2013
12.12

so i recently got my hands on the samsung s4 gt-i9500 (exynos octa) and i must say… it is fucking annoying. not that the phone itself is bad or that i hate samsung, on the contrary i love samsung phones. its the fact that this phone never hit a mass audience that is annoying, which means that roms for this are few and far between.

enough bitching. i found a daily driver that is actually good. check here on xda.

here are a couple of screen shots:
systems panel:
Screenshot_2013-12-12-16-08-30

CPU-Z screen capture:
Screenshot_2013-12-12-16-19-55

2013
12.02

so i read Big Ghost’s site semi frequently since the reviews are actually pretty funny. One thing i noticed is that who ever does the writing can come up with these names that are hilarious. so i decided to write a quick script using some of the names from that site to pseudo-randomly generate names.

the script is here. its a pretty straight forward script that uses a couple of arrays and some bash magic to combine the three fields.

2013
10.23

So work has given me a new shiny Dell System XPS L322X (the ubuntu dev model) which i quickly installed gentoo on (personal preference). When i went to go and paste something using the Cypress two button track pad, it did not work.

damn.

Here is the fix:

first things first, lets make sure that your kernel settings are correct.

Device Drivers  --->
  Input device support  ---> 
    [*]   Mice  ---> 
       [*]     Cypress PS/2 mouse protocol extension 

now lets check our settings using xinput:

 % xinput
⎡ Virtual core pointer                          id=2    [master pointer  (3)]
⎜   ↳ Virtual core XTEST pointer                id=4    [slave  pointer  (2)]
⎜   ↳ CyPS/2 Cypress Trackpad                   id=12   [slave  pointer  (2)]
⎣ Virtual core keyboard                         id=3    [master keyboard (2)]
    ↳ Virtual core XTEST keyboard               id=5    [slave  keyboard (3)]
    ↳ Power Button                              id=6    [slave  keyboard (3)]
    ↳ Video Bus                                 id=7    [slave  keyboard (3)]
    ↳ Power Button                              id=8    [slave  keyboard (3)]
    ↳ Sleep Button                              id=9    [slave  keyboard (3)]
    ↳ Laptop_Integrated_Webcam_1.3M             id=10   [slave  keyboard (3)]
    ↳ AT Translated Set 2 keyboard              id=11   [slave  keyboard (3)]

as we can see, our device is #12, so lets list props on #12:

% xinput --list-props 12
Device 'CyPS/2 Cypress Trackpad':
        Device Enabled (132):   1
        Coordinate Transformation Matrix (134): 1.000000, 0.000000, 0.000000, 0.000000, 1.000000, 0.000000, 0.000000, 0.000000, 1.000000
        Device Accel Profile (256):     1
        Device Accel Constant Deceleration (257):       2.500000
        Device Accel Adaptive Deceleration (258):       1.000000
        Device Accel Velocity Scaling (259):    12.500000
        Synaptics Edges (260):  64, 1536, 48, 852
        Synaptics Finger (261): 25, 30, 0
        Synaptics Tap Time (262):       180
        Synaptics Tap Move (263):       80
        Synaptics Tap Durations (264):  180, 180, 100
        Synaptics ClickPad (265):       1
        Synaptics Middle Button Timeout (266):  0
        Synaptics Two-Finger Pressure (267):    282
        Synaptics Two-Finger Width (268):       112
        Synaptics Scrolling Distance (269):     36, 36
        Synaptics Edge Scrolling (270): 0, 0, 0
        Synaptics Two-Finger Scrolling (271):   1, 0
        Synaptics Move Speed (272):     1.000000, 1.750000, 0.108992, 0.000000
        Synaptics Off (273):    0
        Synaptics Locked Drags (274):   0
        Synaptics Locked Drags Timeout (275):   5000
        Synaptics Tap Action (276):     0, 0, 0, 0, 0, 0, 0
        Synaptics Click Action (277):   1, 1, 1
        Synaptics Circular Scrolling (278):     0
        Synaptics Circular Scrolling Distance (279):    0.100000
        Synaptics Circular Scrolling Trigger (280):     0
        Synaptics Palm Detection (281): 0
        Synaptics Palm Dimensions (282):        160, 200
        Synaptics Coasting Speed (283): 20.000000, 50.000000
        Synaptics Pressure Motion (284):        30, 160
        Synaptics Pressure Motion Factor (285): 1.000000, 1.000000
        Synaptics Grab Event Device (286):      1
        Synaptics Gestures (287):       1
        Synaptics Capabilities (288):   1, 1, 1, 1, 1, 1, 1
        Synaptics Pad Resolution (289): 15, 16
        Synaptics Area (290):   0, 0, 0, 0
        Synaptics Soft Button Areas (291):      800, 0, 738, 0, 0, 0, 0, 0
        Synaptics Noise Cancellation (292):     9, 9
        Device Product ID (250):        2, 17
        Device Node (251):      "/dev/input/event6"

AHH – you see it ??
Synaptics Middle Button Timeout (266): 0

lets change that to 1:
xinput --set-prop 12 "Synaptics Middle Button Timeout" 1

now restart X and Voila!! all done.

2013
08.22

so i wrote a little script for dumping some stats to a graphite server.

script is located here.

all you have to do to get this working:
ensure nc is installed
ensure vmstat is installed
change gserver and gport to matching graphite server and port
and cron this to run every minute or so.

it will graph :
cpu.idle
cpu.systime
cpu.usertime
cpu.wait-IO
swap.swapped-in
swap.swapped-to
mem.buffers
mem.cache
mem.virtfree
mem.virtswap
disk.free
disk.total
disk.used
load.1-minute
load.5-minutes
load.15-minutes
mem.free
mem.total
mem.used
swap.free
swap.total
swap.used
users

2013
08.22

so i needed to add things to a couple of boxes without completely killing off the existing crontab from a script. i came up with this:

TMP_FILE=$(mktemp --tmpdir cron.$$.XXXXXXXXXX)
crontab -l > ${TMP_FILE}
echo '# * * * * * script' >> ${TMP_FILE}
crontab ${TMP_FILE}
rm -rf ${TMP_FILE}

it will take a copy of the existing crontab, then append the new line at the end, then push the temp file to cron. its a hacky way of doing it but it can be refined.

if you need to blow away your crontab and just add one line, you can do that by doing this:
echo '# * * * * * script' | crontab -
this will remove your existing crontab and replace it with whatever you specify.

2013
08.11

so for my day to day usage, i run as minimalistic a window manager as possible (evilwm or in gentoo : x11-wm/evilwm), but every now and then i have to debug or test things in other wm’s which is a pain in the ass depending on what login manager you are using or just depending on the configuration you are using.

but if you have your X Windows compiled with Xnest support (in gentoo, use flag +xnest), you can start another window manager inside of your default (standard) window manager just by doing this :

% Xnest :1 -ac &
% export DISPLAY=:1
% urxvt &
% spectrwm

breakdown of the lines:
% Xnest :1 -ac &
Xnest : starts the nested X server
:1 : display to it in
-ac : disable access control restrictions
& : background

export DISPLAY=:1
this line is setting DISPLAY to run in session 1

urxvt &
urxvt & : is to start a term (i use urxvt, substitute with whatever) to use in xnest

spectrwm
spectrwm : is the secondary window manager that i ran for this, substitute with whatever.

screenshot of spectrwm running in an Xnest window inside of evilwm. spectrwm has 3 tmux’d windows open with the bar on top, evilwm has two terms stacked on the right:
2013-08-11-231334_1440x900_scrot
click to enlarge

2013
08.07

so after picking up a usb rubber ducky from HAK5 at defcon, i wanted to see if i could replicate a pin brute force tool using a teensy for android phones. i love the usb rubber ducky, but i figure if i have arduino’s to spare, why not use them ?

here is what i have come up with

its pretty straight forward and tested on android 4.1 & 4.2. confirmed not working in android 4.2 though.

2013
08.05

black hat usa 2013:
IMG_20130725_154820
click image to enlarge

Defcon:
IMG_20130804_230602
click image to enlarge

2013
07.23

this article assumes that you have recently become paranoid accessing a server and are assuming that someone has sent you an erroneous / malicious key for MITM or some other weird purpose.

this article also assumes that you have access to the other box already to do key verification.

so you go to ssh into one of your boxes in your network that you have ssh’d into hundreds of times and all of a sudden you are confronted with an authenticity check like so:

ssh USER@SERVER
The authenticity of host 'SERVER (0.0.0.0)' can't be established.
RSA key fingerprint is ff:ff:ff:ff:ff:ff:de:ad:be:ef:00:00:00:00:00:00.
Are you sure you want to continue connecting (yes/no)?

info changed
this message can occur if the box has been rebuilt / or if you deleted the contents of /home/USER/.ssh/

or

ssh USER@SERVER
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@      WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The RSA host key for SERVER has changed,
and the key for the corresponding IP address 0.0.0.0
is unknown. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!    @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff.
Please contact your system administrator.
Add correct host key in /home/USER/.ssh/known_hosts to get rid of this message.
Offending RSA key in /home/USER/.ssh/known_hosts:10
RSA host key for SERVER has changed and you have requested strict checking.
Host key verification failed.

