Bizarre Sources
Responsible geek: god at joonicks dot eu
Bizarre Sources also now (circa 2017) has an electronics branch: Bizarre Electronics,
A weblog about hobby electronics with Arduino and Raspberry Pi.
Small Things
twsinit-5.tar.gz (5.7kB) Previous:
#1, #2, #3, #4
This is an init replacement. Mostly just a proof of concept thing at the moment but its quite
capable of getting a system up and running. Only uses 8K memory.
#2 includes a tiny `printf' replacement (accepts %s and %i) plus `atomic_optget' which is
used to read small configuration files. right now all it reads is `/etc/init/<argv[1]>' and
runs the content of that file as the system boot command. The binary file is still only ~1280 bytes.
#3 can respawn getty's and similar services, provided that they do NOT background themselves!
It can also set hostname and domainname for you very early in the boot process. Supports up to 8
respawning services by default, for more you need to edit the main.c file. Remember to make strip
to get the memory usage displayed below.
#4 is starting to handle shutdown procedures in a sane/safe way. Includes a `killall5' tool that
replaces the sysvinit killall5. Use with caution, as it acts slightly different than the sysvinit
version. Now reads /etc/init/term for a shutdown command when it receives SIGTERM.
#5 fixes a few problems with killall5 not killing everything properly, plus a problem in the
printf routine which would bug out on certain numbers.
abyss# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 8 8 ? S Oct25 0:00 init auto
#6 never publically released; hacked it down to a single page (4K) by write-enabling the code page and moving the stack there.
Also included a 4K-version of agetty. There was plans of also making a 4K-version of inetd but I didnt get started on it...
Related project: minit - a small yet feature-complete init
I'd love to hear from anyone using my little twsinit on their boxens, mail me and tell me
how you like it! :]
loghack-1.tar.gz (1.1kB)
Small proof-of-concept program using the stack to store input (stdin) until a signal
is received and then dumping it (to stdout). intended for systems where syslog isnt
available until after root filesystem has been mounted RW. loghack uses only the stack
to store the input, as the stack is grown (allocated) by the kernel as it expands.
result is a minimum of code (~400 bytes binary, one page code in memory).
100% Linux-ix86 assembler. Undocumented.
minigw-alpha-0.tar.gz (3kB)
Really-really-really-really-REALLY small http proxy. This program is almost as
basic as it could possibly be. It does however support cookie filtering-per-site
and access denied-per-site. Hardcoded in the source tho.
If you want to link minigw against uC-libc, you can grab this tarball;
minigw-alpha-0-uClibc.tar.gz,
contributed by Travis Boucher. Undocumented.
printf.S (1.5kB)
Tiny assembly routine to perform simple `printf' stuff. The goal has been to minimize size -- the routine will
compile to only 116 bytes. Linux, i386 and up. The routine should be prototyped as:
void printf(const char *, ...);
Valid formats are limited to `%s' and `%i'. It handles negative numbers ok. No error-checking is done
(thats your job) and the output must be limited to <512 bytes (can be changed in the source).
I had a smaller version (105 bytes) but found out that it was quite bugged and would not handle
numbers ending with a 9, or numbers with zeroes in them. So, it got larger 8^|
binfmt_flat.tar.gz (1.8kB)
Linux (ix86) kernel module to support `flat' binaries. Much like MS-DOS .COM programs although this
binary format has a small (12-16 bytes) header. Binaries can be as small as 12 bytes. This module was
tested with Linux 2.2.17 but should work with other versions. The kernel module itself is only
about 1300 bytes, which is very little compared to such formats as ELF... Undocumented.
Secure Things
vma_rw_chk-1.0.tar.gz (2.4kB)
A small security module for Linux-2.2.19. Only works on Intel processors. It wraps execve() and checks so that the caller does
not call from a writeable memory segment. Since most local (and many remote) exploits call execve("/bin/sh",...) or similar from the
stack (and environment, which is also located on the stack), which is writeable, it would prevent most standard exploits from working.
Undocumented.
phx.c (3.9kB)
Remote buffer overflow exploit for the well-known phf CGI program. Both versions of phf
is vulnerable, proper bad-char filter or not makes no difference. Fake phf scripts are
obviously not vulnerable.
pqx.c (3.5kB)
Remote buffer overflow exploit for the post-query CGI program (very common).
xor-0.tar.gz (8.0kB)
A small stream XOR utility for all those cryptomaniacs out there.
If the -x option is not used, it reads XOR data from stdin.
Usage: ./xor -i<input> -o<output> [-x<xordata>]
IRC Things
asmbot-1.1.tar.gz (1kB) Previous:
#1
Proof of concept: a trivial IRC bot written in 100% assembly. Less than 500 byte ELF/ix86 binary, uses 8K memory. Undocumented.
Because that's what we have standards for.