CMAK
CMAK (Connection Manager Administration Kit) is a utility that comes with Windows Server. It allows one to create advanced VPN connections. There is an excellent article that discusses using CMAK to build a split-tunnel. This article can be viewed at http://blogs.technet.com/rrasblog/archive/2007/06/11/split-tunnelling-using-cmak.aspx. The only problem is that this technique does not seem to work with Windows Vista.

To work around this issue, I have put together a command-prompt based application that can be used to configure split tunneling on Vista-based client machines (It works on XP as well). It reads its settings from a file called IPRoute.ini. Two parameters can be passed into it: ADD and DELETE. ADD will cause the program to create the routes found in IPRoute.ini. DELETE will cause the program to delete the routes. To use it, in the CMAK wizard:

1. Make sure no default gateway is configured:

2. Do not have CMAK alter the routing table:

3. Add two custom actions. The first is for after the connection is established. The second is for after the connection is lost:

3a. The first custom action is for after the connection is established:

3b. The second custom action is for after the connection is dropped:

4. Include IPRoute.exe and IPRoute.ini as custom files in the CMAK installer:

INI File Syntax
The INI file consists of two sections. The first section, Options, identifies the address pool the client's IP address will be assigned from. This helps the program to figure out what IP address was assigned from the server. An example of this is:

[Options]
Network=192.168.3.0
Netmask=255.255.255.0

The second section contains a list of IP addresses or networks to route traffic to. Each item must end with a sequential number, starting from 1. An example of this is:

[Routes]
Route1=192.168.0.1
Mask1=255.255.255.0

Route2=192.168.1.1
Mask2=255.255.255.0

Route3=192.168.2.1
Mask3=255.255.255.0

Disclaimer
BY DOWNLOADING YOU AGREE TO THE FOLLOWING:

You assume the entire risk related to your use of these files. Ingeletek is providing this data "as is," and Ingeletek disclaims any and all warranties, whether express or implied, including (without limitation) any implied warranties of merchantability or fitness for a particular purpose. In no event will Ingeletek be liable to you or to any third party for any direct, indirect, incidental, consequential, special or exemplary damages or lost profit resulting from any use or misuse of this data.

Download
IPRoute - http://www.ingeletek.com/downloads/blog/IPRoute.zip

Delphi Source - http://www.ingeletek.com/downloads/blog/IPRoute_src.zip

This is the last and final portion of this series. Upon receiving some inquiries about the outcome of my experiment, I have made available a Rijndael (AES) version of this technique. First, however, I want to mention a few more points.

Password Format
The password requires a little special handling. For some reason the password was missing the null termination character when I passed it from my test app to Firebird. So, to work around this I made the first three characters of the password represent the password length. For example, the word 'password' is eight characters. This would make the password I send to Firebird be '008password'. The parser would then strip the first three characters from the string and learn that the password is eight characters in length.

Vulnerability
It is possible for a malicious user to create a fake fbembed.dll that logs any procedure calls. They could then place this into your application's directory and log the password text that is being sent from your application. Finally, they could use your fbembed.dll in their own application, using the password they recovered with the fake dll, and open your database.

Disclaimer
BY DOWNLOADING YOU AGREE TO THE FOLLOWING:

You assume the entire risk related to your use of these files. Ingeletek is providing this data "as is," and Ingeletek disclaims any and all warranties, whether express or implied, including (without limitation) any implied warranties of merchantability or fitness for a particular purpose. In no event will Ingeletek be liable to you or to any third party for any direct, indirect, incidental, consequential, special or exemplary damages or lost profit resulting from any use or misuse of this data.

Downloads
The files can be obtained from:

1. http://www.ingeletek.com/downloads/blog/Firebird-2.1.1.17910-0_rijndael.zip - Binary output of the compile process. This consists of all binaries.

2. http://www.ingeletek.com/downloads/blog/Firebird-2.1.1.17910-0_rijndael_embedded.zip - Embedded server binaries along with the Visual C++ 2005 runtimes.

3. http://www.ingeletek.com/downloads/blog/Firebird-2.1.1.17910-0_rijndael_src.zip - The source code

Donations
Our donation page is at http://www.ingeletek.com/donate.html. Put 'Firebird' as a note and they'll know who to give it to.

The database parameter for an encryption password in Firebird is 'encrypt_key.' The IBDAC component for connection to the database is TIBCConnection. I used the following code to set up the database parameters and connect to the database:

AConnection.Options.Charset := 'win1251';
AConnection.Params.Add('user_name=SYSDBA');
AConnection.Params.Add('password=MASTERKEY');
AConnection.Params.Add('encrypt_key=password');
AConnection.Params.Add('sql_dialect=3');
AConnection.Connected := True;

When I attempted to connect to an existing database, and an exception was raised. It mentioned something about the database not being a valid Firebird database. I grinned at this point because I knew that it was attempting to decrypt an unencrypted database. Having gotten this far, it was now time for me to create a newly encrypted database.

After some trial and error, I soon learned that the CreateDatabase method provided in the TIBCConnection component does not allow one to pass an encrypt_key parameter to the database. It was obvious that a new routine needed to be created. So, I started by adding some code in IBCClasses.pas:

procedure TGDSConnection.CreateDatabaseEx;
var
pDatabase: IntPtr;
begin
CheckInactive;

if not GDSInited then
InitGDS;
if FParamsChanged then begin
CreateDPB;
FParamsChanged := False;
end;

pDatabase := Marshal.StringToHGlobalAnsi(FDatabase);
try
check(isc_create_database(
FStatusVector,
Length(FDatabase),
pDatabase,
FDatabaseHandle,
FDPBLength,
FDPB,
0));
FConnected := True;
finally
Marshal.FreeCoTaskMem(pDatabase);
end;
end;


After adding this code, it was necessary to add a routine to the TIBCConnection component that could call the previously listed routine. I added the following code to IBC.pas:

procedure TIBCConnection.CreateDatabaseEx;
begin
CreateIConnection;
FIConnection.CreateDatabaseEx;
end;

Finally, I compiled IBDAC and reopened my test application. I changed my test application to use the following code:

AConnection.Options.Charset := 'win1251';
AConnection.Params.Add('user_name=SYSDBA');
AConnection.Params.Add('password=MASTERKEY');
AConnection.Params.Add('encrypt_key=password');
AConnection.Params.Add('sql_dialect=3');
AConnection.CreateDatabaseEx;
AConnection.Connected := True;

Much to my surprise no errors occurred. Wondering if the file was actually created, I opened Windows Explorer and browsed to the output folder of my application. I was amazed to see a new file titled 'database.fdb' sitting in the directory. Opening the file with my hex editor revealed that the file was indeed encrypted. I had finally succeeded!

Part 3 of this series will contain links to a Rijndael implementation of this technique.

Today, my question was to convert a 45 gigabyte VMWare drive image (.vmdk) to a VirtualBox image (.vdi). My host computer is running Windows Vista. Little did I know just how long this was going to take.

First, I learned that it would be necessary to clean up my guest operating system (Windows XP) before converting the image. I started by uninstalling the VMWare utilities. I then restored the default HAL that comes with Windows XP by using the following commands (Note that your Windows XP CD must be in the drive):

expand d:\\i386\\hal.dl_ %windir%\\system32\\hal.dll
expand d:\\i386\\ntoskrn.ex_ %windir%\\system32\\ntoskrn.exe

After this, I shut down my computer and prepared to convert my image. After reading around a bit, I learned that it was possible to do this conversion using a program called qemu. Searching for 'qemu windows' in Google, I was able to locate a windows version to download. After downloading the program, I extracted it and used the following command to convert my .vmdk file over to a "RAW" file:

qemu-img convert input.vmdk output.bin

This took over an hour. When it did complete, my dynamic image had expanded up to its maximum size. After further reading, I finally learned that VirtualBox comes with a program called 'vboxmanage.exe' that can be used to convert a RAW file to a .vdi file. I proceeded with the following commands:

vboxmanage convertdd input.bin output.vdi
vboxmanage modifyvdi input.vdi compact

This process also took over an hour. Once it completed, I was finally able to boot my computer using VirtualBox.

Coming back from Beijing, my boss brought a nasty little rootkit / trojan home with him. His laptop begin spreading this little virus throughout our network. Ironically enough the virus is called 'Windows XP AntiVirus 2008.'

Nothing he tried removed the virus from his computer. He spent several days working at it. Finally, I found an article explaining the steps for removal. The steps for removing most nasty viruses and rootkits comes from bleepingcomputer.com. This should only be attempted by someone with some technical know-how:

1. Try running ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

2. If ComboFix keeps rebooting the computer repeatedly, then run SDFix (http://www.bleepingcomputer.com/forums/topic131299.html). To run this one, launch the 'runthis.bat' file that is installed onto your hard drive. This is the one that removed the 'Windows XP AntiVirus 2008.'