Amit’s lab

Update: This article has been published in India’s leading Electronics magazine “Electronics For You (EFY)” january’2010 edition.

With the advent of Digital Television, Set Top Box (STB) has become the buzzword. The transmission of television signals has gone digital whereas most of the TV’s at home are still analog. So, an STB converts the digital signal to analog signal so as to enable a viewer to watch content on television. An STB is not merely a digital to analog signal convertor, but, it provides a host of services to enhance television viewing experience. For example, it provides an Electronic Program Guide to keep track all the content or a viewer can record/rewind/pause a program as per his needs.

In this article, Let us dive deep into the Set Top Box Hardware architecture.

Figure 1: various hardware components inside an STB

Continue Reading

Quote of the Day:"Too bad drinking scotch isn't a paying job or Kenny's dad would be a millionare!" -- Cartman

About 10 days ago, the news broke out specifying that Twitter was attacked by a hacker and sensitive information was taken out and published. Twitter denied it but now, it is public how the outage took place. The Hacker himself has done the honours to detail how he achieved this feat and the rationale behind it.

With this article, one can definitely learn that even the simplest of mistakes can be the cause of whole company crumbling down. Although, Twitter does not seem to get affected much on the business side but yes, it definitely puts a question mark on Twitter’s Security Policy.

Twitter is a micro blogging service and is hugely popular, so much so, that almost all the celebrities, From Barack Obama to Indian Movie Stars are hooked on to it. Everyone is typing out 140 characters of their personal or official information on twitter and is providing links to websites containing information.

The Hacker collected all the confidential information of twitter including project plans, financial projections, credit card information, call logs of twitter employees, people appearing for interviews et cetera. Now, this information is a like a gold mine for anyone.

The best part is that this attack on twitter has put even well established services like GMail, Hotmail, iTunes, AT & T softwares also in the line of fire. The twitter attack took place only after this hacker hacked the gmail account of one of twitter’s employee using “forgot password” option.

After reading this article, everyone should again think about password recovery policies, password formations and repeatitions, question the so called “secret question” for password recovery. This attack signifies that every piece of software/application/web service is vulnerable if the security aspect of itself is not in place.

This attack definitely started with Identity theft. and this leaves a lot more gap between the study and implementation of Identity Management concepts.

Read this article here The Anatomy Of The Twitter Attack

…

Quote of the Day:"The individual desires judgment. Without that desire, the cohesion of groups is impossible, and so is civilization." - Morpheus

Update : This article has been published in a leading electronics magazine Electronics For you July’2009 edition.

Television is not a new concept. We are watching television for more than three decades. But, as everyone knows, technology is ever evolving which is leading towards the exponential changes in the world of television. With the advent of Digital TV, people got more choices to select the medium of their television viewing experience. Every one is going beyond terrestrial broadcast to get the best quality and enhanced television viewing experience.

There are three kinds of digital television broadcast systems existing today including Satellite TV, Digital Cable TV and IP TV (Internet Protocol Television) being the latest entrant in the world of television content broadcasting.

Internet Protocol Television (known widely as IP TV), being the newest arrival on the block, threatens the other two mediums by promising to give a tough competition. IP TV is a mechanism of viewing the regular television channels over IP. Similar to Satellite TV and Cable TV, the signal is encrypted using vendor specific security mechanisms and can only be decrypted by a receiver (STB). The video is sent in the form of IP packets over the existing broadband infrastructure and is assembled at the viewers’ end with the help of a Set Top Box. This becomes advantageous as existing broadband distribution infrastructure can be used to deliver television signals enabling the user to enjoy television over the same broadband connection used for surfing the internet. This is beneficial for broadcasters as they can offer “Triple Play” service of voice, data and television over the same network using the same infrastructure. “Triple Play” service refers to three different services of VoIP, Internet and IP-TV bundled together and offered over the same network. With IP TV, one can be assured of better video quality and stereophonic sound much like in case of DTH & Digital Cable TV. Even the customer specific services of Video on Demand (VOD) become a reality. Also, this enables broadcasters to have two way communications with the viewers as opposed to in case of DTH and Cable TV. IP –TV, still being in its stage of infancy, is not very stable. Due to high bandwidth requirement (approximately 5 Gbps, even ADSL2+ technology can support only up to 25 Mbps), hundreds of channels cannot be broadcasted simultaneously. Every channel change request by the user goes to the content server resulting in a delay for changing a channel. Currently, IP-TV is in roll out phase with broadcasters being BSNL, MTNL, Airtel and Reliance only in selected cities of India.

