Attention: open in a new window. PDFPrint

How To: Hijacking the syscall table on latest 2.6.x kernel systems

Last Updated on Saturday, 19 June 2010 10:30 Saturday, 19 June 2010 09:40

Well. Some days ago I just wrote a simple how to describing how you could easily add a simple keylogger to the keyboard event chain within the kernal as a module. Now, hooking into the keyboard driver is one thing but there are several other ways to get out valuable information from a system or even modify basic operations to force the system doing some unexpected things. One way to archive this is hijacking the sys_call_table containing all important operations you might perform within userspace that need to be executed by the kernel like: creating, deleting, moving, editing, reading files, forking, executing applications, etc...

All theese operations are handled within the kernel. The operations are knows as sys_calls or kernel_calls and are executed using the software interrupt 0x80 (which might be interesting if you are playing around with assembly language within linux which is quite fun ;) ). To handle those syscall the kernel uses the sys_call_table which contains the addresses of all those syscall operations. So, the sys_call_table is just a big array ordered by the number of the syscall. In assembly this means something like this:

Read more: How To: Hijacking the syscall table on latest 2.6.x kernel systems

Attention: open in a new window. PDFPrint

Tinyproxy supports IPv6!!!

Last Updated on Tuesday, 13 April 2010 19:51 Tuesday, 13 April 2010 19:48

As I reconfigured my IPv6 tunnel over (my tunnel-broker) I just searched for a way to use IPv6 through my proxy. I found out that tinyproxy supports IPv6 since version 1.8.1. So I added it to my layman overlay. The IPv6 support worked right out of the box.

Attention: open in a new window. PDFPrint

Hacking your ONYX BOOX 60 (Part I)

Last Updated on Sunday, 19 September 2010 12:11 Saturday, 06 March 2010 20:35

As today was the last day of the CeBIT 2010 in Hannover I just decided to grab one of the tickets remaining in my ticket deck. Normally I just try to avoid to visit the CeBIT on weekends as the halls are getting really crowded around noon because it is the day where crowds of pupils and young studends come to grab some ballpens and useless junk throws around by hardware manufacturers like nVidia and AMD.

Nevertheless I just decided to go there again and it turned out that it was a great plan as I have brought a ONYX BOOX eBook-Reader home, the one presented by ONYX on this website:

ONYX BOOX without lether  cover

Read more: Hacking your ONYX BOOX 60 (Part I)

Attention: open in a new window. PDFPrint

VMWare Server 2.02 and Firefox 3.6

Friday, 19 February 2010 19:17

Some days ago I have had a little fight with my VMWare Server 2.02 again. After updating my system I have not been able to access my virual machine management page using firefox anymore. I found out that this is a known issue after updating firefox to version 3.6.  After accessing the web frontend I could not see the login form anymore. Checking the hostd.log showd a bunch of messages like

SSL Handshake on client connection failed: SSL Exception: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized

This can be fidex by reenabling the ssl2 support in firefox 3.6. Just enter the url about:config in your firefox address line and enable the


entry by setting switching it to true by just double clicking the entry.


The next problem is that you will not be able to use the remote console anymore as it is not compatible with the Firefox 3.6 anymore, but you can execute the plugin directly on your terminal which works great. It also allows you to forgo the web interface to startup and use your local machines. All you need to do is unzipping the browser plugin. On gentoo is can be found at


On Linux you can just unzip the vmware-vmc-linux-x86.xpi or vmware-vmc-linux-x64.xpi (files are just zip archives). Within the file you can find a vmware-vmrc script (plugin-directory). Calling the script should open a user interface where you can enter the address of your vmware-server web-frontend (for example localhost:8333 using the default ssl frontend port) and your login credentials. After entering this information you will get a list of all virtual machines installed in your inventory. Just select the desired virtual machine. If the virtual machine is currently not running, vmware will automatically boot it up.



Attention: open in a new window. PDFPrint

Android: Linux or not?

Last Updated on Monday, 15 March 2010 15:42 Sunday, 24 January 2010 21:33

As google has released the nexus some weeks ago you can find articles about android all over the press. One interesting fact is that most authors speak of android as linux whereas google has stated clearly that android is not linux in the past. As this also includes the technical press there is much confusion about this topic. So, why does the whole world speak of android as linux?

The main fact is that android has been build upon the linux kernel. The kernel manages the system resources, file and process access, device drivers and inter process communication. It does not contain any user-space functions like the user interface or even basic terminal commands like ls, cp, cd and so on. This means that having a linux kernel alone does not allow you to access your system at all.

When Linus Torvald started to speak of his early system as Linux it only consisted of this kernel. Some years later it was used as the kernel for the GNU-utils because they lacked a kernel backend. The naming conventions changed this days as Linus Torvald started to speak of linux as the combination of his kernel and the GNU utilities that provides the userspace applications within the current linux systems. So basically speaking of linux includes the kernel and the GNU utilities.

So let’s get back to android again. Android has been build upon the linux kernel but it does not contain any of the userspace applications as it provides its own. Google implemented a JavaVM based on the kernel to provide all userspace applications. So, the linux kernel is used as a hardware abstraction layer. This differentiates android from other embedded systems based on linux like the operating system on the nokia n900.

In my opinion you should carefully separate the linux kernel from the linux system (or a linux distribution). I support the position of google that speaking of android as linux is not right as it has nothing in common with a linux system except its kernel.

Attention: open in a new window. PDFPrint

Xorg, evdev and vmware-server

Last Updated on Saturday, 23 January 2010 11:09 Friday, 22 January 2010 21:41

I just decided to remove my outdated xorg.conf and switch to the really nice hotplug features of the new Xorg server. I thought that it would be a good idea to switch von old kbd to the evdev keyboard driver. After removing my xorg.conf and updating my keyboard layout configuration everything worked quite fine.

Okay, let’s say: Everything but vmware-server. Directly after the update, the vmware-server 2 console messed up my keyboard input ignoring all special keys like the arrow-keys. Even the keyboard layout did not fit my system settings. As it is a known issue there is a workaround available:

Just add the following line to your /etc/vmware/config (or to your $HOME/.vmware/config as well):

Read more: Xorg, evdev and vmware-server


Page 1 of 2