Archive for November, 2017

Implementing a #HTTPS #Tunnel using c#

November 14, 2017 Leave a comment


You very rarely have to work at TCP/IP level whenever writing network code in C#, and if you find yourself doing it, you’ve probably taken a very wrong turn. However, since information is sparse about the format of low level TCP requests, I’m writing this article.

This particular code snippet shows how to make a HTTPS tunnel via a proxy server in C#. It involves these steps:

  1. Send a CONNECT command instructing the proxy to connect to a remote server on a given port, i.e. 443 for SSL, and forward all subsequent traffic to this host and port.
  2. Read the response from the proxy, it should be a line saying “200 Tunnel Established”
  3. Pass the stream to a SSL stream object, and call AuthenticateAsClient
  4. Send HTTP data as normal.

Here’s some code to connect to ICanHazIP via SSL.

private static string TestIp(WebProxy proxy)
var tcp = new TcpClient(proxy.Address.Host, proxy.Address.Port);
var stream = tcp.GetStream();
var connect = Encoding.ASCII.GetBytes(“CONNECT HTTP/1.0\n\n”);
stream.Write(connect, 0, connect.Length);
var rawStream = new StreamReader(stream);
var strConnect = rawStream.ReadLine();
var ssl = new SslStream(stream);
var send = Encoding.ASCII.GetBytes(“GET / HTTP/1.0\r\n” +
“\r\n” +
ssl.Write(send, 0, send.Length);
var sr = new StreamReader(ssl);
var str = sr.ReadToEnd();
return str;

If you’re interested in low level socket programming in C#, check out by book:

Categories: Uncategorized

Access UK TV #EPG via #JSON

November 13, 2017 1 comment


If you are developing an app or website that allows people check television guides in the UK, then this API may help you out.

First, a list of 576 TV channels from the UK can be listed via this Rest API call;

Then, to get details of programs to be shown on this channel, then you can use the url;

Where channelId is obtained from the previous call. The schedule is always for the next 24 hours.

This API will be built into out TV UK app for iOS:




Categories: Uncategorized

Sending a base64 encoded file using #SMTP.js

November 10, 2017 Leave a comment

smtpjs is a javascript library that allows you send email through Javascript. – You still need access to a outgoing mail (SMTP) server, but this makes life a little easier for your JS apps.

Today, we released v2.0.1 of the library, which has a few important fixes

  • The message body is no longer limited in size
  • There is now an optional callback parameter, that allows your code continue after the email is sent.
  • Attachments can be sent in base 64 format (dataURI) to the library.

Previous versions of the library will continue to be functional, but we recommend upgrading to the latest version.

Callback feature:

Depending on whether you use a stored token, or send your SMTP credentials with every request, then you use one of the two following blocks of code:

function done(message) { alert(“sent”) }

or, when using stored credentials;

token: “your-token”,
callback:function done(message) { alert(“sent”) }

DataUri Attachments

Previously, in order to send an attachment with this script, then the file you needed to send needed to be already hosted online. This, may not be ideal, if you wanted your user to select a file from their device, or otherwise dynamically generate the file to be sent.

So, let’s imagine we want the user to select a file to be sent from their device, we add a form element as follows;

<input type=”file” id=”fileupload” onchange=”uploadFileToServer()” />

Then define the function uploadFileToServer as follows:

function uploadFileToServer() {
var file = event.srcElement.files[0];
var reader = new FileReader();
reader.onload = function () {
var datauri = “data:” + file.type + “;base64,” + btoa(reader.result);
function done(message) { alert(“Message sent OK”) }
reader.onerror = function() {
console.log(‘there are some problems’);

Categories: Uncategorized

#Translate any country name into any language in C#

November 10, 2017 Leave a comment


If you have a multi-lingual app or website that needs to show a drop down list of country names, then it suddenly adds 195 words to your translation file, which is going to make your translation word count shoot up suddenly.

Surely, someone else has done this already?, yes, they have. The Unicode consortium have a public file that you can download that contains a list of countries, and lots of other information translated into many different languages; here;

I extracted the two letter files ({language}.xml) from core/common/main, removed the dtd definition, and put it in to a folder named /data/localisation off the root of my website.

public static string Country(string code, string culture)
// Source:
var locale = new CultureInfo(culture).TwoLetterISOLanguageName.ToLower();
var strLocalXmlFile = HttpContext.Current.Server.MapPath(“/data/Localisation/” + locale + “.xml”);
var xdoc = new XmlDocument();
var xn = xdoc.SelectSingleNode(“//territory[@type='” + code + “‘]”);
return xn.InnerText;

Then you can call Country(“GB”,”sv-SE”) to get Storbritannien

Of course, there is many more things that you may want to translate, and nothing is better than a human translator, which I’d recommend to find one.

Categories: Uncategorized

Protect yourself from #IAP #Fraud com.zeptolab.ctrbonus.superpower1

November 7, 2017 Leave a comment


IAP or In app Purchases is now the most popular way App developers get paid for their apps. Most IAPs don’t actually incur added cost the developer when used, such as unlocking extra levels, or power ups, but some activate real-world services, and can incur added server costs to the developer – such as extra file storage, or paid-for API calls.

This is why you really need to ensure that you validate your IAP receipt from apple, to ensure that it has indeed come from apple, and not a replay attack from someone else’s IAP.

I received this IAP receipt that failed validation this morning:


Running it through my IAP receipt validator I got this;

{ “receipt”: { “original_purchase_date_pst”: “2012-07-12 05:54:35 America/Los_Angeles”, “purchase_date_ms”: “1342097675882”, “original_transaction_id”: “170000029449420”, “original_purchase_date_ms”: “1342097675882”, “app_item_id”: “450542233”, “transaction_id”: “170000029449420”, “quantity”: “1”, “bvrs”: “1.4”, “version_external_identifier”: “9051236”, “bid”: “com.zeptolab.ctrexperiments”, “product_id”: “com.zeptolab.ctrbonus.superpower1“, “purchase_date”: “2012-07-12 12:54:35 Etc/GMT”, “purchase_date_pst”: “2012-07-12 05:54:35 America/Los_Angeles”, “original_purchase_date”: “2012-07-12 12:54:35 Etc/GMT”, “item_id”: “534185042” }, “status”: 0 }

Where I’ve highlighted com.zeptolab.ctrbonus.superpower1 – Which looks like ZeptoLab’s Cut the Rope Super Power 1 from 2012!,  Not the IAP I was expecting at all.

Thankfully my validator code spotted this.

Here’s the code for decoding an Apple receipt in c#

private const string urlProduction = “;;
private const string urlSandbox = “;;

private string Verify(string receipt, string serviceUrl, string sharedSecret)
var json = string.Format(“{{\”receipt-data\”:\”{0}\”,\”password\”:\”{1}\”}}”, receipt, sharedSecret);
var wr = WebRequest.Create(serviceUrl);
wr.ContentType = “text/plain”;
wr.Method = “POST”;
var sw = new System.IO.StreamWriter(wr.GetRequestStream());
var wresp = wr.GetResponse();
if (wresp != null)
var sr = new System.IO.StreamReader(wresp.GetResponseStream());
var response = sr.ReadToEnd();
return response;
return “no-data”;



Categories: Uncategorized