captcha cracking

This is a pretty old posting from 2009 I just recently discovered in my “drafts” directory. Nowadays there are probably easier and more elegant ways of defeating a captcha, but for old times sake, here is my simple approach.
———————–

Eclectic and Marko were so kind as to “provide” me a captcha to play around with. Took me a few days of poking around and googling but in the end it was easier than I had thought. As long as there aren’t and logic errors in the code (e.g. bad or no session handling) you probably won’t get around some kind of OCR. As OCR software I decided to use gocr because it is free, runs under linux, and it is fairly easy to train to specific needs. Because I knew which libraries were being used to create the captcha images, it was possible for me to build a testing area. This just speeds things up a bit, the process would have worked just as well off the original website. First off: the spambot in action -> http://captcha.dopefish.de/spambot.php, and the website it accesses: http://captcha.dopefish.de/

Now I’ll describe the steps I took to defeat the captcha. Look at what happens on failed and successful inputs, first write a script that works if you enter the solution manually. I used the following 2 php functions for getting and posting stuff (and keeping the session intact)

Now train a gocr database for the images. Obviously it get’s better the more you train it.
Since curl is taking care of  session handling, we can use the get_url() function for downloading the captcha image. I pipe it through this shell command to make it easier for gocr to read:

It turnes this:

into this:

Since the valid captcha result is always the same length, we can check if gocr matched all the chars. If it looks good we can use post_url() to continue our session and throw all the fields at the form and submit it. See, wasn’t that hard. Most of the time is spent training gocr and converting the image into something easier to read. It doesn’t solve 100% of the images, more like 80-90%, but still better than nothing ;-).

Wireless bridge & dd-wrt

I recently bought the WL-330gE_M from Asus. It is a pair of access points pre-configured to bridge 2 LAN networks via wireless, all you have to do is take them out of the box and plug them in, straightforward and simple, no configuration needed. They are intended to enable hooking up devices to the internet that don’t have wireless and without pulling cables through the house (e.g. dvd player, TV, cable box, …).

The package arrived last week and it was a matter of minutes plugging the devices in and having everything working.  Everything worked without any setup, took me longer to get them out of the box than to hook them up.

 

Unfortunately our network storage (NAS) is also on the other end of this wireless bridge, and I noticed that when I move large files around (>2GB) or while streaming video/audio off the NAS the connection was dropping out. I don’t mean “ups and downs in the speeed” that is to be expected over wireless, I mean “connections resetting, copy actions aborting with error messages”. Not fun. Unfortunately since the devices are geared toward the “no configuration necessary, just unpack and hook up” crowd, there is no webinterface to see a syslog of what is happening or changing settings. Nada.

After this happening a few times it got really frustrating. I can live with slow, but connections dropping is out of the question. My original plan was to just reset the devices, flash them with a WL-330gE firmware and reconfigure the bridging (the only difference I could find was that the WL-330gE_M is black and not white, and comes preconfigured, and probably has a slightly different firmware without management capabilities).  While I was looking at different options and possibilities I went over to dd-wrt and happily saw that the WL-330gE was supported in the router database. So I decided if I was going to mess around with firmware, I could just as well throw dd-wrt on it.

Even though I am a system administrator, I don’t have the urge to have every device in the house running on Linux with a shell I can ssh in to. I’m perfectly fine with a simple interface that does what I want it to. But the wireless settings I can fine tune in dd-wrt are priceless (especially since I wanted to debug and fix the connection dropouts), normally you only get these options with cisco grade hardware.

The firmware upgrade process of the devices is simple and straightforward. Pull and reapply power with the reset button pressed until the power LED starts flashing, then shove the new firmware onto the device via tftp. Either with the “Firmware Restoration” tool from asus, or with a normal tftp client. I used later. Since this is so straightforward I guess I could also switch over to the official firmware if I wanted to, making two WL-330gE out of the WL-330gE_M pair (saves money since the pair is cheaper that buying two separately).

When in recovery mode (waiting for someone to tftp a new firmware onto it), the device has the IP 192.168.1.220 by default. This is just a rough summary of the steps, anyone wanting to do this should really read through the whole process of deploying dd-wrt with asus, there is important information there (even if the example is a WL500, the WL330 is similar). Just because it worked for my hardware,firmware,setup doesn’t mean you have the same hardware or are deploying the same version I did. Read the dd-wrt documentation before you brick your device.

Clear current settings from the nvram:

Wait 5 min, reboot into recovery, throw a dd-wrt firmware on the device ( I used DD-WRT v24-sp2 (08/12/10) mini – build 14929, standard works fine too).

Wait 5 mins, reboot and open http://192.168.1.1 To be on the safe side feel free to navigate to Administration -> Factory Defaults to make sure no junk was left behind.  To get bridging configured there are multiple possibilites depending on your needs. For plain LAN bridging you will probably want WDS or one device setup as a AP and the second as a Client Bridge (I used the latter option). One thing you will want to do is go to Setup -> Networking and set the WAN port to “disabled” since the device only has LAN and Wireless.

The rest is fairly ease, set up one device as an AP, chose WPA2 with a good long strong PSK. After testing if the AP works with e.g. a laptop, you can set up the 2nd device as a Client Bridge, just make sure you are on the same channel, same SSID, same security settings.  After everything is up and running now would be a good time to pull backups from the configuration. Might as well tweak around in the wireless advanced settings. If you mess up anything badly enough that it won’t connect again … well that is why you made the configuration backups 😉

As you probably guessed by now, the connection drops are gone, connection is smooth and stable. Peak speed is not quite as fast as before because I throttled some things and tweaked settings for stability, but still good. Turning the TX antenna output power from 71 down to 65 helped a lot and got the maximum out of the connection (probably less crap pulling my SNR down). And now I can see what the access point is doing and where problems are when they arise 😉

WordPress & code formatting

I’ve been using the WordPress plugin “developer formatter” for years and it worked pretty good … for a while. Unfortunately it stopped being developed sometime in 2008, which was OK since it did everything I wanted and worked fine. Unfortunately months later I noticed that the plugin broke the visual editor for new posting in my SVN version of WordPress, and unsusprisingly when the WordPress changes wenn to a live version it broke my editor there. But I liked the plugin so much, that I just started using the html editor to make postings here (and have been doing so for over a year). It works, but it isn’t the easies way to write up postings.

I finally bit in the sour apple and searched for alternatives that work without breaking a current WordPress. Turns out there are a few, and none really do exactly I want 😉
Right now I’ve narrowed down the selection to either My Syntax or WP-Syntax I’m going to play around with both, and as soon as I’ve decided which one fits my needs better, I’ll start fixing all the code tags in the blog (ugh). SO bear with me the next few days without code formating.

Wireshark remote capturing

yeah, this is real simple stuff, not really worth writing a script for it. but on the other hand it saves me from remembering how to do it every time I need it (which isn’t often). So here is a little script to setup remote capturing with wireshark.
All it basically does is ssh to the remote host and tcpdump sucking the output via stdout through the ssh connection to a local pipe, that is then used by wireshark to display the stream. Because of this you may want to make sure you aren’t capturing your own ssh data when doing this 😉

MySQL selecting IPs via CIDR

Quick little snippet here for selecting IPs from a database based off a CIDR subnet. First off a table structure with some test data:

Now let’s say we want all IPs from the subnet 173.192.175.16/28, using a simple 173.192.175.% would provide false results since you don’t want the whole /24.

If your IP is stored as an unsigned int (good for you) than you can use this snippet to search for matching IPs:

If your IP is stored as a varchar (for whatever reason), the only difference is a inet_aton() around the IP field.

No matter which one you use, the result will be:

Windows reinstall and Adobe fun

I never got around to posting it, but a few weeks back the hard drive of my PC with Windows on it died … a little bit. Technically a large chunk of the harddrive is simply unaccessable. after poking and pushing I at least got windows to boot up again, but a large part of the software was dead. I bough a new drive and went through the fun process of installing a fresh windows, patching it, and then installing all the software again.

I didn’t get around to installing my video and picture software on the new windows until this morning, and it turned out to be lots of fun. Due to pure luck I found the license key for sony vegas (it is shown in the splash screen when starting up, shortly before it crashes due to my harddisk malfunction). Any Photomatix was where I keep most licenses stored. But my Photoshop license was more of a challenge. Adobe only allows 2 activated copies of the software per license, activated copies are bound to hardware … you probably see where this is going. I couldn’t deactivate the old installation since the harddrive was kinda dead, and the new installation says “different hardware (new harddrives), must be a different computer”. Yay, fun. The bright side was that the support was easily contacted and they could reset the activation counter (after lecturing me about using it on “2 computers” and deactivating, bla bla bla). I learned one thing: the more expensive the software, the more problems you have with licenses. A shame I never liked Gimp for photo editing.

XEN 3.4 with ipv6 routing

Yes, there are a few postings out there about getting ipv6 routing running with XEN. But I’ll throw this online anyway since there are a few changes I had to make for it to work on my server. This text is intended for people who know their way around Linux and XEN so it will be a bit technical and won’t spell out every single step you have to make.

Most of the changes are based off scripts and information from BenV and wnagele (latter is interesting for me since I am also running XEN on a hetzner server). Have a look at the two links if anything is unclear. Now let’s start the fun 🙂

First of all we need IPv6 up and running on the host (dom0). Add the IP and gateway to your /etc/network/interfaces
This is what mine looks like:
iface eth0 inet6 static
address 2a01:4f8:100:1123::2
netmask 64
gateway 2a01:4f8:100:1120::1
pre-up ip -6 route add 2a01:4f8:100:1120::1 dev eth0

Check if the IP address is responding to the outside world (e.g. with wiberg.nu/iptools.php), if everything looks ok, proceed …
Now we need to enable a few things to get routing and neighbor discovery running on the host (dom0). Edit your /etc/sysctl.conf and add/change these 2 entries (and while you are at it, set them with “sysctl -w” too):
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1

So, your host should by now be online with ipv6 and soon be able to route packets to it’s guests. By default XEN will only take care of IPv4 when a guest is created, so here is a small patchfile that adds support for IPv6: xen-ipv6-vif-route.patch. The patch changes vif-route and vif-common.sh, while these files may be in different places depending on your distribution, /etc/xen/scripts/ is where they can commonly be found. Download the patch to the directory with the scripts to be changed and execute a “patch -p0 < xen-ipv6-vif-route.patch” (vif-common.sh gets a few new IPv6 functions, and iptables now won’t try to change stuff for IPv6 IPs. vif-route changes are: ndp is enabled for the vif device and the route/neighbor IPv6 settings are set)

So, now that the scripts know how to setup all our IPv6 needs, we need to add the IPv6 IP to our guest settings (.cfg file typically found in /etc/xen/). What we want to change is the “vif” setting. Add the IPv6 IP of the guest to the IPv4 IP (just the IP without the trailing /network, space separated form the IPv4 IP):
vif = [ 'mac=B1:A3:3F:25:11:B8, ip=2a01:4f8:100:1123::5 188.40.34.101' ]

Now you can create the guest(domU) and add the IPv6 IP to the /etc/network/interfaces of the guest if you haven’t so already (it uses the host (dom0) as the gateway).

iface eth0 inet6 static
address 2a01:4f8:100:1123::5
netmask 64
gateway 2a01:4f8:100:1123::2

Restart the networking on the guest (or reboot it) and you should now be able to ping the guest from the internet. See, easy wasn’t it 🙂

Ubuntu upgrade to 10.04 and lirc

Ubuntu 10.04 (lucid) came out a short while ago … and because it contained new themes and the latest version of mythtv, I went and upgraded. These updates are tested by gazillions of people, any serious problems would be noticed before release .. right? right?

