Archive for the life Category
3
Back to the basics

It’s been a fun and interesting ride on my Android reversing adventure. Nothing explicit to post now, but I just did want to touch on a few things I’ve seen over the past few days. I’ve been doing some research in the anti-piracy field and seen a few different interesting things. One interesting thing I came across is direct memory access, while it’s not possible to inject dalvik opcodes – we could in theory do this with root access. I know, not much help – huh? Still some pretty interesting things we might be able to do with the /proc/pid/mem address spaces if we did have root. An interesting application that uses this is GameCIH, interesting use-case and even more interesting UI for it! Either way I’ll hopefully post a few proof of concepts projects that I have been dabbling with off and on for a while.

Another thing I’ve come to realize as I delve more into Android protection schemes, is that your binaries are never truly protected. While I know it’s never safe to assume that your binaries are a safe asset, as they almost never are on any operating system – for some reason I was under the assumption that they would be more protected with user based permissions on Android. Though this just seems to not be true – as even “protected” applications have their /lib directory world-readable, and even loadable by any other application. This isn’t really a security break by any means, but something I found interesting as I look deeper into things.

On a side rant, I’ve become increasingly frustrated with the amount of people demanding support for open source code. It’s quiet annoying to see people ranting on and on about issues they have with code, when they honestly don’t take the time to debug any of their issues. I guess it boils down to the same issues you find day after day on a forum, people don’t want to search for an answer – they just want to be given the answer. It tends to get even more maddening when you know these people are just trying to turn a buck off the open source project and never even thank people for their help! Shuck — rant mode off for now.

A better note to end on though – I’ve gotten back into my Android Market (Vending) reversing roots. It’s been a little bit since I last looked at some of the dalvik code – but it appears Google has done some interesting things with it. The protobuf has evolved for sure, as well as the Market itself. There are suggestion feedback while searching, many more application shelfs for carriers and tons of extra fields I never really traversed. It’s an awesome thing to have seen evolve and exceptionally interesting to have worked on since day one. I’m sure I’ll be blogging more about it at time goes on. So stay tuned for it if your interested, as I’m sure I’ll be working on it all week. I’ve also just gotten my hands on a G2, so it’s the first time I’ve been using a non-rooted phone – another thing to distract me from doing work :) – hopefully I’ll be posting more on Market data though. It’s always been interesting stuff, I guess I’ll have to finally finish some of the projects of mine!

3
It’s been a while, but I’m still alive


It’s been quiet a while since I’ve posted anything on my blog. It’s hard to always post information, though I felt I’ve done a good job posting relevant information I’ve researched over the past two years. It’s about time I start getting back into it – though in the mean time it’s time for a little life update. So if your here for a technical blurb – read no further since this won’t have any source code embedded in it, or post-mortems of any applications.

For the past year I’ve had an awesome job at Amadeus North America, working on an excellent new cutting edge product for the travel industry. It was a great learning experience, getting to delve into the world of rapid agile development and learn new tools such a Google Web Toolkit (GWT). I developed countless strong relationships with many coworkers, picking up plenty of coding ‘style’ and quirks. Things that I directly contribute to my coding style today, and definitely something that I’m proud of. Most importantly, I have a real issue making code without writing unit tests (Thanks @RyanNorris!) and feel sick to my stomach if I ever try to check in code without JavaDocs. Looking back, I can honestly say I loved my time at Amadeus. The long days, even the stressful ones, helped me prepare for being a real software engineer – learning more than I ever had in school.

Then I meet the Lookout team…

Lookout” is right, because these guys were insane. I grabbed some food with them while at a conference in San Francisco. Never in my life had I had such an awesome nerd-fest day. Conventions where always interesting, and you always meet interesting people – but these guys where real. They didn’t just talk the talk – they actually did very impressive things day in and day out. Much to my surprise, I had things to actually add to the many interesting talks the evolved through the night. Even more shocking to me, I was asked if I’d ever considered relocating to the west coast for a job.

I remember thinking, “Yikes, these guys are just being nice, it’d never happen”. I talked it over with my girlfriend the next morning after arriving on the red-eye. Lots of words where thrown back and forth using with “it’s probably never going to happen, but…” We agreed I’d go along with the process, like the many other times I’d been approached by companies. It never worked out before, so I wasn’t going to make a big deal of it, or even think of it as anything but a remote possibility.

Then came the phone interview… I always hated these things, they’re worse than face to face interviews because you can’t see the other person expressions. Are you talking to in-depth? Not in-depth enough? Does this person just not believe you? It’s just hard sometimes to gauge peoples reactions without being in the same room. I remember walking away from the phone interview thinking, “Damn… That either really sucked, or went really well.” Luckily, it went well and I got an email asking if I could come out to San Francisco for an interview. This is when everything really started to him me, could I really be getting the dream job I’ve always wanted?

To shorten this post, since I’ve already babbled along for too long – I came in for the interview and ended up doing well. Some of the most interesting interview questions I’ve ever heard where asked, like “How would you exploit this code?” from Anthony Lineberry. After the interview, I actually ended up getting an offer that blew my mind away. It was settled, there was no question in my mind that I wanted this job. My family kept reminding me, sometimes your favorite hobby isn’t the best job… Thank god that didn’t hold true :)

So I up and moved to San Francisco, got an awesome apartment with some killer roommates. Now i’ve been a part of the Lookout Mobile Security team for almost a month now. Officially I’m a “Security Response Engineer” (I know, that’s bad ass, never thought I’d have that title..) and getting to learn more and do more thing with Android and other mobile systems than I thought I’d get too. I know get to do for work, what I did in my off hours, it’s quiet possibly the greatest adventure I’ve gotten a chance to take on yet. In the short time I’ve been here I got to even goto Defcon for my first hacker convention. I got to take in tons of great talks with many smart people, and even help with some of my coworkers presentations; “App Attack: Surviving the mobile application explosion”, “These aren’t the permissions you’re looking for”.

Anyway, just figured I’d use this as a kick off post as I get back into the gear with blogging again. For now though, I’m going to get back to doing my part with this awesome team in keeping mobile safe and developers smart.

2
Code Monkey 4 life

new job!

new job!

So it’s been quiet a while since I’ve posted much — in fact it has been quiet a while since I’ve had much free time for android development and reversing too. Too much stuff going on to really have time to dedicate to such things. Got a real job as a software engineer (woohoo!), playing 9man and trying to get lots of other things done too.

So I’ve offically become a code monkey — and I’ve used a little money I saved away to grab a brand-spanken new netbook :) – this is one of the main reasons I’ve been unable to do android work. No more production laptop for running eclipse/reversing. Finally got most of my stuff running though on the netbook — so I’ll be posting more soon. Also I’ve preo-ordered my myTouch from T-Mobile, so more information should be coming in approximately 14 days on that :)

Things to come should be including;

— Setting up android stuff on a netbook and compiling stuff on/for a netbook
— Better decompiling of android apps
— Reversing android app/game protocols
— And the holy grail of all information for android, how to get live market data :)

So stand by for (hopefully) some exciting stuff!

0

Some definite interesting stuff over at the purebasic forums, I found it quiet funny slash hillarious since I’ve had a chance to talk to some of the TEAM RESURRECTiON members before. The primary link is someone named utopiamania who is claiming he the following
“antipiracy code inside the program is meant to be obfuscated and nearly uncrackable”
Some, well, I guess you could say, “memorable” quotes I find sort of funny are the following:

You just need to accept this fact: SND, Resurrection, ARTEAM, and others WILL unpack your software.

Another is well put by locomotion;

1) Uninstall Tool. ExeCryptor, full protection, and Sunbeam over at {RES} has nailed it EVERY build, EVERY Time.

2) Smart Diary Suite. Themidia, Full SDK protection, and quesago unpacked it and nailed it.

3) Any FlexM protected App. Black Riders, LineZero, or Crude shred these apps.

