Sunday, December 21, 2014

Finally! Connecting to a UDP OpenVPN Server on Android Over AT&T's Mobile Network!

The last month of my life I have spent countless hours trying to get this to work... no matter what I did I simply could not connect to my OpenVPN server unless I was on wifi, and even then I would often have problems. Now, I am trying not to get too excited just yet, because I had this working a few days ago and then all of the sudden it stopped working. I reflashed a backup I had made after I got it working the first time around, and it worked again for a minute or so, then stopped. I was so frustrated that I honestly missed out on a lot of life over the last few days, because I have been so preoccupied with researching ways to get this to work.

To be even more honest, I am not even sure exactly why it is working now, because I have tweaked so many settings to get it to work. However, with that said, the latest settings I have tweaked are:

- I installed the OpenVPN binary directly to my phone's /system partition. This is apparently an updated version of the binary, that knows how to handle certain error messages that the OpenVPN for Android app does not know what to do with. It also requires a rooted phone, of course, because we need to write to the read-only /system partition. Even then, I had to use a customized build because since updating to 4.4.4 (custom Arearom10), when the system is mounted as read-write (through ADB or the terminal emulator), the binary would still not install because the write access is limited to the user who requested it. Since each application on an Android system is running as it's own user, in it's own sandbox, the OpenVPN binary-installer available on the Play Store does not work.

- I was using UDP port 443 for my VPN, and have been for quite a while. This is because it (used to be anyway...) that this port was always open, no matter what network I was connected to. Things have changed, and now, for whatever reason, I could not even get a TCP connection to authenticate over port 443! (wtf?)

- So I changed the port of my server to a random port with no official usage, and then it connected via a TCP connection! Yay... sort of. TCP is slow. So then I switched the server back to UDP, and... it still worked!

- I also had to specify a TCP MTU payload of 1500 in the config file (which is generally the default anyway, so I don't know why that needed to be specified, but it does!)

- Hmm... what else... I have tried so many different configurations that I cannot even remember them all. But the settings I just outlined above are currently working on AT&T's 3G mobile network, so if you are struggling to get this to work this is what I would suggest:

1) Change the port number to something random. If it does not work, try another port. You should find one that works eventually, given that you...
2) Also specify to "override" the MTU payload to 1500 in your client.conf file.
3) Install the OpenVPN binary to /system/xbin/openvpn (You can try the official installer from the Play Store, if that does not work use the APK file referenced above.
4) Also install the "OpenVPN Settings" app from the Play Store... not sure why this is needed, but it is working and I am so sick of fucking around with everything, that I will deal with having dual 'vpn connected' notifications for the time being...

That should be all. Let me know if this works for you, I hope this helps someone. I will also post a much more detailed guild once I figure out exactly what solved the issue. By the way, it works fine without any of these insane tweaks over Verizon's network... (again... wtf?)

Long live hackers. The world would suck without them. Thank you to the dude who wrote that tweaked binary installer! You saved my Christmas.

Update: Oh yeah... I almost forgot to remind you, in case you have not been paying attention or simply don't know... Easy-Rsa was updated a while ago, and if you are not using version 3 yet, than you really ought to upgrade it, and also please remember to use a separate machine as your Certificate Authority, as opposed to generating and signing all of your server & client keys on the same server (or worse, VPS...). This is very important (if you care about security), because whoever owns your VPS server can likely obtain a root shell any time that they want to, thus giving them access to all of your keys, which breaks the encryption of the entire network!

Friday, December 12, 2014

AreaRom10 is THE Ultimate ROM for the Moto E, PERIOD!

Yesterday I had to travel to Boston, and I woke up late. I had a train to catch at 3:05, although I thought it left at 2:49 for some reason, and I woke up at 2:30. I grabbed my briefcase and proceeded to sprint to the train station, as the phrase "catching a train" took on new meaning to me. I was in such a rush that I did not realize I left all my USB cables at home. That sucks, because with the rooted stock ROM, I have had problems with wifi tethering, and I needed a secure internet connection for my computer while on the train. (I don't trust public WiFi if I can help it!)

I spent most of the train ride trying to figure out why tethering has been such a pain to set up, and although I learned a lot about the way Android KitKat allows carriers to hijack DNS queries and makes it difficult to set up tethering, transparent proxy's, and many other things, I decided that I am totally sick of messing around with various settings and tweaking everything myself. So I decided to give installing a custom ROM another shot when I got home.

This time, I opted to go with AreaRom10 for the Moto E, from AndroidArea51. I've had good luck with these developers ROM's in the past, and it seems that every other ROM for this phone (including Cyanogenmod) that I have tried breaks mobile data functionality. That bug limits me to WiFi, which is simply unacceptable because there are many times when I need an internet connection on the road. The ROM is based on KitKat 4.4.4, yet features like App Ops still work flawlessly (see my previous posts for terminology explanations). I did not even have to mess around with the APN settings to connect to the mobile network (although I did have to adjust the MMS settings, I'll get to that later).

I am so happy that I made the decision to go back to AreaRom! After flashing Arearom10, I performed a factory reset through TWRP, as instructed by their website. I then rebooted the device. After the annoying boot-loader unlock warning disappeared (which I am replacing with something cooler right now), a pretty impressive looking boot animation appeared, resembling wispy smoke patterns in high definition (or something like that). It was immediately apparent to me that the Area51 developers spent a lot of time on this ROM, because everything from touch screen responsiveness, to the awesome theme was so much better than the stock ASOP.

I signed into my Google account, and all of my apps, contacts, and data were restored without any issues. The ROM runs smoother than the rooted stock with Xposed I was using, and most of the Motorola bloat was already removed, except for a few applications that may actually be useful at some point. Although a couple of dump apps like "Ebay" and "RocketPlayer" were included, this is not a problem, as I simply removed them via Titanium Backup. It also came pre-installed with the Xposed framwork and GravityBox, the ROM is totally deodexed, and everything just works!!! I installed XPrivacy, fine tuned the permissions, reset my encryption keys, and now I am back in business. I cannot believe how painless this ROM has been to set up, and I really wish that I had installed it weeks ago, as it would have saved me a lot of headache...

Transparent proxy functionality with Orbot is now completely working after installing a custom IPTables app, and besides the firewall rules, no further configuration was needed. Tethering works perfectly out of the box, and it seems that the ROM has even fixed the evil DNS hijacking that either Google or my carrier has implemented. The only things that I have not managed to get working yet is my LUKS partition, SSH port forwarding proxy, and I still cannot seem to connect to my OpenVPN server from my computer when tethering. I may need to create a TCP protocol VPN for this phone. I am assuming that AT&T blocks UDP streams or something, maybe in an effort to stop people from using Bittorent, because OpenVPN worked flawlessly when I was on Verizon's network. However, these are all minor issues that I will find workaround’s for in due time.

In conclusion, if you are a frustrated GSM Motorola E user, I would highly recommend that you unlock your boot-loader and install AreaRom right now. You will not be disappointed. I am actually quite shocked that AndroidArea51 does not get as much recognition as the other ROM's available on XDA (which are buggy, at least in my experience). These guys really know their sh*t, are devoted, and have literally saved my life on almost every Android device I've owned.

May the Source be with you! Thank you AndroidArea51!

Sunday, November 30, 2014

Staying Secure On Your Non-Rooted Android (updated!)

Since I have been writing a lot about Android security and tweaking, I figured that since the average Android user is not rooted, more people than not can't really benefit from the previous post's information. So this post is for users who either do not want to, or cannot obtain root on their devices, yet still want to stay secure and figure just how far you can tweak things without the superuser access.

I recently had to deal with a non-rooted phone for a couple weeks before my new device arrived, and had to rediscover a few simple, easy things that one can do to gain a little privacy back, and not risk messing with critical system files, as with root methods.

Terminology:

Root Access : To fully understand the concept of 'rooting' your phone, you need to understand a couple simple things about the way Linux works. Android phones/tablets runs off the Linux kernel, as do many other types of devices (such as routers, printers, cameras, P.C.'s, web-servers, etc). The kernel is the heart of the os (Operating System), and if all is well, you should never have to think about it or even "see" the kernel. What you see when you turn on your phone are programs. Linux was designed this way intentionally, and that's partially why Android is so user friendly. On every Linux system, there are many users running around performing various tasks in the background to make it all work. By keeping your programs separate from the system's programs, we are able to keep things secure, because each user on a properly configured Linux system can only access what it is supposed to be able to access. The only exception to this is the superuser, or the root account, which can change anything! Unix/Linux based systems were built this way because back in the old days you would have hundreds of people plugged in to the same main frame, and they needed a very secure way to make sure nobody had access to things that could wreck the entire system. This is the way it still works today.

