stevemilner.org Blog

Hello x-wap-profile I Didn't Notice You There @ Aug. 31, 2010, 11:41 p.m.
Filed under: Code Tech Security Python
After reading about some of the stupid that some mobile companies do when proxying their mobile traffic I decided to look at what my phone gave up. Luckily I didn't find anything way out there in the headers but I did find out about a header I didn't know about: x-wap-profile.

Before I continue let me say that I didn't find anything new :-). This is simply my own 'oh wait, what is this?' moment when playing with my phone.

The contents of the header had a URL. In my case it was http://device.sprintpcs.com/HTC/APA9292KT/latest. To my sadness it is an XML document. XML is the overly chatty great grandmother of modern markups. It doesn't understand why why you don't understand it half the time. It also smells funny. Anyway, after a bit of python I could read the XML in a more human friendly form: YAML. Note, this is some ugly and inefficient code but it was written to nicely see the data ....

#!/usr/bin/env python
"""
Terrible but works way to find out info about mobile clients.
"""
import re
import sys
import urllib
import yaml

from lxml import etree


rx = re.compile('\{.*\}')
no_tabs = re.compile("[\t\n]*")
no_li = re.compile('li ')

xml = etree.XML(urllib.urlopen(sys.argv[1]).read())

results = {}
prev_key = None

for ele in xml.iter():
    if type(ele.tag) is type(""):
        tag = rx.sub('', ele.tag)
        text = no_tabs.sub('', str(ele.text))
        if tag == "Bag":
            continue
        if tag == "li":
            try:
                results[prev_key].append(text)
            except:
                results[prev_key] = []
                results[prev_key].append(text)
        else:
            prev_key = tag
            results[tag] = text
print yaml.dump(results, default_flow_style=False)

The code simply snags the XML from the URL and then uses some ugly parsing/hacks to transform it. Here is the output from my phones header:

$ python wtf.py http://device.sprintpcs.com/HTC/APA9292KT/latest
AcceptDownloadableSoftware: 'Yes'
AdvertisingCapable: N/A
AntiSpam: 'No'
AntiSpamVendor: N/A
AntiVirus: 'No'
AntiVirusVendor: N/A
AudioCodecsForDecoding:
- mp3
- aac
- aac+
- eaac+
- amr-nb
- amr-wb
- qcelp
- wma
- evrc
- midi
AudioCodecsForEncoding:
- AMR-NB
- QCELP
AudioInputEncoder:
- gzip
- deflate
AudioJack: 3.5mm
BitsPerPixel: '16'
BrowserName: Android Browser
BrowserPortalVersion: ''
BrowserVersion: Eclair 2.0
CPU: ARM11
CamcorderResolution: 1280x720
CamcorderZoomCapable: 'Yes'
CameraBuiltInFlash: 2x power LED
CameraHighestImageResolution: 3624x2488
CameraMegaPixels: 8M
CameraZoomCapable: 'Yes'
CcppAccept:
- application/vnd.oma.drm.rights+xml
- application/ogg
- application/smil
- application/vnd.oma.drm.message
- application/vnd.wap.mms-message
- application/vnd.wap.multipart.alternative
- application/vnd.wap.multipart.mixed
- application/vnd.wap.multipart.related
- application/vnd.wap.sic
- application/vnd.wap.xhtml+xml
- application/vnd.oma.dd+xml
- application/java-archive
- audio/aac
- audio/amr
- audio/imelody
- audio/mid
- audio/midi
- audio/mp3
- audio/mpeg3
- audio/mpeg
- audio/mpg
- audio/x-mpeg3
- audio/x-mpeg
- audio/x-mpg
- audio/x-mid
- audio/x-midi
- audio/x-mp3
- image/gif
- image/jpeg
- image/jpg
- image/png
- image/vnd.wap.wbmp
- video/mpeg4
- video/mp4
- text/plain
- text/html
CcppAccept-Charset:
- ISO-10646-UCS-2
- ISO-8859-1
- US-ASCII
- UTF-8
CcppAccept-Language: ''
ColorCapable: 'Yes'
CommerceCapable: N/A
ConnectionManagerVendor: N/A
ConnectionManagerVersion: N/A
DataNetworkTypes:
- IS2000
- EVDO
- WiMax
- WiFi
Description: ''
DeviceIdentifierType:
- MEID
DeviceType: Android Touch
DiagnosticsClientVendor: CIQ
DiagnosticsClientVersion: 3.2.18
DiagnosticsProtocolVersion: 3.2.18
DownStreamBufferSize: None
DownloadableBrowserApps:
- 'No'
DownloadableSoftwareSupport:
- application/java-archive
EmailCapable: 'Yes'
EmbeddedApplicationsCapable: 'Yes'
ExternalMemoryMaxSize: 32GB SDHC
ExternalMemorySlot: 'Yes'
FirmwareVersionWiMAXRadioModule: 4.6.2.1 build22766
FixedVoIPCapable: 'No'
FotaClientVendor: SmithMicro
FotaClientVersion: ''
FotaProtocolVersion: 1.5.1
FramesCapable: 'Yes'
GLMSClientVendor: ''
GLMSClientVersion: ''
GLMSProtocolVersion: ''
GPSChipsetModel: '8650'
GPSChipsetVendor: Qualcomm
GamingCapable: 'Yes'
HardwareVersion: '1.0'
IMVideoCallingCapable: 'No'
IOTAProtocolVersion: N/A
ImageCapable: 'Yes'
InputCharSet:
- US-ASCII
- UTF-8
- ISO-8859-1
- ISO-10646-UCS-2
IntelligentSearchCapable: 'Yes'
JVMVersion:
- N/A
JavaAppletEnabled: 'Yes'
JavaEnabled: 'No'
JavaPlatform:
- N/A
JavaScriptEnabled: 'Yes'
Keyboard: TouchKeypad
LBSCapable: 'Yes'
MI-UICapable: ''
MI-UIVersion: ''
ManufacturerWiMAXRadioModule: SEQUANS
MobileOriginatedSmsSupport: 'Yes'
MobileTVORVODCapable: 'Yes'
Model: '9292'
ModelWiMAXRadioModule: SQN1210
MultimediaEncoder: Qualcomm Qcamcorder
MultimediaEncoderDisplaySize:
- '800x480 '
- '640x480 '
- '320x240 '
- '176x144 '
- 128x96
MultimediaEncodingSupport: ''
MultimediaFileFormatForDecoder:
- MPEG4
- 3GP
- 3G2
- AAC
- AMR
- MID
- MP3
- WMA
- WMV
MultimediaFileFormatForEncoder:
- MPEG4
- 3GP
- 3G2
MultimediaMaximumBitRateForEncoding: 5000 kbps
MultimediaMaximumBitRateForPlayback: 5000 kps
MultimediaMaximumBitRateForStreaming: 1200 kbps
MultimediaMaximumFrameRateForEncoding: 24 fps
MultimediaMaximumFrameRateForPlayback: 30 fps
MultimediaMaximumFrameRateForStreaming: '30 fps                '
MultimediaPlaybackSupport: ''
MultimediaPlayer: 'Yes'
MultimediaStreamingSupport: ''
MultimediaVideoDisplaySize:
- '800x480 '
NavigationSupport:
- Touch Screen
NumberOfSoftKeys: '0'
OMADMCapable: 'Yes'
OMADMVendor: SmithMicro
OMADMVersion: '2.0'
OSName: Android
OSVendor: QUALCOMM
OSVersion: QSD8650/Eclair
OnDemandCapable: ''
OnDemandVersion: ''
OutputCharSet:
- US-ASCII
- UTF-8
- ISO-8859-1
- ISO-10646-UCS-2
PictureMailSupport: 'Yes'
PixelAspectRatio: 1x1
PreferenceForFrames: 'Yes'
PssVersion: 3GPP-R6
Push-Accept:
- text/plain
Push-Accept-AppID:
- None
- None
Push-Accept-Encoding:
- base64
Push-MsgSize: '4096'
RDF: ''
RadioCapable: 'yes'
ScreenSize: 480x800
ScreenSizeChar: 25x21
SecuritySupport:
- SSL-3.0
- TLS-1.0
Seq:
- en-us
- es-us
SoftwareNumber: 3.26.651.6
SoundOutputCapable: 'Yes'
SprintMcdVersion: 3.5.4
StandardFontProportional: 'Yes'
SupportedApplications:
- Album
- Browser
- Calculator
- Calendar
- Camcorder
- Camera
- Dialer
- FlashLite Plug-in for Browser
- Footprints
- HTC Sync
- Lock Screen
- Mail
- Messages
- Microsoft Exchange ActiveSync
- Music (integrate with Ringto Trimmer)
- OOBE
- PDF Viewer
- People
- Quickoffice
- Settings
- Social Network
- Stocks
- Windows Media Streaming Player
- Teeter
- Voice Recorder
- Weather
- World Clock
- Amazon MP3
- Sprint Navigation
- Remote Diagnostic
- Sprint TV
- NFL
- NASCAR
- Voice Dialer
- Visual Voicemail
SupportedBearers:
- IS2000/rel0
TablesCapable: 'Yes'
TextInputCapable: 'Yes'
TotalDeviceFlash: 1GB ROM
TotalDeviceMemory: 512MB RAM
UpStreamBufferSize: None
VOIPAnalogJacks: ZERO
Vendor: HTC
VideoCodecsForDecoding:
- MPEG4 simple profile
- H.263 Profile 0
- H.264 Baseline
- Motion-JPEG
VideoCodecsForEncoding:
- MPEG4
- H263
VideoMailSupport: 'Yes'
VoiceChatCapable: 'Yes'
VoiceInputCapable: 'Yes'
WapDeviceClass: C
WapVersion: '2.0'
WmlDeckSize: ''
WmlVersion:
- None
XhtmlModules:
- Mobule-based XHTML W3C Recommendation
XhtmlVersion: XHTML-Basic/1.0
component: ''
type: None

