Check out my first novel, midnight's simulacra!
Hackery: Difference between revisions
From dankwiki
(snort) |
|||
| Line 1: | Line 1: | ||
== | ==Open source detritus== | ||
* [[ | * Implement handling of [[C99]] [http://gcc.gnu.org/onlinedocs/gcc/Variadic-Macros.html variadic macros] in [http://www.splint.org/ splint] (see [http://www.advogato.org/person/muks/diary.html/start=0 this], [http://www.buzztard.org/index.php/Splint this] and [http://www.splint.org/faq.html#quest18b of course this]) | ||
* Review cryptographic implementations in [http://www.pidgin.im pidgin] -- last time I looked (back in the bad ol' gaim days), its usage of [[OpenSSL]] was all FUBAR | |||
* [[Subversion|Subversion's]] --xml and --ignore-externals options couldn't be used together properly in <tt>svn status</tt>, at some point. Investigate, rectify. | |||
* Various [[Debian]]-related things | |||
==Projects with their own pages== | |||
* [[libdank]]: Long-term personal collection of routines / application frameworks with a low-level feel | |||
* [[TANGE]]: Terminal Application (Next-Generation Emulation) | |||
* | * [[ctxdiff]]: Context-sensitive fractal fuzzy diffing | ||
* [ | * [[xsh]]: Exactly what it sounds like! | ||
** | * [[makelint]], which immediately suggests? [[lintmake]] | ||
* [[ | |||
** [http:// | ==Core stuff== | ||
** [http:// | |||
* | ===Parvenu=== | ||
** | * One string-matching automaton to Rule them All! It must handle: | ||
* | ** Thousands (millions?) of patterns concurrently | ||
* [http:// | ** Initially targeting GigE wire speeds | ||
** [[Using Unicode|UTF-8]] (at a minimum) and various transcodings | |||
* | ** Small-memory (embedded) environments | ||
** | ** Most elements of regular expressions (definitely all the syntactic sugar) | ||
** | * Uses [[Research ideas#libblaze|libblaze]] as a memory management helper | ||
* [http:// | |||
* | ===libblaze=== | ||
* | * Use [[cpuid]] to select and dlopen(2) a processor-specific set of low-level routines | ||
* | ** Observe the details within [http://people.redhat.com/drepper/dsohowto.pdf Ulrich Drepper's] fine document! | ||
* | * Expose [[cpuid]] and [[SMP on x86|SMP]] details | ||
** | * Expose algorithms for memory management / layout tuned to cache/DRAM parameters (detected with [[SPD]]) | ||
* | * Material largely inspired by Warren's ''[http://www.hackersdelight.org/ Hacker's Delight]''. | ||
** | ** And to a lesser, far less rigorous extent, Kaspersky's ''[http://www.amazon.com/Code-Optimization-Effective-Memory-Usage/dp/1931769249/ref=sr_1_1?ie=UTF8&s=books&qid=1205173465&sr=1-1 Effective Memory Usage]''. | ||
* Might have already been superseded by [http://liboil.freedesktop.org/wiki/ liboil]. That damn open source community moves fast! | |||
==Networking== | |||
===Zetetic=== | |||
* Network traffic analysis (ala Wireshark or tcpdump) with strong covert channel detection | |||
* Passive network modeling (protocols, services, hosts, versions) initially | |||
** To be paired with vulnerability correlation, active probing, histories (ala SourceFire RNA?) | |||
* Higher layers do not restrict the inductive analysis of lower layers, but influence the deduction | |||
* Automata-based analysis of content builds up possibility space of what it CAN be | |||
** Probability multipliers (products of series) paired with non-deterministic automata | |||
* Expert knowledge-based reduction of possibility space adds input as to what it OUGHT be | |||
* Neural net-based learning with state determines what it IS | |||
** Over time, confidence in matching both recurring and new traffic increases | |||
* Uses [[Research ideas#Parvenu|Parvenu]] as a pattern-matching helper | |||
===liburine=== | |||
* The inverse of [[Research ideas#Zetetic|Zetetic]]. Take a leak (alternatively: "You're in")! | |||
* Use arbitrary combinations of protocols (and fuzzing/embedding thereof) to find channels | |||
* Goals: if even a bit of controllable information can be used as a channel | |||
** Tunnel [http://openvpn.net/ openvpn](?) (and thus [http://www.torproject.org/ TOR](?)) under it | |||
* Goals: [[Research ideas#Zetetic|Zetetic]] should be able to find us, but nothing of lesser power! | |||
* The ultimate assistant for: whistleblowers, samizdat publishers, hax0rs stuck in airports | |||
===drbenway=== | |||
* Checks sysctls, <tt>netstat</tt>, <tt>/proc</tt>, etc for network settings. Makes extensive sensible recommendations. | |||
** Is device polling / NAPI in use? Do firewall rules disallow PMTU discovery? | |||
** Is TCP FRTO being used in the presence of wireless links? etc | |||
* Analyzes pcaps or raw sockets ''in situ'', with filters, performing detailed diagnostics ie | |||
** "TCP 1323 high-performance extensions are being used in 24% of the connections" | |||
** "Fragmentation is resulting from port 7000's large UDP emissions, can we tune it this way..." | |||
==Compilation/binaries== | |||
===[[gcc]] stuff=== | |||
* Work on [http://gcc.gnu.org/ml/gcc/2006-06/msg00736.html RABLET] | |||
