ARP Poisoning and Detection

Posted in: Linux, Security, Windows | Comments (0)

Many people don’t really know about the ARP or the Address Resolution Protocol. This protocol is a common protocol used in local area networks.

To define it, the Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks (from wikipedia). IPV4 and IPV6 has oftentimes this functionality implemented by default.

It is possible to hijack this protocol. This is called ARP Spoofing. This may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether. Generally, the aim is to associate the attacker’s MAC address with the IP address of another host.

Another term for ARP Spoofing is called ARP Poisoning. Below is a diagram that describes what ARP poisoning does to a network:

Although there are legitimate uses for ARP spoofing (like in hotels where unregistered machines redirect the host to a signup page), some malicious elements may use this protocol to initiate man in the middle attacks, or DOS (denial of service) attacks.

How to Detect ARP Poisoning

There is a way to detect ARP spoofing. For Windows, you can use Wireshark.

Here are two pictures of wireshark capturing the ARP requests. The first is a screenshot of normal network flow (ARP is filtered in):

Once the ARP spoofing sets in, this below happens:

Since we see duplicate IPs in the system, and if we know the router’s MAC address, we know that this source is the one doing the ARP poisoning.

Tags: arp poisoning, hacking, networks, security, wireshark

clintcan @ November 4, 2011

Nice use of Blender’s Tomato Branch

Posted in: open source | Comments (0)

I am looking forward to the Mango Open Movie project, but the Tomato branch of Blender has been moving on nicely.

There’s one person who used this branch to astounding effect. A user named tomoasks has made this very realistic video of the Buffalo’s mascot. If you’re wondering what the Buffalo’s are, they are a baseball team in Japan.

I embedded two videos here, the first by tomoasks (in blender) and an actual recorded video of the mascots dancing their team song. If Tom can get hold of this guy for Mango, wouldn’t it be real great!

Below is an actual video recording:

Tags: Blender, tomato branch, tomoasks, youtube

clintcan @ October 30, 2011

Tizen is Meego without Qt?

Posted in: Linux, open source | Comments (0)

Some interesting notes about Tizen and Meego (based on unofficial sources gathered by the Meego Network France, which was sent to the Meego dev mailing list) – so take them with a grain of salt (got some of the details there):

1. When Tizen was announced, it was more of a “political” decision of a future system than the announcement of an existing new technical platform (Intel and Samsung and the Linux foundation are still thinking of how to create it based on Meego and Limo, so that’s why no additional technical info was released yet).

2. Big part of Tizen will be the framework and the corresponding SDK to support HTML5-WAC applications. Native applications development will be supported through the use of EFL (Enlightenment Foundation Libraries). What this means that the UI will be EFL based, not Qt based. This doesn’t mean though that Qt cannot be integrated as an add-on, as we see below:

3. Meego will form a big part of the components that are not Qt based (from what I understand including most of the core systems), and Limo will supply the EFL components.

4. What #3 basically means is that this is largely a Meego system with Qt removed; however, one can basically make a Qt-derivative since the core is hugely Meego.

I personally haven’t touched Enlightenment or their libraries since the early 2000s (peanutlinux days), but I do know that EFL is quite lightweight and is sponsored heavily by Samsung for use in their products and platforms.

This is gonna be interesting because what ensues is a probable tension between the Qt proponents and the EFL proponents. We also know that a number of Qt developers developing for Meego have been alienated by the Tizen announcement. All we can do is wait for this to sort out.

Tags: intel, meego, samsung, tizen

clintcan @ October 25, 2011

Android Is the Most Closed Mobile Open Source Project – and Is One of the Most Successful

Posted in: Linux, Android, Programming, java, Linux, open source | Comments (1)

I happened to see a link to a study made by visionmobile (http://www.visionmobile.com), a market analysis and research company, made in July 2011 comparing different open source projects amongst a variety of predefined factors that constitute on how “open” a project is.

This is by far one of the most balanced studies I’ve seen comparing successful (and unsuccessful) well-known open source projects. Incidentally, visionmobile’s clients include HTC, Sony Ericsson, RIM, Microsoft, Intel, etc as part of it’s well known client lists.

