Wednesday, October 23, 2013

Say "hello nftables" on Debian 7 GNU/Linux

Nftables is the 4th generation packet filter engine for linux kernel and it will be merged into kernel 3.13. I haven't play with netfilter for a while. When I saw Nftables a couple of days ago, I think there's something( iteches?) I need to scratch;-) Let's try to say "Hi" to nftables.

OS: Debian 7 GNU/Linux. Grab the small version of iso here.

After the installation. Some packages are needed to be install also:
#apt-get install git vim libgmp-dev libreadline-dev libtool autoconf gcc make pkg-config libjansson-dev libmxml-dev flex bison libncurses5-dev kernel-package

Firstly, you need to compile two libraries: libmnl and libnftables
git clone git://git.netfilter.org/libmnl
cd libmnl/
./autogen.sh
./configure
make
sudo make install
sudo ldconfig

git://git.netfilter.org/libnftables
cd libnftables/
./autogen.sh
./configure --with-json-parsing --with-xml-parsing
make
sudo make install
sudo ldconfig

Then, compile/install the userspace tool( nft):

git clone git://git.netfilter.org/nftables
cd nftables
./autogen.sh
ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes  ./configure
make
sudo make install
sudo ldconfig

Well, because linux-3.13 is not release yet. So we need to grab the source code from nftables dev tree:

git clone git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables.git linux
cp /boot/config-3.2.0-4-686-pae .config
make menuconfig( select these NF_TABLES options)
make -j 3 deb-pkg
cd ../
sudo dpkg -i *.deb

Reboot your machine. Let's try some policies. Thanks to the author whoever wrote this HOWTO. Nftables policy is seem easy to write. But I'm still not get used to the new style since I even don't know how to delete a table. It always saying the device is BUSY or something like that. WTH~ I checked the commits, it should be a feature though. I think the policy converter tool between iptables and nftables, that is necessary. Otherwise, it'd be barries to those old school iptables users/admin/developers.

Thursday, October 17, 2013

RTL-SDR version of "Hello World"

Telco sec is always a fascinating field I want to get involve with. Why? Because those old school Phrack guys has playing both computer sec and telco sec. I missed the golden age of Phrack that was bothered me for a while. It won't stop me to dive into any field I want now. If what makes you tick is only for profit( money?), come on, you probably won't be having qualify to mention the term "underground spirit";-)

About 1 month ago, a friend( Can't list his/her name here-_-) sent me a slide about Femtocell hacking and asked if I may have interest in it. Of course, I have. But...well, there's always a fucking "but", isn't it?...femtocell is a little bit expensive and I was busy with other stuff at the time. Then I even forgot this shit until a great hacker( Can't list his/her name too-_-) mentioned about there are cheap devices I could buy some for learning telco stuff: RTL-SDR. Everything you need to know is already in this website. I bought tuner, antenna, freq counter, SMA-MCX converter,etc... then I was catching the shit in the air. FM at first, MODE-S transmission and GSM sniffing. What I have learned/done in past two weeks is really shocking my mind and it is definitely actived a bunch of neurons in my brain. This is an awesome field. I'm willing to keep up with it in the future. Hacking on GNU/Linux system calls and kernel are already a burden that's hard to carry on. Hope I can make it this time.............I really appreciate those who were/are contributed/contributing to Phrack. It's more than a technical ezine. It's about hacking spirit and philosophical ideas.

Freq counter, it probably could be detecting IR-based controller
 Catching the shit in the air( not the wire) 
Support EFF....