diff options
Diffstat (limited to 'md/writeup')
46 files changed, 299 insertions, 296 deletions
diff --git a/md/writeup/arm64_assembly_crc32.md b/md/writeup/arm64_assembly_crc32.md index 48ffd21..f177f3b 100644 --- a/md/writeup/arm64_assembly_crc32.md +++ b/md/writeup/arm64_assembly_crc32.md @@ -18,14 +18,16 @@ With Raspberry Pi 4 need to run it with 64bit linux. ### Raspberry Pi 4 Run command -``` + +```bash uname -a Linux raspberrypi 5.4.42-v8+ #1319 SMP PREEMPT Wed May 20 14:18:56 BST 2020 aarch64 GNU/Linux ``` There is substring "aarch64" that indicates that os supports 64 bits To check if CPU supports crc32 instructions run -``` + +```bash cat /proc/cpuinfo | grep crc ``` search for "crc32" substring @@ -34,12 +36,12 @@ search for "crc32" substring If you have Apple M1 then you already know it. If not sure run one of those commands to verify archirecture -``` +```bash uname -a ``` or -``` +```bash arch ``` @@ -228,13 +230,13 @@ int main() { ### Raspbery Pi 4 Need to set extra *-march* option to enable architecture variant that supports crc. -``` +```bash gcc asm_crc32.c -o asm_crc32 -march=armv8.1-a ``` ### Apple M1 Works without extra options -``` +```bash gcc asm_crc32.c -o asm_crc32 ``` diff --git a/md/writeup/arm64_assembly_hello_world.md b/md/writeup/arm64_assembly_hello_world.md index 118e7b6..c4685f1 100644 --- a/md/writeup/arm64_assembly_hello_world.md +++ b/md/writeup/arm64_assembly_hello_world.md @@ -25,12 +25,12 @@ int main() { Running 64bit linux. To detect with architecture and what bitness of os run command -``` +```bash uname ``` Architecture shown as aarch64 enoughs to indicate that os ir 64bit -``` +```bash Linux raspberrypi 5.4.42-v8+ #1319 SMP PREEMPT Wed May 20 14:18:56 BST 2020 aarch64 GNU/Linux ``` @@ -65,9 +65,9 @@ _start: Too compile check if you have installed gnu gcc, other compilers such as clang also should work perfectly fine. -```makefile - as hello.s -o hello.o - gcc hello.o -o hello +```bash +as hello.s -o hello.o +gcc hello.o -o hello ``` ## Apple M1 @@ -97,7 +97,7 @@ helloworld_len = . - helloworld Install xcode tools before compilation -```makefile +```bash as -o hello.o hello.s ld -macosx_version_min 11.0.0 -o hello hello.o -lSystem -syslibroot `xcrun -sdk macosx --show-sdk-path` -e _start -arch arm64 ``` diff --git a/md/writeup/basic_http_server.md b/md/writeup/basic_http_server.md index cd1b4de..249c390 100644 --- a/md/writeup/basic_http_server.md +++ b/md/writeup/basic_http_server.md @@ -4,17 +4,17 @@ keywords:c,http,server # Basic HTTP server Basic HTTP server. When you type url it shows listing of your local directory. If you tipe with path to file name noting hapens Use: -``` +```sh http://*.*.*.*:<port>/ -> disk start directory http://*.*.*.*:<port>/home/ -> home directory ``` Run: -``` +```sh ./server [port] ``` Compile: -``` +```sh gcc server.c -o server ``` diff --git a/md/writeup/bladerf_quick_guide.md b/md/writeup/bladerf_quick_guide.md index 1ece22e..dec8ef7 100644 --- a/md/writeup/bladerf_quick_guide.md +++ b/md/writeup/bladerf_quick_guide.md @@ -104,7 +104,6 @@ create FM radio listening design and as result you can hear to your local radio ![BladerRF fm radio block diagram](/img/gnuradio/bladerf_fm_radio.png) - ## Links [https://www.nuand.com/bladerf-2-0-micro/](https://www.nuand.com/bladerf-2-0-micro/) diff --git a/md/writeup/building_openwrt_for_rtl8196c.md b/md/writeup/building_openwrt_for_rtl8196c.md index e3825d7..284b025 100644 --- a/md/writeup/building_openwrt_for_rtl8196c.md +++ b/md/writeup/building_openwrt_for_rtl8196c.md @@ -16,7 +16,7 @@ Fits of all need to get sources from git server. There is some branches in git. But only one of them intended to be used for non development purposes its "realtek-unstable" -``` +```sh git clone http://git.advem.lv/rtl819xx cd ./rtl819xx/ git branch -a @@ -28,7 +28,7 @@ git checkout realtek-unstable There is supported only compilation with binutils 2.21.1 and gcc-4.6.x-linaro. Now you should setup that options with menuconfig. -``` +```sh make menuconfig ``` @@ -45,7 +45,7 @@ __Binutils Version__ as (binutils 2.21.1) __GCC compiler Version__ as (gcc 4.6.x with Linaro enhancements) Last option to switch of is in main menu __Network__ -``` +```text firewall3 odhcp6c ``` @@ -56,17 +56,17 @@ odhcp6c It could take some time to compile image. With some compiling output -``` +```sh make V=s ``` Without extra output -``` +```sh make ``` Compile in many threads -``` +```sh make -j8 ``` diff --git a/md/writeup/c_bin2hex.md b/md/writeup/c_bin2hex.md index 441a115..2d6f4b5 100644 --- a/md/writeup/c_bin2hex.md +++ b/md/writeup/c_bin2hex.md @@ -5,7 +5,7 @@ keywords:c,binary,hex Converts binary file to hex file. Use: -``` +```sh ./bin2hex [bin_file] - for local output ./bin2hex [bin_file] [hex_text_file] - for file output diff --git a/md/writeup/c_macro_tricks.md b/md/writeup/c_macro_tricks.md index 4068272..e9f9d0f 100644 --- a/md/writeup/c_macro_tricks.md +++ b/md/writeup/c_macro_tricks.md @@ -15,10 +15,10 @@ this allows to see resulting source that going to be compiled, macro errors could be hard to debug, but this is first thing, test them before and then be sure that everything works. Lets continue with some more deep stuff. -<!-- ####################################################################### --> + ## __VA_ARGS__ keyword -<!-- ####################################################################### --> + ### Single argument macros Writting macros with single argument @@ -42,14 +42,14 @@ F(}) any kind of argument can be passed to macro, and that allows to make some tricks #### Result -``` +```c int main (){ printf("hello world\n"); } ``` -<!-- ####################################################################### --> + ### Multi argument macro writting macro with multiple unamed arguments @@ -74,7 +74,7 @@ Previouse example works just fine, but if add multiple arguments the __VA_ARGS__ just prints them as a whole string #### Result -``` +```c int main (){ printf("hello world\n"); @@ -84,7 +84,7 @@ printf("hello world\n"); ``` -<!-- ####################################################################### --> + ### Mixing named arguments and unamed arguments Mixing together named and unnamed arguments @@ -108,7 +108,7 @@ F2(int main,{my code},{more code}) #### Result -``` +```c 2,3,4,5 1 @@ -116,7 +116,7 @@ F2(int main,{my code},{more code}) int main ``` -<!-- ####################################################################### --> + ## Define struct with macros Lets move to some more practical example lets just define macro that going to @@ -172,7 +172,6 @@ struct add {int a; int b;};; struct dirst {int c; ;};; ``` -<!-- ####################################################################### --> ## Detect number of arguments There is one trick that can be used to detect number of arguments passed to @@ -222,12 +221,12 @@ F(1,2,3,4,5) 5 ``` -<!-- ####################################################################### --> + ## Variable argument macro match macro according number of arguments Detect number of arguments and match macro according to number of arguments -``` +```c #define FUN3(X1,X2,X3,...) "there is 3" #define FUN2(X1,X2,...) "there is 2" #define FUN1(X1,...) "there is 1" @@ -237,14 +236,14 @@ Detect number of arguments and match macro according to number of arguments ``` #### Source -``` +```c FUN(add,int a,int b); FUN(mul,int a,int b,int c); FUN(div,int a); ``` #### Result -``` +```c void add ( "there is 2"); void mul ( "there is 3"); void div ( "there is 1"); @@ -257,7 +256,7 @@ void div ( "there is 1"); Best part of it that it can match also typdefed structures. So now macroses can contain typechecking -``` +```c #define type_str(T) _Generic( (T), int: "int",\ long: "long",\ A: "A",\ @@ -287,7 +286,7 @@ int main() #### Result -``` +```block long int A @@ -305,7 +304,7 @@ default: "UNK UNK" ) ``` #### Source -``` +```c typedef struct A { @@ -336,7 +335,7 @@ int int A A ``` ### Generic printf -``` +```c #define FF "%f " #define FS "%s " #define FD "%d " @@ -355,7 +354,7 @@ A A ``` #### Source -``` +```c int main() { A a; @@ -372,7 +371,7 @@ int main() #### Result -``` +```bash 1 2.000000 3 4 big float 0.010000 diff --git a/md/writeup/calculate_fir_coefficients_with_c.md b/md/writeup/calculate_fir_coefficients_with_c.md index 5e643a6..8d31cb0 100644 --- a/md/writeup/calculate_fir_coefficients_with_c.md +++ b/md/writeup/calculate_fir_coefficients_with_c.md @@ -292,14 +292,14 @@ title("my coef freqz"); Snippet code is located at [http://git.main.lv/cgit.cgi/code-snippets.git/tree/fir1](http://git.main.lv/cgit.cgi/code-snippets.git/tree/fir1) to compile get and compile code run -``` +```bash git clone http://git.main.lv/cgit.cgi/code-snippets.git cd code-snippets/fir1 make ``` run program -``` +```bash ./simple_fir ``` diff --git a/md/writeup/compile_linux_kernel.md b/md/writeup/compile_linux_kernel.md index a373caf..2724736 100644 --- a/md/writeup/compile_linux_kernel.md +++ b/md/writeup/compile_linux_kernel.md @@ -8,7 +8,7 @@ To get main repo kernel Default kernel is located here -``` +```sh git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git ``` @@ -34,7 +34,7 @@ Easyes way startup config is just to get whatever you running now. If you hw wor with current distro then use current kernel config its is stored in procfs _/proc/config.gz_. Lets go to our kernel repo and do -``` +```sh zcat /proc/config.gz > .config ``` now you are ready to compile kernel that will work at begining @@ -51,19 +51,19 @@ And you will able to run your stuff only with staticly compiled kernel without l List all loaded modules -``` +```sh lsmod ``` See all conntected USB devices -``` +```sh lsusb ``` See all PCI devices and modules that they are using -``` +```sh lspci -k ``` @@ -72,14 +72,14 @@ This bare minimum of command that you whant to run to start modifing your kernel ## Compiling Run to configure kernel -``` +```sh make menuconfig ``` config is saved in _.config_ file. And now we are ready to compile our first kernel -``` +```sh make ``` @@ -91,19 +91,19 @@ It depends from distro to distro expected way how to install new/fresh/clean ker Install modules. They all will go /lib/modules/`your kernel version` -``` +```sh make modules_install ``` Compy compiled kernel to boot directory -``` +```sh cp -v arch/x86_64/boot/bzImage /boot/vmlinuz-linux318 ``` Create initram image -``` +```sh mkinitcpio -k <kernelversion> -g /boot/initramfs-<file name>.img ``` @@ -125,7 +125,7 @@ https://grsecurity.net/ Latest patches could be downloaded from https://grsecurity.net/download.php#test Apply patch -``` +```sh cd linux-4.7.10 patch -p1 < ../grsecurity-3.1-4.7.10-201610222037.patch ``` diff --git a/md/writeup/compile_python.md b/md/writeup/compile_python.md index 2acbb1e..13b6446 100644 --- a/md/writeup/compile_python.md +++ b/md/writeup/compile_python.md @@ -20,7 +20,7 @@ admin permissions then its probably one way to go. ### Download -``` +```bash wget -c https://www.python.org/ftp/python/$(VERSION)/Python-$(VERSION).tgz tar -xvf Python-$(VERSION).tgz ``` @@ -29,7 +29,7 @@ tar -xvf Python-$(VERSION).tgz Set flags to make python compiled as static -``` +```bash ./configure LDFLAGS="-static -static-libgcc" CPPFLAGS="-fPIC -static" --disable-shared --prefix=/custom/install/path ``` @@ -46,7 +46,7 @@ Here example file used ### Compile -``` +```bash make ``` @@ -57,14 +57,14 @@ configured installed path. -``` +```bash make install ``` Later on set env variables to point to correct location of custom installed python so can import all modules from correct location -``` +```bash PYTHONPATH=/custom/output/lib PYTHONHOME=/custom/output ``` @@ -76,7 +76,7 @@ PYTHONHOME=/custom/output ### Configure Set flags to make python compiled as static -``` +```bash ./configure LDFLAGS="-static -static-libgcc" CPPFLAGS="-fPIC -static" --disable-shared --prefix=/custom/install/path ``` @@ -106,7 +106,7 @@ Did work by default without any changes Disabled this modules to make it compile -``` +```bash _socket _posix pwd @@ -116,13 +116,14 @@ dl Got alot of linking warnings but did worked and installed at the end. Selftest failed on: -``` +```bash 0:01:10 load avg: 0.85 [119/404/14] test_email make: *** [Makefile:884: test] Segmentation fault ``` ### Centos6 Needed to disable modules in Modules/Setup to make it compile + ``` _socket _posix @@ -131,7 +132,7 @@ dl ``` Gcc suggested to use this options -``` +```bash -pie -fPIC ``` @@ -147,7 +148,7 @@ Here is located compilation snippet that used to test static compilation Clone it, goto python directory #### Python2 -``` +```bash make download cp py2/Setup Python-2.X.X/Modules/Setup make configure @@ -158,7 +159,7 @@ make install Output is in **output** directory #### Python3 -``` +```bash make download3 cp py3/Setup Python-3.X.X/Modules/Setup make configure3 diff --git a/md/writeup/cve_2010_1160_exploiting_nano.md b/md/writeup/cve_2010_1160_exploiting_nano.md index fa27c0b..9124aab 100644 --- a/md/writeup/cve_2010_1160_exploiting_nano.md +++ b/md/writeup/cve_2010_1160_exploiting_nano.md @@ -15,7 +15,7 @@ this bug works on < 2.1.7 versions now on my system is latest nano version and I have compiled many < 2.1.7 versions to test this bug. To get your nano version run: -``` +```sh $ nano -V ``` @@ -31,13 +31,13 @@ How to use it in real life: 4) See result in symlinked file Everything looks like -``` +```sh $nano text.txt `` Now some one do: -``` +```sh $ls -s empty.txt text.txt ``` @@ -70,7 +70,7 @@ Script is only for user and dont work if you try to symlink root opened nano. It makes all steps as described above. Change script variables for your tests: -``` +```text debug = True nano = "nano-2.0.9" user = "user" diff --git a/md/writeup/datamatch.md b/md/writeup/datamatch.md index 3d0d9e9..874db87 100644 --- a/md/writeup/datamatch.md +++ b/md/writeup/datamatch.md @@ -11,7 +11,7 @@ about that ### Print about position in file Here how looks scripts to bookmark some position -``` +```text 0x01 "byte one" 0x02 "byte two" ``` @@ -22,7 +22,7 @@ This could be used to bookmark stuff in files Here is example where output will tell if its 32/64bit file and with kind of file type it is relocatable/executable/shared/core elf. -``` +```text 0x0-0x3 "magic number" 0x4 @@ -43,7 +43,7 @@ file type it is relocatable/executable/shared/core elf. just make should work -``` +```sh make ``` @@ -52,13 +52,13 @@ should work fine as ragel generated *.c file is allready included ## Source -``` +```sh git clone http://git.main.lv/cgit.cgi/dm.git ``` or -``` +```sh git clone https://github.com/FreeArtMan/dm.git ``` diff --git a/md/writeup/devices/samsung_xe303c12.md b/md/writeup/devices/samsung_xe303c12.md index 12d260e..c61147c 100644 --- a/md/writeup/devices/samsung_xe303c12.md +++ b/md/writeup/devices/samsung_xe303c12.md @@ -41,7 +41,7 @@ you boot, or wait 30 seconds to continue booting. 2. Type shell to get into a bash shell. 3. Type sudo su to become root. 4. Then type this to enable USB booting: -``` +```text crossystem dev_boot_usb=1 dev_boot_signed_only=0 ``` 5. Reboot the system to allow the change to take effect. @@ -52,11 +52,11 @@ These instructions are written for installing to a USB drive with the sda device 1. Get a root shell as described in the previous section. 2. Since ChromeOS will automatically mount any partitions it finds, unmount everything now: -``` +```sh umount /dev/sda* ``` 3. Start fdisk to create a GPT partition table: -``` +```sh fdisk /dev/sda ``` 4. At the fdisk prompt: @@ -64,12 +64,12 @@ fdisk /dev/sda 4.2. Write the partition table and exit by typing w. 5. Partition the micro SD card: -``` +```sh cgpt create /dev/sda cgpt add -i 1 -t kernel -b 8192 -s 32768 -l Kernel -S 1 -T 5 -P 10 /dev/sda ``` 6. To create the rootfs partition, we first need to calculate how big to make the partition using information from cgpt show. Look for the number under the start column for Sec GPT table which is 15633375 in this example: -``` +```text localhost / # cgpt show /dev/sda start size part contents 0 1 PMBR @@ -83,19 +83,19 @@ cgpt add -i 1 -t kernel -b 8192 -s 32768 -l Kernel -S 1 -T 5 -P 10 /dev/sda 15633407 1 Sec GPT header ``` 7. Replace the xxxxx string in the following command with that number to create the root partition: -``` +```sh cgpt add -i 2 -t data -b 40960 -s `expr xxxxx - 40960` -l Root /dev/sda ``` 8. Tell the system to refresh what it knows about the disk partitions: -``` +```sh sfdisk -R /dev/sda ``` 9. Format the root partition: -``` +```sh mkfs.ext4 /dev/sda2 ``` 10. Download and extract rootfs tarball: -``` +```sh cd /tmp wget http://archlinuxarm.org/os/ArchLinuxARM-peach-latest.tar.gz mkdir root @@ -103,18 +103,18 @@ mount /dev/sda2 root tar -xf ArchLinuxARM-peach-latest.tar.gz -C root ``` 11. Flash the kernel to the kernel partition: -``` +```sh dd if=root/boot/vmlinux.kpart of=/dev/sda1 ``` 12. Unmount the root partition: -``` +```sh umount root sync ``` 13. Reboot the computer. 14. At the splash screen, instead of pressing Ctrl-D to go to CromeOS, press Ctrl-U to boot to the external drive. 15. After logging in as root (password is "root"), you can connect to a wireless network by running: -``` +```sh wifi-menu ``` diff --git a/md/writeup/dsp_lp_filter.md b/md/writeup/dsp_lp_filter.md index 856c44b..e54b73a 100644 --- a/md/writeup/dsp_lp_filter.md +++ b/md/writeup/dsp_lp_filter.md @@ -17,13 +17,13 @@ If you just use filter as a function then main params is how good are your filte ### Draw first filter characteristics -``` +```matlab fir1([filter order],[cutoff freq]) ``` Draw in Octave simple 40th order filter, as in Octave example -``` +```matlab freqz (fir1 (40, 0.3)); ``` @@ -48,7 +48,7 @@ Let's create some signal from couple of frequencies, like ![source signal fft](/img/dsp_lp_filter/signal_pre_fft.png) __Programm__ -``` +```matlab Fs = 2000; t = 0:1/Fs:1-1/Fs; @@ -77,7 +77,7 @@ Lets filter out with cut-off frequency 1000kHz. Should get rid of ![output signal fft](/img/dsp_lp_filter/signal_post_fft.png) -``` +```matlab %filter %sampling frequency Fs = length(x); @@ -222,7 +222,7 @@ int main(int argc, char **argv) ## Using program -``` +```bash ./lpf1 1.0 0.0 0.0 0.0 0.0 -0.004438 -0.004184 0.013018 0.074663 0.172021 ``` diff --git a/md/writeup/elf_rewrite_function.md b/md/writeup/elf_rewrite_function.md index b507213..9cc29c1 100644 --- a/md/writeup/elf_rewrite_function.md +++ b/md/writeup/elf_rewrite_function.md @@ -31,7 +31,7 @@ position detection function. If there would be data that will used in replaced function than need detect position of that data. For example we will use -``` +```asm mov eax, sys_call ;we will use SYS_WRITE = 5 mov ebx, output_id ; output on terminal is STDOUT 1 mov ecx, pointer_to_msg @@ -41,14 +41,14 @@ int 80h if this was ordinary situation then define: -``` +```asm msg db "Hello",10 msg_size = $-msg ``` and our code becomes -``` +```asm mov eax, SYS_WRITE mov ebx, STDOUT mov ecx, msg @@ -60,13 +60,13 @@ but how to know position of msg if you dont know position where function will placed?Use function get_it and you will know current instruction position. And it will next instruction after -``` +```asm call get_ip ``` Our code becomes -``` +```asm call get_ip ;calling and detecting eip saved_ip: ;position that will be saved jmp get_ip_end ;jump over function @@ -93,7 +93,7 @@ hex 0x90 translates in nop instruction. nop is No OPeration instruction. And function does nothing.Function fun() contains -``` +```asm push ebp mov ebp, esp start_overwrite_here: @@ -113,7 +113,7 @@ on function size that way when overwriting can be problems if binary code size is larger then function size.Start function overwriting at position (&fun+3) with memcpy() -``` +```asm push ebp mov ebp, esp start_overwrite_here: @@ -129,7 +129,7 @@ ret Wuala function after enabling segment can be overwritten. Here is used previous experienced we have mega trick with function replacement. Compile: -``` +```sh make ``` diff --git a/md/writeup/elf_text_section.md b/md/writeup/elf_text_section.md index 60b8d58..a35c423 100644 --- a/md/writeup/elf_text_section.md +++ b/md/writeup/elf_text_section.md @@ -23,11 +23,11 @@ Code: Source includes two tests for both functions.I have not tested both functions very whell. That whay there can be some error.I have used used that for proving concept. And have checked result with -``` +```sh test1 ``` and -``` +```sh readelf -l simple ``` diff --git a/md/writeup/embedding_lua_in_c.md b/md/writeup/embedding_lua_in_c.md index ee875ae..7dea533 100644 --- a/md/writeup/embedding_lua_in_c.md +++ b/md/writeup/embedding_lua_in_c.md @@ -58,7 +58,7 @@ int module_getone(lua_State *L) and easy to compile if needed. -``` +```sh gcc -c module.c gcc module.o main.c -o main -llua ``` diff --git a/md/writeup/fpu_catch_division_by_zero.md b/md/writeup/fpu_catch_division_by_zero.md index a27cd75..417abc2 100644 --- a/md/writeup/fpu_catch_division_by_zero.md +++ b/md/writeup/fpu_catch_division_by_zero.md @@ -44,7 +44,7 @@ void exception_handler(int i, siginfo_t *s, void *v ) ``` Compilation is easy: -``` +```sh gcc sigfpe.c -o sigfpe -lm ``` Now it will no so big problem when some error occur to properly exit diff --git a/md/writeup/gcc_inline_assembly.md b/md/writeup/gcc_inline_assembly.md index 06db7dd..808268c 100644 --- a/md/writeup/gcc_inline_assembly.md +++ b/md/writeup/gcc_inline_assembly.md @@ -8,7 +8,7 @@ it lets do it here for wisdom of internet. ## Inline assembly syntax -``` +```c asm [volatile] ( AssemblerTemplate : OutputOperands @@ -101,7 +101,7 @@ Table of AMD64 register names ### AMD64 Add two numbers -``` +```c int32_t a=1,b=2,c=-1; asm( "movl %1, %0\n\t" @@ -114,12 +114,12 @@ __a__,__b__ - use regisers and save result __c__ to register, make to use for __c__ same register by mentioning "0" in clobber register __Output__ -``` +```text movl %edx, %edx addl %ecx, %edx ``` -``` +```c int32_t a=1,b=2,c=-1; asm( "movl %1, %0\n\t" @@ -130,14 +130,14 @@ asm( ``` __Output__ -``` +```text movl -4(%rbp), %edx addl -8(%rbp), %edx ``` ### AMD64 Call linux syscall mmap with inline asm -``` +```c long sys_mmap(unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long fd, unsigned long off) { long ret; @@ -159,7 +159,7 @@ Put result of execution to __ret__, all paramters in memory ### Intel random number with RDRAND -``` +```c uint64_t get_hw_rand() { uint64_t ret; @@ -189,7 +189,7 @@ uint64_t get_hw_rand() Inline assembler for GCC by default uses AT&T syntax. There is possible to turn on/off intel syntax. -``` +```c asm(".intel_syntax noprefix"); asm("mov eax, 1"); asm(".att_syntax prefix"); diff --git a/md/writeup/h64e.md b/md/writeup/h64e.md index 6b6c320..a74a132 100644 --- a/md/writeup/h64e.md +++ b/md/writeup/h64e.md @@ -22,7 +22,7 @@ more stuff will be added if there will be some nice use cases. ### Usual dump -``` +```sh ./h64d -l 16 /dev/urandom ``` <pre> @@ -31,7 +31,7 @@ a8af99260cce4d51e725b0471b7f3766 ### Ascii and hexdata -``` +```text ./h64d -l 128 -a /dev/urandom ``` <pre> @@ -47,7 +47,7 @@ fd9d74b944c885ac5c3b5f7df9320d83..t.D...\;_}.2.. ### Hex seperated -``` +```sh ./h64d -l 128 -i /dev/urandom ``` @@ -64,7 +64,7 @@ c5 79 fc 96 d0 41 f9 4c 00 18 1b ea 5a a6 2f 1c ### Seperated hex and characters -``` +```sh ./h64d -l 128 -a -i /dev/urandom ``` <pre> @@ -80,7 +80,7 @@ db cb 4d 17 a6 16 99 a7 51 b2 b8 3d 14 c7 aa 71 ..M.....Q..=...q ### Offset,hex,ascii output -``` +```sh ./h64d -l 128 -b -i -a /dev/urandom ``` <pre> @@ -103,7 +103,7 @@ db cb 4d 17 a6 16 99 a7 51 b2 b8 3d 14 c7 aa 71 ..M.....Q..=...q ## Source -``` +```sh git clone http://git.main.lv/cgit.cgi/h64.git ``` @@ -111,7 +111,7 @@ git clone http://git.main.lv/cgit.cgi/h64.git just -``` +```sh make ``` diff --git a/md/writeup/hooking_interrupt_descriptor_table.md b/md/writeup/hooking_interrupt_descriptor_table.md index a1c8349..0704da2 100644 --- a/md/writeup/hooking_interrupt_descriptor_table.md +++ b/md/writeup/hooking_interrupt_descriptor_table.md @@ -1,8 +1,7 @@ title:X11 prototype GUI keywords:x11,gui -Hooking interrupt descriptor table -Hook interrupt descriptor table +# Hooking interrupt descriptor table Hooking interrupt table is very interesting thing with it you can dissallow some operations to be made or watch what @@ -104,8 +103,8 @@ This is tested with kernel version 2.6.38 ## Links -http://codenull.net/articles/kmh_en.html -http://www.gadgetweb.de/linux/40-how-to-hijacking-the-syscall-table-on-latest-26x-kernel-systems.html +1. http://codenull.net/articles/kmh_en.html +2. http://www.gadgetweb.de/linux/40-how-to-hijacking-the-syscall-table-on-latest-26x-kernel-systems.html ## Downloads hook_idt.zip - diff --git a/md/writeup/ihe.md b/md/writeup/ihe.md index 1bce43f..fa647f5 100644 --- a/md/writeup/ihe.md +++ b/md/writeup/ihe.md @@ -27,6 +27,8 @@ Should be easy to use in practice. But not yet. | *pwd* | like pwd | | *cd* | like cd | | *help* | show avaliable commands | +| *pageup* | move one file block up | +| *pagedown* | move one file block down | ## Features diff --git a/md/writeup/kconf2h.md b/md/writeup/kconf2h.md index a90ee04..d8ae040 100644 --- a/md/writeup/kconf2h.md +++ b/md/writeup/kconf2h.md @@ -50,13 +50,13 @@ doesnt support anything else except yes/no ## Source -``` +```sh git clone http://git.main.lv/cgit.cgi/kconfig2h.git ``` or -``` +```sh git clone https://github.com/FreeArtMan/kconfig2h.git ``` @@ -64,7 +64,7 @@ git clone https://github.com/FreeArtMan/kconfig2h.git just -``` +```sh make ``` diff --git a/md/writeup/kconfig2h_utility.md b/md/writeup/kconfig2h_utility.md index 11db1fe..b637670 100644 --- a/md/writeup/kconfig2h_utility.md +++ b/md/writeup/kconfig2h_utility.md @@ -8,7 +8,7 @@ with kconfig utility mconf. Developed to use "make menuconfig" with home projects. Using ragel to generate parser of Kconfig file. ## USE: -``` +```sh ./kconfig .config config.h ``` diff --git a/md/writeup/kernel_debug_messages.md b/md/writeup/kernel_debug_messages.md index 02b6fe8..1ff8854 100644 --- a/md/writeup/kernel_debug_messages.md +++ b/md/writeup/kernel_debug_messages.md @@ -30,7 +30,7 @@ Here is defintions of log levels from __include/linux/kern_levels.h__ As we can see kernel printk level is detemined from first bytes from begining of printed string. Basic usage of log level -``` +```c printk(KERN_ERR"Error division by 0\n"); ``` @@ -40,11 +40,11 @@ No need to write comma after log level as it will just concatenated with string. ## Set loging level To see messages in userspace you can use -``` +```sh dmesg ``` Loged messages you can see in __/proc/sys/kernel/printk__ -``` +```sh $ cat /proc/sys/kernel/printk 7 4 1 7 ``` @@ -56,7 +56,7 @@ Column values are If one does not specify the log level then the default log level of KERN_WARNING is used. For example, enable all levels of console message: -``` +```sh echo 7 > /proc/sys/kernel/printk ``` @@ -70,13 +70,13 @@ Timing information could be added to printk messages you need to enable in menuconfig __Kernel Hacking > printk and dmesg options >__ -``` +```sh CONFIG_PRINTK_TIME=y ``` ### Loglevel at kernel boot There is possible to set loglevel at bootup as kernel parametr -``` +```sh loglevel= ``` | Value | Name | Desc | diff --git a/md/writeup/kernel_dev_hwrng.md b/md/writeup/kernel_dev_hwrng.md index d632652..5c43b92 100644 --- a/md/writeup/kernel_dev_hwrng.md +++ b/md/writeup/kernel_dev_hwrng.md @@ -24,20 +24,20 @@ builtin random generator and instruction __rdrand__. Hardware random generator have own entry inside sysfs lets check _/sys/class/misc/hw_random/ -``` +```bash $ls /sys/class/misc/hw_random/ dev power rng_available rng_current subsystem uevent ``` Check available hwrng modules -``` +```bash $cat /sys/class/misc/hw_random/rng_available zero-rng ``` Check currently running hwrng module -``` +```bash $cat /sys/class/misc/hw_random/rng_current zero-rng ``` @@ -56,7 +56,7 @@ $cat /dev/urandom | rngtest -t 5 ``` _Program output_ -``` +```sh rngtest: starting FIPS tests... rngtest: bits received from input: 462500032 rngtest: FIPS 140-2 successes: 23108 @@ -161,19 +161,19 @@ MODULE_AUTHOR("Internet User"); Rng module depends on rng-core module -``` +```sh modprobe rng-core ``` then load our module -``` +```sh insmode zero_rng.ko ``` check if everything is properly loaded -``` +```sh $lsmod | grep rng zero_hwrng 16384 0 rng_core 16384 1 zero_hwrng @@ -183,7 +183,7 @@ rng_core 16384 1 zero_hwrng Lets test how our stuff works -``` +```sh $ dd if=/dev/hwrng of=/tmp/random bs=1024 count=32 32+0 records in 32+0 records out @@ -195,7 +195,7 @@ $ hexdump /tmp/random ``` As we can see all data that we get is just zeros lets check it with rng-tools -``` +```sh $ cat /tmp/random | rngtest -t 5 rngtest 5 Copyright (c) 2004 by Henrique de Moraes Holschuh @@ -224,7 +224,7 @@ Lets assume that we are running this code on Intel arch and it supports _rdrand_ instruction for random generation. -``` +```c void get_hw_rand2(uint8_t *mem) { int i=0; @@ -237,7 +237,7 @@ void get_hw_rand2(uint8_t *mem) Lets replace intel_rng_read function with our naive implementation of _rdrand_ -``` +```c static int intel_rng_read(struct hwrng *rng, void *data, size_t max, bool wait) { int i; @@ -264,27 +264,27 @@ static int intel_rng_read(struct hwrng *rng, void *data, size_t max, bool wait) Verify that our module loaded -``` +```sh $ cat /sys/class/misc/hw_random/rng_available zero-rng intel-rng ``` Check with module are currently used -``` +```sh $ cat /sys/class/misc/hw_random/rng_current zero-rng ``` if not our module set lets set it -``` +```sh $ echo "intel-rng" > /sys/class/misc/hw_random/rng_current ``` check if its current module used -``` +```sh $ cat /sys/class/misc/hw_random/rng_current intel-rng ``` diff --git a/md/writeup/kernel_hello_world.md b/md/writeup/kernel_hello_world.md index f85af45..5f1e7e6 100644 --- a/md/writeup/kernel_hello_world.md +++ b/md/writeup/kernel_hello_world.md @@ -8,7 +8,7 @@ Compile minimal linux kernel module. You need to create to files __Makefile__ and __hello_world.c__. __Makefile__ -``` +```Makefile obj-m += hello_world.o KDIR ?= /lib/modules/$(shell uname -r)/build @@ -22,7 +22,7 @@ clean: __hello_world.c__ -``` +```c //http://www.tldp.org/LDP/lkmpg/2.4/html/c147.htm #include <linux/module.h> /* Needed by all modules */ #include <linux/kernel.h> @@ -46,10 +46,10 @@ MODULE_LICENSE("GPL"); -##Compile +## Compile Now if you havent done so ... install kernel headers of kernel that your system have now. And everything should be there. -``` +```sh make ``` diff --git a/md/writeup/linux_antidebug_5.md b/md/writeup/linux_antidebug_5.md index fc71e6e..f4007ac 100644 --- a/md/writeup/linux_antidebug_5.md +++ b/md/writeup/linux_antidebug_5.md @@ -46,7 +46,7 @@ twice of average 120000 if execution time is larger then probably it is debuged. ## Compile -``` +```sh make ``` diff --git a/md/writeup/linux_format_string_attack.md b/md/writeup/linux_format_string_attack.md index cbffe87..2a289e1 100644 --- a/md/writeup/linux_format_string_attack.md +++ b/md/writeup/linux_format_string_attack.md @@ -6,7 +6,7 @@ Format string attack is attack for C formated strings. Format string function is prinrf() there are other functions that support format string.C code for bad used printf(): -``` +```c int main( int argc, char **argv ) { static int i = 0; @@ -26,12 +26,12 @@ then watching value if i Run: -``` +```sh ./e1 'Halolo' ``` Output: -``` +```text 08049674 No way it never will works because value of i=0 Halolo @@ -39,7 +39,7 @@ Value of i=0 ``` Run: -``` +```sh ./e1 'Halolo%s' ``` @@ -51,12 +51,12 @@ Value of i=0 ``` Run: -``` +```sh ./e1 $'\x74\x96\x04\x08_%x' ``` Output: -``` +```text 08049674 No way it never will works because value of i=0 t?_0 @@ -66,13 +66,13 @@ Value of i=0 Read about %n in format string: Run: -``` +```sh ./e1 $'\x74\x96\x04\x08_%x_%n' ``` Output: -``` +```text 08049674 No way it never will works because value of i=0 Segmentation fault @@ -80,12 +80,12 @@ Segmentation fault Run: -``` +```sh ./e1 $'\x74\x96\x04\x08_%x_%x_%x_%x_%x_%n' ``` Output: -``` +```text 08049674 No way it never will works because value of i=0 t?_0_8_40_4_4_ @@ -94,12 +94,12 @@ Value of i=16 Run: -``` +```sh ./e1 $'\x74\x96\x04\x08_%x_%x_%x_%x_%.1201x_%n' ``` Output: -``` +```text 08049674 No way it never will works because value of i=0 t?_0_8_40_4_000000000000000000000000000000000000000000000000000000000000000000000000000000 diff --git a/md/writeup/linux_local_descriptor_table.md b/md/writeup/linux_local_descriptor_table.md index 5a8c571..b3dc8f1 100644 --- a/md/writeup/linux_local_descriptor_table.md +++ b/md/writeup/linux_local_descriptor_table.md @@ -6,7 +6,7 @@ Is 32bit Intel ELF 0x80**** adreeses is default? nope. You can setup your own. Compiler will not see thembut you can do it. Setup LDT and you will see it. -``` +```asm use32 mov dword [0] ,"Hall" mov dword [4] ,"Ball" @@ -16,7 +16,7 @@ mov dword [12],0x00000000 yes everything starts from 0x0 -``` +```c #include <stdlib.h> #include <stdio.h> @@ -70,12 +70,12 @@ int main() } ``` -``` +```c asm(".byte ... ") // is code.bin ``` Compile: -``` +```sh fasm code.asm code.bin gcc main.c -o main diff --git a/md/writeup/linux_shellcode.md b/md/writeup/linux_shellcode.md index 083a817..ee582f0 100644 --- a/md/writeup/linux_shellcode.md +++ b/md/writeup/linux_shellcode.md @@ -13,12 +13,12 @@ xor ebx, ebx int 80h ``` -``` +```sh fasm code.asm code.bin ``` bin2hex output: -``` +```text \x31\xc0\x40\x31\xdb\xcd\x80 ``` @@ -34,11 +34,11 @@ int main() printf("Nope it not working\n"); } ``` -``` +```sh gcc main.c -o main ``` run -``` +```sh ./main ``` nothing happens. That exactly that code do exits from programm diff --git a/md/writeup/makefile_tips.md b/md/writeup/makefile_tips.md index eee99a1..e9c8077 100644 --- a/md/writeup/makefile_tips.md +++ b/md/writeup/makefile_tips.md @@ -5,7 +5,7 @@ keywords:makefile Makefile working tips. Usual simple makefile looks like this: -``` +```Makefile make: gcc main.c -o main ``` @@ -13,7 +13,7 @@ make: but when your project grows and you use more files it becomes like this: -``` +```Makefile make: gcc -O2 -c file1.c gcc -O2 -c file2.c @@ -31,7 +31,7 @@ makefile and it works. Usually everyone prefer one compiler. And time to time only check if code compiles with other compilers. -``` +```Makefile CC=gcc make: $(CC) -O2 -c file1.c @@ -44,7 +44,7 @@ make: Every project have unique name and you also would like to change it if there is need. -``` +```Makefile PROJECT=project CC=gcc make: @@ -58,7 +58,7 @@ make: Usual problem is when some compiling flags causes problems and you need to change every single entry in file. -``` +```Makefile PROJECT=project CC=gcc CFLAGS=-O2 @@ -81,7 +81,7 @@ at least 2 lined in makefile. One of they ways how to reduce number of files edited is to add new variable where all files is listed: -``` +```Makefile PROJECT=project CC=gcc CFLAGS=-O2 @@ -103,7 +103,7 @@ Here was added file auto-matching for *.c files to make them *.o Last thing to add is auto match all *.c in directory. -``` +```Makefile PROJECT=project CC=gcc CFLAGS=-O2 @@ -123,7 +123,7 @@ Now project makefile can be easily copied and with changing only one variable value everything should be OK To run any makefile: -``` +```sh make -f makefile_name.mk ``` diff --git a/md/writeup/making_c_executables_smaller.md b/md/writeup/making_c_executables_smaller.md index 1fb5341..6b50516 100644 --- a/md/writeup/making_c_executables_smaller.md +++ b/md/writeup/making_c_executables_smaller.md @@ -27,13 +27,13 @@ int main() ``` Compile: -``` +```sh gcc main.c -o main -lSDL ``` Size before: 5326 bytes Execute command: -``` +```sh strip main ``` @@ -50,7 +50,7 @@ ELF kickers[2] webpage. Execute command: -``` +```bash sstrip main ``` @@ -62,7 +62,7 @@ GC Masher[3] Allows to brute force gcc options for smaller executable size. I where