Overview

Shipznet develops high-speed wireless routers along with an antenna for the maritime industry, offering a cost-effective alternative to VSAT or INMARSAT satellite communication data. These routers optimize data costs for crew members by seamlessly switching to land-based signals whenever available, ensuring efficient and affordable internet access at sea. For this awesome product based company, I had worked (03.2017 to 06.2018) on various projects, ranging from building OpenWRT-based embedded Linux firmware distributions to developing router software features, automating SIM card switching, and booting up new hardware boards. Some of these projects are listed below.

  • Note: Source code is not provided or available for the projects below, as everything is “proprietory”.

Project 1:

SIM switching algorithm based on the signal quality and location of the ship.

Data roaming costs are everywhere when a ship crosses from one country border to other country border, so to optimize the roaming costs to 95-100%, i used the additional 5 simcards functionality to switch them depending on location (geo-cordinates) and signal quality. This helped shipping companies save additional costs.

  • Note: The below developed Java API (Project 4) is used to develop the algorithm that interacts with hardware.

Project 2:

Projecting the travelled path of the ship on to the router web interface OpenStreetMap tab.

To get a better statistics of the connectivity, signal quality, where, when, how the ship connects, and to optimize costs to atleast 50-60%, a javascript based routers web interface was developed to manage the router. When the ship is online, it saves all the parameters into a MYSql database onboard. Everytime the ship goes again online, the data is feteched via SQL scripts into the javascript based app and project the path on OpenStreetMap. This helped atleast the ships navigate in best routes possible where the land connectivity is better.

  • Note: Google Web Development Kit is used to generate javascript code for the router web interface from Java code.

Project 3:

Booting secure openWrt (LEDE) from an SD Card with fused boot configuration.

OpenWRT The custom wirelss router is based on i.MX6 SoloX processor. I have encrypted the u-boot bootloader to securely boot openwrt lede linux and its filesystem and also wrote a bash script to automate the entire hardware boot up process from an external serial interface (using a raspi). Below are the steps how it is done.

1. Implementing Secure Boot on an OpenWrt Device

Many SoCs (e.g. in our case its NXP i.MX6 SoloX ) have One-Time Programmable (OTP) fuses to enable Secure Boot. Once enabled, only signed bootloaders can be executed.

  • Just as an example: A command like this, which will be mentioned in the datasheet - fuse prog 0 6 0x1 Enables Secure Boot (irreversible)'.

2. Signing U-Boot (Secure Bootloader)

Modified U-Boot to enforce signed kernel images:

As an example it could be configured like this: CONFIG_SECURE_BOOT=y CONFIG_FIT_SIGNATURE=y CONFIG_RSA=y after this step we use a RSA key generator to generate a signed u-boot image.

3. Create a signed kernel image and root file system.

  • U-Boot will reject any kernel that isn’t signed with the correct key that you generated.

4. Flash the image onto a SD card.

  • After flashing the sd card with the u-boot and kernel, it will boot and prompit the user with a root shell.

With this setup, only trusted OpenWrt builds will run, and attackers cannot boot modified images.

Initial steps involves you building the encrypted images as mentioned and first perfom the booting via a serial interface and then do the fusing and flashing later to boot from SD card. The whole process is automated via a shell script which lies in raspberry pi with a prebuilt targetted image.

Project 4:

High-Level Java API for GPIO and Modem/SIM Card Control on raspberry pi.

Shipznet router has been built with 6 sim card slots, and “x” (secret) modems internally. In this project i developed a Java based API to interact with Raspberry Pi’s GPIO’s - Abstracted and made an easy api utilizing the sysfs (linux sys filesystem) interface for hardware interaction to acces low level hardware.

Key Features:

1. GPIO Control:

  • Configure GPIO pins as input/output.
  • Read and write digital values to GPIOs.
  • Support for pull-up and pull-down resistors.

2. Modem Control:

  • Power on/off modems via GPIO.
  • Send AT commands to the modem.
  • Retrieve modem status and network information.

3. SIM Card Switching:

  • Control SIM card switching via GPIO-based MUX (Multiplexer).
  • Detect and validate active SIM cards.
  • Manage SIM profiles and configurations.

4. System File Interface Integration:

  • Read/write to /sys/class/gpio/ for GPIO control.
  • Access /dev/ttyUSBx for modem communication.

Project 5:

Implementation of ISO 7816 protocol in Java (partially).

  • Implemented few command and response APDU functionalities to talk to SIM cards.