REVERSE ENGINEERING A BINARY 2

DISCLAIMER Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country. THE CODE In this example we have a bit more complicated program which assigns two integers to varibles then performs a multiplication on them to get our code :

PYTHON FREQUENCY ANALYSIS FOR CIPHERS

Frequency Analysis is the study of the frequency of letters or groups of letters in a cipher text. Using Python we can extract the count of letters, bigrams, and trigrams, lets have a look shall we: $ ./frequency.py –help usage: frequency.py [-h] [–letters] [–bigrams] [–trigrams] msg positional arguments: msg Message to count letters in optional arguments: -h, –help show this help message and exit –letters, -l Frequency of letters –bigrams, -b Frequency of bigrams –trigrams, -t Frequency of trigrams Lets go ahead and enter a simple sentence and do some testing:

WACKY PYTHON IMAGE CREATION

The other night I had a wacky idea of extracting each pixel from an image in order to save it as a plain text ASCII file. Of course this is not ideal and can take a bit of time, but like most things I do with python its just for the fun of it. I figured the easiest way to achieve this would be to use Python’s Image library and save the output to a serialized pickle text file.

CLEARING VARNISH CACHE WITHOUT RESTART

There has been a number of times when I’ve needed to clear the Varnish caching server’s cache, but had no clue how to do this. This resulted in me restarting Varnish, which really wasn’t needed. The easiest way to clear the Varnish cache (without restarting) is by using the varnishadm command line tool: varnishadm -T 127.0.0.1:6082 url.purge . The man page for varnishd shows a number of command which can be used with varnishadm , but the one we need is url.

PYTHON RUNNING SYSTEM COMMAND

So there are a few ways to run system command using python, but I tend to find the below approach the easiest to use and has error handling. First off I would create a function rather than running the commands over and over: import subprocess def run(command): '''takes a string command and hands back a subprocess object''' process = subprocess.Popen(command.split(), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE) process.wait() return process The function itself is pretty small and makes use of the subprocess library .

CREATING QR CODE WITH GOOGLE

So today I thought I would be neat to show how to quickly create QR codes using Google’s Chart Tools . Google gives us a extremely easy way to create QR code by sending GET data request via URL: https://chart.googleapis.com/chart?cht=qr&chs=300x300&chl=nessy That is nice and easy, but I figured I would wrap this up in a small Python script just because: #!/usr/bin/env python from urllib2 import quote, urlopen, Request from poster.encode import multipart_encode from poster.

BRUTE FORCING SALTED PASSWORD

Since my last post showed how to check a salted password, I figured this time we can look over some example code for brute forcing a salted password. Of course this is just proof of concept and should not be used on any password you do not have access to. The code I tossed together is using a bit of some examples I found online, and is no where near optimized for speed, but as I will show it will work.

UNIX SHA-512 PASSWORDS & PYTHON

Well today I spent a bit of time looking up how /etc/shadow created their shadow passwords. I found a good source for the method at http://www.akkadia.org/drepper/SHA-crypt.txt , and if you take some time to review it you will notice the steps are a bit involved Lucky for us Python has a Crypt module that works nicely. First off I started by creating a dummy user with the password of test on one of my Linux computers:

WORDLIST WITH ALL POSSIBLE ASCII ELEMENTS

After a bit of thinking I believe I have a better way to create all possible ASCII pass phrases, rather than create a recursive function that calls itself as I did in the previous post. This method takes a slightly different approach, but I believe it to return the same results. First off let’s create a list of all lower case ASCII character numbers: >>> chars = range(97, 123) >>> chars [97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122] >>> map(chr, chars) ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'] Next we can set our max word width and current word width variables:

PYTHON LIBVIRT DOMAIN CONFIGURATION

So in my last article I talked a little bit about using libvirt to start and stop QEMU domains. In this article I would like to go over how domains are created. QEMU uses XML files for each domain configuration, and using libvirt we can access that data. First off lets connect to our local running QEMU instance: >>> import libvirt >>> conn = libvirt.open('qemu:///system') Next lets look for and link to a running domain: