Inside a low budget consumer hardware espionage implant
The following analysis was performed on a S8 data line locator which replied to the hidden SMS command for version query (*3646655*) with:
Ver=MTK6261M.T16.17.01.10
build=2017/01/10 17:33
Introduction
A while back Joe Fitz tweeted about the S8 data line locator1. He referred to it as “Trickle down espionage” due to its reminiscence of NSA spying equipment.
The S8 data line locator is a GSM listening and location device hidden inside the plug of a standard USB data/charging cable. It supports the 850, 900, 1800 and 1900 MHz GSM frequencies.
Its core idea is very similar to the COTTONMOUTH product line by the NSA/CSS [1] in which an RF device is hidden inside a USB plug. Those hidden devices are referred to as implants.
The device itself is marketed as a location tracker usable in cars, where a thief would not be able to identify the USB cable as a location tracking device. Its malicious use-cases can, however, not be denied. Especially since it features no GPS making its location reporting very coarse (1.57 km deviation in my tests). It can, e.g., be called to listen to a live audio feed from a small microphone within the device, as well as programmed to call back if the sound level surpasses a 45 dB threshold. The fact that the device can be repackaged in its sliding case, after configuring it, i.e. inserting a SIM, without any noticeable marks to the packaging suggests its use-case: covert espionage.
S8 data line locator capabilities
The S8 data line locator has several eavesdropping, espionage and spying capabilities. A SMS message log could look like this:
Listen in
Calling the S8 data line locator for 10 seconds establishes a call and allows you to listen to the microphone feed from the device.
Call back
Sending 1111 via SMS to the device enables voice activated call back. It is acknowledged via the following SMS reply:
DT: Set voice monitoring, voice callback and sound sensitivity:400
Once the audio level goes above 40 dB the device calls back the number that send the 1111 command.
Sending 0000 disables the audio triggered call back. It is replied by:
DT: Voice monitoring cancelled successfully.
Query location
Accoding to the manual sending ‘dw’ via SMS to the device yields a reply SMS with the location. This reply is in the form:
Loc:Street, ZIP City, Country
http://gpsui.net/u/xxxx Battery: 100%
The ‘xxxx’ are replaced with characters ‘0-9,A-Z,a-z’ and the Street, ZIP City, Country line with the appropriate street, ZIP, city and country. The link to http://gpsui.net can be accessed without authorization. It forwards to Google maps.
The location was never more accurate than 1.57 km off.
During the query the device will use a mobile data connection to an unknown endpoint (presumably gpsui.net). This is confirmed by a “MMS/Internet” charge by my provider. My provider does not discern MMS and Internet, but it is save to assume there is an Internet connection established during location query.
This issue was the stepping stone for this analysis. Because the device sends unknown data to an unknown third party it can not - at least with a clear conscious - be used in, e.g., a penetration test. You simply can not use a potentially pre-owned tool.
I therefore tried to analyze and eliminate this phone-home “feature”.
Hardware
To gain access to the devices innards we first tear of the metal shield of the USB connector: S8 data line locator removing USB connector shield.
Next, we remove the plastic cover: S8 data line locator removing USB connector shield.
Chips
After opening the device we can identify the chips:
It features:
- MediaTek MT6261MA: Low budget chip often used in cheap Chinese smartwatches. No official documentation nor information about the chip is available from MediaTek.
- RDA 6626e: “a high-power, high-efficiency quad-band front-end Module […] designed for GSM850, EGSM900, DCS1800, PCS1900 handheld digital cellular equipment.”
Connections
So far I could identify 3 different avenues to connect to the device:
USB (passthrough)
The USB A-connector and the Micro-B cable are not connected to the MT6261MA. They merely pass the signal from one to the other:
UART
The next connection is a UART:
Interfacing with it yields, approximately 3 seconds after booting the device:
screen /dev/ttyUSB0 # 8N1 F1:
V0: []
:
:
U0: []
G0: []
T0: 0C73
Jump to BL ~~~ Welcome to MTK Bootloader V005 (since ) ~~~
**===================================================** Bye bye bootloader, jump to=0x1000a5b0
However, the output stops there. Input to the device is ignored.