* It'd be interesting to take [[http://gcc.gnu.org/onlinedocs/gccint/GIMPLE.html GIMPLE]] and apply it to [[malware analysis]] | |||
* Work on finishing out [[ISO C99]] support | |||
* Work on [http://www.ggcc.info/?q=codingrules Coding Rule Checking] (GGCC) | |||
===debugging / reverse engineering tools=== | |||
* getgetopt -- discover a program's command line parameters via object analysis | |||
** maybe something to test combinations of command line parameters, as well? | |||
* getgccopt -- discover the compiler options used to build an object. difficult! | |||
* arrlimiter -- run object code with various rlimit restrictions to test failure paths | |||
* ploom -- pthreads debugging from process (tracing framework, object lookup + pthread knowledge, contention measures, etc) | |||
==Aborted projects (very incomplete)== | |||
* Investigate [[suffer]] and see whether it's feasible (update: [http://www.cs.ubc.ca/~davet/fbcmd/ fbcmd] hendels its dendels [[User:Dank|Dank]] 23:05, 8 December 2008 (UTC)) | |||
Revision as of 09:37, 12 July 2012
Open source detritus
- Implement handling of C99 variadic macros in splint (see this, this and of course this)
- Review cryptographic implementations in pidgin -- last time I looked (back in the bad ol' gaim days), its usage of OpenSSL was all FUBAR
- Subversion's --xml and --ignore-externals options couldn't be used together properly in svn status, at some point. Investigate, rectify.
- Various Debian-related things
Projects with their own pages
- libdank: Long-term personal collection of routines / application frameworks with a low-level feel
- TANGE: Terminal Application (Next-Generation Emulation)
- ctxdiff: Context-sensitive fractal fuzzy diffing
- xsh: Exactly what it sounds like!
- makelint, which immediately suggests? lintmake
Core stuff
Parvenu
- One string-matching automaton to Rule them All! It must handle:
- Thousands (millions?) of patterns concurrently
- Initially targeting GigE wire speeds
- UTF-8 (at a minimum) and various transcodings
- Small-memory (embedded) environments
- Most elements of regular expressions (definitely all the syntactic sugar)
- Uses libblaze as a memory management helper
libblaze
- Use cpuid to select and dlopen(2) a processor-specific set of low-level routines
- Observe the details within Ulrich Drepper's fine document!
- Expose cpuid and SMP details
- Expose algorithms for memory management / layout tuned to cache/DRAM parameters (detected with SPD)
- Material largely inspired by Warren's Hacker's Delight.
- And to a lesser, far less rigorous extent, Kaspersky's Effective Memory Usage.
- Might have already been superseded by liboil. That damn open source community moves fast!
Networking
Zetetic
- Network traffic analysis (ala Wireshark or tcpdump) with strong covert channel detection
- Passive network modeling (protocols, services, hosts, versions) initially
- To be paired with vulnerability correlation, active probing, histories (ala SourceFire RNA?)
- Higher layers do not restrict the inductive analysis of lower layers, but influence the deduction
- Automata-based analysis of content builds up possibility space of what it CAN be
- Probability multipliers (products of series) paired with non-deterministic automata
- Expert knowledge-based reduction of possibility space adds input as to what it OUGHT be
- Neural net-based learning with state determines what it IS
- Over time, confidence in matching both recurring and new traffic increases
- Uses Parvenu as a pattern-matching helper
liburine
- The inverse of Zetetic. Take a leak (alternatively: "You're in")!
- Use arbitrary combinations of protocols (and fuzzing/embedding thereof) to find channels
- Goals: if even a bit of controllable information can be used as a channel
- Goals: Zetetic should be able to find us, but nothing of lesser power!
- The ultimate assistant for: whistleblowers, samizdat publishers, hax0rs stuck in airports
drbenway
- Checks sysctls, netstat, /proc, etc for network settings. Makes extensive sensible recommendations.
- Is device polling / NAPI in use? Do firewall rules disallow PMTU discovery?
- Is TCP FRTO being used in the presence of wireless links? etc
- Analyzes pcaps or raw sockets in situ, with filters, performing detailed diagnostics ie
- "TCP 1323 high-performance extensions are being used in 24% of the connections"
- "Fragmentation is resulting from port 7000's large UDP emissions, can we tune it this way..."
Compilation/binaries
gcc stuff
- Work on RABLET
- It'd be interesting to take [GIMPLE] and apply it to malware analysis
- Work on finishing out ISO C99 support
- Work on Coding Rule Checking (GGCC)
debugging / reverse engineering tools
- getgetopt -- discover a program's command line parameters via object analysis
- maybe something to test combinations of command line parameters, as well?
- getgccopt -- discover the compiler options used to build an object. difficult!
- arrlimiter -- run object code with various rlimit restrictions to test failure paths
- ploom -- pthreads debugging from process (tracing framework, object lookup + pthread knowledge, contention measures, etc)
