Tuesday, June 30, 2009

Adam Boulton's Java HSBC API - No, not the payment gateway!

So, I have finally got round to setting up the HSBC Java API (some of you may remember my posts from months back mentioning my personal project I was working on HSBC Bank account aggregation). Writing this API has been a personal project of mine which has been on and off for a while now due to other committments. The idea behind this API is that it easily allows you to access your UK HSBC accounts and transaction history. I have so far found it useful for tracking my expenditure (by grouping transactions) and using it for notifications about the most recent transaction to be processed on my account. I am sure many developers will find this project interesting and will find many interesting ways to incorporate it into their applications.

I have finally started a Google code project......



Posted by Adam Boulton at 1:07 PM 0 comments

Java PDF Library

I have been playing around with extracting data from PDF files. Apache PDF Box looked pretty promising but unfortunately it is far behind some of the others that are available. iText is a mature library but lacks the ability to extract information (it is actually a PDF creator). I was very impressed by the work done by LAB Asprise!. It took minutes to understand their impressive API and start coding. The parsing is fast, and so far appears accurate. The library is also extremely small for the abilities it provides (just over 3MB). If you are looking for a powerful Java API for processing PDFs then I strongly recommend it. Here is a code sample for extracting text (taken from their site). The code clearly demonstrates how much of an awesome job these guys have done....

PDFReader reader = new PDFReader(new File("my.pdf"));
reader.open(); // open the file.
int pages = reader.getNumberOfPages();

for(int i=0; i < pages; i++)
{
String text = reader.extractTextFromPage(i);
System.out.println("Page " + i + ": " + text);
}
Posted by Adam Boulton at 8:06 AM 0 comments

Thursday, April 9, 2009

Security Assessing Java RMI Slides

There has been alot of interest lately in RMI security and people trying to hunt down my slides from the presentation I did at OWASP. The slides can be found here.
Posted by Adam Boulton at 12:11 AM 2 comments

Wednesday, March 25, 2009

Editing webpages with JavaScript snippet

So, most of you will no doubt know that you can execute JavaScript from the URL bar and how useful it can be. For example, you could view the text is password fields which has proved to be useful on several occassions (alert document.form1.passwordField.text) . An interesting JS snippet I came across was:

javascript:document.body.contentEditable='true'; document.designMode='on'; void 0

Just type that into the URL, then you can start editing the webpage you are viewing straight from the browser.
Posted by Adam Boulton at 4:44 AM 0 comments

Tuesday, March 10, 2009

Disable HtmlUnit logging

HtmlUnit is a pretty decent scriptable browser. I use it for developing alot of website scrapers and various bots. By default, the logging to the standard output stream is pretty verbose. A quick way to disable it programmatically is to add the following static initializer to your code:

   static {
        LogFactory.getFactory().setAttribute("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.NoOpLog");
    }
Posted by Adam Boulton at 2:26 PM 0 comments

Strings are immutable in Java. Really, Mr. Anderson?

Take a look at the following code, the output is not what you may expect ;)

//MindWarp.java
public class MindWarp 
{
  public static void main(String[] args)
  {
    System.out.println(MR_ANDERSON);
  }
  private static final String MR_ANDERSON = "Adam, RIM Security Researcher";
  private static final Warper warper = new Warper(); //The hackers class ;)
}


//Warper.java - Hacks the String object which is on the heap....
import java.lang.reflect.*;

public class Warper 
{
  private static Field stringValue;
  
static 
{
    try
    {
      stringValue = String.class.getDeclaredField("value");     //String has a private char [] called "value"
    }
    catch(NoSuchFieldException ex)
    {
//Should deploy a safety net here i.e enumerate a char[] incase the variable inside the String class is not called "value"
        ex.printStackTrace(); 
    }
    if (stringValue != null) {
      stringValue.setAccessible(true); // make field public ;)
    }
  }
  public Warper() {
    try {
//String must be same length, otherwise IndexOutOfBoundsException
      stringValue.set("Adam, RIM Security Researcher", "You have been hacked! ! ! ! !".toCharArray()); 
    } catch(IllegalAccessException ex) {} // shhh
  }
}
Posted by Adam Boulton at 2:53 AM 0 comments

Friday, November 7, 2008

Assembly competitions

I have been in a couple of Assembly competitions recently on a private forum. They have been very interesting, one in particular was to create the smallest PE file (Windows executable) that displays the message "ADZ" in a graphical message box i.e use of user32.MessageBoxA() and must exit without an exception. I am currently in first position with 109 bytes! So its a challenge to any reverse engineering experts to try and beat that ;) I will be posting my solution and analysis once of the competition ends, which is in about 5 days. Here is a useful resource to get you started:

http://www.phreedom.org/solar/code/tinype/

EDIT: Well 109 bytes was a clear winner :) If anyone got smaller don't hesitate to let us know! Here is my bytecode:

4D 5A CC CC 50 45 00 00 4C 01 01 00 68 21 00 40
00 E8 65 1D 40 7C EB 2D 04 00 03 01 0B 01 08 00
04 75 73 65 72 33 32 00 04 00 00 00 0C 00 00 00
04 00 00 00 0C 00 00 00 00 00 40 00 04 00 00 00
04 00 00 00 04 6A 30 EB 05 41 44 5A 04 00 68 6A
00 40 00 EB 01 CC EB 01 88 68 6A 00 40 00 EB 02
02 00 6A 00 E8 81 07 05 7E C3 53 41 46

Posted by Adam Boulton at 12:40 PM 0 comments
Subscribe to: Posts (Atom)