools/Install/setup.sh \ 33 | wget https://raw.githubusercontent.com/alexa/avs-device-sdk/master/tools/Install/genConfig.sh \ 34 | wget https://raw.githubusercontent.com/alexa/avs-device-sdk/master/tools/Install/pi.sh 35 | 36 | # assumes config.json is in $HOME 37 | if [ ! -f /$HOME/config.json ]; then 38 | echo "This requires a file config.json in the developer's home directory of the one running this script" 39 | fi 40 | 41 | cp $HOME/config.json $HOME/avs-device-sdk 42 | sed -i 's/-j2/-j1/g' setup.sh 43 | # could pipe in yes for this let it pick its own serial number or provide one 44 | #sudo bash setup.sh config.json -s 123456 45 | sudo bash setup.sh $HOME/config.json 46 | 47 | # Will have some prompts to answer 48 | 49 | -------------------------------------------------------------------------------- /legacy/enable_uart_g_ether.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # 7 | # Enable the uart 8 | # enable gadget on Raspberry Pi Zero 9 | # is rerunable 10 | # 11 | 12 | if ! [ $(id -u) = 0 ]; then 13 | echo "The script need to be run as root." >&2 14 | exit 1 15 | fi 16 | 17 | # config.txt changes 18 | uart_enable="enable_uart=1" 19 | dwc2_enable="dtoverlay=dwc2" 20 | # the lines normally has no leading whitespace 21 | uart_enabled="^"$uart_enable 22 | dwc2_enabled="^"$dwc2_enable 23 | 24 | # possible cmdline.txt changes 25 | load_serial="modules-load=dwc2,g_serial" 26 | load_ether="modules-load=dwc2,g_ether" 27 | # files 28 | boot_config_file="/boot/config.txt" 29 | boot_cmd_file="/boot/cmdline.txt" 30 | 31 | # first work on $boot_config_file 32 | # handles if the line is commented oiut 33 | if grep -q "$uart_enabled" $boot_config_file; then 34 | echo "uart previously enabled" 35 | else 36 | grep -qF -- "$uart_enabled" $boot_config_file || echo "$uart_enable" >> "$boot_config_file" 37 | echo "uart enabled" 38 | fi 39 | # handles if the line commented out 40 | if grep -q "$dwc2_enabled" $boot_config_file; then 41 | echo "dtoverlay dwc2 previously enabled" 42 | else 43 | grep -qF -- "$dwc2_enabled" $boot_config_file || echo "$dwc2_enable" >> "$boot_config_file" 44 | echo "dtoverlay dwc2 enabled" 45 | fi 46 | 47 | # now work on $boot_cmd_file 48 | if grep -q "$load_ether" $boot_cmd_file; then 49 | echo "ether gadget already added to cmdline" 50 | else 51 | sed -i "s/rootwait/rootwait $load_ether/" $boot_cmd_file 52 | echo "ether gadget appended cmdline" 53 | fi 54 | 55 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | env/ 12 | build/ 13 | develop-eggs/ 14 | dist/ 15 | downloads/ 16 | eggs/ 17 | .eggs/ 18 | lib/ 19 | lib64/ 20 | parts/ 21 | sdist/ 22 | var/ 23 | wheels/ 24 | *.egg-info/ 25 | .installed.cfg 26 | *.egg 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | 49 | # Translations 50 | *.mo 51 | *.pot 52 | 53 | # Django stuff: 54 | *.log 55 | local_settings.py 56 | 57 | # Flask stuff: 58 | instance/ 59 | .webassets-cache 60 | 61 | # Scrapy stuff: 62 | .scrapy 63 | 64 | # Sphinx documentation 65 | docs/_build/ 66 | 67 | # PyBuilder 68 | target/ 69 | 70 | # Jupyter Notebook 71 | .ipynb_checkpoints 72 | 73 | # pyenv 74 | .python-version 75 | 76 | # celery beat schedule file 77 | celerybeat-schedule 78 | 79 | # SageMath parsed files 80 | *.sage.py 81 | 82 | # dotenv 83 | .env 84 | 85 | # virtualenv 86 | .venv 87 | venv/ 88 | ENV/ 89 | 90 | # Spyder project settings 91 | .spyderproject 92 | .spyproject 93 | 94 | # Rope project settings 95 | .ropeproject 96 | 97 | # mkdocs documentation 98 | /site 99 | 100 | # mypy 101 | .mypy_cache/ 102 | -------------------------------------------------------------------------------- /aircrack-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # 7 | # Copy this to the boot directory and 8 | # run sudo 9 | # 10 | # from https://medium.com/@THESMASHY/raspberry-pi-zero-w-wifi-hacking-gadget-63e3fa1c3c8d 11 | # https://re4son-kernel.com/re4son-pi-kernel/ 12 | 13 | if [ $(id -u) -ne 0 ] 14 | then echo "Please run as root" 15 | exit 1 16 | fi 17 | 18 | # upgrade the O/S 19 | echo "Updating to latest packages" 20 | apt-get update && apt-get -y upgrade 21 | 22 | echo "Download and install re4son special kernel" 23 | ## Stable repository 24 | cd /tmp 25 | echo "deb http://http.re4son-kernel.com/re4son/ kali-pi main" > /etc/apt/sources.list.d/re4son.list 26 | wget -O - https://re4son-kernel.com/keys/http/archive-key.asc | apt-key add - 27 | apt update 28 | apt-get -y install kalipi-kernel kalipi-bootloader kalipi-re4son-firmware kalipi-kernel-headers libraspberrypi0 libraspberrypi-dev libraspberrypi-doc libraspberrypi-bin 29 | 30 | echo "Add mon0 to /etc/rc.local if not already there" 31 | cd /tmp 32 | rc_local_orig="^exit 0" 33 | rc_local_target="# Enable mon0 for aircrack\niw phy phy0 interface add mon0 type monitor\nifconfig mon0 up\n\nexit 0" 34 | if ! grep -q "ifconfig mon0" "/etc/rc.local"; then 35 | sed -i "s/$rc_local_orig/$rc_local_target/" /etc/rc.local 36 | fi 37 | 38 | # should this run after reboot 39 | echo "Download and install aircrack" 40 | cd /tmp 41 | curl -s https://packagecloud.io/install/repositories/aircrack-ng/release/script.deb.sh | bash 42 | apt-get -y install aircrack-ng 43 | 44 | echo "Rebooting to enable everything - must reboot manually for now" 45 | #reboot 46 | 47 | # can verify with looking for wi-fi monitoring mode 'monitor' is supported 48 | # iw phy phy0 info | grep monitor 49 | # can verify looking to see if mon0 came up 50 | # ifconfig | grep mon0 51 | -------------------------------------------------------------------------------- /legacy/create_custom_host.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | 7 | # Created 2018-03-20 http://joe.blog.freemansoft.com 8 | # derived from 2017-08-18 https://raspberrypi.stackexchange.com/questions/42145/raspberry-pi-hardware-id 9 | # script to set Pi hostname based on MAC (or Serial number) 10 | # This script should be run as root (or with sudo) to change names 11 | # If run by a user it will report changes, but will NOT implement them 12 | 13 | # Creates a unique name using the CPUID. This is the as the MAC when one exists 14 | # Works for PiB (all models), Pi2, Pi3, PiZeroW with on board networking 15 | 16 | # change this variable to change the beginning of the hostname 17 | HOSTNAME_PREFIX="pi" 18 | PDIR="$(dirname "$0")" # directory containing script 19 | CURRENT_HOSTNAME=$(cat /etc/hostname) 20 | echo "Current Name" $CURRENT_HOSTNAME 21 | # NOTE the last 6 bytes of MAC and CPUID are identical 22 | if [ -f $PDIR"/PiNames.txt" ]; then 23 | # If you want to specify hostnames create a file PiNames.txt with MAC hostname list e.g. 24 | # b8:27:eb:01:02:03 MyPi 25 | # Scan the various network interfaces 26 | if [ -e /sys/class/net/eth0 ]; then 27 | MAC=$(cat /sys/class/net/eth0/address) 28 | elif [ -e /sys/class/net/enx* ]; then 29 | MAC=$(cat /sys/class/net/enx*/address) 30 | else 31 | MAC=$(cat /sys/class/net/wlan0/address) 32 | fi 33 | echo "Looking in PiNames.txt for MAC " $MAC 34 | NEW_HOSTNAME=$(awk /$MAC/' {print $2}' $PDIR"/PiNames.txt") 35 | if [ -z "$NEW_HOSTNAME" ]; then 36 | echo "Name not found in colocated PiNames.txt. Aborting" 37 | exit 1 38 | else 39 | echo "Using name found in PiNames.txt " $NEW_HOSTNAME 40 | fi 41 | else 42 | CPUID=$(awk '/Serial/ {print $3}' /proc/cpuinfo | sed 's/^0*//') 43 | echo "CPUID" $CPUID 44 | NEW_HOSTNAME="$HOSTNAME_PREFIX""-""$CPUID" 45 | echo "Constructed name using CPUID" $NEW_HOSTNAME 46 | fi 47 | 48 | if [ "$NEW_HOSTNAME" = "$CURRENT_HOSTNAME" ]; then 49 | echo "Name already set" 50 | else 51 | echo "Setting Name" $NEW_HOSTNAME 52 | echo $NEW_HOSTNAME > /etc/hostname 53 | sed -i "/127.0.1.1/s/$CURRENT_HOSTNAME/$NEW_HOSTNAME/" /etc/hosts 54 | # change it without waiting for a restart 55 | hostname $NEW_HOSTNAME 56 | fi 57 | -------------------------------------------------------------------------------- /alexa-smart-screen-voice-sdk-run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # 7 | # https://developer.amazon.com/en-US/docs/alexa/alexa-smart-screen-sdk/raspberry-pi.html 8 | # 9 | # Runs the Alexa Voice Service SDK that is installed as phase 1 of the Alexa smart screen installation 10 | 11 | if [ $(id -u) -eq 0 ] 12 | then 13 | echo "Please do not run as root" 14 | exit 1 15 | fi 16 | 17 | # assumes in ~ 18 | if [ ! -f "$HOME/sdk-folder/sdk-build/SampleApp/src/SampleApp" ] ; 19 | then 20 | echo "Sample not built. Have you run alexa-smartscreen-sdk-setup.sh" 21 | exit 1 22 | fi 23 | 24 | # There is a simple hack in here to create your $HOME/.asoundrc file. 25 | # It picks the highest numbered microphone OF 2. 26 | # I did it that way because I have an AIY HAT and/or a Logitech Rockband USB mic 27 | # 28 | # Defer creating asound until done installing sound packages 29 | create_asound() { 30 | found_mics=`arecord -l | grep card` 31 | echo "Found microphones: " 32 | echo "$found_mics" 33 | 34 | if [ -f "$HOME/.asoundrc" ] 35 | then 36 | echo ".asoundrc exists - backing up and replacing" 37 | cp $HOME/.asoundrc $HOME/.asoundrc-$(date -d "today" +"%Y-%m-%d-%H%M%S") 38 | fi 39 | cat > ~/.asoundrc <<- EOF 40 | pcm.!default { 41 | type asym 42 | playback.pcm { 43 | type plug 44 | slave.pcm "hw:0,0" 45 | } 46 | capture.pcm { 47 | type plug 48 | EOF 49 | if [[ "$found_mics" == *"card 2:"* ]]; 50 | then 51 | echo "Found Mic on card 2." 52 | cat >> ~/.asoundrc <<- EOF 53 | slave.pcm "hw:2,0" 54 | } 55 | } 56 | EOF 57 | elif [[ "$found_mics" = *"card 1:"* ]]; 58 | then 59 | echo "Found Mic on Card 1" 60 | cat >> ~/.asoundrc <<- EOF 61 | slave.pcm "hw:1,0" 62 | } 63 | } 64 | EOF 65 | elif [[ "$found_mics" = *"card 0:"* ]]; 66 | then 67 | echo "Found Mic on Card 0" 68 | cat >> ~/.asoundrc <<- EOF 69 | slave.pcm "hw:0,0" 70 | } 71 | } 72 | EOF 73 | else 74 | echo "Confused about installed microphones. Can't create .asoundrc" 75 | fi 76 | 77 | } 78 | 79 | # run the sample app 80 | cd $HOME/sdk-folder/sdk-build 81 | # refresh ~/.asound 82 | create_asound 83 | 84 | # Run trigger keys with debug 85 | #echo "i to see menu. t to wake. q to quit" 86 | #PA_ALSA_PLUGHW=1 ./SampleApp/src/SampleApp ./Integration/AlexaClientSDKConfig.json DEBUG9 87 | # Run trigger wake word without debug 88 | echo "wake word is alexa. i to see menu q to quit" 89 | PA_ALSA_PLUGHW=1 ./SampleApp/src/SampleApp ./Integration/AlexaClientSDKConfig.json ../third-party/alexa-rpi/models 90 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | This project originally started as tooling to configure a Raspberry Pi Zero as an ethernet gadget to simplify Pi Zero software development. It now contains a couple realitively unrelated sets of tools 2 | 3 | # ISSUES 4 | 1. This restores the legacy default user. That is a security risk. Remove or replace userconf.txt to if you do not want this behavior. 5 | 6 | # Setup 7 | 8 | [Steps on your PC](./README-Provision-and-EtherGadget.md) 9 | Use these scripts to copy scripts to the SD card and make configuration changes required to enable the USB network gadget 10 | 1. Create an SD card and provision tools onto it. 11 | 1. Remove and re-insert the sd card to mount it in windows 12 | 1. Run the Enable-Ethernet-Gadget.ps1 13 | 1. Enables SSH and Wifi and possibly the Rasbery pi Supplement 14 | 1. Enables the Ethernet gadget for Ethernet over USB 15 | 1. Copies scripts to /boot 16 | 1. Eject and put card in Raspberry pi and boot 17 | 18 | [Steps on your Raspberry Pi](./README-Utility-Scripts.md) 19 | The .sh scripts in this project should be available to you on your new Pi in /boot. They will have been copied to the new Raspberry Pi. 20 | 1. Creates a unique hostname based on ethernet 21 | 1. Wireless firewall lock down to only allow ssh over hardwire 22 | 23 | ## This repository 24 | 25 | | Available functionality with files | Target Machine | environment | 26 | | -- | -- | -- | 27 | | [Enable SSH. Enable Wifi Supplicant. ](./README-Provision-and-EtherGadget.md) | All - Fresh OS SD cards | OS Card Burning | 28 | | [Raspberry Pi Zero Ethernet Gadget - use networking over USB](./README-Provision-and-EtherGadget.md) | Raspberry Pi Zero - Fresh SD cards| OS Card Burning | 29 | | [AWS AVS SDK and Sample - Voice recognition using AVS - also Google](./avs/README.AVS.md) | Raspberry Pi 3 and up, Pi Zero | On the Pi | 30 | | [Utilities including custom host names](./README-Utility-Scripts.md) | Machines with Networking | On the Pi | 31 | | [Utilities including wireless firewall restrictions](./README-Utility-Scripts.md) | Machines with wireless | On the Pi | 32 | | [Hacking Aircrack installation](./README-Utility-Scripts.md) | Machines with wireless | On the Pi | 33 | 34 | ![Script Flow](./images/Script-Flow.png) 35 | 36 | ## Videos on YouTube 37 | 38 | 1. [Scripted Install of Amazon Voice Services on a Raspberry Pi](https://youtu.be/qLfiqOiEKPY) 39 | 1. [Running Amazon AVS on a Raspberry Pi with Google AIY Hardware](https://youtu.be/00nmUphjxog) 40 | 1. [Remote development on a headless Raspberry Pi with Visual studio Code](https://youtu.be/x69x4bW9OyM) 41 | 1. [Build a Raspberry Pi image for the Ethernet Gadget](https://youtu.be/Ci_mZJoS3tg) 42 | 43 | ## Other References 44 | 1. [Setting up the Raspberry Pi Zero without HDMI or OTG](http://joe.blog.freemansoft.com/2018/03/setting-up-raspberry-pi-zero-without.html) 45 | 1. [Protecting the Pi: Restricting SSH to hardwire connections](http://joe.blog.freemansoft.com/2018/03/protecting-pi-restricting-ssh-to-usb.html) 46 | 1. [Minor hints on the Windows RNDIS driver](https://joe.blog.freemansoft.com/2022/11/installing-rndis-driver-on-windows-11.html) 47 | -------------------------------------------------------------------------------- /legacy/enable_ssh_restrict_interface.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # is rerunable 7 | # 8 | # Portions styled from 9 | # ref: https://kerneltalks.com/virtualization/how-to-reset-iptables-to-default-settings/ 10 | # ref: https://makezine.com/2017/09/07/secure-your-raspberry-pi-against-attackers/ 11 | # ref: https://www.raspberrypi.org/documentation/remote-access/ssh/ 12 | # ref: https://serverfault.com/questions/475717/iptables-block-incoming-on-eth1-and-allow-all-from-eth0 13 | # ref: https://askubuntu.com/a/30157/8698 14 | 15 | # eth0 hardware, 16 | # wlan0 PZero, P3, P3+ builtin or P2 USB Wi-fi 17 | # wlan1 P3, P3+ USB Wi-Fi 18 | disable_eth0=false 19 | disable_wlan0=true 20 | disable_wlan1=true 21 | 22 | if ! [ $(id -u) = 0 ]; then 23 | echo "The script need to be run as root." >&2 24 | exit 1 25 | fi 26 | 27 | if [ $SUDO_USER ]; then 28 | real_user=$SUDO_USER 29 | else 30 | real_user=$(whoami) 31 | fi 32 | 33 | # Commands that you don't want run with root would be invoked 34 | # with: sudo -u $real_user 35 | # So they will be ran as the user who invoked the sudo command 36 | # Keep in mind, if the user is using a root shell (they're logged in as root), 37 | # then $real_user is actually root 38 | # sudo -u $real_user non-root-command 39 | # Commands that need to be ran with root would be invoked without sudo 40 | 41 | # log the current rules 42 | echo "----------------------------------------------" 43 | echo inbound rules before more reset and ssh block 44 | iptables --list --verbose 45 | echo 46 | ip6tables --list --verbose 47 | echo "----------------------------------------------" 48 | # reset the inbound rules 49 | iptables -F INPUT 50 | ip6tables -F INPUT 51 | echo "Reset Input Rules" 52 | 53 | # enable iptables inbound rule blocking SSH on wlan0/eth0 54 | if [ "$disable_wlan0" = true ]; then 55 | if [ -e /sys/class/net/wlan0 ]; then 56 | echo "wlan0: Blocking port 22" 57 | iptables -A INPUT -p tcp --dport 22 -i wlan0 -j DROP 58 | ip6tables -A INPUT -p tcp --dport 22 -i wlan0 -j DROP 59 | fi 60 | else 61 | echo "wlan0: No block requested" 62 | fi 63 | if [ "$disable_wlan1" = true ]; then 64 | if [ -e /sys/class/net/wlan1 ]; then 65 | echo "wlan1: Blocking port 22" 66 | iptables -A INPUT -p tcp --dport 22 -i wlan1 -j DROP 67 | ip6tables -A INPUT -p tcp --dport 22 -i wlan1 -j DROP 68 | fi 69 | else 70 | echo "wlan1: No block requested" 71 | fi 72 | if [ "$disable_eth0" = true ]; then 73 | if [ -e /sys/class/net/eth0 ]; then 74 | echo "eth0: Blocking port 22" 75 | iptables -A INPUT -p tcp --dport 22 -i eth0 -j DROP 76 | ip6tables -A INPUT -p tcp --dport 22 -i eth0 -j DROP 77 | fi 78 | else 79 | echo "eth0: No block requested" 80 | fi 81 | 82 | # log the current rules 83 | echo "----------------------------------------------" 84 | echo inbound rules after blocking ssh on wlan0/eth0 85 | iptables --list --verbose 86 | echo 87 | ip6tables --list --verbose 88 | echo "----------------------------------------------" 89 | 90 | # install if not already there 91 | PKG_OK=$(dpkg-query -W --showformat='${Status}\n' iptables-persistent | grep "install ok installed") 92 | #echo Determined status for iptables-persistent: '$PKG_OK' 93 | if [ -z "$PKG_OK" ]; then 94 | echo "No iptables-persistent. Installing iptables-persistent." 95 | apt-get --yes install iptables-persistent 96 | else 97 | # persist the changes. 98 | echo "iptables-persistent present so just reconfigure." 