-
Investigating a proprietary Android 2FA system
This article concerns an Android app used as part of a proprietary two-factor authentication (2FA) system. Investigation of the app and 2FA protocol reveals some interesting design decisions.
Overview
The 2FA system is similar to well-known offerings such as Duo Security and Okta Verify.… »
-
Investigating a historical Android anti-root protection system
This article concerns a specialised Android app used as part of a proprietary authentication protocol, developed in the late 2010s. Given the intended use case, the app features a number of aggressive security measures – the app uses FLAG_SECURE and does not run when developer… »
-
Spoofing Android device model via Smali patching
I recently came up against an Android application which gates certain functionality behind detecting a ‘compatible’ Android device – which mine was not. My usual approach, on a rooted device, would be to use XPrivacyLua to spoof the device information returned to the application, but… »
-
Efficiently reading a CSV of floats in Rust
In hpstat, we are often required to read large CSV files consisting of a header of string column names, followed by data consisting entirely of floating-point numbers. Profiling reveals that a naïve approach based on generic CSV parsers is inefficient at this task.
Consider… »
-
Beta ratio distribution for SciPy
The quotient of 2 independent beta-distributed random variables has a known distribution, but its closed-form expression is a little hairy [1, 2]. One Python implementation of this distribution is available from Julian Saffer [3], but it suffers from some numerical issues… »
-
Porting NU-Prolog (c. 1995) from BSD Unix to modern Linux
NU-Prolog is a Prolog variant designed by the members of the Machine Intelligence Project at the University of Melbourne, released circa 1986, with a version 1.6.9 released circa 1995.
Recently, I sought to port some software written in NU-Prolog (written by one of its creators, … »
-
Investigating and disabling hard-coded certificate pinning in an Android application
mitmproxy is an open source interactive HTTPS proxy, which makes it easy to intercept HTTPS for reverse engineering, including an Android clients. It does this by installing its own CA certificate on the client device.1
Recently, I was attempting to reverse engineer the HTTPS… »
-
Customising Pretix defaults with a plugin
Pretix is an open source ticket sales platform with a self-hosted ‘Community’ edition. Pretix is highly versatile, and features a plugin system making it highly customisable, and the API is fairly well-documented. However, complete examples of how exactly to use the API to accomplish certain… »
-
Using selenium to scrape/import bank transactions for ledger-cli
Ledger is a powerful command-line plain-text double-entry bookkeeping system, with the capacity to import transactions from CSV files. In America, many banks provide APIs to access transaction feeds, which can be then directly imported into Ledger. However, in Australia, this is not the case.
Some… »
-
Customising OsmAnd voice navigation to remove route numbers
OsmAnd is an open-source offline map and navigation app for Android, based on OpenStreetMap data.
In my experience, OsmAnd's voice navigation is the most polished of all open-source Android navigation apps. However, it has a frustrating habit of always announcing street names in conjunction with… »
-
Line wrapping with cgit and correct line numbers
cgit is a ‘hyperfast web frontend for git repositories’.
cgit's display of file contents (example) renders everything inside a
pre
block, and therefore does not support wrapping of long lines. cgit handles line numbers by coding them separately to the actual content, so… » -
A new home for my git projects
Yesterday, GitLab, where git projects were formerly hosted, announced changes to their terms of service to incorporate mandatory1 telemetry – both on its GitLab.com SaaS website, and its proprietary self-managed products – causing significant consternation among many. This follows the acquisition of GitHub… »