White snow | against the black ice ...

2009 was the first edition of BruCON, a non-profit conference meant to unite all the people in and around Belgium interested in discussing computer security, privacy and computer technology related topics. It was a great first edition thanks to the help of the sponsors and many volunteers.

I'm happy that I'll be able to play a (more significant) role in the organization of the second edition.

Do you have an interesting topic to present or a cool workshop? Have a look at the Call of Papers here.

I am currently working on an small application that needs to load kernel modules at the startup of the Android phone. I could eventually start up an Activity or Service using a trigger on the BOOT_COMPLETED_ACTION, (howto), but this creates some complexity as I need to load compcache kernel modules requiring lots of free memory.
Using a boot script is much better.

(Un)fortunately an application cannot change things in the /system partition as it is mounted in read only.

# mount
rootfs on / type rootfs (ro)
tmpfs on /dev type tmpfs (rw,mode=755)
devpts on /dev/pts type devpts (rw,mode=600)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
tmpfs on /sqlite_stmt_journals type tmpfs (rw,size=4096k)
/dev/block/mtdblock3 on /system type yaffs2 (ro)
/dev/block/mtdblock5 on /data type yaffs2 (rw,nosuid,nodev)
/dev/block/mtdblock4 on /cache type yaffs2 (rw,nosuid,nodev)
/dev/block/mmcblk0p2 on /system/sd type ext2 (rw,noatime,nodiratime,errors=continue)
/dev/block//vold/179:1 on /sdcard type vfat (rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1000,fmask=0000,dmask=0000,allow_utime=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8)

Fortunately, as I have root support on my phone, I can simply remount the /system partition as rw, do my change and then remount it back to ro.
Here is how you do this in java code:

public static void saveCommandsToBootFile(String script, String filename) {
	// first remount filesystem in rw
	// save the file
	// remount the filesystem back to ro
	String command = 
		"mount -o remount,rw /system \n" +
		"echo '" + script.replace("'", "\\'") + "' > " + filename + " \n" +
		"mount -o remount,ro /system \n";
	executeCommand(command);
}

public static void executeCommand(String command) {
	Log.d(MainActivity.LOG_TAG, "Executing the following commands: \n" + command);
	Process process;
	try {
		process = Runtime.getRuntime().exec("su -c sh");
		DataOutputStream os = new DataOutputStream(process.getOutputStream());
		//DataInputStream osRes = new DataInputStream(process.getInputStream());
		os.writeBytes(command); os.flush();
		// and finally close the shell
		os.writeBytes("exit\n"); os.flush();
		process.waitFor();
	} catch (IOException e) {
		e.printStackTrace();
	} catch (InterruptedException e) {
		e.printStackTrace();
	}	
}

Some remarks you could have:

• I didn't use java to write the file: Indeed, my java application runs in a limited environment and has no rights to write to /system/, even mounted rw. I would need to write the file temporary somewhere else, to then move it back to the final location. This looks a little to complex.
• I escape the ' quote in the script to prevent my echo foo > bar failing.

I just released a new version of TunnelDroid adding support for traffic statistics. Go to the Market to update...

From now on you will be able to find me on Twitter using my short name: @cvandeplas. Feel free to follow me.

• Security conferences
• TunnelDroid developments
• FOSDEM related
• BruCON related
• Hackerspaces.be related
• Overall security things (low traffic)
• Overall open source things (low traffic)

Some long time ago I made a call for help to get OpenVPN working on the Android platform. There were two places where work had to be done: porting openvpn and writing a GUI enabling you to start/stop/interact with tunnels.

It took some time but finally someone made the necessary patches to get openvpn running. It was then time for me to get into action and continue the work on a GUI wrapper.

The first releases supported only hardcoded usernames and passwords, but I finally released a new version supporting authentication prompts. If you want to install it simply search for TunnelDroid on the Market.

On the technical part this is how the app is structured:

• Main GUI Intent listing the configurations
• Second Intent to edit the configurations
• Service managing the openvpn binaries and the tunnel-inteligence
• Thread to stop openvpn after a timeout, this is necessary as otherwise openvpn will not stop try connecting
• Thread to interact with openvpn using a network socket and the openvpn management interface
• Intent displaying the connection logfile, logfile can be emailed by a simple click
• Status Bar Notification when the tunnel is up

Of course the code is released as open source and can be found on sourceforge.
Below you can see some screenshots.

Yesterday evening I planned the upgrade of a server I share with a few friends. This server already hosts some bigger sites like Mechelenblogt and Hackerspace.be.
The server ran Ubuntu Jaunty but we needed to upgrade to Karmic because of new features in Apache we wanted.

Suprisingly Ubuntu has a better day to upgrade than the debian apt-get dist-upgrade + change your /etc/apt/sources.list to reflect the new repositories.
You simply need to type do-release-upgrade followed by enter and an interactive upgrade process will do all the work for you.

There were no issues at all with the upgrade. With all the reading and double checking what it did the upgrade took only 50 minutes. Ubuntu++, Linux++, opensource++ is my conclusion.