Good Ol' Oledump

Nothing quite like getting a Microsoft file to inspect and using a good old faithful tool, but in some cases it take more than a couple commands to get what you want. 

So I happened upon a request recently where I needed to quickly extract all the Macros from an XLSM file. One way would be to open the file in excel and just copy all the scripts out of it one by one using good old copy/paste, but I wanted something a little more elegant and it's been a while since I had to use any of my scripting skills so I went to work. Now keep in mind, I'm not much of a developer so I just wanted something to automate the macro extractions quickly and dirtily.  

Oledump only requires a couple steps to inspect a typical MS excel file:

1. Inspect the file to find the interesting contents:
2. Extract each interesting content to a file that can be inspected further
3. Profit! (or review and edit!)

But if there's 80+ macros in the file, we can use some simple bash scripting techniques to extract the files automatically. 

oledump.py <pathToFile/.xlsm> > oledump-summary.txt

Once you have the summary file, review it to find any contents with Macros (denoted with an M). Results may look similar to this:

• A: xl/vbaProject.bin
•  A1:        97 'FormSelectDate/\x01CompObj'
•  A2:       260 'FormSelectDate/\x03VBFrame'
•  A3:       263 'FormSelectDate/f'
•  A4:       364 'FormSelectDate/o'
•  A5:      1929 'PROJECT'
•  A6:       785 'PROJECTwm'
•  A7: M   30019 'VBA/SomeScript'

Then you can rifle through those items quickly with some simple bash scripting

for x in {2..6}; do python3 oledump.py -s A$x <pathToFile/.xlsm>  > <pathToResults>/oledump-A$x.txt; done  

(include -v for VBA compression - i.e. if there are VB Macros)

Now you should have a folder full of excel macros that you can safely review using your favorite file editor

Here's a list of some of the oledump parameters - it's useful for way more filetypes than just Excel

(run python3 oledump.py --help to get a full list)

•   -s SELECT, --select=SELECT
•                         select item nr for dumping (a for all)
•   -d, --dump            perform dump
•   -x, --hexdump         perform hex dump
•   -a, --asciidump       perform ascii dump
•   -A, --asciidumprle    perform ascii dump with RLE
•   -S, --strings         perform strings dump
•   -T, --headtail        do head & tail
•   -v, --vbadecompress   VBA decompression

I have done other weird stuff in the past with oledump to inspect and decompile outlook messages, but this simple script was still fun.  

Look forward to more technical posts in the future, but for now stay warm and keep learning!

Cheers

Null Modem Cables in a pinch

Ever have that issue where you are trying to connect to a serial device with a USB serial to console cable but the ends don't connect - if you're smart you might have adapters in your serial kit to get around this issue.  But if you're like me and a little less than prepared, you might be out of luck ... that is unless you hoard cables and happen to have a couple old Cisco terminal cables and some ethernet jacks laying around

Introducing the over engineered Null Modem Cisco cable adapter!

The way it works is pretty simple math:

A standard Serial DB9 to RJ45 Null modem connection requires the following pin mapping. 

DB9	RJ45
1	not used
2	3
3	6
4	7
5	4 & 5
6	2
7	8
8	1
9	not used

Each Cisco cable is wired this way but when you connect two of them together the pinouts cancel each other out which technically makes it a standard straight through serial connection, so in order for this hack to work the RJ45 ends needs to re-enable this pinout.  

So I went to work and carefully mapped the RJ45 ethernet jacks as shown, then connected each end of the Cisco cable to the USB to serial adapter connected to my computer and serial port on the target device. I was amazed to discover it worked, I now had local console access and could interact with the device.   

In the meantime I was looking on line and there are several inexpensive serial adapters available for order from the local electronics store that are intended to avoid all this hassle, but it wasn't really an option as I had limited time to complete the necessary work and couldn't leave my desk to go get them.  

This was a super fun project that helped me solve a work problem and let me think outside the box a little. I would recommend trying this hack out only if you're in a similar pinch and happen to have old cisco cables and ethernet jacks kicking around. I ended up purchasing the correct adapters after the fact, and who knows when I'll need them again, but chances are I'll never forget to keep them handy in case I do.

Money

 

Seems like the price of everything is going up and I don't know what to make of it. There's only so much of it we can make and I've never seen it grow on trees before, but wow I sure wish it did!

