nxfury

Musings of a *Nix Nerd

So you've got a nice fresh OpenBSD install on your laptop, and you're excited to use it. However the desktop environment it comes with is absolutely horrifying to use. Following up from the installation of OpenBSD found on This Blog Post, it is time to tweak out OpenBSD to have a nice and custom desktop tailored to your needs.

I will be configuring i3 window manager, although the setup process for a more well-known desktop environment (like GNOME or XFCE) is very similar in terms of setup.

Since I opted for i3, there's a lot more manual configuration- but the reward is much greater in terms of the ability to customize it. Anyways, this machine doesn't configure itself- so lets dive right in!

Installing Required Software

I wanted for a somewhat custom look, so this is what I set out to install:

  • i3-gaps
  • i3status
  • rofi
  • rxvt-unicode
  • chromium (yes, it's modded by the developers)
  • irssi
  • w3m
  • vim
  • openbsd-backgrounds (because it contains the xwallpaper app)

To install these, I logged in as root and ran the following command in the terminal (once connected to internet):

pkg_add i3-gaps i3status rofi rxvt-unicode chromium irssi w3m vim openbsd-backgrounds

With this completed and out of the way, configuration of the OS is now much easier and we're ready to actually begin configuration.

Read more...

In today's hyper-connected world, it grows increasingly important to have all devices that have an internet connection locked down- not for hiding data but to protect from having day-to-day life completely sabotaged. One may have already locked down their accounts and data about them online, but what if they want to “amp it up” to the next level?

The Problem

It's known that by using Windows or MacOS, you have agreed to Terms of Service that include the upload of their private files to their infrastructure- even if you didn't want it to go on the internet. In Microsoft-Land, this means all your files are scanned and uploaded to Microsoft's infrastructure where they can build a profile on you. Apple happens to engage in similar practices. On top of this, Windows is known for having the most viruses and rootkits in the world while MacOS currently has the record for the most adware in the world. Viruses and rootkits are basically system exploits, while adware is an attack on the web browser, forcing ads to pop up even if you have an ad blocker.

To add further discomfort, the leaks made by ex-CIA/NSA official Edward Snowden from years past verified that there is something called FISA court- a top secret US-based court of law that issues warrants for surveillance. Snowden took huge issues when he learned that the CIA and NSA built this program named XKeyScore, which behaves like a search engine that collects ALL information about people, including private things like Social Security Numbers and text messages. To do this, the FISA courts “rubber-stamped” (and still do) every surveillance request made by the CIA or NSA- allowing them to spy on U.S. Citizens without due process. Nowadays, laws have since been passed where FISA courts are irrelevant and the CIA and NSA can continue to do this.... And if the CIA and NSA are capable of gathering all the info you'd rather keep private, so is the stalker... or the creepy person next door... or the angry ex-husband/ex-wife...

Enter OpenBSD

OpenBSD began in 1995, where the founder Theo De Raadt took issue with the design approach of NetBSD- which traces it's ancestral roots all the way back to the original UNIX from the early 1980's. De Raadt was (and still is) a firm believer in correctness of code, extensive auditing of the code, and extreme levels of security. OpenBSD is widely considered to be the most secure Operating System on the planet, with the most bleeding edge technologies in cryptography and so on- to the point where some countries ban the OS for import even though that's unenforceable thanks to the internet. It is known for having sane and secure defaults in the installation, and several audits of the entire system's source code yearly. They are responsible for the invention of the applications sudo, openssl, libressl, ssh, pf, and pledge(). If familiar with any Linux/Unix command line, it's easy enough to notice that they invented some of the most common protocols utilized in locking down a system.

So let's get this set up on a laptop!

Read more...

Odds are that if you're reading this blog, you own one of these: Router.png

These routers appear like closed-off boxes, with this “firmware” voodoo that you need to download and update it once every few months. However, what if it was possible to take apart a router image and discover how it works? Let's tear the D-Link DWR-956 Router's firmware apart and discover how it works.

Read more...

In the early 1940s during World War 2, a world renowned rock-'n-roll guitarist named Woody Guthrie mustered up the courage to paint a slogan on his guitar, that would forever change the way we view the world and influence many people's views on the subject of free speech. After the publishing of one of his wartime songs, Guthrie painted “THIS MACHINE KILLS FASCISTS” onto his guitar. But Why Would He? Guthrie believed that the battle Freedom of Speech and Censorship was more important than the war between Good and Evil itself. Enough history, why is this viewpoint relevant to society today?