Their quantification of “openness” between selected mobile open source projects (both successful and unsuccesful, single sponsor and multi sponsor) is called as the “Open Governance Index”.

The results were particularly interesting:

Among the 8 open source projects listed, Eclipse was the most “open” of all the projects, and Android was the last in the list. The research paper however noted that Android is also one of the most successful projects in the history of open source. It was contradictory enough that the paper called it the “Android Paradox”.

A number of interlinking factors were cited what made Android successful:
1. Google’s financial muscle and marketing.
2. Android’s “zero cost” subsidy by Google, since Google’s ultimate purpose is to drive more eyeballs to it’s ad inventory, which results to cheap handsets and low cost internet connectivity.
3. The adoption of the Open Source project by different manufacturers in order to compete against Apple’s iphone. The OEM industry generally poured billions of dollars into Android in order to compete with the Cupertino company’s product.

In retrospect, the research paper acknowledged that in the long term, platforms with the most open governance will be the most successful. Cited success stories are Eclipse, Linux, WebKit and Mozilla. Meego has the capability to become a successful project in the long term, in my opinion.

It also went to suggest that making a project open doesn’t necessary warrant a successful community builder. They stated that Software developers are human in nature and self-centered; and will only take interest in such a project if it provides value or addresses a common need – citing Linux, GTK or Webkit as an example (need for a vendor-neutral operating system, graphics software stack, browser engine). Symbian failed in this aspect; they failed to target developers (besides this, no proper development tools, complex contributions structure, etc).

What does this mean for Android and competing open source projects such as Meego?

Android was successful because aside from the factors stated above, when Android was released to the developers, the product was already a very advanced, and complete project (by and large due to Google’s famed engineering team):

However, there are some very good lessons for us to learn from how Google has managed the Android
open source project. First, Android was released as an open source project at a point in time where it
was already a very advanced, complete project. OEMs, operators and software developers could more
or less immediately use it to create derivative handsets and applications. Second, Google kickstarted a
developer buzz around the project with the $10 million Android Developers Challenge. Alongside
financial incentives, Google provided a very strong emotional message: that of opening application
development within a previously inaccessible mobile industry. Finally, Google’s speed of innovation
(five platform versions across 2010) outpaces any external innovation, and makes the ecosystem
entirely reliant on Google.

On the other hand, when Meego was announced, it was basically starting from scratch (okay, not exactly scratch, but the earliest versions of Meego were in the command line from my perspective) – try to imagine that they essentially went from a deb-based packaging solution (Maemo) to an rpm based one, and shifted from GTK/clutter to mainly Qt. This was one of the disadvantages I saw with the early development of Meego, and I have to say most likely hampered it’s early adoption (I do like the very open way the meetings are held though – I’ve been in one of the developer meetings in the past; but due to time zones it’s really difficult for me to attend it). It has gotten way better though; with the inclusion of non-Nokia/Intel people into the upper build team, the development process is getting to a point where I believe that this operating system will likely pick up pace and steam in the very near future (it has a bright future ahead in IVI systems in vehicles for example, and the upcoming N9 is positively received by many).

Tags: android, eclipse, google, Linux, meego, mozilla, nokia, qt

clintcan @ July 31, 2011

How to Add a Facebook, Twitter and Google +1 Button to Your WordPress Blog

Posted in: Programming, php, Programming | Comments (1)

Here’s a quickie small tip for wordpress blog users.

If you want to add your own facebook, twitter and Google +1 buttons to your blog post, simply add the following code to your functions.php of your current theme:

<?php
add_filter ('the_content', 'insertMeShare');
function insertMeShare($content)
{
if(is_single())
{
global $post;
$link = urlencode($post->guid);
$content.= '<a href="http://twitter.com/share" data-count="horizontal">Tweet</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>';
$content.= '<iframe src="http://www.facebook.com/plugins/like.php?app_id=181276555267890&amp;href='.$link.'&amp;send=false&amp;layout=button_count&amp;width=110&amp;show_faces=false&amp;action=like&amp;colorscheme=light&amp;font&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:110px; height:21px; float: relative; " allowTransparency="true"></iframe>';
$content.= '<g:plusone></g:plusone><script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>';
}
return $content;
}
?>

This code above can be modified further as a wordpress plugin so as to not modify your current theme (especially if your theme is one of those ready made themes which has an update feature). I have made mine to be a wordpress plugin and I am using this now as my current social share buttons – see the end of my post as an example of these in action. Have fun!

Tags: +1, facebook, google, php, twitter, wordpress, wordpress plugin

clintcan @ July 18, 2011

CeGNULUG Talk & Discussion

Posted in: Linux, Security | Comments (0)

Short post.

The Cebu GNU-Linux Users Group (CeGNULUG) is having a group talk and discussion at the TechBar on July 29, 2011 at 7pm.

Topics discussed are as follows:

1. Google+
2. Meego Overview with QtQuick sample application.
3. Demystifying Backdoor Shells: The Risk

There will be an open forum afterwards.

This event is sponsored by:

DevCon :: http://devcon.ph/ :: http://devworks.devcon.ph/

and

Exist :: http://exist.com/ :: http://facebook.com/existg​lobal

Tags: exploit, google, meego, qt, security

clintcan @ July 12, 2011

Putting It All Together: SpellDial php class and Android Application – Part Two

Posted in: Linux, Android, Programming, java, Programming, javascript, Programming | Comments (0)

I’m back, and I’ve got a little time on my hands. Let’s continue on how to use the spelldial php class now in an android phonegap application.

Now, let’s look at the actual php code that will make the spelldial call based on what your android spelldial app will send:

You can save this code snippet in a file named droidspell.php:

include "spelldial.php";
$spell = new Spelldial();
$result = $spell->get_info($_POST['spelldial'],$_POST['calltype']);
if($result->error_code !== '0')
{
die("error");
}
echo $result->content[0]->info[0]->uri;

This is a typical use of the spelldial class I made (this uses post variables spelldial and calltype, ie. tel or skype to determine what to return as output to the android application).

Now for the html code snippet:

<script src="jquery-1.4.2.min.js">jquery-1.4.2.min.js</script>
<form id="spellform" name="spellform" method="post" action="http://yoursite/droidspell.php">
<table width="300" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="27" colspan="2">SpellDial Name</td>
</tr>
<tr>
<td height="31" colspan="2"><label>
<input type="text" name="spelldial" id="spelldial" />
</label></td>
</tr>
<tr>
<td height="42" colspan="2" valign="top"><label>
<select name="calltype" id="calltype">
<option value="TEL">Telephone</option>
<option value="SKYPE">Skype</option>
</select>
</label></td>
</tr>
<tr>
<td colspan="2"><label>
<input type="submit" name="dial" id="dial" value="Call me using SpellDial" />
</label></td>
</tr>
</table>
</form>
<script>
$("#spellform").submit(function(event) {
event.preventDefault();
var $form = $( this ), spelldial = $form.find( 'input[name="spelldial"]' ).val(), calltype = $form.find( 'select[name="calltype"]' ).val(),
url = $form.attr( 'action' );
$.post( url, { 'spelldial': spelldial, 'calltype': calltype },
function( data ) {
if(data == 'error' || data == '')
{
alert('Spelldial API returned an error: '+data);
} else {
location.href = data;
}
}
);
});
</script>

As you may see, this is typical html form/jquery event code to get the result of the droidspell.php call and then determine if an error occurred and if not, go ahead to the android dialer to make a call.

You’ll see some stuff like jquery-1.4.2.min.js in the code above. Where is it placed? It is placed where the index.html is placed in the assets/www folder:

If you want to use the phonegap wrapper functions place this snippet in the <head> portion of your index.html file:

<script type="text/javascript" charset="utf-8" src="phonegap.0.9.6.js"></script>

You may rename phonegap.0.9.6.js to phonegap.js if you wish.

This is how a finished phonegap application looks like in the emulator (yeah yeah, ugliness noted, I made this quickly!):

Once you see this application running in your emulator, you might want to package this application into an apk. Simply right click on your project in the project window and select Android Tools->Export Unsigned Application Package – once you follow the instructions, this will create an unsigned apk file for you automatically.

