Profile

Cover photo
Benjamin Dobell
Works at Glass Echidna Pty Ltd
301 followers|43,361 views
AboutPostsPhotos+1's

Stream

Benjamin Dobell

Shared publicly  - 
 
Wooo! #1 C++ developer in Australia (42nd Worldwide)!

Psst, don't point out how flawed the ranking system is; let me live my fantasy.
Repos : 1. Stars : 0. Ruby ranking. Melbourne, 356 / 690. Australia, 897 / 1 890. Worldwide, 66 658 / 204 324. Repos : 7. Stars : 0. Like this project? Support it by sending a tweet. Made by @vdaubry. See source on GitHub. This project is not affiliated with the GitHub company in any way.
4
Add a comment...
 
Freaking out a bit here... Just updated to Android Studio 0.8.2 and I'm suddenly getting ClassNotFoundException on launch for the main activity of one of my apps when it is built with 0.8.2. This exact code (and several old commits) are all failing in the same way now, despite them all building and executing fine with 0.8.1.

Details:
http://stackoverflow.com/questions/24726363/classnotfoundexception-for-main-activity-android-studio-0-8-2
1
Marty Glaubitz's profile photoGuillermo Balmaceda's profile photoBenjamin Dobell's profile photo
4 comments
 
+Guilermo Mendoza I'm glad I wasn't the only one. Was starting to question my sanity.

I was able to solve the problem by calling "./gradlew clean" - so it would seem there is definitely a subtle bug somewhere in the 0.8.2 release.
Add a comment...

Benjamin Dobell

commented on a video on YouTube.
Shared publicly  - 
 
Just as a note to developers; please oh please don't ever do anything like this!

The technique demonstrated in this video does not make hacking more difficult. All it does is make your life hard because your code is a mess. There's absolutely nothing special about java Strings. The only difference is String is an object and an int is a primitive. It is true String is an immutable data type. However, immutability is enforced by the JVM, so that can be circumvented by changing raw memory values. However, in addition to that, the app stores a reference to a String, all you need to do is swap the reference to point to a new String; which is exactly as trivial as updating an integer.

If you want to make your app more difficult to hack, just run ProGuard on release builds; be careful to test your builds though as ProGuard can sometimes be a bit overzealous in deleting what it thinks is dead code. ProGuard comes with Android Studio and simply obfuscates the JVM code. Keep the files ProGuard outputs as you'll need them to de-obfuscate the code yourself when users post crash reports.

Now, does using ProGuard make your app impossible to hack... Nope, not even in the slightest. But it does make it a pain in the arse and that's enough to deter your average derp. However, if your app is interesting enough and there's a valid reason to reverse engineer it, you can bet someone (like myself) will do so. Don't worry, to be clear I don't hack anything. I only reverse engineer software for interoperability etc. e.g. Heimdall!

+Adam Outler You did mention at the end of the video that this won't work, which is good. However, I've never seen anyone attempt this technique before, it's really really flawed ;) A video showing how to use ProGuard would probably have been better. Especially if you explained how to debug obfuscated ProGuard stack traces etc.
1
Adam Outler's profile photoBenjamin Dobell's profile photo
5 comments
 
+Adam Outler I know you've mentioned this isn't effective against reverse engineering, you're quite right, it's not. But in addition to that my point no-one should ever do this, it's bad advice for several reasons.

Firstly, anybody who is even remotely experienced hacker is not going to bother with memory hacks, the first thing they're going to do is grab the Dalvik byte code and convert it into something human readable.

That aside, this is even ineffective against memory hacking. Say your score is currently 64 and you pause execution of the application. Instead of looking for the value 0x40 in memory, you're now looking for the value 0x00360034, which is the runtime representation of the String "64". You can easily change that to 0x00390039, which is "99" with absolutely minimal effort. However, you could instead once you've found that value in memory, record the memory address of the start of the String object. Then scan in memory for that memory address, which will be the variable "String score". You can then go ahead and change that to point to another String object in memory (which you can insert yourself), or just use one that is already there.

Personally I'd never bother with memory hacking in a brute force fashion like this, it's far too inefficient, Reverse engineering the Dalvik bytecode is going to be much simpler and tell you a lot more about how the application works. If I wanted to submit a high score to a server I wouldn't use memory hacking, I'd just look at how the data is being sent to server, reverse engineer that, and write a new program that sends whatever I want to the server.
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
There was an issue (or two) with the OS X  #Heimdall  Suite 1.4.0 package that I released yesterday. The issue meant that the binaries completely failed to execute on most systems.

I've uploaded a new package now that should address the issue. If you do encounter any problems please report them over at the Heimdall Github page (https://github.com/Benjamin-Dobell/Heimdall).
What is Heimdall? Heimdall is a cross-platform open-source tool suite used to flash firmware (aka ROMs) onto Samsung Galaxy S devices. How does it work? Heimdall uses the same protocol as Odin to interact with a device in download mode. USB communication in Heimdall is handled by the popular ...
3
1
Kleiton Moraes's profile photoBenjamin Dobell's profile photo
2 comments
 
+Kleiton Moraes please refer to the README. 1.4.0 requires exact partition names.
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
The Heimdall 1.4.0 source is now available on Github (https://github.com/Benjamin-Dobell/Heimdall). I've been looking into running a private instance of the OpenSUSE based "Open Build Service" to produce Linux packages, but haven't had a heap of luck thus far. I'll make an official announcement on the Glass Echidna website once packages for all supported platforms have been made available.

However, seems as I did indicate to a Windows user or two that binaries would be available by now; I've uploaded the Windows build early - https://bitbucket.org/benjamin_dobell/heimdall/downloads/heimdall-suite-1.4.0-win32.zip

Enjoy!
3
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
Hey everyone, Google have finally lifted the suspension on my account. Still no explanation as to why I was suspended in the first place. But I'm glad to be back!
4
Micha Licher's profile photo
 
Hi Benjamin...would you please help me...as I`m very frustrated about flashing my new Galaxy Tab2 P5110..
After installing Heimdall on my Linux Ubuntu 12.4.; I dowloaded stock Rom for Tab 2 from samfirmware...unpacked it and got several files.

At terminal I tried to type following:
sudo heimdall flash  - - cache cache.img  - - recovery recovery.img  - - param param.lfs  - - hidden hidden.img  - - secondary-boot Sbl.img  - - etc.etc.

BUT what is correct:
boot.img --> kernel boot.img or primary-bootloader boot.img ????
system.img --> system system.img or factoryfs system.img ???

And more...after unpacking the stock firmware a got a "MLO"-file? how to handle MLO-files???
PLEASE would you support & explain.
Thanks a lot in advance.
Rgds,
Micha
Add a comment...
Have him in circles
301 people
Jonathon Taylor's profile photo
Samuel Leathers's profile photo
Tony Roach's profile photo
Linwood Creekmore III's profile photo
Nuwan Tilakaratna's profile photo
Andrew Carr's profile photo
Enis Ademi's profile photo
enver meti's profile photo
Balazs Nadasdi's profile photo
 
Public service announcement - Android Studio 0.8.2

If you just updated to 0.8.2 and you're suddenly consistently getting weird runtime crashes, such as ClassNotFoundException on launch. Then you need to execute:

    ./gradlew clean

or, if you're not using the Gradle wrapper (assuming gradle is in your PATH):

    gradle clean

"Clean Project" and/or "Rebuild Project" in Android Studio 0.8.2 do not seem to do the trick.
5
Marty Ballard's profile photoGuy Dviri's profile photoBenjamin Dobell's profile photo
10 comments
 
Actually, the fact that the build system uses a complete programming language and is not a wizard for a description file format is what makes it so powerful. However, the latest android studio build does include a UI/wizard to generate gradle build scripts for the most common use cases.
Add a comment...

Benjamin Dobell

commented on a video on YouTube.
Shared publicly  - 
 
Firstly there is no solution that will stop a determined hacker from reverse engineering. All you can do is make it really difficult. However, there absolutely is a solution to stop brute-force memory hacking. The technique outlined in this video however is not it. See my comment to understand why - Basics on How to Stop People from Hacking Your Android App).

In fact, there are two solutions to stop memory hacking, and they're related:

1. Run the game logic on a server. They don't have access to score, therefore they can't mess with this.

Of course if you've got a fast paced game, then that's going to be a problem.

2. Instead of simply recording and submitting an integer high-score, record each event that adds or subtracts from your score and then when the game is over submit the event chain to the server. The server can then validate the events all add up and are feasible i.e. if a user claims they blew up a barrel that gave them 1 million points but no such barrel exists in the game, reject the score.

You can take this one step further. Say you have a game where you squish bugs (sound familiar). When you create each squishable bug give it a pseudo random ID. The fact it is “pseudo” random is extremely important.

You want your game to be random, so on start-up generate a truly random number. (Okay the technically inclined will note all random values generated by a CPU are actually pseudo-random). Use this “truly random” value as a seed to randomise the gameplay. Then when you want to generate a bug, give it an ID using a pseudo-random algorithm derived from the original “seed” value. When you generate the next bug, use the previous ID as a the seed in your ID generation algorithm, and so on. Now each time you squish (or fail to squish) a bug record those events, including the bugs ID.

When the game is over submit both the original “truly random” seed value to the server, and the event chain for the game. The server can then use the same algorithm you had in the game, starting with the seed value you provided, to ensure all the events are valid, and therefore validate the score.

You might argue that a determined memory hacker could create “events” in memory, and append them to the event chain, so these are eventually submitted to the server. However, the only way they can generate events is to understand the pseudo-random algorithm the game was using. This can only be determined by statistical analysis (good luck!) or by reverse engineering the binary.

There you have it, the only feasible solution is therefore to reverse engineer the binary. Add in some proguard and make your algorithm sufficiently obscure and you're going to have one very frustrated hacker ;-)

Days upon days of full-time reverse engineering work just to submit a fake high-score... not worth it!
1
kingbob bob's profile photoBenjamin Dobell's profile photo
2 comments
 
+kingbob bob Yeah the xor technique is certainly a lot more efficient and works better than the String technique... I mean, if XOR encryption is good enough for Rockstar submitting data from their GTA V mobile apps it's got to be good enough for us, right? ... I mean, I know nothing about those apps... dum dee dum.
Add a comment...
 
Kogan are intentionally violating the GPL with respect to the Linux kernel, U-Boot and other software running on their Android devices. Can I please get your help?
10
3
Brinly Taylor's profile photoFrancis Real Ushiyama's profile photoFacundo Cabrera's profile photoDerek Perrin's profile photo
8 comments
 
+Benjamin Dobell Tried sending another one. Issue just got closed. I'll send you a email later.
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
#Heimdall 1.4.0 has been officially released, including binary packages for Windows, OS X and Linux (Debian, RPM and Arch Linux distros).
Heimdall Suite 1.4.0 is finally available in both source and binary form. I apologise for the extremely long wait between official releases. The sheer number of devices that to be supported sometimes throws a spanner in the works. Particularly when adding support for several devices ...
6
3
Tim Jones's profile photoFrancis Real Ushiyama's profile photo
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
Successfully flashed the SGS4 GT-I9505 (Snapdragon) with the latest Heimdall source tree (https://github.com/Benjamin-Dobell/Heimdall/tree/wip/1.4RC3). If anyone can verify the the GT-I9500 (Exynos) works I'd love to finally get around to making this 1.4 release! 
4
1
Ryan Roberts's profile photoAnd DiSa's profile photo
 
I was trying to compile for Win32 but didn't have any luck. Is there any chance you can get it to work on your end and link a zip? Glad to see you back, btw!
Add a comment...

Benjamin Dobell

Shared publicly  - 
 
Want to help with Heimdall? Checkout the following video. (Big thanks to +Adam Outler who helped me get the video up on XDA TV).

http://www.xda-developers.com/android/heimdall-and-usb-logging-tutorial-xda-developer-tv/
5
2
Jonathon Taylor's profile photoAdam Outler's profile photoSchiwi M's profile photo
 
Benjamin, a huge thank you for your Heimdall product.

I can't stress how much it's been a life saver to me, especially in light of the challenges I've faced with Odin and attempting to un-soft brick my Note II LTE. Once I've /mastered/ the use of your software, I'll attempt to relieve you of some of the responsibilities in supporting your system in organising Heimdall supported firmware files if it's of help?
Add a comment...
People
Have him in circles
301 people
Jonathon Taylor's profile photo
Samuel Leathers's profile photo
Tony Roach's profile photo
Linwood Creekmore III's profile photo
Nuwan Tilakaratna's profile photo
Andrew Carr's profile photo
Enis Ademi's profile photo
enver meti's profile photo
Balazs Nadasdi's profile photo
Basic Information
Gender
Male
Apps with Google+ Sign-in
Work
Occupation
Programmer / Consultant
Employment
  • Glass Echidna Pty Ltd
    Co-Founder / Director, 2009 - present
Links
Benjamin Dobell's +1's are the things they like, agree with, or want to recommend.
PlayUp
market.android.com

For the die hards, the scream hards and trading card fans. The over-the-top fan, the I knew it fan, the dancing Homer fan For the molotov co

PlayUp NFL
market.android.com

The big hits, big plays, big crowds, big men, making big tackles and big passes in big moments, under big pressure, in big games, for big pr

PlayUp Cricket
market.android.com

Do you know the difference between a googly a Ganguly? Or a flipper from a Flintoff? Swing from spin? Do you know cricket and want to keep u

C4 Game Engine Overview
www.terathon.com

C4 Engine, Terathon Software. Facebook Twitter YouTube. Information Links. Overview. News. Features. Screenshots. Videos. FAQ. Licensing. Do

Anti-Squish - Android Market
market.android.com

Don't get SQUISHED! An addictive casual game with a competitive twist. Help flies on one side of the screen make their way to the opposite s

Anti-Squish Lite - Android Market
market.android.com

Don't get SQUISHED! An addictive casual game with a competitive twist. Help flies on one side of the screen make their way to the opposite s

Android Forums & Windows Phone Discussion @ xda-developers
forum.xda-developers.com

Android and Windows Mobile Developers - The Largest Community for Smartphone Hacks and Development of Apps.

Heimdall – Glass Echidna
www.glassechidna.com.au

Glass Echidna. Software down under. About Us. The Business; The Team. Contact; Donate; Products. Android Apps. Anti-Squish. Heimdall. Log in

Glass Echidna - Software down under.
www.glassechidna.com.au

Glass Echidna. Software down under. About Us. The Business; The Team. Contact; Donate; Products. Android Apps. Anti-Squish. Heimdall. Log in