flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > FAB (Flat Assembler Browser)

Author
Thread Post new topic Reply to topic
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u
This is a project to code a bootable fasm forum browser, that boots to the fasm forum in 3 second or less, plus to code the project in the simplest way possible.
You are welcome to join and add to the code, theres a topic about it here:
http://board.flatassembler.net/topic.php?t=5733&start=0
To test on pc:
http://www.dex4u.com/FAB/Fab.zip
To test in emulator:
http://www.dex4u.com/FAB/FabE.zip

PS: As there already is a browser called "FBrowser" the new name will be FAB (Flat Assembler Browser), as suggested by revolution


Last edited by Dex4u on 11 Mar 2008, 17:50; edited 8 times in total
Post 09 Feb 2008, 13:35
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6029
Location: Poland
MHajduk
Interesting, but I have one question: what about of security of the computer booting to the FASM forum directly? Isn't the computer "naked" this time and exposed to the attacks of malware from the net?
Post 09 Feb 2008, 14:05
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4218
Location: 2018
edfed
malwares?
what can do a malware to a system that don't have any possibility of file system?
this browser will simply read the html comming from the fasm board.
Post 09 Feb 2008, 14:11
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16861
Location: In your JS exploiting you and your system
revolution
MHajduk wrote:
Interesting, but I have one question: what about of security of the computer booting to the FASM forum directly? Isn't the computer "naked" this time and exposed to the attacks of malware from the net?
Yes, it is entirely "naked", so whoever writes the TCP stack should make sure it has no holes. Easier said than done though, just look at how much trouble other people have had in the past. The one saving grace is that fbrowser is unlikely to become widespread or popular so any malware is not going to be targeted toward the browser, there would be no profit in that for the malware writers.


Last edited by revolution on 09 Feb 2008, 18:36; edited 1 time in total
Post 09 Feb 2008, 14:12
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16861
Location: In your JS exploiting you and your system
revolution
edfed wrote:
malwares?
what can do a malware to a system that don't have any possibility of file system?
this browser will simply read the html comming from the fasm board.
All the malware has to do is get execution, then it can do anything it wants, like erase your HDD, spam others, etc. Unless you physically disconnect your HDD and write protect your floppy/USB drive then you do give malware a chance to cause damage.
Post 09 Feb 2008, 14:16
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4218
Location: 2018
edfed
a malware, how can it take the control of a code that just execute a browser?
there will be no gates in this project, and if a vired html page try to take control, a simple: no, it's impossible, will be enough, no?

i don't see how external soft can invade this system.
Post 09 Feb 2008, 14:20
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Post 09 Feb 2008, 14:26
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16861
Location: In your JS exploiting you and your system
revolution
edfed wrote:
i don't see how external soft can invade this system.
Have you never heard of the "buffer overflow" exploits? There are others ways also, but that is the most famous.
Post 09 Feb 2008, 14:27
View user's profile Send private message Visit poster's website Reply with quote
inflater



Joined: 11 Mar 2007
Posts: 6
inflater
Cool work Dex Cool
Post 09 Feb 2008, 14:30
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u
I agree that IF you can get execution,
Quote:
then it can do anything it wants, like erase your HDD, spam others, etc. Unless you physically disconnect your HDD and write protect your floppy/USB drive then you do give malware a chance to cause damage.

Our job is to stop anyone getting execution, plus i see this has a good way to make use of old PC, with the hdd removed and a write protected floppy.

But remember even in the tcp/ip stack of vista, it had a var in a certain header that was size of the next part (how much to jump other), you could put 0 in which went into a continues loop or worse Wink.

Also remember the Xbox as the same setup as this browser.
Post 09 Feb 2008, 15:16
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4218
Location: 2018
edfed
yes, and if we want, we can make soem remakes of the tchernobyl virus.
but what is the utility of this?

if i want, the next release of my package can contain a disk eraser, to delete all your drive with zig zag head movments, or worse, a code that overwrite the bios.
but what for? i don't see the utility of this. about attack prevention, i think about it.
html code don't contain any asm instruction to execute, so, html cannot invade the machine if we limit the buffering of these datas in a restricted amount of memory, with a limited segment etc...

