CCTV Systems Everywhere: You Are Known to Everyone

With the rapid development of machine learning in computer vision field, face recognition technology is deployed in most CCTV systems that run by government. On the one hand, some people are concerning that this technology will infringe on their privacy. On the other hand, it's believed by some people that the wide installation of CCTV can significantly reduce the crime rate and help police to solve cases.

The technology itself is neutral. It is who decides whether you are a criminal or not that matters.

Continue reading CCTV Systems Everywhere: You Are Known to Everyone

Play the game that sets you free!

As many of macOS users have already enabled TouchID for sudo by adding the line below to /etc/pam.d/sudo.

auth       sufficient     pam_tid.so

That's convenient, however, not interesting at all. Let's do something amusing! What about granting root privilege by winning the floppy bird game! Play the game that sets you free \(≧▽≦)/ Σ(・□・;)

This post will roughly be divided into 3 parts,

  1. Get the original sudo project compiled successfully
  2. Add the floppy bird game to sudo
  3. Test and replace the sudo which ships with macOS to sudo-floppy

1. Get the original sudo project compiled successfully

The very first thing is to fetch the latest source code of sudo on https://opensource.apple.com/tarballs/sudo/. At the time of writing, the latest release is https://opensource.apple.com/tarballs/sudo/sudo-86.50.1.tar.gz. Open the sudo.xcodeproj in Xcode after downloading and unzipping the tarball and we can start!

Continue reading Play the game that sets you free!

CVE-2019-14287: Local Privilege Escalation

Yesterday, a local privilege escalation vulnerability of sudo was reported by a security researcher, Joe Vennix. The proof of concept is simple but the exploitation of that can be powerful.

$ sudo -u#-1 whoami
root

-u#-1 means that, sudo is required to run the command as the user with id equals to -1.

With merely 5 more characters (the highlighted ones) you can do a local privilege escalation for all sudo version prior to 1.8.28. Isn't that amazing (and maybe dangerous as well)? Let's dive into it and see what happens inside. sudo version 1.8.27 will be used for demonstration in this post. (It can be downloaded at https://www.sudo.ws/dist/sudo-1.8.27.tar.gz)

Given that the vulnerability is related to the command line argument, it would be a great idea to the src/parse_args.c file firstly.

Continue reading CVE-2019-14287: Local Privilege Escalation

A Trip to Blenheim Palace in Oxford

Last weekend, I went from Cambridge to Blenheim Palace and the city centre of Oxford. The 2-hour bus ride was quite a long time, thus I fall asleep several times. The bus arrived Blenheim Palace at half past 10, which was right on the opening time.

Blenheim Palace was pretty gorgeous when I stepped inside. But it was not only the Palace that attracted me, but also the garden inside it! Though the weather was cloudy for most of the time, the garden of Blenheim Palace was fabulous still! Perhaps this is one of the reasons that it is said to be the finest view in England.

The swan swam on the lake, the small house sat besides the river and the path lay in the forest. Just standing there and looking at the stunning landscape they made up was absolutely breath-taking. If the weather had been better, the landscape would have been tremendous. ☆〜(ゝ。∂)

(Notice - if you're using cellar network, please be aware that this post contains many photos)

Continue reading A Trip to Blenheim Palace in Oxford

Using C/C++ for Python Extension

In general, C/C++ can be used to extend the functionality of Python with almost the highest performance you demand. To write a Python extension in C/C++ is relatively easy.

I'll show a simplified extension which is used in real life. This extension is made to extract records in a special file format, .pcap, and .pcap file is used to store the captured network packets so that the network activities can be analysed later.

Although there are many alternatives, they cannot achieve the goal in reasonable time. One of these alternatives is scapy, please don't get me wrong, scapy is a fabulous networking package. It can automatically parse all the records in .pcap file, which is an amazing feature. However, the parsing work will also take significant amount of time, especially for a large .pcap file with hundreds of thousands records inside.

At that time, my goal was quite straightforward. The time when captured the packet, from which source IP the packet was sent, and the destination IP of the packet. Given these demanding, there is no need to parse any record as deep as scapy would do. I can just check whether it contains IP layer or not, and if yes, extract the source IP and destination IP. Otherwise I'll skip to next record. And that's all.

I decided to name the extension as streampcap. And the class name would be StreamPcap so that I can write my Python code as below.

from streampcap import StreamPcap

pcap = StreamPcap("sample.pcap")
packet = pcap.next()
while packet is not None:
    print("{} {} {}".format(packet["time"], packet["ip_src"], packet["ip_dst"]))
    packet = pcap.next()

In order to implement this functionality, python-dev should be installed if the OS is Ubuntu/Debian/CentOS and etc Linux based operating systems. As for macOS, personally I use miniconda to manage the Python environment, and I think that miniconda will automatically get the same thing done. And miniconda is also available for Linux based OS. Life is easier!

Continue reading Using C/C++ for Python Extension

从零开始的 Rust 学习笔记(9)

Well, at this point, The Rust Programming Language demonstrates how to write a command line program, which named minigrep. Followed the textbook, I decided to rewrite the small utility that I mentioned in https://blog.0xbbc.com/2019/08/rewrite-the-styled-code-in-html-generated-by-apple-to-wordpress-compatible-html/.

The things learnt so far is enough to support me to write a, at least, workable utility. And if you're an expert in Rust, you'll find the following code is ugly and perhaps even not Rust-ish.

However, based on the previous 9 posts of this series, for these who just begins to learn Rust lang like me, the code which will be shown below won't be a giant jump. Nevertheless, there definitely has plenty of room to improve the following code. Any suggestions or questions are welcomed(⁎⁍̴̛ᴗ⁍̴̛⁎)

Furthermore, I googled a lot during writing the code. So I also attached corresponding link in comments.

Continue reading 从零开始的 Rust 学习笔记(9)

One Day in the Centre of Computing History

It was my third day in Cambridgeshire, and it was an adorable sunny day. After looking it up on Google Maps, I decided to go The Centre of Computing History, which attracted me at first glance on the map.

And it turned out to be a wonderful experience there! Basically you can actually get your hands on those old computers, from the 70s all the way to the 90s. They even have some working punch tape machines!

Cocoa on Punch Tape
☆〜(ゝ。∂)

And here is the encode/decode table~ The whitespace is shown as to avoid vertical mismatches. The small dot . is used for locating the horizontal line and speed. And the big dot denotes the actual punched hole on the tape.

Tape Letters Figures
␣␣.␣␣␣ Delete Delete
␣␣.␣␣• E 3
␣␣.␣•␣ Line Feed Line Feed
␣␣.␣•• A -
␣␣.•␣␣ Space Space
␣␣.•␣• S ,
␣␣.••␣ I 8
␣␣.••• U 7
␣•.␣␣␣ Return Return
␣•.␣␣• D $
␣•.␣•␣ R 4
␣•.␣•• J Bell
␣•.•␣␣ N ,
␣•.•␣• F ]
␣•.••␣ C :
␣•.••• K (
Tape Letters Figures
•␣.␣␣␣ T 5
•␣.␣␣• Z +
•␣.␣•␣ L )
•␣.␣•• W 2
•␣.•␣␣ H I
•␣.•␣• Y 6
•␣.••␣ P 0
•␣.••• Q 1
••.␣␣␣ O 9
••.␣␣• B ?
••.␣•␣ G [
••.␣•• Use Figures Use Figures
••.•␣␣ M .
••.•␣• X /
••.••␣ V =
••.••• Use Letters Use Letters
Continue reading One Day in the Centre of Computing History