Categories
sysadmin

Setting up DD-WRT on D-Link DIR-868L

Just got the great looking D-Link DIR-868L free recently from a broadband package that I signed up.
DIR-868L-A1-Image-L-Side-Left-

It’s an amazing router that has great features and performance. It also has great hardware specs, which makes it a perfect candidate for trying custom firmware like dd-wrt or OpenWrt. My preference would be to go for OpenWrt, unfortunately at this point of writing it is not supported. So it’s on to dd-wrt.

Installation of dd-wrt firmware can be done by following this wiki. Try it at your own risk, and always have the stock firmware on hand in case it doesn’t work.

Assuming you got this far, what’s next? Packages, naturally! To do that you have to first enable JFFS at the dd-wrt Administration tab. Next, let’s install something.

root@xxxxxxxx:/jffs/tmp# ipkg update
mkdir: can't create directory '//usr/local/lib/': Read-only file system

root@xxxxxxxx:~# ipkg install nano
root@xxxxxxxx:~# nano
-sh: nano: not found

Uh oh. Turns out ipkg is broken on this firmware and a search turns up other users facing the same issue. Someone on the forums suggested opkg instead and that’s where I went. There are many forum posts, blog posts and wikis on this topic. The one that I’m using is this. However, it doesn’t work out of the box else there won’t be this blog post :-).

Following the instructions, you should reach a step that tells you to download a script and execute it. Going for the “not so brave people” approach,

root@xxxxxxxx:/jffs/tmp# wget -q -O- http://debian.keithdunnett.net/ddwrt/optware_setup > optware_setup
root@xxxxxxxx:/jffs/tmp# chmod 700 optware_setup
root@xxxxxxxx:/jffs/tmp# ./optware_setup
Checking we can reach the repository...
./optware_setup: line 15: can't create /opt/usr/bin/optware_boottime: nonexistent directory
chmod: /opt/usr/bin/optware_boottime: No such file or directory
Making sure we have an initial opkg
Connecting to downloads.openwrt.org (78.24.191.177:443)
wget: server returned error: HTTP/1.1 404 Not Found
Connecting to dev.openwrt.org (217.115.15.26:443)
wget: can't open '/opt/lib/functions.sh': Read-only file system
tar: can't open 'opkg.ipk': No such file or directory
tar: can't open 'data.tar.gz': No such file or directory

Delving into the script, there are 2 problems. First, bind /opt to /jffs/opt. Then change line 32 of the script to the updated link (look up the latest link here).

root@xxxxxxxx:/jffs/tmp# mount -o bind /jffs/opt /opt
root@xxxxxxxx:/jffs/tmp# vi optware_setup
change to line 32:
`/usr/bin/wget https://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/base/opkg_9c97d5ecd795709c8584e972bfdf3aee3a5b846d-10_bcm53xx.ipk -O opkg.ipk` \

Let’s try again.

root@xxxxxxxx:/jffs/tmp# ./optware_setup
Checking we can reach the repository...
Making sure we have an initial opkg
Connecting to downloads.openwrt.org (78.24.191.177:443)
opkg.ipk 100% |***********************************************************************************************************************| 59159 0:00:00 ETA
Connecting to dev.openwrt.org (217.115.15.26:443)
functions.sh 100% |***********************************************************************************************************************| 7274 0:00:00 ETA
Creating the opkg config file in /opt/etc/opkg
You are now ready to install packages using opkg (this session only).
I've installed a script, optware_boottime, to run on boot and make the opkg settings persistent.
I'll add this to the end of rc_startup in nvram for you.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/base/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_base.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/packages/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_packages.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/routing/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_routing.
Downloading http://downloads.openwrt.org/snapshots/trunk/bcm53xx/generic/packages/telephony/Packages.gz.
Updated list of available packages in var/opkg-lists/chaos_calmer_telephony.
Minimal setup is complete. You should now have a working opkg.
We have created some aliases in your ~/.profile to make everything work.
Please either 'source .profile' or LOG OUT and LOG IN AGAIN before proceeding.

Success!

PS: Note that you’ll need to add /jffs/opt to your fstab or something in order to mount /opt on startup.
Disclaimer: I’m a vim user. nano is just an example 🙂

Categories
Uncategorized

Apple’s iOS App Store suffers first major attack | Reuters

It has taken a long time but it finally happened. Malware in iOS apps. Instead of compromising the App Store, it’s the app developers that are getting compromised via an unauthorized Xcode.

Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.

Source: Apple’s iOS App Store suffers first major attack | Reuters

Categories
security

Malware Found Pre-Installed on Xiaomi, Huawei, Lenovo Phones

Another reason to be wary of cheap mobile phones, especially those from dubious physical or online shops. See full report in the PDF.

