LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-24-2014, 06:08 PM   #1
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,164

Rep: Reputation: 45
Reverse-engineering security-oriented LPS liveCD to add or remove binaries etc


This very secure live CD is aimed at members of the armed forces but also the general public and works extremely well even in old hardware:

http://spi.dod.mil/lipose.htm

It would be nice if this live CD or usb flash equivalent could be changed to add or remove a couple of binaries and default to another screen resolution and keyboard layout.

Any chance of changing this live CD with a little help from security experts here, as this is not just any trivial live CD but there are probably protections against messing with it and no sources?

Last edited by Ulysses_; 08-24-2014 at 06:14 PM.
 
Old 08-24-2014, 06:18 PM   #2
notKlaatu
Senior Member
 
Registered: Sep 2010
Location: Wellington, New Zealand
Distribution: Slackware, Fedora, NetBSD
Posts: 1,071

Rep: Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725
Does this not contain the source you are seeking?

http://spi.dod.mil/docs/lps1.5.1_src.tar.bz2
 
Old 08-25-2014, 02:27 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Quote:
Originally Posted by Ulysses_ View Post
Any chance of changing this live CD with a little help from security experts here, as this is not just any trivial live CD but there are probably protections against messing with it and no sources?
You're lucky notKlaatu did your research for you: next time please put in some effort. More importantly should there have been any such protection then LQ would not have been the place to ask. Please be mindful of the LQ Rules.
 
Old 08-25-2014, 08:03 AM   #4
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,164

Original Poster
Rep: Reputation: 45
Searching for the sources would be like searching for the sources of Kaspersky antivirus. Surprisingly some sources are available, but it remains to be seen if the entire live CD can be built from them. The latter is a discussion for a site where all moderators have basic social skills and no psychological luggage, so feel free to close this topic too.
 
Old 08-25-2014, 09:48 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177Reputation: 3177
Personally, I didn't find this post "alarming."

Reading the web page, I see that the stated intent is:
Quote:
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed. The LPS family was created to address particular use cases: LPS-Public is a safer, general-purpose solution for using web-based applications.
Obviously, no one is terribly concerned about "reverse-engineering" a thing like this. What they obviously wanted was a "plug it in and boot it on anything, then reboot as-normal and nothing has changed" thing to carry with you.

Nice. Sure could be handy, say, on a hotel computer. I might make me a copy ... "my tax dollars at work."

Since the ISO has been updated very recently, I think that the thing to do, if you want changes such as different resolutions or keyboard layouts, is to contact the military group that's responsible for it. They even provide a web-address at the bottom of the page. Let them make the suggested changes, if they will.

Last edited by sundialsvcs; 08-25-2014 at 09:57 AM.
 
Old 08-25-2014, 04:42 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Let's emphasise once more that reverse-engineering (in the true sense of the word) or bypassing any copyright protection simply are NSFLQ, period.


Quote:
Originally Posted by Ulysses_ View Post
The latter is a discussion for a site where all moderators have basic social skills and no psychological luggage,
You'll have to do way better than that to get to me or any moderator on LQ ;-p
Still I suggest you leave that kind of demeanour at the door. For your own sake.
 
Old 08-25-2014, 05:47 PM   #7
notKlaatu
Senior Member
 
Registered: Sep 2010
Location: Wellington, New Zealand
Distribution: Slackware, Fedora, NetBSD
Posts: 1,071

Rep: Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725Reputation: 725
Quote:
Originally Posted by Ulysses_ View Post
Searching for the sources would be like searching for the sources of Kaspersky antivirus. Surprisingly some sources are available, but it remains to be seen if the entire live CD can be built from them.
What exactly are you trying to change? It is not exactly like a needle-in-a-haystack; there are known places for system settings to be set, so you can go in, find the config files that set a lot of the most common things, and then create your ISO.

If you are saying that that is too hard, then maybe just try a liveCD of any given distro, like Slax or Puppy; they both can be written to USB and set to load settings upon boot. My Slax image, which I carry on my keychain, is all set up the way I like it; I never have to set resolution or anything like that.

I have a friend who uses this DoD image for work. I do not use it but I have seen it in use and as far as I can tell, it does not offer anything that any other Linux distro offers aside from two things: some VPN tools specifically geared toward specific departments (but nothing you cannot set up yourself), and out-of-the-box support for thumbprint and some kind of security card scanning.

Nothing magical about it, so if looking through source code and config files is of no interest to you, just grab a live distro and start customising.
 
Old 08-25-2014, 09:07 PM   #8
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,299

Rep: Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958
I've already replied to a number of recent posts on this topic. You can somewhat easily add what you want to the distro.

The system as offered is a limited distro but quite capable. There isn't any "protection" on it. You can modify it. It is some version of a squashfs. It is a compressed glob of files. If you want to add to busybox then the easy way is to use alias. Otherwise you have to totally remaster busybox in that version. I've remastered a number of versions of that distro a few years ago. Neat little distro. Fast, runs on common stuff. Fun.

Last edited by jefro; 08-25-2014 at 09:11 PM.
 
Old 08-26-2014, 05:38 PM   #9
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,164

Original Poster
Rep: Reputation: 45
So you have been modifying live CD's without having the sources at all but just from the .iso's? This is the definition of reverse-engineering. And of course it is totally ethical as there is no commercial product here, nobody is losing any money. The product is not even freeware, it is open-source with no protection.

But when it is you doing the reverse-engineering, it is ok - you are not one of the targets of the resident bully like I am.

There are some crucial differences with this live CD that are uncommon in live CD's, and I have tried lots before settling to this one for my shopping, for example:
- by default it loads entirely into ram without any need to type bootcodes like "toram"
- this "toram" boot happens very fast because the o/s is so small
- it is deliberately minimal, only the essentials for browsing, a minimum attack surface
- the root account is disabled
- it cannot leave any traces on the hdd even if you download and execute a trojan
- firefox runs faster than in all current distro's that have the latest version of it that I know of (distros with old versions not a fair comparison and not secure anyway)
- firefox is configured with a very security-oriented set of addons like "https everywhere" etc
- firefox plugins are minimal and disabled by default
- the about:config has probably been fiddled with too for maximum security
- if anyone wants to discuss more security features it comes with, drop me a PM, because this is off-topic and would give the excuse for closing the thread, once again.

So what is the command to unpack the .iso to the level where you can edit the xorg.conf, and repack it?

Last edited by Ulysses_; 08-27-2014 at 05:14 PM.
 
Old 08-26-2014, 05:47 PM   #10
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,525

Rep: Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821
Quote:
Originally Posted by Ulysses_ View Post
So you have been modifying live CD's without having the sources at all but just from the .iso's? This is the definition of reverse-engineering.
If you have a tar file and add/remove some files from it, have you reverse-engineered anything? I would say no, even if you added/removed some executables that you don't have the source for. An iso is just a container file, not much different from tar conceptually. If you do define this as reverse-engineering, any WinZip user could be called a reverse engineer which is a bit ridiculous.
 
Old 08-26-2014, 05:52 PM   #11
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,164

Original Poster
Rep: Reputation: 45
If you unpack the .iso with any archiver you do not see the xorg.conf, it is far more involved than that.
 
Old 08-26-2014, 07:15 PM   #12
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4865Reputation: 4865Reputation: 4865Reputation: 4865Reputation: 4865Reputation: 4865Reputation: 4865Reputation: 4865Reputation: 4865Reputation: 4865Reputation: 4865
Quote:
Originally Posted by Ulysses_ View Post
If you unpack the .iso with any archiver you do not see the xorg.conf, it is far more involved than that.
No, it is not. Remastering an live-system that is delivered on a squashfs is basically this:
1. Mount the squashfs that contains the file-system and copy it to a work-directory.
2. Make your changes in the work directory.
3. Use squashfs tools to create a new squashfs from the work directory.
4. Use a tool like mkisofs to create a new ISO that contains your squashfs instead of the old one.
 
1 members found this post helpful.
Old 08-26-2014, 08:13 PM   #13
jefro
Moderator
 
Registered: Mar 2008
Posts: 19,299

Rep: Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958Reputation: 2958
What he said.

Did you use the search feature for other posts on this subject?
 
Old 08-27-2014, 04:18 PM   #14
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,164

Original Poster
Rep: Reputation: 45
I have asked before elsewhere, but didn't find anyone expert enough for this one and google searches for "edit a live CD" did not get far either.

Here's where it gets too hard: if you unpack the .iso with Archive Manager for gnome, you get the following directory structure:

Code:
isoUnpacked:
total 56
drwxrwx--- 1 root plugdev   480 Aug 27 23:10 .
drwxrwx--- 1 root plugdev 28672 Aug 27 23:12 ..
drwxrwx--- 1 root plugdev   344 Aug 27 23:10 boot
-rwxrwx--- 1 root plugdev  2048 Aug 27 23:10 boot.cat
drwxrwx--- 1 root plugdev   480 Aug 27 23:10 Docs
drwxrwx--- 1 root plugdev   488 Aug 27 23:10 EncryptionWizard
drwxrwx--- 1 root plugdev   256 Aug 27 23:10 InstallToUSB
drwxrwx--- 1 root plugdev   472 Aug 27 23:10 isolinux
-rwxrwx--- 1 root plugdev 24576 Aug 27 23:10 isolinux.bin

isoUnpacked/boot:
total 278133
drwxrwx--- 1 root plugdev       344 Aug 27 23:10 .
drwxrwx--- 1 root plugdev       480 Aug 27 23:10 ..
-rwxrwx--- 1 root plugdev        83 Aug 27 23:10 image.md5
-rwxrwx--- 1 root plugdev 281571328 Aug 27 23:10 initrd
-rwxrwx--- 1 root plugdev   3232160 Aug 27 23:10 vmlinuz

isoUnpacked/Docs:
total 5528
drwxrwx--- 1 root plugdev     480 Aug 27 23:10 .
drwxrwx--- 1 root plugdev     480 Aug 27 23:10 ..
-rwxrwx--- 1 root plugdev    5517 Aug 27 23:10 awards.html
-rwxrwx--- 1 root plugdev    4208 Aug 27 23:10 burn.html
-rwxrwx--- 1 root plugdev   21154 Aug 27 23:10 CHANGES.html
-rwxrwx--- 1 root plugdev  218989 Aug 27 23:10 EW_DS_20090615.pdf
-rwxrwx--- 1 root plugdev 2479472 Aug 27 23:10 ewmanual.pdf
-rwxrwx--- 1 root plugdev   50360 Aug 27 23:10 FAQ.html
-rwxrwx--- 1 root plugdev    1334 Aug 27 23:10 favicon.ico
-rwxrwx--- 1 root plugdev    8455 Aug 27 23:10 index.html
-rwxrwx--- 1 root plugdev   37976 Aug 27 23:10 LPS6_labels.pdf
-rwxrwx--- 1 root plugdev   43947 Aug 27 23:10 LPSD_labels.pdf
-rwxrwx--- 1 root plugdev  243913 Aug 27 23:10 LPS_DS.pdf
-rwxrwx--- 1 root plugdev  266250 Aug 27 23:10 LPS_DS_remote_access.pdf
-rwxrwx--- 1 root plugdev   43833 Aug 27 23:10 LPS_labels.pdf
-rwxrwx--- 1 root plugdev 1397646 Aug 27 23:10 lpsmanual.pdf
-rwxrwx--- 1 root plugdev  369018 Aug 27 23:10 lps_quick_start.pdf
-rwxrwx--- 1 root plugdev  424165 Aug 27 23:10 SPI_Brochure.pdf

isoUnpacked/EncryptionWizard:
total 3860
drwxrwx--- 1 root plugdev     488 Aug 27 23:10 .
drwxrwx--- 1 root plugdev     480 Aug 27 23:10 ..
-rwxrwx--- 1 root plugdev 1463292 Aug 27 23:10 encryptionwizard.jar
-rwxrwx--- 1 root plugdev 2479472 Aug 27 23:10 encryptionwizard.pdf
-rwxrwx--- 1 root plugdev    2284 Aug 27 23:10 Getting_Started_with_Encryption_Wizard_3.4.2.txt

isoUnpacked/InstallToUSB:
total 8
drwxrwx--- 1 root plugdev  256 Aug 27 23:10 .
drwxrwx--- 1 root plugdev  480 Aug 27 23:10 ..
drwxrwx--- 1 root plugdev  472 Aug 27 23:10 Support
-rwxrwx--- 1 root plugdev 5147 Aug 27 23:10 USBInstall.bat

isoUnpacked/InstallToUSB/Support:
total 632
drwxrwx--- 1 root plugdev    472 Aug 27 23:10 .
drwxrwx--- 1 root plugdev    256 Aug 27 23:10 ..
-rwxrwx--- 1 root plugdev 450560 Aug 27 23:10 HPUSBF.EXE
-rwxrwx--- 1 root plugdev   7680 Aug 27 23:10 IsAdmin.exe
-rwxrwx--- 1 root plugdev  98816 Aug 27 23:10 ssed.exe
-rwxrwx--- 1 root plugdev  82432 Aug 27 23:10 syslinux.exe

isoUnpacked/isolinux:
total 105
drwxrwx--- 1 root plugdev   472 Aug 27 23:10 .
drwxrwx--- 1 root plugdev   480 Aug 27 23:10 ..
-rwxrwx--- 1 root plugdev 20192 Aug 27 23:10 ifcpu.c32
-rwxrwx--- 1 root plugdev  1499 Aug 27 23:10 isolinux.cfg
-rwxrwx--- 1 root plugdev 18024 Aug 27 23:10 linux.c32
-rwxrwx--- 1 root plugdev 56292 Aug 27 23:10 menu.c32
-rwxrwx--- 1 root plugdev   325 Aug 27 23:10 nopae.cfg
-rwxrwx--- 1 root plugdev   123 Aug 27 23:10 product.txt
-rwxrwx--- 1 root plugdev   800 Aug 27 23:10 reboot.c32
Where's the squashfs of your instructions? That will reveal all files including xorg.conf?

Would the "toram" feature simply duplicate some dir structure from a tarball somewhere in the above dir structure? Or are the wanted files generated, not copied?

In other words, might xorg.conf be generated at boot time, based on some other configuration file that is yet to be identified?

What if resolution is chosen based on the detection of the display and its maximum resolution? Doesn't seem to detect mine though, how do I set the default resolution in that case?

That's why I think this is not trivial for the average visitor of this forum.

And crucially, if thinstation does things too differently from what you guys are familiar with and you have to discover its unknown config files for resolution and keyboard layout, can we then call it reverse-engineering? Of course we can.

But it is ethical, and it is not breaking any law either.

Last edited by Ulysses_; 08-27-2014 at 06:23 PM.
 
Old 08-27-2014, 07:03 PM   #15
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,525

Rep: Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821Reputation: 1821
We can infer from the size that all the good stuff is inside initrd:
Code:
-rwxrwx--- 1 root plugdev 281571328 Aug 27 23:10 initrd
initrd stands for initial ramdisk, which explains why you don't need to use the toram feature.

The format is probably a gzipped cpio archive, you can use the file command to check:
Code:
% file /boot/initrd.img-3.14-2-amd64 
/boot/initrd.img-3.14-2-amd64: gzip compressed data, last modified: Sat Aug  9 21:01:32 2014, from Unix
% gzip -dc /boot/initrd.img-3.14-2-amd64 | file -
/dev/stdin: ASCII cpio archive (SVR4 with no CRC)
The cpio command can be used to extract/modify it.

Here's a reasonable looking guide: How to change files in a initrd image

Quote:
can we then call it reverse-engineering? Of course we can.
You can call unpacking archive files reverse-engineering if you really want to, but I still won't.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: LPS Security 1.3.2 has been released! Live cd from department of defense LXer Syndicated Linux News 0 02-24-2012 04:30 AM
LXer: Lightweight Portable Security (LPS)-A Linux disto from the US Department of Defense LXer Syndicated Linux News 1 08-01-2011 01:02 PM
reverse engineering walterw Programming 3 01-18-2003 05:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration