AltSci Blog

Quequero recently reverse-engineered RootSmart Android Malware which explains a facet of Android malware.

Dinesh Shetty walks through reverse-engineering a piece of Android malware in Demystifying Android Malware.

Please check out the reverse-engineering tag.

JD-GUI is the best decompiler. It's easy to use and works well.

JAD Java Decompiler is no longer under development.

Jan 23, 2012

Some things require no explanation. Some things do. Today isn't the day for a cryptic blog post, so I'll get right to it. AltSci's SSH shell service is unavailable to most users due to an unpatched Local Root Vulnerability in the Linux Kernel. I tested it on my machine at home and it works. That will teach me to upgrade my kernel regularly. =[ The explanation of the vulnerability is incredibly good and the timing could not be much better. If you have a shell that has a new kernel, you should know about this.

I've been working diligently on a SIP softphone, BikeIM. The simplest explanation is that it is a competitor to Skype. Skype has several features that version 1.0 of BikeIM will not: a GUI, video support, a directory, SkypeIn, and SkypeOut. So without all these killer features, how do I expect to compete? Linphone, Ekiga, and Jitsi are Open Source competitors to Skype that have most or all of the features that Skype does. Many people use these tools in place of Skype. My reason for writing my own is to be able to trust the code. Instead of writing my own softphone, I could pen test or code review one or all the open source softphones, but when I found bugs, I would go through the process of writing it up, getting the developers to patch, and getting people to upgrade. That process is not as difficult as writing software, but the end result is a handful of CVEs at best. The reward for reviewing and testing open source software is good software for everyone. The reward for writing good open source software is good software for everyone. When I started writing code in July 2011, I evaluated Linphone, Pidgin, and Ekiga. Linphone and Pidgin didn't work for me, and Ekiga had issues that I could not accept (despite working quite well). It's possible that Linphone has improved, but I do not think that Pidgin or Ekiga have changed. VoIP is a strange example of Open Source innovation: multiple well-designed systems all using open protocols but with reliability that is suspect in my opinion. Asterisk is a perfect example of how an Open Source project can grow too quickly for its own good. Asterisk has had so many vulnerabilities in the past 6 years that they have become famous for their flaws. The problem with Asterisk is that the code base is increasing in size by implementing unnecessary features without proper code review and testing. This is a recipe for disaster and the size of their project should daunt even their most staunch supporters. But Open Source is not alone, closed source VoIP software works, but all have serious reliability issues. If you've ever had the stuttering effect on Skype, you know what I mean. Not only will BikeIM be reliable and Open Source, it will grow as times goes on. I plan to use it in place of a home phone and will leave it on all my systems. Version 2.0 should have a GUI for those who prefer. I hope that my work will inspire Open Source VoIP projects to increase their testing to ensure reliability and quality. Even if they can't afford professional security experts, they can appeal for help. Since my project will also be Open Source, they will have the choice of copying any improvements I make and visa-versa. That's just how we roll.

It's been a month since I went to Brasil. I am planning on going back, learning as quickly as I can. It's likely that I won't be able to make it back until next winter, but I will plan on it. I need to stay in touch with the friends I made over there. There are many conferences that I can attend to make my stay work-related, but the plane ticket is my main expense. I'm planning on keeping my Brasilian telephone number and giving it to my friends so that they can call me for cheap or free. Of course they can call me on Skype for free as well. We're lucky that we live in such a well-connected society, it's just up to us to stay in touch.

A video I watched today said that Vila Prudente is a favela. I actually visited that neighborhood while I was there and didn't think it was a favela. If that is the definition of a favela, then my eyes deceive me. Certainly the neighborhood may be much poorer than some of the neighborhoods I visited, but it looks quite beautiful (see the street view if you want to know what I mean). Maybe that is the definition of the favela, poverty in a beautiful place. It didn't connect with me that there would be any crime in that neighborhood. The video is about how the residents are getting people involved with documentary films.

What's new with me? Well, since I'm back in Seattle, I may start up yet another blog at blog.altsci.com (not started yet) which will keep a little more info on my day to day and will collect all the other blogs. One problem I have is that I have too many blogs. In one way it's good to separate topics but on the other hand most people who visit my blog are looking for me rather than my topic. I would love to attract more people interested in my subject matter but maybe I should post more subject matter. I can do that.