ejes consulting

Techincal Consulting Design and Automation

Archive for the ‘Hacking’ Category

Mac OS X Swap File Optimization

leave a comment »

So I like OS X.  It’s a UNIX desktop done well, it’s well designed, beautiful and easy to use.

With all I love about OS X, there are things that I absolutely HATE.  They could, for example, use the Unix Filesystem Hierarchy (https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard) but this article is more about how there is no easy way to modify your swap file and it’s usage.

I understand the desire to keep these kinds of settings under the covers from users who may be in experienced or not know exactly what they’re doing, but they could make it a little simpler to get your hands on.

Nevertheless, it’s not impossible.  During my research, I came upon this guys site (http://osxdaily.com/2010/10/08/mac-virtual-memory-swap/) and with this info (read it, it’s short) you can re-mount your swap files on a new filesystem.

In OS X, swap files are stored at /private/var/vm, so that’s where we’ll concentrate our filesystem changes.

First things first, though, we have to disable the swap files.  Thankfully, this can be done from the command prompt, but before you do disable virtual memory, you should not be running any applications.  If possible disable all network services, and close all programs before releasing all virtual memory, if you leave programs, (especially swapped, unfocused or background ones) open, you may have problems, otherwise consider yourself warned.

Disable “Dynamic Pager” (swap):

Mac-Mini:~ root# launchctl unload -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

After this command is done, you can safely delete everything in the /private/var/vm/ directory.

Mac-Mini:~ root# rm /private/var/vm/*

Then simply mount your new filesystem.  Mine is “msdos”, I figured that having less overhead would make it slightly quicker.   Though a security remember: these files would be readable by perhaps the wrong people, and could be used for malicious reasons or for information gathering purposes (ex. http://www.linuxjournal.com/content/doing-reverse-hex-dump).

Mac-Mini:~ root# mount -t msdos /dev/disk1s1 /private/var/vm

Then you can re-enable dynamic pager (swap, virtual memory), don’t forget the “-wF” the F probably means “force”:

Mac-Mini:~ root# launchctl load -wF /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

There you have it, your swap file will grow on this partition.

Please remember that you have to be root to run these, if you are unable to become root, please consult the manual pages for “sudo” on OS X.

Advertisements

Written by ejes

December 28, 2013 at 10:58 pm

I call Phoney

leave a comment »

So today I was stumbling around on the internet, and found this kids site:

http://cyberfreax.in/2011/11/15/how-to-create-a-virus-2/

which features “how to create a virus”  Who could help themselves but read?

It turns out that this kid is completely full of it.  He tells you to copy this:

01100110011011110111001001101101011000010111010000
100000011000110011101001011100 0010000000101111010100010010111101011000

into a text file and rename it to something.exe and then run it.

Of course anyone with a bit of understanding on how the binary loader works would know that the loader wouldn’t recognize this as an executable program; ALL executable programs in windows start with either “MZ” or “PE”.  These are the “magic numbers” that tell the binary loader that these are, in fact, executable.

There is a lot going on behind the scenes here so let me explain WHY this won’t work.

Inside of a regular “exe” program is a structure to help the operating system determine how to load this program.  The structure looks like this (in C notation):

(info from: http://www.delorie.com/djgpp/doc/exe/)

struct EXE {
  unsigned short signature; /* == 0x5a4D */
  unsigned short bytes_in_last_block;
  unsigned short blocks_in_file;
  unsigned short num_relocs;
  unsigned short header_paragraphs;
  unsigned short min_extra_paragraphs;
  unsigned short max_extra_paragraphs;
  unsigned short ss;
  unsigned short sp;
  unsigned short checksum;
  unsigned short ip;
  unsigned short cs;
  unsigned short reloc_table_offset;
  unsigned short overlay_number;
};

The first short integer ‘signature’ is always 5a4d in MZ executables (by far less complex than PE executables) this is how the loader knows that this is a valid executable.

The first 16-bit integer is the number of bytes in the last block, unless it’s set to zero, which means the whole last block (152 bytes) is used.

The next 16-bit integer is total number of blocks in the executable file, and if the previous short integer is not zero, that number of the last block is used.

The next short is the number of relocation entries in the header, and the next is the number of “paragraphs” in the header.  Followed by the number of paragraphs of additional memory the program would need (that is, if there isn’t at least this many bytes free the loader will not try to load this program) most programmers know this as the BBS size. And finally, following that, is the maximum number of paragraphs of additional memory.

The next part is the relative value of the stack segment.  This value is added to the segment the program is loaded into, and used to initialize the SS (stack segment) register.

The next value is the initial value of the SP (stack pointer) register.  Then a word which is a checksum, which is usually not used.

The next is the initial value of the IP (instruction pointer) register, and then the CS (code segment) register (which is relative to the segment of the program loaded).  Then the offset of the first relocation item in the file, and finally ending with the overlay number.

If you examine the “binary” that Srivathsan provided, obviously none of this structure “fits.”

So what IS Srivathsan trying to pull?  Let’s take the binary, and bring it to a Binary-to-Ascii conversion site.  I used this one:

http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

I pasted the “binary”, and pressed “To Text” and it comes back with:

format c:\ /Q/X

Oh!!  So he just encoded a “format” command and expected it to run.

This will NOT work.

So, what will work then?

There’s an older format, called “.COM” format that does still run in windows (XP tested).  A Com file (http://en.wikipedia.org/wiki/COM_file) is far less complex, it contains no header information, no relocation and no far jumps.

So it looks to me like you CAN use a .COM file in this way.  So now, to find some executable information you can place in this .com file.

To do this, I did a quick Google for “printable shellcode” and came back with a whole slew of stuff.  I chose this (i got it here(http://r00tsecurity.org/forums/topic/12019-16-bit-printable-shellcode-hello-world/):

X5))%@IP5YI5Y@5P!%PAP[55!5e 5O!54(P^)7CC)7SZBBXPSRABCABCABCABCABCABCABCABCABCZ[XH+H*hello world!$

As you might suspect from the final string, this is simply a “hello world” program; in printable ASCII!!

So, all you have to do is copy the above code, paste it into a text file, and rename the .txt extension to .com and ‘ta-da’ instant executable binary.

Nice try http://cyberfreax.in LOL

Written by ejes

November 17, 2011 at 1:30 pm

More Command Line Magic

leave a comment »

Wow, I was looking around for a way to quickly convert my ls -al listing into octal ‘0774’ permission display. I found a really neat awk script that does just this here:
http://www.linuxforums.org/forum/newbie/21722-command-shows-me-permissions-file-octal.html#post371256

it’s this:
ls -l | awk ‘{k=0;for(i=0;i<=8;i++)k+=((substr($1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf(“%0o “,k);print}’

to make it permanent, add this to your .profile:
alias l=”ls -la –color | awk ‘{k=0;for(i=0;i<=8;i++)k+=((substr(\$1,i+2,1)~/[rwx]/)*2^(8-i));if(k)printf(\” %0o \”,k);print}'”

Written by ejes

February 25, 2011 at 11:11 pm

Posted in Hacking, Programming, Scripts

Tagged with ,

Javascript Obfuscation to the MAX!!!

with one comment

I was stumbling around the internet today and found this:

($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+
($$=($_=!''+$)[_/_]+$_[+$])])()[__[_/_]+__
[_+~$]+$_[_]+$$](_/_)

Yep, perfectly legal Javascript, Care to hazzard a guess as it’s function?

http://adamcecc.blogspot.com/2011/01/javascript.html

^ go here to find out more… It’s fantastic :)

Written by ejes

February 1, 2011 at 2:47 pm

Simple Timesharing for ALL ANSI-C programs

leave a comment »

A client of mine asked that I write a simple co-operative timesharing engine to be used in an embedded project.  Timesharing is quite an easy multitasking system and is frequently used in the embedded space because each process must willingly give up cpu control.  This is good if you have a critical task that must not be interrupted before it completes.  Modern, more powerful cpus have the ability to turn off interrupts during execution (the instructions are sti and cli in the x86 world)  but not all processors support this.

Because I cannot be guaranteed that the microcontroller that i’m using has this, i opted to use a software interrupt that i call “swi”.  Realistically, you can turn this into a preemptive multitasking system by assigning the programmable interrupt to my “swi” function and have it execute at a pre-determined time.

anyway, i also wanted this to be somewhat compliant with normal POSIX programming, so I created a “fork” function.

It uses “setjmp” and “longjmp” to create save points in the “swi” and then call the next call on the process stack.  I was going to include a simple prioritizing system, but really it didn’t require it – i might still.

Anyway, the source is posted in my source code area. 

(terms of use) This software is given to you without warrantee and warning that it worked for me, doesn’t mean it’ll work for you.  Feel free to use and modify it, and send me patches, I will gladly post them and of course give you full credit, as I expect you’d give me credit as well.

Written by ejes

August 5, 2010 at 9:47 am

Posted in Commentary, Hacking

GNU dnsmasq for OpenSolaris SPARC

with 2 comments

I recently have been trying to migrate my FreeNAS server to a SPARC based system runing OpenSolaris.  Mainly for the benefits of ZFS – but also to learn more about OpenSolaris and shellcode on SPARC.

In this light of learning more about OpenSolaris, I’ve been porting some of my lesser power hungry network applications to my little sparc pizzabox as well.  Since the pizzabox server is a little underpowered I wanted to use some pertty trim services to keep it’s availablility up as a NAS.

The first service I thought about was dnsmasq, who on my OpenBSD system works as my DHCP and dynmaically updateable DNS server.  I really like dnsmasq (http://www.thekelleys.org.uk/dnsmasq/doc.html), and have been using it as my primary dns/dhcp server for some time now – it’s fast, feature rich, easy to configure and cheap on resources.  It’s perfect for the home user.

Now just to get in running on my sparc.  After all the searching in the world, I couldn’t find any (trivial) dnsmasq on Solaris documentation. 

This left me no choice:

I’m not afraid of compling source.  Thankfully, DNSmasq 2.52 (http://www.thekelleys.org.uk/dnsmasq/dnsmasq-2.52.tar.gz) compiles cleanly on sparc – so this is the base I used.  In order to compile and run make install properly, I had to change the “Makefile” to use “ginstall” instead of BSD install that is used by default on Solaris systems; the Makefile also uses “cc” instead of “gcc” so I symlinked my “gcc” binary from /usr/bin to /usr/bin/cc.

Once installed I had to deal with the silly Solaris SMF (Service Management Facility).  In order to maintain some continuity across all my services I decded to build a nice smf xml for my dnsmasq as well.  I just copied ssh’s, and modified it to support my newly compiled dnsmasq package.  I also had to write a simple starup script since the SMF facility is just a fancy way of calling /lib/svc/method/ shell scripts who look suspcisouly like “init.d” type scripts.

Compiled, scripted and input into my smf (using svccfg import), my dnsmasq seems to starup great – my netbook got an ip, and it’s pingable by using “ping netbook” .

GREAT!

To save you wonderful internet users some headaches, I built a Solaris “.pkg” file for general consumption.  (http://www.filehosting.org/file/details/143734/GNUdnsmsq.pkg

I followed the instructions here (http://www.ibiblio.org/pub/packages/solaris/sparc/html/creating.solaris.packages.html ) for creaing the Solaris package, then used “pkgtrans -s . GNUdnsmaq.pkg” to translate the package to a “.pkg” file.

Enjoy!

Written by ejes

May 12, 2010 at 12:18 pm

Posted in Hacking, Tutorials

Tagged with , ,

MAME cabinet, on Debian (Part 1)

with 6 comments

Okay, so generally you know I’ve been up to no good (contracts) when I haevn’t posted in some time. It’s true, I’ve been working pretty hard lately.