When you purchase a new Android device, the phone ships without a root/admin account present. This is basically to protect you from yourself, because another great thing about Linux systems is that you can do NO permanent harm to the system without root access. This works pretty well for most people, but if you are like me, and know your way around Linux, and know what you are doing, it sucks. It is so much easier to lock down a rooted device, but you can still do quite a bit to keep yourself secure. After all, it is a Linux system, and is secure by nature.

The Problem

The problem is that people allow apps to be installed that require unnecessary permissions, which in turn compromises their privacy. Or in other cases, phone manufactures ship devices with worthless, malicious apps that cannot be uninstalled... (because you don't have root!)


These days there are so many applications running on your Android device, millions more in the Play Store, and most people blindly accept all of the permissions for these apps, not realizing how much of their personal privacy they are giving away for a stupid game, or the disgusting Facebook app (probably the worst app in history, if you are concerned with privacy). For instance, the Facebook app has permission to access:

  • Your Camera
  • Your Microphone
  • Your Course & Fine Location
  • Your Personal Files (anything on the SD card(s)
  • Probably even your heart&soul, not sure, as I did not read the terms and conditions
  • And all this without you even knowing, unless you actually read the terms of service...
And that's just one example. If you want another, take a look at the permissions that even the YouTube app requires, it will blow your mind. However, Android is just Java running on top of a Linux Kernel, hence it can be secured with relative ease. At first, the app permission system worked pretty well, until developers realized that so many people blindly click accept, without thinking twice. This gave some greedy developers the opportunity to sneak adware/spyware onto millions of people's phones with the customers consent. In fact, many of the apps that come pre-loaded onto your device that cannot be removed without root (we call this 'bloatware', much of it also has unnecessary permissions that compromise your system, and hence your personal privacy.) These apps make possible anything from eerily targeted advertising, to blatant data-mining, to even identity theft. So what can you do about it without superuser (root/SU/administrative) access?

Solutions

The first thing you ought to do install an app like No Root Firewall. This program is quite effective at protecting privacy, as it allows you to decide which apps get internet access, and which ones do not. So even if an app succeeds at collecting personal information, you will be safe; i.e. if the program cannot connect to the internet to relay the information it's collected back to the evil entity, it does not matter. It's not unlike getting busted going through customs, smuggling too much caviare, and being detained-- the firewall will prevent that data from ever leaving your device.

How does this work without root? Well, thankfully we are running Linux systems here, and Linux allows Virtual Private Networks (vpn's) to be configured. VPN's are, as the name suggests, virtual networks, and they have many uses. The primary use of a VPN is often to put your device on the same LAN (local area network) as other devices in a remote location. For instance, corporations use them all of the time so that when an employee works from home, they can be on the companies private network and access the necessary corporate resources. Another plus of doing this is that an encrypted tunnel is created between your internet connection and the VPN server, so anybody attempting to eavesdrop on your traffic between those points will not have any luck. But what does this have to do with a firewall?

Well, in this particular case the No Root Firewall will create a virtual network interface (adapter, card, etc) on your phone, and will force the system to route all of your traffic through this interface. Your sensitive data will not be passed to any remote server, rather the app simply creates a local virtual interface that catches all of the internet requests your device makes, at which point you will be prompted to either allow or deny access! It is ingenious, if you ask me. If you are still a little lost, think of like this:

Instead of the data requests blindly passing through your data or wifi connection, the request are halted and denied access until you say otherwise. For instance, when you boot your phone, you may notice that apps like YouTube, Google Hangouts, and other things you may never use automatically start, and then can freely make internet connections without your consent. However, if you have a local VPN based firewall catching all of those request, it puts you in control. So you can choose to allow the apps you need, like your browser, Google Play framework, and MMS messaging, while denying the apps that you do not use, or do not require internet access to run (this also is useful for blocking in-app adds, btw...).

A firewall is the first and most essential part of any devices internet security. While all Linux systems come with the highly effective IPtables firewall, you need root to configure them, so in this case, this method is the next best thing. Be aware that it is possible for evil entities to extract data through other applications, although unlikely because of the way the Android platform keeps each app in it's in own Virtual Machine, or sandbox (as to prevent shared resource data leaks as mentioned above.) Just remember it's possible, and try your best to limit internet access only to programs essential for the features you use. You will be much better off.

Download No Root Firewall from Google Play

Some other simple things you can do is go to your settings, and make sure that you turn off all of the location services, untick 'allow installation of apps from unknown sources', and opt out of all Google's or your OEM's data collection services (for instance, you will often see 'periodically send data to xxx's servers to help improve our whatever...' Unless you really trust the 3rd party with your personal data, I'd recommend you do not do this.)

Another rule of thumb I live by is: If you can do something in a web-browser, why do you need another application to complete the task? For example, it seems every company from your bank, to Dunkin Donuts to even Walmart offers they're own Android 'Apps.' These apps seldom provide any more functionality then you can already get through a web browser, and in fact, quite a few of them run off HTML anyway! You don't need the Dunkin Donuts application to do anything that you cannot already do on Dunkin's website. Since every app on your device is another potential security risk, I recommend not installing unnecessary applications. Which brings me to my next tip:

How to Avoid Being Forced into Using 3rd Party Applications

Last I checked, when I tried to access Pandora from my phone, it would not allow me to use the web browser. Pandora told me I needed their 'official Pandora App' to stream music. ...(f***king why..?) My Firefox browser is perfectly capable of doing this, and there is just no need to install more (potentially) sketchy software.

One way around this is to use a browser like Dolphin Browser, that in addition to being a great, snappy-fast browser, allows you to spoof your user-agent. All that means is that you can set Dolphin to pretend it's a Desktop computer instead of a phone, which allows you to visit the Desktop versions of websites, which allow you to use the browser like you would on your PC.

Back when mobile internet first took off, it was great that web developers started offering mobile-optimised versions of their sites, which make it easier to navigate web pages on smaller screens, and also cut down on data usage and CPU power needed to parse (or load) the web pages. However, nowadays I feel like this feature is being abused, and tricking people into thinking that not only is yet another application necessary to accomplish a task, but that you will somehow get increased functionality out of it. This is generally not true at all, and installing all of these apps does no good for anyone but advertising companies, the NSA, and corporations that want to collect and sell your personal information. When you run something in a web browser, you tend to have more control over the process than if the data is being controlled by another application that does not include any privacy enhancing features (it's quite the contrary, these days.). Be aware of this.

Download Dolphin Browser and/or Dolphin Jetpack (cooler features, recommended) from Google Play.


*I also highly recommend downloading Firefox, and installing the add-ons Adblock Plus, Https-Everywhere, and NoScript. I use Firefox on my phone most of the time, and Dolphin when I need to spoof my user agent (FF can spoof U.A.'s, but it's harder to set up.)

Encryption, and Why You Should Use it

My last tips for increased privacy are to utilize some simple encryption features that also do not require root privileges:

Encrypt Your Phone's Local Data:

All newer Android systems (from Jelly Bean (?) and up) come with native phone encryption support. From the settings menu, you can go to security > encrypt phone, and follow the instructions from that point. This will encrypt your entire phone with a passphrase, so that if it is stolen, your information will be safe. It does not require any more software, and is one of the easiest, most basic things you can do to protect yourself. I believe that it uses the modern AES-256 cipher (the same one that the NSA uses themselves), to encrypt, so you can put your mind at ease.

Note: it is possible, although extremely difficult, to extract your encryption password from your phones RAM if the device is powered on when/if it falls into the wrong hands. This is because the password is cached to RAM while the device is powered on (it has to be so you can access your files). So, if you find yourself getting pulled over and want to ensure the cops cannot go through your phone, simply power off the device and worry no more.

Encrypt Your SMS/MMS Messages & Phone Calls:

Encryption can also be used to ensure your messages and calls cannot be intercepted by an attacker (this is usually called a 'man in the middle attack' and is becoming increasingly prevalent today). Basically, voice calls and SMS are sent in plain text (or voice), with no encryption, by default. However, your Android is perfectly capable of sending these messages in an encrypted format so that only the intended recipient can read the message or understand your voice conversations.

My personal favourite encrypted SMS/MMS application for Android is TextSecure. This nifty program not only allows you to import all of your currently stored text messages into a password protected, encrypted database (rather painlessly, I might add), but if the person you are texting is also using TextSecure, your messages will be secured with end-to-end-encryption. In other words, anyone attempting to intercept the message in transit will see a bunch of random garbage text that can only be decrypted with your intended recipients private key (TextSecure handles the key exchange for you). For more information on end to end (or PGP) encryption, see my article here.


Then, for phone calls, there is RedPhone. It uses the same public-key-cryptography system that text secure uses to encrypt your voice calls. Anyone eavesdropping at any point will hear a bunch of static, and won't be able to understand a word that you say.

Get TextSecure and RedPhone from Google Play

I hope you've found this article informative. Good luck, and remember: Do Not Accept privacy invasion!

Wednesday, November 26, 2014

(updated 12/10/14!) Xposed: The Answer to All My Problems! Hacking the Moto E...


Notes

This post is a synopsis of the customizations I've done to my Android devices so far. However, this is perhaps the most interminable and ongoing project that I am working on, so I may update certain information from time to time. If I do so, I'll highlight what has been changed, so that anyone trying to replicate the procedures outlined below will be have an up to date reference.

Secondly, although this information is more specific toward Motorola users with unlocked bootloaders, I'm going to add a lot of information that will help people achieve similar results, independent of the device used. Those are my goals.

Device Info & Background

After about a year of putting off getting a new cellphone, I finally bought a new one (or two). I did not want to spend a lot of money on a phone, but the phone had to be awesome, so that's partially why I waited so long. By awesome, I mean:

  • Carrier unlocked GSM so I can switch SIM cards and never be stuck with one particular carrier.
  • The phone's bootloader absolutely must be able to be unlocked, preferably without the OEM's consent or knowledge, as to avoid loosing my warranty, (you Europeans are lucky, I envy you.)
  • Of course, the phone must be rootable, but that should go without saying, as unlocked bootloader == you can do whatever.
  • I really wanted a Google Nexus, because those phones can be unlocked with one adb command, have the most support, and always get the newest Android version first. I got the next best(ish) thing, because I was tired of waiting and could not deal with my cracked up Galaxy Centura anymore. *

* Speaking of the Centura, I'd like to take this opportunity to acknowledge and thank the guys at AndroidArea51 for making that horrible device so much better with their Centura ROMS. Check out their site linked above. They make ROMS for a lot of obscure, not-so-popular phones that nobody else wants to bother with, and they do it for you, for free, and only to better the world!

Anyway, I also wanted a new, rugged, nice phone that would get at least an update to Android 5, in case I decide to keep it on a rooted stock ROM (which at this point, I have done although still waiting for Lollipop!)

Well, Motorola has made this all possible with their release of the Moto E (Codename "Condor"; XT1021, 1022, & 1023). The Condor is not the greatest or latest phone out there, but it's priced right, has just enough specs to do the job and not lag, and best of all, the GSM version of this phone (only the GSM!! not the CDMA version!!!) qualifies for the Moto Bootloader Unlock Program! This makes up for the lower specs immensely. After all, what good will your $600 Galaxy S5 do you if you cannot unleash the full power of the kernel, enjoy the freedoms of open source software, and above all, enjoy freedom of choice?

N00b Note: Unlocking your bootloader is not for the feint hearted! You can seriously mess shit up if you don't follow directions, research, and read, read, read first! I'm not saying don't do it, I'm saying be careful!

The Moto E uses Motorola's Fastboot bootloader, which is much like Odin on Samsung devices, except it's finickier than Odin. For instance, there are many situations where you can render your device useless if you're not really careful. Of course, it is almost always fixable, so fear not. Let's get to it.

Buy a Moto E off Amazon, they're only $119 right now (Remember, GSM only*)! First, you are going to need to unlock your bootloader. I'm sorry, but currently there is no way around this...no more one click roots, guys... (Motorola will give you an unlock code that you will then enter from your PC in fastboot mode, and eureka, you can now do what you want to do with your phone)

*EDIT: I initially purchased the CDMA version of this phone, and was very, very pissed off when I realized how far the Android world has come regarding locking their shit down. I returned it and bought the correct version. Don't make that mistake.

But don't do this yet. If you are impatient like me, and start to alter your system as soon as you take it out of the box, you are going to cause yourself much more headache in the long run. First, decide whether you want to upgrade your O.S. to 4.4.3 or 4.4.4 , mine came with 4.4.2 on it and I went to 4.4.3 but not 4.4.4 because there is no reason to do so (it just kills cool features). Although this does not matter so much because we have an unlockable boot-loader, and can do whatever the hell we want, it will save you some trouble because if you do alter any system files and take an OTA update, you will brick your phone. If you unlock or root before updating, you will have to wipe your phone, reflash to stock, unroot, and flash the stock firmware again before updating. Trust me, that is a pain in the ass.

The Good Stuff

Everyone wants Cyanogenmod. It's simply the best, most featured-packed, yet bloat-free, secure, stable, and awesome ROM out there for (supported) Android devices. Cyanogen has ported its mod for a diverse range of devices, while new or less common phones like mine often have unofficial, beta builds available for testing and further development. Eventually they become 'official' builds, after their stability has been proven, as per the open source communities peer review system, and the GPL.

This particular phone was finicky when i tried installing CM11 'Condor' (can be found on Github here). After flashing cyanogenmod, the phone functioned great, except mobile data did not  work.

I also had to install "GAPPS" (all the Google Apps in a separate zip) in order to get all of the Google Play framework and programs. I don't know if I downloaded the wrong version or something, but the Google apps were buggy as hell, and they were constantly crashing. I tried a lot of work arounds, but at this point I really needed my phone to just work, so I had to flash my original system again through my custom recovery, which is painless if you do it correctly. Measure twice, bake once!

In the end, after flashing back to rooted stock 4.4.3, using TWRP (no, not some nasty some Miley Cyrus gesture, but rather Team Win Recovery), which is an excellent program, and in my opinion, the best custom recovery available for Android devices right now, as there are many amazing features, including touch support! (So no more thumbing around with the volume and power buttons like in {the old} ClockworkMod!)


I considered installed AreaRom's Moto E rom, but after having to rotate TextSecure PGP keys several times (even after restoring from a Nandroid backup), I got tired of the whole thing and just stuck to rooted stock. I probably will try AreaRom's Moto E ROM at some point, but for now...

Xposed Is Solving All My Problems

I took a closer look at the Xposed framework module, which is something I kept seeing everywhere on the xda forums, but had not really looked into. It is a module for rooted devices that lets you tweak every aspect of your system, like freaking magic... the best part is that all you need to do is install one APK file and reboot a couple times, and you are good to go! So what exactly is Xposed?

Well, it is framework developed by some really ingenious people, for rooted Android (4.0+ ..?) devices that allows you to download modules written by other members of the Android Dev community (or write your own), and these modules let you customize just about everything on your device. Here's a quote from a reddit thread listing some of the modifications one user was able to perform with the Xposed framework: (source)

I also haven't seen any performance issues, and I'm running quite a few modules...
  • AcDisplay (Modified lockscreen/notification screen)
  • ActivityForceNewTask (Forces apps to open new tasks when opening another app so that you don't have the wrong app showing in recent tasks)
  • Always Correct! (Forces correction on the keyboard for all fields)
  • CrappaLinks (Unshortens links before actually going to them, so that you don't have to open chrome first)
  • Gesture Navigation (Multi-touch OS-wide gestures)
  • GravityBox [KK] (TONS of visual enhancements... and more)
  • Greenify (Keep those pesky apps in check)
  • LWInRecents (Live Wallpaper shows in recent tasks)
  • MinMinGuard (Removes ad frames, works in conjunction with AdAway)
  • WakeLock Terminator (Keeping apps in check, once again, especially Nlp wakelocks from google play services)
  • Xposed GEL Settings (Customize Google Experience Launcher)
  • Youtube AdAway (Obvious)
  • Preference Injector (Puts my modules that offer an interface into the settings app for convenience)
  • DarkTube (Dark theme for Youtube. Came out very recently)
  • Hide Xposed IME (Hides the irritating notification to switch input methods
  • Keep Trash (Takes the trash button out of the overflow menu in Keep)
  • No KeyboardAutoPopup (Hides the keyboard when apps want to force it open on launch)
  • Play Store Link in App Info (Puts a button to the play store in the app info in settings)
  • StopSwitchDelay (forces certain apps to launch quickly from google now)
  • Xposed Light Sensor Filter (Sometimes the Nexus 5 light sensor reports very high levels randomly... This evens those spikes out.)
As you can see, you can do quite a bit. GravityBox has at least as many customizations as the rest of the list combined, too. Too many to list.
You get the point. This framework essentially allows me to build my own custom ROM for my phone, and you can do the same with yours!  Here is a couple things I've done with Xposed modules so far:

  • Enabled App Ops (the most awesome feature ever that Google killed in 4.4.2 ... retards.) This allows me to individually grant or deny all app permissions, including the system apps! Fuck you YouTube, you don't need access to my GPS or Camera! Victory at last!!!
  • Added a 'reboot' option to my power down menu, with options to soft reboot, reboot to bootloader, and recovery. (this is a big deal to me, because I hate having to use 3rd party apps to do things that the native system can handle just fine...)
  • Installed Greenify, which is a progam that seriously improvs your batter life, and system performance by forcing apps to 'hibernate' when they are not in use. And holy hell, it works great.
  • Made it so Google Maps can never ask me to turn on wifi again! No more evil world wide router mapping! #freedom
  • Update (11/27/14): Installed Xprivacy, and it is certainty interesting. This app lets you restrict what type of information apps can access without touching the permissions like app ops does. Instead, it feeds the apps bogus information. For example, if you say Youtube can't access your location, a mock (fake) location will be given to Youtube. That's powerful, but definitively something that needs to be locked down hard. I'm still figuring out what the advantages are to this over simply denying the permission to begin with. I suppose it could be a good work around for controlling privacy in situations where app ops breaks functionality. When I figure out more I'll post back.
  • Update (12/10/14) I have installed Gravity Box, which in my opinion is a must have module if you are running Xposed. It contains a large, diverse selection of tweaks that allow you to do anything from changing the color of your status bar to enabling a 'smart radio' to better manage your  device.  Also, I'd like to add that Xprivacy is awesome. I love how I can now feed apps bogus randomized information when I want to restrict a permission. It is indeed a good work around for some apps that need certain permissions when app ops will break functionality. Besides Titanium Backup Pro, this may be the only other app I actually pay for. The pro features allow you to restrict system apps as well. I think it's worth it. I rarely pay for software, but when it comes to apps that need SU permissions, it is DEFINITIVELY a case of "better safe than sorry." 
    • Unfortunatly, Xposed does tend to take up a lot of RAM (if you run a lot of modules), so I may attempt to rebuild the OS inside a virtual machine and than flash all my customizations to my phone, so that I do not need to run anything in the background.
    • Something is draining my battery pretty bad, the phone tells me it is the screen, but I can't imagine why... working on that Oh by the way, see my post about IMSI catcher detection here. There is something funny going on... cell towers don't just get up and start flying around...
    • Also, AT&T has terrible service when I go to the country. It works fine in the city and in my home, so it is not a huge deal, but I wish I could get a signal when I'm out in the middle of nowhere, like I could on Verizon. Oh well, you win some and loose some. Perhaps a Tmobile sim card would be a good investment. Will check it out and update later.
That's all I have done so far, and my phone is now doing what I want it to do, simply working with the stock ROM. This is groundbreaking stuff for people like me whom possess a device that is not officially supported by Cyanogenmod (which has all these features and more enabled out of the box).

Prerequisites of Awe
  • Either root access, or any phone with an unlocked bootloader (these tend to go hand in hand). If your phones bootloader cannot be unlocked with the OEM's consent, do some research about root exploits. Sunshine, Framaroot, and Towelroot are three that I know work on many devices running 4.4.3 and under.
  • Once you have either, you can get the other. We need the SU binary installed, and write access to the system partition before doing anything cool.
  • ICS (4.0) or later. (Update 10/27/14) This is no longer true. Xposed has been ported for Gingerbread (2.3.x) devices as well!
  • That's about it!
Enjoy!

Loose the SWAP If You Got the RAM!

Swap space is hard disc space that is used as extra RAM (random access memory) when the operating system decides it's necessary. It allows systems with low system resources to run more programs while still exceeding their RAM capacity. While that is great and all, if you have 4 + gigs of RAM and don't do anything ridiculously resource intensive like video rendering, then swap may simply be slowing you down. Unless you are lucky enough to have a solid state drive, than read/writing to a hard disc every time you call upon a program will seriously slow your system down.

On Windows systems, swap is called "page-file" or something, but it is the same concept as outlined above. I'm sure there is some way to do this in a win system, but I am not going to get into it here. If you are running Linux, then you can do a a couple very simple things to speed your system up:

Only do this if you can afford to; you should have descent system specs (4 gigs of ram and an intel core2duo is what I'm on right now). If you have less, say 2 gigs of RAM, you probably should take precautions if you attempt to tweak this:

First, let's check your swap level:


$ cat /proc/sys/vm/swappiness

You can instruct your system to use a swap less aggressively, by executing (as root) the following comamand:


# sysctl vm.swappiness=0

For whatever reason Debian systems have the vmswappiness set to 60, which is a pretty swap-happy number (on a scale from 0 to 100), so this will speed your system up considerably. If you want to make the change permanent, open /etc/sysctl.conf as root, and insert the following line into the file:


# vm.swappiness = $n
Where $n represents an integer (whole number) from 0 to 100 (I use 0) which controls how swap-happy your system gets. Even with my swapiness set to 0, occaisonally when running a lot of RAM consuming tasks (like virtual machines), my system will start swapping everything anyway, even though I have plenty of RAM. You can check your system monitor to see how much swap is in use, if any is in use, and you do not have a solid state drive, (as in my case), you can issue the following commands (as root) to disable & re-enable the swap, which also loads anything in swap to RAM and gives you a clean slate:

# swapon -a && swapoff -a
# swapoff -a && swapon -a
 (oops)

Or you can simply issue swapoff -a to disable it completely. To make things a little easier, I wrote this simple bash script to clear the swap in these situations. Place this in your $path (generally /usr/local/bin/, unless you exported another path... more on that some other time) :

#!/bin/bash
echo "I will now empty the Swap..."
if  swapoff -a && swapon a ; then
:
else
 echo "#    ! ERROR !    #"
 echo  'Damn bro, That did not work. Got root?' >&2
   exit 1
fi
If all goes well, you won't get the error message, otherwise you will (duh). This script also must be ran as root, as it needs administrative privileges. Here is one example of something that could go wrong:

root@linuxpc:~# reswap
I will now empty the Swap...
swapon: a: stat failed: No such file or directory
#    ! ERROR !    #
Damn bro, That did not work. Got root?
Since I am using an encrypted /home partition, my swap file is also encrypted. As we all know, security often comes at the price of convenience. Once in a blue moon, the system will initially fail to find the swap partition (due to linux hiding/obscuring the partition labels and whatnot), but it usually corrects itself after a little while. However, this will work flawlessly most of the time.

In conclusion, solid state drives are badass, and if you don't have one, but have enough RAM, kill the swap already!

Monday, November 24, 2014

MacKeeper Keeps You in Hell : Part I

The Situation

Today I will document the interminable, ridiculous process of removing the infamous MacKeeper Trogran. I'm working on a macbook pro 2,1. Its running Mavericks 10.7.5 and has been completely hijacked by a highly resilient piece of malware. Oddly enough, this is one of the most difficult projects I've ever taken on. Perhaps it is not so odd, considering I don't have as much experience working on Apple computers as I do on Linux & Windows PC's and Android phones. I will now document the situation:

My client has an older Macbook Pro (version 2,1). It is a pretty rugged device, and probably would be still be working great is some simple, pre-emptive failsafe measures were used. Unfortunately, (and rather incredibly, considering this is 'bugproof' Apple...yeah right) my client did not use these tools, as she is not super tech-savy, and Macs are notorious for not getting fd up, like Windows PC's do. In other words, my client purchased this computer (used, with no recovery discs), specifically to avoid these malware situations that have followed her around throughout her life.

Some of the pre-emptive measures that should/could/would have been in use are:

  • Using time machine restore points (Apple's main user recovery thing)
  • Setting basic security settings like enabling the firewall, etc...
  • Or even setting an administrative password (!!!) to lock the system down.
If that's not bad enough, there is no recovery partition present either! So here we've got a toasted, old laptop that is completely hijacked by a trogran, with no way on God's green Earth to restore the O.S. These are the procedures I have tried (with no success) thus far:

  • Removing the MacKeeper Trogran. I followed several tutorials, including this one, to no avail. I did manage to (on the surface, anyway) remove the program except it still somehow is hijacking Safari, no matter what I do.
  • Burning a Maveriks installer to USB and booting to that in attempt to wipe the system. It won't boot. This is when I started to learn about the joys of structure of an EFI boot system, and the lack of BIOS on these machines...
  • Using all of my BASH knowledge to hunt the f***er down and extract it from the root. This thing is a little devil. It changes PID's every millisecond, and seems to guess what I'm thinking before I even know myself.
  • Various built in options, about 10 hours of research, to no avail, so I...
  • Asked for help on the macrumors.com forum, and finally got some answers that made a little sense:
 ## BEGIN QUOTE-- (op)  ##  (Entire thread here)
Hi, I am new to the mac world in general and am currently trying to fix a friends macbook pro. It's an old one, the 2,1 edition:

Code:
  Hardware Overview:

  Model Name:   MacBook
  Model Identifier:     MacBook2,1
  Processor Name:       Intel Core 2 Duo
  Processor Speed:      2.16 GHz
  Number of Processors: 1
  Total Number of Cores:        2
  L2 Cache:     4 MB
  Memory:       2 GB
  Bus Speed:    667 MHz
  Boot ROM Version:     MB21.00A5.B07
  SMC Version (system): 1.17f0
There is no recovery partition and I don't have any backup disks. It is running Maveriks 2.7.5 and I cannot find a copy. I would assume Apple would help me out here because obviously the system was purchased at some point, since every new mac has OSX on it. I'm from the Linux world and am struggling despite mac's similarities to the linux kernel. I tried making a Maveriks USB flash drive with a later edition. I also have a 2008 iMac running Yosemite. Can anyone please point me in the right direction?
My friend got the infamous "mackeeper" virus and I've successfully removed it except it still hijacks Safari, no matter what I do. I need to reinstall the OS. Other people seem to have this problem too. What is the next step? Should I contact Apple or a boot disc..?

