Busybox httpd with basic auth

For very simple websites, nothing beats running ‘busybox httpd’.

To build it, download the latest source from: https://busybox.net/downloads/

To compile:

make defconfig
make

To run with basic authentication:

  1. Find out the hash of the password you want to use, for example, if
    you want to use the password ‘secret’:

    $ busybox httpd -m secret
    $1$gDqyrCR.$6MSG2JC9CBWRNypWVfuC81
  2. Add the login information to your httpd.conf file. For example, to use user ‘fred’:
    echo '/:fred:$1$gDqyrCR.$6MSG2JC9CBWRNypWVfuC81' > httpd.conf
  3. Start busybox httpd as follows:
    busybox httpd -v -f -p 5005 -r "Identify yourself:" -c httpd.conf

    Options used:
    -v: be verbose
    -f: stay in foreground (don’t daemonize)
    -p: port number
    -r: authentication realm (i.e. string you want to show the users)
    -c: configuration file

Git encryption that works

Intructions on git encryption are to found around the web, some don’t work, some are too difficult. The following works for me. Make sure you understand what you’re doing if you decide to use it. All thanks, kudos, merit and attribution to this excellent post.

  1. Make sure git and openssl are installed and working on your system
  2. Create a directory in $HOME:
    mkdir ~/.gitencrypt
  3. Make it accessible only to user
    chmod 0700 ~/.gitencrypt
  4. Create the 3 following files in this directory:
    cat > ~/.gitencrypt/clean_filter_openssl <<EOF
    #!/bin/sh
    SALT=
    PASSWORD=
    openssl enc -base64 -aes-256-ecb -S $SALT -k $PASSWORD
    EOF
    cat > ~/.gitencrypt/diff_filter_openssl <<EOF
    #!/bin/sh
    PASSWORD=
    openssl enc -d -base64 -aes-256-ecb -k $PASSWORD -in "" 2> /dev/null || cat ""
    EOF
    cat > ~/.gitencrypt/smudge_filter_openssl <<EOF
    #!/bin/sh
    PASSWORD=
    openssl enc -d -base64 -aes-256-ecb -k $PASSWORD 2> /dev/null || cat
    EOF
  5. Make these 3 files executable:
    chmod +x ~/.gitencrypt/*
  6. Generate a random, 24-hex characters salt and a random password, and set them in the files created above:
    RANDOM_SALT=$(tr -dc 'A-F0-9' < /dev/urandom | head -c16)
    RANDOM_PASSWORD=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c18)
    sed -i -e "s/SALT=/SALT=${RANDOM_SALT}/" ~/.gitencrypt/*
    sed -i -e "s/PASSWORD=/PASSWORD=${RANDOM_PASSWORD}/" ~/.gitencrypt/*
  7. Create a git repository:
    mkdir repos
    cd repos
    git init
  8. Append lines to .git/config:
    cat >> .git/config <<EOF
    
    [filter "openssl"]
        smudge = ~/.gitencrypt/smudge_filter_openssl
        clean = ~/.gitencrypt/clean_filter_openssl
    [diff "openssl"]
        textconv = ~/.gitencrypt/diff_filter_openssl
    EOF
  9. Add a .gitattributes file
    cat > .gitattributes <<EOF
    * filter=openssl diff=openssl
    [merge]
    renormalize=true
    EOF
  10. Now all commits will be encrypted.

Veracrypt on ARM

These are the steps I took to compile veracrypt on a Scaleway C1 (ARM) machine running Debian Stretch:

  1. Dowloaded and extracted wxWidgets veracrypt’s GitHub repository:
    wget https://github.com/veracrypt/VeraCrypt/archive/VeraCrypt_1.21.tar.gz
    tar xzvf VeraCrypt_1.21.tar.gz
  2. Dowloaded and extracted wxWidgets from https://www.wxwidgets.org/downloads:
    wget https://github.com/wxWidgets/wxWidgets/releases/download/v3.1.0/wxWidgets-3.1.0.tar.bz2
    tar xjvfv3.1.0/wxWidgets-3.1.0.tar.bz2
  3. Installed a couple of dependencies:
     sudo apt install build-essential libfuse-dev pkg-config
  4. Compiled wxWidget (console only):
    cd /path/to/VeraCrypt-VeraCrypt_1.21/src
    make -j 4 NOGUI=1 WXSTATIC=1 WX_ROOT=/path/to/wxWidgets-3.1.0 wxbuild
    make -j 4 NOGUI=1 WXSTATIC=1
  5. The executable is built in the directory called ‘Main’

Java: test JCE strength

To quickly test if JCE with unlimited strength is activated on your java installation, run this:

import javax.crypto.Cipher;

class JceTest {
  public static void main(String[] args) {
    try {
      int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
      System.out.printf("maxKeyLen=%d%n", maxKeyLen);
      if(maxKeyLen == 2147483647) {
        System.out.println("JCE with unlimited strength activated.");
      } else {
        System.out.println("JCE with unlimited strength NOT activated!");
      }
    } catch (Exception e){
      System.out.println("Sad world :(");
    }
  }
}

 

Compile lastpass-cli (lpass) for termux

  1. Make sure you have git and some dependencies installed:
    $ pkg install git
    $ pkg install libllvm make cmake
    $ pkg install pkg-config openssl-dev libcurl-dev libxml2-dev
  2. Get the lastpass-cli source code from github:
    $ git clone https://github.com/lastpass/lastpass-cli
  3. Compile:
    $ cd lastpass-cli
    $ make
  4. The executable is located in ./build/lpass

Building minio’s mc and restic on termux

If you use the binaries provided by minio and restic to run the ‘mc’ and ‘restic’ commands on android’s termux, it won’t work, due to restriction on DNS resolution, you need to build them yourself.

This is how to do it:

MC

$ go get -d github.com/minio/mc
$ cd $HOME/go/src/github.com/minio/mc
$ GOPATH=$HOME/go make

RESTIC

$ git clone https://github.com/restic/restic
$ cd restic
$ go run build.go -v --enable-cgo

Straightforward java compilation on termux

To run java apps on your android device, install termux, and run the following:

$ pkg install ecj dx
$ cat > Hello.java <<EOF
public class Hello {
  public static void main(String[] args) {
    System.out.println("Hello world, on termux!");
  }
}
EOF
$ ecj Hello.java
$ dx --dex --output=Hello.dex Hello.class
$ dalvikvm -cp Hello.dex Hello
Hello world, on termux!

How to find out compiler version of a go binary

If you have a binary that was produced by a golang compiler, and you want to find out which version of the compiler was used, you can use use the C debugger gdb as follows:

$ gdb /path/to/binary
[...]
(gdb) p 'runtime.buildVersion'
$1 = 0x5e1d83 "go1.9"