All posts by yuliang

Memo

an inconceivable bug of STM32CubeMX….

2018-08-01 yuliang

The default value of Heap and Stack in STM32CubeMX is 0x200 bytes Heap and 0x400 bytes Stack.

Which is work fine in most situation.

BUT the middleware of USBStack use malloc! for TX and RX buffer!!!
That will make the USB enumerate process fail (some yellow exclamation point).
At that time, system still recognize that device, so I can’t get the point, waste much time to debug and tracing.

It is better to increase this automatically when user enable USB stack?

After change heap to 0x800, everything fine.

Memo

Disable Chrome PDF plugin

2017-11-21 yuliang

For the old chrome version, goto chrome://plugin and disable it. But when I upgrade to 62, missing this.

And I found chrome://settings/content/pdfDocuments
Or find by click

I found https://superuser.com/questions/30850/stop-pdfs-from-displaying-inside-google-chrome finally:)

Memo

STM32F103 marking summary

2017-06-12 yuliang

This is collection I got.

and compare with PCN-8363-2014.03.31.pdf PCN-8390-2014.05.07.pdf PCN-9484-2015.12.17.pdf PCN-9511-2016.04.22.pdf PCN-9685-2016.04.19.pdf


+-----------+-----------+
|STM32F     |STM32F     |
|103CBU6    |103CBU6    |
|9HA10 9U   |99DBX 9U   |
|MYS 342    |MYS 314    |
|ST (e4) 1  |ST (e3) 2  |
+-----------+-----------+-----------+
|STM32      |STM32      |STM32      |
|F103C8T6   |F103C8T6   |F103C8T6   |
|99026 93   |GH21Y 93   |GH265 9U   |
|MYS 346    |CHN 611    |CHN 712    |
|ST (e4) X  |ST (e3) X  |ST (e3)    |
+-----------+-----------+-----------+
|STM32F103  |STM32F103  |STM32F103  |
|RCT6       |RCT6       |RET6       |
|GH22H 93   |GH20W 9U   |GH22R 9U   |
|CHN GH 609 |CHN GH 117 |CHN GH 220 |
|    ST (?) |    ST (?) |    ST (?) |
+-----------+-----------+-----------+
|STM32F107  |
|VCT6    Z  |
|991KG 93   |
|MYS 99 544 |
| ST (e4)ARM|
+-----------+-----------+-----------+
|STM32F103  |STM32F103  |STM32F103  |
|VCT6    X  |VET6    Y  |VET6    Y  |
|HPABN 93   |HPABV 93   |HPAAP 93   |
|KOR HP 421 |KOR HP 229 |KOR HP 324 |
|ST (e4)ARM |ST (e4)ARM |ST (e4)ARM |
+-----------+-----------+-----------+