This post is different, I recently downloaded a videogame I remembered playing from several years ago, called Return To Castle Wolfenstein. It's considered to be cult classic game, but I learned it was banned to own or sell in Germany and a couple other countries, due to it's use of the Nazi Swastika. This got me thinking on the topic of censorship as it relates to the world we live in, why hackers should care, and how we can tackle this issue.

Read more...

What is true online? How can you find useful information online? How can you verify the truth of something online? How can you learn more about current events, people or organizations and only get the statistical numbers?

These are legitimate questions, and with the dawn of the “fake news” misnomer, it's increasingly important to know how to search for verifiable, empirical information that can be measured (so you can form your own opinions, instead of believing whatever is the latest fad). Due to this, I personally feel morally obligated to share introductory techniques and tools of the trade of Seeking– gathering useful and actionable information.

This blog post is dedicated to Francesco Vianello (1952-2009). May you continue to rest in peace, and may your wisdom continue to be useful to us all.

Getting Started

Before we begin to do some deep digging, we'll need to have a few programs at the ready. You MUST have a text editor, a way to edit spreadsheets, and Tor Browser. Tor Browser is important because it becomes harder to track your current location, allowing you to bypass location filters.

Read more...

Ever since the revelations of Edward Snowden and learning about the fact that the United States Government implements and utilizes commercial-grade equipment to spy on society, there's been an ongoing battle for personal privacy. Most don't do this because they have things to hide, but because they have important things to protect, like their banking information or previous addresses. With the rise of major technology companies and governments at the helm of new technical innovations and controlling most people's everyday lives, it becomes people's responsibility to carefully handle their personal information- both online and offline. For those unfamiliar, this blog post seeks to provide a “quick start guide” on how one can protect their info from malicious actors, governments, and so forth.

Read more...

This post has been long in coming. For those who haven't read the previous posts in this series, below are links to bring you up to speed.

In Part 1, we covered the basic mathematical information and technical information required to understand and begin to implement your own cryptography. Part 1: HERE

In Part 2, we set up a Cryptographically Secure Pseudo-Random Number Generator to be used by our cryptographic algorithms. Part 2: HERE

If you're stuck, the previous posts may help with bringing you up to speed. Now, let's add in the hashing algorithm!

Hashing? What's that?

A Hashing Algorithm is this carefully crafted program that takes a string as an input, performs a bunch of cryptographic functions on it, and spits out a fixed-length string that appears to be random. However, if you compute the hash again with the same string, you will achieve the same output.

A sample hashing function could be a simple XOR operator. You take random bytes to produce “entropy” for the hashing function, saving the information somewhere. Then you could just XOR the string with the saved random bytes, chopping the hash off at a fixed length. This is known to be highly insecure as performing an XOR against itself is effectively an inverse operation and will undo the work of creating a hash.

Read more...

I was reading old blog posts and realized I didn't touch on a CRITICAL piece of the puzzle to understanding computing... How your device actually works. This post aims to remediate this and provide a “one-stop” guide from understanding the low-level circuitry to how that allows people to program on their devices.

No computers were harmed in the making of this post. No, seriously.

The Electronics

Everything in a computer is a 1 or a 0. Many people call this true or false, or even on or off. Whatever you may call it, it's the basis for boolean (digital) logic. When you use a series of true or false statements, you are making use of the binary number system. Instead of having a 10's, 100's, 1000's etc place there's powers of 2. so 11111111 would equal 255, because 1+2+4+8+16+32+64+128=255. This is similar to how we would calculate what 255 equals- 200 + 50 + 5 = 255.

Read more...

For those who are unfamiliar with FreeBSD, it's a unique system that feels distinctly like the UNIX of old- because it is. Last post, we installed FreeBSD, got connected and installed some software. You might have even gotten a desktop working on your own, because it feels so much like Linux. However, the stock install is a bit RAM hungry and we aim to improve that.

Kernel? What's a Kernel?

Like Linux, FreeBSD (and Windows and MacOS) all have an underlying Kernel. This is basically a loose term that describes all the underlying components that the user doesn't see day-to-day when utilizing an Operating System, such as firmware and drivers being loaded, support for multithreading, filesystem support, and so on. Because BSD has so much support for strange devices- like VAX machines of old- it's expected of users who wish to optimize their systems to purge unneeded support from their system.

Getting Started

Of course, you'll need a FreeBSD installation with the source code to follow along... :) However, we'll need some more details about our target system that we'll be rolling a custom Kernel for. So let's whip out a notepad or text editor and our trusty command line. The trusty dmesg command will come in handy, but it produces way too much output, so we can filter that with grep by doing something like dmesg | grep <search term>.

The laptop I did this on was an unmodded Thinkpad T460. I knew that it came with Intel Wireless, an Intel CPU, an SSD, and Intel Integrated Graphics, for starters. But what model?

So I ran dmesg | grep Wireless and got the following output:

iwm0: <Intel(R) Dual Band Wireless AC 8260> mem 0xredacted at device redacted

Note that I have censored the last bit of output for privacy, but it contains memory address and what part of the PCI bus it's connected to.

I took note of this and did similar commands to gather info on my hardware.

Backing Up

Since we're replacing our kernel, we want a backup of the last known good one. In FreeBSD, the current running kernel is located at /boot/kernel. So let's make a copy in /boot, so we can continue to use it if things go south!

Running cp -a /boot/kernel /boot/kernel.good will do the trick for this.

Config Time!

Now we get to prep our Kernel config file. To do so, cd /sys will take you to the /sys directory, where you'll see a few architecture names as directories: x86, x64, arm, etc. My ThinkPad T460 is a 64 bit x64 processor, so I ran cd x64.

Now, there's a folder in this directory called conf. That's where the config files are located- so cd conf and then run ls to view the available config files to start from.

Instead of altering the config files directly, it may be wise to make a copy of one. I picked the GENERIC config file and copied it into one in the same directory, naming it T460 (no file extensions!!!)

With this done, open the freshly copied config file in the text editor of your choice. In this config file, there's lots of comments, specifying what each option will compile into the kernel. Removing the line will remove the feature from your compiled kernel. Since my ThinkPad doesn't have a floppy disk or RAID controller that's easy enough to remove those. I know that I have Intel Wired and Wireless connections, so I can remove all support for other network cards if I so choose.

ATCHUNG! Read what each option enables support for before deleting the line, and make sure you're not removing things that are critical to the function of your hardware!

Once satisfied, save the new config and quit.

Updating the Source

First things first, we need to install and set up subversion (SVN) on FreeBSD to get the latest copy of the FreeBSD source tree. In order to install SVN and get it ready to rock, we just need to run pkg install ca_root_nss subversion.

Now with SVN installed, let's fetch a copy of the latest source tree. If you already have the source code installed, run svn update /usr/src/. If not, we need to fetch a copy by running svn checkout https://svn.freebsd.org/base/releng/12.1 /usr/src/ (replace the 12.1 with the version number of FreeBSD you installed.)

Awesome! We're ready to compile the kernel!

Compiling the Kernel

With your freshly updated copy of the FreeBSD source code, cd /usr/src to get into the source code. Since our config file is prepped, all you have to run is make KERNCONF=CONFIG buildkernel– swap out the word CONFIG for your kernel config name. This will take a bit to compile, so grab a coffee or something while waiting. When it finishes, you run make KERNCONF=CONFIG installkernel, again swapping out the word CONFIG for your actual config filename. When finished, reboot your system and test it out!

BRO! MY KERNEL IS CRASHING!

In the bootloader, you can switch back to the old kernel to resolve the issues in your config and re-attempt compiling the kernel until satisfied.

What Are The Benefits of Doing This?

On my ThinkPad T460, the stock system used about 1.7 gb of RAM. After the custom kernel, it's now using 800 Mb of RAM- to lower the usage even further, some tunable “knobs” in /etc/rc.conf, /etc/loader.conf and /etc/sysctl.conf prove useful as well.

Another interesting thing to note is that this Kernel config can be used to rebuild the ENTIRE SYSTEM as well, using the make KERNCONF=CONFIG buildworld and make KERNCONF=CONFIG installworld commands too.

Until next time!

Read more...

Most would agree that IT and Computer geeks have an intense passion for Open Source Software and quality code. Due to this, Linux is a staple in the tech community... But is it the only option? Enter FreeBSD, an Operating System whose roots trace all the way back to the original UNIX. Buckle up, and prepare for an introduction to FreeBSD and setting it up yourself.

Wait, Slow Down. What's FreeBSD?

Back in the 1970s and 1980s, AT&T Bell Labs invented UNIX and would go on to sell commercial copies of said Operating System to various colleges. The awesome thing was that AT&T shipped source code bundled right in! One of these places was the University of California at Berkeley, who aptly wrote more tools for UNIX such as vi and the original Berkeley Fast Filesystem (what most Linux/UNIX Filesystems are based on nowadays). Eventually UC Berkeley went on to redistribute their own variant of UNIX called BSD, setting up a hotline at 1-800-ITS-UNIX. This ROYALLY pissed off AT&T and they sued for copyright infringement. For reference, around this time Linus Torvalds was beginning the Linux Kernel development.

Needless to say, UC Berkeley won the case almost totally- so much so that AT&T only kept copyright to 3-4 files of the entire UNIX system. This enabled the release of i386BSD, which spawned the FreeBSD, NetBSD and OpenBSD projects. Their licenses are all very close to the original license of the code which is extremely permissive and allows the user to do almost anything except take credit for the work, sue the developer and remove the license.

Cool! Let's Install It!

Awesome! At this time of writing, the latest stable version of FreeBSD is 12.1. If you browse to the FreeBSD Site, you'll notice a big “Download Now” button. For this series of blog posts, we'll install 12.1 because stability matters for a daily-driver laptop. Pick the correct CPU architecture and you'll be taken to a web open directory. There are multiple images available for download, generally DVD1 and memstick images have all installation files embedded into the image so no network connection is needed to install the system.

Now that the image is downloaded, pick an installation medium. For usb, you would insert a thumb drive and type sudo dd if=/path/to/FREEBSDIMAGE of=/dev/sdX status=progress, where the “if” argument is the location of your downloaded FreeBSD installer image and the “of” argument is the name of your drive under Linux.

After this is done, let's yank out our computer and boot into the installer! On most laptops, there is a key combination to enter the BIOS, like spamming F12 or delete on boot. Once you've done this, allow USB booting, disable secure boot, and configure your flash drive to boot first. With the flash drive plugged in, you should be greeted by a FreeBSD bootloader, waiting a moment will take you to a graphical menu that looks like this:

FreeBSDInstaller The FreeBSD Installer

Select your responses with the arrow keys, and press enter to continue.

FreeBSDInstaller2 In prompts like this one, you'll need to use the space bar to alter selections.

The menu is very simple and easy to go through... Once you arrive at what disk format to use, the most common option FreeBSD users select is entire-disk ZFS.

FreeBSDInstaller3

Remember to select your disks in the ZFS Pool! The original option is stripe/0 disks, but you still need to go into it's submenu and select a disk even if you don't want to use the mirroring abilities of ZFS. There is an option to enable encryption, enabling it will provide a prompt later for your disk encryption password. If you're content with the settings, continue on.

After this, you'll be greeted by a menu of what packages you'd like to install, selectable by spacebar and arrow keys. Pressing enter will allow you to continue to the installation. Once complete, the interface will drop to a shell for you to set the root user password. Once that's done, the installer will take you back to the UI and offer to create a user account (DO THIS!), where you drop back to the shell to create it. Lastly, there will be system hardening options that you can optionally check. If you're concerned with privacy, it is recommended to enable all of them. Finally, it will provide an option to exit the installer and reboot.

Welcome To FreeBSD!

On fresh installation, FreeBSD is extremely plain and doesn't even have a desktop. Our first priority is to connect to the internet, so we can update our system. Running the ifconfig command will list all devices that are recognized by FreeBSD. If your network card isn't recognized, you will want to search to see if it's supported. If so, there's probably a kernel module that hasn't been loaded for it. To remedy this, a simple kldload xxx (where xxx is the name of the kernel module corresponding to your device driver) will enable your hardware. If this works, you can make this change permanent by editing /etc/rc.conf. FreeBSD makes use of wpa_supplicant and ifconfig to connect- more comprehensive guides on getting connected can be found here:

Wireless Networking in FreeBSD Networking in FreeBSD

Once connected, updating the system and fetching a few apps to get started with configuration is critical. There's three ways a user can install software on FreeBSD: compiling from source by hand, compiling from source through the ports collection (automatically), or using the pkg package manager which feels very much like apt.

Set up the FreeBSD ports tree by running portsnap fetch extract. If you ever wish to use it, cd into /usr/ports and find the proper directory of the application you wish to install. Then type make clean install.

As for pkg, let's update, upgrade and install vim:

pkg update
pkg upgrade
pkg install vim

Once all the software required for a desktop or whatever use case is necessary, setup is just like any *nix-based system.

So What Makes FreeBSD Different???

FreeBSD has a bunch of unique development tools, such as dtrace, for programming and understanding how the Operating System works and programming good, solid code. On top of that, it comes with pf instead of iptables, which is the de-facto standard on many enterprise networking devices such as Cisco or Palo Alto (they actually ship with FreeBSD installed). The entire Operating System source code can be found in /usr/src, and you can recompile the entire OS with a one-line terminal command. FreeBSD and similar systems are known for having the best TCP/IP networking stack in the world, so much so that even Microsoft still uses FreeBSD code for driving the internet on Windows to this very day.

Be sure to stick around for the next post, where we'll compile a custom kernel on FreeBSD!

Read more...

Enter your email to subscribe to updates.