After this article last week started to read his work (some available here https://www.peterputnam.org/) What a life, what a character.

Could you share "C:\\Users\\Daniel\\Documents\\Programming\\AMAbotData.txt" as well or it is not neccessary to run the bot?

Presumably that's the large dataset he was referring to.

Ok I added it and removed some of the stuff that was configured specifically for me. It should work. Please report any and all issues. I'm not sure if javascript supports local filepaths so you might need to edit it.

inside their dmg file: -rw-r--r-- 1 buddha staff 163840 Jul 21 2014 password_pro.sqlite

sqlite> .tables pwd sqlite> .schema pwd CREATE TABLE "pwd" ("password" TEXT NOT NULL ); sqlite> SELECT * FROM pwd; a30e502c125899a41cb562a7a36b4bd0 c58675db0ba9266fb5307982e4368ab0 5631e619f6e280c0740704a25a8298f6 ...

i don't know how they are using this pwd, but seems like a good starting point.

Fun stuff. classes.dex in the apk has some interesting strings:

    select * from js_injection where name=?
    select * from pwd where hid>=? and hid<? order by hid

    CREATE TABLE IF NOT EXISTS local_ap_info ( hid integer primary key autoincrement, ssid text, bssid text, security_level text,
     pwd text, x_user text, x_pwd text, stat text, lati text, longi text, type text, html text, create_dt text, last_update_dt text)
	
    CREATE TABLE IF NOT EXISTS private_ap_info(ID integer primary key autoincrement,ssid text,bssid text,security_level text,
     pwd text,hid text,create_dt text,last_update_dt text,last_update_opr text,wkflg char(8))
	
    CREATE TABLE IF NOT EXISTS unlock_ap(id integer primary key autoincrement,ssid text,bssid text,security_level text,
     pwd text,uploaded integer(1))

Cleaned up your sqlite commands:

    sqlite> .tables
    pwd
    sqlite> .schema pwd
    CREATE TABLE "pwd" ("password" TEXT NOT NULL );
    sqlite> SELECT * FROM pwd;
    a30e502c125899a41cb562a7a36b4bd0 c58675db0ba9266fb5307982e4368ab0 5631e619f6e280c0740704a25a8298f6 ...
	

Looks like it may not be fully seeded on install?

Edit:

Getting a different result for the database in the apk:

    $ sqlite3 ap8.db 
    SQLite version 3.8.10.1 2015-05-09 12:14:55
    Enter ".help" for usage hints.
    sqlite> .tables
    android_metadata  ap_info           js_injection      pwd             
    sqlite> .schema pwd
    CREATE TABLE pwd(hid integer primary key autoincrement,pwd text);
    sqlite> select * from pwd;
    1|df5b74fb19b8b150bcf07bbb4e43456d
    2|a1b574f8cf46c461f1e15fa52e3b2110
    3|c8c28c03de3e02d7814d86b14dfcf1f5
    4|7635726149e6d0f0e8f3e9224b8109dc

Most "pwd" are 32 chars long, some are 64 chars, and a few are 96 chars for some odd reason.

ap_info, and js_injection tables are empty so you'd have to get at it after syncing to their servers.

Dumped - http://pastebin.com/YnKkA4DA

This from the ap8.db from the Android download. I didn't want to install this piece of shit on a real phone, the source does update and get a newer version.

This was an easy CTF.

They change depending on the auth type (WEP vs WPA vs WPA2-PSK vs WPA2-Enterprise). It'll be a day or two before someone manages to decrypt the DB. I'd have a crack at it if I had more time.

My money's on AES256 ECB mode.

    aload 0    // this
    LDC "AES/CBC/NoPadding"
    invokestatic javax/crypto/Cipher.getInstance(java/lang/String) : javax/crypto/Cipher
    putfield com/snda/wifilocating/support/c.c : javax/crypto/Cipher

Nope.

CBC sizes would go 32, 48, 64

it's not about pure tcp, as i get it - it allows you communicate from browser directly (via webtcp server as a bridge) with any servers such as redis, mongodb, rabbitmq and so on.

WebBrowser --- data ---> WebTCP bridge (translate data to servers) --- data ---> redis/rabbitmq/any_tcp(and i think udp also possible?)_server_even_smtp

2010, Certificate verification is essential to TLS.

require 'always_verify_ssl_certificates' AlwaysVerifySSLCertificates.ca_file = "/path/path/path/cacert.pem"

http= Net::HTTP.new('https://some.ssl.site, 443) http.use_ssl = true req = Net::HTTP::Get.new('/') response = http.request(req)

http://www.rubyinside.com/how-to-cure-nethttps-risky-default...

Where wizards stay up late. The origins of the INTERNET.

looks like they nginx runs on their cubieboard =)

Btw, BDTI Benchmark Results for the ARM Cortex-A8 http://www.bdti.com/Resources/BenchmarkResults/Processors/Co...

thanks, also recommend to read "What do people find difficult about C pointers?" http://stackoverflow.com/questions/4025768/what-do-people-fi...

I never really had much of a problem with the syntax, but the point at which the behavior of pointers really clicked for me (after a night of many segfaults of course) was when I realized that when you pass a pointer to a function, you're sending a copy of that pointer, just like with any other primitive type. E.g:

    void foo(int *p)
    {
        /* assignment won't be persistent after foo() returns; need to send **p */
        p = (int *)malloc(1024 * sizeof(int));
    }

Not sure why my brain had decided to make an exception for pointers for the rule that all variables are passed as copies when I first learned C, but after that I never had any problems.

I experienced the same frustration. The exercise that gave me the "ah-ha!" moment I needed was prepending to a linked list via the head instead of the tail: You need to pass the address of `head` into the function so that the new head is reflected in the calling environment when you say `head = np`.

... or have the list operation return the new list head, which can make it way cleaner. See glib's list APIs, for instance.

Well I was simply meeting exercise requirements, which aren't necessarily the most practical.

Just like any other type. Everything is passed by value in C. Everything.