99 | iptables-save >/etc/iptables/rules.v4 100 | ip6tables-save >/etc/iptables/rules.v6 101 | fi 102 | 103 | if [ "`systemctl is-active ssh`" != "active" ] 104 | then 105 | echo "starting ssh" 106 | systemctl enable ssh 107 | systemctl start ssh 108 | else 109 | echo "ssh already started" 110 | fi 111 | -------------------------------------------------------------------------------- /legacy/README.md: -------------------------------------------------------------------------------- 1 | # RaspberryPi Scripts 2 | Various Raspberry Pi Scripts and programs. Some of these are [discussed on my blog](joe.blog.freemansoft.com) 3 | 4 | ## create_custom_host.sh ## 5 | The default DNS name for a raspberry pi is `raspberrypi.local` 6 | This is obviously an issue if you have more than on Raspberry Pi on your network. 7 | `create_custom_host.sh` can be used when setting up more than one Raspberry Pi for the same network. The hostname change happens **immediately**. 8 | 9 | Operates two different ways 10 | 1. Sets the hostname to be unique by including the CPUID. 11 | 1. Write down the name prior to restart or you won't be able to find the machine in DNS / mDNS. 12 | 1. Can also set the hostname from a hostname mapping file. 13 | 1. Create a file _PiNames.txt_ with a list of host names and CPUIDs. 14 | 1. The script will pull the host name from the matching row in the file 15 | 16 | 17 | ## enable_uart_g_ether.sh ## 18 | Enables the USB ethernet gadget feature on a Raspberry Pi Zero (W, 1.3...). This makes the the Raspberry Pi Zero appear as a new network when plugged into a PC/Mac USB port. It shows up as a _raspberrypi.local_ on a _169.x.x.x_ network. 19 | 20 | ## enable_ssh_restrict_interface.sh ## 21 | Enables SSH but blocks connections on **non USB0** interfaces. No other service/port is affected. All inbound services other than SSH are available on all interfaces. Lets you ssh into a **Raspberry Pi Zero** that has been configured as a network gadget while blocking WAN/LAN connections. 22 | 23 | ### Impact on SSH connectivity 24 | A computer connected to the Raspberry Pi Zero via ethernet or wi-fi cannot SSH into the R-Pi. 25 | 26 | A computer connected to the Raspberry Pi Zero via USB Ethernet gadget can SSH into the R-Pi as long as it uses the LAN interface USB0. Connections via other interfaces will be blocked like in the previous scenario 27 | 28 | SSH connectivity after will be the following after running the script. 29 | 30 | | SSH | wlan0 | eth0 | usb0 | 31 | |-----|----------|---------|---------| 32 | |IPV4 | disabled | enabled | enabled | 33 | |IPV6 | disabled | enabled | enabled | 34 | 35 | eth0 is left enabled because we assume hardware network is trusted and protected by firewall. You can change flag in the file to block eth0 36 | 37 | ### Impact on usability of mDNS ### 38 | mDNS/Bonjour may return all of the IPV4/IPV6 addresses for all interfaces. You must SSH into the Raspberry Pi Zero using one of the addresses for the USB0. You will have to look up the IPV4/IPV6 addresses and determine which ones are available. 39 | 40 | Use the **dns-sd** command. The following command returns all addresses for a Raspberry-Pi that has two network interfaces: _wlan0_ and _usb0_ (gadget). You can see the two interfaces in the interface (_if_) column. 41 | 42 | * dns-sd -G v4v6 \.local 43 | ``` 44 | C:\Users\joe>dns-sd -G v4v6 pi-520863f1.local 45 | Timestamp A/R Flags if Hostname Address TTL 46 | 21:57:00.586 Add 3 20 pi-520863f1.local. FE80:0000:0000:0000:1B31:2156:F706:AFB8%ethernet_32785 120 47 | 21:57:00.590 Add 2 20 pi-520863f1.local. 169.254.107.129 120 48 | 21:57:00.674 Add 3 13 pi-520863f1.local. FE80:0000:0000:0000:1BE6:83EB:185C:D72F%ethernet_32777 120 49 | 21:57:00.676 Add 2 13 pi-520863f1.local. 192.168.1.3 120 50 | ``` 51 | My home network is _192.168.1.x_ and that the mDNS network is usually _169.254.x.x_ . SSH, for the host in the example, is only be available on the 169 network. 52 | 53 | Only SSH is restricted. This means you can 54 | * _SSH_ into any of the address on _IF 20_. 55 | * Connect to any non SSH service, like a web server, on all returned addresses (all interfaces). 56 | 57 | #### Notes 58 | * The host in the example command had its hostname set with _create\_custom\_host.sh_ 59 | * **dns-sd** 60 | * You **must include** the _.local_ when running _dns-sd_ with a hostname. 61 | * SSH, mDNS and the routing can take a while to go live on a Raspberry Pi Zero connected to a PC. 62 | * DNS may show quickly. The routing seems to take a while. 63 | * I've seen it take several minutes to be able to ssh on the 169.168 network addresses. I found it easiest to ping the box until it replies. Initially the ping will timeout and then start seeing replies. 64 | * You may not see slow/routing or routing timeouts if the USB connection is the only route between your PC and the Raspberry Pi Zero in with ether gadget. 65 | 66 | 67 | -------------------------------------------------------------------------------- /alexa-smart-screen-voice-sdk-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 3 | # 4 | # SPDX-License-Identifier: MIT 5 | # 6 | # 7 | # https://developer.amazon.com/en-US/docs/alexa/alexa-smart-screen-sdk/raspberry-pi.html 8 | # 9 | # Installs the alexa voice sdk - as part of smart screen 10 | # Does not install the APL core library or the Smart Screen SDK! 11 | # NOTE: Only tested with Google AIY Voice Hat and an GoogleAIY Raspberry Pi OS image 12 | # 13 | # true: install sensory library. Will prompt for license approval 14 | # false: does not isntall sensory library. Keyboard sample only 15 | enable_wake_word=true 16 | 17 | if [ $(id -u) -eq 0 ] 18 | then 19 | echo "Please do not run as root" 20 | exit 1 21 | fi 22 | 23 | # assumes in ~ 24 | default_config_file_name="config.json" 25 | ls $HOME/$default_config_file_name 26 | if [ ! -f "$HOME/$default_config_file_name" ] ; 27 | then 28 | echo "Create config.json using the Amazon portal https://developer.amazon.com/en-US/docs/alexa/alexa-voice-service/input-avs-credentials.html" 29 | exit 1 30 | fi 31 | 32 | cd $HOME 33 | mkdir -p sdk-folder 34 | cd sdk-folder 35 | mkdir -p sdk-build sdk-source third-party sdk-install db 36 | 37 | sudo apt-get update 38 | sudo apt-get -y install \ 39 | git gcc cmake build-essential libsqlite3-dev libcurl4-openssl-dev libfaad-dev \ 40 | libssl-dev libsoup2.4-dev libgcrypt20-dev libgstreamer-plugins-bad1.0-dev \ 41 | gstreamer1.0-plugins-good libasound2-dev doxygen 42 | 43 | cd $HOME/sdk-folder/third-party 44 | 45 | # yes, 2016 is the last year it was deemed truely stable 46 | wget -c http://www.portaudio.com/archives/pa_stable_v190600_20161030.tgz 47 | tar zxf pa_stable_v190600_20161030.tgz 48 | 49 | cd portaudio 50 | ./configure --without-jack 51 | make 52 | 53 | pip install commentjson 54 | 55 | cd $HOME/sdk-folder/sdk-source 56 | git clone --single-branch --branch v1.21.0 git://github.com/alexa/avs-device-sdk.git 57 | 58 | if [ "$enable_wake_word" = true ] ; then 59 | # This installs the sensory library to enable wake word. 60 | # It pauses the installation asking for liscense agreement. 61 | # There should really be a switch here to enable/disable 62 | cd $HOME/sdk-folder/third-party 63 | git clone git://github.com/Sensory/alexa-rpi.git 64 | cd $HOME/sdk-folder/third-party/alexa-rpi/bin/ 65 | ./license.sh 66 | 67 | cd $HOME/sdk-folder/sdk-build 68 | # Include the sensory library 69 | cmake $HOME/sdk-folder/sdk-source/avs-device-sdk \ 70 | -DSENSORY_KEY_WORD_DETECTOR=ON \ 71 | -DSENSORY_KEY_WORD_DETECTOR_LIB_PATH=$HOME/sdk-folder/third-party/alexa-rpi/lib/libsnsr.a \ 72 | -DSENSORY_KEY_WORD_DETECTOR_INCLUDE_DIR=$HOME/sdk-folder/third-party/alexa-rpi/include \ 73 | -DGSTREAMER_MEDIA_PLAYER=ON \ 74 | -DPORTAUDIO=ON \ 75 | -DPORTAUDIO_LIB_PATH=$HOME/sdk-folder/third-party/portaudio/lib/.libs/libportaudio.a \ 76 | -DPORTAUDIO_INCLUDE_DIR=$HOME/sdk-folder/third-party/portaudio/include \ 77 | -DCMAKE_BUILD_TYPE=DEBUG \ 78 | -DCMAKE_INSTALL_PREFIX=$HOME/sdk-folder/sdk-install \ 79 | -DRAPIDJSON_MEM_OPTIMIZATION=OFF 80 | else 81 | cd $HOME/sdk-folder/sdk-build 82 | cmake $HOME/sdk-folder/sdk-source/avs-device-sdk \ 83 | -DGSTREAMER_MEDIA_PLAYER=ON \ 84 | -DPORTAUDIO=ON \ 85 | -DPORTAUDIO_LIB_PATH=$HOME/sdk-folder/third-party/portaudio/lib/.libs/libportaudio.a \ 86 | -DPORTAUDIO_INCLUDE_DIR=$HOME/sdk-folder/third-party/portaudio/include \ 87 | -DCMAKE_BUILD_TYPE=DEBUG \ 88 | -DCMAKE_INSTALL_PREFIX=$HOME/sdk-folder/sdk-install \ 89 | -DRAPIDJSON_MEM_OPTIMIZATION=OFF 90 | fi 91 | make install 92 | 93 | # copy the config.json we got from amazon 94 | cp $HOME/config.json $HOME/sdk-folder/sdk-source/avs-device-sdk/tools/Install 95 | 96 | cd $HOME/sdk-folder/sdk-source/avs-device-sdk/tools/Install 97 | bash genConfig.sh config.json \ 98 | your-device-serial-number \ 99 | $HOME/sdk-folder/db \ 100 | $HOME/sdk-folder/sdk-source/avs-device-sdk \ 101 | $HOME/sdk-folder/sdk-build/Integration/AlexaClientSDKConfig.json \ 102 | -DSDK_CONFIG_MANUFACTURER_NAME="manufacturer name" \ 103 | -DSDK_CONFIG_DEVICE_DESCRIPTION="device description" 104 | 105 | # edit config file 106 | cd $HOME/sdk-folder/sdk-build/Integration 107 | if ! grep -q "gstreamerMediPlayer" AlexaClientSDKConfig.json; then 108 | cp AlexaClientSDKConfig.json AlexaClientSDKConfig-$(date -d "today" +"%Y-%m-%d-%H%M%S").json 109 | sed -i "s/^{/{\n \"gstreamerMediaPlayer\":{\n \"audioSink\":\"alsasink\"\n },/" AlexaClientSDKConfig.json 110 | fi 111 | 112 | # verify audio is working prior to install 113 | echo "playing sound to make sure it isn't all dead" 114 | aplay /usr/share/sounds/alsa/Front_Center.wav 115 | 116 | echo "The APL Core library and smart screen app have not yet been installed!!" 117 | echo "Run the SDK sample using alexa-smart-screen-voice-sdk-run.sh" 118 | -------------------------------------------------------------------------------- /Enable-Ethernet-Gadget.ps1: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2022 Joe Freeman joe@freemansoft.com 2 | # 3 | # SPDX-License-Identifier: MIT 4 | # 5 | # Usage: 6 | # Enable-Ethernet-Gadget -PIBootDrive F: -NetworkName my-ssid -NetworkPassord my-network-password 7 | 8 | #Commandline parameters 9 | param ( 10 | # Change this to your SD card boot location or pass in as parameter 11 | $PiBootDrive = "f:", 12 | $NetworkName, 13 | $NetworkPassword, 14 | [switch] $help 15 | ) 16 | 17 | if ($help) { 18 | write-host "usage: Enable-Ethernet-Gadget [-PIBootDrive F:] [-NetworkName my-ssid] [-NetworkPassord my-network-password] [-help]" 19 | exit 20 | } 21 | 22 | $SshFileNamePath = "$PiBootDrive\\ssh" 23 | Write-Debug "SshFileNamePath: $SshFileNamePath" 24 | 25 | $ConfigFilePath = "$PiBootDrive\\config.txt" 26 | $EnableGadgetOverlay = "dtoverlay=dwc2" 27 | Write-Debug "ConfigFilePath $ConfigFilePath" 28 | 29 | $CmdlineConfigFilePath = "$PiBootDrive\\cmdline.txt" 30 | Write-Debug "CmdlineConfigFilePath = $CmdlineConfigFilePath" 31 | 32 | $CmdlinePatternOrig = "rootwait quiet" 33 | $CmdlinePatternFinal = "rootwait modules-load=dwc2,g_ether quiet" 34 | 35 | $WpaSupplicantPath = "$PiBootDrive\\wpa_supplicant.conf" 36 | 37 | #################################################### 38 | # We know this file is always there 39 | if (!