Weekly security week wrapup 23 and 24

It’s been two weeks since the weekly security wrapup, which makes ‘weekly’ a rather week term. Lots of excuses I could utter, but they’re all saying: “been busy”, which is another way of saying “I decided that other things were more important to do”. However, here we go again.

Cheap GPUs are breaking passwords faster

Obviously, they’re good at doing stupid things fast(er), and cracking passwords is about the stupidest task possible for a computer. However, for some of the strong stuff out there, like truecrypt, it does not really matter.  Truecrypt, for instance, has a rather slow initialization routine, which takes about 10ms on an average processor, which means you can check 100 passwords/sec. If a CUDA implementation were to increase that 1 million times (10^6), you can check 10^8 passwords per second. But if you have a 10 char password (upper/lower/digits), there are roughly 10^17 possibilities. Checking 10^8 passes/s means it takes 10^17/10^8/2 ~= 10^8 seconds. Which is another way of saying 76 years. That’s longer than the average time it takes for a disk to disintegrate by itself, last time I checked. Still, using CUDA to speed things up is quite cool.


Mac Reversing: Starter’s guide

I’ve found this article on (OSX) malware analysis for beginners. It talks you through the beginning of using IDAPro and how to start analysing it. It’s excellent, but you need to keep paying attention, or you loose track quite easily.


Electric car trouble

And we’re not talking about the trouble you have driving your new electric Nissan Leaf and looking for a place to have lunch, dinner and a nap before your car is charged up. No, we’re talking about the car’s builtin firmware’s RSS reader telling all servers your current location, speed and whether you have the aircon on. That’s not funny.


Building boost on Mac OS X 10.6 with XCode 3.2

Getting boost to build in ‘fat binaries’ is a pain when you’ve just switched to XCode 3.2. Switching to XCode 3.2 is somewhat obligatory, because that also brings you the SDK for Mac OS X 10.6, aka Snow Leopard. And when you run the Snow Leopard, you want the SDK for it as well. It sounds so simple.

The Apple version of gcc, included in XCode, stops building boost in fat versions, it works for targeted versions (i.e. with only one architecture). But, if you want to build ‘universal’ binaries that work in 64bit and 32bit mode, you’re out of luck.

I got it to build this morning, thanks to some discussions on the boost mailing list. And it == boost 1_40_0, with XCode 3.2 on Snow Leopard.

This is the command-line I used:

bjam --build-dir=../boost_build --layout=versioned toolset=darwin architecture=combined address-model=32_64 link=shared,static install

And here is the patch I created to get it to work. It boils down to: remove all the ppc entries from the tools/build/v2/tools/darwin.jam, because the XCode compiler does not offer support for PPC anymore. And, you have to remove the “-m64” option in the gcc.jam, because the xcode compiler does not like to have -arch x86_64 -arch i386 -m64 all together on the command-line.

But, if you take the road of building your code on XCode 3.2, you specifically eliminate all those users still using a PPC based Mac. That might not be what you intended. In that case you probably need to add the -V 4.0.1. option to gcc/g++ in which case you use the older compiler (from XCode 3.1), which might or might not be what you need for your project.

(Sorry for the stupid looks on the patch, but wordpress mangles stuff with the <code> tag).

diff --recursive -u boost_1_40_0.orig/tools/build/v2/tools/darwin.jam boost_1_40_0/tools/build/v2/tools/darwin.jam
--- boost_1_40_0.orig/tools/build/v2/tools/darwin.jam 2009-04-14 09:59:30.000000000 +0200
+++ boost_1_40_0/tools/build/v2/tools/darwin.jam 2009-09-06 08:01:26.000000000 +0200
@@ -304,9 +304,9 @@
: $(values) ;

-arch-addr-flags darwin OPTIONS : combined : 32 : -arch i386 -arch ppc : default ;
-arch-addr-flags darwin OPTIONS : combined : 64 : -arch x86_64 -arch ppc64 ;
-arch-addr-flags darwin OPTIONS : combined : 32_64 : -arch i386 -arch ppc -arch x86_64 -arch ppc64 ;
+arch-addr-flags darwin OPTIONS : combined : 32 : -arch i386 : default ;
+arch-addr-flags darwin OPTIONS : combined : 64 : -arch x86_64 ;
+arch-addr-flags darwin OPTIONS : combined : 32_64 : -arch i386 -arch x86_64 ;

arch-addr-flags darwin OPTIONS : x86 : 32 : -arch i386 : default ;
arch-addr-flags darwin OPTIONS : x86 : 64 : -arch x86_64 ;
diff --recursive -u boost_1_40_0.orig/tools/build/v2/tools/gcc.jam boost_1_40_0/tools/build/v2/tools/gcc.jam
--- boost_1_40_0.orig/tools/build/v2/tools/gcc.jam 2009-07-11 13:04:31.000000000 +0200
+++ boost_1_40_0/tools/build/v2/tools/gcc.jam 2009-09-06 08:11:17.000000000 +0200
@@ -375,7 +375,8 @@
- option = -m64 ;
+ # option = -m64 ;
+ option = ;
OPTIONS on $(targets) += $(option) ;