FLIXEY.COM

Sorry I haven’t been posting (if anyone actually reads my posts.) I’ve been plain busy and I have to admit lazy. My AP Calculus exam just ended today and before that I had a lot of work to finish. I’m still being bombarded with work but decided to post after doing nothing for a straight month.

There are many browser-based game, which are most of the time strategic simulation games. These kind of games don’t have too many graphics and consists of mostly static images, but they’re addictive beyond normal games. I’ve recently started one called Tribal Wars, and I’m already addicted to it (before this, I was addicted to o-game) They’re both similar games where you attack, farm, get resources, build stuff, and so on; but their settings are very different. The reason these so-called browser-based games are so addictive is because you don’t play them for hours in a row, but you just access your page for a few minutes whenever you find time. The game lasts for a LONG time: until you get tired of it, or your village gets demolished.

Some people might call these games pointless and an absolute waste of time, but it’s actually fun. You have to have strategy and think a bit. You engage wars with other players and learn to work together with other people. Communication also becomes an important factor once you start engaging wars in groups such as tribes or clans.

The joy of getting resources, gaining points, constructing buildings, attacking, and taking over are felt when playing these games. It’s like warcraft or other simulation games except you play for days, months, or even years. These games are also updated consistantly, and your neighbors develop as well. It might depend on who you are, but these games are so addictive you won’t be able to stop playing and will be attached to your village/planet or whatever you own on the game you play.

(preview)

This is another one of the scripts I wrote quite a while ago. It just wrote it out of pure boredom and actually got somewhere. Korean social securyity numbers have a pattern, consisting of 13 digits segmented into 2 parts of 6 and 7 digits. The first part is like this.

The second part is a bit complicated. It hold information on your gender and which region of Korea you were registered from. The gender codes are 9 for male 0 for female if you were born in the 1800s, 1 and 2 for the 1900s and 3 and 4 for the 2000s. The regional codes are complicated so I’ll pass on that.

The check number is generated by a pattern. The following PHP code calculates it.

function get_check_no($s_no){
　unset($total);
　　
　for($i=0; $i<13; $i++){
　　$s_no[$i] = intval($s_no[$i]); // convert to integer
　}
　
　// calculate social security number
　$total = $s_no[0]*2 + $s_no[1]*3 + $s_no[2]*4 + $s_no[3]*5 + $s_no[4]*6 + $s_no[5]*7 + $s_no[6]*8 + $s_no[7]*9 + $s_no[8]*2 + $s_no[9]*3 + $s_no[10]*4 + $s_no[11]*5;
　$total = $total%11;
　$check_no = 11-$total;
　
　// if the value of the check number exceeds 9, divide by 10 and return remainder
　if($check_no>9){
　　$check_no = $check_no % 10;
　}
　
　return $check_no; // return result
}

So I created the bruteforcer by simply letting someone enter a hash, birthdate, and gender to get a general idea of what the SSN will look like. Then I simply incremented the leftover digits and calcultated the check numbers. I then hashed them and checked them with the entered hash value.

