Monday, June 13, 2016

with what? you ask...with this tricky chit to their reverse poison:

Really, what I am trying to accomplish in the client is 

1) Subscribe to channel XYZ normally, with attached callbacks, etc

2) Construct a well-formed JSON message that would be similar to one

normally received by XYZ, but instead it was formed by the client

3) Send the message through the normal WebSync message-received

functions, which ultimately will call the originally attached

callbacks as if it had been a normal message

My use case here is that I am getting data from a WebSocket connection

(non WebSync) that is forming JSON messages in the same format as

would normally be processed by WebSync.  And instead of parsing the

messages myself and determining the correct callbacks based on the

channel, just pass it off to your wonderfully written JavaScript

client library that already does this sort of heavy lifting :).

I don't need to actually publish the message to the server because

this data is coming from another source, and would be for all

subscribers (in my case, using websockets because the data is *very*

high frequency, and necessitates low latency).

Speaking of which - are WebSockets still on your roadmap?  I know that

they were pulled out of the HTML5 spec and instead put into their own

specification.  And I also know that while WebSockets are supported in

*some* browsers, they are not in all (of the major ones, that is), and

FF4 will have them disabled by default


https://support.frozenmountain.com/hc/en-us/community/posts/200235809-Manually-send-message-through-event-loop 

AND WHY NOT DEACTIVATE THE SERVER (lm) HASH ?

Disable Storage of the LM Hash

The LM hash is a horrifying relic left over from the dark ages of Windows 95. Also known as the LanMan, or LAN Manager hash, it is enabled by default on all Windows client and server versions up to Windows Server 2008 where it was finally turned off by default (thank you Microsoft).
So what’s wrong with the LM hash? Lets look at exactly how the LM hash is computed, via Wikipedia:
  1. The user’s ASCII password is converted to uppercase.
  2. This password is null-padded to 14 bytes.
  3. The “fixed-length” password is split into two 7-byte halves.
  4. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream, and inserting a null bit after every seven bits (so 1010100 becomes 01010100). This generates the 64 bits needed for a DES key. (A DES key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. The null bits added in this step are later discarded.)
  5. Each of the two keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values. The DES CipherMode should Set to ECB, and PaddingMode should set to NONE.
  6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.
If your eyes glazed over reading that, that’s ok. Basically two major bad things happen when Windows computes the hash:
  • The password is first converted to all uppercase.
  • The password is split into 2 different 7 byte chunks, which can be attacked separately.
Due to these weaknesses in the hashing process, and the prevalence of the time-memory tradeoff attack using Rainbow Tables, it is possible to crack nearly all LM hashes in a matter of seconds or minutes. If a bad guy gets a hold of your hash file and it’s stored as LM you’re pretty much screwed. This is made many times worse if that hash file is from a domain controller as it then contains the passwords for every user in your organization.
Thankfully disabling the LM hash isn’t that hard. On your domain controller navigate to Start>Administrative Tools>Group Policy Editor>Computer Configurations>Windows Settings>Security Settings>Local Policies>Security Options. From here Scroll down to the “Network security: Do not store LAN Manager hash value on next reboot” setting and set it to Enabled.

Caveat emptor: although you’ve disabled the storage of the LM hashes, it doesn’t actually take place until users next change their password. If passwords aren’t changed after this setting is enforced, this is a moot point. I’ve seen environments that have this setting enabled but 90% of their passwords are still stored as LM because passwords are set to never expire, and users are never required to change their password. Once this setting is enabled, it’s not a bad idea to force a domain wide password reset.

Imagine you want to interrupt all NATO communications ! So, let's take a look at Unitronics, because its a different and special sniffer

Here's another question, how to gain access to usb ports which are blocked by the server and physical disabled

Contents

Overview

This page describes various ways of accessing hardware devices on Lazarus. These devices include, but are not limited to: ISA, PCI, USB, parallel port, serial port.
Uniform multi-platform access to hardware devices is not implemented by the Free Pascal Runtime Library (RTL) or by the LCL - the underlying operating systems are often different enough to make that very difficult. Therefore, this article will basically cover hardware access methods on different platforms. The code can be compiled on different environments using conditional compiles, like this:
 uses
  Classes, SysUtils, LResources, Forms, Controls, Graphics, Dialogs, ExtCtrls,
 {$IFDEF WIN32}
   Windows;
 {$ENDIF}
 {$IFDEF Unix}
   ports;
 {$ENDIF}
It is not known yet, if Mac OS X/x86 will allow HW access. It can disallow it, though I assume in that case, in time, drivers like io.dll will appear.

Parallel and Serial Comparison

ISA Cards, PCI Cards and the Parallel Port communicate with the computer using a parallel protocol. The Serial Port and USB devices work with a serial protocol. Because the processor and thus programming languages all work on a parallel approach to data, access to this kinds of protocols is easier to be implemented on the software side. When you access an Integer variable, for example, you can access it's value with a single command. With a serial protocol, however, you can only know one bit at a time, and you need to glue the pieces together to understand the data.
Serial communication is difficult to be implemented directly, but it can be pretty easy if you use a pre-made component. It is also harder on the hardware side, so many devices use specialised Integrated Circuits or even Microcontrolers to implement it.
Now a brief comparison of hardware access protocols will be given:

Speed Hardware implementation difficulty
Serial Port Very slow (< E5 bit/s) Medium
Parallel Port Slow (~ E6 bit/s) Easy
ISA Card Medium (~ E7 bit/s) Medium
USB Medium (~ E7 bit/s) Hard
PCI Card Very Fast (> E9 bit/s) Very Hard

Parallel Communication

Using inpout32.dll for Windows

Windows has different ways to access hardware devices on the 9x series and on the NT series. On the 9x series (95, 98, Me) programs can access the hardware directly, just like they did on DOS. The NT series (Windows NT and XP), however, don't allow this approach. On this architecture, all communication with hardware ports must be through a device driver. This is a security mechanism, but developing a driver can cost too much in terms of time and money for small projects.
Happily there is a library that solves this problem. If Windows NT is detected, it decompresses HWInterface.sys kernel device driver and installs it. If Windows 9x is detected, it simply uses assembler opcodes to access the hardware.
But how do I use the library? Simple! It has only two functions, Inp32 and Out32, and their use is quite intuitive.
We will load the library dynamically, so let's define both functions first:
 type
   TInp32 = function(Address: SmallInt): SmallInt; stdcall;
   TOut32 = procedure(Address: SmallInt; Data: SmallInt); stdcall;
  • Address represents the address of the port you desire to access
  • Out32 sends Data to the port you specify by Address
  • Inp32 returns a byte from the port you specify by Address
Now we can load the library. This can be implemented in a place like the OnCreate method of your program's main form:
 uses
 ....dynlibs...
 
 type
   TMyForm = class(TForm)
   .........
   private
     { private declarations }
     Inpout32: THandle;
     Inp32: TInp32;
     Out32: TOut32;
   .........
 implementation
   .........
 procedure TMyForm.FormCreate(Sender: TObject);
 begin
 {$IFDEF WIN32}
   Inpout32 := LoadLibrary('inpout32.dll');
   if (Inpout32 <> 0) then
   begin
     // needs overtyping, plain Delphi's @Inp32 = GetProc... leads to compile errors
     Inp32 := TInp32(GetProcAddress(Inpout32, 'Inp32'));
     if (@Inp32 = nil) then Caption := 'Error';
     Out32 := TOut32(GetProcAddress(Inpout32, 'Out32'));
     if (@Out32 = nil) then Caption := 'Error';
   end
   else Caption := 'Error';
 {$ENDIF}
 end;
If you load the library on OnCreate just don't forget to unload it in OnDestroy:
 procedure TMyForm.FormDestroy(Sender: TObject);
 begin
 {$IFDEF WIN32}
   FreeLibrary(Inpout32);
 {$ENDIF}
 end;
Here is a simple example of how to use Inp32 function:
 {$IFDEF WIN32}
   myLabel.Caption := IntToStr(Inp32($0220));
 {$ENDIF}
This code was tested with a custom ISA card on port $0220, using Lazarus 0.9.10 on Windows XP. Of course you will need to have Windows on your uses clause in order for this code to run.
Note-icon.png
Note: For deployment you need to include "inpout32.dll" in the same directory of our application. Also library have to be registered in system using administrator user on Windows NT/XP/2000 or elevated privileges on Windows Vista/7. This can be done by installation program such InnoSetup:
Filename: {sys}\rundll32.exe; Parameters: "inpout32.dll,IsInpOutDriverOpen"; WorkingDir: {app}; Flags: 32bit;

This is the homepage for the library: www.logix4u.net/inpout32.htm *see discussion*

Using assembler on Windows 9x

On Windows 9x you can also use assembler code. Suppose you wish to write $CC to the $320 port. The following code will do it:
 {$ASMMODE ATT}
 ...
    asm
        movl $0x320, %edx
        movb $0xCC, %al
        outb %al, %dx
    end ['EAX','EDX'];

Troubleshooting on Windows

One possible source of trouble using parallel hardware that does not support Plug And Play on Windows is that Windows may assign the port utilized by your hardware to another device. You can find instructions on the URL below about how to tell Windows not to assign the address of your device to Plug And Play devices:
http://support.microsoft.com/kb/135168

Using ioperm to access ports on Linux

The best way to access the hardware on Linux is through device drivers, but, due to the complexity of the task of creating a driver, sometimes a quick method is very useful.
In order to use the "ports" unit under Linux your program must be run as root, and IOPerm must be called to set appropriate permissions on the port access. You can find documentation about the "ports" unit here.
The first thing to do is link to (g)libc and call IOPerm. A unit that links to the entire (g)libc exists on free pascal, but this unit gives problems when used directly by application and linking statically to the entire (g)libc library is not a very good idea because it changes often between version in an incompatible manner. Functions like ioperm, however, are unlikely to change.
 {$IFDEF Linux}
 function ioperm(from: Cardinal; num: Cardinal; turn_on: Integer): Integer; cdecl; external 'libc';
 {$ENDIF}
  • "from" represents the first port to be accessed.
  • "num" is the number of ports after the first to be accessed, so ioperm($220, 8, 1) will give access for the program for all ports between and including $220 and $227.
After linking to IOPerm you can port[
] to access the ports.

 {$IFDEF Linux}
   i := ioperm($220, 8, 1);
   port[$220] := $00;
   myLabel.Caption := 'ioperm: ' + IntToStr(i);
   i := Integer(port[$220]);
   myOtherLabel.Caption := 'response: ' + IntToStr(i);
 {$ENDIF}
This code was tested with a custom ISA card on port $0220, using Lazarus 0.9.10 on Mandriva Linux 2005 and Damn Small Linux 1.5

General UNIX Hardware Access

{$IFDEF Unix}
Uses Clib;   // retrieve libc library name.
{$ENDIF}
 
{$IFDEF Unix}
function ioperm(from: Cardinal; num: Cardinal; turn_on: Integer): Integer; cdecl; external clib;
{$ENDIF}

Note that FPC provides an abstraction for ioperm called "fpioperm" in unit x86, and also defines fpIOPL and out-/inport functions. These functions are currently implemented for Linux/x86 and FreeBSD/x86.
It is not recommended to link to libc unless absolutely necessary due to possible deployment and portability functions. Also manual linking to libc (by declaring ad hoc libc imports for functions that are available elsewhere) like done above is not recommended (e.g. the above libc import line will unnecessarily fail if the standard C lib is not called libc, like e.g. libroot on BeOS, or on platforms with a non standard C symbol mangling).
Note 2 Using unit libc is not recommended under any circumstances other than Kylix compatibility. See libc unit

Status and control

Besides data lines, the parallel port also has status and control lines which are accessed using the status and control registers. While the base address accesses the data lines and reads or writes data bytes from/to them, the Status register is accessed on the address offset by +1 and Control register is accessed on the offset +2. For example, LPT1 (first parallel port on a PC) has the base address $378, so its Status register is at $379 and Control register at $380. To get individual status line states, you read a byte from its address and its bits represent those lines. Setting control lines is similarly done by writing a byte with accordingly set bits to the Control register.
Newer bidirectional parallel port versions have more registers on higher offsets. More details about them, together with information which bits map to which lines can be found here.
Most directly accessed hardware devices other than PC parallel ports are controlled in a similar way. Depending on the device in question, it is necessary to find out what registers are available (above mentioned control and status, but also address and other registers) and which bits represent which hardware functions.

Serial Communication

Synaser

It is very easy to build a serial communication software using the Synaser library. The example when used together with the Synaser documentation should be trivial to understand. The most important part is TBlockSerial.Config to configure the speed (in bits per second), data bits, parity bits, stop bits and handshake protocol, if any. The following code was tested with a serial mouse connected to COM 1.
program comm;
 
{$apptype console}
 
uses
  Classes, SysUtils, Synaser;
 
var
  ser: TBlockSerial;
begin
  ser:=TBlockSerial.Create;
  try
    ser.Connect('COM1');
    ser.config(1200, 7, 'N', SB1, False, False);
    while True do
      Write(IntToHex(ser.RecvByte(10000), 2), ' ');
  finally
    ser.free;
  end;
end.
The following code-example is an alternative version of the example above. The example above seems to have a critically fault in its main concept, to be exactly, it is the part with "while true do...". On the Test - System (Asus A6T Laptop with Digitus USB to RS232 Adapter, Ubuntu 8.04.1), this part caused the following error: The application ran only one time successfully per session, when the application was started again, the application was unable to connect to the serial port. Thus, a reboot was necessary everytime the user tried to relaunch the application, which is/was a really annoying bug.
The reason is not difficult to understand: The application is in the while true do - loop, which is, to be more precisely, an endless loop. There is no abort-condition, so the only way to close the application is to close the terminal or to press CTRL-C. But if you quit the application this way, the important part with "ser.free", which frees the serial port, will never be called. This problem is described in the following thread in the German Lazarus-Forum http://www.lazarusforum.de/viewtopic.php?f=10&t=2082
There is a bit code around the main application to make every user clear, not to press CTRL-C. If anyone is worrying, why /dev/ttyUSB0 is used for com-port: this is due to the USB to Serial Adapter (from Digitus) on the test-system. If you have an built-in serial port, please use the 'Com0' - declaration like in the code - example above.
program serialtest;
 
{$mode objfpc}{$H+}
 
uses
  {$IFDEF UNIX}{$IFDEF UseCThreads}
  cthreads,
  {$ENDIF}{$ENDIF}
  Classes,SysUtils,Synaser,Crt
  { you can add units after this };
 
  var l:boolean;
 
  function check_affirmation():boolean;
  var k:string;
  begin
       Writeln('To quit the application please do NOT use CTRL-C! Instead, please press any key to quit the application! '+
       'Please confirm this notification before the application continues! '+
       '[0]=Quit, [1]=Confirm, please continue! ');
       Writeln('Your decision: ');
       Read(k);
       if StrtoInt(k) = 1 then
       begin
            check_affirmation:=true;
            Writeln('OK, application continues ...');
       end
       else
       begin
            check_affirmation:=false;
            Writeln('Abort');
       end
  end;
 
  procedure RS232_connect;
  var
    ser: TBlockSerial;
  begin
    ser:=TBlockSerial.Create;
    try
      ser.Connect('/dev/ttyUSB0'); //ComPort
      Sleep(1000);
      ser.config(1200, 7, 'N', SB1, False, False);
      Write('Device: ' + ser.Device + '   Status: ' + ser.LastErrorDesc +' '+
      Inttostr(ser.LastError));
      Sleep(1000);
      repeat
        Write(IntToHex(ser.RecvByte(10000), 2), ' ');
      until keypressed; //Important!!!
    finally
      Writeln('Serial Port will be freed...');
      ser.free;
      Writeln('Serial Port was freed successfully!');
    end;
  end;
 
  begin
    l:=check_affirmation();
    if l=true then
    RS232_connect()
    else
    Writeln('Program quit! ');
  end.
Also, the External Links section has UNIX and Windows serial port tutorials.

It is also worth noting the function of the TBlockSerial.LinuxLock parameter under linux. When set to default of True, a connect will try to create a lock file (eg. "LCK..ttyUSB0") under /var/lock and fail if a lock already exists for the requested port. The lock file will be left over if Free was not called. Setting LinuxLock to False will make Synaser ignore port locking.

There are alternatives to Synaser; see below.

5dpo

There is also a visual component 5dpo that is based on Synaser.

TLazSerial

Based on 5dpo (and therefore Synapse): http://forum.lazarus.freepascal.org/index.php/topic,20481.0.html

FPC built in Serial unit

Another very simple fpc serial unit is now part of FreePascal (since version 2.2.2): just put Serial in your Uses list however there does not seem to be any documentation other than the Serial.pp source file and some discussions.
A simple example using FPC 2.6.2 on WIN7.
Program TestSerialPortCom;
{
  Usage options:
  TestSerialPortCom  => uses default COM1
  TestSerialPortCom 8 'Hello' => uses COM8 and output 'Hello' to port before waiting for an answer
 
  the program will open an serialport and output Hello, after that the code will wait unitil a CR (#13) is recieved
  or a key is pressed.
}
uses
     serial, crt;
 
VAR
   serialhandle : LongInt;
   ComPortName  : String;
   s,tmpstr,txt : String;
   ComOut,ComIn : String;
   ComPortNr    : integer;
   writecount   : integer;
   status       : LongInt;
 
   BitsPerSec   : LongInt;
   ByteSize     : Integer;
   Parity       : TParityType; { TParityType = (NoneParity, OddParity, EvenParity); }
   StopBits     : Integer;
   Flags        : TSerialFlags; { TSerialFlags = set of (RtsCtsFlowControl); }
 
 
   ErrorCode    : Integer;
 
BEGIN
      ComPortNr:=1;
      tmpstr:='';
      txt:='';
 
      writeln('Parameters ',ParamCount);
      if (ParamCount>0) then
      begin
        tmpstr:= ParamStr(1);
        val(tmpstr,ComPortNr,ErrorCode);
 
        if (ParamCount>1) then
        begin
          txt:= ParamStr(2);
          {val(tmpstr,ComPortNr,ErrorCode);}
        end;
      end;
 
      str(ComPortNr,tmpstr);
 
      ComPortName:= 'COM'+tmpstr+':';
      writeln('Using '+ComPortname);
 
      serialhandle := SerOpen(ComPortName);
      Flags:= [ ]; // None
      SerSetParams(serialhandle,9600,8,NoneParity,1,Flags); 
 
      s:=txt; // use the input text
      writeln('OUT '+s);
      s:=s+#13+#10; { CR + LF }
      writecount := length(s);
 
      status := SerWrite(serialhandle, s[1], writecount );
 
      // The next line is for debugging only!
      writeln('status: ', status, '   writecount: ', writecount);
 
 
      if status > 0 then
      begin
        writeln('Waiting for answer');
        { wait for an answer }
        s:='';
        ComIn:='';
        while (Length(Comin)<10) and (status>=0) and not keypressed do begin
 
          status:= SerRead(serialhandle, s[1], 10);
          if (s[1]=#13) then status:=-1; { CR => end serial read }
 
          if (status>0) then ComIn:=ComIn+s[1];
          if (status>0) then begin
            writeln(status,' ',length(ComIn),' ASCII ',ord(s[1]),' INP ',ComIn);
          end;
 
        end;
 
      end
      else
        writeln('ERROR - Unable to send.');
 
      SerSync(serialhandle); { flush out any remaining before closure }
 
      SerFlushOutput(serialhandle); { discard any remaining output }
 
      SerClose(serialhandle);
 END.

Serial port names on Windows

COM ports are named with a number on Windows 9x-based OSes (95,98,ME), e.g. COM1, COM30.
On Windows NT-based systems (NT, 2000, XP, Vista, Windows 7, Windows 8), COM ports are numbered too, but only for compatibility with DOS/Win9x.
Use this code to get the real name:
// ComNr is obviously the number of the COM port
if ComNr > 9 then
  Result := Format('\\\\.\\COM%d', [ComNr])
else
  Result := Format('COM%d', [ComNr]);

USB

libusb

A cross platform possibility for Linux, BSDs and Mac OS X is libusb.
Headers are listed in http://www.freepascal.org/contrib/db.php3?category=Miscellaneous:
name author version date link remarks
libusb.pp Uwe Zimmermann 0.1.12 2006-06-29 http://www.sciencetronics.com/download/fpc_libusb.tgz
libusb.pas Johann Glaser
2012-09-23 https://github.com/hansiglaser/pas-libusb includes OOP wrapper, see branch "libusb-1.0" for libusb 1.0
fpcusb Joe Jared 0.11-14 2006-02-02 http://relays.osirusoft.com/fpcusb.tgz download link broken
libusb.pp Marko Medic 1.0 2010-12-14 http://www.lazarus.freepascal.org/index.php/topic,11435.0.html

FTDI

If you use one of the chips from FTDI, you can use their pascal headers for their dll interface to the chips.

Devices in general

On Windows, you can manage devices from code. Please see here: Windows_Programming_Tips#Enabling_and_disabling_devices

See also

3 Ways to Open Command Prompt With Admin Privileges in Windows 8.x

I just wanted to give a quick heads up to admins using Windows 8 or planning to migrate users to W 8.x and then assist them as a support help. Things changes and the old days of  Windows XP are gone…. Oh well. Let’s move on. Before, there was a simple way in Windows 7 to launch command prompt window as an admin – with a right click on an icon which were in the “Accessories” folder within the start menu. Clean, understandable and I’d say normal. Things have changed in Windows 8.1 as there is no icon in start menu. (He he, oh well there is no start menu). So how to get around that and Open Command Prompt With Admin Privileges ?
I’ve started to use W 8.1 as probably many of you, after all, and in Windows 7 I have had a habit to open command prompt with a shortcut Windows Key + R where I type “CMD”. In W7 when logged as a domain admin this would normally opens a command prompt with admin privileges. However in W 8.1 if you logged as an domain admin, this opens a command prompt without admin privileges, so not good.
I’ll show 3 ways to Open Command Prompt with Admin Privileges in Windows 8.x

01. First Option

Hit Windows Key + X
Simple and easy. This brings a menu which has the option to open command prompt with admin privileges. Cool, anything else? Yes there are other ways to do it. Read on.
How to open the command prompt as administrator

02. Second Option

If you don’t have any alternative start menu installed, the when you hit the start icon it brings the start screen with the tiles. You can type in the search panel there. Just type “command prompt” and it will bring the icons you need. There you can simply right click and chose Run as administrator.
How to open command prompt as administrator in Windows 8.1

03. Third option

The third way is to simply right click the start button, which brings the menu we have opened in the First option! But that’s too easy as an option, isn’t it… I have another option while here. You can open simple norma (not admin) command prompt, and then type a command to open a privileged command prompt from there!
You simply type this:
runas /user:mymachineadministrator cmd
This brings another window, this time with admin priviledges…
In my example, my Workstation’s netbios name is SBOOK2, so I just typed:
runas /user:SBOOK2administrator cmd
You are prompted to enter the password for the local administrator account. (Note that you can reset this password via local management console (shortcut is compmgmt.msc ), if of course you are logged in with an account with sufficent priviledges.
How-to open the command prompt as administrator in Windows 8.1
I hope it helps to get you started. Enjoy…-:)

http://www.vladan.fr/3-ways-open-command-prompt-admin-privileges-windows-8-x/ 

How can I setup my home router for multiple external ip addresses?

Resumed on the comment :"Anyways, I'm using different firmware for my WRT54G and I believe it supports 1:1 NAT. I've also checked into DD-WRT and it definitely supports it.
Although, I'm thinking about buying/building a pfSense box. The ALIX boards loo
k nice but it seems like 22 MB connection is pushing against it's limit (espicially for VPN and even QoS I think).
I've read about the Cisco 871 but it seems a bit too pricey for fooling around at home.


 however :"to do Proxy ARP to announce to the WAN connection that it has more than one IP address, then it NATs traffic sourced/destined for that IP to the device on the LAN as you specify.
So you have one IP in use on the router/firewall for general in
ternet stuff, then a second one for the server you configure to use it with the 1 to 1 nat (and so on with the 3rd, and 4th IPs, or whatever you need).
Putting devices 'outside' the router/firewall is probably sub-optimal if you want them to enjoy the protection of NAT and any firewall features of your gateway device as well as residing on the LAN with your other computers for performance and ease of access etc. "


https://arstechnica.com/civis/viewtopic.php?f=10&t=1110455 

How To Fix "Access Denied" Error In Command Prompt

How to Find Administrator Account password using Command prompt_(infozone)

How To Install Any Software Without Admin Rights

Admin Creator: Part 1

Man in the Rain