Hackery: Difference between revisions

From dankwiki
2,441 bytes removed ,  05:38, 12 July 2012
Undo revision 5024 by Dank (talk)
m (Reverted edits by Dank (talk) to last revision by WikiSysop)
(Undo revision 5024 by Dank (talk))
Line 1: Line 1:
==Open source detritus==
===Various open source contributions (very incomplete)===
* Implement handling of [[C99]] [ variadic macros] in [ splint] (see [ this], [ this] and [ of course this])
* [[Valgrind]]:
* Review cryptographic implementations in [ pidgin] -- last time I looked (back in the bad ol' gaim days), its usage of [[OpenSSL]] was all FUBAR
** Added support for [ CDROM_GET_CAPABILITY] <tt>ioctl</tt>
* [[Subversion|Subversion's]] --xml and --ignore-externals options couldn't be used together properly in <tt>svn status</tt>, at some point. Investigate, rectify.
* libblkid (util-linux)
* Various [[Debian]]-related things
** [ Fix #1]
** [ Fix #2]
==Projects with their own pages==
** [ Fix #3]
* [[libdank]]: Long-term personal collection of routines / application frameworks with a low-level feel
** [ Fix #4]
* [[TANGE]]: Terminal Application (Next-Generation Emulation)
* [ Wireshark]:
* [[ctxdiff]]: Context-sensitive fractal fuzzy diffing
** [ Fixed handling] of IPv4 fragmentation bits.
* [[xsh]]: Exactly what it sounds like!
* [ iproute2]
* [[makelint]], which immediately suggests? [[lintmake]]
** Many [;a=blobdiff;f=man/man8/ip.8;h=0f9f454737c5a5977026752321d620d7bee79158;hp=68887bacff00e6e03f4e035a5935f557aa79bd83;hb=db4a7f198b6193a1e584c3b6647d92bb6c66fb52;hpb=14a1c164d12e32415acc44ef566fcf52ff4dd113 man page] fixes
* [[Linux APIs|Linux kernel]]:
==Core stuff==
** [ Added support] for Model-30 [[Nehalem]] processors in [[Oprofile]] ([ more discussion] on oprofile-users)
** [ Addressed issues] in [[pages|HugeTLBFS]]'s API.
** [ Addressed] an issue in IPv4 address/route removal.
* One string-matching automaton to Rule them All! It must handle:
** Worked out some kinks in Matrox G400 framebuffer and SiS-5591 IDE drivers.
** Thousands (millions?) of patterns concurrently
** [ Next Generation Posix Threading] maintenance
** Initially targeting GigE wire speeds
* [ strace]:
** [[Using Unicode|UTF-8]] (at a minimum) and various transcodings
** [ Addressed issues] in various architectures' [[Linux APIs|sendfile(2)]] support.
** Small-memory (embedded) environments
* [ x86info]:
** Most elements of regular expressions (definitely all the syntactic sugar)
** [;a=commit;h=17d9bf43f775f5a780bcccbca52e2ce37c3ca1f1 fixed] feature-specific TLB and cache detection
* Uses [[Research ideas#libblaze|libblaze]] as a memory management helper
** [;a=commit;h=a8af3758826f545b289a40ecefa627de1e5e9e90 added] support for several Intel caches
* [ DynamoRIO]:
** [ added] [[Nehalem]] support
* Use [[cpuid]] to select and dlopen(2) a processor-specific set of low-level routines
* avant-wireless
** Observe the details within [ Ulrich Drepper's] fine document!
** An [ AWN applet] which tracks wireless connection properties, and spawns wpa_gui
* Expose [[cpuid]] and [[SMP on x86|SMP]] details
* iw
* Expose algorithms for memory management / layout tuned to cache/DRAM parameters (detected with [[SPD]])
** [ Correct unsigned] ints used to hold signed data
* Material largely inspired by Warren's ''[ Hacker's Delight]''.
* Snort
** And to a lesser, far less rigorous extent, Kaspersky's ''[ Effective Memory Usage]''.
** Various [ signature documentation]
* Might have already been superseded by [ liboil]. That damn open source community moves fast!
* Network traffic analysis (ala Wireshark or tcpdump) with strong covert channel detection
* Passive network modeling (protocols, services, hosts, versions) initially
** To be paired with vulnerability correlation, active probing, histories (ala SourceFire RNA?)
* Higher layers do not restrict the inductive analysis of lower layers, but influence the deduction
* Automata-based analysis of content builds up possibility space of what it CAN be
** Probability multipliers (products of series) paired with non-deterministic automata
* Expert knowledge-based reduction of possibility space adds input as to what it OUGHT be
* Neural net-based learning with state determines what it IS
** Over time, confidence in matching both recurring and new traffic increases
* Uses [[Research ideas#Parvenu|Parvenu]] as a pattern-matching helper
* The inverse of [[Research ideas#Zetetic|Zetetic]]. Take a leak (alternatively: "You're in")!
* Use arbitrary combinations of protocols (and fuzzing/embedding thereof) to find channels
* Goals: if even a bit of controllable information can be used as a channel
** Tunnel [ openvpn](?) (and thus [ TOR](?)) under it
* Goals: [[Research ideas#Zetetic|Zetetic]] should be able to find us, but nothing of lesser power!
* The ultimate assistant for: whistleblowers, samizdat publishers, hax0rs stuck in airports
* Checks sysctls, <tt>netstat</tt>, <tt>/proc</tt>, etc for network settings. Makes extensive sensible recommendations.
** Is device polling / NAPI in use? Do firewall rules disallow PMTU discovery?
** Is TCP FRTO being used in the presence of wireless links? etc
* Analyzes pcaps or raw sockets ''in situ'', with filters, performing detailed diagnostics ie
** "TCP 1323 high-performance extensions are being used in 24% of the connections"
** "Fragmentation is resulting from port 7000's large UDP emissions, can we tune it this way..."
===[[gcc]] stuff===
* Work on [ RABLET]
* It'd be interesting to take [[ GIMPLE]] and apply it to [[malware analysis]]
* Work on finishing out [[ISO C99]] support
* Work on [ Coding Rule Checking] (GGCC)
===debugging / reverse engineering tools===
* getgetopt -- discover a program's command line parameters via object analysis
** maybe something to test combinations of command line parameters, as well?
* getgccopt -- discover the compiler options used to build an object. difficult!
* arrlimiter -- run object code with various rlimit restrictions to test failure paths
* ploom -- pthreads debugging from process (tracing framework, object lookup + pthread knowledge, contention measures, etc)
==Aborted projects (very incomplete)==
* Investigate [[suffer]] and see whether it's feasible (update: [ fbcmd] hendels its dendels [[User:Dank|Dank]] 23:05, 8 December 2008 (UTC))