Archive for August, 2007

Shrink Your File Format

Want to shrink the file format in your program?  Here’s a method for shrinking your numbers down.  If you write the number “127” to a file, you are writing three bytes to the file (the ASCII character for each number).  This might not seem like a big deal, but in the long haul you can save a ton of space using the following method.  Write the character for 127 (\x7f, but printed as ).  Now read the file’s charachter and convert it into a number.  You just saved two bytes.  For writing numbers bigger than 256 (ASCII limit), write partials of numbers.  Break these numbers up in parts of two (589406830=58|94|06|83|0).  It might not be the most efficient way to shrink these numbers down, but it is easy to code and could save space in the long run.  If you want to shrink your numbers even more, convert them to hexadecimal before writing them to a file (hex was originally designed to write huge numbers).  Read these suckers back, feed it all into one string, and convert the string to an integer.  Congratulations on shrinking your file format.

Advertisements

August 8, 2007 at 2:40 am 1 comment

Passwords and How They are Stolen

I posted a comment on  Angry 365 Days a Year about passwords.  The entry was entitled Passwords suck.  Most people don’t know a lot about passwords and password stealing.  My comment on the post was on how the passwords can be stolen:


Here are some of the ways people get passwords:
1) The downloading of keyloggers.
2) Hackers (if they have a known target) can port scan (check the open ports on a computer), find ports with vulnerabilities, and transfer data (such as a keylogger or R[emote]A[ccess]T[rojan]) through to the computer.
3) Hackers connect to a server of an email service, messenger service, etc., and run a brute force/dictionary attack. This is done by writing a program to continually try and rearrange letter combinations (brute force), or test all the words in the dictionary.

I forgot to mention shoulder surfing. Shoulder surfing might be the most common of all. People looking over your shoulder while you type your password is a serious security risk.  Another method is social engineering, which is someone tricking you into giving away your password (usually by pretending to be tech support).  A very similar way of getting passwords is phishing, by asking for passwords or personal information in email (or connecting you to a false site that will look authentic). Here”s a little guide to making strong passwords:

 1)  Do not use words, known phrases, names, numbers, or personal information as passwords.
2) Use random letters and numbers in your password.
3) Use a mixture of uppercase and lowercase letters in your password.
4) If possible use special symbols such as $%.! in your password.
5) If you write your password down, do not put it out in the open. Shred the paper if you throw the password away.
6) Never trust anyone who wants your password.
7) Never put your password in plaintext on your computer (unencrypted text).

Here are some examples of weak passwords (in red) and strong passwords (in blue):

jimmy
girlfriend
11684
472385
mydoggie
1337

fo25vPEvMg42
dUI1OhanLINd5Ay
tym81MPty64
qmJ50cX85

Hopefully you can apply these tips to your passwords.

Cheers,

Ivan

August 4, 2007 at 3:48 pm 6 comments

MyPodcast.com, Free Podcasting Service

Okay, this is cool.  I recently found out about MyPodcast.com, a free podcasting service.  The only other way to do free podcasting (with unlimited bandwidth and space), is PodShow.com, and using Archive.org with a blog frontend.  I’m not a big fan of PodShow, and although I love the Internet Archive it’s hard to use it and a blog together.  It becomes difficult to manage.  I really love how the site doesn’t revolve around social networking (like many new podcasting services) and it integrates a blog (most services do).  If I ever do decide to Podcast, I’ll probably go there.

Cheers,

Ivan

August 4, 2007 at 2:51 pm 3 comments

Formats

Cracking formats doesn’t seem be too hard.  I figured out most of the simple 16-color bitmap this afternoon using a hex editor.  It’s pretty simple.  Create a bunch of files of a format of your choosing.  Open these up in a hex editor (my pick is XVI32, a great freeware editor), and take a look at how the file is structured.  Find out what numbers represent and changes that take place in the hex when you change the file (coloring pixels, changing width, etc.).  Then you can see what parts of the file do.  Find out what changing numbers represent, when you mess around with the files these will change.  You have to see how these changes will work in the file.  A description of file size might only take up one byte in one instance, but if the file gets bigger it might take up a few bytes.  Of course, most formats have been explored already, and in great depth.  I ran into a few problems with my hacking of the bitmap, because I was forgetting the whole issue of palettes and compression, but you can learn a lot about a file by looking at it in a hex editor.  Change things with the hex, and look at changes in the file.  When you discover functions of the hex, make sure you write it down.  Here’s some documentation I did on bitmaps.  I have a more full explanation of what I discovered on another computer, but here’s a template for your file:

–Bitmap File Info–
Byte Structure:
Header- 42|4D|C6
File Size- 3rd address and more, ab|cd=cd|ab
Height- 12th address
Width- 16th address
Pixels, bytes before final 3 bytes-Stores two pixels per byte. End of file starts at top-right.

Colors:
0- Black
1- Dark Red
2- Dark Green
–EOF– 

If you’re interested in the bitmap format there are some very good guides, here’s one that is very informative and useful if you need to use the bitmap format.  For more information on formats visit Wotsit, or if you want to get into reverse engineering see this excellent wikibook.

Cheers,

Ivan

August 3, 2007 at 4:12 am Leave a comment


August 2007
M T W T F S S
« Jul   Sep »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Contact

vainentree@gmail.com