About the challenge In this article, we’ll go through the Protostar stack4 challenge. This would be a bit similar to the stack0 challenge that we already tackled earlier, but it will think about an interesting way to get alternate code to execute instead of just modifying data. Pre-requisite: Make sure you’ve completed the Part 1 of the Practical Reverse Engineering Tutorials series. It’d also be great if you can try stack1-stack3 challenges on your own as they are similar to stack0.
What is this about? This article is the 1st part of the Practical Reverse Engineering Tutorials series. This series is geared towards a structured, but almost completely practical, approach to learn Reverse Engineering. Many of the existing articles/books take a long winded approach to teach RE which is prefixed with a lot of theory before the reader can get their hands dirty. This series will take a different approach of picking up various challenges in the order of increasing difficulty and help the reader in exploring ways how to break them.
I decided to create my own shorturl website last week for personal use and ended up developing a python project (deecubes)that can be used by anyone to do the same. This is a post to explain what/why/how about it. Why my own shorturl website? So far I had been using sites like bit.ly or TinyURL whenever I needed to generate a shorturl (e.g. for giving to someone for easily remember, noting down on paper, putting links on resume, etc) but I had concerns that:
Releasing my project email-actions today. You install it from github or from pypi. email-actions email-actions is a tiny SMTP server with a rules based engine to trigger any actions (notifications/commands etc) based on the emails sent to this server. Think of it like IFTTT but where input trigger is email and can be set up and run locally as well. Why did you make email-actions Like most of my projects, email-actions is a ‘scratch-your-own-itch’ project.
The Background We talked earlier about how certain ISPs block websites by using DNS hijack methods and I had recommended using DNSCrypt to bypass it. Well, as part of my home network overhaul, I moved over from the consumer grade (but still decent enough) Asus router over to Ubiquiti stack which, among other things, lead me to use their “Unify Security Gateway (USG)” as the router. Now, this router is pretty decent and is running Ubiquiti’s EdgeOS (derived from Vyatta OS, which in turn is based on linux/debian).
ISPs in India have been blocking websites since many years. It’s often done without much sense to it. The goveernment/telecom bodies and courts sometimes tell the ISPs to block content instead of telling the same to the websites that host the content. Sometimes, the orders are to block certain urls and ISPs are over-enthusiastic in implementing the orders and block complete websites. It’s all frustrating but it becomes enraging when you find out that the ISPs are messing with your traffic in a less than ethical way to implement this.
TLDR; Indian ISP ACT Fibernet (aka Beam Telecom) hijacks its users’ DNS requests (even when using public DNS servers like Google or OpenDNS) and blocks websites through this method. This has huge implications beyond website blocking and you can’t rely on anything that you are browsing anymore though there are ways available to make yourself safe. Aside: Indian ISPs are blocking benign/collateral damage sites now like bit.
While trying to make some graphs for one of my side projects recently, I came across an issue that both matplotlib and ggplot did not show up the graphs. I was able to save the graphs to an image file just fine, but if I tried to show them directly on screen while running the script, it just printed a number and exited. After tearing apart my hair for some time, I checked the backend being used by matplot lib:
I’m building a smartwatch project based around the new IoT posterkid on the block, ESP8266. Apart from the usual “smart” stuff, it does still need to display correct time :) and hence, the need for an ntp driver/client. I couldn’t find anyone working on that yet, so wrote up a quick and dirty implementation here: NTP Implementation for ESP8266 ESP8266 Smartwatch NTP Demo It still has a lot of stuff left to be done to make it good enough for the smartwatch project but it works.
So I got bored of listening to same old songs on my phone over and over and Rdio announced a streaming plan for India. With a sigh of relief I subscribed immediately and it was stellar at home with its wonderful 32 million song collection and chromecast support to boot. The experience during the commute daily was underwhelming. Couple the spotty airtel data connection with no one station covering all songs I would love and it makes for a frustrating commute with long gaps all over.