Archive for December, 2010
Lightspark 0.4.5.1, with experimental PowerPC support
Posted by Alessandro Pignotti in Lightspark on December 16, 2010
Lightspark standalone executing YouTube on a ppc64 Debian machine
Only a few days have passed since the 0.4.5 and a new Lightspark release is already out! With big news for PowerPC users. The main new feature of this release is experimental support for the PPC platform!
Currently the performance of the video playback is far from ideal as some very inefficient code is used on a critical path, and will be rewritten in an efficient manner. Nonetheless tests and bug reports from PowerPC users are very welcome.
Beside this feature the release include:
- A fix to restore YouTube support
- A new AMF3 parser that will be used to provide Local Shared Object (flash cookies) support in a following release.
Packages will be as usually available for Ubuntu Maverick from the PPA for the i386 and amd64 architecture. Packages for PPC are not currently available as launchpad does not support ppc packages.
Lightspark 0.4.5.1, with experimental PowerPC support
Posted by Alessandro Pignotti in Lightspark on December 16, 2010
Lightspark standalone executing YouTube on a ppc64 Debian machine
Only a few days have passed since the 0.4.5 and a new Lightspark release is already out! With big news for PowerPC users. The main new feature of this release is experimental support for the PPC platform!
Currently the performance of the video playback is far from ideal as some very inefficient code is used on a critical path, and will be rewritten in an efficient manner. Nonetheless tests and bug reports from PowerPC users are very welcome.
Beside this feature the release include:
- A fix to restore YouTube support
- A new AMF3 parser that will be used to provide Local Shared Object (flash cookies) support in a following release.
Packages will be as usually available for Ubuntu Maverick from the PPA for the i386 and amd64 architecture. Packages for PPC are not currently available as launchpad does not support ppc packages.
Lightspark 0.4.5 Release
Posted by Alessandro Pignotti in Lightspark on December 14, 2010
Lightspark 0.4.5 is out! No big changes from the last Release Candidate, beside a –version switch that will make it easier to assess if the last and best version is being used.
In the mean time work has not stopped. A brand new parser for the AMF3 is already upstream and will be used to implement ByteArray::readObject and support for Local shared Objects. Moreover work is under way to build a supported application database where users will be able to report successes/failures and vote for applications to be supported. This system is being customized having Wine’s AppDB as a base, so thanks the the Wine team for their work!
Lightspark 0.4.5 Release
Posted by Alessandro Pignotti in Lightspark on December 14, 2010
Lightspark 0.4.5 is out! No big changes from the last Release Candidate, beside a –version switch that will make it easier to assess if the last and best version is being used.
In the mean time work has not stopped. A brand new parser for the AMF3 is already upstream and will be used to implement ByteArray::readObject and support for Local shared Objects. Moreover work is under way to build a supported application database where users will be able to report successes/failures and vote for applications to be supported. This system is being customized having Wine’s AppDB as a base, so thanks the the Wine team for their work!
iCTF hacking competition 2010: solution of some challenges
Posted by Luca Invernizzi in Uncategorized on December 10, 2010
This year, having joined the computer security group at UCSB for my phd, I’ve helped in the organization of the 2010rh edition of the iCTF, the biggest international online hacking competition. It has been plenty of fun, with more than 70 teams participating from all over the world. The CMU team “Plaid parliament of pwning” won it, getting the 1000$ price (thanks Adobe and IEEE Security & Privacy magazine for the sponsorships!).
Since people have been asking for the solutions of the two challenges I wrote, so here they are.
challenge 5:
This challenge is easy, I encourage you to give it a try, it’s fun!
Question: “Who’re you’re gonna call?”
File: call
Points: 300
Teams that have completed it: 44 (congrats!)
Solution: in an html comment following this line
challenge 4:
This challenge is a little more difficult, but if you know python you have all the skills necessary to beat it.
Question:
To make it run, unpack this file and run server.py (it’s all python, you can check it for backdoors). To start the challenge, you should read only the content of the “pub” directory: that was the material that was given in the ctf.
Points: 500
Teams that have completed it: 0, as most of the difficult challenges — because of the structure of the iCTF 2010, it turned out that it was more convenient to focus only on the easy challenges. We’ll have to fix it next year!
Solution: in an html comment following this line. The given file also contains a script that can solve the challenge (the test_* files)
For the solution of another difficult challenge, head over to Bryce’s blog.
iCTF hacking competition 2010: solution of some challenges
Posted by Luca Invernizzi in Uncategorized on December 10, 2010
This year, having joined the computer security group at UCSB for my phd, I’ve helped in the organization of the 2010rh edition of the iCTF, the biggest international online hacking competition. It has been plenty of fun, with more than 70 teams participating from all over the world. The CMU team “Plaid parliament of pwning” won it, getting the 1000$ price (thanks Adobe and IEEE Security & Privacy magazine for the sponsorships!).
Since people have been asking for the solutions of the two challenges I wrote, so here they are.
challenge 5:
This challenge is easy, I encourage you to give it a try, it’s fun!
Question: “Who’re you’re gonna call?”
File: call
Points: 300
Teams that have completed it: 44 (congrats!)
Solution: in an html comment following this line
challenge 4:
This challenge is a little more difficult, but if you know python you have all the skills necessary to beat it.
Question:
To make it run, unpack this file and run server.py (it’s all python, you can check it for backdoors). To start the challenge, you should read only the content of the “pub” directory: that was the material that was given in the ctf.
Points: 500
Teams that have completed it: 0, as most of the difficult challenges — because of the structure of the iCTF 2010, it turned out that it was more convenient to focus only on the easy challenges. We’ll have to fix it next year!
Solution: in an html comment following this line. The given file also contains a script that can solve the challenge (the test_* files)
For the solution of another difficult challenge, head over to Bryce’s blog.
Setting IP options in Scapy
Posted by Luca Invernizzi in Networking, Security on December 6, 2010
During this year iCTF (the world largest online hacking competition — very cool) my team faced the problem of setting an IP header option in Scapy. That was needed to break a service that was relying on IP addresses for authentication.
Now, Scapy is an awesome project, but it lacks a bit on the documentation side, as most of it is composed by a bunch of slides. Since IP options are overlooked in the docs and there is nothing findable on the web that shows how to set them, I’ll post it here hoping to help some future fellow googler — that might as well be future me.
Option to set: Loose Route/Record Route (the others work just the same):
>>> ip=IP(src="1.1.1.1", dst="8.8.8.8", options=IPOption('\x83\x03\x10')) |
>>> ip.show2() |
###[ IP ]### version= 4L ihl= 6L tos= 0x0 len= 24 id= 1 flags= frag= 0L ttl= 64 proto= ip chksum= 0xd4d0 src= 1.1.1.1 dst= 8.8.8.8 \options\ |###[ IP Option Loose Source and Record Route ]### | copy_flag= 1L | optclass= control | option= loose_source_route | length= 3 | pointer= 16 | routers= [] |###[ IPOption_EOL ]### | copy_flag= 0L | optclass= contro | option= end_of_list |
The ‘\x83\x03\x10’ has been created following the linked specs (\x83 is the type of the option, \x03 is the length, \x10 is the pointer).
Note that if you forget the IPOption() bit, your packet will be printed correctly with show()/show2() but will refuse to be sent on the network. Instead, it will show this error (here for the sake of search engine indexing):
>>> send(IP(src="1.1.1.1", dst="8.8.8.8", options='\x83\x03\x10')) |
Traceback (most recent call last): File "<console>", line 1, in <module> File "/usr/lib/pymodules/python2.6/scapy/sendrecv.py", line 247, in send __gen_send(conf.L3socket(*args, **kargs), x, inter=inter, loop=loop, count=count,verbose=verbose, realtime=realtime) File "/usr/lib/pymodules/python2.6/scapy/sendrecv.py", line 230, in __gen_send s.send(p) File "/usr/lib/pymodules/python2.6/scapy/arch/linux.py", line 384, in send sx = str(ll(x)) File "/usr/lib/pymodules/python2.6/scapy/arch/linux.py", line 382, in <lambda> ll = lambda x:conf.l2types[sn[3]]()/x File "/usr/lib/pymodules/python2.6/scapy/packet.py", line 260, in __div__ cloneB = other.copy() File "/usr/lib/pymodules/python2.6/scapy/packet.py", line 140, in copy clone.fields[k]=self.get_field(k).do_copy(clone.fields[k]) File "/usr/lib/pymodules/python2.6/scapy/fields.py", line 401, in do_copy return map(lambda p:p.copy(), x) File "/usr/lib/pymodules/python2.6/scapy/fields.py", line 401, in <lambda> return map(lambda p:p.copy(), x) AttributeError: 'str' object has no attribute 'copy' |
Setting IP options in Scapy
Posted by Luca Invernizzi in Networking, Security on December 6, 2010
During this year iCTF (the world largest online hacking competition — very cool) my team faced the problem of setting an IP header option in Scapy. That was needed to break a service that was relying on IP addresses for authentication.
Now, Scapy is an awesome project, but it lacks a bit on the documentation side, as most of it is composed by a bunch of slides. Since IP options are overlooked in the docs and there is nothing findable on the web that shows how to set them, I’ll post it here hoping to help some future fellow googler — that might as well be future me.
Option to set: Loose Route/Record Route (the others work just the same):
>>> ip=IP(src="1.1.1.1", dst="8.8.8.8", options=IPOption('\x83\x03\x10')) |
>>> ip.show2() |
###[ IP ]### version= 4L ihl= 6L tos= 0x0 len= 24 id= 1 flags= frag= 0L ttl= 64 proto= ip chksum= 0xd4d0 src= 1.1.1.1 dst= 8.8.8.8 \options\ |###[ IP Option Loose Source and Record Route ]### | copy_flag= 1L | optclass= control | option= loose_source_route | length= 3 | pointer= 16 | routers= [] |###[ IPOption_EOL ]### | copy_flag= 0L | optclass= contro | option= end_of_list |
The ‘\x83\x03\x10’ has been created following the linked specs (\x83 is the type of the option, \x03 is the length, \x10 is the pointer).
Note that if you forget the IPOption() bit, your packet will be printed correctly with show()/show2() but will refuse to be sent on the network. Instead, it will show this error (here for the sake of search engine indexing):
>>> send(IP(src="1.1.1.1", dst="8.8.8.8", options='\x83\x03\x10')) |
Traceback (most recent call last): File "<console>", line 1, in <module> File "/usr/lib/pymodules/python2.6/scapy/sendrecv.py", line 247, in send __gen_send(conf.L3socket(*args, **kargs), x, inter=inter, loop=loop, count=count,verbose=verbose, realtime=realtime) File "/usr/lib/pymodules/python2.6/scapy/sendrecv.py", line 230, in __gen_send s.send(p) File "/usr/lib/pymodules/python2.6/scapy/arch/linux.py", line 384, in send sx = str(ll(x)) File "/usr/lib/pymodules/python2.6/scapy/arch/linux.py", line 382, in <lambda> ll = lambda x:conf.l2types[sn[3]]()/x File "/usr/lib/pymodules/python2.6/scapy/packet.py", line 260, in __div__ cloneB = other.copy() File "/usr/lib/pymodules/python2.6/scapy/packet.py", line 140, in copy clone.fields[k]=self.get_field(k).do_copy(clone.fields[k]) File "/usr/lib/pymodules/python2.6/scapy/fields.py", line 401, in do_copy return map(lambda p:p.copy(), x) File "/usr/lib/pymodules/python2.6/scapy/fields.py", line 401, in <lambda> return map(lambda p:p.copy(), x) AttributeError: 'str' object has no attribute 'copy' |