Any help would be appreciated. I can't get it to boot to a USB disc I made with my iMac. Thanks.
 ##--- post from  Nov 22, 2014, 02:53 PM -- ##
Originally Posted by linuxjustworks View Post
  • [1] What exactly is a 'faff'?
    [2] I read somewhere that "downgrading" OSX can make things messy, but in this case it should work okay?
    [3] Isn't Snow Leopard Server Edition available for free download, and could I use that? As long as I can get the computer to boot & it's secure I will be hapy. Is Snow Leopard available on a 64 bit architecture (& for free)?
    [4] So Apple will sell me a Mountain Lion boot disc for $20? That sounds like the best option, would you agree? I can do the rest as long as I can get it to boot.
    [5] Can you tell me all the different boot options? Example, I thought either 'alt' or "alt+R" is recovery, but does that vary from model to model? So holding "C" (without or with alt?) boots to opticial drive, correct?
    [6] We have no time machine backups or other backups whatsoever, or recovery partition, and my friend is fine with having to manually redownload everything. Is that ok?
    [7] Is there a service manual somewhere online for this machine? I have repaired countless Linux/Windows PC's and never had such a hard time doing things like getting into the BIOS and booting to external media, so a service manual would be very useful...

Once again, thank you for your answer. This is enough information for me to get started in the right direction. Truly appreciated.

I read your OP and you must be mixing things up quite a bit. The computer cannot be running OS X 10.9 Mavericks and not have a recovery partition. That gets installed along with the OS whether you like it or not. Same goes goes for any OS X version later than(and including) 10.7 Lion.
Thus, with no recovery partition present, the computer is most likely running 10.4 Tiger(which it originallly came with), 10.5 Leopard or 10.6 Snow Leopard.

With that said, here's your questions, answered to the best of my knowledge.

1. Not a clue.

2. That CAN be true, if you try to install it overtop an existing installation. A good rule of thumb for Macs is that you cannot install an OS X version that is earlier than the one it came with. So basically, for that computer, anything later than 10.4.X (can't remember exactly which one it was for that model) will install fine. Support for such an old computer was dropped in Lion (10.7) I believe, you should check Apple's website for that. If you erase the disk and start from scratch, downgrading OS X will not be a problem.

3. No version of Snow Leopard was ever free. Snow Leopard is a 32 and 64bit hybrid. It can run 64 bit apps even when booted in 32 bit mode. Since the computer you are speaking of can only address 3.25GB of RAM, 64 bit doesn't matter one bit.

4. Lion was a downloadable app on the App store, you cannot get a physical disc for it, there never was one. You can probably still get 10.6 Snow Leopard retail discs.

5. CMD+R is the correct keystroke, not ALT. That could be why you're not seeing any recovery. Alternatively, you can hold the Option (ALT) key (alone) during bootup to see the boot options to it. If there is a recovery partition, it will be listed there.

6. Sure. Just make sure you give a sharp whap to the back of the head of your friend for not keeping backups for me, that is just begging for lost data. All hard drives eventually die.

7. There was one that came with the machine. You will not find instructions regarding the BIOS as Macs do not have one. They've been running EFI since the switch to Intel so there isn't much you can do on that front as the EFI is locked down nice and tight.


Your friend should have recovery discs though, they are the grey discs that came with the machine. Unless he/she threw out all the packaging and its content, he/she still has them. 
##------END QUOTE------##

So, I think I have finally obtained some useful information! It appears that I have a few options, none of which are ideal...
  • Re-Purchase OSX (thanks Apple) in the form of an optical boot disc
  • Pirate it because f*** that if at all possible, considering OSX was obviously purchase at one point (you can't even buy an Apple computer without OSX installed)
  • Hire Apple to fix it. Umm nope... (why does this always lead to giving Apple more money for software that has already been paid for, and didn't even work?!?)
Naturally, choice #2 would be preferable. I don't even consider it stealing or pirating in this particular case, I look at it like breaking into the dude's house that stole your playstation so you can steal take it back. As of this moment I am attempting to burn an OSX Mountain Lion .dmg image to a USB drive. If that does not work, I will try to burning to it a DVD-R (in this case the file is 4.3 GB's, so it will actually fit on a single layer DVD, as opposed to the 5 GB + Maveriks system.

And if all else fails, I will submit and end up purchasing a recovery disk from Apple... more coming later after I see what comes next. If you have any advice for me, please comment or email me! That would be great. I'll post part II when I fix this damn thing.

Sunday, November 23, 2014

Creating a Windows/Linux Dual Boot System

Not that there is a shortage of this kind of information, but for those of you whom either cannot or will not convert from Microsucks, Windows to the awesome GNU/Linux platform, this post may help you out. Since I am currently doing exactly that, I'm going to blog the process, for the hell of it, so to speak.

Making the switch to Linux from Windows is generally pretty painless. However, there can be some minor, and irritating issues that must be addressed. In one case, the first words out of my clients mouth were "Eww I can't use Netflix?" ... Yes, you can totally use Netflix with Linux. Because Netflix depends on Microsucks Silverlight (which linux people hate), a sepperate Netflix browser must be installed. It used to be buggy, but it's come a long way. Another example of a compatability issue that has been fixed is using iPods with Linux. Yes, that is totally possible too. Again, it's just a matter of installing some extra software.

Anyway, if you want a dual boot system, you should install Windows first. If you already have Windows than you are in luck. If not, it is possible, but not really recommended to install Windows after installing a Linux system, because the ms-bootloader is a picky piece of sh**. So acquire a copy of your Windows distribution of choice (in most cases that would be Windows 7 Ultimate, because Windows 8 is a travesty), and go ahead and insert the disk into your machine. I'm not going to go into details about installing or acquiring Windows, so remember, Google is your best friend.

You should partition your hard disc during the Windows install to leave room for you Linux installation, unless you already have Windows, in which case the Linux installer can take care of that for you, but it will take a little longer because partitions must be shrunk, and that is time consuming. In this case, I am installing Win 7 Ultimate and Ubuntu 14.04 LTS on a 160 gig hard drive. The partition was be set up like this:

About 70 gigs was dedicated to Windows, and the rest was left unformatted for the Ubuntu installation. This was easily accomplished using the Windows installers partitioning tools. After booting to Windows, I then inserted the Linux Ubuntu disc, and restarted the computer. The computer was pre-set to boot to optical media if present. I manually partitioned the hard disc to give Linux about 8 gigs of disc space for swap, because this particular machine has 8 gigs of ram. a RAM/swap 1:1 ratio is a good rule of thumb. So I ended up with about 69 gigs for Linux, 8 for Swap, and the rest for Windows.

But upon rebooting the computer, it went straight to Windows. We need a bootloader to select which operating system to boot to. The natural choice is GRUB (the default Debian bootloader). For some reason it was not properly installed. So, I turned to boot repair disc! This is a very magical tool, and it flawlessly gave me the grub!

Next on the list is beefing up the security of the system. For some reason, spyware has made it even into some open source software these days. Every time I install Ubuntu on a computer, I remove the programs 'popularity-contest' and 'zeitgeist'. They do no good for anyone, and only serve to spy on you.

So, after installing Ubunut, open a terminal and do this:

sudo apt-get purge popularity-contest

And then,

ps -ef | grep zeit

Remove any packages it finds, be careful though. You can screw your system up if you accidentally purge something that is actually useful! (The two main ones are "zeitgeist" and "zeitgeist-core".) Enable the firewall:

sudo ufw enable

...and enjoy your new dual boot Win/Linux system! That's all for today.

Sunday, November 9, 2014

Locked Bootloaders Suck

Man I miss last summer. When you could root almost any Android phone with a one click exploit. Well, Motorola and many other companies have patched that up using modern encryption standards and requiring lock codes that can only be generated through their private keys. Potential dead end indeed... that kind of encryption takes a lot of computing power to break. Google is constantly rolling out OTA updates that give no new features and just patch the exploits.

Remember Google, don't be evil. Evil sucks. Well, to Google's credit, the Nexus line has allowed unlocked bootloaders all along.

With that said, where there is will, there is a way. In this case, just refuse to buy handsets that can't root. I am returning the Motorola E I just bought (sucky device anyways) and buying a GSM Google Nexus if I can find one in my price range. Because, Sunshine is right. Active roots were #solastsummer .

Wednesday, October 22, 2014

Solved Forever At Last: Overheating Laptops

If you follow this blog, you may remember I've been dealing with my computer suddenly shutting down on me, and I've had a hell of a time figuring out the cause. It turns out the problem was very simple. It was not a driver problem, it was a simple matter of the computer overheating. Certain drivers and kernels were able to mitigate the issue, but I've finally solved it once and for all. This is how I did it.

I live with a guy that is an engineer. He was on the forefront of solving these kinds of problems in the '80's, and also designed a lot of heat sinks for Dell. Since I had searched the internet high and low for a solution to my computer's problem, I have to admit I did not have much faith that he would be able to help me fix it, but I was totally wrong. I took my computer apart, and he took one look at the fan and said "That thing is filthy. Get some rubbing alcohol and qtips, and clean it out." So I grabbed some 91% isopropol, some qtips, and a vacuum cleaner. I started removing the dust from the fan blades and soon realized that there was so much dust and crap stuck in the fan that it was about an inch deeper than I thought, and after it was cleaned I could stick a qtip in between the blades and hit the bottom, where before I thought that the dust was part of the fan blades. I swabbed out dust, stuck a vacuum cleaner right on top of the fan and sucked out tons of crap, and repeated until it was all gone. Then I turned on the computer, wrote a temperature monitor script, and ran as many programs as I could as once. The processor has not gotten above 50 degrees Celsius since. Prior to that, the CPU was running at about 75 even when it was idling, and the computer would overheat after any of the 6 sensors went above 91. Problem solved. So next time your laptop overheats, just look at the fan from the inside and do what I just said. You will extend the lifetime of your computer by years.

anon@linuxpc:~$ sensors
acpitz-virtual-0
Adapter: Virtual device
temp1:        +16.0°C  (crit = +108.0°C)
temp2:        +37.0°C  (crit = +105.0°C)
temp3:        +46.0°C  (crit = +108.0°C)
temp4:        +45.0°C  (crit = +105.0°C)
temp5:        +20.1°C  (crit = +108.0°C)
temp6:        +30.0°C  (crit = +110.0°C)

coretemp-isa-0000
Adapter: ISA adapter
Core 0:       +47.0°C  (high = +105.0°C, crit = +105.0°C)
Core 1:       +45.0°C  (high = +105.0°C, crit = +105.0°C)

Sunday, October 12, 2014

OpenVPN-- Creating a Secure Portal to a Private Network With NO Port Forwarding!

If the title of this post got your attention, you are probably well on your way to building your own insane digital empire. OpenVPN is key here, and it's awesome, free, and open source (of course!). Us *nuxers are pretty familiar with Virtual Private Networks and the security and convenience that they provide. Many of us have several different VPN's (at least I do) running on different servers across the globe. This allows one to have multiple virtual identities, and in turn to keep the prying eyes of the NSA just that much more confused when they try to track us down. It also obviously allows you to be on the same private, secure, and (virtually) local network as another machine you may with to access.

Of course, out of all the networks in you arsenal, the one that you ought to be most concerned about is your home network. Now, if I had the money, I would set my Verizon Cable Modem on fire, purchase a secure modem to replace it, and another access point, a network bridge (to allow incoming connections to my home server but not the rest of my home network) a Raspberry PI with two Gigabit ethernet ports (running IPCop) to act as a firewall, and God knows what else. THEN I could safely run yet another ovpn network from my home. But I really don't want to deal with all of that... which is why I use openvpn to begin with.

Okay, let's back up a bit: So, I have a server at home, and it is acting as maybe a  media server, home-security system control panel, and maybe some other stuff that you do NOT want accessible from the outside world. But what if I want to be able to access this server when I'm on the road? Well, I could open up a port on my crappy spyware-infested Verizon router, but that would not be very secure because it only has a stateful firewall, and these days you need a firewall capable of doing application-level-inspection if you are going to allow outside access to a secure network (like the one at home). So that idea is out...

Today I discovered a solution. I simply connected my home server as a client to one of my remote VPS server's VPN's. I had to tweak the server configuration to not route all of my home servers traffic through the VPN, because that would make my home server useless while I am at home. Then I configured the IPTables on the home server to allow access to http, ssh, ect over the VPN... and eureka! The server is now accessible, remotely, via my remote VPN, and there are no open ports on my home network! Fucking right.

Saturday, September 27, 2014

SSH Port Forwarding Magic: Dynamic Port Forwarding Managment Script

For those whom are "in the know", you can skip reading this section. If not, then I am about to reveal an awesome secret to you. SSH stands for "Secure Shell" and is something that Linux users use everyday. It's pretty freaking badass and it's got lots of tricks up it's sleeve that many are not aware of. Okay, let's backup:

SSH (a secure shell) is a protocol to remotely, and securely access and control a *nix system. For instance, when I am maintaining my web server located in Switzerland, I don't travel to Switzerland to do so, I just access the server via SSH. But, what if I actually am in Switzerland and want to listen to some music on Pandora?

I'm going to get a "restricted" message, and no music, because Pandora (for whatever reason) only allows users with a United States IP address use their services. So, what to do about it? Well, one of my favourite things about SSH is that you can turn it into a quick, secure, and effective proxy server!

ssh -C -D 8080 user@host 

If you have a computer back home in the United States, then you can simply set your browser proxy settings to localhost:8080 and you can now listen to your music!

Okay, this next section is not for newbs. This is a script I wrote this morning to manage ssh port forwarding. It gives you the option of either:

1) Simply connecting to a shell,
2) Get a shell, but with port forwarding enabled,
3) No shell, just port forwarding, and runs as a daemon (in the background). This option also disables command execution for security reasons, because if you only need a proxy and not a shell to begin with, why risk it?

Enough explaining, here is the script:
###########################################
##  SSH Port-Forwarding Manager          ##
##  Author Chevis Young                  ##
###########################################
## Toggle SSH Port Fowarding:on, off, or ##
## as a silent daemon in the background. ##
###########################################

#/bin/bash
##Define Constants (ssh variables)  ##
SUSER=user     ##unix username
SHOST=host.example.com    ##remote host
SPORT=2222     ##ssh port
LPORT=8080     ##local port to forward
IDENTF=~/.ssh/id_rsa_whatever   ##identity file if needed

OPTIONS="Shell Proxy Daemon Quit"
select opt in $OPTIONS; do

if [ "$opt" = "Proxy" ]; then


echo "Shell with port forwarding requested, Set browser proxy settings to localhost:$LPORT socks 5"
ssh -i $IDENTF -p $SPORT -C -D $LPORT $SUSER@$SHOST

elif [ "$opt" = "Shell" ]; then

echo "No Port Forwarding Requested, executing shell..."
ssh -i $IDENTF -p $SPORT  $SUSER@$SHOST

elif [ "$opt" = "Daemon" ]; then
echo "Daemon mode requested, Set browser proxy settings to localhost:$LPORT socks 5"
ssh -i $IDENTF -p $SPORT -f -N -C -D $LPORT  $SUSER@$SHOST

elif [ "$opt" = "Quit" ]; then
echo Goodbye
exit


else
echo

echo -e "
  #################################################
  ## OPTIONS:                                    ##
  ## 1 Shell: Just give me a shell!              ##
  ## 2 Proxy: Shell+Port Forwarding on $LPORT.   ##
  ## 3 Daemon: No shell, just a proxy on $LPORT. ##
  ## 4 Quit!                                     ##
  #################################################"
fi
done

Tuesday, September 9, 2014

Yes Pandora, I'm still f*cking listening!

Do you want to know a secret? Pandora radio is awesome, and it's used by a many people. But, over time Pandora has added annoying disfeatures such as asking if you're still listening, and playing advertisements. Nothing breaks the mood of music like a radio commercial... it just messes up the vibes. Of course, you can pay a fee and avoid all that, or you can do this:

I stumbled across this line of  javascript a while ago, here is the source and authors page. I can't remember the author but I love it. Copy and paste this as a bookmarklet, and save it. Visit pandora.com, wait for it to load and start playing, and click the bookmark.

javascript:var%20imListening%20=%20function(){$('.still_listening.button.btn_bg').click();setTimeout(imListening,1000);return%20true;};%20if%20(imListening())%20alert('Thanks%20for%20listening!');

It will automatically click "Yes, I'm still listening." It's great, you get endless streaming music. However, you need Firefox, because the other half of the equation is Adblock Plus, a Firefox extension.  Addblock Plus blocks all of the advertisements on Pandora. So, you get the benefits of paid Pandora for the price of nothing, which is the way it ought to be. No commercials, endless music. Enjoy.

Tuesday, September 2, 2014

Dogecoin revisited... Such Currency... Wow.

Ah, dogecoin... where to begin? Many transaction, much worthless, such awesome. Doge is currently worth $0.14 per 1,000 coins. At its peak last December, it was worth around $400.00 per 1 coin. It was one of biggest pump and dump schemes ever. Wallstreet was claiming Bitcoin would reach $98,000 per coin within a year, ironically around the same time that they were getting in on it, and the price went up to $1200 per coin. Litecoin reached $45 per coin, and the future looked bright for scrypt miners... And then the FBI's two years worth of hard work paid off (at a cost of millions of dollars, I'm sure) , and Silk Road was shut down for about 3 weeks before SR2 popped up (with new features, improved security, and cheaper drugs), thus rendering the feds efforts useless. Not to mention the plethora of darknet markets to spawn since... should have left DPR where he belonged.

Right, so with SR1's fall, BTC suffered as well. Litecoin is now worth maybe $5 a coin, and the mining difficulty is stupid high, so ordinary people cannot partake. But what about Dogecoin? The difficulty is still low, but then again; the price is lower. I tried CPU mining doge for a few days and in the end earned nothing. I suppose if I purchased one of those scrypt miner ASIC's I could return a profit, but I'm not even sure if the Dogecoin developers take their own thing seriously.

Lately I've figured out that mining coins today is for suckers (or billionaires), but trading various crypto-currencies can be very profitable. I've made ~ $30 in the last three days by purchasing random whatever coins (Maxcoin, Primecoin, Darkcoin, ect) and watching different exchanges for high buy offers. If you explore the smaller coin exchanges, you'll often see buy orders for 2 or 3 times what the coin is currently worth. So, I just keep a small amount of bitcoin in a couple different exchange accounts, buy whatever-coin when it's low, and then sell it when some ignorant fool is looking to spend more for the coins he's trying to buy. Think of it like being the exchange middle-man. I spend 10 minutes looking for a high bid on (for example) the unfortunately named PPC (peercoin), and buy some at whichever exchange it's cheapest at, and then send those coins over to the other exchange, make the sale, and finally convert the prophits back into... Bitcoin!

I'm not going to give away my real money maker sites, but I will tell you that you can buy cheap alt-coins at cryptsy.com and bter.com. I can confirm that these two exchanges are legit and won't steal your money. I leave it up to you to find other exchanges to sell the coins for profits. Happy trading.

Wednesday, August 27, 2014

My Lame Dogecoin CPU mining experiment...

With all these new cryto-currencies popping up, I just had to try it. I figured I'd try to use all the extra CPU power in my arsenal of extra unused laptops, servers, unused VPS's, ect, to mine some altcoin (alternative cryto-currency coin). What's the worst thing that could happen?

I really wanted to mine Litecoin, because it's the most valuable second to Bitcoin. Well, it did not take long to figure out that the difficulty on the LTC network is just way too high to ever bother with CPU's again. Next I tried Dogecoin, which is one of the newer ones, and is not worth much. It started as a joke and for some reason got popular and is worth like $0.00002 per coin. I put my really powerful 8 core VPS server to work, along with my unused compaq laptop (dual core amd, useless Nvidia card), and a couple 2ghz cheap VPS servers. I mined in a pool for 2 days and accumulated 30 dogecoin, which is approximately equal to $0.00... (10,000 doge is worth about a $1). During that time the plastic on the bottom of my cheap compaq started to melt from heat, so I had to put it next to my window fan. Then I received an angry email from one of my VPS providers complaining that my CPU had been at 100% for 3 days straight, and told me to stop mining. I pulled the plug on that one and installed cpulimit on my other two VPS's, and set it to only use 75% of the CPU so maybe they would not notice. After two more days of this nonsense, I realized I could trade .005 BTC (worth about $2 or $3) for 21,500 dogecoin. I did that, and shut down all my miners. All in all, I mined about 40 dogecoin, and then realized that the pool would only let me cash out at least 150 at a time, and charge a "50 doge 'transaction' fee." ... pointless.

Well, hopefully the price of dogecoin skyrockets (dubious, but possible). What will I do with them in the meantime? Well, they can be used as bounty rewards for getting answers to questions on Reddit! I don't know, I just had to buy them so I could stop compulsively burning out CPU's for nothing.

What next? Well there's this new really interesting coin, Darkcoin, which is supposed to be an anonymous coin, claims it's 'darksend' feauture fixes some of the problems that Bitcoin has with transactions being easily traced on the blockchain. Not to say that you can't be anonymous with bitcoin, you can be with ease, but it does take some effort and knowledge. Anyway, I'm trying to figure out to mine that. It's supposed to be a good CPU candadite, and if darksend is what it's supposed to be, that coin could have a future. Who knows.

Wednesday, August 20, 2014

HP Probook Random Shutdown Update

In my last post I talked about a possible fix for the HP Probook 45xx random shut-down issue. Basically, the computer would shut down randomly, and I was unable to determine the cause for some time. I suggest updating the graphics drivers, as Intel now offers open source driver support for Linux users.

Although the driver update did help, it turns out that the issue was not entirely fixed. About a week after that blog, it started happening again, albeit less often. I've probably had about 12-15 random power-off's since then. I realized that it happens when performing resource-intensive tasks, in particular graphics related tasks. So this led to me to back to the graphics drivers. It turns out the Intel driver is tainted:

anon@linuxpc:~$ dmesg | grep taint
[    2.134771] drm: module verification failed: signature and/or  required key missing - tainting kernel
[    2.135831] drm: module has bad taint, not creating trace events
[    2.158791] i915: module has bad taint, not creating trace events



I then realized that my computer has been running a lot hotter than it was a couple months ago when I first acquired it, so I started monitoring the temperature while doing different things. As it turns out, when playing high definition video via Adobe Flash, things started to get really hot, with both processor cores running at 80 degrees Celsius, and the power supply running at about 90C. I figured that the computer was probably simply shutting down due to overheating, as every HP computer I've ever owned had that problem at some point.

Since I don't have any duster cans lying around, I grabbed my trusty little Phillips-head and a vacuum cleaner, then got to work. Following standard procedure, and the service manual , I took the computer apart and simply vacuumed all the dust out of the heat-sink, motherboard, and everywhere else I could see dust. If you attempt this, please be careful and be sure to ground yourself to protect your hardware from static electricity. This I accomplish by wrapping a copper speaker wire around a screw and sticking it into an outlet ground, and then wrapping the other end around my wrist.

After the vacuum treatment, I monitored the temperatures while performing various resource intensive tasks, and the temperatures of either core never got above 60 degrees C, and every other sensor was much lower than it was previously. Here is the current output of sensors:

anon@linuxpc:~$ sensors
acpitz-virtual-0
Adapter: Virtual device
temp1:        +16.0°C  (crit = +108.0°C)
temp2:        +54.0°C  (crit = +105.0°C)
temp3:        +50.0°C  (crit = +108.0°C)
temp4:        +48.0°C  (crit = +105.0°C)
temp5:        +26.2°C  (crit = +108.0°C)
temp6:        +45.0°C  (crit = +110.0°C)

coretemp-isa-0000
Adapter: ISA adapter
Core 0:       +51.0°C  (high = +105.0°C, crit = +105.0°C)
Core 1:       +48.0°C  (high = +105.0°C, crit = +105.0°C)


Definitively in the normal range again! I really hope that this solves the shut-down problem for good. I'll update again in a week or so. By the way, I think it's better to use a vacuum cleaner rather than compressed air, because I once wrecked a computer using duster. All it did was blow the dust further into the internal components, making the problem worse. A vacuum does the opposite. Perhaps this method will become the preferred method for minor dust removal. Happy hacking!

Friday, August 1, 2014

HP Probook 4510s/Linux-- Random Shutdown Fix

I recently aquired an HP Probook 4510s from a friend. It's a couple years old, but it's pretty solid businesslike style laptop, and in my experience business computers tend to be very reliable, despite that most companies will ditch them after only 3 years. This computer originally came with Vista (yuck), and my friend had been running Ubuntu 12.04. Although this model was offered with OpenSuse Linux as well, it seems that there were intentional bugs in the bios, so it would work almost run perfectly on Linux. I say intentional because that's what I've deduced from examining the ACPI tables that the bios gives Linux, and it collaborates with research I've done as well.

When I first received the computer, I had problems with the machine randomly shutting down on me. (I updated it to Ubuntu 14.04). It was not overheating, and upon examining the dmesg logs I was unable to determine what the cause was, except that I kept seeing messages warning me that the bios was broken, and telling to find an ACPI driver. The random shutdowns are seriously irritating, and eventually the hard disc fried on me, so I had to replace it. I bought a new battery, after doing God knows how many software adjustments, and the issue seemed to have resolved, so I attributed it to a bad battery. However, that is not the case.

I recently reinstalled the OS in order to have an encrypted disk setup with LVM, and to put Ubuntu Gnome on it because Unity sucks and the code is cleaner, the system is less glitchy, and the CPU idles around 5% vs 16% running Gnome over a Unity install. But then the random shutdowns started to happen again! So I set out to figure out which software configuration had fixed the problem. I think I found the solution.

This device has an Intel chipset, with a Core2duo processor and Intel integrated graphics processor. There is now an open source tool available from Intel for identifying and upgrading your graphics driver. This is pretty ground-breaking stuff, because although Intel has always been nicer to the open source community than say, AMD, it's still a rough road when you have driver problems with Linux, as you are often left at the compete mercy of the hardware OEM. But Intel is getting with the times. Anyway, I believe that upgrading the GPU driver fixes this problem! Upgrading the bios did not fix it, and the only drivers I've updated have been the GPU. It's been 7 days since I did the reinstall, and about 4 days since I updated the intel driver's again, and I have been running random shutdown free!

I hope that this helps someone. Please do not go back to Windows because of these issues, leave me a message or check the forums and either I or someone will help you. Going back to Windows is exactly what Microsucks wants people to do. I say f--- that.

Sunday, July 27, 2014

Rediscovering fire...

I bought like three lighters recently and they've all been BIC'D, so I had to figure out a way to get flame from an old dead lighter. Maybe this information will help someone, somewhere.

You need:

-A dead lighter, it only needs a working flint.
-Cotton. I used Q-Tips. (Maybe they'll sponsor me.)
-A piece of dry wood and something to cut it with, like a knife.

Process:

1) Grab a qtip and pull the cotton on one end out, so its really thin and frayed. We need loose fibers, so they catch on fire easily. Then cut a thin long strip wood, like a match, also so that it catches aflame easily.
2) Grab your dead lighter, remove the top piece and safety so that the flint is fully exposed.
3)Hold the frayed cotton right next to the flint and strike the flint repeatedly until the cotton catches on fire. the second it does, light the piece of wood on fire. Hold it upside down so it keeps burning.

And for a few seconds, you've got flame!

Wednesday, July 23, 2014

Resetting the Net: Make the Adversaries Life Harder

Resetting the Net: Make the Adversaries Life Harder

Yesterday When this post was written, it was "Reset the Net" Day, and system administrators, web-masters, and ordinary internet users alike took steps to encrypt their data and keep there personal lives... well, personal. Today, massive online spying is becoming the social norm. Many people assume that everything they send over the internet can and likely will be intercepted by people like the NSA, and that there is little they can do about it. But there is actually a lot that you can do. To get you started in the right direction, I will explain some of the steps I have taken to harden my internet security.
Use Tor or a Secure VPN
The Tor network is one of the best ways to remain anonymous online. I'm not going to get into how it works here, however there is a thorough explanation of Tor's magic here. Yes, Tor is slow and not always convenient to use. That's why I only use it when I'm feeling really paranoid. For most of my other online activities, I use a virtual private network (VPN). VPN's tunnel all of your computers internet traffic through another server, located somewhere else (preferably on the other side of the Earth in a politically neutral country). Although a VPN does not give you nearly the anonymity that Tor does, it provides you with very powerful end-to-end traffic encryption. Our traffic remains encrypted until it exits the VPN server in (for example) Switzerland, then continues to it's final destination. We don't care what Switzerland thinks about our web browsing habits, and they aren't interested, so it's a win-win. A great VPN service with servers in many different geo-political regions is PrivateInternetAccess.com.

Use Open Source Software

It's amazing and sad to me that 90% of personal computers still run Microsoft Windows when there are so many better (and free) options out there. Consider making the switch to Linux, you will be happy you did. However, there's still ways to securely use a Windows system. Consider installing Pigdin Instant Messenger, which allows you to use encrypted instant messaging on services like Facebook Messenger or Google Talk. Use an open source browser like Firefox. Open source=people can read the source code=the software has been scrutinized by thousands of security-minded developers, so you can be pretty sure there are no back-doors/gaping security holes.



Be Smart

Be careful what you send through email. Unless you are using encryption, assume anything sent through email can be intercepted. In fact, assume anything sent over the internet can be intercepted. Therefore, it is best to send as little personally identifying information over the internet as possible, even when using Tor. Install the browser add-on HTTPS Everywhere, which will force use of https whenever available. Pay attention to the warnings that your browser gives you about unverified connections. If an https certificate cannot be verified, either the site you're visiting has not registered it, or you are the victim of a Man in the Middle Attack.

Knowledge is Power

Learn about how technology works so that you can better make educated decisions about your online activities. It is helpful to have a basic understanding of Internet Protocol and Public Key Encryption.
If you are tech savvy, you can configure your own VPN server by renting a cheap VPS somewhere and installing openvpn-server. I recommend Digital Ocean for they're outstanding record of reliability, ease of use, and versatile choice of platforms.

Edit: fuck that. They're great for convenience, but for some reason, I just don't trust them anymore. Find an overseas vps and pay for it with mixed up bitcoin.

If you already administer a VPN, rotate your keys right now, and use a 2048 bit 4096 bit d.h. key. One other thing i did today was configure my own Firefox sync server. Since I use many different computers, I like to have my browser data synced. However, I don't want my browser settings stored on a server that I do not control. It turns out that it's pretty simple to configure your own sync server. Now I can keep all my bookmarks and settings in sync without using a 3rd party server, which makes me feel a lot better.

Security Tips for Administering a VPS



The internet is kind of like the wild west. Everything is fair game, there are seldom consequences to anything, and when it comes to sever security it's every man for himself (unless you pay someone to manage your server). Recently it seems that a lot of people are starting to buy their own vps (virtual private server), so there are going to be a lot of people looking for security solutions. Here is some advice I've gathered from my experience as a system administrator.

The golden rule of internet security is to keep a low profile. For example, don't leave port 22 open to the whole internet, even if you have ssh secured with a 4096 bit RSA key. In fact, don't use port 22 at all. Ever. It's like putting a sign on your server that says "hack me". When attackers scan the internet for targets, they use tools like nmap. Nmap by default scans the 1000 most commonly used ports. By avoiding using and filtering those ports you will save yourself a lot of trouble. Notice I said "filter" and not "close". When a port is closed, it sends a reply saying so when someone tries to access it. A filtered port does not acknowledge the request, so you can't be sure whether it's open or closed. It's a good idea to keep the default incoming policy to filtered, as is the standard setting on Linux UFW.

If you are running a web server you are probably going to want to use the default port 80 or 443 (https), so you want to make sure Apache, or whatever you are using is as secure as possible. One thing that I think is really important is to disable CGI if you are not using it. If you are running Debian/Ubuntu than that's as easy as commenting out the cgi bin alias in your main configuration.

#ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
#<Directory "/usr/lib/cgi-bin">
# AllowOverride None
# Options +ExecCGI -MultiViews
# Order allow,deny
# Allow from all
# </directory>

Doing this will prevent people from trying to execute arbitary code on your server. Another things that is cool and very secure is Openvpn. Set up an openvpn server and run it on a random high port like 61500. Use TLS authenification and strong key bit strengths. Then configure your firewall so that ssh or any other administrative/personal services are only accessible from the vpn netmask. This way in order to hack your server you would have to crack the vpn AND the ssh keys, quite a task even for a resourceful, seasoned hacker. Another bennifit here is that if you use UDP for your vpn and close all outside ports than chances are that nobody will ever find that one UDP port because UDP scanning is rare and takes forever. 99 out of 100 times it's TCP ports that they're looking for. Lastly, openvpn is really, really secure!
Of course this is just the tip of the iceberg, but these are some good tips. The good thing about linux is that it rarely will allow anything bad to happen without your consent. So, don't allow root login via ssh, for example. Log into another account, then log in to root if you need to. Close off every port that is not totally necessary for your server to operate. Think blackout zone over London... if they don't see us, they won't bomb us.