Imagine a job as a Linux Kernel Developer; now imagine this job inside of Microsoft. Well, it looks like Hell has frozen over, if that sounds like something impossible and you like doing the impossible and you want to be part of an exciting change, than this job is for you.
see the original post. (The typo in the title was copy&pasted from there…)
I love the “looks like Hell has frozen over” part 😀
If you run this linux thing, have an IBM/Lenovo Notebook and own a docking station as I do, you might want to undock your beloved laptop every once in a while. It turns out that the Thinkpad has to run, because you have to “eject” the notebook. So if your Thinkpad is suspended, you can’t just take it.
I have no idea why this is important though. I’d say that linux is smart enough to cover USB, Power, external VGA, etc. losses.
If the driver crashed and you don’t want to turn off your computer, you’re pretty doomed, especially because /proc/acpi/ibm/bay doesn’t exist (anymore?) and you have no obvious interface to eject your notebook. But there is good old sysfs for the rescue:
echo 1 | sudo tee /sys/devices/platform/dock.0/undock
I found a howto via forensikblog which wasn’t pretty good because it missed some details and installed CarvFS into your systems directories. You maybe want to have the carving files seperate from the rest of the system. So here comes a Howto Install CarvFS on your Ubuntu 8.10 machine:
cd /tmp/
sudo mkdir /opt/$USER/
sudo chown $USER:$USER /opt/$USER
mkdir /opt/$USER/carvfs
wget -O- 'http://downloads.sourceforge.net/ocfa/libcarvpath-0.2.0.tar.gz?use_mirror=mesh' | tar xvzf -
cd libcarvpath*
sudo apt-get install -y libsqlite3-dev libcurl4-openssl-dev
./configure --prefix /opt/$USER/carvfs && make && make install
cd /tmp/
wget -O- 'http://downloads.sourceforge.net/ocfa/carvfs-0.4.1.tar.gz?use_mirror=mesh' | tar xvzf -
cd carvfs*
sudo apt-get install -y libfuse-dev
export CFLAGS="-I/opt/$USER/carvfs/include/"
export LDFLAGS="-L/opt/$USER/carvfs/lib/"
./configure --prefix /opt/$USER/carvfs && make && make install
Happy Hacking
Matthew Dempsky found a bug in TinyDNS and the author, Daniel Julius Bernstein, has a Security Guarantee that rewards the first who finds an exploitable bug with $1000 and he says, he is going to make it happen! I love this guy…
The problems I described last time, are gone now 🙂 The paramiko mailinglist is, besides the pretty good documentation, a very good information ressource.
So I built a Fon client in Python which allows you to login to the Fon server and make your Fonera officially online.
So in order to get your copy of PyFON, do a
hg clone http://hg.cryptobitch.de/pyfon
To use it, simply give the MAC address of your Foneras wireless interface as an argument and run it or do it in a more sophisticated way:
muelli@xbox:~/hg/pyfon$ python ./src/pyfonclient.py --loglevel info --firmware 0.7.2 --revision 3 --mode cron --ethernetmac 00:18:84:fo:ob:ar 00:18:84:fo:ob:ar INFO:root:Connecting to host: download.fon.com:1937 as user: openwrt INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_4.3p2) INFO:paramiko.transport:Authentication (publickey) successful! INFO:root:Connect finished INFO:paramiko.transport:Secsh channel 1 opened. INFO:root:Found _auth_string: mode='cron' wlmac='00:18:84:ff:ee:dd' mac='00:18:84:fo:ob:ar' fonrev='3' firmware='0.7.2' chillver='1.0-1' thclver='1.0' device='fonera' INFO:root:Finally closing everything muelli@xbox:~/hg/pyfon$
If you increase the loglevel to, say, debug, then you’ll get the script which Fon send you and supposes you to execute. If you change your password via the Fon webinterface, you’ll see your new password in that script.
So if you want to disturb the Fon network, you can iterate over all Fon MACs and receive the possible made configuration changes. By that, you’ll get the new passwords as well, of course…
Another funny thing is that the Fon server sends you their banner, if you explicitely request a shell:
In [1]: import pyfonclient In [2]: c = pyfonclient.Client() In [3]: c.connect() In [4]: channel = c.client.invoke_shell() In [5]: channel.recv_ready() Out[5]: True In [6]: buf="" In [7]: while channel.recv_ready(): buf += channel.recv(1) ...: In [8]: print buf Linux fonesfat02 2.6.18-6-amd64 #1 SMP Sun Feb 10 17:50:19 UTC 2008 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. In [9]:
But you can’t execute any command…
Patches are, as always, welcome 🙂
You might know that FON thing, which basically provides you with WiFi on many places. They give you an access point which they suppose you to run and provide that WiFi to others. Then you are eligible to use other peoples WiFi.
The given access point connects itself with a script to the main server and tells it, that it’s online. The server then grants you access to other WiFis.
If you flash the access point, which is called “fonera”, with e.g. OpenWRT then you’ll lose that script. This in pretty bad because you *do* provide free WiFi to the people (unless you don’t run an open WiFi) but lose the right to use others.
There are sites out there which describe, howto do the “heartbeat” yourself, but they have major drawbacks:
Also note, that you can receive the files from the Fon development site and steal that heartbeat thing from there.
Thanks to this site I found a way to convert the dropbear key to the OpenSSH format (/usr/lib/dropbear/dropbearconvert dropbear openssh fonkey fonkey.ssh), but that bash thing is still ugly. Also, to use OpenSSH, you have to fiddle with permissions of the keyfile, etc.
So in order to run that heartbeat thing properly on, say, your PC, you don’t want to depend on dropbear or “nvram” to get the MAC address of your wireless interface. You might want to run the following script, of course you have to adapt the variables first. I try to get rid of Bash, but I still have a few problems with Pythons SSH package: I can’t send something to “stdin”, like “echo 'foo' | ssh bar” does.
#!/bin/sh
#
# version 1.1.0
THINCLIENTPATH="/tmp" # path of this file
ROOTHOME="/tmp/root" # root's home dir
SSHPATH="/usr/bin/ssh" # path to ssh
KEY="/tmp/fonkey.ssh.1" # private key for fetching the info from the FON server
THINCLIENTOUT="/tmp/.thinclient.sh" # output file
THINCLIENTOUTDEFAULT="33" # default size of the output file
THCLVER="1.0"
CHILLVER="1.0-1"
FONREV="2" # /etc/fon_revision
FIRMWARE="0.7.2" # taken from /etc/banner (without Beta)
DEVICE="fonera"
USER="openwrt"
SERVER="download.fon.com"
PORT="1937"
FONSIG="$SERVER ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0zJFtj5NtrVsj8+qG0dtPE8WpHHDpTXp5+d3vvtSS7Hx7vYHyrfN/8PBVrrYOgl4dySY65sGtq34EU04VN4a7xQHSKJBunDUSQ/2Xz+eyo53LCVeFy1zNRCmB6jrFlJQvl5yviLvXmMtOGxG8Z1dfu4qavfGtBxwtwxKPKuiyhs="
cat > $KEY <> $ROOTHOME/.ssh/known_hosts
}
exec_cron_mode () {
check_env
sleep "$((0x$(head /dev/urandom |hexdump |awk '$2 > 0 {print $2}'|head -n1) % 10))"
echo "mode='cron' wlmac='$MAC' mac='$ETMAC' fonrev='$FONREV' firmware='$FIRMWARE'" | $SSHPATH -T ${PORT:+ -p $PORT}${KEY:+ -i $KEY} "${USER}@${SERVER}" > $THINCLIENTOUT
echo "sent: mode='cron' wlmac='$MAC' mac='$ETMAC' fonrev='$FONREV' firmware='$FIRMWARE'"
exec_check_thinclient
}
exec_start_mode () {
sleep 10 # make sure WAN is up and crond is running
check_env
[ -f "/tmp/crontab" ] || touch /tmp/crontab
[ `grep -c thinclient /tmp/crontab` = "0" ] && echo "24,54 * * ** root $THINCLIENTPATH/thinclient cron > /dev/null 2>&1 &" >> /tmp/crontab
echo "mode='start' wlmac='$MAC' mac='$ETMAC' fonrev='$FONREV' firmware='$FIRMWARE' chillver='$CHILLVER' thclver='$THCLVER' device='$DEVICE'" | $SSHPATH -T ${PORT:+ -p $PORT}${KEY:+ -i $KEY} "${USER}@${SERVER}" > $THINCLIENTOUT
echo "sent: mode='start' wlmac='$MAC' mac='$ETMAC' fonrev='$FONREV' firmware='$FIRMWARE' chillver='$CHILLVER' thclver='$THCLVER' device='$DEVICE'"
exec_check_thinclient
}
exec_check_thinclient () {
if [ -f $THINCLIENTOUT ]
then
THINSIZE="$(wc -c < $THINCLIENTOUT)"
if [ $THINSIZE = "0" ]
then
echo "Something is wrong, $THINCLIENTOUT is empty"
elif [ $THINSIZE != "33" ]
then
echo "Something is different in $THINCLIENTOUT:"
cat $THINCLIENTOUT
else
echo "$THINCLIENTOUT is the default one, deleted"
rm $THINCLIENTOUT
fi
else
echo "Something is wrong, $THINCLIENTOUT does not exist!"
fi
}
case "$1" in
cron)
exec_cron_mode
;;
start)
exec_start_mode
;;
check)
exec_check_thinclient
;;
*)
echo "Usage: `basename $0` {cron|start|check}"
exit
esac
