25 September 2014

Compiling Voxelands on Mac OSX

What is Voxelands?
Voxelands - the Fun-Focused Free Software Voxel World Game. Voxelands is a sandbox construction game based on Minetest, which was inspired by earlier "voxel world" games such as Infiniminer.

We already have the precompiled mac app for the latest stable release that you can install at: http://voxelands.com/downloads/voxelands-1408.00-osx.dmg

Disclaimer: The above voxelands-1408.00-os.dmg would still need the mentions dependencies installed from brew below, with the exception of git, cmake, Xcode, Xcode Command Line Tools. This post is mostly meant for people that want the latest new features in the development branch. I'm working on a proper mac app that wouldn't need to install dependencies, in the next release.

To start off with getting a voxelands-1408.00:next-os.dmg (which is the branch for the next release, where most fixes that didn't make it to the latest stable release gets committed to), you'd need a few more softwares to help. First off, you need Homebrew - The missing package manager for OSX, to install it;

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

After installing brew, you need to install these dependencies (that are in the brew repositories):
  • libpng
  • libvorbis
  • libogg
  • jpeg-turbo
  • gettext
  • irrlicht
  • git
  • cmake
Issue brew install on all of them;

brew install libpng libvorbis libogg jpeg-turbo gettext irrlicht git cmake

That will install the most needed dependencies for Voxelands on Mac OSX. But you will also need the XQuartz - A version of the X.Org X Window System that runs on Mac OSX, Xcode, Command Line Tools for Xcode and you can start compiling.

Get the voxelands source from git first (voxelands' former name was minetest-classic);

git clone https://gitorious.org/minetest-classic/minetest-classic.git

cd minetest-classic

git checkout next

Let's start off with telling cmake - which is the cross-platform, open-source build system that Voxelands uses, about the extra dependencies that we installed via brew (do make sure you supply the correct paths with the versions).

cmake -DIRRLICHT_INCLUDE_DIR=/usr/local/Cellar/irrlicht/1.8.1/include/irrlicht/ \
-DIRRLICHT_LIBRARY=/usr/local/Cellar/irrlicht/1.8.1/lib/libIrrlicht.a \
-DJPEG_INCLUDE_DIR=/usr/local/Cellar/jpeg-turbo/1.3.1/include \
-DJPEG_LIBRARY=/usr/local/Cellar/jpeg-turbo/1.3.1/lib/libturbojpeg.a \
-DCUSTOM_GETTEXT_PATH=/usr/local/Cellar/gettext/0.19.2/ \
-G Xcode .

It will make a voxelands.xcodeproj inside the git cloned project directory. Then we can build using Xcode commandline tools.

xcodebuild -verbose -project voxelands.xcodeproj -target package

It tells xcodebuild command to build the project with target of package, which makes the .dmg file that we will get in the end, if it successfully compiles.

If you need help or just want to hang out, come onto our IRC channel #voxelands at chat.freenode.net

UPDATED: forgot to add jpeg-turbo as one of the dependencies

19 September 2014

Setting up searx with gunicorn and supervisor

What is searx?
searx is a privacy-respecting, hackable metasearch engine

I have been using my own instance of searx at https://searx.gliderswirley.org/ mostly because I can. :)

For some reason, my instance seems to go down at some random time, and I assumed it was uwsgi. :P And also because I wanted to try gunicorn and supervisor.

Most of the setup steps are already documented on the wiki at https://github.com/asciimoo/searx/wiki/Installation, but I'll recount the steps here anyways.

Install packages (extra package: supervisor):
sudo apt-get install git build-essential libxslt-dev python-dev python-virtualenv \
python-pybabel zlib1g-dev supervisor

Install searx:
cd /usr/local
sudo git clone https://github.com/asciimoo/searx.git
sudo useradd searx -d /usr/local/searx
sudo chown searx:searx -R /usr/local/searx

Install dependencies in a virtualenv (extra package: gunicorn):
sudo -u searx -i
cd /usr/local/searx
virtualenv searx-ve
. ./searx-ve/bin/activate
pip install -r requirements.txt
pip install gunicorn
python setup.py install

Configure secretkey:
sed -i -e "s/ultrasecretkey/`openssl rand -hex 16`/g" searx/settings.yml

Make a configuration file:
sudo touch /etc/supervisor/conf.d/searx.conf

Edit the above conf to include:
command=/usr/local/searx/searx-ve/bin/gunicorn searx.webapp:app

Then start the supervisor service:
sudo service supervisor start

30 April 2014

Community-ness in Malaysia at its last breath?

It has been almost close to 5 years that I have set my foot on the Malaysian soil. Came over to Malaysia in July, 2009 with the aim of studying a bachelor, and now that I have completed, the journey in Malaysia is almost coming to an end in 2 months.

I have moved around quite a bit, so, it's pretty easy to not give much thoughts when leaving. But Malaysia is one which I spent the better half of my teenage years, and the one where I got into free & open source software (more of the ideology and appreciation, than contributing) and volunteering at events.

I have worked/volunteer for/with notable communities in Malaysia in the span of the last 3 or so years. I even helped grow a community with Beard-0 (the notable Cyber Security & Forensics Club of A.P.U ) I helped make Fedora Users' and Developers Conference APAC happen in Malaysia, along with Izhar, as the main event owner and many other volunteers. And I helped organise a few Fedora events in Kuala Lumpur and at my previous university. Also, me, Beard-0, naavinm and KE started a Capture The Flag (CTF) team called, GliderSwirley. We still try to play most CTF(s) that we could (please pardon the 0xn00bness, if you see us on CTFTime :P ). I also volunteer at Hack In The Box Security Conference and manage most of HackWEEKDAY (Hopefully, the sponsors and participants were happy about it).

Being a part of these communities have been the best extracurricular activities I could ask for. I know there are others like music, martial arts and whatever clubs in the university, but they don't align with my real interests. :P

The problem(s) I find in the way communities are running (not in any particular order);
  • the community leaders are >mid 20s-30s, they have full time jobs,
  • needs to be backed by a larger corp
  • not much passion for knowledge sharing (they just want to suck us dry :P )
When you look at communities like Python Malaysia, Fedora Malaysia and others, the real notable faces of the community have full time jobs. Although, they are pretty active at different events and theirs, there is no other person, especially from college/university students, to take over the leadership or just helping out at organizing events. I try to help most free and open source software (FOSS) communities because look at almost all the software(s) that we use, it's somehow based on FOSS, one way or another.

I find that college/university students like being a part of communities that are backed by larger corps (I will not name them here, don't want to offend anyone). I can't blame them though, they get good SWAG(s)!! like all the time. I'm not exactly sure if every other communities need to start distributing swag(s) just to attract more members? It's something I have not figure out yet. Or is it that there is no monetary rewards involved and students are not motivated because of that? :(

I have done quite a bit of workshops at CSFC, especially python. Because I find that the programming classes in the uni isn't on par with making students actually want to program and I find that python is easier to teach to/learn for beginners. Also, since a lot of security software(s)/scripts are based on python, I hopped that would kill 2 birds with 1 stone, by helping students learn a (new) programming language as well as be able to extend the security software(s), if they find lacking in features. Obviously, I did not have a full-on course figured out like how most classes are, the workshop(s) are aimed more towards motivating the members to start learning programming language(s) and understand how software(s) work, and are mostly 1session/week. I have only recently found out you could get funding from the Python Software Foundation, but now I have other adventures away from Malaysia. :(

It so happens that students just want to learn the stuff they learn at workshop, go back home and come back the next time without much thoughts about it. Although, some are really talented/works hard and comes up with questions/errors that I have not come across. Whenever a discussion takes place on a particular problem, not many wants to chime in with their ideas, they like to just keep quiet or agree to it. Not sure if the agreeing part is for the sake of agreeing or they're just afraid to voice out their opinions?

Also, I guess most students visioned that coming to CSFC means we will teach them which buttons to click on vulnerability/exploit finding software(s) and they can start being 1337 H4x0rs. But the sad reality of life is that being good at something doesn't just come from learning to click buttons and knowing how to use a mouse. I, myself, is not a security professional, there are a ton of knowledge I need to gather too, but I am pretty sure it doesn't always just involve clicking buttons and moving your mouse here and there.

