My Tech Note's

Categoria: Tips (Page 1 of 3)

Compile iDeviceRestore on Linux

This is a guide to compiling iDeviceRestore by @p0sixninja on debian linux. It has been tested on Ubuntu 12.04 (and even the raspberry pi on raspbian!) and is working.

  1. Do any required upgrades on apt.
    sudo apt-get update
    sudo apt-get upgrade
  2. First, we need to get the dependencies
    sudo apt-get install build-essential automake cmake \
    libreadline6 autotools-dev libcurl4-openssl-dev autoconf \
    libplist1 libplist-utils libplist-dev libplist++-dev \
    libzip-dev git curl libgnutls-dev libreadline-dev libusb-dev \
    libtool libusb-1.0-0-dev libusbmuxd-dev libglib2.0-dev libimobiledevice-dev
  3. Install libirecovery
    mkdir ~/idevicerestore
    cd ~/idevicerestore
    git clone
    cd libirecovery
    make && sudo make install
  4. Finally to get idevicerestore
    cd ~/idevicerestore
    git clone git://
    cd idevicerestore
    make && sudo make install
    sudo ldconfig
  5. Also, you might want iDeviceactivate, to activate after you have restored
    cd ~/idevicerestore
    git clone
    cd ideviceactivate



Using raspberrypi as a DLNA Media Server

I have a  Samsung TV. So the whole explanation below is based on this TV. I guess that it will also work for the other TV’s.

The solution given below is done with MediaTomb DLNA server.

$ sudo apt-get install mediatomb

$ vim /etc/mediatomb/config.xml

remove the comment tags around the <custom-http-headers> section and make that section look like this:

<add header=” Streaming”/>
<add header=” DLNA.ORG_OP=01;DLNA.ORG_CI=0;DLNA.ORG_FLAGS=017000 00000000000000000000000000″/>

Under <mappings>, add

<map from=”avi” to=”video/mpeg”/>

<map from=”mkv” to=”video/mpeg”/>

save and close config.xml and restart mediatomb

$ vim /etc/default/mediatomb

Add additional option

OPTIONS=” –port 49152 “

$ /etc/init.d/mediatomb restart

And now, open with firefox http://ip_raspberrypi:49152 and tell it where to start looking for files.

NGINX Plus Release 6 with Enhanced Load Balancing, High Availability, and Monitoring Features

I can’t afford a NGINX Plus yet! :)
I might need to have one in one year of thing work out like I want!

NGINX Plus looks hot!


New “Least Time” Load-Balancing Algorithm


Full-Featured TCP Load Balancing


High Availability



PHP: Unable to load dynamic library on Debian 7

After upgrading to Debian 7 (from Debian 6), the PHP produce error like
" PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/' - /usr/lib/php5/20100525/ cannot open shared object file" 
Reason why it happen:
  php5-suhosin depends on an obsolete version of phpapi-20090626+lfs
  so php5-suhosin is removed during the upgrade... but the PHP config
  snippet /etc/php5/conf.d/suhosin.ini isn't purged... so PHP still
  try to load the module

The release notes should document that the user should:
  dpkg -P php5-suhosin

more info

SSH Tunnel on Mac OSX with Google Chrome

Sometimes, the port forward is insufficient, but you can setup the proxy local throught ssh client.
after all, you can launch the Google Chrome to using the local proxy.

ssh [email protected] -CN -D 12345

-D means:

-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding.  This works by allocating a socket to listen to port on the local side, optionally
bound to the specified bind_address.  Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the appli-
cation protocol is then used to determine where to connect to from the remote machine.  Currently the SOCKS4 and SOCKS5 protocols are supported, and
ssh will act as a SOCKS server.  Only root can forward privileged ports.  Dynamic port forwardings can also be specified in the configuration file.

IPv6 addresses can be specified by enclosing the address in square brackets.  Only the superuser can forward privileged ports.  By default, the local
port is bound in accordance with the GatewayPorts setting.  However, an explicit bind_address may be used to bind the connection to a specific
address.  The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or `*’ indicates
that the port should be available from all interfaces.

-N means:

     -N      Do not execute a remote command.  This is useful for just forwarding ports (protocol version 2 only).

-C means:

-C      Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP connections).  The compression algorithm is the
same used by gzip(1), and the “level” can be controlled by the CompressionLevel option for protocol version 1.  Compression is desirable on modem
lines and other slow connections, but will only slow down things on fast networks.  The default value can be set on a host-by-host basis in the con-
figuration files; see the Compression option.


And now you can launch the Google Chrome

/Applications/Google\\ Chrome –proxy-server=”socks5://localhost:12345″

And now, you can “surf” through the local proxy server. 🙂


Howto make simple duplicate packet with scapy

With scapy you can do any think.

This example, all packets to port 162 are sent to another machine too

#/usr/bin/env python2.6
from scapy.all import *
while True:
        pkt = sniff(count = 1,filter="udp and dst port 162")
        if pkt[0].haslayer(UDP):


you can do with TCP.



Howto VPN over SSH

[warning]After all, you need openssh v4.3 and tuntap installed on both machines.[/warning]


server1 # ssh [email protected] -NTCf -w 0:0

 -N Do not execute a remote command. This is useful for just forwarding ports.
-T Disable pseudo-tty allocation.
-C Requests compression of all data 
-f Requests ssh to go to background just before command execution.


You need this options on sshd_config

PermitRootLogin yes

PermitTunnel yes


Configure the interfaces:

On the server1

server1 # ip link set tun0 up

server 1 # ip addr add peer dev tun0

On the server2

server2 # ip link set tun0 up

server2 # ip addr add peer dev tun0


And this moment, you have connection btw two servers, you can do ping on the server1


now, you need configure the routing table

if you want routed all traffic

on the server1:

server1 # route add -host ip_server1 gw gateway_on_your_network

server1 # route del default gw gateway_on_your_network

server1 # route add default gw

on the server2:

server2 # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

(eth0 are connected to internet/lan)

server2 # echo 1 > /proc/sys/net/ipv4/ip_forward


Now, all traffic btw server1 and server2 are encripted 🙂

Cisco AnyConnect error on Windows 7

I’ve try to install the cisco anyconnect on my windows 7, but i’ve erro “The VPN client agent was unable to create the interprocess communication depot”

To resolv this issue, you need disable the ICS (Internet Connection Sharing).

1) Click on the start button
2) type services.msc and press enter
3) find the ICS – Internet Connection Sharing and double-click
4) change startup type to disabled
And reboot.


After this procedure, you can try to install the anyconnect client.


Tutorial: make tunnel secure between two linux boxe’s

This example is based on two boxe’s debian, Client and Server




Note: box1 has ip address and box2 has ip address

  1. Install the package stunnel on both servers
    $ apt-get install -y stunnel
  2. configure the stunnel config on client box
    $ vim /etc/stunnel/stunnel.conf
    cert = /etc/ssl/certs/stunnel.pem
    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    pid = /
    ;socket = l:TCP_NODELAY=1
    ;socket = r:TCP_NODELAY=1
    debug = 7
    output = /var/log/stunnel4/stunnel.log
    client = yes[boxserver]
    accept =
    connect =
  3. configure the stunnel config on server box
    vim /etc/stunnel/stunnel.conf
    cert = /etc/ssl/certs/stunnel.pem
    chroot = /var/lib/stunnel4/
    setuid = stunnel4
    setgid = stunnel4
    pid = /
    ;socket = l:TCP_NODELAY=1
    ;socket = r:TCP_NODELAY=1
    debug = 7
    output = /var/log/stunnel4/stunnel.log
    client = yes[boxserver]
    accept = 1234 
    connect =
  4. start the service on both servers
    $ service syslog-ng start
  5. check connection
    $ netstat -antp | grep 1234
  6. to test with one simple message
    – On the server box (to listen)
    $ nc -p 1234 -l
    – On the client box
    $ ( echo “Test msg”;  echo “Test the second message”; ) | nc 1234
  7. check on the server box, and you will see the messages
  8. And now, you are ready to setup por exeample syslog between box’s linux

How to retrieve the kernel source for Raspbian’s

It seems to me, there is no kernel 3.1.9+ source deb package in Raspbian repository. According to Alex Bradbury (asb) they built the Raspbian kernel based on Based on this kernel compilation documentation I did the following (as root):

cd /usr/src
git clone --depth 1
ln -s linux linux-3.1.9+
cd linux
zcat /proc/config.gz > .config
ln -s /usr/src/linux /lib/modules/3.1.9+/build

After that I was able to recompile the external module.



« Older posts

© 2020 Sec&Stuff&Others

Theme by Anders NorenUp ↑