Monday, September 17, 2018

How to bid on a Reverse Engineering project and what tools to use

Hi,

I have significant experience in low-level Windows development, including driver development (kernel mode), cracking and reverse engineering. I use the most advanced tools of the trade including IDA Pro, OllyDbg, WinDbg and other Windows SDK/WDK tools, Windows SysInternals utilities, and others as needed.

If you are looking to simply decompile a single exe file into C source code I can do that for you for 500 USD. However, it needs to be said that the produced code, though accurate, will not be very readable as a compiled program does not retain identifier names (like variable and function names) that usually convey most of the meaning in source code; still, the code's logic is usually fully and correctly retained.

Also, the code won't be much more than a long monolithic list of statements that is usually not directly compilable into the same application whose decompilation produced it.

Therefore, in most cases, such projects involve a specific function (or set of functions) that need to be decompiled AND converted to meaningful source code that can then be compiled into a new and fully working application. The process of doing the latter usually involves debugging the app to see which function/functions are being called and when and then extracting the decompiled code of those particular functions, rewriting it, in order to become comprehensible, and then combining it with other code into a new project structure (could be a Visual Studio project) that can then be compiled into a new fully working app.

If what you want is what I described in the last paragraph then I can do that as well and the cost for each function/functionality depends on the function/functionality itself and its complexity. Specific quotation for this scenario will be possible after a first full decompilation of the app is performed.

Cheers,

Monday, September 10, 2018

Allowing only one executing PHP request

What if for reasons of performance or serialization you wanted to quickly (without messing with complex apache and/or php configuration options) ensure that only one php request of some web application executes at any one time?

I had this requirement recently and what I did is used a "lock" file. The PHP code goes and checks if that file exists and it it does it considers execution locked and dies. If the file does not exist it creates it and runs.

However there is a potentially fatal flaw in this simple solution; what if a PHP request dies (for whatever reason) before it had time to delete the lock file at the end of processing? Your app would never run ever again! To address this I added timestamps into the mix. Specifically, when the file is created a timestamp representing the exact time of its creation is written into it and then when another incoming request polls for the lock file it actually reads the timestamp, compares it to current time and acquires the lock, even though the lock file exists, if a certain time threshold, during which it is reasonable to assume the previous request would have finished processing, has elapsed.

The file's time attributes could also be used instead of a timestamp in the file but that would bring in complexity in the form of platform considerations, timezones, server admins changing those, etc. Though not perfect, the "timestamp in a lock file" is simple to implement, keeps most variables within the PHP platform space and it works.

So here is the getLock() function I used; x is the minimum number of seconds between requests you would want to enforce.

function getLock()
{
 if (file_exists("steglock.txt"))
 {
  $before = trim(file_get_contents("steglock.txt"));
  $now = strtotime("now");
  
  $difference = abs( ($now) - ($before) );
  
  if ( $difference < x)
  {
   return false;
  }
  else
  {
   file_put_contents("steglock.txt",  strtotime("now"));
   return true;
  }
 }
 else
 {  
  file_put_contents("steglock.txt",  strtotime("now"));
  return true;
 }
}

Then, just before you start your processing in you PHP file (or files):

if (!getLock())
{
 die("You can only submit one request every x seconds");
}

Good luck!

Wednesday, May 16, 2018

Run LibreOffice in PHP scipts

It is often desirable to have PHP convert Word documents into PDF documents. LibreOffice can do that very well and of course it can do much more. There are three tricky points to consider if you want to run LibreOffice with PHP:

  1. You need to run it using the --headless option as it will probably be running on a server that probably has no GUI capabilities.
  2. You need to make sure that the output dir (which if not explicitly specified is the same as that of the php script that runs LibreOffice) is writable by the user php runs as (in my case apache). Obviously, the directory where the document that will be read in resides (as well as the document itself) need to be readable by the user php runs as (in my case I just did a chown apache:apahe <dirpath> on both these dirs)
  3. (Trickiest) soffice (one of LibreOffice's executables) will still not run correctly as apache (or whatever your php user is) although it will run fine if you execute it as root. This is because it requires special permissions for a directory that it considers its environment dir. there is a number of ways to fix this but easiest is to use the -env:UserInstallation option. In my case I created a subdir under /tmp (specifically: /tmp/soffice) and gave it apache:apache ownership.
In conclusion here is how I successfully call soffice from my php script (where $target_file is the Word file to be read in):

$cmd2 = "/opt/libreoffice6.0/program/soffice -env:UserInstallation=file:///tmp/soffice
        --headless --convert-to pdf " . $target_file;

exec($cmd2);

In the my case, the resulting pdf file is saved in the same directory as the php file that runs sofficewhich is fine for my purposes.

