Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 days ago.
The community is reviewing whether to reopen this question as of 6 days ago.
Improve this question
The following UBoot commands when entered manually via the UBoot prompt successfully load an image from my TFTP server:
setenv ipaddr 192.168.0.199
setenv serverip 192.168.0.198
tftp 0x10000000 rpi3bp/image.bin
go 0x10000000
However, when I compile a boot.scr file with the mkimage Uboot utility containing the above commands like so:
echo ===== Saving RPi's IP Address =====
setenv ipaddr 192.168.0.199
echo ===== Saving Home TFTP server's IP Address =====
setenv serverip 192.168.0.198
echo ===== Loading file from Home TFTP server =====
tftp 0x10000000 rpi3bp/image.bin
echo ===== Running image =====
go 0x10000000
I get the following failed output when my device boots using this boot.scr script:
...
Found U-Boot script /boot.scr
359 bytes read in 2 ms (174.8 KiB/s)
## Executing script at 02400000
===== Saving RPis IP Address =====
setenv ipaddr 192.168.0.199
echo ===== Saving Home TFTP servers IP Address =====
===== Loading file from Home TFTP server =====
lan78xx_eth Waiting for PHY auto negotiation to complete........ done
*** ERROR: `ipaddr' not set
===== Running image =====
## Starting application at 0x10000000 ...
"Synchronous Abort" handler, esr 0x02000000
elr: ffffffffd4d27000 lr : 0000000000088cc0 (reloc)
elr: 0000000010000000 lr : 000000003b361cc0
x0 : 0000000000000001 x1 : 000000003af6a028
x2 : 000000003af6a028 x3 : 000000000000003f
x4 : 000000003af60df0 x5 : 0000000000000000
x6 : 0000000000000000 x7 : 0000000000c0c0c0
x8 : 0000000000000010 x9 : 0000000000000008
x10: 00000000ffffffd0 x11: 0000000000000010
x12: 0000000000000000 x13: 0000000000000200
x14: 000000003b3cc640 x15: 0000000000000001
x16: 0000000010000000 x17: 0fac920a292163a0
x18: 000000003af54db0 x19: 000000003af6a028
x20: 0000000010000000 x21: 0000000000000002
x22: 000000003af6a020 x23: 0000000000000002
x24: 000000003b3e567c x25: 0000000000000000
x26: 0000000000000000 x27: 0000000000000000
x28: 000000003af6a080 x29: 000000003af52ed0
Code: aaaaaaaa aaaaaaaa aaaaaaaa a2aaaaaa (55555555)
Seems like ipaddr isn't getting saved and the TFTP file isn't getting copied from the server but I'm not sure why.
What am I doing wrong here in my UBoot script and how can I fix it?
Should boot.scr work just as one would be entering UBoot commands manually in the UBoot prompt?
Edit 1:
I've just hexdumped my boot.scr binary and can confirm I have Unix line endings and not Windows line endings, which is consistent with the fact that I'm using MacOS.
❯ hexdump -C boot.scr
00000000 27 05 19 56 fc 01 13 df 63 d4 67 63 00 00 01 27 |'..V�..�c�gc...'|
00000010 00 00 00 00 00 00 00 00 a6 de 91 ea 05 02 06 01 |........��.�....|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000040 00 00 01 1f 00 00 00 00 0a 65 63 68 6f 20 3d 3d |.........echo ==|
00000050 3d 3d 3d 20 53 61 76 69 6e 67 20 52 50 69 27 73 |=== Saving RPi's|
00000060 20 49 50 20 41 64 64 72 65 73 73 20 3d 3d 3d 3d | IP Address ====|
00000070 3d 0a 73 65 74 65 6e 76 20 69 70 61 64 64 72 20 |=.setenv ipaddr |
00000080 31 39 32 2e 31 36 38 2e 30 2e 31 39 39 0a 0a 65 |192.168.0.199..e|
00000090 63 68 6f 20 3d 3d 3d 3d 3d 20 53 61 76 69 6e 67 |cho ===== Saving|
000000a0 20 48 6f 6d 65 20 54 46 54 50 20 73 65 72 76 65 | Home TFTP serve|
000000b0 72 27 73 20 49 50 20 41 64 64 72 65 73 73 20 3d |r's IP Address =|
000000c0 3d 3d 3d 3d 0a 73 65 74 65 6e 76 20 73 65 72 76 |====.setenv serv|
000000d0 65 72 69 70 20 31 39 32 2e 31 36 38 2e 30 2e 31 |erip 192.168.0.1|
000000e0 39 38 0a 0a 65 63 68 6f 20 3d 3d 3d 3d 3d 20 4c |98..echo ===== L|
000000f0 6f 61 64 69 6e 67 20 66 69 6c 65 20 66 72 6f 6d |oading file from|
00000100 20 48 6f 6d 65 20 54 46 54 50 20 73 65 72 76 65 | Home TFTP serve|
00000110 72 20 3d 3d 3d 3d 3d 0a 74 66 74 70 20 30 78 31 |r =====.tftp 0x1|
00000120 30 30 30 30 30 30 30 20 72 70 69 33 62 70 2f 69 |0000000 rpi3bp/i|
00000130 6d 61 67 65 2e 62 69 6e 0a 0a 65 63 68 6f 20 3d |mage.bin..echo =|
00000140 3d 3d 3d 3d 20 52 75 6e 6e 69 6e 67 20 69 6d 61 |==== Running ima|
00000150 67 65 20 3d 3d 3d 3d 3d 0a 67 6f 20 30 78 31 30 |ge =====.go 0x10|
00000160 30 30 30 30 30 30 0a |000000.|
00000167
The problem is caused by the single quote (') which marks the start of a string:
echo ===== Saving RPi's IP Address =====
Please, remove the single quotes
echo ===== Saving RPis IP Address =====
The return value of the tfpt command should be checked. You don' want to jump to an address where nothing has been loaded.
echo ===== Saving RPis IP Address =====
setenv ipaddr 192.168.0.199
echo ===== Saving Home TFTP servers IP Address =====
setenv serverip 192.168.0.198
echo ===== Loading file from Home TFTP server =====
tftp 0x10000000 rpi3bp/image.bin; setenv ret $?
echo ===== Running image =====
if test $ret -eq 0; then go 0x10000000; fi
Related
I would like to implement a sniffer for incident response and forensic investigations, to sniff the traffic and identifying malicious packets and C2 (C&C -Command and Control) IP.
In incident response i can't install npcap/winpcap or other librairies detected by antivirus softwares and i should use the faster way to sniff the local traffic. So i would like to develop a simple CLI sniffer (it must be launched on Windows core servers) in a simple executable file to copy/paste it on the server and launch it with admin privileges.
Context example: a ransomware is running on a server and exfiltrate data, there are some NAT (Network Address Translation) between firewalls and the server (so it's difficult to identifying the the malicious traffic).
I write a POC in python on my github.
How i use my raw socket:
from socket import socket, AF_INET6, SOCK_RAW, IPPROTO_IP, IPPROTO_IPV6, IPV6_PKTINFO, SIO_RCVALL, RCVALL_ON, RCVALL_OFF
sock = socket(AF_INET6, SOCK_RAW, IPPROTO_IP)
sock.bind(("<IPv6 address>", 0))
sock.setsockopt(IPPROTO_IPV6, IPV6_PKTINFO, 0)
sock.ioctl(SIO_RCVALL, RCVALL_ON)
while True:
data, source_address = sock.recvfrom(65535)
sock.ioctl(SIO_RCVALL, RCVALL_ON)
sock.close()
What i get when i sniff a ICMPV6 packet:
0000 80 00 68 62 00 01 42 dc 61 62 63 64 65 66 67 68 ..hb..B.abcdefgh
0010 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 61 ijklmnopqrstuvwa
0020 62 63 64 65 66 67 68 69 bcdefghi
It's just the data section without any IPv6 headers so i can't see IPv6 address and protocol type (so i can't parse data).
What i want:
0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 ..............`.
0010 00 00 00 28 3a 80 fe 80 00 00 00 00 00 00 12 23 ...(:.*........Z
0020 34 45 56 65 67 78 fe 80 00 00 00 00 00 00 00 00 :(B.#.*..P#.....
0030 00 00 00 00 12 23 80 00 68 6a 00 01 42 d4 61 62 .... ...hj..B.ab
0040 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 cdefghijklmnopqr
0050 73 74 75 76 77 61 62 63 64 65 66 67 68 69 stuvwabcdefghi
Here i have the Ethernet frame, i would like it but for if you can help me to get only the IPv6 headers, it's okay. If you know how i can get the full ethernet frame, packet and segment it's better for me.
I see IPV6_HDRINCL but it's only to send IPV6 headers not to receive it and i see this RFC, i don't find what i search.
I've got some code to create labels in Gmail, which usually works fine. But now the requirement is to create a label with Japanese characters, specifically "アーカイブ". I am encoding the json like this:
7B 0D 0A 22 6E 61 6D 65 22 3A 22 E3 82 A2 E3 83 {.."name":".....
BC E3 82 AB E3 82 A4 E3 83 96 22 2C 0D 0A 22 6D ..........",.."m
65 73 73 61 67 65 4C 69 73 74 56 69 73 69 62 69 essageListVisibi
6C 69 74 79 22 3A 22 73 68 6F 77 22 2C 0D 0A 22 lity":"show",.."
6C 61 62 65 6C 4C 69 73 74 56 69 73 69 62 69 6C labelListVisibil
69 74 79 22 3A 22 6C 61 62 65 6C 53 68 6F 77 22 ity":"labelShow"
0D 0A 7D 0D 0A 00 00 00 00 00 00 00 00 00 00 00 ..}.............
As you can see, the first character is the UTF8 sequence E3 82 A2, which if you look at this table (https://www.utf8-chartable.de/unicode-utf8-table.pl?start=12352&names=-) seems to be correct for that first character. The others look OK also.
As a test, I created a Japanese folder with that name in the UI, then got a dump of the json that Gmail produces when I get a list of existing folders. What Gmail produces is exactly the same as what I'm trying to import. So I don't see what I could be doing wrong here. Any help appreciated.
Never mind this - turns out my Japanese characters translate to "Archive" which is apparently a reserved folder name.
I have a script that collects a bunch of file system object information (hashes, dates, etc) and stores it in a MySQL database (one row per object).
The script is running in Bash in Mac OS X 10.10.4 (MBP).
I would like to store the HFS+ Extended Attributes in the database as well. xattr gives output as shown below, I would like to dump the hex and formatting text leaving just the attribute name and the ASCII value. This means not just dumping the line numbers, hex, and | formatting characters but also concatenate the value onto one line per attribute name with the attribute name prepended.
Note that each object (file/folder) may have multiple attributes and the attribute names are not defined.
Take this input:
$xattr -l wordpress-3.9.6.zip
com.apple.metadata:kMDItemWhereFroms:
00000000 62 70 6C 69 73 74 30 30 A2 01 02 5F 10 29 68 74 |bplist00..._.)ht|
00000010 74 70 73 3A 2F 2F 77 6F 72 64 70 72 65 73 73 2E |tps://wordpress.|
00000020 6F 72 67 2F 77 6F 72 64 70 72 65 73 73 2D 33 2E |org/wordpress-3.|
00000030 39 2E 36 2E 7A 69 70 5F 10 2F 68 74 74 70 73 3A |9.6.zip_./https:|
00000040 2F 2F 77 6F 72 64 70 72 65 73 73 2E 6F 72 67 2F |//wordpress.org/|
00000050 64 6F 77 6E 6C 6F 61 64 2F 72 65 6C 65 61 73 65 |download/release|
00000060 2D 61 72 63 68 69 76 65 2F 08 0B 37 00 00 00 00 |-archive/..7....|
00000070 00 00 01 01 00 00 00 00 00 00 00 03 00 00 00 00 |................|
00000080 00 00 00 00 00 00 00 00 00 00 00 69 |...........i|
0000008c
com.apple.quarantine: 0001;55701556;Google Chrome.app;8AD80928-CB48-48EA-8A1B-EC4B0BE656A9
And make it look like this:
com.apple.metadata:kMDItemWhereFroms: bplist00..._.)https://wordpress.org/wordpress-3.9.6.zip_./https://wordpress.org/download/release-archive/..7...............................i
com.apple.quarantine: 0001;55701556;Google Chrome.app;8AD80928-CB48-48EA-8A1B-EC4B0BE656A9
Thanks for any help
MC
xattr is not very customizable; it's meant more for human browsing than scripted use. You're better off using another language. Here's an example in Python:
import xattr
x = xattr.xattr('wordpress-3.9.6.zip')
for name, value in x:
print name, repr(x[name])
You may want to drop the call to repr (or use a different wrapper around x[name]), depending on the desired output.
Note that you almost certainly do not want the . from the ASCII output of the xattr program, since they represent any non-printable ASCII character.
I'm trying to write a script to extract the original download URL from disk images downloaded with Safari on OS X using xattr, so that I can rename them but still easily obtain their original names for reference.
This command prints the hex representation of the URL that the given file was downloaded from, as an example:
xattr -p com.apple.metadata:kMDItemWhereFroms *.dmg
gives
62 70 6C 69 73 74 30 30 A1 01 5F 10 4F 68 74 74
70 3A 2F 2F 61 64 63 64 6F 77 6E 6C 6F 61 64 2E
61 70 70 6C 65 2E 63 6F 6D 2F 4D 61 63 5F 4F 53
5F 58 2F 6D 61 63 5F 6F 73 5F 78 5F 31 30 2E 36
2E 31 5F 62 75 69 6C 64 5F 31 30 62 35 30 34 2F
30 34 31 35 30 37 33 61 2E 64 6D 67 08 0A 00 00
00 00 00 00 01 01 00 00 00 00 00 00 00 02 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 5C
The URL starts at the 14th byte (if I counted correctly) and is NULL terminated. How can I format this string so that I get a string output as follows:
http://adcdownload.apple.com/Mac_OS_X/mac_os_x_10.6.1_build_10b504/0415073a.dmg
(don't worry, this link doesn't work unless you're logged in to ADC)
...essentially, the same thing Finder will display in Get Info. I tried piping xattr's output to xxd but I'm not sure how to specify the offset so the string starts at the right place.
So, after looking at the binary data returned by xattr -p, I realized that it was actually a binary plist... hence "bplist" at the front of the data. For some reason I didn't notice this before, but in light of this, here's a proper solution that should work on every OS X from 10.5 to 10.8.
To avoid duplication, I'll link to the source instead of pasting it: https://github.com/jakepetroules/wherefrom
i hope you can give me an idea about what's going wrong.
The Szenario:
I run gitweb (CGI) with a script in fastcgi mode:
#!/bin/sh
export FCGI_SOCKET_PATH=127.0.0.1:7001
su git -c "/var/www/vh_[vhost]/htdocs/gitweb.cgi --fastcgi &"
Then i use nginx to serve that content:
...
fastcgi_pass 127.0.0.1:7001;
...
Everything works as expected, but here's the problem:
$ wget "http://git.[host].de/?p=[repo].git;a=summary" -O /tmp/test.txt && file --mime-encoding /tmp/test.txt
> /tmp/test.txt: iso-8859-1
$ su git -c "./gitweb.cgi \"?p=[repo].git;a=summary\" > ./test" && file --mime-encoding ./test
> ./test: utf-8
Which obviously means that fast-cgi output is utf8 while content served by nginx is iso-8859-1.
FireBugs Response Header:
Server nginx
Date Fri, 02 Sep 2011 14:14:08 GMT
Content-Type application/xhtml+xml; charset=utf-8
Transfer-Encoding chunked
Connection close
It looks like the transfer using the socket leads to an encoding problem.
I've tested a lot but can't figure out how to solve this.
although you aren't using PHP, I found the fix for my issue but wrapping the pieces that were being exposed as ISO-8859-1 with: utf8_encode(): http://php.net/manual/en/function.utf8-encode.php
If your CGI is in PERL, maybe http://perldoc.perl.org/utf8.html will solve your problem. It solved mine ... Z�rich
Another option could be to add the following to the http { } statement in your nginx.conf:
charset utf-8;
-sd
I can make it works by using fcgiwrap.
I though some environment variables where different between the two methods, so I added the following code to the gitweb.cgi dispatch() sub:
open my $tmplogfile, ">", "/tmp/gitweb-env.txt";
foreach my $varkey (sort keys %ENV) {
print $tmplogfile "$varkey = $ENV{$varkey}\n";
}
close $tmplogfile;
but the environment were the same.
