I've written a little program that reads and converts my local playlists from the iTunes xml (some more background on my blog: Reading the Playlists from the iTunes Library XML).
Now I want to do something similar with the playlists that are stored on my iPod (in my case, a 2nd generation nano; please no iPhone anwers - I'm already envious ;-)). Any legal way to do this?
OS 3.0 lets you get at the playlist.
Checkout MediaPlayer.h.
Ah, wait. Nano? No, I don't think so. I assumed you meant ipod touch.
It's been a long time since I've dealt with that particular brand of iPods, but if memory serves; if you enable disk mode (if possible), all the info on the iPod will be accessible through a hidden folder on the Volume that shows up in Finder.
Where on that volume the information is I couldn't tell you, but it's probably in there somewhere; most likely in the binary property list format; so the data might take some massaging, but a simple trip through an appropriately factored command line tool should yield the info, or the info in it's XML incarnation.
If, however, the Nano doesn't allow use as a hard disk, I'm afraid there's not likely to be a whole lot to be done for it.
The only way that seems to work is to access the iPod through iTunes. iTunes offers an "older type" COM-based interface (?) called iTunesLib. You can register with Apple to get some documentation, but there is a decent description in Dan Crevier's Blog on MSDN.
There must be some other ways though, as there are some alternatives to iTunes that also allow to transfer music to iPods etc. Ideas, anyone? ;-)
Related
I created an AIR app which sends an ID to my server to verify the user's licence.
I created it using
NetworkInfo.networkInfo.findInterfaces() and I use the first "name" value for "displayName" containing "LAN" (or first mac address I get if the user is on a MAC).
But I get a problem:
sometime users connect to internet using an USB stick (given from a mobile phone company) and it changes the serial number I get; probably the USB stick becomes the first value in the vector of findInterfaces().
I could take the last value, but I think I could get similar problems too.
So is there a better way to identify the computer even with this small hardware changes?
It would be nice to get motherboard or CPU serial, but it seems to be not possible. I've found some workaround to get it, but working on WIN and not on a MAC.
I don't want to store data on the user computer for authentication to set "a little" more difficult to hack the software.
Any idea?
Thanks
Nadia
So is there a better way to identify the computer even with this small hardware changes?
No, there is no best practices to identify personal computer and build on this user licensing for the software. You should use server-side/licensing-manager to provide such functional. Also it will give your users flexibility with your desktop software. It's much easier as for product owner (You don't have call center that will respond on every call with changed Network card, hard drive, whatever) and for users to use such product.
Briefly speaking, user's personal computer is insecure (frankly speaking you don't have options to store something valuable) and very dynamic environment (There is very short cycle on the hardware to use it as part of licensing program).
I am in much the same boat as you, and I am now finally starting to address this... I have researched this for over a year and there are a couple options out there.
The biggest thing to watch out for when using a 3rd party system is the leach effect. Nearly all of them want a percentage of your profit - which in my mind makes it nothing more than vampireware. This is on top of a percentage you WILL pay to paypal, merchant processor, etc.
The route I will end up taking is creating a secondary ANE probably written in Java because of 1) Transitioning my knowledge 2) Ability to run on various architectures. I have to concede this solution is not fool proof since reverse engineering of java is nearly as easy as anything running on FP. The point is to just make it harder, not bullet proof.
As a side note - any naysayers of changing CPU / Motherboard - this is extremely rare if not no longer even done. I work on a laptop and obviously once that hardware cycle is over, I need to reregister everything on a new one. So please...
Zarqon was developed by: Cliff Hall
This appears to be a good solution for small scale. The reason I do not believe it scales well based on documentation (say beyond a few thousand users) is it appears to be a completely manual process ie-no ability to tie into a payment system to then auto-gen / notify the user of the key (I could be wrong about this).
Other helpful resources:
http://www.adobe.com/devnet/flex/articles/flex_paypal.html
I understand the concept of buffer overflow, and acknowledge it can give me the opportunity to execute my own code within a foreign executable.
My question is, cant this simply be done with easier ways ?
Say inject a DLL, and in DLLMain write your malicious code ?
