csatblogspotdotcom

Friday, February 26, 2016

破解密码初试

网络抓包可获取密码,有些是明文,有些是加密过的hash值,或者Windows密码文件SAM里面的hash值,均可尝试破解; 方法1: 利用 hash-identifier.py 可以确定密码类型,hash-identifier.py 可以下载,也可以把里面的代码复制到py文件中直接执行程序,出现界面后填入hash值自动判断hash类型 参考: https://code.google.com/archive/p/hash-identifier/ https://sourceforge.net/projects/hashidentifier/ http://tools.kali.org/password-attacks/hash-identifier http://git.kali.org/gitweb/?p=packages/hash-identifier.git;a=summary 常用的MD5算法生成的hash值是128 bit的值,显示为32个字符的字符串 知道密码类型后如何破解?可以利用hashcat,参考https://en.wikipedia.org/wiki/Hashcat 和 http://hashcat.net/hashcat/; hashcat是基于CPU的,也有基于GPU的oclHashcat,参考http://hashcat.net/oclhashcat/ ;有NVidia平台和AMD平台两个版本,但自己笔记本和台式机还有虚拟机均不支持,提示“./cudaHashcat64.bin: error while loading shared libraries: libnvidia-ml.so.1: cannot open shared object file: No such file or directory”或“./oclHashcat64.bin: error while loading shared libraries: libOpenCL.so.1: cannot open shared object file: No such file or directory”,只尝试了下基于CPU的hashcat; hashcat有两个重要参数,一个是-m,指定hash类型,常见的是MD5,对应0,使用“-m 0”; 另一个是-a,attack-mode: 0 = Straight 1 = Combination 2 = Toggle-Case 3 = Brute-force 4 = Permutation 5 = Table-Lookup 8 = Prince 0是使用字典,在字典里面找对应关系,例如:hashcat -a 0 -m 0 tmp(该文件里面记录需要破解的MD5的hash值) rockyou.txt(字典); 3是掩码暴力破解,例如指定6个连续的小写字母:hashcat -a 3 -m 0 tmp(该文件里面记录需要破解的MD5的hash值) ?l?l?l?l?l?l; 方法2: 除了利用软件破解之外,还可以利用搜索引擎,例如Google,在里面贴上所需破解的密文,直接搜索结果,也有可能有所需的结果~

Labels: , , ,

Windows 7 环境下msi安装包无管理员权限的解决

win7 64 环境下安装OpenDNS的DNSCrypt,普通权限无法安装,后发现其msi安装包没有管理员权限安装的权限,菜单里没有,属性里面选项也灰掉了,网上查了下可以修改注册表,但觉得太复杂,而且有隐患,突然想到能否在powershell或cmd执行msi?试了下果然可以,于是以管理员权限运行powershell,直接 ./DNSCrypt-v0.0.6.msi 后安装界面顺利出现~ 后记: 其实最初是在另外一台PC安装,win7 64 系统安全级别设置的低一些,直接就安装了,后来想在另一台PC安装,win7 64 安全级别高一些,于是出现了上述问题

Labels: , ,

Thursday, February 25, 2016

利用nc(netcat)对IP range进行的port scanning

对某个IP的多个端口进行扫描可利用nc(netcat,详见man nc),如:nc -zv host.example.com 80 20 22 或 nc host.example.com 20-30,但如果需要对一个IP range进行扫描呢?nc本身不行,可以用nmap,也可以在shell里面操作:for i in {1..254}; do nc -vz -w 1 192.168.1.$i 22; done 扫描的是192.168.1.0这个IP段的22端口

Labels: , , ,

Wednesday, February 24, 2016

利用DNSCrypt保护DNS traffic

简介: 什么是DNSCrypt? DNSCrypt是一个开源项目(也叫dnscrypt-proxy),官网https://dnscrypt.org/相关源码在github上,Windows版client的地址https://github.com/jedisct1/dnscrypt-proxy/blob/master/README-WINDOWS.markdown,纯命令行,也可以加上不同界面,用户侧client和server之间建立起安全通道,而server则有一个专门的列表(github和下载下来的文件里面均有,站点由多个组织提供,位于全球不同地点),命令里面加参数可以指定具体哪个server(参考https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv); 另外OpenDNS(已被Cisco收购)也创建了这个开源项目的子项目(参考https://github.com/opendns?utf8=%E2%9C%93&query=DNSCrypt或者https://github.com/opendns/dnscrypt-win-client),提供Windows版客户端自带界面,所连接的server为OpenDNS自己的公共DNS; 参考(https://www.opendns.com/about/innovations/dnscrypt/ 和 https://github.com/opendns/dnscrypt-win-client) 开源DNSCrypt和OpenDNS所建的DNSCrypt子项目,二者均会在后台加装自动运行的服务,不同的是前者命令行里面手动安装,服务名为dnscrypt-proxy,后者安装软件时自动安装,服务名为OpenDNSCrypt(另外还有一个DNS Client) 为什么使用DNSCrypt? GFW等会对DNS查询进行干扰,而利用DNSCrypt能对DNS查询过程加密,就像利用SSL对http进行加密(https)一样(然而DNSCrypt加密并非SSL),对DNS查询起到保护的作用;另外一个是DNSSEC,对DNS查询进行一些认证等,也对DNS查询过程起到保护作用;DNSCrypt与DNSSEC相互补充相互配合;这里关注的是DNSCrypt; 操作过程: DNSCrypt(Windows版): 下载附件https://download.dnscrypt.org/dnscrypt-proxy/LATEST-win32-full.zip解压后管理员权限命令行进入目录执行./dnscrypt-proxy.exe -R cs-uswest2(站点名参考https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv) --test=0,测试下如果OK,则安装服务./dnscrypt-proxy.exe -R cs-uswest2(站点名) --install,services.msc里面会多出一个自动启动的dnscrypt-proxy,服务开启后本地设置DNS为127.0.0.1即可使用; DNSCrypt(OpenDNS子项目的Windows版): 到https://github.com/opendns/dnscrypt-win-client点击download zip下载打包文件,安装dnscrypt-win-client-master\DNSCryptUpgrade中的最新版(如DNSCrypt-v0.0.6.msi),services.msc里面会多出一个自动启动的OpenDNSCrypt,(实际上服务启动后DNS设置为127.0.0.1即可使用),打开界面(服务没启动时打开界面后服务也会启动)后自动安全连接使用OpenDNS提供的DNS(显示所用server为OpenDNS的IP),仔细观察发现客户端启动的时候自动将DNS修改为127.0.0.1,退出时自动还原; DNSCrypt各种平台都有,包括Android,但是Android上需要修改文件系统包括创建init.d系统,比较麻烦,暂不尝试 实际使用过程中,使用OpenDNS的DNSCrypt客户端配合OpenDNS的DNS,效果比自己修改hosts文件使用静态DNS解析 会好,例如使用DNSCrypt后http://www.w3schools.com就可以打开了,之前使用修改后hosts文件也打不开

