Hackery: Difference between revisions

From dankwiki
Line 1: Line 1:
==Open source detritus==
==Open source detrital TODOs==
* fix up ext3grep to work on ext4 filesystems
* fix up ext3grep to work on ext4 filesystems
* Implement handling of [[C99]] [http://gcc.gnu.org/onlinedocs/gcc/Variadic-Macros.html variadic macros] in [http://www.splint.org/ splint] (see [http://www.advogato.org/person/muks/diary.html/start=0 this], [http://www.buzztard.org/index.php/Splint this] and [http://www.splint.org/faq.html#quest18b of course this])
* Implement handling of [[C99]] [http://gcc.gnu.org/onlinedocs/gcc/Variadic-Macros.html variadic macros] in [http://www.splint.org/ splint] (see [http://www.advogato.org/person/muks/diary.html/start=0 this], [http://www.buzztard.org/index.php/Splint this] and [http://www.splint.org/faq.html#quest18b of course this])

Revision as of 08:05, 29 July 2012

Open source detrital TODOs

  • fix up ext3grep to work on ext4 filesystems
  • Implement handling of C99 variadic macros in splint (see this, this and of course this)
  • Review cryptographic implementations in pidgin -- last time I looked (back in the bad ol' gaim days), its usage of OpenSSL was all FUBAR
  • Subversion's --xml and --ignore-externals options couldn't be used together properly in svn status, at some point. Investigate, rectify.
  • Various Debian-related things
  • "taking OpenSSL's RAND_bytes() (which uses /dev/urandom, EGD, or a pregenerated seed file) function and stirring that into a target buffer of arbitrary length, such that use of actual high-quality entropy bits is constant (probably a read of several words each time a thread calls into (threadsafe from the start, no *_r() crap!) FAUXRAND_bytes() for the first time) has been on my plate since...well, since just now." (mail to Dr. Richard Vuduc, 2009-09-19)
  • mpd ought use filesystem change notification events to trigger database changes, not periodic or manual rescans
  • valgrind is missing some obscure ioctl's, including ethtool's

Various open source contributions (very incomplete)

Projects with their own pages

  • ptracer: Quick-n-dirty instruction trace generation tool
  • libdank: Long-term personal collection of routines / application frameworks with a low-level feel
  • TANGE: Terminal Application (Next-Generation Emulation)
  • ctxdiff: Context-sensitive fractal fuzzy diffing (not at all like shingleprinting)
  • xsh: Exactly what it sounds like!
  • makelint, which immediately suggests? lintmake
  • libtorque: Multithreaded event handler for UNIX on manycore NUMA
  • daytripper: Binary translation to take advantage of Intel's Loop Stream Detector
  • CUBAR: collection of tools for testing CUDA's security model
  • libcudest: open-source implementation of the CUDA userspace
  • LRUmap: O(1) LRU for massive numbers of sets
  • omphalos: multi-pronged network discovery
  • growlight: multifaceted disk/adapter tool and system installer for SprezzOS
  • Various projects on GitHub which I've not yet documented here...

Core stuff


  • One string-matching automaton to Rule them All! It must handle:
    • Thousands (millions?) of patterns concurrently
    • Initially targeting GigE wire speeds
    • UTF-8 (at a minimum) and various transcodings
    • Small-memory (embedded) environments
    • Most elements of regular expressions (definitely all the syntactic sugar)
  • Uses libblaze as a memory management helper


  • Use cpuid to select and dlopen(2) a processor-specific set of low-level routines
  • Expose cpuid and SMP details
  • Expose algorithms for memory management / layout tuned to cache/DRAM parameters (detected with SPD)
  • Material largely inspired by Warren's Hacker's Delight.
  • Might have already been superseded by liboil. That damn open source community moves fast!



  • Network traffic analysis (ala Wireshark or tcpdump) with strong covert channel detection
  • Passive network modeling (protocols, services, hosts, versions) initially
    • To be paired with vulnerability correlation, active probing, histories (ala SourceFire RNA?)
  • Higher layers do not restrict the inductive analysis of lower layers, but influence the deduction
  • Automata-based analysis of content builds up possibility space of what it CAN be
  • Expert knowledge-based reduction of possibility space adds input as to what it OUGHT be
  • Neural net-based learning with state determines what it IS
    • Over time, confidence in matching both recurring and new traffic increases
  • Uses Parvenu as a pattern-matching helper


  • The inverse of Zetetic. Take a leak (alternatively: "You're in")!
  • Use arbitrary combinations of protocols (and fuzzing/embedding thereof) to find channels
  • Goals: if even a bit of controllable information can be used as a channel
  • Goals: Zetetic should be able to find us, but nothing of lesser power!
  • The ultimate assistant for: whistleblowers, samizdat publishers, hax0rs stuck in airports, Iranians


  • Checks sysctls, netstat, /proc, etc for network settings. Makes extensive sensible recommendations.
    • Is device polling / NAPI in use? Do firewall rules disallow PMTU discovery?
    • Is TCP FRTO being used in the presence of wireless links? etc
  • Analyzes pcaps or raw sockets in situ, with filters, performing detailed diagnostics ie
    • "TCP 1323 high-performance extensions are being used in 24% of the connections"
    • "Fragmentation is resulting from port 7000's large UDP emissions, can we tune it this way..."


gcc stuff

debugging / reverse engineering tools

  • getgetopt -- discover a program's command line parameters via object analysis
    • maybe something to test combinations of command line parameters, as well?
  • getgccopt -- discover the compiler options used to build an object. difficult!
  • arrlimiter -- run object code with various rlimit restrictions to test failure paths
  • ploom -- pthreads debugging from process (tracing framework, object lookup + pthread knowledge, contention measures, etc)

Aborted/abandoned projects (very incomplete)

  • Investigate suffer and see whether it's feasible (update: fbcmd hendels its dendels Dank 23:05, 8 December 2008 (UTC))
  • Gyre, a programming language.