November 22, 2013

Adding Linux PAM

If you have an embedded Linux, but want to add Linux PAM to your system, here are some of the thing I have found out:

What you will need:
1. Linux-PAM package
2. Shadow package (Debian or Linux From Scratch has source)
3. cracklib package (sourceforge)

Linux-pam needs cracklib to test password complexity.

1. compile and install cracklib
CC=ppc-linux-gcc ./configure --host=ppc-linux
make
make install DESTDIR=/home/me/install

2. compile and install linux-pam
LIBS="-lcrack" CFLAGS=-I/home/me/install/usr/local/include LDFLAGS=-L/home/me/install/usr/local/lib/ CC=ppc-linux-gcc ./configure --host=ppc-linux --disable-nis --disable-selinux --disable-regenerate-docu --disable-nls --disable-rpath
make install DESTDIR=/home/me/install
(you may want to change the installed *.la files to point to the right directory. this is bug of libtools)

3. compile shadow
LIBS="-lpam -lpamc" CFLAGS=-I/home/tzhang/install/usr/include LDFLAGS=-L/home/tzhang/install/lib64/ CC=ppc-linux-gcc ./configure --host=ppc-linux  --with-libpam --without-selinux  --without-sha-crypt --without-nscd --disable-shadowgrp
make

you will need to transfer the following files to your target (as you go along, you may need more modules):
/lib64/
/lib64/security
/lib64/security/pam_unix.so
/lib64/security/pam_cracklib.so
/lib64/libcrack.so.2


and then: 
useradd
passwd
login


create the following files under /etc/pam.d/
/etc/pam.d/system-auth
/etc/pam.d/passwd
/etc/pam.d/other

also login.defs:
-bash-3.00# cat /etc/login.defs
ENV_SUPATH  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV_PATH    PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
MAIL_DIR        /var/mail

and this one:
-bash-3.00# cat /etc/default/useradd
SHELL=/bin/sh

make sure you have at least an empty shadow file 
$ touch /etc/shadow

PAM is used when adding user, changing password, login, etc. You can also hook your application to PAM authentication.

November 21, 2013

TI Sitara DM816x UART BOOT

On silicon revision 1.0 and 1.1, the BOOTROM operates at baud rate 32452.
On silicon revision >=2.0, the baud rate is 64904 baud

November 20, 2013

busybox password hash algorithm

Busybox has a command "passwd" and take an argument "-a ALG", but it does not tell you which "ALG" should be. Well, here it is:

1. "des"
2. "md5"
3. "sha256"
4. "sha512"

How to add jquery to any webpage without using a browser plugin

Option 1
Copy the following code to your browser's javascript console (under developer tools) and run it:
var body = document.getElementsByTagName("body")[0];
var script = document.createElement('script');
script.type = "text/javascript";
script.src = "http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js";
body.appendChild(script);

Option 2
Go to: http://code.jquery.com/jquery-latest.min.js and copy the entire code to run in your javascript console.

To check, run the following in your javascript console:

$("body").length

And you should get 1.

November 18, 2013

C code to detect link connected/disconnected using RTNETLINK

RTNETLINK documentation is not very good. Here is an example of how to detect interface disconnected/disconnected using it. If you want to detect interface up and down, just check the flag IFF_UP instead of IFF_RUNNING.

  https://gist.github.com/tiebingzhang/aafc2953b430d5586bd1135cad85100f

November 8, 2013

How to compile Net-SNMP 5.7.2 for Windows on Linux using MinGW

Here is how to compile Net-SNMP 5.7.2 for Windows on Linux using MinGW.

In my setup, the host is Fedora Linux 19 64-bit.

1. Install MinGW:
sudo  yum install mingw32-binutils mingw32-cpp mingw32-filesystem mingw32-gcc mingw32-gcc-c++ mingw32-runtime mingw32-w32api
2. Get snmp-5.7.2 source code and untar it
3. configure it:
CC=i686-w64-mingw32-gcc ./configure --host=mingw32  --with-ar=i686-w64-mingw32-ar \
--without-perl-modules --disable-embedded-perl   \
--disable-mib-loading  --with-openssl=internal  --enable-mini-agent --with-out-transports="Callback Unix TCP" \
--disable-manuals --disable-shared
Option 1
1. Comment out RANLIB in all Makefiles
find . -name Makefile | xargs sed -i 's/^RANLIB.*/RANLIB=echo'
2.
 make -j 20 

3. Manually do ranlib
find . -name "*.a" | xargs i686-w64-mingw32-ranlib
4.
 make -j 20 
8. More manual ranlib
find . -name "*.a" | xargs i686-w64-mingw32-ranlib
5. continue to make
make -j 20
This time it should make all the way to the end. That's it.

P.S.
I tried to directly set RANLIB in Makefile to be i686-w64-mingw32-ranlib, but then it tries to ranlib the *.la files and fail. If you know a way to directly set RANLIB in Makefiles and compile successfully, please let me know by leaving a comment below.

Option 2 
1. Point ranlib to mingw ranlib in all Makefiles
mkdir -p $HOME/bin; cd $HOME/bin;
cat <<EOF >myranlib
#!/bin/sh
echo Running 686-ranlib $*
i686-w64-mingw32-ranlib  $*
exit 0;
EOF
chmod +x myranlib
ln -sf ranlib myranlib
find . -name Makefile | xargs sed -i '1s/^/PATH := $(HOME)\/bin:$(PATH)\n/'

2.
 make -j 20 

This time it should make all the way to the end. That's it.


November 7, 2013

Tshark decode and dump packets

Suppose you have the captured file, just use the following command to dump the first frame:

tshark -r ~/hcm_stigs/snmp.pcapng -Y frame.number==1 -Vx

-V: decode and print packet details
-x: print packet payload in Hex
-Y frame.number==1: only decode the first frame

November 5, 2013

SNMP V3 password to key algorithm implementation in GoLang

package main
import (
    "fmt"
    "io"
    "crypto/md5"
    "crypto/sha1"
)

func  password_to_key( password string, engineID string, hash_alg string) {
        h := sha1.New()
        if hash_alg=="MD5" {
                h = md5.New()
        }

        count := 0;
        plen:=len(password);
        repeat := 1048576/plen;
        remain := 1048576%plen;
        for count < repeat {
                io.WriteString(h,password);
                count++;
        }
        if remain > 0 {
                io.WriteString(h,string(password[:remain]));
        }
        ku := string(h.Sum(nil))
        fmt.Printf("ku=% x\n", ku)

        h.Reset();
        io.WriteString(h,ku);
        io.WriteString(h,engineID);
        io.WriteString(h,ku);
        localKey:=h.Sum(nil);
        fmt.Printf("localKey=% x\n", localKey)

        return;
}

func main(){
        password_to_key("maplesyrup","\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02","MD5");
        password_to_key("maplesyrup","\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02","SHA1");
}

November 1, 2013

Conference Call Systems

GoToMeeting and Webex are mainstream ones. I used GoToMeeting and like it.



Others:
 - FreeConference
 - FreeConferenceCallHD

More others:

So for those out there who may not know that alternatives exist, here are six options to use instead of GoToMeeting and WebEx:

1. AnyMeeting

AnyMeeting has been one of the quieter players in the web conferencing sector, but it’s solid service that has been pushing forward on the innovation front. Just two weeks ago, it announced that it had added WebRTC technology to its product so you don’t have to use Adobe Flash on some browsers. It has more than 400,000 users across its free and paid offerings.

2. FuzeBox

FuzeBox offers HD video and audio conferencing across quite a few platforms, including PC, Mac, iPhone, iPad, and Android phones and tablets. While you still have to download the apps, the software is cleaner and more intuitive than WebEx and GoToMeeting — so much so that FuzeBox counts big names like Amazon, eBay, Disney, NASA, Evernote, Verizon Wireless, and Spotify as customers.

3. Google Hangouts

Yes, Google Hangouts doesn’t exactly scream business. But so what? Hangouts offers the capability to chat with up to 10 people on a video call for free. You may also collaborate on Drive documents while you talk on a Hangout. This is an especially attractive offer for all the small businesses out there that don’t want to pay for more software and for enterprises that already use Google Apps.

4. Join.me

LogMeIn’s Join.me service is one of the strongest up-and-comers in the web-conferencing field. In my own tests, it works much faster than WebEx and GoToMeeting, but in most cases you do have to download the app once to start a meeting. If you are a participant on a call, however, you can join a meeting without a download — all the call organizer has to do is send you a link.

5. MeetingBurner

We talked with MeetingBurner last year and haven’t heard too much from the company since, but I recently spoke with CEO John Rydell, and he assures me his startup is very much alive and kicking. MeetingBurner uses the power of the cloud to make sure participants can hop on a call or webinar quickly without downloading software. You can host conference calls for up to 10 people for free without showing you ads, and if you need to conduct calls with even more attendees, it undercuts WebEx and GoToMeeting’s prices.

6. Zoom

Zoom was founded in 2011 by folks from Cisco and WebEx who wanted to make a better video conferencing product. It offers HD video or voice conferences for up to 25 people, and it supports meetings on the web, Mac, Windows, iOS, and Android. It also includes a few extra nifty features that aren’t found on many competitors, including screen sharing from iPhone and iPad, a private cloud deployment option, and sharing a computer’s audio feed during screen sharing.


Source: http://venturebeat.com/2013/08/27/lets-dump-webex-and-gotomeeting-for-hosting-web-conferences/