Thursday, January 2, 2014

hex editing for windows bios update from Acer Aspire V3-551

How to update to 2.x bios from 1.x bios (applicable for Acer\eMachines\Gateway\Packard Bell)

For its recent laptop models; Acer (and its subsidiaries) choose a weird way of delivering bios updates. When a model is sold without Windows 8, then it is delivered with 1.x bios which lacks UEFI booting and Secure Boot support. If the same model is sold with Windows 8, then its is delivered with 2.x bios with the option of UEFI booting and Secure Boot.

Problem is an user can't update from 1.x bios to 2.x bios with the downloaded bios update. Its shows: "Please update to the same type of bios (v.1.x)".

To avoid this detection, we have to hex-edit a bit. ;)

Open the bios update application with your favorite hex editor and locate the following:
DisableSecureCapsuleFlash=1
Change it as follows:
DisableSecureCapsuleFlash=0
Save the changes. You can now update to 2.x using this modded bios. Flash from DOS or Windows.

If you can't find the above string in the bios update application, then we need to take another path.

Extract the application using 7-Zip and try to locate isflash.bin (which is your bios file) & platform.ini. Then open them with hex editor and change like above. Now flash using InsydeFlash.exe.

To overcome all of the checks, we need to edit more:
DisableCompare=0
to
DisableCompare=1
&
SkipSecureBootProtectionCheck=0
to
SkipSecureBootProtectionCheck=1

If you want a SLIC mod, then mod the downloaded bios update using andyp's tool. We have to alter another thing to flash the SLIC modded bios.

Again open the bios update application with your favorite hex editor and locate the following:
[ForceFlash]
ALL=0
Change it as follows:
[ForceFlash]
ALL=1

After updating to 2.x bios, you can safely update to subsequent updates without any modding. Note that you may have to re-install your previous Windows 8 installation after updating from 1.x to 2.x bios

Tuesday, May 7, 2013

Fedora 18, Firefox, Chrome, alsa, sound and hdmi

In Fedora 18, or, well, I believe I had this same issue in Fedora 17... I was perplexed by why sound for Firefox would never play through HDMI. Flash works fine, videos play fine... In both Chrome and Firefox. However sound only comes through for Chrome.

This is due to the way the flashplugin for Firefox interacts with the system and the soundcard. So, I needed to install alsa plugin.

Typically I would've
yum install flash-plugin nspluginwrapper alsa-plugins-pulseaudio libcurl
  





Apparently previously I'd installed everything but alsa-plugins-pulseaudio.

Yeah... I dunno why I didn't remember to install the alsa-plugin for pulseaudio. I feel like this probably
plagued me before, but then I switched to Chrome and never had to worry about it again.

Wednesday, October 24, 2012

Fedora/CentOS/Red Hat Linux 5 and 6 OpenVPN server and client setup configuration


copy pasted here on my blog in case that site ever goes down... really thats the only reason I ever put anything on this blog. heh. saved me a time or two in the past though having it all here.

Its important these days to protect yourself on the web, you never know whose lurking and snoopin on your traffic on Wifi these days. I use my openVPN's for my Android devices as well as my laptops whenever I'm on the go.

This guide was very well written. Minor detail was making sure the -FORWARDing table was setup properly in iptables. I'm not really sure why recompiling lzo was necessary, but I followed the guide and everything turned out ok for me. Mine (2 KVM and 1 OpenVZ) were on CentOS 6 from www.hostigation.net - Tim at hostigation sells some really nice VPS's and is always a pleasure to work with.


Also the author of this article sells VPS/s with OpenVPN preconfigured at http://safesrv.net/secure-vps-hosting/

