IPIP tunnel to SLiRP

I know this is what 99.99% of people hope I never do, but let’s make an incredibly insecure VPN! yay!

So the thing is that I have a cisco router and I’d love for it to connect to some Windows machine over an existing OpenVPN, and NAT out the Windows side.  Except for getting the VPN installed, they won’t give me anything else.  And they SURE as heck won’t let me connect a cisco router up…..

So first things first, I need to configure my cisco router for an IPIP tunnel, to my test Windows machine, and use the SLiRP default addresses:

interface Tunnel0
description “SLiRP tunnel”
ip address 10.0.2.15 255.255.255.0
ip mtu 1452
tunnel source GigabitEthernet0/1
tunnel destination 192.168.1.10
tunnel mode ipip
end

Now to start programming.

Well then I went looking and found this fun filled page, about calling winioctl’s myself, and getting winsock to do all kinds of fun things.  Namely how IPIP actually works, as it’s is it’s own protocol (none of that pesky TCP/UDP it’s IPIP!) and more importantly I can receive the traffic.

So looking at a quick UDP client/server I figured out that I can modify that so instead of listening with UDP like this:

if((s = socket(AF_INET , SOCK_DGRAM , 0 )) == INVALID_SOCKET)

I can instead call for a RAW socket, and listen on protocol #4 aka IPIP.

if((s = socket(AF_INET , SOCK_RAW , 4 )) == INVALID_SOCKET)

One caveat I had on this, is that you need to run as Administrator on the Windows machine to create raw sockets.  If you don’t have administrator privleges you’ll get this error:

Could not create socket : 10013socket() failed with error code : 10013

Now add in some nonblocking, and feed the data into SLiRP, and I got invalid data!  Using wireshark I can see that I only receive the IP portion of the data, so no hardware frame, but what is more interesting is that I receive ALL of the IP information so I get the IP+IP+DATA.  So I have to forge a L2 header, and cut out the first IP header.  I did this by cheating, using the following for a L2 header:

0x44,0x8a,0x5b,0x62,0xcb,0xaf,0x00,0x1b,0x90,0x21,0x58,0x1b,0x08,0x00

I then just memcpy that to the start of my buffer, then copy in the rest of the received data like this:

memcpy(buf2+14,buf+20,recv_len-20);

And now I can forge data going to SLiRP to make it happy!

And sending replies didn’t make wireshark happy at all, as there is an L2 header in there, that just doesn’t make sense in L3 space, so I trimmed that with the following:

memcpy(buf,qp->data+14,qp->len-14);

And now much to my amazement I can ping SLiRP from my 7206!

IPIP Ping!

Ok, I know what you are thinking. ICMP is great, but how about TCP?  Can I actually use this thing?

I add a route to my BBS over the SLiRP tunnel, with a simple route statement:

ip route 172.86.181.35 255.255.255.255 10.0.2.2

and then telnet…

Telnet to my BBS over IPIP to SLiRP

So yes, it does actually work!\

I don’t think anyone will ever want to use this, but for me it’s 100% novelty in that I could.

Executable & source code is here, ipip.7z.

Adding some of the GNU 1989 source ‘tapes’ into sourceforge

After scrounging around from an earlier post, on a DECUS mirror that goes back to 1989 I’ve put together the following source tapes:

Quite a list!

I haven’t tried to build any of it, but I figured for the time being, it may be easier to make some tap files for SIMH, and maybe someone else will do the hard work for me.  Or it’ll be a lazy day type thing.

Holy crap did I get the most annoying trojan attempt ever!

Sit down kids, it’s time for an old man rant.

So yeah, I have one of those clients who wants to use ‘one of those’ file sharing sites. UGH.  I swear I’m to the point of just paying for an Office 365 subscription for them so I don’t have to deal with this kind of shit.  So I hit the site on my phone, then it jumps to this genchatu.top site.  Fantastic.

Then I’m alerted that my phone is 28.1% DAMAGED, and somehow my phone’s SIM card will be damaged!  Yes, it’s one of these scam sites!

Wow

Oh no, my phone apparently may be already physically damaged?  I guess this is once someone is tricked by this official Google looking image you’ll want to throw your phone against the wall.  As any user of Android will tell you updates from Google are non existent, and anything that could infect your phone, well is pretty much your problem.  You can beg the vendor, but lol, good luck.