4) SND Request board. Almost all the tough apps usually end up there, and there is no shortage of talent and drive to crack them.

I’m telling you. If you think you can outsmart {RES} BRD, CRD, Lz0, SND, CORE, SSG, FFF – you are dreaming.

Your protection would probably stop quite alot of crackers. However, you simply cannot beat them ALL.

FOCUS on your APPLICATION and its QUALITY. A few timebombs here and there, and multipart serials (see my example) will get your average cracker and their releases will be “nuked” for a while.

However, if you actively try and create challenges and animosity to your app, you will go down in flames and the crackers will put you in your place.

I reverse engineer all the time, and so do many people on this board. Trust us when we tell you that cracking your app can and will be done. However, if you do it right, you can MINIMIZE the damage done.

EVERY ship in the world takes on some water!!! The best ships are DESIGNED to MINIMIZE the damage that it can do, and can HANDLE the challenges. The same is true with your business plan. Expect to be cracked, and ADAPT accordingly with minimal time and cost.

The oh so knowledgable utopiamania thus responded with;

Quote:
I’m telling you. If you think you can outsmart {RES} BRD, CRD, Lz0, SND, CORE, SSG, FFF – you are dreaming.
I can’t outsmart them, but these protectors I mentioned do it 99.999999999999% of the
time.

It’s important that people realise this and don’t give up. Very good protection is available nowadays.

Quote:
I reverse engineer all the time, and so do many people on this board
Shure you do, but none of you can reverse engineer an app protected by say code virtualizer. Smile

I guess it’s developers like this guy that the protector companies make all their money off of? Oh well, I guess it’d be sad if the protectors all lost their jobs…
There is even a big shout out to Sunbeam and LaFarge of {RES}

Sunbeam is probably the best EXECrytor reverser out there. Period. Lafarge is another dynamite reverser as well. Trust me. I know their work from other boards.

The Team SND request forum has about the toughest protected apps out there, and they, along with quite a few others, continually defeat these protections.

Anyone here with reversing experience will at least know of these guys, or the Teams they come from.

If you think you are going to beat the combined knowledge of {RES}, SND, AT4RE, CRD, BRD, Unpack.cn, ect, you are kidding yourself.

Focus on your PRODUCT and make it not SUCK. Then people will WANT to buy it. The perfect example here is PureBasic itself. Sure, there are pirated versions out there, but I and a ton of other people loved it so much we WANTED to buy a legit version. Fred has an amazing product, and as a result, people actually BUY it. His protection is very simple and doesnt get in the way a single bit for registered users. You have no idea how much I love him for that, as do most other people.

Take AVS Video tools and other Themidia protected apps. If I have Acronis Trueimage running before I start up AVS, Themedia REFUSES to let me run AVS because of a “monitor” tool. And I paid for Acronis. Screw AVS for that, and they lost me as a customer.

Bravo localmotion, atleast someone understands how the world works!

[sigh] – Sadly for now it ends on utopiamania sort of “claiming” victory with this final post;

That said, nothing posted here has convinced me to abandon either CodeVirtualizer or ExeCryptor as my tools of choice to protect it from criminals as soon as it hits the streets. Razz

I wonder how fast that program will be torn to shreds?

1
iPCCorp – Systems Analysis and Design

a horrible logo I designed for the project...

a horrible logo I designed for the project...


I figured I’d post the final version of what I’ve been so occupied with. No it has nothing to do with Android or the G1, but it took a long time and many hours away from Android developement… Plus since this semister is over I might as well post this since it will probably get deleted off my machine soon! Hah, anyway; this is my final compilation of the project. It includes milestone one to milestone three which essentially is everything. “Requesting” the system, the idea’s behind it, alternatives and finally creating and implimenting the system. The system is fully (fully in the sense of a functional beta atleast…) functional and still posted. The working link to it is located on this server, in the iPCCorp directory. You can use the login admin/letmein to play around with the administrator side, create new accounts, reset passwords etc…

Try not to mess around with it too much it really isn’t ment to be a fully functional and used system. I’ve included my 100ish page report and the source code to this page. Enjoy, maybe someone will get some use out of it?

