Sunday, June 16, 2013

How to get source code of a package?

  In this post, I will be explaining you to how to get the source code of  any package in Ubuntu.

Let us take one example and pull the source code. If you want to get the source code of  'ls' command in Ubuntu, First you need to know which package has bundled this command.

 1. First find the absolute path of the command wither by 'which'  command. If it didn't get the command name, then your PATH variable is not set properly.  No worries, search for the binary in your machine with find command.

      %which ls

         OR

     % find / ls 2>/dev/null

Let us say we got '/bin/ls' as output.

2. Now get the package name which bundled this command.
    %dpkg -S /bin/ls
    coreutils: /bin/ls

3. Coreutils is the package which bundled /bin/ls command.
Before going to pull the source of this package,  configure the apt by uncomment all the lines starts with 'deb-src' in /etc/apt/sources.list file as a root user. After doing this run apt-get update.
 
   %apt-get update

4. Create a directory where root has write permission. and  go to that directory. run  below command to get the source code of the package.

  %apt-get source coreutils

5. You will get the below files as part of this download. here we will be having 3 files and 1 directory.

            coreutils-8.20 ---> Directory which is extracted code of   coreutils_8.20.orig.tar.gz.
            coreutils_8.20-3ubuntu5.dsc ---> Description of the package, dependency list and signature.
            coreutils_8.20-3ubuntu5.diff.gz  ---> Patch, which enables the source code build on ubuntu.
            coreutils_8.20.orig.tar.gz --->  Original GPL code

**** you can find the source code for ls command in 'coreutils-8.20/src/ls.c' file. ****


 6. Applying patch to the source code.
 First extract the gzipped diff  file  and then apply patch to source code. 

  %gunzip coreutils_8.20-3ubuntu5.diff.gz
  % cd coreutils-8.20
  %patch -p1 < ../coreutils_8.20-3ubuntu5.diff 



Now you can build the source code and install your own binaries in your Ubuntu machine.

Thanks
Shivu



Posted by at No comments:

Wednesday, June 12, 2013

Hack password of PDF file in Ubuntu

  Every human being is tend to forget something important. This is the gift given by god to make space for new data in our brain(ROM and RAM).    Good example of forgetting the things are passwords of bank login, documents password which we only set etc...

Here  I am explaining how to crack the password of the pdf file in UBUNTU.

1. Install pdfcrack debian package from the apt-get command.

%sudo apt-get install pdfcrack

This package is available even for fedora, Centos  etc...

2. Run the below command.

%pdfcrack -f <filename> -s

 It will take long time to crack the password.
To improve the performance and to reduce the time taken to crack the password you can use options.
         If you know the number of characters of the password, then you can use -n and -m options.
                     -n minimum characters
                     -m maximum characters
        If we know the password  length is 5 or 6 characters, then we can  provide options as -n 5 -m 6
        If we know the possible password characters, then we can use -c option.  Most of the bank statements passwords will be in numbers, Hence we can use  -c 0123456789

3.  Here is the example, where the date and month of birth as a password. (01Jan or jan01)...

 %pdfcrack -f pdfcracktest.pdf -n 5 -m 5 -c 0123456789janfebmaraprmayjunjulaugsepoctnovdec -s


       With "09jan" password  I could able to open the document pdfcracktest.pdf.

Thanks
Shivu

Posted by at No comments:

Sunday, June 9, 2013

Trace process specific kernel functions with ftrace

   In my previous blog, We have learnt  how to setup ftrace environment and function level tracing . In this post we will learn on how to trace the kernel function specific to a particular process and function filter.

1. trace kernel calls specific to process

As we know we have /sys/kernel/debug/tracing directory. In this we have set_ftrace_pid file.


  •   First we need to make sure tracing_on is not enabled, by echoing 0 to tracing_on.
  •   Disable all tracers by echoing 'nop' to current_tracer.
  •   echo the pid of the process which we have to trace to set_ftrace_pid file. (say pid of ntpd, that is 2444)
  •   Enable function or function_graph tracer by echoing corresponding tracing  in to current_tracer file.
  •   Enable tracer by echoing 1 to tracing_on.
  •   Now if you run the cat trace you will find the kernel function trace which are invoked by that process.





  •  To disable this tracing  you need to do the reverse order. first disable tracing_on, then disable function tracing, and then at last echo nothing to set_ftrace_pid (to disable) as below.
             %echo > set_ftrace_pid


you can verify whether no pid has been written in to set_ftrace_pid file by opening the same.
I tried to echo -1 as documented, but it fails. Hence I found this workaround.

2. To trace specific functions:

    First we need to check whether the function which we are interested is in 'available_filter_functions'.
If not you can you can browse the kernel code to get which function is invoking the function, which you are interested in. So that you can search that function in this available_filter_functions list. 

Once you get that the function in the available_filter_functions file, echo that function to set_ftrace_filter file.  the process is very similar to the above one, except the instead of pid, we will echo the function to set_ftrace_filter. Make sure "no pid" phrase in set_ftrace_pid file.
 You can specify just one function or multiple functions in set_ftrace_filter file (one function per line).

Here in the below example I have selected ext4_write_inode and ext4_inode_table functions.
The below tracing filtered out  only those functions.

you can enable function graph  instead of function in the current_tracer.

To disable the  this tracing, we need to disable tracing_on,  current_tracer and then set_ftrace_filter in order. To disable set_ftrace_filter we can echo null to set_ftrace_filter.

            % echo > set_ftrace_filter

Thanks
Shivu


Posted by at No comments:

Sunday, June 2, 2013

Linux kernel debug with ftrace


   
    Ftrace is the lightweight and flexible function level debugger. It can be used as data collection, debugging and performance tuning on Linux kernel. It does not need to recompile the kernel code. With just existing kernel code we can trace the kernel level function calls flow.   The below are the steps to to setup ftrace and how to use this.

1. first we need to make sure the debugfs is supported in the kernel.  This can be find in /proc/filesystems file. In my desktop kernel it has been enabled.


2. Now we need to mount the debugfs. Please verify whether this has been mounted by running mount command.

If you are not finding this entry, you can mount this by the below command. 
%mount -t debugfs none /sys/kernel/debug

**** Instead of /sys/kernel/debug, you can use your own directory while mounting. ****

3. Now you are all set to go. After you mounted you will find tracing directory, which has so many files as listed below. 


4.  To know the supported tracers, cat the file available_tracers.


5. As this post is about ftrace, I will concentrate on  function and function_graph tracers.
  To enable trace, as a root user echo 1 to tracing_on file as below:
 %echo 1 > tracing_on

Now  select which tracers need to be enabled. Let us  say we need  function trace. For this we need to echo function to current_tracer file as below:
%echo function > current_tracer

To view the trace information, we need to cat  or vi the trace file.  The trace file is a just reading the ring buffer  and display to the user.  The content can be still viewed even after disabling the  trace by echoing 0 to tracing on file.
%echo 0 > tracing_on. 

But if you  remove the  function trace from the current trace file, then all the ring buffer data will get erased. because of this, you can not view the trace information.


The above trace output explains all the the kernel calls with on which CPU it is running. The first column is showing the process name and corresponding PID, to which the kernel calls invoked.

The fourth column talks about the time spent from the boot time.

6. To disable trace logging,  just echo 0 to tracing_on file. As explained above this will not erase the ring buffer content instead it will stop logging data to ring buffer. Hence we can still view the trace file(ring buffer)  content.

7.  If we need to get the call graph in heirarchical manner,  we have to echo function_graph to current_tracer file.
%echo function_graph > current_trace



The function_graph trace is showing the time spent in each kernel function. The time will be displayed in the second column corresponds to each leaf function.  If a  function is calling nested functions, then the accumulated time will be displayed, while exiting from that function.  If the time taken in a function is exceeding  10 Microseconds, then it will be denoted as '+'. if it is taking more than 100 microseconds, then it will be denoted as '!'.

In my next post will explain about how to attach a process  and how to filter out the functions in the trace output.

Thanks
-Shivu


Posted by at 1 comment:
Labels:
Location: Washington, USA
Subscribe to: Posts (Atom)