using this options for gcsmaher -``` +```text -O -O0 -O1 -O2 -O3 -Os -ffast-math -fomit-frame-pointer @@ -96,7 +96,7 @@ a=/tmp/I;tail -n+2 $0|zcat>$a;chmod +x $a;$a;rm $a;exit Best options and smallest size now is 563 byte. Nope this is not smallest size try to rename executable name to one symbol and you will get 4 extra bytes. -``` +```bash gcc -Os -ffast-math -fomit-frame-pointer -fauto-inc-dec -mpush-args -mno-red-zone -c small.c; ld -dynamic-linker /lib/ld-linux.so.2 small.o /usr/lib/libSDL.so -o small; diff --git a/md/writeup/multiboot_usb_drive.md b/md/writeup/multiboot_usb_drive.md index 9d0cb2e..9fa82bc 100644 --- a/md/writeup/multiboot_usb_drive.md +++ b/md/writeup/multiboot_usb_drive.md @@ -11,31 +11,31 @@ run any you need it will save you some time. Using _fdisk_ to delete/create new partitions on USB drive -``` +```sh mkfs.vfat /dev/sdb1 ``` mount drivet to current pc -``` +```sh mount /dev/sdb1 /mnt/flash0 ``` create dire where will be grub files and grub menu config file -``` +```sh mkdir /mnt/flash0/boot ``` install grub, but you can install also 64bit grub if there is need -``` +```sh grub-install --target=i386-pc --recheck --boot-directory=/mnt/flash0/boot /dev/sdb ``` check with id have usb drive -``` +```sh blkid /dev/sdb1 /dev/sdb1: UUID="D49E-18CC" TYPE="vfat" PARTUUID="5f55bd3d-01" ``` @@ -45,7 +45,7 @@ blkid /dev/sdb1 Some manuals have outdatet filesystem layouts and there is need to investigate current layout by hand. And you need to mount ISO files. -``` +```sh mount -o loop /home/fam/downloads/iso/ubuntu-14.04.3-desktop-i386.iso /mnt/flash0 ``` @@ -60,7 +60,7 @@ your own compiled kernel *boot/grub/grub.cfg* -``` +```sh ## Begin /boot/grub/grub.cfg set default=1 set timeout=5 diff --git a/md/writeup/openwrt_dependency_graph_drawing.md b/md/writeup/openwrt_dependency_graph_drawing.md index 49a5b80..f36e418 100644 --- a/md/writeup/openwrt_dependency_graph_drawing.md +++ b/md/writeup/openwrt_dependency_graph_drawing.md @@ -15,7 +15,7 @@ system design. *.ipk files are tar.gz archives and can be renamed as *.tar.gz and opened with GUI or in terminal: -``` +```sh tar -xvf package.ipg ``` @@ -32,7 +32,7 @@ Here tree based on OpenWRT git commit of 24 May 2013 How to use script, first parametr of script is directory where is all OpenWrt package files usualy it is under -``` +```text openwrt-trunk/ bin/ platform-name/ @@ -42,7 +42,7 @@ openwrt-trunk/ To use type -``` +```sh deptree.py system-path/openwrt-trunk/bin/platform-name/packages ``` @@ -50,14 +50,14 @@ deptree.py system-path/openwrt-trunk/bin/platform-name/packages Output files comes in same directory where script where lunched generated file name is: -``` +```text deptree.dot ``` now convert dot file to pdf, psd, png: -``` +```sh dot -Tps $(NAME).dot -o graph1.ps dot -Tpdf $(NAME).dot -o graph1.pdf dot -Tpng $(NAME).dot -o graph1.png @@ -75,7 +75,7 @@ image is little bit cleaner Rules with dependecies where removed: -``` +```text if (A depends on [B,C] and B depends on [C]) and there is (edges A->B->C and A->C) then dependency C can be removed from A diff --git a/md/writeup/qemu_usage.md b/md/writeup/qemu_usage.md index 97dbc09..3280cd2 100644 --- a/md/writeup/qemu_usage.md +++ b/md/writeup/qemu_usage.md @@ -16,19 +16,19 @@ qemu-system-i386 -cdrom _iso_image_ -boot order=d _qemu_image_ ### Setting up memory -``` +```bash -m 512 ``` ### Setting up network card -``` +```bash -net nic ``` ### Setting up tun device -``` +```bash brctl addbr tun0 iw dev wlp3s0 set 4addr on brctl addif tun0 wlp3s0 diff --git a/md/writeup/radiola.md b/md/writeup/radiola.md index 065f117..b0edc61 100644 --- a/md/writeup/radiola.md +++ b/md/writeup/radiola.md @@ -16,13 +16,13 @@ is possible to demodulate wbfm and listen to radio stations. ## Source -``` +```sh git clone http://git.main.lv/cgit.cgi/radiola.git ``` or -``` +```sh https://github.com/FreeArtMan/radiola.git ``` @@ -30,12 +30,12 @@ https://github.com/FreeArtMan/radiola.git For Linux should work out of the box with NetBSD needed some small tweaks. -``` +```sh make ``` for NetBSD (or any other *BSD, MacOS could work as well) just try -``` +```sh make bsd ```
\ No newline at end of file diff --git a/md/writeup/rtlsdr_usage.md b/md/writeup/rtlsdr_usage.md index b6e0eed..70f00f7 100644 --- a/md/writeup/rtlsdr_usage.md +++ b/md/writeup/rtlsdr_usage.md @@ -2,6 +2,7 @@ title:Using RTLSDR keywords:linux,rtlsdr,gqrx # RTLSDR usage + ## Setup rtlsdr @@ -9,10 +10,10 @@ By rtlsdr usually call RTL2832U chip based tv-tunners which can be used for not just receiving DVB-T frequencies but much more and yes price is ~$10 it mean that anyone can just buy and try without "loosing" money. None of examples below requires any modifications -or extra hardware to run. +or extra hardware to run. -As of 2022 the version r820t2 that is commonly available. +As of 2022 the version r820t2 that is commonly available. ### Get sources @@ -22,27 +23,27 @@ on github you can find more repos with experimental features (https://github.com/keenerd/rtl-sdr). Getting sources from git: -``` +```sh git clone git://git.osmocom.org/rtl-sdr.git ``` I prefer using plain binaries without any kind of installation. Just compile and use binary without any troubles. Build: ```bash - cmake . - make +cmake . +make ``` All binaries is in src dir. -Util | Desc ---- | --- -_rtl_adsb_ | recieve plain ADSB plain packets -_rtl_eeprom_ | read | -_rtl_power_ | log power over frequency range -_rtl_fm_ | demodulate signals -_rtl_sdr_ | output raw rtlsdr data -_rtl_tcp_ | remote rtlsdr server -_rtl_test_ | test rtlsdr +| Util | Desc | +| --- | --- | +| _rtl_adsb_ | recieve plain ADSB plain packets | +| _rtl_eeprom_ | read | +| _rtl_power_ | log power over frequency range | +| _rtl_fm_ | demodulate signals | +| _rtl_sdr_ | output raw rtlsdr data | +| _rtl_tcp_ | remote rtlsdr server | +| _rtl_test_ | test rtlsdr | ### Drivers @@ -58,12 +59,12 @@ Check if rtlsdr related drivers is loaded: ``` If there is some drivers then blacklist driver by creating file in */etc/modprobe.d/* with content: -``` +```bash blacklist dvb_usb_rtl28xxu ``` Next thing that could appear is permissions on rtlsdr usage when its plugged in. To allow everyone to use create file in */etc/udev/rules.d/* with content: -``` +```bash SUBSYSTEM=="usb", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="2838", \ GROUP="adm", MODE="0666", SYMLINK+="rtl_sdr" ``` @@ -71,12 +72,12 @@ To allow everyone to use create file in */etc/udev/rules.d/* with content: ### Check if works How to test if rtlsdr works? Run one of commands: -``` +```sh rtl_test ``` I like to run rtl_adsb as you can see there that something is received and you see that everything "works": -``` +```sh rtl_adsb ``` @@ -135,7 +136,7 @@ Using in interactive mode with height in meters: ``` Output: -``` +```text Hex Flight Altitude Speed Lat Lon Track Messages Seen . ------------------------------------------------------------------------------ 71be01 10052 1009 36.434 33.544 45 9 1 sec @@ -185,7 +186,7 @@ other devices. https://github.com/merbanan/rtl_433 -``` +```sh rtl_433 ``` diff --git a/md/writeup/running_disk_images_in_qemu.md b/md/writeup/running_disk_images_in_qemu.md index 3a7c4ea..998ec33 100644 --- a/md/writeup/running_disk_images_in_qemu.md +++ b/md/writeup/running_disk_images_in_qemu.md @@ -16,28 +16,28 @@ are missing and if needed test your software. ### Download image Download raspi debian kernel -``` +```bash wget -c https://github.com/dhruvvyas90/qemu-rpi-kernel/raw/master/kernel-qemu-4.4.34-jessie ``` Download image -``` +```bash wget -c https://downloads.raspberrypi.org/raspbian_lite/images/raspbian_lite-2017-08-17/2017-08-16-raspbian-stretch-lite.zip unzip 2017-08-16-raspbian-stretch-lite.zip ``` QEMU is using their own file image format lets concert img to qcow2 -``` +```bash qemu-img convert -f raw -O qcow2 2017-08-16-raspbian-stretch-lite.img raspbian-stretch-lite.qcow ``` Set network on local machine tun0 that will used by qemu to -``` +```bash brctl addbr tun0 brctl addif tun0 enp0s25 ``` Start qemu with raspi4 image -```` +```bash qemu-system-arm \ -kernel ./kernel-qemu-4.4.34-jessie \ -append "root=/dev/sda2 panic=1 rootfstype=ext4 rw" \ @@ -51,13 +51,13 @@ qemu-system-arm \ Login to raspi prompt -``` +```bash Username: pi Password: raspberry ``` Getting cursor back -``` +```bash Ctrl+Alt+g ``` @@ -70,7 +70,7 @@ Be careful its your responsibility what you type in terminal. Create image 128MB in size, with 2 partitions ext2 and ext4, install grub2. -``` +```bash dd if=/dev/zero of=disk.img bs=1048576 count=128 parted --script disk.img mklabel msdos mkpart p ext2 1 64 mkpart p ext4 64 128 set 1 boot on @@ -93,7 +93,7 @@ kpartx -d disk.img Installing grub -``` +```bash grub-install --target=i386-pc --recheck --no-floppy --root-directory=/mnt/disk0 --modules="biosdisk part_msdos ext2 configfile normal multiboot" /dev/loop0 ``` @@ -158,12 +158,12 @@ Here is example how to resize image to bigger size and still be able to run it o qemu. Main step that is may harm is fdisk, save disk layout with -``` +```bash fdisk -l of=raspbian-stretch-lite-20gb.img ``` and use it for later reference when partition will be resized. -``` +```bash dd if=2017-08-16-raspbian-stretch-lite.img of=raspbian-stretch-lite-20gb.img seek=0 conv=notrunc fdisk -l raspbian-stretch-lite-20gb.img #use here fdisk to resize partiions diff --git a/md/writeup/scan_memory_for_variable.md b/md/writeup/scan_memory_for_variable.md index c3903db..f50c229 100644 --- a/md/writeup/scan_memory_for_variable.md +++ b/md/writeup/scan_memory_for_variable.md @@ -43,18 +43,18 @@ find tmp and secret_dw. compile example with -`` +```bash make -`` +``` and run -``` +```bash ./example ``` And in parallel run -``` +```bash $ scanmem `pidof example` scanmem version 0.11 Copyright (C) 2009,2010 Tavis Ormandy, Eli Dupree, WANG Lu @@ -74,12 +74,12 @@ As we searching 4 byte value of uint we defining it by setting up option Now we ready to start our game. At beginning we know our secret_dw value it is 1000 but we will not use it. Type 1 in example -``` +```text secret_dw was 1000 ``` in scanmem -``` +```text 0> 1 info: 01/05 searching 0x8049000 - 0x804a000...........ok info: 02/05 searching 0xb763d000 - 0xb763e000...........ok @@ -96,7 +96,7 @@ secret_dw was 1 in scanmem -``` +```text 58> 1000 ..........info: we currently have 2 matches. ``` @@ -105,7 +105,7 @@ only 2 now scanmem has also many built in commands you can see them when type help. One of them is 'list'. Use it. -``` +```text 2> list [ 0] 0x8049680, 1000, [I32 ] [ 1] 0xbf9f2dd8, 1000, [I32 ] @@ -114,7 +114,7 @@ One of them is 'list'. Use it. Here is list of matched variables. Number,address,value,size. By address we see that our variable is with number 0. -``` +```text 2> set 0=999 info: setting *0x8049680 to 0x3e7... 2> list diff --git a/md/writeup/serial_gps_data_reading_utility.md b/md/writeup/serial_gps_data_reading_utility.md index b3d233f..289c610 100644 --- a/md/writeup/serial_gps_data_reading_utility.md +++ b/md/writeup/serial_gps_data_reading_utility.md @@ -11,20 +11,20 @@ and outputs line by line recieved data. When device connected ther could be that is not in NMEA mode it could be switched with: -``` +```sh gpsctl -n /dev/ttyUSB0 ``` Then you can connect with it with some serial terminal(dont forget baudrate could be 4800 or 9600): -``` +```sh minicom -D /dev/ttyUSB0 ``` Now we can use our gpsr utility -``` +```sh ./gpsr -d /dev/ttyUSB0 -c 0 ./gpsr -d /dev/ttyACM0 -c 1 ``` @@ -32,7 +32,7 @@ Now we can use our gpsr utility NMEA format is csv like and it easyly can be used from shell. Here is exmple how it looks: -``` +```text $GPRMC,123519,A,4807.038,N,01131.000,E,022.4,084.4,230394,003.1,W*6A ``` @@ -50,7 +50,7 @@ A Status A=active or V=Void. Get time from GPS -``` +```sh ./gpsr -d /dev/ttyUSB0 -c 100 | stdbuf -o0 grep -w "GPRMC" | cut -d',' -f2 ``` @@ -62,9 +62,9 @@ I have tested everything with GPS devices BU-353 and with some device that havenot any visual marks but have chip from u-blox manufacturer. -## COMPILE: +## COMPILE -``` +```sh gcc buf.c -c gcc serial_tty.c -c gcc serial_tty.o buf.o gpsr.c -o gpsr diff --git a/md/writeup/swift_ocr_example.md b/md/writeup/swift_ocr_example.md index ba45828..0e49164 100644 --- a/md/writeup/swift_ocr_example.md +++ b/md/writeup/swift_ocr_example.md @@ -16,7 +16,7 @@ The whole working prototype can fit just in few lines of code. All you need to c is text recognition requester and handle that collect results. There is few example on apple doc page. -```siwft +```swift func recognizeImageUrl(_ url:URL, _ error: Error?) { var pieces:[TextPiece] = [] var err:NSError? diff --git a/md/writeup/using_iptables.md b/md/writeup/using_iptables.md index 74b073b..9185354 100644 --- a/md/writeup/using_iptables.md +++ b/md/writeup/using_iptables.md @@ -114,13 +114,13 @@ the __PREROUTING__ and __OUTPUT__ chains of the nat table. ### List all rulles -``` +```sh iptables -L ``` List iptables rulles with extra output that could be usefull -``` +```sh iptables -nL -v --line-numbers ``` @@ -128,12 +128,12 @@ iptables -nL -v --line-numbers To delete specific rulle run -``` +```sh iptables -nL -v --line-numbers ``` search for chain and rulle number and delete it with next line -``` +```sh iptables -D [chain_name] [line_number] ``` @@ -141,19 +141,19 @@ iptables -D [chain_name] [line_number] Save iptable rulles to file -``` +```sh iptables-save > /tmp/cool.rulles ``` Load rulles from file -``` +```sh iptables-restore < /tmp/cool.rules ``` ### Remove chain -``` +```sh iptales -X chain_name ``` @@ -161,7 +161,7 @@ iptales -X chain_name Createing chain where ping related rules will be located -``` +```sh iptables -N ping_in iptables -t filter -A INPUT -j ping_in iptables -N ping_out @@ -170,7 +170,7 @@ iptables -t filter -A OUTPUT -j ping_out After creating chains output looks like -``` +```sh Chain INPUT (policy ACCEPT) target prot opt source destination ping_in all -- anywhere anywhere @@ -194,7 +194,7 @@ target prot opt source destination Lets block if someone tryes to ping us, juct block usual ping echo request, not blocking ICMP protocol as such. -``` +```sh iptables -A ping_in -p icmp --icmp-type echo-request -j REJECT iptables -A ping_out -p icmp --icmp-type echo-reply -j DROP ``` @@ -203,7 +203,7 @@ iptables -A ping_out -p icmp --icmp-type echo-reply -j DROP If dont whant to use ping, or dont whant that other use pinging -``` +```sh iptables -A ping_out -p icmp --icmp-type echo-request -j DROP iptables -A ping_in -p icmp --icmp-type echo-reply -j DROP ``` @@ -212,13 +212,13 @@ iptables -A ping_in -p icmp --icmp-type echo-reply -j DROP Forward ports -``` +```sh iptables -t nat -A PREROUTING -p tcp --dport <incoming-port> -j REDIRECT --to-port <destination-port> ``` Forward port to different ip -``` +```sh iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.5:8080 ``` @@ -227,17 +227,17 @@ iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168 Check if ip forwarding is set -``` +```sh cat /proc/sys/net/ipv4/ip_forward ``` if _0_ then not, set to _1_ -``` +```sh echo 1 > /proc/sys/net/ipv4/ip_forward ``` -``` +```sh iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 216.58.213.174:80 iptables -t nat -A POSTROUTING -j MASQUERADE ``` @@ -246,7 +246,7 @@ iptables -t nat -A POSTROUTING -j MASQUERADE Usefull command to see with ports are used and programm that are using -``` +```sh netstat -tulpn ``` @@ -268,7 +268,7 @@ If there is some unwanted service running, or you dont whant in future that it trying to make some connection without your allowance. Lets block port as such. -``` +```sh iptables -A INPUT -p tcp --dport 25 -j DROP iptables -A INPUT -p udp --dport 25 -j DROP ``` @@ -278,7 +278,7 @@ iptables -A INPUT -p udp --dport 25 -j DROP #### Incoming ip Lets block just incoming ip -``` +```sh iptables -A INPUT -s 8.8.8.8 -j DROP ``` @@ -286,7 +286,7 @@ iptables -A INPUT -s 8.8.8.8 -j DROP Block ip to access specific port -``` +```sh iptables -A INPUT -s 8.8.8.8 -p tcp --destination-port 25 -j DROP ``` @@ -294,14 +294,14 @@ iptables -A INPUT -s 8.8.8.8 -p tcp --destination-port 25 -j DROP There is possble to make iptables basing on user id -``` +```sh iptables -A OUTPUT -m owner --uid-owner {USERNAME} -j DROP ``` ### Block by state You can block some ports, but if you whant that ESTABLISHED connections are still there. Then there is possible to match specific connection state -``` +```sh iptables -A INPUT -m state --state NEW -j DROP -s 86.159.18.180 ``` @@ -310,7 +310,7 @@ iptables -A INPUT -m state --state NEW -j DROP -s 86.159.18.180 There is quite common that ANNONYMOUSE users have higher chance to abuse services. Also some website provides list of exit nodes. Here we going to add to new iptables chai list of IPs gathered from public source -``` +```sh wget -c https://www.dan.me.uk/torlist/ > tor.list iptables -N TOR iptables -t filter -A INPUT -j TOR @@ -321,7 +321,7 @@ cat /tmp/tor.list | uniq | sort | xargs iptables -A TOR -j DROP -s Log droppend packages -``` +```sh iptables -A INPUT -m limit --limit 2/min -j LOG --log-level 4 --log-prefix 'In2/m ' ``` diff --git a/md/writeup/wasm_fractal.md b/md/writeup/wasm_fractal.md index 205d22e..62ce8c8 100644 --- a/md/writeup/wasm_fractal.md +++ b/md/writeup/wasm_fractal.md @@ -108,12 +108,12 @@ wasm need to search for available options inside emscripten sdk js-configuration Compile on linux -``` +```sh -lSDL2 -lSDL2_ttf -lGLESv2 -lGL ``` Compile with emscripten -``` +```sh -s USE_SDL=2 -s MAX_WEBGL_VERSION=2 -s MIN_WEBGL_VERSION=2 -s LLD_REPORT_UNDEFINED -s USE_GLFW=3 ``` diff --git a/md/writeup/web_assembly_audio_with_fir_filter.md b/md/writeup/web_assembly_audio_with_fir_filter.md index e732a62..654f51e 100644 --- a/md/writeup/web_assembly_audio_with_fir_filter.md +++ b/md/writeup/web_assembly_audio_with_fir_filter.md @@ -30,13 +30,13 @@ is passed as callback, while running main loop just on pc is no issue. But this change logic how main loop is invocated to make it compatible between platforms for emscripten main loop is passed as callback -``` +```c emscripten_set_main_loop(main_tick, 25, 1); ``` in usual case its can be run as -``` +```c while (quit = 0) { main_tick(); } @@ -47,7 +47,7 @@ while (quit = 0) { Event handler in emscripten part are passing all events to SDL, and if there is text boxes they cannot be filled in, as main loop is handling events. -``` +```c //all events are handled and passed to this routine while (SDL_PollEvent(&event) != 0) { @@ -103,13 +103,13 @@ http://git.main.lv/cgit.cgi/WasmAudio.git ### Get source -``` +```bash git clone http://git.main.lv/cgit.cgi/WasmAudio.git/ ``` ### Build Linux -``` +```bash cd Build make ``` @@ -120,7 +120,7 @@ Open with XCode ### Build Web assembly -``` +```bash cd Build make emcc ``` diff --git a/md/writeup/webusb_example.md b/md/writeup/webusb_example.md index 3787ab9..dd5e59d 100644 --- a/md/writeup/webusb_example.md +++ b/md/writeup/webusb_example.md @@ -22,7 +22,7 @@ Source is located in [http://git.main.lv/cgit.cgi/webusb.git/tree/](http://git.m There is 2 files *index.html* and *webusb.js* both with messy code inside. To run exmaple download files or clone git repository -``` +```bash git clone http://git.main.lv/cgit.cgi/webusb.git ``` @@ -46,7 +46,7 @@ recieve results from other device and save it to inputbox. Linux provides utilities to list all usb device connections. -``` +```bash lsusb ``` @@ -62,12 +62,12 @@ Our PL2303 device is connected and is on a bus 2.0 When USB device is connected to bus linux logs some information. When USB device is there in dmesg you can find out some info. -``` +```bash dmesg | tail ``` Most important part is to find device bus id in our case it is "2-1:1.0" -``` +```bash [190298.876894] usb 2-1: USB disconnect, device number 26 [190298.877195] pl2303 ttyUSB0: pl2303 converter now disconnected from ttyUSB0 [190298.877245] pl2303 2-1:1.0: device disconnected @@ -86,7 +86,7 @@ Use usb bus id to unbind driver. If its not done there will be no permission error, or device busy error. Use one of lines to unbind device driver by usb bus id. -``` +```bash echo "2-2:1.0" > /sys/bus/usb/drivers/pl2303/unbind echo "2-2:1.0" > /sys/bus/usb/drivers/ch341/unbind ``` @@ -99,7 +99,7 @@ permsision. Add file to udev rules in /etc/udev/rules.d directory /etc/udev/rules.d/88-hello-usb.rules Here is examples of USB ids for PL2303 and CH341 -``` +```bash SUBSYSTEMS=="usb", ATTR{idVendor}=="067b", ATTR{idProduct}=="2303", MODE:="0666" SUBSYSTEMS=="usb", ATTR{idVendor}=="1a86", ATTR{idProduct}=="7523", MODE:="0666" ``` @@ -107,7 +107,7 @@ SUBSYSTEMS=="usb", ATTR{idVendor}=="1a86", ATTR{idProduct}=="7523", MODE:="0666" As rulles is not loaded after file are created or new entries are added. Need to restart udev daemon so new rulles are added to current running rulles. -``` +```bash udevadm control --reload-rules && udevadm trigger ``` @@ -254,14 +254,14 @@ by seeing sequenc of commands sent to USB interface. ### Setting usbmon -``` +```bash mount -t debugfs none_debugs /sys/kernel/debug modprobe usbmon ls /sys/kernel/debug/usb/usbmon ``` To see all usb interfaces with detailed info -``` +```bash cat /sys/kernel/debug/usb/devices ``` Here is quick look whant kind of interfaces device have, endpoint numner, @@ -279,7 +279,7 @@ E: Ad=02(O) Atr=02(Bulk) MxPS= 32 Ivl=0ms E: Ad=81(I) Atr=03(Int.) MxPS= 8 Ivl=1ms ``` -``` +```bash cat /sys/kernel/debug/usb/usbmon/1u > /tmp/1.mon.out ``` |