Labels: , , , ,

Monday, February 22, 2016

tcpdump+nc(netcat)+wireshark进行手机实时跟踪抓包

准备知识: wireshark跟踪结果里面选中某行记录,右键-追踪流-tcp流,可以看到整个tcp流的信息; wireshark菜单-文件-导出对象-http,可以导出网页里面的图片等信息; nc(netcat)在Windows也有相应版本;有些版本的服务端参数为l(listening)+p(port),有些版本l和p不能一起用;老一些的版本、busybox里面自带的版本,等,均是混用的,Ubuntu14.04里面自带版本是l和p不能一起使用; 以老一点的版本为例:nc -lp 4444开启服务端监听端口4444,nc 对端IP 4444执行后建立起连接,两边可以交互; tcpdump |busybox nc -lp 4444,tcpdump的结果输出作为下一个命令的输入,“|”建立起一个无名管道,busybox是精简的工具集,这里使用了它的nc命令开启服务端口4444; 过程: 手机wifi和PC(win) wifi接入在同一LAN: 手机su后执行:tcpdump |busybox nc -lp 4444,PC(win7 64)执行.\netcat-win32-1.12\nc64.exe 192.168.1.40(手机IP) 4444,二者建立起连接,手机端命令的stderr直接输出到手机: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes stdout重定向到无名管道,最后出现在PC的nc64命令后 同时开启wireshark监听网卡的4444端口,也能看到PC和手机之间的交互,停止nc后则跟踪不到和手机相关的数据包;如果查看netstat能看到手机的4444端口和PC的某端口是建立起了连接的; 手机cellular connection + PC(win) wifi: 手机su后执行tcpdump |busybox nc -lp 4444,PC执行.\adb\adb.exe forward tcp:44444 tcp:4444 后执行 .\netcat-win32-1.12\nc64.exe 127.0.0.1 44444 PC可显示实时数据包,但wireshark还无法跟踪到,事实上此方法对wifi连接也适用;如果查看netstat,手机的4444和PC的44444分别与本设备localhost的某端口建立起连接,二者之间没有直接网络连接,这个连接是通过adb实现的,只在localhost,并没有发送出去,所以wireshark无法抓取到;如何让wireshark能抓取到?可以考虑如下思路: 1. 使用Linux; 2. 放弃wireshark使用另外的软件如RawCap等; 3. 改路由; 4. 使用管道pipes(不管匿名还是命名的),PC收到包后写到管道里面,同时wireshark读取管道; 5. 使用wireshark命令行,但尝试均失败,powershell里**\netcat-win32-1.12\nc64.exe 127.0.0.1 44444 |.\Wireshark.exe -k -S -i 或者 **\netcat-win32-1.12\nc64.exe 127.0.0.1 44444 |.\Wireshark.exe -k -S -i - 执行后是没反应的,普通用户和管理员都一样,cmd也试过能启动但只要有数据包就弹出错误;其实这种方法是最可行的,网上有一些相关信息,例如:http://www.draytek.com/index.php?option=com_k2&view=item&id=5534&Itemid=293&lang=en 等,也许是win7 64 位版本的原因吧,换成XP也许OK; (参考:https://wiki.wireshark.org/CaptureSetup/Pipes) 上面方法1-4没有具体尝试,Windows下面使用wireshark实时手机抓包确实不好操作,还是Linux好使 注意:http://code.tutsplus.com/tutorials/analyzing-android-network-traffic--mobile-10663 里面对adb forward的理解是错误的,弄反了,具体可参考:http://developer.android.com/tools/help/adb.html,adb forward tcp:6100 tcp:7100 是把PC的6100端口forward到手机的7100,forward换成reverse则是反向 后记: 最近发现安装wireshark时有一个androiddump默认没选,重新选中安装后,居然可以实时跟踪手机包:1. 手机连上电脑并打开USB调试;2. adb需启动;3. 打开wireshark界面自动显示Android的几个相关interfaces,选中即可进行跟踪 参见:https://www.wireshark.org/docs/man-pages/androiddump.html

Labels: , , ,

Tuesday, February 16, 2016

man for netcat(nc)

取自Ubuntu man NC(1) BSD General Commands Manual NC(1) NAME nc — arbitrary TCP and UDP connections and listens SYNOPSIS nc [-46bCDdhklnrStUuvZz] [-I length] [-i interval] [-O length] [-P proxy_username] [-p source_port] [-q seconds] [-s source] [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol] [-x proxy_address[:port]] [destination] [port] DESCRIPTION The nc (or netcat) utility is used for just about anything under the sun involving TCP, UDP, or UNIX-domain sockets. It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6. Unlike telnet(1), nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet(1) does with some. Common uses include: · simple TCP proxies · shell-script based HTTP clients and servers · network daemon testing · a SOCKS or HTTP ProxyCommand for ssh(1) · and much, much more The options are as follows: -4 Forces nc to use IPv4 addresses only. -6 Forces nc to use IPv6 addresses only. -b Allow broadcast. -C Send CRLF as line-ending. -D Enable debugging on the socket. -d Do not attempt to read from stdin. -h Prints out nc help. -I length Specifies the size of the TCP receive buffer. -i interval Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports. -k Forces nc to stay listening for another connection after its current connection is completed. It is an error to use this option without the -l option. -l Used to specify that nc should listen for an incoming connection rather than initi‐ ate a connection to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored. -n Do not do any DNS or service lookups on any specified addresses, hostnames or ports. -O length Specifies the size of the TCP send buffer. -P proxy_username Specifies a username to present to a proxy server that requires authentication. If no username is specified then authentication will not be attempted. Proxy authenti‐ cation is only supported for HTTP CONNECT proxies at present. -p source_port Specifies the source port nc should use, subject to privilege restrictions and availability. -q seconds after EOF on stdin, wait the specified number of seconds and then quit. If seconds is negative, wait forever. -r Specifies that source and/or destination ports should be chosen randomly instead of sequentially within a range or in the order that the system assigns them. -S Enables the RFC 2385 TCP MD5 signature option. -s source Specifies the IP of the interface which is used to send the packets. For UNIX-domain datagram sockets, specifies the local temporary socket file to create and use so that datagrams can be received. It is an error to use this option in conjunction with the -l option. -T toskeyword Change IPv4 TOS value. toskeyword may be one of critical, inetcontrol, lowcost, lowdelay, netcontrol, throughput, reliability, or one of the DiffServ Code Points: ef, af11 ... af43, cs0 ... cs7; or a number in either hex or decimal. -t Causes nc to send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. This makes it possible to use nc to script telnet sessions. -U Specifies to use UNIX-domain sockets. -u Use UDP instead of the default option of TCP. For UNIX-domain sockets, use a data‐ gram socket instead of a stream socket. If a UNIX-domain socket is used, a tempo‐ rary receiving socket is created in /tmp unless the -s flag is given. -V rtable Set the routing table to be used. The default is 0. -v Have nc give more verbose output. -w timeout Connections which cannot be established or are idle timeout after timeout seconds. The -w flag has no effect on the -l option, i.e. nc will listen forever for a con‐ nection, with or without the -w flag. The default is no timeout. -X proxy_protocol Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are “4” (SOCKS v.4), “5” (SOCKS v.5) and “connect” (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used. -x proxy_address[:port] Requests that nc should connect to destination using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy protocol is used (1080 for SOCKS, 3128 for HTTPS). -Z DCCP mode. -z Specifies that nc should just scan for listening daemons, without sending any data to them. It is an error to use this option in conjunction with the -l option. destination can be a numerical IP address or a symbolic hostname (unless the -n option is given). In general, a destination must be specified, unless the -l option is given (in which case the local host is used). For UNIX-domain sockets, a destination is required and is the socket path to connect to (or listen on if the -l option is given). port can be a single integer or a range of ports. Ranges are in the form nn-mm. In gen‐ eral, a destination port must be specified, unless the -U option is given. CLIENT/SERVER MODEL It is quite simple to build a very basic client/server model using nc. On one console, start nc listening on a specific port for a connection. For example: $ nc -l 1234 nc is now listening on port 1234 for a connection. On a second console (or a second machine), connect to the machine and port being listened on: $ nc 127.0.0.1 1234 There should now be a connection between the ports. Anything typed at the second console will be concatenated to the first, and vice-versa. After the connection has been set up, nc does not really care which side is being used as a ‘server’ and which side is being used as a ‘client’. The connection may be terminated using an EOF (‘^D’). There is no -c or -e option in this netcat, but you still can execute a command after con‐ nection being established by redirecting file descriptors. Be cautious here because opening a port and let anyone connected execute arbitrary command on your site is DANGEROUS. If you really need to do this, here is an example: On ‘server’ side: $ rm -f /tmp/f; mkfifo /tmp/f $ cat /tmp/f | /bin/sh -i 2>&1 | nc -l 127.0.0.1 1234 > /tmp/f On ‘client’ side: $ nc host.example.com 1234 $ (shell prompt from host.example.com) By doing this, you create a fifo at /tmp/f and make nc listen at port 1234 of address 127.0.0.1 on ‘server’ side, when a ‘client’ establishes a connection successfully to that port, /bin/sh gets executed on ‘server’ side and the shell prompt is given to ‘client’ side. When connection is terminated, nc quits as well. Use -k if you want it keep listening, but if the command quits this option won't restart it or keep nc running. Also don't forget to remove the file descriptor once you don't need it anymore: $ rm -f /tmp/f DATA TRANSFER The example in the previous section can be expanded to build a basic data transfer model. Any information input into one end of the connection will be output to the other end, and input and output can be easily captured in order to emulate file transfer. Start by using nc to listen on a specific port, with output captured into a file: $ nc -l 1234 > filename.out Using a second machine, connect to the listening nc process, feeding it the file which is to be transferred: $ nc host.example.com 1234 < filename.in After the file has been transferred, the connection will close automatically. TALKING TO SERVERS It is sometimes useful to talk to servers “by hand” rather than through a user interface. It can aid in troubleshooting, when it might be necessary to verify what data a server is sending in response to commands issued by the client. For example, to retrieve the home page of a web site: $ printf "GET / HTTP/1.0\r\n\r\n" | nc host.example.com 80 Note that this also displays the headers sent by the web server. They can be filtered, using a tool such as sed(1), if necessary. More complicated examples can be built up when the user knows the format of requests required by the server. As another example, an email may be submitted to an SMTP server using: $ nc [-C] localhost 25 << EOF HELO host.example.com MAIL FROM: RCPT TO: DATA Body of email. . QUIT EOF PORT SCANNING It may be useful to know which ports are open and running services on a target machine. The -z flag can be used to tell nc to report open ports, rather than initiate a connection. Usu‐ ally it's useful to turn on verbose output to stderr by use this option in conjunction with -v option. For example: $ nc -zv host.example.com 20-30 Connection to host.example.com 22 port [tcp/ssh] succeeded! Connection to host.example.com 25 port [tcp/smtp] succeeded! The port range was specified to limit the search to ports 20 - 30, and is scanned by increasing order. You can also specify a list of ports to scan, for example: $ nc -zv host.example.com 80 20 22 nc: connect to host.example.com 80 (tcp) failed: Connection refused nc: connect to host.example.com 20 (tcp) failed: Connection refused Connection to host.example.com port [tcp/ssh] succeeded! The ports are scanned by the order you given. Alternatively, it might be useful to know which server software is running, and which ver‐ sions. This information is often contained within the greeting banners. In order to retrieve these, it is necessary to first make a connection, and then break the connection when the banner has been retrieved. This can be accomplished by specifying a small timeout with the -w flag, or perhaps by issuing a "QUIT" command to the server: $ echo "QUIT" | nc host.example.com 20-30 SSH-1.99-OpenSSH_3.6.1p2 Protocol mismatch. 220 host.example.com IMS SMTP Receiver Version 0.84 Ready EXAMPLES Open a TCP connection to port 42 of host.example.com, using port 31337 as the source port, with a timeout of 5 seconds: $ nc -p 31337 -w 5 host.example.com 42 Open a UDP connection to port 53 of host.example.com: $ nc -u host.example.com 53 Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the IP for the local end of the connection: $ nc -s 10.1.2.3 host.example.com 42 Create and listen on a UNIX-domain stream socket: $ nc -lU /var/tmp/dsocket Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, port 8080. This exam‐ ple could also be used by ssh(1); see the ProxyCommand directive in ssh_config(5) for more information. $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42 The same example again, this time enabling proxy authentication with username “ruser” if the proxy requires it: $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42 SEE ALSO cat(1), ssh(1) AUTHORS Original implementation by *Hobbit* ⟨hobbit@avian.org⟩. Rewritten with IPv6 support by Eric Jackson . Modified for Debian port by Aron Xu ⟨aron@debian.org⟩. CAVEATS UDP port scans using the -uz combination of flags will always report success irrespective of the target machine's state. However, in conjunction with a traffic sniffer either on the target machine or an intermediary device, the -uz combination could be useful for communica‐ tions diagnostics. Note that the amount of UDP traffic generated may be limited either due to hardware resources and/or configuration settings. BSD February 16, 2016 BSD

Labels: , ,

Monday, February 15, 2016

Introduction to Named Pipes(转自http://www.linuxjournal.com/article/2156)

命名管道的介绍,讲解的很好,转载一下: Introduction to Named Pipes Sep 01, 1997 By Andy Vaught in SysAdmin A very useful Linux feature is named pipes which enable different processes to communicate. One of the fundamental features that makes Linux and other Unices useful is the “pipe”. Pipes allow separate processes to communicate without having been designed explicitly to work together. This allows tools quite narrow in their function to be combined in complex ways. A simple example of using a pipe is the command: ls | grep x When bash examines the command line, it finds the vertical bar character | that separates the two commands. Bash and other shells run both commands, connecting the output of the first to the input of the second. The ls program produces a list of files in the current directory, while the grep program reads the output of ls and prints only those lines containing the letter x. The above, familiar to most Unix users, is an example of an “unnamed pipe”. The pipe exists only inside the kernel and cannot be accessed by processes that created it, in this case, the bash shell. For those who don't already know, a parent process is the first process started by a program that in turn creates separate child processes that execute the program. The other sort of pipe is a “named” pipe, which is sometimes called a FIFO. FIFO stands for “First In, First Out” and refers to the property that the order of bytes going in is the same coming out. The “name” of a named pipe is actually a file name within the file system. Pipes are shown by ls as any other file with a couple of differences: % ls -l fifo1 prw-r--r-- 1 andy users 0 Jan 22 23:11 fifo1| The p in the leftmost column indicates that fifo1 is a pipe. The rest of the permission bits control who can read or write to the pipe just like a regular file. On systems with a modern ls, the | character at the end of the file name is another clue, and on Linux systems with the color option enabled, fifo| is printed in red by default. On older Linux systems, named pipes are created by the mknod program, usually located in the /etc directory. On more modern systems, mkfifo is a standard utility. The mkfifo program takes one or more file names as arguments for this task and creates pipes with those names. For example, to create a named pipe with the name pipe1 give the command: mkfifo pipe The simplest way to show how named pipes work is with an example. Suppose we've created pipe as shown above. In one virtual console1, type: ls -l > pipe1 and in another type: cat < pipe Voila! The output of the command run on the first console shows up on the second console. Note that the order in which you run the commands doesn't matter. If you haven't used virtual consoles before, see the article “Keyboards, Consoles and VT Cruising” by John M. Fisk in the November 1996 Linux Journal. If you watch closely, you'll notice that the first command you run appears to hang. This happens because the other end of the pipe is not yet connected, and so the kernel suspends the first process until the second process opens the pipe. In Unix jargon, the process is said to be “blocked”, since it is waiting for something to happen. One very useful application of named pipes is to allow totally unrelated programs to communicate with each other. For example, a program that services requests of some sort (print files, access a database) could open the pipe for reading. Then, another process could make a request by opening the pipe and writing a command. That is, the “server” can perform a task on behalf of the “client”. Blocking can also happen if the client isn't writing, or the server isn't reading. Pipe Madness Create two named pipes, pipe1 and pipe2. Run the commands: echo -n x | cat - pipe1 > pipe2 & cat pipe1 On screen, it will not appear that anything is happening, but if you run top (a command similar to ps for showing process status), you'll see that both cat programs are running like crazy copying the letter x back and forth in an endless loop. After you press ctrl-C to get out of the loop, you may receive the message “broken pipe”. This error occurs when a process writing to a pipe when the process reading the pipe closes its end. Since the reader is gone, the data has no place to go. Normally, the writer will finish writing its data and close the pipe. At this point, the reader sees the EOF (end of file) and executes the request. Whether or not the “broken pipe” message is issued depends on events at the exact instant the ctrl-C is pressed. If the second cat has just read the x, pressing ctrl-C stops the second cat, pipe1 is closed and the first cat stops quietly, i.e., without a message. On the other hand, if the second cat is waiting for the first to write the x, ctrl-C causes pipe2 to close before the first cat can write to it, and the error message is issued. This sort of random behavior is known as a “race condition”. Command Substitution Bash uses named pipes in a really neat way. Recall that when you enclose a command in parenthesis, the command is actually run in a “subshell”; that is, the shell clones itself and the clone interprets the command(s) within the parenthesis. Since the outer shell is running only a single “command”, the output of a complete set of commands can be redirected as a unit. For example, the command: (ls -l; ls -l) >ls.out writes two copies of the current directory listing to the file ls.out. Command substitution occurs when you put a < or > in front of the left parenthesis. For instance, typing the command: cat <(ls -l) results in the command ls -l executing in a subshell as usual, but redirects the output to a temporary named pipe, which bash creates, names and later deletes. Therefore, cat has a valid file name to read from, and we see the output of ls -l, taking one more step than usual to do so. Similarly, giving >(commands) results in Bash naming a temporary pipe, which the commands inside the parenthesis read for input. If you want to see whether two directories contain the same file names, run the single command: cmp <(ls /dir1) <(ls /dir2) The compare program cmp will see the names of two files which it will read and compare. Command substitution also makes the tee command (used to view and save the output of a command) much more useful in that you can cause a single stream of input to be read by multiple readers without resorting to temporary files—bash does all the work for you. The command: ls | tee >(grep foo | wc >foo.count) \ >(grep bar | wc >bar.count) \ | grep baz | wc >baz.count counts the number of occurrences of foo, bar and baz in the output of ls and writes this information to three separate files. Command substitutions can even be nested: cat <(cat <(cat <(ls -l)))) works as a very roundabout way to list the current directory. As you can see, while the unnamed pipes allow simple commands to be strung together, named pipes, with a little help from bash, allow whole trees of pipes to be created. The possibilities are limited only by your imagination. Andy Vaught is currently a PhD candidate in computational physics at Arizona State University and has been running Linux since 1.1. He enjoys flying with the Civil Air Patrol as well as skiing. He can be reached at andy@maxwell.la.asu.edu.

Labels: , ,

Unix domain socket or IPC socket (inter-process communication socket) and named pipes

参考 https://en.wikipedia.org/wiki/Unix_domain_socket https://en.wikipedia.org/wiki/Inter-process_communication Unix domain socket or IPC socket (inter-process communication socket) 进程间通信,其具体实现有多种方式,named pipes就是一种方式 Like named pipes, Unix domain sockets support transmission of a reliable stream of bytes (SOCK_STREAM, compare to TCP). In addition, they support ordered and reliable transmission of datagrams (SOCK_SEQPACKET), or unordered and unreliable transmission of datagrams (SOCK_DGRAM, compare to UDP). Unix domain sockets支持可靠的字节流,就像TCP一样,此外还支持有序的可靠的datagrams的传输,按我的理解,就像IP对数据包进行分段一样,每个分段有序号,到达目的地之后再按序还原,此外还有无序不可靠的例如UDP

Labels: , ,

Friday, February 12, 2016

对于Android上ssh的思考

Android可以使用adb连上电脑操作,甚至可以通过wifi方式adb,那更进一步,能否在Android开启ssh服务,使用ssh连接手机进行操作? PC端一般是OpenSSH(现在也有Windows版本,参考https://winscp.net/eng/docs/guide_windows_openssh_server,而FileZilla只是个传送文件的Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP))提供ssh服务,而小型系统如嵌入式和移动设备,dropbear是一个选择,dropbear的获取有几种方法: 1. dropbear官网http://matt.ucc.asn.au/dropbear/提供源码,下载后自己编译; 2. https://code.google.com/archive/p/droidsshd/downloads提供下载已编译好的dropbearmulti; 3. cyanogenmod.org提供Android的ROM,下载对应的ROM后里面含有相关可执行文件,以前的版本是dropbear,从CM9开始已经是OpenSSH了; (有的busybox里面集成了dropbear,参考http://android.stackexchange.com/questions/123183/how-do-i-install-dropbear-ssh-on-android这里面也介绍了安装dropbear的过程,但自己下载的版本里面没看到) 对于第一种方式,需Cross Compiling,参考(http://wiki.beyondlogic.org/index.php?title=Cross_Compiling_BusyBox_for_ARM) 首先官网下载wget http://matt.ucc.asn.au/dropbear/dropbear-2015.71.tar.bz2并解压tar -xvjf dropbear-2015.71.tar.bz2 下一步安装编译器sudo apt-get install gcc-arm-linux-gnueabihf(没有安装libncurses5-dev) 这里需要注意的是gcc-arm-linux-gnueabi和gcc-arm-linux-gnueabihf,前者针对armel architecture的编译器,后者是针对armhf architecture的编译器,armel和armhf有什么区别?简单的说就是armel硬件差点,浮点运算是靠模拟器执行,效率低,针对的是低端,后者是硬件支持浮点运算,高级一些,现在的手机CPU性能越来越好,于是直接使用后者编译吧 接下来进入加压目录执行./configure --host=arm-linux-gnueabihf --prefix=/ --disable-zlib CC=arm-linux-gnueabihf-gcc LD=arm-linux-gnueabihf-ld注意这里用不着zlib,使用sftp才用得到,而dropbear是不包含sftp的 再下一步:make 得到几个dropbear、dropbearkey、dropbearconvert、dbclient(这里有点小问题:缺少了可执行文件scp,虽然生成了scpmisc.o和scp.o等文件;另外本想编译到一个文件中也失败) 继续使用arm-linux-gnueabihf-strip dropbear命令对这几个小文件进行瘦身(按我的理解是去掉可执行文件里的debug信息和多余的空格类字符等),可执行文件小了不少 放到Android里执行提示:k_shell/2000:6210: dropbear: No such file or directory,更换为gcc-arm-linux-gnueabi(最初为gcc-arm-linux-gnueabihf)重新编译也一样,(后来又回头折腾了下,网上有的说是动态库/静态库的问题,自己在PC创建了库文件链接,也指明静态库,但结果仍不行;--静态库是编译的时候把库文件包进去,动态库不包而是运行的时候动态加载),自行编译失败; 对于dropbearmulti,从这里:https://code.google.com/archive/p/droidsshd/downloads下载已编译好的dropbearmulti,这个dropbearmulti是一个可执行文件,集成了多个命令,直接执行提示包含以下四个命令: Dropbear multi-purpose version 0.52 Make a symlink pointing at this binary with one of the following names: 'dropbear' - the Dropbear server 'dbclient' or 'ssh' - the Dropbear client 'dropbearkey' - the key generator 'scp' - secure copy 做好几个命令的软连接后,利用命令生成rsa和dss的key: dropbearkey -t rsa -f ****/dropbear_rsa_host_key(dropbearmulti给的默认为/data/data/br.com.bott.droidsshd/files/etc/dropbear_rsa_host_key) dropbearkey -t dss -f ****/dropbear_dss_host_key(dropbearmulti给的默认为/data/data/br.com.bott.droidsshd/files/etc/dropbear_dss_host_key) 开启服务(使用root用户,如普通用户执行后是没反应的): dropbear -A -N username -U 0 -G 0 -C password -p IP:portnumber (以上参考http://www.droidforums.net/threads/ssh-daemon-dropbear-on-android-2-0.9038/和http://paguilar.org/?p=30) 下一步就可以使用客户端连接了,实际使用效果不太好,连接反应有些慢,连上后操作还可以(局域网环境),过一会不操作就没反应了,需要重新连接,而且不管什么用户名,只要登录上去就是root权限,更让人失望的是没有sftp服务,没法在其他系统通过客户端去获取文件,而在其他系统使用scp去获取该系统文件时又提示: sh: /data/data/br.com.bott.droidsshd/files/bin/sftp-server: not found Fatal: Received unexpected end-of-file from server 还是需要sftp服务,如何获取sftp服务?可以利用OpenSSH的sftp(参考http://wiki.beyondlogic.org/index.php?title=Cross_Compiling_SFTP-Server_DropBear_for_ARM;https://www.cybermilitia.net/2009/02/28/dropbear-on-debian/;https://github.com/iMilnb/docs/blob/master/dropbear%2Bsftp-android.md;等) 里面的scp试了下也不行,提示:unknown user 0255,执行dbclient(root或普通用户)则提示:dbclient: exited: Unknown own user(有人说是不同系统libc不一样造成的,参见https://sourceforge.net/p/openqrm/mailman/message/26489043/)有可能是没/etc/passwd但手动加上该文件也不行。。 既然dropbear没有sftp,无法传送文件,对于一个手机打开ssh服务提供终端服务而不能传送文件,有何必要?我想这是个鸡肋,对于一个处理能力和续航能力等各方面性能都普通的移动设备来说,要么什么都不打开,要么临时打开提供传送文件,具体如何实施更为简洁?上面提到的第三种方法值得一试,到CyanogenMod官网找到自己的手机型号,下载相关ROM,拷贝ROM中所需文件到自己目录直接使用; 下载到一个cm-7.2.0-galaxysmtd.zip,东西很全,里面包含dropbear、dropbearkey、scp、sftp-server、ssh,(这一套dropbear的默认路径为/data/dropbear,另外还有个/dtata/.ssh里面有个known_hosts),甚至bash、sqlite3、tcpdump、vim、busybox、iptables等诸多程序也自带了,很不错。把那几个文件复制到和ROM中同样的/system/xbin或者/system/bin,sftp-server没啥提示,也不想折腾了,dropbear是OK的,先用dropbearkey生成key,再开启dropbear,普通用户也可以开启,但是别人登录的时候就不行,用root用户开启ssh服务就可以正常登录;ssh(client)有点问题(为了执行ssh(client)专门在笔记本上装了个ssh server(win版OpenSSH))对root来说,提示unknown host是否信任,之后输入啥都没反应除非杀死进程,只有普通用户使用ssh才OK;另外scp如果root使用也和ssh一样不OK,普通用户从其他地方拷贝文件到本地OK,需要注意的是默认目录是C:/(Windows)或/(Linux),下载到其他目录需要自己添加路径后缀,root或普通用户拷贝远程的文件到本机也是要么lost connection要么输入密码后没反应了,为何?路径问题,默认C:/(Windows)或/(Linux)手动指明路径后OK,例如:scp ./test1 ssh@192.168.1.**:/users/ssh/test1(ssh是用户名),或scp a.txt ***@***:/home/***/; CyanogenMod从版本9开始是OpenSSH,试了下cm-10.2.1-jfltexx.zip,里面包含sshd、ssh、scp、sftp、ssh-keygen,执行sshd、ssh、scp、sftp全提示需要libssh.so,拷贝libssh.so过来到/system/lib/,不行,提示cannot locate symbol "EVP_ripemd160" referenced by "libssh.so"...,libssl.so也过来(系统原有libssl.so先备份),也不行,提示一样,重启,还不行,提示不变; 看来直接拷贝过来的可执行文件不是那么靠谱,OpenSSH那一套行不通,估计是缺少了正确的依赖文件,dropbear那一套部分可用(dropbear服务和ssh,scp和sftp-server不OK); 另外对于dropbear开ssh server,CM官网有介绍https://wiki.cyanogenmod.org/w/Doc:_dropbear,可以采用rsa key的方式免密码登录,或者更改root密码通过root+密码方式登录,过程介绍很详细; 仔细想想,这些东西对于一个手机来说到底有没有用呢?首先手机各方面性能,包括续航能力、计算能力、安全性,各方面都不如PC,尤其是安全问题(dropbear等可执行文件被其他程序利用了开了端口,所以放在那里也不安全),并不适合开启服务给别人连接,而且手机上的app也多且实用,通信方面足够用了,打电话、浏览网页、聊天等,如果PC连手机,adb足够,拷贝东西?直接把手机当存储设备吧。只有极少应用场景,例如有时候急需ssh到某处,那就留下ssh和scp客户端吧(root没法用只能普通用户用),其他的看个人喜好 后记: cellular connection时如果运营商为手机提供公网IP且允许inbound连接被访问,那么可以从其他位置访问ssh服务,如果不是,例如运营商封了inbound的端口或者分配了内网IP,那么及时手机开了ssh服务也没法被外部直接访问,不过可以试一下dynamic domain name service动态域名解析服务,给手机IP分一个域名,绑定,例如http://no-ip.com 或 http://dyndns.com,相关应用DynDNS for Android,参考http://www.droidforums.net/threads/ssh-daemon-dropbear-on-android-2-0.9038/

Labels: , , ,

Windows安装filezilla server遇到的问题

Windows 7 64 安装filezilla server,安装完成后运行提示: Could not load TLS libraries. Aborting start of administration interface. 原因是缺少系统补丁:KB2533623(参考https://forum.filezilla-project.org/viewtopic.php?t=39838) 安装补丁无法执行,看了下services.msc原来Windows update服务被禁用了,临时启用安装补丁重启系统后,filezilla server正常运行 其实filezilla Supports FTP, FTP over SSL/TLS (FTPS) and SSH File Transfer Protocol (SFTP),是用来文件传输的,而Windows下应用软件相当多,filezilla server实际用处并不大,如果要使用ssh登录进入terminal,即使用ssh server,现在已经有win版OpenSSH(参见https://winscp.net/eng/docs/guide_windows_openssh_server),而且还是Microsoft的powershell组织贡献的,当然除此之外,也可以尝试其他诸多软件; Linux下又是另一番情形,Linux server极多,ssh应用广泛,使用OpenSSH即可

Labels: , ,

Thursday, February 11, 2016

ssh的两种“key”

安装ssh服务时,必须生成key,linux系统安装ssh时自动安装了,而有些则需要手动生成,例如Android中安装dropbear运行ssh服务前,需手动生成key,这种key是用于ssh管道的,这个管道可以提供terminal服务也可以提供文件传输服务; 另外一种key是用于客户端的认证的,登录认证可以是用户名和密码也可以是key; 下面的帖子说的很清楚了:http://security.stackexchange.com/questions/55947/how-does-sftp-function-without-a-manually-generated-public-private-key-pair 以下是节选: Short answer: there is necessarily a public/private key pair on the server. There may be a public/private key pair on the client, but the server may elect to authenticate clients with passwords instead, SSH is a generic tunnel mechanism, in which some "application data" is transferred. One such application is the "remote shell" which is used to obtain an open "terminal" on a server, in which terminal applications can be run. Another, distinct application is the file transfer protocol known as SFTP. From the SSH point of view, which application is used is irrelevant. This means that any authentication concept applies equally to SSH (the "remote shell" part) and SFTP. The server MUST have a public/private key pair. That key is used for the tunnel part, so a server will use the same key pair for all applicative protocols. Most Unix-like operating systems (e.g. Linux) create a SSH key pair when first installed, and will use it thereafter. This means that you don't have to "create a key" when you configure your SSH server to also be used as SFTP: the server already has a key. A client may have a public/private key pair if it wishes to be authenticated based on that key; this is all about client authentication, i.e. about how the server will make sure that it is talking to the right client. Password-based authentication and key-based authentication are the two most common methods (some servers are configured to require both). By definition, only the key-based authentication requires that the client stores and uses a key pair of its own. 另一个人: In SSH, you have two sets of key pairs: one for the server and one for the users. The server key pair is mandatory but it is typically generated during the installation of the server: all you have to do is validate the server public key fingerprint (a simple hash) and, as long as the key is unchanged, your client will silently connect. The key pair you use for authenticating, however, can be optional (or disallowed) depending on what authentication method you've decided to allow or require on the server. The Wiki article on SSH has plenty of juicy details but, to summarise, there are 4 supported authentication mechanism: Password requires a username and password combination Public key requires acess to the private part of the public key you use for authentication (typically, you setup the key pair on the client and just update the server configuration with your public key). Keyboard interactive is mostly used for one-time passwords and similar. GSSAPI, a framework used for implementing other authentication scheme, usually to implement single sign-on (most notably Kerberos)

Labels: , , ,

Wednesday, February 10, 2016

win7-64系统Virtual CD-ROM Control Panel加载驱动被拒绝的原因

微软给出了虚拟光驱Virtual CD-ROM Control Panel 2.0.1.1包含一个驱动VCdRom.sys(9K)和一个可执行文件VCdControlTool.exe(23K),readme里面是针对winXP的,实际上win7也可,但win7-64对驱动文件更严格了,需要签名才行,导致该虚拟光驱加载驱动时提示“此驱动程序被阻止加载”,怎么办?要么执行: bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS 重启后,系统降低要求,没有签名的驱动也可加载,可顺利使用,但这样降低了系统安全性,干脆更换为其他的虚拟光驱,如:DAEMON Tools等

Labels: ,

某modem导致的广告重定向和个别IP80端口被封等等诸多问题

安装宽带送的一个猫modem自带AP功能,居然限制4个设备的连接数量。。。后来想办法弄到了内置的设置页面,解除了设备个数限制,但新设备连接进来时流量网页会重定向到某广告页面,第二次和以后访问就不会了,想想就忍了;然而今天又发现了一个新问题:访问不了forum.xda-developers.com,通过手机和其他网络都可以,nslookup能正常解析为207.244.72.9,ping 207.244.72.9也通,但是telnet 207.244.72.9 80是没反应的,到底是哪里封了这个IP的端口呢?换上另一个不同批次的modem就OK了,看来还是原有modem的问题,另外信号也要好些,而且同样很强信号强度时,各种移动设备连接上网的速度也明显快了,此外,重定向页面的情况也少了,看来,换一个modem一箭四雕

Labels:

关于Android自带截屏和录屏命令

Android自带截屏软件screencap和屏幕录像软件screenrecord,可使用手机终端执行或通过adb执行,注意,如果root用户执行手机会重启,PC的adb里显示“Segmentation fault”,普通用户执行是正常的;截屏或录像的结果可保存到指定位置,或者直接输出到stdout,如adb等终端,而adb shell会将\n转换为\r\n,自己处理一下删掉多余的\r即可保存为图片或视频 后记: 有些系统自带screenshot截屏软件(除了screencap外) 另外,刚发现在手机中命令行执行screenrecord提示Unable to open '文件名': Permission denied 在电脑上adb进入手机则可录制

