My BZFlag Cheats2005-04-01

We started playing a great little multi player game called BZFlag in the office some time ago. It became quickly apparently that I sucked terribly at the game, despite my extensive efforts to shift blame to the fact that I was the only user playing on win32 and had older hardware. While I can't play BZFlag, I can code- and BZFlag is open source. Within a short time I was able to level the playing field. In the spirit of April fools, here are the list of changes I made:

  • Stealth tanks appear on radar.
  • Disabled color-blindess.
  • Color bad flags black.
  • Color laser flags red.
  • Color guided missiles green.
  • Color narrow/burrow flags blue.
  • Color shockwave flags yellow.
  • Disabled ability for other tanks to cloak on screen.
  • Reduced laser reload time.
  • Added 25% chance of a good shot missing me.
  • Disabled burrow speed handicap.
    • This was detectable so I disabled it.
  • Disabled my own shots from killing myself.
  • Made my shot velocity slightly faster when packing the shot packet.
    • This appears to have broken my ability to kill others, so I disabled it.

Terminal Snooping2005-03-31

When running a shell server, at some point you may find the need to monitor or interact with another user's terminal. A number of kernel-based solutions exist such as Sebek from The Honeynet Project. I wanted something simpler and more elegant and was suggested by a contact to look into ttysnoop. ttysnoop is great- it allows you to selectively "attach" to a target user's terminal, view/interact as you please and detach when you are done. There is no need for a separate data store, any kernel modules or recompiling of any sort. Here is how I set it up to work with SSH on my Gentoo system:

First, I commented out the block of code responsible for the annoying startup sound and the line that prints "bye bye" when users close their session from ttysnoops.c:

    509: /*if (InitSound())
    510: {
    511:     DoSound(466, SLEN);     // A#4
    512:     DoSound(622, SLEN);     // D#5
    513:     DoSound(784, SLEN);     // G5
    514:     DoSound(932, SLEN*2);   // A#5
    515:     DoSound(784, SLEN);     // G5
    516:     DoSound(932, SLEN*3);   // A#5
    517: }*/


    661: if ((n = read(ptyfd, buff, BUFF_SIZE)) < 1)
    662: {
    663:     //errorf ("bye bye\n");
    664:     exit (0);
    665: }

I then compiled and installed the binaries (ttysnoop and ttysnoops) to /sbin. Next I created the /etc/snooptab file with the following single entry:

    * socket login /bin/login.orig

I then moved /bin/login to /bin/login.orig and created a symbolic link from /bin/login to /sbin/ttysnoops:

    # mv /bin/login /bin/login.orig
    # ln -s /sbin/ttysnoops /bin/login

Next, I modified the command line arguments to agetty in /etc/inittab to reference the original login binary:

    agetty -l /bin/login.orig

I then enabled the UseLogin option in sshd_config and restarted both sshd and init. I also created the ttysnoop spool directory as that is not done automatically:

    # echo "UseLogin yes" >> /etc/ssh/sshd_config
    # /etc/init.d/sshd restart
    # init q
    # mkdir /var/spool/ttysnoop/
    # chmod 700 /var/spool/ttysnoop/

At this point ttysnoop is up and running. I did come across one quirk with the control keys. While Ctrl + '\' was working for suspends, Ctrl + '-' was not detaching from the snoop device. I was about to change the TERM_CHAR define when I realized that Ctrl + '/' sends the appropriate key-code for me, so you may want to try that key combination if Ctrl + '-' is not working for you.

Python WMI2005-03-10

The Python WMI interface is very cool as it lets you write small yet functional snippets like the following print-job sniffer:

    import wmi

    w       = wmi.WMI()
    watcher = w.watch_for(
        notification_type = "Creation",
        wmi_class         = "Win32_PrintJob",
        delay_secs        = 1)

    while 1:
    job   = watcher()
    owner = str(job.Owner)

    print "user:    %s"  % (job.Owner)
    print "printer: %s"  % (job.Name)
    print "title:   %s"  % (job.Document)
    print "pages:   %d " % (job.TotalPages)
    print "-" * 80

The above snippet will watch the network for all print jobs and print the owner, document title, printer name and page count. More information about WMI (Windows Management Instrumentation) can be found on MSDN.