https://www.zx2c4.com/ {{{ ZX2C4 | Jason A. Donenfeld }}} en-US Copyright 1996-2021 Jason A. Donenfeld. All Rights Reserved. https://www.wireguard.com/gsoc/ https://www.wireguard.com/gsoc/ Mon, 19 Feb 2018 15:55:21 +0100 <p>WireGuard is <a href="https://www.wireguard.com/gsoc/">participating in Google Summer of Code 2018</a>. If you're a student — bachelors, masters, PhD, or otherwise — who would like to be funded this summer for writing interesting kernel code, studying cryptography, building networks, making mobile apps, contributing to the larger open source ecosystem, doing web development, writing documentation, or working on a wide variety of interesting problems, then this may be appealing. You'll be mentored by world-class experts, and the summer will certainly boost your skills. <a href="https://www.wireguard.com/gsoc/">Details are on this page</a> — simply contact the WireGuard team to get a proposal into the pipeline. https://www.wireguard.com/ https://www.wireguard.com/ Mon, 04 Jul 2016 23:29:22 +0200 <p><a href="https://www.wireguard.com/"><img src="https://www.wireguard.com/img/wireguard.svg" width="90%" border="0"></a></p> <p>After quite a bit of hard work, I've at long last launched <a href="https://www.wireguard.com/">WireGuard</a>, a secure network tunnel that uses modern crypto, is extremely fast, and is easy and pleasurable to use. You can read about it at the website, but in short, it's based on the simple idea of an association between public keys and permitted IP addresses. Along the way it uses some nice crypto trick to achieve it's goal. For performance it lives in the kernel, though cross-platform versions in safe languages like Rust, Go, etc are on their way.</p> <p>The launch was wildly successful. About 10 minutes after I ran <code>/etc/init.d/nginx restart</code>, somebody had already put it on Hacker News and the Twitter sphere, and within 24 hours I had received 150,000 unique IPs. The reception has been very warm, and the <a href="https://lists.zx2c4.com/mailman/listinfo/wireguard">mailing list</a> has already started to get some patches. Distro maintainers have stepped up and packages are being prepared. There are currently <a href="https://www.wireguard.com/install/">packages</a> for Gentoo, Arch, Debian, and OpenWRT, which is very exciting.</p> <p>Although it's still experimental and not yet in final stable/secure form, I'd be interested in general feedback from experimenters and testers.</p> <p><img src="https://www.wireguard.com/img/walkthrough.gif"></p> https://www.edgesecurity.com/ https://www.edgesecurity.com/ Tue, 10 May 2016 16:48:50 +0200 <p>I've just launched a website for my new information security consulting company, <a href="https://www.edgesecurity.com/">Edge Security</a>. We're expert hackers, with a fairly diverse skill set and a lot of experience. I mention this here because in a few months we plan to release an open-source kernel module for Linux called <a href="https://www.wireguard.com/">WireGuard</a>. No details yet, but keep your eyes open in this space.</p> https://git.zx2c4.com/hasplib/about/ https://git.zx2c4.com/hasplib/about/ Sun, 06 Mar 2016 14:10:12 +0100 <h1>Hasp HL Library</h1> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>git clone https://git.zx2c4.com/hasplib </pre></div> <p>The Hasp HL is a copy protection dongle that ships horrible closed-source drivers.</p> <p>This is a very simple OSS library based on <code>libusb</code> for accessing MemoHASP functions of the Hasp HL USB dongle. It currently can view the ID of a dongle, validate the password, read from memory locations, and write to memory locations.</p> <p>This library allows use of the dongle <strong>without any drivers</strong>!</p> <h2>API</h2> <p>Include <code>hasplib.h</code>, and compile your application alongside <code>hasplib.c</code> and optionally <code>hasplib-simple.c</code>.</p> <h3>Main Functions</h3> <p>Get a list of all connected dongles:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>size_t hasp_find_dongles(hasp_dongle ***dongles); </pre></div> <p>Login to that dongle using the password, and optionally view the memory size:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>bool hasp_login(hasp_dongle *dongle, uint16_t password1, uint16_t password2, uint16_t *memory_size); </pre></div> <p>Instead of the first two steps, you can also retreive the first connected dongle that fits your password:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>hasp_dongle *hasp_find_login_first_dongle(uint16_t password1, uint16_t password2); </pre></div> <p>Read the ID of a dongle:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>bool hasp_id(hasp_dongle *dongle, uint32_t *id); </pre></div> <p>Read from a memory location:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>bool hasp_read(hasp_dongle *dongle, uint16_t location, uint16_t *value); </pre></div> <p>Write to a memory location:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>bool hasp_write(hasp_dongle *dongle, uint16_t location, uint16_t value); </pre></div> <p>Free the list of dongles opened earlier:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>void hasp_free_dongles(hasp_dongle **dongles); </pre></div> <p>Free a single dongle:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>void hasp_free_dongle(hasp_dongle *dongle); </pre></div> <h3>Simple Functions</h3> <p>The simple API wraps the main API and provides access to a default dongle, which is the first connected dongle that responds to the given passwords. It handles dongle disconnects and reconnections.</p> <p>Create a <code>hasp_simple *</code> object for a given password pair:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>hasp_simple *hasp_simple_login(uint16_t password1, uint16_t password2); </pre></div> <p>Free this object:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>void hasp_simple_free(hasp_simple *simple); </pre></div> <p>Read an ID, returning 0 if an error occurred:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>uint32_t hasp_simple_id(hasp_simple *simple); </pre></div> <p>Read a memory location, returning 0 if an error occurred:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>uint16_t hasp_simple_read(hasp_simple *simple, uint16_t location); </pre></div> <p>Write to a memory location, returning its success:</p> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>bool hasp_simple_write(hasp_simple *simple, uint16_t location, uint16_t value); </pre></div> <h2>Licensing</h2> <p>This is released under the GPLv3. See <code>COPYING</code> for more information. If you need a less restrictive license, please contact me.</p> https://git.zx2c4.com/ctmg/about/ https://git.zx2c4.com/ctmg/about/ Tue, 23 Feb 2016 17:07:53 +0100 <h2><code>ctmg</code> - extremely simple encrypted container system</h2> <p><code>ctmg</code> is an encrypted container manager for Linux using <code>cryptsetup</code> and various standard file system utilities. Containers have the extension <code>.ct</code> and are mounted at a directory of the same name, but without the extension. Very simple to understand, and very simple to implement; <code>ctmg</code> is a simple bash script.</p> <h3>Usage</h3> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>Usage: ctmg [ <span style="color: #008800; font-weight: bold">new</span> | delete | open | close | list ] [<span style="color: #008800; font-weight: bold">arguments</span>...] ctmg <span style="color: #008800; font-weight: bold">new</span> container_path container_size[units_suffix] ctmg delete container_path ctmg open container_path ctmg close container_path ctmg list </pre></div> <p>Calling <code>ctmg</code> with no arguments will call <code>list</code> if there are any containers open, and otherwise show the usage screen. Calling <code>ctmg</code> with a filename argument will call <code>open</code> if it is not already open and otherwise will call <code>close</code>.</p> <h3>Examples</h3> <h4>Create a 100MiB encrypted container called "example"</h4> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>zx2c4@thinkpad ~ $ ctmg create example 100MiB [#] truncate -s 100MiB /home/zx2c4/example.ct [#] cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --batch-mode luksFormat /home/zx2c4/example.ct Enter passphrase: [#] chown 1000:1000 /home/zx2c4/example.ct [#] cryptsetup luksOpen /home/zx2c4/example.ct ct_example Enter passphrase for /home/zx2c4/example.ct: [#] mkfs.ext4 -q -E root_owner=1000:1000 /dev/mapper/ct_example [+] Created new encrypted container at /home/zx2c4/example.ct [#] cryptsetup luksClose ct_example </pre></div> <h4>Open a container, add a file, and then close it</h4> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>zx2c4@thinkpad ~ $ ctmg open example [#] cryptsetup luksOpen /home/zx2c4/example.ct ct_example Enter passphrase for /home/zx2c4/example.ct: [#] mkdir -p /home/zx2c4/example [#] mount /dev/mapper/ct_example /home/zx2c4/example [+] Opened /home/zx2c4/example.ct at /home/zx2c4/example zx2c4@thinkpad ~ $ echo &quot;super secret&quot; &gt; example/mysecretfile.txt zx2c4@thinkpad ~ $ ctmg close example [#] umount /home/zx2c4/example [#] cryptsetup luksClose ct_example [#] rmdir /home/zx2c4/example [+] Closed /home/zx2c4/example.ct </pre></div> <h3>Installation</h3> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>$ git clone https://git.zx2c4.com/ctmg $ <span style="color: #003388">cd</span> ctmg $ sudo make install </pre></div> <p>Or, use the package from your distribution:</p> <h4>Gentoo</h4> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span># emerge ctmg </pre></div> https://git.zx2c4.com/git-daemon-dummy/about/ https://git.zx2c4.com/git-daemon-dummy/about/ Tue, 23 Feb 2016 03:35:13 +0100 <h1>Git Daemon Dummy: 301 Redirects for <code>git://</code></h1> <p>With the wide deployment of HTTPS, the plaintext nature of <code>git://</code> is becoming less and less desirable. In order to inform users of the <code>git://</code>-based URIs to switch to <code>https://</code>-based URIs, while still being able to shut down aging <code>git-daemon</code> infrastructure, this <code>git-daemon-dummy</code> is an extremely lightweight daemon that simply provides an informative error message to connecting <code>git://</code> users, providing the new URI.</p> <p>It drops all privileges, <code>chroot</code>s, sets <code>rlimit</code>s, and uses <code>seccomp-bpf</code> to limit the amount of available syscalls. To remain high performance, it makes use of <code>epoll</code>.</p> <h3>Example</h3> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>zx2c4@thinkpad ~ $ git clone git://git.zx2c4.com/cgit Cloning into &#39;cgit&#39;... fatal: remote error: ****************************************************** This git repository has moved! Please clone with: $ git clone https://git.zx2c4.com/cgit ****************************************************** </pre></div> <h3>Installation</h3> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>$ git clone https://git.zx2c4.com/git-daemon-dummy $ <span style="color: #003388">cd</span> git-daemon-dummy $ make $ ./git-daemon-dummy </pre></div> <h3>Usage</h3> <div style="background: #ffffff"><pre style="line-height: 125%"><span></span>Usage: ./git-daemon-dummy [OPTION]... -d, --daemonize run as a background daemon -f, --foreground run in the foreground (default) -P FILE, --pid-file=FILE write pid of listener process to FILE -p PORT, --port=PORT listen on port PORT (default=9418) -h, --help display this message </pre></div>