Installing OpenVPN on CentOS 5 and CentOS 6

In this guide we will show you how to setup OpenVPN on centos – the guide will give you a fully working OpenVPN installation, NOT TESTED ON OTHER DISTROS..
Looking for an OpenVPN Ready VPS ? We setup OpenVPN for youBuy Bow just select OpenVPN at checkout and we will set it all up for you.
First step is to check if tun/tap is active:
cat /dev/net/tun
If tun is active then you should see this:
cat: /dev/net/tun: File descriptor in bad state
Make sure you have these packages installed:
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -y
Download LZO RPM and Configure RPMForge Repo:
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
32bit Package:
CentOS 5:
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
CentOS 6:
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-1.el6.rf.i686.rpm
64bit Package:
CentOS 5:
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
CentOS 6:
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Build the rpm packages:
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release*
Install OpenVPN:
yum install openvpn -y
Copy the easy-rsa folder to /etc/openvpn/:
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
Please note on CentOS 6 we need to make a small change before you run the commands below, open up /etc/openvpn/easy-rsa/2.0/vars and edit the below line:
Change:
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
To:
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
And save..
Now let’s create the certificate:
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all
Build CA:
./build-ca
Country Name: may be filled or press enter
State or Province Name: may be filled or press enter
City: may be filled or press enter
Org Name: may be filled or press enter
Org Unit Name: may be filled or press enter
Common Name: your server hostname
Email Address: may be filled or press enter
Build key server:
./build-key-server server
Almost the same with ./build.ca but check the changes and additional
Common Name: server
A challenge password: leave
Optional company name: fill or enter
sign the certificate: y
1 out of 1 certificate requests: y
Build Diffie Hellman (wait a moment until the process finish):
./build-dh
Now create your config file:
touch /etc/openvpn/server.conf
And enter the following:
local 123.123.123.123 #- your_server_ip goes here
port 1194 #- port
proto udp #- protocol
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status 1194.log
verb 3
Save it and start OpenVPN:
service openvpn start
Now we need to enable IP forwarding. So open the file /etc/sysctl.conf and set ‘net.ipv4.ip_forward’ to 1.
net.ipv4.ip_forward = 1
To make the changes to sysctl.conf take effect, use the following command.
sysctl -p
Route Iptables:
The rule below will work fine on xen and KVM based VPS’s but for OpenVZ use the OpenVZ iptable rule instead:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
OpenVZ iptable rules:
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 123.123.123.123
And
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123
Make sure you change 123.123.123.123 to your server IP.
IF you have CSF on the same server you need to open your OpenVPN port (Usually 1194) through the firewall and run the below commands for CSF:
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -j SNAT --to-source 123.123.123.123
Then run…
service iptables save
Again – make sure you change 123.123.123.123 to your server IP.
This section explains that your vpn will use PAM to auth people to it (on your system, so local users on your system will auth to openvpn via their user/pass that they use for SSH)
If you are using our FreeRADIUS module for WHMCS then you don’t have to do the below step – otherwise you can create a user as follows:
useradd username -s /bin/false
passwd username
If you wanted to delete a user you would use:
userdel username
This section is the client config file, you can name it whatever.you.want.ovpn, but OP has used 'server.ovpn'
Now create a server.ovpn config file and enter the following:
client
dev tun
proto udp
remote 123.123.123.123 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3
Make sure you change 123.123.123.123 to your server IP.
If using Windows OpenVPN clients, make sure the path to the 'ca ca.crt' is an absolute path with quotes (for spaces), for my Win7 machine I used
ca "c:\Users\tronik\Personal Documents\ca.crt"
And make sure OpenVPN starts at boot:
chkconfig openvpn on
Download ca.crt file in /etc/openvpn/easy-rsa/2.0/keys/ directory and place it in the same directory as your server.ovpn.
Now download a VPN client and import your config file and enter your username and password created above or if you have already configured OpeVPN Source with the FreeRADIUS plugin, use a username and password created in the radius database.
You can now follow the guide to configure OpenVPN source with FreeRADIUS.

Friday, October 5, 2012

Rebooting quickly in Fedora with kexec

If you're like me and you want to reboot quickly and avoid bios POST or other startup routines, kexec can be used to achieve this by skipping everything before the bootloader.

Install kexec-tools , regenerate your initramfs with dracut (so you can pull in the new bits, if you've never had kexec installed before), and then make a shortcut like this:


[root@tronik-laptop ~]# more readykexec.sh
cmdline=`cat /proc/cmdline` ; krnl=`uname -r` ; kexec -l /boot/vmlinuz-$krnl --i
nitrd=/boot/initramfs-"$krnl".img --reuse-cmdline

You can then run readykexec.sh and reboot to reload your current kernel (or any other kernel you happen to want to use.)

If you don't regenerate with dracut before trying to use kexec you will receive an error in the shell that kexec cannot be found.

Tested this in Fedora 17 and Fedora 18.

Thursday, July 26, 2012

yum couldn't connect to mirrors fedora 17

I couldn't update my Fedora 17 (gnome3) today - luckily it was my own stupid mistake... Oddly enough somehow after a network manager update the toggle to use SOCKS proxy was enabled...
I discovered that by using setting URLGRABBER_DEBUG=1 and running 'yum update' and examining the output there.

I saw yum was trying to use my socks proxy to do its work... which I didn't currently have available on this network. Disabling it for this network did the trick. It'd be nice to have some sort of 'per network' control in network-manager.

Thursday, June 14, 2012

Install Spotify in Fedora (FC17) w/alien from a .deb


In addition to adding 'phonon and qt-x11' the below tutorial worked for me on Fedora Core 17 (fc17)
Glad someone made it easy. Spotify, let me give you my money...but make an RPM/yum repo, thanks:
Steps needed: If you would like to convert the package yourself you can download the latest Spotify version from http://repository.spotify.com/pool/non-free/s/spotify/ and convert it with the alien -r command
There is no installation for Spotify on CentOS, and there are some whacked dependencies which are cumbersome to get around. I tried this on CentOS 6.2

First install Alien (and git):

yum install git make
git clone git://git.kitenet.net/alien
cd alien/
perl Makefile.PL; make; make install

Now download spotify .deb files from:

http://repository.spotify.com/pool/non-free/s/spotify/


Convert and install the Debian/Ubuntu packages:

alien --to-rpm spotify-client-qt*.deb
rpm -Uvh --nodeps spotify-client-qt*.rpm
alien --to-rpm spotify-client*.deb
rpm -Uvh --nodeps spotify-client*.rpm

You're almost done! Now download my magical package of required libraries:
http://dl.dropbox.com/u/17435887/CentOS6/andersx/spotify_libs.tar.gz

Extract these in your home folder. It'll create a directory and a file named (in my case):

/home/andersx/spotify_libs
/home/andersx/spotify.sh

Edit the .sh file so it points to your home directory. In my case:
export LD_LIBRARY_PATH=/home/andersx/spotify_libs

The libraries in spotify_libs were carefully taken from a Ubuntu 10.04 LTS, and in order to NOT mess up your CentOS, use the supplied script to start Spotify without exporting it to your $LD_LIBRARY_PATH when you don't need it.

Of course feel free to put the libraries and launcher script somewhere else.

Happy listening!
:wq

Wednesday, April 6, 2011

Port 88 open on Mac OS X - KDC monitoring daemon

If you enable either File Sharing (AFP or SMB), Mac OS X 10.5.6 will have not only the AFP or SMB ports, but also port TCP/88 open. The daemon on this port is kdcmond(8), which is described as “KDC monitoring daemon – Open Directory Single Sign On”. Most people who are not connected to a Mac OS X Server-based network probably don't need this service.

If you would like to disable this daemon, you need to change the launchd(8) configuration, which is accomplished by this one-liner:

Disable:
sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.kdcmond.plist
Enable:
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.kdcmond.plist
Note that these commands edit the above files, implying that the effects may be undone by future updates from Apple.

Tuesday, April 5, 2011

Mac OS X VPN and L2TP for Android / iPhone and iPad devices (or others l2tp)

From: http://blog.theilluminatedengineer.com/?p=136
--- Ugh. The link to the original is good, I'll use it as long as its there, but I put this here to keep it just in case the other guys site goes down. Good article, props to the author... I got mine working.

-


Step 1: An Introduction

There are lots and lots of different types of VPN setup and I honestly don’t understand how most of them work. I do know that we will be using the L2TP protocol.

The phone will need 3 things to connect to the VPN server on the mac; a user name, password and a shared secret. The user name and password correspond to an account on the local computer. The shared secret is a code known only to the server and client and is used to secure the connection.

Were going to do a lot of tasks on the command line as the root user so start up the OSX terminal and enter the command:

1
$ sudo -s
and give it your password when it asks.

Step 2: Store a secret key in the OSX Key Chain

The shared key will be stored in the OSX Key Chain, this puts it some place secure rather than storing it in plain text where it can be seen by anyone with access to the box.

Ideally the shared key should be complex and hard to guess. Personally I use a 64 character random hexadecimal key from https://www.grc.com/passwords.htm but you may want to use something a little less awkward to type in.

To store this run the command:
$ sudo security add-generic-password -a com.apple.ppp.l2tp \
-s com.apple.net.racoon -T /usr/sbin/racoon -p "shared key" \
/Library/Keychains/System.keychain
Replace “shared key” with whatever shared key you picked above.

The VPN server is two part. The actual server is called vpnd but there is a second task called racoon. Racoon is, I believe, responsible for setting up the initial connection and handling the security. The “-T” option in the above command gives racoon permission to access the keychain and read the value

Step 3: Configure the VPND service

VPND takes it configuration from a standard plist configuration file. Start up vi (or the editor of your choice) and edit the file:

/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
The file content should be:

{
ActiveServers = ("com.apple.ppp.l2tp");
Servers = {
"com.apple.ppp.l2tp" = {
Addresses = ("XXX.XXX.XXX.XXX");
DNS = {OfferedSearchDomains = (); OfferedServerAddresses = (); };
IPv4 = {
ConfigMethod = Manual;
DestAddressRanges = ("YYY.YYY.YYY.YYY", "ZZZ.ZZZ.ZZZ.ZZZ");
OfferedRouteAddresses = ();
OfferedRouteMasks = ();
OfferedRouteTypes = ();
};
Interface = {SubType = L2TP; Type = PPP; };
L2TP = {
IPSecSharedSecret = "com.apple.ppp.l2tp";
IPSecSharedSecretEncryption = Keychain;
Transport = IPSec;
};
PPP = {
AuthenticatorPlugins = (DSAuth);
AuthenticatorProtocol = (MSCHAP2);
IPCPCompressionVJ = 0;
LCPEchoEnabled = 1;
LCPEchoFailure = 5;
LCPEchoInterval = 60;
VerboseLogging = 1;
DSACLEnabled = 1;
Logfile = "/var/log/ppp/vpnd.log";
};
Server = {
Logfile = "/var/log/ppp/vpnd.log";
MaximumSessions = 128;
VerboseLogging = 1;
};
};
};
}
There are three values above that you need to set for your own network:

Set the value marked XXX.XXX.XXX.XXX to the IP address of the server. If you have more than 1 network interface set it to the one you want the server to listen on (e.g 192.168.2.10).
The values YYY.YYY.YYY.YYY and ZZZ.ZZZ.ZZZ.ZZZ indicate the range of IP addresses the VPN server should assign to clients when they connect. Make sure this range isn’t in use by any other computers or DHCP servers and its big enough for the number of clients you want to connect. (e.g 192.168.2.100 and 192.168.2.120).
It’s important the file has the correct permisions:

chown root:admin \
/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
chmod u+w,a+r,a-x \
/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist
Step 4: Set up launchd to start the vpnd service at startup

We need to make sure the vpnd server starts up each time we restart the computer, doing it manually would get boring quickly.

Starting boot tasks is handled on OSX by the launchd service. Create a new plist file using vi (or your editor of choice) at:

/System/Library/LaunchDaemons/com.apple.ppp.l2tp.plist
Put in the following content:




Label
com.apple.ppp.l2tp
ProgramArguments

/usr/sbin/vpnd
-x
-i
com.apple.ppp.l2tp

OnDemand



It’s important the file has the correct permisions:

1
2
chown wheel /System/Library/LaunchDaemons/com.apple.ppp.l2tp.plist
chmod u+w,a+r,a-x /System/Library/LaunchDaemons/com.apple.ppp.l2tp.plist
There is two ways to get this file to read in and the server to start. You can reboot your computer or you can issue the following command:

1
launchctl load /System/Library/LaunchDaemons/com.apple.ppp.l2tp.plist
You should now have a running vpnd fully configured and ready to connect to. We can check this by examining the log files:

1
tail -f /var/log/ppp/vpnd.log
This file should contain lines of the form:

1
2010-05-26 01:38:10 BST Listening for connections...
If it doesn’t your going to need to start doing some debuging. Check the contents of the /var/log/ppp/vpnd.log or /var/log/system.log for useful messages. The comments on the Mac OSX Hints page have a lot of usefull information on things that could go wrong.

Step 5: Configure the Firewall

Make sure that your firewall / router is configured to forward UDP on ports 500, 1701 and 4500 to the server box.

There are so many different routers out there that you’ll need to go read the manual or search online for how to setup your specific brand.

Step 6: Configure the iPhone

If everything above went well you should now have a fully running and secured VPN server that can be accessed from any place on the internet.

To set your iPhone up to use the server go through the following steps:

Open the settings app
Select “General” > “Network” > “VPN”
Add a new VPN configuration
Set the VPN type to L2TP
Configure the following settings:
Description: Anything you want
Server: The IP Address of your server (This is the public address given to you by your internet provider. Depending on your provider this address may change frequently. I recommend setting up a dns alias account with http://www.dyndns.com/ to make this step easier and more robust)
Account: The user name of an account on the server (this can be the one you normally log in as)
RSA SecureID: Off
Password: The password for the account you set above
Secret: The shared secret you picked above (enjoy typing in the 64 character hex key if you used it. It’s worth it!)
Send All Traffic: Yes
Turn the VPN connection on via the switch at the top of the “General” > “Network” > “VPN” page. A switch also appears near the top of the launch screen of the settings application
Once your connected you should see a blue “VPN” icon in the bar at the top of the iPhone screen
Some of these settings could use going over in more detail. The VPN connection uses two levels of protection. The first is a user name and password that can be used to log on to the server machine, you can use your normal user account or create a new one with less permissions. The second is the shared key, which wraps up the entire communication. The longer and more complex your shared key is the harder it will be to break.

The “Send All Traffic” option tells the iPhone to send all traffic over the VPN connection, not just traffic directed at the VPN server. You want this on as it protects all of your traffic to any site by encrypting it and sending it to your VPN server before it then makes it out on to the internet. This makes it almost impossible for someone to monitor what your doing when your on a public WIFI or using 3G. It also has the effect of making your public IP address appear to be that of your home internet connection, in theory this lets you use UK restricted web sites when you’re out of the county (iPlayer etc.), but it may not work if the site uses more than just IP to determine where you are.

If you have any problems check the /var/log/ppp/vpnd.log or /var/log/system.log files for useful messages. The comments on the Mac OSX Hints page have a lot of useful information on things that could go wrong (keep an eye out for the dreaded MD5CHAP error that seemed to plague people on older versions of OSX, though I didn’t see it on 10.6).

Hopefully that’s you now up and running.

Thursday, March 3, 2011

grep, od, and dos2unix - Need to fix some crappy files that won't grep?

Recently I had to write a program to extract about 2500 passwords from a Novell eDirectory. That was all well and good, until I sent said output of file to a user who mangled the format on a Windows Machine. The user opened it in Excel or Notepad (or something...who knows...) and then worked with it, and send it back to me to pull the users they'd left in the file out of the Novell eDirectory.

Well that file wasn't in a format grep liked. How long did it take me to figure that out...quite a while, because there's nothing that looks different about the file to the naked eye (or naked editor.)

After googling and feeling very greptarded, I came upon the solution. I identified that the file I previously had and the file I receieved back had different octal values (man od) - I then used dos2unix to reconvert the file to a format grep would work with... grep really didn't like grepping on the improperly formatted file. Very strange... Simple magic... it worked, and the day was saved.

Aside from that, Novell, Netware, and eDirectory are crap. Unfortunately the place I work is still utilizing several servers that run it. Everything else is switched to Microsoft Windows and Active Directory (and my division which runs UNIX (HP-UX and RHEL))

Friday, November 5, 2010

default SSL enabled in Oracle Internet Application Server 10gr2 ias10gr2

So, if you dont have a directive for "data id="start-mode" value="ssl-enabled"" in your opmn.xml file then any directives in your ssl.conf don't get loaded due to the IfDefine SSL thats in by default the httpd.conf and ssl.conf files.