the problem is not viruses for now, the problem is to display the http://board.flatassembler.net page correctly, with mouse support to click on intrernals links, no file or code download required, no linking to external web pages...
so, url can be limited too.
http://board.flatassembler.net/ as minimal url. impossibility to make addresses with differents starts.
Post 09 Feb 2008, 16:05
View user's profile Send private message Visit poster's website Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
How do you access the internet when booting?
Post 09 Feb 2008, 16:13
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4218
Location: 2018
edfed
for the moment, i don't know.
but when i'll know, i'll tell you.

i know how it works a little, the signals on the double twisted pairs are differential serial signals, like usb.
they are read (converted in BITs) via an internal modem, and collision detection (collisions are due to the speed of propagation, closed to the light speed, and the caracteristical impedance of the line, 70OHM) launches a random wait, and request restarts.
the requests are in the form of TCP IP data streams.
in this stream, there are headers, footers, and data in the middle.
IEEE 802.3 is the standard for these frames.
so, the work consist in driving the data flow, convert it into buffers, and interpret them.
in the headers, there are informations about the destination IP & MAC, source IP and MAC too.
if i detect an attack from an IP or a MAC, i'll launch a decuple copy of his attack to this fuckin hacker.
and then, his machine will burn if his antivir is not powerfull.
yessss.
Post 09 Feb 2008, 16:27
View user's profile Send private message Visit poster's website Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u
We will have a full tcp/ip stack, along with drivers for ethernet cards, it will also have a built in dhcp client, as well as a StartUp.txt file, so you can keep any settings, for that PC.

The first thing it will do is boot and load a "hello world!" html page off the net.
Post 09 Feb 2008, 17:04
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2796
Location: dank orb
bitRAKE
revolution wrote:
All the malware has to do is get execution, then it can do anything it wants, like erase your HDD, spam others, etc. Unless you physically disconnect your HDD and write protect your floppy/USB drive then you do give malware a chance to cause damage.
If I disable the devices through the PCI interface the malware would need a driver for my hardware (possible, but highly unlikely). Cool They could still send spam while the network connection is active. Confused
Post 09 Feb 2008, 18:16
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1903
DOS386
De wrote:

> This is a project to code a bootable web browser, that boots to the fasm forum in 1 second.

COOL Smile

MHajduk wrote:

Quote:
Interesting, but I have one question: what about of security of the computer booting to the FASM forum directly? Isn't the computer "naked" this time and exposed to the attacks of malware from the net?


I see no problem Shocked IMHO the opposite is true: if it works one day, it will be much safer than any flavor of M$'s Infernal Exploiter Smile

Anyway, it looks good, but doesn't have any browser features/code (yet ?) ... just reusing some DexOS code Neutral

_________________
Bug Nr.: 12345

Title: Hello World program compiles to 100 KB !!!

Status: Closed: NOT a Bug
Post 18 Feb 2008, 05:44
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u
DOS386 wrote:

Anyway, it looks good, but doesn't have any browser features/code (yet ?) ... just reusing some DexOS code Neutral
This is been worked on by dosin.

This project is a proof of consept, the goals are clear and we will use any code that can do the job, We need to get it to the stage where it has all the functions needed to run a web browser, than its up to member to add to it.
Post 18 Feb 2008, 10:29
View user's profile Send private message Reply with quote
Dex4u



Joined: 08 Feb 2005
Posts: 1601
Location: web
Dex4u
Added mouse support to the latest ver, see the first post for files.
Post 18 Feb 2008, 23:04
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1160
Azu
edfed wrote:
for the moment, i don't know.
but when i'll know, i'll tell you.

i know how it works a little, the signals on the double twisted pairs are differential serial signals, like usb.
they are read (converted in BITs) via an internal modem, and collision detection (collisions are due to the speed of propagation, closed to the light speed, and the caracteristical impedance of the line, 70OHM) launches a random wait, and request restarts.
the requests are in the form of TCP IP data streams.
in this stream, there are headers, footers, and data in the middle.
IEEE 802.3 is the standard for these frames.
so, the work consist in driving the data flow, convert it into buffers, and interpret them.
in the headers, there are informations about the destination IP & MAC, source IP and MAC too.
if i detect an attack from an IP or a MAC, i'll launch a decuple copy of his attack to this fuckin hacker.
and then, his machine will burn if his antivir is not powerfull.
yessss.
Great, so people can just put their victim's IP as the source and you will do the dirty work for them. Brilliant idea NOT!
Post 16 Jul 2009, 22:12
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.