So, after being a part of various communities in Malaysia for awhile, I have come to believe and decided (after thinking hard about it for the past ~4months, having discussed various times with Beard-0 and having talked to a few folks) that the community-ness in Malaysia is certainly at its last breath, don't want to call it dead though. Maybe some still believes it is still growing strong. But to me, it's at its last breath. I'd be lucky to attend/help out a few more community events in June (I know there is one in planning for Fedora Malaysia, if you're interested, please have a look at the agenda - https://fedoraproject.org/wiki/Ambassadors/MalaysianTeam/Events/Fedora_Malaysia_Planning_Meeting_2014, we're still getting the date/venue sorted)

Although, my inner voice do hope that someone from the "younger/college/university" group in the community step-up and rekindle that community-ness fire in Malaysia. But I know that if I ever need to take a vacation in Malaysia and wants to meet the community folks, I can always find the Fedora/Python/Mozilla Malaysia, Code Equality (they're AWESOME!) and some of the HITB folks. :)

So long and thanks for all the fish!

30 January 2014

[Nullcon HackIM 2014] Forensics 2 Writeup

Points: 200
Description: There was a zip file on the desktop. I can't remember the password for it.
We saw a zip file named: "null password.zip" on the desktop. When opened, there are 2 files which are encrypted. So it was clear that we needed to crack the zip.

First we looked at some hints from the challenge creator ;)
So, Beard-0 (https://twitter.com/Maxthatsme) looked at a freshly booted VM of the image (since I was lazy + forgot to save the initial snapshot and was already working on another Forensic challenge) and looked at the Temp folder in AppData/Local, there he found a folder name Rar$DI99.160 inside which had one of the file "Null final1.pdf". From this we looked at known attacks on zip files and found https://en.wikipedia.org/wiki/Known-plaintext_attack

We zipped the "Null final1.pdf" into a zip. Installed the evaluation edition of Ultimate Zip Cracker - http://download.cnet.com/Ultimate-ZIP-Cracker/3000-2092_4-10040839.html

 Selected the "Plaintext attack" recovery method.

Chose the "Null final1.pdf" zip file as plaintext file.

  And finally we had the unzip'd archive.

27 January 2014

[Nullcon HackIM 2014] Forensics 5 Writeup

I play security competitions called Capture The Flag (CTF) with a group called Glider Swirley
Points: 500
Description: The client says that the system was compromise. 
There was no evidence found for the same. The client claims 
that some anti-forensics tool was used to remove the evidences. 
Our investigator agrees to it. Can you find out what was the command 
that was executed and at what time it was done?

There was a hint for it by one of the organizers.
Since all the forensics challenges were based on 1 VM image, it was already known that the image is Windows 7 SP1 x86, thus the profile to use for volatility - https://code.google.com/p/volatility/ was Win7SP1x86. So I acquired the memory dump of the system (MEMORY.DMP)

As this was the first time we (me & Beard-0 - https://twitter.com/Maxthatsme) had to use volatility, I tried to get familiar with it by looking at the process list. Issued with:

[nullcon-2014] >>> % vol.py -f MEMORY.DMP --profile=Win7SP1x86 pslist

Showed a few processes. But clearly by that I knew it wasn't show me anything about a command being executed or a process crashing. Beard-0 looked through a few usage of volatility and found cmdscan. So I tried it out.

[nullcon-2014] >>> % vol.py -f MEMORY.DMP --profile=Win7SP1x86 cmdscan 

Volatility Foundation Volatility Framework 2.3.1


CommandProcess: conhost.exe Pid: 2200

CommandHistory: 0x292a70 Application: TPAutoConnect.exe Flags: Allocated

CommandCount: 0 LastAdded: -1 LastDisplayed: -1

FirstCommand: 0 CommandCountMax: 50

ProcessHandle: 0x58


CommandProcess: conhost.exe Pid: 2996

CommandHistory: 0x5f04f8 Application: cmd.exe Flags: Allocated, Reset

CommandCount: 2 LastAdded: 1 LastDisplayed: 1

FirstCommand: 0 CommandCountMax: 50

ProcessHandle: 0x58

Cmd #0 @ 0x5ed400: cd desktop

Cmd #1 @ 0x5f4730: sdelete -c -z c:

Cmd #36 @ 0x5c00c4: ^?_?\???\

Cmd #37 @ 0x5ed108: _?\????


CommandProcess: conhost.exe Pid: 2996

CommandHistory: 0x5f0698 Application: sdelete.exe Flags: Allocated

CommandCount: 0 LastAdded: -1 LastDisplayed: -1

FirstCommand: 0 CommandCountMax: 50

ProcessHandle: 0x50

So it seems the process we want is sdelete -c -z c:, but the flag format requires, the command and the time. So definitely it seems, we need a screenshot of when the process crashed. Now does volatility have a screenshot feature? Well, since it's so awesome it does.

[nullcon-2014] >>> % vol.py -f MEMORY.DMP --profile=Win7SP1x86 screenshot --dump-dir shots/

It just needs a directory to dump the screenshots and voila, one of the screenshots shows up:

12 November 2013

Zeromutarts CTF Crypto Challenges

The magic of rsa (100)

You were able to hear some whispering on the last crypto party! *whisper* d is 35181901. Keep it secret or we are doomed!
We were given 2 files for the challenge.

1) rsa.py

#!/usr/bin/env python

import sys

n= 65354147
e = 13

d = ??

f = open( sys.argv[1] , "r" )
for line in f: 
    line = int(line.strip())
    # you'll have to insert the decrypt function for each line(number) here!
    #dec = ...
    print chr(dec)

2) rsa.txt


If you read up about RSA decryption[0] on Wikipedia, it's pretty simple and straightforward to solve this challenge. You need C = ciphertext (we got loads of it there in rsa.txt, just need to use one by one), d = private key exponent (we got that as well), n = modulus for both private and public keys. Thus, M (plaintext) = Cd mod n

Here, I used sagemath[1] cloud application to solve it as follows. You could actually save the following into a python script and run it.

n = 65354147
d = 35181901
ctuple = [32588732,56947340,16730166,16529146,17037091,9958499,18895626,49410873,
result = ""

for i in ctuple:
    lol = pow(i, d, n)
    result += chr(lol)
print "Result for http://zeromutarts.de/task/rsa_magic : " + result

rivest-shamir-adleman (250)

This one is important, we have no clue how to decrypt the secret message! Can you help us?
We were given 2 files for this challenge as well.

1) rivest.py

#!/usr/bin/env python

import sys

n= 80646413
e = 5

# You'll have to find the d yourself..
d = unknown

f = open( sys.argv[1] , "r" )
for line in f: 
    line = int(line.strip())
    # you'll have to insert the decrypt function for each line(number) here!
    #dec = ...
    print chr(dec)

# might come handy
def xgcd(a,b):
    """Extended GCD:
    Returns (gcd, x, y) where gcd is the greatest common divisor of a and b
    with the sign of b if b is nonzero, and with the sign of a if b is 0.
    The numbers x,y are such that gcd = ax+by."""
    prevx, x = 1, 0;  prevy, y = 0, 1
    while b:
        q, r = divmod(a,b)
        x, prevx = prevx - q*x, x
        y, prevy = prevy - q*y, y
        a, b = b, r
    return a, prevx, prevy

def modinv(a, m):
    """Modular multiplicative inverse, i.e. a^-1 = 1 (mod m)"""
    a, u, v = xgcd(a, m)
    if a <> 1:
        raise Exception('No inverse: %d (mod %d)' % (a, m))
    return u

2) rivest.txt


This time we seriously need sagemath to solve it. :) Since we don't know the d to decrypt the messages for this challenge, we first need to find the p & q to get d. The most straightforward way to get that is to use Fermat's Factorization method[2].

I used the formula from here: http://facthacks.cr.yp.to/fermat.html to get p & q.

n = 80646413
e = 5
ctuple = [72895864,15633602,38820479,60303684,7458706,60299530,20682371,54642689,
def fermatfactor(N):
       if N <= 0: return [N]
       if is_even(N): return [2,N/2]
       a = ceil(sqrt(N))
       while not is_square(a^2-N):
         a = a + 1
       b = sqrt(a^2-N)
       return [a - b,a + b]
p, q = fermatfactor(n)


result = ""
for i in ctuple:
print "Result for result http://zeromutarts.de/task/rivest-shamir-adleman : " + result

[0]: https://en.wikipedia.org/wiki/RSA_(algorithm)#Decryption
[1]: https://cloud.sagemath.com
[2]: https://en.wikipedia.org/wiki/Fermat's_factorization_method

26 September 2013

Analysis of iWebSpace Android Application

If you follow me enough on twitter (@mavjs), read my home page or follows my Fedora Ambassador wiki page, you'll probably know that I study at the Asia Pacific University of Technology and Innovation[0], Malaysia. This is my account of the n00b analysis done in my free time on the university's android application.

iWebSpace android application[1] is, as quoted from its non-working Google Play page, "The Asia Pacific University APP provides convenient access to important information and to most of our services in your hand" - pretty cool and convenient for most students.

The only thing in my mind was to do an analysis before actually using it and mostly because this is the first time the university's Center of Technology and Innovation (CTI)[2] - a R&D department, produced a mobile application. They have both an iPhone version and an android version. Since I don't own a Macbook, I couldn't do any analysis on the former version. And android was easier to read as I'm more familiar with Java. That being said about the app, let's see my n00b findings.

1) I acquired the .apk from a friend. (I think it's verion 1.0 and also I don't own an android)
2) Used dex2jar[3] to convert .apk to .jar.
3) Used JD-GUI[4] to open and read the .jar file.

First thing on my mind after opening the .jar file with JD-GUI was to see how the application was authentication the students. So, I scrolled through the code and found a Login class. Inside that Login class, it has a doLogin() method that logs you into the system, once you've your student ID and password supplied. I took a closer look at it and guess what I found?

Yup, HTTP. Awesome. No comments there. Let's move along. Assuming, the majority of the students don't care about their student ID and password, this is pretty much fine, I guess. :P

The app has functions to show the students, their pending/paid fees, attendance, timetable and exam timetables. Pretty cool and convenient, definitely. So, I did further look at those functions. Firstly, let's look at Fee function. The Fee class has an onCreate() function, that sets up the view. Further look at it suggests that, it uses a md5 string + student ID to query the Fee status of a particular student. Have a look.

So, I took a closer look at the md5 string. The developers from CTI loves to keep their variable naming short (i, j, k, m, str1, str2). What does str1 actually md5-ing?

int i is getting the YEAR
int j is getting the MONTH
int k is getting the DATE , which is day of the month
int m is getting the HOUR_OF_DAY

From the above, if you reconstruct the md5 string with the current datetime on my system (26-09-2013 15:00:00), you get the following:

md5(26 + 9 + 'Student ID' + 2013 + 15) = '1640a3e25cc45123c5e234606aefbeb2'

This is the same for the attendance function. The timetable and exam schedule functions aren't that interesting, so I'll not write about it here. When reported about the above, the only reply was that they will secure the web services. Does that mean they will keep sending the student ID and password over plain HTTP? I've no idea. :D I looked at the Google Play store page for the app and found that it couldn't be found. What's up?

But the most interesting part about the whole app is the ActiveWebspace class. It seems to register the device using the application to the server so that they can see what's the count of devices using the app and to send push notifications to them. The server is registered with some unique regId, name and email to a web application residing at the following:

Once I found that URL, the only logical thing for me to do was to go one directory up, and see if I could find anything. And I did. This is what I found;

There was no authentication or whatsoever needed to access that, although they've 403'd the service after some hour that I reported about it. The reply they sent me was accordingly;

Cool story - "illustration purpose". But it seems the message box can be used to send push notification from the look of the JavaScript function they were using:

Hey, at least this isn't as bad as the iMessage Chat for android where it could possibly download malicious[5] stuff, right? :P

I think I'll probably only use those services via web. Maybe some other day when I'm free, I'll try looking at the iPhone version and see what kind of stuff they coded in. XD

On another note, this was all done on a Fedora 19[6] laptop. Ciao!

[0]: http://apu.edu.my/
[1]: https://play.google.com/store/apps/details?id=edu.my.apiit.iWebSpace
[2]: http://www.apu.edu.my/cti
[3]: https://code.google.com/p/dex2jar/
[4]: http://jd.benow.ca/
[5]: http://grahamcluley.com/2013/09/imessage-android-trust/
[6]: https://fedoraproject.org/

14 September 2013

Steam fail to start

Last night I was playing some games on Steam and closed it after I finished playing. Then I browsed around the Humble Bundle and bought the 'Humble Indie Bundle 9' since I wanted 'Mark of the Ninja', so to redeem it I switched on Steam. But it wasn't starting up. So, opened it from terminal and got some errors, but those were there since ages and doesn't actually affected the start up last time.

So, this morning, I was talking to a friend on IRC about it and he mentioned that you could just do /usr/bin/steam --reset to reinstall and start again..and voilĂ  it was indeed working again. :)

[Note]: Another friend suggested to restart the router, not sure how effective that would have been though. :P

10 July 2012

Introduction to Grok web application framework @ UCTI

Hey folks, we, the Fedora Malaysia community in conjunction with UCTI Free & Open Source Software SIG, have planned for an introductory workshop on Grok, a web application framework. It uses the Zope Toolkit (ZTK).

This session is aimed towards finding more python as well as zope/plone/FOSS developers  in Malaysia. The session is mentored by our very own Fedora Ambassador, Izhar a.k.a KageSenshi, who works at a local Plone support and service company called Inigo Consulting.

Following are the details of the session:
Date: Sun 15th July, 2012
Time: 11:00-18:00
Venue: Level-2 Room-5 (L2-5), UCTI (Google Maps: http://goo.gl/maps/dI7h)
Fee: Free Of Charge ;)

Folks coming to the session, (that's you!), should bring along their own laptops (obviously!) and do not necessarily need to know Python, but need to have programming knowledge. Learning/knowing Python can be enhanced later on. Also need to know basic/intermediate HTML/CSS/JS.

Although, we prefer Unix/Linux systems like Fedora, users are welcome to use any platform that they wish, provided that they know how to install Grok or any other software packages and troubleshoot problems if they arise.

We might be passing around some Fedora 17 if we happen to not finish them off at Malaysia OpenSource Conference. :P So, if you happen to know how to use *nix system and just need to boot it up to it, you can use a virtual machine to boot into a *nix system using the CDs/DVDs passed around or you can also ask me, for an ISO image before the session, if you need one. :)

See you all there!

Zope/Plone User Group Malaysia G+: http://goo.gl/HcM7n
Zope/Plone User Group Malaysia Maliling List: http://groups.google.com/group/zplug-my

3 July 2012

Zsh Autocomplete Function to change and auto complete directories' name

About some weeks ago, I was trying to find a way to alias my favourite directory (~/Programming/Pythons) in zsh, and it should show me the directories contained inside it. But aliasing doesn't work, except to `cd` me to that directory. Or a function can help me get into the directories inside ~/Programming/Pythons but I'd have to type out the directories' name manually. That wasn't an option either.

So I turned to "Uncle Google" :P for it. Also what I remembered from Zsh is that it's auto completion is really awesome. So I searched for "zsh autocomplete function" and read some stackoverflow examples and stuff. But I had some errors if I was using oh-my-zsh's functions.zsh to store/write my zsh auto complete function in it.

What I did was, instead of writing that auto complete function inside oh-my-zsh's functions.zsh, I wrote it directly inside .zshrc, like this;

function prog() { cd ~/Programming/Pythons/$1; }
_prog() { _files -W ~/Programming/Pythons; }
compdef _prog prog

What this code actually does is that when you type prog after sourcing your .zshrc file, it expands the defined directory, in here; '~/Programming/Pythons/' and the argument $1 is based on whatever directory you selected from the expansion of the directory from the function  _prog(), like this;
Zsh Auto Complete Function
This exactly did what I needed. If you got awesome auto complete functions written, do share it at the comments. :)

source [0]: http://zsh.sourceforge.net/Guide/zshguide06.html
source [1]: http://stackoverflow.com/questions/10700012/zsh-autocomplete-function-based-on-2-arguments
source [2]: https://wiki.archlinux.org/index.php/Zsh#Command_Completion