News broke today that the Vodafone SGS2 ICS update is rolling out, and it kinda hit close to home with it since I'm still using the slightly older (original) SGS phone on Vodafone.
To say Samsung are leading the Android world, they are so slow when it comes to updates. The 1 thing that is killing off stock roms is how bloated they are, and how stubborn carriers are. TouchWiz is so bloated that the TouchWiz in ICS can only be run on GS2 and not Galaxy S, yet both can run CyanogenMod9 perfectly fine. I love Samsung devices, they are of very good quality, but Samsung suck when it comes to supporting their devices. If they'd listen to what the people want and get rid of TouchWiz instead of thinking about only themself, LOTS of other Samsung devices could already have Ice Cream Sandwich right now. Think about it, the original galaxy tab 7 & 8.9 & 10.1 can ALL run CM9 without problems, even lower end phones like Galaxy Ace CAN run CM9.
To me, all they do with this is push people away from stock roms and push them over to CyanogenMod. Stock is just so bloated with TouchWiz it's beyond stupid. I've seen posts like this across several other forums and the main reason companies like Samsung aren't doing this is the whole money issue. If they supported EVERY device, then they wouldn't make as much as they could with upcoming future devices and I agree, but this is nothing but greed.
Some of the devices released recently like the Galaxy Nexus and a few other phones rocking the NFC chip is a good move forward, but NFC has yet to be adapted around the UK so it's not much use, only in a minority of places.
However, Samsung should still adapt their slightly older devices, the original Galaxy S is only 2yrs old and it's been proven it can run CM9 ICS (Team Hacksung CM9 build 17, Team ICSSGS 4.0.3 , etc) perfectly fine minus a few bugs from missing kernel code, but again, Samsungs fault. Samsung should be adapting their the OS to their devices, not forcing customers to upgrade needlessly.
There is absolutely no reason why companies can't adapt current CM9 builds around their devices, Android is open source so theres no copyright issues to worry about. I KNOW for a fact XDA & the Cyanogen team would happily work with carriers to make ROM's better, that's what the Android community is all about.
In more recent news, Boeing are moving forward to develop a "super secure Android phone" for military use. There isn't much detail so far, but I would love to know what they mean exactly when they say "super secure" - I assume this means it will have some kind of root protection, but when it comes to Android, no phone is secure against being rooted. As quoted in a thread on XDA, "it CAN and WILL be rooted".
Don't get me wrong, I like the fact that US military are adopting to the Android system, but "super secure"? hardly. A military level secure phone might be harder to tinker with, but it is possible with all the various Android hacking tools out there.
Friday, 13 April 2012
Wednesday, 21 December 2011
Sophospuzzle answers
Yesterday Sophos introduced a small Christmas challenge, and I took part it in, it was definitely a fun learning experience.
The first step is deciphering this: =ImYndmbn1ieiBnLmJWdjJmZ
As soon as I saw it I knew it looked familiar but it doesn't decrypt straight away, it's in the wrong order. Swap the lettering around including the = sign, so it should now be ZmJjdWJmLnBiei1nbmdnYmI=
You'll need this to decode it. http://www.opinionatedgeek.com/dotnet/tools/base64decode/
Input the fixed lettering into the calculator and decode it safely as text and you'll get this: fbcubf.pbz-gnggbb
Still doesn't make a lot of sense does it? ah well, lets decode it again. It's encoded using rot13, rot short for rotate, it rotates any letters 13 letters forwards or backwards in the alphabet. http://rot13.com/index.php when it's decoded, you'll get sophos.com-tattoo, remove the - and replace it with /.
* Note, remember "rot13", you'll need it later.
That was rather easy. Now use that URL and get to the second stage.
http://www.sophos.com/en-us/security-news-trends/security-trends/tattoo-puzzle.aspx
======================================================
Second stage:
This is a much harder stage and you'll want either Python or C programming language experience. I went with C and wrote a short little program for this step.
Anyway, download the text file and read the instructions. Now you'll need to decode the block of text.
Now ignore the ascii art in there, it doesn't mean anything towards this, it just looks nice. Start at the top and analyze the code, we can see 504b code, which is code for zip, so we can safely assume this is a zip file.
Now this is where you'll want either Python or C to help out. As I said, I used C, so here is a pastebin or my coding for my program.
http://pastebin.com/LeMpAkSP
It's also worth me mentioning a little extra thing about that block of text. It's hex code, so you can run it through a hex to ascii translator, and you'll be able to decipher some of the real text, you'll also get a hint of what it inside that zip file.
Use my program to strip out any characters that shouldn't be there and put the zip file back together. Once you have the zip file, you'll need to extract the zip file and get the image from inside it, but first, you'll need the password for it. Remember I said you'll need rot13? that's the zip password, so now you can extract the image.
Now once it's extracted, have a peek at it and play around with it. It's just a pink block, that's all you'll see till you open it up. The block actually has some hidden text in it, but your not supposed to know that till later on.
What I mean by that is, open the gif file in Notepad (or whatever word editing program you prefer, Notepad++ personally), now remember these 2 things: Since when was pink a shade of gray? & GIF89a
You'll need those 2 hints later.
Now we can open up the image file and reverse engineer it. Not everyone will be able to do this, but I can because I'm on Windows XP. I used the debugging program through the command line.
cd C:\
cd gif
debug theimage.gif
You'll get just a dash when you open the debugging program, so now you'll want to dump the memory, press d & enter.
Next, you'll notice that GIF89a has re-appeared, I said you'll want to remember that along with the next bit I'll talk you through. Once you dumped the memory, it will come to the - mark again, so press d and do another dump of the memory to get the important part. (-d)
This second block of code has the important bit, you'll see some more bytes of data. F1 BB ED
That's where the hidden text is, there's more than 1 pink in the paint palette and that's why you can't see it normally, no matter what you do. Okay so we now have the bytes where that hidden text is, so we need to change the colour to be able to see it. Back at the - mark, this time type "e 34d", and press enter to edit the data.
You'll see F1 come up, and I changed it to 80 (gray) so I could see it, and I did this for all 3 bytes of text. Type 80 next to the F1, press space, Do the same for BB & ED.
Now you've changed the colour of all 3, press enter to get back to the - mark, type w and press enter to write the new data. 429 bytes of data should be written now, and you can now close the command prompt by typing q at the - mark.
Now open the gif file again and you can see the hidden text. Spy Bounty Recurs? what does that mean?
It's an anagram, this step is somewhat easier. Run it through an online anagram solver, however the last word wont come out right, but from what letters are left, you could work it out. You could also do this manually and go look at NakedSecurity site, the hint is to do with travel and USB's.
ENCRYPT YOUR USBS
Is the answer. Hope you all had fun. :)
The first step is deciphering this: =ImYndmbn1ieiBnLmJWdjJmZ
As soon as I saw it I knew it looked familiar but it doesn't decrypt straight away, it's in the wrong order. Swap the lettering around including the = sign, so it should now be ZmJjdWJmLnBiei1nbmdnYmI=
You'll need this to decode it. http://www.opinionatedgeek.com/dotnet/tools/base64decode/
Input the fixed lettering into the calculator and decode it safely as text and you'll get this: fbcubf.pbz-gnggbb
Still doesn't make a lot of sense does it? ah well, lets decode it again. It's encoded using rot13, rot short for rotate, it rotates any letters 13 letters forwards or backwards in the alphabet. http://rot13.com/index.php when it's decoded, you'll get sophos.com-tattoo, remove the - and replace it with /.
* Note, remember "rot13", you'll need it later.
That was rather easy. Now use that URL and get to the second stage.
http://www.sophos.com/en-us/security-news-trends/security-trends/tattoo-puzzle.aspx
======================================================
Second stage:
This is a much harder stage and you'll want either Python or C programming language experience. I went with C and wrote a short little program for this step.
Anyway, download the text file and read the instructions. Now you'll need to decode the block of text.
Now ignore the ascii art in there, it doesn't mean anything towards this, it just looks nice. Start at the top and analyze the code, we can see 504b code, which is code for zip, so we can safely assume this is a zip file.
Now this is where you'll want either Python or C to help out. As I said, I used C, so here is a pastebin or my coding for my program.
http://pastebin.com/LeMpAkSP
It's also worth me mentioning a little extra thing about that block of text. It's hex code, so you can run it through a hex to ascii translator, and you'll be able to decipher some of the real text, you'll also get a hint of what it inside that zip file.
Use my program to strip out any characters that shouldn't be there and put the zip file back together. Once you have the zip file, you'll need to extract the zip file and get the image from inside it, but first, you'll need the password for it. Remember I said you'll need rot13? that's the zip password, so now you can extract the image.
Now once it's extracted, have a peek at it and play around with it. It's just a pink block, that's all you'll see till you open it up. The block actually has some hidden text in it, but your not supposed to know that till later on.
What I mean by that is, open the gif file in Notepad (or whatever word editing program you prefer, Notepad++ personally), now remember these 2 things: Since when was pink a shade of gray? & GIF89a
You'll need those 2 hints later.