<?php
$b_year = $_POST['b_year'];
$b_month = $_POST['b_month'];
$b_day = $_POST['b_day'];
$gender = $_POST['gender'];
$s_no_hash_str = $_POST['s_no_hash_str'];
$hash_type = $_POST['hash_type'];
// error messages
if(!$b_year){
　echo “* Enter birth year<br />”;
}
if(!$b_month){
　echo “* Enter birth month<br />”;
}
if(!$b_day){
　echo “* Enter birth day<br />”;
}
if(!$gender){
　echo “* Select gender<br />”;
}
if(!$s_no_hash_str){
　echo “* Enter hashed SSN.<br />”;
}
if(!$hash_type){
　echo “* Select hash type<br />”;
}
// if everything is entered, start processing.
if($b_year && $b_month && $b_day && $gender && $hash_type && $s_no_hash_str){
// pad valued with 0
$b_year = str_pad($b_year, 4, ‘19′, STR_PAD_LEFT);
$b_month = str_pad($b_month, 2, ‘0′, STR_PAD_LEFT);
$b_day = str_pad($b_day, 2, ‘0′, STR_PAD_LEFT);
$b_year_det = substr($b_year,0,2);
$b_year = substr($b_year,2,2);
if($b_year_det == “18″){
　if($gender == “1″){
　　$gender = “9″;
　}
　else{
　　$gender = “0″;
　}
}
else if($b_year_det == “19″){
　if($gender == “1″){
　　$gender = “1″;
　}
　else{
　　$gender = “2″;
　}
}
else if($b_year_det == “20″){
　if($gender == “1″){
　　$gender = “3″;
　}
　else{
　　$gender = “4″;
　}
}
// loop misc
for($misc=0;$misc<=99999;$misc++){
　// pad misc
　$misc = str_pad($misc, 5, ‘0′, STR_PAD_LEFT); // pad left with 0’s
　
　// merge valued to form actual s s no
　$s_no_1 = $b_year.$b_month.$b_day;
　$s_no_2 = $gender.$misc;
　
　// get full number including check number
　$s_no_string = $s_no_1.$s_no_2.get_check_no($s_no_1.$s_no_2);
　
　// select hash type and convert
　if($hash_type == “md5″){
　　$s_no_hash = md5($s_no_string);
　}
　else if($hash_type == “sha1″){
　　$s_no_hash = sha1($s_no_string);
　}
　// if the hash matches the processed, return the value and break loop
　if($s_no_hash == $s_no_hash_str){
　　echo ”
　　Done: “.$s_no_string.”(”.$s_no_hash.”)
　　<script type=\”text/javascript\”>
　
　　<!–
　　document.getElementById(’result’).innerHTML = ‘”.$s_no_string.”‘;
　　//–>
　　</script>
　　”;
　　break;
　}
　// if not… just print current value and continue
　else{
　　echo “Processing: “.$s_no_string.”(”.$s_no_hash.”)<br />”;
　}
}
}
?>

I made another program under my friend’s request for it. It’s a RapidShare.com link checker. It checks if links are dead or not then adds up the filesizes. It’s a very simple PHP script. It basically works by opening each HTML document, searching for the string with the memory, storing them into an array, then adding them up. If a filesize is not found, it classified the link as DEAD. It’s a very simple and could use more security like checking if the link is a rapidshare link before opening it and so forth.

Source Code:

<?php
$links = $_POST['links']; // get links from POST
$links = explode(”\n”,$_POST['links']); // explode links
$z = 0;
$filesize = array(); // define array
while($z <= count($links) -1){ // while $z is smaller than the number of links
　$html = $links[$z]; // store link into var
　$html = @file_get_contents($html); // get contents of link
　preg_match(”/\(<b>(.*)<\/b> KB\)/i”,$html,$matches); // pregmatch to get the filesize
　$filesize[$z] = $matches[1]; // store filesize in array
　if(!$filesize[$z]){ // if filesize doesn’t exist
　　$filesize[$z] = 0; // define as zero
　　$links[$z] = $links[$z].” DEAD”; // define as DEAD
　}
　$z++;
}
$filesize[total] = array_sum($filesize); // add all filesized
$filesize[unit] = “KB”; // default unit is KB
if($filesize[total] >= 1024){ // If is more than 1024 KB
　$filesize[total] /= 1024; // divide value with 1024
　$filesize[unit] = “MB”; // define as MB
　if($filesize[total] >= 1024){ // if value it bigger than 1024 again
　　$filesize[total] /= 1024; // divide by 1024 again
　　$filesize[unit] = “GB”; // and define as GB
　}
}
?>
…
<?php
$i = 0;
while($i <= count($links) -1){ // while $i is smaller than the number of links
　 echo $links[$i].” (<b>”.$filesize[$i].”</b>)<br />”; // print them
　 $i++;
}
echo “<b>Total</b>: “.round($filesize[total],2).$filesize[unit]; // print total filesize
?>

SQL injection is a fun thing to do when you’re bored. Just try submitting a typical injection query into a login form, it’ll work some of the time. I was aware if this, but I am still surprised by the stupidity of many institutions and organization that leave their security compromised by simply not escaping meta characters.

The screen-shot on the left is the login form of an administrator panel of a school. I’ve entered a typical SQL injection expression. Let’s see what happens. (Simple SQL injection is explained here)

It actually let me login as admin! I mean, I know programmers can make mistakes and school don’t always hire good programmers, but they should at least try to keep their students’ private data safe. Their whole school data could be erased by a malicious kid who just happened to try SQL injection on their site. A student of that school could even edit his or her own grades, change their own attendance, and lower the grades of someone they don’t like.

I’ve tried this with many other sites and a large portion of them failed to escape characters and allowed me to trick the script into logging me in, usually as an administrator. If you run a site with a custom-built script, you should check for this very simple but critical vulnerability. Who knows, maybe your own school’s administrator panel has this vulnerability.

Although this can turn out to be very chaotic, it actually takes less than a line of code to remedy it. In PHP, the addslashes() function can be used to escape all characters. One function, that’s all it takes to prevent people from viewing your administrative data and mess around with your site. Check some admin panel logins and try this method, a surprising number of them will fall for this trick and you’ll be granted administrator power and be granted to do whatever you want with that site (of course, if you’re caught you’d be sentenced to cyber crime and thus be screwed).

Go around and check. Tell your friend about a security hole in his site (or possible pull a prank first). Tell your school, organization, and just see their reaction. Just be careful not to bug the school administrator too much or you might get in trouble.

A related and funny comic strip (for those of you who know SQL)

I’m releasing my old FLV downloader source. It’s pretty out-dated and doesn’t work at all, but you can look at it and make modifications so that it does. The source is really messy which is one of the reasons I decided to remake it into what I have up now (http://video.flixey.com)

The source is as it was when I used it except I removed my hosting details, adsense, and analytics sources. Don’t hesitate to ask or comment through the guestbook or by just commenting on this post.

Info

• Programming languages used: PHP, Javascript
• PHP Classes used: PEAR HTTP
• Languages available: Korean, Japanese, French, German, English, Polish, Chinese
• Requirements
• Server must support PHP
• Server must support MySQL, or delete the DB related sources
• Server must have URL fopen enabled
• Once again: it won’t work out of the box

Download 1

Download 2

It has been a while since I started to follow web standards and started cross-browser coding (not to be confused to cross-site scripting). I became aware of the importance when I saw the immense number of visitors using Firefox and IE Explorer along with other browsers like Safari and Opera. I even got visitor using the Play Station 3 browser. I figured I couldn’t just ignore people using browsers my site didn’t support, so I learned about the W3C Recommendations and basic cross-browser scripting. I stopped using IE specific functions and properties. A book that helped me is SAMS Teach Yourself JavaScript in 24 Hours. It’s up-to-date and includes information on cross-browser scripting and web standards.

Internet Explorer is still the mainstream browser, but you can see that Firefox is also dominant. In addition, despite having a relatively smaller number of users, Opera and Safari are also a significant segment of the statistics. This table shows the importance of cross-browser coding and web standards.

The first step of following web standards is reading the W3C XHTML recommendations. I suggest using the XHTML Transitional DTD since the Strict DTD is literally strict. A DTD is a Document Type Definition and it basically defines the regulations of web standards and is used to validate your XHTML code. Then you can start validation your websites using the W3C Validator to check whether the document is valid in the DTD you chose.

The second step is to learn how to code your JavasScript to work in all browsers. JavaScript can be scripted to be cross-browser multiple ways, but the most widely used method is by using the try and catch method. The following is an example of a cross-browser AJAX object initialization.

try{
　　// Firefox, Opera 8.0+, Safari, IE7
　　ajaxReq = new XMLHttpRequest();
　　}catch(error){
　　　　// IE5, IE6
　　　　try{
　　　　　　ajaxReq = new ActiveXObject("Msxml2.XMLHTTP");
　　　　　　}catch(error){
　　　　　　　　try{
　　　　　　　　　　ajaxReq = new ActiveXObject("Microsoft.XMLHTTP");
　　　　　　　　　　}catch(error){
　　　　　　　　　　　　return false;
　　　　　　　　　　}
　　　　　　　　}
　　　　　　}
　　　　}
　　}
}

This script tries a method and if an error occurs it detects it and executes the code within the catch expression. There can be a try expression within a catch expression and thus a cross-browser script can be coded this way.

To successfully code in cross-browser format, you should learn what functions or properties are IE or Firefox specific and avoid using them. Web standards are cross-browser coding are becoming more important by the second, so it’s to your benefit to get used to them as apply them when you’re coding.

As some people might have noticed, the whole site including the video downloader were down for quite a bit yesterday. I was moving hosting and had to get used to the different environment. I switched from awardspace to hostican. So far I’m very pleased and think I’ve moved well. Awardspace was always slowing down and had alot of downtimes which frustrated me when i wanted to post or try something out online.

The most significant change is the customer service. Hostican is just absolutely good at handling their customers. They have a ticket system (which most hosting services do), but they reply very fast and send you emails that confirm that your ticket has been submitted. Their phone service is also nice, they pick up quickly and give you friendly replies that actually help. But one of the new things I see is their support over chat. They have a chat window on their website which you can use to gain support, Although the engine itself could use a bit more tweaking, I personally thought it was a great Idea.

The hosting plan I got was their tera-host plan. It has unlimited bandwidth and 1TB of storage. At $93.40 it was a bargain. I used a coupon which was “BestHosting-12″ and that gave me a $50 discount. But before you barge in and try to host a relatively large site, you might want to consider that they are probably overselling. Hosting companies have thousands of customers and giving 1TB to each customer is one hard-drive per person. The following table is the sidebar on cPanel.

Main Domain	flixey.com
Home Directory	-
Last login from	-
Disk Space Usage	34.88/1000000 MB
Monthly Bandwidth Transfer	82.52/∞ MB
Email Accounts	1/∞
Subdomains	3/∞
Parked Domains	0/∞
Addon Domains	2/∞
Ftp Accounts	5/∞
SQL Databases	1/∞
Hosting package	Tera-Host
Server Name	esc12
cPanel Version	11.18.3-RELEASE
cPanel Build	21703
Theme	x3
Apache version	2.2.8 (Unix)
PHP version	5.2.5
MySQL version	5.0.45-community
Architecture	i686
Operating system	Linux
Shared Ip Address	-
Path to sendmail	/usr/sbin/sendmail
Path to PERL	/usr/bin/perl
Kernel version	2.6.9-67.0.4.ELsmp
cPanel Pro	1.0 (RC1)

The cPanel is good, but it doesn’t have the greated system for domain management. What is does is it creates a subdomain for each “add-on domain” and creates a folder within the root folder of your primary domain. Thus, you can access “domain2.com” from “http://domain.com/domain2.com.” I managed to prevent this by using .htaccess rules and a few tricks, but it is quite troublesome.

Another thing I like about this hosting is that it’s pretty flexible. The permissions aren’t totally locked and you can change it but not go above 755. The directory indexing is open at first so you have to close it with an .htaccess file (of course this isn’t too good).

Overall, I’m very pleased with what I have experienced with hostican so far. The strongest pro is their customer support which really helps when you need to know something or get something fixed. Of course I only bought it yesterday and have not experienced everything yet. But I still find it a great hosting and don’t think I’ll run into any huge problems. If you’re interested, you can visit their website.

SQL Injection is a technique used to exploit security holes in a system using SQLs such as MySQL. This kind of security hole usually occurs when a programmer doesn’t filter quotes or other meta-characters properly. The following code is an example of a such a vulnerability.

if(mysql_query("SELECT * FROM member_tables WHERE id = '".$login_id."' and password = '".$password."'")){
[...code for login...]
}

If quotes aren’t stripped from the variables $login_id or $password, a malicious user can inject SQL functions. They could login as the first user, in most cases the administrator, by typing in something like this into either of the two variables:

s' or 1=1 --

The one line can be catastrophic to a website’s security. If the quote isn’t filtered, the script will read the code like this

if(mysql_query("SELECT * FROM member_tables WHERE id = 's' or 1=1 --' and password = '[password]‘)){
[...code for login...]
}

The or statement makes it so even if only one condition matches, it will return a true value and execute the script. Since 1=1 is always true, the script will launch no matter what. The rest of the SQL statements are commented out by the two dashes (–). Is this the end? Nope.. If the security of the site is so weak, some one could easily delete all the members from the database. It’s just like the one above, but you add a bit of code and do a bit of guesswork.

s' or 1=1;DROP TABLE member_table; --

This would render this in the script

if(mysql_query("SELECT * FROM member_tables WHERE id = 's' or 1=1;DROP TABLES member_table; -- --' and password = '[password]‘)){
[...code for login...]
}

That just deletes the table. End, unless you have backup.

As devastating as this can be, it’s also very simple to prevent. You simply escape or remove quotes from a query using a built in function. In the case of PHP, the addslashes() function does the trick. So, the script above should be fixed to

$login_id = addslashes($login_id);
$password = addslashes($password);
if(mysql_query("SELECT * FROM member_tables WHERE id = '".$login_id."' and password = '".$password."'")){
[...code for login...]
}

This function adds backslashes (\) before metacharacters which lets the character be treated as just a string and not a special one that affects the acting of the query.

Ever seen a window shake like crazy? Well here’s a script for it. You can start annoying all your friends with this simple and crazy script.

It’s a relatively simple code but the effect is cool enough. It tends to stop in IE if you click on another window, but it works nicely on firefox.

<script type="text/javascript">
function lol(){
　self.moveTo(Math.random()*100,Math.random()*100);
　window.setTimeout("lol()",50);
}
window.setTimeout("lol()",50);
</script>


This code first defines a function called lol() which contains the self object connected to the moveTo() function.
The notation is moveTo([distance from left],[distance from top]). The
example above generates a random string which is between 0 and 1(like
0.5487732…) using the random() function of the Math object and multiplies it by 500 to make a number that’ll move the window enough.

We then have the setTimeout() function. The notation of this one is
setTimeout(”[function]“,[time(in milliseconds)]). So, in this case, the
position of the window changes every 50 milliseconds. You can adjust
this to make it faster or slower.

Preview the example (press alt+f4 to close)

The FLV video downloader I designed was written in PHP and some Javascript on the client side. So you’ll need to know a bit of PHP to understand how this works. It’s actually very simple, all you do is get the source from YouTube and then parse it so only the address of the .flv file is left. The following script locates the download URL and returns it. This is the core to any downloader (it’s the same concept for even Google Video downloaders and so on).

<?php
function get_video_url($id){
$url = "http://youtube.com/watch?v=".$id;
if ($contents = @file_get_contents($url)) {
if (preg_match('/video_id=\S+&.+&t=.+&f/i', $contents, $match)) {
$vars = $match[0];
$url = “http://www.youtube.com/get_video?”.$vars;
return $url;
}
}
}
?>

Line by Line Analysis

This line by line analysis of the code above should help you understand the script better.

function get_video_url($id){

This line declares a function (a repetitively usable operation) called get_video_url() so we can use it easily and efficiently. The $id is the video id from YouTube and would be a submitted value, something like FzRH3iTQPrk.

$url = "http://youtube.com/watch?v=".$id;

This line stores the youtube url will the video id in the variable $url.

if ($contents = @file_get_contents($url)) {

This line of code stored the HTML code of the YouTube page ($url) by using the file_get_contents()
function (note that some hosting services may have disabled the function). The line below it will only be executed if $contents is not empty since the if() operator is controlling it.

if (preg_match('/video_id=\S+&.+&t=.+&f/i', $contents, $match)) {

This is the core of the whole thing. It finds the required
information to get the video URL from the source code by searching the HTML code with regular expressions using the preg_match() function. This function uses regular expressions to find patterns in a variable (in this case $html) and puts the results as arrays into another variabe (in this case $match).

$vars = $match[0];

This line stores the needed information from the array $match[0] (which is the first item) into the $vars variable.

$url = "http://www.youtube.com/get_video?".$vars;

This line finally puts the information together to get the full video URL. It’s quite simple, it’s just combining the found information and http://www.youtube.com/get_video together.

return $url;

This line just returns the $url variable so we can use it later. The function can then be used by doing something like this:

echo get_video_url($url);

The rest is just closing the function and the if() operator. Try to look the function up in the PHP manual (they’re linked above).

Tips

If you want to make a downloader for other sites, try using this method:

1. Get the firefox plugin: tamper data
2. Go to the site with tamper data open and see what requests come in.
3. Look for an xml page or an flv file.
4. Look for a pattern and see how you could automate this.
5. Write a script for it.