Latest Entries »

  • X items on the visible list means x items inflated/created means x times getView() gets called with convertView as null.
  • Items in recycler at this time: 0
  • User scrolls up.
  • One more time getView() gets called, 2 things happen.
  • getView() gets called with convertView as null. getView() inflates and returns the view that just became visible.
  • The view that just disappeared gets dumped in the recycler.
  • Total views : number of views on screen+1 in recycler.
  • User scrolls further, View recycling kicks in, convertView is no longer null.

listview_recycler

This post outlines the decryption of the popular Whatsapp Crypt8 database file. To accomplish this we will need a few tools:

  • PC with either MAC or Windows installed. For this tutorial, I executed the steps on a Windows 7 system.
  • Cygwin(For Windows based system, With Mac you probably won’t need anything else).
  • Basic knowing of hexdump, openssl, gzip.
  • A rooted Android device.

Whatsapp stores the decryption key at location data/data/com.whatsapp/files/key on the phone. Extract this.

Whatsapp periodically backs up data on the SD-Card at sdcard/Whatsapp/Databases/msgstore.db.crypt8. Extract that.

Now, fire up the cygwin shell and run the following commands in the order mentioned below:

Firstly, extract the aes and the initialization vector,

#hexdump -e '2/1 "%02x"' key | cut -b 253-316 > aes.txt
#hexdump -e '2/1 "%02x"' key | cut -b 221-252 > iv.txt

Now strip down the 67 bytes header
#dd if=msgstore.db.crypt8 of=msgstore.db.crypt8.nohdr ibs=67 skip=1

Decrypt and convert to gzip
#openssl enc -aes-256-cbc -d -nosalt -nopad -bufsize 16384 -in msgstore.db.crypt8.nohdr -K aes.txt -iv iv.txt > msgstore.gz

Extract from Gzip
#gzip -cdq msgstore.gz > msgstore.db

And you are done. You can view the file now in Sqlite Browser.

Abstract Class Vs Interface

Yes, I do understand the title reflects the age old repetitive interview question. It has been asked again, again and again and then just some more times. But why, why is this so important. Why does every software company on the planet has the question sticking out of their heads. We all know the answer to this(duh??), they all know the answer to this(duh??), and nearly every preparation site answers this, then what is the big fuss about?

Well, the fantastic thing about an iceberg is its tip and then comes in the total size. In a very similar fashion, for this question, everybody understands the syntax but fails to understand the semantics. If you have been reading about this, few well know answers are:

  • Interface is a 100% abstract class
  • Java class(es) can implement multiple interfaces but it can extend only one abstract class.
  • Java interface should be implemented using keyword “implements”; A Java abstract class should be extended using keyword “extends”.

All the above arguments talk about the dynamics of implementations of an abstract class and interface(s). Although those are factually correct but lack in answering a fundamental design question, i.e., “When should my software use an abstract class and when should it use an interface”.

To answer this let us begin by asking a few questions, the first one is, Have you ever noticed that when we inherit from interfaces, we use “implements” however when we inherit from an abstract class we use “extends”?, Yes, No? Puzzled?

This little inheritance jargon is the key in understanding the usage of abstract classes vs interfaces. Not only in software engineering but in any engineering field(even in basic english), the keyword “implements” is associated with implementing a functionality and “extends” is associated with extending to enhance the characteristics of a type. Keeping this in mind, Whenever we are implementing we are actually defining “what” a class can do or what it is capable of. For example, a Ball which “is a” Toy is “capable of” bouncing. Got it?, Saw the light?, Not yet?

Maybe Now:

class Ball extends Toy implements Bounceable

So whenever we talk about functionality, think interfaces and whenever we talk about characteristics, think abstract classes(not always, but yes when we analyze in terms of extensions). So, as a general rule of thumb:

Interfaces:

  • Talk about what a class can do.(Functionality)
  • Declare what kind of functionality, a class should implement.
  •  Uses “is capable of” relationship.

Abstract Class(es):

  • Talks about characteristics an object should support.
  • Type of an Object
  • Uses “is a” relationship

Hope this cleared some of the fog.

A good way to share a functionality across teams or companies is to share it via packaging through libraries, where the code is invisible and the team requiring it can integrate it seamlessly with the code they are working on. iOS allows the usage of static libraries via “.a” files which can be statically loaded at compile time. Runtime usage of libraries(dynamically, “.so” files) is not allowed for user apps. Some general information about these archives and their usage is mentioned below:

• iOS Simulator and an iOS device have different architectures i.e i386 and armv7s respectively. This means it is necessary to test the final library (".a") file on a real device.

• It is possible to compile a i386 based lib via command line on the terminal on a Mac OS X system. However, it is not the same for if you are building for armv7s architecture. In case of armv7s (iOS device), XCode needs to be used.

Below mentioned are the steps to create a library that can be statically linked to iOS code on a device:

• Fire up XCode and choose a new project template type under OS X→Frameworks and Libraries→C/C++ Libraries.

choose_project

• Name the project and choose type as “Static”.
• Import or just drag and drop .c and .h files into the project.
• Click on “Build Settings” for the project. “Base SDK” should be Latest iOS(7.0) and “Architectures” should be Standard(armv6, armv7).

arch

• Check the “Build Phases” in targets. Add or move the header files to “Public”.
• Select the appropriate scheme and build (Make sure you have a connected iOS device which can be selected as a scheme).

scheme

• Go to Product→Archive→Distribute→Save to save the end product which will be a folder containing the headers and the .a file.

Below mentioned are the steps to create a library that can be statically linked to iOS code that will run ONLY on the simulator. Although this is redundant but is helpful if you just want a quick lib integration/usage check:

• Fire up the terminal on OS X and fire the two commands one after another.
• gcc -Wall -c -arch i386 -arch x86_64 *.c
• ar -cvq libXXYYYZZZ.a *.o

Python Challenges- Code Log

Have been working on Python Challanges by Nadev Samat and yes those are pretty tough and interesting at the same time. I tend to pickup stuff and leave it in the middle so this time I have decided to log my progress by posting code for each challenge I solve and hence keep a code and progress log simultaneously.

Challenge 0:

This one was pretty simple and just required:

>>>pow(2, 38)

on the terminal.
Answer was 274877906944

Challenge 1:

Went dumb(as originally I am) and tried to solve this one by hand, but realization came in after reading the first line and hence switched to code:

>>> import string
>>> str = "g fmnc wms bgblr rpylqjyrc gr zw fylb. rfyrq ufyr amknsrcpq ypc dmp. bmgle gr gl zw fylb gq glcddgagclr ylb rfyr'q ufw rfgq rcvr gq qm jmle. sqgle qrpgle.kyicrpylq() gq pcamkkclbcb. lmu ynnjw ml rfc spj";
>>> intab = "abcdefghijklmnopqrstuvwxyz"
>>> outab = "cdefghijklmnopqrstuvwxyzab"
>>> from string import maketrans
>>> trantab = maketrans(intab, outab)
>>> print str.translate(trantab)

Answer was ocr

Challenge 2:

>>>file = open('temp.txt')
>>>str=file.read()
>>>key = """\n!#%$&()+*@[]_^{}"""
>>> new2 =""
>>> for letter in str:
... if letter not in key:
... new2 += letter
...
>>> print(new2)

Answer was equality

Challenge 3:

>>>file = open('temp.txt')
>>>str=file.read()
>>>pat = re.compile('''
... [^A-Z] # any character except a capital letter
... [A-Z]{3} # three capital letters
... ( # the beginning of a capturing group
... [a-z] # one lowercase letter
... ) # the end of the group
... [A-Z]{3} # three capital letters
... [^A-Z] # any character except a capital letter
... ''', re.VERBOSE)
>>>  re.findall(pat,str)

Answer was linkedlist

Had too google a lot for challenges 3 and 4 as my regex and python knowledge are pretty nascent. But yes, I will be completing all the 31 challenges and posting those here.

Challenge 4:

Enjoyed this one, very little google was required and the code was pretty straight forward and this was the first time I used Python to fetch online resources. Here is the final code. This ran with a hiccup as I had to change the value of ‘stringholder’ once as per the instructs, but finally did the job:

>>> stringholder = '12345'
>>> url = 'http://www.pythonchallenge.com/pc/def/linkedlist.php?nothing='
>>> for x in range(0,399):
... req = urllib2.Request(url+stringholder)
... response = urllib2.urlopen(req)
... fullStr = response.read()
... list = re.findall('\d+', fullStr)
... length = len(list)
... stringholder = list[length - 1]
... print stringholder

Answer was peak

Challenge 5:

Another tough one, finding that banner.p was a task. I got to know about pickling from this one & the output, man I was totally blown away:

>>> import urllib, pickle
>>> url = 'http://www.pythonchallenge.com/pc/def/banner.p'
>>> stream = urllib.urlopen(url)
>>> object = pickle.load(stream)
>>> stream.close()
>>> print object #hint: output of banner program by Unix
>>> for item in object:
... print "".join(i[0]*i[1] for i in item)
...

Answer was channel

Challenge 6:

Phewww, Man, this puzzle was exhausting. You get started with 3 clues: ‘zip’, ‘Now there are pairs’ and ‘channel’. It gives a weak idea that Python zip module is to be used. Hence, Altering the page url to ‘channel.zip’ from channel.html gives us a zip file. I unzipped this file to find lots of files with ‘nothings'(remember?) and a readme file. Now, there are 2 hints in the readme file, first is: “Start with 90052” and “Answer is inside the zip”. Being Lazy as I am, I ignored the 2nd advice completely and followed the LinkedList approach of extracting the nothings and following those but now for a much larger dataset(~1000). Here’s the initial code below:

>>> import zipfile
>>> zip = zipfile.ZipFile(open('channel.zip', 'r'))
>>> nothing = '90052.txt'

>>> while True:
... raw_data = zip.read(nothing, None)
... print raw_data
... nothing = int(raw_data.split()[-1])
... nothing = str(nothing)+'.txt'

Just when I thought I was done I got this:

Next nothing is 46145
Collect the comments.

I had to modify the code and the final code looked like:

>>> import zipfile
>>> zip = zipfile.ZipFile(open('channel.zip', 'r'))
>>> nothing = '90052.txt'
>>> comments = []
>>> while True:
...     raw_data = zip.read(nothing, None)
...     print raw_data
...     nothing = int(raw_data.split()[-1])
...     nothing = str(nothing)+'.txt'
...     comments.append(zip.getinfo(nothing).comment)
print "".join(comments)

This leaves us with the answer, hockey and only if at all it was so easy. I entered this into the url and got this: it’s in the air. look at the letters.

Taking a closer look at the hockey reveals that the answer is oxygen.

Challenge 7:

First things first, through this one I got introduced to the PIL(Python Imaging Library). I had to download and install it as an external module using the help of this link(plus ofcourse a bit of scavenging on stackoverflow). Coming back to the Image being shown in challenge 7, with some pixel manipulation in the middle(once again I omitted the fact that the pixel manipulation was exactly in the middle and tried to play around by printing the random pixel rgba values from the picture).

This was the final code which led to the final answer:

>>> from PIL import Image
>>> original = Image.open("oxygen.png")
>>> y = original.size[1]/2
>>> print "".join([chr(original.getpixel((x,y))[0]) for x in range(0, original.size[0],7)])

After running this code, I got the following:

smart guy, you made it. the next level is [105, 110, 116, 101, 103, 114, 105, 116, 121]pe_

The answer was integrity.