+-----------+-----------+

|STM32F |STM32F |

|103CBU6 |103CBU6 |

|9HA10 9U |99DBX 9U |

|MYS 342 |MYS 314 |

|ST (e4) 1 |ST (e3) 2 |

+-----------+-----------+-----------+

|STM32 |STM32 |STM32 |

|F103C8T6 |F103C8T6 |F103C8T6 |

|99026 93 |GH21Y 93 |GH265 9U |

|MYS 346 |CHN 611 |CHN 712 |

|ST (e4) X |ST (e3) X |ST (e3) |

+-----------+-----------+-----------+

|STM32F103 |STM32F103 |STM32F103 |

|RCT6 |RCT6 |RET6 |

|GH22H 93 |GH20W 9U |GH22R 9U |

|CHN GH 609 |CHN GH 117 |CHN GH 220 |

| ST (?) | ST (?) | ST (?) |

+-----------+-----------+-----------+

|STM32F107 |

|VCT6 Z |

|991KG 93 |

|MYS 99 544 |

| ST (e4)ARM|

+-----------+-----------+-----------+

|STM32F103 |STM32F103 |STM32F103 |

|VCT6 X |VET6 Y |VET6 Y |

|HPABN 93 |HPABV 93 |HPAAP 93 |

|KOR HP 421 |KOR HP 229 |KOR HP 324 |

|ST (e4)ARM |ST (e4)ARM |ST (e4)ARM |

+-----------+-----------+-----------+

Assembly Plant


|9HA10 9U   |99DBX 9U   |GH22H 93   |
 ^^          ^^          ^^

- HP: Korea
- GH: STATS ChipPAC Shanghai China
- 9H: ST Muar Malaysia
- 7B: Amkor Philippines
- 99: ST Muar Malaysia

|9HA10 9U |99DBX 9U |GH22H 93 |

^^ ^^ ^^

- HP: Korea

- GH: STATS ChipPAC Shanghai China

- 9H: ST Muar Malaysia

- 7B: Amkor Philippines

- 99: ST Muar Malaysia

Country of Origin


|MYS 342    |MYS 314    |CHN GH 609 |
 ^^^         ^^^         ^^^

- KOR: Korea
- CHN: STATS ChipPAC Shanghai China
- MYS: ST Muar Malaysia
- PHL: Amkor Philippines

|MYS 342 |MYS 314 |CHN GH 609 |

^^^ ^^^ ^^^

- KOR: Korea

- CHN: STATS ChipPAC Shanghai China

- MYS: ST Muar Malaysia

- PHL: Amkor Philippines

Manufactured date

The problem is, howto identify 2003 or 2013?


|MYS 342    |MYS 314    |CHN GH 609 |
     ^--         ^--            ^-- 

- `^`: year last digit
- `__`: week

|MYS 342 |MYS 314 |CHN GH 609 |

^-- ^-- ^--

- `^`: year last digit

- `__`: week

Interconnect


|ST (e4) 1  |ST (e3) 2  |    ST (.) |
     ^           ^

- e4: Rough Ni Pd AgAu
- e3: Pure Tin

|ST (e4) 1 |ST (e3) 2 | ST (.) |

^ ^

- e4: Rough Ni Pd AgAu

- e3: Pure Tin

Chip revision


|ST (e4) 1  |ST (e3) 2  |    ST (.) |
         ^           ^
A,B,Z,1,2,3,X,Y

|ST (e4) 1 |ST (e3) 2 | ST (.) |

^ ^

A,B,Z,1,2,3,X,Y

Memo

Bug in Python3.6 standard library when compile using MinGW

2017-04-20 yuliang

Python36 is compiled by Visual Studio 2015 or MSBuild tools 2015, which included Compiler v19.00 (MSC_VER 1600). But “C:\Python36\Lib\distutils\cygwinccompiler.py” can’t handle it…

I modify it simply like this:


        elif msc_ver == '1500':
            # VS2008 / MSVC 9.0
            return ['msvcr90']
        elif msc_ver == '1600':
            # VS2010 / MSVC 14.0 --- it is MSVC 10.0 not 14!
            return ['msvcr100']
        //I added it
        elif msc_ver == '1900':
            # VS2015 / MSVC 14.0
            return []

elif msc_ver == '1500':

# VS2008 / MSVC 9.0

return ['msvcr90']

elif msc_ver == '1600':

# VS2010 / MSVC 14.0 --- it is MSVC 10.0 not 14!

return ['msvcr100']

//I added it

elif msc_ver == '1900':

# VS2015 / MSVC 14.0

return []

Memo

USB3.0 Hub

2017-02-28 yuliang

I bought some USB3.0 hub, and look inside:)

Unitek Y-3043CBK, RTS5411, transfer stable and look pretty. This chip have EFuse ROM, so external SPI Flash is useless.

Continue reading USB3.0 Hub →

Memo

Xilinx update Spartan3AN device!

2017-01-02 yuliang

I found the release date of some XC3S50AN is 2014 or 2016! and Impact can’t download to In-System Flash, show me “SPI not found”…
But the older 2010’s IC is OK. After some searching…

Xilinx manufacturing Spartan3AN devices, not discontinued! And the flash density is changed.

https://www.xilinx.com/support/answers/59572.html

http://www.xilinx.com/support/documentation/customer_notices/xcn14003.pdf

Writing

Dump PE file

2017-01-01 yuliang

I am using some tool to check a PE file (dll or exe) depends, most free tool support 32bits file.
So I decided to write an tool support 32bits and 64bits PE file.

The PE struct is defined in MinGW’s headers. So What I need to do is write a parser and make some test.


typedef struct pedump_t {
    IMAGE_DOS_HEADER        DosHeader;
    DWORD                   Signature;
    IMAGE_FILE_HEADER       FileHeader;
    union {
    IMAGE_OPTIONAL_HEADER32 Header32;
    IMAGE_OPTIONAL_HEADER64 Header64;
    } OptionalHeader;
    PIMAGE_SECTION_HEADER   sections;
}pedump_t;

typedef struct pedump_t {

IMAGE_DOS_HEADER DosHeader;

DWORD Signature;

IMAGE_FILE_HEADER FileHeader;

union {

IMAGE_OPTIONAL_HEADER32 Header32;

IMAGE_OPTIONAL_HEADER64 Header64;

} OptionalHeader;

PIMAGE_SECTION_HEADER sections;

}pedump_t;

the PE file is like this


|    EXE/DLL    |
|:-------------:|
|  DOS Header   |
|  NT  Magic    |
|  NT  Header   |
|    Data       |

| EXE/DLL |

|:-------------:|

| DOS Header |

| NT Magic |

| NT Header |

| Data |

An example PE header is


Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F

00000000   4D 5A 90 00 03 00 00 00  04 00 00 00 FF FF 00 00   MZ..............
00000010   B8 00 00 00 00 00 00 00  40 00 00 00 00 00 00 00   ................
00000020   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ................
                                               +-----------+
00000030   00 00 00 00 00 00 00 00  00 00 00 00|80 00 00 00|  ................
                                               +-----------+
00000040   0E 1F BA 0E 00 B4 09 CD  21 B8 01 4C CD 21 54 68   ..............Th
00000050   69 73 20 70 72 6F 67 72  61 6D 20 63 61 6E 6E 6F   is program canno
00000060   74 20 62 65 20 72 75 6E  20 69 6E 20 44 4F 53 20   t be run in DOS 
00000070   6D 6F 64 65 2E 0D 0D 0A  24 00 00 00 00 00 00 00   mode............

Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000000 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 MZ..............

00000010 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ................

00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

+-----------+

00000030 00 00 00 00 00 00 00 00 00 00 00 00|80 00 00 00| ................

+-----------+

00000040 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 ..............Th

00000050 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F is program canno

00000060 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 t be run in DOS

00000070 6D 6F 64 65 2E 0D 0D 0A 24 00 00 00 00 00 00 00 mode............

Both EXE and DLL file, the first 128 bytes is the same. This a DOS program, which print that message above. The MAGIC is “MZ”

Then is `e_lfanew`, which is `80 00 00 00`, point to new NT header.


Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F

00000080   50 45 00 00 64 86 10 00  C1 E9 C7 57 00 5A 00 00   PE..............
00000090   DC 03 00 00 F0 26 20                               ....

Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F

00000080 50 45 00 00 64 86 10 00 C1 E9 C7 57 00 5A 00 00 PE..............

00000090 DC 03 00 00 F0 26 20 ....

the NT header is:


|    PE File     |
|:--------------:|
|  NT Magic      |
|  NT Header     |
|  NT Opt Header |
|  Sections Table|
|  Sections Data |

| PE File |

|:--------------:|

| NT Magic |

| NT Header |

| NT Opt Header |

| Sections Table|

| Sections Data |

The Opt Header is difference between 32bits and 64bits!
The first WORD of Opt header is magic, for 32bits is 0x010B, 64bits is 0x020B.

So we can write a script to show PE type


if (pe->OptionalHeader.Header32.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
    printf("PE32 ");
} else if (pe->OptionalHeader.Header64.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
    printf("PE32+ ");
}

if (pe->FileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE) {
    printf("executable ");
}

if (pe->FileHeader.Characteristics & IMAGE_FILE_DLL) {
    printf("(DLL) ");
}

if (pe->FileHeader.Characteristics & IMAGE_FILE_32BIT_MACHINE) {
    printf("(32bits) ");
}

if (pe->FileHeader.Machine == IMAGE_FILE_MACHINE_I386) {
    if (pe->OptionalHeader.Header32.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI) {
        printf("(console) ");
    } else if (pe->OptionalHeader.Header32.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI) {
        printf("(GUI) ");
    } else {
        printf("(Subsystem:0x%04x) ", pe->OptionalHeader.Header32.Subsystem);
    }
} else {
    if (pe->OptionalHeader.Header64.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI) {
        printf("(console) ");
    } else if (pe->OptionalHeader.Header64.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI) {
        printf("(GUI) ");
    } else {
        printf("(Subsystem:0x%04x) ", pe->OptionalHeader.Header64.Subsystem);
    }
}

switch (pe->FileHeader.Machine) {
    case IMAGE_FILE_MACHINE_I386:   printf("i386"); break;
    case IMAGE_FILE_MACHINE_AMD64:  printf("x86_64"); break;
    default: printf(" Machine:0x%04x", pe->FileHeader.Machine);
}

if (pe->OptionalHeader.Header32.Magic == IMAGE_NT_OPTIONAL_HDR32_MAGIC) {

printf("PE32 ");

} else if (pe->OptionalHeader.Header64.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC) {

printf("PE32+ ");

}

if (pe->FileHeader.Characteristics & IMAGE_FILE_EXECUTABLE_IMAGE) {

printf("executable ");

}

if (pe->FileHeader.Characteristics & IMAGE_FILE_DLL) {

printf("(DLL) ");

}

if (pe->FileHeader.Characteristics & IMAGE_FILE_32BIT_MACHINE) {

printf("(32bits) ");

}

if (pe->FileHeader.Machine == IMAGE_FILE_MACHINE_I386) {

if (pe->OptionalHeader.Header32.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI) {

printf("(console) ");

} else if (pe->OptionalHeader.Header32.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI) {

printf("(GUI) ");

} else {

printf("(Subsystem:0x%04x) ", pe->OptionalHeader.Header32.Subsystem);

}

} else {

if (pe->OptionalHeader.Header64.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_CUI) {

printf("(console) ");

} else if (pe->OptionalHeader.Header64.Subsystem == IMAGE_SUBSYSTEM_WINDOWS_GUI) {

printf("(GUI) ");

} else {

printf("(Subsystem:0x%04x) ", pe->OptionalHeader.Header64.Subsystem);

}

switch (pe->FileHeader.Machine) {

case IMAGE_FILE_MACHINE_I386: printf("i386"); break;

case IMAGE_FILE_MACHINE_AMD64: printf("x86_64"); break;

default: printf(" Machine:0x%04x", pe->FileHeader.Machine);

}

which will output like `file` command:


demo-x86.exe: PE32 executable (32bits) (console) i386 (Thu Sep 22 16:07:15 2016)
demo-x64.exe: PE32+ executable (console) x86_64 (Thu Sep 22 16:26:42 2016)

demo-x86.exe: PE32 executable (32bits) (console) i386 (Thu Sep 22 16:07:15 2016)

demo-x64.exe: PE32+ executable (console) x86_64 (Thu Sep 22 16:26:42 2016)

For more details, see the source code

https://github.com/buaabyl/pedump

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

Memo

Remove unnecessary php file please

2016-12-22 yuliang

When I analysis web server log file, I found this


xxx.xxx.xxx.xxx ...... GET /wp-config ......
xxx.xxx.xxx.xxx ...... GET /wp-config.phpOLD ......
xxx.xxx.xxx.xxx ...... GET /wp-config.txt ......
xxx.xxx.xxx.xxx ...... GET /wp-config.old ......
xxx.xxx.xxx.xxx ...... GET /wp-config.php~ ......
xxx.xxx.xxx.xxx ...... GET /wp-config.php~~ ......
xxx.xxx.xxx.xxx ...... GET /wp-config.php~~~ ......
xxx.xxx.xxx.xxx ...... GET /wp-config-backup.txt ......
xxx.xxx.xxx.xxx ...... GET /config.old ......
xxx.xxx.xxx.xxx ...... GET /wp-config.phpb ......
xxx.xxx.xxx.xxx ...... GET /wp-config.phpc ......

xxx.xxx.xxx.xxx ...... GET /wp-config ......

xxx.xxx.xxx.xxx ...... GET /wp-config.phpOLD ......

xxx.xxx.xxx.xxx ...... GET /wp-config.txt ......

xxx.xxx.xxx.xxx ...... GET /wp-config.old ......

xxx.xxx.xxx.xxx ...... GET /wp-config.php~ ......

xxx.xxx.xxx.xxx ...... GET /wp-config.php~~ ......

xxx.xxx.xxx.xxx ...... GET /wp-config.php~~~ ......

xxx.xxx.xxx.xxx ...... GET /wp-config-backup.txt ......

xxx.xxx.xxx.xxx ...... GET /config.old ......

xxx.xxx.xxx.xxx ...... GET /wp-config.phpb ......

xxx.xxx.xxx.xxx ...... GET /wp-config.phpc ......

That means someone checking my files, and want to get the MySQL password?

It is better to prevent this location in web server!

Writing

the format of openssh public key

2016-12-18 yuliang

The openssh public key is like this :


ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAACEAqkhDARXD9+4Gx+FezTAtOEjNDaYWCTdoeMuPFultmos= rsa-key-20161218

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAACEAqkhDARXD9+4Gx+FezTAtOEjNDaYWCTdoeMuPFultmos= rsa-key-20161218

using openssl to decode it:


$ openssl rsa -in _rsa_256bits -text -noout
Private-Key: (256 bit)
modulus:
    00:aa:48:43:01:15:c3:f7:ee:06:c7:e1:5e:cd:30:
    2d:38:48:cd:0d:a6:16:09:37:68:78:cb:8f:16:e9:
    6d:9a:8b
publicExponent: 37 (0x25)
privateExponent:
    00:9c:79:c1:07:ea:7c:ba:50:59:42:0d:5e:08:a8:
    cf:9a:01:6b:c0:c2:02:77:4b:75:c6:00:b5:d1:a8:
    ba:9a:2d
prime1:
    00:d3:68:1b:a7:2a:31:bc:60:67:ff:5e:36:b6:5a:
    aa:ab
prime2:
    00:ce:33:73:0d:ac:ec:3f:80:5e:f8:98:30:bf:38:
    cf:a1
exponent1:
    00:bc:8d:49:18:8d:6a:a1:17:b6:b3:54:07:48:b1:
    ba:cf
exponent2:
    00:96:78:92:3a:69:6e:20:80:45:4d:9f:7d:84:9f:
    14:0d
coefficient:
    00:be:63:49:6d:c0:ff:1d:4a:04:2c:ac:b7:73:04:
    47:4e

$ openssl rsa -in _rsa_256bits -text -noout

Private-Key: (256 bit)

modulus:

00:aa:48:43:01:15:c3:f7:ee:06:c7:e1:5e:cd:30:

2d:38:48:cd:0d:a6:16:09:37:68:78:cb:8f:16:e9:

6d:9a:8b

publicExponent: 37 (0x25)

privateExponent:

00:9c:79:c1:07:ea:7c:ba:50:59:42:0d:5e:08:a8:

cf:9a:01:6b:c0:c2:02:77:4b:75:c6:00:b5:d1:a8:

ba:9a:2d

prime1:

00:d3:68:1b:a7:2a:31:bc:60:67:ff:5e:36:b6:5a:

aa:ab

prime2:

00:ce:33:73:0d:ac:ec:3f:80:5e:f8:98:30:bf:38:

cf:a1

exponent1:

00:bc:8d:49:18:8d:6a:a1:17:b6:b3:54:07:48:b1:

ba:cf

exponent2:

00:96:78:92:3a:69:6e:20:80:45:4d:9f:7d:84:9f:

14:0d

coefficient:

00:be:63:49:6d:c0:ff:1d:4a:04:2c:ac:b7:73:04:

47:4e

And I write a python script to decode it, and found the format like this:


|uint32_t nr_bytes|uint8_t name|
|uint32_t nr_bytes|uint8_t n|
|uint32_t nr_bytes|uint8_t e|

|uint32_t nr_bytes|uint8_t name|

|uint32_t nr_bytes|uint8_t n|

|uint32_t nr_bytes|uint8_t e|

The sample python code:

#!/usr/bin/env python
# -*- coding:utf-8 -*-
#
#                   GNU GENERAL PUBLIC LICENSE
#                       Version 2, June 1991
# 
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING.  If not, write to
# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.
#
#
import sys
import os
import re
import getopt
import glob
import base64
import codecs
import hashlib

def file_get_contents(fn):
    f = open(fn, encoding='UTF-8')
    d = f.read()
    f.close()
    return d

def bin2hex(raw):
    hexval = codecs.encode(raw, 'hex')
    l = []
    for i in range(0, len(hexval), 2):
        l.append(hexval[i:i+2].decode('UTF-8'))
    return ':'.join(l)

def bin2b64(raw):
    s = base64.b64encode(raw)
    s = s.decode('UTF-8').replace('=','')
    return s

def parse_pubkey(raw):
    l = []
    n = len(raw)

    offs = 0
    while offs < n:
        nr_chars = (raw[offs+0] << 24) | \
                (raw[offs+1] << 16) | \
                (raw[offs+2] << 8) | \
                raw[offs+3]
        offs    = offs + 4
        l.append(raw[offs:offs+nr_chars])
        offs    = offs + nr_chars

    return l


if __name__ == '__main__':
    fn = sys.argv[1]

    text = file_get_contents(fn)
    records = re.split(r'\s+', text.splitlines()[0])

    if records[0] != 'ssh-rsa':
        print('Error: not openssh public key, which startswith "ssh-key"')
        print(text)
        sys.exit(-1)
    
    pubkey = base64.b64decode(records[1])
    l = parse_pubkey(pubkey)

    bits = (len(l[2]) - 1) * 8

    print('# %s:' % fn)
    print('string:', l[0])
    print('e(hex):', bin2hex(l[1]))
    print('n(hex):', bin2hex(l[2]))

    print('$ ssh-keygen -l -E md5 -f %s' % fn)
    print('$ head -n 1 %s | gawk "{print $2}" | base64 -d | md5sum' % fn)
    print('%d MD5:%s'     % (bits, bin2hex(hashlib.md5(pubkey).digest())))
    print('')
    print('$ ssh-keygen -l -E sha1 -f %s' % fn)
    print('$ head -n 1 %s | gawk "{print $2}" | base64 -d | sha1sum' % fn)
    print('%d SHA1:%s'    % (bits, bin2b64(hashlib.sha1(pubkey).digest())))
    print('')
    print('$ ssh-keygen -l -E sha256 -f %s' % fn)
    print('$ head -n 1 %s | gawk "{print $2}" | base64 -d | sha256sum' % fn)
    print('%d SHA256:%s'  % (bits, bin2b64(hashlib.sha256(pubkey).digest())))
    print('')

#!/usr/bin/env python

# -*- coding:utf-8 -*-

# GNU GENERAL PUBLIC LICENSE

# Version 2, June 1991

# This program is free software; you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation; either version 2, or (at your option)

# any later version.

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License

# along with this program; see the file COPYING. If not, write to

# the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA.

import sys

import os

import re

import getopt

import glob

import base64

import codecs

import hashlib

def file_get_contents(fn):

f = open(fn, encoding='UTF-8')

d = f.read()

f.close()

return d

def bin2hex(raw):

hexval = codecs.encode(raw, 'hex')

l = []

for i in range(0, len(hexval), 2):

l.append(hexval[i:i+2].decode('UTF-8'))

return ':'.join(l)

def bin2b64(raw):

s = base64.b64encode(raw)

s = s.decode('UTF-8').replace('=','')

return s

def parse_pubkey(raw):

l = []

n = len(raw)

offs = 0

while offs < n:

nr_chars = (raw[offs+0] << 24) | \

(raw[offs+1] << 16) | \

(raw[offs+2] << 8) | \

raw[offs+3]

offs = offs + 4

l.append(raw[offs:offs+nr_chars])

offs = offs + nr_chars

return l

if __name__ == '__main__':

fn = sys.argv[1]

text = file_get_contents(fn)

records = re.split(r'\s+', text.splitlines()[0])

if records[0] != 'ssh-rsa':

print('Error: not openssh public key, which startswith "ssh-key"')

print(text)

sys.exit(-1)

pubkey = base64.b64decode(records[1])

l = parse_pubkey(pubkey)

bits = (len(l[2]) - 1) * 8

print('# %s:' % fn)

print('string:', l[0])

print('e(hex):', bin2hex(l[1]))

print('n(hex):', bin2hex(l[2]))

print('$ ssh-keygen -l -E md5 -f %s' % fn)

print('$ head -n 1 %s | gawk "{print $2}" | base64 -d | md5sum' % fn)

print('%d MD5:%s' % (bits, bin2hex(hashlib.md5(pubkey).digest())))

print('')

print('$ ssh-keygen -l -E sha1 -f %s' % fn)

print('$ head -n 1 %s | gawk "{print $2}" | base64 -d | sha1sum' % fn)

print('%d SHA1:%s' % (bits, bin2b64(hashlib.sha1(pubkey).digest())))

print('')

print('$ ssh-keygen -l -E sha256 -f %s' % fn)

print('$ head -n 1 %s | gawk "{print $2}" | base64 -d | sha256sum' % fn)

print('%d SHA256:%s' % (bits, bin2b64(hashlib.sha256(pubkey).digest())))

print('')

Memo

Fix wordpress 301 loop when enable nginx…

2016-12-13 yuliang

I am try to setup Nginx as reverse proxy, backend is Apache, the problem is WordPress always 301 to the same URL even if the browser request that URL (301 loop).

client <---> nginx(https) <---> apache(http)

~~The problem is WordPress think the site is on port 80 enable https, but actually apache is on 8080 without https, and Nginx is on 80 with https, so it request 301 to that ‘correct’ site…~~ See below.

After digging Google for a long time, and found some solutions at the end.

this is my solution temporary. Just comment out canonical, because I don’t need it.


--- wp-includes/default-filters.php	Fri Oct 28 03:43:30 2016
+++ wp-includes/default-filters.php	Tue Dec 13 15:17:37 2016
@@ -440,7 +440,7 @@
 add_action( 'change_locale', 'create_initial_taxonomies' );
 
 // Canonical
-add_action( 'template_redirect', 'redirect_canonical' );
+//add_action( 'template_redirect', 'redirect_canonical' );
 add_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );
 
 // Shortcodes

--- wp-includes/default-filters.php Fri Oct 28 03:43:30 2016

+++ wp-includes/default-filters.php Tue Dec 13 15:17:37 2016

@@ -440,7 +440,7 @@

add_action( 'change_locale', 'create_initial_taxonomies' );

// Canonical

-add_action( 'template_redirect', 'redirect_canonical' );

+//add_action( 'template_redirect', 'redirect_canonical' );

add_action( 'template_redirect', 'wp_redirect_admin_locations', 1000 );

// Shortcodes

update:

After trace Nginx and Apache traffic, I found that Nginx always add ‘index.php’ to ‘/’, then send to apache, but wordpress will make 301 redirect to ‘/’, so browser request ‘/’ again, when Nginx received, it add ‘index.php’ to it and send to apache again, loop…

the solution is:


    # this make sure when user request '/', it will really pass to apache, not modify!
    location = / {
        proxy_pass          http://YOUR_SERVER:YOUR_PORT;
        # rewrite apache output header 'location' value 'http://' to 'https://'
        proxy_redirect      http://             $scheme://;
        # set header 'Host' to 'xxx', when enable https, must remove $server_port
        proxy_set_header    Host                $host;
        #proxy_set_header    Host                $host:$server_port;
        # set header 'X-Real-IP' 'client_ip', when request without 'X-Forwarded-For'
        #   $remote_addr equ to $proxy_add_x_forwarded_for
        proxy_set_header    X-Real-IP           $remote_addr;
        # set header 'X-Forwarded-For' 'client_ip, proxy1_ip, proxy2_ip, ...'
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        # set header 'X-Forwarded-Proto' 'https'
        proxy_set_header    X-Forwarded-Proto   $scheme;
    }

    location ~ \.php$ {
        proxy_pass          http://YOUR_SERVER:YOUR_PORT;
        proxy_redirect      http://             $scheme://;
        proxy_set_header    Host                $host:$server_port;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto   $scheme;
    }

# this make sure when user request '/', it will really pass to apache, not modify!

location = / {

proxy_pass http://YOUR_SERVER:YOUR_PORT;

# rewrite apache output header 'location' value 'http://' to 'https://'

proxy_redirect http:// $scheme://;

# set header 'Host' to 'xxx', when enable https, must remove $server_port

proxy_set_header Host $host;

#proxy_set_header Host $host:$server_port;

# set header 'X-Real-IP' 'client_ip', when request without 'X-Forwarded-For'

# $remote_addr equ to $proxy_add_x_forwarded_for

proxy_set_header X-Real-IP $remote_addr;

# set header 'X-Forwarded-For' 'client_ip, proxy1_ip, proxy2_ip, ...'

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# set header 'X-Forwarded-Proto' 'https'

proxy_set_header X-Forwarded-Proto $scheme;

}

location ~ \.php$ {

proxy_pass http://YOUR_SERVER:YOUR_PORT;

proxy_redirect http:// $scheme://;

proxy_set_header Host $host:$server_port;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto $scheme;

}

And append this to wp-config.php



// Must setting in nginx first!
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
    $_SERVER['REMOTE_ADDR'] = $ips[0];
}

// Must setting in nginx first!
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
    if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
        $_SERVER['HTTPS'] = 'on';
    }
}

// Must setting in nginx first!

if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {

$ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);

$_SERVER['REMOTE_ADDR'] = $ips[0];

}

// Must setting in nginx first!

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {

$_SERVER['HTTPS'] = 'on';

}

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

GPJtag

All posts by yuliang

an inconceivable bug of STM32CubeMX….

Disable Chrome PDF plugin

STM32F103 marking summary

Assembly Plant

Country of Origin

Manufactured date

Interconnect

Chip revision

Bug in Python3.6 standard library when compile using MinGW

USB3.0 Hub

Xilinx update Spartan3AN device!

Dump PE file

Remove unnecessary php file please

the format of openssh public key

Fix wordpress 301 loop when enable nginx…

focus on embedded and device