I would like to know whether vulnerability scanners can scan binary files for vulnerabilities or can they scan source code only ?
It depends on the scanner. Which scanner did you mean? Different ones scan different things. If the question is "are there source scanners and are there also binary scanners," the answer is yes. There are also ones that scan neither (they send data and scan responses).
Related
I need to do some NON-STANDARD signal processing operations with an RFID-reader, so I'd like to know if it is possible to extract antenna's individual analog (actually digital samples right after ADC) input signal samples with Motorola FX7500 (if you know how this works on FX7400 or FX9500, please do tell, could be helpful). Samples would be processed in a JAVA-based host computer program.
What I've already tried:
Investigating Motorola's own RFID3 API's possibilities, it doesn't go deep enough to actually get in touch with input analog signal samples.
Using LLRP to its full extent, it doesn't allow analog signal sample access either. RFsurvey-functionality would have been helpful to some extent, but FX7500 doesn't support it either.
Accessing RFID-reader's linux terminal, trying to find the driver function(s), that could listen the input sample stream. If current input sample(s) could be extracted from the input stream, I could (in theory) make a script, that would save a few of those sample values in a txt-file in the host computer during a tag inventory round. My linux skills are kinda bad, hence I ask this question.
The only realistic way to solution seems to be via linux terminal, so if you folks have any ideas about that (where to look and what to do), please advise!
Contents of reader:
rfidadm#FX7500abcdef:/$ ls -1
apps
bin
dev
etc
home
include
lib
linuxrc
media
mnt
platform
proc
readerconfig
run
sbin
sys
tmp
usr
var
I cannot completely rule that out, but it's highly unlikely you can get the raw signal digitized; the devices you're looking at aren't really software defined radio devices, typically.
"speaking" RFID physically is a bit different from "usual" wireless communication: The reader doesn't only observe the energy transmitted from the tag, but more importantly the fluctuations of energy extracted from the near field of the reader's antenna coil. Hence, you don't actually have a baseband of RF bandpass signal, but hardware-specific modulations of transmitted (and inversely, antenna-reflected) energy. Demodulation is hence usually done in specialized hardware.
However, do not fret: It's totally possible to build a software defined RFID reader. There have been several approaches to that, but personally, I trust these based on Ettus USRPs and/or GNU Radio best. Look through the results IEEExplore gives you, eg. this search.
Most probably this is not possible with the Motorola readers. What you can do, is use one of the RFID chipsets available on the market: either the AMS RFID IC's, or the Impinj RFID IC's. As far as I know, both IC's support retrieving the digital samples that are received. They also have a development kit to test-drive the IC's.
I'm starting a project at work where the workers are supposed to get a scanner to scan barcodes on the vares that they use. Optimaly we would have a system supporting this, but we don't.
My thought is to be able to have excel running in the background on the computer they use to several other things, like reading newspapers and looking up todays weather etc. My understading of scanners is that they work just like a keyboard when connected to a computer, problems may then arise if someone is scanning barcodes, and another one is reading the newspaper in internet explorer, maybe the barcodes pops-up as a number in the URL(?), when it really should go to a specific cell in excel.
My question: Is it possible to make a scanner always return its values(scanned barcodes) to excel, EVENTHOUGH the computer may be used to something else at the same time?
Thanks for every thought and comment!
Have a nice weekend!
I do not think Excel would be the best solution to achieve this. It may be possible to achieve by linking to the scanner API and leveraging external libraries to listen for the scanner port etc. However, these kind of applications best be installed as system services e.g. Windows Service or as any other background application in .NET, Java, Python whatever. Excel is not the first choice technology to do these sort of things. Excel, however, can well be used for outputing this data.
What is more, honestly, the solution and feasibility will depend on the scanner API or driver.
Essentially, I'm looking for a 1D bar-code scanner that I can program, either through provided software or some sort of programming language, that will read a bar-code and format the resulting string.
I have already tried the Datalogic Gryphon GD 4130 scanner and it didn't work well with what we needed it to do, and I thought the software they provided was hard to use.
Price isn't an issue either. So any recommendations would be great.
The Honeywell Voyager 9520/40 line worked well for me. The scanner itself was easily programmable by scanning "program barcodes" that they provided.
But I also needed my program to be able to detect barcode scans even if it wasn't the "active" window. And I did not want to create a global keyboard hook to check if any keyboard input was actually a barcode scan.
I found that Honeywell offered free drivers to convert this scanner's output into "serial port" input on the pc - though it was a USB scanner. This was good for programming because it's a cinch to read serial port data in most programming languages, and it would have been rough for me to create some native code to read USB port data.
When researching this I found that most scanners actually had the capability to emulate serial port input so I would recommend that you look out for that feature if you want your program to be able to detect scans without having to get the focus first.
I answered a similar question with some examples here.
The Symbol line of scanners work well and are programmable. We use Model: LS2208. You can program it via barcodes or with free software that can be downloaded from their site. After creating the program you can then save it and/or print it as a sheet of barcodes that can be scanned to reprogram the unit other other units.
I'm trying to anonymize packets from a pcap file that I have. I need to discard all the packets payloads/content (leaving only header information) and was wondering if there would be a tool that I could use for this (on Linux)? I have thought about using tcpdump with specifying the snaplen but with the header length changing, I don't think that would work.
If there isn't a tool that could accomplish this, a point in the direction of what library for coding would be best(easiest) would work as well. I'd rather not take that route since I have virtually no experience in network programming.
Any help is much appreciated.
You don't need any network programming experience to anonymize the packets. The format of the output file is well documented in the pcap-savefile(5) manpage. You will need to lookup the layouts of the various protocols you'll be handling in order to identify what fields need to be anonymized. You should also look at the link layer header types documentation at tcpdump.org to help you get started.
EDIT: Also look at libpcap itself... according to the pcap-savefile manpage:
NOTE: applications and libraries
should, if possible, use libpcap to
read savefiles, rather than having their own code to read
savefiles.
If, in the future, a new file format is supported by libpcap,
applica-
tions and libraries using libpcap to read savefiles will be
able to
read the new format of savefiles, but applications and
libraries using
their own code to read savefiles will have to be changed to
support the
new file format.
Recently, i began developing a driver of an embedded device running linux.
Until now i have only read about linux internals.
Having no prior experience in driver devlopment, i am finding it a tad difficult to land my first step.
I have downloaded the kernel source-code (v2.6.32).
I have read (skimped) Linux Device Drivers (3e)
I read a few related posts here on StackOverflow.
I understand that linux has a "monolithic" approach.
I have built kernel (included existing driver in menuconfig etc.)
I know the basics of kconfig and makefile files so that should not be a problem.
Can someone describe the structure (i.e. the inter-links)
of the various directories in the kernel-source code.
In other words, given a source-code file,
which other files would it refer to for related code
(The "#include"-s provide a partial idea)
Could someone please help me in getting a better idea?
Any help will be greatly appreciated
Thank You.
Given a C file, you have to look at the functions it calls and data structures it uses, rather than worrying about particular files.
There are two basic routes to developing your own device driver:
Take a driver that is similar to yours; strip out the code that isn't applicable to your device, and fill in new code for your device.
Start with the very basic pieces of a device driver, and add pieces a little at a time until your device begins to function.
The files that compose your driver will make more sense as you complete this process. Do consider what belongs in each file, but to some extent, dividing a driver among files is more an art than a science. Smaller drivers often fit into just one or two files.
A bit of design may also be good. Consider what you device does, and what your driver will need to do. Based on that, you should be able to map out what functions a device driver will need to have.
I also believe Linux Device Drivers, Third Edition may help you get on your way to driver development.
Linux files themselves include files based on what they do, what layer they are in, and what layer they access of the call stack. The Big Picture truly informs how each file is related to the next.
I had to fix a kernel driver once. My biggest tip (if you use vim) is to set it up with ctags so you can jump around the kernel source with ctrl-] every time you see a function you don't understand.