SoldierX.com SquidBlackList - the world's largest porn blacklist! HAX Radio - The stream the FBI Listens to! Offensive Security Wireless Professional PWNIE 2012 Nominations The Hip-Hop Realm

Archive for November, 2010

PhoneLosers of America Red Box Android App Update

Monday, November 29th, 2010

Red Box Android App

I released version II today. This app has about 4800 downloads and a 3.5 star rating!

evilgold
Jul 21, 2010
Works great! I’ve tested with several different Qwest pay phones, worked every time. It has to be a local call and you have to get a live operator to dial number, but it fools them just about every time.

I found that quote just trolling around with Google today. Anyways, the new enhancements are great, new help section and two new screens.
I changed the sound engine from MediaPlayer(); to SoundPool(); which has truly made quite a difference. Also I made a video walk-through for our YouTube site:

Download and enjoy!

WeakNet Wireless Professional Exam Android App Update

Well as expected I spent all of yesterday re designing the UI. I am simply waiting for a few question from some friends and then I’ll post more about it!
I have decided to make a certificate for this. If you get all 100 questions right, you will be brought to a screen with a button, hit the button and Email will open and send me a code. You can put a message in the Email for a name / etc that I will post about here. I will be creating a whole new page for this @WeakNetLabs.com.

In the meantime, here is a screenshot!

WeakNet MySQL CheetSheet Android App

This is an all new project I just started. Basically it takes the iGoogle app I made and tunes it into an Android App. I’ll give more details about this as I get time. This seems like something that would be insanely useful when you are a DBA for MySQL and need a reference on the fly.

~Douglas.

WeakNet Wireless Professional Exam (for Android)

Friday, November 26th, 2010

Android Fundraiser Application (Wireless Professional Exam)

Well, it’s official. I have a few wireless professionals helping me create the questions for this test! I have decided to create a small watermarked certificate for those who get every question right. :) I no longer provide the correct answer after the user misses a question, but now just a link to an online reference where the answer can be found. This means to be a “pro” you will have to do a little more leg/click work!

Anyways, thanks to Vladimir I have compacted my code and made the apk (Android installer application) smaller and insanely efficient. Now the questions reside in Strings.xml which is a static XML file in Android Java packages. I came up with this really cool system of using strings and on-the-fly identifiers that uses much less complex code than those methods provided by the Google SDK and other “exceptionally verbose” methods like SAX Parser and XPP. Man, those are awful.

I have settled on a price – $2 USD. I figure this is good for an exam application that shall get your inspired enough to do research and become a pro/hacker on the subject + the certificate will be nice. Once this is all over and if I am successful, I will be releasing a huge weblog post here at WeakNet Labs on each step I took to create this application. Each turn and crack I jumped over. Each bug I squashed and odd Java monster I researched into the ground will be provided only here – at WeakNet Labs.

WeakNet Linux 5.1

This has been put on hold since I accidentally broke my “9″ key off of my keyboard. Being a programmer, I had no idea how often I actually use that key! Anyways, development has started again after I made an online self dispatch from DELL and replaced the internal keyboard in the notebook. Expect more soon!

Thanks!

~Douglas.

Android Fund Raiser Project (WiFi Hacker Exam).

Monday, November 22nd, 2010

As stated previously, I am trying to raise some money to re-purchase a Kindle DX. I will be releasing a new Exam application into the Google Market published from WeakNet Labs for $2.00 USD. My application is not a specific exam preparation tool, but a compilation of all things WiFi hacking / admin / hardware related. It has OSWP/Aircrack-NG/CWSP/CWNA/WirelessDefence/ RELATED questions added to it.

So far it has a nice selection of background music, resources to online utilities and learning sites, optional sound effects, nice statistics sore keeping methods, and a secret bonus for those who are 31337 enough to bet EVERY question right!

I will re-post when the application is finished, probably sometime before soon!

~Douglas.

Information Security Awareness

Monday, November 22nd, 2010

I am in Hershey Pa, attending the SunGard PABUG conference. This is a conference for Banner users at university’s. Banner is a way to access data from from information systems like an Oracle RDBMS. I just got out of talk titled “The Value of IT Security” from Chris Walcutt of Advanced SunGard Higher Education. The talk was fine, but lacking one thing. Wireless security. He knew all about govt regulations and steps to take after a breach. He talked about stolen data from physical devices; phones, laptops, computers. He mentioned Social Engineering and how his firm is always granted access to buildings when dressed as Terminix employees. Poor Terminix, LOL, they are used so often as a decoy… But what about WiFi? Being a shared medium, this is like a HUGE open door to any campus. Once in, you can PWN machines, pivot, pass the hash, etc. the possibilities are endless. Here are four things that stuck out at me as SUPER important for I.S.:

1. There are data breach legislations set in some states that say that the owner of the victim server is responsible for notifying those persons whose data has been stolen. Now, if your customers, students, clients, etc are from those states and you are not in one of said states, you NEED to notify them. This reminds me of the time the DB at the Mozilla Store was cracked into. I was notified. Pennsylvania IS one of them. Anyways, that an awesome thing to keep in mind!

2. You NEED a designated person in charge of security. This can be any person in your institution. They don’t necessarily need to be Ethical Hacker Certified, or certified at all. They just need to be okay with doing research when they don’t know something security-wise. This is because of the frantic things and emotions that can happen after a breach. Having many people in your institution will just break down. Awesome point!

3. Don’t use your work machine for Forensics purposes. In fact, don’t even use a networked machine at all for forensics purposes. This is so obvious it shouldn’t have been mentioned, but I guess this is all part of the “Awareness!” – Good point!

4. Keep logs and records of “baseline assessments.” This is the very basic assessment. You can have anyone do these. I would have added more specific suggestions like these to his talk: Run nikto, simple SQL injections utilities (some of which are simply Firefox plug-ins now) , metasploit (well, I’d instruct to use FastTrack for speed for these really basic tests), run other suites like Nessus, Core, etc. Then simply log everything you find.

It was a good talk and well worthy of retelling it. But, wireless networks! I have bypassed the most advanced security systems using a simple wireless phishing attack! I guess a lot of things slip people’s minds in this field. It makes sense, because there is just far too much stuff to keep up with. Security Awareness in IT is a huge topic. One that should never die. Thank you for the great presentation, Chris!

~Douglas.

Android Developer Tips and Tricks

Sunday, November 21st, 2010

Well, after he tragedy of the fire, I was really broke. I sold my Kindle DX for food/utility monies and have since deeply regretted it. So I started thinking about ways to come up with the cash to buy a new Kindle. Then I thought, “what better way to do that than to sell an app in the Android Market?”

So, I went back to basics and started reading Java books, this time I wanted to get it right. I started to fall asleep and changed my mind. So then I dove right into coding…

Along the way, actually I am still in the middle of coding the application, I found that the documentation from the Google Android Developer Site was alright, but not what someone like me needed. I have since found that if I need to recall some very bloated piece of Java/Android class/method/etc, it’s easier to just search Google and skip the Android Developer site. There are tons of references and real life error solving posts online. Now, I would like to contribute a few tips and tricks for the non-Java fluent crowd.

Take a deep breath.

1. Eclipse -_-

The IDE used for Android development Eclipse isn’t at all that great. Well, I can’t really say that, because I have only developed Android/Java with it. So maybe Google’s SDK occasionally breaks it? Anyways, sometimes it reports non existent errors in your code, and I found that by going to Project->Clean… in the top menu bar fixes that. Now, you can imagine, if you’re like me and don’t really understand Java that well, this can be such a nightmare. Eclipse will sometimes say this:

[2010-11-20 11:41:57 - My Cool Ass Application] Installation error: INSTALL_FAILED_INSUFFICIENT_STORAGE
[2010-11-20 11:41:57 - My Cool Ass Application] Please check logcat output for more details.
[2010-11-20 11:41:57 - My Cool Ass Application] Launch canceled!

This is cute and utterly annoying. In fact, this has caused me to completely give up on coding boated Android/Java for the day on a few occasions. waiting for the AVD to reboot – sucks. This Google Groups post says to restart the emulator. Yeah, thanks Google. At first I gave the emulator the benefit of the doubt and thought, “hey, my app has an mp3 compiled into it making it rather big (12MB), maybe I should move the mp3 to the SD Card upon installation or put the mp3 somewhere online and stream it to the system. Then I clicked on Settings->Applications->Manage Applications and the Android AVD said this:

You do not have any third party applications installed.

After hours of research, I figured out that this error means nothing at all. If you reattempt to upload your project (CTRL+F11) it will not solve the non-existent error. This means that you need to either restart the AVD (Android virtual machine you are testing the project on), or sometimes it gets so bad you need to restart the emulator too. If you still get it, you need to delete the AVD and create a new instance:

Window->Android SDK AVD Manager->Delete->New...

Sometimes the Error console will say that it just brought the old version to the front screen! This is AFTER you tell the IDE to upload and install a new version. How disrespectful!

Speed is another thing to consider. I use CTRL+F11 to hurry up and upload the app to the device and run it. If you edit your XML file to say wrap the contents of the LinearLayout tag in ScrollView tags, this causes Eclipse to slow down to a crawl. Not only that, the project will be loaded into the emulator AVD and you will see a nasty red X next time you go back to the XML to view it and not know why it’s there. – Take your time with this gigantic Cthulhuian slow IDE.