Start the year off with a positive attitude and make the most of the money you got because it goes faster than it comes.

Cheers

Love

As the Sublime song goes....

Lovin' is what I got
I said, remember that
Lovin' is what I got
And remember that
Lovin' is what I got
I said, remember that
Lovin' is what I got
(I got, I got, I got)

I don't have much to say this month but I think this says it all, we got to be nice to each other, and keep love in our hearts.  The holiday season always helps me stay more positive but listening to music like this masterpiece can bring me back anytime of the year.

Well, life is too short, so love the one you got
'Cause you might get run over, or you might get shot
Never start no static, I just get it off my chest
Never had to battle with no bulletproof vest
Take a small example, take a tip from me
Take all of your money, give it all to charity

Peace out and Happy New Year!

Kringle Con

 

It's the most wonderful time of the year! Truly the best time is here, SANS Holiday Hack Challenge is back and baby and it's cold outside so time to put on another log on the fire and probably inspect a few logs in the game.  Santa and his elves need some help again and this time we are going tropical.  

Come sail away to the islands and learn from the best in this interactive and fun challenge.

https://2023.holidayhackchallenge.com/invite

BTW - Alphabetically this post is out of order but I'm breaking the rules and jumping back into my yearly challenge. But KQL is involved, so maybe I'll add another meme here later

Update - originally I titled this Holiday Hack, but then it came to me ... Change the title to Kringle Con for alphabetical consistency... And add another meme for good measure

Jinx

Wow it's almost December! I jinxed myself this year, planned too much and now the end of the year looks bleak.  My energy levels are low, body aches everywhere, could be arthritis/probably going part crazy. Winter hasn't really set in yet but it is around the corner so maybe that's contributing too. I may just be old and wise enough now to detect weather changes in my hip. Time to regroup though, being jinxed is never easy to recover from, especially when you jinx yourself. But this is the thing about being jinxed in general, some times it's about finding a way to detect it before it happens to not let it continue to happen, because it will.  

When I say jinx I mean I had a goal that was well within reach, but somehow still managed to fall short on. It's been slipping over several weeks and rather than dig in and catch up I chose the easy route and "went easy on myself". Sure I'm fat and happy most of the time, but life would have been so much easier if I did this, this, and this. There's also the side quests I call hobbies. I do believe in investing in hobbies, but have to be careful not to get too invested in several hobbies at once. Well at least that's the hope, but I'm a sucker for an interesting idea and also have the attention span of a mosquito sometimes. Home projects always take longer than expected but like the sucker I am, I always think I can get it done quicker this time. So take vitamins, try to exercise even a little every day, and prepare a bug out bag for when times are tough. That way if the death comes knocking the Grim Reaper will have to try harder to catch me first.

Keep warm and stay motivated people, I hope you get to work on a fun project. Life's got it's ups and downs but there are ways to make things better, sometimes we have to look in unexpected places. 

El Matto

Ideas

 

Ideas, sometimes you have them sometimes you have none. I fell into that category lately, this week was
busy, no time for planning we are shooting from the hip today.  All week I struggled for ideas for this post and it happens to be the letter 'I' week anyway... so it only makes sense this weeks topic is about ideas and how some of the best one form randomly.

Although it was busy, I did have a fantastic week.  I managed to get out in the woods last weekend with some good pals to cut up a big old fallen log.  I had to cobble together some old door parts to make a locking handle for our new house mate.  I also had an inspiring moment after looking at the giant log I brought home and decided it was perfect time to take apart an old electric lawnmower to use the base of it as a log hauling cart. It's been sitting in the garage for years collecting dust and it worked well so I'll probably end up modifying it for some off road hauling in the woods.  Been jamming lots lately too, trying to get myself ready to eventually perform some open mic sessions.  The hardest part is getting up onstage, it's mostly nerves, and even if you know how to play folks like me tend to blank out at first, just have to ease into it. I've been on stages in the past so probably will be more worry than actual problems so I'll keep at it because it's fun.  Still have some bathroom renos to work on but I chip away at things slowly.

Here's what 15 minutes of inspiration got me this week, I want to add larger wheels, some straps and maybe an electric motor assist to get up larger inclines. That's a longer range goal but I do have a motor from this lawnmower still kicking around.... Hope you all find some inspiring ideas too, until next week, keep it tidy!