Wednesday, June 04, 2014

HTML5 Flappy Bird Tutorial

As part of my job as Technical Architect, I try to introduce our developers into parts of development which they won't really get involved in with their normal development activities, out of the topics suggested, an HTML5 Game was highest for the first week

I had signed up to lessmilk.com's mailing list which shows his games he made with the Phaser Framework and one of those was a Flappy Bird clone which he also wrote a tutorial for, I found this one perfect to pique the interest of the developers, so here are the links to all 3 tutorials.

Here are the tutorials

I also use Mongoose Web Server as it is simple to run these tutorials as they need a web server to allow showing the resources.

This is the final one you get to play Final Flappy Bird Clone

And here is a picture of the set up of the night showing it off.

Tuesday, May 27, 2014

Cracking a PDF from a Nigerian Bank.

I have recently been getting lots of legitimate emails from companies using my email address for someone who isn't me, showing me companies aren't verifying emails before setting them up on their mailing lists such as:

  • Skype (really Microsoft...still?)
  • Zara
  • Telstra
  • 100s of Loan companies.
  • NIGERIAN UNION BANK

The last one should make you smile at least, it did me. Obviously looking at is, it is spam... but nope looking at all the emails, it seems someone had actually signed up and used my email to sign up. THANKS.

I therefore emailed their customer services, to see about them removing my email and closing their account. They replied (I then checked the email headers from the customer support and the account email and they were the same, proving it was a legitimate email). In one of the emails, there was a PDF which was password protected with the account number of the person's account who had signed up my email, so I didn't have it. Being the inquisitive person I am, I thought I'd try and see if there was an online tool that could do it for me, but they all said they could remove the password...if you knew it. Which is fair enough. I was not ok with this, I wanted to know the person to see if I could find them and email them telling them, my email isn't there's... So I found pdfcrack

I downloaded it and ran it against the pdf, using the default options.

pdfcrack "account.pdf"
The problem was that it wasn't correct number of characters, it was going through all combinations of characters from 0-n, since I actually knew how long the password was... they told us in the email, they replaced the numbers with *. Thanks Bank, counting it all, there are 10 characters for "001*****83". Running pdfcrack, shows you the arguments it accepts.
Usage: pdfcrack -f filename [OPTIONS]
OPTIONS:
-b, --bench             perform benchmark and exit
-c, --charset=STRING    Use the characters in STRING as charset
-w, --wordlist=FILE     Use FILE as source of passwords to try
-n, --minpw=INTEGER     Skip trying passwords shorter than this
-m, --maxpw=INTEGER     Stop when reaching this passwordlength
-l, --loadState=FILE    Continue from the state saved in FILENAME
-o, --owner             Work with the ownerpassword
-u, --user              Work with the userpassword (default)
-p, --password=STRING   Give userpassword to speed up breaking
                        ownerpassword (implies -o)
-q, --quiet             Run quietly
-s, --permutate         Try permutating the passwords (currently only
                        supports switching first character to uppercase)
-v, --version           Print version and exit

So from this, I can set the charset of the account number (0-9) and min/max numbers of the password (10).

pdfcrack -c 0123456789 -n 10 -m 10 "account.pdf"
This then will start trying all the passwords but this still will take far too long for me, but going back to the email, I know the start and the end of the string. This means I can generate a dictionary of all possible combinations of the account number, which will make pdfcrack a little faster. By googling "number list generator" I found this site.

http://textmechanic.com/Generate-List-of-Numbers.html

I set up my options like this to generate the numbers with padding, prefixing the start of the account number and suffixing the end of it with saving the file after its done.

I then saved the file as output.txt, I then updated pdfcrack to use this dictionary, called a wordlist in its options.

pdfcrack -w output.txt "account.pdf"
This took 3 seconds to find the password on my box, I think pdfcrack doesn't support multi-core threading, so that was pretty fast and here is the output.
PDF version 1.4
Security Handler: Standard
V: 2
R: 3
P: -1852
Length: 128
Encrypted Metadata: True
FileID: e620bf3e3b2adfc0b842251b2e43778f
U: 69f457abbb40358fb69b6f75f2c258ac6162636465666768696a6b6c6d6e6f70
O: db0a102b17407083e77f5bbe9d11ff416d81f0f437ef8a6cda83964c51ae4e5d
found user-password: '0019999983'

Here is a screenshot of the pdf opened with the information hidden, note the bottom phrase "Big, Strong, Reliable"... Alanis Morissette would be proud of that.

Emmanuel Sarki,
S.D.A. Church Kadamo Jengre Bassa L.G.C.

Since Mr Sarki is currently a footballer playing in Poland... http://en.wikipedia.org/wiki/Emmanuel_Sarki I probably think it is fake and a Church being one of the random scammer who want money for but who knows.

I did this post to show companies, if you don't verify emails, send details with enough information that can be gleaned, it would be easy to steal off your customers. After emailing them numerous times to tell them of their error, I resorted to adding money to my Skype account and calling their customer service and they assured me they'd stop, (they didn't), I rang again with the account number from the PDF, they were then able to stop the emails, not until I'd found out everything I'd need to.

Steps to stop this:

  1. Ask your user for their email
  2. Ask to validate it by entering it again
  3. Email them a verification link
  4. User clicks emails
  5. Create account

Friday, February 21, 2014

Sending Java Sealed Objects via Sockets

Since I couldn't find a single example, this is a few examples put together into one working example, thought it'd be useful if I put it on the web

Here's a link to the Gist and below is the code https://gist.github.com/Sarkie/9138396

Server.java

import java.net.InetSocketAddress;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;
import java.security.spec.*;
import java.security.*;

public class Server {  
 
  
    public static void main(String[] args) throws Exception {
     System.out.println("Server Started");
  
  // Create key
  final char[] password = "secret_password".toCharArray();
  final byte[] salt = "random_salt".getBytes();
  SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
  KeySpec spec = new PBEKeySpec(password, salt, 1024, 128);
  SecretKey tmp = factory.generateSecret(spec);
  SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

  Cipher dcipher = Cipher.getInstance("AES");
  dcipher.init(Cipher.DECRYPT_MODE, secret);   

     ServerSocketChannel ssChannel = ServerSocketChannel.open();
     ssChannel.configureBlocking(true);
     int port = 12345;
     ssChannel.socket().bind(new InetSocketAddress(port));

     while (true) {
   System.out.println("Waiting for a connection...");
      SocketChannel sChannel = ssChannel.accept();

   System.out.println(sChannel.getRemoteAddress().toString() +" connected");
      
   ObjectInputStream ois = new ObjectInputStream(sChannel.socket().getInputStream());

   SealedObject s = (SealedObject)ois.readObject();
   
   SecretObject decryptedSecretObject = (SecretObject) s.getObject(dcipher);     
   
      System.out.println("Server - Packet Data is: '" + decryptedSecretObject.getSecretMessage() + "'");
   
   ois.close();

      System.out.println("Connection ended");
     }
    }
}

Client.java

import java.net.InetSocketAddress;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;
import java.security.spec.*;
import java.security.*;

public class Client {

    public static void main(String[] args) throws Exception {
 
  String server = "localhost";
  
  if(args.length == 1){
   server = args[0];
  }
 
     System.out.println("Receiver Started");
  
  // Create key
  final char[] password = "secret_password".toCharArray();
  final byte[] salt = "random_salt".getBytes();
  SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
  KeySpec spec = new PBEKeySpec(password, salt, 1024, 128);
  SecretKey tmp = factory.generateSecret(spec);
  SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

  Cipher cipher = Cipher.getInstance("AES");
  cipher.init(Cipher.ENCRYPT_MODE, secret);   

     SocketChannel sChannel = SocketChannel.open();
     sChannel.configureBlocking(true);
  
     if (!sChannel.connect(new InetSocketAddress(server, 12345))) {
   System.out.println("Cannot connect to Server, make sure it is running");
  }
   
  ObjectOutputStream  oos = new ObjectOutputStream(sChannel.socket().getOutputStream());

  SecretObject secretObject = new SecretObjectImpl("007");

  SealedObject so = new SealedObject(secretObject, cipher);

  oos.writeObject(so);
  System.out.println("Sent Sealed Object");

  oos.close();     

     System.out.println("End Receiver");
    }
}

SecretObject.java

import java.io.*;

public interface SecretObject extends Serializable {
   String getSecretMessage();
}

SecretObject.java

import java.io.*;

public class SecretObjectImpl implements SecretObject {
 
 private String _secretMessage = "";
 
 public SecretObjectImpl(String secretMessage) {
  _secretMessage = secretMessage;
 }

 public String getSecretMessage() {
  return _secretMessage;
    }

}