The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,184 other subscribers

Archive for the ‘SHA’ Category

« Previous Entries

Chocolatey: installing Oracle SQL Developer and updating the chocolatey package

Posted by jpluimers on 2021/05/13

Sometimes an install is not just as simple as C:\>choco install --yes oracle-sql-developer.

Edit 20210514:

Note that most of the below pain will be moot in the future as per [Archive.is] Jeff Smith 🍻 on Twitter: “we’re working on removing the SSO requirement, it’s already done for @oraclesqlcl – see here … “ referring to [Wayback] SQLcl now under the Oracle Free Use Terms and Conditions license | Oracle Database Insider Blog

SQLcl, the modern command-line interface for the Oracle Database, can now be downloaded directly from the web without any click-through license agreement.

It means the Oracle acount restriction will be lifted, and downloads will be a lot simpler.

I started with the below failing command, tried a lot of things, then finally almost gave up: Oracle stuff does not want to be automated, which means I should try to less of their stuff.

First of all you need an Oracle account (I dislike companies doing that for free product installs; I’m looking at Embarcadero too) by going to profile.oracle.com:

[WayBack] Chocolatey Gallery | Oracle SQL Developer 18.4.0 (also: gist.github.com/search?l=XML&q=oracle-sql-developer)

Notes

  • This version supports both 32bit and 64bit and subsequently does not have a JDK bundled with it. It has a
    dependency on the jdk8 package to meet the application’s JDK requirement.
  • An Oracle account is required to download this package. See the “Package Parameters” section below for
    details on how to provide your Oracle credentials to the installer. If you don’t have an existing account, you can
    create one for free here: https://profile.oracle.com/myprofile/account/create-account.jspx

Package Parameters

The following package parameters are required:

/Username: – Oracle username
/Password: – Oracle password

(e.g. choco install oracle-sql-developer --params "'/Username:MyUsername /Password:MyPassword'")

To have choco remember parameters on upgrade, be sure to set choco feature enable -n=useRememberedArgumentsForUpgrades.

Then the installation failed fail again: ERROR: The response content cannot be parsed because the Internet Explorer engine is not available, or Internet Explorer's first-launch configuration is not complete. Specify the UseBasicParsing parameter and try again.

The trick is to RUN IEXPLORE.EXE AS ADMINISTRATOR ONCE BEFORE INSTALLING FROM CHOCOLATEY. Who would believe that.

The reason is that the package uses Invoke-WebRequest which requires Internet Explorer and PowerShell 3. Chocolatey packages however need to be able to run on just PowerShell 2 without Invoke-WebRequest.

Maybe using cURL can remedy that; adding a dependency to is is possible, as cURL can be installed via chocolatey: [WayBack] How to Install cURL on Windows – I Don’t Know, Read The Manual. Another alternative might be [WayBack] Replace Invoke-RestMethod in PowerShell 2.0 to use [WayBack] WebRequest Class (System.Net) | Microsoft Docs.

Read the rest of this entry »

Posted in CertUtil, Chocolatey, CommandLine, Database Development, Development, DVCS - Distributed Version Control, git, Hashing, OracleDB, Power User, PowerShell, Security, SHA, SHA-1, Software Development, Source Code Management, Windows, XML, XML/XSD | Leave a Comment »

Supermicro Bios Update – YouTube

Posted by jpluimers on 2020/09/14

I needed to get myself an OOB license for the BIOS update over the IPMI console or SUM (Supermicro Update Manager). An IPMI update can be done without an OOB license from the IPMI console, but the BIOS requires a license.

Links that initially helped me with that to get a feel for what I needed:

I thought that likely I need to purchase a key for it:

Obtain the license code from your IPMI BMC MAC address

But then I found out the below links on reverse engineering.

From those links, I checked both the Perl and Linux OpenSSL versions. Only the Perl version works on MacOS.

Then I fiddled with the bash version: unlike the OpenSSL version above, this one printed output. It wrongly printed the last groups of hex digits instead of the first groups of hex digits that the Perl script prints.