Two more things I’d like to vent about with this – you cannot drag selected text in the XML editor window. Over the last few years or so I have come to love that feature in applications. I try once, then I should remember not to do it again. I do it twice shame on me. I do it three times – i swear out loud. Next is the fact that the XML editor doesn’t translate to the code itself from the design view. In Dreamweaver all of my experience has been with design, code, or split view. If you select an object in the design view you can switch back to the code view and it’s selected. This would be seriously useful in Eclipse as there are often elements that you don’t see (dynamically created, void of content atm, etc). Take a deep breath.

2. MediaPlayer VS. SoundPool

There is a HUGE difference between MediaPlayer and SoundPool. These Java classes play media (sounds, songs, videos, etc). What I think is odd is that I never knew that SoundPool existed! Yeah, if you casually broswe to the Audio Video section of the Android Developer site, it only mentions MeidaPlayer! If you are making an application that is going to play more than 7 sounds and you use MediaPlayer, it will force close no matter which version of the SDK you are running. In fact, if you create the MediaPlayer objects in the beginning of your main class, you will get a force close. I try to read the fine print in the debugger, but I can’t make heads or tails of it. Playing sounds, like Sound Board applications, video games, etc, should be coded to play sounds using the SoundPool. Sure, it’s like 10 more lines of code you have to reference (use Google), but it won’t force close.

3. Classes in Manifest.XML

Classes and Activities need to be in the Manifest.xml If you create a new class and forget to put it into the Manifest.xml file and you call it with Intent, you will get a force close. Hell, if you call a different class using Intent, it (Java) scans all the classes in the Manifest.xml and matches them to what’s available and will force close too! After making a new class, make sure you re-open the Manifest.xml each time and add it. This is a step I forgot loads of times because I never really have that file open in the IDE.

4. Toast Objects

You can call a Toast object with one line. This is far nicer than what I used to use. The less amount of Java code the better when doing ANYTHING. Here is a good example of that:

Toast.makeText(getBaseContext(), "Say something cool!", Toast.LENGTH_SHORT).show();

Toast objects are those little grey boxes that pop up when you are notified in Android. You can completely customize almost anything you want, it just takes a significantly larger amount of code writing skill and time.

5. Life Cycle

The Life cycle of an Android Application is rather important to consider as well. Say you create a new class, activity and layout for that class. If you call that class (change windows, similar to “rooms” using the Nintendo DS IDE for programming with Nintendo DS), the current Activity will call onPause(); Now, according to Google, onResume(); get’s called when the old class gets brought back to the front:

This isn’t necessarily true. If you hit the back button to leave a class, and the old class is brought back to the front, onResume(); is not called. I haven’t tested this, but I am pretty certain that you need to use a button in the application to go back to the previous class to call onResume(); I found an awesome video about these where SleepyDog <-- Awesome coder! basically outputs what the Android application is doing at all times:

6. Android App Inventor

This is an online resource that you need special permission to use. Android App Inventor is a Java based (no surprise) web application that allows one to make cheeky little applications, like sound boards, picture frames, etc. I made a small app with it that plays a few of my songs. These songs are mp3′s that I had compiled right into the application. I maxed the size out (25MB for any Android Application) and tried to add it to the Android App Market. FAIL. You cannot add applications you created using this web app to the market. I tried downloading the apk unpacking it and resigning it then uploading it, wrong. I jumped through hoops trying to work around this and realized that anytime I do anything Android dev related I am jumping through hoops and essentially wasting man hours. I’d recommend using the buggy SDK with the Eclipse IDE.

7. jQTouch

jQTouch is awesome. It works wonders with the iPhone. If you try it with Android, it simply doesn’t look as nice or function as nice. As far as Android developers are concerned, try it out cos it’s so easy and functions okay across most mobile devices, but don’t really expect something phenomenal. jQTouch is a jQuery based web app that expands the browser full screen – imitating a native application. It can be used with AJAX or Asynchronous Javascript and XML. This means if you wanted a nice list output of all contacts or merchandise in a database, you can call it with AJAX and return the results. Everything is pretty much a div. All divs are hidden unless called via onCLick method, href=”#NEXTDIV” using ID’s.

jQTouch Preview from David Kaneda on Vimeo.

With an iPhone or iPod touch you can create a special icon file that is used when you add the web app to the home screen. Fully customizable via CSS, images, etc. While developing (for iPhone) I would recommend using the MobiOne iPhone emulator so you don’t have to waste your battery and/or time using a real device. The MobiOne is the best emulation tool for any mobile device I have had experience with.

Well that concludes this package of tips for the Android newbie. I hope this helps someone who is searching for answers!
~Douglas.