ASPENSMONSTER Just another WordPress site Fri, 19 Jun 2015 06:03:42 +0000 en-US hourly 1 Experiments in Blocking Ads on the Twitch Roku App Fri, 19 Jun 2015 06:03:42 +0000 Wow. So I haven’t written anything for this in ages it seems. I can’t say I have much content to give, but I recently acquired a Roku. It shows ads. I’m not down with appliances I own doing things I don’t like. So I looked into ad-blocking, and sure enough, Reddit has the answer:

It involves network-level blocking. Not the best approach, but until pervasive rooting efforts are underway for the Roku it’s better than nothing. I utilized the following regex to block the mentioned URLs at Layer 7 on my Mikrotik router device-wide on the FORWARD chain:


This will surely have a performance impact, so I’m looking into restricting the packet body check to just the MAC of the Roku. Will update if I figure that out.

After restarting the Roku, sure enough, the irritating-ass adverts to the right of my home screen were gone. However, I then noticed that I couldn’t watch any streams from the Twitch app. Any attempt to load a stream –any stream, no matter the viewer count or relative obscurity of the title– was met with a black screen and “Retrieving…” text for approximately 30 seconds, followed by a return to the Roku home screen. It was as if the Twitch app had simply crashed.

I was able to isolate traffic on my network and confirm that it was the Roku hitting the firewall rule when attempting to watch the stream. I’ve got work in the morning, but I’m making it a weekend project to figure out if there’s a way to get ad-blocking working in the Twitch Roku app (and perhaps other apps as well), and perhaps on the Chromecast as well.

Flattr this!

]]> 2
FinFisher (Gamma International) Leaked Malware Suite Analysis Sat, 09 Aug 2014 02:08:34 +0000 0: Some notes

This document will be continually updated in the coming days.

UPDATE September 9 2014: Putting this on hold for now. Lots of other demands on my time at the moment.

Several days ago, a hacker operating under the alias PhineasFisher made the following post an the Anarchism subreddit:

This blog post serves as my main/central point from which I hope to analyze the content of these leaks. I have already begun analysis in different spaces:

I’ll likely continue to work in these spaces, but wanted to have a more personal, scratch-pad-like spot to continue to work.

1: Big picture of the leaked content

The hacker has provided his own overview (in a pastebin) of the leaked content.

The torrent file may be downloaded at:

Directory structure (root directory named “finfisher”):

  • Database.sql – A database containing data for the webapp whose root is found at /finfisher/www/GGI
  • qateam – Contains contents of an internal web server –presumably found after initial penetration of the public-facing webserver at— that was serving various mobile malware kits. The directory name seems to imply this was used by their QA team
  • www – Presumably the contents of the public-facing webserver
    • conf – site administration stuff. phpmyadmin, webalyzer
    • ffw – a demo of FinFisher Web / FinSpy Web, demonstrating numerous attack vectors for infecting target machines
    • FinFisher – Appears to be a dropbox of sorts for clients to retrieve their purchased kits; Most content is encrypted (as well as protected by an Apache mod_auth_basic username/password dialog), but there is some truly fascinating material in some of the other directories. The bulk of the size of the torrent can be found in these encrypted “”-type files.
      • Sales – Folder containing several archives of sales tools, tool documentation, company roadmaps, and even a pricelist
        • 05_New_Design.rar – Contains boilerplate business forms, like offer templates for prospective clients, license renewals for current clients, and a (relatively recent) pricelist, dated December 16 2013, that also coincidentally leaks some business-related logic (markups, preferred clients, etc)
        • – Contains lots of information about the company and its offerings, as well as roadmaps that indicate they were actively working on developing Mac and Linux intrusion capabilities in addition to the traditional Windows targets.
      • Engineers7117 – Folder filled with subdirectories and encrypted files. The directory names, as well as the filenames, seem to indicate that much of the (up-to-date) technical documentation of FinFisher/Gamma International’s catalog could be found within these files, were they decrypted.
    • GGI – Appears to be the root directory of the webapp powering the finsupport subdomain. Mostly just php stuff, but a directory named Attachments has unencrypted stuff that Gamma Group’s clients sent to them, presumably through the finsupport website’s support webform.
      • Support – Holds code for the support form
        • Attachments – Holds LOTS of different attachments, possibly named once again with the short keyids of the senders –though an initial search found no matches in public-key servers– that are unencrypted and include images (typically of FinSpy Master C&C servers that are failing to boot due to segfaults), and zip/rar archives that contain server logs for their “FinSpy Master” Command and Control (C&C) server (which, apparently, runs on a Debian GNU/Linux base). LOTS of interesting stuff in these logs, along with some basic insight into how this C&C server works (these logs, combined with diagrams from some of their sales material, can provide an excellent architectural overview of their product catalog).

Not every file is listed. I tried to only include what looked like the more useful bits for analysis.

2: A first look at corporate structure and product offerings

At this point, I will be referencing files found within the torrent by their names, as well as a sha256 hash of the file.

Filename sha256sum -> Gamma Corporate Presentation 2012-02-08_draft.pptx 2993ecb60c48a16e1d07fa207c0bdf5d3f8c1f16ec33253cef01b5285ea25dc1

Slide 2 from the aforementioned file. Diagrams corporate structure.

All of these companies fall under the parent company Gamma Group. See Project PM for more information on the Gamma Group. This leak concerns Gamma International, and focuses on (child company?) Finfisher IT Intrusion’s portfolio of technologies. That portfolio is further introduced in slide 7 of the same file:


High-level overview of the various components of the portfolio.

Further detail on this architecture –specifically, how the components communicate with each other– can be found in several brochures, along with a slide from the following file:

Filename sha256sum -> FinFisher-Presentation-2012-02-08_final.pptx 11ef3578be97cfa29d5d44036a6a307cc2d9fac0139124eaf1af5610e2920d96

Details communications pathways for the FinSpy product family.

Of particular importance is the use of relays throughout the internet to shield targets from the FinSpy Master command and control server. This product suite is architecturally identical to that of typical botnets found in the wild. Where the FinSpy product suite excels is in its coverage of the entire communications chain. Whereas typical botnet operators have only web-based attacks –visit a malicious url, download an infected file– FinFisher IT Intrusion and Gamma International have developed an entire suite of offerings that can be deployed at attack vectors all along the chain for the purposes of compromising the target with malware. The various pieces of software are described in turn in the same powerpoint slideshow file, and are detailed in the next section.

3: Investigating product capabilities

First, an overview of the available products that can be used to compromise target systems:

Product Name Description
FinSpy Mobile Offers ability to compromise target’s mobile phone: BlackBerry, iOS, Android.
FinSpy Refers to the suite of FinFly offerings enumerated below.
FinFly USB Requires direct access to machine. Can extract and infect.
FinFly FireWire Requires direct access to machine. Can extract and infect.
FinFly LAN Requires direct access to the target LAN. Can perform various MITM activities.
FinFly NET Requires that target visit a network that is in the control of the attacker. Can perform various MITM activies.
FinFly ISP Attacks the target’s ISP. Can MITM either before hitting the ISPs core network, or afterward.
FinFly Web Attempts to deploy malware to targets through various web-based attack vectors (See github repo for the code found in the leaks).
FinFly Exploit Portal Basically an online repository of 0-days and 1-days that paying customers can integrate into their attacks on targets and deploy to said targets using various other FinFly offerings.

Gamma International provides a handy suite of brochures that detail these capabilities, previously leaked by Wikileaks as well as more recently by the hacker. The hacker also gained access to some of the software behind the FinSpy Mobile and FinFly Web offerings, as well as customer-provided support documents (images, log files). Utilizing these sources, a more thorough understanding of these products can be obtained than is revealed by the brochures alone. As well, some of the attack vectors have since been uncovered and disclosed publicly –in particular, the FinFly Firewire attack has been revealed since 2012 and largely mitigated.

FinFly Web


Flattr this!

]]> 5
Leaving Hacker News Fri, 23 May 2014 04:47:24 +0000 I meant to get this up earlier, but between finals and graduation and hustling for employment, things fell through the cracks. Some basic background info:

  • Hacker News’ moderation has always been a black box.
  • Hacker News was experimenting with “pending” comments that had to be approved by elder members.
    • If you “abused” your privilege as an elder member by always granting pending comments, you would lose your privilege.
  • Hacker News has been experimenting with a new type of “amplified downvote.”
    • Under this amplifed downvote, the effects of a downvote persist across all of your posts for an as yet undetermined amount of time.
  • Hacker News’ comment ranking system used to implement a sort-of percolating algorithm, where almost all comments were at least guaranteed some exposure at the top of the thread before percolating downwards (or staying where they were if they were upvoted). In my limited observations this behaviour is now gone, and the ranking is based solely on average comment score.
  • The downvote decrementing counter appears to “stop” at -4, but can continue downward indefinitely, tanking an otherwise decent average comment score.
  • Hacker News is under newer, more active moderation –even more active than before (though still not transparent).
  • Hacker News utilizes slow-banning and hell-banning, neither of which the user would be aware of.
  • Hacker News mods often edit titles and penalize stories (causing them to drop off the front page) with no background as to why.
  • Hacker News mods can set user posts to be “autodead” if they contain certain keywords.

Suffice it to say, I’ve grown increasingly tired of all of the shenanigans. It reached a tipping point with the following thread that basically established the way things would be from then on out:

An Update On HN Comments

And my particular comment on that thread:

My Comment

Unless you’re logged in and set “showdead” to “on,” you probably won’t be able to see my comment in the thread. It was autodeaded, presumably because of my use of the term “circlejerk,” which HN is quite sensitive to.

In any case, the comment is reproduced below, and serves as my parting from the HN community. I’ve since joined

The majority of HN users are thoughtful and nice. It’s clear from the data that they reliably downvote jerks and trolls (and specifically, they don’t silence minority groups—we’ve looked into this). What dang and kogir found was a way to turn the volume up on this kind of downvote.

I suppose that explains why the effects of downvotes on my past comments are persisting for weeks, regardless of the content of comments that come after. Heck, it explains everything about my experience on HN for the past three weeks or so. Story time!

I was recently met with a torrent of downvotes –nearly 100, might have actually crossed that– for poking fun at HN’s incessant we’re-not-reddit-we’re-much-more-sophisticated circlejerking (the irony is not lost). I’m specifically referring to this submission:

It was an announcement that Valve was open-sourcing its fork of Mesa. Someone made a HL3 confirmed chain: Mesa -> Black Mesa -> Half-Life -> Half-Life 3 CONFIRMED etc etc. That it was a story about Valve only helped, and so I cheerfully advised this commenter not to distract Gaben from Left 4 Dead 3. I was downvoted and I proceeded to taunt the hivemind. Indeed I felt quite gleeful that I managed to hit the floor of “-4″ for each of the comments whilst my total karma counter continued to decrement. There were even others that saw fit to traverse my past comments and downvote those too. I’m sure those comments deserved it; they must have been off-topic or non-substantive or out-of-scope.

Of course, the Rules of HN are such that you can’t complain about downvoting. You cannot incite people to downvote you either. So yes, “shame on me” for not engaging in the proper circlejerking motions. Shame on me for continually pointing out this community’s obsession over being the “glorious master race” of online discussion whilst poo-pooing the cesspools of “filthy casuals” like Reddit or, god forbid, Slashdot. “Shame on me” for partaking in the memes of any culture other than HN’s. I should know better. Those are “low/no-content” things. They are “not substantive.” Or my personal favorite: they are “outside the scope of HN.” There’s always some excuse that the hivemind will come to a consensus on.

The net effect is thus:

  • I now get to wait several seconds for a page load, as if I were shadow banned. Who knows. Maybe I am 😀 Viewing the website without a logged-in session produces immediate page loads.
  • Any comment I submit, regardless of length, is lucky to make it more than a third of the way up from the bottom of the page to *start*. It seems my comments don’t get to percolate from the top down any more.
  • My comments that do get upvotes never seem to rise past this point on the page.

I’m sure someone will insist that I message the mods. I refuse. I’m not going to beg the censor to restore my speech privileges whilst he pulls a Putin and insists he’s doing nothing of the sort. The mere suggestion is indicative of just how big a problem moderation of this sort really is. The algorithms and moderation behind HN are a black box and any suggestion to make it transparent is met with the resistance of an open circuit.

I find it hard to believe that the Gods of HN are merely “silencing” the “jerks and trolls” whilst leaving the pure and unadulterated essence of HN to flourish. Perhaps this is all just a consequence of a single, massive downvote spike that torched my 5.0+ rating down to 1.14 (do I see 0.* yet?). I don’t believe that. Between “pending” comments and the “downvote threshold” and the “flagging threshold” and the “we’ll revoke your privileges if we please” attitude, I’d say things are exactly the way they want them to be.

At this point, I really don’t think I’m interested in continuing to be a part of HN. I don’t want to continue to be a data point in some Big Data Miner’s grand experiment to see just how organically he can manufacture consent. And I’m sure the hivemind will have no problem with that state of affairs. I’m just a perfect example of the system working as intended. It’s not a bug. It’s a feature. I’m the problem they’re trying to solve. Etc etc etc…

HN isn’t trying to stave off an Eternal September. It’s doing everything it can to never reach October.

Flattr this!

]]> 2 is down (Friday August 23 2013 0330 CST 0930 GMT) Fri, 23 Aug 2013 08:32:09 +0000 >HEADERHEADER]]> Well that’s interesting:

$ dig

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16857 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN A ;; Query time: 32 msec ;; SERVER: ;; WHEN: Fri Aug 23 03:24:33 2013 ;; MSG SIZE rcvd: 25 $ dig ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.5 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7136 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN A ;; Query time: 0 msec ;; SERVER: ;; WHEN: Fri Aug 23 03:21:57 2013 ;; MSG SIZE rcvd: 25 Looks like the Akamai Edge network is resurrecting it. It's resolving to an IP at least. No webpage though. $ dig ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12653 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 300 IN CNAME 21600 IN CNAME 20 IN A ;; Query time: 202 msec ;; SERVER: ;; WHEN: Fri Aug 23 04:04:51 2013 ;; MSG SIZE rcvd: 119 Got webpage now. And resolves, but no web there. Edge network still serving. $ dig @ ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37987 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 300 IN A 300 IN A ;; Query time: 100 msec ;; SERVER: ;; WHEN: Fri Aug 23 04:21:04 2013 ;; MSG SIZE rcvd: 57 $ nmap -PN -p 80 Starting Nmap 6.25 ( ) at 2013-08-23 04:24 CDT Nmap scan report for Host is up. PORT STATE SERVICE 80/tcp filtered http $ dig @ ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18087 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN A ;; ANSWER SECTION: 300 IN CNAME 21600 IN CNAME 20 IN A ;; Query time: 118 msec ;; SERVER: ;; WHEN: Fri Aug 23 04:20:59 2013 ;; MSG SIZE rcvd: 119 $ nmap -PN -p 80 Starting Nmap 6.25 ( ) at 2013-08-23 04:26 CDT Nmap scan report for ( Host is up (0.037s latency). PORT STATE SERVICE 80/tcp open http

Flattr this!

]]> 0
Updated Procedures for Installing Steam for Linux Beta on Debian GNU/Linux (Testing/Wheezy) Sun, 20 Jan 2013 04:24:06 +0000 The steam beta’s packaging scheme appears to have been shifting quite a bit since my guide to installing the deb package. I first ran into these troubles with a fresh install of on a separate machine that functioned with the previous guide, but had annoying update prompts complaining about missing packages. Curious, I checked my install and tried upgrading. The release gave me the impression that it updated –and I could still play Team Fortress 2– but comparing the file structure between and showed a few differences and some additional python scripts among other things.

Consequently, I decided to document how to perform a clean install from a based installation to the current latest release of by completely uninstalling the old version. What follows borrows heavily from my previous guide where appropriate, but documents some of the changes that have occurred since then. I summarize any relevant changes to each section from the previous guide with bold blue text.

0: Prerequisites

This section has not changed from the previous guide. Multiarch is still needed as well as 32-bit GL libraries.

Multiarch Support

Debian guide to multiarch here:

Multiarch is a necessity to install steam on a 64 bit system. This is my own drunk history of sorts on the matter as understood from someone on the sidelines.

Over the years, the multiarch implementation has grown and evolved. For the longest time, a 64 bit user’s only hope of running 32 bit binaries was that all of necessary compiled 32 bit libraries happened to reside in the ia32-libs meta package, a collection that grew ever more monstrous. If you wanted to compile 32 bit software yourself your options were to do a fully isolated chroot or wrestle with one of many paths like /lib, /lib64, /lib32, and a host of other annoying issues from a lack of standardization across static and dynamic linkers. As of Wheezy, this monster was deprecated. A decision was made –I believe– to settle on “/lib/i386-linux-gnu/” for a unified path for all i386 libraries and headers when i386 is the “foreign” architecture to the host. But that’s not the best part.

As well, one can have libraries and headers for multiple architectures (though the guide referenced above is careful to point out that you are really targeting the ABI of various architectures, not the actual instruction set). The idea is that you could have the 64-bit-based amd64 library for libcurl3-gnutls AND the 32-bit-based i386 library for libcurl3-gnutls installed at the same time. This way, your 32 bit binaries can access the 32 bit libraries, and your 64-bit binaries the 64-bit libraries. Support is not yet implmented for having multiple architectures for the same binary however. That is, you couldn’t install both steam 32 bit AND steam 64 bit. You need to pick on or the other, as the standard path for binaries is –iirc– /usr/bin, with no indication or allowance made to have /usr/bin/steam (32 bit) be recognizable from /usr/bin/steam (64 bit).

If you haven’t already, you’ll need to make the plunge.

First, verify that you are indeed running on a 64 bit architecture:

$ dpkg --print-architecture

Here, amd64 is the default architecture. If you’re on a 32 bit architecture already, then you’ve got nothing to worry about regarding multiarch! Next, see if you’ve already got multiarch enabled for i386 (32 bit) assuming it’s not your primary architecture:

$ dpkg --print-foreign-architectures

Assuming you don’t, add it and update.

# dpkg --add-architecture i386
# apt-get update

I believe this automatically updates sources.list. But double check. If it doesn’t, then you need to modify your sources.list as well. Not much has changed. Just syntax differences to show the different architectures you want to install from.

deb [arch=amd64,i386] testing main contrib non-free
deb-src testing main contrib non-free

deb [arch=amd64,i386] testing/updates main contrib non-free
deb-src testing/updates main contrib non-free

At this point, you can install –or a package could theoretically grab– a 32-bit dependency. It is done with this syntax:

apt-get install package:architecture

An example would be

apt-get install libcurl3-gnutls:i386

32-bit OpenGL libraries

I am not familiar with Debian’s package management for the proprietary drivers for Nvidia or ATI. I choose to reinstall based off of nvidia’s *.run script every time I need to upgrade. A slight hassle, sure, but it’s NEVER given me problems after an upgrade. I can’t say the same for package management of Nvidia’s drivers.

Regardless, the important part of your installation is that, when prompted whether you wish to install the OpenGL 32 bit compatibility libraries, say YES. Otherwise, I don’t think you’ll be able to run the Steam client. You’ll probably get some error regarding relating to the OpenGL libraries.

0.5: Completely Uninstalling a Previous Installation of Steam

This is a NEW section. If you have never previously had a successful installation of the steam package, then you can (probably) ignore this section. If you’re upgrading… as stated in the intro, I distrusted whether I had a clean upgrade from to and as such performed a completely clean install for writing this guide. If you don’t want to do a clean install, you’re on your own. But don’t worry, I did back up the textures so you shouldn’t have to wait forever to redownload them.

First things first is to remove and purge the package:

# apt-get --purge remove steam

However, this typically does not remove all of the relevant files. My initial attempts at reinstalling a newer steam package after purging the old left me with doubts as to whether I genuinely had the latest steam files; a clean install of on a laptop of mine had several different files then the supposed “upgrade” I performed on my desktop. Consequently, I went through the process of manually purging old files.

Back up game textures

Game textures take up most of the space from an installation of steam. As you install games, gigabytes of textures get downloaded as well. I didn’t want to have to do that again, and so backed up my SteamApps directory so that I could replace the textures without waiting all day for them to download again:

$ cd ~/
$ mkdir steamapps-backup
$ cd ~/.local/share/Steam
$ mv SteamApps/ ~/steamapps-backup/

Purge all installed files

At this point I needed to find the various places that steam had installed files. Indeed, the whole point of a package manager is that we shouldn’t have to do this, but it IS still a beta release. I did the following to find stuff relevant to steam in my home directory:

$ cd ~/
$ ls -la | grep -i steam
drwxr-xr-x   2 preston preston         4096 Jan 18 15:41 .steam
-rw-r--r--   1 preston preston         2854 Oct 12  2010 steam2
drwxr-xr-x   3 preston preston         4096 Jan 19 20:01 steamapps-bup
drwxr-xr-x   5 preston preston         4096 Jan 18 15:37 steam-beta
-rw-r--r--   1 preston preston      1484458 Nov 28 17:50 steam.deb
lrwxrwxrwx   1 preston preston           32 Jan 18 15:39 .steampath -> /home/preston/.steam/bin32/steam
lrwxrwxrwx   1 preston preston           30 Jan 18 15:39 .steampid -> /home/preston/.steam/

Not everything up there is from steam. Some of it was just me derping around. However, remove the following like so:

$ cd ~/.steam
$ rm -rf *
$ cd ~/
$ rm -r .steam
$ rm .steampath
$ rm .steampid

As well, we need to remove all of the user files steam installed. As of, steam was following the XDG base directory specification. By default, the files should have ended up at ~/.local/share/Steam . If you had a different default base directory (doubtful, but possible), then go to it. We need to delete the Steam/ folder inside there.

$ cd ~/.local/share/
$ rm -rf Steam/

OK. We have now completely uninstalled steam (so far as I can tell).

1: First exposure to steam_latest.deb

This section has some minimal changes. Namely, I don’t have any real details on how this latest package operates “under the hood.”

First run:

So… let’s attempt to install the steam_latest.deb package you get from:

# dpkg -i steam.deb 
Selecting previously unselected package steam.
(Reading database ... 515397 files and directories currently installed.)
Unpacking steam (from steam_latest.deb) ...
dpkg: dependency problems prevent configuration of steam:
 steam depends on multiarch-support (>= 2.15-0ubuntu10.2); however:
  Version of multiarch-support on system is 2.13-37.
 steam depends on libc6 (>= 2.15); however:
  Version of libc6:i386 on system is 2.13-37.
 steam depends on libpulse0 (>= 1:0.99.1); however:
  Version of libpulse0:i386 on system is 2.0-6.

dpkg: error processing steam (--install):
 dependency problems - leaving unconfigured
Processing triggers for man-db ...
Processing triggers for hicolor-icon-theme ...
Processing triggers for gnome-menus ...
Processing triggers for desktop-file-utils ...
Errors were encountered while processing:

Now you have a broken package. Remove the broken steam package like so:

# apt-get -f install

This should prompt you to uninstall the steam package. Say yes assuming that’s all it’s asking. If it’s asking you all sorts of other stuff… well, it’s your system and presumably there’s other packaging issues that can’t be addressed here.

At this point, everyone might be getting all kinds of different errors. Given how long steam has been out in the open, I don’t have any practical way of checking for all the ways the packager might break or look different in a different use case.

A basic explanation of what steam.deb does

I haven’t had time to take a look at what the latest version does. Might check it out later.

2: Types of “Bugs” in Debian Packages

This section has not changed appreciably from the previous guide (minor wording and incorporation of comments from previous post). It serves as a guidepost for the types of bugs one might run into in their quest to satisfy all dependencies.

There are three basic problems you’ll run into when attempting to install this package like so:

# dpkg -i steam.deb

(Potential) False Positive

I was curious as to some of the dependencies that this steam.deb claimed were unsatisfied. Debian is upstream to Ubuntu, so I was surprised to find any “outdated” dependencies. Turns out, there are some false positives in Valve’s package, as the package is geared toward Ubuntu specifically. Not surprising, but that’s what the community is here for! They can look like this:

 steam depends on libpulse0 (>= 1:0.99.1); however:
  Version of libpulse0:i386 on system is 2.0-6.

Commenter Stefan explained in the previous guide that the reason the package manager is marking this as a failed dependency is due to Ubuntu’s repositories increasing the epoch on the package from 0 to 1 (ubuntu has “1:0.99.1″ where debian is “0:2.0-6″). So strictly speaking, this can be considered a “true” positive. The package manager is correctly noticing the difference in epochs. Regardless, I haven’t had any issues with the beta that I can trace back to Debian’s epoch 0 version of libpulse0.

(Potential) Package not automatically installed for whatever reason

The whole idea behind a package manager is that it tackles all dependencies that it can, before quitting and spitting out an error. All other packages should be installed automatically on your first attempt to install steam.deb. If any other packages are mentioned as uninstalled, install them yourself. For example, my first run had the following:

 steam depends on libtheora0 (>= 1.0~beta1); however:
  Package libtheora0:i386 is not installed.

Package not available
libjpeg-turbo8 is no longer listed as a dependency in the package, but the steam binary still seems to think it’s necessary. Be sure to install “libjpeg8″ package.

The last problem is a package that dpkg simply doesn’t recognize at all. I.e., it can’t find a source either locally or in any repo given in /etc/apt/sources.list (or in /etc/apt/sources.list.d/*.list). It looks like this:

 steam depends on libjpeg-turbo8; however:

Just a single line. Nothing else to it.

3: Finding all the Bugs

Seeing as I’m updating this guide from the previous one, I don’t actually encounter most of these errors anymore. They’re left here more for posterity’s sake and that of other web surfers :) See the bolded section “Upgrade from Previous Install” for the errors I first encountered after purging my old installation.

At this point, you attempted to install steam.deb, and made note of the various forms of errors you found. I’m assuming you also removed the broken package by performing “apt-get -f install” as root. This is the list of errors I ran into, though it could be different for you. (That was the point of showing you what the errors looked like).

My (potential) false positives were as follows:

  • multiarch-support
  • libpulse0:i386
  • libc6:i386

My (potential) uninstalled packages that I needed to install manually:

  • libtheora0

The packages that weren’t unavailable were:

  • libjpeg-turbo8

Upgrade from previous install

The only additional package that I can recall needing to install was “libudev0:i386″.

4: Squashing all the Bugs

This section has not changed from the old guide appreciably. Minor wording changes.

Google may be your friend here, along with practice and experience.

(Potential) False positives:

  • multiarch-support : I thought that Debian was the driving force behind multiarch and it was surprising to me that even debian unstable (sid) would not have 2.15. I chose to cross my fingers and hope this wasn’t a critical package.
  • libpulse0:i386 : Performing a “apt-cache policy libpulse0:i386″ confirms this to be a “false” positive (in a sense. Ubuntu just uses a different epoch than Debian).
  • libc6:i386 : Performing a “apt-cache policy libc6:i386″ confirms this to be a true positive. This will need upgrading, which sucks, because “libc6″ (better known as eglibc) is a crucial component that you’ll have a hard time upgrading your system with. Never fear though. There are tricks. See section five for how we do this.

A quick explanation of “apt-cache policy”: I decided to cross-reference each dependency with what I had on my system, and what was available upstream in the repos. This is what I did for each package:

$ apt-cache policy libpulse0:i386
  Installed: 2.0-6
  Candidate: 2.0-6
  Version table:
 *** 2.0-6 0
        500 testing/main i386 Packages
        100 /var/lib/dpkg/status

As you can see, I DO have libpulse0:i386 installed, and at a greater version than requested. This is a false positive. (Well, technically not, but Debian and Ubuntu are on different epochs for this package for some reason).

However, look at libc6:

$ apt-cache policy libc6:i386
  Installed: 2.13-37
  Candidate: 2.13-37
  Version table:
 *** 2.13-37 0
        500 testing/main i386 Packages
        100 /var/lib/dpkg/status

Eek. Looks like that might actually need to be upgraded or otherwise attained.

(Potential) Uninstalled packages:

  • libtheora0 : “apt-get install libtheora0:i386″ is all you should need to do to clear up something like this.

As well, sometimes, performing:

# apt-get -f install

will install additional packages in the process of attempting to fix a broken package. If apt doesn’t attempt to install the missing dependencies itself, then be sure to manually install them a la “apt-get install somepackage”

Unavailable packages:
libjpeg-turbo8 is no longer listed as a dependency in the package, but the steam binary still seems to think it’s necessary. Be sure to install “libjpeg8″ package.

  • libjpeg-turbo8 : Apparently a potential licensing issue is keeping this out of debian repos at the moment. “libjpeg8″ is the equivalent (and from what I read, they are binary compatible; don’t take my word for it though). “apt-get install libjpeg8″ takes care of this.

5: Grabbing eglibc 2.15 and Some Other Dependencies not Listed

This section has not changed from the old guide appreciably. Minor wording changes. We’re still grabbing precompiled binaries for eglibc and setting up our .bashrc such that LD_LIBRARY_PATH looks in the directory we place these binaries.

eglibc 2.15

As stated before, upgrading your version of eglibc is not typically a pleasant experience. It can break lots of other packages and even totally bork your system. So, rather than attempt to upgrade ourselves –either by compiling from source or by installing someone else’s debian package along with all its dependencies– we will do something inbetween: grab the compiled libraries (*.so files, basically) from someone else’s eglibc 2.15 package. We will have to tell steam where to look for them, but this prevents us from borking our system or otherwise breaking things.

I decided at this point to keep all custom stuff for steam in a single folder. Specifically:

$ mkdir ~/steam-beta
$ mv steam.deb ~/steam-beta
$ cd ~/steam-beta
$ mkdir lib

We will throw all our custom eglibc 2.15 i386 compiled libraries in there. But steam still needs to able to find them. So, add the following environment variable to your .bashrc:


You’ll also want to append this to LD_LIBRARY_PATH:


Your LD_LIBRARY_PATH will probably be different. DO NOT change it to look like mine. Just add “:${STEAMLIBS}” to the end. Make sure you export them at the end of your .bashrc:


You’ll need to reload your terminal (close and reopen) before this takes effect.

We now have a spot to put our eglibc 2.15 i386 compiled libraries where steam will know where to look. So let’s get them and put them there:

$ wget
$ dpkg -x libc6_2.15-0ubuntu10.2_i386.deb /tmp/libc/
$ mv /tmp/libc/lib/i386-linux-gnu/* ${STEAMLIBS}

Congratulations. The hard part is done!

jockey-common and python-xkit

I don’t know how these play into steam. I think they are intended to help with desktop integration. Regardless, others have recommended they be installed, so that’s what I’m doing.

$ cd ~/steam-beta/
$ wget
$ wget
# dpkg -i jockey-common_0.9.7-0ubuntu7_all.deb python-xkit_0.4.2.3build1_all.deb

6: Rebuilding the steam.deb Package

libjpeg-turbo8 is no longer listed as a dependency in the package, but the steam binary still seems to think it’s necessary. Be sure to install “libjpeg8″ package.

Recall from section 4 the problem packages. We’ve taken care of eglibc. But we have these to contend with:

  • multiarch-support
  • libpulse0:i386

Recall that we’re regarding multiarch-support and libpulse0:i386 as false positives, and libjpeg-turbo8 has a different name, “libjpeg8″. We’ve installed libjpeg8 and of course eglibc. This won’t stop the package as-is from complaining though! We need to remove these as dependencies so that the package installation goes through and you can log in.

We do that like so. This is essentially unpacking the steam.deb package and tweaking it. Specifically, we will edit the “control” file to get rid of the false positives (multiarch-support, libpulse0) and the package we are manually having steam link to (libc6).

$ cd ~/steam-beta
$ mkdir deb-package
$ cd deb-package
$ ar -x ../steam_latest.deb
$ rm debian-binary
$ tar -xvzf data.tar.gz
$ rm data.tar.gz
$ mkdir DEBIAN
$ tar -xvzf ../control.tar.gz
$ rm ../control.tar.gz
$ vim control

This is my before:

Package: steam
Architecture: i386
Maintainer: Valve Corporation <>
Installed-Size: 323836
Depends: libcurl3-gnutls (>= 7.16.2-1), libgl1-mesa-dri, libgl1-mesa-glx, libogg0 (>= 1.0rc3), libpixman-1-0 (>= 0.24.4-1), libsdl1.2debian (>= 1.2.10-1), libtheora0 (>= 1.0~beta1), libudev0 (>= 175-0ubuntu9.2), libvorbis0a (>= 1.1.2), libvorbisenc2 (>= 1.1.2), libvorbisfile3 (>= 1.1.2), multiarch-support (>= 2.15-0ubuntu10.2), zenity, xterm | gnome-terminal, libasound2 (>= 1.0.23), libc6 (>= 2.15), libcairo2 (>= 1.6.0), libcups2 (>= 1.4.0), libdbus-1-3 (>= 1.2.14), libfontconfig1 (>= 2.8.0), libfreetype6 (>= 2.3.9), libgcc1 (>= 1:4.1.1), libgcrypt11 (>= 1.4.5), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.14.0), libgtk2.0-0 (>= 2.24.0), libnspr4 (>=, libnss3 (>= 3.12.3), libopenal1 (>= 1:1.13), libpango1.0-0 (>= 1.22.0), libpng12-0 (>= 1.2.13-4), libpulse0 (>= 1:0.99.1), libstdc++6 (>= 4.6), libx11-6 (>= 2:, libxext6, libxfixes3, libxi6 (>= 2:, libxinerama1, libxrandr2 (>= 2:, libxrender1, zlib1g (>= 1:

And this is my after, where I removed “multiarch-support”, “libc6″, and “libpulse0″.

Package: steam
Architecture: i386
Maintainer: Valve Corporation <>
Installed-Size: 323836
Depends: libcurl3-gnutls (>= 7.16.2-1), libgl1-mesa-dri, libgl1-mesa-glx, libogg0 (>= 1.0rc3), libpixman-1-0 (>= 0.24.4-1), libsdl1.2debian (>= 1.2.10-1), libtheora0 (>= 1.0~beta1), libudev0 (>= 175-0ubuntu9.2), libvorbis0a (>= 1.1.2), libvorbisenc2 (>= 1.1.2), libvorbisfile3 (>= 1.1.2), zenity, xterm | gnome-terminal, libasound2 (>= 1.0.23), libcairo2 (>= 1.6.0), libcups2 (>= 1.4.0), libdbus-1-3 (>= 1.2.14), libfontconfig1 (>= 2.8.0), libfreetype6 (>= 2.3.9), libgcc1 (>= 1:4.1.1), libgcrypt11 (>= 1.4.5), libgdk-pixbuf2.0-0 (>= 2.22.0), libglib2.0-0 (>= 2.14.0), libgtk2.0-0 (>= 2.24.0), libnspr4 (>=, libnss3 (>= 3.12.3), libopenal1 (>= 1:1.13), libpango1.0-0 (>= 1.22.0), libpng12-0 (>= 1.2.13-4), libstdc++6 (>= 4.6), libx11-6 (>= 2:, libxext6, libxfixes3, libxi6 (>= 2:, libxinerama1, libxrandr2 (>= 2:, libxrender1, zlib1g (>= 1:

I HIGHLY recommend changing the version to something customized, so you know this a tweaked package, and not vanilla steam.deb from Valve.

Now recompile that package!

$ cd ~/steam-beta
$ fakeroot dpkg-deb -b deb-package steam_1.0.0.22-custom_i386.deb

And try to install it:

# dpkg -i steam_1.0.0.22-custom_i386.deb
Selecting previously unselected package steam.
(Reading database ... 515398 files and directories currently installed.)
Unpacking steam (from steam_1.0.0.22-custom_i386.deb) ...
Setting up steam ( ...
Processing triggers for gnome-menus ...
Processing triggers for desktop-file-utils ...
Processing triggers for man-db ...
Processing triggers for hicolor-icon-theme ...

SHINY! It installed! But sadly, that’s not all we have to do these days.

7: Getting Steam to Start

NEW section.

Start steam so it does its bootstrapping thing:

$ steam

You should see something like this:


However, once that finishes, the terminal you started steam in will look like this:

$ steam
ILocalize::AddFile() failed to load file "public/steambootstrapper_english.txt".
Installing breakpad exception handler for appid(steam)/version(0_client)
Installing breakpad exception handler for appid(steam)/version(1.0_client)
Installing breakpad exception handler for appid(steam)/version(1.0_client)
Installing breakpad exception handler for appid(steam)/version(1.0_client)
Package multiarch-support is installed with version '2.13-37' but doesn't match requirements: multiarch-support (>= 2.15-0ubuntu10.2)
Package libjpeg-turbo8:i386 needs to be installed

and shortly after another terminal will probably pop up that wants your sudo password:

Steam needs to install these additional packages: 
	multiarch-support, libjpeg-turbo8:i386
[sudo] password for preston: 

That’s interesting. Valve has removed libjpeg-turbo8:i386 from the list of dependencies, but its steam binary still says they’re necessary.

Dismiss each pop-up. You should then be able to log-in. I then checked my list of applications:


Now, let’s close steam and move our textures back over so we aren’t stuck redownloading them all night.

8: Move our textures back

NEW section.

Remember when you backed up your SteamApps/ directory to ~/steamapps-backup/ ? Good. Let’s move it back into place. We’ll delete the new SteamApps folder in the process (don’t worry, it’s empty on a fresh install, at least for me).

$ cd ~/.local/share/Steam
$ rm -rf SteamApps/
$ mv ~/steamapps-backup/SteamApps/ .
$ cd SteamApps
$ ls
aggroskater                        Source Models.gcf
Multiplayer OB Linux Binaries.gcf  sourcemods
Source 2007 Shared Materials.gcf   Source Sounds.gcf
Source 2007 Shared Models.gcf      Team Fortress 2 Client Content.gcf
Source 2007 Shared Sounds.gcf      Team Fortress 2 Content.gcf
SourceInit.gcf                     Team Fortress 2 Linux.gcf
Source Materials.gcf               Team Fortress 2 Materials.gcf

Shiny. Our textures are back. But does steam recognize this when we try to reinstall TF2? Start up steam again:

$ steam

Dismiss the sudo prompts. Check your steam library:


Yep. Steam shows it as installed. Nice. I right-clicked Team Fortress 2, told it to resume updating, and it took a few minutes downloading some more files before it showed the game as installed again. I was then able to play, as evidenced by this screenshot of me getting stomped by a heavy:


I believe the tearing is from the screenshot utility, as I don’t experience tearing during regular play.

9: Convincing Steam That It Really Isn’t The Package Manager

NEW section.

The new prompts are an annoying addition. They’re not entirely unexpected though, coming from a company that has been developing games for well over a decade for a platform that has never had a genuine package manager (Windows). I ran an strace of steam as I started it up and it looks like steam uses a binary called “steamdeps” for dependency checking:

$ steamdeps
Usage: /usr/bin/steamdeps dependencies.txt

I’m guessing this has something to do with the python script in the Steam directory:

$ cd ~/.local/share/Steam
$ ls | grep dep

Indeed, steamdeps.txt has the following contents:

# This is a package dependency manifest used by steamdep

# This should be set to the version of the Steam runtime that this program
# is built with.
# Available values are:
#	1	- Ubuntu 12.04 LTS
# This should be set to the version of the dependency file format
# The file can contain lines starting with #, blank lines and dependencies
# A dependency line consists of a package name for the current runtime,
# along with optional architecture or version requirements using the 
# Debian package syntax:

# These are non-arch specific dependencies
xterm | gnome-terminal
multiarch-support (>= 2.15-0ubuntu10.2)

# These are i386 dependencies for Steam itself

# These are dependencies that are commonly required for games

As you can see, this listing still has libjpeg-turbo8:i386 as a dependency.

The python script has this notice:

	This script handles installing system dependencies for games using the
	Steam runtime.  It is intended to be customized by other distributions
	to "do the right thing"

	Usage: steamdeps dependencies.txt

I’d say that “the right thing” is to actually work with the package manager and not second-guess it… but I’m not a maintainer nor a developer. So perhaps I’m just being an asshat 😀

Looking through the python script, I could see a number of ways to at least get it to stop throwing up the prompts, but that’s not really a solution. If you want to mess around with it, then I’d suggest removing the steam package (“apt-get remove steam”), tweaking the script as needed (It’s in the steam_latest.deb package at usr/bin) and then reinstalling the package. I’m pressed for time though, and I’m sure there are plenty of people way more proficient with python and proper package management than I. As for me, I’ll live with dismissing the pop-up whenever I start steam for now.

10: Sidenotes

This section hasn’t changed much. Just notes on usability and performance.

The gameplay is AWESOME so far. Very clean, smooth. It even handled my dual monitor setup flawlessly, putting the game in the correct monitor at the correct resolution. Framerate was excellent! Average of 150 FPS without Vsync on. With Vsync, it’s a solid 60 FPS damn near all the time. Starting the game up took 2-3 minutes (thought something was wrong at first), but once it gets started, it’s all gravy <img src=" class="wp-smiley" style="height: 1em; max-height: 1em;" /> And that was with all settings at HIGH, 4x on both AA and AF. Yeah… Valve is awesome <img src=" class="wp-smiley" style="height: 1em; max-height: 1em;" />

Some specs:

Processor: Intel quad core 2.5 GHz
Graphics: Nvidia GTX 280 with proprietary 310.x drivers
Desktop environment: Gnome 3 fallback mode
Window Decorator: Emerald (old I know. Don’t judge me!)
Window Compositor: Compiz

I’m truly shocked that everything worked as well as it does, given compiz’ reputation for problems with full-screen anything, much less gaming. Granted, I do have the “Unredirect full screen windows” option selected for compiz. But I thought it had no effect when you had multiple monitors being handled by X at once… Whatever. I’m not complaining. This is fucking AWESOME.

Flattr this!

]]> 16