Well, looks like I did it again. Turned a working tv recorder into a “electronic beeping thing under the TV that doesn’t do much except show a pretty screensaver if you wait long enough”. After fixing up some stuff that the update broke (thanks for overwriting my config files. I’ll just use the version from the backup I made before the update if you don’t mind), I got almost everything up and running again. As of right now the only things broken are a) the theme not displaying any text when I’m in LiveTV or a video (yeah, try to get out of there without any menus) and b) my remote control is also not working.

At first I thought that some sonfig was just b0rked with the lirc config, but after doing a “top” and seeing that lirc_dev was consuming a modest 90% of my CPU, I decided that it was googles turn to find out what was wrong with Ubuntu 10.04. And sure enough, it seems this wa a know problem that made it into release (hooray). Anyone stumbling across this post via goole: go to https://bugs.launchpad.net/ubuntu/+source/lirc/+bug/550369, there are fixes for the problem towards the end of the page. Since it looks like they will make it into the 10.04 updates you can also just wait for a few days/weeks and they will pop up as a update automatically. Anyone wanting to fix the problem now: the short version ist: go to https://wiki.ubuntu.com/Testing/EnableProposed to set up proposed updates for lucid, and install “lirc” and “lirc-modules-source” from the proposed repository.

As for the broken themes? I’m still working on that, have a few updates and poking around to go before the system is back to the running condition it was before.

*Update*
For some strange reason, I had to set the IRQ of the serial port to 4 any specify it in the /etc/modconf.d directory (was getting busy errors with IRQ 3)

The broken themes were “only” the OSD using bold font. After changing it back to the normal version in the OSD settings everything worked fine.

XEN and Kernel update

Server is up and running again. This morning I finished the xen (3.4) and kernel (2.6.32) updates I prepared yesterday evening. The only pitfall I stumbled across, was that the kernel in the debian repository (2.6.26-xen) seemingly wasn’t compatible with the latest xen in the debian repository (system would hang while booting, I guess that’s what I get for using “testing”).

Anyway, anyone using “lenny” or “testing” and wanting to update xen; here are a few tips to make the transition a breeze:

  • The debian wiki is full of useful information regarding xen
  • backports.org has a current xen kernel (linux-image-2.6.32-bpo.4-xen-amd64) that works fine with xen 3.4, just follow the instructions on backports.org on how to add it to apt.
  • I had to deactivate the “vfb” (VNC console) setting in the domU config files to get my guests to boot, browsing the Internet I saw people having the same problem with the “dhcp” setting.
  • If you are planning on updating the guests kernels too (advised), remember to change the “kernel” and “ramdisk” settings in the domU config files accordingly

With these few points in mind, the update is a breeze.

Reboot Script for Linksys WAP200 access points

Since the Linksys WAP200 has a tendency to hang and not let any users connect anymore, this little script to reboot an accesspoint (webinterface still works fine). Replace user and password with correct values.

WordPress, Lightbox & SmoothGallery

Since I just spent an hour debugging a problem that others probably also have ran into, I’ll post my findings and workaround. I’ve been using lightbox for my images here for a while (the thing that darkens the website and pops up a frame with the image, pretty muth common nowdays). This is a great solution for an image of two in a post, but if you want to add a bunch more (or a whole gallery) all those images will really bloat up your post,  so I had a look at different picture gallery software and really liked SmoothGallery. It turns out there are two plugins that make it easy to implement the software into a wordpress blog (NextGEN Gallery and NextGEN Smooth Gallery), but unfortunately SmoothGallery breaks lightbox in WordPress (has to do with the javascript libraries they use). My current workaround is to use Slimbox as an alternative to lightbox until the problem get’s fixed (or until I fix it myself somehow). In the long run I’d really like to return to lightbox (or lightview, a pimped up version).

I hope I get around to writing post of the last few days tomorrow. Wanted to do that this evening, but I got caught up in the gallery/lightbox problems.

Virtualbox

I’ve been playing around with Virtualbox here at work the last few days (all our MMO games have windows clients, I have a Linux at work), and I must say I am pretty impressed. Before someone comes around the bend and yells “but my favorite virtualisation software XZY can do that too”: I’ve tried a few and Virtualbox is: free, stable, easy to setup and use, has a good performance. The latest version supports Direct3d, so now I can run games that caused problems with wine. Creating snapshots are a breeze too, so I can revert the whole system back to a “clean” version without any problems if I want to test something.

A tip: boot the windows guest into the “safe mode” (press F8 after the BIOS sceen and before windows start to boot) and install the “Guest additions” while in safe mode, had trouble with direct3d if installing in the “normal” windows.

self0wned politicians

The German politicians are currently still pushing laws to censor the Internet (they actually managed to pass one law, now they are trying to defend it and broaden the spectrum of things to censor). It all started out as a good thing, they were trying to eradicate child pornography. Instead of having the child pornography simply removed from the Internet (which has been proved time and time again is fairly easy), they used the topic to implement general Internet censorship instances. Censorship is bad, and what pisses people off most is the fact that the “censorship” just puts up a big red stop sign in the browser of a user when he surfs to a page on the blacklist, and anyone with enough computer experience to turn a computer on and surf the Internet is more than able to bypass the current “censorship” and surf to any website he wants to.

Back to the reason I’m writing this post 😉 DNS servers are the servers that turn , for instance, www.google.de into the computer understandable IP Address of the server (so your browser knows where it has to go to get the pages). DNS servers are a fundamental part of the Internet as we know it. In a nutshell: A politician from the German SPD party stated that anyone running his own DNS server *) is supporting child pornography because he (or she) bypasses the efforts of the German politicians to use the DNS servers of the Internet providers to censor websites. To make this strange mental leap of the SPD even more funny, the SPD has a DNS server that anyone can use and (since certain institutions were explicitly exempted from the censorship laws) doesn’t censor anything.

Let’s look at the list of DNS servers from the SPD:

$ dig -t NS spd.de
spd.de.            26100    IN    NS    ns1.arcor-ip.de.
spd.de.            26100    IN    NS    ns2.arcor-ip.de.
spd.de.            26100    IN    NS    ns3.arcor-ip.de.
spd.de.            26100    IN    NS    dns2.spd.de.

aha, let’s have a look at dns2.spd.de since it is the only one not from a large Internet provider

$ host dns2.spd.de
dns2.spd.de has address 195.50.146.131

$ whois 195.50.146.131
inetnum:        195.50.146.0 – 195.50.146.255
netname:        SPDINET-NET
descr:          Sozialdemokratische Partei Deutschland
descr:          Wilhelmstr 141
descr:          10963 Berlin
country:        DE
admin-c:        FH1138-RIPE
tech-c:         ANOC1-RIPE
status:         ASSIGNED PA
mnt-by:         ARCOR-MNT
source:         RIPE # Filtered

yepp, belngs to the SPD, let’s check if it resolves hosts for us …

dig @195.50.146.131 dopefish.de
dopefish.de.        3600    IN    A    188.40.34.99

Works fine, that means we can tell our computer to not use the DNS servers from our provider, but use the one from the politicians who are helping to push Internet censorship.

*) Yes, I know the differences between DNS servers, recursors, … I’m just keeping it simple.

Blog <-> Facebook

So I finally got around to getting Facebook to automatically impoort my blog entries. Was easily done technically, all I had to do was decide if I wanted them to end up in the news feed or as status updates. Both had their advantages, but I decided going with news feeds because they provide better formating.

Now I’m back to moving my website and email server to new hardware (websites are easy, email is a bit of a pain).

mobile and online

I just finished setting up my laptop and cell phone so that I can go online from anywhere.  It’s not comparable to DSL speed, but it is fast enough to surf around and use SSH/VNC/Rdesktop. The hardest part was actually not the technical part, but finding specific information what I need to do from my cell phone provider!

After doing a bit of searching I finally found out that what I wanted (surf the internet with my netbook using my cell phone as a modem) seemd to be the “websessions” option at Vodafone. Now you can either buy dedicated hardware that you plug into your usb port (costs money, need to remember to bring netbook and adapter, needs strange software), oder sou use your cell phone and special software from vodafone (which didn’t work at all for me, couldn’t find my phone even though other software has no problems synchronizing my google calendar to my cell phone), OR you just set up a  internet connection in your cell phone with the APN event.vodafone.de and hook it up as a modem in windows via bluetooth. Unsusprisingly I use the last option since it requires neither additional hard- nor software. Just grab the netbook, connect to the cell phone in my pocket via bluetooth, and go online.

Depending on how often I use this I may even have a look into a flatrate. Only problem I’ve had so far, is that my cell phone (a sony ericsson w880i) sometimes seems to hang up the bluetooth connection, and refuse to reconnect until I turn bluetooth off and on again. I’ll have to check if there is a firmware update available.

Du bist Terrorist (You are a Terrorist)

Sadly, this isn’t a joke or just being paranoid. The politicians are going a bit overboard with internet censorship right now (elections this year). They are currently trying to pass a law, allowing the BKA (the German FBI) to block sites on the internet and monitor people trying to access the blocked sites. The BKA can freely decide which sites to block, and no one except for the BKA officially  knows which sites are on the list.

httpv://www.youtube.com/watch?v=SGD2q2vewzQ

You are a Terrorist! A Campaign against Terrorists.
United for a safer Germany. The Campaign „Du bist Deutschland“ (You are Germany) in 2005 was the beginning of a wave of positive spirit in the whole country. This combined energy has turned backwards in 2009, because now you are a potencial Terrorist and you have to be watched closely.

Mythtv + Wii Remote + ScummVM + Google Earth

Yesterday and today I went and got my Wii controller linked up to my htpc in the living room. No more boring old standard infrared remote control for me, now I can control the pc with my Wii controller. The first solution I found was MythPyWii which worked pretty well, but was nonetheless useless (due to some restrictions in the way myth works, and the way MythPyWii sends it’s data to myth) because Wii input was not forwarded to myth plugins (e.g. Myth Video or Myth Games).  Next I had a look at the inner working of MythPyWii and had a better look at wminput from the cwiid project.  Anyone who want’s to do this stuff: the packages bundeled with varios distributions kinda suck. Go ahead and pull the lastest codebase from their SVN and compile it yourself. If you want to go into serious FPS you are going to have to do it anyway to get some additional plugins compiled. I then set up the controls to work fine with mythtv and my video players (mplayer, vlc). With that done, I could (more or less) replace me traditional remote with a wii remote, now it was time for the fun stuff.

Next on my list was google earth (since controlling google earth with a Wii Remote just has to count as cool), easy to download and install. somewhat more challenging getting it into mythtv (Myth Games), don’t worry too much, plenty of helpful site around the internet, various ways to do it. The key mapping Wii->Keyboard was somewhat more difficult, since wminput currently doesn’t support different profiles, and I wasn’t in the mood of actually coding that functionality in. So I did a dirty hack: the script that calls google earth, switches the wminput config and then restarts wminput. The downside to this is that the controller has to reconnect. oh well.

I did the same with ScummVM, and now can play “point and click” adventures with my Wii Remote on the TV in the living room. Now that definatly counts as cool. As with google earth, the scummvm got it’s own key bindings.

I’d recommend using the acc_led plugin for wminput. I use it to signal which profile the controller it is currently in (or if it is in a profile at all). Without this plugin, you can’t tell if the controller is linked to the pc or not (you can’t even see if it is on or off).