Month: December 2012
alephzain explains that the Exynos device file in the kernel
/dev/exynos-mem allows read/write permissions to all users. Many have suggested that a simple fix would be to change the permissions to chmod value 0660 or 0600. Though forum member AndreiLux suggest that this may disrupt camera services on the device and a better solution involving “limit[ing] the access to the DMA memory spaces”
Then …. yes, 🙂 a point and click exploit APK program has been made to allow users to run the exploit and obtain super user privileges. It also allows you to patch the exploit and un-patch it as well. The APK file has been posted on the XDA-Developers thread, authored by Chainfire.
On a side note, the name “alephzain” kind of translates to “thousand good” or “a thousand good things” 🙂
** EDIT **
Just used Chainfire’s exploit APP. Works like a charm on my Samsung Galaxy S3! Now I can use the firewall to block apps from getting ads.
Continuing my 5 part series on using the Bouncy Castle API to create your own Java library to manage Private / Public key pairs. Part 2 went over digitally signing and verifying messages using the generated key pair from Part 1. Also, just a note, the signature generation from Part 2 are not detached signatures, they’re embedded within the information. I’ll talk about why I prefer to do this when we get to Part 4.
Encryption is done using the recipients public key and does not require us to enter a pass phrase. When the recipient receives the encrypted message they will need to enter their pass phrase in order to decrypt the message. This is mainly so because their public key is protected by password based symmetric encryption inside the key ring.
Below we add the encrypt and decrypt methods to our PGPCryptoTools source file.
In part 1 I went over PGP Key pair generation, DSA/El Gamal key pairs to be exact, and how we can generate them using the Legion of the Bouncy Castle cryptography API. These key pairs can be imported directly into PGP for use or used programmatically via the Bouncy Castle API.
OK, so now that we know how to generate our PGP key pair we now will learn how to digitally sign and verify files. Signing files allows our recipient to verify the authenticity of the origin of the file we send them. It also verifies the integrity of the file as well.
Signing a file
- PGP Private Key of sender
- Private Key Passphrase
Verifying a file
- Public Key of sender
To make a developers life easier I’ve decided to create a static class called PGPCryptoTools which include the sign and verify methods. One just has to send the appropriate parameters (as shown in the bullet points above) to sign and verify files.
Some of my favorite things to do in software engineering is use libraries with cool names. Nothing beats The Legion of the Bouncy Castle. I like that name so much that I decided to just start using it! Well actually I really needed to use PGP cryptography in one of my projects and though it would be nice to blog about it, but yeah cool name though.
So one of the tricky issues with using Bouncy Castle (we seriously do it a disservice by shortening its amazing name to just 2 words) is the lack of proper, complete and friendly documentation. You may find many articles on the net or tutorials, but I found them way too complex and some just didn’t know what they were doing.
The best option was to look at the Bouncy Castle source code and go directly to their examples package. There they give some pretty good examples and enough to build your own tools for their API. In this part of my series I will go over generating a full fledged DSA/El Gamal PGP Key Ring that is importable into PGP.
I have just started getting into Android programming and it is becoming quite fun. I feel the power of the XML GUI editor, but it can be quite annoying. My first “wtf” moment was when I was creating text fields (known as EditText) in the XML. I wanted to limit the number of characters the user enters and easy enough it was simple to do.
Below is the XML for creating a text username login text field limited to 30 characters. The property that limits it is android:maxLength
<EditText android:id="@+id/login_username" android:layout_width="match_parent" android:layout_height="wrap_content" android:ems="10" android:hint="@string/login_username" android:gravity="center" android:maxLength="30" > <requestFocus /> </EditText>
So this is great! And whats even better is that because I’m coding in Eclipse I can utilize the auto-complete feature (CTRL+SPACE) to see all possible properties allowed. OK so now I need to create another text field but this time programatically. Not because I wanna make my life difficult but because the program I was doing needed it.
So I create the EditText object and all that and then I am able to apply all the other properties except for android:maxLength. Why? Don’t ask me really. I don’t know if it is bad design or there was some really good reason to do so. You have to create a filter, fair enough….. no not really. Sorry, instead of having a developer friendly method like
addFilter() they give us this
setFilters() which takes an array of filters. This is annoying.
LinearLayout linearLayout = new LinearLayout(this); LinearLayout.LayoutParams lp = new LinearLayout.LayoutParams(LinearLayout.LayoutParams.MATCH_PARENT, LinearLayout.LayoutParams.WRAP_CONTENT, 10); //Get my text to display on it from the strings.xml file String displayText = getApplicationContext().getResources().getString(R.string.login_displayText); //Create the array of filters and add my length filter to it InputFilter myTextFilterArray = new InputFilter; myTextFilterArray = new InputFilter.LengthFilter(5); EditText myEditText = new EditText(this); myEditText.setText(displayText); myEditText.setLayoutParams(lp); myEditText.setGravity(Gravity.CENTER_HORIZONTAL); myEditText.setEms(10); myEditText.setFilters(otpFilterArray); //Add it to the layout linearLayout.addView(myEditText);
When you just want to add 1 filter you are going to be forced to create an array and and set its length and add your filter. This is tedious at best and it causes you to waste some time. Not only that it is a bit counter intuitive. Being a Java programmer we are used to the conventions of having add(), remove() and set() methods. If you can add multiple filters to an object then you should implement add() and remove() at least.