Challenge 8:

As compared to the last few puzzles, this one was relatively easy. Our first clue is the text at the bottom of the page: “Where is the missing link?”. Moving the cursor on the image of the fly indicates that the image is actually a hyperlink and clicking on it brings up a username, password authentication box with a cryptic text “The server says: inflate”. From here nowhere to go, I decided to delve into the source and found “un” and “pw”, which are actually encoded bz2 streams(Ok, Ok I admit I did not find about the stream format on my own) and here is some relevent info regarding bz2 streams. Had to use Python to decompress the streams to reveal the username and password:

>>> import bz2
>>> un = 'BZh91AY&SYA\xaf\x82\r\x00\x00\x01\x01\x80\x02\xc0\x02\x00 \x00!\x9ah3M\x07<]\xc9\x14\xe1BA\x06\xbe\x084'
>>> pw = 'BZh91AY&SY\x94$|\x0e\x00\x00\x00\x81\x00\x03$ \x00!\x9ah3M\x13<]\xc9\x14\xe1BBP\x91\xf08'
>>> bz2.decompress(un)
'huge'
>>> bz2.decompress(pw)
'file'

Challenge 9:
Puzzle 9 tells us to “connect the dots”. The Source reveals 2 sets of values which can only be co-ordinate values. Plotting the coordinate values give us the image of a bull(took trial and error, I tried ox too).
Code is given below:

>>> from PIL import Image
>>> im = Image.new('RGB', (640, 487))
>>> file = open('first_list.txt')
>>> str_first = file.read()
>>> import re
>>> str_first = re.sub('\n', '', str_first)
>>> first_list = str_first.split(",")
>>> flx = first_list[0::2]
>>> fly = first_list[1::2]
>>> file2 = open("second_list.txt")
>>> str_sec = file2.read()
>>> str_sec = re.sub('\n', '', str_sec)
>>> second_list = str_sec.split(",")
>>> slx = second_list[0::2]
>>> sly = second_list[1::2]
>>> im = Image.new('RGB', (640, 487))
>>> for i in range(len(flx)):
...     im.putpixel((int(flx[i]), int(fly[i])), (255, 0, 0))
...     i = i + 1
... 
>>> i = 0
>>> for i in range(len(slx)):
...     im.putpixel((int(slx[i]), int(sly[i])), (255, 0, 0))
...     i = i + 1
... 
>>> im.save('test.png')test

Automation- Python to the rescue

Automation, let’s accept it, it is not easy, either it is a product line or getting your code built on the click of a button or as we have all done at some point of time, manually changing those  long and long repeated lines of code and hoping that a robot will do it for you(or maybe that rookie intern ;)).

So, talking in terms of code, what actually is automation and how useful it is and what kind of tools does it use. To analyse all this, let me talk about a scenario(read mundane) that recently occurred during my day job which rather forced me to come up with a small ‘robot’. As the client would have it, While writing an objective-c client for a server, I had some java code lying around, which I was referring to and this Java code had a rather long list(~300) of enums(string based) and as we all know c does not support those string based pixies and would need to be stripped away. So, I was wondering that how can I just copy these into a .m file and quickly get away with it. After pondering for like 5 mins, I realized, that it would be better if I could just write some code which can edit my code and hence save me some time.

Having decided so, I picked up Python as the tool to work with and after 15 or so mins(Sorry, my bad, my Python is really lousy, since I mostly read about it but never practice it, but am sure it won’t be so after this post.), came up with this little piece on terminal:

f = open("xyz.h", 'r')
lines = f.readlines()
f.close()
f = open("xyz.h", 'w')
import re
for line in lines: p = re.compile('\((.*?)\)'); line = p.sub('', line); f.write(line);
f.close()

AND, voila, I had a file but this time with only enum constants(Before: ENUM_CONSTANTS(“string”) After: ENUM_CONSTANTS). The little robot just accomplished this in few lines code.

Now, I’m looking forward to use Python as much as possible to create little robots like these to edit my code so that I can create a few more bugs in the meantime ;)

Happy Coding.

Mac Musings- Pulling ‘strings’

‘strings’ is a very powerful good little devil, present in every unix like OS. Its primary job is to hunt down and print text strings embedded in binary strings such as executables. Like every other tool, it is very useful for both hackers and crackers. Pentesters specifically can use this tool to identify vulnerabilities(read static passwords/pass phrases and usernames) during black-box testing of apps.

Usage of ‘strings’ on mac is extremely simple and just requires firing up the terminal and typing in: strings filename

The output is a list of strings present in the binary(if any). So, Coders using static passwords, please beware!

Common usage includes piping it to grep and fold or redirecting the output to a file.

 

So the thing was, I was tying to setup the adb path on my mac and finally done, I decided to write a little tutorial so that anybody and everybody can simply go through the following instructs and just breeze through it:

  • Fire up the terminal on the mac.
  • Browse to the root directory and create a file named .bash_profile, using the command “touch .bash_profile“.
  • Using the command above can be a little tricky as the user might not have the permissions to create the file under the root directory, so as a solution to that we will use the “sudo chown username file/dirname“, to temporarily change the permissions for a given directory/file.
  • Next, type “open -e .bash_profile” to open it in TextEdit.
  • A TextEdit window will open, copy and past this into that window, export PATH=$PATH:/yoursdkfolderfull path/sdk/platform-tools
  • Save the changes and close text edit.
  • Restart terminal, while in the root directory, type: source .bash_profile
  • ADB should be setup now, check by firing the adb command on the terminal.
  • And Thats pretty much it.

Bits and Nibbles

  • Adding 2 Binary numbers:

One of the popular interview questions, usually in the preliminary or the telephonic rounds. Given 2 binary arrays of length, you need to find their sum?

Ans: The arrays can be initialized as java boolean types,
Eg:

                boolean A[] = { true, false, false };
		boolean B[] = { true, false, false };
		boolean C[] = { false, false, false, false };
		boolean carry = false;
		for (int j = B.length - 1; j >= 0; j--) 
		{
			C[j + 1] = ((A[j] ^ B[j]) ^ carry);
			if (A[j] && B[j]) 
			{
				carry = true;
			} 
			else 
			{
				carry = false;
			}

		}
		C[0] = carry;

		return C;

The Sum can be calculated by using the XOR operator with a carry.

 

  • Finding the unique number from a given array:

Given an array, which has a double of each number(1,1,2,3,2,3,4,4…….). Find a single Number which is unique?

Brute-Force approach: Walk through the array and compare the numbers using a counter variable or something similar.

Simple Approach: XOR the array. Only the unique number will remain.

 

  • Find if the number ‘n’ i s a power of 2 or not.

n & (n – 1) == 0 should be true.

Custom Android, Custom USB

I have been working with a custom Android device for sometime now. This is a decently powerful 2.3.4 device(It is not a phone). It has USB capabilities too, but for some arcane reasons the vendor does not want to support the USB accessory api and hence one has to rely on native linux to handle the USB drive. The vendor’s app runs as a System app and needs to have the RW access to the USB. 

Image

We were easily able to map the USB to mnt/udisk by having a quick look at the vol.fstab, which showed:

dev_mount usb /mnt/udisk auto /devices/platform/ehci-omap.0/usb1/

Since auto-mount was already enabled so it was not much of a hassle and things looked Vanilla and easy. But, Alas, everything went well until the code responsible for R/W was deployed. The Java code simply refused to acknowledge that the USB was plugged in and had data in it. Other apps, eg: Eclipse File Explorer, And Explorer, shell(OK, let’s leave this one out as it has root privileges), were easily able to acknowledge the existence of the USB. Now, what could have gone wrong with one small piece of File R/W Java code. The permissions looked pretty much Ok(other apps were already accessing the drive).

Few hours and 3 cups of coffee later, we had an aha moment when we released that the app was running as a System App and not a normal one. Putting the theory to test we ran the app as a normal one i.e. we immediately updated the debug.keystore to use the default one plus the manifest and yes everything was sunny again.

Image

Hmmm….The issue at hand was solved now and the Vendor has been notified about the glitch, but This makes us think about the Android Security mechanisms. There should be a way to make system apps access USB but I haven’t found the answer to that yet. Will update as soon as I stumble on something.

Follow

Get every new post delivered to your Inbox.

Join 136 other followers