Thursday, April 4, 2013

Kill geoclue, but keep your clock

Ubuntu 12.04 with Unity has only one clock, and that clock requires a GeoIP provider called geoclue:

Package: indicator-datetime              
New: yes
State: installed
Automatically installed: no
Version: 0.3.94-0ubuntu2
Priority: optional
Section: misc
Maintainer: Ubuntu Desktop Team <ubuntu-desktop@lists.ubuntu.com>
Architecture: i386
Uncompressed Size: 319 k
Depends: gconf-service, libc6 (>= 2.7), libcairo2 (>= 1.10), libdbusmenu-glib4
         (>= 0.4.2), libdbusmenu-gtk3-4 (>= 0.4.2), libecal-1.2-10 (>= 3.2.3),
         libedataserver-1.2-15 (>= 3.2.3), libedataserverui-3.0-1 (>= 3.2.3),
         libgconf-2-4 (>= 2.31.1), libgdk-pixbuf2.0-0 (>= 2.22.0), libgeoclue0
         (>= 0.11.1+git20091217), libglib2.0-0 (>= 2.29.19),
         libgnome-control-center1 (>= 1:2.91.2), libgtk-3-0 (>= 3.1.4), libical0
         (>= 0.30), libido3-0.1-0 (>= 0.2.2), libindicator3-7, libpango1.0-0 (>=
         1.18.0), libpolkit-gobject-1-0 (>= 0.99), libtimezonemap1,
         dconf-gsettings-backend | gsettings-backend, gnome-control-center,
         geoclue-ubuntu-geoip | geoclue-provider
Recommends: indicator-applet | indicator-renderer, evolution-data-server
Description: Simple clock
 A simple clock appearing in the indicator bar
Homepage: https://launchpad.net/indicator-datetime

Geoclue calls home to geoip.ubuntu.com, as pointed out in this helpful Ubuntuforums thread. Luckily, this is easy to neuter. The thread says you need to recompile indicator-datetime, but that's overkill. We just need a package that "provides" geoclue-provider.

Checkinstall is a great tool for building mostly-working packages from source trees. It can build RPM, Slackware, and Debian packages, and on Ubuntu, it's as easy as aptitude install checkinstall. Now we just need a source tree.

mkdir /tmp/geoclue-provider-1

That was easy. Now to "make" and install our package. Checkinstall defaults to running "make install," but you can specify any other command on the command line. You'll have to answer some prompts to be sure that your "package" will work like we want:

miller@danbuntu:/tmp/geoclue-provider-1$ sudo checkinstall ls

checkinstall 1.6.2, Copyright 2009 Felipe Eduardo Sanchez Diaz Duran

           This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist. 
Should I create a default set of package docs?  [y]: n

Please write a description for the package.
End your description with an empty line or EOF.
>> geoclue killer
>> 

*****************************************
**** Debian package creation selected ***
*****************************************

This package will be built according to these values: 

0 -  Maintainer: [ root@danbuntu ]
1 -  Summary: [ geoclue killer ]
2 -  Name:    [ geoclue-provider ]
3 -  Version: [ 1 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ geoclue-provider-1 ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ geoclue-provider ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Enter a number to change any of them or press ENTER to continue: 

Installing with ls...

========================= Installation results ===========================
description-pak

======================== Installation successful ==========================
cp: cannot stat `//var/tmp/tmp.XZZzyKCsmE/newfiles.tmp': No such file or directory

Copying files to the temporary directory...OK

Stripping ELF binaries and libraries...OK

Compressing man pages...OK

Building file list... FAILED!

Building Debian package...OK

Installing Debian package...OK

Erasing temporary files...OK

Deleting temp dir...OK



**********************************************************************

 Done. The new package has been installed and saved to

 /tmp/geoclue-provider-1/geoclue-provider_1-1_i386.deb

 You can remove it from your system anytime using: 

      dpkg -r geoclue-provider

**********************************************************************

Now you are free to remove the offending package:

aptitude purge geoclue-ubuntu-geoip

Yay.

Tuesday, March 5, 2013

NfSpy meets the real world

Recently, Rob Fuller a.k.a. mubix posted a how-to for using NfSpy through a Meterpreter pivot. It's always nice to see your tools being used in the real world, and mubix's writeup was detailed and straightforward. It was clear, however, that NfSpy is not as user-friendly as I had hoped. I'll try to address some shortfalls in this post, which may also serve as a roadmap for further development.