Now we can open up the image file and reverse engineer it. Not everyone will be able to do this, but I can because I'm on Windows XP. I used the debugging program through the command line.
cd C:\
cd gif
debug theimage.gif
You'll get just a dash when you open the debugging program, so now you'll want to dump the memory, press d & enter.
Next, you'll notice that GIF89a has re-appeared, I said you'll want to remember that along with the next bit I'll talk you through. Once you dumped the memory, it will come to the - mark again, so press d and do another dump of the memory to get the important part. (-d)
This second block of code has the important bit, you'll see some more bytes of data. F1 BB ED
That's where the hidden text is, there's more than 1 pink in the paint palette and that's why you can't see it normally, no matter what you do. Okay so we now have the bytes where that hidden text is, so we need to change the colour to be able to see it. Back at the - mark, this time type "e 34d", and press enter to edit the data.
You'll see F1 come up, and I changed it to 80 (gray) so I could see it, and I did this for all 3 bytes of text. Type 80 next to the F1, press space, Do the same for BB & ED.
Now you've changed the colour of all 3, press enter to get back to the - mark, type w and press enter to write the new data. 429 bytes of data should be written now, and you can now close the command prompt by typing q at the - mark.
Now open the gif file again and you can see the hidden text. Spy Bounty Recurs? what does that mean?
It's an anagram, this step is somewhat easier. Run it through an online anagram solver, however the last word wont come out right, but from what letters are left, you could work it out. You could also do this manually and go look at NakedSecurity site, the hint is to do with travel and USB's.
ENCRYPT YOUR USBS
Is the answer. Hope you all had fun. :)
Wednesday, 23 November 2011
HTC Mistreating Customers
This a somewhat controversial topic, don't like it then don't read it but if you care about internet freedom, please help spread this.
HTC/Samsung and possibly other companies are installing rootkits in Android phones, coded into the kernel and it hides in the memory. No this rootkit isn't "malicious", but it's installed [B]without your consent or knowledge[/B] and collects data on you.
One developer who goes by the name of TrevE over at XDA-Developers has blogged about this rootkit, and within the first 24hrs of his information being released, lawsuits are being filed on him by HTC that all his info and research has to be pulled down and must issue a public apology to HTC and has 24hrs to do it. HTC do this so he didn't have time to seek legal advice. Guess what? he got legal advice from EFF (Electronic Frontier Foundation), who came to his aid.
Congratulations HTC, you pissed off the Android community and now you will pay for it. Any dev is advised to dev the hell out of any HTC phone and find out what else HTC is upto.
Also, am I the only one wondering what will happen if this mistreatment continues? I'm sure we all remember what happened to Sony when our brothers from Anonymous stepped in? we wouldn't want the same to happen to HTC would we?
Just a quote from the video, but isn't this the same thing?
I've bolded the parts that are relevant to this situation. Anyone agree?
http://www.xda-developers.com/android/carrier-iq-sues-treve/
HTC/Samsung and possibly other companies are installing rootkits in Android phones, coded into the kernel and it hides in the memory. No this rootkit isn't "malicious", but it's installed [B]without your consent or knowledge[/B] and collects data on you.
One developer who goes by the name of TrevE over at XDA-Developers has blogged about this rootkit, and within the first 24hrs of his information being released, lawsuits are being filed on him by HTC that all his info and research has to be pulled down and must issue a public apology to HTC and has 24hrs to do it. HTC do this so he didn't have time to seek legal advice. Guess what? he got legal advice from EFF (Electronic Frontier Foundation), who came to his aid.
Congratulations HTC, you pissed off the Android community and now you will pay for it. Any dev is advised to dev the hell out of any HTC phone and find out what else HTC is upto.
Also, am I the only one wondering what will happen if this mistreatment continues? I'm sure we all remember what happened to Sony when our brothers from Anonymous stepped in? we wouldn't want the same to happen to HTC would we?
Just a quote from the video, but isn't this the same thing?
Hello Sony
It has come to our unfortunate attention that you have decided to interupt the free flow of information. As you well know from other acts performed by Anonymous, that we will not stand for this.
By sueing Geo Hot, and attempting to view the IP addresses of those who watched his videos, you have angered the hive.
I've bolded the parts that are relevant to this situation. Anyone agree?
http://www.xda-developers.com/android/carrier-iq-sues-treve/
Friday, 18 November 2011
Android Security - Pointless?
Thanks to a post from @Androidpolice on Twitter for posting this. The following posts contains quotes from Googles own open source project manager Chris DiBona (he's a complete douche bag btw).
Mobile Security is apparently pointless from what Chris says.
So, is Lookout Mobile Security useless and pointless? Hey Chris, it's 2011, wake up and smell the coffee. Security is becoming a bigger and bigger issue, malware is evolving. Yes what we have right now may not be 'big' per se but it's heading that way.
So Lookout are "scammers and charlatans". Hey Chris, I wonder what will happen if this was sent to Lookout Mobile Security, or Kaspersky Mobile Security, or BitDefender Mobile Security? OOOH SHIT wait I already sent it to Lookout. Oh well. Can anyone 'lawsuit'?
Also what makes me laugh:
Mobile Security is apparently pointless from what Chris says.
Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. If you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.
So, is Lookout Mobile Security useless and pointless? Hey Chris, it's 2011, wake up and smell the coffee. Security is becoming a bigger and bigger issue, malware is evolving. Yes what we have right now may not be 'big' per se but it's heading that way.
If you read a report from a vendor that trys to sell you something based on protecting android, rim or ios from viruses they are also likely as not to be scammers and charlatans.
So Lookout are "scammers and charlatans". Hey Chris, I wonder what will happen if this was sent to Lookout Mobile Security, or Kaspersky Mobile Security, or BitDefender Mobile Security? OOOH SHIT wait I already sent it to Lookout. Oh well. Can anyone 'lawsuit'?
Also what makes me laugh:
So there you go. I'm sure people will now chime in about some worm or malware they downloaded from some app market or something, which will be moderately fun, then it will devolve into a discussion about something unrelated, then I'll cancel comments. :-)This guy is quite obviously a troll who can't face the truth. Proposes a statement but can't back it up, and when people show him facts that he's wrong, he disables comments. Chris, PLEASE do EVERYONE a favour and kindly go kill yourself now. Thank you.
Thursday, 17 November 2011
Suing Acer; More Trouble Than It's Worth?
Acer are being sued in CA for misrepresentation. You can grab a copy of the document file here [pdf] http://www.multiupload.com/1SMVYSVR6S
Acer sold some laptops that were supposed to come with OEM Recovery CD's and didn't. Obviously recovery CD's are very handy should something go wrong, and I'm guessing the person who filed this lawsuit isn't an advanced person when it comes to technology and computers. Yes Acer may have misrepresented it, but is going through (no doubt) months worth of court action, seeing lawyers, paying for lawyers, etc worth all this bother?
I see the point their making and it's a valid point, but it seems more trouble than it's worth.
I don't have any recovery discs for mine neither and yes my machine has died on me in the past and wouldn't boot no more, but seriously that's not the end of everything. I just boot Linux instead, open source, free to download the OS, free to burn to a CD, grab my data and format. Takes me what, 1hr maybe 2? that seems like less of a bother than going through months of court related stuff, having to pay for lawyers, etc
This costs me what? like £50 for a decent external 1TB HDD that hasn't failed on me in the past 3yrs, £10 for hundreds of blank CD's to put Linux on. £60 seems a good deal than bothering with courts if I'm honest. :\
I dunno, go figure.
Acer sold some laptops that were supposed to come with OEM Recovery CD's and didn't. Obviously recovery CD's are very handy should something go wrong, and I'm guessing the person who filed this lawsuit isn't an advanced person when it comes to technology and computers. Yes Acer may have misrepresented it, but is going through (no doubt) months worth of court action, seeing lawyers, paying for lawyers, etc worth all this bother?
I see the point their making and it's a valid point, but it seems more trouble than it's worth.
I don't have any recovery discs for mine neither and yes my machine has died on me in the past and wouldn't boot no more, but seriously that's not the end of everything. I just boot Linux instead, open source, free to download the OS, free to burn to a CD, grab my data and format. Takes me what, 1hr maybe 2? that seems like less of a bother than going through months of court related stuff, having to pay for lawyers, etc
This costs me what? like £50 for a decent external 1TB HDD that hasn't failed on me in the past 3yrs, £10 for hundreds of blank CD's to put Linux on. £60 seems a good deal than bothering with courts if I'm honest. :\
I dunno, go figure.
Wednesday, 16 November 2011
Google Music: I Don't See The Point In It?
Okay so today Google released their new Google Music service, it was a decent conference, you'll probably find the recorded version for playback on the Android Youtube channel soon.
Now me personally, I don't want to come off like I'm all for piracy because I'm not, but I seriously do think this whole Google Music stuff will only lead to piracy.
Someone buys a song, shares it over Google+, so their friends can listen it to once. Now, it's not exactly hard to go download Audacity to record the song as it's played back. Now the problem is, whoever does that has a free copy of whatever song, this person brags about it to his friends and ends up passing it to them, they pass it to their friends, etc.
Somewhere along that line, the file is uploaded to the internet via file hosts/P2P/torrents, and eventually ends up on Youtube, now people across the globe can listen to it whenever they want. I have Internet Download Manager installed on my machine and IDM allows me to download songs (including video) in flv format for FREE.
Now lets recap. Songs people have to BUY eventually end up on the internet, anyone who's anybody can get a copy of them for FREE. Problem Google?
Also, I noticed I can't download Google Music to my SGS phone as it's only for US people. Oh wait someone leaked the APK and now I do have Google Music.
That is all.
Now me personally, I don't want to come off like I'm all for piracy because I'm not, but I seriously do think this whole Google Music stuff will only lead to piracy.
Someone buys a song, shares it over Google+, so their friends can listen it to once. Now, it's not exactly hard to go download Audacity to record the song as it's played back. Now the problem is, whoever does that has a free copy of whatever song, this person brags about it to his friends and ends up passing it to them, they pass it to their friends, etc.
Somewhere along that line, the file is uploaded to the internet via file hosts/P2P/torrents, and eventually ends up on Youtube, now people across the globe can listen to it whenever they want. I have Internet Download Manager installed on my machine and IDM allows me to download songs (including video) in flv format for FREE.
Now lets recap. Songs people have to BUY eventually end up on the internet, anyone who's anybody can get a copy of them for FREE. Problem Google?
Also, I noticed I can't download Google Music to my SGS phone as it's only for US people. Oh wait someone leaked the APK and now I do have Google Music.
That is all.
Android Security: What Should We Worry About?
Last night I was crawling the net for the latest security news and found something of real interest. More Android malware? more Android vulnerabilities? Nope. Although I will say this. Android malware is optional, yes I said optional. What do I mean by that?
Android malware can be installed with your permission, and doesn't come free with the phone when you buy it. This security threat is NOT optional and is installed by your carrier. This threat has permissions even higher than super user and hides in your phones memory.
So what is it exactly? this rootkit is known as Carrier IQ (CIQ for short). What does it do you ask? normally CIQ is used to report back to the manufacturer when there is a problem with the phone, like if it crashes, etc. No big deal right? wrong.
The CIQ on Samsung/HTC phones is used as tracking system. It's tracking YOU. It's tracking your location via GSP even if you have it switched off, your calls, your text messages, what apps your running and when you use them, etc. Yes, this threat is keylogging you.
What makes this even worse is all that data is sent back to your carrier and is NOT anonymous. All that data has YOUR name on it. Apparently your privacy doesn't matter to HTC or Samsung, you don't have the option to opt-out of this program.
You can find both articles on XDA-Developers forum here and here.
Personally, I didn't even know about this invasion of my privacy until last night and this quote from XDA pretty much sums up how I feel about it.
Something tells me Samsung and HTC are about to be sued to hell, we shall see.
Android malware can be installed with your permission, and doesn't come free with the phone when you buy it. This security threat is NOT optional and is installed by your carrier. This threat has permissions even higher than super user and hides in your phones memory.
So what is it exactly? this rootkit is known as Carrier IQ (CIQ for short). What does it do you ask? normally CIQ is used to report back to the manufacturer when there is a problem with the phone, like if it crashes, etc. No big deal right? wrong.
The CIQ on Samsung/HTC phones is used as tracking system. It's tracking YOU. It's tracking your location via GSP even if you have it switched off, your calls, your text messages, what apps your running and when you use them, etc. Yes, this threat is keylogging you.
What makes this even worse is all that data is sent back to your carrier and is NOT anonymous. All that data has YOUR name on it. Apparently your privacy doesn't matter to HTC or Samsung, you don't have the option to opt-out of this program.
You can find both articles on XDA-Developers forum here and here.
Personally, I didn't even know about this invasion of my privacy until last night and this quote from XDA pretty much sums up how I feel about it.
Remember, we may not be the vast majority of your users/customers, but unfortunately for you, our communities are the ones who can make your sales efforts into a living nightmare. Consumers are the ultimate key holders and we suggest that you stop looking at us as dollar signs and more like people and customers. All in all, I am not for sale and my privacy is priceless.
Something tells me Samsung and HTC are about to be sued to hell, we shall see.
Subscribe to:
Posts (Atom)