from:"podolica"

Re: /var/log/failedlogin is a binary file with a lot of null bytes?!

2021-07-17 Thread podolica

Philip Guenther  schrieb am Samstag, 17. Juli 2021 um 11:09:

> On Fri, Jul 16, 2021 at 11:49 PM podolica  wrote:
>
>> On my OpenBSD installation (6.9) one of the log files created by login(1)
>> seems to be a binary file:
>> $ less /var/log/failedlogin
>> "failedlogin" may be a binary file. See it anyway?
>
> ...
>
>> What can I learn from this logfile?
>> A lot of repeating null bytes and "ttyC2" and "ttyC3" does not seems
>> to be very informative.
>>
>> Is this an error?
>
> No, it's not an error. That file is specific to the 'login' command, 
> specifically the source file /usr/src/usr.bin/login/failedlogin.c and 
> consists of an array of the 'badlogin' structure specified there. If you want 
> to dump its contents in a more readable format then you should write a small 
> program to do so in C or some other language which can easily handle binary 
> files.
>
> Philip Guenther

Thank you, that seems to be an explanation. Lerning never stops :-)

/var/log/failedlogin is a binary file with a lot of null bytes?!

2021-07-17 Thread podolica

Hi all,

On my OpenBSD installation (6.9) one of the log files created by login(1)
seems to be a binary file:
$ less /var/log/failedlogin
"failedlogin" may be a binary file. See it anyway?
The hexdump of it is:


openbsd# hexdump -C failedlogin
  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ||
*
0004c2c0  74 74 79 43 32 00 00 00  00 00 00 00 00 00 00 00  |ttyC2...|
0004c2d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ||
*
0004c3e0  00 00 00 00 00 00 00 00  b2 f6 ef 60 00 00 00 00  |...`|
0004c3f0  00 00 00 00 00 00 00 00  74 74 79 43 33 00 00 00  |ttyC3...|
0004c400  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ||
*
0004c520  89 97 d0 60 00 00 00 00  00 00 00 00 00 00 00 00  |...`|
0004c530


What can I learn from this logfile?
A lot of repeating null bytes and "ttyC2" and "ttyC3" does not seems
to be very informative.

Is this an error?

Re: Trusted Boot with OpenBSD

2021-04-22 Thread podolica

Patching the assembly code is the work of Julius Zint -
not my work. I have only patched the patch files because
some of the old one doesn't work anymore. This is because
of some changes of OpenBSDs source code which are preventing
the patch util to find the lines to change.

‐‐‐ Original Message ‐‐‐
Am Mittwoch, 21. April 2021 21:17 schrieb :

