On August 6, 2013 the PuTTY Team posted an update that included some pretty serious bug fixes. You might recall that PoTTY never made it to v.062 except in a private build for my own use. In fact, after my wife got sick in January 2012 (long story) it was left to languish just before it was ready to ship.
And in a few messages to brl I got the impression that obfuscated-openssh (which I like to call oossh) was something of a dead-end, since anyone who really wanted to stop you could just block all encrypted communications.
I had to agree. But, hey, I don't live in $OPPRESSIVE_REGIME, and I still have a need to evade deep packet inspection and the bugs fixed in v0.63 seemed pretty bad. And I know there are at least a few PoTTY users out there, so I decided to crank out a new version come Hell or high water. And much to my surprise I nailed it faster than I thought I could.
At this time, the whole PoTTY Suite is ready to rock. The final nail in the shipping crate remains to be hammered. And that is the download page on mrhinkydink.com. I want to whack that out this weekend and make it available by September 1st.
So this isn't an official announcement. It's just a teaser.
Against my better judgement, I ran with Microsoft's VCE 2012 compiler. V0.61 was made with VCE2008 (or was it 2005?) and the ill-fated v0.62 with VCE2010. I figured "Why not?" I soon learned why not and in the process had an epiphany on why Simon & the PuTTYnaughts still use VC++ 6.0: it's compatible with everything.
If I had my way, I'd still be using VC++ 5 (which I paid for in 1997). But I never get my way. That's just my karma. The Universe hates my gutz.
So PoTTY works, but if you are using anything less than WINXP SP2 you will get a "not a valid Windows executable" error when you try to run it. Nothing that VCE 2012 shits out will run on anything less than Vista unless you use a "Platform Toolset" of "v110_xp" in your project's configuration.
That was disappointing because the default toolset (v110) seems to run a lot faster.
So if you're never looking back, you might want to recompile the whole damned thing in "pure" VCE 2012. Do a benchmark. Let me know what happens. I ain't got time for that shit.
I'm only up to Windows 7, so I can't test it on Windows 8. Maybe it won't run there either. Dunno.
One of the hardest parts of upgrading (???) PuTTY source code to PoTTY is going through all the code and replacing "u" with "o". For the most part this is purely cosmetic branding. In some places if you do this you will break compatibility. I think it's important to change the executable names, even if this breaks your scripts, but Pageant (Pogeant) needs to know about it.
The biggest compatibility break—had I done it—would have been making Pottygen create "PoTTY certs" instead of "PuTTY certs". I tried. Without that "u" in the cert file PoTTY and PuTTY are no longer interchangeable, and I want PoTTY to be able to function side-by-side with PuTTY.
In general, at least.
By changing pscp, psftp, and plink, to oscp, osftp, and plonk you can't accidentally use the PoTTY versions.
I've never big a big fan of sftp, but in testing I discovered I liked osftp quite a lot, especially when the remote server is a cygwin oosshd server. A lot. Much easier to use at the command line than scp. Great opportunities for data exfiltration there.
Which got me to thinking (again) about "WinoSCP", which would be an obfuscated version of WinSCP.
Also... 64 bit version? Not sure. I think I ran across a deal killer with that when I was working on v0.62. That would be interesting, but the point of doing it eludes me. If it ain't broke, et cetera.
And right now, it ain't broke.
Yes, it's out there. Since the fork was solidly stuck into the code and everything was uploaded to the site, I tried to make a 64 bit version. The first hurdle was to recompile OpenSSL for "WIN64A", which took quite a bit of dicking around, which included downloading the Win 7 DDK (I was missing "ml64.exe" for some reason). Once that was finally done, I recompiled and it worked, but I'm not sure of what I have now. I don't think it's "really" 64 bit, just some sort of mutant 64/32 bit code that won't run on a 32 bit system.
My lifestyle changed drastically in the last year and a half (long story) and I haven't had a lot of time to update the blog.
I finally approved some very old comments (and cleared out a lot of SPAM). I do like hearing from you Cameroonian puppy scammers, but why do you guys want German IPs now? I thought you only hated the Brits. Now you're going after Germany? Be careful. And stop scamming while you're at it. It's not nice.
I've been thinking about a "Whatever happened to..." article to bring everyone up to speed. I finally solved the mystery of the disappearing access point and I have formulated my excuses for not updating or promoting PoTTy (there is actually a very good reason). PoTTy v0.62 (or was it 0.63?) is "tits up and takin' on water". The last version still works fine.
As for all the proxy requests... sorry but The List just runs and gets what it can get. The proxy project itself has had a fork in it for quite some time, but I just can't bring myself to shutting it down. It needs some serious maintenance. SOCKS proxies have all but disappeared (all those old port 27977 SOCKS proxies were the TDSS rootkit, ya know). I'm not even sure what happened to the CoDeeN proxies. Did they kill that project? Did they figure out my tricks? I never see any at all, not that I miss them.
Anyway, thanks for all those comments and I'm sorry it took so long to get them approved.
I've been going to Micro Center for a long time. More years than you can imagine. I've had some interesting experiences and been treated in some odd ways.
For instance, several years ago I went into the local retail MC looking for a video card or something. I was in Full Beard Mode and it was summer so I was wearing sunglasses, shorts, a tee shirt, and my classic pork pie hemp hat. Everywhere I went I was tailed by an MC associate. When I looked in their direction, they looked away, but they followed me as I made my way around looking for whatever it was I was looking for.
Not one of them asked if they could help. Not one of them said "Hello."
I couldn't find what I was looking for and left. A few minutes out the door, I realized they weren't just being rude. They thought I was a potential shoplifter, not a customer with cold, hard cash.
Well, fuck that. That location closed a year or so later.
So anyway Time Marches On... MC's only retail store is now across town. iPads are hot. I check their Web site to see if they have them in stock. They did, so I chose the "order online, pick up in store" trick. To do that I had to register with email address, et cetera. You know the drill.
A couple years after that, I go to pull the same trick. Their Web site has no record of my account. The email address draws a blank. OK, fine. I'll just go to the store. When I get there and buy what I wanted, they had me check my information at the register and there was the email address I had given them for the iPad.
This kind of pissed me off, so when I went back Monday for the Presidents Day sale and they asked me if the information was correct I said no, the email address is wrong. The guy pulls up the register menu and asks me for the correct address.
I tell him I don't have an email address. He clears it out. I went home with my merch: a wireless security cam, an off-brand 802.11N USB NIC (which turned out to have a RaLink chipset!), and a motherboard battery.
Within 24 hours, I get SPAM on the address I told them to delete.
The subject field of the email was "Wireless Security Cameras". What a coincidence! I just bought one!
The body of the email was junk html and my name repeated over and over and interspersed with the following keywords:
I resurrected an old but capable WinXP box for my upstairs office, which is much more comfy than my subterranean lair in the winter time. Down there I have an old, diskless IBM NetVista box (the one that used to house EXP V) that boots BT5R3 off a USB stick. Works great for doing laundry—I'm doing a lot of domestic stuff these days for reasons I won't get into—but for extended stays it's just too cold. Plus the cell phone reception sucks serious ass, so meetings are pretty much out of the question.
After all the Windows updates I decided to update Cygwin as well and since this box has never had Obfuscated OpenSSH (OOSSH, as I like to call it) on it I decided to do a fresh install on that.
Guess what? No go. Something has changed and OOSSH won't compile anymore.
After about a week of dicking around I finally found the fix, so I thought I'd share it with you.
After you "git" the code, the first thing you should do is edit clientloop.c and change both instances of
And rather than get into why you should do this, I'll just remind you that I went on and on about it in the old ProxyObsession blog before it was taken down for a (totally bogus) DMCA violation. In any case, it doesn't hurt anything and makes certain things possible that aren't possible with smaller buffers.
But the Big Fix should be put into openbsd-compat/openbsd-compat.h. Right at the top, ahead of all the #includes, put in this line: