Category Archives: How-To

Using Remote Desktop to shutdown a computer

If you’ve used Remote Desktop you’ve noticed that the button to shutdown and restart the computer in the Start Menu changes to Disconnect. This makes perfectly sense because the vast majority of the time you want to close Remote Desktop but for the remote computer to keep working as usual. However, what if what you really want to do is to shutdown the remote computer?

Windows Security

The first option is to invoke the Windows Security interface from the Start Menu, which is the one you’d get locally by pressing CTRL + ALT + DEL.

This interface allows you to shutdown, or reboot, the remote computer by pressing the buttons at the bottom right corner of the screen.

Command Line

Another less popular option among domestic users is to use the shutdown utility. While this option gives you more flexibility (like deferred or remote shutdowns) it also requires the use of the command line.

The first step is to open the command line with administration privileges.

The command to run would be: shutdown /s /t 0. /s indicates local shutdown and /t 0 that we want to wait 0 seconds for it, so shutdown now.

Circumventing Terraria’s security

Almost two years ago I decided to learn a bit more about how CLR manages reflectivity, anonymous types and so on. It turned out that helpful documentation about CLR internals were few and far between. So I started my own disassembler in an attempt to learn more. Today, I’m going to use that disassembler to circumvent Terraria’s security. Why? Because it’s fun 🙂

First things first, we want to be able to modify the abilities of our character (life, mana, objects, etc..). It’s quite obvious that information is being stored under \My Documents\My games\Terraria\Players\ however, the file has been enciphered and any modification would result in a useless file. Therefore, the application should have a way to decipher it, modify it and then encipher it again.

I’ve started by looking the types. To be honest I was expecting to find something like Terraria.Crypto or something like that, however, this is what I’ve found:

Just looking to that there is no obvious place to look at. Instead of spending a lot of time blindly looking for anything related with cryptography, I’ve tried something else. If the file that stores the player’s information is enciphered, the type Terraria.Player looks like a good place to put the code to deal with that:

The last two methods are really interesting: EncryptFile and DecryptFile. Both have two string arguments… the original file and the resulting file? Let’s try the assumption and execute DecryptFile over one the saved players:

If everything has been successful, we should be able to read the saved player. Here is the difference; the left is the decrypted file, the right the original one:

That’s it. Now we can execute DecryptFile to get the info, modify what we want and then, execute EncryptFile to encrypt it. Obviously, the DecryptFile is under a format we know nothing about… but c’mon, you can make some sense out of it.

For example, after every item, there is a number that represent the number (Int32) of items of that type the player has. 0x12 is the current life (Int32) and 0x16 is the maximum life (Int32), 0x1A is the current mana (Int32) and 0x1E the maximum mana (Int32).

Ok, the process is manual and error prone… or am I the only one who writes big-endian? But you can write a simple tool to perform this changes for you if you like 🙂

Upload any kind of file into Google Music: Google Data Uploader

A few days ago I posted a small tool to download songs from Google Music. The main reason was to allow me backup my data, but let’s be honest, I love to do this kind of stuff, and I wasn’t going to stop just there.

Google Music allows you to store up to 7.000 songs. That’s it. No size limit, just 7.000 songs. Wouldn’t it be great if, somehow, you could upload a regular files instead of just songs? Think about it, 7.000 files, of any size, stored for free!

Today I’m releasing another tool that makes regular files appear as songs to Google Music.

Download!

How does it work?

To put it simple, files have two main sections, header and content. The header is a bunch of metadata that describes what kind of information the file contains (music, video, document…). This tool takes a real mp3 and uses its header, along with a little bit of its music, and then appends the file you want to store, making Google Music believe it’s a real music file.

Doesn’t it make my file bigger?

Yes, it does. Exactly 100kb more.

But, if the file seems to be an mp3, how the hell am I gonna use it afterwards?

Do not worry, this tool is also capable of “un-hiding” the mp3, so you’ll get the original file 😉

Will I have my data files and music files mixed in Google Music?

Yes, and no. You will see all your uploaded data files inside the album “Data” of the artist “Google Data Upload”. You will be able to create playlist that mix data a real music files… but that will be a really weird thing to do, won’t it?

How do I use the tool?

It’s a command line tool. If you know nothing about command line you can either learn it or wait until I create a graphical tool to do it… which might be available tomorrow or never.

To hide a file: GoogleMusicDataUploader.exe –merge <real_mp3_file> <file>

To reveal a file: GoogleMusicDataUploader.exe –unmerge <hidden_file>

How do I upload the hidden file?

Use the same method you’ve used with the rest of your real mp3 files. Google Music will not notice the difference and will upload it 😉

Why are you developing this?

Because I want to. Some people have fun solving puzzles… I do this.

Where is the source code?

You can find the code at my GitHub space.

I want to know more about the technical details.

Fair enough. Let’s start saying that my first attempt was to make use of the ID3Tags by injecting the desired file as the cover of the mp3. I’ve used that trick in different occasions to defeat some monitoring tools, however Google Music looks to this kind of metadata and attempts to resize the cover. I’m guessing they try to do this to save space. Obviously it can’t resize a binary file, so instead of ignoring it, it deletes the metadata it does not understand and thereby making this trick useless to my end.

The current implementation relies on the fact that file headers can be stored at the beginning of the file (that’s why it’s a header) but also at the end of it. The vast majority of them have their headers at the beginning, but some of them, like zip files, have it at their end.

Google Data Uploader takes a regular mp3 file and takes it’s header and some of its content (the first 100kb) and then it adds the target file compressed in zip format. This makes the file structure look like:

The tool also adds some information to the ID3Tags. To be more accurate, it sets the Album to “Data”, the artist to “Google Data Uploader” and the title to whatever the name of the file was. This makes it easy for you to find your files within Google Music.

Google Music expects to find an MP3 file, so starts looking at the beginning of the file. It finds a valid MP3 header, and therefore decides to upload the whole thing.

Once the file is in Google Music, you can “play it”. It will go for a few seconds and then suddenly ends as soon as it runs out of song and reaches the End of file (which is in fact the end of file of the zip file).

If you download the file (using the tool I posted before) you’ll find yourself with an mp3 slightly different from the one you’ve uploaded. Google Music sends you the file without the ID3Tags. That’s not a problem cause we don’t need it anymore, all the information we care about from now on is inside the zip file which remains unaffected.

You can use this tool (–unmerge option) to “split” the zip file from the mp3 and extract all its files or you can just rename the file to “.zip” and open it with a zip program that doesn’t care about malformed files (like 7-Zip). This works because, under the assumption that the file is a ZIP, the program should start reading from its end, finding a valid header, continuing with the content and reaching the “End of file” preventing it from access the mp3 data.

So you’re just taking advantage of a naïve implementation of Google’s uploader, aren’t you?

Definitely. This is an extremely easy trick that works just because Google is not checking the content of the whole file assuming that if the header says the file is an mp3, it has to be an mp3.

Download!

How to download songs from MySpace

MySpace is a very well know place on the Internet. Even nowadays, with Facebook and other networks targeting pretty much everyone, MySpace have managed to stay around. However, that does not mean that they’ve got everything sort out… and today’s post is a workaround for its lack of downloading functionality.

Couple of days ago, a friend of mine was trying to download some music files from a MySpace account. It should be pretty straight forward, but for some reason there is no clear link to the song. Yesterday he ask me for help… and this is what I found.

Knowing your enemy

First thing first. If you’ve used MySpace before, you know that everyone has an address like myspace.com/<username>. The interesting thing is that every song has a unique ID very easy to find out looking to the URL of the song:  myspace.com/<username>/music/songs/some-title-<ID>

Why do we need that ID? We need it because that’s how MySpace manage the songs. The do not know about titles and all that stuff, but ID’s.

After analysing the traffic MySpace’s player generates, I’ve found out an interesting service which reveals the location of the file: http://www.myspace.com/music/services/player?action=getSong&songId=<ID>

This service returns an XML with a tag “rtmp” which contains the real address of the song. Despite the fact that they always say the song is an MP3 file, it is actually an FLV file… so bear that in mind when trying to play it! Unfortunately, you will not be able to download it right away… because they use rtmp protocol. To complicate things a little bit more, I don’t know any easy way of dealing with rtmp…

Dealing with RTMP

I’ve used an open source program called “rtmpdump”. It is a command line program, but not really complicated, so don’t worry about that. However, if you try to use it naively, you’ll find out that MySpace will not allow you to get connected. Why? Well, they only allow their own player to connect to their servers.

Despite what you might think, this is a pretty common “security” measure very easy to circumvent. So common that rtmpdump has an option built in to deal with it 😀 We only need the address of the “real” player and rtmpdump will fake its signature. How cool is that?

To save you the analysis of the web, the address of the player is http://lads.myspacecdn.com/videos/MSMusicPlayer.swf

Putting everything together

So far we’ve all we need. We know how to find out the ID of a song, the location of the file for an ID and the address of the real player… how do we get the song? Let’s put everything together:

rtmpdump --swfVfy "http://lads.myspacecdn.com/videos/MSMusicPlayer.swf" -r <what_ever_the_xml_has_in_it> -o <the_you_want_for_the_song>

–swfVfy is relling rtmpdump to fake the signature of whatever we write after it… in this case the official player.

-r specifies the address of the song.

-o is to tell rtmpdump where do we want to save the song. (For some reason, MySpace uses FLV format… even if the XML says the song is an MP3 file!)

How-To: Webcamera working with Ubuntu 64bits and Skype

I’ve Microsoft VX-1000 webcam. It’s not awesome, but it was cheap and it’s doing the job. Troubles came when I wanted to make it work with Ubuntu 64 bits and Skype.

Skype recognises the camera, USB camera (/dev/video) but when you try to use it, its led goes to green for a second and then… darkness. According to the documentation, the camera is fully supported… apparently I’ve a different definition of “fully supported”. However, there is a method to make it work. Basically you’ve to start skype with this command: “LD_PRELOAD=/usr/lib32/libv4l/v4l2convert.so skype”

That’s a little bit uncomfortable, so lets make skype start with a script and be executed every time you boot your machine:

  1. Open a terminal
  2. Write: echo ‘#!/bin/bash’ > skype.sh && echo “LD_PRELOAD=/usr/lib32/libv4l/v4l2convert.so skype” >> skype.sh && chmod +x skype.sh
  3. Go to System -> Preferences -> Startup Applications

And there, add a new entry and fill the form. Here’re some images:

Startup applications menu

Now you can start skype by clicking the script you’ve created and it will be launched on each boot 🙂

How to fix the Windows Vista 0xc000000e error

My first Linux distribution was Mandrake (a.k.a. Mandriva),  since that I have always used Debian or Debian based, like Ubuntu. However, I really like to try other distributions and yesterday I downloaded the third beta of Suse 11.0.

I have an ATI X1600 Pro, and that was the first problem. The installation couldn’t detect it well and used the vesa driver… with my double monitor system. Anyway, that is not a big deal, the real problem came when I wanted to boot my Windows Vista.

As you can imagine, I couldn’t. The loader said "0xc000000e The entry could not be loaded because the application is missing or corrupt"

The way to fix it wasn’t very easy. I booted from my Vista DVD and I selected the repair option, later the command prompt utility.

In order to fix the issue, we have to set the partition as active, you can use the "diskpart" command to do that (you can write "help" if you need it).

Now we have to repair the boot sequence, so we need to write:

bootrec /fixmbr
bootrec /fixboot

Now you should be able to start your windows but in some cases you need to reboot and boot from your Windows Vista DVD and select the "startup repair".

Good luck! I really hate this kind of bugs…