I like to live dangerously, so yeah let’s look at the app.

Ace, alright, more like acehole!

So with this scary and official looking thing it’s trying to railroad you into “Ace Cleaner”  I don’t know how on earth they haven’t either been reported, or knocked out of the app store.  I guess Google is busy teaming up with Facebook trying to figure out how to censor the new appropriately instead of trying to squash actual scam artists.

I honestly haven’t tracked any of these ‘reviews’ to see how many are just idiots, or how many are just ballot stuffers.

Yeah, it’s a scam.

 

No backing away!

And of course you can’t just back away from the page, you get this nice thing along with something in java script that gets your phone to buzz and light up.  Thanks Google!  That’ll never get abused like the blink tag!

You have to be kidding me

Oh no, I’ve been threatened to be blocked.

How bad can this crapware be?

Oh dear.  From the application page, let’s take a look:

Version 1.1.9 can access:
Device & app history
  • retrieve running apps
  • read your Web bookmarks and history

So they know what you are running, and what bookmark’d sites you like.

Identity
  • find accounts on the device

They know WHO you are.

Contacts
  • find accounts on the device

They know WHO you KNOW.

Phone
  • read phone status and identity
Photos/Media/Files
  • access USB storage filesystem
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage

Storage

  • read the contents of your USB storage
  • modify or delete the contents of your USB storage

If you have any USB attached device, (flash drive, hard disk…) they can not only READ, but can MODIFY and DELETE the contents.  NICE!

Camera
  • take pictures and videos

I suppose an album of bewildered users would be amusing from time to time.  Also having the phone send videos of them doing various things.

Wi-Fi connection information
  • view Wi-Fi connections

Naturally they want to know about the Wi-Fi AP’s you use.

Device ID & call information
  • read phone status and identity

I guess knowing your phone charge status, and IEME #’s are good to know too.  But wow check out the next laundry list!

Other
  • bind to an accessibility service
  • update component usage statistics
  • read Home settings and shortcuts
  • write Home settings and shortcuts
  • read Home settings and shortcuts
  • write Home settings and shortcuts
  • view network connections
  • read battery statistics
  • send sticky broadcast
  • change network connectivity
  • connect and disconnect from Wi-Fi
  • delete all app cache data
  • expand/collapse status bar
  • control flashlight
  • measure app storage space
  • full network access
  • close other apps
  • run at startup
  • draw over other apps
  • control vibration
  • prevent device from sleeping
  • modify system settings
  • write web bookmarks and history
  • install shortcuts
  • uninstall shortcuts

Read / Write the home page, guess who you’ll be visiting quite often?  Checking out your network, and say if you are somewhere where they want to upload a video, if they KNOW a WiFi network in the area they can have your phone join it, record you, upload it, and drop.  Yeah great!  I also like the drawing over other apps, that way you may THINK you are running another app, but they are just watching what you are doing.  And maybe they’ll pass control down, maybe not.

I suppose it may be fun too if they have a subscription service, to buzz and turn on the camera flash to warn you that you got infected once your subscription lapsed, so you better pay up!

Absolutely deplorable!

Where to go from here?

Seriously how do companies like this survive?  I guess quite well.  I guess I’m just more amazed by Google’s complacency in all of this.  But at the same time they are an ADVERTISING COMPANY, and I’m the product, Android is just the TV programme to get me to watch their annoying ads.  And considering their track record with illegal pharmacies, I guess it really is no surprise.

The truth is that no doubt that this kind of thing is just too profitable.  And people will just fall time and time again for this trap.

Found some more ancient GNU software

I found a bunch of them here: ftp://ftp.ne.jp

CVS brows of the following:

I didn’t know that GNUmake 2.9 and prior was actually part of binutils.  I guess at some point I’ll build the older ones on 4.2 BSD to round out the experience.

And I don’t know where to find Emacs 18.41 and going further back.  Although I did find emacs1855.taz a DECUS (Digital Equipment Computer Users’ Society) image from late 1989.

Building and using GCC 0.9 aka the first public version

In my quest for old software, I’ve seen this file in multiple searches, gcc-0.9.tar.bz2, which is the first version of GCC!

article from virtuallyfun.superglobalmegacorp.com

GCC 0.9 on SIMH VAX / 4.2BSD

GCC 0.9 on SIMH VAX / 4.2BSD

From the original announcement:

 Date: Sun, 22 Mar 87 10:56:56 EST
From: rms (Richard M. Stallman)

   The GNU C compiler is now available for ftp from the file
/u2/emacs/gcc.tar on prep.ai.mit.edu.  This includes machine
descriptions for vax and sun, 60 pages of documentation on writing
machine descriptions (internals.texinfo, internals.dvi and Info
file internals).

   This also contains the ANSI standard (Nov 86) C preprocessor and 30
pages of reference manual for it.

   This compiler compiles itself correctly on the 68020 and did so
recently on the vax.  It recently compiled Emacs correctly on the
68020, and has also compiled tex-in-C and Kyoto Common Lisp.
However, it probably still has numerous bugs that I hope you will
find for me.

   I will be away for a month, so bugs reported now will not be
handled until then.

   If you can’t ftp, you can order a compiler beta-test tape from the
Free Software Foundation for $150 (plus 5% sales tax in
Massachusetts, or plus $15 overseas if you want air mail).

   Free Software Foundation
1000 Mass Ave
Cambridge, MA  02138

[tapes are generally in Unix tar format.  If you have other needs,
write to the above address, and ask if they can be met. -len]

And indeed, the files are dated 22/03/1987 making this the first public release of GCC.

GNU CC is a fairly portable optimizing C compiler intended for
machines with 32-bit words that have several registers and address
memory in terms of 8-bit bytes.  It supports full ANSI standard C, not
including libraries (which we do not consider to be part of a
compiler).
Currently we have working machine descriptions for the Vax and for
the 68000/68020 (including 68881 support).
Optimizations performed by GNU CC include:

  • Invariant code motion out of loops.
  • Common subexpression elimination.
  • Automatic register packing (register declarations are unnecessary
    and ignored).
  • Constant propagation and elimination of consequent dead code.
  • Copy propagation.
  • Elimination of dead stores.
  • Jump optimization including cross-jumping.
  • Delaying of stack adjustments after function calls.
  • Arithmetic performed in subword types when appropriate.
  • Many local optimizations.

GNU CC runs about as fast as PCC.
Most of the optimizations are machine-independent or controlled by a
machine description.  GNU CC takes advantage of all the 68020
addressing modes that we can see how to make the Sun assembler
assemble.  Debugging output for DBX is available whether you request
optimization or not.

Seeing as 4.3BSD didn’t ship until 1988, I went ahead and set out to build this on 4.2BSD. The first stumbling block I hit is that GCC needs bison.  The oldest version of bison I have is 1.25 which honestly is just too new!  However in the same location as GCC is this file gnu1988.tar.bz2 which contains all of the current GNU software of 1988!  And what is on that tape?

  • bison-1.00
  • gcc-1.21
  • gdb-2.5.1
  • gplusplus-1.21
  • libgplusplus

So this is probably as old as it is going to get, so I downloaded and went to compile bison, however getopt is a missing call!  A creative search found getopt.c and even better PCC liked it enough to get a running bison so I could then configure GCC.

Configuring GCC is a manual process, but not too involved:

  • Make a symbolic link from file `config.h’ to the top-level
    config file for the machine you are using. Its name should be
    `config-MACHINE.h’. This file is responsible for
    defining information about the host machine. It includes
    `tm.h’.
  • Make a symbolic link from `tm.h’ to the machine-description
    macro file for your machine (its name should be
    `tm-MACHINE.h’).
  • Make a symbolic link from `md’ to the
    machine description pattern file (its name should be
    `MACHINE.md’)
  • Make a symbolic link from
    `aux-output.c’ to the output-subroutine file for your machine
    (its name should be `MACHINE-output.c’).Make sure the Bison parser generator is installed.Build the compiler. Just type `make’ in the compiler directory.

And in a minute I had GCC compiled.  I ran it with -v and got this output:

# gcc -v
ld /lib/crt0.o -lc
Undefined:
_main

It really is nowhere near as featured as 1.21 that is for sure!  So time to do a simple hello world program:

# cat hello.c
#include <stdio.h>
void main(){
printf(“GCC 0.9 in action!\n”);
}
# gcc -v hello.c -o hello
cpp -Dvax hello.c /tmp/cc002050.cpp
cc1 /tmp/cc002050.cpp -quiet -dumpbase hello.c -noreg -o /tmp/cc002050.s
as -o hello.o /tmp/cc002050.s
ld -o hello /lib/crt0.o hello.o -lc
# ./hello
GCC 0.9 in action!

And there we go!

I don’t know why, but I haven’t seen anything about anyone actually running GCC 0.9.  Or even where or how they found this ‘lost’ file.  Let alone anyone even building or running it in 2016.

For anyone who wants to try, SIMH tape files of the binaries are here:

And of course source tapes are here.

More idiots stealing my posts

So I just had made a nonsensical post on “Linux Apache GCC binutils elf .com a.out binary loader blob freedom Ralph Nader for president” and sure enough codesec.net picked it up

codesec.net theivery in progress

codesec.net theivery in progress

Usually they say that thievery is the highest compliment, but dam how about a reference back to the original?

To me the ultimate worst is how they butcher the content.

codesec.net how lame!

codesec.net how lame!

They capture none of the formatting, none of the love.  Instead they just scoop and poop content.

It’s really not such a red flag, I mean They don’t copy everything so they miss so much, and of course now it just means I need to inject some obnoxious title, and you can view the rest and much more @ superglobalmegacorp.com nonsense.. I don’t worry so much about page views, but rather I think the serendipity of additional topics and page views is what I end up losing.  Again it’s not that I advertise, I spend some $20 USD a month on a dedicated Iron server to run my blog on, but rather for me it is the conversation, and further engagement in comments that make it all worth while.

To me community engagement is the real currency.  And my endless blathering is the honey trap.

Ha ha.  Anyways I have more stuff to write on, not as naval gazing as this, but I did want someone else to write the magical words Ralph Nader for president.

myron

Myron Reducto – Ralph Nader for President

Adding virtual disks to User Mode Linux

Running out of disk space

Well my good ‘friend’ with their inappropriately provisioned Linux VPS  that runs UML (User Mode Linux) inside of it, ran into an issue where he needed to add a second virtual disk device.

Creating the disk file is no big issue, adding a whopping 1GB is pretty simple!

Using the ‘dd’ command it is trivial to make a 1GB file like this:

dd if=/dev/zero of=node1_swap.ubda bs=1M count=1024

And then just append it to the script that they are using to run the UML:

/virtual/kernel ubda=/virtual/node1.ubda mem=384M eth0=slirp,,/virtual/sl1.sh

to this:

/virtual/kernel ubda=/virtual/node1.ubda ubdb=/virtual/node1_swap.ubda mem=384M eth0=slirp,,/virtual/sl1.sh

Of course the real fun comes from trying to find the devices.  Having to dig around I found that the device major is 98 for the UBD’s and that they incrament by 16, so that the first 3 devices are as follows:

mknod /dev/ubda b 98 0
mknod /dev/ubdb b 98 16
mknod /dev/ubdc b 98 32

Adding to that, you can partition them, and then they break out like this:

mknod /dev/ubda1 b 98 1
mknod /dev/ubda2 b 98 2
mknod /dev/ubda3 b 98 3
mknod /dev/ubdb1 b 98 17
mknod /dev/ubdb2 b 98 18

You get the idea.

With the disk added you can partition the ubd like a normal disk

node1:~# fdisk /dev/ubdb

Command (m for help): p

Disk /dev/ubdb: 1073 MB, 1073741824 bytes
128 heads, 32 sectors/track, 512 cylinders
Units = cylinders of 4096 * 512 = 2097152 bytes

Device Boot Start End Blocks Id System
/dev/ubdb1 1 245 501744 83 Linux
/dev/ubdb2 246 512 546816 82 Linux swap / Solaris

etc etc.  And yes, you can then format, mount and all that.