> That's very interesting, and good work patching the assembly code.
>
> On Wed, Apr 21, 2021 at 08:26:18AM +, podolica wrote:
>
> > Hi all,
> > I have tested if the trusted boot implementation
> > of Julius Zint for OpenBSD 6.5
> > (https://marc.info/?l=openbsd-misc=158255450604977=2)
> > is still working in OpenBSD 6.8.
> > Despite of some patch files that had to be updated,
> > all changes needed to be applied can be applied and
> > Trusted Boot can be used.
> > (Tested with an external hard drive and an amd64
> > ThinkPad with TPM module version 1.2)
> > Here are the new patch files. I did not provide them as
> > attachments because the netiquette says only the bugs,
> > ports and the tech mailing list are supporting
> > attachments although it was allowed when Julius Zint
> > made it's initial post. The files are beginning after
> > the `and are ending before the next` just like
> > in Markdown.
> >
> > gidt.S.patch
> >
> > =
> >
> > --- gidt.S.orig Mon Apr 19 13:22:32 2021
> > +++ gidt.S  Mon Apr 19 13:22:32 2021
> > @@ -432,11 +432,13 @@
> > movl%edi, _C_LABEL(BIOS_regs)+BIOSR_DI
> >
> > /* clear NT flag in eflags */
> > -   pushf
> > +   push%eax
> > +   pushf
> > pop %eax
> > and $0xbfff, %eax
> > push%eax
> > popf
> > +   pop %eax
> >
> > pop %gs
> > pop %fs
> >
> >
> >
> > cmd_i386.c.patch
> >
> > =
> >
> > --- cmd_i386.c.orig Mon Apr 19 13:23:44 2021
> > +++ cmd_i386.c  Mon Apr 19 13:23:44 2021
> > @@ -36,6 +36,7 @@
> > #include "biosdev.h"
> > #include "libsa.h"
> > #include 
> > +#include 
> >
> > extern const char version[];
> >
> > @@ -44,6 +45,7 @@
> > int Xdiskinfo(void);
> > int Xmemory(void);
> > int Xregs(void);
> > +int Xtpm(void);
> >
> > /* From gidt.S */
> > int bootbuf(void *, int);
> > @@ -53,11 +55,155 @@
> > { "comaddr",CMDT_CMD, Xcomaddr },
> > { "diskinfo",   CMDT_CMD, Xdiskinfo },
> > { "memory", CMDT_CMD, Xmemory },
> > +{ "tpm",CMDT_CMD, Xtpm },
> > #ifdef DEBUG
> > { "regs",   CMDT_CMD, Xregs },
> > #endif
> > { NULL, 0 }
> > };
> > +
> > +/**
> > + * print_memory - debugging functionality to dump memory region to 
> > screen
> > + * @buf:memory location to begin dump
> > + * @rows:   rows to print
> > + * @columns:columns to print
> > + *
> > + * Remarks: total bytes dumped = rows * columns
> > + */
> > +void
> > +print_memory(void* buf, uint32_t rows, uint32_t columns)
> > +{
> > +uint8_t* iter = buf;
> > +for(int i = 0; i < rows; i++) {
> > +printf("%03x:", i * columns);
> > +for(int k = 0; k < columns; k++) {
> > +printf(" %02x", *iter);
> > +iter++;
> > +}
> > +printf("\\n");
> > +}
> > +}
> > +
> > +#define SECRET_BLK_OFF 1
> > +
> > +int
> > +Xtpm(void)
> > +{
> > +int rc;
> > +uint8_t major = 0;
> > +uint8_t minor = 0;
> > +rc = tpm_statuscheck(, );
> > +   if(rc != 0) {
> > +printf("No TCG compliant BIOS available.\\n");
> > +   }
> > +   else if(major != 1 && minor != 2) {
> > +printf("Incompatible TCG BIOS version: %u.%u\\n", 
> > major, minor);
> > +   }
> > +   if (cmd.argc < 2) {
> > +

Trusted Boot with OpenBSD

2021-04-21 Thread podolica

Hi all,

I have tested if the trusted boot implementation
of Julius Zint for OpenBSD 6.5
(https://marc.info/?l=openbsd-misc=158255450604977=2)
is still working in OpenBSD 6.8.

Despite of some patch files that had to be updated,
all changes needed to be applied can be applied and
Trusted Boot can be used.
(Tested with an external hard drive and an amd64
ThinkPad with TPM module version 1.2)

Here are the new patch files. I did not provide them as
attachments because the netiquette says only the bugs,
ports and the tech mailing list are supporting
attachments although it was allowed when Julius Zint
made it's initial post. The files are beginning after
the ``` and are ending before the next ``` just like
in Markdown.


# gidt.S.patch
```
--- gidt.S.orig Mon Apr 19 13:22:32 2021
+++ gidt.S  Mon Apr 19 13:22:32 2021
@@ -432,11 +432,13 @@
movl%edi, _C_LABEL(BIOS_regs)+BIOSR_DI

/* clear NT flag in eflags */
-   pushf
+   push%eax
+   pushf
pop %eax
and $0xbfff, %eax
push%eax
popf
+   pop %eax

pop %gs
pop %fs

```

# cmd_i386.c.patch
```
--- cmd_i386.c.orig Mon Apr 19 13:23:44 2021
+++ cmd_i386.c  Mon Apr 19 13:23:44 2021
@@ -36,6 +36,7 @@
 #include "biosdev.h"
 #include "libsa.h"
 #include 
+#include 

 extern const char version[];

@@ -44,6 +45,7 @@
 int Xdiskinfo(void);
 int Xmemory(void);
 int Xregs(void);
+int Xtpm(void);

 /* From gidt.S */
 int bootbuf(void *, int);
@@ -53,11 +55,155 @@
{ "comaddr",CMDT_CMD, Xcomaddr },
{ "diskinfo",   CMDT_CMD, Xdiskinfo },
{ "memory", CMDT_CMD, Xmemory },
+{ "tpm",CMDT_CMD, Xtpm },
 #ifdef DEBUG
{ "regs",   CMDT_CMD, Xregs },
 #endif
{ NULL, 0 }
 };
+
+/**
+ * print_memory - debugging functionality to dump memory region to screen
+ * @buf:memory location to begin dump
+ * @rows:   rows to print
+ * @columns:columns to print
+ *
+ * Remarks: total bytes dumped = rows * columns
+ */
+void
+print_memory(void* buf, uint32_t rows, uint32_t columns)
+{
+uint8_t* iter = buf;
+for(int i = 0; i < rows; i++) {
+printf("%03x:", i * columns);
+for(int k = 0; k < columns; k++) {
+printf(" %02x", *iter);
+iter++;
+}
+printf("\n");
+}
+}
+
+#define SECRET_BLK_OFF 1
+
+int
+Xtpm(void)
+{
+int rc;
+uint8_t major = 0;
+uint8_t minor = 0;
+rc = tpm_statuscheck(, );
+   if(rc != 0) {
+printf("No TCG compliant BIOS available.\n");
+   }
+   else if(major != 1 && minor != 2) {
+printf("Incompatible TCG BIOS version: %u.%u\n", major, minor);
+   }
+   if (cmd.argc < 2) {
+printf("machine tpm r[andom]|p[cr]|u[nseal] 
[DiskNumber]|s[eal] secret [DiskNumber]\n");
+printf("strlen(secret) <= 100\n");
+return 0;
+}
+switch(cmd.argv[1][0]) {
+case 'r': {
+char random_buf[20];
+tpm_random(random_buf, 20);
+print_memory(random_buf, 2, 10);
+} break;
+case 'p': {
+tpm_printpcr(0, 15);
+} break;
+case 'u': {
+// load secret disk block
+int disk_number = 0x80;
+if(cmd.argc == 3) {
+disk_number = (int)strtol(cmd.argv[2], NULL, 0);
+}
+unsigned char* secret_disk_block = alloc(512);
+memset(secret_disk_block, 0x00, 512);
+struct diskinfo * disk_info = dklookup(disk_number);
+if(disk_info == NULL) {
+printf("IO Error - Disk %x not found\n", disk_number);
+goto unseal_end;
+}
+rc = biosd_diskio(F_READ, disk_info, SECRET_BLK_OFF, 1, 
secret_disk_block);
+if(rc != 0) {
+printf("IO Error \n");
+goto unseal_end;
+}
+if (secret_disk_block[0] != 'A' ||
+secret_disk_block[1] != 'E' ||
+secret_disk_block[2] != 'M' ||
+secret_disk_block[3] != 'S')
+{
+printf("No sealed secret found on disk");
+goto unseal_end;
+}
+uint32_t sealed_size = *((uint32_t*)(secret_disk_block + 4));
+unsigned char* sealed_data = secret_disk_block + 8;
+if(sealed_size > 512) {
+printf("Invalid size for sealed data\n");
+goto unseal_end;
+}
+
+// unseal data
+char unsealed_secret[100];
+uint32_t unsealed_size = 100;
+

Re: /var/log/failedlogin is a binary file with a lot of null bytes?!

/var/log/failedlogin is a binary file with a lot of null bytes?!

Re: Trusted Boot with OpenBSD

Trusted Boot with OpenBSD

4 matches

Site Navigation

Mail list logo

Footer information