This year I competed for the first time in the Cyberlympics contest. This year it was created by warl0ckgam3z. Our 4-man team managed to get to the third round in Europe, but we wasted too much time on some challenges and were beaten by two of last years finalists. One of the challenges in round3 was a pwnable named WGZLiveLabsTrivia. I didn’t solve it during the contest, but the day after and still wanted to write about it. So sorry about the delay. but here finally is the write up. (Also the team, that did solve this during the contest, used the same principle).
Lately I had to increase the size of an Android Emulator Virtual Device. I couldn’t simply recreate the device, cause I wanted to reserve all data and applications installed. Since it took me some while to figure out and find the instructions to do this, I decided to create this small Blog Post for future references.
To increase the size of a virtual device on Linux you can use the following commands.
# cd ~/.android/avd/<Device>
# resize2fs userdata.img 1024M
# e2fsck -f userdata-qemu.img
# resize2fs userdata-qemu.img 1024M
# tune2fs -e continue userdata-qemu.img
A couple of months ago I decided to upgrade the OS of my dataserver. A server I created several years ago with 8 x 750GB hard disks serving a 4TB RAID-5 set. To handle the RAID-5 set I use a RocketRAID 2320 SATA-II Controller from HighPoint Technologies. Motherboard, CPU, memory and video card were replaced over the years, but the raid controller is still operational.
As OS I run Debian, started originally with Etch (I think) and in the years updated to now finally sid). Every update I had some trouble with the RocketRAID driver. Which I could solve with some tweaks.
Dit jaar heb ik meegedaan aan de Cybercrime Challenge: Operation High Impact van Team High Tech Crime van de Nationale Politie (ontwikkeld in samenwerking met Tweakers en QCSEC). Mijn dank voor de leuke uitdaging!
Ik was de tweede in snelste tijd, moest alleen Crypto Sjon voor me dulden. (Screenshot is ten tijde van het schrijven van deze blogpost. Inmiddels zijn de antwoorden online te vinden en worden mensen dusdanig gehint dat een snelle tijd halen erg makkelijk is).
Hieronder een omschrijving van alle challenges en hoe ik het opgelost heb. (Sommige challenges maken gebruik van social media, kan zijn dat deze niet meer beschikbaar zijn, alle downloadbare content heb ik gemirrored).
Ok, bad title, cause that is not possible. But it was the goal I wanted to achieve and there are some solutions for it. In Android development the strings.xml file is used to store all Strings in, so you can add support for multiple languages or at least have one place where you can change all your text.
When I wrote Steal WhatsApp database (PoC) I never expected it to go viral. I only wrote the article for myself and the few readers of my weblog. My brother and I started the research out of curiosity and ended with this Proof of Concept and blog post. But I’m happy with all the discussion it starts and the awareness it creates by users. My post was not meant to bash Android, WhatsApp or Facebook. I’m a happy consumer of all those products, but only question some design decisions.
However there is some room for some credits and some clarification. (more…)
We all heard the news that Facebook took over WhatsApp. Although I had never any problems using WhatsApp, I noticed in my environment that people were looking for a replacement. And it seems that the majority choose for Telegram. So I followed them. Too bad that after the installation of Telegram I started to receive SMS Spam.