Jan 21, 2013

Compile Android 2.3.3 in Slackware 14

I. Introduction:
Recently I decided to change my linux distro from ubuntu to slackware. The installation process is nice and smooth. After I install slackware, I decided to download the android 2.3.3 source and compile myself. I have done it before in ubuntu 10.04, so I told to myself how hard could it be. However I was wrong, compiling android in slackware 14 is incredibly annoying. Most of the problems are caused by gcc and perl version mismatch. Some people might say, just downgrade/upgrade your gcc/perl version and it should be fine. I know that, but changing gcc/perl version in your system might cause some problems and I don't want to take that risk. (btw, recompile gcc is very time consuming in my computer. Hardware sucks) 
Because the above reason, I decide to compile the android 2.3.3 without downgrade any tools and also to write the whole process down to remind myself how I do it.

II. Environment:

  • Linux Distro : Slackware 14 x86_64( with multilib support )
  • gcc version : 4.7.1
  • make version : 3.82
  • perl version : 5.16
  • git version : 1.71
  • python version : 2.73

Just a clean install of slackware 14.
As for multilib support just check out Alien BOB wiki and follow the instructions that wiki mentioned. 
P.S you should at least have >2GB of RAM or the building process may failed. 

III. Compiling Steps:
This post is mostly focus on how to solve the version mismatch problems; therefore, I will not cover how I setup the build environment in this post. (Most libraries that required to build android are already installed by the Slackware 14 clean install)
After you follow the ASOP instructions and install all the necessary packages, it is time to type make command. (I highly recommend that use 'make -j1' instead of 'make -j8' )

1. GCC version mismatch:
The following is an example of how this kind of error message look like and the general solutions of how to solve this kind of problems. Figure 1 shows how this kind of error message looks like. There are two ways to solve this kind of problem. 
The first one is add "this->" in front of all the variables that appear in the error message. However, in the entire building process, you will be very annoying adding this pointer in front of all the errors.
The second method is to add  "-fpermissive" flag in the makefile. More precisely add "-fpermissive" to LOCAL_CFLAGS in Android.mk. This method is more reasonable. 
During the whole building process, there are several Android.mk files that need to be modified (adding "-fpermissive" flag)


[figure 1] gcc version mismatch error message
[Figure 2] Add "-fpermissive" after the LOCAL_CFLAGS in the Android.mk

2. perl Switch module problem:
Switch.pm is deprecated in perl 5.16, therefore the solution is simple, patch the "external/webkit/WebCore/dom/make_names.pl". Figure 4,5,6 show some modification of this file. 
[Figure 3] Can't locate Switch.pm
[Figure 4] comment use Switch
[Figure 5] use if else instead of switch case

[Figure 6] delete the "-P" flag from preprocessor
IV. Conclusion:
After the above steps, the building process should be fine and you can see the image file in the out directory.
I also make a diff file which you can download from here: http://pastebin.com/RCfB5irk
Just download the file and type:
patch -p1 < patch_file_name.patch
Enjoy :)

Linux Kernel 1: How to Compile Linux Kernel

I. Introduction:
This post is the first post for linux kernel hacking. Before you can dig into linux kernel source you should first learn how to build a kernel yourself.
There are many distributions out there, and I prefer to use Slackware 14, gentoo or debian (not dibian based distro such as ubuntu, mint). The reason I recommend to use these two distro is because that most modern distributions have changed so many linux codes that may confused you while your are tracing linux code.

II. Environment:
  • Linux Distro: Slackware 14 x86_64
  • kernel version: 3.2.37
  • gcc version: 4.7.1
III. Contents:
1. pre-requirement:
The first thing you should do is download the kernel source that you want to build. The kernel source file can be found in : http://www.kernel.org/pub/linux/kernel/.
In my case, "linux-3.2.37.tar.bz2". Just extract the file and put it into the directory that you want. I put the source code in "$HOME/kernel/".

2. config:
Before building the kernel, you have to config it first.  type "make help" and you can see a list of options. In this part, we just focus on the config sections.
The following  are some options that are commonly used.

config          - Update current config utilising a line-oriented program
menuconfig      - Update current config utilising a menu based program
xconfig         - Update current config utilising a QT based front-end
gconfig         - Update current config utilising a GTK based front-end
oldconfig       - Update current config utilising a provided .config as base
localmodconfig  - Update current config disabling modules not loaded
localyesconfig  - Update current config converting local mods to core

The description is very self-explained therefore I'm not going to explain it. Just a quick note, if you prefer the GUI interface, type "make xconfig/gconfig" which will give you gui interface to config the kernel. In my case I use "make localmodconfig" which will set the config file according to your system modules.

 you can also use "gcat /proc/config.gz > .config" if your previous kernel has enable the IKCONFIG  and IKCONFIG_PROC flag. This will copy the previous kernel configuration to your current kernel source. After you finished the above command you can still type "make oldconfig" if you are using a newer kernel. (The newer kernel may have some new features )
Thank you +Eric Garland. :)

3. build the kernel:
If this is the first time you compile this kernel Type "make all -j8" to compile the kernel. The "make help" output tell us that the make install will build the target marked * and the default one is "vmlinuz" and "modules".
However, if u have compiled the kernel before and there is no new featured that is added in the config file.You can type "make vmlinuz -j8" instead. It will only build the vmlinuz and will not build the modules.
If you have add a new modules or edit the modules source code you can type "make modules -j8" to only compile the linux modules.
P.S Compiling the linux kernel may take some time according to your hardware. (get a cup of coffee or watch a movie :P)

4. Install the modules:
If this is the first time you build the linux kernel: type "sudo make modules_install". If your haven't modify any kernel modules or add a new one in the config file, this step can be skiped.

5. Install the kernel:
Instead of typing "make install" I prefer using the following command.

sudo cp arch/x86_64/boot/bzimage /boot/vmlinuz-3.2.37
sudo mkinitrd -c -k 3.2.37 -m ext4 -f ext4 -r /dev/sdaN -o /boot/initrd-3.2.37.img

More detailed about mkinitrd command, type "man mkinitrd" or check out this link: http://mirrors.slackware.com/slackware/slackware-11.0/extra/linux-

6. Update your bootloader:
Since I'm using slackware and the default bootloader of slackware is lilo, so I have to edit the /etc/lilo.conf. After modified the /etc/lilo.conf type "sudo lilo".

7. Command Walk through:

        // if this is the first time you compile the kernel
make mrproper;
// if this is the first time you compile the kernel or want to add some new features to your kernel.
make localmodconfig/menuconfig/xconfig/gconfig;
make all && make modules_install; // if this is the first time you compile the kernel or adding new stuff to the
make vmlinuz; // if you just change the kernel source
make modules && make modules_install; // if you have add a new module in config file or modify the module source code
cp arch/x86_64/boot/bzimage /boot/vmlinux-3.2.37
mkinitrd -c -k 3.2.37 -m ext4 -f ext4 -r /dev/sda2
-----update your bootloader----
echo "done";

IV Conclusion:
This is basically how to compile a linux kernel. I will talk about some more configuration and some tools to help you trace the linux code. Happy Hacking.

Oct 3, 2012

Ubuntu 12.04 notes.

Ubuntu 12.04 has been released for a while. I recently installed this version and almost everything works great except the video and wireless driver. I have google for a very long time and viewed many threads to solve these two problems. Therefore, this post is just to remind me how I solved this problem.

Video Drivers:

My notebook's graphic card is ati radeon hd 4300. If you want to check what graphic card your computer is using just type:

lspci -vnn | grep VGA

and it will show you the information that you need.
Actually, there are many ways to install the graphic drivers. The following is just how I set my video drivers.
First make sure you haven't installed an old fglrx drivers. If you do, simply type:

sudo apt-get remove --purge fglrx* fglrx_* fglrx-amdcccle* fglrx-dev*

this command will remove the fglrx driver that your system is currently using.
After remove the old drivers, download the binary file from the amd support web site:
In my case, the binary file I need to download is as follow. http://support.amd.com/us/gpudownload/windows/previous/12/Pages/radeon_linux.aspx?os=Linux%20x86&rev=12.4
After download the binary file type:

chmod +x amd-driver-installer-12-4-x86.x86_64.run
./amd-driver-installer-12-4-x86.x86_64.run --buildpkg Ubuntu/precise
sudo dpkg -i *.deb

That's it. Reboot your system and the fglrx should installed properly.
More detailed, check the following two reference websites.

Wireless Drivers:

My notebook's wireless NIC is Broadcom BCM 4312. Again, if you want to know what chipset your device is using type:

lspci -vnn | grep Network

And it will print out the information you need. After knowing the chipset, it's time to find out what kind of driver/module that I need. Actually, installing the new wireless driver is very simple in ubuntu 12.04. Just type sudo apt-get install backport-module-cw-$kernel_version the kernel_version is your kernel version which can use uname command to verify it. After this instruction, it will install almost all the wireless module(atheros or broadcom chipset) from newer kernel version. Hope this post can help others. :)

May 19, 2012

windows shellcode 1: Introduction

Ok, this is another shellcode tutorial. However, this time I'm gonna focus on windows shellcoding technique.

In the previous shellcode tutorial, I'm using linux as my environment. After research and google for a while, I think it's time to write something about windows shellcode.

The most significant difference between linux shellcode and windows shellcode is that when writing linux shellcode we use system call to achieve the goal we want. However, in windows, the system call will various in different version. Therefore, when writing windows shellcode, we have to use windows API to achieve the goal.

There are several  ways to get the windows API address and the most simple one is using GetProcAddress() and LoadLibraryA() in kernel32.dll.
I use the following C program to demonstrate how to use these two API.

#include <windows.h>
#include <stdio.h>
int main() {
    unsigned int api_addr = 0;
    api_addr = GetProcAddress(LoadLibraryA("kernel32.dll"), "ExitProcess");
    printf("address 0x%x\n", api_addr);

In the above example the api_addr will contains the virtual address of ExitProcess().
P.S You can get more information of windows API in MSDN.

After knowing the address of ExitProcess, it's time to write a simple shellcode that will exit the program.

.global _main
    pushl $0;
    movl $0xdeadbeef, %ebx;
    call *%ebx;

In the above assembly code, you have to change the $0xdeadbeef to the API address the previous C program output to you. And the reason why using call *%ebx instead of call $0xdeadbeef is that when using call $0xdeadbeef the assembler will compile the code into a relative call instead of a direct call; therefore the result may not be what we are expected. I have mentioned this in the previous post. If you want u can check here.

This post is only a brief introduction of windows shellcode, I will post more advanced technique and shellcode later these days.

May 15, 2012

Some Great Python Tools

Recently, I start to learn python since it is very convenient and powerful. And I'm gonna introduce some great python tools that will be very helpful in the future work.

1. pip
The first one is pip. It is a tool that will help you managing the python packages. A great replacement for easy_install, but more powerful.
In Ubuntu, you can simply install pip by typing
sudo apt-get install python-pip

or you can download the package from the following link
untar the file and type
sudo python setup.py

U can use pip to install python package either from web site or tar files.
pip search $PACKAGE_NAME
and it will search the package 4 u.

simply type
pip install $PACKAGE_NAME
will help u install the package to your system.

2. virtualenv & virtualenvwrapper
The second tool I'm gonna introduce is virtualenv. It is a tool to help u creating a virtual python environment to solve the consistency problem.
In Ubuntu, simply type
sudo apt-get install python-virtualenv

or u can use pip to help you install virtualenv, just type
sudo pip install virtualenv

And if you have many projects that need to be managed, virtualenvwrapper is a very good choice. The tools contains some wrapper function from virtualenv and help u ease your job.

If u want to get familiar with virtualenv and virtualenvwrapper the following links are some good tutorials about these tools.

3. scapy
scapy is a very powerful tool for packet manipulation and packet sniffing. If you want to play with packets and learn some internet protocols or doing some internet forensic or pen-testing it is a very useful tools. The official documentation is great start to learn scapy. I will also post some tutorial of how to use scapy in the future.

want to install just type
sudo pip install scapy
sudo apt-get install python-scapy

4. Django or Pyramid
Django and Pyramid are both high-level web framework for programmers to develop their own web project in a rapid way. In short, they are "ruby on rails " in python :P
Even though both tools can help people organize their web framework, but they are still different.
The comparison of these two framework can be found in these links.
There are still more, you can just google for that.

Here are some links that will help u dig deeper in Django.

And also some links for Pyramid

5. Scrapy
Scrapy is a high-level python web crawling framework. If you want to design some web robot or web spider, Scrapy is a good choice.

The documentation of scrapy is right here

want to install just type
sudo pip install scrapy
sudo apt-get install python-scrapy

Dec 27, 2011

What the hell is "NetCut" doing and how to prevent

NetCut is a program that will help you disconnect other computers in the same subnet of an ethernet network. You can download the program from this link: NetCut.
In this post I will describe the technical detail about NetCut and how to prevent this kind of program/attack.

I. Technical Detail About NetCut:
NetCut use a simple technique called "ARP poisoning" or sometimes called "ARP spoofing". It is a attack technique usually used to trigger an Man In The Middle attack. Before introducing the ARP poisoning, we have to know what is ARP.
ARP is the abbreviation of Address Resolution Protocol. According to wiki, "ARP is a protocol used for resolution network layer address to link layer address." That is, ARP will map the IP address of a machine to it's MAC address.
Consider the following LAN from Fig. 1:

<figure 1> Local Area Network Example

Now If Alice want to send a Packet to Bob, Alice machine will check if the MAC address of IP is exist in the ARP cache table. If it is not exist in the table, it will broadcast a ARP request asking for the MAC address of While Bob's machine receive the broadcast message, it will reply it's MAC address to Alice. Fig. 2 shows the communication process.

<figure 2> ARP communication process

After knowing the ARP, it's time to introduce the "ARP poisoning attack". Consider the following condition. What if Evil reply the ARP request before Bob when Alice broadcast the ARP request. In this scenario, Alice's machine will think that the MAC address of IP is 00:00:00:00:00:03(MAC address of Evil), instead of 00:00:00:00:00:04(MAC address of Bob). Therefore, Alice will send the packet to Evil instead of Bob.Fig. 3 shows the process of this attack.

<figure 3> ARP posioning attack
What if Evil send the ARP reply with a non-exist MAC address of the gateway, then Alice's machine will become a DoS condition. This is how NetCut disconnect other computer in the same subnet.

II. Prevention of ARP poisoning:
The best way to prevent your computer being poisoned is use a static ARP instead of dynamic. In both windows and linux system, there is a command called arp which can let you check the arp cache table and moreover change the dynamic table into static.
You can also installed some application such as arpwatch in unix and Xarp-v2 in winodws to defense this kind of attack.

III. reference website:
ARP and ICMP redirection
arp-spoofing wiki

Dec 26, 2011

What can you do when linux is not responding

Linux is a very stable system compare to windows(:P). However even it is very stable, it will still crash sometimes.
So what can you do if the system is crashed.

1. go to the tty:
Sometimes, it is the graphic mode crash but the linux kernel and other critical process are still alive.
If you have encounter this situations, There is no need to reboot your system.
Instead, you can goto tty to fix the problem.
In linux system you can go to tty by pressing [ctrl]+[alt]+[f1~f7].
The default graphic mode is in tty7, that is you can press [ctrl]+[alt]+[f7] to return to graphic mode.
A tty is a pure command prompt and you can restart the x-server from here.
ubuntu 11.10 use lightdm, so I take lightdm as an example.
type the following command:
sudo /etc/init.d/lightdm restart
that's it, and you will see the graphic mode is restarted.

2. the magical sysrq:
If your system crash and the keyboard has no respond, it's time to use the sysrq.
What is a sysrq, it is a little button on your keyboard. Normally, it is near the delete key .  If your system crash, and you can not enter the tty mode. Try the following combination keys:
[alt]+[sysrq]+[R]-> [alt]+[sysrq]+[E]-> [alt]+[sysrq]+[I]-> [alt]+[sysrq]+[S]-> [alt]+[sysrq]+[U]-> [alt]+[sysrq]+[B]
If everything works fine, your system will reboot but will save some files and safely kill the process that you are working on.
So what the hell is going on under these combination keys?
The following show you the functionality of each keys.

a. [alt]+[sysrq]+[R] : turn your keyboard into ascii mode, it enables your keyboard to send message to the kernel directly.
b. [alt]+[sysrq]+[E] : send SIGTERM signal to all the process except the init process.
c. [alt]+[sysrq]+[I] : send SIGKILL signal to all the process except the init process. This will kill all the processes except the init process.
d. [alt]+[sysrq]+[S] : sync the buffer pool to the hard disk, in case to lose datas.
e. [alt]+[sysrq]+[U] : remount all the mounted-filesystem to read-only.
f. [alt]+[sysrq]+[B] : reboot the system.
p.s while using the combinations, use it slowly. :P
That is, after using the first combination, wait about 5 secs and then use the second one and so on. If you use the combinations too quick it is no difference than press the power key. 
The recommend wait time is:
R--1 sec-- > E--30 sec --> I-- 10 sec --> S --5 sec --> U -- 5 sec --> B

If you want to know more detailed about the sysrq the following link has a very good explanations.
English version:
Magic sysrq
Chinese version: