Extracting data from a running process #Windows / #WindowsSecurity

CreateDumpFile

In this particular instance, I had a long running EXE, that crashed, but didn’t terminate. I couldn’t restart it, but I see that it was still in- memory, so I wanted to see if I could rescue the data from it, or at least some of the data, there was about a 1GB memory footprint.

So, I opened task manager, and Right Click > Create memory dump, and it created a 1GB file. I opened this file in GLOGG, a large file viewer.

dump

And… lo and behold, amonst alot of binary data, there was plain text, that could be easily extracted. Like in this screenshot, where you can see HTML in plain text.

This also may serve as an alarm bell for any software that might hold passwords or sensitive information in memory. Make sure that passwords are not held in static variables, since this approach could be used to extract them.

Categories: Uncategorized

#OpenSource web crawler in C# based on #HTMLAgilityPack

crawler

TL; DR;

Here’s the Repo; https://github.com/infiniteloopltd/WebCrawler/

A Web Spider based using HTMLAgilityPack. This library will follow links within webpages in order to find more webpages, it works asynchronously, and will fire events every time a new page is encountered.

A few caveats, is that it’s single-threaded, so, it’s going to be rather slow. It holds it’s queue in memory, so it’s going to be a memory hog on really large websites. It also doesn’t obey Robots.txt.

Please feel free to fork this library, and improve upon it!

Sample Usage

  Spider.OnQueueUpdate = q =>
  {   
      Console.WriteLine("Crawler Queue updated : " + q);
      if (q == 0)
      {
          // when this reaches 0, then the crawl is complete
          Console.WriteLine("Crawl Complete");
      }
  };
  Spider.OnVisitedPage = (webpage,content) =>
  {
      Console.WriteLine("Crawler visited : " + webpage.Url);
  };
  Spider.OnCrawlError = (webpage, ex) =>
  {
      Console.WriteLine("Crawler hit error at : " + webpage.Url);
  };
  Spider.StartPage = new Uri("https://www.cloudansweringmachine.com/");
  Spider.Scope = "https://www.cloudansweringmachine.com/"; // Don't leave this domain.
  Spider.Start();
  Console.WriteLine("Crawl stated, press enter to stop.");
  Console.ReadLine();

httpsimage.com

 

Categories: Uncategorized

Decode an SSL Cert from a byte array in C#

en_ssl-header

This is more of a useful code snippet than any great revelation, however, if you ever needed to convert a byte array of a X509 cert into a X509 certificate object, then here’s how you do it using BouncyCastle

var certificateBase64 = File.ReadAllText(“cert.txt”);
var certData = Convert.FromBase64String(certificateBase64);
var parser = new X509CertificateParser();
var cert = parser.ReadCertificate(certData);

Really easy!; Here’s the project on GitHub – https://github.com/infiniteloopltd/CertificateDecoder

 

Categories: Uncategorized

First #Dart / #Flutter Package published

dart-package

https://pub.dev/packages/license_plate_api_uk

And, I’ve also set up a verified publisher here; https://pub.dev/publishers/infiniteloop.ie/packages

license_plate_api_uk 1.0.2

license_plate_api_uk

A Dart package for looking up technical details on vehicles registered in the UK by their license plate (VRM)

license_plate_api_uk provides a simple way to find vehicle details from a license plate (registration number) of a car, motorbike, or HGV registered in the United Kingdom.

This requires a username and password, which is available for free from https://www.regcheck.org.uk

Usage

A simple usage example:

import 'package:license_plate_api_uk/license_plate_api_uk.dart' as RegCheck;

void main(List<String> arguments) async {
  // Usage:
  // dart bin/main.dart *VRM* *USERNAME* *PASSWORD*
  // Where *VRM* is a UK vehicle registration mark (license plate)
  // *USERNAME* and *PASSWORD* are available from https://www.regcheck.org.uk
  var vehicle = await RegCheck.LicensePlateUK(arguments[0],arguments[1],arguments[2]);
  print('Description: ${vehicle['Description']}');
  print('Engine: ${vehicle['EngineSize']['CurrentTextValue']}');
  print('Fuel Type: ${vehicle['FuelType']['CurrentTextValue']}');
  print('Transmission: ${vehicle['Transmission']['CurrentTextValue']}');
  print('Image: ${vehicle['ImageUrl']}');  
  print('Body Style: ${vehicle['BodyStyle']['CurrentTextValue']}');
  print('Colour: ${vehicle['Colour']}');
  print('Registration Date: ${vehicle['RegistrationDate']}');
  print('Engine Number: ${vehicle['EngineNumber']}');
  print('VIN: ${vehicle['VehicleIdentificationNumber']}');
}

which produces the following:

Description: VAUXHALL MOKKA SE
Engine: 1364
Fuel Type: Petrol
Transmission: Automatic
Image: https://www.regcheck.org.uk/image.aspx/@VkFVWEhBTEwgTU9LS0EgU0U=
Body Style: Hatchback
Colour: BLUE
Registration Date: 01/06/2014
Engine Number: A14NET 140580075LUJ
VIN: W0LJD7E85EB690449

Features and bugs

Please file feature requests and bugs via the website http://www.regcheck.org.uk

Categories: Uncategorized

Call a JSON-based #API with basic authentication using #Dart / #Flutter

dart

TL;DR; 

The Github repo is here, for anyone to clone / fork : https://github.com/infiniteloopltd/DartLicensePlateAPI

What this does, is call a JSON based API, using basic authentication using the Dart programming language. The code is pretty simple, and it only requires ‘http’ as a dependency.

import ‘package:http/http.dart’ as http;
import ‘dart:convert’ as convert;

Future<dynamic> LicensePlateUK(String Reg, String Username, String Password) async {
String basicAuth = ‘Basic ‘ + convert.base64Encode(convert.utf8.encode(‘$Username:$Password’));
String url = ‘https://www.regcheck.org.uk/api/json.aspx/Check/$Reg&#8217;;
var response = await http.get(url,
headers: <String, String>{‘authorization’: basicAuth});
return convert.jsonDecode(response.body);
}

Which can be consumed as follows;

import ‘package:RegCheck/RegCheck.dart’ as RegCheck;

void main(List<String> arguments) async {
// Usage:
// dart bin/main.dart *VRM* *USERNAME* *PASSWORD*
// Where *VRM* is a UK vehicle registration mark (license plate)
// *USERNAME* and *PASSWORD* are available from https://www.regcheck.org.uk
var vehicle = await RegCheck.LicensePlateUK(arguments[0],arguments[1],arguments[2]);
print(‘Description: ${vehicle[‘Description’]}’);
print(‘Engine: ${vehicle[‘EngineSize’][‘CurrentTextValue’]}’);
print(‘Fuel Type: ${vehicle[‘FuelType’][‘CurrentTextValue’]}’);
print(‘Transmission: ${vehicle[‘Transmission’][‘CurrentTextValue’]}’);
print(‘Image: ${vehicle[‘ImageUrl’]}’);
print(‘Body Style: ${vehicle[‘BodyStyle’][‘CurrentTextValue’]}’);
print(‘Colour: ${vehicle[‘Colour’]}’);
print(‘Registration Date: ${vehicle[‘RegistrationDate’]}’);
print(‘Engine Number: ${vehicle[‘EngineNumber’]}’);
print(‘VIN: ${vehicle[‘VehicleIdentificationNumber’]}’);
}

I’m going to publish a package to pub.dev once I figure out how to do that!

Categories: Uncategorized

Push Notifications #iOS13 with Cordova PushPlugin

images

If you’re using phonegap-plugin-push 1.10.0 “PushPlugin” with Cordova and iOS13, then you will quickly notice, that in your callback, that the data.registrationId will be in the wrong format, something like:

{length=32,bytes=0x61a941c6799e63043d5366de0b865cbf...781fd5936a7efdc6}

as the device token, which will obviously not work.

So, there are solutions, like upgrading the push plugin, but for whatever reason, you can’t do that, here is the code change necessary to fix the plugin:

Open Plugins > PushPlugin.m

Scroll down to didRegisterForRemoteNotificationsWithDeviceToken

and remove this line of code:

    NSString *token = [[[[deviceToken description] stringByReplacingOccurrencesOfString:@”<“withString:@””]

stringByReplacingOccurrencesOfString:@”>” withString:@””]

stringByReplacingOccurrencesOfString: @” ” withString: @””];

and replace this with:

NSUInteger length = deviceToken.length;

const unsigned char *buffer = deviceToken.bytes;

NSMutableString *hexString= [NSMutableString stringWithCapacity:(length * 2)];

for (int i = 0; i < length; ++i) {

[hexString appendFormat:@”%02x”, buffer[i]];

}

NSString *token = [hexString copy];

This is from https://onesignal.com/blog/ios-13-introduces-4-breaking-changes-to-notifications/ – So credit due, and respect to George Deglin for this fix.

With this fix, the registrationId goes back to normal, and push notifications work as before.

 

Categories: Uncategorized

#APNS for #IOS13 in C#

1_yVRIJRb4z-F3ahDKsMVcpw

APNS, or apple’s push notification service has changed a bit in iOS 13, so you need to make some changes to your code to make it work again.

First off, I used to use MOON APNS (https://github.com/arashnorouzi/Moon-APNS/issues) but it seems to be no longer maintained. It used a raw TCP/IP mechanism, which I’m sure is ultra-performant, but it’s really hard to debug, so I decided to just change the framework to PushSharp (https://github.com/Redth/PushSharp)

Now, my code is very much a fire and forget, if it works, good, it it doesn’t – nevermind. I’m not catching or logging any exceptions, you might want to do this. I’m not getting into how to create the .P12 key, that’s a whole post on it’s own.

public static void Push(string message, string apns)
{
// Change p12 after acceptance!
var strP12 = HttpContext.Current.Server.MapPath(“~/certs/2020/sandbox.2020.p12”);
var config = new ApnsConfiguration (ApnsConfiguration.ApnsServerEnvironment.Sandbox,
strP12, “xxxxxx”);
var apnsBroker = new ApnsServiceBroker (config);
apnsBroker.Start ();
apnsBroker.OnNotificationSucceeded += (notification) =>
{
apnsBroker.Stop();
};
var oPayload = new
{
aps = new
{
alert = new
{
body = message
}
}
};
var payloadJson = JsonConvert.SerializeObject(oPayload);
apnsBroker.QueueNotification (new ApnsNotification {
DeviceToken = apns,
Payload = JObject.Parse(payloadJson)
});
}

It only sends a text message, it doesn’t have badges, sounds, or alerts, but that’s all I needed.

 

 

Categories: Uncategorized

How to duplicate a #partition in Windows using Disk Managment

resynching

If you want to duplicate a partition, to create an exact copy of it, then there are probably plenty of tools to do this. However, you can also do it with Disk Management – Which is available under the Computer Management tool in Windows.

First thing, is to click on the partition you want to copy, and select “Add mirror”, then select the empty partition you want to copy the data on to.

This process will take several hours, and will only show progress after 30 minutes or so – Depending on the speed of your system.

Once complete, right click on the partition, and select “Break Mirrored Volume”, you will now have two identical drives.

break-mirror

 

 

 

Categories: Uncategorized

Automatically translate #Udemy captions using #Microsoft #Azure #Cognitive services.

captions editor

Udemy has a great system for captioning videos, but perhaps you want to appeal to an international audience, and include captions in multiple languages. The best solution, of course it is to have them professionally translated, but if you want a cheap solution (and poor-quality), then you can run them through an automated translator like Azure cognitive services.

The code here is in C#, and is available on Github here; https://github.com/infiniteloopltd/vtt-translate

You download the VTT file (which is a bit like an SRT), and run it through this code;

private static string FromString(string english, string to)
{
const string host = “https://api.cognitive.microsofttranslator.com&#8221;;
var route = “/translate?api-version=3.0&from=en&to=” + to;
var subscriptionKey = ConfigurationManager.AppSettings[“subscription”];
var body = new object[] { new { Text = english } };
var requestBody = JsonConvert.SerializeObject(body);
using (var client = new HttpClient())
using (var request = new HttpRequestMessage())
{
request.Method = HttpMethod.Post;
request.RequestUri = new Uri(host + route);
request.Content = new StringContent(requestBody, Encoding.UTF8, “application/json”);
request.Headers.Add(“Ocp-Apim-Subscription-Key”, subscriptionKey);
var response = client.SendAsync(request).Result;
var jsonResponse = response.Content.ReadAsStringAsync().Result;
var jResponse = JArray.Parse(jsonResponse);
foreach (var translation in jResponse[0][“translations”])
{
var strText = translation[“text”].ToString();
return strText;
}
}
return null;
}

Obviously, you’ll need your own subscription key from azure, but the free tier covers 2M chars.

Categories: Uncategorized

Techies can help reduce the spread of the #CoronaVirus too.

covid19-cdc-unsplash

I’d like to put forward an idea, that techies can help in the effort to limit the spread of the virus.
Many people still need to go to offices during lockdown, if their job is necessary. But, perhaps some of these people *could* work from home if they had the right IT systems in place to allow them to do so.
If you know of someone who still has to go to an office to work, and perhaps their job could potentially be done from home – but maybe their office doesn’t have secure access to office files remotely (i.e. a VPN?), or perhaps the phone line can’t be forwarded to another location (SIP Forwarding ? )
Let’s try and free up workers who need to do their job, but not necessarily from an office! – Feel free to tag anyone, and we can put our heads together to find a solution.
Categories: Uncategorized