DanJ - My Bits

It has been a long time since my last. I hope to do better.

Lately I’ve been working on a feature for our system which requires our server to keep some of  data encrypted. When accessed by a client, the server returns an XML formatted result where some of the nodes are encrypted. Below is an example:

<books>
<book>
&lt;EncryptedNode IV="abcdefg">AES-256-CBC|8c9cba4110124ceabe672d9ce345a3b8|6NxJchrB/fmN8ab0m4EPnJ3XS2ek0z4dqVmKtZf6LGA=&lt;/EncryptedNode>
</book>
</books>

On the client side, I wrote a method which retrieves the XML from the server and replaces the encrypted nodes with their decrypted values. The example above results in the following decrypted XML:

<books>
<book>
<title>title1</title>
</book>
</books>

So far so good. My confusion was with the implementation details. To replace the encrypted node I overwrote the InnerText property of the parent node as shown below (I know this isn’t an optimized method for DOM manipulation, but it seems to be the simplest one).

String encryptedText = node.InnerText; // encryptedText = "AES-256-CBC|..."
String decryptedText = DecryptText(myKey, encryptedText); // decrypedText = "<title>title1</title>"
node.ParentNode.InnerText = decryptedText;

Although this looked right at first, it did not result in what I expected. Instead of adding a child node named ‘title’ to the node named ‘book’, what I really did was change the inner text of the ‘book’ node  to “<title>title1</title>”. Replacing node.ParentNode.InnerText with node.ParentNode.InnerXml solved my problem.

The MSDN documentation is a bit confusing regarding the differences between these two properties (in my example value is null).

XmlNode.InnerText: Gets or sets the concatenated values of the node and all its child nodes.
XmlNode.InnerXml: Gets or sets the markup representing only the child nodes of this node

Running some tests I came to the conclusion that InnerText escapes all characters, while InnerXml does not. Goes without saying that you need to make sure to use the right one. Also, note that if using InnerXml the string must be valid XML as the characters will not be formatted.

I hope this helps someone.

This is for all those out there trying to figure out why rtap0 is stuck on channel 0 while the AP channel is using some other channel.

The secret is to set the channel when bringing up the interface: modprobe ipw2200 rtap_iface=1 channel=x

It worked for me

Finally, I think I got it working.

All you need to do is follow these instructions (carefully)

http://lani78.wordpress.com/2008/08/09/setting-up-a-dns-for-the-local-network/

http://lani78.wordpress.com/2008/08/10/setting-up-a-dhcp-server-on-ubuntu-hardy-heron/

http://lani78.wordpress.com/2008/08/12/dhcp-server-update-dns-records/

I had some linux clients that weren’t updating the DNS records. Turns out they were not sending their hostname. A fix is found here: http://ubuntuforums.org/archive/index.php/t-549612.html

Still one of my servers kept “loosing” it’s dns record. Turns out the nagios check-dhcp was causing the problem, so I just disabled this test.

Not sure how to resolve this

• On Linux I have a mounted folder (sshfs src tgt). SVN has lots of trouble with this and I found that using a rename workaround resolves this issue.

sshfs -o workaround=rename 192.168.3.10:/var/dev_linux /home/buildmaster/dev/

• Still I’m unable to run make install from these folders. Running as the local user I don’t have write permissions to /usr/local/lib. Running as root (sudo) I don’t have to the files on the mounted folder…

Finally managed to resolve some nagging issues:

.Net application wont run from my network mapped drive Z:\ - The problem has to do with the location not being trusted. I found a post here that explains how to use CasPol.exe in order to define the network drive as a trusted location.

The next issue was to find CasPol.exe. I’m using .Net version 3.5, which is an extension to Version 2.0. Thus CasPol.exe is located in the version 2.0 directory.

The command line I used is as follows:

caspol -q -machine -addgroup 1 -url file://z:/* FullTrust -name "Z Drive"

It’s been at least 12 months since I stopped using WEP on my home network and switched to WPA. I knew for a while that WEP was hackable, but I had no idea how easy it was using aircrack.

A while ago I changed KNetworkManager on my laptop from automatic to manual configuration. Don’t ask why. Since then I’ve been having trouble connecting to my network when running Linux. Windows worked flawlessly. Occasionally I’d even have to leech a neighbors network (please accept my apologies) just to read some email.

Today I decided to tackle this by going back to “Automatic” configuration and letting KNetworkManager handle the rest. After all, the Ubuntu pages do specifically say that KNetworkManager can handle WPA automatically (https://help.ubuntu.com/community/WifiDocs/WPAHowTo). Apparently going back to the auto-pilot is not so simple. After trying every menu item and searching every dialog I finally went to Google to find this post: How to switch back to automatic mode?

Turns out that you can’t. Even removing the app and reinstalling doesn’t help. There are some workarounds provided and one of them even worked. Nevertheless, I don’t understand how such a feature could be missing!?

Last week I started learning Python. After playing around with Perl, and PHP I must say that I really like Python.

I have decided to rewrite my backup scripts that use Amazon’s S3 and EC2 services using Python. The previous version was written as a BASH script, with PHP scripts to handle S3 traffic, and Java apps to handle the EC2 instances — As you can imagine, it was a mess.

In Python I’m using the boto library to interface with the Amazon services. For compression I’m using 7z and to do the actual file transfer I’m using rsync.

Stay tuned for more details next post.

Dan

Everybody knows WEP is not secure. Everybody knows that dictionary passwords are a piece of cake. But Windows XP!? I was surprised. I figured it wouldn’t be too hard, but 3m, that’s all!?
My password is not a dictionary word (it’s not any kind of word at all), it has CAPITAL letters, small letters, and digits. It’s 11 characters long. I didn’t think it would be so easy to hack.

Yesterday a friend of mine was telling me about Rainbow attacks. After reading a bit about the theory I figured it was worth a try. Following the links from Wikipedia I downloaded Ophcrack Live CD for cracking windows XP passwords. The download took a while because the tables are pretty big, but once I had the .iso the rest was pretty fast.

I booted from the CD, and after less than 3m I saw my password next to my Windows XP username, I didn’t even have to touch the any key.

I’m not yet sure what I’ll do next.

Dan

Hello World!

I’m Dan. This is my blog. It’s about programming, software, computers, and whatever.

Today I’ve managed to build a current version of ffmpeg on Windows. To celebrate, I’ve decided to start this blog, and share my achievement. If anyone would like a copy, or is interested in the details, let me know.

Danj