Here is the project (.doc) and server files (.html and .php) zipped together. The total file is 3.90mb.
iPCC-Milestone-comp.zip

1
Busy, busy busy – even LOST

Ok, so this is the final week of classes. That means final exams, projects due etc. On top of having to finish, prepare and compile an almost 100 page project (compilation of three mini-projects due across the whole semister) we’ve had exams up the wazoo.

Java exam, heh – no biggy there. Just know how to declare variables and what not. Here is the “review list” we were sent;

Application System Development
Exam I Review Outline

Chapter 1
? Computer Hardware and Software
o Key hardware in computers and their roles
? CPU (processor, chip)
? Main memory
? Auxiliary memory
o Key software
? Operating system (OS)
? Compilers
• Translation from high level languages to low level languages (Assembly or Machine Language)
? Java Compiler and Interpreter
• Translation from source code to byte code then to machine language
? Java Basics
o How to create .java files in the OS
o Editing of Java programs
o Class name must match file name!
o Java is case sensitive.
o The commands used to compile and execute Java programs
o Java comments
Chapter 2
? Java Variables
o Variables are “containers.”
o Three important concepts about variables: Type, Name, and Value.
o Variable types
? Know the details of the 8 primitive types.
? Know the details of the String class type.
? Know the details of automatic type conversion.
? Know the details of type casting.
o Variable names
? Know the rules about Java identifiers.
? Know the rules about Java naming conventions.
? Case sensitive!
o Variable value
? Know the correct ways to write the value of each type.
? Pay attention to the special symbols used with value of some types (e.g., ‘’ with char type and “” with String type, etc.)
? The difference between 1 and 1.0
o Variable declaration
? Syntax of the declaration statement
o Assignment Statement
? Syntax of the assignment statement
? Special assignment operators: +=, -=, *=, /=, %=.
o Java Expressions
? Arithmetic expressions
• Operators: unary +, unary -, binary +, binary -, *, /, %, ++, –.
• Know how they behave with different Java types
• Know the precedence rules
? Boolean Expressions
• Basic comparison operators: <, >, <=, >=, ==.
• Boolean operators: &&, ||, !.
• The precedence rules
o Java I/O Operations
? Output method: System.out.print() and System.out.println().
• Know meaning of the method invocations.
? Input method
• The Scanner class
• Know how to use the Scanner class in programs.
Chapter 3
? Flow of Control
o Branching statements
? If-else statement
? Know its syntax and all its variations.
o Loop statements
? While loop
? Do-while loop
? For loop
? Know their syntax.
? Know how to use them in programs

Chapter 4 & 5
? The concept of classes and objects
o The definition of classes
? Instance variables
• How to access instance variables
• Difference between instance variables and local variables
• Normal instance variables vs. static variables
? Methods
• Method heading
o Access modifier, return type, method name, and parameter
o Return type and return statement
o Formal parameters and actual parameters (arguments)
o Invocation of methods
o Static methods

Data Communications review list was the following;

Data Communication and Networks
Final Review Material
Lecture 1

• Understand the topology of the Internet
o “A network of networks.”
• Protocol
• The OSI Model
o What are the 7 layers of OSI Model?
o What is the role of each layer in data communication?
o Sample techniques for each layer?

Chapter 2

• Basic data transmission concepts
o Data digitization
o Serial vs. Parallel Transmission
o Synchronous vs. Asynchronous Transmission
o Modulation vs. Demodulation
o Half vs. Full Duplex Communication
o Data Compression
o Packetization
o Multiplexing
o Switching
o Error Control Techniques
• For each of the basic concepts,
o Can come up with an example
o Know the key sample techniques (e.g., for error control, Parity)

Chapter 3

• Nyquist’s Theorem & Shannon’s Law
o Understand the concepts
o Remember the formula
o Given a scenario, be able to perform the calculation
• Data transmission media
o A few industry standards to remember.
o The pros and cons of each type of media
o UTP
? Know the specs of CAT 3 and CAT 5
o Coaxial Cable
o Fiber-optic
? Light transmission modes
• Point-to-Point Data Transmission Technologies
o Know the specs of the sample technologies
o Know their pros and cons
? A few tables to remember
o RS-232
o USB
o IEEE 1394
o IrDA
o Bluetooth
• Internet Access Technologies
o Know the major characteristics of the sample technologies
o Relate back to what we learned in Chapter 2.
? What basic data transmission concepts are applied in the internet access technologies?
o Dial-up
o DSL
o Cable

Chapter 4

• Data link layer concepts
o What is data link layer protocol’s responsibility?
o Point-to-point vs. end-to-end
o The three techniques that ensures reliability
? Know how they work
? Know examples of those techniques
o Data link addressing
? Purpose of addressing?
? How dose it work? (the diagram)
? Example of data link layer addressing (MAC address)
o The LAN architecture model (the things that defines a specific LAN technology)
? Access methodology
? Logical topology
? Physical topology
o Existing LAN technologies
? Ethernet
? Token Ring
? Wireless LANs
? For each of them,
• Know which standard defines it
• Know the architecture model
• Frame format
• Know the important hardware and software used in that type of LAN
• Know how the hardware and software work together to make the LAN work (usually demonstrated in figures in the lecture)
• For each of the basic concepts,
o Can come up with an example
o Know the key sample techniques (e.g., for error control, Parity)

Chapter 6

• WAN technologies and concepts
o WAN design considerations
o WAN architecture
o Physical WAN transmission technologies
? T-1
? SONET
• Their frame format
• The important hardware used
• Their architecture as illustrated in figures
• Deployment
? The Digital Service Hierarchy
? The Optical Carrier levels
o Switching technologies
? Circuit vs. packet switching
? Connectionless vs. Connection-Oriented
• Understand the concepts above
? X.25
? Frame Relay
? ATM
• What are the pros and cons of the techniques above?

Chapter 7

? Network Layer basic
o Functionality of network layer protocols
o Concept of network segments
o Network Layer addressing
? Component of a network layer address
? Concept of address resolution
o Packet encapsulation concept
o Packet fragmentation concept
? How dose it work?
? MTU
o The routing process
? One diagram that explains the process of routing and the changes in network layer address and data link layer address
? Routing table
? Routing protocols
? All the rest of the upper layer protocols in OSI model
o Functionality
o Sample technology

The Internet Suite: TCP/IP

? The TCP/IP model basic concepts
? IP
o IP address format
o IP address classes
o Subnet masks

Network Security and Ethics

? Network Security Basic principles
o Virus protection
o Firewalls
o Authentication
? The use of smartcard
o Encryption
? Private key encryption
? Public key encryption
? Ethics
o Privacy
o Piracy

side 2

side 2

cheatsheet for data come side1

cheatsheet for data come side1


Data Communications, no biggy there also, but shesh – you should see home of the cheatsheets people do for class now a days.I don’t mean the old school cheatsheet, that you had to hide from the professor. The new ones that are quasi-allowed, one page double sided stuff. You wouldn’t believe what people put down on them… Literally everything, I saw one fellow student with every power point slide and more. Thats practically over 300 slides! Take a look at whats below, thats someones cheatsheet for the data com class, back and front;

Those things are CRAZY! Anyway, I guess people will always try to exceed what rules they are given. They arn’t technically breaking any rules – but you’d think thats a little excessive? I wish I grabbed a picture of the one with all the slides on it, it puts this one to shame.

Lastly, and more importantly – LOST: Season 4 comes out today, so well. I think I know what I’ll be doing after my next exam.

Lost: Season 4

Lost: Season 4

Well enough of that, after today I should have plenty of time to post more useful information about android reversing, debugging, coding and secure coding.