It is likely there exist a different firmware version that accepts AT modem commands2. The boot banner of that alternate firmware references “ZhiPu”3 (some file names of the FAT12 in the firmware flash of my device contain this string as well, so the device firmware is likely related to that other firmware).
USB (MTK)
The DP and DM pads on the USB connector are not connected to the D+ and D- lines of the USB connector. However, the V and GND pads are. The DP and DM pads are instead routed to the MT6261MA processor as illustrated here:
Next, a USB cable must be soldered to these connectors as follows:
The device will then be recognized as an MediaTek phone USB endpoint with the following data:
ID 0e8d: MediaTek Inc. MT6227 phone
This is often called the “MTK boot repair”, “MTK DM DP flash”, etc. It will allow us to interface with the device and dump the firmware ROM and flash.
Dumping firmware
To dump the firmware I use the open source Fernvale research OS [2]. It was initially targeted for the MT6260 processor. It has, however, been ported to the MT6261 and also works on the MT6261MA.
Obtaining and building fernly’s MT6261 branch
A suitable fork of fernly by Urja “urjaman” Rannikko can be obtained and build as follows:
git clone https://github.com/urjaman/fernly
git clone https://github.com/robertfoss/setup_codesourcery.git
sudo setup_codesourcery/setup.sh
/usr/local/bin/codesourcery-arm-2014.05.sh
cd fernly
git checkout fernly6261
make CROSS_COMPILE=arm-none-eabi-
exit
cp -fernvale-simple.rules /etc/udev/rules.d/.
Dumping ROM
To dump the flash we run:
echo "data = [" > rom.py
fernly/build/fernly-usb-loader /dev/fernvale fernly/build/dump-rom-usb.bin >> rom.py
echo "
]
f = open('rom.bin','wb')
for s in data:
f.write(chr(int(s,)))
f.close()
" >> rom.py
python rom.py
The file rom.bin will now (at least according to the fernly repository documentation) contain the devices ROM.
Dumping flash
To dump the flash of the device we need to patch flashrom as follows:
git clone https://github.com/flashrom/flashrom
cd flashrom/
git checkout c8305e1dee66cd69bd8fca38bff2c8bf32924306
patch -p0 < ../fernly/flashrom-fernvale.patch
# manually fix Makefile.rej to complete patching
The patch does not cleanly apply so you need to fix the rejected Makefile (Makefile.rej) manually yourself.
Once this was done we can first load the fernly firmware into the devices RAM via:
fernly/build/fernly-usb-loader -w /dev/fernvale fernly/build/stage1.bin fernly/build/firmware.bin
Next, we can use the fernvale_spi programmer we patched into flashrom.
We first let it recognize the flash via:
flashrom/flashrom --programmer fernvale_spi:dev=/dev/fernvale
And then read the flash via:
flashrom/flashrom --programmer fernvale_spi:dev=/dev/fernvale -c "MX25L3205(A)" --read flash.dat
flash.dat will now contain the devices flash memory.
Writing flash attempt
Writing the flash can be performed via:
flashrom/flashrom --programmer fernvale_spi:dev=/dev/fernvale -c "MX25L3205(A)" --write flash.dat
However, the flash seems to be block protected and the block protect bits can not be disabled by flashrom. I have not (yet) found a way to disable the block protect.
Analysis
Mostly for my personal education I did some more analysis then the obligatory firmware dump.
SIM sniffing (via SIMtrace)
First, I sniffed the communication between the device and the SIM. Interestingly, it accessed all records of the telephone book and SMS storage. More specifically it accesses the following files, which are not needed to provide the services rendered by the device itself:
- ADF
- EF(ECC)
- EF(EXT2)
- EF(SMS)
- DF(TELECOM)
- DF(PHONEBOOK)
- EF(ADN)
- EF(ANRA1)
- EF(SMS)
- DF(PHONEBOOK)
Other SIM accesses seems to be normal.
