Monthly Archives: December 2008

Hide Image Source using CSS Sprite Technique via PHP and Javascript

After thinking how silly it is to attempt to prevent people from downloading images by blocking the right-click functionality, I thought, “There must be a better way to do this!”

So, I came up with a technique to scramble the image and rearrange it using CSS so it looks normal.

I released it to Google Code:

Check it out in action here:

Go ahead, try to steal the image!

(Without using a screengrab, jerk!)

It could use a lot of cleaning up and there are plenty of possibilities for improvement.  I’m hoping the Open Source Community will pick it up!

Remote Updates on a Blackfin Device – Part 2

OK, here is the second part of my approach to (safely) apply software application updates remotely to a Blackfin device without using netboot.

See Part 1 for the background.

So, we now have our Blackfin booting uClinux from a compressed image stored in a flash partition.  We allocated two other flash partitions:

  • Bootloader (Das U-Boot)
  • Flash filesystem (jffs2)

In the startup messages, you should see something like this:

Creating 3 MTD partitions on "physmap-flash.0":                                
0x00000000-0x00040000 : "Bootloader"                                           
0x00040000-0x00100000 : "jffs2"                                                
0x00100000-0x00400000 : "uImage"

The jffs2 partition is mounted in the startup script /etc/rc. You need these two lines somewhere:

mkdir /mnt/flash
mount -t jffs2 /dev/mtdblock1 /mnt/flash

The mounted directory /mnt/flash/ is used to store application updates.  Those will persist between device power cycles and are deployed each time the device boots.

The application deployment is kicked off by another line in /etc/rc.  I simply call a script I created: /bin/deploy.  Here’s what is inside /bin/deploy:


cd /mnt/flash                                                                  


md5sum -c $md5name                                                             
if [ $? -ne 0 ]                                                                
  echo "md5 BAD! Deploy aborted."                                              
  echo "md5 OK. Deploying applications."                                       
  tar zxvf $pkgname -C /                                                       

This script changes to the directory /mnt/flash/ (our persistant flash filesystem) and checks if a valid tarball exists for this device.  The tarball must begin with the hostname of the device and includes a version id.  The tarball must also pass an md5 check.  If the check is successful, the tarball is exploded from / (root), placing new software in the device.

Now, how do we get the tarball of updated software and its md5 into /mnt/flash?  I created another script for that:


if [ $# -ne 1 ]
  echo "Syntax Error"
  echo "Usage $0 <version>  e.g. $0 1.0.2"

  cd /mnt/flash


  if [ -f $pkgname ]
    echo "$pkgname already exists.  Download new copy? [Y/n]"
    read ans
    if [ $ans == "N" -o $ans == "n" ]
      echo "Using local copy of $pkgname."
      echo "Downloading new copy of $pkgname."
    echo "$pkgname needs to be downloaded."

  if [ $download -eq 1 ]
    rm $machine-*.tgz
    rm $machine-*.md5
    tftp -g -l $pkgname -r $pkgname fs
    tftp -g -l $md5name -r $md5name fs
    md5sum -c $md5name

This script is just a smart downloader.  It takes an input parameter as the version number of the device application upgrade to download.  It prepends the hostname to the version number and creates two filenames: 1) the tarball, and 2) the md5.

It first checks if the upgrade needs to be downloaded and allows the user a choice to download a new copy or use existing one if upgrade version exists.  It it does not exist, it automatically downloads it (via TFTP) from a TFTP server.  (The setup of that server is outside of the scope of this, but I will explain below how the tarball and md5 are created.)

After the download of the upgrade, it performs an md5 check and deploys the new upgrade.

The final step is creating the upgrade tarball and md5.  To accomplish this, I created a slightly crude ant task:

tar czvf $(LCO_VER_FW).tgz -C romfs/ bin/lco-fw-post bin/lco-enviro-update home/httpd/cgi-bin/command home/httpd/cgi-bin/status
md5sum $(LCO_VER_FW).tgz > $(LCO_VER_FW).md5
scp $(LCO_VER_FW).* root@fs:/tftpboot/

It contains three steps:

  • Create tarball – based from root dir (romfs), include necessary files
  • Create md5
  • scp both files to TFTP server

LCO_VER_FW is just a variable conatining the hostname and version id.

And there you have it!  A complete, safe solution to upgrade device-specific software remotely without using netboot!

Remote Updates on a Blackfin Device – Part 1


The goal is a controller for various mechanical devices (move motors, read sensors via GPIO) with a web interface (HTML and web-services).

I spent some time organizing a safe method for deploying application updates to a remote blackfin device.  There were a couple restrictions that led to my final plan.

  • If the update process fails, the device should still boot and be accessible via internet.
  • Updating needs to be done remotely via internet.


Flash Layout

Three paritions:

  • Bootloader (u-boot) – 2 sectors 0x20000000-0x2003FFFF
  • Flash filesystem (jffs2) – 6 sectors 0x20040000-0x200FFFFF
  • uClinux compressed image (uImage) – 24 sectors 0x20100000-0x203FFFFF

I originally placed the uImage parition directly after the u-boot partition, with the jffs2 partition at the end.  The flash device on the CM-BF537E splits the flash into two halves addressable by toggling a GPIO pin (pf4).  Some tools handled the addressing and toggling of pf4 for me, others didn’t.  It turned out easier to move the jffs2 parition into the first half of flash and let the uImage parition straddle the flash halves.

Setting Up U-Boot

On the first boot, I wanted u-boot to download the uImage (via TFTP) and write it to flash memory.  However, we did not want the device to always netboot, so u-boot would then alter itself to boot from the flashed uImage.

U-boot also needs to erase the jffs2 paritions on a fresh CM-BF537E so the filesystem can mount.

Here is the important section from cm-bf537e.h

    "protect off 0x20040000 0x200FFFFF;"
    "erase 0x20040000 0x200FFFFF;"
    "protect on 0x20040000 0x200FFFFF;"
    "run erasejffs2;"
    "tftp $(loadaddr) $(imagename);"
    "protect off 0x20100000 0x203FFFFF;"
    "erase 0x20100000 0x203FFFFF;"
    "cp.b $(loadaddr) 0x20100000 0x300000;"
    "protect on 0x20100000 0x203FFFFF;"
    "setenv bootcmd run localboot;"
    "pf4 set;"
    "cp.b 0x20100000 $(loadaddr) 100000;"
    "pf4 clear;"
    "cp.b 0x20000000 0x1100000 200000;"
    "pf4 set;"

Again, on first boot, the device auto-runs tftpupdate.  Here is what happens:

  • Jffs2 parition is erased
  • uImage is downloaded into memory (address 0x1000000)
  • Unprotect flash sectors where uImage will be stored
  • Erase flash sectors where uImage will be stored
  • Copy uImage into flash
  • Protect flash sectors where uImage is now stored
  • Change default startup command to localboot (described below)
  • Save setting change
  • Reset device

When the device comes back up, here is what happens:

  • Ping a server (the only thing this does is write the u-boot MAC Address to the network device so uClinux will use the same MAC Address and not assign a random one)
  • Set the GPIO pin to use the first half of flash (mentioned above)
  • Copy uImage from first half of flash into memory (0x1000000)
  • Clear GPIO pin to use second half of flash
  • Copy remainder of uImage in upper half of flash to memory (offset from previous copy)
  • Re-set GPIO pin
  • Boot uImage from memory

From here, the device is now running!

Upgrades to the uImage stored in flash are possible, but the u-boot console is needed to halt the autoboot and run the tftpupdate macro again.

This post is actually just the setup of U-Boot and uClinux to boot a blackfin device from a stored uImage (i.e. NOT netboot).  Part 2 will explain the scheme for updating the device remotely – without netboot!