First let’s setup the swap:

mkswap /dev/ubdb2
swapon /dev/ubdb2

Now let’s format the additional /tmp partition

node1:~# mke2fs /dev/ubdb1
mke2fs 1.40-WIP (14-Nov-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
125488 inodes, 501744 blocks
25087 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67633152
62 block groups
8192 blocks per group, 8192 fragments per group
2024 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409

Writing inode tables: done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 24 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.

Now adding the following to the /etc/fstab so it’ll automatically mount the /tmp directory and add the swap:

/dev/ubdb1 /tmp ext2 defaults 0 0
/dev/ubdb2 none swap defaults 0 0

Now he’s got a dedicated swap partition, and a separate /tmp filesystem.

LibVNCServer + UAE

UAE over VNC

UAE over VNC

I’m starting with a much older version of UAE, as I wanted something basic to start with.  I’ve wanted to do this for a while, but finally today I sat down with an ancient version of LibVNCServer 0.7, that doesn’t require me to spend hours tracking down all the cmake dependencies and other stuff, instead I could waste the day doing what I wanted to do, which was to remove the SDL display from UAE 0.4, and set it up so I can connect to it remotely.

I’ve always wanted to make some kind of multi-user server out of some stuff, and after seeing how some people do some crazy container bridge to do something like Basilisk II to X11 to VNC, out to some HTML5 viewer, I think it may be easier to just bake the VNC component directly into the emulator, almost in the way that Qemu does it, however for now I’m going to usurp the SDL code I added entirely.

It may be fun to also try something like DooM, and or Quake/QuakeWorld/Quake II.. But for me at least, this was the first big step.

More works needs to be done before I share it though, things like keyboard, and mouse input.  Also it seems to crash from time to time while either disconnecting or connecting the VNC client.  Naturally it runs best under GDB ……..

More uselessness….

video reverse?

video reverse?

Found EMX 0.8b

While cruising archive.org, I found this CD-ROM image, “OS/2 Archive CD-ROM Walnut Creek May 1992“, which included the following zoo files:

05/05/1992 09:46 AM 144,272 EMXDEV.ZOO
05/05/1992 09:44 AM 167,809 EMXINFO.ZOO
05/05/1992 09:46 AM 101,132 EMXLIB.ZOO
05/05/1992 09:46 AM 19,266 EMXTEST.ZOO
05/05/1992 09:46 AM 586,285 GNUDEV.ZOO
05/05/1992 09:40 AM 78,575 GNUPAT.ZOO
05/05/1992 09:41 AM 138,891 GNUSRC1.ZOO
05/05/1992 09:41 AM 184,671 GNUSRC2.ZOO
05/05/1992 09:45 AM 1,044,875 GNUSRC3.ZIP
05/05/1992 09:43 AM 1,015,692 GNUSRC3.ZOO
05/05/1992 09:42 AM 505,127 GNUSRC4.ZOO
05/05/1992 09:45 AM 3,178 README.DOC

And from the readme, the release is from Feburary of 1992.  Keeping in mind the GA release of OS/2 2.0 was released in April of 1992.

EMX 0.8b INTRODUCTION 22-Feb-1992

Welcome to emx, a common environment for creating 32-bit programs for OS/2 2.0
and MS-DOS. You can use the GNU C compiler to compile programs for EMX.

Included in the emx package are:

  • emx.dll dynamic link library for OS/2 2.0
  • emx.exe DOS extender for running 32-bit programs under MS-DOS
  • emxbind.exe for creating .exe files which work both under OS/2 2.0 and
    MS-DOS
  • C header files and a nearly complete C library, including source

Additionally, the following GNU programs are available compiled and with
sources (note that these files are not part of EMX):

  • gcc, the GNU C compiler
  • gas, the GNU assembler
  • gdb, the GNU debugger
  • ld, the GNU linker
  • ar, nm, size, strip, objdump: some GNU utilities for dealing with binary
    files
  • Patched source for gcc, gas, gdb, ld, ar, nm, size, strip, objdump. You can
    compile all these programs with the files that come with emx (but you also
    need a make utility, such as NMAKE)

So this pretty much sums it up.  I went ahead and extracted the ZOOs and placed a copy on my site: emx08b_extracted.7z  Although I don’t think anyone really cares about ancient versions of GCC on OS/2.