In the next version, I'm going to add the comments option. But I'm little busy, so I'm going to release the next version in February 15.
If you find a bug or problem, write it in the comments.
Tuesday, January 29, 2013
Saturday, January 26, 2013
string decryption with dex2jar
i have been getting a lot of questions about string decryption lately, so let's talk.
let's say you have an app and notice encrypted strings. strings are an easy way to get a basic idea of what code is doing so naturally you want to decrypt them. but how? there are many different ways to encrypt strings and then decrypt at runtime but in practices there are some assumptions we can make in decreasing order of likelihood.
1. the encryption must be reversible. the strings must be decrypted at run time somehow. this is good but we can assume even more.
2. the process is automated. when Alice wants to release her app she puts the source code through an automated modification process which iterates over every string literal, encrypts it and replaces it with a call to a decryption method with the encrypted string as a parameter.
3. decryption is the same or nearly the same for each string. there is only one decryption method.
4. the type signature of the method is:
while these assumptions hold, it is not very difficult to create a general technique by which we can decrypt all of the strings of an app in place. the real question is do you want to do it at the java or smali level? if you primarily look at decompiled code you can work at the java level. and you're in luck, such a tool already exists in dex2jar: http://code.google.com/p/dex2jar/
there is a wiki article about it here: http://code.google.com/p/dex2jar/wiki/DecryptStrings but it is unfinished. you can at least get a visual for what the decompiled code will look like before and after. if you're a good person, you will update the wiki. i leave that as a task for some good reader.
the tool is currently incorrectly spelled as d2j-decrpyt-string.(sh|bat). it takes at least two parameters and sometimes needs three. they are:
doing this at the smali level requires access to a dalvik vm, so in that regard it is trickier, but there are many emulators and you can even use your phone. here's how the process can work:
let's say you have an app and notice encrypted strings. strings are an easy way to get a basic idea of what code is doing so naturally you want to decrypt them. but how? there are many different ways to encrypt strings and then decrypt at runtime but in practices there are some assumptions we can make in decreasing order of likelihood.
1. the encryption must be reversible. the strings must be decrypted at run time somehow. this is good but we can assume even more.
2. the process is automated. when Alice wants to release her app she puts the source code through an automated modification process which iterates over every string literal, encrypts it and replaces it with a call to a decryption method with the encrypted string as a parameter.
3. decryption is the same or nearly the same for each string. there is only one decryption method.
4. the type signature of the method is:
static String decryptMethod(String)
while these assumptions hold, it is not very difficult to create a general technique by which we can decrypt all of the strings of an app in place. the real question is do you want to do it at the java or smali level? if you primarily look at decompiled code you can work at the java level. and you're in luck, such a tool already exists in dex2jar: http://code.google.com/p/dex2jar/
there is a wiki article about it here: http://code.google.com/p/dex2jar/wiki/DecryptStrings but it is unfinished. you can at least get a visual for what the decompiled code will look like before and after. if you're a good person, you will update the wiki. i leave that as a task for some good reader.
the tool is currently incorrectly spelled as d2j-decrpyt-string.(sh|bat). it takes at least two parameters and sometimes needs three. they are:
- method name, -mn : in our case, decryptMethod
- method owner, -mo : let's say com.alice.utils
- class path, -cp : if decryptMethod makes use of any framework api, you will need to give the path to a framework.jar from the android.sdk
d2j-decrpyt-string -mn decryptMethod -mo com.alice.utils -cp ~/android/sdk/platforms/android-4/framework.jar
doing this at the smali level requires access to a dalvik vm, so in that regard it is trickier, but there are many emulators and you can even use your phone. here's how the process can work:
- pull out all of the strings and put into a file
- write some java code, unless you're comfortable with smali, to open the file and iterate over each line and call the decryption method on each string.
- compile java bytecode and convert to dalvik executable with dx from the android sdk
- run the code on a dalvik vm
Wednesday, January 23, 2013
Tax app
Turbo Tax Snap Tax: It's tax season and if you want to do your own taxes this app can be useful. This is the official Turbo Tax app and according to them it will help you do your taxes in 10 minutes. They'll do the math for you and help you get your biggest refund. You can snap a picture of your W-2, answer some questions and you can file your taxes with the app or finish online. The app is free but to file there is a fee ($24.99 through the app, something else if you file online). Here's the link. From the phone search for "turbo tax snap tax" and install.
