Archive for August, 2015

26 Aug

Creating packages with FPM

Posted by Peter Teoh in Android.

http://rnelson0.com/2014/09/15/creating-packages-with-fpm/

https://www.digitalocean.com/community/tutorials/how-to-use-fpm-to-easily-create-packages-in-multiple-formats

https://github.com/jordansissel/fpm

http://www.ducea.com/2011/08/31/build-your-own-packages-easily-with-fpm/

6 Aug

▶ Analysis of IPMI based vulnerabilities

Posted by Peter Teoh in ACPI, IPMI, UEFI.

https://www.youtube.com/watch?v=GZeUntdObCA

And here is a good introduction on the vulnerabilities in detail:

https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi

IPMI architecture diagram shows BMC sideband via SMBUS.

https://threatpost.com/vulnerabilities-in-ipmi-protocol-have-long-shelf-life/106480

https://www.us-cert.gov/ncas/alerts/TA13-207A

https://securityledger.com/2014/06/ipmis-inconvenient-truth-a-conversation-with-dan-farmer/

http://fish2.com/ipmi/

http://www.fish2.com/security/

http://fish2.com/ipmi/river.pdf

http://fish2.com/ipmi/itrain.pdf

http://fish2.com/ipmi/itrain-gz.html

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

https://en.wikipedia.org/wiki/WS-Management

Tools:

http://www.gnu.org/software/freeipmi/

http://sourceforge.net/projects/ipmitool/

Redfish:

http://dmtf.org/standards/redfish

http://robhirschfeld.com/2014/12/11/redfish-ipmi-bios/

http://www.uefi.org/sites/default/files/resources/UEFI_Plugfest_May_2015_HTTP_Boot_Redfish_Samer_El-Haj_ver1.2.pdf

Different presentations:

https://groups.google.com/forum/#!topic/pdxdevops/KGu9kbVMstg

IPMI + RESTFUL API

https://wiki.openstack.org/wiki/IpmiCredentials

https://github.com/Ahiknsr/igor-rest-api

http://www.eyeshalfclosed.com/blog/2014/08/28/building-the-igor-rest-api/

Foreman:

http://www.fitzdsl.net/tag/ipmi/

Post-28 Sep 2015 update (all the fish2.com document seemed to be inaccessible now….):

IPMI specification (2013):

Click to access ipmi-second-gen-interface-spec-v2-rev1-1.pdf

Click to access IPMI.pdf

Click to access ipmi-woot13.pdf

Click to access ipmi_v7_fix.pdf

Click to access ps4q04-20040204-murphy.pdf

Click to access Bonkoski_IPMI_SUMIT_2013b.pdf

ftp://ftp.penguincomputing.com/pub/penguin/Other/IPMI/ipmi_howto.pdf

Click to access UCSTroubleshooting_chapter_01000.pdf

Click to access E21452.pdf

Click to access ilom3.0-snmp-ipmi-en-01.pdf

Click to access 25133701.pdf

1 Aug

How to quickly compile all the Android samples via command line?

Posted by Peter Teoh in Android.

The procedure described here is working only for the “legacy” branch of Android SDK, as the later version are all using “Gradle” now (procedure to compile to be covered in another blog).

First the prerequisites (for Ubuntu 14.04 64-bit host environment, and Android SDK has been installed in /opt/android-sdk-linux directory):

1. Update Android SDK:

cd /opt/android-sdk-linux
tools/android update sdk –no-ui

2. Ensure “ant” is installed: “sudo apt-get install ant”.

3. Ensure java and javac is installed, version 7 preferred. (Java 6 confirmed will give errors).

4. Next, “cd /opt/android-sdk-linux/samples/android-22/legacy” to the Android version 22 legacy branch.

Using this script (named as “myant”):

#!/bin/bash

export ANDROID_SDK=/opt/android-sdk-linux
export ANDROID_HOME=/opt/android-sdk-linux

$ANDROID_SDK/tools/android update project –path . –target android-21

ant debug

(Noticed above that I specified the target as Android version 21).

5. And then run the following script (ensuring that the above “myant” is in your $PATH):

list=”AccelerometerPlay/ \
ActionBarCompat/ \
AndroidBeamDemo/ \
ApiDemos/ \
AppNavigation/ \
BackupRestore/ \
BasicGLSurfaceView/ \
BluetoothHDP/ \
ContactManager/ \
CrossCompatibility/ \
CubeLiveWallpaper/ \
GestureBuilder/ \
HelloEffects/ \
Home/ \
HoneycombGallery/ \
JetBoy/ \
KeyChainDemo/ \
LunarLander/ \
MultiResolution/ \
NotePad/ \
RandomMusicPlayer/ \
RenderScript/ \
SampleSyncAdapter/ \
SearchableDictionary/ \
SipDemo/ \
SkeletonApp/ \
Snake/ \
SoftKeyboard/ \
SpellChecker/ \
Spinner/ \
SpinnerTest/ \
TicTacToeLib/ \
TicTacToeMain/ \
ToyVpn/ \
TtsEngine/ \
UiAutomator/ \
VoicemailProviderDemo/ \
VoiceRecognitionService/ \
WeatherListWidget/ \
WidgetPreview/ \
WiFiDirectDemo/ \
WiFiDirectServiceDiscovery/ \
Wiktionary/ \
WiktionarySimple/ \
XmlAdapters/”

for name in $list
do
if
[ -f “$name/AndroidManifest.xml” ]
then
cd $name
myant
cd ..
else
echo $name NOTBUILD
fi
done

All the samples will build successfully (just grep for successful) but only three subdirectory remain untouch: Renderscript, UiAutomator, and SpellChecker. Just “cd” to specific directory involved, and execute “myant” whenever AndroidManifest.xml is found.

Only UiAutomator remained cannot be compiled, as it does not comes with “AndroidManifest.xml” file.

Vickblöm

Research scattered with thoughts, ideas, and dreams

WPScan

Site Title

Penetration Testing Lab

Offensive Techniques & Methodologies

Astr0baby's not so random thoughts _____ rand() % 100;

@astr0baby on Twitter for fresh randomness

Data Science & Deep Learning

WildML

The Data Explorer

playing around with open data to learn some cool stuff about data analysis and the world

Conorsblog

Data | ML | NLP | Python | R

quyv

Just a thought

cuponthetop

IFT6266 - H2017 Deep Learning

A Graduate Course Offered at Université de Montréal

Deep Learning IFT6266-H2017 UdeM

Philippe Paradis - My solutions to the image inpainting problem

IFT6266 - Deep Learning : Inpainting Project

Deep Learning Applied to PMU Data in Power Systems

Pedro Emanuel Almeida Cardoso

Deep Learning W17 project page

IFT6266 – H2017 DEEP LEARNING

Pulkit's thoughts on the course project

Thomas Dinsmore's Blog

No man but a blockhead ever wrote except for money -- Samuel Johnson

the morning paper

a random walk through Computer Science research, by Adrian Colyer

The Spectator

Shakir's Machine Learning Blog