{"title":"Amanjeev Sethi","subtitle":"Personal website and blog of Amanjeev Sethi","link":[{"@attributes":{"rel":"self","type":"application\/atom+xml","href":"https:\/\/amanjeev.com\/atom.xml"}},{"@attributes":{"rel":"alternate","type":"text\/html","href":"https:\/\/amanjeev.com"}}],"generator":"Zola","updated":"2024-02-09T00:00:00+00:00","id":"https:\/\/amanjeev.com\/atom.xml","entry":[{"title":"Banality of Grief (Poem)","published":"2024-02-09T00:00:00+00:00","updated":"2024-02-09T00:00:00+00:00","author":{"name":"\n \n Unknown\n \n "},"link":{"@attributes":{"rel":"alternate","type":"text\/html","href":"https:\/\/amanjeev.com\/blog\/poem-banality-of-grief\/"}},"id":"https:\/\/amanjeev.com\/blog\/poem-banality-of-grief\/","content":"

Banality of Grief<\/h2>\n

Hold the opposing truths, gently
\nin your gaze
\nyou may sound obvious
\nbut it is real
\nfor you
\nYou may feel small
\nbut isn\u2019t it weighing
\non you?
\nYou must speak
\ncry even
\nThe banality of your Grief
\nthat you think, is in your mind
\nYou may weep
\neven shout
\nbut you must say
\nthe obvious out loud<\/p>\n"},{"title":"Some notes on OpenWrt","published":"2023-12-16T00:00:00+00:00","updated":"2023-12-16T00:00:00+00:00","author":{"name":"\n \n Unknown\n \n "},"link":{"@attributes":{"rel":"alternate","type":"text\/html","href":"https:\/\/amanjeev.com\/blog\/notes-on-openwrt\/"}},"id":"https:\/\/amanjeev.com\/blog\/notes-on-openwrt\/","content":"

What is OpenWrt<\/a>?<\/h2>\n

I pronounce it as \"Open Wart\" but I digress and the notes haven't even begun. It is a Linux(-based), open source operating system for embedded devices but it's most use if found in your routers. If you want your router to have an open source and free operating system, this is a decent bet.<\/p>\n

To download firmware for your device\/architecture go to OpenWrt Firmware download page and try to find your device<\/a>.<\/p>\n

Architectures and devices<\/h3>\n

OpenWrt is open to adding new devices. Check how to add new device page<\/a> for details. If you want to go that route, maybe check if your device is already supported by going to \"Table of Hardware\" support page<\/a>. This is also available as an archive to download and grep locally.<\/p>\n

Packages<\/h3>\n

OpenWrt also has a package ecosystem<\/a>. So, you can package your own application for the OS. In fact, the UI (Web based) called Luci is a package itself that you can install once you have the OS up and running. The packages are divided into many categories<\/a> and creating a new package means you should choose one of those categories and likely sub-categories.<\/p>\n

You can install packages using the opkg<\/code> installation tool from the commandline. You will need to SSH into the router\/device after installing the OS.<\/p>\n

Rust and OpenWrt<\/h2>\n

This is new! Starting OpenWrt version 23.05 you have native Rust package support<\/a>. This can make life easier if you want to create a simple Rust package for OpenWrt.<\/p>\n

For me, my application was far more complex than what the OpenWrt Rust support toolchain can handle right now because we bundle some web artifacts etc. So, in my case it was easier to find the architecture and compile my binary for that using Nix<\/a>.<\/p>\n

You can find a few things by running these commands for your router -<\/p>\n

uname -a<\/code><\/h3>\n

Shows you system information in brief. For example,<\/p>\n

root@OpenWrt:~# uname -a\n<\/span>Linux OpenWrt 5.14.171 # 21:05:12 2023 armv7l GNU\/Linux\n<\/span><\/code><\/pre>\n
lscpu<\/code><\/h3>\n
This will show you architecture in detail. For example,<\/p>\n
root@OpenWrt:~# lscpu\n<\/span>Architecture:           armv7l\n<\/span>  Byte Order:           Little Endian\n<\/span>CPU(s):                 2\n<\/span>  On-line CPU(s) list:  0,1\n<\/span>Vendor ID:              ARM\n<\/span>  Model name:           Cortex-A9\n<\/span>    Model:              1\n<\/span>    Thread(s) per core: 1\n<\/span>    Core(s) per socket: 2\n<\/span>    Socket(s):          1\n<\/span><\/code><\/pre>\n
The important part is that you can also get the Model name (Cortex-A9) which maybe needed to choose the right architecture.<\/p>\n
ldd --version<\/code><\/h3>\n
This will tell you which base library your system is using. For example, the following uses musl<\/code>,<\/p>\n
root@OpenWrt:~# ldd --version\n<\/span>musl libc (armhf)\n<\/span>Version 1.2.3\n<\/span>Dynamic Program Loader\n<\/span>Usage: ldd [options] [--] pathname\n<\/span><\/code><\/pre>\n
Create a package for OpenWrt<\/h2>\n
I should begin by saying that in this exercise, you need a lot of GNU Make knowledge. The hell of Make will be enough for you to say no to creating OpenWrt package. However, let's look at a few things I learned during this \"simple\" exercise.<\/p>\n
Easy way out is to build binary yourself<\/h3>\n
If you know the architectures you want to support and can publish the package yourself, you can avoid the entire drama and just host things yourself. Honestly, it was far easier to do that especially if you have a complex build process. Which brings the next point.<\/p>\n
Quick before the next point, the .ipk<\/code> file is just a tar.gz<\/code>. So, you can unpack some existing package and see what kind of files are inside. It kinda feels like debian based structure but I could be wrong.<\/p>\n
The packaging process is a nightmare<\/h3>\n
You can try and follow their tutorial for packaging on their Wiki<\/a>.<\/p>\n
If you want to package it using their Make stuff, you will end up having more architectural support but it is a nightmare and not even like the Halloween kind where you get the candy.<\/p>\n
No really, look at this makefile -<\/p>\n
include $(<\/span>TOPDIR<\/span>)<\/span>\/rules.mk\n<\/span> \n<\/span>PKG_NAME<\/span>:=<\/span>bridge\n<\/span>PKG_VERSION<\/span>:=<\/span>1.0.6\n<\/span>PKG_RELEASE<\/span>:=<\/span>1\n<\/span> \n<\/span>PKG_BUILD_DIR<\/span>:=<\/span>$(<\/span>BUILD_DIR<\/span>)<\/span>\/bridge-utils-<\/span>$(<\/span>PKG_VERSION<\/span>)\n<\/span>PKG_SOURCE<\/span>:=<\/span>bridge-utils-<\/span>$(<\/span>PKG_VERSION<\/span>)<\/span>.tar.gz\n<\/span>PKG_SOURCE_URL<\/span>:=<\/span>@SF\/bridge\n<\/span>PKG_HASH<\/span>:=<\/span>9b7dc52656f5cbec846a7ba3299f73bd\n<\/span> \n<\/span>include $(<\/span>INCLUDE_DIR<\/span>)<\/span>\/package.mk\n<\/span> \n<\/span>define<\/span> Package\/bridge\n<\/span>  SECTION:=base\n<\/span>  CATEGORY:=Network\n<\/span>  TITLE:=Ethernet bridging configuration utility\n<\/span>  #DESCRIPTION:=This variable is obsolete. use the Package\/name\/description define instead!\n<\/span>  URL:=http:\/\/bridge.sourceforge.net\/\n<\/span>endef\n<\/span> \n<\/span>define<\/span> Package\/bridge\/description\n<\/span> Ethernet bridging configuration utility\n<\/span> Manage ethernet bridging; a way to connect networks together to\n<\/span> form a larger network.\n<\/span>endef\n<\/span> \n<\/span>define<\/span> Build\/Configure\n<\/span>  $(call Build\/Configure\/Default,--with-linux-headers=$(LINUX_DIR))\n<\/span>endef\n<\/span> \n<\/span>define<\/span> Package\/bridge\/install\n<\/span>        $(INSTALL_DIR) $(1)\/usr\/sbin\n<\/span>        $(INSTALL_BIN) $(PKG_BUILD_DIR)\/brctl\/brctl $(1)\/usr\/sbin\/\n<\/span>endef\n<\/span> \n<\/span>$(<\/span>eval <\/span>$(<\/span>call <\/span>BuildPackage<\/span>,bridge<\/span>))\n<\/span><\/code><\/pre>\n
A few weeks ago I had the privilege of attending the security training (using C++) by Patricia Aas<\/a>. This was also the only training she ever did in the North American timezone and that was such a fortunate thing for me. This was such a fun experience and I want to give you a bit of detail on what you can expect from this training.<\/p>\n
Basic structure<\/h2>\n
This is an intense course, but it is also a lot of fun. As a trainer myself, I am just in sheer awe of Patricia. This was 4 (four) days of 8 (eight) hours each day. You do get an hour of break in the middle but I can tell you this is still a lot of work for the trainer. Apart from that, there is a healthy variety of theory (including history) with practical exercises.<\/p>\n
Highlights (for me)<\/h2>\n
Material<\/h3>\n
I have always wanted to get hands-on security courses from the vantage of reverse-engineering, fuzzing, shellcode, and learn about the tooling around it. All of that was covered.<\/p>\n
Slides<\/h3>\n
I give extra mention for slides because Patricia\u2019s slide-deck is so beautiful. You can get some idea of what to expect by visiting her website<\/a>.<\/p>\n
Exercises<\/h3>\n
There are a plenty of exercises and hands-on work. You even get to do your own fuzzing, you learn about heartbless<\/del> heartbleed as an exercises! I am going to setup my own fuzzing lab at home.<\/p>\n
Is it for you?<\/h2>\n
In my group, there were seasoned security and reverse-engineering folks. There were also total beginners like me. Seldom is a course where people from both ends of the spectrum of knowledge can get so much out of. I can assure you that no matter where you are, this course will be fun and educational for you.<\/p>\n"},{"title":"Publications","published":"2023-09-13T00:00:00+00:00","updated":"2023-09-13T00:00:00+00:00","author":{"name":"\n            \n              Unknown\n            \n          "},"link":{"@attributes":{"rel":"alternate","type":"text\/html","href":"https:\/\/amanjeev.com\/publications\/"}},"id":"https:\/\/amanjeev.com\/publications\/","content":"
These are some of my writings published elsewhere. They are posted here in reverse-chronological order.<\/p>\n
Articles<\/h2>\n
This reminds me of the CMake hell of NCBI C++ Toolkit<\/a>. You can see there is a configuration file to configure CMake first.<\/p>\n"},{"title":"(In)secure C++ Training with Patricia Aas","published":"2023-11-23T00:00:00+00:00","updated":"2023-11-23T00:00:00+00:00","author":{"name":"\n            \n              Unknown\n            \n          "},"link":{"@attributes":{"rel":"alternate","type":"text\/html","href":"https:\/\/amanjeev.com\/blog\/insecure-cpp-training-with-patricia\/"}},"id":"https:\/\/amanjeev.com\/blog\/insecure-cpp-training-with-patricia\/","content":"