This is probably not an elaborate scheme to harvest phone numbers and send them to China, but rather the way the default manufactured SIM code was implemented and it was never trimmed down to the needs of this device. Nevertheless, I found it interesting seeing how the device is accessing virtually everything on the SIM.
GPRS sniffing attempt (via OpenBTS)
Next, I tried to sniff the Internet traffic to figure out what is send to whom via the mobile data connection. To this end, I used a Ettus B100 with OpenBTS.
Unfortunately, the S8 data line locator did not connect to the GPRS. This caused the following alternative response to the dw location command:
Loc:Please link:http://gpsui.net/smap.php?lac=1000&cellid=10&c=901&n=70&v=7100 Battery:67%
Flash contents
The most interesting things could be found in the dumped flash.
OS
Strings in the flash.dat suggest the device is probably running Nucleus RTOS:
$ strings -a flash.dat
Copyright (c) - ATI - Nucleus PLUS - Version ARM / 1.11.
Other strings that may help identify the OS are:
$ strings -a flash.dat | grep "\.c"
psss\components\src\bl_Secure_v5.c
psss\components\src\SSS_secure_shared_v5.c
hal\system\bootloader\src\bl_Main.c
hal\system\bootloader\src\bl_Main.c
hal\system\bootloader\src\bl_FTL.c
hal\system\bootloader\src\bl_FTL.c
hal\system\bootloader\src\bl_FTL.c
hal\storage\flash\mtd\src\flash_disk.c
hal\system\bootloader\src\bl_Main.c
hal\peripheral\src\dcl_pmu6261.c
hal\system\cache\src\cache.c
hal\peripheral\src\dcl_rtc.c
hal\peripheral\src\dcl_pmu6261.c
hal\system\bootloader\src\bl_FTL.c
hal\system\bootloader\src\bl_FTL.c
hal\peripheral\src\rtc.c
hal\peripheral\src\rtc.c
hal\peripheral\src\rtc.c
hal\peripheral\src\rtc.c
hal\peripheral\src\rtc.c
hal\peripheral\src\rtc.c
hal\storage\flash\mtd\src\flash_mtd_sf_dal.c
hal\peripheral\src\dcl_pmu_common.c
hal\peripheral\src\dcl_f32k_clk.c
hal\peripheral\src\dcl_f32k_clk.c
hal\peripheral\src\dcl_gpio.c
hal\peripheral\src\dcl_pmu_common.c
hal\system\cache\src\cache.c
hal\peripheral\src\dcl_f32k_clk.c
hal\peripheral\src\dcl_gpio.c
hal\peripheral\src\gpio.c
hal\system\bootloader\src\bl_FTL.c
hal\peripheral\src\rtc.c
hal\peripheral\src\bmt_hw.c
hal\peripheral\src\dcl_pmu6261.c
hal\storage\flash\mtd\src\flash_mtd.c
hal\peripheral\src\gpio.c
custom\common\hal\combo_flash_nor.c
hal\peripheral\src\dcl_rtc.c
hal\peripheral\src\dcl_rtc.c
hal\storage\flash\mtd\src\flash_disk.c
custom\common\hal\combo_flash_nor.c
hal\storage\flash\mtd\src\flash_mtd_sf_dal.c
hal\system\emi\src\emi.c
sss\components\src\SSS_secure_shared_common.c
alice.c
ddload.c
plutommi\Framework\GDI\gdisrc\gdi.c
C.cKi
hal\audio\src\v1\audio_service.c
ddload.c
ddload.c
plutommi\Framework\GDI\gdisrc\gdi_image_hwjpg_v2.c
plutommi\Framework\GDI\gdisrc\gdi_image_hwjpg_v2.c
plutommi\Framework\GDI\gdisrc\gdi_util.c
plutommi\Framework\GDI\gdisrc\gdi_util.c
hal\audio\src\v1\audio_service.c
ddload.c
FAT12 filesystems (?)
Searching the flash.dat for the FAT12 file systems that are supposedly present in on MediaTek phones, we get:
$ hexdump -C flash.dat
002c1e20 ef cd 4e 4f 4e |...........NO NA|
002c1e30 4d |ME FAT12 ..|
002c1e40 |................|
002c1e50 4d 4d 4d 4d 4d 4d |..........MMMMMM|
002c1e60 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d |MMMMMMMMMMMMMMMM|
*
002c1ff0 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d aa |MMMMMMMMMMMMMMU.|
[...]