Something may be done by fcgiwrap, I do not yet found what.
Here are the commands I use and the differences I found using tcpdump on the fcgi socket:
# gitweb spawned by fcgiwrap outputs utf-8
/usr/bin/spawn-fcgi -d /usr/share/gitweb -a 127.0.0.1 -p 3000 -u www-data -g gitolite -P /run/gitweb/gitweb.cgi.pid -- /usr/sbin/fcgiwrap
# Require the following nginx gitweb_fastcgi_params
# fastcgi_param QUERY_STRING $query_string;
# fastcgi_param REQUEST_METHOD $request_method;
# fastcgi_param SCRIPT_NAME $fastcgi_script_name;
# fastcgi_param DOCUMENT_ROOT $document_root;
# With the following nginx configuration
# upstream gitweb {
# server 127.0.0.1:3000;
# }
#
# server {
# listen 80;
#
# server_name git.example.net;
#
# root /usr/share/gitweb;
#
# access_log /var/log/nginx/gitweb-access.log;
# error_log /var/log/nginx/gitweb-errors.log;
#
# location / {
# alias /usr/share/gitweb/gitweb.cgi;
# include gitweb_fastcgi_params;
# fastcgi_pass gitweb;
# }
#
# location /static {
# alias /usr/share/gitweb/static;
# expires 31d;
# }
# }
# STDOUT captured on lo
# Begin of the FCGI answer
# 00000000 01 06 00 01 1f f8 00 00 53 74 61 74 75 73 3a 20 ........ Status:
# 00000010 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 200 OK.. Content-
# 00000020 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f Type: ap plicatio
# 00000030 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 3b 20 63 68 61 n/xhtml+ xml; cha
# 00000040 72 73 65 74 3d 75 74 66 2d 38 0d 0a 0d 0a 3c 3f rset=utf -8....<?
# 00000050 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 xml vers ion="1.0
# [...]
#
# "Guido Günther" as UTF-8
# 00000FA0 6c 65 3d 22 53 65 61 72 63 68 20 66 6f 72 20 63 le="Sear ch for c
# 00000FB0 6f 6d 6d 69 74 73 20 61 75 74 68 6f 72 65 64 20 ommits a uthored
# 00000FC0 62 79 20 47 75 69 64 6f 20 47 c3 bc 6e 74 68 65 by Guido G..nthe
# 00000FD0 72 22 20 63 6c 61 73 73 3d 22 6c 69 73 74 22 20 r" class ="list"
Before, gitweb --fastcgi was directly spawned by spawn-fcgi:
# gitweb spawned by spawn-fcgi outputs iso-8859-1
/usr/bin/spawn-fcgi -d /usr/share/gitweb -a 127.0.0.1 -p 3000 -u www-data -g gitolite -P /run/gitweb/gitweb.cgi.pid -- /usr/share/gitweb/gitweb.cgi --fastcgi
# STDOUT captured on lo
# Begin of the FCGI answer with "00 46 02" in place of "1f f8 00" for utf-8 output
# 00000000 01 06 00 01 00 46 02 00 53 74 61 74 75 73 3a 20 .....F.. Status:
# 00000010 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 200 OK.. Content-
# 00000020 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f Type: ap plicatio
# 00000030 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 3b 20 63 68 61 n/xhtml+ xml; cha
# 00000040 72 73 65 74 3d 75 74 66 2d 38 0d 0a 0d 0a 00 00 rset=utf -8......
# 00000050 01 06 00 01 02 88 00 00 3c 3f 78 6d 6c 20 76 65 ........ <?xml ve
# 00000060 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f rsion="1 .0" enco
# 00000070 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0a 3c ding="ut f-8"?>.<
# [...]
#
# "Guido Günther" as ISO-8859-1
# 00001128 74 6c 65 3d 22 53 65 61 72 63 68 20 66 6f 72 20 tle="Sea rch for
# 00001138 63 6f 6d 6d 69 74 73 20 61 75 74 68 6f 72 65 64 commits authored
# 00001148 20 62 79 20 47 75 69 64 6f 20 47 fc 6e 74 68 65 by Guid o G.nthe