(Test-Path $ConfigFilePath)) { 40 | $script_name = $MyInvocation.MyCommand.Name 41 | Write-host "See usage: '$script_name -help'" 42 | Write-warning "Exiting: Is PiBootDrive set correctly? Can't find Pi bootfiles in $PiBootDrive. " 43 | exit 44 | } 45 | 46 | #################################################### 47 | # make a backup with date so we don't overwrite original backup 48 | $backup = @{ 49 | LiteralPath = "$ConfigFilePath", "$CmdlineConfigFilePath" 50 | CompressionLevel = "Fastest" 51 | DestinationPath = "$PiBootDrive\backup-cmd-config-$(get-date -f yyyy-MM-dd-hhmmss).zip" 52 | } 53 | Write-Output 'Backing up files to', $backup.DestinationPath 54 | Compress-Archive @backup 55 | 56 | #################################################### 57 | # touch ssh to enable ssh 58 | Write-Output "Enabling ssh" 59 | Add-Content $SshFileNamePath $null 60 | 61 | #################################################### 62 | # add the overly to config.txt 63 | $ConfigContentOrig = Get-Content $ConfigFilePath 64 | Write-Debug "$ConfigFilePath full contents:`n $ConfigContentOrig" 65 | # see if the final pattern is already in file 66 | $ConfigContainsOverlay = $ConfigContentOrig | % { $_ -match $EnableGadgetOverlay } 67 | Write-Debug "ConfigTxtContainsOverlay: $ConfigContainsOverlay" 68 | If ($ConfigContainsOverlay -notcontains $true) { 69 | Write-Output "Enabling ethernet gadget in $ConfigFilePath" 70 | Add-Content -NoNewline -Path $ConfigFilePath "`n# Enable ethernet gadget`n" 71 | Add-Content -NoNewline -Path $ConfigFilePath $EnableGadgetOverlay 72 | } 73 | else { 74 | Write-Output "Ethernet gadget already exists in $ConfigFilePath" 75 | } 76 | 77 | #################################################### 78 | # add overlay to cmdline.txt 79 | # add the overlay to the end of the right line in cmdline.txt 80 | $CmdlineContentOrig = Get-Content -path $CmdlineConfigFilePath -Raw 81 | Write-Debug "cmdline.txt before processing`n $CmdlineContentOrig" 82 | # see if original or final pattern are in file 83 | $CmdlineContainsOrig = $CmdlineContentOrig | % { $_ -match $CmdlinePatternOrig } 84 | $CmdlineContainsTarget = $CmdlineContentOrig | % { $_ -match $CmdlinePatternFinal } 85 | if ($CmdlineContainsOrig -contains $true) { 86 | Write-Output "Adding ethernet gadget to $CmdlineConfigFilePath" 87 | $CmdlineContentFinal = $CmdlineContentOrig -replace "$CmdlinePatternOrig", "$CmdlinePatternFinal" 88 | Write-Debug "cmdline.txt after `n $CmdlineContentFinal" 89 | Set-Content -NoNewline -Path $CmdlineConfigFilePath -Value $CmdlineContentFinal 90 | } 91 | elseif ($CmdlineContainsTarget -contains $true ) { 92 | Write-Output "Ethernet gadget already exists in $CmdlineConfigFilePath" 93 | } 94 | else { 95 | Write-Output "Ethernet gadget not added to $CmdlineConfigFilePath because I'm confused about contents" 96 | } 97 | 98 | 99 | ################################################### 100 | # enable wireless if values provided 101 | if ( ( $NetworkName -ne $null) -and ($NetworkPassword -ne $null)) { 102 | Write-Output "Configuring $WpaSupplicantPath for network $NetworkName" 103 | $WpaSupplicantString = 104 | 'ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev 105 | update_config=1 106 | country=US 107 | 108 | network={ 109 | ssid="NetworkName" 110 | psk="NetworkPassword" 111 | key_mgmt=WPA-PSK 112 | } 113 | ' 114 | $WpaSupplicantString = $WpaSupplicantString -replace "`r", "" 115 | $WpaSupplicantString = $WpaSupplicantString -replace "NetworkName", "$NetworkName" 116 | $WpaSupplicantString = $WpaSupplicantString -replace "NetworkPassword", "$NetworkPassword" 117 | Set-Content -NoNewline -Path $WpaSupplicantPath -Value $WpaSupplicantString 118 | } 119 | else { 120 | Write-Output "Wireless network not enabled: -NetworkName or -NetworkPassword not provided" 121 | } 122 | 123 | ################################################### 124 | # 125 | Write-Output "Copying aircrack-install.sh to boot volume in case you want to install and use it" 126 | Write-Output "Copying firewall.sh to boot volume in case you want to allow SSH only on USB0" 127 | Write-Output "Copying hostname-custom-serial.sh to boot volume in case you want to set hostname to pi-.local" 128 | Write-Output "Copying major security hole restoring default pi user unless you edit userconf.txt" 129 | Copy-Item -Path "*.sh" -Destination "$PiBootDrive" 130 | Copy-Item -Path "userconf.txt" -Destination "$PiBootDrive" 131 | 132 | Write-Output "Eject this Card, install in Pi, boot the Pi, ssh into the 'raspberrypi.local' as 'pi', run the scripts in /boot " 133 | -------------------------------------------------------------------------------- /README-AVS.md: -------------------------------------------------------------------------------- 1 | # AWS Voice Service SDK - Alexa 2 | Download, build and run Amazon Voice Service code and samples. Wakeword can be enabled. 3 | 4 | ## Installation and execution scripts scripts 5 | `smart-screen` scripts that install and run an AVS SampleApp per [Alexa Smart Screen Install for Raspberry Pi](https://developer.amazon.com/en-US/docs/alexa/alexa-smart-screen-sdk/raspberry-pi.html) 6 | 7 | Building on a Raspberry Pi 3 takes **hours** 8 | 9 | You must read and follow the 10 | [guide to enable AVS with your Amazon account](https://developer.amazon.com/en-US/docs/alexa/alexa-voice-service/register-a-product.html#register-your-prototype-and-create-a-security-profile) 11 | and get a config.json API token that you download to ~pi home directory. 12 | | script | purpose | 13 | | - | - | 14 | | alexa-smart-screen-voice-sdk-setup.sh | Installs the [Alexa Voice SDK (AVS) and SamppleApp using screen smart instructions](https://developer.amazon.com/en-US/docs/alexa/alexa-smart-screen-sdk/raspberry-pi.html) | 15 | | alexa-smart-screen-voice-sdk-run.sh | Runs the [AVS SampleApp using screen smart instructions](https://developer.amazon.com/en-US/docs/alexa/alexa-smart-screen-sdk/raspberry-pi.html) with wake word enabled | 16 | | alexa-smart-service-sdk-setup.sh | May not work at this time [AVS Sample App](https://developer.amazon.com/en-US/docs/alexa/alexa-voice-service/build-the-avs-device-sdk.html) | 17 | | alexa-smart-service-sdk-run.sh | May not work at this time [AVS Sample App](https://developer.amazon.com/en-US/docs/alexa/alexa-voice-service/build-the-avs-device-sdk.html)| 18 | 19 | You will be prompted on random intervals to provide registration codes for dev environments. 