avahi
disable broadcasting
# /etc/avahi/avahi-daemon.conf
# If enabled, no user service will ever be published
disable-user-service-publishing=yes
# The safest option, puts Avahi in a browse-only mode
disable-publishing=yes
convert cue/bin to iso
bchunk image.bin image.cue image.iso
File restoration
Backup your journal
debugfs -R "dump <8> /tmp/ext4.journal" /dev/mapper/vg0-home
debugfs 1.45.5 (07-Jan-2020)
Umount your disk as soon as possible and do not mount nor fsck it from now on. Check when your files were still there
ext4magic /dev/mapper/vg0-home -H -a $(date -d "-24hours" +%s)
Filesystem in use: /dev/mapper/vg0-home
|-----------c_time Histogram----------------- after -------------------- Fri Sep 10 11:01:57 2021
1631280357 : 0 | | Fri Sep 10 13:25:57 2021
1631288997 : 0 | | Fri Sep 10 15:49:57 2021
1631297637 : 0 | | Fri Sep 10 18:13:57 2021
1631306277 : 1 |* | Fri Sep 10 20:37:57 2021
1631314917 : 125519 |**************************************************| Fri Sep 10 23:01:57 2021
1631323557 : 0 | | Sat Sep 11 01:25:57 2021
1631332197 : 0 | | Sat Sep 11 03:49:57 2021
1631340837 : 0 | | Sat Sep 11 06:13:57 2021
1631349477 : 0 | | Sat Sep 11 08:37:57 2021
1631358117 : 0 | | Sat Sep 11 11:01:57 2021
|-----------d_time Histogram----------------- after -------------------- Fri Sep 10 11:01:57 2021
1631280357 : 204 |* | Fri Sep 10 13:25:57 2021
1631288997 : 2642 |* | Fri Sep 10 15:49:57 2021
1631297637 : 639 |* | Fri Sep 10 18:13:57 2021
1631306277 : 447 |* | Fri Sep 10 20:37:57 2021
1631314917 : 1795968 |************************************************* | Fri Sep 10 23:01:57 2021
1631323557 : 196 |* | Sat Sep 11 01:25:57 2021
1631332197 : 0 | | Sat Sep 11 03:49:57 2021
1631340837 : 0 | | Sat Sep 11 06:13:57 2021
1631349477 : 0 | | Sat Sep 11 08:37:57 2021
1631358117 : 0 | | Sat Sep 11 11:01:57 2021
|-----------cr_time Histogram----------------- after -------------------- Fri Sep 10 11:01:57 2021
1631280357 : 2491 |**************************************************| Fri Sep 10 13:25:57 2021
1631288997 : 2023 |**************************************** | Fri Sep 10 15:49:57 2021
1631297637 : 1742 |*********************************** | Fri Sep 10 18:13:57 2021
1631306277 : 2241 |********************************************* | Fri Sep 10 20:37:57 2021
1631314917 : 1969 |*************************************** | Fri Sep 10 23:01:57 2021
1631323557 : 0 | | Sat Sep 11 01:25:57 2021
1631332197 : 0 | | Sat Sep 11 03:49:57 2021
1631340837 : 0 | | Sat Sep 11 06:13:57 2021
1631349477 : 0 | | Sat Sep 11 08:37:57 2021
1631358117 : 0 | | Sat Sep 11 11:01:57 2021
ext4magic : EXIT_SUCCESS
List files within this point of time
ext4magic /dev/mapper/vg0-home -a 1631306277 -f / -l
Now restore your files
ext4magic /dev/mapper/vg0-home -j /tmp/ext4.journal -M -d /mnt -a 1631306277
ffmpeg
capture screen
ffmpeg -video_size 1920x1080 -framerate 30 -f x11grab -i :0.0+0,0 \
-c:v libx264 -qp 0 -preset ultrafast \
output.mkv
cpio
extract cpio.gz initrams
gunzip -c initram.cpio.gz | cpio -idv
Dumping BIOS
A short investigation in x86 architecture states out that the very first bytes in memory address are
more or less standardized and linux kernel provides /proc/iomem as the systems memory map.
grep ROM /proc/iomem
000f0000-000fffff : System ROM
So that map shows that System ROM is located at registers mapped to address space 0x000f0000 to 0x000fffff
which should be the case for most x86 devices because this seems to be x86 architecture specific.
Well, the address space reserved for System ROM is 64k (65535). Since System ROM starts
at 0x000f0000 we have to skip the first 15 blocks and dump the whole 64k.
dd if=/dev/mem of=/tmp/pcbios.rom bs=64k skip=15 count=1
One may experience access permission issues like
dd if=/dev/mem of=/tmp/pcbios.rom bs=64k skip=15 count=1
dd: reading `/dev/mem': Operation not permitted
which I faced e.g. on Ubuntu 20.04. I'm pretty not sure which subsystem blocked that access and I was too lazy to dig into it just for the sake. I'm not using Ubuntu that much but it's perfect when it comes to compatibility tests on new bought hardware. If one figures out whether it was a kernel lockdown or something else please spot that out and I will come back to it.
As for now I know it's unrelated to CONFIG_DEVMEM_STRICT which I already disabled on boot via
appending strict-devmem=0 to kernel arguments line. Afterwards I noticed that a strict devmem
module should restrict access while reading more than 1MB from /dev/mem. We're reading 64k.
Nevertheless I switched over to another live distro that's more - let's say - developer friendly in that specific case and tried it again.
ip utils
rename interfaces on the fly
ip link set <iface> down
ip link set <iface> name new0
ip link set <iface> up
bond interfaces
add interface to bond
ifenslave bond0 eth0
drop interface from bond
ifenslave -d bond0 eth0
lvm
mounting partitions inside of a lv
kartpx -a /dev/mapper/vg0-lvname
losetup /dev/loop0 /dev/mapper/vg0-lvname1
mount /dev/loop0 /mnt
# other way around
umount /dev/loop0
losetup -d /dev/loop0
kpartx -d /dev/mapper/vg0-lvname
mdadm
increase sync speed
cat /proc/sys/dev/raid/speed_limit_min
1000
cat /proc/sys/dev/raid/speed_limit_max
200000
echo 400000 > /proc/sys/dev/raid/speed_limit_min
echo 400000 > /proc/sys/dev/raid/speed_limit_max
mdev
autoload
/usr/bin/find /sys -name 'modalias' -type f -exec /usr/bin/sort -u {} \; \
| /usr/bin/xargs /sbin/modprobe -b -a 2>/dev/null
NetworkManager
Disable connectivity checks
NetworkManager is calling a public webservice on a regular basis to check whether your network connection has internet connectivity or not.
One may not want to tell people outside about your presence and therefore might want to disable this check.
cat >> /var/lib/NetworkManager/NetworkManager-intern.conf <<EOF
[connectivity]
.set.enabled=false
EOF
screen
keyboard shortcuts
| shortcut | description |
| -------------- | ------------------------- |
| ctrl+a shift+f | resize window |
| ctrl+a shift+s | split window |
| ctrl+a tab | switch window |
| ctrl+a esc | enable buffer scroll mode |
dealing with device node permissions
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1234", ATTRS{idProduct}=="1234", GROUP="users", MODE="660"
predictable network interface names
how to use oldschool interface names
# cmdline
net.ifnames=0 (might also need biosdevname=0)
# since v209
ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
# before v209 / eudev
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
analyze memory leaks
valgrind --leak-check=full \
--show-leak-kinds=all \
--track-origins=yes \
--verbose \
--log-file=/tmp/memleak.log \
./binary [args]
wireguard
mobile deployment
qrencode -t ansiutf8 < wg0.conf
█████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████
████ ▄▄▄▄▄ █ ▀▄ ▀█▄ ▀██ ▄▀ ▀▀▄▄▀█▄█▀███▀ ██▀▄▄█ ▄ ██ ▄▄▄▄▄ ████
████ █ █ ██▄▀▀▄▀▄ █▀ ▄██▀ █ ▄▀▄ ▄▄▄▄▀▄▄ █▀▄ ▀▀█▀▄ ██ █ █ ████
████ █▄▄▄█ █ ▄▀ ▄▀ ▄▄▀█▀█ ▄▄ ▄▄▄ ██▄▄▄▄▄▄█▄▄ ██▀▀▄██ █▄▄▄█ ████
████▄▄▄▄▄▄▄█ ▀▄▀ ▀ █▄▀▄▀ █ █▄█ █▄█ ▀▄▀ █▄█ ▀▄▀ ▀▄▀ █ █▄▄▄▄▄▄▄████
████▄▄ ▀█▄▄▀▄ █▀▀ ▄█▄▄▄█ ▀▄▀ █ ▄▄ ▄ ▄▀▄█▄ █ █▄ ▀▄ █▄▄ █▀ ▄████
███████▀▄▄▄▄█ █▄ █▀ ▄ █▀▀ █▄▄▄▀ ▄▄▄█▀█▄▄▀█▄ ▀█ █▀█ ▄▀▀█▄█████
████▄▀ █▀▄▄ ▄ ▄▄███ ▄▄▄██▄▄▄▄▀▀ ▀▄▀▀▀▄▄▄▄▀███ ▀ █▄▄▀▄█ ▄▄▀█████
████▀ ▄▀▀▄ █▀▄█ ██▀ ▀█ ▀██▄▀▄█▄ ▄ █▀▄ ▄█▄ ▄█▄█▄▄▀ ▀▄▄ ▄▀ ████
████▄▀▄▄▀▀▄▀▀ ▀███▄▄█▀ █ █▀█▄ █▀█▀▀▄▀▄ ▀▄ ▀▀ ▀▀▀█▀▄█▄███ █████
████ █ █▄█▄██▀ ▄▄ ▄██ ██ █▀█▀▀█▄█ ▀▄▀▄▀▄█▄█▄▀ ▀▄██ ▄▀█▀▄█▄████
████▀█ █▄▄▄ ▄ ██▀ ▄ ▄▄█▄▄ ▀ ▀▀██ ▀██ ▀▄██▀▄ ▄▄█ █ ▀▄▀ ▄████
█████▄███▀▄█ █ █▄▀▀ ▀ ▀█▄██ ▀ ▀ ▀▄▀▄█▄▄██ ▀▄▄█▀▄▀ ██▄█▄▀▀ ▀▄████
████▄▀█▄ █▄ ▄▄ ▀▄▀█▀▄ █▀▄ ██▄▄▄▀██▀█▀▄▀▄▄█ █▄ ▀▀▄ ▄▀ ▀ ▄ ▀▄████
████ █ ▄▄▄ █▄▄█▄▀█▀█▀▄ ▄▄ ▄▄▄ ██▄ ██ ▄██▄ ▀█▄▀ ▄▄▄ ▀▄▀▀████
████▄ ▀█ █▄█ ▄▄▀ ▀▀▄▀██ ▄ ▄▀ █▄█ █▄ ▄▀▄▄█ ▄▄▄▀ ▀▄▄ █▄█ ▄█ █████
████▀▀ ▀▄ ▄ ██ ▀▀▀█▀ ▀█▀ ▄█▀█▄▄ ▄ ▄█ ▄▄ ▀█▀▄ ▄██ ▄ ▄ ▀ ▀████
████▀▀▄ ▄▄▄▄▀▀█▄▄ ▄▄ █ ▀ ▄█ ▄ ▀██▀ █▀▀ █▄ ▀█▄▀ ▀▀██ ████
█████▄█ ▄▄▄▄▄ █▀ ▀ █▀ ▄█▀ ▀██ █▀ ▄▄███▄ █▄▄▄▀▄▄▄██▄▀▄██▀█████
█████▀ ▄▄▄█ ▄▄ ▄▀▀█▄█▀ ▄ █▄▄▀█▄ ▀ ▀▄▄▄▄ █ ██ ▄█▄ ▀█▄ ▀▀ █████
████ ▄ ▄▄▄ ▄ █ ▀█▀█▄ █ ▀ ██▄▄▄█▄▄ ▄██▄▄▄▀ █▄ ▄▄ ▄██▄ ▄▀▄▄████
████▀▀█ ▀▄█ ▄ █ ▀▀▀▄▀▄▀▄▀▄ ▄▄ █▄ ▀ ▄▄▄▀ ▀▄▄▄▀▄ ▄ █▀█ ▄▄█ ▄████
███████▀██▄▀ ▄▄██▀█▄ ▄▀ █▀▀▀ █ ▄▄▄██ ▄▀█▀ █▀▀▄█▄█ █▀ █ ▀████
████▄▄ ▀█ ▄▄ ▀██ ▀ ▀█ ▄▄████ ▄ ▄█ █▄▄▄▀▄▀▀▄ ▀█▄▀ ▄▀▄▄█▄██▀▄█████
████ ▀ ▀▀▄▄▄▀▀█▀▀▀ █▀ ▀█▀ ▀▄▀▄▄██ ▄▄ ▄ █▄▄▄▄▄█ ▄▄▀ ▀▄██▄▀ ▀████
██████████▄█ █▀ ▀▄█ █ █▄█▀▄ ▀ ▄▄▄ ▀█ █▀▀▀▀ █ ██ ▄▄▄ ▄ ▄▀████
████ ▄▄▄▄▄ █▀▄▄ █ ██ █▀▄ █▄█ █▄█ ██▀▄▀▄▀ ▄▄▀ ▀█ █ █▄█ ▀█ ████
████ █ █ ██▄ ▄▄█▀ ███▄▀▄ ▄ ▄ ▀█▄▀▄▄█▄▄▄▀█▄▀█ ▄▄▄▄ ▀▀▄▄████
████ █▄▄▄█ █ █▀█ █ ▀█▀█▄ █ ▀▄██ ▀▄▄ ▄▄▄ ▄▄ ▀▄ ▀▄▀███▄ ▄▄▄████
████▄▄▄▄▄▄▄█▄▄██▄▄▄█▄▄▄█▄██▄▄▄▄▄█▄▄██▄█▄▄▄▄█▄█▄██▄▄▄▄▄██▄▄▄█▄████
█████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████
usb device reverse engineering
modprobe usbmon
# determine usbmon interface and device address
lsusb | grep "<vendorId>:<productId>" | awk -F ':' '{ print $1 }'
wireshark
Capture traffic on usbmonX where X is the busId. Set the filter for your device
via usb.bus_id == <busId> and usb.device_address == <deviceAddr>
Setup windows virtual machine, passthrough usb device and install driver and corresponding software.
Now trigger actions while wireshark is capturing traffic at linux level.
xorg
X composite extension
the protocol specifies that the returned version will never be higher then the one requested.
int major = 0, minor = 2;
XCompositeQueryVersion(dpy, &major, &minor);
feature matrix
| version | NameWindowPixmap |
| ------- | ---------------- |
| 0.2 | x |
aliases & functions
# usage: eol <file>
function eol() {
if [ -n "$(tail -c1 ${1})" ]; then echo "file has no eol"; return 1; fi
}
# usage: lxenter <lxc> [<user>]
function lxenter() {
if [ "${1}" = "" ]; then echo "USAGE: lxenter <lxc> [<user>]"; return 1; fi
RUN="lxc-attach -n ${1} -- /bin/su -l ${2}"
if (( EUID != 0 )); then RUN="su -c '${RUN}'"; fi
eval ${RUN}
}
# usage: pwgen [<len>]
function pwgen() {
< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32}; echo;
}