After seeing all this information a few things came to mind. The first was not all the data was correct. For instance the OS version is wrong, The second was that it seems like a lot more information than should be shared by simply browsing a site. When browsing with a desktop/laptop/netbook you give up some information. For instance, the machine I'm using right now reports up that I'm using Linux on an x86_64 machine with the Chromium browser. Obviously, the phone gives up a lot more information. It states that (by default) the device has no antispam or antivirus. It also states the kinds of networks which can be used, versions of hardware components, hardware specs and even default installed applications (many which can not be removed). I don't know about you but this is more info than I like to give to sites I'm simply browsing. What if a vulnerability is found in one of those default apps which can be triggered via the browser or through downloads? What if the browser itself is vulnerable if it can decode certain formats? What if someone hard codes debug credentials in a certain software/firmware version? etc... It seems like this is a near perfect source of information for tailoring smart drive by exploits with.

If you want to look at other profiles see google search.

digg it

seed it

del.icio.us

ma.gnolia
Comments: 0 Tags: Code Tech Security Python

Python RPM Specs Needing a Loving Home @ June 22, 2010, 4:37 p.m.
Filed under: Linux Code Tech Fedora Python
I found myself in need of some (currently) unpackaged python libraries and tools so I decided to do some quick packaging. If you are using these libraries (or want to) on a Fedora, RHEL or CentOS system and want to start packaging in Fedora then one of these could be an easy jumping in package. Note that they are not perfect so they still need a bit of love before getting them approved but it's (slightly) easier than starting from scratch!

django-picklefield.spec: provides an implementation of a pickled object field
python-amqplib.spec: Client library for AMQP
python-anyjson.spec: Wraps the best available JSON implementation available in a common interface
python-billiard.spec: Multiprocessing Pool Extensions
python-carrot.spec: AMQP Messaging Framework for Python
python-importlib.spec: Backport of importlib.import_module() from Python 2.7
python-celery.spec: task queue/job queue based on distributed message passing (requires all of the above)

digg it

seed it

del.icio.us

ma.gnolia
Comments: 0 Tags: Linux Code Tech Fedora Python

Changelog Format @ June 14, 2010, 10:06 p.m.
Filed under: Code Tech Frustration Fedora
This has been bugging me fore a while. Many projects and products have a changelog. It's great! We can see in a file what changes have been made from release 1 to release 2. Wouldn't it be great to watch an upstream changelog file and use something like Buildbot that would trigger a build on a new release. Then my brain started working. It told me that humans are much better at parsing information provided in different textual formats or markups. Let me explain ....

Let's take a look at the victims project. Even though victims doesn't have a special changelog, we will follow the general scm changelog information. Victims has a changelog like so:

2010-05-20  Steve 'Ashcrow' Milner  

        * setup.py:
        added archivers module to the setup script
        [4cd8f0133b44] [tip]

2010-05-18  Steve 'Ashcrow' Milner  

        * README, src/victims/__init__.py, src/victims/archivers/__init__.py:
        rpm is now listed as a useable archive closing #8
        [e71ad437f9f4]

Based off this information we can easily create a parser! We care about the date, author/email, description and the release (tag). Through the magic of a little bit of regex the following works decent enough ...

(\d{4}-\d{2}-\d{2})  (.*)  <(.*)>\n\n.*:\n[ ]*(.*)\n[ ]*(.*)

Now we can parse changelogs! Yay! Oh, but then our brain explodes in fear since this is not the only project out there. Surely everyone uses the same format! Let's use nmap as a second project example.

# Nmap Changelog ($Id: CHANGELOG 18109 2010-06-14 18:48:07Z drazen $); -*-text-*-

o [NSE] Added additional vulnerability checks to smb-check-vulns.nse. These checks
  are intrusive and have MS06-025, MS07-029 designations.
  
o [NSE] Added dns-cache-snoop.nse by Eugene Alexeev. This script does
  cache snooping by either sending non-recursive queries or by measuring
  response times.

Well that isn't so bad! With a little regex we could ... wait ... if I have to do this twice with two different projects am I going to need to do this many, many more times before I create Skynet^H^H^H^H^H^Han uber parser smart enough to figure out what accent, dialect, markup, etc.. a changelog may be in? It sure seems that way!

This is when another thought entered by brain (TWO IN ONE DAY!!!): Surely someone else has thought of this. There must be a commonly used format that shares this information for easy inclusion. As it turns out, I could only find one format for this and it doesn't exactly match. The project I'm talking about is doap. While the project does seem interesting, it seems to focus more so on information about a project and it's services and not so much about project releases and changes that have happened between those releases.

Long story long .... am I out of luck? Is there not a format in the works to deal with release information such as this in an open way? If there really isn't, is anyone interested in creating a format? It seems to me that this would be quite useful for package maintainers, system administrators and developers. Hit me up on identi.ca or twitter if you know or a format or want to chat about what one would look like.

digg it

seed it

del.icio.us

ma.gnolia
Comments: 0 Tags: Code Tech Frustration Fedora

Updated Mercurial Config @ June 3, 2010, 8:02 p.m.
Filed under: Code Tech
I've really taken a liking to using Mercurial for version control. I figured it was about time to post my updated personal config (~/.hgrc)!


[ui]
username = Steve 'Ashcrow' Milner 
editor = vim

[extensions]
hgext.convert =
hgext.graphlog =
hgext.gpg =
hgext.schemes =
hgext.patchbomb =
color =
mq =
bookmarks =
pager =
inotify =
rebase =

[pager]
pager = less -R

[diff]
git = True

[alias]
blame = annotate -uln

[smtp]
# removed ;-)

digg it

seed it

del.icio.us