Hackery

From dankwiki
Revision as of 10:40, 29 July 2012 by Dank (talk | contribs) (→‎drbenway)

Open source detrital TODOs

  • fix up ext3grep to work on ext4 filesystems
  • Implement handling of C99 variadic macros in splint (see this, this and of course this)
  • Review cryptographic implementations in pidgin -- last time I looked (back in the bad ol' gaim days), its usage of OpenSSL was all FUBAR
  • Subversion's --xml and --ignore-externals options couldn't be used together properly in svn status, at some point. Investigate, rectify.
  • Various Debian-related things
  • "taking OpenSSL's RAND_bytes() (which uses /dev/urandom, EGD, or a pregenerated seed file) function and stirring that into a target buffer of arbitrary length, such that use of actual high-quality entropy bits is constant (probably a read of several words each time a thread calls into (threadsafe from the start, no *_r() crap!) FAUXRAND_bytes() for the first time) has been on my plate since...well, since just now." (mail to Dr. Richard Vuduc, 2009-09-19)
  • mpd ought use filesystem change notification events to trigger database changes, not periodic or manual rescans
  • valgrind is missing some obscure ioctl's, including ethtool's

Various open source contributions (very incomplete)

Projects with their own pages

  • ptracer: Quick-n-dirty instruction trace generation tool
  • libdank: Long-term personal collection of routines / application frameworks with a low-level feel
  • TANGE: Terminal Application (Next-Generation Emulation)
  • ctxdiff: Context-sensitive fractal fuzzy diffing (not at all like shingleprinting)
  • xsh: Exactly what it sounds like!
  • makelint, which immediately suggests? lintmake
  • libtorque: Multithreaded event handler for UNIX on manycore NUMA
  • daytripper: Binary translation to take advantage of Intel's Loop Stream Detector
  • CUBAR: collection of tools for testing CUDA's security model
  • libcudest: open-source implementation of the CUDA userspace
  • LRUmap: O(1) LRU for massive numbers of sets
  • omphalos: multi-pronged network discovery
  • growlight: multifaceted disk/adapter tool and system installer for SprezzOS
  • Xcurses: a SYSV curses implementation making direct use of X-graphics primitives
  • Various projects on GitHub which I've not yet documented here...

Core stuff

Parvenu

  • One string-matching automaton to Rule them All! It must handle:
    • Thousands (millions?) of patterns concurrently
    • Initially targeting GigE wire speeds
    • UTF-8 (at a minimum) and various transcodings
    • Small-memory (embedded) environments
    • Most elements of regular expressions (definitely all the syntactic sugar)
  • Uses libblaze as a memory management helper

libblaze

  • Use cpuid to select and dlopen(2) a processor-specific set of low-level routines
  • Expose cpuid and SMP details
  • Expose algorithms for memory management / layout tuned to cache/DRAM parameters (detected with SPD)
  • Material largely inspired by Warren's Hacker's Delight.
  • Might have already been superseded by liboil. That damn open source community moves fast!

Networking

Zetetic

  • Network traffic analysis (ala Wireshark or tcpdump) with strong covert channel detection
  • Passive network modeling (protocols, services, hosts, versions) initially
    • To be paired with vulnerability correlation, active probing, histories (ala SourceFire RNA?)
  • Higher layers do not restrict the inductive analysis of lower layers, but influence the deduction
  • Automata-based analysis of content builds up possibility space of what it CAN be
  • Expert knowledge-based reduction of possibility space adds input as to what it OUGHT be
  • Neural net-based learning with state determines what it IS
    • Over time, confidence in matching both recurring and new traffic increases
  • Uses Parvenu as a pattern-matching helper
  • Forms an analysis engine for Omphalos

liburine

  • The inverse of Zetetic. Take a leak (alternatively: "You're in")!
  • Use arbitrary combinations of protocols (and fuzzing/embedding thereof) to find channels
  • Goals: if even a bit of controllable information can be used as a channel
  • Goals: Zetetic should be able to find us, but nothing of lesser power!
  • The ultimate assistant for: whistleblowers, samizdat publishers, hax0rs stuck in airports, Iranians

drbenway

  • Checks sysctls, netstat, /proc, etc for network settings. Makes extensive sensible recommendations.
    • Is device polling / NAPI in use? Do firewall rules disallow PMTU discovery?
    • Is TCP FRTO being used in the presence of wireless links? etc
  • Analyzes pcaps or raw sockets in situ, with filters, performing detailed diagnostics ie
    • "TCP 1323 high-performance extensions are being used in 24% of the connections"
    • "Fragmentation is resulting from port 7000's large UDP emissions, can we tune it this way..."
    • "Make an incision, Doctor Limpf. I'm going to massage the heart. Some fucking drug addict has cut my cocaine with Saniflush! Nurse! Send the boy out to fill this RX on the double!"

Compilation/binaries

gcc stuff

debugging / reverse engineering tools

  • getgetopt -- discover a program's command line parameters via object analysis
    • maybe something to test combinations of command line parameters, as well?
  • getgccopt -- discover the compiler options used to build an object. difficult!
  • arrlimiter -- run object code with various rlimit restrictions to test failure paths
  • ploom -- pthreads debugging from process (tracing framework, object lookup + pthread knowledge, contention measures, etc)

Aborted/abandoned projects (very incomplete)

  • Investigate suffer and see whether it's feasible (update: fbcmd hendels its dendels Dank 23:05, 8 December 2008 (UTC))
  • Gyre, a programming language.