Profile

Cover photo
Benjamin Dobell
Works at Glass Echidna Pty Ltd
295 followers|53,745 views
AboutPostsPhotos+1's

Stream

Benjamin Dobell

Shared publicly  - 
Please keep our production systems alive whilst our regular guy is on his honeymoon! We're looking for a competent system admin or developer (with DevOps…
1
Jonathon Taylor's profile photoBenjamin Dobell's profile photo
2 comments
 
+Jonathon Taylor Not technically an employee, but have consulted for them full-time for 2 years.
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
Wooo! #1 C++ developer in Australia (42nd Worldwide)!

Psst, don't point out how flawed the ranking system is; let me live my fantasy.
Repos : 1. Stars : 0. Ruby ranking. Melbourne, 356 / 690. Australia, 897 / 1 890. Worldwide, 66 658 / 204 324. Repos : 7. Stars : 0. Like this project? Support it by sending a tweet. Made by @vdaubry. See source on GitHub. This project is not affiliated with the GitHub company in any way.
4
Add a comment...

Benjamin Dobell

Android Studio  - 
 
Freaking out a bit here... Just updated to Android Studio 0.8.2 and I'm suddenly getting ClassNotFoundException on launch for the main activity of one of my apps when it is built with 0.8.2. This exact code (and several old commits) are all failing in the same way now, despite them all building and executing fine with 0.8.1.

Details:
http://stackoverflow.com/questions/24726363/classnotfoundexception-for-main-activity-android-studio-0-8-2
1
Marty Glaubitz's profile photoGuillermo Balmaceda's profile photoBenjamin Dobell's profile photo
4 comments
 
+Guilermo Mendoza I'm glad I wasn't the only one. Was starting to question my sanity.

I was able to solve the problem by calling "./gradlew clean" - so it would seem there is definitely a subtle bug somewhere in the 0.8.2 release.
Add a comment...

Benjamin Dobell

commented on a video on YouTube.
Shared publicly  - 
 
Just as a note to developers; please oh please don't ever do anything like this!

The technique demonstrated in this video does not make hacking more difficult. All it does is make your life hard because your code is a mess. There's absolutely nothing special about java Strings. The only difference is String is an object and an int is a primitive. It is true String is an immutable data type. However, immutability is enforced by the JVM, so that can be circumvented by changing raw memory values. However, in addition to that, the app stores a reference to a String, all you need to do is swap the reference to point to a new String; which is exactly as trivial as updating an integer.

If you want to make your app more difficult to hack, just run ProGuard on release builds; be careful to test your builds though as ProGuard can sometimes be a bit overzealous in deleting what it thinks is dead code. ProGuard comes with Android Studio and simply obfuscates the JVM code. Keep the files ProGuard outputs as you'll need them to de-obfuscate the code yourself when users post crash reports.

Now, does using ProGuard make your app impossible to hack... Nope, not even in the slightest. But it does make it a pain in the arse and that's enough to deter your average derp. However, if your app is interesting enough and there's a valid reason to reverse engineer it, you can bet someone (like myself) will do so. Don't worry, to be clear I don't hack anything. I only reverse engineer software for interoperability etc. e.g. Heimdall!

+Adam Outler You did mention at the end of the video that this won't work, which is good. However, I've never seen anyone attempt this technique before, it's really really flawed ;) A video showing how to use ProGuard would probably have been better. Especially if you explained how to debug obfuscated ProGuard stack traces etc.

Benjamin Dobell

Shared publicly  - 
 
There was an issue (or two) with the OS X  #Heimdall  Suite 1.4.0 package that I released yesterday. The issue meant that the binaries completely failed to execute on most systems.

I've uploaded a new package now that should address the issue. If you do encounter any problems please report them over at the Heimdall Github page (https://github.com/Benjamin-Dobell/Heimdall).
What is Heimdall? Heimdall is a cross-platform open-source tool suite used to flash firmware (aka ROMs) onto Samsung Galaxy S devices. How does it work? Heimdall uses the same protocol as Odin to interact with a device in download mode. USB communication in Heimdall is handled by the popular ...
3
Kleiton Moraes's profile photoBenjamin Dobell's profile photo
2 comments
 
+Kleiton Moraes please refer to the README. 1.4.0 requires exact partition names.
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
Successfully flashed the SGS4 GT-I9505 (Snapdragon) with the latest Heimdall source tree (https://github.com/Benjamin-Dobell/Heimdall/tree/wip/1.4RC3). If anyone can verify the the GT-I9500 (Exynos) works I'd love to finally get around to making this 1.4 release! 
3
1
Add a comment...
Have him in circles
295 people
Sricharan kanduri's profile photo
Shawn Matthiessen's profile photo
Mike Trieu (MegasChara)'s profile photo
Donald Munn (Roach2010)'s profile photo
Andrew Lewis's profile photo
Awang Ilyas Awang Mahsen's profile photo
Kevin H.A. Tan's profile photo
Robert Sawyer (rassawyer)'s profile photo
Sean Gomez's profile photo

Benjamin Dobell

Shared publicly  - 
 
Some saved NSManagedObject has displayInLibrary = nil

Alright, let’s try query for that object using the predicate:
“displayInLibrary == YES”

No results, alright makes sense. Let’s try:
“displayInLibrary == NO”

Hmm, still no results. I guess Core Data doesn’t adhere to Obj-C’s nil (pointer) to BOOL type coercion semantics. Fair enough, I suppose nil is not necessarily NO. Alright, let’s try:
“displayInLibrary != YES”

Wait... what!? Still no results!

...

Go home, Core Data. You're drunk!
1
Benjamin Dobell's profile photo
 
P.S. In case you're confused "displayInLibrary == nil" does return the object.

But how can nil be both not equal to YES (no results in the first query)... and, well, equal to YES, no results in the last query.

Clearly, Core Data needs to sober up.
Add a comment...

Benjamin Dobell

Android Studio  - 
 
Public service announcement - Android Studio 0.8.2

If you just updated to 0.8.2 and you're suddenly consistently getting weird runtime crashes, such as ClassNotFoundException on launch. Then you need to execute:

    ./gradlew clean

or, if you're not using the Gradle wrapper (assuming gradle is in your PATH):

    gradle clean

"Clean Project" and/or "Rebuild Project" in Android Studio 0.8.2 do not seem to do the trick.
5
Marty Ballard's profile photoGuy Dviri's profile photoBenjamin Dobell's profile photo
10 comments
 
Actually, the fact that the build system uses a complete programming language and is not a wizard for a description file format is what makes it so powerful. However, the latest android studio build does include a UI/wizard to generate gradle build scripts for the most common use cases.
Add a comment...

Benjamin Dobell

commented on a video on YouTube.
Shared publicly  - 
 
Firstly there is no solution that will stop a determined hacker from reverse engineering. All you can do is make it really difficult. However, there absolutely is a solution to stop brute-force memory hacking. The technique outlined in this video however is not it. See my comment to understand why - Basics on How to Stop People from Hacking Your Android App).

In fact, there are two solutions to stop memory hacking, and they're related:

1. Run the game logic on a server. They don't have access to score, therefore they can't mess with this.

Of course if you've got a fast paced game, then that's going to be a problem.

2. Instead of simply recording and submitting an integer high-score, record each event that adds or subtracts from your score and then when the game is over submit the event chain to the server. The server can then validate the events all add up and are feasible i.e. if a user claims they blew up a barrel that gave them 1 million points but no such barrel exists in the game, reject the score.

You can take this one step further. Say you have a game where you squish bugs (sound familiar). When you create each squishable bug give it a pseudo random ID. The fact it is “pseudo” random is extremely important.

You want your game to be random, so on start-up generate a truly random number. (Okay the technically inclined will note all random values generated by a CPU are actually pseudo-random). Use this “truly random” value as a seed to randomise the gameplay. Then when you want to generate a bug, give it an ID using a pseudo-random algorithm derived from the original “seed” value. When you generate the next bug, use the previous ID as a the seed in your ID generation algorithm, and so on. Now each time you squish (or fail to squish) a bug record those events, including the bugs ID.

When the game is over submit both the original “truly random” seed value to the server, and the event chain for the game. The server can then use the same algorithm you had in the game, starting with the seed value you provided, to ensure all the events are valid, and therefore validate the score.

You might argue that a determined memory hacker could create “events” in memory, and append them to the event chain, so these are eventually submitted to the server. However, the only way they can generate events is to understand the pseudo-random algorithm the game was using. This can only be determined by statistical analysis (good luck!) or by reverse engineering the binary.

There you have it, the only feasible solution is therefore to reverse engineer the binary. Add in some proguard and make your algorithm sufficiently obscure and you're going to have one very frustrated hacker ;-)

Days upon days of full-time reverse engineering work just to submit a fake high-score... not worth it!

Benjamin Dobell

Shared publicly  - 
 
Kogan are intentionally violating the GPL with respect to the Linux kernel, U-Boot and other software running on their Android devices. Can I please get your help?
9
2
Jon Chronopoulos's profile photoBenjamin Dobell's profile photoBrinly Taylor's profile photo
8 comments
 
+Benjamin Dobell Tried sending another one. Issue just got closed. I'll send you a email later.
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
#Heimdall 1.4.0 has been officially released, including binary packages for Windows, OS X and Linux (Debian, RPM and Arch Linux distros).
Heimdall Suite 1.4.0 is finally available in both source and binary form. I apologise for the extremely long wait between official releases. The sheer number of devices that to be supported sometimes throws a spanner in the works. Particularly when adding support for several devices ...
6
3
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
The Heimdall 1.4.0 source is now available on Github (https://github.com/Benjamin-Dobell/Heimdall). I've been looking into running a private instance of the OpenSUSE based "Open Build Service" to produce Linux packages, but haven't had a heap of luck thus far. I'll make an official announcement on the Glass Echidna website once packages for all supported platforms have been made available.

However, seems as I did indicate to a Windows user or two that binaries would be available by now; I've uploaded the Windows build early - https://bitbucket.org/benjamin_dobell/heimdall/downloads/heimdall-suite-1.4.0-win32.zip

Enjoy!
2
Add a comment...
People
Have him in circles
295 people
Sricharan kanduri's profile photo
Shawn Matthiessen's profile photo
Mike Trieu (MegasChara)'s profile photo
Donald Munn (Roach2010)'s profile photo
Andrew Lewis's profile photo
Awang Ilyas Awang Mahsen's profile photo
Kevin H.A. Tan's profile photo
Robert Sawyer (rassawyer)'s profile photo
Sean Gomez's profile photo
Basic Information
Gender
Male
Work
Occupation
Programmer / Consultant
Employment
  • Glass Echidna Pty Ltd
    Co-Founder / Director, 2009 - present
Links
Benjamin Dobell's +1's are the things they like, agree with, or want to recommend.
Go - Melbourne Train Timetable – Android Apps on Google Play
market.android.com

Train timetables don’t need to be complicated, GO lets you know when your next train is leaving.Created in Melbourne for people who catch th

PlayUp
market.android.com

For the die hards, the scream hards and trading card fans. The over-the-top fan, the I knew it fan, the dancing Homer fan For the molotov co

PlayUp NFL
market.android.com

The big hits, big plays, big crowds, big men, making big tackles and big passes in big moments, under big pressure, in big games, for big pr

PlayUp Cricket
market.android.com

Do you know the difference between a googly a Ganguly? Or a flipper from a Flintoff? Swing from spin? Do you know cricket and want to keep u

C4 Game Engine Overview
www.terathon.com

C4 Engine, Terathon Software. Facebook Twitter YouTube. Information Links. Overview. News. Features. Screenshots. Videos. FAQ. Licensing. Do

Anti-Squish - Android Market
market.android.com

Don't get SQUISHED! An addictive casual game with a competitive twist. Help flies on one side of the screen make their way to the opposite s

Anti-Squish Lite - Android Market
market.android.com

Don't get SQUISHED! An addictive casual game with a competitive twist. Help flies on one side of the screen make their way to the opposite s

Android Forums & Windows Phone Discussion @ xda-developers
forum.xda-developers.com

Android and Windows Mobile Developers - The Largest Community for Smartphone Hacks and Development of Apps.

Heimdall – Glass Echidna
www.glassechidna.com.au

Glass Echidna. Software down under. About Us. The Business; The Team. Contact; Donate; Products. Android Apps. Anti-Squish. Heimdall. Log in

Glass Echidna - Software down under.
www.glassechidna.com.au

Glass Echidna. Software down under. About Us. The Business; The Team. Contact; Donate; Products. Android Apps. Anti-Squish. Heimdall. Log in