The discovery of Python

October 15th, 2012 by admin 2 comments »

I’m a java developer.Let’s agree on that, i was always a java developer, since i started out in Telmap, true i’ve made some projects in C/C++, even private one in assembler thanks to Perter Norton’s Assembly language for the PC, but it was always java, i envied C# for the new abilities like properties and Generics (until generics came to java) and for the visual Editor (until i learned that absolute layout is shit…). But in java i put my trust and there i stayed. Until i met python.

Scripting languages were always a weakness for me :-) god of the unix said why compile when you can simple run ? i liked having the great cygwin on my win7, i liked the linux\mc\FreeBSD shell, i really liked the use of grep and sed, someimtes AWK as well for the little tasks u need here and there (in the opportunity i would like to thank tr, cat, cut , bash , uniq and the like which i used so many times. let’s not forget ant which is not shell like but it is script like and did a lot for me.

When I started looking on buffer overflows and shellcodes as well as quick socket opening (u can use nc/netcat these days for that though) i wanted a scripting lang that can do it pretty easy for me to write’em and to use something that is main stream and easy to use. i tried Perl, ahhh perl, perl ,i could never get the grip of that lang, i had little experience with RE at that time and perl didn’t make it easy! also the non readable nature of the language didn’t help as well to get to like it. So eventually i decided to dive into python and try to see what it stores.

So here are some stories about python and my experience with it.
First of all python is available for all 3 major OS’s: Linux, mac and win. Also for freeBSD. for windows the support is a little painful if you want to install special modules like numPY since you need someone to compile it for you, if not you need to download dead old VS compiler to compile the modules…

Either than that it’s quite nice and comfortable, the IDLE that comes with python doesn’t work so well on my iMac at work, if i keep the window for 1-2 minutes in the background i can never put it in the foreground again! eclipse got a very nice plugin to work with, don’t use it as much since it’s meant for projects and not such a small pieces of code like i use it.

python feats right in with shell codes, you can run it as a shell script like so:

1
2
3
#!/usr/local/bin/python

script


don’t forget to change permissions to 0755 so it’s executable…

On windows you can just double click it.
You can easily list files, read files, read binary or text, run regular expressions on the files, open sockets, open urls etc..

Regarding URL’s i must admit that the Apache (java) http library is better than the python one, most examples for the python urllib and urllib2 are pretty simple, no redirect handler examples no error handles example.

It’s really easy in python to install new libraries, it has a central repo and easysetup command usually cut it.To install it since it doesn’t come ‘out of the box’ usually you can reffer to: setup tools(EasySetup) installation instructions.

python have several well known libraries including ‘twisted’, numPy, Request’ HTTP Library, ‘matplot’, ‘mechanize’ (scrapping library).

Some of the links are scientific libs for matices and math calculations and are implemented in C for python and some are just network and scrapping libraries, these are the one i know, by no means they are the only existing libs!

The variables in python much like java script and other scripting lange are loose, no type declaration, what ou put inside defines it’s type. Also indentation is a must and makes the language much more readable since you have to Indent your code or it wont compile. the ‘import’ keyword keeps namespaces separate (prevents bugs that exist for example in javascript that do not use commonJS), tuple and array plus the easy conversion from bytes to string (usually utf-8) and back makes it very easy for shellcodes, binary payload etc…
The ctypes library which i first encounter in Gray Hat Python book, showed me the power of integration between python and the native OS you work on, BTW ctypes is not only good for integration it’s also very useful for binary file parsing, by defining your own structure you can later on read from a file like so:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#import all ctypes types into the current name space ,convenient.
from ctypes import *;

class ExampleStruct(Structure):
    _fields_=[('firstField',c_int),('secondField', c_ubyte), ('arrayField', c_char*9)];

    def readFromFile(self, file):
        with open(file, 'rb') as f:
            f.readinto(self);
            f.close();
    def writeToFile(self, file):
        with open(file, 'wb') as f:
            f.write(self);
            f.flush();
            f.close();

This is very short and very nice :-) it’s not a very nice way to save python types to the disk but it’s anice way to read binary files (dex ? java ?) and transform them into a data structure.
Another options is structure.pack and unpack but i found it more tedious and not so good for arrays since every char in the unpack string is just one type so ‘BBBB’ (array of 4 unsigned chars or bytes) is just tuple of four distinct variables and not an array of 4 bytes, if you really want consistent data (pointer to a buffer of 4 bytes) then this is NOT what you want.

In the next few articles i’ll try to give some more highlights of the lang, all sorts of while i discover them myself, the project i’m now taking on me is building the DexToXML that is described (using java though) in the great book Decompling Android

2 comments »

Posted in misc, python

Android layout inflation and ID’s issue.

November 28th, 2011 by codeScriber No comments »

In my course of creating an android app i’ve encoutered several times the issue of needing to inflate an extra layout or layout into existing layouts that you set with ‘setContentiew()’.

The process is simple, Since i’m usually using LinearLayout as my main layout all i have to do is get the LainearLayout objet using findViewByID(), inflate my new layout and use myLinearLayout.addView(inflaterView);
This does the trick hoever once it comes down to get save and restore for my form’s statefull items(checkboxes\EditText etc…) it doesn’t work. to see why it fails to work, let’s take a look on android’s code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
protected void dispatchSaveInstanceState(SparseArray<parcelable> container) {
        if (mID != NO_ID && (mViewFlags & SAVE_DISABLED_MASK) == 0) {
            mPrivateFlags &= ~SAVE_STATE_CALLED;
            Parcelable state = onSaveInstanceState();
            if ((mPrivateFlags & SAVE_STATE_CALLED) == 0) {
                throw new IllegalStateException(
                        "Derived class did not call super.onSaveInstanceState()");
            }
            if (state != null) {
                // Log.i("View", "Freezing #" + Integer.toHexString(mID)
                // + ": " + state);
                container.put(mID, state);
            }
        }
    }

So it’s all pretty simple. If you have an ID then call the View’s onSaveInstanceState() that will create a Parcelable of it’s state and will saved in a SparceArray(integer to Object Mapping that should be more effecient than HashMap) connected to it’s ID. If you have no ID than your data will not be automatically saved.
» Read more: Android layout inflation and ID’s issue.

No comments »

Posted in Android, misc, moblie development

Follow the yellow big road

September 22nd, 2011 by codeScriber No comments »

So i was talking to a friend at my working place about jobs out there in the fre market, how the neigbours grass is always greener, it actually might be in our kind of market, but it’s suually aint :-0 we all know it, but when the time comes we are all tempted to check out what’s outside.

So i a question form one of the interviews came back to me, i recalld it because no other place asked me abut math and statistical questions.
The place i was at did….

The riddle goes like so:
You are facd with a road which you don’t know it’s end, might be in mile might be in 100 miles.
The road is paved with signs, no rules for the distance between them, meaning their number is unknown to you.
» Read more: Follow the yellow big road

No comments »

Posted in algorithms, misc

9-patches insight – things you wont read on android’s doc.

September 4th, 2011 by codeScriber 5 comments »

So i had to you a 9-path, for couple of month now i let our designer do the 9-path thing. If any of you think he bothered reading the docs. you are dead wrong :-) , designer, what did you expect happy little guy with 0 tolerance for long writings…. i used the 9-pathces for button’s backgrounds and for dialogs background, but alas! in some cases i got very very strange results which i could not understand. I had to turn to the documentation to check what it says regarding 9-patches and what the lines on top, bottom right and left actually mean…
» Read more: 9-patches insight — things you wont read on android’s doc.

5 comments »

Posted in Android, moblie development

Tags:

Checking is shit: why Did android team did a poor job for Check Box ?

April 9th, 2011 by codeScriber 3 comments »

My last job was all about Android internals, all the UI was the sole premises of our Core team, i was on the porting side so i have to support their interfaces and just make sure they work flawlessly. I did that, but got tiered of it.
Found another job, one that required me to make a product from scratch.

Not much was around the product, meaning it’s a web service with a GUI (when u put it like that you can consider that all android application are pretty lame :-) ) but i had to work my ass off to create a GUI that was somewhat similar to iPhone, cause that was the original product in the company so all specs followed.

In the course of my work i got to discover how to create custom components right, meaning with xml attributes support, how the styles.xml should look like what should i put in a style and what should i put in a theme, what should go to the values (stings\colors\ dimensions), but what’s most important i got to get to know the Google different View’s intimately, code wise :-)

I can tell you some components are pretty “heavy” long lines of code, sometimes not so organized (like EditText and TextView which i think could have been one View…) and the worst is sometimes they are not really made for inheritance which causes the need to duplicate code – which is plain stupid! but sometimes there’s no choice. I’ll show you here in a minute what i mean.

» Read more: Checking is shit: why Did android team did a poor job for Check Box ?

3 comments »

Posted in Uncategorized

Bulding new Android version for ADP2(sapphire).

September 23rd, 2010 by codeScriber 1 comment »

I started out a new place of work, yeah good old me decided to take his fit and drag them to another place.
Unlike the old once the new place is very new to mobile industry and just wanted a mobile application for their servers.

Why they didn’t use out source to create the app for them / probably because they are new and unaware of the price for an in-house mobile application developers…
In any case my point is that they have only one iPhone and now only one Android device, they decided to go with the ADP2 device since it’s meant for installing new FW on it all the time, at least that’s what they say :-) i didn’t realized google were the one on order that device and HTC were just the manufacture like the “Nexus One” , you will understand the reason soon enough for me mentioning this.

So i got to find that this ADP2 device is 1.6 (donut) FW at the moment, to be honest ,fair enough, quite a few of the devices today are still 1.6 though most are allready 2.1 and soon will be 2.2.
Since i’m well aware of that fact and i know new to combile companies will not rush to buy another device, and since that device is indeed meant for evelopment i decided i want to upgrade, at least temporarly to 2.2.

So, since this is an HTC device, who wil you turn to ? that’s right! HTC… So first you go to the developre site and look for clues in there, so i did found a way to flush this device, but with factory FW, and the latest one is 1.6, so what do you do next ? right! you contact HTC support… when i used t owork for a big shot cpompany i will get a contact in HTC and a reply, but since i’m just a tiny whiny little developer in an unknown company not benefiting operators and HTC tehmselves the answer i got was: “we can’t help you” and in a bit more details: “e do not supply 2.1 and 2.2 images for this device, and we keep the knowlegde of compiling the device internally so we cannot reveal it”.

Great, some help… you really would expect a company to help you if they give you a DEVELOPMENT DEVICE, you hear that HTC ? you sold us a DEVELOPMENT DEVICE so i need help for deloying my DEVELPOMENTS on it!!!

So next you turn to android source site and there there are instruction on how to compile the source code, and how to install it using fast boot. Howerver one fo the commands to run is ‘adb root’ for which the resualt is:

[code lang="bash"]

C:\Users\codeScriber>adb root
adbd cannot run as root in production builds

[/code]

That mans that the dear old development device was sold with production firmware that does not allow to mengle with the bianary code.The reason you need root access is to get some binary files that you need to build a ful saphire image from sources(propriety HTC binaries)how am i supposed to do naything with this devide without root access ? i need to turn to rooting articles now hoping to manage to crack the FW open, now i wonder why the hell would i buy a development device, for development , if  need to crack it.

HTC you really got on my nerves, if i’ll ever have to buy a device it will never be an HTC device, even though i know some of the best are HTC’s, i’ll even preffer Meego and Nokia before i’ll accept an HTC device in the future, except for stupidity i find nothing in your support and customre relation.

1 comment »

Posted in Uncategorized

Brew yourself an applet… part#1

August 30th, 2010 by codeScriber 6 comments »

After 1 year of developing 2.1.x and 3.1.x brew devices and after witnessing the upcomming BREW MP software from Qualcom i’ve decided to give my BREW frustration it’s moment of glory.

So of all of ya guys that are not familiar and were brought up to the android\iphone age BREW stands for Binary Runtime Environment for Wireless and it’s been around for years, it was created nd is still maintained by Qualcom inc.
and wither this is the right plaform for you or if it’s a good\bad platform i’ll leave for the reader to decide, for my part i’ll just tell my story ;-)

So i worked in the LBS industry (Location Based Services) i ported our shared code to f\different devices and for one year my main goals was to write features and port and work and breath and breed just BREW platform applications.
So what is the BREW SDK for me really ? well i consider it to be C\C++ java, the SDK is pretty vast and cotains many features, from HTTP connections, to location services and even USB access on the device (though i’m not sure from which SDK version) but all in all, you have no real access (like symbian and WM and native code android) to the OS, you apps are first compiled to a binay, linked with the brew libraries using regualr linker (for arm that is) and then it’s changed to .mod file. You then need to get a signature file for your device and application (it’s hard binded to your IMSI) and you are pretty much done. like J2ME jad files BREW got a .mif file which is usually compiled from some form of JSON\XML file that was invented by Qualcom, in the old versions it was pure xml, today in brew MP i don’t know how to call it… » Read more: Brew yourself an applet… part#1

6 comments »

Posted in moblie development

Tags:

When open is not open (hint: not when it’s ajar ;-) )

July 11th, 2010 by codeScriber 1 comment »

If any of you know the old riddle, “when a door is not a door ?” -> when it’s ajar (a jar, ajar – wide open) knows the headline :-)
But what I’m to talk about is the final release of the 2.2 code, well I’m a bit late with the post it’s been published about 3 weeks ago i believe.
» Read more: When open is not open (hint: not when it’s ajar ;-) )

1 comment »

Posted in Android, misc, moblie development

Tags:

Two ways to walk a tree…

June 26th, 2010 by codeScriber 7 comments »

This is not a long post but it does wants to show another method to walk a tree unlike the conventional one.
I remember studying it in uni and using it i some of the exercises.

So what is the normal way to walk a tree ? using recursion or a stack (see previous post) to talk the tree Node by Node, in-order , post-order or pre order. If you use this method it Will take up to O(n) (worst case) space to walk a Binary tree B with n Nodes.
» Read more: Two ways to walk a tree…

7 comments »

Posted in algorithms

Tags:

untangling recrusions

June 26th, 2010 by codeScriber 2 comments »

Hi.
This supposed to be a trivial thing, but people who didn’t went to computer science study, who were converted from computer engineer or machine’s engineer probably need some strengthening.
So why did i remember this ? because of job interviews :-) not that it appears a lot but it helps understand the issues with recursions.

So I’ll start by explaining the big issue with recursion. I don’t like recursions, they are not so readable and are usually the most simple solution to a problem while there might be a simple iterative solution. Sometimes however the iterative solution is the bad one and the only probable solution is recursion. Not that you can’t do an iterative solution (8 queens sort for example) it will just look like recursion in the end, we’ll soon see how :-)

» Read more: untangling recrusions

2 comments »

Posted in algorithms

Theme Tweaker by Unreal