Aragonis’ Blog

When I started learning about threads, I found it quite a difficult subject to grasp. The learning curve was quite steep and there were lots of problems that needed to be solved in order to just get a simple program working. Since so many people shared my problems getting to grips with threading, I decided to make a tutorial on the subject over at Vorbb, named Multi Threaded Applications in C#. I talk about concepts like context, locks, mutexes, atomic operations, race conditions and semaphores in detail and provide sample code to illustrate.

I wrote an article over at Vorbb.com about creating a secure login system in PHP, including all the pitfalls where people tend to fall down. Feel free to take a look.

I’m building a clock from TTL components and have just finished the simulation and testing in Multisim. It used counters and basic logic to detect when the maximum for each digit is reached. Schematic attached, displays are in reverse order (unit seconds on far left, tens of hours on far right).

Schematic:

My girlfriend and I got tickets for Download Festival this year, as the lineup is excellent (unlike last year). We’re only going for one day, so we chose the Saturday as it has to be the greatest set of bands ever. Slipknot and Marilyn Manson are headlining, and there’s also Dragonforce, DevilDriver, Five Finger Death Punch, The Prodigy and for some reason Pendulum. Not sure why there’s a drum and bass artist at Download, but nevertheless. Definately looking forward to that.

It’s also my girlfriend’s birthday on the 4th. Not saying what I’ve got her, because she becomes some sort of private investigator when presents are mentioned. If you’re reading this Lidija, for all you know I could’ve got you anything from a cabbage on a string* to a large hadron collider. Now go away!

Anyhoo, I’ve also got back into coding Uplink mods. I re-purchased the developer CD as my old one went missing and the drive I had my backup on died, and have just downloaded the latest developer patch. Should be interesting to see what I can do.

*Last year I actually got her a cabbage on a string as a spoof present.

Communicating with botnets has always been an issue for writers, especially considering that they must remain anonymous. The usual solution is a P2P network, but this can be cumbersome and difficult to design. However, I came up with a somewhat unusual method of talking to a botnet without having to resort to such lengths. It uses Pastebin, a website that allows any user to post clips of text or code without logging in or signing up. Pastebin can be used in “private” mode, which means that given any subdomain the user can post stuff to others only if they know the subdomain. For example, if I post a clip in http://ncmd1234.pastebin.com/ you would have to literally type in that subdomain to get at the posts created in it. However, using something static such as http://mybotnet.pastebin.com/ would quickly be detected and the subdomain would probably be disabled. To get around this, I came up with an ingenious idea:

Choose a few high profile RSS feeds that are generally updated once or twice per hour. Things like the BBC, Slashdot or CNN are good ideas.
Have your botnet download the feeds in XML format (in .NET the WebClient.DownloadString() method works fine) and append them to each other in one big string and call this strXml.
Hash strXml with MD5 or SHA1, then take the last 8 bytes of the hash and convert them to hex. Use this as your subdomain for pastebin, e.g. http://bc3b775ecf4ce7bd.pastebin.com/

This means that every 10 minutes or so, the location from which the botnet receives commands will change. The botnet master can simply calculate the hash, then go onto the page using Tor and post a command. If the bots are checking the page every minute, then 80-90% of the time they should get updated with the latest command. To be sure, a repeat post can be made by the botnet master at the next URL when it changes (due to a new entry in the RSS).