Auch wenn keiner danach gefragt hat, ich wollte das Rezept für den Brotaufstrich den ich auf Hönis Feier mitgebracht habe noch festhalten.

Hab ihn nach längerem suchen (Das Haus verliert nichts) in einem alten Büchlein von mir gefunden. Nennt sich Liptauer und ist für mich ein untrennbare österreichische Erinnerung.

Und nun viel Spaß beim nachmachen.

– Sec

Fefe bloggt in letzter Zeit lauter Links in die Arte Mediathek. Leider gibt es den Kram dort nur gestreamt, und nicht zum runteladen.

Dafür gibt es zwar das praktische rtmpdump, aber man muss immer noch die URL des Streams rausfummeln.

Zusätzlich dazu gibt es noch eine pseudo-Security in der der Client einen passenden Hash mitschicken muss, sonst bricht der Stream nach kurzer Zeit ab.

Weil mich das schon beim zweiten mal genervt hat, hab' ich ein kleines Script geschrieben, was sich für einen durch die .xmls wuselt, und die passende Kommandozeile für rtmpdump zusammenbastelt.

Die komfortable Version ist ein Greasemonkey-Script arte_rtmpdump.user.js das beim betreten der Mediathek-Seiten einfach in einem kleinen Window den passenden Aufruf von rtmpdump anzeigt.

Wer nicht so auf Browser-Integration steht kann mein kleines perl-script arte_rtmpdump.pl nehmen, das braucht allerdings noch XML::LibXML und mein GET.pm als Module.

Happy downloading…

– Sec

Update: I fixed arte_rtmpdump.pl to now only require the Mediathek URL on the commandline and work from there. So no more checking the source :-)

The following post is a bit longish, and details my foray into the BSD TCP/IP stack debugging and finding what I think is a 15-year old bug.

Read more ...
posted at: 14:43 | Category: /tidbits | permanent link to this entry | 6 comments (trackback)

At work, we acquired the above mentioned 24Port switch from Dell. It supports a so called managed mode (needs to be enabled by poking into a hole on the switch with a paperclip).

Enabling that sets the switch IP to 192.168.2.1/24 – with no way to change that. So far so annoying. Ok, I can configure an alias on my Ethernet to connect to that.

When you do that, don't be impatient, the IP needs ages to come up, but eventually you will be able to ping it.

I was a bit surprised that it actually only supports http on port :80, no https, no ssh, no telnet and no snmp. – But ok, lets log in via http.

The login page is not only a <frameset> (well, it came out 2005, but was that really necessary?), but only works with javascript: – WTF?

Trying to login with the default credentials (user admin, empty password) results in a Error message User name or Password is missing.

Gory details about this bug...

TL;DR: Their TCP/HTTP code is broken, and their support doesn't know it.

Have fun.

– Sec

How to patch an Android application:

First off, some basics. Android applications are delivered in a single .apk file. This is simply a differently-named .zip file, so any common zip tool should be able to unpack it. Inside you will usually find all the resources (images, sounds) and (among other things) a file called classes.dex which contains the code for that application. This is bytecode for the dalvik VM. You can disassemble this bytecode into something you could call android assembler. Compared to real assembler code, this is pretty high-level, but still nothing like a high-level language like java. As method and member names are preserved, it is usually fairly easy to understand unless the author used an obfuscator before release (In that case, all your methods will be named a, b, c...).

To follow this example along, you need a few tools:

• Your favourite editor
• A simple zip/unzip utility (commandline or 7zip or similar gui tool)
• An android assembler/disassembler
  • The best one currently is JesusFreke's smali/baksmali which you can get here: https://code.google.com/p/smali/
• A way to sign your zip file.
  • For a quick&dirty hack, SignApk is easy to use, but you can also use jarsigner if you're already familiar with it.
• Not to forget a working java installation. Smali/baksmali and signapk/jarsigner both require it.

As a simple example, we'll be removing the focus sound from the android camera. – As we'll be replacing a builtin app, you will need root access to your phone.

1. First, get a copy of the .apk you intend to change. In our case, we grab it from our phone with:

   adb pull /system/app/Camera.apk
   

2. Then, we need to get the classes.dex file from it

   unzip Camera.apk classes.dex
   

3. Now we run the disassembler. The output will be in the out/ subdirectory.

   java -jar baksmali-1.2.6.jar classes.dex
   

   You can peek around the out/ subdir where all the code is. Change whatever you want.

4. In our case, the file we need to edit is: com/android/camera/Camera$AutoFocusCallback.smali

   To remove the focus sound, look for a line containing invoke-virtual and ->startTone. In my version it looks like this:

   invoke-virtual {v0, v1}, Landroid/media/ToneGenerator;->startTone(I)Z"
   

   Just delete that line.

5. After you're done, we need to put it all back together into an .apk. First we re-assemble the code into a classes.dex:

   java -jar smali-1.2.6.jar out -o classes.dex
   

6. Put that file back into the .apk with

   zip Camera.apk classes.dex
   

7. Because we changed the contents, we now need to re-sign it. If you're using signapk, do this:

   java -jar signapk.jar testkey.x509.pem testkey.pk8 Camera.apk Camera_signed.apk
   

8. Last but not least, we need to install our new .apk. Because it's a system app, we need to actually replace the file like this:

   adb remount
   adb push Camera_signed.apk /system/app/Camera.apk
   

   If it were a normal app, you would simply uninstall the original, and then install the .apk like any other app. (e.g. with adb install foo.apk)
   

After you reboot your phone, your Camera should now be less noisy. Yay!

– Sec

P.S.: If you want to remove the shutter sound instead, check this thread on xda-developers.com. Basically it boils down to:

adb remount
adb shell rm /system/media/audio/ui/camera_click.ogg 

Als alter Jäger und Sammler trenne ich mich eher ungern von Dingen. Kann man vielleicht noch mal brauchen oder Ist ja eigentlich noch gut. – Manchmal spielt auch eine gewisse Sentimentalität mit rein, so wie in diesem Fall:

(Matrix)

Es war der erste Rechner auf dem ich ein Unix (FreeBSD 2.0.5, damals) installiert habe. Den ich auch zu diversen LAN-Parties (Yay! DOOM!) geschleppt habe. (Netzwerk: IPX über BNC, was für ein Spaß bei der obligatorischen Fehlersuche shiver). Später hat er mir noch viele Jahre als Mail/Shellserver gute Dienste geleistet, bis er doch irgendwann durch modernere Hardware abgelöst wurde.

Matrix ist ein 486DX2-66. Damals eine sagenhafte Rechenleistung. Konnte sogar mp3 in Echtzeit abspielen. Gekauft ursprünglich mit 8MB RAM. Damit X11 gut lief kamen 16MB dazu (Finanziert durch den 'glücklichen' Verkauf einer der 4MB-Riegel, aber auch das ist eine andere Geschichte...). Später, als das RAM deutlich billiger wurde, wurden es dann insgesamt 52MB. Da ist selbst eine Dockstar besser ausgestattet :)

Achja. Vesa Local Bus. Hab ich damals nur gekauft weil die C't damals lauthals verkündet hatte, PCI sei viel zu kompliziert, das könne sich niemals durchsetzen, VLB sei the way to go. Hab dann seinerzeit sogar einen VLB-SCSI-Controller erstanden (über Usenet, kennt das noch wer? :) Sieht so aus als gäbe es keine spur mehr von dem Artikel in google groups – Aber das war vermutlich auch in einer TU-Internen Newsgroup…

So oder so bin ich beim rum-räumen wieder über den Rechner gestolpert, und ihn jetzt doch entsorgt.

Farewell matrix.42.org *schnueff*

– Sec

As a few people have asked again about my the code used to run Hacker Jeopardy on the 27c3 - not much has changed since my last posting 4 years ago.

The code is mostly unchanged, and bit-rotting away. – It now lives inside a virtual machine because I got tired of fighting with X11 fonts and PerlTK setup.

The only new feature it gained since 2006 is the last-minute support for moods. It addresses 4 of our moodlamps to provide feedback for the candidates and, well, just look nice :-)

The code with slightly more up-to-date documentation can be found here

You'll still need the Hardware to manage the buzzers – see the old post for more info about that part.

The question files are not public, just because we want to have the option to recycle some questions now and then.

This will also probably be the last version of that code, it has grown lots of warts, is no fun to maintain and a complete rewrite is in progress. Let's hope it is finished in time.

– Sec

Not very exciting news, but as a result of a recent discussion on Math symbols:

In case you need to use them anywhere, these are the codes:

More Math fun in the Unicode space can be found here

Practice safer math,
– Sec

I like mplayer as a very versatile video player, just the documentation is a bit lacking at times. This is my scratchpad of options I've found useful over the years:

-af scaletempo

To keep the pitch on your video if you play it faster/slower - Very useful to speed up slow lectures/talks and still understand what's being said.

Use [ or ] to increase/decrease video playback speed.

-af volume=20

Increase the volume a bit, useful to boost audio over the standard maximum.

-vm -adapter 2

Play fullscreen on your second video output.

-ao null

Play without audio.

If you know any other interesting options, please share them below..

– Sec

As most of you already know, I own an android mobile. Recently I wanted to add an RSS feed URL to my android podcast client, but was annoyed by the fact that I had to copy this long URL by hand. I would rather copy&paste it.

As I have rooted my phone, it had to be possible one way or another. Looking around, I found no usable solutions.

The most general solution would be to simulate keyboard input. Digging around a bit in Linux internals I found a way to inject key-presses via /dev/input/events* so I wrote a little program: btype.c. For those not wanting to compile it themselves, you can download the binary here.

It will accept text on the command-line, or read interactively from stdin.

Writing it was actually more difficult than I expected - I didn't want to hardcode the keyboard scancodes, so I had to read&parse the keymap and keylayout files which is always onerous in C. Also I learned funny ioctl%s to find the correct device in %/dev/input and to switch a tty to single-character input. Last but not least I had to find out how to get an android property value in C. – Hopefully all this made the program more portable to other android devices.

I hope someone finds a good use for it, let me know if you like it,
Sec

Dear Interweb, perhaps you can help me answer a question:

As you probably heard already, IBM built software (called Watson) to play Jeopardy – a well known game show :-).

The big showdown will be on Feb 14th where Watson will compete against two former Jeopardy champions. There already was a testing round recently where Watson appears to have won easily, which triggered a lot of articles about this. Most of them discuss the fact that the natural joke/pun filled-language is hard to understand, but I couldn't find anyone answering the most important question: How does Watson get the questions, and with what timing?

I don't think the also tackled audio recognition, so I assume Watson gets the question in text form. But when? The whole question at once, as soon as it is shown? That would put the computer at a enormous advantage, as it can read much faster than any human. – If they'll put a static delay in, there might be cases where Watson hasn't seen the question before a human buzzes in. The only remotely fair thing that I can imagine is delaying each word separately for a short time which would mimic the show host Alex Trebek reading the question out loud.

I think this is pretty important, as the advantage of getting the whole question immediately is pretty big. What do you think?

– Sec

As regular readers here will know, I'm a big fan of the Greasemonkey extension - It allows the hacker in you to play with pages to your hearts content. Visit http://userscripts.org/ to see what people have created with it.

But today I wanted to tell you about Stylish. It presents a nice UI for adding custom URL-based stylesheets. Okay, granted, nothing you couldn't do with Greasemonkey if you wished, but it's really easy and quick to do.

Case in point today: The Android-Developers Blog has an annoying problem. If you visit it while using NoScript, it disables scrolling so you can't read the whole article without enabling JavaScript. – Stylish to the rescue:

@namespace url(http://www.w3.org/1999/xhtml);

@-moz-document domain("android-developers.blogspot.com") {
  html, body {
    overflow: visible !important;
  }
}

On a related note: If you always wanted to know what exactly !important does in CSS, check here

– Sec

|GOOSE| just got a new Android-Phone and asked on his blog about applications.

His comment field is way to small for my list, so I decided to post it here:

Must-Have Applications:

• Connectbot (ssh client)
• OI Safe (password safe)
• Barcode Scanner
• Got To Do Lite (to-do list)
• AK Notepad (or any similar notepad app)

Apps I use regularly

• twidroyd (twitter client)
• ACast (pod-catcher)
• Kik Messenger (SMS replacement)
• Xabber (jabber client)
• Smooth Calendar (nice calendar widget)
• Öffi (MVV-Planner)
• handyCalc (better calculator)
• Countdown Alarm (sadly a feature missing by default)
• FML Android (fmylife.com reader :-)
• BookWorm (book database, can be filled with bar-codes)

Nice to have

• 3G Watchdog (if you have a traffic limit on your phone)
• GPS Status (check GPS, nice overview)
• My Tracks (in case you want to record your position)
• Wifi Analyzer (nice overview over wlans and their strength)
• Youtube

Interesting stuff you should have at least tried

• Wikitude
• Google Goggles
• Google Sky Map
• Firefox (beta, not yet in market)
• Tagesschau
• Shazam (recognize music from audio)
• Aloqa

Games (puzzle)

• Vexed Pro
• Simon Tathams Puzzles
• NetHack (of course!)
• Solitaire
• LightUp
• Angry Birds

Games (action)

• Air Control Lite
• Jewels
• Droid Odysse
• Galaxy Domination
• YoLinkup

If you have anything to add, please leave a comment.

– Sec

Auf meinem (neuen) Desire Z läuft ja nicht die Original-Firmware, sondern cyanogens ROM (derzeit die Version 6.1.0RC4.) Dieses hat leider eine kaputte deutsche Keymap.

Ich hab mich mal hingesetzt und diese nicht nur repariert, sondern gleich auch ein bisschen erweitert:

Reaparierte Tasten

FN+a => Euro     (+Shift => Euro)
FN+b => scharfes s
FN+j => a Umlaut (+Shift => A Umlaut)
FN+k => u Umlaut (+Shift => U Umlaut)
FN+l => o Umlaut (+Shift => O Umlaut)

FN+m => ' (war vorher = )
FN+? => = (war vorher ' )

Erweiterungen

Die meisten Shift+FN-Kombinationen sind bisher unbenutzt, also habe ich da mal ein paar nützliche Zeichen untergebracht:

Shift+FN+C => [ (merke: Shift+( = [ )
Shift+FN+V => ] (merke: Shift+) = ] )
Shift+FN+Y => ~ (merke: Shift+_ = ~ )
Shift+FN+X => ~ (merke: Shift+- = ~ ) [wie vorherige Taste]
Shift+FN+M => ` (merke: Shift+' = ` )
Shift+/    => \ (
Shift+FN+/ => | (alle geraden Striche auf einer Taste :-)
Shift+@    => ^ (^ ist normalerweise auch links oben )
FN+Enter   => ^m (Das "andere" newline)
Shift+,    => ; (genauso wie mit FN)
Shift+.    => : (genauso wie mit FN)

und zu guter Letzt:

Shift+FN+B => <
Shift+FN+N => >

Ich konnte keinen sinnvollen Platz dafür finden, daher habe ich die einfach auf die beiden Tasten rechts neben ( und ) gepackt.

Zahlen-Modus

Außerdem gibt es noch einen Zahlen-Modus, der z.b. in der Telefon-Applikation verwendet wird. Den habe ich auch repariert, so das die erste Zeile jeweils die richtigen Zahlen erzeugt:

qwertzuiop => 1234567890

Zusätzlich habe ich noch die in Telefonnummern verwendeten Sonderzeichen erlaubt:

C => (
H => *
N => +
S => #
V => )
X => -

Diese neue Keymap lässt sich mit adb leicht installieren:

adb remount
adb push vision-keypad-ger.kcm.bin /system/usr/keychars/vision-keypad-ger.kcm.bin

Mit dieser neuen Keymap sollte man nun auch nethack spielen können :-)

Wenn ihr noch irgendwelche Ideen oder verbesserungsvorschäge habt, kommentiert einfach hier, oder im entsprechenden Cyanogen-Bugreport.

– Sec

P.S.: Die Tools zum Keymap-Bauen sind hier, und das neue modifizierte Source-File hier.

Ja, der JMStV ist durch. Und? Leute, ihr seid extrem kindisch wenn ihr jetzt alle "Offline"-Blogpostings macht, und damit droht euer Blog dichtzumachen.

• http://www.heise.de/newsticker/meldung/Blog-macht-wegen-neuem-Jugendschutzgesetz-dicht-Update-1144566.html

so zum Beispiel:

• koehntopp.de
• geekcouch.de

Wer sich wirklich informieren will, statt nur nachzuplappern, dem sei dieser Link empfohlen. Und selbst wenn ihr zu dem Schluss kommt, das es tatsächlich jetzt unhaltbar schlimm geworden ist, ist sich leise in der Ecke zu verkriechen definitiv keine Lösung.

Davon ab, ihr seid eh alle Selbstdarsteller. Ich glaube euch nicht, das ihr plötzlich nichts mehr schreiben wollt, oder genauer: es lange aushaltet, nichts mehr zu schreiben :-)

– Sec