Bizarre Sources

Responsible geek: god at joonicks dot eu

Bizarre Sources also now (circa 2017) has an electronics branch: Bizarre Electronics,
A weblog about hobby electronics with Arduino and Raspberry Pi.



Small Things

twsinit-5.tar.gz (5.7kB)   Previous: #1, #2, #3, #4
This is an init replacement. Mostly just a proof of concept thing at the moment but its quite capable of getting a system up and running. Only uses 8K memory.

#2 includes a tiny `printf' replacement (accepts %s and %i) plus `atomic_optget' which is used to read small configuration files. right now all it reads is `/etc/init/<argv[1]>' and runs the content of that file as the system boot command. The binary file is still only ~1280 bytes.

#3 can respawn getty's and similar services, provided that they do NOT background themselves! It can also set hostname and domainname for you very early in the boot process. Supports up to 8 respawning services by default, for more you need to edit the main.c file. Remember to make strip to get the memory usage displayed below.

#4 is starting to handle shutdown procedures in a sane/safe way. Includes a `killall5' tool that replaces the sysvinit killall5. Use with caution, as it acts slightly different than the sysvinit version. Now reads /etc/init/term for a shutdown command when it receives SIGTERM.

#5 fixes a few problems with killall5 not killing everything properly, plus a problem in the printf routine which would bug out on certain numbers.
abyss# ps aux
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0     8    8 ?        S    Oct25   0:00 init auto
#6 never publically released; hacked it down to a single page (4K) by write-enabling the code page and moving the stack there.
Also included a 4K-version of agetty. There was plans of also making a 4K-version of inetd but I didnt get started on it...

Related project: minit - a small yet feature-complete init

I'd love to hear from anyone using my little twsinit on their boxens, mail me and tell me how you like it! :]


loghack-1.tar.gz (1.1kB)
Small proof-of-concept program using the stack to store input (stdin) until a signal is received and then dumping it (to stdout). intended for systems where syslog isnt available until after root filesystem has been mounted RW. loghack uses only the stack to store the input, as the stack is grown (allocated) by the kernel as it expands. result is a minimum of code (~400 bytes binary, one page code in memory). 100% Linux-ix86 assembler. Undocumented.


minigw-alpha-0.tar.gz (3kB)
Really-really-really-really-REALLY small http proxy. This program is almost as basic as it could possibly be. It does however support cookie filtering-per-site and access denied-per-site. Hardcoded in the source tho. If you want to link minigw against uC-libc, you can grab this tarball; minigw-alpha-0-uClibc.tar.gz, contributed by Travis Boucher. Undocumented.


printf.S (1.5kB)
Tiny assembly routine to perform simple `printf' stuff. The goal has been to minimize size -- the routine will compile to only 116 bytes. Linux, i386 and up. The routine should be prototyped as: void printf(const char *, ...); Valid formats are limited to `%s' and `%i'. It handles negative numbers ok. No error-checking is done (thats your job) and the output must be limited to <512 bytes (can be changed in the source). I had a smaller version (105 bytes) but found out that it was quite bugged and would not handle numbers ending with a 9, or numbers with zeroes in them. So, it got larger 8^|


binfmt_flat.tar.gz (1.8kB)
Linux (ix86) kernel module to support `flat' binaries. Much like MS-DOS .COM programs although this binary format has a small (12-16 bytes) header. Binaries can be as small as 12 bytes. This module was tested with Linux 2.2.17 but should work with other versions. The kernel module itself is only about 1300 bytes, which is very little compared to such formats as ELF... Undocumented.



Secure Things

vma_rw_chk-1.0.tar.gz (2.4kB)
A small security module for Linux-2.2.19. Only works on Intel processors. It wraps execve() and checks so that the caller does not call from a writeable memory segment. Since most local (and many remote) exploits call execve("/bin/sh",...) or similar from the stack (and environment, which is also located on the stack), which is writeable, it would prevent most standard exploits from working. Undocumented.


phx.c (3.9kB)
Remote buffer overflow exploit for the well-known phf CGI program. Both versions of phf is vulnerable, proper bad-char filter or not makes no difference. Fake phf scripts are obviously not vulnerable.


pqx.c (3.5kB)
Remote buffer overflow exploit for the post-query CGI program (very common).


xor-0.tar.gz (8.0kB)
A small stream XOR utility for all those cryptomaniacs out there. If the -x option is not used, it reads XOR data from stdin.
Usage: ./xor -i<input> -o<output> [-x<xordata>]



IRC Things

asmbot-1.1.tar.gz (1kB)   Previous: #1
Proof of concept: a trivial IRC bot written in 100% assembly. Less than 500 byte ELF/ix86 binary, uses 8K memory. Undocumented.



Valid HTML 3.2!
Because that's what we have standards for.