Hacking Microsoft Pro Photo Tools – Using Reflector to use MapPoint Lat Long Lookup (for free!) in C#

The other day, Microsoft came out with “Microsoft Pro Photo Tools” which allows you to geocode your photos. It is a pretty cool app, but there are some things that I wonder, like why didn’t they just build this functionality into Windows Live Photo Gallery?

Anyway’s, with any new thing I download and play around with, I started digging into stuff. I looked in the install directory, C:Program FilesMicrosoft Pro Photo Tools and noticed that there are some Interop assemblies and other assemblies, etc. I fired up Reflector and started disassembling the assemblies and exe. Pretty cool stuff, you can see what they are doing. Using xaml forms, etc. The cool stuff is the Location based stuff.

Microsoft has MapPoint web services which you can use/sign up for, but they cost a pretty penny. I have used some of these web services in the past and they have a ton of functionality.

Like I said, digging through the disassembled stuff in Reflector, I saw a method “GetLatitudeLongitude()” which takes in country, state, city, address, zip and returns a lat long object. But, you need a “MapPointWrapper” object to use it.

I fired up Visual Studio 2008, and then referenced the assemblies in the Pro Photo Tools directory so I could use them in code. I created a test WinForms app, and started hacking away.

Looking at the MapPointWrapper class constructor in Reflector, I noticed that it needs a username, password, URL, and timeout, the first three I don’t have – but I bet I could find!!

Here you can see the constructor as it looks in Reflector. The thing I noticed right away is that they have the username and password embedded in the function, although its all “encoded”, then blend the strings together to create default credentials. Their blend method is using some bitwise operators, etc, if you are interested, you can just click on the Blend method and it browses to that (did I mention Reflector is cool??) – anyway’s, I still need a URL…

image

Reflector lets you click on a class and “analyze” it, which gives you what classed depend on it, which classes use it etc. Just going through the list for MapPointWrapper, I found one that showed how they call the constructor.

image

That’s the ticket! You can see they are passing in empty strings for user/pass (which then gets converted to the correct user/pass by the constructor) and then the URL is right there!!! nice! We can use this!!

Now, on to using this functionality in our own app!!

image

Now, this will give you the lat/long back from MapPoint! Sweet. Now we can start digging into everything else – what else do these assemblies expose?? Can I get routes? directions? Maps? etc, etc, etc. There is a plethora of things to dig into. It looks like they are just using Virtual Earth though to get maps, not MapPoint (from what I can tell anyways).

I know there are a ton of other ways to get this info, but this was basically a test to reverse engineer their assemblies and use the functionality. I don’t recommend or condone hacking/reverse engineering assemblies like this for profit, more for fun , in other words – don’t use this in a production app as Microsoft would probably find out and come hunt you down.

This post is also just an example of how .NET code can be disassembled easily and re-used, for good, or evil 🙂

There are some basic things that every developer should do with .NET desktop apps – use Dotfuscator (which just obfuscates your code, making it harder/not feasible to reverse engineer, and also encrypt any strings/values you don’t want anyone else using or reading. That being said, Reflector is a great way to see how other applications are coded, and learn how they work. Happy Coding Hacking!

HowTo: Hack Your PS3: Installing Yellow Dog Linux 6.0, and Actually Getting It To Work!

So, a couple of weeks ago, I bought a PS3, for the Blu-Ray disc capabilities. Since HD-DVD has died and I can get Blu-Ray discs through Netflix, and since the PS3 can be updated with new features, I figured I would give it a try. (The 100 dollar EB games credit I had made the decision easier as well)

After playing around with the PS3 (I bought one game disc ; Uncharted, Drakes Adventures, and one Online game; Pain) I figured it would be good to hack around and install Linux on it. With the PS3, Sony makes it really easy to install Linux.

linux_on_ps3

I decided to go with Yellow Dog Linux (YDL), version 6.0 (the latest). Other distros will work, but this is the main one they support – you can download it here – http://www.terrasoftsolutions.com/support/downloads/

After getting the 3.7 GB file, which took forever, I burnt the ISO to DVD using Active@ ISO-Burner (a sweet ISO burner BTW). Ok, all set to install. A few things to consider

1) You need a USB keyboard and mouse

2) You need a HDTV for this to work

In the PS3, go to settings, system settings, and then format utility. You can format a 10 GB partition for “Other OS”.  Restart the PS3

Then put in the Linux DVD, go back to settings, system settings, Install Other OS. YDL said /ps3/otheros/otheros.bld  … so, hit start. Then it will tell you how to get to the other OS.

Go then to “Default System” menu and choose Other OS, and then restart..

It should restart into Linux. It will be at a prompt, “kboot:” – hit enter, it should get into setup, you can follow the onscreen instructions from there. Everything is pretty much default and hitting yes to any prompts, a basic install. You set up a root password, etc. Reboot after it is done, it will go through some final setup steps (checking sound, etc), after that, you should be able to login.

Logging in, first thing I wanted to do was get networking set up. I am not using the wired connection, rather I am using wireless, with WPA. Here is where the fun starts, and why I hate Linux.

YDL doesn’t support WPA out of the box, isn’t that awesome? The wifi was there in network config, etc, and I could put in settings, but it would never connect. I do love the error it gives you as well… “Check Cable?” umm… well, I would but Linux, remember we are configuring a Wi-Fi Connection? No Cable?

Anyway’s.. debacle time.. found this after some searching – http://dachaac.blogspot.com/2007/08/guide-to-get-wpa-psk-working-on-ps3-ydl.html

This works… I just connected to a “linksys” for 2 seconds to download the RPM (or you can just put it on a flash drive as well), and then disconnected. Going through that tutorial though,there was one thing I was getting hung up on. The networking commands were not working for me. I was logged in a regular user, so I tried “su” to switch to root. Still no dice. I had to logout, and login as root, and run through that tutorial (unpacking the RPM with –force works with “su”).

Awesome, my networking is working and I am using WPA… yesssss! Now, just check a few things, email, reader, Facebook, cool. How about YouTube… wait… no flash. Check Adobe’s site.. no flash for PPC architecture.. WTF? So no flash at this point…which stinks..

Whew, all the Linux hacking is making me thirsty.. ok, lets boot back to the PS3 OS…wait.. how?

After doing some more digging, there should be a command “boot-game-os” you can run from the terminal and it should reboot. Wait, trying to run that command, it says “command not found”… another WTF…

After some more digging, it turns out the command resides in the “/sbin” directory, which users don’t have access to… (even root? man…)

So we need to make a sym-link. You can do this as a regular user, but you need to “su”, then run

cd /bin

ln -s /sbin/boot-game-os boot-game-os

Then, you can just go to the “start” menu in TDL, and there is an option then to “Boot Game OS” – works like a charm, reboot and you are back to the PS3

iPhone: Firmware 1.1.4 – Mobile Safari – Login/Password won't save – Cookie Permission Issue

When I first picked up my iPhone, I unlocked/jailbroke using SSH (yikes!), and then after a few firmware updates and revirginzings, there were tools. I have been using Independence (on my Mac) lately, and then getting Installer.app on there over SSH, and then unlocking, etc from there.

With 1.1.4 I decided to try the new kid on the block, Ziphone. It worked, flashed, activated, jailbroke, unlocked. Now with the new Pwnage Tool that was released today, I will probably use that from now on, but looking back to the first firmware OTB to now, I have probably used 5 different methods, all resulting in the same thing, and unlocked iPhone.

Now, I after putting 1.1.4 on, I noticed my cookies weren’t working. Or in other words, logins/passwords weren’t saving in Mobile Safari. Basically, I had to put in my Facebook, Google Reader, etc login/password every time I hit the site – which really sucks.

My first guess is.. Cookie folder can’t be written to for some reason. I did some research, and yes, people with 1.1.4 unlocked or not are having this issue. Seems like a random issue with 1.1.4 on all iPhones.

Well, you can wait for the next firmware from Apple, try downgrading back to 1.1.3 (no way!) or , just fix it yourself.

What you need to do is either set the owner on the Cookies folders to “mobile” instead of “root”,

chown mobile /var/mobile/Library/Cookies/
chown mobile /var/mobile/Library/Cookies/Cookies.plist

or you need to allow write/modify access to the Cookies to all users.

chmod 777 /var/mobile/Library/Cookies
chmod 666 /var/mobile/Library/Cookies/Cookies.plist

 

What I did was change the owner to “mobile”. Your phone must be jailbroken, and have SSH installed. You can use Putty to SSH to your phone and do the fix. Here is the screencast:

You can tell that it works if you the go to a site, like Facebook, login, then in the Cookies directory on your phone, do a

ls -lat

you can see the last modified time and it should be updated to the time you just logged into your site.

Headache… resolved!

So You Want To Be A Hax0r – Step 1

So you want to be a hax0r? l33t even? Your first step is to find a cool handle.

Looks like Aaron figured out how to do it (but he still hasn’t figured out how to set up permalinks in WordPress yet). What’s your handle? And don’t say Neo, or Trinity, or Morpheus. Don’t even think of “Zero Cool” or “Crash Override”. You can only use “Acid Burn” if you are as hot as Angelina.

I took a “hacking” course from SANS a few years ago and we had to come up with handles. I took my name and figured out that an anagram for it is ScaleOvenStove – dorky but not too dorky,

Ok l33t hax0r – pick your handle. Next time we will jump into the world of “phreaking” (and if you don’t know what phreaking is, you shouldn’t even be reading this far)