Here is the corrected bash script printing the first groups of hex digits (on my systems, I have an alias supermicro_hash_IPMI_BMC_MAC_address_to_get_OOB_license_for_BIOS_update for it):

#!/bin/bash
function hash_mac {
  mac="$1"
  key="8544e3b47eca58f9583043f8"
  sub="\x"
  #convert mac to hex
  hexmac="\x${mac//:/$sub}"
  #create hash
  code=$(printf "$hexmac" | openssl dgst -sha1 -mac HMAC -macopt hexkey:"$key")
  #DEBUG
  echo "$mac"
  echo "$hexmac"
  echo "$code"

  echo "${code:0:4}-${code:4:4}-${code:8:4}-${code:12:4}-${code:16:4}-${code:20:4}"
}

Steps

Reverse engineering links

  • [WayBack] The better way to update Supermicro BIOS is via IPMI – VirtualLifestyle.nl

    Another way to update the BIOS via the Supermicro IPMI for free is simply calculating the license key yourself as described here: https://peterkleissner.com/2018/05/27/reverse-engineering-supermicro-ipmi/ [WayBack].

    • [WayBack] Reverse Engineering Supermicro IPMI – peterkleissner.com

      Algorithm:

      MAC-SHA1-96(INPUT: MAC address of BMC, SECRET KEY: 85 44 E3 B4 7E CA 58 F9 58 30 43 F8)

      Update 1/14/2019: The Twitter user @astraleureka posted this code perl code which is generating the license key:

      #!/usr/bin/perl
use strict;
use Digest::HMAC_SHA1 'hmac_sha1';
my $key  = "\x85\x44\xe3\xb4\x7e\xca\x58\xf9\x58\x30\x43\xf8";
my $mac  = shift || die 'args: mac-addr (i.e. 00:25:90:cd:26:da)';
my $data = join '', map { chr hex $_ } split ':', $mac;
my $raw  = hmac_sha1($data, $key);
printf "%02lX%02lX-%02lX%02lX-%02lX%02lX-%02lX%02lX-%02lX%02lX-%02lX%02lX\n", (map { ord $_ } split '', $raw);

      Update 3/27/2019: There is also Linux shell version that uses openssl:

      echo -n 'bmc-mac' | xxd -r -p | openssl dgst -sha1 -mac HMAC -macopt hexkey:8544E3B47ECA58F9583043F8 | awk '{print $2}' | cut -c 1-24
    • [WayBack] Modular conversion, encoding and encryption online — Cryptii

      Web app offering modular conversion, encoding and encryption online. Translations are done in the browser without any server interaction. This is an Open Source project, code licensed MIT.

      Steps:

      1. In the left pane, select the “View” drop-down to be “Bytes”, then paste the HEX bytes of your IPMI MAC address there (like 00 25 90 7d 9c 25)
      2. In the middle pane, select the drop-down to become “HMAC” followed by the radio-group to be “SHA1“, then paste these bytes into the “Key” field: 85 44 E3 B4 7E CA 58 F9 58 30 43 F8
      3. In the right pane, select the drop-down to become “Bytes”, then the “Group by” to become “2 bytes”, which will you give the output (where the bold part is the license key: 6 groups of 2 bytes): a7d5 2201 4eee 667d dbd2 5106 9595 2ff7 67b8 fb59

      Result:

    • Michael Stapelberg’s private website, containing articles about computers and programming, mostly focused on Linux.[WayBack] Securing SuperMicro’s IPMI with OpenVPN
    • [WayBack] GitHub – ReFirmLabs/binwalk: Firmware Analysis Tool
  • [WayBack] The better way to update Supermicro BIOS is via IPMI – VirtualLifestyle.nl

    Ahh…..a few corrections :-P

    #!/bin/bash
function hash_mac {
  mac="$1"
  key="8544e3b47eca58f9583043f8"
  sub="\x"
  #convert mac to hex
  hexmac="\x${mac//:/$sub}"
  #create hash
  code=$(printf "$hexmac" | openssl dgst -sha1 -mac HMAC -macopt hexkey:"$key")
  #DEBUG
  echo "$mac"
  echo "$hexmac"
  echo "$code"
  echo "${code:9:4} ${code:13:4} ${code:17:4} ${code:21:4} ${code:25:4} ${code:29:4}"
}
#hex output with input
hash_mac "$1"

#Look out for the quotes, they might get changed by different encoding
  • [WayBack] The better way to update Supermicro BIOS is via IPMI – VirtualLifestyle.nl

    Thanks Peter. For anyone interested, here’s a bash script that takes the MAC as the only argument and outputs the activation key:

    #!/bin/bash
function hash_mac {
  mac="$1"
  key="8544e3b47eca58f9583043f8"
  sub="\x"
  #convert mac to hex
  hexmac="\x${mac//:/$sub}"
  #create hash
  code=$(printf "$hexmac" | openssl dgst -sha1 -mac HMAC -macopt hexkey:"$key")
  ## DEBUG
  echo "$mac"
  echo "$hexmac"
  echo "$code"
  echo "${code:9:4} ${code:13:4} ${code:17:4} ${code:21:4} ${code:25:4} ${code:29:4}"
}
## hex output with input
hash_mac "$1"

 

–jeroen

Read the rest of this entry »

Posted in Development, Encoding, Hardware, Hashing, HMAC, Mainboards, OpenSSL, Power User, Security, SHA, SHA-1, Software Development, SuperMicro, X10SRH-CF | Leave a Comment »

“error: invalid object 100644” “git svn”

Posted by jpluimers on 2020/07/14

A while back, while using “git svn”, on a Windows system, I got [Archive.is“error: invalid object 100644” “git svn” – Google Search after statements like this:

# git svn rebase
error: refs/remotes/git-svn does not point to a valid object!
error: invalid object 100644 ac7df132f5bd7d639fc525f1f0204a546658d0c5 for 'Source/ToDoList/GX_ToDo.pas'
fatal: git-write-tree: error building trees
write-tree: command returned error: 128

# git svn fetch
error: refs/remotes/git-svn does not point to a valid object!
error: invalid object 100644 ac7df132f5bd7d639fc525f1f0204a546658d0c5 for 'Source/ToDoList/GX_ToDo.pas'
fatal: git-write-tree: error building trees
write-tree: command returned error: 128

In my case, regular git operations (like branching, committing, pushing, etc) worked fine, but git svn would fail.

One problem was that [Archive.is“error: refs/remotes/git-svn does not point to a valid object” – Google Search only returned one un-meaningful result: [WayBack] gist:87613 · GitHub.

Luckily, I had a backup (though it was from a while ago as that VM had not been in use for quite some time) which is the first part in [WayBack] Git FAQ – Git SCM Wiki: How to fix a broken repo?.

Since I was still interested finding out how to resurrect, just in case this happens at a time the backups do not go back far enough, I tried the steps below.

The very first fixing step is to ensure you can quickly restore things, or even better: operate on a copy of the broken pieces. On Windows, robocopy /mir is my friend for this, in Linux rsync -avloz (although on some systems, -z crashes).

TL;DR from the fixing steps

Find out what problems you have, and in which order to fix them. Otherwise you will break more stuff and take longer to fix it.

In this case, two things failed: one on the git side, and one on the git svn side. Since git svn depends on git, the best approach is to fix the git problem first, then the git svn thing.

Fixing this manually try 1

Read the rest of this entry »

Posted in CertUtil, Development, DVCS - Distributed Version Control, git, Hashing, md5, Power User, Security, SHA, SHA-1, SHA-256, SHA-512, Software Development, Source Code Management, Subversion/SVN, Windows | Leave a Comment »

A cheat-sheet for password crackers

Posted by jpluimers on 2018/07/30

Interesting: [WayBackA cheat-sheet for password crackers

Via: [WayBackJoe C. Hecht – Google+

–jeroen

Posted in *nix, *nix-tools, Hashing, md5, Power User, Security, SHA, SHA-256, SHA-512 | Leave a Comment »

OpenSuSE Tumbleweed – testing the password of any user with getent and openssl

Posted by jpluimers on 2017/06/21

For one of my VMs I forgot to note which of the initial password I had changed, so I wanted to check them.

Since I didn’t have a keyboard attached to the console and ssh wasn’t allowing root, I needed an alternative than actual login to test the passwords.

Luckily /etc/shadow, with getent and openssl came to the rescue.

Since getent varies per distribution, here is how it works on OpenSuSE:

Read the rest of this entry »

Posted in *nix, *nix-tools, ash/dash, bash, bash, Development, Encoding, Hashing, Linux, md5, openSuSE, Power User, Scripting, Security, SHA, SHA-256, SHA-512, Software Development, SuSE Linux | Leave a Comment »

« Previous Entries
 
%d bloggers like this: