Tag Archives: debug

OS X: nvram options

How to disable options:
sudo nvram -d

sudo nvram SystemAudioVolume=%80
This command will disable startup (power on) sound

Next part of article from https://www.cnet.com/news/boot-argument-options-in-os-x/
When you boot a Mac system you have the option to supply keyboard commands at startup to boot the system to alternate environments. For instance, a common option is to hold the Shift key to boot to Safe Mode, but you can also hold Command-V for verbose mode (a text output of items as they load), or Command-S for Single User mode, which drops you to the command line as the «root» user so you can perform troubleshooting tasks.

In addition to keyboard commands at startup, you can use the «nvram» terminal command to set a number of different boot options, which might be useful when troubleshooting your Mac. Apple's machines have a number of hidden boot options that you can use, though do keep in mind that most of these are for troubleshooting purposes and will only be useful to programmers.

sudo nvram boot-args="-v"
This command will set the system to always boot to Verbose mode, so you do not have to hold Command-V at startup.

sudo nvram boot-args="-x"
This command will have the system always boot into Safe Mode.

sudo nvram boot-args="-s"
This command will boot the system into Single User mode without needing to hold Command-S at startup.

sudo nvram boot-args="iog=0×0"
This reverses the «Clamshell» mode for Apple's laptop systems, where when you close the display but connect the system to an external monitor and keyboard the system will stay awake. After running this command, when connecting an external monitor, the internal display will be disabled, which can be beneficial in some situations such as those where you are mirroring your desktop but wish to run the external display at a higher resolution than your laptop can run.

sudo nvram boot-args="debug=0×144"
This is a combination of kernel debugging features that will show you extra information about the kernel's processes, which can be exceptionally useful if a system is experiencing kernel panics. Another option is to use debug=0x14e, which will display even more logging options. The primary use for this is that it enables old-style kernel panics that show scrolled text on the screen about why the system panicked, instead of displaying the gray backdrop and the message to merely restart your system. Alternative debug options are the following, though these will likely only be useful to kernel programmers:

0×01 — Stop at boot time and wait for the debugger to attach
0×02 — Send kernel debugging output to the console
0×04 — Drop into debugger on a nonmaskable interrupt
0×08 — Send kernel debugging information to a serial port
0×10 — Make ddb the default debugger
0×20 — Output diagnostics information to the system log
0×40 — Allow the debugger to ARP and route
0×80 — Support old versions of gdb on newer systems
0×100 — Disable the graphical panic dialog screen

sudo nvram boot-args="arch=x86_64"
On Snow Leopard system, even though a 64-bit kernel is available, the system boots to the 32-bit one by default. This command will change this so the system always boots to the 64-bit kernel. To change systems to always boot to a 32-bit kernel, replace the «x86_64» section of the command with «i386.» In some instances, third-party kernel extensions might be 32-bit or 64-bit only, which will require booting to the respective kernel type in order to load.

sudo nvram boot-args="maxmem=32"

Limits the addressable memory to the specified amount, which in this case is 32GB. This is another one of those that is likely only useful to programmers. Without it, the system sets the memory limit to either the maximum that the hardware can address, or to the amount that is installed.

sudo nvram boot-args="cpus=1"
Limits the number of active processors in the system to the set level. Apple's developer tools have an option to enable or disable some of the CPUs on the system, but you can do this manually by running this command and specifying the number of CPU cores to use. In some cases, such as with laptop systems, this might help preserve power, though is likely not useful for much else unless you are testing and programming.
With these options you can set them individually by running the above commands one at a time, or you can combine them if needed. For instance, to set the system to boot into Safe Mode and verbosely show items as they load during startup, you can either run both of the commands listed above to do this, or you can simply combine them into the following command:

sudo nvram boot-args="-x -v"

To disable these features and have the system boot normally without any extra options, you can erase them from the nvram by either resetting it or, more specifically, by running either of the following commands in the Terminal (these will reset the boot arguments instead of resetting all the nvram variables):

sudo nvram boot-args=""
sudo nvram -d boot-args

PS: Detailed article https://osxeon.wordpress.com/2015/08/10/boot-argument-options-in-os-x/

How to install/change SSL/TLS certificate

How to add new SSL/TLS certificate

If you need to set up HTTPS, you will need a new SSL/TLS certificate:
1. following information which is needed for certificate request (CSR):

    Country Name (2 letter code)
    State or Province Name (full name)
    Locality Name (eg, city)
    Organization Name (eg, company)
    Organizational Unit Name (eg, section)
    Common Name (e.g. server FQDN or YOUR name)
    Email Address
    you can get FQDN from your serving hostname/domain.

2. Generate a private key and certificate request:

openssl req -out cert.csr -new -newkey rsa:2048 -nodes -keyout cert.key

3. buy certificate using generated csr.
4. Add certificate for expiration monitoring (if you have monitoring).
5. setup it to your server

How to install/change SSL/TLS certificate

1. If you received .pfx file, use the following command to decode it:

openssl pkcs12 -in domain.pfx -out certificate -nodes

This will write both private key and certificate in certificate file.
2. You should get about 4 files:

    domain-name.crt — X.509 certificate file
    domain-name.csr — X.509 certificate request file
    intermediate.crt — X.509 certificate file of intermediate (proxy) level
    domain-name.key — RSA private key file for certificate

3. Check that files compatible:

openssl rsa -noout -modulus -in cert.key
openssl req -noout -modulus -in cert.csr
openssl x509 -noout -modulus -in cert.crt

All files should have the same modulus.
4. Check dates for new certificate:

openssl x509 -noout -dates -in cert.crt

5. Check that domain and intermediate certificate are compatible:

openssl verify -CAfile intermediate.crt domain-name.crt
domain-name.crt: OK

If you have several intermediate certificates, put them into one intermediate.crt file.
6. Create chain certificate file:

cat domain-name.crt intermediate.crt > cert.crt

Remember that first certificate should be for desired domain and intermediate goes after.
7. Put cert.crt and cert.key into server's ssl folder
8. restart web-server
9. Check that certificate updated successfully:

openssl s_client -connect domain.name:443 2>/dev/null < /dev/null | openssl x509 -noout -dates

Checking for missing intermediate certificate

if your browser says that site is untrusted and you get the following error:

openssl s_client -connect display.intencysrv.com:443 -showcerts
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = display.intencysrv.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = display.intencysrv.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = display.intencysrv.com
verify error:num=21:unable to verify the first certificate
verify return:1

than you probably missing intermediate certificate. Find it in Google, check that it's compatible and install (see 4-5 upper). You can check remotely that downloaded intermediate certificate is compatible:

openssl s_client -connect domain.name:443 -CAfile ca.crt

Apache supports bundled certificates starting from 2.4.8. If you using Apache prior this version you might get a message about a missing intermediate certificate.

How to use LD_PRELOAD for cracking applications

How to use LD_PRELOAD for cracking applications.

using namespace std;

int main()
  char *pre_pass = "a382fbe8e8f087352e250561d724c0a";
  char *salt =     "1qazxcvfdswer435tgbnhy67ujmkdfg";
  char pass[32];
  for(int i = 0; i < 32; i++)
    int a = pre_pass[i];
    int b = salt[i];
    int c = (a + b)/2;
    pass[i] = c;
  char user_input[32];
  cout << "Enter your password's md5 hash for enter to root access level" << endl;
  cout << "> ";
  cin >> user_input;
  if ( strncmp( pass, user_input, 32)==0 )
      cout <<  "Secret is " << pass << endl;
      cout << "Access denied, fucking looser" << endl;
  return 1;

Compile it with g++:
g++ test.cpp -o test

try to get pass ^_^

Enter your password's md5 hash for enter to root access level
> asd
Access denied, fucking looser

How to hack it ? LD_PRELOAD is answer!

Let's take a look at code, we see that we have to get zero in the return value of strncmp, let's do it !

int strncmp(const char * string1, const char * string2, int num )
return 0;

compite it with gcc:
gcc -Wall -O2 -fpic -shared -ldl -o strncmp_lib.so strncmp_lib.c

and run:
LD_PRELOAD="./strcmp_lib.so" ./test

Enter your password's md5 hash for enter to root access level
> asd
Secret is IRLVobmOdUnJU535SfJQLW64lPOOcKd