Déc 282018

Since windows XP, windows has a built-in host-based firewall.
A decent firewall where one can allow or block traffic based on executable and/or source/destination/protocol.

Thus, you may not always have access to the MMC (wf.msc) and the console GUI is not always straightforward but rather wizard oriented.

Windows Firewall GUI is a « one window does it all » standalone executable running on windows 7 up to latest windows 10 version.

Probably more important, as the GUI is quite simple and possibly redundant with existing windows functionalities, source code is available (on my github) as well so others may build onto it.

One can :
-view all rules at once
-sort and export to HTML
-delete a rule
-add a rule
-enable/disable a rule
-enable/disable the firewall
-turn on/off logging (dropped packets)
-open and monitor the windows firewall log
-get current profile (domain/private/public)
-get default inbound/outbound action for current profile
-restore local windows firewall defaults

Download here.

Déc 272018

Working in IT, I use Wireshark almost every day.
This software is just great : free, opensource and will probably take me a lifetime to master it all as there are so many things you can do with it.

However, there are times where you need a driverless and standalone software i.e a software which does not require any installation on your production server.
Indeed, I have seen cases where network may be interrupted for a short while or even worse, cases where the server would BSOD (on old winpcap versions thus).
Furthermore, in some situation you may wish to capture traffic over a VPN interface or over localhost : both actions which wireshark (or rather winpcap) can not perform.

That’s where the windows raw socket feature comes in handy : built in windows feature and can snif over VPN or localhost.
Read more about windows raw sockets here.

Raw sniffer is a command line tool meant to capture IP traffic built around windows raw sockets..
You can pipe out to a text file (and later parse it in excel) or generate a cap file which you can later open with wireshark.
Source code is on github.

It takes simple command line parameters : snif [localip] [proto] [port] [0:1]

Some possible usage :
-snif * * 1 : will capture all traffic on localhost to the console AND dump all traffic to a cap file
-snif tcp 80 1 : will filter on http traffic on localhost to the console AND dump all traffic to to a cap file
-snif * udp * 0 : will filter on udp traffic on selected interface to the console

note : if you dont see your incoming traffic, allow snif.exe on your windows firewall – this could do the trick.

Download here

Déc 162018

In a previous article, I showed how to setup a « proxy » for ImDisk thru devio to mount an EWF file.

This time, lets do it with a VHDI file (using external libyal library).

The command lines for the proxy and ImDisk are below :

To launch the proxy : devio –dll=proxy.dll;dllopen shm:test_proxy c:\test.vhd.

To use the proxy from ImDisk : imdisk -a -t proxy -o shm -o ro -f test_proxy -m Z: .


Déc 152018

In a previous article, I released a GUI for libnfs library.

This time, I’ll release a command line tool allowing one to perform simple tasks against NFS exports.

nfsclient 0.1 by erwan2212@gmail.com
nfsclient 0.1 discover
nfsclient 0.1 read nfs://server/export/filename
nfsclient 0.1 write nfs://server/export/ local_filename
nfsclient 0.1 dir nfs://server/export/

Download here.
Discuss here.

Déc 152018

Lately I have discovered libnfs.
I quote « LIBNFS is a client library for accessing NFS shares over a network. ».

It is well documented and easy to use with Delphi (or freepascal).

I have decided to build a lightweight NFS client with simple features : discover, list directories, read & write files.

That could be handy at some point with either CloneDisk or TinyPXE Server.

Download here.
Discuss here.

Déc 022018

In previous article, we have seen how to flash an ESP8266 with ESPEasy.

Lets now see how easy it is to use a sensor such as a DHT11 temperature/humidity sensor.

Lets wire 3v3 and ground and data to our esp8266 gpio 0.

Now, simply add a device on port GPIO 0 and pick a type « Environment – DHT11/12/22 ».

And your ESPEasy should now report temperature and humidity.

Déc 022018

I had this old esp-01 standing on my desk for a while and decided to dust it out by flashing Espeasy firmware.
About this esp8266, see previous articles here.

Note that if you are not sure which esp8266 you model you have, check it out here.

Before we flash, lets do some simple wiring :
-wire 3v3 and ground.
-wire tx to rx, and rx to tx (I use a usb to serial ftdi adapter)
-set gpio0 to low (ground)
-set ch_pd (also referred to en) to high (3v3)
-power off/on to enter flash mode

It is as simple as put your firmware next to flashesp8266.exe (in my case firmware is ESPEasy_mega-20180102_normal_ESP8266_1024.bin) and execute ESPEasy Flasher.

Once flash is completed, set gpio0 free (but leave ch_pd high), power off/on and you should see a new ssid on your network called esp_easy_0 (password=configesp).
configure it i.e connect it to your wireless network and you are done.

Nov 182018

2 years ago for Christmas, I bought a Xiaomi Mi4c android phone.
Cheap (about 130€), well performing (Snapdragon 808, quad core, etc), well designed (looks like new 2 years later), etc.
But as most chinese phones, you are « on your own » and the OS may not be the one you want : see a previous article here.

Now, lately my son reported that the phone had stopped working all of sudden (a month after changing the battery) : not booting or powering up anymore, a led blinking red.
I first thouht the issue was the battery, left it charged for 2 days but still no luck.

I removed the battery, plug it to USB : this time phone was powering up but ended up in a « boot loop » i.e the Mi logo appearing, then black screen, then mi logo again, etc.
And still no FASTBOOT, or RECOVERY.

I therefore decided to apply the « test point » trick : connecting two points on the motherboard.
This time, the phone went into EDL mode (emergency download load) which mean I could flash it.
I first then used miflash to flash an old fastboot MIUI 6.1.7 image (old=no locked bootloader) but still no luck : no FASTBOOT or RECOVERY, and still « boot loop »…
I then used QFIL (Qualcomm Flash Image Loader to flash the old fastboot image again.
I was still getting a « boot loop » BUT this time could get into FASTBOOT ! (not sure why miflash did not work the first time).
I was getting some progress and hope at this time as I was slowly getting some phone features back.

I then flashed an early TWRP (since i was using an old rom) but still no luck : no RECOVERY.
I then decided to test booting with old (but truly original) battery and to my (good) surprise : i could get into RECOVERY and even boot to the O.S !
That would mean that my Xiaomi Mi4c will not enter recovery or boot the O.S without a (good) battery ?
At this stage I then decided to flash a fresh Xiaomi.eu MIUI recovery rom (10.x) and to flash a newer compatible TWRP (for android 7.x nougat).

And here I come with a revived / debricked phone! (and a second new battery to buy in a month time…).

Conclusion !?
I believe the so called « original / MI branded » batteries you can find out there (ebay, etc) are crap copies (I am not even sure Xiaomi actually sells batteries?).
And that new battery actually messed up the phone (the storage part) up to a point that I no longer had a proper bootloader.
The (second) new battery I bought this time is from « green cell » which seems to be a leggit brand out there who cares about its reputation : lets see how it goes… (i believe « nohon » and/or « pisen » brand batteries are also a good alternative).

Some useful commands :
fastboot oem edl to leave fastboot and enter edl
fastboot oem device-info to check that your phone bootloader is not locked (preventing further image flash)
fastboot oem unlock to unlock your phone
fastboot reboot to reboot to the OS
fastboot flash recovery recovery.img to flash a recovery
fastboot boot recovery.img to boot to a recovery
adb reboot bootloader to boot to fastboot (from the O.S or recovery)
adb reboot recovery to boot to recovery (from the O.S or recovery)
adb reboot to reboot to the OS (from the O.S or recovery)

Some usefull links to understand a bit more the android phone boot process :
Reading the above, it appears I was initially not making it to the bootloader (first stage) as this is the bootloader which is handling key presses and eventually taking you into fastboot or recovery.

Side note : drivers can be a pain (FASTBOOT mode, ADB mode, EDL mode, …) and I had to use two different windows : one win7x64 for the adb/fastboot part and another win10x64 for the edl mode (qfil software would not work on my win7x64).

 Posted by at 14 h 54 min