tag:blogger.com,1999:blog-36068093683898611082024-03-02T09:29:28.245-08:00C-skillsSebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.comBlogger216125tag:blogger.com,1999:blog-3606809368389861108.post-37376737205161591582023-12-29T00:31:00.000-08:002023-12-29T00:31:33.727-08:00crash + psc 37c3 release<p><span style="font-family: courier;"><a href="https://github.com/stealth/crash" target="_blank">crash</a> and <a href="https://github.com/stealth/psc" target="_blank">psc</a> now build and run on <i>Windoze</i> systems. </span><span style="font-family: courier;"><b>psc</b> contains a new feature that lets you bounce binary data </span><span style="font-family: courier;">back and forth through your local pty to a e.g. remote <i>netcat</i>, </span><span style="font-family: courier;"><i>dd</i> or other utilities so you can fwd SSH connections directly </span><span style="font-family: courier;">through your terminal or up/download binary data without any remote agent.</span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-38821594200561458322023-11-23T01:23:00.000-08:002023-11-23T01:23:24.852-08:00Roaming trickery<p><span style="font-family: courier;">I added support for roaming and suspend/resume to <a href="https://github.com/stealth/crash">crash</a>. Now </span><span style="font-family: courier;">you can change your IP, VPN, physlayer, NAT, VM-routing etc. at runtime </span><span style="font-family: courier;">and stay connected to your remote shell. You may also suspend the </span><span style="font-family: courier;">session to a ticket and resume it from a different laptop from the </span><span style="font-family: courier;">other side of the globe while keeping your shell.</span></p><p><span style="font-family: courier;">Privacy side note: As always, this implies that you know what you are doing when using VPNs. Disrupted VPN routing may leak your IP address regardless of roaming but with roaming enabled you wouldn't immediately </span><span style="font-family: courier;">notice as the session just continues. However, to reveal the IP a single leaked packet suffices.</span></p><p><span style="font-family: courier;">It is now also possible to build and run <a href="https://github.com/stealth/crash">crash</a> and <a href="https://github.com/stealth/psc">psc</a> on <i>Windows</i>, </span><span style="font-family: courier;">including all the nice features.</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-63795297663623188782023-09-01T02:18:00.000-07:002023-09-01T02:18:53.135-07:00More crash + psc trickery<p><span style="font-family: courier;">I reworked the local address binding and connecting part of </span><span style="font-family: courier;">my anti censorship tools <a href="https://github.com/stealth/crash">crash</a> and <a href="https://github.com/stealth/psc">psc</a>, so it is now possible </span><span style="font-family: courier;">to use <i>SOCKS5</i> client side connects by using <b>-x</b> (similar to curl) </span><span style="font-family: courier;">and to let the <i>SOCKS5</i> proxy resolve DNS names (<b>-N</b>) in order </span><span style="font-family: courier;">to allow browsing with <i>chrome</i> (but check README).</span></p><p><span style="font-family: courier;">You can also check out @fullspectrumdev's <a href="https://www.fullspectrum.dev/">blog writeups</a> on pentest </span><span style="font-family: courier;">use-cases and cross-compilation.</span></p><p><span style="font-family: courier;">Interestingly, OpenSSH <a href="https://undeadly.org/cgi?action=article;sid=20230829051257">now also supports traffic blinding</a>, which is </span><span style="font-family: courier;">included in crash since years.</span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-15577952040029308132023-07-06T04:47:00.006-07:002023-07-06T04:49:08.281-07:00New 7350 0day trickery (cybah cybah)<p> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFRUO58p3yxpBemhFnv70tE0aEMhtiG_a_nKyQdIosxAuwyePDdWFjqMy8OHdcFzYa60kyc7vwS5NfXNWOuOfgg-Uq6lE8VXp8i4iyawLZTGS-lXShDFN2TARVlq7fUTMf-c3Z3zfwpZYUf4mx5kptoAA4kK9gug4f_uwR-R7FcljaP71BCZA3Wq4vnGzD/s748/logo.jpg" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="90" data-original-width="748" height="76" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFRUO58p3yxpBemhFnv70tE0aEMhtiG_a_nKyQdIosxAuwyePDdWFjqMy8OHdcFzYa60kyc7vwS5NfXNWOuOfgg-Uq6lE8VXp8i4iyawLZTGS-lXShDFN2TARVlq7fUTMf-c3Z3zfwpZYUf4mx5kptoAA4kK9gug4f_uwR-R7FcljaP71BCZA3Wq4vnGzD/w628-h76/logo.jpg" width="628" /></a></p><br /><p></p><p><span style="font-family: courier;">Manjaro seems to be quite popular distro, according to </span><span style="font-family: courier;">distrowatch. LPE can be found</span> <a href="https://github.com/c-skills/vala-vala-hey"><span style="font-family: courier;">here</span></a>.</p><p><br /></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-89443526364422428802023-03-16T01:46:00.001-07:002023-03-16T01:48:01.767-07:00More tunneling trickery<p><span style="font-family: courier;">In order to properly proxy messenger apps from censored </span><span style="font-family: courier;">networks to outside, I added the <b>-X</b> switch to <a href="https://github.com/stealth/crash">crash</a> and </span><span style="font-family: courier;">documented on how you would configure your setup within the <a href="https://github.com/stealth/crash/blob/master/contrib/proxywars.md">contrib</a> </span><span style="font-family: courier;">folder.</span></p><p><span style="font-family: courier;">It is already field-tested in certain countries. Nevertheless, if you have deeper </span><span style="font-family: courier;">knowledge on censorship equipement or extra tips for better connectivity and can battle test the setups, just let me know.</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-47292782731746572252023-01-12T03:42:00.000-08:002023-01-12T03:42:35.507-08:00Tunneling trickery<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJiEG_RLX8Ckh8pYCJx2VrhdC_ogcRGplckspXjMXnISY-U95SpsK3R-14IMl42666goPXFKKLUfV3uS2GcZkqL3eGS0Aa0UaD2S0r3JyB6NQxsH0rPLY4pvegqqxmvvz9NkfAbHtIIgiV68UkOB36ui8vnyTcVPkwAU5l7J1UEDXde_HaXMVzJf0ccg/s566/fraud-bridge.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="98" data-original-width="566" height="55" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJiEG_RLX8Ckh8pYCJx2VrhdC_ogcRGplckspXjMXnISY-U95SpsK3R-14IMl42666goPXFKKLUfV3uS2GcZkqL3eGS0Aa0UaD2S0r3JyB6NQxsH0rPLY4pvegqqxmvvz9NkfAbHtIIgiV68UkOB36ui8vnyTcVPkwAU5l7J1UEDXde_HaXMVzJf0ccg/s320/fraud-bridge.jpg" width="320" /></a></div><br /><p></p><p><span style="font-family: courier;">I re-polished a <a href="https://github.com/stealth/fraud-bridge">10y old project</a> that is one of the most </span><span style="font-family: courier;">complete tunneling solutions available for ICMP, ICMPv6, DNS </span><span style="font-family: courier;">over IP and DNS over IPv6 when it comes to setting up connectivity in restrictive </span><span style="font-family: courier;">environments. </span><span style="font-family: courier;">I added some fixes so it now </span><span style="font-family: courier;">properly also works behind NAT.</span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-18393594518870805402022-12-30T02:37:00.001-08:002023-01-05T01:40:45.781-08:00DTLS trickery<p><span style="font-family: courier;">Probably the last post in 2022.</span></p><p><span style="font-family: courier;">I fixed <i>SOCKS5</i> handling in <a href="https://github.com/stealth/psc">psc</a> and <a href="https://github.com/stealth/crash">crash</a> so that it is now </span><span style="font-family: courier;">possible to use it with <i>curl </i>and IPv6. </span><span style="font-family: courier;">Also added <b>DTLS</b> (read: <b>TLS</b> over <b>UDP</b>) support for <i>crash</i> in order </span><span style="font-family: courier;">to make it possible to use anti censorship <i>SOCKS</i> proxies </span><span style="font-family: courier;">in countries that block outgoing <b>TCP</b> connections such as in </span><span style="font-family: courier;">Iran (see previous post).</span></p><p><span style="font-family: courier;">When I read about <i>LibreSSL</i> having <b>QUIC</b> support, I tried to use </span><span style="font-family: courier;">this, but their bold announcement was a spoiler. They only </span><span style="font-family: courier;">"support" the <b>QUIC</b> handshake to obtain keying materials by means of <b>TLS</b> integration. </span><span style="font-family: courier;">I wouldn't really call this "QUIC support", although I love </span><span style="font-family: courier;"><i>LibreSSL</i> much more than <i>OpenSSL</i> (due to their permanent API </span><span style="font-family: courier;">changes). As <b>DTLS</b> has only reliability </span><span style="font-family: courier;">for its handshake, I had to add my own TCP-style data flow </span><span style="font-family: courier;">mechanisms to handle packet loss and re-orders. <i>OpenSSL</i> also wants to add <b>QUIC</b> support, so lets </span><span style="font-family: courier;">see in a couple of years how far this goes (hopefully with </span><span style="font-family: courier;">full proto and API support and not just the handshake) to finally </span><span style="font-family: courier;">have a usable <b>QUIC</b> lib.</span></p><p><span style="font-family: courier;"><i>Crash</i> also switched from <b>TLS</b> v1.2 to v1.3 being mandatory, </span><span style="font-family: courier;">i.e. it is not proto compatible to the 2.x versions anymore. As soon </span><span style="font-family: courier;">as <b>DTLS</b> v1.3 will be widely deployed, it will also switch to </span><span style="font-family: courier;"><b>DTLS</b> v1.3. Due to all these new features and compat things the crash-3 </span><span style="font-family: courier;">versions are dubbed experimental (although working stable).</span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;">Wish you a nice rest of 2022 and a Guten Rutsch for 2023!</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-60629628520183968042022-11-03T06:00:00.001-07:002022-11-11T00:02:14.322-08:00SNI trickery<p><span style="font-family: courier;">We at c->skills know how the Hase läuft and therefore </span><span style="font-family: courier;">made a writeup on </span><a href="https://github.com/c-skills/sniprobe" style="font-family: courier;">SNI probing and blocking</a><span style="font-family: courier;">.</span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-45913676283516436572022-07-29T00:28:00.004-07:002022-07-29T00:28:56.913-07:00Parallel find trickery<p><span style="font-family: courier;">Since a parallel version of <i>nftw()</i> already existed </span><span style="font-family: courier;">inside my <a href="https://github.com/stealth/grab">greppin</a> project, it was only little effort </span><span style="font-family: courier;">to add a parallel find: <b>spot</b></span></p><p><span style="font-family: courier;"><br /></span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQk8Kwgl5g9mnQjKoMVWemnGMCFHWTDP1I49VSiDi6HwNaj1f-lgP0fbhWU70IaQu0z3bpsUebxEeif03ymK2PTwsCwyEbRpWV7A8uqwXhgA7BBh39AotiSCiFwbLzwFT-YQGSrvA048XPejL546UNeqHITP94BBfxEjXuSilmYMqN-WJpQhM1rSl7UA/s486/spot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="288" data-original-width="486" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQk8Kwgl5g9mnQjKoMVWemnGMCFHWTDP1I49VSiDi6HwNaj1f-lgP0fbhWU70IaQu0z3bpsUebxEeif03ymK2PTwsCwyEbRpWV7A8uqwXhgA7BBh39AotiSCiFwbLzwFT-YQGSrvA048XPejL546UNeqHITP94BBfxEjXuSilmYMqN-WJpQhM1rSl7UA/s320/spot.jpg" width="320" /></a></div><br /><span style="font-family: courier;"><br /></span><p></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-16150453835995556392022-05-11T23:01:00.000-07:002022-05-11T23:01:42.126-07:00New commits trickery<p> <span style="font-family: courier;">I commited some changes to some of my gh projects:</span></p><p><a href="https://github.com/stealth/psc" style="font-family: courier;">psc</a><span style="font-family: courier;"> is now using an embedded <i>AES</i> and <i>SHA-512</i> implementation, </span><span style="font-family: courier;">in order for easier builds for embedded systems w/o proper </span><span style="font-family: courier;">SDK support. E.g. it is now super easy to have <i>Android</i> </span><span style="font-family: courier;">binaries built with it, w/o messing with <i>BoringSSL</i> builds. </span><span style="font-family: courier;">It also contains a base64 en/decoder on the </span><span style="font-family: courier;">remote side callable via </span><i style="font-family: courier;">pscr -E</i><span style="font-family: courier;"> or </span><i style="font-family: courier;">pscr -D </i><span style="font-family: courier;">for convenience. Last not least, you can script <i>psc</i> sessions via </span><span style="font-family: courier;"><i>pscsh.</i> Something similar you propably know from <i>screen</i> with shared sessions.</span></p><p><span style="font-family: courier;">For <a href="https://github.com/stealth/harddns">harddns</a>, my <i>DoH</i> solution - that was one of the first Open Source <i>DoH</i> implementations available at all - I added NXDOMAIN </span><span style="font-family: courier;">replies for PTR queries, in order to keep up with newer net-utils </span><span style="font-family: courier;">packages on current distributions which always try to reverse-resolve </span><span style="font-family: courier;">obtained A records to PTR records. I also updated the shipped default config to remove the <i>PowerDNS DoH </i>servers, as they recently have shutdown </span><span style="font-family: courier;">this service :(</span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-20512575159758543962022-02-24T00:41:00.001-08:002022-03-25T02:39:16.934-07:00Anniversary trickery<p><span style="font-family: courier;">Some of you probably already noticed in past, but almost exactly </span><span style="font-family: courier;">one year ago, I founded my own company:</span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEg4KKpP8eB7s7FAIeXkB43xJynYGTXPZF62Cm9wVL8Kigoi0Nstw99jW2oRpohRNLlm8HiYaRxBgWtc2ubhYl55TbdV3xH0CLL9I0mQmITEWCIITA-XBigmbCzU8CMs8o-Dy3oOgIoxA7gHbSP3IjDwK8UTLt9XzLBZgENOyNdADmsQiP2YBemjUp9qIA=s640" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="117" data-original-width="640" height="59" src="https://blogger.googleusercontent.com/img/a/AVvXsEg4KKpP8eB7s7FAIeXkB43xJynYGTXPZF62Cm9wVL8Kigoi0Nstw99jW2oRpohRNLlm8HiYaRxBgWtc2ubhYl55TbdV3xH0CLL9I0mQmITEWCIITA-XBigmbCzU8CMs8o-Dy3oOgIoxA7gHbSP3IjDwK8UTLt9XzLBZgENOyNdADmsQiP2YBemjUp9qIA=s320" width="320" /></a></div><p></p><p><span style="font-family: courier;">You can find more details about the exact services at our </span><a href="https://github.com/c-skills/welcome" style="font-family: courier;">gh landing page</a><span style="font-family: courier;">. In order to celebrate our 1y, </span><span style="font-family: courier;">I pushed new commits to our </span><a href="https://github.com/stealth/grab" style="font-family: courier;">performance flagship</a><span style="font-family: courier;"> </span><i style="font-family: courier;">greppin</i><span style="font-family: courier;">. </span><span style="font-family: courier;">It is now basically lock-free and runs faster than ripgrep.</span></p><p><span style="font-family: courier;">Thanks to our clients who made this possible! If things go well </span><span style="font-family: courier;">as before, I will also alloc() a merchandise budget, so you </span><span style="font-family: courier;">may ask me for free tee-shirts at the conferences.</span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-67152334969371694572021-12-15T02:36:00.000-08:002021-12-15T02:36:34.108-08:00OpenSSL 3.0.0 API trickery<p> </p><p><span style="font-family: courier;">I refactored <a href="https://github.com/stealth/opmsg">opmsg</a> for the new <i>OpenSSL 3.0.0</i> API and put </span><span style="font-family: courier;">it into the </span><b style="font-family: courier;">openssl3-dev</b><span style="font-family: courier;"> branch. </span><b style="font-family: courier;">Master</b><span style="font-family: courier;"> branch is still the main </span><span style="font-family: courier;">development branch and both branches produce 1:1 identical </span><span style="font-family: courier;">output of messages, so one can cross-over test them. Over the long run </span><span style="font-family: courier;">it is probably necessary to switch to </span><i style="font-family: courier;">OpenSSL 3.0</i><span style="font-family: courier;">, but the </span><span style="font-family: courier;">downside is that it will lose compatibility with the </span><i style="font-family: courier;">LibreSSL </i><span style="font-family: courier;">API.</span></p><p><span style="font-family: courier;">On the plus side, I learned a lot of the inner workings of <b>OpenSSL</b></span><span style="font-family: courier;"> while refactoring my own code. Including misleading </span><span style="font-family: courier;">man pages.That will definitely give me an adavantage for </span><span style="font-family: courier;">the next crypto project code review. :)</span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;">Wish you a nice pre-xmas time!</span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-68895347742423634862021-10-11T02:51:00.001-07:002021-10-11T02:51:30.008-07:00DevOps trickery<p><span style="font-family: courier;">I released some <a href="https://github.com/stealth/devpops">DevOps research</a> about self-replicating </span><span style="font-family: courier;">code spreading across gits.</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-81607579206634180752021-08-24T05:52:00.002-07:002021-08-24T05:52:42.901-07:00Post-Quantum opmsg trickery<p><span style="font-family: courier;">I have added patches to <a href="https://github.com/stealth/opmsg">opmsg</a> to implement PQC during </span><span style="font-family: courier;">the <i>transitioning phase</i>. Adding PQC sounds easier than it actually </span><span style="font-family: courier;">is, as there are several (administrative) problems:</span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;">* So far, no PQC algo has been standartized. Everything is still </span><span style="font-family: courier;">floating and in progress.</span></p><p><span style="font-family: courier;">* Several PQC open-source projects exist, such as <i>OpenQuantumSafe</i> </span><span style="font-family: courier;">which implement the candidate algos, but which </span><span style="font-family: courier;">recommend to not use their impl in production </span><span style="font-family: courier;">code.</span></p><p><span style="font-family: courier;">* Some patches for <i>OpenSSL 1.1.0</i> exist such as for NTRU, but </span><span style="font-family: courier;">only cover the 1.1 API which will soon be denounced.</span></p><p><span style="font-family: courier;">* <i>OpenSSL 3.0</i> on the rising, changing the ENGINE API in favor of </span><span style="font-family: courier;">"Providers", but I didn't see any PQC code in it.</span></p><p><span style="font-family: courier;">* Big tech companies making their own PQC patches and tests </span><span style="font-family: courier;">for marketing reasons but these are not usable for <i>opmsg</i> </span><span style="font-family: courier;">as they only cover TLS handshakes for their own good.</span></p><p><span style="font-family: courier;">Sounds to me like I could only bet on the wrong horse by making </span><span style="font-family: courier;"><i>any</i> decision.</span></p><p><span style="font-family: courier;">Therefore, I decided to agnostically add PQC support by following </span><span style="font-family: courier;"><a href="https://bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Post-Quanten-Kryptografie.pdf">recommendations of the BSI</a> when migrating crypto to PQC for the </span><span style="font-family: courier;">time being. That means extending <i>opmsg</i> Brainkey Personas </span><span style="font-family: courier;">by a second type "brainkey2" which adds a symmetric salt </span><span style="font-family: courier;">in the ECDH Kex. This is transparent to the user. At the </span><span style="font-family: courier;">same time, I ban non-AEAD symmetric algorithms for future encrypts </span><span style="font-family: courier;">(decrypts still work for compat) and extend the coverage of the AEAD to the entire message, including the header. That means that the entire opmsg is not only integrity protected by the ECDSA signature, </span><span style="font-family: courier;">but also by the AES-GCM MAC. The PFS property and everything else </span><span style="font-family: courier;">stays the same. The new default calgo is now "aes256gcm".</span></p><p><span style="font-family: courier;">I am sorry I had to kick <i>bf</i>, <i>cast5</i> and <i>ripemd160</i> from newly encrypted messages, but these algos are outdated anyway. It should </span><span style="font-family: courier;">still be possible to decrypt all previous messages, despite </span><span style="font-family: courier;">of ciphers and persona types.</span></p><p><span style="font-family: courier;">I have to check how <i>OpenSSL</i> develops, as I want to keep </span><span style="font-family: courier;">compatibility with <i>LibreSSL</i> API. So I have to be careful </span><span style="font-family: courier;">when adding new symmetric ciphers with AEAD capability such </span><span style="font-family: courier;">as </span><span style="font-family: courier;"><i>EVP_aria_256_gcm()</i>.</span></p><p><span style="font-family: courier;"><br /></span></p><p><br /></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-42630512931262270142021-07-23T02:28:00.004-07:002021-07-23T02:28:52.156-07:00multiple stuff trickery<p><span style="font-family: courier;">I added some new features and workarounds to some of my </span><span style="font-family: courier;">projects:</span></p><p><span style="font-family: courier;"><br /></span></p><p><span style="font-family: courier;">* New features for <a href="https://github.com/stealth/crash">crash</a>, namely TCP and UDP port forwarding </span><span style="font-family: courier;">similar </span><span style="font-family: courier;">to </span><a href="https://github.com/stealth/psc" style="font-family: courier;">psc</a> <span style="font-family: courier;">and some other neat stuff</span></p><p><span style="font-family: courier;">* better support for brainkey personas in <a href="https://github.com/stealth/opmsg">opmsg</a>, as well as workarounds for a recent <i>OpenSSL</i> regression that does not allow to set ECDH privkeys to NULL any longer when doing the PFS Kex</span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-85186735440901683022021-06-07T05:17:00.003-07:002021-06-07T05:17:45.382-07:00harddns updates<p><span style="font-family: courier;">Google DoH again changed their JSON replies, so </span><span style="font-family: courier;">I had to adjust my </span><span style="font-family: courier;"><a href="https://github.com/stealth/harddns">harddns</a> parsing. Otherwise you will get NXDOMAIN when asking </span><span style="font-family: courier;">8.8.8.8.</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-85271254549866636722021-05-26T00:19:00.003-07:002021-05-26T00:19:44.870-07:00DGC trickery<p><span style="font-family: courier;">In order to re-find all the necessary documents easily, I created a <a href="https://github.com/stealth/greenday">repo</a> to have the EU vaccination certificate stuff in a single place. I will add code, keys and threat analysis as I go.</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-40552069779946357912021-05-25T04:53:00.001-07:002021-05-25T04:58:34.492-07:00New quircs<p><span style="font-family: courier;">The small footprint <a href="https://github.com/dlbeer/quirc">quirc</a> QR decoding lib has merged some fixes </span><span style="font-family: courier;">that makes it way more reliable when scanning flipped QR codes. I merged </span><span style="font-family: courier;">these fixes myself to <a href="https://github.com/stealth/opmsg-qr">opmsg-qr</a> (which forks quirc), so its in turn also more </span><span style="font-family: courier;">reliable when scanning <a href="https://github.com/stealth/opmsg">opmsg</a> QR-code keys sent via </span><span style="font-family: courier;">phone messengers. Give it a try! Painless opmsg persona sharing </span><span style="font-family: courier;">via <i>Signal</i> and such. Still recommended to use camera </span><span style="font-family: courier;">with auto-focus. Scanning QR codes with opmsg-qr however needs some seconds, compared on what you experience by scanning with your phone. So, just experiment with it to get a feeling and how it could be useful.</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-8239910011589008372021-05-21T02:18:00.003-07:002021-05-21T02:18:51.431-07:00Armbian trickery<p><span style="font-family: courier;">Some <a href="https://github.com/stealth/7350topless">new root magic</a> for IoT ARM boards. This time for </span><span style="font-family: courier;">Armbian, </span><span style="font-family: courier;">in </span><span style="font-family: courier;">a very generic way so to run on almost all boards.</span></p><p><span style="font-family: courier;"><br /></span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgj7PssvpxwcqNrxDJB7-xufrFtPGqjaEI-iM06cz9dEcXAWjonh7yyXwgRGeG_x2_3pl-ZZDx1JJMng5ynNQxtXXBqt_-g1BIETaCYJLaPJNX39iFk-Cc2nNJlA_iDkQYDeukXE98tu4Qr/s923/screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="749" data-original-width="923" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgj7PssvpxwcqNrxDJB7-xufrFtPGqjaEI-iM06cz9dEcXAWjonh7yyXwgRGeG_x2_3pl-ZZDx1JJMng5ynNQxtXXBqt_-g1BIETaCYJLaPJNX39iFk-Cc2nNJlA_iDkQYDeukXE98tu4Qr/s320/screenshot.jpg" width="320" /></a></div><br /><span style="font-family: courier;"><br /></span><p></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-58290587960605190582021-04-13T05:04:00.002-07:002021-04-13T05:04:42.469-07:00PSC SOCKS trickery<p><span style="font-family: courier;">I submitted a patch to <a href="https://github.com/stealth/psc">PSC</a> SOCKS handling. The bug that </span><span style="font-family: courier;">was fixed could lead to poor browsing experience. By now, </span><span style="font-family: courier;">its not necessary anymore to click the reload button to </span><span style="font-family: courier;">finish loading of some sites.</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-12514315393718723302021-03-19T02:48:00.003-07:002021-03-19T02:48:57.782-07:00More IoT bugdoors<p> <span style="font-family: courier;">More LPE trickery for IoT boards can be found <a href="https://github.com/stealth/bananajoe">here.</a></span></p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzmZ_AdWyPJ77BuqrTghtW62ud4xa5EzmzO2Ok6sAGAr7LOFFfQS4k7rCzfYE-5SMnfT7COgIjHH21748hr13hs4-BLPXU7pHrIWuljLhNtMVvtIXisZfF_X8O4Yz3cnspNrug__LpRYMk/s734/screenshot.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="467" data-original-width="734" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzmZ_AdWyPJ77BuqrTghtW62ud4xa5EzmzO2Ok6sAGAr7LOFFfQS4k7rCzfYE-5SMnfT7COgIjHH21748hr13hs4-BLPXU7pHrIWuljLhNtMVvtIXisZfF_X8O4Yz3cnspNrug__LpRYMk/s320/screenshot.jpg" width="320" /></a></div><br /><p><br /></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-64472263209789709932021-03-12T02:36:00.002-08:002021-03-12T02:36:47.516-08:00tinkershell trickery<p><br /></p><p> <span style="font-family: courier;">After a couple of years, I published a new one of the famous boomsh </span><span style="font-family: courier;">exploits. This time for an IoT devel board, running a Debianish </span><span style="font-family: courier;">distribution for ARM. <a href="https://github.com/stealth/tinkershell">https://github.com/stealth/tinkershell</a></span></p><p><span style="font-family: courier;"><br /></span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoSk6Z2WUMabSCSxW0lAXLvadQedjay4pVZP9d61vhMbP5K7Qo_93zQsMk7LBYCHZ2lUqozFqsGKbVVKIb2LlJ9hUxtcc2CSbOcA0c9IzZFbdeSH63Xle4RnGUcPTlbYZOLlAwFXdQlDRl/s1235/board.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="834" data-original-width="1235" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoSk6Z2WUMabSCSxW0lAXLvadQedjay4pVZP9d61vhMbP5K7Qo_93zQsMk7LBYCHZ2lUqozFqsGKbVVKIb2LlJ9hUxtcc2CSbOcA0c9IzZFbdeSH63Xle4RnGUcPTlbYZOLlAwFXdQlDRl/s320/board.jpg" width="320" /></a></div><br /><span style="font-family: courier;"><br /></span><p></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-2590826998297561122021-01-15T01:50:00.002-08:002021-01-15T01:50:45.841-08:00More PSC trickery!!<p><span style="font-family: courier;">I updated <a href="https://github.com/stealth/psc">psc</a> to include <i>SOCKS4</i> and <i>SOCKS5</i> support, so you can </span><span style="font-family: courier;">now do crazy things like web browsing remote networks from within </span><span style="font-family: courier;">a modem dialup shell or portshell (even multihop), effectively </span><span style="font-family: courier;">upgrading a simple portshell to a SSH like e2e pty shell with </span><span style="font-family: courier;">the ability to forward TCP and UDP ports.</span></p><p><span style="font-family: courier;">This finally merges </span><span style="font-family: courier;">code into PSC that I started back in early 2000's, when </span><span style="font-family: courier;">I was in need to have TCP connections via modem dialups that actually did not have ppp to obtain an IP address to browse from.</span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com1tag:blogger.com,1999:blog-3606809368389861108.post-88163205655113737852021-01-07T02:11:00.003-08:002021-01-07T02:11:30.341-08:00Port Shell trickery<p> </p><p><span style="font-family: courier;">Added new feature to my old long running project <a href="https://github.com/stealth/psc">psc</a>. </span><span style="font-family: courier;">You may now forward TCP or UDP ports in a similar way </span><span style="font-family: courier;">as with ssh -L. The cool thing: You don't even need an </span><span style="font-family: courier;">IP address or network connection to the remote hop. </span><span style="font-family: courier;">An UART or modem connection will suffice. As long as </span><span style="font-family: courier;">you have a tty session, you can now slip TCPv4, UDPv4, TCPv6, UDPv6 </span><span style="font-family: courier;">through it and appear with your connections as if they </span><span style="font-family: courier;">were made on the remote end.</span></p><p><span style="font-family: courier;">A demo video is on <a href="https://asciinema.org/a/383043">asciinema</a>.</span></p><p><span style="font-family: courier;"><br /></span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0tag:blogger.com,1999:blog-3606809368389861108.post-16770422869538621222020-11-26T05:24:00.005-08:002020-11-26T05:28:18.866-08:00libusi++ shared_ptr fun<p><span style="font-family: courier;">I removed my own <i>shared_ptr<T></i> implementation, called <i>ref_count<T></i> </span><span style="font-family: courier;">from <a href="https://github.com/stealth/libusipp">libusipp</a>. Sorry for breaking the API, but when I started the project, there was no <i>shared_ptr<T></i> but now there is, and the standards version is of corse to prefer. It only comes to play when you register your own Layer2 RX or TX classes for example if you want to 'send' IP packets to a string or anything like that.</span></p><p><span style="font-family: courier;">Excuse the brief README (as I just noticed), but the project </span><span style="font-family: courier;">is > 20y old and mainly serves internal purposes, such as <a href="https://github.com/stealth/qdns">qdns</a>.</span></p><p><span style="font-family: courier;">I also uploaded a <a href="https://stealth.openwall.net/688EDD05A092E8D2.asc ">new github signing key</a>, as the old one expired.</span></p>Sebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.com0