Reverse-engineering security-oriented LPS liveCD to add or remove binaries etc
 

This very secure live CD is aimed at members of the armed forces but also the general public and works extremely well even in old hardware:

http://spi.dod.mil/lipose.htm

It would be nice if this live CD or usb flash equivalent could be changed to add or remove a couple of binaries and default to another screen resolution and keyboard layout.

Any chance of changing this live CD with a little help from security experts here, as this is not just any trivial live CD but there are probably protections against messing with it and no sources?

Does this not contain the source you are seeking?

http://spi.dod.mil/docs/lps1.5.1_src.tar.bz2

You're lucky notKlaatu did your research for you: next time please put in some effort. More importantly should there have been any such protection then LQ would not have been the place to ask. Please be mindful of the LQ Rules.

Searching for the sources would be like searching for the sources of Kaspersky antivirus. Surprisingly some sources are available, but it remains to be seen if the entire live CD can be built from them. The latter is a discussion for a site where all moderators have basic social skills and no psychological luggage, so feel free to close this topic too.

Personally, I didn't find this post "alarming."

Reading the web page, I see that the stated intent is: Obviously, no one is terribly concerned about "reverse-engineering" a thing like this. What they obviously wanted was a "plug it in and boot it on anything, then reboot as-normal and nothing has changed" thing to carry with you.

Nice. Sure could be handy, say, on a hotel computer. I might make me a copy ... "my tax dollars at work." ;)

Since the ISO has been updated very recently, I think that the thing to do, if you want changes such as different resolutions or keyboard layouts, is to contact the military group that's responsible for it. They even provide a web-address at the bottom of the page. Let them make the suggested changes, if they will.

Let's emphasise once more that reverse-engineering (in the true sense of the word) or bypassing any copyright protection simply are NSFLQ, period.


You'll have to do way better than that to get to me or any moderator on LQ ;-p
Still I suggest you leave that kind of demeanour at the door. For your own sake.

What exactly are you trying to change? It is not exactly like a needle-in-a-haystack; there are known places for system settings to be set, so you can go in, find the config files that set a lot of the most common things, and then create your ISO.

If you are saying that that is too hard, then maybe just try a liveCD of any given distro, like Slax or Puppy; they both can be written to USB and set to load settings upon boot. My Slax image, which I carry on my keychain, is all set up the way I like it; I never have to set resolution or anything like that.

I have a friend who uses this DoD image for work. I do not use it but I have seen it in use and as far as I can tell, it does not offer anything that any other Linux distro offers aside from two things: some VPN tools specifically geared toward specific departments (but nothing you cannot set up yourself), and out-of-the-box support for thumbprint and some kind of security card scanning.

Nothing magical about it, so if looking through source code and config files is of no interest to you, just grab a live distro and start customising.

I've already replied to a number of recent posts on this topic. You can somewhat easily add what you want to the distro.

The system as offered is a limited distro but quite capable. There isn't any "protection" on it. You can modify it. It is some version of a squashfs. It is a compressed glob of files. If you want to add to busybox then the easy way is to use alias. Otherwise you have to totally remaster busybox in that version. I've remastered a number of versions of that distro a few years ago. Neat little distro. Fast, runs on common stuff. Fun.

So you have been modifying live CD's without having the sources at all but just from the .iso's? This is the definition of reverse-engineering. And of course it is totally ethical as there is no commercial product here, nobody is losing any money. The product is not even freeware, it is open-source with no protection.

But when it is you doing the reverse-engineering, it is ok - you are not one of the targets of the resident bully like I am.

There are some crucial differences with this live CD that are uncommon in live CD's, and I have tried lots before settling to this one for my shopping, for example:
- by default it loads entirely into ram without any need to type bootcodes like "toram"
- this "toram" boot happens very fast because the o/s is so small
- it is deliberately minimal, only the essentials for browsing, a minimum attack surface
- the root account is disabled
- it cannot leave any traces on the hdd even if you download and execute a trojan
- firefox runs faster than in all current distro's that have the latest version of it that I know of (distros with old versions not a fair comparison and not secure anyway)
- firefox is configured with a very security-oriented set of addons like "https everywhere" etc
- firefox plugins are minimal and disabled by default
- the about:config has probably been fiddled with too for maximum security
- if anyone wants to discuss more security features it comes with, drop me a PM, because this is off-topic and would give the excuse for closing the thread, once again.

So what is the command to unpack the .iso to the level where you can edit the xorg.conf, and repack it?

If you have a tar file and add/remove some files from it, have you reverse-engineered anything? I would say no, even if you added/removed some executables that you don't have the source for. An iso is just a container file, not much different from tar conceptually. If you do define this as reverse-engineering, any WinZip user could be called a reverse engineer which is a bit ridiculous.

If you unpack the .iso with any archiver you do not see the xorg.conf, it is far more involved than that.

No, it is not. Remastering an live-system that is delivered on a squashfs is basically this:
1. Mount the squashfs that contains the file-system and copy it to a work-directory.
2. Make your changes in the work directory.
3. Use squashfs tools to create a new squashfs from the work directory.
4. Use a tool like mkisofs to create a new ISO that contains your squashfs instead of the old one.

What he said.

Did you use the search feature for other posts on this subject?

I have asked before elsewhere, but didn't find anyone expert enough for this one and google searches for "edit a live CD" did not get far either.

Here's where it gets too hard: if you unpack the .iso with Archive Manager for gnome, you get the following directory structure:

Where's the squashfs of your instructions? That will reveal all files including xorg.conf?

Would the "toram" feature simply duplicate some dir structure from a tarball somewhere in the above dir structure? Or are the wanted files generated, not copied?

In other words, might xorg.conf be generated at boot time, based on some other configuration file that is yet to be identified?

What if resolution is chosen based on the detection of the display and its maximum resolution? Doesn't seem to detect mine though, how do I set the default resolution in that case?

That's why I think this is not trivial for the average visitor of this forum.

And crucially, if thinstation does things too differently from what you guys are familiar with and you have to discover its unknown config files for resolution and keyboard layout, can we then call it reverse-engineering? Of course we can.

But it is ethical, and it is not breaking any law either.

We can infer from the size that all the good stuff is inside initrd:
initrd stands for initial ramdisk, which explains why you don't need to use the toram feature.

The format is probably a gzipped cpio archive, you can use the file command to check:
The cpio command can be used to extract/modify it.

Here's a reasonable looking guide: How to change files in a initrd image

You can call unpacking archive files reverse-engineering if you really want to, but I still won't.