Asus Chromebook C201

One of the many things that I paid attention to as I walked the halls of Defcon nearly a month ago was the devices people used for the capture-the-flag (CTF) events. During my first walk around the contest area I noticed many people sat against walls or such with macbooks. On later passes I started taking note of the devices that other people were using and a common one was the Asus C201 chromebook.

Chromebooks are basically low-spec linux laptops designed around the use of Google Chrome. Though like many linux devices once you gain access to a terminal you often have free reign to alter the system and gain access to powerful command line tools.

About a week and a half ago I picked up an Asus C201 for about $250 CAD. I will talk about what my typical use case is, what I wanted out of the C201, what my experience was, and a walk-through of how I set mine up to meet my use case.

UPDATE: Sarah Jamie Lewis wrote a thread on twitter adding her 2.5 years of experience to this set-up. You can read the thread here.

Requirements

The first thing someone should consider when they are looking to buy a new device is what their day-to-day use case is. The majority of my time is spent in my web browser on social media or streaming video content. However, when it comes to school use, I spend a lot of time either on the command line in Windows or in various Microsoft Office programs. With that in mind I came up with a list of requirements for a potential daily driver:
  • Must last a school day (6 to 8 hours) between charges
  • Must be light enough to carry comfortably all day
  • Must not experience slow-down during heavy web browsing
  • Must have access to common command line networking tools
  • Access to Microsoft Office applications (or equivalents)
  • Access to Microsoft OneDrive
  • Capable of running Kali from removable storage

Results

Having done some research I was fully prepared to carry the C201 around for most things, but keep my Surface 3 with me at school to cover for some of the things that ChromeOS would be missing. There was no way to be absolutely sure until I got my hands on the C201 and put some time onto it.
  • Typical charge lasts 12-14 hours, unless under heavy load in which it will run for about 6 hours.
  • Slightly larger than my Surface 3, requiring a larger bag. However it is roughly the same weight.
  • While using tweetdeck, many active tabs, and streaming high bitrate videos, I experienced no slowdown
  • Access to a full suite of linux command line tools, with the ability to get many more
There are a lot of things I love about the device, but there are some things I miss. I do not have access to Microsoft Office, OneNote, or Onedrive without using them in the browser. This prevents me from accessing a lot of files offline, as well as leaving me wanting for a note taking options. Since I have gained access to a full desktop environment on the device, I should be able to find equivalents.

The C201 has about 10GB of on-device storage available, having a total of 16GB eMMC storage built in. I plan on getting a 64GB microSD card to expand my options somewhat. The lack of storage hasn't bothered me since I travel as light as possible in general. I have many portable storage options with me for when I need to transport or access large files offline.

Originally I attempted to compile and install Kali linux on a USB drive, but I've since realized that I don't have to with the number of tools available through the command line. Instead I used Crouton to create a chroot environment. My understanding of the technical aspects of a chroot is that it creates a second root directory complete with its own binaries and symbolic links to device mounts, so for all intents and purposes it is a completely separate environment running on the same hardware as another linux environment.

My crouton instance is currently running Ubuntu (xenial) with Xfce as a desktop environment. For the most part I use ChromeOS's terminal to access the chroot solely for the command line. When I need desktop applications from linux (that have been compiled for ARM) then I will get more comfortable with switching into that desktop environment and using them.

Additional Notes

I am going to point form some of my experiences with the device, neither hugely negative or positive.
  • The Asus C201 uses an ARM processor rather than an Intel one, so the selection of linux applications is slightly smaller than normal.
  • The C201 does not support the Google Play store like some chromebooks do. This means that within ChromeOS you are limited to chrome extensions, and there are not many that I trust.
  • ChromeOS still gets updates, despite the device itself being from 2015. I suspect that the hardware does not get updated drivers, but I have no way of verifying that.
  • Some Google websites do not support multiple sign-ins, which meant that I had to create a second user on the device to access Blogger.
  • Blogger uses "authuser=0" only. As it turns out "authuser=0" in any Chrome window in ChromeOS is the currently logged in user. This made a lot of sense to me once I realized it.
  • I could not find any documents supporting it, but as it turns out the guide here and Kali image here works with the C201 the same as it does for the Asus Chromebook Flip.
  • Install uBlock Origin and HTTPSeverywhere right away.

Conclusion

I intend on using the ChromeOS as my daily driver from here on. The C201 is so much faster than my low-spec Surface 3 when it comes to web browsing that I cannot justify carrying the Surface. I will find alternatives to Office and OneNote for offline access. There are ways to access my OneDrive storage through the browser and keeping things synced might be a problem, but one I am willing to manage for all the benefits I get from the device.

About the Author

AwfulyPrideful is a networking and telecommunications student with a passion for infosec. They can be found on twitter talking about infosec, technology, games, and politics. They maintain a blog of their journey into infosec, explaining complex topics in layman's terms, sharing the lessons they learn, and providing commentary of tech culture. If you want to support them directly you can do so via paypal and patreon.