Or play with the disassembly and inject assembly code into executable ?
And even if you got your malicious code working, what damage\profit can you get by the act, that you could not get by editing the disassembly by yourself ?
As far as I understand, the moment you got an executable in your hands you are the master of it, and can add\change\remove code by playing with the disassembly, why make all the effort for searching for exploits ?
Thanks, Michael.
Thing is, you don't generally get the victim to run your executable. So the fact that you can make it malicious is of little value.
Instead you can get the potential victim to use your input: that's why it's so interesting.
Most of the time, this is due to the skeptical minds of users nowadays towards executables, and how they do not think that a PDF document could contain a virus. In other situations, the only way to deliver the code is through an exploit, such as a buffer/heap/stack overflow.
For example, on Apple iOS devices, the only way to download executable code is through the AppStore. All executables that come this way must be explicitly approved of by Apple. On the other hand, if the user simply visits a link to a maliciously crafted PDF document in MobileSafari, it could allow an attacker to arbitrarily execute code on the device.
This is the case with Comex's JailbreakMe.com site (both v2.0 (Star) and v3.0 (Saffron)). The site has the device load an incredibly intricate PDF file that ultimately leads to jailbreaking the device. There is no chance in the world that Apple would approve of an app that would do the same thing.
I was using a jquery plugin to talk with bosh:
https://github.com/maxpowel/jQuery-XMPP-plugin
I read that i can use strophe to send data in stream mode, in order to save bandwidth.
What i need to have:
One normal channel where i exchange commands between chat computer users
Several channels to send not formatted data, but with the smallest amount of information, because the time of each message can round between 100ms
I've made a graph for better understanding.
How to do this with Strophe?
Second question is that i read about this json plugin for strophe http://code.google.com/p/prosody-modules/wiki/mod_json_streams .
Do you have already tried this? Is it stable and gives really a good win in bandwidth?
Thanks for your answer.
Best Regards,
Regarding your second question, thats just an april fool joke (note the date it was published), and also, the XEP 0295 that the page references make that clear:
NOTICE: This document is Humorous. It MAY provide amusement but SHOULD
NOT be taken seriously.
(The story is relevant...mostly)
So I'm over at my buddy's house playing some RE5 Gold Edition, beat the game, unlock a bunch of stuff, and then I copy the save file to my memory stick so I can take it home with me.
Of course, the save is locked to his profile so I can't play it on my PS3, even though I was there beating everything with him. Lame.
So, I've got this save file sitting on my memory stick, I want to see if I can hack it to work with my profile.
I figure if I just create 2 new saves on different profiles and do nothing else, they should be identical except for the profile information. Then I just have to replace my friend's profile info with mine, and it should work, right?
So I need a tool for diff-ing these 2 binary files so I can quickly locate the parts of the file that are different. I know there are plenty of tools for text, but what about for binary?
(Actually, there are 3 files, DATA0.DAT, PARAM.PFD, and PARAM.SFO... not sure if anyone knows anything about PS3 save files, specifically for Resident Evil 5 Gold)
Don't think it's going to be possible. Apparently the save file is "protected". All it would take to prevent me from tampering with it is if they hash the contents of the data using some unknown algorithm, and then verify the hash matches up upon load. Not sure if they're doing that, but... guess it would be kind of dumb if they weren't doing something similar.
Hex Workshop is one of the premier hex manipulation applications and it has a file compare function.
But be aware that the game may not use a straight foward data saving mechanism, you may be dealing with a custom database structure, or the data may be encrypted. Game developers typically don't make it easy to hack save files, for obvious reasons...
I thought most of compare tools can do that (like Beyond Compare which I love). For example, there is FC.exe in Windows 7 in System folder. Compares ASCII and binaries. See http://support.microsoft.com/kb/159214 for some details.
check out hex workshop. most other hex editors out there should have this feature as well.
A friend of mine brought up this questiont he other day, he's recently bought a garmin heart rate moniter device which keeps track of his heart rate and allows him to upload his heart rate stats for a day to his computer.
The only problem is there are no linux drivers for the garmin USB device, he's managed to interpret some of the data, such as the model number and his user details and has identified that there are some binary datatables essentially which we assume represent a series of recordings of his heart rate and the time the recording was taken.
Where does one start when reverse engineering data when you know nothing about the structure?
I had the same problem and initially found this project at Google Code that aims to complete a cross-platform version of tools for the Garmin devices ... see: http://code.google.com/p/garmintools/. There's a link on the front page of that project to the protocols you need, which Garmin was thoughtful enough to release publically.
And here's a direct link to the Garmin I/O specification: http://www.garmin.com/support/pdf/IOSDK.zip
I'd start looking at the data in a hexadecimal editor, hopefully a good one which knows the most common encodings (ASCII, Unicode, etc.) and then try to make sense of it out of the data you know it has stored.
As another poster mentioned, reverse engineering can be hairy, not in practice but in legality.
That being said, you may be able to find everything related to your root question at hand by checking out this project and its' code...and they do handle the runner's heart rate/GPS combo data as well
http://www.gpsbabel.org/
I'd suggest you start with checking the legality of reverse engineering in your country of origin. Most countries have very strict laws about what is allowed and what isn't regarding reverse engineering devices and code.
I would start by seeing what data is being sent by the device, then consider how such data could be represented and packed.
I would first capture many samples, and see if any pattern presents itself, since heart beat is something which is regular and that would suggest it is measurement related to the heart itself. I would also look for bit fields which are monotonically increasing, as that would suggest some sort of time stamp.
Having formed a hypothesis for what is where, I would write a program to test it and graph the results and see if it makes sense. If it does but not quite, then closer inspection would probably reveal you need some scaling factors here or there. It is also entirely possible I need to process the data first before it looks anything like what their program is showing, i.e. might need to integrate the data points. If I get garbage, then it is back to the drawing board :-)
I would also check the manufacturer's website, or maybe run strings on their binaries. Finding someone who works in the field of biomedical engineering would also be on my list, as they would probably know what protocols are typically used, if any. I would also look for these protocols and see if any could be applied to the data I am seeing.
I'd start by creating a hex dump of the data. Figure it's probably blocked in some power-of-two-sized chunks. Start looking for repeating patterns. Think about what kind of data they're probably sending. Either they're recording each heart beat individually, or they're recording whatever the sensor is sending at fixed intervals. If it's individual beats, then there's going to be a time delta (since the last beat), a duration, and a max or avg strength of some sort. If it's fixed intervals, then it'll probably be a simple vector of readings. There'll probably be a preamble of some sort, with a start timestamp and the sampling rate. You can try decoding the timestamp yourself, or you might try simply feeding it to ctime() and see if they're using standard absolute time format.
Keep in mind that lots of cheap A/D converters only produce 12-bit outputs, so your readings are unlikely to be larger than 16 bits (and the high-order 4 bits may be used for flags). I'd recommend resetting the device so that it's "blank", dumping and storing the contents, then take a set of readings, record the results (whatever the device normally reports), then dump the contents again and try to correlate the recorded results with whatever data appeared after the "blank" dump.
Unsure if this is what you're looking for but Garmin has created an API that runs with your browser. It seems OSX is supported, as well as Windows browsers... I would try it from Google Chromium to see if it can be used instead of this reverse engineering...
http://developer.garmin.com/web-device/garmin-communicator-plugin/
API Features
Auto-detection of devices connected to a computer Access to device
product information like product name and software version Read
tracks, routes and waypoints from supported recreational, fitness and
navigation devices Write tracks, routes and waypoints to supported
recreational, fitness and navigation devices Read fitness data from
supported fitness devices Geo-code address and save to a device as a
waypoint or favorite Read and write Garmin XML files (GPX and TCX) as
well as binary files. Support for most Garmin devices (USB, USB
mass-storage, most serial devices) Support for Internet Explorer,
Firefox and Chrome on Microsoft Windows. Support for Safari, Firefox
and Chrome on Mac OS X.
Can you synthesize a heart beat using something like a computer speaker? (I have no idea how such devices actually work). Watch how the binary results change based on different inputs.
Ripping apart the device and checking out what's inside would probably help too.