I ran into a situation where I somehow managed to hork up a perl installation by having the temerity to install some perl modules. From them on, invocations of perl by anyone other than root result in disappointment:
That last example may get you thinking… I know it did for me. What about navigating to the “Home” or “Work” locations that the app set up? Surely you can just type those in as your query and Waze will be smart enough to figure it out, right?
Nope. It looks for a business named “Home” or “Work” nearby. No amount of wrangling could get it to work for me. But since I could open the app up and type Home into the search box I figured that Waze must have some built-in way to figure out if a search string is a Home/Work/Favorite versus something to search on the map for.
Navigate into downtown Waze
I decompiled the apk and discovered that Waze sends the URI down into a native code function, which makes it harder to reverse engineer. As in, I’m not even going to bother because then I’d have to teach myself assembly. So I cheated. I ran
strings against libwaze.so (native code included in the Android app) to find pieces of strings which may be used to test a supplied URI and found this:
Received invalid lon/lat
Oh ho ho! Some of these strings are probably used in debugging statements (decode: valid lat %s), and maybe ‘favorite=’ is too. But let’s just try a few things.
It works for your saved ‘Home’ and ‘Work’ locations. It also works for any place you’ve saved as a favorite. Just substitute the name you used. So feel free to set up Tasker tasks to automatically navigate all over the place.
Create a bash/cmd script at each end to break the file into pieces with dd.
md5sum each piece at both ends and compare to figure out which chunks are bad
transfer the bad chunks from source to target
dd the chunks back into the giant file
recheck the md5sum of the file to make sure it matches
Create a bash/cmd script at each end to break the file into pieces
Tip: rename the file to something which doesn’t require escape sequences, especially if your source/target are running different OSes. For example, spaces mean the name has to be enclosed in quotes on Windows and have a backslash prepended on Linux. So get those spaces out of there.
dd thinks in terms of blocks.
I set the blocksize to 1 megabyte to make the math easier. I want each chunk to be 128MB. The size of the chunk is up to you, but the trade-off is waiting for excess data to transfer versus dealing with more part files. Anyhow, we have
dd where to start when it’s copying data out of a file, supply the skip option. So the first chunk has
skip=0 , the second chunk has
skip=128 , the third has
skip=256 , and so on. Why?
dd thinks in terms of blocks.
I usually create an Excel workbook and use fill-down to create the correct skip numbers and then
CONCATENATE() to create the actual dd command lines. Copy and paste them into a text document. Send it to both ends with the correct extensions/permissions/shebang line/etc.
Run the batch/shell script at each end to create corresponding partXXXX files. If you follow my example, the value in the K column shows you where to stop copying; it changes to false at the line where you’ve passed the final dd required.
md5sum the pieces at each end and compare
Pretty easy; use
md5sum on all of the partXXXX files at each end. Save the output into an md5 file and then get both files in the same place so you can compare.
md5sum all of the pieces
Using the command line
diff tool will work, but if you have a GUI tool it should make it easier to see which files don’t match. Let’s hope there aren’t many.
Transfer the bad chunks from source to target
This part should be easy; just send the good chunks from the source to the target to replace the bad chunks. To make sure you haven’t wasted your time,
md5sum the replacement chunks once they reach the destination. Re-retransfer any that don’t match.
dd the chunks back into the giant file
We will use
dd again. Instead of redoing the whole process in reverse, we only need to dd in the fixed chunks.
Either redo your Excel sheet or just find and replace in your target batch/shell script.
The key things here are that the
of have been swapped, we must add
conv=notrunc, and we use
seek instead of
skip. We swap the input and output files because we’re outputting to the big file. We use
conv=notrunc because by default dd will truncate the destination file at the point where you start writing. We don’t want to destroy the file, so this is important. Finally, when we need to write the destination file anywhere other than the start, we have to use
seek instead of
You only need the lines corresponding to the fixed chunks. So your final batch/shell script might end up looking like this:
I’m in the middle of moving so I’m typing this up on my phone. As you may well be aware, I detest brevity as I loathe all encumbrances upon all opportunities to hear (or read) myself talk (or write). Here’s what you need to know to keep yourself safe.
First, keep this firmly in mind: Just because someone’s name or email address shows up in this breach does NOT mean they cheated on their spouse.
Ashley Madison does not verify a user’s email account when they sign up at all. This means anyone in the world could have entered your email address when they signed up. Now you look guilty.
There are other reasons an account is not necessarily a scarlet letter, even if it really does belong to the purported account holder. The person could have signed up because:
* They were curious and just wanted to look around
* They wanted to cheat but changed their mind.
