ziggurat29


It is expected that you would have found direct project pages through other means, but in case you land on this default page somehow, here are links to various public projects.

Projects and Journals

various projects can also be found here:

http://ziggurat29.wordpress.com/

Here I journal the projects in addition to providing the work product.

 

OpenVPN related

OpenVPN is a user-mode vpn using ssl for tunnel encryption.  It has a huge number of options and is supported on many platforms.  The price is right, and deployment is self-contained and easy (once you know what you're doing).

OpenVPN for Pocket PC

My contribution to the OpenVPN project was to create the needed TAP driver, do the required application porting, and provide a controlling GUI in support of PocketPC specifically, and Windows CE generally (though you may have to recompile for non-PocketPC due to dependencies on some optional libs, like cellcore.dll, that your platform may not include).

Build of OpenVPN 2.1 rc 20 for OpenWRT (<- the actual file to download)

OpenWRT is a fantastic project which transforms a consumer-grade wireless router into a full featured router.  The current release doesn't have a build of the 2.1 openvpn, however, so I built it myself.  I have provided the link to the ipkg in case anyone else has interest in it.  I have also added the OCSP support patch to this build.

Older ones (if for some reason you think you need them):

OpenVPN 2.1 rc 1, OpenVPN 2.1 rc 4, OpenVPN 2.1 rc 6,

OpenVPN 2.1 rc 8, OpenVPN 2.1 rc 9b, OpenVPN 2.1 rc 13,

OpenVPN 2.1 rc 15, OpenVPN 2.1 rc 18, OpenVPN 2.1 rc 19

OpenVPN Manual

This is the OpenVPN man page converted to a Word document, with all the commands hyperlinked within.  I like using this form.  Maybe one day I will convert it to a Windows help file....  But not today.

OpenVPN.exe with pkcs12 inline rc10

I like the inline files, but I didn't like that I had to put my private key in plaintext in them.  PKCS #12 files can be (and typically are) encrypted under a passphrase derived key, but they can't be stored inline.  I made a patch which allows storing these files inline between the XML-esque tags of

<pkcs12>

</pkcs12>

The catch is that since pkcs12 files are binary, you will need to base-64 encode them first, and stick the (textual) result between the aforementioned tags.  You can base-64 easily using the openssl.exe that almost certainly was distributed with your openvpn package.

openssl enc -base64 -in cred.p12 -out cred.p12.b64

OpenVPN GUI with pkcs11 support

If you use smartcard/USB tokens with openvpn, and with Windows, you will already know that the GUI doesn't support for prompting for the PIN for the token.  I made a patch to the openvpn-gui source that adds this support.  A dialog will pop up prompting for the token PIN.

And the source, if you want it.

OpenVPN End (<- the actual file to download)

This is a trivial utility that will signal a named event.  OpenVPN can wait on a named event, and by default the program will signal openvpn_exit_1.  You can specify a different on on the command line.  Other than the name of the executable and the default event name, this really isn't openvpn-specific, however, and could be useful anytime you want to manually signal a named event to unstick something or from a batch file.

Modtronix SBC65 related

Oregon Scientific WMR928 Embedded Web Server

This provides software for the Modtronix SBC65EC embedded computer to interface with the Oregon Scientific WMR928 weather station, provide an embedded web server, and serve up the current weather data via HTML and also RSS.  You can pack up the SBC65EC into a module that plugs into the back of the WMR928 and plug the other side into the Ethernet jack.  You can also use the existing WMR928 power supply to run both units.

FRAMTest

I produced some routines for using the FRAM on the SBC65 which are available for others to use.

 

Miscellaneous

SexyHexy

SexyHexy is a TrueType™ font I created to serve as a quick hex viewer.  The font has 256 glyphs, each of which is a two-digit hex number.  This is handy for seeing control codes, and doing a quick ascii to hex conversion with a text editor.

XCA Portable

XCA is an open-source Certificate Authority management app.  PortableApps is project that provides a mechanism by which you package an application with a launcher so that the app, settings, and data are all stored on a removable media -- typically a usb flash drive.  Since I like to keep my CA database on removable media anyway (it has all the private keys), it is nice to have the managing application come along with it.  This is a PortableApps installer for XCA.

VNCViewer.paf.exe (<- the actual file to download)

VNC Viewer is pretty portable as it is -- it is a single executable that doesn't require an installer, but it does save settings in the registry.  This Portable Apps launcher pivots the registry settings off of and onto the removable media, so your settings are made portable (e.g., MRU).  Also, any settings on the actual machine being used are backed up during the pivot operation.

OpenVPNPortable.paf.exe (<- the actual file to download)

This is a PortableApps version of OpenVPN.  This handles installing/removing the TAP driver (if needed) and starting up OpenVPN GUI.  Then you can run your VPN connections off the configurations in the 'data' directory.  When the GUI exits, an opportunity will be given to remove the TAP driver _if_ it was installed upon launch (i.e., this won't happen if it already existed).

OpenVPN GUI 1.0.3 with PKCS11 prompt (<- the actual file to download)

This is a modified version of the commonly used Windows GUI for OpenVPN.  I added support for presenting the PIN prompt for use with pkcs11 tokens.  This file is a zip of the modified source, and also contains a build binary.  The significant changes were to openvpn_monitor_process.c, passphrase.h, and passphrase.c.  To support building in VC6, I made some other superficial changes (e.g. header includes, etc) to other files.