002d8400 eb 6c |.X.FileSys .....|
002d8410 9b f8 |................|
002d8420 9b 4e 4f 4e |......)..!0NO NA|
002d8430 4d |ME FAT12 ..|
002d8440 |................|
002d8450 4d 4d 4d 4d 4d 4d |..........MMMMMM|
002d8460 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d |MMMMMMMMMMMMMMMM|
*
002d85f0 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d aa |MMMMMMMMMMMMMMU.|
[...]
002dbc00 ff ff ff ff ff de 9e ba ff |.......h.....P..|
002dbc10 |U...............|
002dbc20 ef cd 4e 4f 4e |...........NO NA|
002dbc30 4d |ME FAT12 ..|
002dbc40 |................|
002dbc50 4d 4d 4d 4d 4d 4d |..........MMMMMM|
002dbc60 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d |MMMMMMMMMMMMMMMM|
*
002dbdf0 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d 4d aa |MMMMMMMMMMMMMMU.|
However, two of the partitions do not appear to be valid FAT12 file systems:
$ fls -o flash.dat -f fat12
Invalid magic value (Not a FATFS file system (magic))
$ fls -o flash.dat -f fat12
v/v : $MBR
v/v : $FAT1
v/v : $FAT2
d/d : $OrphanFiles
$ fls -o flash.dat -f fat12
Invalid magic value (Not a FATFS file system (magic))
And the middle FAT12 block seems to be corrupted as well, i.e. only orphan files:
$ fls -o flash.dat -rp -f fat12
v/v : $MBR
v/v : $FAT1
v/v : $FAT2
d/d : $OrphanFiles
-/r * : $OrphanFiles/MP0B_001
-/r * : $OrphanFiles/ST33A004
-/r * : $OrphanFiles/ST33B004
[...]
An attempt was made to extract the files:
fls -o flash.dat -Frp -f fat12 | while read line; do
path=$(echo "$line" | awk -F':' '{print $2}')
mkdir -p $(dirname $path);
icat -o flash.dat $(echo "$line" | grep -oE "[0-9]+" | head -n1) > $path
done
But most files are empty. The results are also very inconsistent, i.e., when changing SIM cards there are significant changes to the files listed by The Sleuthkit. This indicates that those are either not FAT12 partitions or a modified FAT12 variant.
Further analysis was hence done using hexdump.
Configuration data
The flash also contained some configuration data. First, the IMSI of the inserted SIM and the number that is used to remote control the device could be found in the flash:
$ hexdump -C flash.dat
002e2ad0 xx xx xx xx xx xx xx xx xx xx xx |....2xxxxxxxxxxx|
002e2ae0 xx xx |xx7.............|
002e2af0 |................|
*
002e2b10 2b xx |...........+491x|
002e2b20 xx xx xx xx xx xx xx xx |xxxxxxxx........|
002e2b30 |.............gps|
002e2b40 2e 6e |ui.net..........|
002e2b50 |.............gps|
002e2b60 2e 6e |ui.net..........|
002e2b70 |................|
*
In the above flash segment you can also see a reference to gpsui.net. This is presumably the remote server which is contacted to turn the MCC, MNC, LAI and CID codes into street, city and country information as well as the link to gpsui.net which forwards to Google maps. However, because writing to the flash could not be achieved this hypothesis could not be confirmed.
Hidden commands
Eventually, there was a small find potentially making this effort worthwhile. Searching the flash.dat for the dw,1111 and 0000 commands reveals more hidden commands:
$ hexdump -C flash.dat
8c ae 8d ae 8e ae 6f |........restore.|
|............hhh.|
|................|
6d |imsi............|
6d 7a 6f 6e |....timezone....|
6d |........time....|
|............aqe.|
000695a0 |................|
000695b0 |aqc.............|
000695c0 |....server......|
000695d0 |........ddd.....|
000695e0 |............reg.|
000695f0 0a |................|
|aqb.............|
0b |....qqq.........|
0c |........dw......|
0d 6c 6f |............loc.|
0e |................|
|faa.............|
0f |....fff.........|
|............|
|............|
|................|
000696a0 |rpt.............|
000696b0 |....gbrpt.......|
000696c0 6b |........track...|
000696d0 6d 6f 6e |............moni|
000696e0 6f |tor.............|
000696f0 6f 6f 6e |soson...........|
6f 6f |....sosoff......|
6f |........sos.....|
6f |............qcso|
1a |s...............|
6c 6f 6e |ledon...........|
1b 6c 6f |....ledoff......|
1c 6c 6f 6e |........flighton|
1d 6c |............flig|
6f 1e |htoff...........|
6f 6e 6f |esionow.........|
000697a0 1f 6f |....esioaddr....|
000697b0 6f 6e |.... ...hbton...|
000697c0 6f |........!...hbto|
000697d0 |ff.........."...|
000697e0 6f 6c 6f |esiolocatetype..|
000697f0 |#...eee.........|
6e 6f |....$...sndstop.|
|........%...dde.|
|............&...|
6f 6d |formattf........|
6c |'...help........|
2a 2a |....(...*e81*...|
2a |........)...*e80|
2a 2a |*...........*...|
2a 6f 6f 2a |*reboot*........|
2b 2a 2a |+...**...|
000698a0 2c 6d |....,...imeiset.|
However, most of those commands do not function correctly. It seems the devices firmware is shared among several such location tracking and listening devices, e.g., there are commands referring to LEDs and a TF card, both of which this device do no feature, however, other devices available online do.
An incomplete list of the found commands and there replies is:
- help: replies with the following commands:
- dw: Locate
- qqq: Device binding
- 1111: Sound Alarm Monitor on
- 0000: Sound Alarm Monitor off
- ddd: Reset all tasks
- aqb: Get Username Password
- eee: Recording saved
- dde: Cleanup TF card
- hhh: Device status
- loc: same as dw
- imsi: Query IMEI and IMSI
- faa: “DTMG: Set voice monitoring, SMS reply and sound sensitivity successfully:40”, “DTMG: Unusual sound detected”
- fff: “DT: Set voice monitoring, voice callback and sound sensitivity successfully:40”
- 1111: “DT: Set voice monitoring, voice callback and sound sensitivity successfully:400”
- 0000: “DT: Voice monitoring cancelled successfully.”
- gbrpt: “Report:Location the continuous escalation has been closed.”
- track: “Track:Caller answer mode the device is set to reply location.”
- hbton: “Hbt:Device is turned on real-time online”
- hbtoff: “Hbt: Device online has been closed”
- esionow: “…” ?
- esioaddr: “Setting esio addr and port fail!”
- esiolocatetype: “Esio:Reporting location type has been updated to 0.”
- server: “Setting server addr and port fail!”
- reg: “…” ?
- monitor: “Monitor:Caller answer mode the device is set to automatically answer.”
- eee: “Tf-Card check fails of is insufficient free space!”
- sndstop: “Cam:No task is running, cancel failed!”
- *e81*: “…” ?
- *e80*: “…” ?
- soson, sosoff, sos, qcsos: ?
- ledon, ledoff: ?
- flighton, flightoff: ?
- aqe: “Setting apn fail!”
- imeiset: “…” does not seem to set the IMEI
- restore: “Restore ok!”
- formattf: ?
- time: “…” ?
- timezone: “Setting time zone ok. Current time zone 0”
- age: “…” ?
- *3646655*: queries for version information
- *reboot*: reboots the device
Interestingly the reply strings could not be found in the flash in plaintext. This suggests that some of the data is compressed.
The message log of me trying some of the found hidden commands to populate the above list is as follows:
It seems that we can use esioaddr to change the address used to lock up the location information. However, no connection to a given domain nor IP is actually made. The device will simply report the addr invalid in the location report.