20 | 21 | ![Registration Screen](./images/AVS-Device-Registration.png) 22 | 23 | ## AVS Hardware Microphone 24 | [alexa-smart-screen-voice-sdk-run.sh](./alexa-smart-screen-voice-sdk-run.sh) attempts to configure the microphone via ~/.asoundrc file. 25 | It supports a USB Microphone I have tested it with AIY Voice Hat. 26 | You can verify an .asoundrc configuration by using `aplay` and `arecord` 27 | This has been tested with the following: 28 | 29 | | Microphone type | virtual card slot | Tested | Succeded | 30 | | - | - | - | - | 31 | | [AIY V1 voice hat on RPi3](https://aiyprojects.withgoogle.com/voice-v1) | 0 | Yes | Yes | 32 | | Logitech Rockband USB microphone on RPi3 on system with Voice Hat | 1 | Yes | Yes | 33 | 34 | | Speaker type | virtual card slot | Tested | Succeded | 35 | | - | - | - | - | 36 | | AIY voice hat on RPi3 | 0 | Yes | Yes | 37 | | HDMI Audio Channel | ? | No | N/A | 38 | 39 | ## Video walkthrough 40 | 41 | **Installation and usage on stock RPi with USB mic and audio jack** 42 | [![Walkthroiugh installing AVS on stock RPi3 Hardware](http://img.youtube.com/vi/qLfiqOiEKPY/0.jpg)](https://youtu.be/qLfiqOiEKPY "Video") 43 | 44 | **Installation and Usage on a RPi with Google AIY Voice Hat** 45 | [![Walkthrough installing AVS with Google AIY Voice hardware](http://img.youtube.com/vi/00nmUphjxog/0.jpg)](https://youtu.be/00nmUphjxog "Video") 46 | 47 | 48 | ## Example: Devices 49 | 50 | ### AIY 51 | * Image: aiyprojects-2020-11-20.img.xz 52 | * Google AIY V1 Voice Hat - Internal Sound disabled 53 | ```bash 54 | $ aplay -l 55 | **** List of PLAYBACK Hardware Devices **** 56 | card 0: sndrpigooglevoi [snd_rpi_googlevoicehat_soundcar], device 0: Google voiceHAT SoundCard HiFi voicehat-codec-0 [Google voiceHAT SoundCard HiFi voicehat-codec-0] 57 | Subdevices: 0/1 58 | Subdevice #0: subdevice #0 59 | ``` 60 | ```bash 61 | $ arecord -l 62 | **** List of CAPTURE Hardware Devices **** 63 | card 0: sndrpigooglevoi [snd_rpi_googlevoicehat_soundcar], device 0: Google voiceHAT SoundCard HiFi voicehat-codec-0 [Google voiceHAT SoundCard HiFi voicehat-codec-0] 64 | Subdevices: 0/1 65 | Subdevice #0: subdevice #0 66 | ``` 67 | 68 | Standard Raspberry Pi Audio, USB Mic and Google AIY V1 Voice hat 69 | ```bash 70 | $ aplay -l 71 | **** List of PLAYBACK Hardware Devices **** 72 | card 0: Headphones [bcm2835 Headphones], device 0: bcm2835 Headphones [bcm2835 Headphones] 73 | Subdevices: 7/8 74 | Subdevice #0: subdevice #0 75 | Subdevice #1: subdevice #1 76 | Subdevice #2: subdevice #2 77 | Subdevice #3: subdevice #3 78 | Subdevice #4: subdevice #4 79 | Subdevice #5: subdevice #5 80 | Subdevice #6: subdevice #6 81 | Subdevice #7: subdevice #7 82 | card 1: sndrpigooglevoi [snd_rpi_googlevoicehat_soundcar], device 0: Google voiceHAT SoundCard HiFi voicehat-codec-0 [Google voiceHAT SoundCard HiFi voicehat-codec-0] 83 | Subdevices: 0/1 84 | Subdevice #0: subdevice #0 85 | $ arecord -l 86 | **** List of CAPTURE Hardware Devices **** 87 | card 1: sndrpigooglevoi [snd_rpi_googlevoicehat_soundcar], device 0: Google voiceHAT SoundCard HiFi voicehat-codec-0 [Google voiceHAT SoundCard HiFi voicehat-codec-0] 88 | Subdevices: 0/1 89 | Subdevice #0: subdevice #0 90 | card 2: Microphone [Logitech USB Microphone], device 0: USB Audio [USB Audio] 91 | Subdevices: 1/1 92 | Subdevice #0: subdevice #0 93 | pi@pi-73b4b588:~ $ 94 | ``` 95 | 96 | ### Buster headless 97 | * Image: Buster 98 | * No monitor, headphones only, USB Logitech Rock Band Mic 99 | 100 | ```bash 101 | pi@pi-52863f1:~ $ aplay -l 102 | **** List of PLAYBACK Hardware Devices **** 103 | card 0: Headphones [bcm2835 Headphones], device 0: bcm2835 Headphones [bcm2835 Headphones] 104 | Subdevices: 8/8 105 | Subdevice #0: subdevice #0 106 | Subdevice #1: subdevice #1 107 | Subdevice #2: subdevice #2 108 | Subdevice #3: subdevice #3 109 | Subdevice #4: subdevice #4 110 | Subdevice #5: subdevice #5 111 | Subdevice #6: subdevice #6 112 | Subdevice #7: subdevice #7 113 | 114 | ``` 115 | ```bash 116 | pi@pi-52863f1:~ $ arecord -l 117 | **** List of CAPTURE Hardware Devices **** 118 | card 1: Microphone [Logitech USB Microphone], device 0: USB Audio [USB Audio] 119 | Subdevices: 1/1 120 | Subdevice #0: subdevice #0 121 | 122 | ``` 123 | 124 | 125 | ## Tested O/S 126 | Currently only tested on Raspberry Pi3 running Google Raspberry Pi Image and Google AIY V1 Voice Hat. 127 | AVS SDK was installed on top of that operating system. 128 | 129 | ## Script installation 130 | Cloning this repository onto your RPi is simplest way to get these onto your Raspberry Pi. 131 | The scripts will be copied onto the /boot partition of any Raspberry Pi Zero that has ether_gadget enabled via the Powershell Script -------------------------------------------------------------------------------- /README-Provision-and-EtherGadget.md: -------------------------------------------------------------------------------- 1 | # Wifi and ssh 2 | `Enable-Ethernet-Gadget.ps1` does more than enable just the gadget for the Raspberry Pi Zero 3 | 1. Enables SSH 4 | 1. Enables wifi if network name and password provided 5 | 6 | ## Setup 7 | Run the `Enable-Ethernet-Gadget.ps1` as described below 8 | 9 | # PiZero and Ethernet over USB 10 | Windows Powershell scripts and automation for building and configuring Raspberry Pi (Zero W) as an Ethernet Gadget. This means you can write a new Raspberry Pi Image and configure it for as a USB Network device and configure Wi-Fi before installing the card into a Raspberry Pi and starting it. 11 | 12 | This _Powershell_ script configures a freshly created Raspberry Pi bootable SD card to appear as a private network when plugged into a computer over USB. This means you can configure the USB network and Wi-Fi for a brand new Raspberry Pi without logging into the box to do it. You get full network connectivity and tooling for working with a Raspberry Pi that would not otherwise be on a network. 13 | 14 | I built this using PowerShell because my base laptop is a windows machine. 15 | 16 | ## Pi Zero / Pi Zero topology with USB g_ether gadget 17 | ![Topology with PC and Pi-Zero-W](./images/Pi-Network-Gadget.png) 18 | 19 | ## Pi topology for devices that don't support g_ether: Pi-2, Pi-3, Pi-4, etc. 20 | ![Topology with PC and Ethernet connected Pi](./images/Pi-Network-Non-Zero.png) 21 | 22 | ## Video Walkthrough 23 | * Setup and usage of Ethernet Gadget 24 | [![Video Walkthrough using Pi Zero W with ethernet gadget](http://img.youtube.com/vi/Ci_mZJoS3tg/0.jpg)](https://youtu.be/Ci_mZJoS3tg "Youtube") 25 | 26 | ## Configure a Raspberry PI Zero O/S SDCard using Enable-Ethernet-Gadget.ps 27 | 1. Configures the Pi Zero USB as OTG 28 | 1. Makes the Pi appear a USB based network adapter with the Pi as the other device on the network. This is sometimes referred to as a _Network Gadget_ mode. 29 | 1. Enables SSH so you can ssh in over the USB connection or over wifi 30 | 1. _Optionally_ configures the wi-fi for a specific network 31 | 1. Copies some useful configuration scripts to the boot partition 32 | 33 | ## Script Usage 34 | `Enable-Ethernet-Gadget -PIBootDrive F: -NetworkName my-ssid -NetworkPassword my-network-password` 35 | * `PIBootDrive` The Drive letter for the SD card boot partition _Defaults to F:_ 36 | * `NetworkName` The SSID of your wireless network 37 | * `NetworkPassword` The wireless network password 38 | 39 | `NetworkName` and `NetworkPassword` are _optional_ parameters. Both are _required_ if either are specified. 40 | 41 | ## Steps to configure Pi Zero as USB Network Device 42 | 1. Create a new micro SD card using the _Raspberry Pi Imager_ 43 | 1. You may have to eject the card and re-insert it to mount the boot partition 44 | 1. Run the script `Enable-Ethernet-Gadget.ps` as described in _Usage_ 45 | 1. Eject the card and insert into Raspberry Pi Zero 46 | 1. Plug the _USB_ port into your computer. 47 | 1. Plug a power adapter into the _POWER_ port on the Raspberry Pi Zero 48 | 1. Wait for the device to boot up. The first boot is the slowest as it unpacks the fresh O/S 49 | 1. You should see `USB Ethernet/RNDIS Gadget` in the _Device Manager_ control panel 50 | * ![Widnows Device Manager](./images/RaspberryPi-NDIS-Gadget.png) 51 | * Read [this blog](https://joe.blog.freemansoft.com/2022/11/installing-rndis-driver-on-windows-11.html) to learn hou can install the Windows RNDIS driver if you only see a `USB Serial Port` in the control panel. Should work for Windows 10 and Windows 11. 52 | 53 | ## Steps to configure Pi 3 or other _non Pi Zero_ devices 54 | 1. Create a new micro SD card using the _Raspberry Pi Imager_ 55 | 1. You may have to eject the card and re-insert it to mount the boot partition 56 | 1. Run the script `Enable-Ethernet-Gadget.ps` as described in _Usage_ 57 | 1. Eject the card and insert into Raspberry Pi 3, etc. 58 | 1. Plug a hardwire ethernet connection in. We will disable wifi ssh access later. 59 | 1. Plug a power adapter into the _POWER_ port on the Raspberry Pi Zero 60 | 1. Wait for the device to boot up. The first boot is the slowest as it unpacks the fresh O/S 61 | 1. Proceed to verification 62 | 63 | ## Verify over the USB connection or Ethernet 64 | 1. `ping raspberrypi.local` 65 | ``` 66 | PS C:\pi-zero-ethernet-gadget> ping raspberrypi.local 67 | Pinging raspberrypi.local [fe80::d31c:3ca4:a4b6:895f%61] with 32 bytes of data: 68 | Reply from fe80::d31c:3ca4:a4b6:895f%61: time=1ms 69 | Reply from fe80::d31c:3ca4:a4b6:895f%61: time<1ms 70 | Reply from fe80::d31c:3ca4:a4b6:895f%61: time<1ms 71 | Reply from fe80::d31c:3ca4:a4b6:895f%61: time<1ms 72 | ``` 73 | 1. SSH to the device it is known as `raspberrypi.local` The default username is `pi` and the default password is `raspberry' 74 | * Using the linux WSL command prompt `ssh pi@raspberrypi.local` 75 | * Using Putty... _to be added_ 76 | 77 | ## Log in and verify wifi (optional) 78 | 1. SSH into the device 79 | 1. run `ifconfig wlan0` and verify the IP address is from your network. 80 | * A `169.x.y.z` address means it did not work. 81 | 82 | ## Log in and set the hostname and firelall rules 83 | 1. SSH into the device 84 | 1. Follow the instructions in README-Provision-and-EtherGadget.md 85 | 86 | ## Troubleshooting 87 | ### Enabling Powershell scripts 88 | 89 | You may have enable powershell scripts from an _elevated_ prompt 90 | `set-executionpolicy remotesigned` 91 | 92 | ### Enabling Debug Output 93 | 94 | * Enable debug out put with 95 | * `$DebugPreference = "Continue"` 96 | * Disable debug with 97 | * `$DebugPreference = "SilentlyContinue"` 98 | * Supposedly you can temporarily enable deebug outwith but I never got it to work: -Debug 99 | 100 | ## Related Sites 101 | * Install Raspberry Pi OS using [Raspberry Pi Imager](https://www.raspberrypi.org/software/) 102 | * [This site](https://medium.com/@aallan/setting-up-a-headless-raspberry-pi-zero-3ded0b83f274) provided the basis for this script 103 | 104 | ## Known Issues 105 | 1. Hard coded country code is 'US' 106 | 107 | ## All Gadget Modules 108 | As of 11/2020 109 | 110 | | | | 111 | |-|-| 112 | | Serial | g_serial | 113 | | Ethernet | g_ether | 114 | | Mass storage | g_mass_storage | 115 | | MIDI | g_midi | 116 | | Audio | g_audio | 117 | | Keyboard/Mouse | g_hid | 118 | | Mass storage and Serial | g_acm_ms | 119 | | Ethernet and Serial | g_cdc | 120 | | Multi | g_multi - Allows you to configure 2 from Ethernet, Mass storage and Serial | 121 | | Webcam | g_webcam | 122 | | Printer | g_printer | 123 | | Gadget tester | g_zero | 124 | 125 | --------------------------------------------------------------------------------