Résultats de recherche : esp

Capture and spoof NBT NS and LLMNR packets

 network  No Responses »
Jan 042019
 

Windows uses multiple mechanisms to resolve local hostnames : local hosts file, DNS, netbios name service, LLMNR.
When a host does not exist in the local hosts file or DNS server, windows then broadcast/multicast the request using UDP protocol.
This means we can (1) capture these requests and (2) spoof a response over UDP.

xDNS Sniffer is demo, written in delphi7, using windows raw sockets (receiving and sending) to capture and spoof NBT-NS and LLMNR to abuse local name resolution.
Sending spoofed packets is possible because these protocols are using UDP.
This code is variant/built upon previous demo discussed here.

Code can be found on Github.

Binary can be downloaded here.

Command line is : snif localip name_to_spoof.
Examples:
snif.exe 192.168.1.144 WPAD (will abuse WPAD requests and send back local ip)
snif.exe 192.168.1.144 * (will abuse all local requests and send back local ip)

Windows raw sockets

 network  No Responses »
Déc 292018
 

Following previous article, I did some more googling around windows raw sockets feature and found this interesting article.

And in particular this part when weighting the pros and cons of using windows raw sockets :

Since raw sockets are built into the kernel TCP/IP implementation, there is no need for additional kernel-mode code (such as NDIS filter drivers or WFP callout drivers). There are however a number of drawbacks compared to the first two techniques:

· No filtering in kernel-mode is possible – all packets are delivered to the user-mode application (which has performance implications).

· There is no visibility of how many packets are lost/dropped as a result of insufficient buffering.

· The packets are first time-stamped when processed by a user-mode application, which might be some time after they “could have been” time-stamped by filter/callout driver kernel-mode code running in a DPC (Deferred Procedure Call).

· There is no guarantee of the order in which the kernel adds packets to the raw socket. Monitoring the kernel activity with the “Microsoft-Windows-TCPIP” and “Microsoft-Windows-Winsock-AFD” providers indicates that the outbound response to an inbound packet is often copied to the raw socket before the inbound packet.

Arduino, infrared and LIRC

 arduino  2 Responses »
Mar 032015
 

These days it is pretty easy to setup a Home Theater PC using a cheap computer (raspberry being my preferred choice).

Still, the remote control is many times the weak point.
It is easy to buy or refurbish an infrared remote transmitter, it is less easy/cheap to find an infrared receiver.
Thus, you can find some cheap telco+receiver like these :
amazon
ebay

I then thought it would be fun/interesting to use an arduino for this.

Quickly googling, I found 2 ways to achieve this :
-turn my arduino into a HID device (probably the cleanest way but more complex) thru the use of the v-usb firmware
-have the arduino send (over serial) the expected datas to LIRC (less complex but more prone to errors)

Lets do some mad googling and collect some interesting pointers

-setup LIRC and a FDTI232 adapter : here
-the arduino IRRemote lib as you will need to decode the incoming signals : here
-some arduino code which seems to turn the arduino into a lirc receiver : here
-another possible interesting thread : here
-a similar project with interesting links especially around irman protocol : here
-similar project using IRMAN protocol : here
-related, on attiny85 : here

-v-usb track : here

Arduino : use a shift register (74HC595) and a transistor array (ULN2803)

 arduino  5 Responses »
Juin 072014
 

Still on my journey to a wordclock…

In the previous article, we have seen how to use a shift register to control up to 8 digital outputs (or more if you cascade IC’s).

One drawback in the previous setup is that we had to use one transistor per digital output (to control a device powered by another source).
That is 8 extra transistors, 8*3 extra wires, etc : not very practical and especially if we intend to control several shift registers IC’s. (i plan on using 3 in my wordclock project)

So this is where the ULN2803 comes in : 8 NPN transistors and one common ground in one integrated circuit.

uln2803

See below a refreshed schema (compared to the previous article). Note that I have decided to power my IC’s with my (regulated) Arduino 5v but I could as well have used my battery pack power.
Our 74HC595 will control our ULN2803 (by sending HIGH or LOW on the input) which in turn will drive the current thru each output/led.

uln2803a_bb

the Arduino sketch :

//the pins we are using
int latchPin = 2;
int clockPin = 3;
int dataPin = 4;
 
void setup() {
  //set all the pins used to talk to the chip
  //as output pins so we can write to them
  pinMode(latchPin, OUTPUT);
  pinMode(clockPin, OUTPUT);
  pinMode(dataPin, OUTPUT);
}
 
void loop() {
  for (int i = 0; i < 8; i++) {
 
    //take the latchPin low so the LEDs don't change while we are writing data
    digitalWrite(latchPin, LOW);
 
    //shift out the bits
    shiftOut(dataPin, clockPin, MSBFIRST, i);  
 
    //take the latch pin high so the pins reflect
    //the data we have sent
    digitalWrite(latchPin, HIGH);

    // pause before next value:
    delay(1000);
  }
}

CloneDisk 2.1.8 is out

 clonedisk  No Responses »
Mai 072014
 

Changes since last changelog :

Discuss it here. Download it here.

