F1ak3r
F1ak3r
Posts

231

Following

43

Followers

49

Just some guy.

Joined on July 15, 2007, 1:37 PM Visited on June 23, 2019, 3:31 PM
Badges

F1ak3r posted on November 28, 2017 at 5:24 AM

Inspired by 64D

Yesterday, I released something called Trollcave on my main blog. It's a bit like a game, but not quite, and there's a bit of a barrier to entry. It's an infosec challenge VM, so the idea is you download a VirtualBox ova, load it up (with sensible precautions), and try to gain unauthorised access to it by exploiting vulnerabilities and misconfigurations, ultimately to read /root/flag.txt.

Web application security experience helps, but it should be completeable by anyone with good technical and security knowledge about webdev. Here's a screenshot:


As must be obvious from the screenshot, the website on this VM is pretty heavily inspired by 64Digits. This is partially because I spent a week writing a 64D clone in Rails (driven by boredom) and then only later decided to do this with it, and partially because I had some cool ideas around how some features similar to those this site has could be used in a hacking challenge.

Bear in mind that none of the fake users are meant to be anyone here, and none of the vulnerabilities I poked into the design are indicative of anything here either.

Not sure if this is really anyone here's cup of tea, but I felt I had to mention it in a 64D blog considering the inspiration for it. Download link is here: Oracle Virtualbox .ova file (891MB)

F1ak3r posted on December 09, 2016 at 6:27 AM

Ludum Dare 37

Ludum Dare #37 is to be hosted on their new website
Starts in ~19 hours. Who all's participating? Seeing as I'm actually free this weekend (my year-end leave starts on Sat) I'm going to give it a shot, unless the theme totally sucks (but most of the contenders look reasonably interesting, so I don't think that'll be the case).

F1ak3r posted on May 09, 2016 at 5:41 PM

VT-d GPU Passthrough

What is the best single-PC setup for a Linux enthusiast who still likes to play Windows-only games and run other Windows-only software?

Not WINE, because despite working surprisingly well in many cases and being in general better than you might expect, it's often flaky and unstable, and is absolutely not guaranteed to run every program.

Not dual-booting, because then you have to constantly reboot and context-switch.

Not a Windows virtual machine, because those don't let you run anything graphically intensive.

Not a Linux virtual machine on a Windows host, because then you're not really using Linux (especially evident when Windows blue-screens and takes your poor VM along with it).

What you want is a way run Linux and Windows simultaneously, allowing each operating system access to the tools it needs to run your system: Windows should get the graphics card and everything else it needs for playing games, and Linux should get the rest for doing everything else.

Solution: set up a Linux host with a Windows virtual machine that uses modern virtualisation technology (VT-d & IOMMU) to directly access the graphics card.


I set this up over the last week or so, and it was actually a lot easier than I thought it would be. A year or two ago you needed to compile custom kernel images to get it right, but with the latest version of Ubuntu (16.04) running Linux kernel ~4.4, all I had to do was:

1. Make some minor config changes to assign my graphics card to the pci-stub driver1 on boot instead of the default radeon driver.
2. Set up a Windows virtual machine with Qemu-KVM and assign it my card (there was even a neat GUI for this, and only one point where you need to abandon it and dip into config files).
3. Install graphics card drivers on Windows VM.

I had to do a bit more futzing around to get keyboard and mouse sharing (Synergy), some futzing with that to get mouselook in FPS games to work (by default Synergy sends absolute mouse coordinates, but games want relative ones, so you end up with a madly spinning screen or a crosshair that simply refuses to move) and a little more mucking around to get my onboard graphics card to play nice so I could use it for the Linux host.

All-in-all, easier than getting graphics card drivers to work on Linux itself. /s

Under my setup, I have both monitors wired to both graphics cards. So I can start up my Windows VM, move my mouse up, switch output on the screens, and then feel exactly like I'm using Windows on a normal Windows PC. And if I don't want to actually use Windows, I can Steam's in-home streaming to literally play games on Linux.

Graphics settings in games are exactly the same as when I was running Windows, and performance seems the same too (though this may take a few weeks to fully assess).

Startup is obviously faster, and I can now spend most of my time using my favourite minimal tiling window manager.

Overall, this worked a lot better than I expected, and was almost entirely painless to set up. My thoughts could change in the coming weeks (during which I plan to do a full writeup of how I set things up on my other blog), but so far, so good. Really worth a shot if you think you'd like it and have compatible hardware (you need to be able to enable VT-d in your BIOS and will also require a reasonably recent graphics card). For reference, the three main resources I used were this Linux Mint forum thread, this Arch Wiki page and the five-part guide on the VFIO Tips and Tricks blog.

EDIT 2016/09/09: And here at long last is my comprehensive guide to setting this up, as promised months ago.