It’s been quiet a while since I’ve posted anything on my blog. It’s hard to always post information, though I felt I’ve done a good job posting relevant information I’ve researched over the past two years. It’s about time I start getting back into it – though in the mean time it’s time for a little life update. So if your here for a technical blurb – read no further since this won’t have any source code embedded in it, or post-mortems of any applications.
For the past year I’ve had an awesome job at Amadeus North America, working on an excellent new cutting edge product for the travel industry. It was a great learning experience, getting to delve into the world of rapid agile development and learn new tools such a Google Web Toolkit (GWT). I developed countless strong relationships with many coworkers, picking up plenty of coding ‘style’ and quirks. Things that I directly contribute to my coding style today, and definitely something that I’m proud of. Most importantly, I have a real issue making code without writing unit tests (Thanks @RyanNorris!) and feel sick to my stomach if I ever try to check in code without JavaDocs. Looking back, I can honestly say I loved my time at Amadeus. The long days, even the stressful ones, helped me prepare for being a real software engineer – learning more than I ever had in school.
Then I meet the Lookout team…
“Lookout” is right, because these guys were insane. I grabbed some food with them while at a conference in San Francisco. Never in my life had I had such an awesome nerd-fest day. Conventions where always interesting, and you always meet interesting people – but these guys where real. They didn’t just talk the talk – they actually did very impressive things day in and day out. Much to my surprise, I had things to actually add to the many interesting talks the evolved through the night. Even more shocking to me, I was asked if I’d ever considered relocating to the west coast for a job.
I remember thinking, “Yikes, these guys are just being nice, it’d never happen”. I talked it over with my girlfriend the next morning after arriving on the red-eye. Lots of words where thrown back and forth using with “it’s probably never going to happen, but…” We agreed I’d go along with the process, like the many other times I’d been approached by companies. It never worked out before, so I wasn’t going to make a big deal of it, or even think of it as anything but a remote possibility.
Then came the phone interview… I always hated these things, they’re worse than face to face interviews because you can’t see the other person expressions. Are you talking to in-depth? Not in-depth enough? Does this person just not believe you? It’s just hard sometimes to gauge peoples reactions without being in the same room. I remember walking away from the phone interview thinking, “Damn… That either really sucked, or went really well.” Luckily, it went well and I got an email asking if I could come out to San Francisco for an interview. This is when everything really started to him me, could I really be getting the dream job I’ve always wanted?
To shorten this post, since I’ve already babbled along for too long – I came in for the interview and ended up doing well. Some of the most interesting interview questions I’ve ever heard where asked, like “How would you exploit this code?” from Anthony Lineberry. After the interview, I actually ended up getting an offer that blew my mind away. It was settled, there was no question in my mind that I wanted this job. My family kept reminding me, sometimes your favorite hobby isn’t the best job… Thank god that didn’t hold true :)
So I up and moved to San Francisco, got an awesome apartment with some killer roommates. Now i’ve been a part of the Lookout Mobile Security team for almost a month now. Officially I’m a “Security Response Engineer” (I know, that’s bad ass, never thought I’d have that title..) and getting to learn more and do more thing with Android and other mobile systems than I thought I’d get too. I know get to do for work, what I did in my off hours, it’s quiet possibly the greatest adventure I’ve gotten a chance to take on yet. In the short time I’ve been here I got to even goto Defcon for my first hacker convention. I got to take in tons of great talks with many smart people, and even help with some of my coworkers presentations; “App Attack: Surviving the mobile application explosion”, “These aren’t the permissions you’re looking for”.
Anyway, just figured I’d use this as a kick off post as I get back into the gear with blogging again. For now though, I’m going to get back to doing my part with this awesome team in keeping mobile safe and developers smart.
Ok, so this is the final week of classes. That means final exams, projects due etc. On top of having to finish, prepare and compile an almost 100 page project (compilation of three mini-projects due across the whole semister) we’ve had exams up the wazoo.
Java exam, heh – no biggy there. Just know how to declare variables and what not. Here is the “review list” we were sent;
Application System Development
Exam I Review Outline
? Computer Hardware and Software
o Key hardware in computers and their roles
? CPU (processor, chip)
? Main memory
? Auxiliary memory
o Key software
? Operating system (OS)
• Translation from high level languages to low level languages (Assembly or Machine Language)
? Java Compiler and Interpreter
• Translation from source code to byte code then to machine language
? Java Basics
o How to create .java files in the OS
o Editing of Java programs
o Class name must match file name!
o Java is case sensitive.
o The commands used to compile and execute Java programs
o Java comments
? Java Variables
o Variables are “containers.”
o Three important concepts about variables: Type, Name, and Value.
o Variable types
? Know the details of the 8 primitive types.
? Know the details of the String class type.
? Know the details of automatic type conversion.
? Know the details of type casting.
o Variable names
? Know the rules about Java identifiers.
? Know the rules about Java naming conventions.
? Case sensitive!
o Variable value
? Know the correct ways to write the value of each type.
? Pay attention to the special symbols used with value of some types (e.g., ‘’ with char type and “” with String type, etc.)
? The difference between 1 and 1.0
o Variable declaration
? Syntax of the declaration statement
o Assignment Statement
? Syntax of the assignment statement
? Special assignment operators: +=, -=, *=, /=, %=.
o Java Expressions
? Arithmetic expressions
• Operators: unary +, unary -, binary +, binary -, *, /, %, ++, –.
• Know how they behave with different Java types
• Know the precedence rules
? Boolean Expressions
• Basic comparison operators: <, >, <=, >=, ==.
• Boolean operators: &&, ||, !.
• The precedence rules
o Java I/O Operations
? Output method: System.out.print() and System.out.println().
• Know meaning of the method invocations.
? Input method
• The Scanner class
• Know how to use the Scanner class in programs.
? Flow of Control
o Branching statements
? If-else statement
? Know its syntax and all its variations.
o Loop statements
? While loop
? Do-while loop
? For loop
? Know their syntax.
? Know how to use them in programs
Chapter 4 & 5
? The concept of classes and objects
o The definition of classes
? Instance variables
• How to access instance variables
• Difference between instance variables and local variables
• Normal instance variables vs. static variables
• Method heading
o Access modifier, return type, method name, and parameter
o Return type and return statement
o Formal parameters and actual parameters (arguments)
o Invocation of methods
o Static methods
Data Communications review list was the following;
Data Communication and Networks
Final Review Material
• Understand the topology of the Internet
o “A network of networks.”
• The OSI Model
o What are the 7 layers of OSI Model?
o What is the role of each layer in data communication?
o Sample techniques for each layer?
• Basic data transmission concepts
o Data digitization
o Serial vs. Parallel Transmission
o Synchronous vs. Asynchronous Transmission
o Modulation vs. Demodulation
o Half vs. Full Duplex Communication
o Data Compression
o Error Control Techniques
• For each of the basic concepts,
o Can come up with an example
o Know the key sample techniques (e.g., for error control, Parity)
• Nyquist’s Theorem & Shannon’s Law
o Understand the concepts
o Remember the formula
o Given a scenario, be able to perform the calculation
• Data transmission media
o A few industry standards to remember.
o The pros and cons of each type of media
? Know the specs of CAT 3 and CAT 5
o Coaxial Cable
? Light transmission modes
• Point-to-Point Data Transmission Technologies
o Know the specs of the sample technologies
o Know their pros and cons
? A few tables to remember
o IEEE 1394
• Internet Access Technologies
o Know the major characteristics of the sample technologies
o Relate back to what we learned in Chapter 2.
? What basic data transmission concepts are applied in the internet access technologies?
• Data link layer concepts
o What is data link layer protocol’s responsibility?
o Point-to-point vs. end-to-end
o The three techniques that ensures reliability
? Know how they work
? Know examples of those techniques
o Data link addressing
? Purpose of addressing?
? How dose it work? (the diagram)
? Example of data link layer addressing (MAC address)
o The LAN architecture model (the things that defines a specific LAN technology)
? Access methodology
? Logical topology
? Physical topology
o Existing LAN technologies
? Token Ring
? Wireless LANs
? For each of them,
• Know which standard defines it
• Know the architecture model
• Frame format
• Know the important hardware and software used in that type of LAN
• Know how the hardware and software work together to make the LAN work (usually demonstrated in figures in the lecture)
• For each of the basic concepts,
o Can come up with an example
o Know the key sample techniques (e.g., for error control, Parity)
• WAN technologies and concepts
o WAN design considerations
o WAN architecture
o Physical WAN transmission technologies
• Their frame format
• The important hardware used
• Their architecture as illustrated in figures
? The Digital Service Hierarchy
? The Optical Carrier levels
o Switching technologies
? Circuit vs. packet switching
? Connectionless vs. Connection-Oriented
• Understand the concepts above
? Frame Relay
• What are the pros and cons of the techniques above?
? Network Layer basic
o Functionality of network layer protocols
o Concept of network segments
o Network Layer addressing
? Component of a network layer address
? Concept of address resolution
o Packet encapsulation concept
o Packet fragmentation concept
? How dose it work?
o The routing process
? One diagram that explains the process of routing and the changes in network layer address and data link layer address
? Routing table
? Routing protocols
? All the rest of the upper layer protocols in OSI model
o Sample technology
The Internet Suite: TCP/IP
? The TCP/IP model basic concepts
o IP address format
o IP address classes
o Subnet masks
Network Security and Ethics
? Network Security Basic principles
o Virus protection
? The use of smartcard
? Private key encryption
? Public key encryption
Data Communications, no biggy there also, but shesh – you should see home of the cheatsheets people do for class now a days.I don’t mean the old school cheatsheet, that you had to hide from the professor. The new ones that are quasi-allowed, one page double sided stuff. You wouldn’t believe what people put down on them… Literally everything, I saw one fellow student with every power point slide and more. Thats practically over 300 slides! Take a look at whats below, thats someones cheatsheet for the data com class, back and front;
Those things are CRAZY! Anyway, I guess people will always try to exceed what rules they are given. They arn’t technically breaking any rules – but you’d think thats a little excessive? I wish I grabbed a picture of the one with all the slides on it, it puts this one to shame.
Lastly, and more importantly – LOST: Season 4 comes out today, so well. I think I know what I’ll be doing after my next exam.
Well enough of that, after today I should have plenty of time to post more useful information about android reversing, debugging, coding and secure coding.
Alright so today, well really, yesterday was a different day… I guess it was yesterday since I’m writing this past midnight.
Anyway, I’ve been doing a little bit of developing on for the Android aside from just reversing things. It’s a nice little break and it gives me time to try and develop better code, look at it disassembled and see what it looks like and what not. I’m always ranting about secure code, so I might as well be able to do it myself – right?!
So the main idea behind the application I’ve been tossing around idea’s for is SMS Back-ups. I normally use gchat since, well – I love it and it logs everything. However sometimes I’ve been on my phone and not been able to reach people who don’t share my affinity for gchat… Sigh – so I resort to text messaging. The problem that I’ve come to with this, is the messages get cluttered and then it gets annoying to search through them. So I figured I’d throw together a little application to collect the text messages, and mail the away to you. This way it should be easily stored like a gchat session for later archival or searching through gmail! Well… That’s the idea mainly, that and to finally code something worth while and release it.
Another random thing I’d like to say is that, well – COD: World At War is crack. I bought it yesterday and in between study sessions, conference calls and coding I’ve been cranking away at it. The online mode offers plenty of different modes, and the single player is surprisingly fun to play while being decently challenging. Hopefully it doesn’t take over my reversing time… No I won’t let it!
Lastly no, I have not forgotten about the patching example, it will be posted. It’s jut put on the back burner for a while…. Ah! I almost forgot there is a new android program out called wpToGo. I’ll have to try it out a little bit later. Seems a little bit buggy – but nothing a few updates won’t fix. Anyway, off to bed for now. Hopefully I’ll post some tid-bits later today about either the program, or reversing. I’ve been working on a few algorithms and protectors for the android system.