OCSPD for OpenWRT (<- the actual file to download)

PKI defines a protocol called OCSP that is used as a CRL replacement.  You may find it convenient to run an OCSP responder daemon if you run a PKI, for example, for OpenVPN.  This provides the OpenCA implementation of ocspd.  This not the friendliest or best documented program in the world, so here's how I do it:

  1. Install the package.  It depends on libopenldap and libsasl2.
  2. There will be an ocspd.conf in /etc which you will need to edit to your liking.
  3. My liking is to create a directory /etc/ocspd and move the ocspd.conf file there.  Then I add all the certs, keys, and crls there.  You will need to edit S50ocspd to refer to the new location of the conf file.
  4. You will need to edit /etc/ocspd.conf in various places:
  1. dir -- refer to the new location
  2. ca_certificate -- refer to the trusted ca certificate
  3. ocspd_certificate -- refer to the ocspd server certificate you will be creating
  4. ocspd_key -- refer to the private key you will be creating.  NOTE:  this is a sensitive parameter; chmod it 400
  5. pidfile -- I use /var/run/ocspd.pid
  6. thread_num -- I reduce this to 5 for my low-volume application
  7. under the section [ first_ca ] you need to specify the CRL file you will be using, and the CA cert for that CRL.
  1. You will need to create an ocspd server certificate and private key, and deploy it.
  2. You will need to create your CRL and deploy it.  Note, the daemon will heed the 'next update' time of the CRL and deny everyone after that time if you do not deploy an updated CRL.  For this reason, in my personal PKI, I put an extremely long next update time to my CRLs to avoid this chore.  You probably wouldn't want to do that in a more serious PKI.

The following is a slide show by the author openca_ocspd_tutorial.pdf which may be of interest.

portfwd for OpenWRT (<- the actual file to download)

This is a cross-compile of the port-forwarding daemon 'portfwd'.  You can find the gory details here.  I find this handy to set up port reflectors in certain cases.  You will also need to install the package uclibc++.  Don't forget to open the ports on your firewall.  The config file is in /etc/portfwd.conf

DL13C

We'll have to see where this goes, but I am re-braining an old-school HP12C to be a perversely exquisite super-calc.  It came out of a desire to make a 'cryptographic calculator', and also my love of the Voyager series of HP calculators from the 80's.  Aside from emulating the HP15C (and subsuming 16C functions, but probably not emulating per se), it will have cryptographic functionality and some additional freaky stuff.

Apricorn Padlock Disassembly

I have one of these encrypting hard drives.  The drive started to fail, so I decided to disassemble it instead of invoking a warranty claim.  The things I found inside were... "interesting"

 

Financial Transaction Processing-Related

I HAVE ASSIGNED RIGHTS AND OWNERSHIP OF THE BOGOATALLA AND RELATED FINANCIAL PROCESSING TOOLS TO A THIRD PARTY, AND AM NO LONGER FREE TO DISTRIBUTE THE TOOL OR IT'S SOURCE CODE.  SORRY FOR THE INCONVENIENCE.

These are all Windows command-line utilities (except where noted); execute with the -help option to determine usage.

DUKPT Decrypt (<- the actual file to download)

This is a utility that will decrypt Encrypted PIN Blocks that have been produced via the DUKPT single- and triple-DES method.  I used this for testing the output of some PIN Pad software I had created, but is also handy for other debugging purposes.

VISA PVV Calculator (<- the actual file to download)

This is a utility that will compute and verify PIN Verification Values that have been produced using the VISA PVV technique.  It has a bunch of auxiliary functions, such as verifying and fixing a PAN (Luhn computations), creating and encrypting PIN blocks, decrypting and extracting PINs from encrypted PIN blocks, etc.

VISA CVV Calculator (<- the actual file to download)

This is a utility that will compute Card Verification Values that have been produced using the VISA CVV technique.  MasterCard CVC uses the CVV algorithm, so it will work for that as well.  It will compute CVV, CVV2, CVV3, iCVV, CAVV, since these are just variations on service code and the format of the expiration date.  Verification is simply comparing the computed value with what you have received, so there is no explicit verification function.

Atalla AKB Calculator (<- the actual file to download)

This is a utility that will both generate and decrypt Atalla AKB (Atalla Key Block) cryptograms.  You will need the plaintext MFK to perform these operations.  When decrypting, the MAC will also be checked and the results shown.  You can build keys from components.

BogoAtalla (<- MOVED)

Bogo Atalla is an HP Atalla emulator (or simulator).  This software emulation (simulation) of the well-known Atalla Hardware Security Module (HSM/TRSM) (aka the Atalla NSP, or Atalla Box) that is used by banks and processors for cryptographic operations, such as verifying/translating PIN blocks, authorizing transactions by verifying CVV/CSC numbers, and performing key exchange procedures, was produced for testing purposes.  This implementation is not of the complete HP Atalla command set, but rather the just portions that I myself needed.  That being said, it is complete enough if you are performing acquiring and/or issuing processing functions, and are using more modern schemes such as Visa PVV and DUKPT, and need to do generation, verification, and translation.