0
Scary Javascript….

Not android related at all, but I found this comment on slashdot.org about a firefox specific malware. A user posted a snippet saying “don’t save your passwords”, but apparently you would only need to execute a small javascript script to grab the password even prior to hitting submit. Found it sort of… Concerning, to say the least;

Javascript is already capable of getting the value of a password field, and even if it wasn’t they could just redirect the form action and get the password that way.

Try this: go to Paypal.com (any page with a password field, really), type in something arbitrary into the password field, and then paste this into the address bar:

javascript:for(var a=document.getElementsByTagName(“input”),i=0;i

Yikes, it works and that’s kind of, ok not kind of – but is really bad!

0
Little bit of this… Little bit of that…

Alright so today, well really, yesterday was a different day… I guess it was yesterday since I’m writing this past midnight.

Anyway, I’ve been doing a little bit of developing on for the Android aside from just reversing things. It’s a nice little break and it gives me time to try and develop better code, look at it disassembled and see what it looks like and what not. I’m always ranting about secure code, so I might as well be able to do it myself – right?!

So the main idea behind the application I’ve been tossing around idea’s for is SMS Back-ups. I normally use gchat since, well – I love it and it logs everything. However sometimes I’ve been on my phone and not been able to reach people who don’t share my affinity for gchat… Sigh – so I resort to text messaging. The problem that I’ve come to with this, is the messages get cluttered and then it gets annoying to search through them. So I figured I’d throw together a little application to collect the text messages, and mail the away to you. This way it should be easily stored like a gchat session for later archival or searching through gmail! Well… That’s the idea mainly, that and to finally code something worth while and release it.

Another random thing I’d like to say is that, well – COD: World At War is crack. I bought it yesterday and in between study sessions, conference calls and coding I’ve been cranking away at it. The online mode offers plenty of different modes, and the single player is surprisingly fun to play while being decently challenging. Hopefully it doesn’t take over my reversing time… No I won’t let it!

Lastly no, I have not forgotten about the patching example, it will be posted. It’s jut put on the back burner for a while…. Ah! I almost forgot there is a new android program out called wpToGo. I’ll have to try it out a little bit later. Seems a little bit buggy – but nothing a few updates won’t fix. Anyway, off to bed for now. Hopefully I’ll post some tid-bits later today about either the program, or reversing. I’ve been working on a few algorithms and protectors for the android system.

0
Shout out to the QA Man…

Figured I’d give a shout out to the father for his QA Blog, as he did a recent short blurb on the Android bug that we’ve used to gain root on the G1′s with.

SQA Blogs – Joe Strazzere

While I believe some of the quotes:

“I was in the middle of a text conversation with my girl when she asked why I hadn’t responded. I had just rebooted my phone and the first thing I typed was a response to her text which simply stated “Reboot” – which, to my surprise, rebooted my phone.”
“Google hurried to repair the problem, which causes the phone to interpret any text entered just after the phone was turned on as a command.”
“Linux and Unix users are advised to use their systems with “root” privileges reserved only for administrators, but Android was actually giving anybody that privilege.”
“The Android bug has to rate as one of the great software bloopers of all time.”
“We tried really hard to secure Android. This is definitely a big bug.”

Though some of the quotes are definitely media hype… Someone texting their girl and typed reboot? Ok well that’s a straight up lie, they would of had to type reboot into the main part of their home screen, which in turn would search the contacts and then execute the command. So yes, there is truth they could have rebooted it, but I sure how he doesn’t text his “girl” from the contacts like that normally… She might be mad for not have receiving any messages lately?

Oh well, I guess with ever blunder, ever mishap and every bug – someone has to blow it out of proportion. I mean – I know I was sending a text message and typed ^c and it broke me into the terminal! Next think you know someone will say how they left open safe mode, and they where turning on their phone to contacts (yes contacts, not text) their girlfriend and where shocked to see safe mode in their bottom left corner! Oh wait… You can get in safe mode by holding down menu on boot up…. Silly google… Silly media…

1