Installing Steam at the unsupported Linux which is not Ubuntu

Today at Feb 14th Valve released Steam for Linux. At this moment it officially only supports Ubuntu. However it is easy to run it on any other Linux distribution, in my case at OpenSuSE 12.2.
Continue reading »

Linux, Steam Leave a comment

Preventing WordPress comments spam

There seem to be an easy way to prevent a significant number of WordPress comment spam.

The majority of spam comments nowadays come with either a bunch of URLs, or with a generic message such as:

Hi there! Just discovered your site while i was browsing and i must say that i found it quite interesting! I hope you don’t mind if i return here from time to time and check your content.

Those messages usually do not have any URLs. The spammer attempts to achieve their goal by setting up the “Website” comment field, pointing it to their spam site.

The easiest solution seem to be just to remove this field from the comment form. This could be achieved in one of the following ways, and none of them reduces the spam:

  • Remove the Website field from the comment form. This doesn’t change anything since most spammers use the software which doesn’t even look at the comment form and just sets the fields which “should be there”. And since the WordPress code still handles the “url” field, the spam comment gets through same way as before.
  • Remove the url field from the comment form altogether, in hope the spammers would see their added comments come with no website so they’re useless for the purpose, and will leave you alone. Again, this is not how spammers work, they do not track posted comments (most of which got removed in seconds anyway), so it does not reduce spam. If you’re using Akismet it also comes with the major disadvantage – the website field is a major source for spam detection, so the comments with the same content but without this field set are not detected as spam anymore.

So the idea is to turn the spammer logic against them.

First we disable – but not hide – the Website comment field by adding the disabled attribute into the field value. This could be done by changing the wp-includes/comment-template.php the following way:

                'url'    => '<p class="comment-form-url"><label for="url">' . __( 'Website' ) . '</label>' .
                            '<input id="url" name="url" type="text" disabled value="' . esc_attr( $commenter['comment_author_url'] ) . '" size="30" /></p>',

The disabled field is added between “text” and value fields.

Second, we refuse any comments which still contain the Website field. Since the regular users cannot enter the website anyway (the field’s disabled) but the spam bots ignore this restriction, the only entities who would be able to pass a non-empty Website field would be the spam bots. So we check if a new comment comes with the non-empty website field and block it. This could be achieved by hooking into the WordPress system to intercept a new comment being posted.

To do so, add the following code into wp-content/<your theme name>/functions.php:

function must_have_no_url_field($fields)
        if ( !empty( $_POST['url'] ) )
              wp_die( "Spammers not welcome here" );

add_action( 'pre_comment_on_post', 'must_have_no_url_field' );

This function is being called each time a new comment is posted, and prevents the comments with non-empty Website field from appearing. At the same time it keeps the value of this field intact when submitting the comments to Akismet, therefore keeping the spam detection rate high while preventing the comments which slipped through from being posted.

Uncategorized Leave a comment

Help to fight Internet censorship!

Since Nov 1st 2012 the new Russian law implementing the Internet censorship comes into effect. This law allows several agencies of the Russian government to add any Internet site they consider “harmful to children” into the government-mandated block list. Russian Internet providers are legally obligated to block access to the sites which are present in this list. Quick summary of the law:

  • The sites could be blocked by either the court or one of the government agencies. The law currently allows blocking for three categories of web sites: child pornography, drug propaganda and the web sites about the suicide.
  • The law provides no oversight and no penalties for the government employees who add the specific site into the block list. Further, the list itself is secret and only available to the Internet providers.
  • The law requires the government to notify the site owner and let the owner to remove the content in three days. This, however, does not happen, and the sites get blocked without any advance warning.
  • It requires a court order to remove the site from the blocked list, while it could be added there simply by some government clerk.
  • The access is blocked for everyone, even the adults who don’t have any children. The block is mandatory.

Internet is the main vehicle fueling the democracy in Russia. Popular social networking sites  such as LiveJournal and Facebook/VKontakte are widely used by the opposition to coordinate the peaceful protests, uncover the major corruption scandals and simply exercise their free speech rights by sharing their opinions which are censored from the Russian government-maintained TV channels. Therefore a lot of Russians are worried the real purpose of a new law is to quickly shut down the resources the opposition uses to fight the Putin regime. During the first days the law went into effect it blocked a few political satire sites, and a site about the suicide prevention. This is just start.

It is a worrying trend when governments limit the Internet access for adults under the guise of “saving our children”. However we can help Russians to fight the Internet censorship.

What can you do:

  1. Spread the word! Tell others about the censorship and how to work around it.
  2. Set up Tor software or I2P software and run an exit node or an intermediate node. This will help the people to reach censored sites. We are running the Tor node here at Ulduzsoft.
  3. Donate to NoiseBridge or similar organizations which run the Tor exit nodes for everyone to use.
  4. Educate your friends  about the effects of the censorship on the society. Censorship is a very attractive option to any government, we must be vigilant to preserve our right to free speech!
Uncategorized Leave a comment

Reverse-engineering the KaraFun file format. Part 4, the encryption

So far all the files we have seen were not encrypted. However some users pointed out there are KFN files which are encrypted. While the encrypted files were still analysed and dumped properly, the output files were encrypted and hence unusable. But the users also confirmed that KaraFun player plays those files just fine, and does not ask any passwords from the user nor it requires Internet connection (and hence doesn’t download the keys from a server). Since our player need to support encrypted files too, this is something which we need to take care of now.

First let me start with a statement that reverse-engineering the file format encryption is typically a very difficult task even in a case like that, when the encryption key is not provided by user or the server, and therefore is embedded either into the software or into the file itself. Finding them out therefore requires reverse-engineering the actual software to find out where the keys are stored, and which algorithm is used. However as you see below due to a major flaw in the KaraFun software it is still possible to reverse-engineer even the encrypted files without even looking at the actual software!
Continue reading »

android, reverse engineering 13 Comments

Reverse-engineering the KaraFun file format. Part 3, the Song.ini file

This is quite simple. We look at the song.ini file and it is obvious immediately where the text and the timing information is as those are the only lines with enough numbers.
Continue reading »

android, reverse engineering Leave a comment

Reverse-engineering the KaraFun file format. Part 2, the directory

In the first part we found out the header format, and that it does not provide us with the directory location. However we know there must be a directory, as the KaraFun application must know where exactly in a file the files are stored, and how large are they. At minimum there should be the directory offset and either the total size or the number of files. At the first thought the DIFW header value may contain the number of files, and the MUSL value contains the directory offset (its value is 0x11D which is after 0x117). However if we check other KaraFun files at the same page, we would see that for some files the MUSL value is less than header length. Therefore it cannot be the offset, and probably is the music length in seconds. Nor DIFW is the number of files. A quick search for the JPEG signature “JFIF” finds out at least three JPG files, so there are more than two files in this archive.

So where it is the directory? Since the header length varies (because it uses the strings with variable length), it could be in one of two places. Either it is at the end of the file (not the case as we saw above), or it is supposed to follow the header directly. Let’s look carefully at the bytes following the header:
Continue reading »

android, reverse engineering Leave a comment

Reverse-engineering the KaraFun file format. Part 1, the header

Several of our users have expressed disappointment that our Ulduzsoft Karaoke Player for Android does not support the popular KaraFun Karaoke format. This format seem to be very popular in some countries, and unfortunately there seem to be no player on Android capable of playing those files. Even the KaraFun Android application does not play those files which is unfortunate. Therefore we decided to add support for this format.

The main issue we had to overcome was lack of any documentation on Internet about this popular format. There is no free open-source software supporting this format either. Therefore to support this file format I had to reverse-engineer it. Fortunately I have the relevant experience, and it was not a very difficult task. Then I decided to document those efforts for the readers to better understand how the reverse engineers work as there seem to be a lot of misunderstanding about the process. All I ultimately needed was a few KaraFun karaoke files. I didn’t even download any KaraFun software, and there was no need to use the editor. The whole format, including the encryption, was reverse-engineered by just looking at the file content.

Hopefully this article would be useful for the people who would like to support KaraFun files in their projects, or just curious about how the reverse engineering of file formats is done.

Continue reading »

android, reverse engineering Leave a comment

Ulduzsoft Karaoke Player for Android is out of Beta now!

Today we released Ulduzsoft Karaoke Player for Android version 1.12. It has been a beta for close to nine months, and it is labor time. The application seem to be well-received, with a competitive functionality and the most bugs seem to be fixed. We had a long discussion about the app monetization and decided to go with a freemium model with the actual app remaining free and ad-supported through Google AdMob, with the option to disable the ads by purchasing the license key which is also available on Android Market.

So it is time for the application to become self-sustained, when any further development depends on the user feedback and the income generated by the application purchases and the ads. Let’s see how well it goes.

android 1 Comment

Android dialog to choose a directory or file based on AlertDialog

This dialog could be used to let the user choose a file or directory. Since it is based on AlertDialog it doesn’t have to be instantiated through startActivity() and therefore could be used, for example, in a PrederenceDialog subclass. The provided code only selects the directories, but it is easy to modify it to select the specific files as well. This code is used in the Ulduzsoft Karaoke Player. Apache license.

Continue reading »

Uncategorized 3 Comments

Parsing ID3v2 tags in the MP3 files

This simple tag parser is very useful when you just need to get the basic information about the MP3 files, such as the title and the artist. Of course it could be extended to extract more information if necessary.

Apache license.
Continue reading »

android 3 Comments