20 Ağustos 2022 Cumartesi

BIP39 design experiments

I've been using some software and hardware wallets for years. Like most of you I am familiar with mnemonic seed phrases used in wallet creation/restoration operations.

Last week I decided to go a bit deeper on the design of these words. I worked with 24 word phrases which is basically 23+checksum word to validate the integrity of the phrase.

You can find the code I wrote for calculating checksum in following github repository :

https://github.com/hnzr/bip39_checksum

Checksum calculation is the first part of the code.

On top of checksum calculation added the functionality for finding any missing word if checksum is given. 

You can use it just like me. You can also use it for generating your own mnemonic seed phrase. If you will use it in real life. Use it on an OFFLINE computer with temporary OS with your own security risk.

You can follow the instructions in the following link to create seed phrase with rolling dice and then use the python code to fix the 24th word with correct one.

https://en.bitcoin.se/articles/create-your-own-wallet-seed-using-regular-dice

You can even add some additional randomness by changing some of the words with alternatives, using the brute-force function.

10 Ocak 2017 Salı

WAN conditions for your service


When you are about to launch a new network service you should be prepared to face with real life conditions.
Your service should be ready for some delay, jitter and packet loss. This post aims to create a LAB environment to test our service if it is ready for real-life or not.

All we need to have a debian server (virtual or physical) with two ethernet interfaces and 30 minutes of time for installation and configuration.


In my case I used a virtual server on vmware that has 1 vCPU and 1GB RAM.

I used 8.6.0 netinst cd image from debian.org https://cdimage.debian.org/debian-cd/8.6.0/i386/iso-cd/debian-8.6.0-i386-netinst.iso

After minimal installation I configured the network :
cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 192.168.1.253
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 8.8.8.8


allow-hotplug eth1
iface eth1 inet static
        address 192.168.2.253
        netmask 255.255.255.0
        network 192.168.2.0

        broadcast 192.168.2.255

Then I created a script that controls the traffic between two interfaces.
cat /root/trafficshaper

#!/bin/bash

INT1="eth0"
INT2="eth1"
BWLIMIT="256kbit"
PLOSS="50%"
DELAY="300ms 10ms"

startme() {
        tc qdisc add dev $INT1 root handle 1:0 netem delay $DELAY loss $PLOSS
        tc qdisc add dev $INT1 parent 1:1 handle 10: tbf rate $BWLIMIT buffer 1600 limit 3000

        tc qdisc add dev $INT2 root handle 1:0 netem delay $DELAY loss $PLOSS
        tc qdisc add dev $INT2 parent 1:1 handle 10: tbf rate $BWLIMIT buffer 1600 limit 3000
}

stopme() {
        tc qdisc del dev $INT1 root handle 1:0
        tc qdisc del dev $INT2 root handle 1:0
}

case "$1" in
        start)  startme ;;
        stop)   stopme ;;
        list)
                tc -s qdisc ls dev $INT1
                tc -s qdisc ls dev $INT2
                ;;
        restart)        stopme; startme ;;
        *) echo "usage: $0 start|stop|restart|list"

        esac


Now all we have to do is edit the file to set the conditions

   BWLIMIT="256kbit"
   PLOSS="50%"
   DELAY="300ms 10ms"

then execute 
   /root/trafficshaper start

to make your service face with real life :)

example :
shaper@tshaper:~$ su - root
Password:
root@tshaper:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.803 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=1.05 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=1.01 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=255 time=0.749 ms
64 bytes from 192.168.1.1: icmp_seq=5 ttl=255 time=0.894 ms
64 bytes from 192.168.1.1: icmp_seq=6 ttl=255 time=1.09 ms
64 bytes from 192.168.1.1: icmp_seq=7 ttl=255 time=0.786 ms
64 bytes from 192.168.1.1: icmp_seq=8 ttl=255 time=0.912 ms
64 bytes from 192.168.1.1: icmp_seq=9 ttl=255 time=0.846 ms
^C
--- 192.168.1.1 ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time 8003ms
rtt min/avg/max/mdev = 0.749/0.906/1.097/0.120 ms
root@tshaper:~# /root/trafficshaper.sh start
root@tshaper:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=297 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=255 time=305 ms
64 bytes from 192.168.1.1: icmp_seq=6 ttl=255 time=306 ms
64 bytes from 192.168.1.1: icmp_seq=7 ttl=255 time=294 ms
64 bytes from 192.168.1.1: icmp_seq=8 ttl=255 time=293 ms
64 bytes from 192.168.1.1: icmp_seq=10 ttl=255 time=308 ms
64 bytes from 192.168.1.1: icmp_seq=12 ttl=255 time=306 ms
64 bytes from 192.168.1.1: icmp_seq=13 ttl=255 time=309 ms
64 bytes from 192.168.1.1: icmp_seq=16 ttl=255 time=304 ms
^C
--- 192.168.1.1 ping statistics ---
17 packets transmitted, 9 received, 47% packet loss, time 16040ms
rtt min/avg/max/mdev = 293.008/302.931/309.238/6.076 ms
root@tshaper:~# /root/trafficshaper.sh stop


References and further reading :



4 Ocak 2016 Pazartesi

Scriptize Your HSS Bulk Operations


The main idea is scriptize anything that takes more than script creation time. Creating a script will probably take less than half an hour for most of routine work. Once you prepare a script you will use it multiple times as needed, with small tweaks.

I have prepared the this script about one year ago. For a load test I need 1000 concurrent users on IMS. The hardest thing was creating those users on HSS.
It took about 15 minutes :)

1.       Export a template from from hss using your favorite ldap browser. (I prefer ldapadmin)
2.       Rename variable fields. (I use varuserid, varpass)
3.       Create a csv file for variable values.
4.       Run script
5.       Import output file to hss

You can find script and example data files in section Script1

After some time we need to change the service profile of the subscribers for another test. This was only a template file change ;)


Template file for changing the service profile:
dn: HSS-SubscriberServiceProfileId=varuserid@somedomain.com,HSS-SubscriberID=varuserid@somedomain.com,HSS-SubscriberContainerName=HSS-Subscribers,applicationName=HSS,nodeName=hssnodename
objectClass: HSS-SubscriberServiceProfile
changetype: modify
replace: HSS-ConfiguredServiceProfiles
HSS-ConfiguredServiceProfiles: centrex

And finally lets clean up our mess.

For deleting subcribers we have created following template can be used.

dn: HSS-SubscriberID=varuserid@somedomain.com,HSS-SubscriberContainerName=HSS-Subscribers,applicationName=HSS,nodeName=hssnodename
changetype: delete

From the beginning of the history, man is used to make tools in order to make his life simpler. Don’t hesitate to use your frontal lobe.

Script1 : generatesubs.pl
#!/usr/bin/perl -w

# Print the value of the command line arguments
$numArgs = $#ARGV + 1;


if ($numArgs<2) {
        print "Usage : \n";
        print "./generatesubs.pl output_file csv_file \n";
        print "Example : ./generatesubs.pl test.out values.csv \n";
                die;
} else {
        print "Output file is $ARGV[0]\n";
        print "CSV file is $ARGV[1]\n\n";
}

open OUTPUTFILE, ">", "$ARGV[0].ldif" or die $!;
open INPUTFILE2, "<", $ARGV[1] or die $!;

while (<INPUTFILE2>) {
$_ =~ s{^\Q$/\E}{};
my @number = split /,/, $_, 2;

  open INPUTFILE, "<", "template.ldif" or die $!;

  while (<INPUTFILE>) {

    $_ =~ s/varuserid/$number[0]/g;
    $_ =~ s/varpass/$number[1]/g;
    print OUTPUTFILE $_;
  }

  close INPUTFILE;

}
close OUTPUTFILE;
close INPUTFILE2;

Static Template File : template.ldif

dn: HSS-SubscriberID=varuserid@somedomain.com,HSS-SubscriberContainerName=HSS-Subscribers,applicationName=HSS,nodeName=hssnodename
objectClass: HSS-Subscriber
HSS-SubscriberID: varuserid@somedomain.com
HSS-SubscriberBarringInd: FALSE
HSS-ChargingProfId: DefaultChargingProfile
HSS-PrivacyIndicator: FALSE
HSS-IsPsiContainer: FALSE
HSS-ChargingId: varuserid

dn: HSS-PrivateUserID=varuserid@somedomain.com,HSS-SubscriberID=varuserid@somedomain.com,HSS-SubscriberContainerName=HSS-Subscribers,applicationName=HSS,nodeName=hssnodename
objectClass: HSS-User
HSS-PrivateUserID: varuserid@somedomain.com
HSS-RoamingAllowed: FALSE
HSS-AllowedAuthMechanism: Digest
HSS-UserPassword: varpass


dn: HSS-SubscriberServiceProfileId=varuserid@somedomain.com,HSS-SubscriberID=varuserid@somedomain.com,HSS-SubscriberContainerName=HSS-Subscribers,applicationName=HSS,nodeName=hssnodename
objectClass: HSS-SubscriberServiceProfile
HSS-SubscriberServiceProfileId: varuserid@somedomain.com
HSS-ConfiguredServiceProfiles: tispan
HSS-SubscribedMediaProfile:
HSS-PhoneContext: somedomain.com
HSS-MaxSessions: 3

dn: HSS-PublicIdValue=sip:varuserid@somedomain.com,HSS-SubscriberID=varuserid@somedomain.com,HSS-SubscriberContainerName=HSS-Subscribers,applicationName=HSS,nodeName=hssnodename
objectClass: HSS-PublicIdentificationData
HSS-PublicIdValue: sip:varuserid@somedomain.com
HSS-PrivateId: varuserid@somedomain.com
HSS-SubscriberServiceProfileId: varuserid@somedomain.com
HSS-XcapAllowed: FALSE
HSS-ImplicitRegSetId: 1
HSS-SessionBarringInd: FALSE
HSS-IsDefault: TRUE
HSS-MaxNumberOfContacts: 4

dn: HSS-PublicIdValue=tel:\+varuserid,HSS-SubscriberID=varuserid@somedomain.com,HSS-SubscriberContainerName=HSS-Subscribers,applicationName=HSS,nodeName=hssnodename
objectClass: HSS-PublicIdentificationData
HSS-PublicIdValue: tel:+varuserid
HSS-PrivateId: varuserid@somedomain.com
HSS-SubscriberServiceProfileId: varuserid@somedomain.com
HSS-ImplicitRegSetId: 1
HSS-SessionBarringInd: FALSE
HSS-IsDefault: TRUE
HSS-MaxNumberOfContacts: 4


Variable Values file : values.csv
908502091001,Pass123456
908502091002,Pass123456


reference for ldiff  options

https://www.digitalocean.com/community/tutorials/how-to-use-ldif-files-to-make-changes-to-an-openldap-system

21 Eylül 2012 Cuma

Haftasonu Projesi - Çevreci Araba

Kış geldi. Haftasonu evde yapılabilecek bir sürü oyun, oyuncak ve aktivite var.
Bu hafta atık malzemelerden araba yapıyoruz. Aşağıdaki linkte video'yu bulacaksınız.
Fotoğrafları paylaşırsanız sevinirim.



Tüm babalara çocuklarıyla iyi hafta sonları.

18 Kasım 2011 Cuma

Yeni masallar

Bir  süredir ihmal ettim masalları yayınlamayı.
Dört tanesini aşağıda yayınlıyorum diğerleri de haftaya geliyor.


Bremen Mızıkacıları






Masalı aşağıdaki linke tıklayarak dinleyebilirsiniz.

Caillou İlk Oyunum


Masalı aşağıdaki linke tıklayarak dinleyebilirsiniz.

Külkedisi


Masalı aşağıdaki linke tıklayarak dinleyebilirsiniz.

Şakacı Dino


Masalı aşağıdaki linke tıklayarak dinleyebilirsiniz.

10 Kasım 2011 Perşembe

Rakun Kunkun

Rakun kunkun bir çevreye duyarlılık hikayesi :)






Masalı aşağıdaki linke tıklayarak dinleyebilirsiniz.
Rakun Kunkun

8 Kasım 2011 Salı

Dinozor

Dinozorlara Giriş I :)
Artık dinozorlarla ilgili pek çok yeni şey biliyoruz.



Masalı aşağıdaki linke tıklayarak dinleyebilirsiniz.


BIP39 design experiments

I've been using some software and hardware wallets for years. Like most of you I am familiar with mnemonic seed phrases used in wallet c...