Breaking the Exclusive Lock

WinXP Exclusive File Lock Workaround


The default behavior of .nets System.IO.File.Open is to exclusively lock files. While not regularly a problem for developers, this can frustrate interested parties down the line, but here we are. There are essentially three ways to get around an exclusive file lock and they all suck.

  1. Ignore the lock via raw disk access
This solution sucks; writing raw disk access applications requires substantial development overhead and brings an entire universe of gotchas with it. The Win32 API provides access to this option via CreateFile on an MS-DOS device name [technically, it returns a Direct Access Storage Device handle usable by DeviceIoControl and standard Win32 APIs like WriteFile]. Note: 2008/Vista+ restrict direct disk access

  1. Ignore the lock via custom kernel driver
This approach sucks less, but writing an entire kernel driver as a workaround  to an exclusive lock sucks, not to mention security implications or signing requirements. That said, Eldos apparently recognized this problem and provide a commercial solution, RawDisk, which doesnt look terrible.

  1. Borrow the exclusively locked file handle
How much this approach sucks depends on the operating environment. A truly generic solution is extremely difficult and will probably flag antivirus someday. A highly specific solution can be quick and pretty easy, but any changes in the program/environment risk breakage.


Analysis

<disclaimer>Ill refer to the

February 08, 2013

(read more)

 



HTTPS Proxy and Script Beautifier

HTTPS Proxy and Script Beautifier


Minification helps developers protect their intellectual property and reduce bandwidth, but gets in the way of finding high-quality XSS or other-code-injection holes like indirect evals off XmlHttpRequests. This article adds a new hammer to the toolbox to assist against the problem; an integrated HTTP/HTTPS proxy (w/o ssl strip), inline beautifier, and local caching.

Usage:
$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
$ #add browser CA (Firefox: Preferences -> Advanced -> Encryption -> View Certificates -> Import -> Trust CA to identify websites
$ #set browser proxy (Firefox: Preferences -> Advanced -> Network -> Settings -> Manual Proxy -> HTTP Proxy 127.0.0.1 Port 8080
$ python proxy.py 8080 mycert.cert

January 15, 2013

(read more)

 



DLL Proxy MITM Maker

A DLL proxy stands in for, or interfaces to, a normal DLL. In security, these tend to be custom-made DLLs which reimplement key functionality of application or system DLLs. They might do so to enhance games (DirectX overlay), cheat at games (Direct3D proxy), subvert the browser (IE proxy), or just gain execution (Fax Malware). As the interaction between callee and caller, in practice, relies on assembly-level calls; building a DLL proxy tends to be a highly specialized task.

Some folks have generously made publicly available ones though, such as Michael Chourdakis. These make it a lot easier to make a DLL proxy! They don't make it much easier to actually Man-in-the-Middle (MITM) individual calls though. The latter requirement tends to be much more challenging. This DLL proxy generator provides a mirror copy of exports with scaffolding to mitm calls in, and results from, the original DLL.

Usage:
$ python dllproxy.py
usage: dllproxy.py <TargetDLL> <ProxyFileBase> [<TargetFunctions>]
$ python dllproxy.py inetcfg.dll InetProxy InetSetProxy ConfigureSystemForInternet

January 11, 2013

(read more)

 



Amazon Price Check


A friend of mine, enthralled with her new tablet, took to scanning each of the books in my little library. The app takes a snapshot of the ISBN and looks up the book online to get all the other details (author, title, category, etc). I figured that, given a huge CSV, it'd be an interesting experiment to figure out how much all my books were worth - were I to get market price for them, today.

Usage:
$ #acquire .csv of books w/ 4th element being ISBN
$ #fill AWS account credentials into AmazonLookup.py
$ python AmazonLookup.py

December 14, 2012

(read more)

 



HTTPS Proxy and Script Beautifier


Minification helps developers protect their intellectual property and reduce bandwidth, but gets in the way of finding high-quality XSS or other-code-injection holes like indirect evals off XmlHttpRequests. This article adds a new hammer to the toolbox to assist against the problem; an integrated HTTP/HTTPS proxy (w/o ssl strip), inline beautifier, and local caching.

Usage:
$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
$ #add browser CA (Firefox: Preferences -> Advanced -> Encryption -> View Certificates -> Import -> Trust CA to identify websites
$ #set browser proxy (Firefox: Preferences -> Advanced -> Network -> Settings -> Manual Proxy -> HTTP Proxy 127.0.0.1 Port 8080
$ python proxy.py 8080 mycert.cert

November 15, 2012

(read more)

 



Cloning Linux VMs - Consistent Interfaces



When cloning a Linux virtual machine, reinitializing the MAC address renames the network interfaces. For example, "eth0" stops referencing a valid device and "eth1" now references the first ethernet device. This doesn't work well with clones though; I like reinitializing MAC addresses for concurrency, but I dislike new names and particularly dislike waiting 120+ seconds for "new" interfaces to "start".

October 06, 2012

(read more)

 



Defense Office of Hearings and Appeals

Improved Search Interface

Legal precedents oft lead down weird paths.

Greene v. McElroy essentially forced due process upon the DoD when adjudicating access / security clearances. The Defense Office of Hearings and Appeals now handles all those adjudications and even publishes them online, but they're difficult to search in any comprehensive manner.

Others have recognized this problem in the past and at least one person, Dino Beslagic, has made a much better interfaces. Unfortunately, one of the questions I wished to ask (how prolific are several clearance-specialized lawyers) wasn't possible at that time. That seemed readily resolvable and provided an excuse to play with Rails, an old itch I've been meaning to scratch. And here's the result: it isn't particularly pretty, but does expose a fairly thorough [if syntactically limited] search interface.


DOHA Search


Top 10


NameCases
Pro Se11346
Alan V. Edmunds186
Sheldon I. Cohen69
William F. Savarino62
David P. Price59
Thomas Albin45
Elizabeth L. Newman35
Richard Murray32
Joseph Testan29
John F. Mardula29

September 14, 2012

(read more)

 



PingFS: Living in the Rain

aka How to get blackholed by Google

Phuby was introduced to an unsuspecting world by two programmers back in 2009. This has made a lot of people very angry and been widely regarded as a bad move. The developers do a great job explaining why, but as they point out the product is engineered quite well. The GoSmart Clip fills a similar niche; a driving companion that makes txting behind the wheel a snap! So inspired, my friends and I stumbled upon a similarly counter-productive, useless, yet programmatically interesting project (thanks Kurt). Thus was the Ping Filesystem born. PingFS is like holding up the clouds by swatting the rain back up.

PingFS is a set of python scripts which, in Linux, provide virtual disk storage on the network. Each file is broken up into 64-1024 byte blocks, sent over the wire in an ICMP echo request, and promptly erased from memory. Each time the server sends back your bundle of joy, PingFS recognizes its data and sends another gift [the data]. Download at the bottom of the page.

Usage:
[drop all the files in one directory (via unzip or individual download)] 
# mkdir mount_dir/
# python ping_fuse.py mount_dir
# ls mount_dir
# echo cats

April 01, 2012

(read more)