Labels: ,

Tuesday, February 9, 2016

Android中无法解析域名的解决

Android手机正常使用,但通过terminal emulator或者adb进入Android执行ping 域名,或者nslookup 域名,或者使用busybox ping都提示错误,原因在于Android无/etc/resolv.conf文件,解决方法就是手动添加这个文件(/etc指向/system/etc),在里面添加nameserver ***,添加完成后立即执行命令正常

Labels: , , ,

Monday, February 8, 2016

关于网络抓包--手机抓包测试

之前尝试了PC上不同系统(Windows和Linux)中的抓包,现在继续探索手机上的抓包 相关知识 对于手机抓包,可以让手机通过PC代理联网(两类方式:1.PC开启代理后手机接入同一网段通过代理上网;2.PC直接开热点让手机连;第二种方式也是代理,只不过PC除了代理功能外还充当了AP)在PC上抓包,或者直接在手机上执行抓包程序(tcpdump以及诸多应用程序,tcpdump及部分app需要手机root,而另一些app甚至无需手机root;命令的输入可以在手机安装终端app或者电脑上使用),前者只能抓取到手机wifi模块,如果PC上使用wireshark则可以实时查看,后者可抓包wifi和cellular data communication(包括GPRS/3G/4G等),有的app可实时查看; 这里使用tcpdump手机版,已root的手机通过USB连接PC,安装好驱动,PC通过adb进入手机执行命令,这样做的好处是尽量减少在手机安装app的同时能抓取手机wifi模块和蜂窝模块的数据,抓包的结果则在PC上进行查看与分析; 具体操作 首先手机需root,否则adb进入手机命令行后无法执行su,有些目录没有权限,直接抓包会提示没有权限操作wifi或蜂窝设备; 手机需装好驱动,让PC和手机通过USB能流畅沟通,adb能顺利连上手机并进入手机系统命令行; 手机需打开开发者选项和USB调试,否则adb devices(列出连接的设备)结果为空,即PC发现不了设备; 手机上弹出的是否信任**需选择信任,否则adb devices列出的设备对应状态为offline,信任后列出的状态为device; 选择的tcpdump需是针对手机编译的版本(手机一般为arm处理器),也可以自行编译; 上述准备工作做好后adb shell进入手机命令终端,su进入root,将SD卡中的tcpdump拷贝至用户app目录如/data/app并修改权限、所属组等(无chgrp可使用touch创建空文件然后cat 原文件 > 新文件;当然也可chown 所属用户:所属组 文件名),执行./tcpdump或者/data/app/tcpdump直接输出,或者加上-w tmp.pcap将结果保存至tmp.pcap文件;也可“mount -wo remount rootfs /”将根目录挂载为读写后(根目录原本只读)拷贝tcpdump至/sbin,接着再“mount -ro remount rootfs /恢复根目录为只读,此时直接执行tcpdump即可; 抓包wifi模块会提示: listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes 说明tcpdump已知道了所抓包设备的链路层协议--Ethernet,和笔记本wifi联网后tcpdump的提示一样; 而抓包cellular connection会提示: listening on rmnet0, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 这说明tcpdump没能识别link-type或者说没能知道链路层协议是哪种(手机安装busybox后执行busybox ifconfig可显示rmnet0的link层是PPP协议,而用Android自带的ifconfig无显示),在Linux下tcpdump -D列出的可抓包设备会显示 any (Pseudo-device that captures on all interfaces) 抓取这个pseudo-device时tcpdump也会提示上面LINUX_SLL (Linux cooked)那一段 需要说明的是cellular connection时,是有连接的服务,不存在网关(通过route -n可显示),网关在以太网里面才存在 抓包cellular connection时手机IP和该IP的下一跳为10网段一内网IP,而且每次连接后所分IP和traceroute到的下一跳IP都不同,例如现在手机IP是10.a,下一跳是10.b,关闭手机上网后马上再开,tcpdump结果看出手机IP为10.c而traceroute显示手机下一跳为10.d,另外,下下一跳为112.96.*.253,每次也不一样 那么两个手机能否互通呢?用同一位置同一运营商(说明连接到同一基站)的手机上运行Fing这个app,里面有ping工具,去ping测刚才手机的IP,无反应,而ping手机IP下一跳是通的,有没有可能是手机本身对ping无回应呢?同时连接两个手机到同一wifi,互ping都是OK的,会不会是手机针对cellular connection的ping无回应而对wifi的ping回应?我的分析和判断:从执行tcpdump后的显示来看,tcpdump把wifi和cellular看做不同的网络设备,wifi下为wlan0,cellular connection时为rmnet0,底层是不同的硬件在处理,而到了IP这一层,则由系统即软件处理,不同设备提供的信息到了这一层都统一处理,按我的判断,是上联路由根本没有将ping测的数据包转发至目的地,即同一基站下的用户之间并不互通,这一点可通过被ping手机上运行./tcpdump并未显示数据包到达 来验证;还有没有可能是cellular模块本身不支持ping的ICMP?手机app来ping自己的IP,或者adb进入手机命令终端执行ping,是能够ping通自己的;另外,参考http://www.droidforums.net/threads/ssh-daemon-dropbear-on-android-2-0.9038/有的运营商会给手机提供外部IP且可以访问,这样的话cellular和wifi是一样的,如果运营商没提供公网IP或封了inbound的连接,cellular时就没法做服务来被直接访问,结合dynamic domain name service例如 http://no-ip.com 或 http://dyndns.com可以一试; 介绍GPRS原理的资料里面显示手机cellular connection的协议栈里面,应用层下面可以是IP也可以是X.25,现在用自己的3G手机测试,发现是走IP,现在IP化的趋势是不可阻挡了 最后抓包的结果存为文件后使用工具进行分析,wireshark是一个不错的选择 后记: 今天发现Windows下载adb-setup-1.4.3.exe解压得到adb.exe及相关dll,直接执行即可,adb实际版本为1.0.32,前提条件是驱动装好 驱动有MTP驱动(媒体设备、存储相关)、PTP驱动(摄像头相关)、adb驱动,运行adb.exe需要的是adb驱动; 手机上有/sbin/adbd和/system/bin/adb,从文件创建时间来看是系统安装的时候就有的 所以对于一个新手机来说,手机开启USB调试并在随后点击“信任”,PC装好驱动,执行解压的adb.exe即可,如需执行su则手机需root 后记2: adb shell进入手机后su,tcpdump -D显示设备,手机连接wifi或开启wifi热点时会出现wlan0,开启cellular connection时会出现rmnet0,手机开启USB热点时会出现rndis0 后记3: Windows下通过adb进入手机安装busybox(集成多个linux基础命令,比Android自带toolbox强大),执行ls和vi时会乱码,ls会在文件名前后出现乱码,alias ls='ls --color=never'禁止颜色后正常,但vi也是乱码,更好的解决方法是更换终端,用putty替代powershell或cmd,putty设置IP为127.0.0.1端口5037(具体端口需netstat查看,第一个连接默认5037),模式为raw,开启putty前先查看进程确保adb服务开启,没开启的话可执行adb任一命令如adb devices来开启服务,putty回车后输入0012host:transport-usb回车返回OKAY(注意输入时不能有其他字符包括删除、上下左右等),继续输入0006shell:后回车即进入shell,后面的操作和linux环境一样;或者用针对adb优化过的putty,模式选择adb,主机填transport-usb,(也可通过wifi连接,手机adbd打开监听默认端口5555,PC上的server默认监听5037,客户端putty或adb连上PC服务同时PC服务连接手机:5555,网上相关教程很多,但考虑到手机续航能力以及现有诸多app的完善,更重要的是安全隐患,还是usb靠谱),原帖网址:http://forum.xda-developers.com/showthread.php?t=803223以下是其中的节选: We all know that running "adb shell" from the command line is pretty crap, and when using a latter busybox version which has coloring support it's ultimately crap. One workaround was usually to start a telnet server on the phone, and use putty to connect to that telnet server. Actually there is a more easier way to do that which also works for non rooted phones. Actually the Android Debug Bridge has a terminal connection feature (roughly speaking), which will be enabled after you connect to the adb server in "0006shell:" mode. You can actually use the putty to connect to this interface always, by setting the following things: - Turn off line discipline in settings - Use RAW mode to connect to localhost:5037 - Enter "0012host:transport-usb" (without quotes) - Enter "0006shell:" (without quotes) Now you've got a full fledged connection to your device. The main drawback is that it's tedious to repeat the above all the time, so I've made some modifications to the putty binary that adds a new type of connection, called "Adb" To use the enhanced putty (via USB): - Select Adb from the connection type list - Enter "transport-usb" in the host (or any other connection string, check the adb socket interface documentation if you need something else than connecting via usb) - Enter 5037 as port, if it's not already set there. - Connect and enjoy (you might also save this connection, so next time you only have to double-click on the settings) To use this via wireless adb: - Connect to wireless adb using a command shell: "adb connect IP:PORT" (substitute ip and port for the real values) - Enter "transport-any" in the host - Enter 5037 as port if it's not already set there - Connect and enjoy To use this via the android emulator: - Enter "transport-local" in the host. Everything else is the same If you have multiple devices (for example multiple devices connected to usb and/or wileressly) - Enter "transport:serial-number" in the host, where you substitute "serial-number" with the serial of the device you get by using "adb devices". Everything else is the same. DL and source: http://github.com/sztupy/adbputty/downloads 后记4: 最近发现安装wireshark时有一个androiddump默认没选,重新选中安装后,居然可以实时跟踪手机包:1. 手机连上电脑并打开USB调试;2. adb需启动;3. 打开wireshark界面自动显示Android的几个相关interfaces,选中即可进行跟踪 参见:https://www.wireshark.org/docs/man-pages/androiddump.html

Labels: , , ,

Sunday, February 7, 2016

修改Android系统/system/etc/hosts文件

相关知识: 修改hosts文件可在一定程度上应对GFW,手机Android系统也一样 win7下的hosts文件在C:\Windows\System32\drivers\etc Linux下的hosts文件在/etc/hosts 而Android的hosts文件则在/system/etc下面(注意文件编码为Unix:vi中set fileformat=unix),如何修改? 方法: 可直接root手机之后用文件浏览器如RE-Root Explorer去操作替换文件,也可以连接到电脑使用adb(Android Debug Bridge)去操作,Linux里面可以直接安装adb但是Windows下面没找到直接安装的,在Android的官网需先安装Android SDK再在里面在线下载最新版的platform-tools其中就包括adb,而Android SDK又需要安装Java,太麻烦,于是直接利用刷机精灵自带的adb小工具,点进去出来一个命令行,可以直接运行adb命令,仔细一看,是adb.bat文件,里面显示实际执行的是shuame_helper.exe,直接进入powershell或cmd执行shuame_helper.exe也可;需要注意的是adb无需手机root但有些操作需要,所以最好先root; 具体过程: PC上执行的adb这个命令可直接在手机Android系统和PC之间传送文件,前提是具备相关读写权限; adb help显示帮助; adb devices显示连接到PC具体是哪些设备‘ adb remount 比较怪的是有时/system挂载成只读,帮助里面说执行adb remount后挂载为读写(实际执行后并没作用); adb pull 从Android系统拖文件过来,实际可行; adb push 推送文件到Android系统(实际执行的时候提示没有权限,或者只读系统); adb shell 这个很有用,直接进入手机Android系统里面操作,可以看成是Linux变种,很多命令没有,没关系,想办法操作,现在PC上准备好hosts文件放到SD卡上,然后adb shell进入Android系统再su进入root用户,执行操作,包括删除rm、新增touch等均提示只读系统,而前一次手机连接都可以,比较怪异,于是mount显示/system挂载点,然后 mount -rw -o remount 挂载点 /system 执行完成后,对/system有读写权限 下一步执行: mv /storage/extSdCard/文件名 /system/etc/文件名 移动过来后所属用户root,但所属组有问题,chgrp提示没有,于是touch一个文件,用户和组均为root,chmod和原root一样,再cat 文件 > 新文件,这样新文件除了名字之外的用户权限、所属用户、所属组均和原hosts一样,下一步删除hosts,改名新文件为hosts,OK,直接打开https://www.google.com/ncr 最后恢复手机/system的权限为最初的只读:mount -r -o remount 挂载点 /system,执行完毕后mount命令显示和最初一样:ro只读,保险起见再重启手机,结束 后记: adb是一个终端程序,其实也可使用其他的terminal access programs终端访问程序(手机上的app),达到同样的效果 后记2: PC直接装好驱动,和adb,手机打开USB调试并信任PC,则可直接进入手机命令行,手机root后可执行su

Labels: , , ,

Monday, February 1, 2016

MSTP双向TCP传输出现单向达不到理论值的问题

MSTP电路,以太网层,环路测正常,双向UDP传输正常,但TCP传输单向达到,双向同时进行的时候一个方向可以另一个方向达不到 由于TCP需要ACK再继续,当单向达到10M时,单板缓存如果不够大,会导致数据被丢弃,这其中会包含ACK数据,另一个方向的速率自然上不去 怎么办?华为单板缓存出厂的时候固定的,只能更换板卡,或者客户端路由器更换为支持QoS--优先发送ACK 后记: 通过这几天的测试结果,两端接入端口所在板卡的缓存对测试结果影响较大,原有20K多的缓存更换为两三倍大小的缓存后双向同时进行吞吐量接近带宽值; 另一个就是端口模式,中间一个对接的地方一边自适应,一边百兆全双工,结果双向 同时进行的时候有一个方向流量极小,全更改为自适应之后协商结果为百兆全双工,测试结果是双向同时进行,两个方向吞吐量都能达到带宽值; 第三个影响因素是应用软件的设置,用HFS(http file server)双向OK,但用iperf不行,其实iperf有太多参数需要设置:窗口大小、线程数、缓存大小等等;另外对于不同的应用层软件(如Linux下wget和curl),在负载较大情况下收发数据的处理算法、突发流量的处理算法,我想也是影响因素; 后记2: 中间某个节点端口模式由100M全双工调整为自适应之后,协商结果为100M全双工,再测试则本地双向同时能到额定带宽(之前双向同时的话有一边几乎没速度)

Labels: