Skip to content

Instantly share code, notes, and snippets.

Avatar

Ethan Spoelstra espoelstra

View GitHub Profile
@espoelstra
espoelstra / sneaky-socks-stuff.md
Created Nov 18, 2020
Setting up a SOCKS proxy via a jump server or bastion host for ChromeOS in Developer Mode with a Yubikey
View sneaky-socks-stuff.md

Using the ChromeOS host shell aka crosh for SOCKS5 tunneling

Prerequisites

Set up SSH access to the host sshd, either manually starting it or by removing the read-only protection on the rootfs. See this gist on how to do it manually which is the safest and least intrusive option. https://gist.github.com/espoelstra/c910a8f5de6ba16d09fdb2014a5d843c

Once you've gotten ssh access to the chronos user's shell you can setup an SSH config that allows forwarding of your SSH key to the next host, in this case the jump server or bastion host.

https://gist.github.com/mtds/dc1e3df84e84318b3713cce26dd54f24#socks-proxy

@espoelstra
espoelstra / fetch-install-from-local.sh
Created Nov 14, 2020
[WIP] Quick script for local grab of chrx dist.tar.gz to install into /usr/local
View fetch-install-from-local.sh
#!/bin/bash
# Can execute if this is only being run once, or source it to keep the Python server around
cleanup() { pkill python3 2>/dev/null; unset CHRX_WEB_ROOT; }
# Don't want previous `pkill -P $$` which would kill parent session if sourced?
# trap cleanup EXIT
# Set to Web Server for Chrome and will attempt to fallback to Python or fail
# Use Web Server for Chrome if user doesn't pass a custom host
: ${CHRX_WEB_ROOT:="http://localhost:8887/"}
@espoelstra
espoelstra / stupid-chromeos-tricks.md
Created Nov 14, 2020
Stupid ChromiumOS ChromeOS tricks for Developer Mode
View stupid-chromeos-tricks.md

If you want to run some scripts and don't want to deal with copying it from Crouton or Crostini into Crosh after extracting, there are some ways to use the available tools to do everything purely in Crosh in Developer Mode.

Unzip alternative

CLI recovery.sh instead of GUI/Chrome App

If you need to make git commits you'll either need to dev_install (when they fix it) or use chromebrew.

Yubikey + Crosh

@espoelstra
espoelstra / yubikey-crosh-secure-shell.md
Last active Nov 14, 2020
Access ChromeOS Crosh shell via ssh to localhost using Secure Shell and a Yubikey for passwordless auth
View yubikey-crosh-secure-shell.md

Why oh why

I want to develop some scripts for things like Chrx, Chromebrew, MrChromebox scripts etc and I don't want to register a new SSH key to my account every time I need to powerwash or use recovery on one of my Chromebooks because I messed it up. I already use my Yubikey for GPG/FIDO/U2F/SSH on all the other systems I develop on, and I only needed the SSH portion to work for this particular use case. I also didn't want to deal with using Crouton or Crostini since that requires additional downloads and more configuration and complexity.

Challenges

Since the Crosh userland doesn't have scdaemon or pcscd for talking to the smart card, I had to come up with another way to access the Yubikey and make the SSH key available. I ended up trying a few different things to make it work, but overall the solution ended up being brilliantly straightforward. Originally I tried using Chromebrew to install one of the smartcard access/manager packages, but the dependency chain ended up pulling in Gnome keyring and a

@espoelstra
espoelstra / unzip-file.sh
Last active Nov 13, 2020
Mount and extract zip in Crosh shell without needing Files app or unzip
View unzip-file.sh
#!/bin/bash
# Executed with bash unzip-file.sh someFiles.zip [destpath]
# Destination by default is ~/Downloads/ you can override but may end up with extra folders if the zip contains one at the root
# For long term use mkdir -p /usr/local/bin/ and put this file in that folder as `unzip` and `chmod a+x /usr/local/bin/unzip`
ZIP_MOUNT_DIR=/media/archive/user
ensure_archive_user_exists() {
sudo mkdir -p ${ZIP_MOUNT_DIR}
sudo chmod a+rwx ${ZIP_MOUNT_DIR}
}
@espoelstra
espoelstra / mount-chrx.sh
Last active Nov 14, 2020
Script for mounting chrx partition for editing grub options or manipulating other packages
View mount-chrx.sh
#!/bin/bash
# Manual Grub fixing for Chrx
# This exports any variables set between -a/+a
# while the := allows passing in an alternate path to mount/
# Temporarily stealing /dev/sd* /dev/mmcblk* /dev/nvme* case from Chrx functions to print partitions properly
set -a
: ${CHRX_INSTALL_ROOT:=/tmp/chrxroot} \
${CHRX_ROOT_DISK:=$(rootdev -s -d)} \
${CHRX_TARGET_DISK:=$(rootdev -s -d)}
set +a
View git-io-custom-url.md

Command:

curl https://git.io/ -i -F "url=https://github.com/YOUR_GITHUB_URL" -F "code=YOUR_CUSTOM_NAME"

URLs that can be created is from:

  • https://github.com/*
  • https://*.github.com
  • https://*.github.com/*
  • https://*.github.io
@espoelstra
espoelstra / fix-chrome-session.sh
Created Mar 19, 2020
Disable Chrome automatic recovery when a crash happens by fixing the state before it starts
View fix-chrome-session.sh
# Find exited cleanly and set it to true
sed -i 's%"exited_cleanly"%c"exited_cleanly": true' ~/.config/chromium/Default/Preferences
# could potentially run chrome || sed or add it to the desktop shortcut before launching chrome
@espoelstra
espoelstra / esc_ctrl.json
Last active Mar 18, 2020
karabiner elements esc inside VM where outer host has Caps remapped already `open 'karabiner://karabiner/assets/complex_modifications/import?url=https://gist.githubusercontent.com/espoelstra/7457c97a09d966e4cb62c6bc406b0422/raw/esc_ctrl.json'`
View esc_ctrl.json
{
"title": "esc double mapping",
"rules": [
{
"description": "left Ctrl is remapped to Cmd, need esc when held to simulate other ctrl",
"manipulators": [
{
"type": "basic",
"from": {
"key_code": "escape",