0

Genymotion and libhoudini.so Error

-

I recently started using Genymotion for emulating an Android image so I could test an app.  To install the app I simply dragged and dropped the apk file into the running Genymotion VM of the phone.  But for some reason the app just kept crashing with the error “unfortunately, your application has stopped”.

Running the following gave me a ton of output but this was what was the relevant bit:

$ adb -e logcat

java.lang.UnsatisfiedLinkError: Cannot load library: load_library(linker.cpp:750): library “/system/lib/libhoudini.so” not found

What in the world is libhoudini??? Some googling brought me to this post.

According to this I needed an ARM translation library so the app still thinks it’s running on an ARM processor (which it isn’t because it’s running in x86 Virtualbox hypervisor).  Simply drag-n-drop the ARM translation.zip file into the Genymotion VM and boom, you should be good to go!

0

Setting up a Windows 7 Kernel Development Environment

-

If you are writing some Ring0 (or privileged mode code), say something like device drivers in Windows you’d probably be better served with a separate development machine and a deployment machine. This helps you to write poor code and still not lose hair because your development machine blue screens! 🙂

My setup was using a Windows 8.1 development machine and a Hyper-V based Windows 7 machine for debugging. You will need to execute different tasks on the “guest” (Hyper-V based Windows 7 virtual machine) and some other tasks on the development machine.  I followed many of the things from the MSDN blog post here

On your guest machine you would want to setup a named pipe and setup debug settings. To do that this is what you need to do:

Setup a virtual com port in the Hyper-V Settings (File -> Settings) , this port will be used to communicate from the host machine to the guest to communicate the Kernel debugging commands.
Untitled

 

Now make sure that your target guest machine is configured to “listen” those commands.  Inside the guest VM, start a command shell (cmd.exe -> Run as Administrator).

Untitled2

 

Configure the bcdedit commands so that the machine can now be debugged.  Right after the 2nd command, reboot your Virtual Machine.

Untitled3

 

With the VM now configured to listen the debug commands via the COM1 port, and the debug mode on in the bootup settings, now start the WinDbg x64 on the host (using “Run as administrator”; you need administrative privileges for communication via Serial port).  In your kernel debugger on the host or the development machine (I’m assuming that these are both on the same physical hardware here).  Click on File -> Kernel Debug and you should see the following screen in the WinDbg window:

Untitled4

Hit Ctrl+Break or Debug -> Break and you will see something like this:

Untitled5

Just remember that when you break in the debugger, your guest in Hyper-V should become “unresponsive”.  The only thing is that it is not really unresponsive, its just being debugged.  Just to make sure, that you have the symbols package that is quite useful for debugging run the following command:

!process 0 0

If you see something like the following screen show up:

Untitled6

The following error means that the symbols are not defined.  Symbols help the debugger give more information about the commands that you are going to execute in the debugger.

**** NT ACTIVE PROCESS DUMP ****
NT symbols are incorrect, please fix symbols

To fix this, use the following commands:

kd> .sympath SRV*c:\symcache*http://msdl.microsoft.com/download/symbols
kd> .symfix
kd> .symfix c:\symcache
kd> !sym noisy
kd> .reload /o

Then again try the command: !process 0 0 and see if you get a good response.  A good response looks like the following:

Untitled7

With this you should be good to go! Happy debugging and writing cool Ring0 code.

 

 

0

Packet Forgery

-

In the past few days, coincidentally I’ve been thrown into situations where packet forgery has been required. So I thought it’ll be a great moment to enumerate some good options that network or security professionals have. The basis for most of these tools lies in libnet and libpcap which are some of the most wonderfully functional libraries out there.

  • Packetforge-ng – On the wireless side this utility allows you to capture wireless packets and create legitimate packets with a pre-determined payload that can then be replayed using tools such as aireplay-ng
  • Scapy – This is a python based tool and can be extended to write custom Python scripts to custom create packets. This library has great functions to form packets layer-by-layer and other functions such as fuzz() that allow fuzzing of packets out of the box. The greatest utility comes by the use of python language to create custom tools. Imagine creating custom thick clients just by using simple python scripts. The capabilities with this library are endless!
  • TCPReplay – Just convert your pcaps into traffic by replaying them. An excellent tool but be careful if you’ve sniffed some ARP packets. You could end up corrupting the ARP table entries (unless that’s exactly what your intentions is 😉
  • file2air – An excellent tool by Joshua Wright to replay packet contents.
  • Packit – A really easy to use and functional linux based packet injection tool.
0

Kubuntu Static IP Script

-

I wrote a very small script to set static IPs on a kubuntu box.

#!/bin/bash
if [ $# -lt 4 ]
then
    echo "Usage: $0 <interface> <ip> <netmask> <gateway> <dns1>"
exit
fi
ifconfig $1 $2 netmask $3
echo "Static IP set"
route add default gw $4
echo "Routes added"
if [ "$5" != "" ]
then
    echo "nameserver $5" >>/etc/resolv.conf
fi
echo "DNS set"
0

Java & Oracle

-

I was looking at some Oracle databases recently and I saw that the Oracle Auditing Tool (OAT) is an awesome toolset but you just need to download the classes12.zip which are the Oracle JDBC drivers for Java into that same directory. I downloaded the classes12.zip from the Oracle site and placed it into the same folder as OAT. On linux, the .sh files will then need some editing. Just replace classes111.zip to classes12.zip and off you go.
Patrik Karlsson has done an awesome job of providing these tools. You can do the whole gamut of operations using this tool from first guessing the Oracle SID to checking for default passwords using opwg.sh.
sudo ./opwg.sh -s 192.168.1.101
The above command will give you the Oracle SID for the remote database.
Once you have the sid and the credentials you can run queries using oquery.sh
sudo ./oquery.sh -s 192.168.1.101 -u DBSNMP -p DBSMP -d db_sid_found -q "select 1 from dual"
The source of the OAT is also provided here: http://www.cqure.net/tools/oat-source-1.3.1.zip. I found an interesting decompiler for Java too (when I overlooked that the sources existed on cqure.net website) and it’s called jd-gui. It works wonderfully on linux.

0

Nessus 4.2.0 : Web Interface

-

Interestingly enough, I found last week that the new Nessus 4.2.0 works by default as a web interface. Gone are the days of using the NessusClient and connecting to TCP port 1241 and using it to connect to the nessusd. Connecting to local TCP port 8834 (https://localhost:8834) brings you to a web interface that you can use to connect to the new Nessus daemon. The nesssusd listener does not even listen on port 1241 by default.
I’ll shortly get used to it but I know the transition would be slow for me …. after it takes getting used to when you completely change the architecture after maintaining it for at least a good 7 years or so!