Evil Eval()

Post by: on June 4th, 2009 | Filed Under Annoyances, Cryptography, Linux, Stupidity

I just threw the new theme on my website and was poking around making tweaks this afternoon. I wanted slightly different colors, wanted to make the picture look cooler, maybe edit the footer to change the whole "Made by" to me, and give credit for being based on the theme I based it on. However, upon opening the footer.php, I found a very weird comment:

 
/* V8 - WARNING: This file is protected by copyright law.
To reverse engineer or decode this file is strictly prohibited. */
 

Well that's weird, because in the style.css we read:

/*The CSS, XHTML and design is released under GPL*/

(Side note, if you don't know what we mean by GPL, check out their site.)

No, they don't say PHP in there, however I read that (because 'design' is included) as "This theme is GPL'd". Poking around their website, I see no mention that you're required to keep any part of the theme the same.

If we read past the warning about reverse engineering, we see why they included it, a nasty big base64 encoded blob, then an eval command. Pastebin paste is here.

This piqued my interest, as I can think of very few legitimate reasons to do such obfuscation, or why there should be so much (footer.php is 47kb!). My initial thought was that I'd opened a backdoor into my site, with lesser thoughts to them being able to push random stuff into my footer (the last way I was infected), and finally just trying to control the links on the bottom of the page so that even if I were to edit their theme (as is my right under the GPL) I couldn't take credit for it myself, they'd always have credit for it. None of those sat right with me, so I hit up the local IRC channel, and we started puzzling.

Read More »

Comments (5 responses so far)

Bluetooth Device Lookup

Post by: on November 22nd, 2007 | Filed Under Bluetooth, Linux, Perl, Programming, Security

Happy Thanksgiving! I'm spending the break catching back up on the state of Bluetooth security because, hey, I love the subject. Everyone has a phone with Bluetooth, just about, and many overlook it as a security hole because they feel there's nothing insidious that can be done with just replacing wires with some radio broadcasts. I'll give a quick rundown on how to get Bluetooth working under Linux, then the software I use, and finally give a tool I wrote watching the Dallas Game to speed up identification of Bluetooth devices.
Read More »

Comments (No responses yet)

Battlefield 2 Maplist Generation

Post by: on November 12th, 2007 | Filed Under Games, Linux

As evidenced by my last post, I'm playing with a BF2 dedicated server on a daily basis. part of that is me and a roommate finding cool maps and adding them into our rotation. For the last weekish all we have played is Allied Intent Extended because it adds a LOT to an already good game. I went back to the mod's website today and grabbed a bunch of map packs that the dev team had put out, about 16 new maps, to be exact. After tossing these into my dedicated server's AIX directory I decided I did not want to add all of them into my maplist by hand. This would be picking out each new map, and then writing "maplist.append [mapname] [map-type] [max-players]" 16 times. Instead I cooked up a quick perl script that any BF2 server admin can use to make quick maplists. It should be run in the directory of a mod's levels, somewhere like [base-dir]/mods/aix/levels.
Read More »

Comments (No responses yet)

Battlefield 2 Dedicated Server Tricks

Post by: on November 8th, 2007 | Filed Under Games, Linux

I've been sick the past couple of days which means I've been frustrated that my brain is firing on all cylinders. When I'm sick I try to keep my brain working via coding or the like, so after I knocked out a lil script to help a math professor prove some mathy thing I didn't understand, I turned to the Battlefield 2 (BF2 from here on out) server I run for my house. Thankfully EA/Dice has an official Linux dedicated server that is easy to set up and customize, unfortunately not all mods return the favor. I'll quickly go through setting up the official server, then customizing it, and if I can get it running myself, the Nations at War 5.1 server!
Read More »

Comments (No responses yet)

Linux LoveCD

Post by: on February 12th, 2007 | Filed Under Hacking, Interests, Linux

Last year I had a fairly, bleh, Valentine's day post. It was rushed, poorly done, and all over the place. This year, this year is different. You may notice that this is BEFORE Valentine's day... that's true. I'm putting this out early, with the same hopes as last year, that some geek out there might score a date for the rest of us! Now, my plan this year, is a personalized Linux LiveCD that I'm calling the LoveCD. So, this post is going to be 10 fun ways to personalize a CD for that special someone (or laptop, in my case).
Read More »

Comments (No responses yet)

Only In Ameri— erm, Russia

Post by: on February 6th, 2007 | Filed Under Annoyances, Digital Rights, Linux, Stupidity

Now here's an interesting story I ran across today. Former Soviet leader Mikhail Gorbachev is asking lowly Bill Gates to "show mercy" to a Russian school teacher, Aleksandr Ponosov, who's being charged with software piracy. Now in this country you might be thinking, "Who cares?" In Mother Russia this crime carries a penalty of up to five years in prison, but a Russian prison in the Urals is a far cry from the nice warm places we've got here. Especially for white-collar criminals.

The story gets better. This poor man, literally, is charged with stealing $10,000 worth of software. There is a good chance he makes as little as $100 a month (judging by comments I've seen from people living in Russia) which shows just how ridiculous Microsoft prices are. This man works for the school, and bought a few computers assuming they were legal. In return, he might spend 5 years in the Gulag (might be an exaggeration, might now be) for trying to help his school.

Ok, and now for the part that really blew my mind. A former world leader begging Bill Gates not to punish this man. How sad is that when a software company gets pleas like this from such (former) powerful men? To this Microsoft supporters who say its not too powerful, please think again. Gorbachev didn't think to go inside his own country to the prosecutors involved, no he went to where the real threat was, Redmond, Washington. Of course Microsoft ducked this plea for help by saying they didn't file civil charges, and this was all Russia's doing. Right, and I'm sure this had nothing to do with it? Filing a bunch of law suits worldwide... and then when one guy wasn't specifically charged you claim you didn't do it. Also, when there's surveys claiming Russia to be the second worst offender of piracy, I find it hard to believe Microsoft wouldn't want in on that.

Hey, I just thought of a solution... everyone chip in, and lets mail a box of Linux distros (some are specifically geared towards education) to Russia, and let them decide which way to go. Spend more than a teachers yearly salary on software, or take this free route and avoid dealing with the evil that is Microsoft.

Comments (No responses yet)

PC versus Mac

Post by: on January 31st, 2007 | Filed Under Annoyances, Digital Rights, Interests, Linux, Stupidity

I hate those new Mac commercials. "Hi I'm a PC, hi I'm a Mac"... ring a bell? I found out (via slashdot) that there's new ones for Britain. I watched 'em, and sure enough its the same stupid argument. PCs are only used for work... too virus ridden, etc. Why is that such a stupid argument? Here goes...
Read More »

Comments (2 responses so far)

SSH Goodness

Post by: on January 25th, 2007 | Filed Under Linux

I have two sets of readers. One that is quite technically competant and I'm learning from, the other that's not as into computers, that just gloss through for my more life applicable posts. This is aimed at those that are in, or would like to be in the first group (not saying only they can read it, but this is gonna be a decently geeky post).

So, I love my desktop. She's a gorgeous machine that is awesome for games, and even better for coding. I've got the better part of a Terabyte of disk space in her, and I've made an investment in keeping all my work and backups connected to her. When I'm home, this is amazing. I've got a frickin huge display for having tons of windows open. If I need to relax I can use Cedega to crank out my favorite games (assuming they don't have native Linux builds). But, big question, what if I'm not home? Traveling? Or... god forbid... on campus for classes? Therein lies SSH!
Read More »

Comments (One response so far)

Ugly But Useful Desktop

Post by: on January 13th, 2007 | Filed Under Linux, Uncategorized

Well, I've decided to show you my ugly desktop, mainly because I don't want to muck around in my xorg.conf any more. You'll note the top and bottom bars on the left side aren't on the top and bottom of the screen, this is because TwinView makes the height of the whole screen the largest height, and just tells the smaller monitor it's using a smaller bit. So, yea, I lose about 400 pixels off my left monitor, but I'll survive. Also, I'm being really lazy right now, so the big screen is my distractions, while only the small one is work. When I'm actually coding seriously those flop so i can get more lines on one screen.

Unproductive Desktop

Comments (No responses yet)

Desktop Twinview complete

Post by: on January 10th, 2007 | Filed Under Linux

Well, just finished (for now) hacking on the xorg.conf for my desktop. I've finally got all the space I desire (current resolution is 3200x1440) for a workspace. Its actually really sweet. Only downside is the method I went about this. I used TwinView, an nvidia only option, which is what makes such a seamless spanning (though by far, not the only option) which seems to be great as I have a nice GeForce card. However, using this option BOTH monitors have the same height... even if only part is displayed on the smaller one. If I had gone with straight dual-head, I could specify the height of each monitor seperately. I may spend a day this weekend hacking towards that end, as I want my desktop switching script to work (pictures get distorted when they're that wide) and, well, I'm only happy when I have things to fix. I'll post my xorg.conf later if I get this to a point where I wanna show off.

Comments (No responses yet)