Fun obfuscation in openlux

I was working on a free software alternative to f.lux named openlux a while ago, and I wasn’t working on any interesting aspects of the program, just rewriting functions, which gets a bit tedious after a while, so I decided to try writing one part of the code in a slightly different manner, for fun! :D

The code is supposed to add a variable to another if a character is ‘+’, and subtract it if the character is ‘-‘. Here would be how one might implement this:

int a = /* something */;
unsigned short b = /* something ... note that b is a smaller data type than A, this is important */;
char chr = /* '+' or '-' */

if (chr == '+')
    return b + a;
else
    return b - a;

After a few hours (maybe even a day, I’m not very good at this :P), I came up with this instead:

a = (0x80000000 | a) ^ (0x80000000 - !!(chr - 43));
if (a & 0x80000000) a++;
return a + b;

To dissect this, let’s start with the easiest part (other than return a + b;, of course :P): !!(chr - 43).

43 is simply the value of ‘+’. Yes, okay, that was a bit cheap :P So, what !!(chr - '+') does is that it will return 0 if chr == ‘+’, 1 otherwise. This could be have been rewritten as (chr != '+').

Easy part out of the way, let’s look at how numbers are encoded, via example, in binary:

00000000 = 0
00000001 = 1
00000010 = 2
00000011 = 3
(...)

So far so good, right? But what about when we reach 10000000? If it’s an unsigned byte, it will return 128 (2^7). If it’s signed, however, it will return -127:

(...)
01111111 = 127
unsigned 10000000 = 128
signed   10000000 = -127
unsigned 10000001 = 129
signed   10000001 = -126
(...)

In both cases, the number will keep getting larger after 10000000, but if it’s signed, it will have wrapped around to -127.

Let’s see larger values:

(...)
unsigned 11111101 = 253
signed   11111101 = -3
unsigned 11111110 = 254
signed   11111110 = -2
unsigned 11111111 = 255
signed   11111111 = -1

Notice that the largest value for the signed number is not 0, but rather, -1. This is important. If it was 0, then it would mean inverting the bits of a number would make it negative (i.e. ~n == -n).

So what would inverting the bits do?

11111111 = -1
00000000 = 0

11111110 = -2
00000001 = 1

11111101 = -3
00000010 = 2

11111100 = -4
00000011 = 3

(...)

Notice a pattern here? If we want to turn a negative number positive, we can do it via (~n) - 1. Vice-versa, it’s (~n) + 1.

Alright, back to the code!

(0x80000000 - (chr != '+'))

0x80000000 can be represented in binary as 10000000000000000000000000000000. In other words, the sign bit for a 32-bit integer. So if chr == '+', it will simply evaluate as 0, and therefore, keeping 0x80000000 intact. Otherwise, it will turn it into 0x7fffffff, which is equivalent to 01111111..., or ~0x80000000.

(0x80000000 | a) simply returns a, with the sign bit on.

Now, to deal with the xor part, let’s use a few examples to clarify:

chr = '+';
(0x80000000 | a) ^ (0x80000000 - (chr != '+'));
(0x80000000 | a) ^ (0x80000000 - 0);
// 0x80000000 ^ 0x80000000 cancel each other out, leaving us with 'a', unchanged (assuming a < 0x80000000)

chr = '-';
(0x80000000 | a) ^ (0x80000000 - (chr != '+'));
(0x80000000 | a) ^ (0x7fffffff);
// assuming a < 0x80000000, this is equivalent to ~a, because the sign bit is left on, while every bit of a is inversed
// as we discussed, ~a is equal to ((-a) - 1)

if (a & 0x80000000) a++; checks if the sign bit is set (i.e. a < 0), and if so, increments a so that it gets the correct (negative) value, for the reasons I explained earlier.

Lastly, all we have to do is return a + b;, which should hopefully be pretty obvious :P

Let’s recap quickly

If chr == '+', a is left unchanged, and the result is simply a + b

If chr != '+', a‘s bits are inverted, and then incremented so that it can be equivalent to a = -a, so the result would be (assuming a’s original value, not the inverted+incremented value): -a + b or b - a.

I hope that you found this interesting, or at least fun to read! I’m sorry if this isn’t very clear, I’m sort of writing this to try and get to sleep, I’ll edit it tomorrow :)

Injecting code into running process with linux-inject

I was about to title this “Injecting code, for fun and profit”, until I realized that this may give a different sense than I originally intended… :P

I won’t cover the reasons behind doing such, because I’m pretty sure that if you landed on this article, you would already have a pretty good sense of why you want to do this …. for fun, profit, or both ;)

Anyway, after trying various programs and reading on how to do it manually (not easy!), I came across linux-inject, a program that injects a .so into a running application, similar to how LD_PRELOAD works, except that it can be done while a program is running… and it also doesn’t actually replace any functions either (but see the P.S. at the bottom of this post for a way to do that). In other words, maybe ignore the LD_PRELOAD simile :P

The documentation of it (and a few other programs I tried) was pretty lacking though. And for good reason, the developers probably expect that most users who would be using these kinds of programs wouldn’t be newbies in this field, and would know exactly what to do. Sadly, however, I am not part of this target audience :P It took me a rather long time to figure out what to do, so in hopes that it may help someone else, I’m writing this post! :D

Let’s start by quickly cloning and building it:

git clone https://github.com/gaffe23/linux-inject.git
cd linux-inject
make

Once that’s done, let’s try the sample example bundled in with the program. Open another terminal (so that you have two free ones), cd to the directory you cloned linux-inject to (e.g. cd ~/workspace/linux-inject), and run ./sample-target.

Back in the first terminal, run sudo ./inject -n sample-target sample-library.so

What this does is that it injects the library sample-library.so to a process by the -name of sample-target. If instead, you want to choose your victim target by their PID, simply use the -p option instead of -n.

But … this might or might not work. Since Linux 3.4, there’s a security module named Yama that can disable ptrace-based code injections (or code injections period, I doubt there is any other way). To allow this to work, you’ll have to run either one of these commands (I prefer the second, for security reasons):

echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope # Allows any process to inject code into any other process started by the same user. Root can access all processes
echo 2 | sudo tee /proc/sys/kernel/yama/ptrace_scope # Only allows root to inject code

Try it again, and you will hopefully see “I just got loaded” in-between the “sleeping…” messages.

Before I get to the part about writing your own code to inject, I have to warn you: Some applications (such as VLC) will segfault if you inject code into them (via linux-inject, I don’t know about other programs, this is the first injection program that I managed to get working, period :P). Make sure that you are okay with the possibility of the program crashing when you inject the code.

With that (possibly ominous) warning out of the way, let’s get to writing some code!

#include <stdio.h>

__attribute__((constructor))
void hello() {
    puts("Hello world!");
}

If you know C, most of this should be pretty easy to understand. The part that confused me was __attribute__((constructor)). All this does is that it says to run this function as soon as the library is loaded. In other words, this is the function that will be run when the code is injected. As you may imagine, the name of the function (in this case, hello) can be whatever you wish.

Compiling is pretty straightforward, nothing out of the ordinary required:

gcc -shared -fPIC -o libhello.so hello.c

Assuming that sample-target is running, let’s try it!

sudo ./inject -n sample-target libhello.so

Amongst the wall of “sleeping…”, you should see “Hello world!” pop up!

There’s a problem with this though: the code interrupts the program flow. If you try looping puts("Hello world!");, it will continually print “Hello world!” (as expected), but the main program will not resume until the injected library has finished running. In other words, you will not see “sleeping…” pop up.

The answer is to run it in a separate thread! So if you change the code to this …

#include <stdio.h>
#include <unistd.h>
#include <pthread.h>

void* thread(void* a) {
    while (1) {
        puts("Hello world!");
        usleep(1000000);
    }
    return NULL;
}

__attribute__((constructor))
void hello() {
    pthread_t t;
    pthread_create(&t, NULL, thread, NULL);
}

… it should work, right? Not if you inject it to sample-target. sample-target is not linked to libpthread, and therefore, any function that uses pthread functions will simply not work. Of course, if you link it to libpthread (by adding -lpthread to the linking arguments), it will work fine.

However, let’s keep it as-is, and instead, use a function that linux-inject depends on: __libc_dlopen_mode(). Why not dlopen()? dlopen() requires the program to be linked to libdl, while __libc_dlopen_mode() is included in the standard C library! (glibc’s version of it, anyways)

Here’s the code:

#include <stdio.h>
#include <unistd.h>
#include <pthread.h>
#include <dlfcn.h>

/* Forward declare these functions */
void* __libc_dlopen_mode(const char*, int);
void* __libc_dlsym(void*, const char*);
int   __libc_dlclose(void*);

void* thread(void* a) {
    while (1) {
        puts("Hello world!");
        usleep(1000000);
    }
}

__attribute__((constructor))
void hello() {
    /* Note libpthread.so.0. For some reason,
       using the symbolic link (libpthread.so) will not work */
    void* pthread_lib = __libc_dlopen_mode("libpthread.so.0", RTLD_LAZY);
    int(*pthread_lib_create)(void*,void*,void*(*)(void*),void*);
    pthread_t t;

    *(void**)(&pthread_lib_create) = __libc_dlsym(pthread_lib, "pthread_create");
    pthread_lib_create(&t, NULL, thread, NULL);

    __libc_dlclose(pthread_lib);
}

If you haven’t used the dl* functions before, this code probably looks absolutely crazy. I would try to explain it, but the man pages are quite readable, and do a way better job of explaining than I could ever hope to try.

And on that note, you should (hopefully) be well off to injecting your own code into other processes!

If anything doesn’t make sense, or you need help, or just even to give a thank you (they are really appreciated!!), feel more than free to leave a comment or send me an email! :D And if you enjoy using linux-inject, make sure to thank the author of it as well!!

P.S. What if you want to change a function inside the host process? This tutorial was getting a little long, so instead, I’ll leave you with this: http://www.ars-informatica.com/Root/Code/2010_04_18/LinuxPTrace.aspx and specifically http://www.ars-informatica.com/Root/Code/2010_04_18/Examples/linkerex.c . I’ll try to make a tutorial on this later if someone wants :)

Why Openlux instead of Redshift?

First, I want to clarify that this is not a post trying to show that one is better than the other unequivocally. This is, instead, a post trying to show my reasons for writing openlux, and the differences between both softwares. I’m sure that many people will prefer the way that redshift works, over the way that openlux works, and that’s awesome!! The purpose of this post is, mainly, to show the differences, and hopefully help you decide which is better for your circumstance :)

My initial reason for writing openlux was because f.lux didn’t work for me, for various reasons (as I outlined in the first post about it) … I was actually unaware of redshift. There were a few people who linked me to it, and I immediately felt slightly disappointed that I hadn’t done my research before (would have saved me quite a bit of work!). Looking into it though, it’s not what I was looking for, and it has some of the issues that made me switch away from f.lux.

Redshift’s mode of operation is different than openlux’s. It primarily functions as a daemon, changing the color temperature automagically, depending on your timezone. This is a really handy feature, however, you don’t have much ability to configure the times. If you don’t have insomnia, and have a regular sleeping schedule, this is probably perfect. You tell it where you live, and it will change the screen color temperature throughout the day, in order to match the light you would receive if you were outside at that time (except at night, of course =P). But in my case, I can stay up until 4-5am, unable to sleep at all. Having the screen automatically change to a higher color temperature when I’m trying to go to sleep is most definitely not what I need. Now I could change the timezone every so often, but I’d rather have something in which I control when the screen color changes, instead of having to work against the program. I am aware that redshift has an option for manually changing the color temperature, but you don’t have much control over other options (such as animating to it, or individual control over RGB channels).