Tuesday, March 27, 2018

PHP can't write to directory although it should

If PHP is not writing to a directory (e.g. you can't upload files) although all directory permissions as well as PHP and Apache settings and configuration are correct then, in case you are on CentOS 7 (or RedHat 7), the culprit may be SELinux. Just disable it or, if needed, allow writing to the directory of interest using chcon command:

To disable SELinux

To resolve the issue with SELinux enabled

Thursday, March 8, 2018

How to configure drupal with clean URLs

There is some confusion on drupal.org (and other sites) on how exactly to do that: multiple conflicting articles, incomplete instructions, etc. The way to do it is to basically include the correct set of httpd.conf directives for all three of the following directories (assuming the default/usual directories are used):
  • /var/www 
  • /var/www/html
  • /var/www/html/sites/default
The httpd.conf sections for the first two directories normally already exist by default; the third one needs to be created. No .htaccess files need to be used; everything can be done in the httpd.conf file. Here is the relevant listing from my httpd.conf file that successfully configured Drupal with clean URLs for me:

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"

#
# Relax access to content within /var/www.
#
<Directory "/var/www">
    AllowOverride All
    # Allow open access:
    Require all granted
</Directory>

# Further relax access to the default document root:
<Directory "/var/www/html">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks
    #Options Includes ExecCGI FollowSymLinks MultiViews

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    #AllowOverride None
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted

        RewriteEngine on
        RewriteBase /
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        #RewriteCond %{REQUEST_URI} !=/favicon.ico
        #RewriteRule ^ index.php [L]
        RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

</Directory>

<Directory "/var/www/html/sites/default">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks
    #Options Includes ExecCGI FollowSymLinks MultiViews

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    #AllowOverride None
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted

        RewriteEngine on
        RewriteBase /
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        #RewriteCond %{REQUEST_URI} !=/favicon.ico
        #RewriteRule ^ index.php [L]
        RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

</Directory>


How to integrate PDFBox into WildFly 11

There are no specific instructions on how to do this. Here is how I did it and it works fine for my project:

  1. Add the three main PDFBox jar files as a WildFly module. To do this you have to create a new appropriately named folder under WildFly's installation directory. Like this: <some random directory>/wildfly-11.0.0.Final/modules/system/layers/base/org/apache/pdfbox/main

  2. Then, in that directory wget the three main PDFBox jar files. Currently the latest are the  ones that also appear in the XML listing right below.

  3. Then, in the same directory, create an XML file , named module.xml, thusly:

    <?xml version="1.0" encoding="UTF-8"?>
    <module xmlns="urn:jboss:module:1.5" name="org.apache.pdfbox">
        <resources>
            <resource-root path="pdfbox-2.0.8.jar"/>
            <resource-root path="fontbox-2.0.8.jar"/>
            <resource-root path="xmpbox-2.0.8.jar"/>
        </resources>
    
        <dependencies>
            <module name="javax.api"/>
            <module name="org.apache.commons.logging"/>
        </dependencies>
    </module>
    

  4. Now what we need is to declare the newly added pdfbox WildFly module as a global one, i.e. one that can be referenced from any deployment in our WildFly instance. To do this we need to edit our standalone.xml or domain.xml file. In the case of out pdfbox module the global declaration needs to be done under the <subsystem xmlns="urn:jboss:domain:ee:4.0"> section of the file which, for WildFly 11, it already exists and is at version 4.0. Please note that for other WildFly configurations you may need to create it altogether or you may have a different ee version number. In my case what I did is I added the following simple XML markup at the end of the section:

    <global-modules>
        <module name="org.apache.pdfbox" slot="main" />
    </global-modules>
    

  5. Restart your WildFly and you should be on!