My Set-up

Here is a step-by-step guide as to how I set up my chromebook. These steps are by no means universal to every Chromebook, but for the most part the process should be similar. Many of the steps here are taken from this guide.

Hardware Requirements

  • Pair of Yubikey devices that are U2F capable.
  • Smartphone with an Authenticator. This is just to meet a requirement, not for actual use.
  • Chromebook, duh.

Guide

  1. Boot into Developer mode. There is a guide here.
    1. Start up your Chromebook.
    2. Rather than doing the set-up, press Escape+Refresh+Power. You will be in recovery mode with a scary warning.
    3. Press Ctrl+D. You will see a warning screen. Press Enter to turn off OS Verification.
    4. Your device will take some time to switch into Developer mode.
    5. When you reboot your Chromebook, you must press Ctrl+D or it will beep in discontent,= because it hates development as much as developers.
  2. Reboot and begin device set-up.
  3. At the login screen, create a new account. This account will be the primary account for the device and should not be used for anything else.
  4. You will be prompted to enter a phone number for 2FA. Do this, we will be removing it in a couple moments.
  5. Once you are signed in, click in the bottom right corner, and press the gear to bring up the settings.
  6.  Navigate to https://myaccount.google.com/security in Chrome. Scroll down and click on 2-Step Verification.
  7. Add both Yubikey devices under Security Keys and your Phone application under Authenticator app.
  8. Remove your cell phone from the process. Having the Authenticator app is a requirement, but I have my backup Yubikey should I lose access to my primary one.
  9. Click the bottom right where your account image is. Click the gear to bring up the settings.
  10. Find the sync settings for your account. Turn off all syncing except for Application and Extensions. The guide above has a better explanation of what these sync settings do.
  11. This is where I signed into my second account. Once you sign in with both users you can switch between user spaces by pressing "Ctrl+," or "Ctrl+."
    1. Click your picture in the bottom right. Click Sign Out.
    2. At the Log-in Screen, log in with your secondary account.
    3. Set the same sync preferences for this account as your primary device.
    4. Sign out, then log back into the primary account.
    5. Click your picture in the bottom right, click your account name beside Sign Out. Select "Add Another User," then sign in with your second account. You will need to do this after every reboot.
  12. We are going to ensure that random people cannot pick up your chromebook and sign in on their own accounts. We are also going to make sure that someone who picks up your devices cannot identify all possible accounts that they can sign into on the device.
    1. From your management account open Settings. Under People, select "Manage Other People."
    2. Disable guest browsing.
    3. Disable "Show usernames and photos on the sign-in screen"
    4. Enable "Restrict sign-in to the following users." Ensure that only the accounts you added are present.
  13. Open Settings and navigate to "About Chrome OS" page and update. This will take a while and it will probably reboot, depending on how old the device is. Log back in.
  14. If you intent on booting from USB drives you have to turn on that feature. Once you do, when the warning screen pops up during boot, press "Ctrl+U" to boot from USB, and "Ctrl+D" to boot normally. To enable booting from usb:
    1. Press Ctrl+Alt+T to bring up a terminal.
    2. Type "shell" and press Enter.
    3. Type "sudo crossystem dev_boot_usb=1"
    4. Type exit to get back to the "crosh>" prompt. Type exit.
  15. Now we just have to install crouton to access all our Linux goodness. From your primary account:
    1. In the crouton readme, there is a link to the application. Download it.
    2. Download and install the Crouton Extension. Any graphical installation I have done with crouton has failed unless I had the extension installed and specified extension 
    3. Open a terminal (Ctrl+Alt+T) and move to shell (type shell, press enter).
    4. Type "sudo sh ~/Downloads/crouton -e -t xfce, extension, cli-extras" and hit enter.
    5. Follow any prompts. The installation will take a couple minutes.

Navigating Crouton

I had difficulties getting used to working with crouton. I am still figuring it out, but I will share my tips below. There is also a cheat-sheet for crouton here.
  • sudo startcli - Entered from a ChromeOS shell, this will get you into your chroot. From there you can use standard linux CLI tools to do everything your heart desires. You will have to install most of your tools using apt-get though. Type exit to unmount and leave the chroot. 
  • sudo startxfce4 -n xenial - This enables the graphical environment. It eats up RAM while it's active, and your battery life will decrease. You can get to the graphical environment by pressing Ctrl+Alt+Shift+Forward or Ctrl+Alt+Shift+Back (Forward and Back being the arrows on the function line, not the arrow keys.)
  • You have to unmount the chroot before you shut down or the chroot could become corrupted since it is running separately from ChromeOS and doesn't respond to the shutdown process.
  • I have not figured out how to unmount from the graphical space. However, I have not tried since I mostly use the command line from a Chrome tab.

Comments

Popular posts from this blog

BlackHat/DEFCON, Part 1: Travel Advice

BlackHat/DEFCON, Part 2: My experience