Updates for IDA Sync, IDA pGRAPH and IDA Function Analyzer have been made available today. The IDA plug-ins have all been ported to compile against the 4.8 SDK. Binaries for IDA Pro 4.8 are also included.

I am also releasing OllyDbg Breakpoint Manager, an OllyDbg plug-in written to address some shortcomings of the built-in breakpoint management functionality. The plug-in provides three main functions- breakpoint exporting, breakpoint importing and automatic breakpoint loading. More information, examples and source code are available on the software releases page and bundled archive.

We started playing a great little multi player game called BZFlag in the office some time ago. It became quickly apparently that I sucked terribly at the game, despite my extensive efforts to shift blame to the fact that I was the only user playing on win32 and had older hardware. While I can't play BZFlag, I can code- and BZFlag is open source. Within a short time I was able to level the playing field. In the spirit of April fools, here are the list of changes I made:

• Stealth tanks appear on radar.
• Disabled color-blindess.

• Color bad flags black.
• Color laser flags red.
• Color guided missiles green.
• Color narrow/burrow flags blue.
• Color shockwave flags yellow.

• Disabled ability for other tanks to cloak on screen.

• Reduced laser reload time.

• Added 25% chance of a good shot missing me.
• Disabled burrow speed handicap.
  • This was detectable so I disabled it.
• Disabled my own shots from killing myself.

• Made my shot velocity slightly faster when packing the shot packet.
  • This appears to have broken my ability to kill others, so I disabled it.

When running a shell server, at some point you may find the need to monitor or interact with another user's terminal. A number of kernel-based solutions exist such as Sebek from The Honeynet Project. I wanted something simpler and more elegant and was suggested by a contact to look into ttysnoop. ttysnoop is great- it allows you to selectively "attach" to a target user's terminal, view/interact as you please and detach when you are done. There is no need for a separate data store, any kernel modules or recompiling of any sort. Here is how I set it up to work with SSH on my Gentoo system:

First, I commented out the block of code responsible for the annoying startup sound and the line that prints "bye bye" when users close their session from ttysnoops.c:

    509: /*if (InitSound())
    510: {
    511:     DoSound(466, SLEN);     // A#4
    512:     DoSound(622, SLEN);     // D#5
    513:     DoSound(784, SLEN);     // G5
    514:     DoSound(932, SLEN*2);   // A#5
    515:     DoSound(784, SLEN);     // G5
    516:     DoSound(932, SLEN*3);   // A#5
    517: }*/

    ...

    661: if ((n = read(ptyfd, buff, BUFF_SIZE)) < 1)
    662: {
    663:     //errorf ("bye bye\n");
    664:     exit (0);
    665: }

I then compiled and installed the binaries (ttysnoop and ttysnoops) to /sbin. Next I created the /etc/snooptab file with the following single entry:

    * socket login /bin/login.orig

I then moved /bin/login to /bin/login.orig and created a symbolic link from /bin/login to /sbin/ttysnoops:

    # mv /bin/login /bin/login.orig
    # ln -s /sbin/ttysnoops /bin/login

Next, I modified the command line arguments to agetty in /etc/inittab to reference the original login binary:

    agetty -l /bin/login.orig

I then enabled the UseLogin option in sshd_config and restarted both sshd and init. I also created the ttysnoop spool directory as that is not done automatically:

    # echo "UseLogin yes" >> /etc/ssh/sshd_config
    # /etc/init.d/sshd restart
    # init q
    # mkdir /var/spool/ttysnoop/
    # chmod 700 /var/spool/ttysnoop/

At this point ttysnoop is up and running. I did come across one quirk with the control keys. While Ctrl + '\' was working for suspends, Ctrl + '-' was not detaching from the snoop device. I was about to change the TERM_CHAR define when I realized that Ctrl + '/' sends the appropriate key-code for me, so you may want to try that key combination if Ctrl + '-' is not working for you.