My name is Philipp C. Heckel and I write about nerdy things.

Blog


  • Jul 05 / 2013
  • 62
Android, Mobile, Security

How To: Sniff the WhatsApp password from your Android phone or iPhone

WhatsApp is a very popular SMS-like messenger for smartphones, but it’s unfortunately only available for smartphones right now. If you want to use other tools or write web applications that send or receive WhatsApp messages (e.g. WhatsAPI, was at https://github.com/venomous0x/WhatsAPI, site now defunct, July 2019), you have to find a way to sniff the WhatsApp password from your smartphone. Until recently, this password was just an MD5 hash of your IMEI (or MAC address), but that has changed when that was uncovered. Since then, the WhatsApp server assigns a password to each device/account when it first registers.

This tutorial demonstrates how to capture the WhatsApp password of your WhatsApp account using the SSL/TLS proxy mitmproxy. Once you have this password, you can use it to communicate with the WhatsApp servers directly or via a framework. This is the first part of a two-part tutorial. The second part demonstrates how to send and receive WhatsApp messages via PHP.

Continue Reading

  • Jul 01 / 2013
  • 68
Android, Linux, Security

How To: Use mitmproxy to read and modify HTTPS traffic

Capturing HTTP and HTTPS traffic on your own machine is quite simple: Using tools like Wireshark or Firebug, sniffing the local connections is only a matter of seconds. Capturing and/or altering the HTTP/HTTPS traffic of other machines in your network (such as your smartphone or other laptops) on the other hand is not so easy. Especially sniffing into SSL-secured HTTPS-connections seems impossible at first. Using mitmproxy, however, makes this possible in a very easy and straight forward way.

This small tutorial shows how to use mitmproxy to transparently sniff into and alter (!) HTTPS connections of your phone or other devices in your network.

Continue Reading

  • Jun 28 / 2013
  • 14
Linux, Scripting, Synchronization

Script: Run rsnapshot backups only once and rollback failed backups using rsnapshot-once

I use rsnapshot to backup all of my data to my HTPC and home server (the home partition, office documents and the root file system). While rsnapshot is not as shiny as other backup tools, it is very flexible and effective: rsnapshot is based on rsync and makes hardlink-based backups (like cp -al), i.e. backups that point to the same inode on the disk if a file in consecutive backups is identical (much like SIS in deduplication).

However, rsnapshot is meant to be triggered by cronjobs and is built for always-on server machines rather than for lid-open-lid-close-type machines like laptops: That means that rsnapshot must be scheduled to run at a certain time (no retries!) and is not prone sudden system shutdowns. Furthermore, it does not detect failures and simply leaves unfinished backups as if they were complete. That in turn leads to more disk space being used for the backups, because the last complete backup is not really complete.

I wrote a little helper script to fix exactly this behavior: rsnapshot-once makes sure that (1) rsnapshot is only called if a backup is necessary (once every 24h for ‘daily’, once ever 7 days for ‘weekly’, …) even if rsnapshot-once is called multiple times, and (2) that crashed/interrupted backup runs are rolled-back before starting a new backup run.

Continue Reading

  • May 20 / 2013
  • 3
Cloud Computing, Distributed Systems, Security, Synchronization

Minimizing remote storage usage and synchronization time using deduplication and multichunking: Syncany as an example

This post introduces my Master’s thesis “Minimizing remote storage usage and synchronization time using deduplication and multichunking: Syncany as an example”. I submitted the thesis in January 2012, and now found a little time to post it here.

The key goal of this thesis was to determine the suitability of deduplication for end-user applications — particularly for my synchronization application Syncany. As part of this work, the thesis introduces Syncany, a file synchronizer designed with security and provider independence as a core part of its architecture.

Continue Reading

  • Dec 07 / 2012
  • 33
Multimedia, Scripting

Script: Refresh the Fritz!Mediaserver DLNA Index of the Fritz!Box 6360 Cable

Some of AVM’s Fritz!Box routers allow connecting a USB device and use this device as a network attached storage (NAS) via Samba/SMB in the local network. In combination with the fact that the NAS can also be accessed from the Internet via FTP, and the multimedia files can be streamed to a TV via the Fritz!Mediaserver (using DLNA), it makes a pretty basic home entertainment system. I use it to automatically copy videos (YouTube, etc.) to the NAS from my virtual server, and then watch these with my Samsung Smart TV. It’s not as great as XBMC, but it works for now.

Unfortunately, the Fritz!Mediaserver (DLNA server) does not automatically refresh the index when media files are added via Samba/SMB or FTP (only if they are added via their web interface Fritz!NAS). It can be refreshed manually via the interface on fritz.box/storage/settings.lua. But, since I like to automate things, I made a little helper to automatically refresh the index.

Continue Reading

  • Jun 15 / 2012
  • 9
Cloud Computing, Linux, Scripting

Script: Your US proxy server in one minute using Amazon EC2

Many of the well known websites determine your location based on your IP address and restrict their content or functionalities based on the country you’re in. Some examples are Gmail (Germans get only @googlemail.com-addresses, legal reasons), YouTube (content is restricted by the GEMA), and Pandora (limited to US citizens) to name only a few. To circumvent these restrictions, being able to quickly get an IP address outside of your own country is most helpful.

To do exactly that I wrote a little script that will start your very own US proxy server in one minute using Amazon EC2. In combination with browser plug-ins such as FoxyProxy, the script enables you to route all your web traffic through a proxy on an Amazon-owned machine — with an IP address in the US, Ireland, Singapore, Tokyo or Sao Paulo (location of Amazon data centers).

Continue Reading

  • Jun 10 / 2012
  • 22
Android, Mobile, Programming

Android Example: Communication between Activity and Service using Messaging

I recently wrote my first little app for my Android smartphone and I was surprised how easy it was. Being familiar with regular Java, learning the new Android APIs was very simple for the most part. However, there was one thing that wasn’t particularly straight forward: communicating between an Activity, i.e. the user interface, and a background Service started by the application. After many hours, I found some sample code on Stack Overflow which I used to create a very generic reusable solution to start, stop and communicate with your own Service implementation.

Continue Reading