Home

C

Geolizer HTTP stats

Sample Geolizer output (fragment)

About Geolizer

This is an enhanced version of the popular Webalizer HTTP server statistics generator. It's main feature is an ability to discover visitor's country by his/her IP address. Default Webalizer method is to extract host suffix from the reversal DNS query (obtained directly from log files, or by webazolver program if HTTP server doesn't reverses client IPs), which is slow and imprecise (for example, Brazilian host could be reversed as .com). Geolizer relies on the GeoIP library API to do the same thing. Thus, no more DNS queries are required, and results are much more precise. Geolizer also has some additional features: it displays file sizes in a human-readable form (bytes/KB/MB/GB/TB) instead of default kilobytes. It also compiles under MinGW/MSYS now, so you can process your UN*X log files on your Windows box. And, finally, Geolizer features a nice eye-candy: country flags! Smiling

Beware as Geolizer also has some bad features (read "bugs"): for example, webazolver won't work anymore, and already resolved hosts aren't handled well. Want to see how it looks like, at all? Take a look at some sample statistics! Or see who else uses Geolizer to produce their server stats.

Tips

  • The country flag pictures can be downloaded at http://flags.blogpotato.de/. Just download and unzip world.small.zip & special.small.zip to the flags/ subdirectory in your HTML output path.
  • You may enhance your Webalizer further (allowing it to identify more user agents, referrers and search engines than normal) using extended configuration files, provided by Enric Naval and available at http://griho.udl.es/webalizer/.
  • It is possible to use multiple configuration files on Webalizer. Just specify them at the command line:
    webalizer -c common.conf -c user_stas.conf
  • Why don't you try also AWStats & WebDruid?!

It is easy to located an internet service which provides low prices for voip. Simply by downloading the software the service of the voip can be utilized, though for this a fast wireless internet is also required. This is especially benefical for small website hosting companies to contact their clients at a low cost.

Share/Save/Bookmark

stas's picture
stas » January 16, 2007 » 14:00
addon » C » database » GeoIP » network » opensource » software » web
3 attachments » 26 comments » 144073 reads

tiny HTTP proxy


Main screen

This is a tiny and highly experimental HTTP/1.0 proxy software that I have written to debug HTTP protocol & it's clients. It is very small and simple, yet useful to reverse-engineering purposes. It's interface is quite obvious. The Server frame controls the IP, port and connection limit of the proxy server. It also shows how many connections are active at moment. The Data Traffic frame shows in/out packets & bytes. Service frame allows you to stop, start and quit the proxy. These are the very minimalist controls for the very minimalist proxy server.

The interesting stuff begins at the Plugin frame. All the packet passed through this proxy server are forwarded to the selectable plugin module. By default, it is logger.dll. It simply saves every single packet into separate file, which uses the following name scheme: from_IP.from_port-to_IP.to_port.log (for example, 127.0.0.1.4322-127.0.0.1.21.log). The files can be ordered by their modification date in your file explorer, so you can track the entire session:

Packets list

The logger.dll can be set up to include a sequence counter at the beginning of each packet and to output saved packets into some specific directory:

logger.dll setup

Plugin module is also capable of injecting packets. Load the replicator.dll file and check the setup screen:

replicator.dll setup

When you click the Capture button and then make some action in your proxied web client, the replicator plugin will prompt you if it got a corresponding packet. This packet may be resent automatically, at the period specified in the Period box. You can capture & replicate several packets, and manipulate their resend period. A very interesting application of the replicator plugin is to flood web chats and to spin up web counters. Of course, the right way is to use logger.dll and to make a clone that imitates the "real" web client.

The final note: this is, and always will be, an alpha-state code. I do not develop this proxy application anymore. It is useful to me the way it is. But you can grab the source and make a whatever plugin you like, or even rewrite the code entirely. I don't care. Just give me the proper credits!

Share/Save/Bookmark

stas's picture
stas » January 3, 2007 » 21:50
C » GUI » hack » network » opensource » software » web » windows
attachment » add new comment » 13869 reads

Duke3D D.M. cheater


E1L2 near the dark room elevator: enhanced brightness
E1L2 near the dark room elevator: enhanced brightness

Do you consider yourself a good Duke3D deathmatch player?! Neither I do Eye-wink
For our luck, 3D Realms released Duke3D source code under GPL license at April 1st, 2003. No, I'm not fooling you! Since then, several people are enhancing this classic game, extending it's portability and adding some cool features to it. There are ports like icculus Duke3D port and JonoF's Duke Nukem 3D Port. So, with the source in my hands, I decided to make my own version. I called it Duke Nukem 3D v1.666. It is 100% compatible with the original MS-DOS Duke3D v1.5, and adds some cheats into deathmatch games:
  • Omniscience. You can peek at your opponents screen (using "Coop View", which now works even in the deathmatch mode!), and hear the sounds they make (you may hear them scream when hit at the long distances). You are able to see in darkness all the time, without using the night vision goggles, and without that ugly green screen tinting. You'll know when your opponent drops a holoduke, so you won't waste your ammo with it. And finally, you won't see that confusing steroids trail anymore!
  • Aim bot features. Aim bot (which can be turned off!) will track the closest visible opponent automatically. If you're close enough to your opponent, aim bot will also try to kick him while shooting. And it will auto-activate med kit when you get shot! Another cool feature associated to the aim bot is the auto-jetpack. Jump from a high place, and jetpack will be activated automatically when you're close to the ground.
  • Practical enhancements. When you find a new weapon, game won't switch to it automatically. You will always see which weapon your opponent is using, without activating the "Weapon Mode". Demo viewer doesn't switches camera automatically anymore. And game doesn't prompts you with credit screens/animations when started or finished.
  • DNCROZ during multiplayer?! Even this is possible in the cheater! The only problem is: both players should type it when the game is paused, or the "Out Of Sync" condition occurs. Other cheats that work in the multiplayer game are: DNSCOTTY###; DNCOORDS, DNVIEW; DNRATE; DNBETA; DNTODD; DNSHOWMAP; DNALLEN; DNDEBUG.
  • ".ANM viewer". Just type DNENDING while playing, and the game skips right to the episode ending video Smiling
Please note that the most useful cheat, the aim bot, only works fine with the game's internal AI opponents (A.K.A. "PP bot", started with "duke3d.exe /q2 /a" command). It may work in the acceptable way on crossover 100 Mbps LAN connection (peer-to-peer), although... And the worst thing ever: Duke3D v1.666 will only work on real DOS mode, so forget it if you only have Windows NT/2k/XP (anyway, those who play Duke3D over network frequently do have Windows 9x installed for this specific purpose Smiling)
Still interested?! It's a bit difficult to install, though... First, you need to have the original Duke Nukem 3D v1.5 installed. Second, backup it!!! After that:
  1. Unpack the DN3D1666.ZIP into your Duke3D installation directory, overwriting files.
  2. Configure Duke3D. Run SETUP.EXE, and go to "Controller Setup", then "Choose Controller Type", and then select "Keyboard and External". After this, select "Setup External", "Change External Program Name", and type "DUKE3D.EXE" there. Now you can save config, but DON'T LAUNCH A GAME YET!!!
    (NOTE: it would be great if you disabled Turn_Left and Turn_Right keyboard bindings, although, if you don't plan to use "AutoAimSelfCalibrate" setting in DUKE3D.666 file or won't use Auto-Aim feature at all, you don't need to do this).
  3. Now, edit the file DUKE3D.666. Open it in your favorite editor (EDIT.COM Eye-wink), and you'll see that it's almost self-explanatory. Note that your mouse is now configured by this file, any SETUP settings will be ignored! Also note that default mouse settings for v1.666 imitates the default settings for the original Duke3D v1.5.
I also recommend you to read the "DN3D1666.ME!" file, supplied in the download package.
Relative project: GRP packer plugin for the Total Commander.
Sorry, no source code is available for direct download. However, if you're interested in it, contact me and I'll provide it to you! Thus, GPL license of the original Duke3D source wouldn't be harmed, I beleive...

Share/Save/Bookmark

stas's picture
stas » May 9, 2006 » 16:47
addon » C » cheat » game » graphics » hack » network » software
3 attachments » add new comment » 6112 reads

MD5/SHA1 checksum

An enhanced file checksum plugin for the Total Commander (TC for short). It supports both MD5 & SHA1 algorithms, and is able to checksum the entire directory trees. Note that it's MD5 checksum function is much faster than TC's internal one (70% faster on my Athlon XP 1700+ with Seagate IDE 160 GB 7200 rpm HD!). Both MD5 & SHA1 algorithms were ripped from PuTTY by Simon Tatham, who implemented them directly from the specification.
Basically, the file checksum plugin integrates the functionality of GNU utilities md5sum and sha1sum into the Total Commander GUI. This is done through the packer extension API: you simply select files/directories you want to checksum, and "Pack" (Alt+F5) them into a .md5 or .sha "archive". It will be a plain text file which looks like this (just the same format as that of above GNU utilities):
3fb2924c8fb8098dbc8260f69824e9c437d28c68  FC4-i386-disc1.iso
31fdc2d7a1f1709aa02c9ea5854015645bd69504  FC4-i386-disc2.iso
032455cdf457179916be3a739ca16add75b768b7  FC4-i386-disc3.iso
f560f26a32820143e8286afb188f7c36d905a735  FC4-i386-disc4.iso
736e1555e88740d6131c5c84fbe69ed1073ba82d  FC4-i386-rescuecd.iso
Note that as TC runs on Windows, checksum plugin will use DOS line endings (CRLF). To "export" the generated checksum list to a UN*X system, you can use my ToFroWin utility, which also integrates itself into TC Smiling
Then, to verify files consistence from TC, select .md5 or .sha file and "Test archive" (Shift+Alt+F9). Files generated by *BSD md5 utility are also supported. You can also browse checksum files as they were directories; this is specially useful to locate and check for consistence a single file from the huge directory tree. To do that, just "View" (F3) a file, and TC Lister will pop you a window with content like this:
D:\_INSTALL_\stentz-binary-i386\FC4-i386-rescuecd.iso

expected:	736e1555e88740d6131c5c84fbe69ed1073ba82d
computed:	736e1555e88740d6131c5c84fbe69ed1073ba82d

SHA1 checksum OK!
Check this screenshot to see the checksum plugin in operation!

Installation:

  1. Unzip the "checksum.wcx" to the Total Commander or Windows Commander plugins directory
  2. In Windows Commander 4.0 (or newer) or Total Commander, choose 'Configuration => Options'
  3. Open the 'Packer' page
  4. Click 'Configure packer extension WCXs'
  5. Type md5 as the extension
  6. Click 'New type', and select the "checksum.wcx" file
  7. Click OK and then 'Configure packer extension WCXs'
  8. Now type sha as the extension
  9. Click 'New type', and select the "checksum.wcx" file again
  10. Click OK

Usage:

(This section uses MD5 checksums as example; for SHA1 the procedure is the
same, just replace every "md5" you see by "sha" Smiling)
  1. Generate MD5 checksum:
    1. Select files you wish to compute checksum.
    2. Then go to "Files => Pack".
    3. Select "md5" as packer.
    4. PLEASE NOTE THAT ARCHIVE PATH WILL BE IGNORED!!! ".md5" 'archive' is ALWAYS generated in current directory (where checked files are), and NOT in the opposite panel! The only exception is creating checksum of the files stored on CD-ROM media as there's no way to create files there.
    5. Press OK and check CURRENT directory for ".md5" list generated.
  2. Verify MD5 checksum:
    1. Certify that ".md5" list is in it's right place (filenames listed in it should be relative to the current directory).
    2. Select it and do "Files => Test Archive(s)".
    3. If any file doesn't matches stored MD5 checksum then "CRC error" message box appears.
    4. If everything is clear Total Commander remains quiet.
  3. Browse MD5 checksum list:
    1. Certify that ".md5" list is in it's right place (filenames listed in it should be relative to the current directory).
    2. Select it and enter it as it were a normal archive.
    3. If any file is present in the ".md5" list but wasn't found in the current directory then "?" is displayed instead of file date/time and size.
    4. PLEASE NOTE THAT FILES CAN NOT BE EXTRACTED TO YOUR DISK! ".md5" isn't an archive, it stores only the hash of the file.
    5. Select file you wish to check and press F3 (call Lister).
    6. Lister will show complete file name, expected checksum and generated checksum. If both checksum matches then the last line is "MD5 checksum OK!".

Share/Save/Bookmark

stas's picture
stas » May 9, 2006 » 12:17
addon » C » hack » opensource » software » Total Commander » windows
4 attachments » 1 comment » 9750 reads

Diamond Rio PMP300 FS-plugin


Diamond Rio PMP300 itself!!!

Diamond Rio PMP300, with only 32 MB of flash memory, was the second portable MP3 player ever released, in 1998. Unfortunately, such a revolutionary piece of hardware is very painful to interface with: as it is connected through parallel port, highest transfer rates achieved were around 80 KB/s. And the software bundled with it was too primitive. To the luck of thousands of (un)happy Rio owners, The Snowblind Alliance released their Open-Source RIO utility, which became a starting point of several alternative Rio manager interfaces. Mine is just one of them Smiling
First of all, there's absolutely no need to write the entire file manager. Total Commander (TC for short) is one of the most feature-rich file managers ever made, and it supports a very extensible plugin API. As a result, one could use TC to manage files directly on the flash memory of his/her Rio! Actually, my plugin supports listing, uploading, downloading & deleting files from Diamond Rio PMP300 internal memory. It also displays the transfer speed and the total/remaining space. Take a look at this screenshot to see it in action. Behind the GUI, my plugin uses the source of the "RIO utility v1.07" by The Snowblind Alliance.

Installation:

Just the same as for many other FS-plugins:
  1. Unzip rio.wfx & rio.cfg files to Total Commander directory
  2. Choose "Configuration => Options => Operation => FS-Plugins"
  3. Choose rio.wfx
  4. Click OK.
  5. You can now access the plugin in the "Network Neighborhood"
  6. Open rio.cfg file and set the correct LPT port address (see below for more details)
Please note that DriverLINX Port I/O Driver by Scientific Software Tools, Inc. is required for plugin to operate. Get it below.

Configuration:

In the majority of cases, the plugin may work fine "out-of-the-box". If it doesn't work at all, probably you'll need to discover and specify your PC's parallel port hardware address. Open your system's "Device Manager" (on Windows XP, open the context menu for "My Computer", click "Properties", go to the "Hardware" tab, and click the "Device Manager"). Go straight to "Ports (COM & LPT)". Now locate the port that your Rio device is attached. On my case, it's LPT1. Double-click "Printer port (LPT1)", and go to the "Resources" tab. You need the first one of  "I/O Range" numbers:

Device Manager => Printer port (LPT1) => Resources

378 is what you need. Note that this number is in a hexadecimal format. Thus, many programs (like my plugin) may accept it as 0x378. Now, open the rio.cfg file. It looks like this, by default:
# Assume that Rio is connected to LPT1
IOPort		0x378

# default
IODelayInit	20000
IODelayTx	100
IODelayRx	2

# "turbo" mode (UNSAFE!!!)
#IODelayInit	5000
#IODelayTx	1
#IODelayRx	1
Now, just update the IOPort parameter to the value you discovered.
Note all that IODelay* parameters. For the safety reasons, the delays are high by default, and, consequently, the file transfer is slow. If you comment out the default values and uncomment the turbo mode ones, you'll get a great increase in performance! But remember to only use it when your Rio battery is 100% charged, and when your Rio is turned on. It may corrupt some bits, through.

Share/Save/Bookmark

stas's picture
stas » May 6, 2006 » 00:26
addon » C » GUI » hack » hardware » music » opensource » software » Total Commander » windows
5 attachments » add new comment » 9619 reads

"ps auwx" faker

"Process Stack Faker" (psf for short) is able to hide the real executable name and it's parameters from the output of "ps auwx", "ps -ef" & "top" (on UN*X machines), without any superuser privileges. Why should one wish to hide the stuff he/she executes is a complete different topic Smiling
Let's take a look at the options that psf itself accepts:

$ ./psf
Process Stack Faker (a.k.a. Fucker) v0.03
Coded by Stas; (C)opyLeft by SysD Destructive Labs, 1997-2003

Usage: psf [options] command arg1 arg2 ...
Where options can be:
-s string fake process name
-p filename file to write PID of spawned process - optional
-d try to start as daemon (in background, no tty) - optional
-l DO NOT exec through link (detectable by 'top'!!!) - optional
-u uid[:gid] (format just like in chown(1)) reset UID/GID - optional
-n priority renice process - optional

Example: psf -s "pine -i" -d -n 19 ./john -session:websrv
$
I hope this is self-explanatory. psf will execute "command arg1 arg2", and it will appear to "ps" & "top" utilities as "string". All other options are... Uhm, optional! They are only useful to detach processes not designed to run as daemons. "-l" is a 'compatibility' switch that disables the weird trick used to override the detection of the real filename by some process listers (notably "top"). The default option may work unexpectingly on some systems (by the way, psf works fine on FreeBSD 4.3, Linux 2.4, NetBSD 1.5 & Solaris 2.7). To test psf, try this:
$ psf -s "pine -i" sleep 30 &
[1] 440
$ ps auwx
...
stas 84 0.0 0.6 2012 1232 pts/0 S 19:12 0:00 bash -rcfile .bashrc
stas 440 0.0 0.1 1204 376 tty2 S 20:09 0:00 pine -i

stas 450 0.0 0.4 2544 816 tty2 R 20:12 0:00 ps auwx
...
"sleep 30" process was spoofed as "pine -i". Please note the white line between PIDs 440 and 450. This occurs because psf uses whitespace (0x20) characters to shift the original process arguments away from the visible area Smiling
To understand how does psf works and learn how to compile it, just read the comments inside the source.

Share/Save/Bookmark

stas's picture
stas » May 5, 2006 » 01:57
C » console » hack » linux » opensource » software
attachment » add new comment » 4787 reads

ttysnoop for kernel 2.6

This project was made by a friend of mine, Vinicius Anselmo. He discontinued it's development (as it showed to be incompatible with later Linux kernels), so I proposed to host his work on my site.

ttysnoop is a small program made by Carl Declerck that allows an administrator to snoop on login terminal through another. It worked until kernel 2.4 because they still with BSD-style pty's support. Here it is a solution for 2.6.

Screenshot:

ttysnoop usage screenshot

SSH:

Is ttysnoop compatible with sshd? ttysnoop was created to work with inetd, however, there is a way to make it work with sshd.
First you will need the source code of the sshd. Edit the file configure and add these lines:
LOGIN_PROGRAM="/sbin/ttysnoops"
export LOGIN_PROGRAM
Now it is necessary to verify the paths, so that the new executable uses the same configuration files of your system. For my system I solved making this modification in pathnames.h:
// #ifndef SSHDIR
#define SSHDIR	ETCDIR "/ssh"
// #endif
And executing the script configure specifying a null prefix:
./configure --prefix=
Now compile the program. Make a backup copy of your /usr/sbin/sshd and put your new sshd in the place. That should work. If you are using RedHat or Fedora Core you can try to use my executable (see below).

Bugs:

After log out, it doesn't remove the pseudo-terminal entry. Meaning people showed up as still logged in when they weren't.
I use: who -u | grep -v ?
to see who really is on my system. I don't know how to solve it.

Share/Save/Bookmark

stas's picture
stas » May 4, 2006 » 13:09
C » console » linux » opensource » software
3 attachments » add new comment » 7695 reads

ToFroWin CR/LF converter

ToFroWin adds the following context menu into Windows Explorer (accessible with right mouse button click over file name):

ToFroWin context menu

It simply converts between the text line endings of UN*X (CR or "\n") and DOS (CRLF or "\r\n") systems. Actually this is a Win32 GUI port of Tofrodos Ver 1.7 by Christopher Heng. ToFroWin is also able to convert files in batch: just select multiple files and convert them with one click. Beware to not corrupt binary files!

Installation:
ToFroWin is too small and too simple to make a self-installation for it. It can be easily installed "by hand".
Extract archive to any directory ("C:\Program Files\"). Then go to this directory and execute "install.bat". To uninstall execute "uninstall.bat" and then simply delete ToFroWin files.

Installation on Vista:
Symptoms: during the install/registering the DLL, RegSvr32 pops up an error: 
The module "ToFroWin.dll" was loaded but the call to Dll RegisterServer
failed with error code 0x80070005. For more information about this problem,
search online using the error code as a search term.
Or, running as Administrator: 
The module "ToFroWin.dll" failed to load. Make sure the binary is stored
at the specified path or debug it to check for problems with the binary
or dependent .DLL files.  The specified module could not be found.
Solution: go to Start, Programs, Accessories, right-click on Command Prompt, run as Administrator, go to the folder you extracted ToFroWin to, and type "install".

Great thanks for Monk for discovering/fixing this Laughing out loud

Starting an internet business can turn to out to be very beneficial. Through a free software one can create the web design of the site. The domain web hosting can be bought for a very cheap rate. It would be advisable to use budget web hosting in the start though.

Share/Save/Bookmark

stas's picture
stas » May 4, 2006 » 13:04
C » GUI » opensource » software » windows
2 attachments » 6 comments » 28722 reads

rockin' PC speaker

Well, good old PC speaker is the only default hardware, easily available on almost all PC systems, and virtually unmuteable (actually, one can connect PC speaker output to his/her sound card instead of default buzzer, but this rarely happens Smiling. Thus, it is perfect for communicating critical states. But the default system beep is quite boring, and makes difficult to distinguish different events that are being communicated. So, here's my humble attempt to make a highly portable function that is able to play simple non-polyphonic music on the PC speaker. I used it originally to advise when someone tried to log in to my system through SSH daemon (thus the name "daemoniac" - demoniac Eye-wink. It was tested (and worked fine!) under:
  • DOS (DJGPP, Turbo C)
  • Windows 9x/NT/2K/XP (Borland C, Microsoft Visual C, MinGW)
  • Linux (gcc)
  • FreeBSD (gcc)
By default, demoniac will play Iron Maiden - Fear Of The Dark beginning. You can also compile it to play the simple "A#4 D#5 G5 A#5 G5 A#5" melody. Note that on UN*X systems, demoniac accesses hardware directly, and thus requires to run as root user. It's safe, through: it won't accept any command line arguments and neither process environment variables, so, at least, it can't be exploited with some buffer overflow technique. For detailed instructions about compiling demoniac on different compilers/systems, read the comments at the start of the source. Note that my package provides all the binaries generated on compilers/systems listed above.

Share/Save/Bookmark

stas's picture
stas » April 20, 2006 » 02:06
C » console » hardware » linux » music » opensource » software » windows
attachment » add new comment » 5887 reads

reg3dit

This one looks like and feels like the popular "Microsoft ® Registry Editor" (A.K.A. regedit.exe Eye-wink), specifically one that comes from Win2k default installation.
It only has one (significative) difference... It will never prompt you with following message box, when started:

"Registry editing has been disabled by your administrator."
"Registry editing has been disabled by your administrator."

This restriction is supposed to save users from themselves. Well, if you've successfully located an override (like mine Smiling), I hope you really know what's you're doing! My regedit clone will ignore administrator's restriction, which consist in the following registry patch:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000001
Then, you may use reg3dit to make all the changes you need (note that on Windows NT/2k/XP & superiors some keys would still give you "Access denied", as such OSes use per-user security policies). For example, you can unpatch that DisableRegistryTools thing and simply turn back to use default regedit.exe Smiling

P.S. - reg3dit has nothing to do with the leaked Win2k source!!! I've created it by my own.

Share/Save/Bookmark

stas's picture
stas » April 20, 2006 » 01:16
C » database » GUI » hack » software » windows
attachment » 4 comments » 6066 reads
XML feed