nion's blog

The GSM security hype is all over the place and certainly the specifications are currently totally ripped in pieces. Some of the common attacks against mobile phones for example man-in-the-middle scenarios using an IMSI-catcher base on an attacker forcing you to downgrade to a weaker cipher mode or a mode with no ciphering at all. Now the question arises, is a user noticing this change? According to GSM 02.07 there seems to be an indicator that should allow the user to see if ciphering is turned off or on. Dieter Spaar did some tests to find out which mobile phones indicate this and which not. The results are actually pretty interesting (and shocking), a lot of them don't.

The list is not that huge so far but I think it's a pretty good start and from what I've seen lately the manufacturs are more interesting than a specific phone model. A lot stuff besides the typical user interfaces, eye-candy and hardware does not change between different models. It would be also interesting to see how those phones actually indicate it. I personally haven't seen such an indicator yet so I'm not sure if it's some unknown tiny symbol which is probably meaningless to a user or not.

Results are now also collected at: http://security.osmocom.org/trac/wiki/WillMyPhoneShowAnUnencryptetConnection
which is part of a new wiki page that aims to collect all the known GSM security problems. This is also a part of the awesome osmocom-BB project.

Its always a special moment if you learn a new parameter of a command you use for ages. In this case its the -P parameter of cd.

Imagine you have a path like /some/path/which/is/pretty/long and you have /some/path/which/is/pretty/foo.
Both are directories and you have a symlink from ~/bar to the long directory and want to access the foo directory.
Because I am lazy I tried cd bar and then cd ../foo and ran into:
cd: no such file or directory: ../foo

I really wondered about this because .. should be always a hardlink.

As cd is a shell-builtin in most cases because changing the directory in a subshell would not have any effect I looked into SUS and it turned out that there is a command line switch in cd for this:

If the -P option is in effect, the cd utility shall perform actions equivalent to the chdir() function, called with curpath as the path argument. If these actions succeed, the PWD environment variable shall be set to an absolute pathname for the current working directory and shall not contain filename components that, in the context of pathname resolution, refer to a file of type symbolic link. If there is insufficient permission on the new directory, or on any parent of that directory, to determine the current working directory, the value of the PWD environment variable is unspecified. If the actions equivalent to chdir() fail for any reason, the cd utility shall display an appropriate error message and not alter the PWD environment variable. Whether the actions equivalent to chdir() succeed or fail, no further steps shall be taken.

BTW, the csh is not susv3 complaint here it will do what I expected first without using -P.

There is some new site dedicated to power saving on Linux which has some nice documentation and also links alot of interesting projects related to this topic (not only powertop).

Check it out on: http://www.lesswatts.org.

... but what could be better on this day than watching Loose Change again?

http://video.google.com/videoplay?docid=7866929448192753501

I recently wrote how to use terminfo to get colored manpages.
Today ft came up with a nice feature of less which enables you to set termcap colors by environment variables.

Just use

export LESS_TERMCAP_mb=$'\E[01;31m'
export LESS_TERMCAP_md=$'\E[01;31m'
export LESS_TERMCAP_me=$'\E[0m'
export LESS_TERMCAP_se=$'\E[0m'
export LESS_TERMCAP_so=$'\E[01;44;33m'
export LESS_TERMCAP_ue=$'\E[0m'
export LESS_TERMCAP_us=$'\E[01;32m'

in your ~/.$SHELLrc to get the same effect without having a terminfo file.

And again for all the people writing "Install most and set it as PAGER", I know about this but using most because it has colors instead of less is just stupid since less has way more features most doesn't have. D'oh this sounds really strange

UPDATE: from strcat's comment. FOO_TERMCAP can be for all programs which compiled/linked with/against termcap. See man 5 termcap for definitions.

Last Friday we had a small but pretty cool linux event at University. There was also a presentation about grml and when Valentin showed that the manuals on grml are in color there were alot of people saying "wow I want that too"

grml includes this feature since version 0.1 (thanks to Matthias Kopfermann who brought this up and had the initial idea) but alot of people don't know how that works (without using most as PAGER, most has some disadvantages over less).

So here is how it works:

$ mkdir ~/.terminfo/ && cd ~/.terminfo
Now get the terminfo description:
$ wget http://nion.modprobe.de/mostlike.txt
Now compile it using tic (the terminfo entry-description compiler)
$ tic mostlike.txt
(you may want to delete the mostlike.txt file after compiling)

And then just define an alias in the rc file of your favorite shell.
alias man="TERMINFO=~/.terminfo/ LESS=C TERM=mostlike PAGER=less man"

That's it!

If you want to modify the terminfo file, use infocmp mostlike to get the content of it later.

There are a lot of inofficial debian domains (known as debian.net domains). Some of then are really useful like changelogs.debian.net for example and others are just funny.

However I thought it might be useful to have a list of all debian.net domains so I wrote a small script.
The resulting page is on: http://people.debian.org/~nion/net-domains.html.

Yes, that's right, check out phrack.org

I can recommend Hijacking RDS-TMC Traffic Information signal, I saw the talk today at ph-neutral and it was really a good and interesting one!

I am currently writing a general purpose shared library for acpi (more on that soon).
I was interested in having a function call graph especially to see if the interface looks somehow clean and to include it in the documentation of the library. Of course I wanted to do it with open source tools. There are several tools for static call graphs but if you want dynamic call graphs you have to use additional features of your compiler to generate a graph based on code during runtime.

The first variant I tried was using egypt a small perl script to generate a dot file. Dot (today included into graphviz? is a tool originally developed at AT&T to generate hierarchical or layered drawings of directed graphs.

So what is needed?
First install software (here on a Debian systen, egypt is not included in Debian):
$ aptitude install graphviz graphicsmagick (+ download egypt from the homepage)

Compile your software using gcc with the option -dr to dump an RTL file of the source.
Most of gcc's work is done in an intermediate representation of your code, called register transfer language (RTL). This pretty much describes the instructions in plain text and is inspired by LISP lists.
Ok, here we go:
$ gcc -dr list.c libacpi.c test.c
This generates three RTL files, for every source file one. Depending on the gcc version the names may vary, here the names are libacpi.c.00.expand list.c.00.expand and test.c.00.expand.

Now use egypt to create a dot file (I don't want one for test.c now):
$ egypt libacpi.c.00.expand list.c.00.expand | dot -Gsize=100,100 -Grankdir=LR -Tps -o graph.ps
Egypt will create dot-output and by piping it to dot with -Tps -o graph.ps you get the resulting graph as a ps file. -Grankdir is used to generate a graph which runs from the left to the right, default is up-down which looks a bit strange.

Now convert the ps file into a png:
$ gm convert graph.ps graph.png
The result looks like this (looks cool huh? ):



The second variant I tested is a bit different and in my opinion the resulting graph looks a bit better.
The gcc commandline switch -finstrument-functions allows easy creations of call-graphs for C/C++ (script languages used but I haven't tried).
You need to compile every file with the -finstrument-functions switch. Then gcc places a call to the functions __cyg_profile_func_enter upon entering a function and __cyg_profile_func_exit on leaving a function.

Compile your sources with -g and -finstrumental-functions:
$ gcc -g -finstrumental-functions list.c libacpi.c test.c -o test
Now you need to get some source code by Sebastian Krahmer (SuSE):
$ wget http://www.suse.de/~krahmer/instrumental/instrumental.tgz && tar xvfz instrumental.tgz && cd instrumental
Compile a shared object file:
$ cc -fPIC -c instrumental.c && ld -Bshareable instrumental.o -o inst.so
This generates a shared object file you can preload with LD_PRELOAD
$ LD_PRELOAD=./inst.so test
.....

Now you will find a log.inst.dot.<pid> and log.inst.ascii.<pid> in /tmp (path can be modified in instrumental.c).
The first file is a dot file you can now create a ps and a png file with but you need to attach a closing bracket } at the end of the file since the package is not
able to intercept exit() or aborts. echo '}' >> log.inst.dot.<pid>
$ dot -Gsize=15,20 -Grankdir=LR -Tps -o graph.ps log.inst.dot.<pid> && gm convert graph.ps graph.png
The result looks like:


PDF file which scales a bit better

The other file represents the call graph in ascii:
~ [1000|1000|1000] -- main (0x8049ea4)
~ [1000|1000|1000] |-- check_acpi_support (0x8048984)
~ [1000|1000|1000] | |-- get_acpi_version (0x8048782)
~ [1000|1000|1000] | | |-- get_acpi_content (0x80486b4)
~ [1000|1000|1000] | | |-- scan_acpi_value (0x8048837)
~ [1000|1000|1000] |-- init_acpi_batt (0x80489d6)
~ [1000|1000|1000] | |-- dir_list (0x804a447)
~ [1000|1000|1000] | | |-- new_list (0x804a23c)
~ [1000|1000|1000] | | |-- append_node (0x804a309)
~ [1000|1000|1000] | | |-- append_node (0x804a309)
~ [1000|1000|1000] | |-- read_acpi_battinfo (0x80497d3)
~ [1000|1000|1000] | | |-- get_acpi_content (0x80486b4)
....

So both methods work but the first seems to be more useful if you want a graph for a specific file, not a specific program since you get an RTL file for each source file and you don't need all to create the dot file. The second method however looks better but has the limitation that you actually need to run the program (but that's dynamic and not static) and you can't (correct me if I miss something) create graphs for single files.

Have fun creating graphs for your favorite software and have a look into Sebastian Krahmers paper http://www.suse.de/~krahmer/instrumental/instrumental.pdf and http://www.ibm.com/developerworks/library/l-graphvis/. He also created a graph for openssh http://www.suse.de/~krahmer/ossh4.6.pdf.

UPDATE: You can also use the capabilities of valgrind to generate callgraphs in combination with a KDE tool named kcachegrind. If you use valgrind --tool=callgrind programname you can get a file with a traced callgraph you can then use in kcachegrind to export a callgraph. I just did a quick test and it looks good but has two drawbacks, KDE sucks (well just a joke ; ) and if you use a .valgrindrc file with command line options specified you have to rename it or valgrind will complain. Thanks Enrico for the hint.