**** BEGIN LOGGING AT Wed Mar 22 03:00:02 2017 Mar 22 16:14:46 http://thehackernews.com/2017/03/hacking-windows-dll-injection.html Mar 22 16:25:00 DocScrutinizer05: hmm, this seems to require local administrator privileges Mar 22 16:25:53 I don't know windows, so I can't give educated comment Mar 22 16:26:13 but yeah, what I understood it needs a registry edit Mar 22 16:26:35 it is uncommon for the user to have write access to the registry Mar 22 16:26:50 from windows 7 on that is Mar 22 16:27:26 for xp it is another story, but any sane group policy would disable such rights Mar 22 16:29:07 yeah sorry, it's "a hoax" (which nevertheless tricked German CERT, and thus me) - see https://www.heise.de/security/meldung/Cybellum-verkauft-Autostart-Funktion-als-Zero-Day-3662090.html Mar 22 16:29:51 I am seeing it, but I can't read it :) Mar 22 16:33:52 sorry. They simply bash Cybelum for incorrectly and prolly deceiving calling a perfectly working debug function as zeroday. It's an autostart feature that only can get used when malware already gained control, so MEH Mar 22 16:34:42 you could call gdb a malware as well Mar 22 16:34:48 ;-) Mar 22 16:35:04 mhm Mar 22 16:35:07 looks like that Mar 22 16:36:26 fmg: http://www.techamok.com/?pid=18437 Mar 22 16:36:36 if you want english version Mar 22 16:37:05 sorry I had too much confidence in https://www.buerger-cert.de/ competence Mar 22 16:37:23 from what I understand, you need filesystem write access and registry write access. If an attacker have that, I doubt there is anything that can stop him doing whatever she wants with that PC Mar 22 16:37:59 KotCzarny: I already read the Cybelum explanation on that so-called 0-day Mar 22 16:38:04 https://www.buerger-cert.de/archive?type=widtechnicalwarning&nr=TW-T17-0032 Mar 22 16:39:01 and windoze is full of holes, sometimes to gain full control viree has to go through series of them Mar 22 16:39:45 KotCzarny: it sounds the same like if you have debugger installed. What can stop you from attaching to a process and injecting code? Mar 22 16:40:24 depends on which process your debugger can attach to I guess Mar 22 16:40:29 tbh, i havent read the details of that particular hole, but i guess that normally system disallows such attaches Mar 22 16:40:50 and in this case one could attach to antivirus Mar 22 16:41:12 it is no different if they discover LD_PRELOAD and call it -day hole Mar 22 16:41:45 bencoh: that "vulnerability" requires local admin rights Mar 22 16:41:48 anyway, windoze is full of bugs, one has to stop worrying about that and just practice os/user hygiene Mar 22 16:41:52 i've tried to convince someone to buy an N810 yesterday ;( Mar 22 16:43:19 KotCzarny: that's irrelevant, those guys just make noise IIUC. Mar 22 16:44:09 fmg, we can drop the topic then now ;) Mar 22 16:44:17 :) Mar 22 16:44:38 in unrelated news, oscp has just gained ncurses remote Mar 22 16:45:39 oh, and if anyone uses arch linux and want to test my pkgbuild (with source) pm me Mar 22 17:39:20 I just stumbled on https://github.com/jstasiak/asterisk-chan-dongle/ Mar 22 17:40:03 (old old asterisk patch to connect it to huawei/3g dongles) Mar 22 17:40:03 Please use a recent Linux kernel, 2.6.33+ recommended. Mar 22 17:40:05 he he Mar 22 17:40:16 'recent' Mar 22 18:02:13 would it be possible to make "autocalibrate script" for n900 battery? Mar 22 18:02:40 is it even possible to disable usb charging via software? Mar 22 18:03:10 and then enebale it when calibration is reached. Mar 22 18:03:11 bme can ignore connected cable somehow Mar 22 18:03:24 dont know if its controllable to that extent Mar 22 18:03:31 I suppose you could disable charging with i2c commands to bq chip as well Mar 22 18:04:00 if someone can make it Im sure i wouldn't be only one wanting to test it ;) Mar 22 18:04:30 (err, I actually don't remember which charger is sitting on n900, but still) Mar 22 18:06:32 Hello, does anybody know how to boot Maemo's kernel in verbose mode? To be clear: I'm trying to use the flasher to