Book reference app
Goodreads: If you like to read, this app will make your life easier. It is the world's largest social network for readers. You can read thousands of book reviews by your friends and other Goodreads members. You can also keep a virtual bookshelf of what you've read (so you don't read the same book twice), and build your to-read list as you find good book recommendations. The app has more the 8,000,000 members, so chances are you'll find any kind of books you're looking for. Here's the link. From the phone search for "goodreads" and install. Happy reading!
Monday, January 21, 2013
"(not set)" shown in Google Analytics for all Adwords data
Error
"(not set)" is shown in Google Analytics for all Adwords data
Solution
Link Account
Make sure you have linked Adwords and Google Analytics
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1033961
Automated tagging
Make sure automated-tagging is enabled
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1033981
Importing Cost Data
Follow the steps in "Importing Cost Data" section to apply cost data import
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1034150
"(not set)" is shown in Google Analytics for all Adwords data
Solution
Link Account
Make sure you have linked Adwords and Google Analytics
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1033961
Automated tagging
Make sure automated-tagging is enabled
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1033981
Importing Cost Data
Follow the steps in "Importing Cost Data" section to apply cost data import
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1034150
Image layout problem [Adwords Error]
Error
Image layout problem.
Incorrect image layout.
Solution
Your Ad might include much white space, just create a border for your Ad to be accepted
Also check the guidelines and make sure everything else is ok
http://support.google.com/adwordspolicy/bin/answer.py?hl=en&answer=176108
Image layout problem.
Incorrect image layout.
Solution
Your Ad might include much white space, just create a border for your Ad to be accepted
Also check the guidelines and make sure everything else is ok
http://support.google.com/adwordspolicy/bin/answer.py?hl=en&answer=176108
Sunday, January 20, 2013
ADWORDS ERROR:A duplicate instrument was found
Error
A duplicate instrument was found: (CreditCard:Instrument.Id:[f2fdefd1-6972-4c91-baa6-80a07c0117ca-4]:AMEX)
Solution
You may have an expired card saved in your account, delete it and add a new one or update the expired one
A duplicate instrument was found: (CreditCard:Instrument.Id:[f2fdefd1-6972-4c91-baa6-80a07c0117ca-4]:AMEX)
Solution
You may have an expired card saved in your account, delete it and add a new one or update the expired one
Friday, January 18, 2013
Game
Rail Rush: This is a nice looking adventure game. The object of the game is to collect as many precious stones as you can, while riding a mine cart. By tilting and swiping your screen you accelerate through crazy fast rails. The game has 6 different environments: caves, waterfalls, spider nests, dead cities and mushroom halls and also few surprise levels. You can also equip your cart with power ups to extend your chances inside the mine. Here's the link. From the phone search for "rail rush" and install. Indiana Jones, here we come!
Videos app
Viki- TV, Movies & Music: Very cool app that will allow you to watch TV shows, movies, music videos and other content in pretty high quality. Videos include Korean dramas, Japanese anime, American cartoons, NBC Universal, BBC, History Channel, A&E, Bravo and Bio TV shows, with everything translated in your language (more than 150) by a community of fans (don't expect exact translation, but if you don't speak Japanese or Korean it will do). One note: not all content is available for all regions. Nonetheless, pretty nice app. Here's the link. From the phone search for "viki" and install.
Thursday, January 17, 2013
FakkuDroid v1.1
FakkuDroid v1.1
- Improve design.
- Fixed bug in Random Manga or Doujin.
- Added Related Content.
- If you press and hold a button you can now see a little description of the button.
FakkuDroid v1.1.apk
Sunday, January 13, 2013
Installation Intructions
System Requirements
- Android 2.1 or later.
First, you have to active "Unknown Sources".
Tutorials:
Android 2.3.x
Android 4.x
Second, with some app like Astro File Manager, execute the apk file and install.
 |
| Step 1. Open with a File Manager the APK File. |
 |
| Step 2. Install. |
 |
| Step 3. Wait. |
 |
| Step 4. Open the App. |
Download APK
FakkuDroid v2.6
FakkuDroid v2.5
FakkuDroid v2.4.3
FakkuDroid v2.4.2
FakkuDroid v2.4.1
FakkuDroid v2.4
FakkuDroid v2.3
FakkuDroid v2.2
FakkuDroid v2.1
FakkuDroid v2.0
FakkuDroid v1.9
FakkuDroid v1.8.3
FakkuDroid v1.7
FakkuDroid v1.6
FakkuDroid v1.5
FakkuDroid v1.4
FakkuDroid v1.3
FakkuDroid v1.2
FakkuDroid v1.1
FakkuDroid v1.0
FakkuDroid v2.5
FakkuDroid v2.4.3
FakkuDroid v2.4.2
FakkuDroid v2.4.1
FakkuDroid v2.4
FakkuDroid v2.3
FakkuDroid v2.2
FakkuDroid v2.1
FakkuDroid v2.0
FakkuDroid v1.9
FakkuDroid v1.8.3
FakkuDroid v1.7
FakkuDroid v1.6
FakkuDroid v1.5
FakkuDroid v1.4
FakkuDroid v1.3
FakkuDroid v1.2
FakkuDroid v1.1
FakkuDroid v1.0
About FakkuDroid
I changed the app name (before known as FakkuViewer), because already exists an browser plugin with the same name. I recommend it to watch in Chrome Fakku, get it here.
Download links.
Installation Instructions.
User Guide.
If you like the app and want to contribute to this project, you can help me saying me the errors, suggests or if you are a android developer you can help me with the code, github repository.
Or you can donate :D
If you don't have android and you are looking for an app for your smartphone. I invite you to prove this site: http://walar.net/fakku developed by wlr.
Logo by akichuu, get it here.
Thursday, January 10, 2013
Airline app
Fly Delta: If you use Delta for your flights, this app can be very useful. The app allows you to check in for domestic and international flights within 24 hours, download mobile boarding passes (available in 78 cities worldwide), view a seat map and select or change your seat, check the flight status and get terminal and gate information, receive push notifications on flight and gate changes, map flights en route with an interactive flight tracker and many more. Here's the link. From your phone search for "fly delta" and install. Happy travels!
Game
Ruzzle free: This is a fun and fast-paced word game where you can challenge your friends or play against random opponents. The goal of the game is to find the most words in two minutes. You look for words on a board by swiping your finger across the screen. The letters may form words as long as they are connected to each other. The game has nice audio and animations. Here's the link. From the phone search for "ruzzle free" and install.
Science app
NASA: If you're interested in NASA or science in general you have to have this app. You can find the latest images, videos, mission information, news, feature stories, tweets, NASA TV and featured content. The app has over 157,000 images, On Demand NASA videos, launch information and countdown clocks, orbiting satellite tracker and more. Pretty cool. Here's the link. From the phone search for "nasa" and install.
Wednesday, January 9, 2013
Website image is not shown in Facebook share
Error
Your website image is not shown when sharing on Facebook
Solution
Don't retry on facebook news feed since it is cached
#1
Try to invalidate the cache, check my previous article
http://karim-ouda.blogspot.com/2011/10/how-to-refresh-url-entries-in-facebook.html
#2
Add facebook meta-tags in your page "head", and try again
<meta property="og:url" content="YOUR_STUFF" />
<meta property="og:site_name" content="YOUR_STUFF" />
<meta property="og:type" content="website" />
<meta property="og:title" content="YOUR_STUFF" />
<meta property="og:description" content="YOUR_STUFF" />
<meta property="og:image" content="THE_IMAGE_TO_BE_SHOWN">
NOTE: facebook has some requirements in images, first make sure it is more than 200x200 in dimension
#3
If all the above didn't work, you will need to do some debugging
Go to this link ( facebook debugger) and past your site link, and check the errors, warning, and all the great information of how facebook sees your webiste
https://developers.facebook.com/tools/debug
#4
Also check server logs
"HEAD /images/close-icon.png HTTP/1.1" 206 337 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
Note: HTTP 206 response code is ok, it is part of multiple partial downloads of the image
Your website image is not shown when sharing on Facebook
Solution
Don't retry on facebook news feed since it is cached
#1
Try to invalidate the cache, check my previous article
http://karim-ouda.blogspot.com/2011/10/how-to-refresh-url-entries-in-facebook.html
#2
Add facebook meta-tags in your page "head", and try again
<meta property="og:url" content="YOUR_STUFF" />
<meta property="og:site_name" content="YOUR_STUFF" />
<meta property="og:type" content="website" />
<meta property="og:title" content="YOUR_STUFF" />
<meta property="og:description" content="YOUR_STUFF" />
<meta property="og:image" content="THE_IMAGE_TO_BE_SHOWN">
NOTE: facebook has some requirements in images, first make sure it is more than 200x200 in dimension
#3
If all the above didn't work, you will need to do some debugging
Go to this link ( facebook debugger) and past your site link, and check the errors, warning, and all the great information of how facebook sees your webiste
https://developers.facebook.com/tools/debug
#4
Also check server logs
"HEAD /images/close-icon.png HTTP/1.1" 206 337 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
Note: HTTP 206 response code is ok, it is part of multiple partial downloads of the image
Tuesday, January 8, 2013
Empty $_SESSION after PHP redirect using GET or CURL (not browser)
Error
Empty $_SESSION after PHP redirect between 2 scripts, the first script is called using GET or CURL (not browser)
Steps
1- Call "script1" using GET or CURL
2- "Script1" starts/fills session X, does some logic, redirect to "Script2"
3- In "Script2", print_r($_SESSION) is empty
Solution
I found that the SESSION in "Script2" is a NEW session, let's call it:Session Y , since Session X was not transferred in HTTP header in the redirect
So it seems that the SESSION information transfer in headers was being done by the browser and it is not done by GET or CURL command line,
So we need to do it instead
Step 1:
In Script #1, change the redirection to be
header("Location:$targetPage?".SID);
SID is a constant containing the following
PHPSESSID=oilq46ge4e2f76774qcg8gi3d1
Step 2:
In script #2, start the script with the following
session_id($_GET['PHPSESSID']);
session_start();
So you are telling the script to load Script1's session
That's it
Final note
You may have a different issue too, check this post
http://karim-ouda.blogspot.com/2012/04/php-session-empty-after-header.html
Keywords
Redirect PHP command line new $_SESSION GET session_id start_session browser PHPSESSID cookie CURL Set-Cookie HTTP header
Empty $_SESSION after PHP redirect between 2 scripts, the first script is called using GET or CURL (not browser)
Steps
1- Call "script1" using GET or CURL
2- "Script1" starts/fills session X, does some logic, redirect to "Script2"
3- In "Script2", print_r($_SESSION) is empty
Solution
I found that the SESSION in "Script2" is a NEW session, let's call it:Session Y , since Session X was not transferred in HTTP header in the redirect
So it seems that the SESSION information transfer in headers was being done by the browser and it is not done by GET or CURL command line,
So we need to do it instead
Step 1:
In Script #1, change the redirection to be
header("Location:$targetPage?".SID);
SID is a constant containing the following
PHPSESSID=oilq46ge4e2f76774qcg8gi3d1
Step 2:
In script #2, start the script with the following
session_id($_GET['PHPSESSID']);
session_start();
So you are telling the script to load Script1's session
That's it
Final note
You may have a different issue too, check this post
http://karim-ouda.blogspot.com/2012/04/php-session-empty-after-header.html
Keywords
Redirect PHP command line new $_SESSION GET session_id start_session browser PHPSESSID cookie CURL Set-Cookie HTTP header
Wednesday, January 2, 2013
Disney World app
Disney World Wait Time Lite: If you are lucky enough to go to Disney World soon, you'll need this app. It allows you access to real-time wait times for all the rides and also maps for all the parks. The times are updated constantly and will help you manage your time better. Very nice app. Here's the link. From the phone search for "disney world wait time lite" and install. And a personal advice: if you go to a park early, go to the rides at the back of the park. There's barely anyone there (people start with the closest rides). Your welcome!
File recovery app
Dumpster-Recycle bin: This can be a very useful app. It works just like the "recycle bin" on your computer. It allows you to recover deleted pictures with a single tap. It actually works with more than just pictures. You can recover music files, videos and other kinds of documents. The app lets you preview the pictures before recovery. And, you can set up an auto-clean for the app so you don't have to worry about tons of junk accumulating there. According to the developers, soon you'll be able to recover deleted contacts and text messages. Here's the link. From the phone search for "dumpster" and install.
Subscribe to:
Posts (Atom)