bat script setting your notebook as a wireless . AP

Captive portal/Layer 2 isolation is a no no for Chromecast.. So I`m in Kelate right now,   Here's a quick bat script on setting your Windows 7 as an AP.. Run as administrator of course.

ap.bat

ECHO OFF

netsh wlan set hostednetwork mode=allow
netsh wlan set hostednetwork ssid=PUTYOUROWNSSID key=buhpasswordsendiri keyUsage=persistent
netsh wlan start hostednetwork

Use ICS with your No4G, or watever.. More infos:

http://msdn.microsoft.com/en-us/library/dd815243%28VS.85%29.aspx

Chromecast Experience in .MY Part 3

Okay part 3... It's pretty short and simple.. They say when u managed to produce a UML. The program is already completed :p

Chromecast Experience in .MY Part 2.

"Check out my new Iphone, It's using a 64 bit ARM. Not sure what it does but cool"
"My latest Samsung is using triple core processor. It's fast."

Unless  you have direct benefits from using such devices with that features, you are nothing more then just a mere human being consumed by the homogenization  of modernity.

This is the second part of Chromecast Experience. How does Chromecast work?
From Chromecast Developer Guide they have make a beautiful picture out of it.

So how does Casting works? When you first boot in your Chromecast, A Web Services would run and listen at port 8008. From a Blackbox point of view it's probably a heavy modifcation of node.js . Most likely with RESTful implementation.  of Web API. Owh it's using the DIAL .

So how does it works? Let's run our sniffer. Many people would prefer tcpdump or wireshark. But hey Windows does it charmed with Microsoft Network Monitor. Coolest thing bout this tool is you can filter it by apps in this case we filter chrome.

Each time we issue a cast  we actually "dial for it". When casting to a youtube application. We will send  GET Request to /app/YouTube

And the information that we will retrive is in a form of an XML Format hinting the DIAL implementation in chromecast.

From the DIAL developers guide

The rules of Dial Service..

1. First we send the a dial request for the Application(Youtube, Netflix)

2. Dial Server response with Okay

3. Then We Post the Application URL  in json format . It's actually a URL Forwarding technique.

4. Dial Server response . (Chromecast will launch it's Request via GET/POST to netflix or youtube).

At any application launch. The Apps can be kill (Netflix or Youtube) by issuing a HTTP DELETE.

Common HTTP Request can be found in the DIAL Developer Manual. Fiqueet.com have list down common Request that you can do with curl example.

get device information xml:
curl http://x.x.x.x:8008/ssdp/device-desc.xml

get detailed device information json:
curl http:///x.x.x.x:8008/setup/eureka_info?options=detail

scan for available wifi:
curl http:///x.x.x.x:8008/setup/scan_results

get supported time zones:
curl http:///x.x.x.x:8008/setup/supported_timezones

get info about current app:
curl -H “Content-Type: application/json” http:///x.x.x.x:8008/apps/YouTube -X GET

Which get back to us.. How does the video were streamed to us? Here is an incorrect pseudo-diagram but sufficient enough.

By now you should have at least an idea how to bypass it. If not you can wait for Part 3.

Chromecast Experience in .MY Part 1.

Living is not that easy these days. The cost of living have increased to a point where a mere average salary guy like me have a little bit trouble coping with my current life.  Yeap I admit I do have some sort of financial difficulty a bit . But Alhamdulilah I am bless with good  families and friends who are willing to help me in surviving the capitalistic nature of today's modernity.  

Nonetheless, the difficulty in one life shouldn`t be a burden to the soul in the quest of acquiring new knowledge.

Few months back down the road google have release the Chromecast . " A device that change makes your Smart TV Smarter"..

It cost us 35 bucks + 6 dollar shipping. Thanks to a friend of mine, Amir Shahir who bought it for me kindly.
Ifixit  had teardown for us. You can look on their website to see the inside of Chromecast.

To powered up the device is straight forward. Simply plug into your HDMI port  , and USB for power and it will boot on.

On my Sharp TV

Yeah terbalik dunno why.

Anyway the whole bunch of the Chromecast is actually a custom light webbrowser with HTML5 + Jscript + CSS Support. You can cast your content over WebRTC (since WebRTC support peer connect) or forward certain streaming sites request such as Youtube and Netflix (at this moment)..

Unfortunely we're living outside of the States. So surfing a Netflix is going to be a bit of problem.. Viewing geo-locked content is not a problem for PC users since a lot of proxies, VPN, can be used to bypass the protection.

That's not the situation with chromecast. This pricy small stuff is a bad-ass. You couldn`t rigged with it at all. The DNS Resolver is hardcoded in the device itself. One could root the device with previous firmware . But Google is also playing evil by updating the devices firmware without notifying the user, same goes to Google Chrome..

Solutions?

If you cannot customize/root the device. Then you make the device program behave like it was rooted. So for the past 48 hours , I've been testing analysing the chromecast traffic and studying the arts of bypassing of an unbypass devices..Hey presto the solutions is simple , i managed to sketch it on a nice A4..

Continue soon...
Just in case nobody belives me it's possible even using a cap telekom DIR-615...

One Way Web Hacking .........

One of things that we are going to teach in our HITB Class (kalo tak kansel)



Updated: It sucks using slideshare

DL:  http://www.sendspace.com/file/6z8m61

"Pentest is dead, so we are here to revive it"

We have arrived in an era where vulnerability assessment and
exploitation tools can be done with just a simple few clicks.
The ease provided  by modern commercial vulnerability assessment tools
especially regarding the reports generated by these tools give the
illusion that penetration testing is a simple task that can be
done/managed automatically ignoring the needs to increase the IT
security personnel competency.

However the ease of these tools is like an opium to the masses of IT
security practitioner. Relying solely on the results provided by these
tools somehow give the sense of false security towards the
organization that they are safe. The output of the tools only shows a
certain perspective of the whole security in the system. You might
have a good firewalls rules but have you ever considered an attack
could occurred by redirecting our attack by manipulating the
white-list rules? Worst, what's the point of patching your Oracle
Database to the latest update when the tnsname is predictable and the
7-Devil Oracle Default User are created  when a new DB is initialized?

In the Blackbelt Penetration Testing Training , we are here to quench
the thirst of the hollow exist in most IT Security Enthusiast. We are
trying to unlock the potential of any IT Security Enthusiast not to be
limited by the view provided by most security tools now-days. The
class is designed to unlock the creativity on technique to compromise
servers or find vulnerabilities that are not detected by tools. We
also give an in-depth view on common/uncommon  weakness found in the
World of Windows and Unix/Linux.  Do you trust your antivirus or
firewall? We will show you that under certain condition, some
malicious files can be encapsulated to bypass antivirus and firewall
protection. This is not a class that you are going to miss.

Feel free to sign up at 
http://conference.hitb.org/hitbsecconf2013kul/tech-training-5/

Becoming a beautiful believer.

On 4th of July I named my Daughter Iman Sofea which can be translated as Beautiful Believer. May Allah give here the beauty that can be reflected back towards our Deen. Just like our beloved Prophet Muhammad s.a.w which is described as a reflection of the moon. He is not the light itself but the reflection of the light that guided people travelling in the dark night.

Few days or probably still going on, in our own country we are faced with a questionable  picture regarding some Non Muslim wishing us the Muslim to have a good Ramadhan. I do not know what is the original picture nor quote since it's long gone and multiple Photoshop or Edited Picture appeared everywhere across the vast Internet.

Like any other believers, my first reaction is anger, shocked, agitated what is the motive behind posting with such questionable picture? Are they mocking my religion? Are they that ignorant about Islam at all? Didn't they learn Islam in their SPM at least in History class?

But in the midst of anger, shocked , full of emotional swing we have to look back what did our Prophet s.a.w do encountering such situation? For the believers , the beautiful way to handle the situation is... do not get angry. If we look in the 40 Hadith of Imam Nawawi  wrote:

On the authority of Abu Hurayrah (may Allah be pleased with him):

“A man said to the Prophet, ‘Give me advice.’ The Prophet, peace be upon him, said, ‘Do not get angry.’ The man asked repeatedly and the Prophet answered each time, ‘Do not get angry.’”

Related by Bukhari & Muslim.

If we succumbed to anger to make a judgement . Then that is not right ,another beautiful story about the Prophet s.a.w

There was a muslim man who came to the Prophet (sallallahu alayhi wa sallam) of Allah who gave him as a gift a bottle of wine. The Prophet (sallallahu alayhi wa sallam) said “didn’t you know that Allah prohibited wine?”. He said “I did not know that”. Then he whispered to the man who came with him a servant and then the man said “What did you just tell him?”. He said “I told him to go sell it”. The Prophet (sallallahu alayhi wa sallam) said “the one that prohibited its drinking also prohibited its selling. He said “In that case go dump it out”. 

Now we never know what the intention of the original poster posting the picture. But by looking at the behavior of our beloved Prophet s.a.w he didn`t react with Anger. He calmly told the person that he couldn`t accept the wine. Not shouting mocking cursing like majority of us sadly did today.When did we lost this type of beauty in us?

Another story that some addressing the same issue,

Ibn Abi Hatim recorded that `A'ishah said, "Some Jews came to the Prophet and greeted him by saying, `As-Sam `Alayka, O Abul-Qasim.' So I said to them, `wa `Alaykum As-Sam (the same death be upon you).' The Prophet said,(O `A'ishah, Allah does not like rudeness and foul speech.) I said,  `Didn't you hear them say, `As-Sam Alayka' He said,(Didn't you hear me answering them back by saying, `Wa `Alaykum (And the same upon you)')

The wife of the Prophet sa.w  upon hearing someone mocking his beloved Husband , like any other wife would are upset . (If your wife doesn`t get angry when someone telling bad things about you in front of her, well better check out lolz) . Neverless the Prophet s.a.w told her to calm down and do not get angry or used any foul language to retaliate back . For foul words affects the heart , the mind  and the soul (Which i discovered recently). It disturbed the inner peace within our hearts which affects the beauty of our soul.

Now to make some sense, when someone talk with the intention of mocking making fun of our Deen. Know that that's how it always been since the dawn of the Deen. People are making fun of our Deen constantly from the day the Prophet s.a.w first  preach until today :). It's all over the Internet where you can find people constantly mocking our religion with serious bad logic and misinterpretation .

Instead of getting angry we should be glad this is a signed of a legitimate legacy revelation that we received, adopted in our life. The fact that we care about matters like this (where other ummah doesn`t care anymore etc look how the comedian/cartoons/media  making fun of their own religion, and of course other religion as well. )This is a good sign that our Deen, our people is still gazed with sight of Loved by our Lord.

Last but not least, traditional Islamic Scholars defined Dakwah as inviting People to our Deen . Repairing corrupted Muslim is called amar maaruf nahi munkar, nonetheless how fare is our dakwah to these people? What is the steps that we have took to explain the situation/ethiques and why it's inappropriate. The meaning of dakwah is invitation.

So if we going to invite some strangers to our dinner should one say
" You look filthy, I hate you, If you don`t want to get kill, come to my house for dinner".  I doubt people will come.

If we are unable to see the beauty within the message of others. Then we should avoid making such ugly commentary or statement.

And Allah knows best.