info changed
this message can occur if the box has been rebuilt with the same servername

you know that you ssh to this server repeatedly and never had to worry about this.
so how can you verify that there isnt anything fishy going on ?

on the remote server, lets check the fingerprint of the rsa/dsa keys:

$ ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
2048 ff:ff:ff:ff:ff:ff:de:ad:be:ef:00:00:00:00:00:00  root@localhost (RSA)

RSA

$ ssh-keygen -lf /etc/ssh/ssh_host_dsa_key.pub
1024 ff:ff:ff:ff:ff:ff:de:ad:be:ef:00:00:00:00:00:00  root@localhost (DSA)

DSA

obviously the keys would be different for both rsa / dsa, but i changed them to something other than my servers are showing.

with these two checks, we can now verify that the keys either match or do not, and if they dont, we can get to work figuring out why they dont match.

2013
07.18

so i have been doing some work with our internal monitoring systems the last couple of days and wanted a way to pull pingdom stats into our graphite server using only a couple of bash commands or just put it together into a little shell script.

after going through the pingdom api documentation, i was able to pull some curl commands that we used to poll pingdom then send the output to graphite.

first things first, you will need to have an account with pingdom, which will also give you the needed username and password, and an api key.

if you have that stuff already, we next need to get the id number of the check that you want to start putting in graphite. this can be accomplished in one of two ways:

from the pingdom dashboard: go to dashboard, select “up”, then click either the uptime or response icon. you will get the id of that check in the url in the form of:
https://my.pingdom.com/reports/uptime#check=XXXXXX&daterange=30days or https://my.pingdom.com/reports/responsetime#check=XXXXXX&daterange=30days where XXXXXX is the id (check number) of the check that you want to start plotting.

the other method to get your id (check number): if you already have your api key & username / password, we can just pass a curl command (with some python) as documented in the api documentation like so :
curl --silent --header "App-Key: api_key" -u "username:password" https://api.pingdom.com/api/2.0/checks | python -mjson.tool
the reason we pass the python -mjson.tool command after is to format the output. since it outputs unformatted json, its just easier to read if its formatted. with this output, just grep the line that reads “id”, that is your check number.

now to the juicy bits: how to extract data.
one thing i learned from polling pingdom data, is that it pings your configured server (url) every nine minutes, so even if you pull your data every x amount of seconds or minutes, it will only have an accuracy of 9 minutes, so we dont have to worry about too much precision of the data polled. this is article is more in line with just getting the data out.
now that we have the api key, username / password, & id (check id), we need to see what probes are our checks actually using. that can be accomplished with this line:
curl --silent --header "App-Key: api_key" -u "username:password" https://api.pingdom.com/api/2.0/results/XXXXXX | python -mjson.tool which should give you something similar to this :

{
    "activeprobes": [
        64,
        76,
        77,
        78,
        79,
        80,
        81,
        84,
        85,
        86
    ],
    "results": [
        {
            "probeid": 80,
            "responsetime": 842,
            "status": "up",
            "statusdesc": "OK",
            "statusdesclong": "OK",
            "time": 1374173361
        },

i shortened this since all we need is the “activeprobes” section

now that we have the list of the probes that are being used, we can further process our commands to get only the response time from that particular probe and id like so:
curl --silent --header "App-Key: api_key" -u "username:password" https://api.pingdom.com/api/2.0/results/XXXXXX\?limit=1\&probes=YYYYYY | python -mjson.tool | awk '/time/ {gsub(",",""); print}'where YYYYYY is one of the active probes we gathered above

the output from that curl command should look like:

            "responsetime": 47
            "time": 1374173608

you will notice that we are passing “limit=1” into our curl command, what that does is just limits the output to only one check, that check being the latest one.

another thing to note, the responsetime is given to us in milliseconds, so format your output accordingly to make more sense, or keep it as is, thats up to you.

now with the “responsetime” and “time” gathered, we can pass that information to graphite using netcat like so:
echo "name_or_identifier responsetime time" | nc graphite_server graphite_port

a breakdown of that command:
echo – pretty straight forward what echo is
name_or_identifier – this is what this check will be identified as in graphite
responsetime – this is the value that was gathered above. in this case “47”
time – this is the value that was gathered above. in this case “1374173608”
nc – netcat
graphite_server – this is the url / ip of your graphite server
graphite_port – this is the port that accepts graphite checks.

with some work, you should get graphs similar to this:
download
click to enlarge

i will be posting some scripts that i have written to use in house for multiple ids / probeids which are fully automated.