Ryan – Page 18 – Ryan Schulze

Disemvoweling

May 2, 2011May 13, 2013Ryancss, disemvoweling, javascript

Talk about weird words … ok, according to Wikipedia disemvoweling is the term for replacing or removing vowels from words. Commonly used as a tool for moderating. I’m pretty sure everyone has run across certain disemvoweled words on the internet like f*ck or sh*t. Anyway I went and made a pure html/javascript page that does just that, removes any vowels from an inputted text. The usefullness can certainly be argued, it was more for me to brush up on my javascript and css skills.

http://www.dopefish.de/projects/disemvoweling/

Virtualbox update

April 28, 2011Ryanubuntu, virtualbox

Anyone running Ubuntu as a Virtualbox guest is advised to update to Virtualbox 4.0.6 (+ the extensions) that was released today. Don’t forget to recompile the guest additions after upgrading to 4.0.6. Besides the usual stuff in the changelog, the update fixes a problem with screen resolution in Ubuntu 11.04. Since the Ubuntu update is just around the corner updating Virtualbox beforehand will prevent a bit of hassle.

Thanks for the free games @Valve

April 20, 2011Ryanarg, free games, portal2, potatoe, reward, valve

For the release of their latest game Portal 2, Valve went to great lengths marketing wise. They set up an “Alternate reality game” (ARG) with tips and puzzles hidden in 13 independent games (to promote indie games). Some of the games even added extra levels just for the ARG. Solving puzzles, finding passwords, and triggering special events led to the possibility to gain “potatoes” as a sign of progress. If all 36 potatoes were found in the 13 games involved players got a golden potato.

After the ARG was solved by the community, Valve added a countdown a few days before the release of Portal 2, allowing the community to get Portal2 to release early by collecting potatoes and (in the end phase) playing the 13 indie games.

Last Friday Valve announced in the official blog “There’s also still time to collect all 36 potatoes. Anyone accomplishing this feat by the time Portal 2 launches will receive a very special, non-hat-based reward.” An extra incentive for people to play the games involved and collect the potatoes. I spent most of the last days collecting all 36 potatoes, got the last one just hours before the deadline.

Today everyone with a golden potato got the reward, a valve complete pack and a copy of portal2. I’m honestly impressed. I never would have expected them to not only give out all their previous games ($100), but also a free copy of their latest game they just released yesterday ($50).

Impressive move Valve, even if I was irritated at buying the game on steam on pre-order and then seeing Amazon and Best Buy drop the price shortly before release by 10$, the ARG and the potatoes blew everything out of the water. So now I have a few copies of games I already owned to give out 🙂

captcha cracking

March 18, 2011May 13, 2013Ryan1 Commentcaptcha, gocr, linux, php

This is a pretty old posting from 2009 I just recently discovered in my “drafts” directory. Nowadays there are probably easier and more elegant ways of defeating a captcha, but for old times sake, here is my simple approach.
———————–

Eclectic and Marko were so kind as to “provide” me a captcha to play around with. Took me a few days of poking around and googling but in the end it was easier than I had thought. As long as there aren’t and logic errors in the code (e.g. bad or no session handling) you probably won’t get around some kind of OCR. As OCR software I decided to use gocr because it is free, runs under linux, and it is fairly easy to train to specific needs. Because I knew which libraries were being used to create the captcha images, it was possible for me to build a testing area. This just speeds things up a bit, the process would have worked just as well off the original website. First off: the spambot in action -> http://captcha.dopefish.de/spambot.php, and the website it accesses: http://captcha.dopefish.de/

Now I’ll describe the steps I took to defeat the captcha. Look at what happens on failed and successful inputs, first write a script that works if you enter the solution manually. I used the following 2 php functions for getting and posting stuff (and keeping the session intact)

$ch = curl_init();

function get_url( $ch, $url, $timeout = 5 )
{
    $url = str_replace( "&amp;", "&amp;", urldecode(trim($url)) );

    $cookie = tempnam ("/tmp", "CURLCOOKIE");
    curl_setopt( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1" );
    curl_setopt( $ch, CURLOPT_URL, $url );
    curl_setopt( $ch, CURLOPT_COOKIEFILE, $cookie );
    curl_setopt( $ch, CURLOPT_COOKIEJAR, $cookie );
    curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
    curl_setopt( $ch, CURLOPT_ENCODING, "" );
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
    curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
    curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );    # required for https urls
    curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, $timeout );
    curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout );
    curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
    $content = curl_exec( $ch );
    $response = curl_getinfo( $ch );

    return array( $content, $response );
}

function post_url( $ch, $url,  $postvars, $timeout = 5 )
{
    $url = str_replace( "&amp;", "&amp;", urldecode(trim($url)) );

    $cookie = tempnam ("/tmp", "CURLCOOKIE");
    curl_setopt( $ch, CURLOPT_POST ,1);
    curl_setopt( $ch, CURLOPT_POSTFIELDS , $postvars);
    curl_setopt( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1" );
    curl_setopt( $ch, CURLOPT_URL, $url );
    curl_setopt( $ch, CURLOPT_COOKIEFILE, $cookie );
    curl_setopt( $ch, CURLOPT_COOKIEJAR, $cookie );
    curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );
    curl_setopt( $ch, CURLOPT_ENCODING, "" );
    curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
    curl_setopt( $ch, CURLOPT_AUTOREFERER, true );
    curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false );    # required for https urls
    curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, $timeout );
    curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout );
    curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );
    $content = curl_exec( $ch );
    $response = curl_getinfo( $ch );

    return array( $content, $response );
}

$ch = curl_init();

function get_url( $ch, $url, $timeout = 5 )

{

$url = str_replace( "&", "&", urldecode(trim($url)) );

$cookie = tempnam ("/tmp", "CURLCOOKIE");

curl_setopt( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1" );

curl_setopt( $ch, CURLOPT_URL, $url );

curl_setopt( $ch, CURLOPT_COOKIEFILE, $cookie );

curl_setopt( $ch, CURLOPT_COOKIEJAR, $cookie );

curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );

curl_setopt( $ch, CURLOPT_ENCODING, "" );

curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );

curl_setopt( $ch, CURLOPT_AUTOREFERER, true );

curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls

curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, $timeout );

curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout );

curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );

$content = curl_exec( $ch );

$response = curl_getinfo( $ch );

return array( $content, $response );

}

function post_url( $ch, $url, $postvars, $timeout = 5 )

{

$url = str_replace( "&", "&", urldecode(trim($url)) );

$cookie = tempnam ("/tmp", "CURLCOOKIE");

curl_setopt( $ch, CURLOPT_POST ,1);

curl_setopt( $ch, CURLOPT_POSTFIELDS , $postvars);

curl_setopt( $ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1" );

curl_setopt( $ch, CURLOPT_URL, $url );

curl_setopt( $ch, CURLOPT_COOKIEFILE, $cookie );

curl_setopt( $ch, CURLOPT_COOKIEJAR, $cookie );

curl_setopt( $ch, CURLOPT_FOLLOWLOCATION, true );

curl_setopt( $ch, CURLOPT_ENCODING, "" );

curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );

curl_setopt( $ch, CURLOPT_AUTOREFERER, true );

curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, false ); # required for https urls

curl_setopt( $ch, CURLOPT_CONNECTTIMEOUT, $timeout );

curl_setopt( $ch, CURLOPT_TIMEOUT, $timeout );

curl_setopt( $ch, CURLOPT_MAXREDIRS, 10 );

$content = curl_exec( $ch );

$response = curl_getinfo( $ch );

return array( $content, $response );

}

Now train a gocr database for the images. Obviously it get’s better the more you train it.
Since curl is taking care of session handling, we can use the get_url() function for downloading the captcha image. I pipe it through this shell command to make it easier for gocr to read:

convert \
-quality 100 \
-blur 0.7 \
-level 9%,60%,100.0 \
-monochrome \
-negate \
-blur 0.1 \
-gamma 1 \
-depth 8 \
-compress none \

convert \

-quality 100 \

-blur 0.7 \

-level 9%,60%,100.0 \

-monochrome \

-negate \

-blur 0.1 \

-gamma 1 \

-depth 8 \

-compress none \

It turnes this:

into this:

Since the valid captcha result is always the same length, we can check if gocr matched all the chars. If it looks good we can use post_url() to continue our session and throw all the fields at the form and submit it. See, wasn’t that hard. Most of the time is spent training gocr and converting the image into something easier to read. It doesn’t solve 100% of the images, more like 80-90%, but still better than nothing ;-).

Wireless bridge & dd-wrt

March 18, 2011March 18, 2011Ryan1 Commentasus, bridge, dd-wrt, firmware, lan, linux, tftp, wifi, wireless, wlan

I recently bought the WL-330gE_M from Asus. It is a pair of access points pre-configured to bridge 2 LAN networks via wireless, all you have to do is take them out of the box and plug them in, straightforward and simple, no configuration needed. They are intended to enable hooking up devices to the internet that don’t have wireless and without pulling cables through the house (e.g. dvd player, TV, cable box, …).

The package arrived last week and it was a matter of minutes plugging the devices in and having everything working. Everything worked without any setup, took me longer to get them out of the box than to hook them up.

Unfortunately our network storage (NAS) is also on the other end of this wireless bridge, and I noticed that when I move large files around (>2GB) or while streaming video/audio off the NAS the connection was dropping out. I don’t mean “ups and downs in the speeed” that is to be expected over wireless, I mean “connections resetting, copy actions aborting with error messages”. Not fun. Unfortunately since the devices are geared toward the “no configuration necessary, just unpack and hook up” crowd, there is no webinterface to see a syslog of what is happening or changing settings. Nada.

After this happening a few times it got really frustrating. I can live with slow, but connections dropping is out of the question. My original plan was to just reset the devices, flash them with a WL-330gE firmware and reconfigure the bridging (the only difference I could find was that the WL-330gE_M is black and not white, and comes preconfigured, and probably has a slightly different firmware without management capabilities). While I was looking at different options and possibilities I went over to dd-wrt and happily saw that the WL-330gE was supported in the router database. So I decided if I was going to mess around with firmware, I could just as well throw dd-wrt on it.

Even though I am a system administrator, I don’t have the urge to have every device in the house running on Linux with a shell I can ssh in to. I’m perfectly fine with a simple interface that does what I want it to. But the wireless settings I can fine tune in dd-wrt are priceless (especially since I wanted to debug and fix the connection dropouts), normally you only get these options with cisco grade hardware.

The firmware upgrade process of the devices is simple and straightforward. Pull and reapply power with the reset button pressed until the power LED starts flashing, then shove the new firmware onto the device via tftp. Either with the “Firmware Restoration” tool from asus, or with a normal tftp client. I used later. Since this is so straightforward I guess I could also switch over to the official firmware if I wanted to, making two WL-330gE out of the WL-330gE_M pair (saves money since the pair is cheaper that buying two separately).

When in recovery mode (waiting for someone to tftp a new firmware onto it), the device has the IP 192.168.1.220 by default. This is just a rough summary of the steps, anyone wanting to do this should really read through the whole process of deploying dd-wrt with asus, there is important information there (even if the example is a WL500, the WL330 is similar). Just because it worked for my hardware,firmware,setup doesn’t mean you have the same hardware or are deploying the same version I did. Read the dd-wrt documentation before you brick your device.

Clear current settings from the nvram:

# tftp 192.168.1.220
tftp&gt; mode binary
tftp&gt; put wl500g-clear-nvram.trx

# tftp 192.168.1.220

tftp> mode binary

tftp> put wl500g-clear-nvram.trx

Wait 5 min, reboot into recovery, throw a dd-wrt firmware on the device ( I used DD-WRT v24-sp2 (08/12/10) mini – build 14929, standard works fine too).

# tftp 192.168.1.220
tftp&gt; mode binary
tftp&gt; put dd-wrt.v24_mini_generic.bin

# tftp 192.168.1.220

tftp> mode binary

tftp> put dd-wrt.v24_mini_generic.bin

Wait 5 mins, reboot and open http://192.168.1.1 To be on the safe side feel free to navigate to Administration -> Factory Defaults to make sure no junk was left behind. To get bridging configured there are multiple possibilites depending on your needs. For plain LAN bridging you will probably want WDS or one device setup as a AP and the second as a Client Bridge (I used the latter option). One thing you will want to do is go to Setup -> Networking and set the WAN port to “disabled” since the device only has LAN and Wireless.

The rest is fairly ease, set up one device as an AP, chose WPA2 with a good long strong PSK. After testing if the AP works with e.g. a laptop, you can set up the 2nd device as a Client Bridge, just make sure you are on the same channel, same SSID, same security settings. After everything is up and running now would be a good time to pull backups from the configuration. Might as well tweak around in the wireless advanced settings. If you mess up anything badly enough that it won’t connect again … well that is why you made the configuration backups 😉

As you probably guessed by now, the connection drops are gone, connection is smooth and stable. Peak speed is not quite as fast as before because I throttled some things and tweaked settings for stability, but still good. Turning the TX antenna output power from 71 down to 65 helped a lot and got the maximum out of the connection (probably less crap pulling my SNR down). And now I can see what the access point is doing and where problems are when they arise 😉