The server command sets a different server. Changing it does not result in the addr invalid responses, as can be seen from this second message log:
Provider call logs and itemized bill
Because the GPRS sniffing failed I resort to the billing of my provider to further analyze the communication habits of the S8 data line locator.
Obviously reply SMS are billed. More interesting is the Internet access patterns.
dw or loc commands and during idle
During location queries the device will use “MMS/Internet” service. The following is a segment in which first repeated location queries were performed, then the devices was left idle:
Even during idle the device sometimes uses the “MMS/Internet” service.
Even though I deactivated all tracking features that I may have activated during my previous testing, I can not be 100 % sure that this is not something that I activated, maybe while stumbling through the gpsui.net website. However, I regardless of whether I activated this “feature” or not, I do not want it and would like to know what data is actually send and how to deactivate it.
gpsui.net
Going deeper into the gpsui.net website would probably result in a new writeup in itself. It is a very big surveillance hub, just replace the xxxx in http://gpsui.net/u/xxxx with some letters and numbers and you can see random people’s locations.
The website also makes a reference to ZhiPu:
It seems this is the company that makes these trackers.
You can get your credentials for login by texting aqb to your S8 data line monitor. The username as well as the password are 6 digit numbers. They are also located in the flash right before the IMSI.
Detection
When sending data the S8 data line locator can be detected with a CC308+ (a cheap Chinese RF detector):
The S8 data line locator seems to be badly shielded. A location request via the dw command causes noticeable electronic noise by the device. It seems in general to cause all sorts of RF interference.
Future work
While I did not (yet) succeed with my original goal to disable the mobile data phone home “feature’, it was nevertheless a fun exercise and hopefully someone finds this useful or at least educational.
Future work needs to be done on several things:
Issues
I was not able yet to write new firmware via flashrom because I was not able to disable block protection on the flash, yet. Maybe a different avenue for flashing new firmware could be the SPFlash tool4 and/or the Flash tool. However, that would not be open source. If know something about the weird FAT12 file system used in the device or are able to flash your S8 data line locator please contact me with details!
Further, I tried to capture the GPRS data connection of the device, but was unable to do so. It would not use GPRS when connected to my network. Currently, I do not know how the APN is configured. The SIM trace does not indicate that the EF(ACL) is ever accessed. However, as I found the correct APN configuration stored in the devices flash, this suggests the device acquires this information via a setup SMS by the service provider.
Ideas
Dremel the board smaller, e.g., you don’t need the USB connector. This way the S8 data line locator could be turned into a “modular” bug that could be placed where ever there is a 5 V 1 A power source.
Appendix: Fuck up
No writeup would be complete without at least one fuck up. So here it is:
While using the S8 data line locator with OpenBTS I provisioned imaginary numbers. When switching SIM cards I forgot to turn of the voice activated callback.
So long story short, some guy with the number 3333333 listend in on me for 2 minutes:
I did not notice this until I reviewed the logs!
So my resume on these little hardware espionage implants: They are stealthy and dangerous as fuck!
Bibliography
[1] NSA/CSS, “ANT product catalog (USB),” leaked documents (pdf: https://cryptome.org/2013/12/nsa-ant-usb.pdf).
[2] A. “bunnie” Huang and S. X. Cross, “Fernvale: An open hardware and software platform, based on the (nominally) closed-source mT6260 soC,” talk at the 31st Chaos Communication Congress (slides: http://www.bunniefoo.com/fernvale/fernvale-31c3.pdf, video: https://www.youtube.com/watch?v=hpEqDPYtf9s).
原文链接:https://ha.cking.ch/s8_data_line_locator/
Inside a low budget consumer hardware espionage implant的更多相关文章
- Consumer设计-high/low Level Consumer
1 Producer和Consumer的数据推送拉取方式 Producer Producer通过主动Push的方式将消息发布到Broker n Consumer Consumer通过Pull从Br ...
- Why Consumer Hardware Start-ups Fail
今年看到一篇文章还是很受启发. If you have the guts to start selling what you believe in, customers who share your ...
- Kafka设计解析(四)- Kafka Consumer设计解析
本文转发自Jason’s Blog,原文链接 http://www.jasongj.com/2015/08/09/KafkaColumn4 摘要 本文主要介绍了Kafka High Level Con ...
