Tuesday, April 26, 2016

Fixing: error reading existing .Xauthority

Recently I stumbled across a strange issue. I was performing a headless install of my Raspberry Pi.
After enabling ssh connectivity, I was looking into vnc setup that would allow me to use graphical interface.

As it turned out, installed version was minimal Raspbian and LXDE was missing. So, I wanted to install LXDE on my pie, but mistakenly I ran the command on my Ubuntu.

Since the installation of LXDE was done with sudo command, this ended up changing the owner of the .XAutority file to root. This did not cause any effect immediately, as I assume that .XAuthority file is read only once, before the application startup. But after next reboot, I was not able to log into the Unity desktop, and it used to throw an exception, error reading existing .XAuthority error.

The next thing that I did was to login via tty and inspect the .XAuthority file. I noticed that the owner of the file was now set to root. I switched the owner back to my user. Surprisingly this did not work immediately and I had to reboot my machine to get GUI working.

To summarize, if you face this issue:

  1. Verify that you are the owner of .XAuthority file.
    • For this you will have to log in via tty, which can be done by pressing ctrl+alt+F{2-6}
    • This would bring up a text console and bash would work here.
  2. If the owner of this file is not set to your user and set to root, reclaim the ownership for your user. This can be done with chown command.
    • sudo chown user:user /home/user/.Xauthority
  3. Reboot.
Hope this helps!



Thursday, November 27, 2014

Let's do some crypto!

One of the more famous and widely used application of computer science is a cryptography. Idea behind core cryptography is fairly simple, keep my message secret.

The modern day cryptographic infrastructure as we know it, is mostly broken. The central idea behind this series is to make readers aware of these issues. The best way to do that is to actually break these systems. In this and the series posts that will follow, I will demonstrate attacks on different algorithms due to simple implementation errors or design issues in the algorithm itself.

This series is greatly inspired by Matasano Crypto Challenges. I strongly encourage you to go and solve them first, if you are looking for real action. I will be using those challenges as a reference. keep in mind that this work is strictly for educational purposes only.

Enough of the disclaimer and introduction, let's start!

Some words that you should understand 'out of the box'.


1. Plaintext: 'This is plaintext'.

2. Ciphertext: We operate on plaintext, and encrypt it.

3. Keys: Keys are the secret information that we use to restore ciphertext to extract meaningful data.

4. Keyspace: Collection of all  possible keys. Rule of thumb, size matters. Bigger the better.

5. Alice, Bob and Eve: Alice and Bob try to communicate, and Eve tries to listen. Pun intended.


Next post is on different ways of text representation, brush up your python skills. If you are not experienced in python, well don't worry I will teach you.


Credits:
Matasano Crypto Challenges.






Wednesday, July 9, 2014

Terminal Tricks : Cowsay and Fortune

When you start terminal, your operating systems runs few scripts to load your settings and initialize your terminal environment.

One of these files is ~/bash.bashrc .

You can edit this file to customize terminal to suit your needs.

We will be using two applications :

1. Cowsay

sumit@teardrop:~$ cowsay sumit
 _______
< sumit >
 -------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

Cowsay draws a nice cow on your terminal with the dialog box of the text that you have as input.

2. Fortune

sumit@teardrop:~$ fortune

Sheriff Chameleotoptor sighed with an air of weary sadness, and then
turned to Doppelgutt and said 'The Senator must really have been on a
bender this time -- he left a party in Cleveland, Ohio, at 11:30 last
night, and they found his car this morning in the smokestack of a British
aircraft carrier in the Formosa Straits.'
  -- Grand Panjandrum's Special Award, 1985 Bulwer-Lytton
     bad fiction contest.

Now when we pipe output of fortune to cowsay :

sumit@teardrop:~$ fortune | cowsay
 ______________________________________
/ You will remember something that you \
\ should not have forgotten.           /
 --------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

This looks fancy. Now add this to bottom line of you ~/bash.bashrc file. If this file is absent, then create one in your home folder. Every time you run terminal, you will get a cow with fortune for that run.

Check this youtube video for demo. 

Saturday, November 23, 2013

Fixing : The Eclipse executable launcher was unable to locate its companion shared library

After upgrading from Ubuntu 12.10 to 13.04, I had this problem.

As it is usual case with eclipse "eclipse.ini" was the point of issue. 

This file can be found in /etc/eclipse.ini

Here are the contents my eclipse.ini file:

####################################################################
-startup
plugins/org.eclipse.equinox.launcher_1.2.0.dist.jar

--launcher.library
plugins/org.eclipse.equinox.launcher.gtk.linux.x86_1.1.100.dist

-showsplash
org.eclipse.platform

--launcher.XXMaxPermSize
256m

--launcher.defaultAction
openFile

-vmargs
-Xms1024m
-Xmx1600m
-XX:MaxPermSize=1024m
-Dorg.eclipse.equinox.p2.reconciler.dropins.directory=/usr/share/eclipse/dropins 

####################################################################

So first test was to check existance of org.eclipse.equinox.launcher_1.2.0.dist.jar

and org.eclipse.equinox.launcher.gtk.linux.x86_1.1.100.dist on system. 

Upgrade replaced these files with newer versions. 
  
So fixing this issue was as simple as changing names of these files to match newer version. 

New contents my eclipse.ini file

####################################################################  

-startup
plugins/org.eclipse.equinox.launcher_1.3.0.dist.jar

--launcher.library
plugins/org.eclipse.equinox.launcher.gtk.linux.x86_1.1.200.dist

-showsplash
org.eclipse.platform

--launcher.XXMaxPermSize
256m

--launcher.defaultAction
openFile

-vmargs
-Xms1024m
-Xmx1600m
-XX:MaxPermSize=1024m
-Dorg.eclipse.equinox.p2.reconciler.dropins.directory=/usr/share/eclipse/dropins 

######################################################################  

Wednesday, November 6, 2013

Configure apt-get to work from behind the proxy server

I have divided this tutorial in three parts.

In the first part we enable proxy authentication for all bash commands.
In the second part of this tutorial, I will describe the procedure for enabling proxy authentication for aptitude package manager or famously known as APT. 
The third part deals with bit of security and gives more insight of the chmod command. 

Part I: Edit bash.bashrc.

bash.bashrc is configuration file for the bash shell. There are lot of ways in which you can customize shell experience using this file. For editing bash.bashrc you need to be root. Run following command to open this file with root privileges

$ gksudo gedit
You will be asked to authenticate, enter password for the admin account. 
Now from gedit open /etc/bash.bashrc and add following lines at the end of this file

Export http_proxy = http://username:password@proxyserver:port/
Export https_proxy = http://username:password@proxyserver:port/
Export ftp_proxy = http://username:password@proxyserver:port/

where <username> is your username and <password> is your password. 
For example:

Export http_proxy = http://sumit:password@10.10.1.1:3128/
Export https_proxy = http://sumit:password@10.10.1.1:3128/
Export ftp_proxy = http://sumit:password@10.10.1.1:3128/
Save this file. 

Part II: Edit apt.conf 

As you might have guessed, apt.conf is configuration file for APT. Once again run gedit in root mode
using 

$ gksudo gedit

From /etc/apt/ open apt.conf file. 
[Depending on your Linux distribution this file may be absent in that directory, in which case you should create new file and save it as apt.conf in /etc/apt/ ].

Add following details to this file:

Acquire::http::proxy "http://username:password@proxyserver:port/";
Acquire::https::proxy "https://username:password@proxyserver:port/";
Acquire::socks::proxy "socks://username:password@proxyserver:port/";
This should get APT working on your system. But as you may have already noticed that these two files are stored as a plain text and anyone can open and read these files. To prevent this threat you can use chmod which stands for 'change mode'.

Friday, November 1, 2013

Repack packages [Generate installation files from installed applications]: Ubuntu [Debian]

There is a way to repack installed packages from Ubuntu, so that the same package can be used to install application on other systems as well. Packages are nothing but installation files. Usually we end up downloading these packages for every new installation, in this post we will discuss how to avoid that.  

1) First of all we need to install fakeroot.


"Fakeroot" simulates the root environment for execution of commands which require root privileges otherwise. 

2) Install dpkg. dpkg is a package manager for Debian.


3) Now next step is to repack the package.
This script requires 'package name' of application/library to repack. Usually name of packages and applications/libraries are same, but this is not true in every case. For example consider opencv which is collection of many libraries.

Package name can be confirmed using following command.


Having done that use following command to repack.



Entire Backup

The procedure explained above is good only if you need backup of select applications. To repack entire system you need better strategy since typing name of every single package is not that good idea. 

So to begin with, we first of all generate a list of installed packages and store that output to a text file.


The output file contains a list of packages. Every row begins with the name of package and the status of that package. We need to remove all the packages which are marked as deinstall from the list. For this you can use simple search and replace. 

Next step is to reformat this output file so that is can be as a bash script.  Delete all the occurrences of word "install" and remove all new-line characters from the file. Add "sudo fakeroot dpkg-repack " at the beginning of file and save this file as backup.sh . Change file permissions to make it executable and execute backup.sh from terminal. This will generate Debian packages for all the listed package names. 
The script should look like this,



Sunday, October 27, 2013

Backup your router settings: D-Link [ DSL-2730U] and Restore

BACKUP

1) Log In: [192.168.1.1] [DEFAULTS - username: admin , password: admin]

2) Click on the 'Management' tab:

3) Click on the backup settings and save this file. This config.xml file is snapshot of your current settings. You can use this snapshot to restore settings of your router.
Along with this config.xml file you should store your current admin password[192.168.1.1], current name of the wifi network and password for this wifi network.

To capture all this information you can use following template for naming backup-file.
<Name_of_wifi>_<password for admin>_<password for wifi>.xml
e.g. TC-45G_admin_default

So when you restore settings of router, you know that you should connect to network "TC-45G" using password as "default" and for configuration you should use [192.168.1.1] "admin" as a password.

I will suggest you to disable mac address filtering before taking backup.


    Disable Mac Address filtering:      1) Click on the advanced tab.

 
     2) Click on Mac Filtering, and disable Access Control Mode.

RESTORE 

1) Log in to 192.168.1.1 using current password.

2) Click on management.

3) In the section system update settings-> "choose file" and select you backup file.
    Say update settings.
    This will reboot you router, and restore settings from selected snapshot. Now you can use your old      password to connect to this router.