Recently, I accidentally volunteered (long story, let's not go there) to take an out-of-the-box Sharp Zaurus SL-5500 handheld gizmo and turn it into a useful wireless network scanner. I obviously wasn't thinking straight, as getting this done ruined an entire weekend for my poor family, and left me wondering why these things were invented, let alone why anybody would buy one. Still, I rarely admit defeat...

After spending a frustrating few hours looking for a nice paper entitled 'HOWTO: Sharp Zaurus SL-5500 + Kismet', I resigned myself to the fact that there wasn't going to be a simple step-by-step guide out there, and I'd actually have to do some thinking/learning. Having been through the pain, I decided to write this paper in case it helps some other hapless soul achieve the same result more quickly!

Now this paper is written, I don't know if I'll revisit it, as I have now handed the configured brick back to its owner, but feel free to contact me if you feel this paper could be made any more useful, or if there are better ways of doing any of the things I did. Sooner or later the original machine will probably be wiped (seems to be something you have to accept with PDAs), and I'll either have to redo all of this or provide advice on how to...!

Right now, I'm back to my trusty laptop for wireless scanning - real keyboard, serviceable mouse, proper Operating System, decent amount of memory, big hard disk, screen I don't have to squint at... Ah, bliss!

A small confession, actually - after playing with this thing for a while, now it's built, I've warmed to it somewhat. But don't tell anyone, OK?

In order to follow the steps I took, you will need the following - make sure they're ready in advance to avoid frustration halfway through the setup:

• Zaurus SL-5500 and power cable (duh!) - if you like the holster thing, you could use that too
• CompactFlash 802.11 wireless network card (I was given a Buffalo WLI-CF-S11G) - I don't know if there is such a thing as an SD wireless card, but if so that would be very useful, as having only one CompactFlash slot is pretty awkward.
• CompactFlash memory card, FAT16 formatted (they usually come this way) - this is absolutely required, as it is the only way to re-flash the gadget. Later in the process, things will probably be easier with an SD memory card as well, but I didn't have one, so can't really comment. Luckily, my wife happens to have a digital camera that uses CompactFlash, or I wouldn't have got very far without spending money!
• Some mechanism to write to the CompactFlash memory card - my wife also had a PCMCIA adapter thing to read/write CompactFlash. Alternatively, you could probably download the two flash files (see later) to the memory card using the Zaurus itself before you rebuild, but QTopia seems to dislike giving you any access to the file system at all. I guess it's for our own protection (!).
• An Internet connection on whichever machine you can use to write to CompactFlash - all of the package files I'll be mentioning are downloaded from the Internet.
• Small fingers - the built-in keyboard on the Zaurus is fiddly. You'll get used to it after a while, but the re-flashing process can be difficult if you have normal hands.

It might be worth pre-booking an appointment with your optician - I couldn't find a way to plug a proper monitor into the Zaurus, so had to work with the tiny built-in screen. It's possible to SSH into it once OpenZaurus is built, if you find that easier.

Finally, take a good look at QTopia - you won't be seeing it again. For me, that was a blessed relief - call me old-fashioned, but I do like to be able to access the file system from time to time!

MD5 checksums are available for all the download files I have stored on this server, although the fact that the signatures are stored in the same place as the files kind of defeats the purpose!

First things first - we need to get rid of the Sharp QTopia stuff the machine comes with. After a great deal of looking around for a stable alternative, in the end I plumped for OpenZaurus. It appears well-supported by the Open Source community, and there were few reported problems with it even though it is still officially described as 'unstable'. There are two main flavours of OpenZaurus, OPIE and GPE, and after trying OPIE I decided GPE was far more to my liking. Such a shame I couldn't get it to work properly (no ram disk)!

There are also a few different options for the kernel, depending on how you want the split between memory/storage to work. After trying a few different options, and encountering all sorts of storage problems, I decided to go for the 32/32 option, as 32MB seems to be plenty of memory to run Kismet, and the more storage the better in my case - the software installation instructions later are based on this.

You will need to download the following two files to your CompactFlash memory card:

• OPIE Image (initrd.bin) - either download OpenZaurus 3.5.3 OPIE Image from this server, or go to the OpenZaurus site to get the latest version or GPE flavour.
• Kernel (zImage) - either download OpenZaurus 3.5.3 32/32 Kernel from this server, or go to the OpenZaurus site to get the latest version.

A word of warning - when downloading files with 'unknown' or no file extensions, some Web servers will deliver them to you as "text/plain", which could cause the files to be corrupted. I have set up this server to deliver them correctly.

Make sure there is absolutely nothing else on the CompactFlash memory card. I have no idea what would happen if there were other files on there, but all the sources I've read say it would be a Very Bad Thing.