- [Big Data - Kafka] Kafka设计解析(四):Kafka Consumer解析
High Level Consumer 很多时候,客户程序只是希望从Kafka读取数据,不太关心消息offset的处理.同时也希望提供一些语义,例如同一条消息只被某一个Consumer消费(单播)或被 ...
- Kafka 0.8 Consumer设计解析
摘要 本文主要介绍了Kafka High Level Consumer,Consumer Group,Consumer Rebalance,Low Level Consumer实现的语义,以及适用场景 ...
- Kafka设计解析(四)Kafka Consumer设计解析
转载自 技术世界,原文链接 Kafka设计解析(四)- Kafka Consumer设计解析 目录 一.High Level Consumer 1. Consumer Group 2. High Le ...
- Kafka学习笔记(5)----Kafka的Consumer
1. Pull vs Push Producer主动的通过push将消息发布到Broker上,Consumer通过Pull的的方式从Broker消息消息. 通过Push的方式由于是一有消息就推到Bro ...
- Kafka 学习笔记之 Consumer API
Kafka提供了两种Consumer API High Level Consumer API Low Level Consumer API(Kafka诡异的称之为Simple Consumer API ...
- Kafka学习笔记之Kafka Consumer设计解析
0x00 摘要 本文主要介绍了Kafka High Level Consumer,Consumer Group,Consumer Rebalance,Low Level Consumer实现的语义,以 ...
随机推荐
- MySQL ERROR 1130 (HY000): Host '192.168.1.8' is not allowed to connect to this MySQL server
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.1.8' IDENTIFIED BY 'www.linuxidc.com' WITH GRANT OPTI ...
- 空list赋值
list=[] i =0 list[i] =1 Traceback (most recent call last): File "D:\ProgramData\Anaconda3\lib\s ...
- Mac OS X 操作系统下IntelliJ IDEA激活码(Activation code)破解
Mac OS X 操作系统(版本:10.13.6)下载并安装IntelliJ IDEA: Version: 2018.2.4 Download IntelliJ IDEA 下一步对IntelliJ I ...
- 找到多个与名为“Home”的控制器匹配的类型
“/”应用程序中的服务器错误. 找到多个与名为“Home”的控制器匹配的类型.如果为此请求(“{controller}/{action}/{id}”)提供服务的路由没有指定命名空间以搜索与此请求相匹配 ...
- Azkaban工作流调度器
Azkaban工作流调度器 在Hadoop领域常用的工作流调度系统 Oozie,Azkaban,Cascading,Hamake等等. 性能对比: 安装: 创建ssl配置 keytool -keyst ...
- windows下Xshell远程访问虚拟机
下载Xshell 5软件在windows下安装 安装好后Xshell 5启动软件 下一步,检查虚拟机,配置是否正确 下一步,设置网络,保障虚拟机系统能够连接网络 下一步,进入虚拟机系统,检查虚拟机网络 ...
- 略解TCP乱序和丢包
在使用基于TCP实现的各种组件的时候,我们经常会处理数据包.这数据包说来奇怪,从来不会丢失,也不会乱序,只会产生粘包.底层的机制是如何实现的呢?进来我们就来用简洁易懂的文字描述清楚. 在TCP数据包设 ...
- Spring Boot:Spring Boot 中 Redis 的使用
Redis 介绍 Redis 是目前业界使用最广泛的内存数据存储.相比 Memcached,Redis 支持更丰富的数据结构,例如 hashes, lists, sets 等,同时支持数据持久化.除此 ...
- Java多线程之synchronized及其优化
Synchronized和同步阻塞synchronized是jvm提供的同步和锁机制,与之对应的是jdk层面的J.U.C提供的基于AbstractQueuedSynchronizer的并发组件.syn ...
- 基于观察者模式-----otto源码分析
一.otto简介 otto是支付公司square一个专注于android的开源项目,该项目是一个event bus模式的消息框架,是一个基于Guava的增强型事件总线.旨在将应用程序的不同部分分离,同 ...