Data Dummy

An Idea for technical Ideas

LSI SAS9211-8i SAS2008(B2) HBA FLASH FreeNas


WARNING! Flash at your own risk.  This is just what I did to flash my card.  You are responsible for destroying your own stuff.  And, Yes - You can easily destroy your card doing this.

Steps to flashing your sas controller for freenas.

First.  FreeNas only works with a handful of non-raid controller cards.  Most all of them need to be flashed.  They need to be in IT mode.  Most of them are in IR mode (raid).   


1. DOS or UEFI (Very Important):  What's the difference.  This is your motherboard bios.  If you have a current motherboard, then it is probably UEFI.  How will you know.  Well, when you boot the machine into the bios (typically hitting the "DEL" key on boot up - It will likely be a GUI interface.  AND.  When you look at your boot options in the bios, you will probably see something about UEFI.  DOS, Well... DOS Is DOS.  Your bios is likely a non-GUI interface that is navigated with the arrows and the escape key ;)  

DOS is easier.  If you have UEFI, you will need to create your boot media using the sas2flash.efi, and possibly the bootx64.efi files.  Don't worry we will get to where you get the files, and where they go.  

2. PCIe - What will fit.  The SAS2008 Or SAS9211 (same same) is a PCIe 2.0 card.  It will fit in a PCIe 16 port.  See this YouTube for further explanation.  It will not fit in a PCIe 1.0 slot.

3. Where do I start.  Well.  

-You are going to need a computer that you can unplug everything but your sas card.  This will protect you a little from flashing something that you didn't mean to flash.  

-A USB 2.0 or less thumb drive.  Depending on your motherboard.  DO NOT USE USB 3.0.  Note, most of these cards are legacy cards, and are barely supported with current configurations.  That is why you see so much headache on the forums about this process. 

-Software.  I used Rufus to create my bootable media (usb).

-Firmaware - This is a tricky one.  The sas2flash software, and firmware by Broadcom rescently changed their site making it very difficult to find the firmware.  Go to the link I provided and use keyword search "9211-8i" (You are looking for this "firmware":

-Installer Do another keyword search for "Installer".  You are looking for this (under firmware):

4. OK...

To Be Continued.  I gotta go to bed...

Permalink | Comments (117) | Post RSSRSS comment feed

Digispark Real Time Clock and Arduino R3

Permalink | Comments (273) | Post RSSRSS comment feed


If you have never been hacked - READ THIS!

There are hundreds (if not thousands) of ways to exploit someone's computer / server / website code / information.  I don't have time this morning to talk about them all, but I will tell you what happened to me.  

It was early Saturday morning around 5 am.  I had started my normal routine [just imagine boring stuff written here...] , and was at the point where I check the websites that I maintain for [more boring stuff...] and found an anomaly. The home page content was missing.  I thought - this is odd.  I clicked around the site to find that other pages had similar anomalies.  I checked the source code (right click - view source), and found about fifty lines of JavaScript that was not mine.  [Huge bells going off in head], OMG, I've been hacked!!!


I immediately opened my FTP client (software for uploading files to an FTP server, FileZilla), and browsed to the home directory where the files are stored and began investigating.  I found that the files were updated; That morning at 0400 AM.


I looked through the folder structure and found about 80 files that were updated around that time.  This was a huge win for me.  A good hacker would have used another method for changing these files (I wont mention what that is), and would have been a lot harder to check.  Instead they went with the quick hack of simply download/edit/save/upload probably with a CMS FTP type program.  Hacking an FTP is pretty strait forward - Simply run millions of passwords through known usernames, and hope for a match.  Most FTP servers do not allow for special characters making it easier to run password scripts against usernames...


I was lucky enough to fix all the files, and run a scan of the site to make sure there were no more infected files.  I researched the JavaScript attack and found hundreds of other sites that were infected with the same script.  I used a Virtual Machine (Oracle Virtual Box) to click around the site and get infected with the virus.  Good news - My outdated free Antivirus (Microsoft Security Essentials) found and removed the virus quickly and without trouble. 

If you manage a website, or a blog.  Make sure you employ the free hosting security options.  If your host does not offer a security malware screener, then signup for a Google and Bing webmaster account, and use their malware scanner.  Change your password and username often, Never use real English words in the password, and don't use the number 01, 10, 0, 1 at the beginning or end of the password.

Good Luck, hope this helps someone. 

Permalink | Comments (66) | Post RSSRSS comment feed