>Daniel's Homepage

Posts

My posts about programming and things.
Date format is day/month/year because I'm sane.

prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 next

Obtaining confidential information on other students in TAFE SA's Force system

9/2/2018

During the month of January 2018 I enrolled for a certificate in the South Australian branch of TAFE. Later in the month I was accepted a position and swiftly pointed to a website to create an account and fill in various pieces of private and confidential information. The website was built on the Salesforce platform.

The site itself was interesting. On the surface it appears to be a forum platform including post/comment counts, followers, a complete profile to edit (including avatar) and other forum-esque features, however at least to the unprivileged user, completely locked down. We were informed that this website is how we will retrieve, submit and keep track of our work, reminiscent of Moodle. Currently I am able to upload files and manage them, however nothing else is public facing. Here is how the site looks to me currently (sitting on my profile page):



After playing around with the site for a little while as I do with any new service I use I stumbled upon a 404 page that is entirely not themed after the rest of the Force website:



This page appears to be a default Salesforce page. On the left side, a couple of interesting links appear. One of these links goes to one of the TAFE SA Force owners profile page. Nothing considerably interesting is found there, however the other link of interest proved to be something more.

The link pointed to a page located at "/community/s/detail/00X0X0000XXXXXX", This page held every piece of confidential information I provided when first signing up. This data included my full name, home address, mobile/home phone number, email address, employment status, education history, VET loan status and other confidential pieces of information. Disturbingly, this page also contains a widget and link that points Google maps to my house. Here is an image of the page and confidential information it contains (open the image to view it larger):



Interestingly, I have the ability to email myself, edit my information and clone the information(?). Every piece of information on the page I could edit. Cool, but mostly pointless, except that clone feature, what does that do? It seems like it allows me to clone my information into a separate entry of which I had complete ownership over. This could be an issue if spammed, but nothing worth complaining about.

While playing around with this page I decided to increment the last alphanumeric character in the URL, and to my surprise a profile appeared. Except this profile wasn't my own and was of another student. All of the information that was available on my page was available on this page as well. Their phone numbers, email address, home address, employment status, all there visible for me - I even had the permission to edit and clone this account. Now, this is problematic and worth complaining about on its own. But it didn't stop there, further incrementing of the last URL character took me to other profiles, going back a character and altering that let me access other profiles. The results were not always consistent, and I didn't spend that much time playing around, however the fact I had access to view and alter this information was appalling. Just to mention it again, these pages had Google map links to the students houses.

I swiftly reported this issue and it was fixed the following Monday (This was reported on a Saturday). While not a particularly entertaining or thrilling story, it goes to show just how poorly some companies and institutions handle information security. Something this simple may be easy to overlook and have incorrect default permissions in place, however the response I received hinted at them not knowing one was able to access their own information, let alone that of other students.


URL handle script that may be useful to some

1/2/2018

I've been using st as my terminal for a number of months now utilising the externalpipe patch along with the recommended open url handler. However, this url handler has always been inconsistent with selecting the appropriate application to spawn, so I created my own. It's extremely simple by design, but so far works great.

urlopen is available on git.


HorribleSubs RSS client for easy anime downloading

20/1/2018

To dip my feet back into C++/Qt I've created a simple RSS client for the HorribleSubs fansub group. The client parses their latest 720p (configurable) RSS feed for anime magnet download links and places the downloads all into a list. Using the checkboxes provided you select the torrents you want and press 'get'. The application then spawns your torrent client (in this case transmission) feeding it the magnet links.

The source code is available on git.

ui example


8085 assembly #5: Task #4

17/1/2018

Task 4 is a subroutine implementation of multiplication. In addition of using a subroutine the program uses a list which is a defined portion of memory you can address. The subrotuine requires three bytes of memory - a byte for the multiplicand, multiplier and a storage byte for the result. The comments as always are very helpful if you're trying to understand it.

; CALLING A ROUTINE AND PREPARE A MEMORY ADDRESS
; ROUTINE WILL REQUIRE 3 BYTES FIRST NUMBER -> SECOND NUMBER -> RESULT STORAGE
; ROUTINE WILL MULTIPLY M WITH M+1 AND STORE RESULT IN M+2

JMP START
			; DEFINE A LIST TO STORE OUR REQUIRED BYTES
			; DB = DEFINE BYTE
			; DS = DEFINE STORAGE. OPERAND IS NUMBER OF BYTES
MULTI1:	DB 05H		; MULTIPLICAND
	DB 03H		; MULTIPLIER
	DS 01H		; RESERVES "ONE BYTE OF STORAGE
START:	LXI H,MULTI1	; LOAD HL AS POINTER TO MULTI1 LIST MEMORY ADDRESS
	MVI A,0		; CLEAR A
	MOV D,M		; STORE MULTIPLICAND IN D
	INX H		; INCREASE MEMORY POINTER TO GET MULTIPLIER
	MOV E,M		; STORE MULTIPLIER IN E
	MVI C,00H	; COUNTER SET TO 0
	CALL MULT	; CALL MULTIPLY FUNCTION
	INX H 		; INCREASE MEMORY POINTER TO RESULT STORAGE
	MOV M,A		; STORE RESULT
	HLT		; HALT
MULT:	MOV B,A		; STORE A
	MOV A,C		; MOVE COUNTER INTO A
	CMP E		; COMPARE MULTIPLIER TO COUNTER
	MOV A,B		; MOVE B STORAGE BACK INTO A
	RZ		; RETURN IF ZERO FLAG SET (COUNTER == MULTIPLIER)
	INR C		; INCREASE COUNTER
	ADD D		; ADD MULTIPLICAND TO A
	JMP MULT	; JUMP TO MULT

8085 assembly #4: Task #3

9/1/2018

Excercise 3 is a simple yet important one. Jumping around code like a 'goto' statement in C isn't always the best way to go about doing things. The difference between jumping and calling is when you jump, the program never returns to the instruction after the jump, instead it flows on from that memory location. With a call to a subroutine you are able to 'RET' (return) either on condition or unconditionally. This is very similar to a function call in C. This program is a simple counter that utlises a subroutine call.

; CALL ACTS LIKE A FUNCTION CALL IN C, A SUBROUTINE
; CALL COUNT AND COUNT TO C FROM B
JMP START

START:	MVI B,00H	; COUNT FROM 0
	MVI C,05H	; COUNT TO 5
	MOV A,B		; COUNT FROM B
	CALL CNT	; CALL COUNT SUBROUTINE
	HLT		; HALT
CNT:	CMP C		; COMPARE C TO A
	RZ		; RETURN IF C==A
	INR A		; A++
	JMP CNT		; LOOP

8085 assembly #3: Task #2

8/1/2018

For excercise 2 and a few in the future I wanted to focus on implementing basic math functions. This task focuses on multiplication. Multiplication is nothing more than repeated addition, so, when broken down it's really quite simple. This implementation focuses on a two number operation, you need a multiplicand and a multiplier. In my program N1 stores the multiplican, N2 the multiplier. The steps to achieve N1*N2 are simple, add N1 to itself N2 times. I do not determine which number is bigger and reduce the number of iterations, although this may be a task for another day.

I produced two versions of todays task. The first is longer and over complicated, the second more simple and shorter. After I completed version #1 I realised a few things I could change and came up with version #2.

In particular I realised using a branching instructor is not the only way to determine if a number is zero, the status flags are in fact set when I do my DCR (decrement) operation. So the second interation does that, which saves a few lines of instructions (storing A, putting 00H in its place, comparing it to C and loading the original A back).

Iteration #1

; MULTIPLY TWO NUMBERS TOGETHER, STORE IN MEMORY AT 00H
; MULTIPLICATION IS NOTHING MORE THAN REPEATED ADDITION

JMP START
N1: EQU 05H		; MULTIPLICAND
N2: EQU 03H		; MULTIPLIER
N3: EQU 00H		; MEMORY LOCATION TO STORE RESULT
START:	LXI H,N3	; H AS MEMORY POINTER TO OUTPUT LOCATION 00H
	MVI C,0 	; CLEAR C
	MOV B,C		; CLEAR B
	MOV A,B		; CLEAR A
	MVI C,N2	; MOVE N2 INTO C, THIS IS OUR COUNTER
ADD:	MOV B,A		; STORE A IN B
	MVI A,00H	; STORE 00H IN A
	CMP C		; COMPARE C TO A	
	MOV A,B		; PUT B BACK INTO A
	JZ END		; IF C == 0 JUMP TO END
	ADI N1		; ADD N1 TO A
	DCR C		; DECREMENT C
	JMP ADD		; JUMP TO ADD
END: 	STA N3		; STORE A
	HLT		; HALT
Iteration #2 (the better way)
; MULTIPLY TWO NUMBERS TOGETHER, STORE IN MEMORY AT 00H
; MULTIPLICATION IS NOTHING MORE THAN REPEATED ADDITION

JMP START
N1: EQU 05H		; MULTIPLICAND
N2: EQU 03H		; MULTIPLIER
N3: EQU 00H		; MEMORY LOCATION TO STORE RESULT
START:	LXI H,N3	; H AS MEMORY POINTER TO OUTPUT LOCATION 00H
	MVI C,0 	; CLEAR C
	MOV A,C		; CLEAR A
	MVI C,N2	; MOVE N2 INTO C, THIS IS OUR COUNTER
ADD:	ADI N1		; ADD N1 TO A
	DCR C		; DECREMENT C
	JNZ ADD		; IF C == 0 JUMP TO END
	STA N3		; STORE A IN MEMORY AT N3
	HLT		; HALT

8085 assembly #2: Task #1

7/1/2018

For my first task/learning excercise I wanted to start learning about using memory. To do this I came up with a simple goal: add the numbers together in memory from the memory location 0x00 until the first 0x00 byte is read. While a simple task in a language I am use to like C, I found it difficult to picture how I should control the registers to store and move around the bytes.

