Self-signed code signing certificates how to


Some setup and application executables need to be signed so that they are not flagged as a security risk by security software on Windows. Especially those that have virus-like behavior such as embedded executable resources that are extracted, and executed.

The following steps were performed on Windows, from the Developer Command Prompt installed by Visual Studio.

To generate self-signed certificate for code signing, run

makecert.exe -n CN=Test.org(Test) -r -h 0 -eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" -e 12/31/2017 -pe -sv Test.pvk Test.cer

Here’s a brief overview of the command line
-n subject name
-r create self-signed certificate
-h max height of tree below this cert
-eku comma separated enhanced key usage ids
-e expiration date
-pe private key is exportable
-sv private key file name

You may specify a password or leave it empty.

To convert self-signed certificate to PFX format for usage with SignTool, run

Pvk2Pfx -pvk Test.pvk -spc Test.cer -pfx Test.pfx

To use SignTool to sign an executable, run

SignTool sign /fd SHA256 /a /f Test.pfx filepath.exe

Install certificate (Test.cer) to local machine before running executable.Screen Shot 2017-02-23 at 09.17.03.png

Signing a Wix Toolset setup bundle

You cannot just sign the setup bundle executable and get it to work, because the embedded executable (engine.exe) remains unsigned and will be flagged as a security risk. Use the following steps to prepare setup bundle for installation without being flagged as a security risk.

First, detach the engine from setup as follows

insignia -ib setup.exe -o engine.exe

Sign engine.exe with your certificate using SignTool

SignTool sign /fd SHA256 /a /f Test.pfx engine.exe

Re-attach the signed engine.exe to the bundle

insignia -ab engine.exe setup.exe -o setup.exe

Sign setup.exe with your certificate

SignTool sign /fd SHA256 /a /f Test.pfx setup.exe

Retrieve OAuth 2.0 authorization code using JavaFX WebView


This post documents a snippet of code that can be added to Browser class in JavaFX WebView sample, to extract OAuth 2.0 authorization code.

Assuming you’ve configured WebView’s WebEngine to load the authorization URL, the authorization service will redirect you to the redirect_uri specified in the authorization URL, after a user logs in successfully. It will pass along the code parameter, that can be extracted as follows

JSON syntax highlighting in ScintillaNET


I am studying the excellent ScintillaNET code editing component, to enable basic JSON editing in a .NET application.

Inspired by the C# code highlighting example, here’s the code snippet to enable basic JSON syntax highlighting

net-scintilla-json.png

Run Buildroot on Ubuntu with Docker


Follow the getting started to install Docker. I prefer using Docker in the PowerShell prompt on Windows 10.

To download ubuntu image, and start a new container with bash shell

docker run -it ubuntu bash

From another command prompt, run the following to find container id

docker ps -l

Add the -a option to see all containers, even those that are stopped.

To exit bash shell and stop container, type exit. To return to the container created earlier

docker start container_id
docker attach container_id

Hit enter once or twice to see the bash shell.

Update apt-get package cache

apt-get update

You should now be able to search for and install your favorite missing tools

apt-cache search wget
apt-get install wget

Obtain and untar Buildroot

wget https://buildroot.org/downloads/buildroot-2016.11.2.tar.gz
tar xvzf buildroot-2016.11.2.tar.gz

Install other core dependencies

apt-get install patch cpio python unzip rsync bc bzip2 ncurses-dev git g++

docker-ubuntu-windows-10.PNG

Go ahead and build your Linux system.

Analyzing iBeacon traffic using nRF BLE Sniffer


I’ve been troubleshooting iBeacons lately, and Bluetooth LE Sniffer from Adafruit is my go-to tool for sniffing Bluetooth LE (BLE) traffic such as iBeacon advertisements. iBeacon detection can vary a lot depending on advertisement interval and timing, and signal strength and its variance with distance, line of sight (or lack thereof), interference with other iBeacons etc.

nRF Sniffer software captures all BLE traffic in libpcap format that can be viewed in Wireshark. Its Wireshark dissector has fallen behind and does not work with latest version of Wireshark. Since I have written Wireshark dissectors in Lua before, I was quickly able to port the native dissector to Lua.

Here’s an iBeacon advertisement dissected using the nordic_ble Lua dissector, and Wireshark’s native btle dissector, on OS X. Note that iBeacon payload proprietary to Apple is not yet decoded by Wireshark’s btle dissector.

btle_adv_ind.png

Using data from the packet shown above, Apple’s proprietary payload has the following format

02 - ID
15 - Length (21 bytes)
3aa46f0c80784773be800255132aefda - 128-bit UUID
e4f2 - major number
e4c1 - minor number
b6 - two's complement of calibrated TX power

A filter such as btcommon.eir_ad.entry.data contains e4:f2:e4:c1 can be used to filter packets based on major and minor numbers.