* They signed up when single and subsequently got married and forgot all about the site. (Or paid for Ashley Madison’s delete account service and clearly did not get their money’s worth)
* They want to protect their identity online so they sign up for every high-profile social networking site that pops up.
* Or, possibly, they could want to cheat on their spouse. Diff’rent strokes and all.
Keep yourself safe
Do not click links in social media which claim to show you whose accounts were breached. Doesn’t matter if the link says your account is listed, your boss’s, a celebrity, or a politician. Scammers looooove throwing up bait like this to trick people into installing viruses or paying money or paying money to install viruses. Steer clear.
To see if your account is listed, visit this website (given my previous paragraph, I understand if you don’t want to click through)
This is the only website that I trust for this sort of information. The only one.
Now, since this information is sensitive, the author of the site, Troy Hunt, requires you to verify that you own the email address in question before he tells you whether or not you were among the breached Ashley Madison accounts. Click ‘Notify Me’ in the menu and sign up for notifications. Once you have verified your email address the website will let you know privately if you, well, ‘been pwned’.
This is a good practice, in general. I signed up for notifications from haveibeenpwned so if my email address ever shows up in a breach (even one which hasn’t been publicized) I get emailed.
Here are a couple great articles from information security news sources I trust.
So somewhere along the way we all grew up. Part of growing up is not visiting websites named ‘bellybuttonporn.com’ any more. So many of you never saw this. Now seemed as good as any time to copy the old post and images into this blog for our more modern sensibilities. I had to change the links for the comparison cars; they fell victim to linkrot after a model year had passed. At then end I’ll be back with an update. Continue reading Buying the Magnum→
Worried about ATM security? Good! Here’s how to stay safe:
Don’t ignore basic ATM security you already know – be sure you’re in a safe, well-lit area and there aren’t any suspicious people hanging around. Mugging someone is easier and quicker than installing a skimmer.
Use familiar ATMs and pay attention to what they look like. Any changes? A new card reader perhaps? That’s a sign that thieves have placed a skimmer there. Contact the bank to see if they’ve fixed/replaced that ATM recently.
Try to pull the card reader off. If it comes off in your hand with a quick tug, then congratulations, you have just discovered a skimmer.
Same thing with the PIN pad. With your debit card number, the thief still needs your PIN. Whew! Unfortunately the thief has thought of this. They either have a pinhole camera mounted somewhere (probably on the ATM) to videotape your PIN or an overlay on top of the PIN pad which records your PIN as you type it.
Cover your hand with your other hand while you type your PIN. This helps foil the cameras.
After you type your PIN, rest your whole hand on ALL of the buttons on the PIN pad for a moment. This heats all of the buttons up so the thief can’t use an infrared camera to get your PIN. (Yes, they really can do that, and yes, covering the PIN pad for a few seconds really does help)
Periodically check your account balance and transactions online. At least every few days. This way you may catch any fraudulent activity faster. Did thieves get access to your account with a skimmer? Was it an online shopping hack? Who knows! Doesn’t matter, really. Good thing is that you caught it. Talk to your bank and have them back out the fraudulent activity.
Finally, if you do discover a problem, do not panic. First, don’t actually use the ATM, even if you yanked the skimmer off. Get the hell out of there ASAP. If you’re on foot, run. If you’re in your car, lock it, roll the windows up, and get the hell away from the ATM. ATM skimming criminals may be lurking nearby to watch their toy. You just broke their toy, so they might be mad. They might resort to simply mugging you. So don’t use the ATM, don’t withdraw any money, and get the hell out of there.
Suppose you need to test your antivirus software, but you don’t have a virus laying around to test with. How do you get a virus to test with? Sounds dangerous.
Luckily, smarter people than I have already thought of this problem. The solution is the EICAR test file/string. It’s a harmless string that most (almost all) antivirus vendors treat as a virus. The idea is that you can use this file instead of a live virus. If your antivirus alerts on it, you know all is good. If it doesn’t, then your antivirus doesn’t work.
So if you’re doing some security research* and need the EICAR test string you may run into a chicken and egg problem. You need the test string, but every time you download it your antivirus program deletes it right away!
If you use splunk, you probably use lookups to add handy data to your searches and alerts.
If you use lookups, you have probably run into a situation where you’ve wanted to update a lookup file.
If you’ve wanted to…Okay I’m done with that. Similarly, you’ve probably found the process of googling how to update your csv frustrating as well. Most of the results assume you want to create a process to automatically update a lookup via a saved search. That’s a great idea, and here are some great examples.
But what if I have a simple csv of a few values and I want to update it once? Say I have a CSV with whitelisted DNS servers. I use it to filter out DNS traffic to known-good servers in the search I use to detect rogue traffic.
So I don’t want to automatically update this thing, I just want to add a row for my home router (whoops!).