boot the kernel and pass some parameters, and I'd like to understand if anything is working. Mar 22 18:10:18 you need either fb console or uart console Mar 22 18:11:49 KotCzarny: I am trying to follow what I found here: https://wiki.debian.org/DebianOnN900. But before loading a custom kernel, I'd like to try booting Maemo by issuing commands from the flasher. Mar 22 18:12:52 you might check https://wiki.maemo.org/N900_Hardware_Hacking Mar 22 18:13:15 and for fb you would need to compile it into the kernel Mar 22 18:13:47 Sorry I don't know this acronym. Mar 22 18:14:05 framebuffer Mar 22 18:14:22 Is it something that needs hardware connection like uart? Mar 22 18:14:43 i have said you need one of those two Mar 22 18:14:58 fo uart you need some additional hardware Mar 22 18:15:19 for fb you need to compile kernel with fb and fbconsole enabled Mar 22 18:15:56 So it is not possible to boot Maemo's kernel as it is on the device and have a log of what happens? Mar 22 18:16:15 i think fbcon conflicts with x server on maemo Mar 22 18:17:23 but if you only need dmesg and can get to initial shell somehow, that's also the way Mar 22 18:17:59 you can see what rescueos kernel/scripts do on boot Mar 22 18:19:47 Ok, thank you, but let me try to state my question in a different way as well. If I connect the N900 to my computer in update mode and issue "flasher-3.5 -R", the system reboots, right? There is also the option "-l" for loading a kernel, and "-b" for booting it. Is it possible to use the "-b" option to boot Maemo? (Maybe with some parameters.) Mar 22 18:51:26 Enrico_Menotti: it should be possible, just use the same kernel and params Mar 22 18:52:03 KotCzarny: Sorry I lost the connection and don't know if you said something before. I just see your last saying. Mar 22 18:52:47 Meanwhile I tried to load and boot Rescue OS. It seems to work, but the kernel hangs, probably due to a missing init parameter. Mar 22 18:52:59 I think I have to load an initfs as well. Mar 22 18:53:14 did you use their recommended command line? Mar 22 18:53:30 its in the readme Mar 22 18:54:14 https://n900.quitesimple.org/rescueOS/rescueOS-1.3/documentation.txt Mar 22 18:54:15 To be honest I just loaded the kernel and booted it, without parameters. I think the first to state is init, but I don't know how to load to memory the initfs and what to pass as init to the kernel. Mar 22 18:54:40 see above link Mar 22 18:55:13 KotCzarny: Ah yes, thank you!!! It's the -n option. Mar 22 18:55:28 you also can specify kernel cmdline too Mar 22 18:55:47 -b"something" Mar 22 18:56:03 in case you want to pass init= or root= or something Mar 22 18:56:32 Yes, I know that. In fact I was trying to pass parameters to Maemo's kernel, but I think there is no way to load it to memory from the NAND. Mar 22 18:56:47 Probably this only works if I upload a kernel by usb. Mar 22 18:56:54 Enrico_Menotti: why do you need initrd? Mar 22 18:57:14 Sorry, not inird, rootfs. Mar 22 18:57:25 I'm still making confusion. Mar 22 18:57:29 also, you can pass parameters to the kernel via flasher Mar 22 18:58:02 Enrico_Menotti: "-b, --boot[=ARG] Boot the kernel with optional cmdline" Mar 22 18:58:04 freemangordon: Yes, as we were saying, by -b"parameters", right? Mar 22 18:58:09 yes Mar 22 18:58:31 Yes, I just did not know the option to load the rootfs image. Mar 22 18:59:22 Ok, sorry, I had a look at the flasher help, what I have is not the rootfs, but the initfs. Mar 22 18:59:23 what does "load rootfs image" is supposed to mean, please elaborate on what you're trying to achieve Mar 22 18:59:34 initfs == initrd Mar 22 18:59:37 iirc Mar 22 18:59:50 To be honest, it is still not clear to me the difference between the two. I will read something. Mar 22 18:59:57 rootfs I guess is kernel parameter root=$device Mar 22 19:00:15 initrd == Initial Ram Drive Mar 22 19:00:37 it is used to load additional modules and such Mar 22 19:00:56 or to boot the whole "os" in case of rescueOS Mar 22 19:01:18 Thank you. That's clearer