You can also create signed apk files for distribution into the Market. For further reference, please see http://developer.android.com/guide/publishing/app-signing.html for details.

And there you have it, we have now made an android application in phonegap using the spelldial php class, tested it in an emulator, and published it as an apk file.

Tags: android, java, phonegap, php, spelldial

clintcan @ July 10, 2011

Putting It All Together: SpellDial php class and Android Application – Part One

Posted in: Linux, Android, Programming, javascript, Linux, open source, Programming, php, Programming | Comments (0)

Ok, I’ve got a little time on my hand before I start with a wordpress project I am doing (creating wordpress plugins are fun – yipee ).

Let’s try to make a simple Android application using the phonegap cross-development framework calling a php script that uses my spelldial class to return a spelldial uri. Part one will describe steps on how to make your very first native webapplication in android (simply a hello world android web application).

I assume that you know how to install eclipse, the android sdk and the phonegap framework on your system (I’ll cover this in small detail, to help you get started).

There are many ways to program in android, ios, symbian, blackberry or winmo phones. There are cross-development frameworks which give you an abstract way to program in these mobile devices without dealing with the underlying phone hardware.

Two different technologies come to mind (these are the most popular that I’ve seen):
1. Appcelerator Titanium – this cross development tool allows web developers to quickly go into the mobile application department using what they know. HTML5, CSS, and a host of web programming languages such as php and ruby are supported. What is unique about this SDK is that these technologies are then compiled into their native counterparts – the end result is a native application. Impressive, actually. Supports both iOS and Android environments.
2. Phonegap takes a different approach. This is closest to what you call as a web application encapsulated in the mobile phone’s browser class. For example, what this means, in Android, this framework wraps around the WebView Java class and makes certain native phone functionalities available (like accessing your contacts for example) through javascript. For flash/flex developers, this is much like the ExternalInterface class that bridges between javascript and the flash application.

Which is more appropriate? If you’re a web developer and would like to make your application as close as possible to a native application, your best bet would be Appcelerator.

Why am I using phonegap in this case? If you just like to quickly develop applications and do not care if they look different from native applications, use phonegap. By the way, because of how phonegap works, it is available to more mobile environments than Appcelerator. Symbian, WinMo, Blackberry, iOS and Android mobile environments are supported by phonegap. No matter what the environment, your application would look the same because it is just practically your html application enclosed in the native phone’s browser class.

Also, phonegap is supported by the Dreamweaver CS 5.5 release, which means if you can afford it, mobile development will be quite simple to do (without using Eclipse as your environment to develop phonegap applications).

Now, lets begin. Let’s create a new project in eclipse by selecting File->New->Other

We now include our details for the application (Since Froyo or Eclair, the android version before 2.2, runs in 86% of android phones, I choose the lowest common denominator, Eclair), below:

We will have to add the phonegap jar file to the libs folder (which you will have to create) and also create the /assets/www folder where you will place the html files for your application. In this www folder, you will have also to place the phonegap.js file in there. This js file contains the functions that you will call to access native mobile phone functions such as accessing your camera, contacts, etc.

In order for Eclipse not to spurt out an error message (having a java class not available for use), we have to add phonegap.jar to the Build Path (Right click on the libs folder, select Build Path->Configure Build Path):

We will now edit the spelldial.java source code which was created using the New Project Wizard to look like this:

Let’s look at it line by line:

import ...
import com.phonegap.*;

The code above imports the phonegap class for use in our application.

public class spelldial extends DroidGap

Our spelldial class (which was created by the Wizard), extends upon the DroidGap class, which is in fact an extension of the WebView class.

This line below is what runs the web application (sort of like the main() function in your c program):

super.loadUrl("file://android_asset/www/index.html");

You can change the url to whatever you have placed in the assets/www folder as your starting point. index.html can simply be text saying “hello world” at this point.

One more thing, since phonegap uses certain native phone functions which require explicit permissions for the app to run, we’ll have to edit our AndroidManifest.xml to allow our app to use these:

These tags are placed below the android:versionName section:

<supports-screens
android:largeScreens="true"
android:normalScreens="true"
android:smallScreens="true"
android:resizeable="true"
android:anyDensity="true"
/>
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.VIBRATE" />
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
<uses-permission android:name="android.permission.ACCESS_LOCATION_EXTRA_COMMANDS" />
<uses-permission android:name="android.permission.READ_PHONE_STATE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.RECEIVE_SMS" />
<uses-permission android:name="android.permission.RECORD_AUDIO" />
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS" />
<uses-permission android:name="android.permission.READ_CONTACTS" />
<uses-permission android:name="android.permission.WRITE_CONTACTS" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />

And there you have it, some basic steps on how to set up the phonegap framework in eclipse. Part 2 will be the actual js code and php code that this web application uses to call a person using the spelldial api php class hosted on a server.

To end this, let’s take a look at phonegap support in Dreamweaver CS 5.5:

Tags: android, appcelerator, java, phonegap, php, ruby

clintcan @ June 23, 2011

Spelldial Class

Posted in: Programming, javascript, Off Topic Stuff, Programming, php, Programming | Comments (2)

Hi guys,

Another short post. I went to a small group hosted by techtalks (my former boss was one of the co-organizers) in IT Park. I met a lot of interesting people there, and there were quite a number of foreigners too (having their startups, some in the process of making a startup, etc)!

In short, this was a great experience because I for one dream to make a startup of my own too (poor programmer, no funds to do it – but the stuff I found there was educational to say the least).

Anyways, I saw a team of young guys (from the looks of it, new graduates, or even maybe in college), who have a startup company named Spelldial. Well, I maybe an old fart, but I when I see enthusiasm, especially from youth, of course, as heck, I get impressed.

What is SpellDial? From their website, it says:

SpellDial is a technology that allows you to dial names instead of numbers. This is applicable only for those who have setup a spelldial account. Once you have checked the availability of your username you can register it to point to a specific number. So instead of dialing a number, you dial their username.

They have a webapp that you can point your android or iphone to, but nevertheless, when you point that url to your desktop browser, it doesn’t work (obvious reasons).

I then took a quick peek at their api, and made a php wrapper class for it in about an hour (so that you won’t need to think about the details of calling the api). It’s as simple as doing these lines of code:


include "spelldial.php";
$spell = new Spelldial();
$result = $spell->get_info("us.example");
print_r($result);
?>


I know, the api yet is apparently in their very early stages (some of their api functions return nothing), but considering they are all young guys, it’s a great start for them

Get my spelldial class here. I might in the future make an actionscript class (for flash users) and maybe even a java class for this one, but no promises.

Here’s the spelldial class in action (it’s a quick hack, so I’m sorry it’s ugly)

Tags: classes, jquery, php, Programming, spelldial

clintcan @ June 20, 2011

Ask OSTalks

Posted in: Off Topic Stuff | Comments (0)

I’m trying a different approach here… I’m finding that this blog seems to be getting a bit popular…

I am curious what topics you want discussed. I am familiar with programming stuff, open source stuff, android, etc. Coding in wordpress, even wine (Windows is Not an Emulator), linux stuff.

What do you want for me to discuss guys?

Also, if any of you needs IT consultancy services (or programming jobs), I’m glad to help out.

clintcan @ June 15, 2011

ARP Poisoning and Detection

Many people don’t really know about the ARP or the Address Resolution Protocol. This protocol is a common protocol used in local area networks. To define it, the Address Resolution Protocol (ARP) is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks (from wikipedia). [...]

More on page 668

Nice use of Blender’s Tomato Branch

I am looking forward to the Mango Open Movie project, but the Tomato branch of Blender has been moving on nicely. There’s one person who used this branch to astounding effect. A user named tomoasks has made this very realistic video of the Buffalo’s mascot. If you’re wondering what the Buffalo’s are, they are a [...]

More on page 666

Tizen is Meego without Qt?

Some interesting notes about Tizen and Meego (based on unofficial sources gathered by the Meego Network France, which was sent to the Meego dev mailing list) – so take them with a grain of salt (got some of the details there): 1. When Tizen was announced, it was more of a “political” decision of a [...]

More on page 663