added : change diskid in partition editor
changed : increased buffersize from 64k to 512k to speed backuping process
changed : will write win8.1u1 mbr and bs (compatible with all previous windows NT)
added : md5 hash for file
added : hide_advanced boolean param in config.ini (options section)
added : screenshot
added : can remove an outlookbar button or page via the config.ini (outlookbar section)
added : can inject any MBR boot code
modified : changed all desktopcenter to screencenter
added : patch bytespersec / sectorsperclus / secreserved in boot sector
changed : bootsector patches for MSDOS5.0 (fat/fat32) as well (was only for oemid=NTFS)
changed : renamed offlinereg unit to uofflinereg
changed : changed window size to 640*480
changed : pagecontrol3 for more space in main screen
changed : disk/partition properties rewiewed (no access to mbr/bs anymore, all windows api)
added : disk/part properties in a separate window
changed : tabsheet4 removed (disk/part properties)
added : double click on the main listview will also display the disk/part properties window
changed : tabsheet8 removed
added : change diskid in mbr tab

clonedisk218_1

 

clonedisk218_2

 Posted by at 19 h 35 min

Bootice 1.3.2 is out

 Boot, install windows, USB, WinPE  No Responses »
Jan 252014
 

BOOTICE is a powerful boot-related utility.
It’s desired to manipulate (install, backup, restore) the MBR and PBR of disks (or disk images), to partition and format disks, to edit disk sectors in hexadecimal, to erase all the data on your disk or logical drive (by filling with customizable characters), to edit Grub4DOS boot menu, and to edit BCD file of Windows NT 6.x.

2013.12.10 v1.3.2.1
1. Fixed the bug that compacting VHD doesn’t work on Windows 7.

◆ 2013.12.07 v1.3.2
1. VHD/VHDX supporting. Now you can create, mount or unmount, resize, compact, reset the parent VHD file for VHD/VHDX files.
2. Better partition formatting speed, especially for NTFS.
3. Allow formatting as FAT32 on a partition larger than 32GB.
4. Fixed a bug that cuases wrong total sectors of VHD files.
5. When installing GRUB4DOS/WEE MBR, the choice « Install NT6 MBR to the 2nd sector » was checked initially.

Find it here.

bootice

Rufus 1.4.2 is out

 install windows  No Responses »
Jan 252014
 

A must have.

Get it here.
Discuss it here.

Rufus is an utility that helps format and create bootable USB flash drives, such as USB keys/pendrives, memory sticks, etc.

It can be especially useful for cases where:

you need to create USB installation media from bootable ISOs (Windows, Linux, UEFI, etc.)
you need to work on a system that doesn’t have an OS installed
you need to flash a BIOS or other firmware from DOS
you want to run a low-level utility

rufus_en

 Posted by at 14 h 13 min  Tagged with:

VB.Net and XNA : Article 17 – Farseer mouse joint & body from texture

 dotnet, xna  No Responses »
Nov 282013
 

In article 13, we made our first steps with Farseer Physics Engine (FPE).
We had create a world and 2 objects (a floor and boxes going thru gravity).

This time, lets create a body from a texture (no more a simple shape like a rectanle).
Lets also add he ability to move that body around with our mouse by using a mouse joint.

Have a look at the method CreateFromTexture in the DrawablePhysicObject class : in short, it creates a polygon from a texture.
Have a look at the update method where we use a FixedMouseJoint.
Also, see how easy it is to add extra objects like 2 extra floors.

Side note, finding documentation on FPE can sometimes be tedious, especially on latest 3.5 version where significant changes were introduced.
Still, here is a good start (although meant for 3.3).
Also, the box2d manual is usefull to understand concepts.
And to close this parenthesis around documentation, the farseer samples are very instructive as well.

Look at the video below to illustrate all this : body from texture, mouse joint.

 Posted by at 22 h 34 min

VB.Net and XNA : Article 13 – First steps with Farseer Physics Engine

 dotnet, xna  No Responses »
Nov 242013
 

In previous articles, we have seen many basics which should help to make a game : scrolling, moving shapes, collision, inputs (mouse, keyboard, gamepad)…

However, you may sometimes need to implement some physic principles : gravity, friction, restitution, etc.

This is where Farseer Physics Engine comes to the rescue.
Farseer Physics Engine is a collision detection system with realistic physics responses.

2 importants concepts to start with :
World
The world object is the manager of it all. It iterates all the objects in the world each time you call the Step() function and makes sure everything is consistent and stable.
Body
The body keeps track of world position. It is basically a point is space that is affected by forces such as impulses from collisions and gravity.

Lets add a project reference to farseer (note : I used msbuild /property:configuration=release « Farseer Physics XNA.csproj » to build it).
Then we will create a world, add a body to it and draw a texture based on the body position.

I encourage you to play with the world properties such as restitution, friction etc to see how it affects your world.
Also, notice how easy it is to detect collision (although I manage only plain shape for now, no convex shapes).

The source code : XNA_DEMO_19

A video to illustrate it.

 Posted by at 13 h 53 min

VB.Net and XNA : Article 12 – Pixel collision on rotated shapes

 dotnet, xna  No Responses »
Nov 232013
 

We have seen in previous article 8 how to perform pixel collision.
Altough it worked perfectly, it only worked on non rotated shapes.

But in some cases, your shape will rotate (like a car in a racing game – see article « A racing car game »).

To perform pixel collision for a rotated shape, here below the steps :

-you first need to draw a rotated rectangle around your shape
-you then need to draw a bounding rectanle around that rotated rectangle (also called AABB : Axis Aligned Bounding Box)
-finally you can check whether 2 AABB intersects, and if so, if in the intersected region, we have 2 non transparent pixels (colliding) or not

The source code : XNA_DEMO_18
Note : the project contains a class named primitives2d which is used only to draw lines/rectangles around my objects.

Lets illustrate this with some screenshots.

Lets rotate our rectangle along with my rocket
pixel2

Lets define our bounding box
pixel3

Despite bounding boxes intersecting, we dont detect collision yet
pixel4

Here we go ! In the intersection region, there are 2 non transparent pixels
pixel5

 Posted by at 17 h 41 min
 Older Entries  Newer Entries