Heartbleed test for OpenVPN

Posted by on April 11, 2014 6 comments
OpenVPN is affected by Heartbleed too

OpenVPN is affected by Heartbleed too

I guess you would not have landed here if you don’t read about Heartbleed. In case you really don’t know what its all about, catch up here. Since OpenVPN makes use of SSL/TLS (and most distributions use OpenSSL as the implementation of choice), OpenVPN is affected too (check the official page). Most test utilities out there can test HTTP and other protocols, however, I didn’t found a test which validates that a OpenVPN installation is safe. So I created one.

You can find the Python script over at Github. My version is an heavily altered version I found at Fox-It created by Jared Stafford and Yonathan Klijnsma.

Right now, the utility only supports UDP (which is used by default). The first arguments need to be the test server which then will be contacted and a TLS session initialized. The script then sends a invalid heartbeat request, which the server will respond to if he is vulnerable.

$ ./heartbleed_test_openvpn.py my.server.com
my.server.com|VULNERABLE

0000 18 03 01 10 13 02 10 00 48 65 61 72 74 62 6C 65 ........Heartble
0010 65 64 20 74 65 73 74 20 70 61 79 6C 6F 61 64 E2 ed test payload.
0020 0B 9E 38 34 EC 3D 66 2B 9C D5 63 00 00 68 C0 14 ..84.=f+..c..h..
0030 C0 0A 22 C0 C0 21 00 39 00 38 00 88 00 87 C0 0F ...".!.9.8......
0040 C0 05 00 35 00 84 C0 21 C4 08 1C 1C C0 1B 00 16 ...5............
0050 00 13 C0 0D C0 03 00 0A C0 13 C0 09 C0 1F C0 1E ................
0060 00 00 00 32                                     ...2

Read more »

Colibri T20 upstream Linux kernel

Posted by on March 16, 2014 4 comments

This article shows how to use a recent mainline/upstream Linux kernel on Toradex Colibri T20. Although Toradex provides a Linux BSP (based on L4T Kernel 3.1), there are reasons to use a mainline Linux kernel. Most prominent is to get a recent version of the Kernel itself, along with updated and new drivers. Having mainline support also might lead to having Distribution support in future, such as Debian or Fedora.

However, the mainline Linux kernel for Tegra 2 is not feature complete, especially proper DFVS (dynamic frequency and voltage scaling), NAND flash driver and a hardware accelerated 3D driver are missing. There are efforts reverse engineering the Tegra 2/3 graphic stack (see grate).

This how-to wipes the whole module, including the configuration block which contains serial number and MAC address. Its possible to restore those information using Toradex BSP and the create_configblock.sh utility. Since Toradex Tegra modules are not locked by a manufacturer key, one can use nvflash or tegrarcm to access the Boot ROM and reflash the device (see also this Blog post about that topic). The modules are, from a flashing perspective, unbrickable!

Ok, lets get started. Make sure you have a Linux cross compile toolchain for ARM ready (e.g. from Linaro) along with a device tree compiler (DTC). Read more »

Dissecting a Windows malware (Part 2)

Posted by on February 5, 2014 No comments

Today I looked a bit closer at the response sent from chromeupdatecenter.com to the request of the malware. The malware connects to Port 8080, most likely because the “malware webservice” runs on another HTTP server instance (the headers state nginx, while the main page is supposedly running Apache on a Ubuntu server). I figured out that the first 22152 bytes contains a bitmap. This bitmap is later on saved to the users temporary path (on Windows 7 to C:\Users\$USERNAME\AppData\Local\Temp\32239.bmp).

Desktop wallpaper after infection

Desktop wallpaper after infection

The image length also matches the header “ACC”, which states 22152. Although, the length of a bitmap is also available from its header, which would make the server code a bit easier, maybe something for their next version 😉

However, after the bitmap, there are still 493 bytes left. This should be either the encryption key or the message in the AlertEncryptor.txt files…. Read more »

Dissecting a Windows malware

Posted by on January 31, 2014 No comments

chromeupdatecenter.com Screenshot

Through a friend of my I got to this seemingly fresh malware named GoogleChromeUpdater.exe. The page (URL see at the end of the post) claims to distribute a important Chrome Update. However, the malware encrypt files and left an E-Mail address, the classic file kidnapping along with blackmailing.

Note: If you are infected by this malware your chances are bad to get back your data. The encryption key is likely only stored on the attackers server. Unless somebody breaks the encryption, you cannot restore your data. And of course, you should not feed criminals! 🙂

I could not resist and had to have a closer look at the malware…

Read more »

An introduction into the Tegra (boot) world

Posted by on January 16, 2014 No comments
Tegra Logo

Tegra Logo

This blog post provides a big picture of the Linux Tegra OSS world. The Wikipedia article about Tegra serves well to get an overview of the Tegra SoC in general, especially from the hardware side.

Linux/Android software provided from NVidia for the Tegra processors are generally known as Linux for Tegra (L4T). Beside the Kernel and its sources, this includes proprietary driver binaries and utilities.

On the other side, today, open source projects such as Linux or U-Boot have a fairly well upstream support for Tegra too. Also thanks to the effort of NVidia providing open source code and documentation as well as pushing things upstream.

This article should provide a big picture about the boot process, available boot software and the state of upstream implementation. Its not a complete view of things, but it would have helped me learning about the Tegra world, so it might help others too :-).

Read more »

Adaptec 6805H single in a Linux server

Posted by on January 14, 2014 No comments

In order to extend the amount of SATA disk in my server I decided to use the Adaptec 6805H single Host Bus Adapter (which converts from PCI-E bus to SAS/SATA bus :-)). The device uses a PMC PM80xx chipset. SAS is backward compatible to SATA, one can connect up to 4 devices on a SAS port on this device. The BIOS is not very fast, however my four SATA disks were recognized without any problem. Also, the Ubuntu 13.04 Linux Kernel detected the card with the PCI-ID 9005:8081 using the module pm80xx. Rebuilding of a RAID5 consisting of 4 WD Red 3TB disks went reasonable fast with approximately 130MB/sec. So far, I can recommend that controller for Linux users! Read more »

Install Crazyfly CFClient on Arch Linux (Bitcraze)

Posted by on January 12, 2014 No comments

In order to run Crazyfly python client (CFClient) some prerequisite have to be installed.

# pacman -S python2 python2-pygame python2-pyqt4

Install libusb from AUR

# yaourt -S python2-pyusb

Also, if you want to get the sources directly from the repository, buy mercurial.

# pacman -S mercurial
$ hg clone https://bitbucket.org/bitcraze/crazyflie-pc-client
$ cd crazyflie-pc-client
$ python2 bin/cfclient

 

Online resize root filesystem on a GPT partition

Posted by on December 22, 2013 6 comments

This short tutorial shows how to resize a ext4 root filesystem online. Most people use gparted from a recovery system for this task, and I also recommend that for if you are not familiar with the tools used in this guide. Also, make sure you have a backup of the data (I did this myself on a system I just installed, so I would not mind if anything goes wrong). Generally this is not different from doing a manual MBR/fdisk resize, except that we need to treat the unique partition GUID specially since we should maintain it (for boot loaders/boot managers).

So, here is how I resized my ext4 root partition (sda2) using gdisk and resize2fs: Read more »

Setting up schroot for Python multiprocessing

Posted by on October 29, 2013 No comments

When using Arch Linux, its sometimes required to run something in a older/stable releaes of a Linux distribution. For this purpose I have a Ubuntu 12.04 LTS installation in a schroot environment. However, using Bitbake (a heavily multithreded and Python based build utility) The build aborted with the error:

  File "/usr/lib/python2.7/multiprocessing/queues.py", line 63, in __init__
    self._rlock = Lock()
  File "/usr/lib/python2.7/multiprocessing/synchronize.py", line 147, in __init__
    SemLock.__init__(self, SEMAPHORE, 1, 1)
OSError: [Errno 13] Permission denied

Read more »

Graphical boot splash screen with Nvidia binary drivers

Posted by on October 20, 2013 No comments

Recently I had a hard time to bring graphical boot splash screen (Plymouth) to work on a Ubuntu 13.10 Saucy Salamander installation. I use the Nvidia binary driver and activated uvesafb therefor (see this blog post how to do this). However, it didn’t work. In the end two pieces were missing: Read more »