NXP NTAG I2C NFC Forum tag with Bus Pirate


In this post, I use a Bus Pirate v4.0 to interact with an NXP NTAG I2C NFC Forum tag, over the latter’s I2C interface.

Connect Bus Pirate to the tag board as follows

  CLK ↔ SCL
 MOSI ↔ SDA
+3.3V ↔ VCC
  GND ↔ GND
  Vpu ↔ VCC

Transition to I2C mode, in hardware, clock rate of 100KHz

HiZ>m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. 2WIRE
7. 3WIRE
8. KEYB
9. LCD
10. PIC
11. DIO
x. exit(without change)

(1)>4
I2C mode:
 1. Software
 2. Hardware

(1)>2
Set speed:
 1. 100KHz
 2. 400KHz
 3. 1MHz
(1)>1
Ready

Enable power

I2C>W
POWER SUPPLIES ON

Enable pull-ups (the board does not come with any)

I2C>P
Pull-up resistors ON

Search for address of tag device

2C>(1)
Searching I2C address space. Found devices at:
0xAA(0x55 W)

Read one 16-byte block at 0x00 containing serial number et al

2C>[0xAA 0x00][0xAB r:16]
I2C START BIT
WRITE: 0xAA ACK
WRITE: 0x00 ACK
I2C STOP BIT
I2C START BIT
WRITE: 0xAB ACK
READ: 0x04  ACK 0x47  ACK 0x91  ACK 0x52  ACK 0x56  ACK 0x40  ACK 0x80  ACK 0x00  ACK 0x44  ACK 0x00  ACK 0x00  ACK 0x00  ACK 0xE1  ACK 0x10  ACK 0x6D  ACK 0x00
NACK
I2C STOP BIT

Read specified (i.e. 0x00) session register (address 0xFE) byte

I2C>[0xAA 0xFE 0x00][0xAB r]
I2C START BIT
WRITE: 0xAA ACK
WRITE: 0xFE ACK
WRITE: 0x00 ACK
I2C STOP BIT
I2C START BIT
WRITE: 0xAB ACK
READ: 0x01
NACK
I2C STOP BIT

I2C with Bus Pirate v4.0 on Windows 10


In this post, I learn to use a Bus Pirate v4.0 to retrieve raw linear acceleration data from a Tilt Compensated Compass Breakout (LSM303DLMTR), over the I2C bus (also referred to as TWI – two wire interface).

I’ve had a Bus Pirate v4.0 for three years now, but it has seen limited use because I’ve never really paused to use it in earnest.

I first used it on Windows 8 which had pretty stringent requirements for installing unsigned drivers, that I circumvented using a self-signed driver. Fortunately, Windows 10 does not require any driver installation.

The only thing you need to start using the Bus Pirate is a terminal emulation software such as Tera Term.

tera-term-bus-pirate.png
Tera Term version 4.93

Once you have Tera Term installed and connected to Bus Pirate’s serial port, you can start using the latter’s command line interface to issue commands.

To view help information

HiZ>?
General                                 Protocol interaction
---------------------------------------------------------------------------
?       This help                       (0)     List current macros
=X/|X   Converts X/reverse X            (x)     Macro x
~       Selftest                        [       Start
o       Set output type                 ]       Stop
$       Jump to bootloader              {       Start with read
&/%     Delay 1 us/ms                   }       Stop
a/A/@   AUXPIN (low/HI/READ)            "abc"   Send string
b       Set baudrate                    123     Send integer value
c/C/k/K AUX assignment (A0/CS/A1/A2)    0x123   Send hex value
d/D     Measure ADC (once/CONT.)        0b110   Send binary value
f       Measure frequency               r       Read
g/S     Generate PWM/Servo              /       CLK hi
h       Commandhistory                  \       CLK lo
i       Versioninfo/statusinfo          ^       CLK tick
l/L     Bitorder (msb/LSB)              -       DAT hi
m       Change mode                     _       DAT lo
e       Set Pullup Method               .       DAT read
p/P     Pullup resistors (off/ON)       !       Bit read
s       Script engine                   :       Repeat e.g. r:10
v       Show volts/states               ;       Bits to read/write e.g. 0x55;2
w/W     PSU (off/ON)            <x>/<x= >/<0>   Usermacro x/assign x/list all

To run a self test (connect ADC to +3.3V)

HiZ>~
Disconnect any devices
Connect (ADC to +3.3V)
Space to continue
Ctrl
AUX OK
MODE LED OK
PULLUP H OK
PULLUP L OK
VREG OK
EEPROM
SCL OK
SDA OK
WP OK
READ&WRITE OK
ADC and supply
Vusb(5.03) OK
5V(5.02) OK
5V VPU(4.89) OK
ADC(3.25) OK
3.3V(3.22) OK
3.3V VPU(3.23) OK
Bus high
MOSI OK
CLK OK
MISO OK
CS OK
Bus Hi-Z 0
MOSI OK
CLK OK
MISO OK
CS OK
Bus Hi-Z 1
MOSI OK
CLK OK
MISO OK
CS OK
MODE, VREG, and USB LEDs should be on!
Any key to exit
Found 0 errors.

Use the m command to select I2C mode

HiZ>m
1. HiZ
2. 1-WIRE
3. UART
4. I2C
5. SPI
6. 2WIRE
7. 3WIRE
8. KEYB
9. LCD
10. PIC
11. DIO
x. exit(without change)

(1)>4
I2C mode:
1. Software
2. Hardware

(1)>2
Set speed:
1. 100KHz
2. 400KHz
3. 1MHz
(1)>1
Ready

Since the breakout is being powered using Bus Pirate, here’s how to disable/enable power output

I2C>w
POWER SUPPLIES OFF
I2C>W
POWER SUPPLIES ON

To check output voltages and I/O state

I2C>v
Pinstates:
#12     #11     #10     #09     #08     #07     #06     #05     #04     #03     #02     #01
GND     5.0V    3.3V    VPU     ADC     AUX2    AUX1    AUX     -       -       SCL     SDA
P       P       P       I       I       I       I       I       I       I       I       I
GND     5.02V   3.28V   0.00V   0.00V   L       L       L       L       L       L       L

To find the address of all devices in the breakout connected to the I2C bus, we can use Bus Pirate’s address search macro. Here’s how you can list all available macros, and run the address search macro

I2C>(0)
0.Macro menu
1.7bit address search
2.I2C sniffer
3.Connect to on-board EEPROM
4.Enable Writing the on-board EEPROM
I2C>(1)
Searching I2C address space. Found devices at:
0x30(0x18 W) 0x31(0x18 R) 0x3C(0x1E W) 0x3D(0x1E R)

For curiosity’s sake, here’s a partial waveform of the I2C bus when doing address search, analyzed using Saleae’s Logic Analyzer

logic-bus-pirate-i2c-macro.png
Address search waveform in Saleae Logic

Now that we know the address of the linear accelerometer (0x18), here’s how we can read register CTRL_REG1_A (note repeated START)

I2C>[0x30 0x20 [ 0x31 r]
I2C START BIT
WRITE: 0x30 ACK
WRITE: 0x20 ACK
I2C START BIT
WRITE: 0x31 ACK
READ: 0x07
NACK
I2C STOP BIT

I configure the breakout to normal (power) mode by writing to register CTRL_REG1_A (address 0x20), and read it back

I2C>[0x30 0x20 0x27]
I2C START BIT
WRITE: 0x30 ACK
WRITE: 0x20 ACK
WRITE: 0x27 ACK
I2C STOP BIT
I2C>[0x30 0x20 [ 0x31 r]
I2C START BIT
WRITE: 0x30 ACK
WRITE: 0x20 ACK
I2C START BIT
WRITE: 0x31 ACK
READ: 0x27
NACK

Here’s how to make use of the autoincrement bit in register address, to read registers STATUS_REG_A (address 0x27) through OUT_Z_H_A (0x2D), in one go

I2C>[0x30 0xa7 [ 0x31 r:7]
I2C START BIT
WRITE: 0x30 ACK
WRITE: 0xA7 ACK
I2C START BIT
WRITE: 0x31 ACK
READ: 0xFF  ACK 0xA0  ACK 0xF9  ACK 0x30  ACK 0x05  ACK 0xF0  ACK 0xC2
NACK
I2C STOP BIT

Read WHO_AM_I_M register (address 0x0F)

I2C>[0x3c 0x0f [ 0x3d r]
I2C START BIT
WRITE: 0x3C ACK
WRITE: 0x0F ACK
I2C START BIT
WRITE: 0x3D ACK
READ: 0x3C
NACK
I2C STOP BIT