linux

653 Articles

FBI Reports On Linux Drovorub Malware

August 22, 2020 by 26 Comments

The FBI and the NSA released a report on the Russian-based malware that attacks Linux known as Drovorub (PDF) and it is an interesting read. Drovorub uses a kernel module rootkit and allows a remote attacker to control your computer, transfer files, and forward ports. And the kernel module takes extraordinary steps to avoid detection while doing it.

What is perhaps most interesting though, is that the agencies did the leg work to track the malware to its source: the GRU — Russian intelligence. The name Drovorub translates into “woodcutter” and is apparently the name the GRU uses for the program.

A look inside the code shows it is pretty mundane. There’s a server with a JSON configuration file and a MySQL backend. It looks like any other garden-variety piece of code. To bootstrap the client, a hardcoded configuration allows the program to make contact with the server and then creates a configuration file that the kernel module actively hides. Interestingly, part of the configuration is a UUID that contains the MAC address of the server computer.

The rootkit won’t persist if you have UEFI boot fully enabled (although many Linux computers turn UEFI signing off rather than work through the steps to install an OS with it enabled). The malware is easy to spot if you dump raw information from the network, but the kernel module makes it hard to find on the local machine. It hooks many kernel functions so it can hide processes from both the ps command and the /proc filesystem. Other hooks remove file names from directory listings and also hides sockets. The paper describes how to identify the malware and they are especially interested in detection at scale — that is, if you have 1,000 Linux PCs on a network, how do you find which ones have this infection?

This is a modern spy story, but not quite what we’ve come to expect in Bond movies. “Well, Moneypenny, it appears Spectre is using the POCO library to generate UUIDs,” is hard to work into a trailer. We prefer the old days when high-tech spying meant nonlinear junction detectors, hacking Selectrics, moon probe heists, and passive bugging.

Exotic Device Gets Linux Support Via Wireshark And Rust

August 20, 2020 by 10 Comments

What can you do if you have a nice piece of hardware that kinda works out of the box, but doesn’t have support for your operating system to get the full functionality out of it? [Harry Gill] found himself in such a situation with a new all-in-one (AIO) water cooling system. It didn’t technically require any operating system interaction to perform its main task, but things like settings adjustments or reading back statistics were only possible with Windows. He thought it would be nice to have those features in Linux as well, and as the communication is done via USB, figured the obvious solution is to reverse engineer the protocol and simply replicate it.

His first step was to set up a dual boot system (his attempts at running the software in a VM didn’t go very well) which allowed him to capture the USB traffic with Wireshark and USBPcap. Then it would simply be a matter of analyzing the captures and writing some Linux software to make sense of the data. The go-to library for USB tasks would be libusb, which has bindings for plenty of languages, but as an avid Rust user, that choice was never really an issue anyway.

How to actually make use of the captured data was an entirely different story though, and without documentation or much help from the vendor, [Harry] resorted to good old trial and error to find out which byte does what. Eventually he succeeded and was able to get the additional features he wanted supported in Linux — check out the final code in the GitHub repository if you’re curious what this looks like in Rust.

Capturing the USB communication with Wireshark seems generally a great way to port unsupported features to Linux, as we’ve seen earlier with an RGB keyboard and the VGA frame grabber that inspired it. If you want to dig deeper into the subject, [Harry] listed a few resources regarding USB in general, but there’s plenty more to explore with reverse engineering USB.

Six New HackadayU Courses Announced For Fall 2020

August 13, 2020 by 6 Comments

The fall lineup of HackadayU courses was just announced, get your tickets now!

Each course is led by expert instructors who have refined their topics into a set of four live, interactive classes plus one Q&A session we like to call Office Hours. Topics range from leveling up your Linux skills and learning about serial buses to building interactive art and getting into first-person view (FPV) drone flight.

Checkout the course titles, instructors, and details listed below. If you’d like to hear about each class from the instructors themselves, their teaser videos are embedded after the break.

  • Interactive Media Art with Light and Sensors
    • Instructor: Mirabelle Jones
    • Course overview: This course will cover how to develop interactive artworks, installations, and experiences based on sensor input.
  • Introduction to FPV Drones
    • Instructor: Ayan Pahwa
    • Course overview: We’ll get familiar with the multi-rotor category of Unmanned Aerial Vehicles (UAVs) including physics, aerodynamics, electronics, digital signal processing (DSP), and writing software that is involved.
  • Intro to LEDs Using Arduino and FastLED
    • Instructors: Cathy Laughlin & Mirabelle Jones
    • Course overview: Students will learn all about how LEDs work as well as how to program LED patterns using the Arduino IDE.
  • Linux + Electronics: A Raspberry Pi Course
    • Instructor: Pablo Oyarzo
    • Course overview: This course is for those who had wanted to go from Arduino to a Linux computer small enough to fit the project but greatly more powerful to full fill the project’s needs and don’t know where to start.
  • Embedded Serial Buses (Part 1)
    • Instructor: Alexander Rowsell
    • Course overview: This course will cover the I2C and 1-Wire serial buses. We will look at the hardware layer, the protocol layer, and the software/application layer for both bus types.
  • Art + Code
    • Instructor: Casey Hunt
    • Course overview: Students will grow their technical skills through mastery of the P5.js JavaScript library, and will also learn about aesthetics and art history in the digital space.

HackadayU courses are “pay-as-you-wish”. To help ensure the live seats don’t go to waste, the minimum donation for each class is $1. Proceeds go to charity and we’re happy to report a donation of $4,200 going to Steam Coders from the summer session of HackadayU. A new charity will be chosen for the fall classes, details to follow.

Each class will be recorded and made available once they’ve been edited. You can take a look at the excellent Reverse Engineering with Ghidra series right now. Videos of the Quantum Computing and KiCad + FreeCAD courses are coming soon.

Continue reading “Six New HackadayU Courses Announced For Fall 2020”

Popcorn Pocket P. C. Open Sourced

August 11, 2020 by 19 Comments

If you miss the days you could get an organizer that would — sort of — run Linux, you might be interested in Popcorn computer’s Pocket P. C., which was recently open-sourced on GitHub. Before you jump over to build one, though, there are a few things you should know.

First, the files are untested since the first unit hasn’t shipped yet. In addition, while the schematic looks pretty complete, there’s no actual bill of materials and the PCB layers in the PDF file might not be very easy to replicate, since they are just a series of images, one for each layer. You can see an overview video of the device, below.

Continue reading “Popcorn Pocket P. C. Open Sourced”

A Shell? A Programming Language? Relax! It’s Both!

August 8, 2020 by 55 Comments

Every time we publish a Linux hack that uses a shell script, someone will chime in about how awful it is to program shell scripts. While we like the ubiquity and efficiency, we can’t disagree that the shell is a bit of a hack itself. [Axel Lijencrantz] wants to change your shell to be a full-blow programming language called Crush.

On the face of it, it looks like a shell. Want to see the contents of the current directory? Simple: ls.

The difference is underneath. In Crush, ls is a built-in and it returns data in rows like a database. You can manipulate that database with SQL-like commands: ls | where {type=="directory"}.

Continue reading “A Shell? A Programming Language? Relax! It’s Both!”

Linux-Fu: Help Messages For Shell Scripts And Here Documents

August 3, 2020 by 20 Comments

Imagine that you want to output multiple lines of text in Bash, or any shell script. Maybe it’s for a help string for a particularly convoluted shell script you’re writing. You could have a separate echo command for each line.  Or you could use the “here document“.

The “here document” construction takes the text between two delimiters and passes it, as if it were piped, to a command.

if [[$# == 0 ]] || [[ "$1" == "-h" ]]; then
cat << EOF
This is my help message. There are many like it but this one is mine.
My help message is my best friend.
EOF

All of the text, as written, with line breaks and spaces and all, get passed to cat and your helpful formatted message is printed to the user.

Continue reading “Linux-Fu: Help Messages For Shell Scripts And Here Documents”

Linux Fu: Keep In Sync

July 23, 2020 by 28 Comments

Once upon a time, computers were very expensive and you were lucky to have shared access to one computer. While that might seem to be a problem, it did have one big advantage: all of your files were on that computer.

Today, we all probably have at least a desktop and one laptop. Your phone is probably a pretty good computer by most standards. You might have multiple computers and a smattering of tablets. So what do you do to keep your files accessible everywhere? Why not run your own peer-to-peer synchronization service? Your files are always under your control and encrypted in motion. There’s no central point of failure. You can do it with one very slick piece of Open Source software called syncthing. It runs on Windows, Linux, Mac, BSD, and Solaris. There are also Android clients. We haven’t tested it, but one caveat is that the unofficial iOS support sounds a little spotty.

The joke about the cloud — that it’s just other people’s servers — is on point here. Some people don’t like their files sitting on a third-party server. Even if your files are encrypted or you don’t care, you still have the problem of what happens if you can’t reach the server — may be on an airplane with no WiFi — or the server goes down. Sure, Google and Microsoft don’t go dark very often, but they can and do. Even if you build your own cloud, it runs on your servers. Syncthing is serverless: it simply makes sure that all files are up-to-date on all your end devices. Continue reading “Linux Fu: Keep In Sync”