Skip navigation.

exploreopera

| Help

Sign up | Help

How to extinct humanity

teaching essential knowledge to tomorrows youth

convmv is your friend

Thursday, 17. July 2008, 13:14:33

Since windows sucks when it comes to filenames in utf-8 i just had to run 
convmv -f utf-8 -t iso-8859-1 --notest -r *
on several thousand files. Hopefully this will help the software i tried to use not to crash p:

0 Comments

cracking Gpcode

Tuesday, 10. June 2008, 10:47:37

, ,

Some days ago Kaspersky Lab anounced the challenge of cracking a RSA 1024-bit key, which is used for encrypting user files by a trojan horse. The victim is then offered to buy a decryption tool from the creator (vicious).

Along with antivirus companies around the world, we're faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge. We estimate it would take around 15 million modern computers, running for about a year, to crack such a key.

Of course, we don't have that type of computing power at our disposal. This is a case where we need to work together and apply all our collective knowledge and resources to the problem.

So we're calling on you: crytographers, governmental and scientific institutions, antivirus companies, independent researchers…join with us to stop Gpcode. This is a unique project – uniting brain-power and resources out of ethical, rather than theoretical or malicious considerations.

http://www.viruslist.com/en/weblog?weblogid=208187528

If you read the description of the malware on http://www.viruslist.com/en/viruses/encyclopedia?virusid=313444 you'll find out, that the files are actually encrypted with a RC4-cipher, and the key for that is encrypted with RSA in the trojan itself.

Knowing that there are several easier ways which should come to ones mind, than cracking they RSA Encryption within one year or more (depending on the amount of used computers).

  • RC4 has various shortcommings which should make it much more attackable than RSA
    RC4 falls short of the standards set by cryptographers for a secure cipher in several ways, and thus is not recommended for use in new applications.
    http://en.wikipedia.org/wiki/RC4#Security
    Remember that you know of most file types a always given file header.
  • On the forum which was setup by Kaspersky Labs "contrulguy2" describes what he calls "biggest-known-plain-text - attack", just throw a huge file at the malware, of which you have a backup and look what happens http://forum.kaspersky.com/index.php?showtopic=72179


Either there is some information missing or cracking the RSA-key is a bit stupid.

Since the malware deletes it's mainpart after encrypting your files and saves the encryption key only in RSA-encrypted form, you cannot debug it afterwards to gain access to the key.

0 Comments

The Cane as a Weapon

Thursday, 6. March 2008, 12:51:24

,

While looking up information about stick fighting i noticed the fact, that Andrew Chase Cunningham wrote quite an interesting book about fighting with a cane in the early 20th century.
By now it seems to be freely available on the internet, so don't waste your time and start downloading "The Cane as a Weapon".

0 Comments

JDownloader not downloading ?

Thursday, 6. March 2008, 12:39:26

, , ,

It happened to me not so far ago, jDownloader suddenly stopped reading captchas and downloadin, and though
i downloaded a new version from the website because the old updateserver stopped working it
didn't work as i hoped.
I got something like this in my log:

06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> Exception in thread "JD-StartDownloads" java.lang.NoClassDefFoundError: com/sun/image/codec/jpeg/ImageFormatException
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.captcha.JAntiCaptcha.createLetterDBFormMTH(JAntiCaptcha.java:341)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.captcha.JAntiCaptcha.loadMTHFile(JAntiCaptcha.java:318)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.captcha.JAntiCaptcha.<init>(JAntiCaptcha.java:162)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.utils.JDUtilities.getCaptcha(JDUtilities.java:738)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.plugins.Plugin.getCaptchaCode(Plugin.java:1642)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.plugins.host.Rapidshare.doFreeStep(Rapidshare.java:641)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.plugins.host.Rapidshare.doStep(Rapidshare.java:432)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.plugins.PluginForHost.doStep(PluginForHost.java:183)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.plugins.PluginForHost.doNextStep(PluginForHost.java:64)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at jd.controlling.SingleDownloadController.run(SingleDownloadController.java:197)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> Caused by: java.lang.ClassNotFoundException: com.sun.image.codec.jpeg.ImageFormatException
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at java.net.URLClassLoader$1.run(URLClassLoader.java:221)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at java.security.AccessController.doPrivileged(Native Method)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at java.net.URLClassLoader.findClass(URLClassLoader.java:209)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at java.lang.ClassLoader.loadClass(ClassLoader.java:324)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at java.lang.ClassLoader.loadClass(ClassLoader.java:269)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:337)
06.03.2008 13:35:51 - SCHWERWIEGEND [jd.utils.JDUtilities$2(write)] -> ... 10 more

Ha, great i thought, where did this class go then ?
Well, the solution was quite simple, i recently changed my standard java-vm for another application, but jDownloader
works best with the one i got from sun.
sudo update-alternatives --config java

So i looked at the path for the sunjava and added that to my starter.
Quite easy, but i hope this never happens again :wink:

Oh, and one more reminder: If you updated jDownloader, and the updater restarts the software, keep in mind, that it uses your standard java runtime for that.

1 Comment

Internet Worm Aquarium

Thursday, 21. February 2008, 02:22:13

, , , ...

I have always been a fan of replicating and self-distributing malware, not because of the bad which is done with them, but because their resemblance of artificial life.
There is not that much difference between a real virus and a computervirus, and i always liked to read articles and sourcecodes in the ezine of a great virus writing group called 29a (hexadecimal for 666, oh what a pun) virus labs. Nowadays there is not much action left around them, but back in their good days they had many achievements like the first Windows 2000 Virus, the first cellphone virus, and the first .net virus. As you may notice, it was more being the first, than being the most malevolent one, back then viruses seemed to me more like pushing the frontier than causing as much harm as possible. If anyone knows a good ezine about stuff like that which is worth reading and still being published feel free to comment below :smile:.
That about my relation to viruses and worms, apart from the biggest collection i could download from the internet, i now have catched myself some worms, directly from the wilderness. When i saw how much traffic was hitting my machine after i redirected all incomming internet traffic to it, i got a bit interested again and of course, there are still worms around which are trying to exploit several vulnerabilities.
Analyzing the code they sent and downloading them by hand seemed a bit troubling, but i found a wonderful tool just for stuff like that: nepenthes.
Quickly installed on my ubuntu with 
sudo apt-get install nepenthes
i had my malware collection utility running in a matter of seconds. nepenthes simulates several vulnerabilities and and collects the malware which wants to get hold of your system in a central directory, with their checksum as filenames, so you won't get any dublettes.
Downloaded binaries are safed in "/var/lib/nepenthes/binaries" , while unknown exploitcode is safed to "/var/lib/nepenthes/hexdumps".



So far i have catched 60 different executables, most of them are (accordingly to clamav) variants of W32.Virut-9, as you can see in the report below:
/var/lib/nepenthes/binaries/4101de55d7e31fc540d4d7a451df06ab: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/65162aca3938f907c2222b0ed4343ee3: OK
/var/lib/nepenthes/binaries/bec892aaf3a5d697da7db26bb3d32028: Trojan.Vanbot-89 FOUND
/var/lib/nepenthes/binaries/6f485878487dd6c866845736c4977429: Trojan.Agent-7006 FOUND
/var/lib/nepenthes/binaries/da965f76fc2ff71cae30d9921280cc2d: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/ca055a474e4045d43a017e536e6b4662: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/b9bca66994dd253ed374a0a35edca768: OK
/var/lib/nepenthes/binaries/5e974a71090f92bd28423018191981fa: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/eab499a0b5d392f006be30bcd3806ed9: W32.Virut-17 FOUND
/var/lib/nepenthes/binaries/f0254148424d24f43c28567f5916446b: W32.Virut.da FOUND
/var/lib/nepenthes/binaries/41dc5c6b73439ad73c9b512c4292b6f3: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/e0d35579ef892259370a08dd938a15e3: Trojan.SdBot-5825 FOUND
/var/lib/nepenthes/binaries/168bb93e99cd46d318d1a39656ebd246: W32.Virut.da FOUND
/var/lib/nepenthes/binaries/355cabe10f6a72a23e0d5ada2bfe26e2: Trojan.Agent-11146 FOUND
/var/lib/nepenthes/binaries/709832ca3e811bd39ee1ef7d64e50e20: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/954a98c971fda498f9d1211f18e75cd7: Trojan.Vanbot-166 FOUND
/var/lib/nepenthes/binaries/bebecadb67ca232adf1b6ca7052f9d04: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/175dffd2f768887fbd0b156383cf3b05: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/61081640b1f491ef216d79cf73557687: Exploit.DCOM.Gen FOUND
/var/lib/nepenthes/binaries/569451904630e3789cae508968f314ad: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/51f1b126d36ebdb254de90d1e66051fc: OK
/var/lib/nepenthes/binaries/601c184ee7a12c909a951523e0c28771: W32.Virut.di FOUND
/var/lib/nepenthes/binaries/044bfda21be6cb1f85f4bccc8e59c2e2: Trojan.SdBot-4693 FOUND
/var/lib/nepenthes/binaries/b35dc60319fcc5ba7e1297af35e27aeb: Trojan.Agent-11228 FOUND
/var/lib/nepenthes/binaries/cb032b12af742555e60124f6d7d2d2ea: Trojan.Vanbot-164 FOUND
/var/lib/nepenthes/binaries/82867cef683fb9afe67148666e457378: W32.Virut.ii FOUND
/var/lib/nepenthes/binaries/27e671d98573f23216bfa805fb033e8f: W32.Virut.ia FOUND
/var/lib/nepenthes/binaries/0ad37e3619d665689715e8a14ce3ddad: W32.Virut.da FOUND
/var/lib/nepenthes/binaries/8c61fb1efd1d3814827d2dc0536498e5: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/b9ea7398f0a7e08005948389afe9e800: OK
/var/lib/nepenthes/binaries/0c22f6dc09641566e42984323b869136: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/f338c0457e5f76c211cb0374b28d5c01: OK
/var/lib/nepenthes/binaries/a6c6fc5ba124846c21436ab8ae9014a6: W32.Virut.da FOUND
/var/lib/nepenthes/binaries/e3fd5ec95e34a0c1316f04b35570ca55: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/cae70081fc45d43abb514286340d0abe: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/703113254d84fb29834fa036a6f3ffd4: Exploit.DCOM.Gen FOUND
/var/lib/nepenthes/binaries/ea9a59d23ec7fef461e503b6cd52255e: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/6406d70ff7f80489646c408f69d4cdc0: W32.Virut.ci FOUND
/var/lib/nepenthes/binaries/1b5142b84df948cf431d01930ec3a304: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/b63fda0c3a49437656b320eb064ad715: W32.Virut.da FOUND
/var/lib/nepenthes/binaries/694501b5f23d21fd366ca28df269c2dd: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/3b1468d81152a7de3d8e28bef5a57312: Trojan.Agent-4938 FOUND
/var/lib/nepenthes/binaries/42362321edb5e912ebffdb2ee3a4047a: W32.Virut.sa FOUND
/var/lib/nepenthes/binaries/2aa59ba4251795deda72738d1c67be7c: Trojan.SdBot-5909 FOUND
/var/lib/nepenthes/binaries/5865e732663d75b501ffd7d98bc49005: OK
/var/lib/nepenthes/binaries/e0093d6226892ab17f569342ea564241: Trojan.SdBot-4763 FOUND
/var/lib/nepenthes/binaries/7a774ba6f0060bd8c7c1ce57679c18f8: W32.Virut.di FOUND
/var/lib/nepenthes/binaries/3228f8bc721572422c268f244476dbb8: Trojan.SdBot-4763 FOUND
/var/lib/nepenthes/binaries/459578aad7b8d71bc897ab7f31ec80c0: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/97ac56e1ebbfcafadea1623b085c86bf: OK
/var/lib/nepenthes/binaries/39bbd8b26805043e93e73ba51f270132: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/086fa42fcb26ff4d28288ac131469d62: Trojan.Mybot-9300 FOUND
/var/lib/nepenthes/binaries/d63834d6446f75abe5dc0b8d68040f15: Trojan.Agent-11228 FOUND
/var/lib/nepenthes/binaries/25f80e1419cb7dba68b3ce873204760e: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/ce2d730e0012280cb8bef5fce4c2f7c2: W32.Virut.ca FOUND
/var/lib/nepenthes/binaries/e07ba34fd0c0d66b17f04d344173a031: W32.Virut.ci FOUND
/var/lib/nepenthes/binaries/364389256ea74bb06d6825e7ee1689d9: OK
/var/lib/nepenthes/binaries/ec1df9c1ec1c261b850eeab86a26f255: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/eb2e0377b24d63760fd83ddd90d44911: W32.Virut-9 FOUND
/var/lib/nepenthes/binaries/df7653c26f72d1cdabc5f9f9454b2fc1: W32.Virut.ba FOUND

----------- SCAN SUMMARY -----------
Known viruses: 216346
Engine version: 0.91.2
Scanned directories: 1
Scanned files: 60
Infected files: 52
Data scanned: 11.19 MB
Time: 9.035 sec (0 m 9 s)

As you can see, there are 8 files in it, which are currently not recognized by clamav, i think they are recognized by atleast some available virus scanners (try for example: http://scanner.virus.org), but the naming is absolutely random between the different scanners, so i did not bother myself with them so far.
If you are interested in malware analyzation you can download them as collection there: http://rapidshare.com/files/93562611/Do_21._Feb_01-53-58_CET_2008.tar.bz2.html . Their size varies from 33 kb to 800 kb, be careful with those, do not just run them on your pc, if you do not know exactly what you are doing.
If you want to mess around with them in your debugger make sure you are running in a virtual machine, or at least in a sandbox like sandboxie.

Observing the binaries directory is a bit tiring, so i added the following line to my ~/.bashrc , which allows me to have a small console window on top, which shows the current count of worms, after using the command "wurm": 
alias wurm="cd /var/lib/nepenthes/binaries && while ( true ); do ls -l|wc|sed 's/ *\([0-9]*\).*/\1 -1/'|bc|sed 's/\(.*\)/\1 Würmer/' && sleep 1; done"


Maybe you can spot the small console window in the following screenshot:


Clamav is a great project, though it still lacks in speed and recognition compared to commercial virus scanners.

Thats it for now, happy hunting :smile:

0 Comments

How to:stream your webcam over telnet with Ubuntu linux

Tuesday, 5. February 2008, 21:13:25

, , , ...



First, make sure, that you have your webcam installed and available as video device, i won't cover that, as i don't know your webcam, i will just assume you have that.
Second you will need the following packages installed:
  • vlc
  • caca-utils

You can install them like this in your console:
sudo apt-get install vlc caca-utils


Now a bit of theory:
The software called vlc (videolanclient) is, basically spoken a media player, which supports lots of funny stuff, of which we will use two things specifically for this: the ability to read your video4linux device as input, and the support of using libcaca as output.
Libcaca is a library, used for colored ascii output of images/videos.
Installed with caca-utils comes a utility called cacaserver, which serves libcaca output on port 51914 for telnet connections, so it's just about putting those two together:
CACA_DRIVER=raw vlc v4l:// :v4l-vdev="/dev/video" :v4l-adev="/dev/dsp" :v4l-norm=3 :v4l-frequency=-1  --vout=caca --intf dummy|cacaserver

If your video device is different from /dev/video you will have to adjust that.

I don't want to type that all the time, so i created me an alias in my ~/.bashrc:
cam2telnet='CACA_DRIVER=raw vlc v4l:// :v4l-vdev="/dev/video" :v4l-adev="/dev/dsp" :v4l-norm=3 :v4l-frequency=-1  --vout=caca --intf dummy|cacaserver'


It seems to consume quite the bandwidth, maybe you can get a bit control over that with adjusting the framerate, have fun with digging into the vlc documentation for that: http://www.videolan.org/doc/ :smile:

0 Comments

AllocConsole and freepascal

Sunday, 27. January 2008, 21:02:05

, ,

There comes the time, where you want to create a console at runtime in windows.

While you can just make something like this in Delphi:
AllocConsole();
writeln('stuff');


you have to do a bit more magic in freepascal:
AllocConsole();
System.IsConsole:=true;
SysInitStdIO();


after this you are free to go with all your writeln()s and readln()s.

After spending literally hours throwing pointers around me someone named christian_u in the channel #german-lazarus-forum on freenode finally ended my pain :wink:
IRC still has it's benefits :smile:

0 Comments

lol internet

Friday, 11. January 2008, 10:29:03

You may now this video already, but i have to make fun of a friend who currently has no internet connection in his flat :>




3 Comments

Moustache Wax, finally

Monday, 7. January 2008, 12:33:51

, , ,

"Echte ungarische Bartwichse"
It was about time, that i got my hands on that stuff :smile:

1 Comment

12 good reasons to carry a knife

Sunday, 6. January 2008, 16:01:51

, ,

Here in Germany there are in recent times of new laws or ideas for laws which affect me directly or indirectly, mostly cutting my freedom at every edge.
One of those ideas is to outlaw public carrying of knives, it comes from a small politician called Ehrhart Körting, which received in 2003 the Big Brother Award. Again a splendid idea which would affect me, as i always carry a small hunting knive on my side. He want's them to be outlawed because they are dangerous weapons, yadda yadda.

As i said, i always carry a knife with me, i only take it off, if i have to go to a place where knives are prohibited and where i expect to be searched for weapons, but i don't like to be searched, so i usually don't go to such places.
I use my knive pretty often, but i never used it as weapon so far, so i thought i'd write down the uses i have for my knife in my daily life.

  1. I cut things, just yesterday i had to cut a string for a friend.
  2. I peel apples, i am allergic against something on the outside of apples, so i have to peel them, when we have apples in the university, the knives we have there are no good for that :wink:
  3. I cut walking sticks when i wander around in the forests :D
  4. If i don't have gloves with me i would have to peel the sticks, as i am allergic to some green things on them...
  5. I can open cans with my knife, if i don't have anything else at my hands.
  6. Cutting and dismantling cables.
  7. Opening stubborn packages.
  8. I clean my nails with my knife p:
  9. Cut food
  10. i wished i could shave myself with it, but it's not sharp enough...
  11. sharpen my knife whenever i have the opportunity
  12. Handle screws.


These are some things that came to my mind just now, i bet there is more, but those are things i do pretty often.
My knife is a tool which i use a lot more often than my mobile phone, in fact i wouldn't care if mobile phones would be outlawed, but that's just me :wink:

0 Comments

1 2 3 4 5 ... 8 Next »

Showing posts 1 - 10 of 76.

Photos

100_2869.JPG100_2857.JPG100_2858.JPG100_2867.JPG100_2863.JPG100_2866.JPG100_2868.JPG100_2865.JPG100_2864.JPG

Deviantart Favoriten

Chemiestudent Weblog

    Google Searches

    Blödsinn