Follow the next few steps precisely:

1. If you have already been using the Zaurus, and have any data on it, take a copy now - it will be gone after the flash.
2. Connect the Zaurus to the A/C power supply - it cannot be flashed while running on batteries
3. Slide the switch (below the battery compartment at the back) to the 'Replace Battery' position
4. Open the battery compartment, but do not remove the battery
5. [This bit’s fiddly] Whilst holding down the [C] and [D] character keys on the Zaurus keyboard, press the ‘Full Reset’ button, found just below the battery (inside the compartment)
6. Both of the front lights (mail/battery) should come on and stay on - if they don’t, try the process again (the key combination is difficult!). If both lights start flashing, there's apparently something wrong with the machine.
7. Leave the machine alone while the flash is taking place - when finished, the green light will switch off (the orange one may as well, if the battery is fully charged)
8. Press the 'Full reset' button again, this time without holding any keys down
9. Replace the battery compartment cover and flip the switch back to 'Normal Operation'

Now, remove the CF memory card and turn the Zaurus on.

• Calibrate screen - click on the crosses as they move around the screen. Feels a bit like a game, but it doesn't last long and it's not very satisfying.
• Check time zone (apparently nobody lives here in the UK) and set the time and date.
• Note that you will not be asked for a User ID or password, as all operation on the Zaurus takes place as root. Lovely.

You will need to have the following files accessible to you, whether you load them onto CompactFlash/SD memory, or download them directly to the Zaurus:

• Kismet - download Kismet 2005.08.R1 from this server, or go and get the latest ARM build from the Kismet Web site. Note the earlier comment regarding "text/plain" downloads.
• NCurses - download NCurses 5.4 from this server, or go and get the latest build from the OpenZaurus Community.
• NCurses-Terminfo - download Ncurses Terminfo 5.4 from this server, or go and get the latest build from the the OpenZaurus Community.

At the OPIE desktop, click on 'Applications' and then 'Console' (there may be UI-ish ways of doing the package installations, but I didn't really investigate the graphical stuff).

Enter the following commands in sequence (and wait for each one to finish) - if you prefer to install applications to an SD or CF memory card, replace '-d ram' with '-d sd' or '-d sf':

# cd /media/cf (or /media/sd)
# ipkg -d ram install ncurses_5.4-r0_arm.ipk
# ipkg-link add ncurses
# ipkg -d ram install ncurses-terminfo_5.4-r0_arm.ipk
# ipkg-link add ncurses-terminfo
# ipkg -d ram install kismet_2005.08.R1_arm.ipk
# ipkg-link add kismet
# adduser zaurus

After the last step, you will be prompted to enter a password (twice) - it doesn't matter what you use here, or whether you can remember it, as it's purely for Kismet's privilege-dropping.

From the Pim menu, open the Text Editor (note that this application seems a little flaky, so you might want to install a different one, or just be very careful)

Open /usr/local/etc/kismet.conf and make the following changes:

suiduser=zaurus
# This 'source' configuration should work with most CF wireless cards, as they are apparently all based on the Prism/2 chipset
source=hostap,wlan0,hostap
# Include all the potential channels
defaultchannels=IEEE80211b:1,7,13,2,8,3,14,9,4,10,5,11,6,12
defaultchannels=IEEE80211g:1,7,13,2,8,3,14,9,4,10,5,11,6,12
# I didn't have a gps
gps=false
# I didn't bother sorting out the sound
sound=false
speech=false
# If you have an SD or CF card, you could get Kismet to log to /media/sd or /media/cf instead
logtemplate=/media/ram/%n-%d-%i.%l

# I didn't bother sorting out the sound
sound=false
speech=false
# Make the display a teeny bit nicer
simpleborders=true

export TERMINFO=/usr/share/terminfo
export TERM=linux

In the Application tab, click on Console

Just type 'kismet' (without the quotes), click [ENTER] and watch our favourite scanner appear!

Note that you will be able to see more of Kismet if you use the 'Rotate' option from the 'O' menu, and then use the 'Full Screen' icon within the console.

In this final section are some further thoughts and ideas I didn't, couldn't or forgot to try at the time:

• Sleep - if you intend to 'war-walk' or drive with the Zaurus, it would be worth reconfiguring the 'Light & Power' settings, otherwise it will sleep after a certain time of inactivity when running on batteries.
• Suspend - something I didn't have the chance to diagnose at the time was the fact that after using suspend/resume a few times, the Zaurus stops recognising its built-in keyboard. Once I discovered this, I started using a full shutdown instead of 'Suspend'.
• Custom ROM - I wanted to try and make it easier for the Zaurus to be rebuilt in the future, so I had a quick go with a nifty little tool called Ozone. This consists of a bunch of scripts that will create a customised initrd.bin from the Zaurus, with all the packages included. Unfortunately, Ozone reported that the initrd.bin would be ~18MB, and that it might not flash (there may be a limit of 14MB), so I didn't take this any further. It might have worked, though, so if you want to try it you'll need:
  • A real computer running Linux (not sure whether the scripts would work on other *nix flavours)
  • A network connection between your real computer and the Zaurus - the process takes place over an SSH connection
  • A password on the 'root' account on the Zaurus (the SSH configuration rejects any login with a blank password)