These permissions enable extensive misuse: location detection, listening to and recording telephone calls or conversations, making purchases, bank fraud or sending premium SMS. The possibilities are almost endless.

Source: G DATA Whitepaper Vorlage – G_DATA_MobileMWR_Q2_2015_EN.pdf

Categories
privacy security

Who Hacked Ashley Madison? — Krebs on Security

Well, can we say schadenfreude? The hunter becomes the hunted.

Source: Who Hacked Ashley Madison? — Krebs on Security

Categories
3D programming

What DirectX 12 means for gamers and developers – PC Gamer

Abstraction is good for developers, right? Why else would you be programming in high-level languages like C++, Go, Python instead of assembly language? Well, it turns out the situation is not so straightforward for game programming.

In terms of graphics programming, after years of high-level graphics API, the trend has been to go as close to metal as possible (Apple’s Metal, OpenGL reborned as Vulkan, and now DX12). This article does a very good explanation of why this is happening.

In a way, this is a manifestation of the break-down of Moore’s law – at least in terms of clock-speed improvements. Games are among the most demanding type of applications in terms of performance, and for years we have been riding along the wave of “free” performance thanks to Moore’s law. In case you haven’t noticed, the party has ended. That, combined with increasing performance of the GPU, means we can no longer get free performance from CPU alone. Someone has to do the work to manage the GPU+CPU dichotomy and ensure that the “pipeline is full” so as to speak. Thankfully game engines are now taking on that role, but the graphics API needs to allow them to have full access to the low level capabilities.

Hint: it’s exciting. Expert Peter “Durante” Thoman takes a technical deep dive into the promising potential of DX12.

Source: What DirectX 12 means for gamers and developers – PC Gamer

Categories
security

DefCon Hackers Tell How They Cracked Brink’s Safe in 60 Seconds

A safe with an exposed USB port? That’s really asking for trouble. The safe in question is a “secure” digital safe. Unfortunately it appears to be running Windows XP, an OS that’s no longer supported. Even if it’s supported I doubt anyone will connect the safe to the Internet to receive Windows Update. 😉 The problem however, appears not with Windows XP, but with the USB port. That’s as good as giving someone keyboard/mouse access to the console.


Gone in 60 seconds. Security researchers will demonstrate at an Aug. 8 DefCon presentation how they can crack a modern Brink’s safe in just a minute.

Source: DefCon Hackers Tell How They Cracked Brink’s Safe in 60 Seconds

Categories
security

Major Flaw In Android Phones Would Let Hackers In With Just A Text : All Tech Considered : NPR

Android users please take note. This time you don’t even have to download anything or visit any malware website to get hit by malware. A truly scary prospect if someone exploits it nefariously. According to another report cited, 99% of mobile malware targets Android. The lack of a controlled OS patching process is probably why attackers target Android. In contrast, majority of iOS users upgrade to the latest version within weeks of release.

A security gap on the most popular smartphone operating system was discovered by security experts in a lab and is so far not widely exploited. It would let malicious code take over a phone instantly.

Source: Major Flaw In Android Phones Would Let Hackers In With Just A Text : All Tech Considered : NPR

Categories
privacy security

Hacking Team: a zero-day market case study

Singapore’s connection to the Hacking Team – it’s well known that HT has a Singapore presence. The local market appears to be quite receptive of them. In one of the leaks, it was revealed that they also tried to recruit local researchers to develop 0-day for them.

In April of 2014, Hacking Team attended the SyScan conference in Singapore with the intention of recruiting new exploit developers.

They succeeded in making contact with several researchers interested in working with them, including Eugene Ching.

Interestingly, Eugene’s responsibility with the Singaporean Army, presumably for his mandatory service, is to test and fix 0day exploits that they purchase.

Read more details here.

Categories
security

Hackers Remotely Kill a Jeep on the Highway

Another grim reminder of the problems brought about by digitization and so-called IoT – basically connecting everything to the Internet. In this case, hackers were able to remotely control a vehicle driving on real roads. Fortunately in this case it was a controlled exploit. Think of what cybercriminals can do if (or rather when) they take hold of critical infrastructures.

I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.

Source: Hackers Remotely Kill a Jeep on the Highway—With Me in It | WIRED

Update (2015-07-21): Chrysler has earlier asked owners to update their software.

Update (2015-07-24): Chrysler is now forced to take a more proactive step to recall millions of vehicles to fix this.

Update (2015-08-14): Black Hat USA 2015: The full story of how that Jeep was hacked

Categories
security

Hacking Team hacked, attackers claim 400GB in dumped data | CSO Online

Infamous company Hacking Team was hacked.

Hacking Team hacked, attackers claim 400GB in dumped data | CSO Online.