Profile cover photo
Profile photo
John C. Bland II
613 followers -
Father. Deacon. Geek. Gamer.
Father. Deacon. Geek. Gamer.

613 followers
About
John C.'s posts

Post has attachment
Hello. Hello! HELLO! #practice

Post has attachment
Playing with Oceans

Post has shared content
A visual history of the Google Nexus

Post has shared content
What a terrible night that was!
Photo

Post has shared content
ICYMI: An asteroid exploded above Bangkok over the weekend. https://goo.gl/y8dghH
Animated Photo

Post has shared content
I've open-sourced the web-based layer visualizer we used in the "Android Design for Developers" +Udacity course! Check it out here:

https://github.com/romannurik/LayerVisualizer

Note: web-based meaning you put together the UI in HTML/CSS, not Android code
Animated Photo

Post has shared content
An in-depth look at the new Google brand identity. g.co/design/google-id 
Animated Photo

Post has shared content
First implementation of requestIdleCallback is in Chrome Canary!

What is it? It allows applications to cooperatively schedule background tasks such that they do not introduce delays to other high priority tasks that share the same event loop, such as input processing, animations and frame compositing. 

For more details on the API, the spec, and more examples, see:
https://w3c.github.io/requestidlecallback/

Finally, to get started:
- Boot up Chrome Canary
- Enable chrome://flags/#enable-experimental-web-platform-features
- Restart the browser
- Experiment with rIC, ..., and please provide feedback!
Photo

Post has shared content
This worked great. I used a combination of this and the linked brute force to recover a much needed password tonight. #thankful  
Forgot your Android keystore password? No problem!

I recently needed to update an Android app I have on the Play store, when I discovered I apparently forgot my keystore password. I immediately started brute force and dictionary attacks with the Android Keystore Password Recovery tool (https://code.google.com/p/android-keystore-password-recover/), which eventually (after about 2 months) revealed the password to the private key. I knew I had used separate keystore and private key passwords, and so this wasn't terribly helpful.

I was curious how it could check the inner private key password without knowing the keystore password -- I would expect there to be two levels of full encryption. However, upon inspection of the tool's code, I realized it was just using a dummy password of "a" for the keystore. I tried this with the official tools (jarsigner and keytool), but they require a minimum password length of 6 characters. The code for the password recovery tool includes Casey Marshall's reverse-engineered implementation of the Java Keystore format, so I wrote my own keystore file inspector. Apparently, the keystore password is only used for integrity-checking, and the keystore isn't actually encrypted.

From here, I recovered my key by simply reading the keystore in with a dummy password, and writing it out with the new one. Keytool works with it, and I was able to sign my apk with Eclipse and upload to the Play Store.

I've uploaded my code to GitHub, along with Marshall's JKS implementation: https://gist.github.com/4631307

#android   #google    #security   #programming   #softwaredevelopment   #cracking   #hacking   #java  
Wait while more posts are being loaded