The final code to achieve this task (memory filled in manually inside the simulator):

; ADD NUMBERS IN MEMORY 00H -> NEXT 00H BYTE, STORE RESULT IN C

JMP START
START:	LXI H,00H	; HL AS MEMORY POINTER
	MVI C,00H	; CLEAR C
	MOV B,C		; CLEAR B
NEXT:	MOV A,M		; SET ACCUMULATOR TO VALUE AT MEMORY ADDRESS
	CPI 00H		; COMPARE ACCUMULATOR WITH 00H
	JZ END		; JUMP IF ZERO
	INX H		; INCREASE POINTER
	JMP SAVE	; JUMP TO SAVE
SAVE:	MOV B,A		; STORE ACCUMULATOR IN B
	MOV A,C		; MOVE C INTO ACCUMULATOR
	ADD B		; ADD B
	MOV C,A		; STORE NEW ADDED VALUED IN B
	MVI A,00H	; CLEAR ACCUMULATOR
	MOV B,A		; CLEAR B
	JMP NEXT	; NEXT BYTE
 END:	HLT		; HALT

8085 assembly #0

4/1/2018

Recently I have been interested in assembly programming after coming across a new series of videos on the r/programming subreddit by Davy Wybiral (you can find the series here). In which, he focuses on x86 assembly using NASM. Using this and after personal research, in particular this x86 introduction series (namely the first day/part), my interest was peaked and I began playing around with simple 'hello world' programs. However I was finding it difficult to grasp the basic concepts, I had to try something different, a simpler architecture.

I was interested heavily in having an all in one compiler, editor, debugger, memory/register/stack viewer. The IDE also had to be completely open source and free software. I began looking for something that would meet these criteria. I quickly came across a simulator named GNUSim8085 (you can find the projects website here). This particular simulator and all-in-one IDE simulates the Intel 8085 micro processor, an 8-bit processor designed in 1977. After minor experimentation and researching the 8085 processor, I settled on learning and becoming comfortable with this IDE and eventually the instruction set. Meanwhile, I still have not completely grasped the assembly basics, however that will resolve itself over time.

Using the included example projects, heavily referring to an 8085 instruction set listing and other various resources found online, I began experimenting and slowly started understanding the basic concepts behind assembly languages.

Currently, I am able to produce very basic programs using some of the most basic instructions (mov, add, jmp, cmp etc), an example program I am able to write and understand is a simple countdown.

; COUNT DOWN FROM TOSTART -> TOEND

TOSTART: EQU 0AH	; HEX 10 TO START COUNTDOWN FROM
TOEND: EQU 00H		; HEX 0 TO COUNT DOWN TO

JMP START		; JUMP TO START

START:	MVI A,TOSTART	; MOVE TOSTART INTO ACCUMULATOR
	MVI B,TOEND	; MOVE TOEND INTO REGISTER B
LOOP:	CMP B		; COMPARE REGISTER TO ACCUMULATOR
	JZ END		; JUMP TO END IF ZERO FLAG SET
	DCR A		; DECREMENT A
	JMP LOOP	; JUMP BACK TO LOOP

END: HLT		; HALT EXECUTION
I hope to continue these posts as I further my understanding and abilities in 8085 assembly.

some changes

24/12/2017

I'm back home now, feeling better than ever with more motivation to move on with life. 2018 is the year, I just know it. Let's hope it goes to plan.

As for website changes, I have altered the theme a bit, added a gray box to hold the page content and increased the left and right padding to focus the text more.

My IRC server is now running miniircd, a small simple IRC server written in python. I am maintaining my own fork here in order to add features I desire and change things up. You can connect via irc.danieljon.es port +6697 (SSL only). I hang out in #bukkake (not my choice in names).

Here's to another year.


git and cgit

25/11/2017

For a while at least i'm experimenting using git and cgit locally in order to replace GitHub. You can check out the repos I have transitioned here.


prev 1 2 3 4 5 6 7 8 9 10 11 12 13 14 next




RSS feed
FSF member

page generated 1/12/2024 using websitegenerator in C