Redshift also uses color tables in order to compute the RGB values from kelvin temperatures. This allows for maximum accuracy within the range it provides (1000-25100K), however, it doesn’t allow anything outside of the range. On the other hand, openlux, works using Tanner Helland‘s algorithm, which allows for a theoretically infinite (practically 0-2³², because it’s stored in a 32-bit integer), but less accurate result. Personally, I prefer using an algorithm, but there are definitely things to say about using a color table instead. The algorithm is pretty accurate (I think it’s a maximum of ~3-5% off of the original value), but if you’re within the range that redshift provides, it’s always nice to have 100% accuracy!

The main philosophical difference (that influences how the programs evolve) between redshift and openlux is the goal: redshift is more oriented towards being a standalone, fully-featured program, while openlux is oriented towards being a program that only does one task (change the screen color temperature), and focuses on that one task. It leaves tasks such as changing the color temperature in accordance with the timezone to other programs specialized for this (such as cron), or manually. Redshift tends to go more on the side of “run it, and forget about it”, while openlux leans more on giving the user maximum control and flexibility.

There’s definitely something to be said about both philosophies, and different users will appreciate different philosophies. I personally prefer the one of having full control at all times, but there are many users who would prefer to just have the program manage it for them automagically.

If you’re not sure which to use, try both! See which one works best for you. After all, GNU/Linux is all about choice :)

If I’ve made any mistake in this article, please let me know. This post is most definitely not about saying that one software is better than the other. While I, of course, prefer openlux, I want this to be a fair comparison of both softwares, so that users can better decide which software they want to use for themselves.

Openlux 0.2 beta – Animations, iOS port

I wrote openlux around 2 and a half weeks ago, as a simple, libre alternative to f.lux that addresses a few issues I’ve encountered with it. I’ve since used it everyday, and I’ve actually noticed an improvement in my sleep!

However, my iPad still uses f.lux (or, until today, at least). No, in this case, I’m not worried about the fact that f.lux is proprietary (it’s an iPad), but earlier, when my sleep was really messed up (and by messed up, I mean, I was going to sleep at 7-8am), f.lux would automatically switch to 3400K (instead of 2300K), which definitely didn’t have a positive impact on my sleep. Also, it only goes down to 2300K, doesn’t allow much customizability, and doesn’t always work how I want it to work, etc.

So after spending quite a long time (basically ever since I released the first version of openlux) working on the port, it finally works!!! It doesn’t work as well as I wanted it to (multiple colors output the same value, compressing the color range … I tried lerping values, but it ended up giving garbage), but at least it works!

Animations literally took about the last hour of developing this version (in other words, barely any time at all, compared to the time needed to develop the iOS port), since, luckily, I only encountered one bug while making it. The point of animations is not for visual bling, but rather to make it easier on the eyes if it’s run automatically (e.g. via cron).

Other than those, there are a few minor features, such as optional relative adjustment of colors (“-b 10” will set the blue channel to 10, “-b +10” will add 10 to the blue channel, and “-b -10” will remove 10), and saving/resetting gamma values (mainly just a by-product of working on the iOS port).

If anyone would be interested in testing this on their iDevices, I would really appreciate it ^^ Though it works fine on my 1st generation iPad, I don’t know if it will work on other devices too. I wrote instructions on how to compile and run it here: https://github.com/AnonymousMeerkat/openlux/wiki/Compiling-for-iOS :) I’m not aware of this being able to cause any permanent damage to your device (my device works fine now, even after the display being severely messed up multiple times), but if you’re scared, stick with f.lux for now. Quick note: it doesn’t work on iOS <4, since it needs to retrieve the gamma table (which iOS versions <4 don’t support).

To wrap up, here’s a few examples of the new features that come with openlux 0.2:

openlux -k 1000 -a 10000         # Animates to 1000K in 10 seconds (10000 milliseconds)
openlux -k 1000 -a 100000 -d 100 # Animates to 1000K in 100 seconds, with a delay of 100 milliseconds per "frame" (less CPU usage)
openlux -k 1000 -g +10           # Sets the color temperature to 1000K, but adds 10 to the green channel
openlux -R                       # Resets to the last saved gamma table (openlux automatically saves the gamma table the first time it's run per boot)
openlux -s                       # Saves the gamma table

Follow up on the non-windowing display server idea

Note: I’m sorry, this post is a bit of a mess.

I wrote a post 2 days ago, outlining an idea for a non-windowing display server — a layer that wayland compositors (or other programs) could be built upon. It got quite a bit more attention than I expected, and there were many responses to the idea.

Before I go on, I wish to address a few things that weren’t clear in the original post:

The first being that I am not an ubuntu developer, and am in no way associated with canonical. I am only an ubuntu member :) Even though I don’t use ubuntu personally, I wish to improve the user experience of those who do.

Second is a point that I did not address clearly in the original post: One of the main reasons for this idea is to enable users to modify the video resolution, gamma ramp, orientation, brightness, etc. DRM provides an API for doing these operations, however, AFAIK, you cannot run modesetting operations on a virtual terminal that is already running an application that has called video modesetting operations. In other words, you cannot run a DRM-based application on an already-running wayland server in order to run a modesetting operation. So, AFAIK, the only way to enable an application to do this is to write a sort of “proxy” server that handles requests, and then runs the video modesetting operations.

Since I am currently confusing myself re-reading this, I’ll try to provide a diagram in order to explain what I mean.

If you want to change the gamma ramp, for example, this is impossible:

So with the display server acting as a proxy of sorts, it becomes possible:

This is also why I believe that having a server over a shared library is crucial. A shared library would allow for abstraction over multiple backends, however, it doesn’t allow communication with more than one application. A wayland compositor can access all of the functions, yes, but wayland clients cannot.

The third clarification is that this is not only meant for wayland. Though this is the main “client” I have in mind for this server, it isn’t restricted to only wayland. The idea is that it could be used by anything, for example, as one response pointed out, xen virtualization. Or, in my case, I actually want to write clients that use this server directly, without even using a windowing server like wayland (yes, I actually have a good reason for wanting this XD ). In other words, though I believe that the group that would use this the most would be wayland users (hence why I wrote the original post tailored towards this), it isn’t only meant for wayland.

There were a few responses saying that wayland intentionally doesn’t support this, not because of the reason I originally suspected (it being “only” a windowing protocol), but because one of wayland’s main goals is to let the compositor to have full control over the display, and make sure that there are no flickers or tearing etc., which changing the video resolution (or some other modesetting operations) would undoubtedly cause. I understand and respect this, however, I still want to be able to change the resolution or gamma ramp (etc.) myself, and suffer the consequences of the momentary flickering or whatever else. Again though, I respect wayland’s decision in this aspect, so my proposal, instead, is this: To make this an optional backend for wayland compositors. Instead of my original proposal, which was to build wayland compositors on top of this (in order to help simplify the stack), instead, have this as an option, so that if users wish to have the video modesetting (etc.) capabilities, they can use this backend instead.

A pretty large concern that many people (including myself) have is performance. Having an extra server on the stack would definitely have an impact on performance, but the question is how much.

So with this being said, going forwards, I am currently working on implementing a proof-of-concept prototype in order to have a better sense of what it entails, especially in regards to performance. The prototype will be anything but production-ready, but hopefully will at least work … maybe XD .

Idea: Non-windowing display server

For the TL;DR folk who are concerned with the title: It’s not an alternative to wayland or X11. It’s layer that wayland compositors (or other) can use.

As a quick foreward: I’m still a newbie at this field. While I try my best to avoid inaccuracies, there might be a few things I state here that are wrong, feel free to correct me!

Wayland is mainly a windowing protocol. It allows clients to draw windows (or, as the wayland documentation puts it, “surfaces”), and receive input from those surfaces. A wayland server (or “compositor”) has the task of drawing these surfaces, and providing the input to the clients. That is the specification.

However, where does a compositor draw these surfaces to? How does the compositor receive input? It has to provide many backends for various methods of drawing the composited surface. For example, the weston compositor has support for drawing the composited surface using 7 different backends (DRM, Linux Framebuffer, Headless [a fake rendering device], RDP, Raspberry Pi, Wayland, and X11). The amount of work put into making these backends work must be incredible, which is exactly where the problem relies in: it’s arguably too much work for a developer to put in if they want to make a new compositor.

That’s not the only issue though. Another big problem is that there is then no standard way to configure the display. Say you wanted a wayland compositor to change the video resolution to 800×600. The only way to do that is to use a compositor-specific extension to the protocol, since the protocol, AFAIK, has no method for changing the video resolution — and rightfully so. Wayland is a windowing protocol, not a display protocol.

My idea is to create a display server that doesn’t handle windowing. It handles display-related things, such as drawing pixels on the screen, changing video mode, etc… Wayland compositors and other programs that require direct access to the screen could then use this server and trust that the server will take care of everything display-related for them.

I believe that this would enable for much simpler code, and add a good deal more power and flexibility.

To give a more graphic description (forgive my horrible diagraming skills):

Current Stack:

Proposed Stack:

 

I didn’t talk about the input server, but it’s the same idea as the display server: Have a server dedicated to providing input. Of course, if the display server uses something like SDL as the backend, it may have to also provide the input server, due to the SDL library, AFAIK, doesn’t allow a program to access the input of another program.

This is an idea I have toyed around with for some time now (ever since I tried writing my own wayland compositor, in fact! XD), so I’m curious as to what people think of it. I would be more than happy to work with others to implement this.

Using Openlux to help your sleep and/or relax your eyes

If you are familiar with research suggesting that blue light affects your sleep, you might also be familiar with a (free!) software named f.lux. I use it on my iDevices (used to use it on my computers too), and it works great …. except for a few issues.

The first is CPU consumption. Seriously, this software takes up a lot of CPU. That was the main reason behind ditching xflux (the X11 edition of the software). It also doesn’t entirely block out blue light, even at the lowest color temperature it allows (this is true for the iOS version too). There were a number of other issues that became annoying over time (forced very long animations, a daemon that rarely ever works as intended, sometimes the software doesn’t even work at all, mouse cursor being left entirely out of the picture, etc.). These would (probably) all be simple to fix …. however, it’s free as in price, not as in freedom. The software is closed-source.

Openlux is a very simple open-source MIT-licensed clone I wrote that tries to address these issues (minus the mouse cursor issue, that one is a bit more complex). For now, it doesn’t contain as many features as xflux does, but it is only a first release. Animations and the lot will come later :)

I haven’t worked on packaging yet (if anyone wishes to spend some time doing this, that would be greatly appreciated!!), but for now, visit https://github.com/AnonymouMeerkat/openlux for download and compilation information (sorry for the mess in main.c, I will get to that later!).

Here are a few usage examples

openlux                      # Sets the screen color temperature to 3400K (the default)
openlux -k 1000              # Sets the color temperature to 1000K
openlux -k 2000 -b 0         # Sets color temperature to 2000K, but removes all blue light
openlux -k 2000 -b 255       # Ditto, but blue is set to 255 (maximum value, gives the screen a magenta-ish tone)
openlux -r 130 -g 150 -b 100 # Gives the screen a dark swamp green tint (Kelvin value is ignored)
openlux -k 40000             # Sets the screen color temperature to 40000K
openlux -i                   # Resets the screen color temperature

I personally like using openlux -k 10000 during the day (very relaxing for the eyes!), and openlux -k 2300 -b 40 during the night.

I hope this can be useful for you!! If you have any issues, suggestions, feedback, etc. (even if you just want to say thank-you — those are always appreciated ^^), feel free to write a comment or send me an email!