now. Mar 22 19:01:35 Enrico_Menotti: maybe, if you explain what you want to do, I can help more :) Mar 22 19:01:43 :) Mar 22 19:02:12 I am just trying to understand how to upload and boot a custom kernel, for the moment. Mar 22 19:02:21 ah Mar 22 19:02:37 I'd recommend installing u-boot Mar 22 19:02:45 The goal is trying to get Android working, at least in a minimal configuration, on the device. Mar 22 19:03:02 u-boot is the "right" way Mar 22 19:03:08 I know there was NITDroid, but I have not been able to make it work, due to the lack of configuration. Mar 22 19:03:21 but for initial testing flasher should suffice Mar 22 19:03:32 I already installed u-boot, but in the end bricked my device and had to reflash the whole thing. Mar 22 19:03:49 I see Mar 22 19:03:50 And yes, now I am doing just a preliminary test. Mar 22 19:07:47 Ok, I have been able to boot rescue OS from the flasher. Mar 22 19:09:09 I still don't understand why I have to upload an initfs and the pass a root, and not an init, parameter. But that's my fault, and I will read over the Internet, and books, to understand. Mar 22 19:10:36 dumb thought, has anyone ran wayland on n900? Mar 22 19:16:21 by default linux tries to run /sbin/init or /init, one hshould pass init= to avoid confusion, also, initramfs and initrd are both supported formats of ramdisks, rootfs is filesystem mounted at / Mar 22 19:21:52 so, you pass init= param to run the first file, and root= to tell kernel where to find filesystem (if you pass ramdisk param, kernel assumes root=/dev/ram or internal fs in case of initramfs) Mar 22 19:25:00 KotCzarny: Ok, thank you for the explanation. For now it is enough to have been able to run Rescue OS. Now I know that I may try some kernel tests this way. Mar 22 19:26:10 Next step: trying to build Linux kernel as modded for the N900 (there are at least three options for that). What is still completely unclear to me is how to generate the initrd (or initfs) for a Linux distribution. Mar 22 19:27:21 see rescueos github page for scripts and configs Mar 22 19:27:53 KotCzarny: Ok thank you for the advice. Mar 22 19:31:19 by the way, why Android on N900? Mar 22 19:32:03 Sicelo: Oh, it started just with a need to install modern apps! Then evolved to this idea. A bit crazy, yes, but I decided to play with it. Mar 22 19:32:44 you're linux user or? Mar 22 19:33:45 Sicelo: I'm trying to learn. I know better the macOS environment. I know it's a long way, but it's just a hobby. Mar 22 19:34:18 just thought you'd have more fun installing Linux than Android ... (but not saying you should change) :-) Mar 22 19:34:30 on the N900, that is .. Mar 22 19:35:31 Sicelo: I will start by trying a Linux distribution. But I don't know what I may do with a Linux distribution in terms of modern apps, like, e.g. Whatsapp. (It's just an example.) Mar 22 19:36:07 okay .. i was also just passing a thought Mar 22 19:38:40 the other thing is .. at best you're likely going to have old Android on the N900 anyway, i think Mar 22 19:52:05 forget about whatsapp Mar 22 19:52:26 they are stupid, closed source and hostile to anything other than money Mar 22 19:57:55 Sicelo: Of course I'm thinking about a "small" Android distribution, probably an old one. Mar 22 19:58:31 KotCzarny: I know. But everybody today uses certain apps. It's impossible to avoid that, I think. Mar 22 19:58:48 not true with that attitude Mar 22 19:59:17 What do you mean? Mar 22 19:59:37 it's about promoting interoperability and "use whatever os/program you want, just make the specs open" Mar 22 20:00:19 Exactly. Don't be a sheep. I don't use things just because someone else is using it. Mar 22 20:00:36 Yes, I agree. The problem is that fighting the "system" is quite difficult, I think... Mar 22 20:00:45 who said to fight anything? Mar 22 20:00:54 stop worrying Mar 22 20:01:42 I'm never been a sheep in the past. But I got my great problems in being a "free minded man". Mar 22 20:02:30 In these days as well - everytime I propose something which I consider interesting, but is out of common schemes, I get quite stopped by somebody. Mar 22 20:02:37 i personally use n900 because it's a linux device with phone functionality Mar 22 20:02:49 which allowed me to write and use my own audio player Mar 22 20:03:21 That's indeed a good thing. Mar 22 20:03:27 dont do things because of people, do them for yourself Mar 22 20:03:50 and share them for others, if they like it, they will use it too Mar 22 20:04:16 Lots of my friends use services I would never use, Facebook, Whatapp. etc. They use other things to contact me (like call/text me) it's a non-issue IMO Mar 22 20:05:11 KotCzarny: Yes, it's what I usually do in my free time. I need to care about people at work. Mar 22 20:07:31 sixwheeledbeast: Not completely true, I think. With my friends I have myself other means to communicate - quite never by fb, and never had the need of wa for this purpose. But each time I find somebody new, or in the case of people located far from me, I am asked for these means of communication. Mar 22 20:08:58 wa went the full blown evil way by actively banning 3rd party clients Mar 22 20:09:10 Simply say you don't agree with these services and you don't use them. Mar 22 20:10:48 sixwheeledbeast: It's not always possible. Sometimes that means the impossibility of a communication. What do you think about Skype? Mar 22 20:10:59 I won't use it Mar 22 20:11:11 impossibility? there is always a way if there is a will Mar 22 20:11:54 social networks come and go Mar 22 20:12:05 There's a friend of mine living in California. I'm located in Italy. We use to talk by Skype. How would you do in another way? Mar 22 20:12:10 irc is there since the beginning of the internet Mar 22 20:12:10 KotCzarny: Yes, that's true. Mar 22 20:14:53 SIP Mar 22 20:15:02 does sip do video too? Mar 22 20:15:22 In fact the best think about the N900 was SIP OOTB over jabber Mar 22 20:15:27 Lastly, if you're chatting on a regular ol' IM protocol—like Jabber or AIM—you can use one of Linux's many great IM clients to get the job done. Most of them support video chat, including Kopete, Pidgin, and Empathy, and you don't have to run any extra installations or start up other programs to get chatting. Mar 22 20:15:50 does pidgin on n900 support video? Mar 22 20:18:57 There's also browser options for video discord and appear.in etc Mar 22 20:22:37 Pidgin doesn't do video, I believe video in pidgin will be a different project "farsight"? Empathy does video I think Mar 22 20:48:07 Hi, Im looking for a 4.x (x>1) kernel version to build. I need working usb, charging would be nice, (maybe even wifi) and not too many bugs. any (working) recommendations? Mar 22 20:48:34 elinux.org/N900 ? Mar 22 20:49:08 says 4.6? is that working? Mar 22 20:50:30 click on branches Mar 22 20:51:03 yes too many choices ;) Mar 22 20:52:35 funny that 4.9 is 181 commits behind 4.6 Mar 22 20:52:45 where is 4.11? Mar 22 20:52:54 whoawhoaa Mar 22 20:53:08 dont asking too much at once? Mar 22 20:53:14 is newer better? Mar 22 20:53:30 anything newer than 2.6.28 is better Mar 22 20:53:46 2.6.28 has decent pm Mar 22 20:53:47 but only 2.6.28 is fully supported Mar 22 20:55:33 just use 4.9 and see if its working good enough for you Mar 22 20:56:02 yeah 4.9 would be a nice target if it works .. Mar 22 20:58:54 https://bugzilla.kernel.org/show_bug.cgi?id=178371 Mar 22 20:58:56 04Bug 178371: was not found. Mar 23 01:43:48 how's wifi related to kernel? prolly not even charging _really_ is Mar 23 01:48:13 * DocScrutinizer05 really wonders how whatcrapp is better than a browser with webIRC Mar 23 02:01:25 make a shortcut for http://webchat.freenode.net?nick=MyNickName&uio=OT10cnVlJjEwPXRydWUmMTI9dHJ1ZQfd on your dang smartphone, when you want to contact me (or want to get contacted by others) you click it and then type "/query DocScrutinizer05" - you won't ever find me on whatcrapp Mar 23 02:02:41 (if you wonder about the link above: enter "/embed" to qwebirc) **** ENDING LOGGING AT Thu Mar 23 03:00:02 2017