So last night I sat while watching the olympics it made me think of Hyper Olympic, the name of the console that I got for my Mame Cabinet.

I decided to finally install an OS on the machine I’ve devoted to my arcade console. Since this is just first step, I don’t have pictures for you yet – but I will – rest assured.

So I started with a clean debian netinst cd for Debian 5.0 (Lenny).

I started by installing the “Advanced install“.  I want my stystem to be as slim as possible, so I want to control as many options as I can while installing.

After the usual language, keybaord layout and detection of the CDROM and installation media the fun started.

I set my hostname to “Hyperolympic”; the name of the game my cabnet came from.  Later on I hope that it will default to “hyper olympic” as a screensaver – but right now, it’s just the host name.

I also configured it to allow me to contiue working on it from SSH (which allowed me to watch the USA team whoop Canada’s Hocky team), from there I configured it to use the time.nrc.ca atomic clock for ntp, and start to parition the disks up.

The drive I have in it is an old 30Gb hard disk, the ROMS I’ll store on my NAS so It only really needs to hold temporary data and so the drive doesn’t need to be very large.  I used an old 2Gb USB Thumbdrive as a “swap” partition.  Very simple partition scheme, the 30GB drive is a the root (/) paritition, the entire USB Thumb Drive is swap.

Install the base system, and cheer on the Canadians.  I created a user called “interface” who will be the “interface” user, I disabled root here as well and do all interactive root sessions by using “sudo -i” from my interface user.  I’ve seen a few tutorials that start the mame arade as root, but I disagree with this practise. 

Finally it asked for some “task specific” kinds of installation options.  I chose “Standard System Only” (or similar), I have no need for apache, dns, or an xwindows desktop environment.

Install grub (not grub2) and ta-da.   A bootable debian.

Next, I logged in as interface, sudo -i to root, and edited my /etc/apt/sources.list.  I found this neat place (http://apt.ludomatic.fr/?hl=en#repo) who has mame sdl, precomplied for debain.  Following their instructions I added the following lines to my sources.list:

## LUDOMATIC REPOSITORY
deb http://apt.ludomatic.fr lenny non-free
deb-src http://apt.ludomatic.fr lenny non-free

Then using a quick command (they also show) I get their security keys:

wget http://apt.ludomatic.fr/ludomatic.key.asc -O - | apt-key add -

I run apt-get update to ensure there are no errors (there weren’t).

Now I have to enable the framebuffer.  There’s not a whole lot if info about this – but it turns out it’s pretty easy.  I added the “vga=791 video=nvidiafb” to my boot.1st file and rebooted.  Obviously this is for nvidia cards, if you don’t know your card you can use the “video=vesafb” instead, or you can use your own… there’s plenty and you can find them all in:

“/lib/modules/”uname -r`/kernel/drivers/video/”

You also should edit your /etc/modules to include your framebuffer drive too.  I also installed “splashy” which allows me to choose themes and “boot up screens”

apt-get install splashy splashy-themes

Once all of that is complete I now install GCC and build utilities so that I can build the “advanced menu” system.

apt-get install gcc g++ binutils make

Then in my /usr/local/src directory I download the advance menu sources:

wget http://prdownloads.sourceforge.net/advancemame/advancemenu-2.5.0.tar.gz?download
tar -vxzf advancemenu*.tar.gz
cd advancemenu-2.5.0
./configure && make install

Now, SDL Mame.

apt-get install sdlmame

Next I edit my /boot/grub/menu.1st and change the “timeout   5” line to “timeout 3” to speed up boot, I also changed the /etc/init.d/rc script the line that reads “CONCURRENCY=none” to “CONCURRENCY=shell

. . . and Reboot!

Ta-DA :)  A bootable system, not much is going on – you can start messing with the advance menu system, which I’ll cover next time :)

to be continued…

Written by ejes

February 23, 2010 at 11:00 am