Monday 24 July 2006 at 10:05 pm
Just got my first flame over MS History 2005. Apparently someone out there thinks it was a "waste of 9 minutes", and many other things. Well, let's just say his email got filed away as spam, and also forwarded to various spam reporters, with some slightly modified information in it.
And it didn't even take 9 minutes.
What fun.
Saturday 22 July 2006 at 10:47 pm
getAPLocation_v2.py
In the version 2 tradition - this one is much easier to use, and works much better than the v1 proof of concept.
Now with improved cookie managment. Just start it as normal, and it will prompt you to login. It saves the cookie in the file "wigle_cookie" in the working directory. Just run it from the same folder each time. You don't need to go through that whole cookie thing now - just start it as normal and it will prompt you to login if it doesn't have the required info.
./getAPLocation_v2.py login
will discard the existing cookie, and prompt you to relogin - if you need to change account for some reason, or the cookie gets corrupted... or expires after 10 years.
./getAPLocation_v2.py 00:12:34:56:78:90
is the standard usage.
Oh, and it's normal for it not to print anything for the password. That's the way unix password prompts work.
Enjoy.
Saturday 22 July 2006 at 6:48 pm
(note: I accidentally closed the wrong tab while posting. I'll keep it's replacement short.)
New toy for you all.
getAPLocation.py
Python script to get the location of an AP off WiGLE.
Howto:
1.
Create an account on wigle.net.
2.
Login to WiGLE.
3. Drag this link to your bookmarks bar:
Show Cookie. This is a short piece of javascript code that displays the document's cookie in an alert box.
4. Copy the code off the alert box. It should look something like this:
auth=themacuser%1F956613561%1F1155146170%1FepchUgMjhQt76E7fg%2FFCFh
5. Find the line in the script that goes:
cookie = "" # find it from your web browser. you must put it here.
and paste your cookie inbetween the quotes like so:
cookie = "auth=themacuser%1F956613561%1F1155146170%1FepchUgMjhQt76E7fg%2FFCFh" # find it from your web browser. you must put it here.
6. Run getAPLocation.py like so:
./getAPLocation.py 00:12:34:56:78:90.
Or if env doesn't know where Python is:
python getAPLocation.py 00:12:34:56:78:90
Todo:
Multiple APs in batch mode
KML output
Ability to specify username/password instead of cookie.
Ability to detect that cookie isn't good (that you don't get the search page).
Modularize it (make it a function).
Closing Note:
Whatever would I do without Wireshark. So useful.
Another note:
Maybe I should use the
WiGLE API - it would be more efficient. Except for all the warnings that it's going to break...
It would be very nice if they had an API they could keep constant.
Yet another note...
If you are logged into the forums, there's extra PHPBB data in the cookie. You want just the auth= part. Make sure there's no trailing ;.
Enjoy.
Friday 21 July 2006 at 6:02 pm
http://kismac.de/_trac/ticket/126
Two new Growl notifications for revealing a hidden SSID and receiving a WPA authentication.
Screenshot
Update:
Committed
Thursday 20 July 2006 at 8:55 pm
http://osx.iusethis.com/
It's kinda like digg, but for apps. And the Mac session isn't filled with mac haters saying "Not another Mac thing" whenever someone posts something :)
View my profile!
http://osx.iusethis.com/user/t3h
Thursday 20 July 2006 at 12:33 pm
http://news.com.com/2300-1026_3-6095928-9.html?tag=ne.gall.pg
Recognise that? MS History 2005. My video.
Wednesday 19 July 2006 at 7:06 pm
Filmed the first bit of Stack Underflow yesterday. - Brett came round for the day. Filmed an entire hour of footage, cut it down to 5 minutes.
Got angry again at camera. After having many parts replaced, the tape noise in the recordings is slightly better. The camera's autofocus still seems to be worked by a person with some kind of mental disorder - it randomly loses focus, and keeps refocusing for no reason.
What have I learnt?
• Having more of an idea about what we're going to say (maybe not a complete word-for-word script, but just more planning) would be good.
• Use vnc2swf or similar, and record the screen image.
• Use manual focus while filming nearby objects, because the camera's autofocus is complete garbage.
• I think we need to invest in an external microphone. Haven't got money to spend on that yet unfortunately. Sound is passable now, but could be better.
• A nmap scan of microsoft.com takes too long. Stupid slow windows servers :). I'll save you the trouble: there are two open ports - 80 and 443.
Tuesday 18 July 2006 at 2:58 pm
Kismac r154 =
http://kismac.de/_trac/changeset/154
http://kismac.de/_trac/ticket/124
After much fun, my code's in there!
Download a binary version of KisMac r156 (yeah, two more things got committed after that... well, one actually, and a fix for it.) from here, for those of you source-code-compiling-inhibited...
here
In related news, dnet_addr has been updated to remove that exception upon quit pre Python 2.5. Fixed by replacing exit() with sys.exit().
Updated versions available here (or same place as old ones):
http://gm.stackunderflow.com/python/dnet_addr.py
http://gm.stackunderflow.com/python/dnet_addr_v2.py
Tuesday 18 July 2006 at 1:09 pm
x:~/dev/python gm$ sudo ./dnet_addr_v2.py en1 192.168.1. 0-255
Scanning on en1
Scanning network - press enter to stop listening for ARP:
...............!.!..........!!!
Tuesday 18 July 2006 at 11:00 am
x:~/dev/python gm$ sudo ./arp_read.py en1
arp who-has 192.168.1.2 tell 192.168.1.32
ARP 192.168.1.2 is at 00:11:24:0a:36:38
arp who-has 192.168.1.1 tell 192.168.1.32
ARP 192.168.1.1 is at 00:14:bf:76:2e:ca
Last time I coded something to send out custom ARP requests. Now I've coded something to decode them and their responses. The two are coming together.
Think scanrand-style ARP scanning.
Monday 17 July 2006 at 7:44 pm
http://gm.stackunderflow.com/python/dnet_addr.py
dnet_addr, alpha 1.
A simple ARP host scanner. Nice and fast too.
Usage:
./dnet_addr.py devicename network hostrange
e.g.
./dnet_addr.py en1 192.168.1. 0-255
Requirements
libdnet with python modules required.
If you are able to do this (not on my terminal, on yours :)), you have them.
x:~ gm$ python
Python 2.5b2 (r25b2:50570, Jul 11 2006, 09:46:24)
[GCC 4.0.1 (Apple Computer, Inc. build 5341)> on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import dnet
>>>
(note no error messages here)
todo:
- Scan something other than class C. Class B probably. Scanning class As... hmmm.
- Percentage progress on the operations
- Find out how much wait time is actually needed for the kernel to note down the ARP requests...
- Fix that error that happens when you call it with no arguments. Upgrade to Python 2.5 beta if it annoys you.
maybe:
- Use libpcap to get responses back.
- Add support for spoofing MAC and IP addresses - scan as someone else
Oh, and there's no libnet usage here. I coded the stuff libnet manages myself.
Can someone with a Linux machine actually check to see that it IS in fact scanning, and getting entries into the arp table, not just reading the existing ones?
Monday 17 July 2006 at 6:51 pm
(click for full size image)
If it's not clear, then:
My python program generated that ARP request.
Monday 17 July 2006 at 2:53 pm
I've tried with Libnet 1.1, and Libnet 1.0. Neither will make pylibnet compile.
I'm trying with libdnet instead. Might have to code my own in stuff that's done by libnet, but I think I can manage.
Monday 17 July 2006 at 2:18 pm
Or... I could just install the old libnet, and be done with it. Although it is slightly harder to use...
The two can coexist on one system...
Monday 17 July 2006 at 1:48 pm
Started learning Python last night.
I've been trying to use pylibnet -
http://pylibnet.sourceforge.net/. However, it seems to be built around libnet 1.0. I thought it would be a case of simply making a header file to #define new to old. However, it's not that simple. Libnet has been rewritten completely for 1.1...
Saturday 15 July 2006 at 11:50 pm
/usr/bin/ld: Undefined symbols:
_vfprintf$LDBLStub
_printf$LDBLStub
_snprintf$LDBLStub
_vsnprintf$LDBLStub
_sprintf$LDBLStub
collect2: ld returned 1 exit status
make: *** [nmap> Error 1
Nmap 4.11 failing to link. Those functions are actually stub functions for the real functions, but the library that the LDBL stub functions are defined in is not included for some reason or another. Run ./configure as usual, and edit the Makefile.
LIBS = -lnbase -lnsock libpcre/libpcre.a -lpcap -lssl -lcrypto libdnet-stripped/src/.libs/libdnet.a
Add -lSystemStubs on the end of that line.
LIBS = -lnbase -lnsock libpcre/libpcre.a -lpcap -lssl -lcrypto libdnet-stripped/src/.libs/libdnet.a -lSystemStubs
Save, close, and make as usual. And enjoy.
Saturday 15 July 2006 at 10:52 pm
About a month ago, I installed Debian on a spare PowerBook 3400 I had. It works rather well. About a week ago, I decided to make it a dualboot between Debian and OS X on my main machine - my 12" PowerBook G4.
What works / doesn't work:
Screen:
XFree86 took a few hours of fiddling before it would work. Use the nv driver, the card is at 0:16:0 on the PCI bus (if you have the 1.33GHZ 12" PB). I've now updated to debian unsable, and use xorg, which works just as well.
Backlight control won't work with the default debian kernel. I've compiled my own (2.4.17). After making a few stupid mistakes in the config (ext3 as a module... whoops! No wonder that wouldn't boot!), I made two kernels, the second of which worked. I'm onto my fourth now, and I have it right.
Enable CONFIG_PMAC_BACKLIGHT to make the backlight work.
Keyboard:
pbbuttonsd takes care of all the special "Apple" keys - brightness keys work (after putting userspace brightness control into kernel.). Sound volume keys work. Eject key ejects the CD/DVD drive.
Trackpad:
Works. Didn't have to do anything - yay.
Sound:
Works. Didn't have to fiddle with anything. Just include the AWACS driver in the kernel.
WiFi:
Broadcom BCM4316 - AirPort Extreme. Works fine with bcm43xx driver. bcm43xx-fwcutter cuts the firmware from the Apple driver nicely. Kismet works too. wpa-supplicant works to connect to my WPA2-secured AirPort Expres.
Bootloader:
Uses yaboot. Throw kernels in /boot. Mount hda4 into /mnt/boot, edit /mnt/boot/yaboot.conf to add in the kernel. The default debian kernel has an initrd, mine doesn't. Just don't specify that line.
Bluetooth
Should work. Haven't tried yet.
USB
Should work. Havent actually tried yet. Console messages are printed, devices found, so I assume it does. I should get my USB GPS going with Kismet. (It was working on a friend's linux laptop with kismet). Still, I use KisMac on OS X mainly, so I probably won't use kismet much.
FireWire
Works. While down at a remote location, (forgot my ethernet cable), successfully linked my machine to another 12" PB, and shared an internet connection over IP-over-1394.
Internal Modem
Should work. Haven't tried yet. I don't use dialup at all now.
More stuff:
I use Windowmaker as my window manager - nice NeXTish feel, and not annoying like Afterstep. Not resource intensive like Gnome/KDE, and not completely minimalist like icewm. (the 3400 has icewm).
Firefox is the web browser... not much else to say.
The other question is why I would do this. I have nearly every Linux app I want compiled on OS X. It's more just because I can.
Tuesday 11 July 2006 at 9:04 pm
A little more on my coding:
I know enough to program in the following languages: C, Objective-C (Cocoa), AppleScript and Hypertalk. I know some javascript (but not enough to do anything useful yet), some PIC assembly (enough to program some basic stuff), and about 2 instructions of PPC assembly. As well as the odd bit of PHP. Not much, though. Oh, and I know QuakeC. Fun language, that is.
I also can do a bit of bash scripting if necessary.
I code bits and pieces for
KisMac in my spare time...
So far, I've done for KisMac
Rewrote help files (Ages ago, before I could code)
Replaced MAC address / Vendor database - it now includes every IEEE listed vendor, instead of just a few.
Fixed up UI to conform with the Apple Human Interface Guidelines.
Fixed
this bug - saving while filtered messes up.
Improved greatly the CPU usage of the AirPort Extreme passive scan:
here - using the driver ioctls instead of having to start an external program.
Added
advanced preferences pane - many fun features to tweak.
Added
MIDI output for signal strength - this is lots of fun.
Improved
search code - not only can you search by SSID - but you can search by BSSID, encryption, vendor, channel, comment and type as well.
Added
Growl notification to KisMac. (also see
here
Worked somewhat on the "alternate"
themes - not sure where I put this code now. Never quite finished it.
So, if you've run KisMac, you've without a doubt used some of my code.
There's probably something I've forgotten here...
Tuesday 11 July 2006 at 8:39 pm
Well, this is my first post.
If you are reading this shortly after it's posting, you obviously somehow got here. It's not linked to anywhere on my website as of this time.
Now, as for the graphic up the top - can anyone actually guess what the code is?
Clue: It does something to airport extreme cards. I might actually get around to releasing it someday. Damn, that's too obvious now! Google some of the values.
Anyway, I just finished coding this:
http://kismac.de/_trac/ticket/124
Listen to it in action (at the office, with 11 nets in range) here:
http://gm.stackunderflow.com/kismac/soundOfTraffic.mp3
Edit: P.S. That MP3 file is actually of it playing with a different instrument. It sounds similar, but not quite the same.
