Sunday, January 29, 2012

For friends who want to modify the URL through. Htaccess, here are some functions. Htaccess code and scripts to be written to perform these functions:
(As we know file.htacces are in the main file manager to display the entire blog. Precisely in the folder "public_html")
1. Modified URLs with mod_rewriteIf friends want to change the dynamic URLs like www.123.com/product.php?id=abc become more static URL & user friendly as www.123.com/product/abc. Then the following script on Htaccess:

    RewriteEngine on
    RewriteRule ^ product /([^/ \ .]+)/?$ product.php? Id = $ 1 [L]

2. Outsmart the query stringOther websites can be put up links that point to a website friendly by adding frills query string. For example www.123.com/index.php?source=abc.com. Query strings can create duplicate content issues on the website that a friend can harm SEO efforts companions. To outsmart, friends can add the following line of code. Htaccess:

    RewriteCond% {QUERY_STRING} ^ source = RewriteRule (.*) / $ 1? [R = 301, L]

3. Convert HTML to PHP executable fileIf a friend has a static HTML website. But what if one day a friend wanted to run PHP code on the HTML page? Companions can add the following line of code:

    AddHandler application / x-httpd-php. Html

4. Change error pageCompanions can change the error page you want to appear on the visitors who visited the invalid links on a Web / Blog friends. How, first please upload the file 404.php  into the public_html directory. Then set the default error pages by adding the following line of code. Htaccess you:

    ErrorDocument 404 http://www.abc.com/404.php

5. Redirect pageOne more function of other htaccess redirect (redirect) a page to another page. For example if you want lama.php directed to baru.php. Companions can add the following line of code:

    redirect 301 / lama.php http://www.123.com/baru.php

6. Turning off directory listingsDisplaying directory listings on the website could be one of the problems security / security that must be considered. For any files that exist on the web / blog friends can be known to others with ease. Well, following a line of code can disable directory listing on your web / blog friends:

    Options-Indexes

7. Hide certain file types from the directory listingOr if a friend decided to keep their directory listings active friend, the friend can hide certain file types to be hidden from directory listings.

    IndexIgnore *. gif *. zip *. txt

8. CanonicalizationThe most common htaccess trick is to know whether your website home page has a canonicalization problem or not. Canonicalization is a website that his home page has a number of different URL formats. For example:www.123.com, 123.com, www.123.com/index.html, 123.com/index.html.
Canonicalization is not good for SEO on a website / blog for traffic headed home page counted as a different URL, even though the same content. You can overcome caninicalization by adding the following script in the file. Htaccess you. The following script will force the various formats your URL to format www.abc.com:

    Options + FollowSymLinks
    RewriteEngine on
    RewriteCond% {HTTP_HOST} ^ abc.com
    RewriteRule (.*) http://www.abc.com/ $ 1 [R = 301, L]
    RewriteCond% {THE_REQUEST} ^ [AZ] {3.9} \ / index \. Html \ HTTP /
    RewriteRule ^ index \. Html $ http://www.abc.com/ [R = 301, L]

That's all the article above that I can share to friends, if you want to know more about modifying and the role of. Htacces friend can search for articles through google.

Timthumb is the most popular image re-sizing script used in many WordPress themes and plugins. Recently a security vulnerability was found in it. This security vulnerability allowed anyone to upload any php file into the Timthumb cache directory and execute it to compromise the site.
One way to fix this security issue with timthumb is to NOT use timthumb at all. Just delete it. But make sure that your theme or plugin can work without it.
In case your theme or plugin depend on timthumb heavily and you must use it, then here’s the procedure to fix this security vulnerability.
• First download the latest version of timthumb from this link. Rename it from timthumb.php.txt to timthumb.php.
• Open this newly downloaded file and make sure that ALLOW_EXTERNAL is set to false.
define( 'ALLOW_EXTERNAL', false );
• Now make sure that the $allowedSites array is empty. In your new timthumb file, you will probably find this code,
$allowedSites = array(
    'flickr.com',
    'picasa.com',
    'img.youtube.com',
);
Replace it with this code,
$allowedSites = array();
• Now upload this newly downloaded and modified timhumb.php file on your web server to replace the existing timthumb file with it.
That’s it. Now you can use timthumb script safely. If you have any questions related to the timthumb security vulnerability or the procedure to fix this issue, then post it below.

Friday, January 27, 2012

How To Crack Android Application & Game

Setting up the Ground :
Well, it seems people are getting crazy about Android platform(everyone is trying to buy an Android phone!). lets see if I can get my hands dirty with this Linux+java clean room engineered platform.

To begin our journey we need Android SDK, a target to test with and the necessary tools.

You can download the necessary file from these locations:

Android SDK: http://developer.android.com/sdk/index.html
Deurus Android crackme 03: http://crackmes.de/users/deurus/android_crackme03/
Smali and baksmali: http://code.google.com/p/smali/
Dex2jar: http://code.google.com/p/dex2jar/
Java decompiler: http://java.decompiler.free.fr/

Download and install Android SDK, SDK platform(latest is 2.2 at the time of writing), necessary Javapackages and rest of the tools. Create a virtual device from SDK menu and start emulation. Within few minutes you can see the emulator booting up and showing the phone screen. Well, thats it! we have our emulator up and running.

Getting Started with the Game :
Now we need to install the software(crackme, its legal!) to the emulator. For that you may have to get acquainted with Android debug bridge(adb). Installing a apk file is pretty simple, all you have to do is to run two commands from Android SDK directory/tools.



After the installation you can see the crackme icon from application menu.



Now run the crackme by clicking on it. If everything went as expected you will see the crackmeapplication on the screen.



Now we will play with it, pressing check button with no inputs pops a message 'Min 4 chars', and with a proper name it pops up 'Bad boy'. We have to remember these strings because we will be using them as our search keys when we disassemble the apk(actually dex) files. Also note that we have two hardware ids and we need to find out what those exactly means. 

Real Android Reversing :
As our crackme is up and running in emulator, we now move onto reversing it. If you have read apk file format, you can visualize it as a extended JAR file which essentially is a zip file. Now you can change the crackme file name from Crackme03.apk to Crackme03.zip and decompress it to any folder.



Now the interesting file for us is classes.dex, which contains the compiled vm codes. We are going to disassemble the dex file with baksmali. Commands are pretty simple as you can see from screen shots.



If everything worked fine, we will have a folder structure similar to Java packages. Interesting .smali files are located at '\com\example\helloandroid'. Open all the .smali files into your favorite text editor(I use Notepad++). If you have never done anything related to reverse engineering/esoteric programming/assembly(IL) programming, you will probably think: WTF!. Relax. We have just opened a disassembled dex file. Now, if you are thinking how on earth someone can find the correct location of checking function, I hope you remember those pop up strings I told earlier. Yeah, 'Min 4 chars' and 'Bad boy'. Now we will use those strings as our search keys. Searching �Min 4 chars� in all the opened .smali files, we will find a hit in HelloAndroid$2.smali line 130.



Our aim is to understand the serial checking function and write a keygen for it. For that we have to know all the dalvik opcodes that are used here. You can visit this page to understand the opcodes and after that you can convert disassembled code to much higher language constructs. I will provide a brief code snippet which actually implements the algorithm. Two hardware ids used are IMEI and simserial number.

01 //Read name from text box
02 const v23, 0x7f050004
03 invoke-virtual/range {v22 .. v23}, Lcom/example/helloandroid/HelloAndroid;->findViewById(I)Landroid/view/View;
04 move-result-object v9
05 
06 //Read serial from text box
07 const v23, 0x7f050006
08 invoke-virtual/range {v22 .. v23}, Lcom/example/helloandroid/HelloAndroid;->findViewById(I)Landroid/view/View;
09 move-result-object v21
10 
11 //Checking whether the name is of length greate than 4
12 const/16 v22, 0x4
13 move v0, v11
14 move/from16 v1, v22
15 if-ge v0, v1, :cond_51
16 
17 //Popup showing Min 4 chars
18 const-string v23, "Min 4 chars"
19 const/16 v24, 0x1
20 .line 86
21 invoke-static/range {v22 .. v24}, Landroid/widget/Toast;->makeText(Landroid/content/Context;Ljava/lang/CharSequence;I)Landroid/widget/Toast;
22 move-result-object v13
23 .line 88
24 .local v13, notificacionToast:Landroid/widget/Toast;
25 invoke-virtual {v13}, Landroid/widget/Toast;->show()V
26 
27 //There is a little exception trick to make integer string from username
28 //It converts aaaa to 97979797 which is ascii equivalent
29 invoke-virtual {v10, v5}, Ljava/lang/String;->charAt(I)C
30 move-result v3
31 
32 //Getting first 5 chars from ascii converted name
33 const/16 v22, 0x0
34 const/16 v23, 0x5
35 move-object v0, v12
36 move/from16 v1, v22
37 move/from16 v2, v23
38 invoke-virtual {v0, v1, v2}, Ljava/lang/String;->substring(II)Ljava/lang/String;
39 
40 //Converting it into integer abd xoring with 0x6B016 - Serial part 1
41 invoke-static {v12}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I
42 move-result v22
43 const v23, 0x6b016
44 xor-int v22, v22, v23
45 
46 //Getting IMEI from TelephonyManager
47 //http://developer.Android.com/reference/Android/telephony/TelephonyManager.html
48 invoke-virtual {v8}, Landroid/telephony/TelephonyManager;->getDeviceId()Ljava/lang/String;
49 move-result-object v6
50 .line 102
51 .local v6, imei2:Ljava/lang/String;
52 
53 //Getting sim serial
54 invoke-virtual {v8}, Landroid/telephony/TelephonyManager;->getSimSerialNumber()Ljava/lang/String;
55 move-result-object v16
56 .line 103
57 .local v16, simsn:Ljava/lang/String;
58 
59 //Getting first 6 chars from IMEI, and similarly from sim serial (IMEI.Substring(0,6) will be used as Serial part 3)
60 const/16 v22, 0x0
61 const/16 v23, 0x6
62 move-object v0, v6
63 move/from16 v1, v22
64 move/from16 v2, v23
65 invoke-virtual {v0, v1, v2}, Ljava/lang/String;->substring(II)Ljava/lang/String;
66 
67 //Converting them to integer and xoring - Serial part2
68 invoke-static/range {v19 .. v19}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I
69 move-result v22
70 invoke-static/range {v20 .. v20}, Ljava/lang/Integer;->parseInt(Ljava/lang/String;)I
71 move-result v23
72 xor-int v22, v22, v23
73 
74 //Making a new StringBuilder object and formatting the string to part1-part2-part3
75 new-instance v22, Ljava/lang/StringBuilder;
76 invoke-static {v12}, Ljava/lang/String;->valueOf(Ljava/lang/Object;)Ljava/lang/String;
77 move-result-object v23
78 invoke-direct/range {v22 .. v23}, Ljava/lang/StringBuilder;-><init>(Ljava/lang/String;)V
79 const-string v23, "-"
80 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
81 move-result-object v22
82 invoke-static/range {v17 .. v18}, Ljava/lang/String;->valueOf(J)Ljava/lang/String;
83 move-result-object v23
84 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
85 move-result-object v22
86 const-string v23, "-"
87 invoke-virtual/range {v22 .. v23}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
88 move-result-object v22
89 move-object/from16 v0, v22
90 move-object/from16 v1, v19
91 invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
92 move-result-object v22
93 
94 //Checking whether user entered serial and program made serials are equal.
95 invoke-virtual {v14, v15}, Ljava/lang/String;->equals(Ljava/lang/Object;)

Real Android Reversing :
As our crackme is up and running in emulator, we now move onto reversing it. If you have read apk file format, you can visualize it as a extended JAR file which essentially is a zip file. Now you can change the crackme file name from Crackme03.apk to Crackme03.zip and decompress it to any folder.



Now the interesting file for us is classes.dex, which contains the compiled vm codes. We are going to disassemble the dex file with baksmali. Commands are pretty simple as you can see from screen shots.



If everything worked fine, we will have a folder structure similar to Java packages. Interesting .smali files are located at '\com\example\helloandroid'. Open all the .smali files into your favorite text editor(I use Notepad++). If you have never done anything related to reverse engineering/esoteric programming/assembly(IL) programming, you will probably think: WTF!. Relax. We have just opened a disassembled dex file. Now, if you are thinking how on earth someone can find the correct location of checking function, I hope you remember those pop up strings I told earlier. Yeah, 'Min 4 chars' and 'Bad boy'. Now we will use those strings as our search keys. Searching Min 4 chars in all the opened .smali files, we will find a hit in HelloAndroid$2.smali line 130.



Our aim is to understand the serial checking function and write a keygen for it. For that we have to know all the dalvik opcodes that are used here. You can visit this page to understand the opcodes and after that you can convert disassembled code to much higher language constructs. I will provide a brief code snippet which actually implements the algorithm. Two hardware ids used are IMEI and sim serial number.

As you can see, the algorithm is pretty straight forward. It is using name and two hardware ids as input and doing some operations on them to make a serial. We can easily recode it in any programming language we prefer to make it as a keygen. Anyway, I am not posting any keygen sources as it will spoil the whole phun!

Decoding the Algorithm :
A demonstrative serial calculation routine is given below:

Name: aaaaa HW ID1: 0000000000000000 HW ID2: 89014103211118510720
Here are stepwise instructions on generating final serial number
At first 'aaaaa' will be converted to '9797979797', from which we will take first 5 letters and convert it into integer 97979
This will be xored with 0x6B016 resulting 511661 and this will be first part of serial. 
For second part, we will take first 6 letters from HW ID1 and HW ID2, convert them to integer and xor, resulting 000000^890141 = 890141.
For third part we will use first 6 characters from HW ID1.
Formatting with the specified delimiter the serial will become '511661-890141-000000'.

Final Verification of Reversing :
Now we will put the same magic number into our Crackme application. 



Bingo! everything worked as expected. Now, for all those who thinks it is pretty hard to read all those disassembled instructions and manually converting them to higher language constructs, there are other options. As dalvik is based on design of Java, it is also susceptible to decompilation. There is no decompiler available at this moment, but there is hope. 

For now we can use another utility which converts dex files to jar files so that we can use Java decompilers to see much more abstracted code. From starting of this blog post you may have noticed the tool dex2jar. Use dex2jar to convert classes.dex to classes.dex.dex2jar.jar. Open it in a Java decompiler and you can see much better output than dalvik disassembly. Please note that dex2jar is still in development phase and the output is meaningless at many places. This should be used only to get a quick understanding of all the functions.

Conclusion :
In this introductory article, Dhanesh explains reversing Andriod using the emulator and all available tools in sequence with pictorial elaborative steps. It is mainly based to set up your ground for further reversing work on Andriod Platform. 

Well, thats it! We have analyzed an Android program and defeated its protection. Cheerio!

Special How To Crack Gameloft Android HD Games Credit Goes to Djeman for Inventing This Method:

unpack an android package (apk) with a zip extractor, disassemble dex file in smali source files with dex2jar .
delete this {blue} line in the LicenseManagement.smali in the Billing folder.

if-nez v0, :cond_1      .line 224     const-string v0, "ANDROID BILLING"      const-string v0, "THIS IS A FULL VERSION PREVIOUSLY BILLED"      invoke-static {v2, v3, v0}, Lcom/gameloft/android/GAND/GloftRFHP/Billing/GLDebug;->debugMessage(ILjava/lang/String;Ljava/lang/String;)V      .line 225     invoke-static {}, Lcom/gameloft/android/GAND/GloftRFHP/Billing/LicenseManagement;->saveUnlockGame()V      move v0, v2      .line 230     :goto_1     return v0      .line 229     :cond_1     const-string v0, "ANDROID BILLING"      const-string v0, "THIS IS NOT A FULL VERSION!!!!"


So you have to delete the blue line, to avoid the game to jump to the read line (by deleting this line game will never show THIS IS NOT A FULL VERSION).
rebuild apk After that you need to sign it to run on your mobile.
http://www.symbiantalk.net/showthrea...K-Android-File
http://developer.android.com/guide/p...p-signing.html

To understand Dalvik's commands more, you'll need that website
http://pallergabor.uw.hu/androidblog...k_opcodes.html

And if you want to go further, for the .so file, the ELF Dynamic library, you have to use IDA Pro to analyze it, and with ARM doc (Find it here) you'll be allowed to modify the file with a hexadecimal editor by calculating the ARM opcodes.

All information is provided for educational purposes only.

You can replace this text by going to "Layout" and then "Page Elements" section. Edit " About "