Echo.2

ping and pong in the ocean of network

Posts Tagged hacking

Open firmware password and firewire enclosure

Jan 31

Posted by Jason Chin in hacking | No Comments

I have a firewire enclosure using Genesys GL-711 chip. It has been working well. However, I tried to mount it under OS X.4.4 earlier today and failed. The System Profile showed the firewire bus but not the hard drive. My powerbook could still mount other external firewire hard drives using different chipsets and the GL711 box could also work with other computer too. I was very puzzled.

I tried to reset PMU and zapped PR ram. I needed to disable the open firmware password to do so. After the zapping PR-ram, resetting PMU, rebooting the computer, the hard drive controlled by GL-711 showed up. I thought it might be a good idea to set the password again, so I did it. Reboot, the powerbook could not see the hard drive anymore. After a few more rebooting and testing, I confirmed that setting open firmware password affected whether the powerbook 12 inch could see the hard drive or not.

This is such strange bug. How would the open firmware password affect the firewire bus? And why it is so specific to one kind of firewire bridging chip but not the others? I guess it would probably not be easy to figure that out.

Tags:

Safe Sleep

Nov 14

Posted by Jason Chin in hacking | No Comments

In the recent OS X 10.4.3, it is possible to “suspend” my powerbook into hibernate mode that does not use any power (see Andrew’s Blog). I write this simple script “sleepmode” to make life slightly easier with this feature.

#!/bin/sh
case ”$1” in
  deep)
    sudo pmset -a hibernatemode 1
  ;;
  safe)
    sudo pmset -a hibernatemode 3
  ;;
  normal)
    sudo pmset -a hibernatemode 0
  ;;
  go)
    omode=”`pmset -g | grep hibernatemode | cut -f 2`”
    sudo pmset -a hibernatemode 1
    echo The system is going to the deep sleep in 3 seconds
    sleep 3
    osascript -e 'tell application "Finder" to sleep'
    sudo pmset -a hibernatemode $omode
    echo The system is back to it orginal sleep mode
  ;;
esac

case ”`pmset -g | grep hibernatemode | cut -f 2`” in
  0)
  echo System is in the Normal Sleep Mode
  ;;
  1)
  echo System is in the Deep Sleep Mode
  ;;
  3)
  echo System is in the Safe Sleep Mode
  ;;
esac

Tags: ,

看看上個星期收集了多少和那些垃圾, Tiger’s Way

Oct 5

Posted by Jason Chin in hacking | No Comments 

mdfind -0 -onlyin /Users/ "kMDItemUsedDates >= \$time.this_week(-1)" |\
xargs -0 du -k |\
sort -k 1 -n -r

當然,你也可以用 SmartFolder.

Tags:

看看上個星期收集了多少和那些垃圾

Oct 4

Posted by Jason Chin in hacking | No Comments 

find  .  -newerct  '7 days ago'  -exec ls -ald {} \; > fileList

Tags:

小心 “. “

Sep 29

Posted by Jason Chin in programming | No Comments

最近學校的電腦有幾台使用者不管的電腦有個使用者的密碼被猜到,侵入的 angelbot 用 ssh 登錄,然後會載入一堆針對 linux 中許多程式的漏洞來攻擊的程式取得 root 權限,然後會再去掃描其他電腦的 ssh 的 user/password 組合。這個 bot 應該是可以從遠端 irc 中控制。

如果發現系統中,有個 angel 的帳號的話,那就是中獎了。這個 bot 藏在 /var/tmp 的一個目錄,這個目錄名是 “. “,所以不小心看,會以為這是 “.” 目錄,要進這個目錄,要 ‘cd ". /"‘。進去後會有一堆 cracker 用的工具。

不要有亂七八糟的使用者帳號,沒事去看看 /var/log/auth.log 或是 /var/log/secure,如果被入侵了,記得把 “. ” 擦乾淨。

(另一個 angelbot 的 trace 是這個 bot 會跑一個叫 “[httpd]” process 來跟遠方的 bot 透過 port 8888 眉來眼去。不注意看的話也是很容易漏掉。)

Tags:

Debian linux as a VPN server for OS X

Sep 27

Posted by Jason Chin in hacking, programming | No Comments

最近決定來試看看把在學校裡工作用的 desktop 拿來當自己的 VPN server,這樣作最大的好處是可以在家裏工作時還是可以取用學校有訂閱的期刊論文的電子版。雖然學校其實有提供 VPN client 連到學校的 VPN server,但是好像還不支援 Tiger,要多裝一個 client 也是很煩的事。之前我是用 ssh tunneling 加上 tinyproxy 來『模擬』VPN,其實也已經很實用了。但是還是手癢,想來玩玩自己的 VPN server 然後用 Tiger 內建的 VPN client 去連結。

在 Tiger 可用的而 linux 有支援的 VPN 中,pptp 是最好設定的。在 Debian 下唯一比較麻煩的是要自行編譯 ppp_mppe.ko 的 kernel module。把 ppp_mppe.ko 編好後,在 /etc/modutils/aliases 中加入一行

alias ppp-compress-18   ppp_mppe

這樣 kernel 才會自動載入這個 module,當然妳也可以用 insmod 來載入所有 ppp_* 相關的 module。

要把 debian 設成 pptp 的 server 要先用 apt-get 安裝 pptd 套件:

apt-get install pptpd

然後再來要設定下面幾個檔案,

設定 pptp:

file: /etc/pptpd.conf

speed 115200
option /etc/ppp/pptpd-options
noipparam
logwtmp
bcrelay eth0
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245

設定 ppp:

file: /etc/ppp/pptpd-options

name pptpd
ktune
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
# replace 127.0.0.1 with the remote server's DNS ip
ms-dns 127.0.0.1
proxyarp
nodefaultroute
lock
nobsdcomp
nodeflate

設定用戶代號與密碼:

file: /etc/ppp/chap-secrets

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
VPNUserName pptpd VPNPassword *

把 ppp 連結的 traffic 導向到 server 的外部 ip/網路卡:

file: /etc/ppp/ip-up.local

#!/bin/sh
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ipt_MASQUERADE
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

這些設定完成後。在 OS X 下就可以 Internet Connector 中的 PPTP VPN 來連到 server 上。記得要把 Internet Connector 的選單中 Connect -> Options 中的 Send all traffic over VPN connect 選起來。這樣再加上在 server 上的 iptable 的設定,當用 VPN 連線的時候,外界看起來就像你是從 server 連出去的(妳可以試著連到 checkip.dyndns.org 來看看外面的網站看到的 ip 是不是 server 的 ip)。

Tags: ,

在 Aquamacs 用中文的小訣竅

Sep 4

Posted by Jason Chin in hacking | No Comments

在 Mac OS X 上的 emacs 正如其他 Unix 裡的 emacs 一般有很多不同的版本。以前用的是 Carbonize 的 emacs,要在上面設定使用 utf-8 的正體中文總是對 .emacs 動不少工程,甚至必要的時候,還得自行從原始嗎加上補丁重新編譯。

Aquamacs emacs 是在 Mac OS X 上 Aqua 化的 emacs,所以就 GUI/字形來說,會比別的建立在 Carbon 及 Terminal 上的 emacs 來得自然。但是我以前試驗過早期 Aquamacs 的版本不夠穩定,所以我一直是使用自己編譯的 Carbonize emacs。不過,最近一版的 Aquamacs 相當不錯,加上要在其中使用,utf-8 中設定相當方便,試驗中文成功後,我就把自己編的 Carbonize emacs 給砍了。

要在 Aquamacs 下使用 utf-8 的正體中文只需在 ~/Library/Preferences/Aquamacs Emacs/Preferences.el 中加上兩行,

(set-language-environment "Chinese-Big5")(prefer-coding-system 'utf-8)

就可以用中文了。

Auqamacs 中也正確處理了剪貼簿中的編碼,不需要任何特別的設定,不管是那種 encoding,都可以在 Aquamacs 與其他的 OS X 軟體中自由的剪來貼去了。

有需要在 OS X 下中用 emacs 的朋友不妨試試 Aquamacs,說不定您會像我一樣,覺得 Aquamacs 還滿合用的。

Tags:

Finder 下 “New File” 功能

Sep 4

Posted by Jason Chin in hacking | No Comments

在 Finder 下,有 New folder 但沒有 New File 的 Context menu。雖然不是一定要的功能,但是如果可以在 Finder 下建立空檔,然雙擊來打開對應的應用程式來在想要的目錄下建立對應的檔案也是一件滿方便的事。在看了一個相關的 osxhintshint 後,發現這樣的事情可用 Automator 加上 Apple Script 來做到。以下說明如何來在 Finder 下做到這件事。

打開 Automator,找到 run apple script 的 Action,然後用把下面的 Apple script 貼上:

on run {input, parameters}
set input_text to text returned of
     (display dialog "Please input a file name" default answer "Untitled.txt")
do shell script "touch " & (POSIX path of (input as string)) & input_text
return input
end run

然後在選單下選 Save As Plugin…,把 Workflow 存成 Finder 的 Plug-in,把 workflow 命名成 “New File”。這樣,在 Finder 的 Context menu 下的 Automator 中就會有新的選項 “New File”。這樣,就可在 Finder 下用 context menu 來建立新檔了。

Tags:

這個有用

May 11

Posted by Jason Chin in hacking | No Comments

Boing Boing 上看到的有用的東西,特別記下來。

Tags:

launchd and cron job

Apr 30

Posted by Jason Chin in hacking | No Comments

In OS X.4, one would discover that the file /etc/crontab is empty. If you try “sudo crontab -e“, you will find the default cron table for root is also empty. How does OS X.4 control these the timely maintenance jobs? I need to run a simple job to book keeping my battery usage log every 10 minutes. I know that I can still use “cron” to achieve this goal, however, I think it would be more fun to dig out how to archive this by using OS X way, launchd.

After reading several man pages for launchd, launchctl and launchd.plist, I find it is not hard to use the new launchd to run a program periodically. Basically, each line in the crontab is replaced by an XML file (property list), to describe how a program should be launched by the launchd daemon. One can refer to Apple’s /System/Library/LaunchDaemons/com.apple.periodic-daily.plist for the general structure of the property list format. You can create your own myjob.plist and put it in /Library/LaunchDaemon or ~ /Library/LaunchDaemon, then the system will load it in automatically after reboot or re-login. Actually, I am not sure if reboot or re-login is required. Nevertheless, you can also load the job manually by “launchctl load” and “launchctl start“. If you are interested in what jobs have been loaded by launchd, try “launchctl list” or “sudo launchctl list”.

I have not studied the mechanism behind launchd, but I notice that my weekly mantainace jobs do not run at the time specified by its configuration file. Dose launchd already have some sort of anacron function? If so, it will be a great news for powerbook or ibook user.

launchd seems to be a very capable daemon to replace some of those old unix based launchers. I like the XML property list file better than the old crontab format, which I never remember the meaning of different field unless I look up the man page. With a flexible XML format, it is quite likely to have a nice gui program to manage all launchd jobs.

General Background about launchd

Tags: