comm - Dave's Blog


Search

Cdb/Windbg Commands for Runtime Patching

Feb 8, 1:47

You can use conditional breakpoints and debugging commands in windbg and cdb that together can amount to effectively patching a binary at runtime. This can be useful if you have symbols but you can't easily rebuild the binary. Or if the patch is small and the binary requires a great deal of time to rebuild.

Skipping code

If you want to skip a chunk of code you can set a breakpoint at the start address of the code to skip and set the breakpoint's command to change the instruction pointer register to point to the address at the end of the code to skip and go. Voila you're skipping over that code now. For example:

bp 0x6dd6879b "r @eip=0x6dd687c3 ; g"

Changing parameters

You may want to modify parameters or variables and this is simple of course. In the following example a conditional breakpoint ANDs out a bit from dwFlags. Now when we run its as if no one is passing in that flag.

bp wiwi!RelativeCrack "?? dwFlags &= 0xFDFFFFFF;g"

Slightly more difficult is to modify string values. If the new string length is the same size or smaller than the previous, you may be able to modify the string value in place. But if the string is longer or the string memory isn't writable, you'll need a new chunk of memory into which to write your new string. You can use .dvalloc to allocate some memory and ezu to write a string into the newly allocated memory. In the following example I then overwrite the register containing the parameter I want to modify:

.dvalloc 100
ezu 000002a9`d4eb0000 "mfcore.dll"
r rcx = 000002a9`d4eb0000

Calling functions

You can also use .call to actually make new calls to methods or functions. Read more about that on the Old New Thing: Stupid debugger tricks: Calling functions and methods. Again, all of this can be used in a breakpoint command to effectively patch a binary.

PermalinkCommentscdb debug technical windbg

Let's Encrypt NearlyFreeSpeech.net Setup

Feb 4, 2:48

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

4 people are living in an isolated habitat for 30 days. Why? Science!

Feb 1, 3:27

nasa:

This 30 day mission will help our researchers learn how isolation and close quarters affect individual and group behavior. This study at our Johnson Space Center prepares us for long duration space missions, like a trip to an asteroid or even to Mars.

image

The Human Research Exploration Analog (HERA) that the crew members will be living in is one compact, science-making house. But unlike in a normal house, these inhabitants won’t go outside for 30 days. Their communication with the rest of planet Earth will also be very limited, and they won’t have any access to internet. So no checking social media kids!

The only people they will talk with regularly are mission control and each other.

image

The crew member selection process is based on a number of criteria, including the same criteria for astronaut selection.

What will they be doing?

Because this mission simulates a 715-day journey to a Near-Earth asteroid, the four crew members will complete activities similar to what would happen during an outbound transit, on location at the asteroid, and the return transit phases of a mission (just in a bit of an accelerated timeframe). This simulation means that even when communicating with mission control, there will be a delay on all communications ranging from 1 to 10 minutes each way. The crew will also perform virtual spacewalk missions once they reach their destination, where they will inspect the asteroid and collect samples from it. 

A few other details:

  • The crew follows a timeline that is similar to one used for the ISS crew.
  • They work 16 hours a day, Monday through Friday. This includes time for daily planning, conferences, meals and exercises.  
  • They will be growing and taking care of plants and brine shrimp, which they will analyze and document.

But beware! While we do all we can to avoid crises during missions, crews need to be able to respond in the event of an emergency. The HERA crew will conduct a couple of emergency scenario simulations, including one that will require them to maneuver through a debris field during the Earth-bound phase of the mission. 

image

Throughout the mission, researchers will gather information about cohabitation, teamwork, team cohesion, mood, performance and overall well-being. The crew members will be tracked by numerous devices that each capture different types of data.

image

Past HERA crew members wore a sensor that recorded heart rate, distance, motion and sound intensity. When crew members were working together, the sensor would also record their proximity as well, helping investigators learn about team cohesion.

Researchers also learned about how crew members react to stress by recording and analyzing verbal interactions and by analyzing “markers” in blood and saliva samples.

image

In total, this mission will include 19 individual investigations across key human research elements. From psychological to physiological experiments, the crew members will help prepare us for future missions.

Make sure to follow us on Tumblr for your regular dose of space: http://nasa.tumblr.com

PermalinkComments

Retweet of soaj1664ashar

2015 Dec 5, 12:52
[Blogged]: The Dark Side of Comments: https://respectxss.blogspot.de/2015/12/the-dark-side-of-comments.html … #XSS #comments
PermalinkComments

Retweet of creativecommons

2015 Nov 24, 12:13
Why is a museum suing Wikipedia for sharing? http://www.communia-association.org/2015/11/24/why-is-a-museum-suing-wikipedia-for-sharing/ … via @communia_eu pic.twitter.com/yEgIuc31wi
PermalinkComments

Retweet of SwiftOnSecurity

2015 Nov 15, 11:34
@snowden please stop teaching terrorists how to encrypt their communications with PlayStation 4
PermalinkComments

Tweet from David_Risney

2015 Oct 23, 2:15
Considering replacing my very aged home WAPs & router. Recommendations? This looks enticing: http://arstechnica.com/gadgets/2015/10/review-ubiquiti-unifi-made-me-realize-how-terrible-consumer-wi-fi-gear-is/ …
PermalinkComments

Tweet from David_Risney

2015 Oct 19, 9:37
Amazon Fresh just went up $300/yr. Angry and sad to switch services after ~5yrs. Alternatives recommendations? http://www.geekwire.com/2014/tough-swallow-longtime-amazon-fresh-customers-bolting-new-299year-subscription/ …
PermalinkComments

Tweet from David_Risney

2015 Oct 13, 9:43
Neat hack: use victim's headphone wire as antenna to send audio commands to their phone's Siri http://www.wired.com/2015/10/this-radio-trick-silently-hacks-siri-from-16-feet-away/ …
PermalinkComments

Retweet of troyhunt

2015 Aug 2, 10:14
Just gave the CSP Rule Collector Fiddler extension from @David_Risney a run. This is excellent, highly recommended! https://twitter.com/ericlaw/status/627572451015168000 …
PermalinkComments

Tweet from David_Risney

2015 Jul 16, 9:39
Adblock Plus forum user has a feature request: block commercials on smart TVs. https://twitter.com/SwiftOnSecurity/status/622089615172726784 …
PermalinkComments

Retweet of ChromiumDev

2015 Apr 14, 7:29
Now in Chrome 43, document.execCommand() gives you programmatic access to copy and cut content to the clipboard! http://updates.html5rocks.com/2015/04/cut-and-copy-commands …
PermalinkComments

Eminem meets Beatles: http://8mileandabbey.com/

2015 Apr 14, 8:08


Eminem meets Beatles: http://8mileandabbey.com/

PermalinkComments

Retweet of ncardozo

2015 Apr 11, 10:58
The NSA does not have "an absolute right to gain access to every way in which two people may choose to communicate." http://arstechnica.com/tech-policy/2015/04/nsa-dreams-of-smartphones-with-split-crypto-keys-protecting-user-data/ …
PermalinkComments

Tweet from David_Risney

2015 Mar 25, 12:15
Cool Creative Commons limited edition shirt made of Noun Project images - http://creativecommons.org/weblog/entry/45224 … @creativecommons. Just ordered mine!
PermalinkComments

Retweet of latest_is

2015 Mar 23, 8:01
OK Go - Red Star Macalline Commercial - YouTube https://www.youtube.com/watch?v=PjquJ5hi6zE&list=PLFdTtsxKP2oEFFk9xId-AXqAPE2Dp92VY&index=2 …
PermalinkComments

Retweet of 18F

2015 Mar 16, 9:48
Today the White House is proposing an HTTPS-only standard for the entire federal government: https://https.cio.gov  Public comment welcome!
PermalinkComments

Retweet of FioraAeterna

2015 Mar 7, 3:51
"This assert would've saved me hours of debugging. Why was it off?" *git blame* commit: "disable assert that caused test failures" *sobs*
PermalinkComments

Retweet of TheOnion

2015 Feb 8, 9:00
New Premium Uber Service Lets Users Commandeer Any Car http://onion.com/1DYe4vS  pic.twitter.com/6tLHOHz48t
PermalinkComments

npr:The jobs picture has changed profoundly since the 1970s....

2015 Feb 6, 10:50


npr:

The jobs picture has changed profoundly since the 1970s. This map shows how that has played out across the country.

Map: The Most Common Job In Every State

Source: IPUMS-CPS/ University Of Minnesota
Credit: Quoctrung Bui/NPR

PermalinkComments
Older Entries Creative Commons License Some rights reserved.