MAIN.LV

ELF text section

Mon, 23 Aug 2010 11:22:00 +0200

This code based on

.text writable

Find out .text section and make it writable.
segmentcheck.h contains two functions

int sec_text_check( FILE* );

check if given file have .text writable section or not. return 0 if fasle
, 1 if true and -1 if there was some kind error.

int sec_text_set( FILE* , int );

set section segment to writable/unwritable depends on second value that can
be 0 or 1.

Code:

Source includes two tests for both functions.

I have not tested both functions very whell. That whay there can be some error.
I have used used that for proving concept. And have checked result with

test1

and

readelf -l simple

Source

Snake by wudu

Mon, 26 Jul 2010 22:42:00 +0200

Terminal snake. First project in python by wudu

Author: wudu

Source

Python MIT Binary Trees

Tue, 20 Jul 2010 16:02:00 +0200

After reading chapter form MIT Introduction in algorithms about trees I have implemented same algorithm in python
I haven't tryed to make best perfomance only easy to understund and one to one like is in pseudo-code

Tree python class that are used to represent BinaryTree.

class Tree:
	p = None
	left = None
	right = None
	key = 0

pseudo-code


Inorder_Tree_Walk( x )
if x != NIL
    then Inorder_Tree_Walk( left[x] )
        print key[x]
        Inorder_Tree_Walk( right[x] )

python code

def inorder_tree_walk( t ):
    if t != None:
        inorder_tree_walk( t.left )
        print t.key,
        inorder_tree_walk( t.right )

pseudo code

Tree_Search( x , k )
if x = NIL or k = key[x]
    then return x
if k < key[x]
    then return Tree_Search( left[x] , k )
    else return Tree_Search( right[x] , k )

python code

def tree_search( t , k ):
    if (t == None) or (k == t.key):
        return t
    if k < t.key:
        return tree_search( t.left, k )
    return tree_search( t.right, k )

pseudo code

Tree_Minimum( x )
while left[x] != NIL
    do x <- left[x]
return x

python code

def tree_minimum( t ):
    while t.left != None:
        t = t.left
    return t

pseudo code

Tree_Maximum( x )
while right[x] != NIL
    do x <- right[x]
return x

python code

def tree_maximum( t ):
    while t.right != None:
        t = t.right
    return t

python code

def tree_root( t ):
    while ( t.p != None):
        t = t.p
    return t

pseudo code

Tree_Successor( x )
if right[x] != NIL
    then return Tree_Minimum( right[x] )
y <- p[x]
while y != NIL and x = right[y]
    do  x <- y
        y <- p[y]
return y

python code

def tree_successor( t ):
    if t.right != None:
        return tree_minimum( t.right )
    y = t.p
    while (y != None) and (t == y.right):
        t = y
        y = y.p
    return y

pseudo code

Tree_Insert( T , z )
y <- NIL
x <- root[T]
while x != NIL
    do y <- x
        if key[z] < key[x]
            then x <- left[x]
            else x <- right[x]
p[x] <- y
if y = NIL
    then root[T] <- z
    else if key[z] < key[y]
        then left[y] <- z
        else right[y] <- z

python code

def tree_insert( t , z ):
    y = None
    x = tree_root( t )
    while x != None:
        y = x
        if z.key < x.key:
            x = x.left
        else:
            x = x.right
    z.p = y
    if y == None:
        r = tree_root( t )
        r = z
    else:
        if z.key < y.key:
            y.left = z
        else:
            y.right = z

def tree_insert_recrusive( t , z ):
    if t.left == None and t.right == None:
        if z.key < t.key:
            t.left = z
        else:
            t.right = z
        return
    if z.key < t.key:
        tree_insert_recrusive( t.left , z )
    else:
        tree_insert_recrusive( t.right , z )

pseudo code

Tree_Delete( T , z )
if left[z] = NIL or right[z] = NIL
    then y <- z
    else y <- Tree_Successor( z )
if left[y] != NIL
    then x <- left[y]
    else x <- right[y]
if x != NIL
    then p[x] <- p[y]
if p[y] = NIL
    then root[T] <- x
    else if y = left[p[y]]
        then left[p[y]] <- x
        else right[p[y]] <- x
if y != z
    then key[z] <- key[y]
return y

python code

def tree_delete( t , z ):
    if (z.left == None) or (z.right == None):
        y = z
    else:
        y = tree_successor( z )
    if y.left != None:
        x = y.left
    else:
        x = y.right
    if x != None:
        x.p = y.p
    if y.p == None:
        r = tree_root( t )
        r = x
        t = r
    else:
        if y == y.p.left:
            y.p.left = x
        else:
            y.p.right = x
    if y != z:
        z.key = y.key
    return y

Example of usage:
Now we can use out tree. There is some more functions like create_tree that creates binary tree from given array.
And print_tree that print all ree values.

keys = [10,6,1,0,3,8,7,9,21,15,11,17,25,23,46]
max_deep = log(len(keys),2)


def create_tree( n=0 , p=None):
    if (len(keys) == 0) or (n >= max_deep):
        return None
    t = Tree()
    t.p = p
    t.key = keys.pop(0)
    t.left = create_tree( n+1 , t )
    t.right = create_tree( n+1 , t)
    return t

def print_tree( t ):
    if (t != None) and (t.key != None):
        if t.left == t.right == None:
            print "Key:%d "%(t.key)
            return
        if t.left.key == None:
            print "Key:%d Right:%d"%(t.key,t.right.key)
            print_tree( t.right )
            return
        if t.right.key == None:
            print "Key:%d Left:%d"%(t.key,t.left.key)
            print_tree( t.left )
            return
        print "Key:%d Left:%d Right:%d"%(t.key,t.left.key,t.right.key)
        print_tree( t.left )
        print_tree( t.right )

t = create_tree()
r = tree_search( t, 10 )
n = Tree()
n.key = 150
tree_insert_recrusive( t , n )
inorder_tree_walk( t )
print ""
tree_delete( t , r )
inorder_tree_walk( t )
print ""
r = tree_root( t )
print r.key

Source

PSP sample color filled rectangle

Fri, 25 Jun 2010 17:27:00 +0200

This is sample where is drawn colofilled rectangle. Used functions was taken from
pspsokoban and valentine-hbl. To take screenshot press SELECT
for exit press HOME.

As it very simple to code and easy to see what is inside. It can be first
programm that you would try to modify and test on PSP.

Tested:
valentine-hbl - R86
firmware - 6.20
model - 3003

Source

CVS 2010-1160 Exploiting nano

Sat, 24 Apr 2010 19:48:00 +0200

CVE-2010-1160 Nano Changed File Symlink Privilege Escalation

Usualy if I have to edit some file I am using nano editor.
It is almost on every distribution and easy and fast to use. Some time ago i hated vim
beacouse of Ctrl-D =] and that way used nano or pico. Now I know how to exit from vim :q!. After this bug
reported in CVE i was exited to check it out in real life. It is first bug that i have fully tested.

This bug is fixed in newest versions. Testing all nano version this bug works
on < 2.1.7 versions now on my system is latest nano version and I have
compiled many < 2.1.7 versions to test this bug.

To get your nano version run:
$ nano -V

When user is editing file nano don't check if it is edited by some
one else. When saving file it simply save it and dont check if it was modified. If file was changed by some one else
then nano will overwrite it with his text. But it can be changed to symlink that points to other file. How to use it in real life:

1) Open file with nano
2) Change file or set symlink
3) Make changes in file and save file in nano
4) See result in symlinked file

Everytning looks like
$nano text.txt
Now some one do:
$ls -s empty.txt text.txt
Nano save
whach you save in text.txt

In python it looks like:

os.remove( "text.txt" )
open( "empty.txt" , "w" ).close()
os.symlink( "empty.txt" , "text.txt"

Python step by step

If you are root and opening file with owner isnt you. Than owner while you
editing his file can set
symlink to some "/etc/important.conf" and you will overwrite it with some
other unrelated info. This can make some harm to your system.

How can it be exploited in real life by "small unpreviliged user". Make some interesting file
that root will interested in. Make some process that whachs nanos running in system. If nano opened file is our , symlink it.

1)Detect running nano in system
2)Check with file is opened
3)If file is yours make symlink

Nano catch

Script is only for user and dont work if you try to symlink root opened nano. It makes
all steps as described above. Change script variables for your tests:

debug = True
nano = "nano-2.0.9"
user = "user"
sym_path="/home/user/empty.txt"

Tested only with python 2.6.5

Simply be uptodated or if you using old nano dont open with privileged user unpriveleged user files.
It will save you from this bug.

Linkage:
[1] http://osvdb.org/show/osvdb/63872
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1160
[3] http://drosenbe.blogspot.com/2010/03/nano-as-root.html
[4] http://svn.savannah.gnu.org/viewvc/trunk/nano/ChangeLog?revision=4503&root=nano&view=markup

PSP snake game

Sun, 4 Apr 2010 13:49:00 +0200

When I saw ost about patapon exploit that worked on PSP FW 6.20 I was happy.
I was bought PSP-3004 for programming but i dont know that not always you can programm
your PSP, but now my dream come true Link
Since exploit relised I started to trying it. Then I compiled everything that is needed to programm PSP and now I have my own dirty and unfinished version of PSP snake game. It can be started at this moment only through exploit.
Source

Python Manage Lynksys Router

Tue, 16 Mar 2010 22:51:00 +0200

Good fellow asked me to write some script that will help him to turn on/off passway to
global network. There was used linksys machine for controlling such stuff

Here is some code that login, change some rulles and logout. Also pygtk script that do
it in visual way

from linksys import *

ls = LinkSys( "http://192.168.1.1/" )
ls.login( "admin" , "admin" )
ls.setip( STATIC_IP , "gateway" , 10 , 66 , 66 , 66 )
ls.setip( STATIC_IP , "subnet" , 255 , 255 , 255 , 0  )
if ls.response():
	print "Succes"
else:
	print "O_O AIam BAd GUy -^-"
ls.logout()

Everything was writen in early 2009. I have tested at that days. Now I don't have linksys machine
to test it.

Source

Linux antidebug 3

Fri, 5 Mar 2010 21:19:00 +0200

Now we will try to make disasm output whery unclear. We make jump with eax register
Programm 1

main:
	push lbl+1
	pop eax
	jmp eax	
lbl:
	db 0xe8
	mov eax, 4
	mov ebx, 1
	mov ecx, msg1
	mov edx, msg1_size
	int 80h
	
	mov eax, 1
	mov ebx, 0
	int 80h

Output is same as source. Nothing changes

Dissassembler output 1


│ ....... ! main:                           ;xref o80482d7                                       │
│ ....... !   push        offset_804837d                                                         │
│ 8048379 !   pop         eax                                                                    │
│ 804837a !   jmp         eax                                                                    │
│ 804837c     db          0e8h                                                                   │
│ 804837d !                                                                                      │
│ ....... ! offset_804837d:                 ;xref o8048374                                       │
│ ....... !   mov         eax, 4                                                                 │
│ 8048382 !   mov         ebx, 1                                                                 │
│ 8048387 !   mov         ecx, strz_I_am_running__8049568                                        │
│ 804838c !   mov         edx, 0eh                                                               │
│ 8048391 !   int         80h                                                                    │
│ 8048393 !   mov         eax, 1                                                                 │
│ 8048398 !   mov         ebx, 0                                                                 │
│ 804839d !   int         80h

Here we add only one instruction. We get jump adress and add 1. Disasm cannot calculate adress of jmp.

Programm 2
Like in first programm disasm think that we push correct adress and disasm it. And our byte 0xe9 is used
for disasm output. That nice.

main:
	push lbl
	pop eax
	inc eax
	jmp eax
lbl:
	db 0xe9
	mov eax, 4
	mov ebx, 1
	mov ecx, msg1
	mov edx, msg1_size
	int 80h
	
	mov eax, 1
	mov ebx, 0
	int 80h

Dissassembler output 2


│ ....... ! main:                           ;xref o80482d7                                       │

│ ....... !   push        offset_804837d                                                         │

│ 8048379 !   pop         eax                                                                    │

│ 804837a !   inc         eax                                                                    │

│ 804837b !   jmp         eax                                                                    │

│ 804837d !                                                                                      │

│ ....... ! offset_804837d:                 ;xref o8048374                                       │

│ ....... !   jmp         804883ah                                                               │

│ 8048382     add         [ebx+1], bh                                                            │

│ 8048388     mov         ecx, 8049568h                                                          │

│ 804838d     mov         edx, 0eh                                                               │

│ 8048392     int         80h                                                                    │

│ 8048394     mov         eax, 1                                                                 │

│ 8048399     mov         ebx, 0                                                                 │

│ 804839e     int         80h

Now we add nop instruction after every line of our code. It doesnt have any imapct on programm work.

Programm 3

main:

	push lbl

	pop eax

	inc eax

	jmp eax

lbl:

	db 0xe9

	mov eax, 4

	nop 

	mov ebx, 1

	nop

	mov ecx, msg1

	nop

	mov edx, msg1_size

	int 80h

	

	mov eax, 1

	mov ebx, 0

	jmp lbl2+1

lbl2:

	db 0xe9

	int 80h

Disasm output now is very nice. Output isnt very good. For first time when you view this output it is very unclear
about what exactly is done by this code.

Dissassembler output 3

│ ....... ! main:                           ;xref o80482d7                                       │
│ ....... !   push        offset_804837d                                                         │
│ 8048379 !   pop         eax                                                                    │
│ 804837a !   inc         eax                                                                    │
│ 804837b !   jmp         eax                                                                    │
│ 804837d !                                                                                      │
│ ....... ! offset_804837d:                 ;xref o8048374                                       │
│ ....... !   jmp         804883ah                                                               │
│ 8048382     add         [eax+1bbh], dl                                                         │
│ 8048388     add         [eax+49578b9h], dl                                                     │
│ 804838e     or          [eax+0ebah], dl                                                        │
│ 8048394     add         ch, cl                                                                 │
│ 8048396     cmp         byte ptr [eax+1], 0bbh                                                 │
│ 804839d     add         [eax], al                                                              │
│ 804839f     add         [eax], al                                                              │
│ 80483a1     jmp         80483a4h                                                               │
│ 80483a3     jmp         98950475h

Here is one more way how to make unclear jumo to other place. We using function
and inside function we change return adress by 1.

Programm 4
Thats also works fine. Disasm dont know real return adress ans and use 0xe8 as he think is better.

main:
	call fun
	db 0xe8
	mov eax, 4
	mov ebx, 1
	mov ecx, msg1
	mov edx, msg1_size
	int 80h
	
	mov eax, 1
	mov ebx, 0
	int 80h
	
fun:
	pop ebp
	inc ebp
	push ebp
	ret

Dissassembler output 4

│ ....... ! main:                           ;xref o80482d7                                       │
│ ....... !   call        sub_804839c                                                            │
│ 8048379 !   call        8048836h                                                               │
│ 804837e !   add         [ebx+1], bh                                                            │
│ 8048384 !   mov         ecx, strz_I_am_running__8049568                                        │
│ 8048389 !   mov         edx, 0eh                                                               │
│ 804838e !   int         80h                                                                    │
│ 8048390 !   mov         eax, 1                                                                 │
│ 8048395 !   mov         ebx, 0                                                                 │
│ 804839a !   int         80h                                                                    │
│ 804839c !                                                                                      │
│ ....... ! ;-----------------------                                                             │
│ ....... ! ;  S U B R O U T I N E                                                               │
│ ....... ! ;-----------------------                                                             │
│ ....... ! sub_804839c:                    ;xref c8048374                                       │
│ ....... !   pop         ebp                                                                    │
│ 804839d !   inc         ebp                                                                    │
│ 804839e !   push        ebp                                                                    │
│ 804839f !   ret

Source

Linux antidebug 2

Fri, 26 Feb 2010 22:17:00 +0200

This is dirty solution it checks programms argv[0] name with your defined name
when running debuger such as gdb or ald name is chaned to fullpath name
user defined name from terminal is './main'.

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>

int main( int argc , char **argv )
{
	pid_t pid,ppid;
	FILE *f;
	char str[128];
	char spid[10];
	
	//openfile and write ppid
	f = fopen( "pid.txt" , "w" );
	pid = getpid();
	fprintf(f,"%d ",pid);
	fclose( f );
	f = fopen( "pid.txt" , "r" );
	fscanf( f , "%s" , spid );
	fclose( f );
	
	strcpy( str , "cat /proc/" );
	strcat( str , &spid[0] );
	strcat( str , "/cmdline");
	printf( "[%s]\n", spid );
	system( str );
	
	printf("\n");
}

Dirty function that makes dirty solution at one place

int badppid( const char *real_name )
{
	pid_t pid,ppid;
	FILE *f;
	char str[128];
	char spid[10];
	
	f = fopen( "pid.txt" , "w" );
	pid = getpid();
	fprintf(f,"%d ",pid);
	fclose( f );
	
	
	f = fopen( "pid.txt" , "r" );
	fscanf( f , "%s" , spid );
	fclose( f );
	
	
	strcpy( str , "cat /proc/" );
	strcat( str , &spid[0] );
	strcat( str , "/cmdline > name.txt");
	system( str );
	
	f = fopen( "name.txt" , "r" );
	fscanf( f , "%s" , str );
	fclose( f );
	if ( strncmp(str,real_name,strlen(real_name)) != 0 )
	{
		return -1;
	}
	
	return 0;
}

Source

Linux antidebug 1

Tue, 23 Feb 2010 18:54:00 +0200

When ptrace is used for programm debugin then only one ptrace can be attached to programm
when we trying run ptrace with PTRACE_TRACEME then we get -1. I tested with gdb,ald. Also this method should
work with IDApro


#include <stdlib.h>
#include <stdio.h>
#include <sys/ptrace.h>

long int ptraced()
{
	return (ptrace(PTRACE_TRACEME, 0, 0, 0) == -1);
}

int main()
{
	if ( ptraced() )
	{
		printf("Ptraced!\n");
	}
	return 0;
}

Source

Linux Local Descriptor Table

Sun, 24 Jan 2010 17:57:00 +0200

If 0x80**** adreeses is default nope. You can setup your own. Compiler will not see them
but you can do it. Setup LDT and you will see it.

use32
mov dword [0] ,"Hall"
mov dword [4] ,"Ball"
mov dword [8] ,"Mall"
mov dword [12],0x00000000

yes everything starts from 0x0

#include <stdlib.h>
#include <stdio.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <asm/ldt.h>

char new_segment[16];

int main()
{
	int r;
	
	struct user_desc *ldt;
	
	ldt = (struct user_desc*)malloc(sizeof(struct user_desc));
	
	ldt->entry_number = 0;
	ldt->base_addr = ((unsigned long)&new_segment);
	ldt->limit = 16;
	ldt->seg_32bit = 0x1;
	ldt->contents = 0x0;
	ldt->read_exec_only = 0x0;
	ldt->limit_in_pages = 0x0;
	ldt->seg_not_present = 0x0;
	ldt->useable = 0x1;
	
	printf("Start\n");
	r = syscall( __NR_modify_ldt, 1 , ldt , sizeof(struct user_desc) );
	if ( r == -1 )
	{
		printf("Sorry\n");
		exit( 0 );
	}
	asm("pushl %ds");
	asm("movl $0x7, %eax"); /* 0111: 0-Index 1-Using the LDT table 11-RPL of 3 */
	asm("movl %eax, %ds");	
	asm(".byte 0xc7,0x5,0x0,0x0,0x0,0x0,0x48,0x61,\
                   0x6c,0x6c,0xc7,0x5,0x4,0x0,0x0,0x0,\
                   0x42,0x61,0x6c,0x6c,0xc7,0x5,0x8,0x0,\
                   0x0,0x0,0x4d,0x61,0x6c,0x6c,0xc7,0x5,\
                   0xc,0x0,0x0,0x0,0x0,0x0,0x0,0x0");
	asm("popl %ds");
	printf("End\n");
	
	printf("Segment [%s]\n",new_segment);
	
	free( ldt );
	
	return 0;
}

asm(".byte ... ") is code.bin

Compile:
fasm code.asm code.bin
gcc main.c -o main

Source

Vector Library

Sat, 16 Jan 2010 18:46:00 +0200

Library with 2D vector functions.

I have tested this library with ChipMunk vector and with VLvectors
My implementation performs some +% in speed.
Source

Linux Format String Attack 1

Fri, 25 Dec 2009 14:55:00 +0200

Format string attack is attack for C formated strings. Format string function is prinrf() there are other

functions that support format string.

C code for bad used printf(): int main( int argc, char **argv ) { static int i = 0; char text[1000]; strcpy(text, argv[1]); printf("%.8x\n",&i); printf("No way it never will works because value of i=%d\n",i); printf( text ); printf("\nValue of i=%d\n",i); return 0; }First output is adress of static i

Than we outputing values of i and call printf() with first argument fo prgramm.

and then watching value if i

Run: ./e1 'Halolo'
Output:

08049674 No way it never will works because value of i=0 Halolo Value of i=0Run: ./e1 'Halolo%s'

Output:08049674 No way it never will works because value of i=0 Halolo(null) Value of i=0

Run: ./e1 $'\x74\x96\x04\x08_%x'

Output:08049674 No way it never will works because value of i=0 t�_0 Value of i=0

Read about %n in format string:

Run: ./e1 $'\x74\x96\x04\x08_%x_%n'

Output:08049674 No way it never will works because value of i=0 Segmentation faultRun: ./e1 $'\x74\x96\x04\x08_%x_%x_%x_%x_%x_%n'
Output:08049674 No way it never will works because value of i=0 t�_0_8_40_4_4_ Value of i=16Run: ./e1 $'\x74\x96\x04\x08_%x_%x_%x_%x_%.1201x_%n'

Output:

08049674
No way it never will works because value of i=0
t�_0_8_40_4_000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000000004_
Value of i=1216

Now you can input almost any value to i

Linux PC speaker

Mon, 14 Dec 2009 19:36:00 +0200

PC speaker can make sound you whant. Here is small PC speaker player. Set notes , set time

delay and you on. You shold run this code under root if nothing happends.

int main()

{

	int rc,i;

	note *curent_song;

	curent_song = song;

	struct timespec t1;

	rc = syscall(SYS_open,"/dev/console",O_WRONLY,7*8*64+7*8+7); //open cosole

	if (rc == 0)

		rc = 1;

	

	ioctl( rc, KIOCSOUND , 0 );	

	ioctl( rc , KDSETLED , 7 );

	

	i = 0;

	while ( curent_song[i].n != 0 )

	{

		ioctl( rc , KIOCSOUND , curent_song[i].n );

		msleep( (curent_song[i].t) );

		ioctl( rc , KDSETLED , i&0x0007 );

		i++;

	}

	ioctl( rc , KDSETLED , 0 );

	ioctl( rc, KIOCSOUND , 0 );

	

	return 0;

}

Source

Linux keyboard LED

Sat, 12 Dec 2009 17:18:00 +0200

Send some bytes and flash LED on you keyboards.

Run it under root. There will no be any errors if something happens.

Usage:

kbled [NumLock] [CapsLock] [ScrLock]

kbled 0 0 0

#include <stdlib.h>

#include <fcntl.h>

#include <sys/syscall.h>

#include <linux/kd.h>



int main( int argc , char **argv )

{

	int rc,i;

	if (argc != 4) exit(0);



	rc = syscall(SYS_open,"/dev/console",O_WRONLY,7*64+7*8+7); //open cosole

	if (rc == 0) rc = 1;

	

	i = (argv[1][0]-'0')*2+(argv[2][0]-'0')*4+(argv[3][0]-'0');

	ioctl( rc , KDSETLED , i );

	

	return 0;

}

Source

ARP analyzer

Mon, 30 Nov 2009 23:26:00 +0200

Research in ARP protocol. Watch ARP packets , count them and show in list.

Usage
./arpsni eth0

Version 0.1[2009nov30]

ArpSni.0.1

Linux ShellCode 1

Mon, 30 Nov 2009 23:08:00 +0200

First shell code writened from example. Shell code is very interesting way how to execute some code.

asm source:

use32				

xor eax, eax
inc eax
xor ebx, ebx
int 80h

fasm code.asm code.bin

bin2hex output:

\x31\xc0\x40\x31\xdb\xcd\x80C source:

#include <stdio.h>

char code[] = "\x31\xc0\x40\x31\xdb\xcd\x80";

int main()

{
  void (*ret)();
  ret = (void (*)())code;
  ret();
  printf("Nope it not working\n");
}

gcc main.c -o main

run ./main nothing happens. That exactly that code do exits from programm

Source

My variant of Bin2Hex

C Bin2Hex

Tue, 24 Nov 2009 14:43:00 +0200

Converts binary file to hex file.

Use:

./bin2hex [bin_file] - for local output

./bin2hex [bin_file] [hex_text_file] - for file output

Bin2Hex source

Pascal Triangle

Sun, 15 Nov 2009 19:15:00 +0200

This is Pascal Triangle. And colors is choseen by reminder of division.
There are 2 ways how thats is made:
1. Simple if division reminder is 0 then red else green
2. Reminder is like alpha chanell of red color.
In gallery shown images are generated by dividing on (17,19,23,41,42,43). There is easy to see that
prime numbers (17,19,41,43) has very structured triangle but not prime (42) is different.
./chessboard div_number - simply show triangle divided by number
./chessboard div image.tga - save programm screen to image.tga
./chessboard div img.tga ant_parm - changes to second coloring type
Why it I call it chessboard? I were trying make such with OpenGL bet result is Pascal Triangle.

Source

Python Skype Sync Status

Thu, 12 Nov 2009 10:11:00 +0200

This script synhronize your status with selected user status.

python SyncStat.py favorite_uzer

Script