Recently, I was having trouble with the Android Market after I’d upgraded to CyanogenMod 6 on my HTC Dream. Since the Dream has really limited internal space, the CyanogenMod folks removed Google Maps from the Google Apps package, since Maps can be installed from the Market. Right after I’d gotten my phone up and running, I’d set it to install a bunch of stuff from the market, including maps.
Now, Maps is a huge application by Android standards, but it has an enormous amount of functionality. And even though Froyo supports saving apps to an SD Card, I can’t seem to get it to install from Market to the SD Card, so I quickly filled up the internal storage and had several app installs fail, including Market. Now, several of these Apps are not ones I particularly cared about, but this weekend Catherine and I went on a day trip where I really needed the Maps.
However, Maps thought it was already downloading (it wasn’t), even after multiple reboots, and attempts to cancel the download within Market caused a force-close. However, it is possible to fix. Since my device was rooted, and had a terminal emulator I was able to do it on the phone in the car, but it would be fully possible to do it from the Android Debug Bridge with the phone plugged into a computer.
Once into the device via a terminal you’ll want to do the following:
- Make sure you have root access (should be automatic via adb,
- `DELETE FROM assets10 WHERE state = ‘DOWNLOADING’;
When you go back into Market, you should be able to tell the app to begin downloading again, and it should just work. Oh, and don’t do this when you do have a market download that is legitimately in progress, because I suspect something bad would happen.
Fiddler2 is a great tool for doing web inspection, but it also provides excellent tooling for modifying data in HTTP requests while on Windows. On Linux, I usually use WebScarab or Paros, both of which are cross-platform in Java, but I find that Fiddler is a better project when on Windows.
To provide a simple example of using Fiddler2 for web debugging, I’m going to talk about the workflow for the Doctor Who: The Adventure Games geolocation check, and discussing how it can be examined using Fiddler (as I was on Linux, I used tcpdump and wireshark, but that gave me a TON of noise). First, install and start Fiddler. I would probably immediately go to the File menu and make sure that ‘Capture Traffic’ is turned off, so that it doesn’t overwhelm you immediately. Then, go the Filter’s tab on the right part of the screen:
You’ll then want to set the options the way that I have above. Set the Host Filter to only show the following hosts, then put
www.bbc.co.uk in the list. Then, filter to only the
/doctorwho/tag/api/geo/isukrequest URL path. Then, we want to break, and to do that we’ll break response on Content-Type:
text/plain. This will ensure that we can intercept the response for any geolocation request from this particular API.
Firing up the installer, watch your fiddler window, until you see the following show up in the Web Sessions window:
Click on that line, and then choose the “Inspectors” tab, instead of the “Filters” tab on the right. You should then see the following on the bottom half of the view:
From the drop-down select the “200_SimpleHTML.dat” option, then click on the “TextView” option, and change the content to
1. Click Run To Completion, and you should be done.
Fiddler2 is an awesome tool for web developers, however it, or another Web Proxy, should be a core tool in any security toolset. Seeing how an application responds to simple tweaks of the input or output is really interesting, and is at the root of most security research. If Fiddler has any apparent weakness, it’s that I don’t see a good way to automate fuzzing responses and the like, however, that may just be something I’m not seeing.
This weekend saw the launch of Doctor Who: The Adventure Games, a series of downloadable adventure games starring The Doctor and Amy Pond which coincides with the currently running series of Doctor Who.
Many people world-wide (and in Britain) have been disappointed with their attempts to install the game, since it calls to the BBC to determine if you’re in the UK or not. I have a friend in London who can’t install the game because of this check, which just seems laughable to me.
Knowing that the geolocation check in the installer was almost certainly related to a web call, I set up tcpdump to capture all the network traffic on my machine while I attempted the install. I then loaded the resulting pcap file into wireshark, and filtered out all the traffic not going to the BBC netblock with the following filter rule:
ip.addr >= 18.104.22.168 && ip.addr <= 22.214.171.124.
This showed a single HTTP request to the following URL: http://www.bbc.co.uk/doctorwho/tag/api/geo/isukrequest
The response was a 403 with a
0 in the body.
I then decided to test a frighteningly simple theory. I started up the nginx instance on my machine, dropped a file named
1 in the
/var/www/nginx-default/doctorwho/tag/api/geo directory on my Ubuntu 10.04 machine, added a line containing
127.0.0.1 www.bbc.co.uk to my
/etc/hosts file, and began the install.
Note: Actually, I had to disable to /doc location section in the
/etc/nginx/sites-available/default file, as it matched the /doctorwho request, and completely messed up the request.
The install worked perfectly, and I was able to launch the game in Wine1.2 (from the Wine PPA) on Ubuntu 10.04 while running in Virtual Desktop mode for Wine. I haven’t tried full-screen just yet, and the option to let DirectX programs lock the cursor doesn’t seem to be working really well, but the game is playable. I’ll have a more thorough review later this week, once I’ve had an opportunity to play through it.
I expect the BBC will eventually release a non-UK exclusive version. Some people feel that they’ll charge for it, since many UK residents feel the reason they’re getting the game at no charge is because it was developed using their TV Licensing fees. That may well be true, and if the game gets released outside of the UK with a charge associated with it (there has been no word from the BBC about this possibility to the best of my knowledge) I would encourage people to consider paying for it. However, I would encourage the BBC to use this series of games purely as a way to drive interest in this season of Doctor Who, which has been, by far, the best since the show relaunched.
I was also surprised by just how easy circumventing this was. There was no encryption. No handshake. No reverse engineering was required, just a tiny bit of observation of the traffic on the wire, and setting up a web server on your own system. The ‘attack’ on this system is completely trivial, not even running afoul of anti-reverse engineering provisions in certain laws (which I disagree with). A simple challenge-response handshake would have made this task even remotely challenging, and protected the software via anti-reverse engineering clauses.