Continue Reading

Quote of the Day:"Too bad drinking scotch isn't a paying job or Kenny's dad would be a millionare!" -- Cartman

Finally, I have logged on to my blog site after quite a few months. My personal and work life kept me busy for these few months …

Anyway, So I thought to get back with one of my favorite topics : Gaming.

Recently, I read about XBox Live new development kicked off by Microsoft, called, Project Natal. It is all about a different gaming style or I should call it as an attempt to the next generation gaming experience. Now, Nintendo has already started in that direction with the launch of Wii. And how can Microsoft be far behind in copying the idea. So, here comes the annoucement of Project Natal, a “controller free gaming and entertainment experience”.

With this, a gamer will be able to use his whole body for a rich gaming session just like in Nintendo Wii, except that there will not be any device tagged to the gamer’s body. The Xbox live sensor device will be able to capture the complete body movements of the gamer and translate them in action in the gaming scenario. The game will move according to user bodily reactions. Even to make the experience much better, there will be microphones embedded so as to enable to gamer to interact with the characters in the game. So, it seems like you can actually become “Templer” in “Kill Zone” (some future XBox version) and fire in whichever direction by just pointing your fingers. The sensors should also be able to recognize your facial expressions to understand you feelings and who knows, might be, “Lara Croft” falls in love with you.

As per the claims mentioned on Wikipedia, technical demos of the basic games are done and Microsoft is keen to invest more towards this technology.

I seriously doubt, not about the evolution of rich gaming experience, but about Microsoft’s credibility in producing such high end gaming experience. For Microsoft, sticking to Windows OS and making it stable should be a better and safer option.

Anyway, Lets wait and watch. Meanwhile, just have a look what Microsoft has to say about Project Natal here …

Quote of the Day:"If there are any questions, direct them to that brick wall over there." -- Network President

Hi All,

My brother, Shantanu Goel and I, have started another blog called http://www.safercode.com which is an aim to tell people about some tips and tricks to make your code safer, secure and faster.

You’ll find quite a few interesting discussions and concepts about code optimization, securing coding, safety and reverse engineering on this website. The aim of this website is to cover those apects of programming and security which are not taught in schools and technical institutes.

Also, This site aims to bring all the information together on one page which is spread out or too vague or is not available on the internet.

The site supports RSS feeds also for the people who wish to be the regular readers.

Please do visit the site and leave your comments if you liked the posts there.

Regards,
Amit Goel

Quote of the Day:"You can't fight ideas with bullets." - Leo Gold

” Abguvat zhpu.. V unir orra hfvat guvf fznyy hgvyvgl sbe n ybat gvzr jurarire V jvfu gb jevgr fbzrguvat rapelcgrq.

Jul naq Jura qb V jevgr rapelcgrq? V qb vg jura V nafjre fbzr dhrfgvbaf va n choyvp sbehz naq fgvyy, qb abg jvfu gb fcbvy gur sha sbe bguref. Guvf jnl V gryy gur ubfg nobhg gur pbeerpg nafjre naq trg uvf npxabjyrqtrzrag naq fgvyy, V qba’g cynl n fcbvy fcbeg sbe bguref.

Tbg gur guvat abj. “

What is this all about? is it all gibberish ? hey, i am just playing around being stupid. Just copy paste the above text in www.rot13.com and see what is written above and below?

” Vg vf whfg n cynva fhofgvghgvba pvcure. Vg ebgngrf rirel punenpgre ol 13 cynprf naq rapelcgf gur vasbezngvba. Vg vf whfg hfrq sbe cynva sha naq fvzcyr fghss naq fubhyq arire or nccyvrq ba erny frphevgl vffhrf. Vg vf n irel cbchyne pvcure bayvar hfrq va sbehzf, tnzrf rgp. “

Why I wrote a post like this? I am in a mood of fun. Most of the people know about this. In case you did not know, a good learning for you then.

For more details, check out the rot13 entry at wikipedia

Enjoy… I am just playing around..

Quote of the Day:Morpheus: Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony.

Cracking softwares is one of the favorite pastimes for everyone. Everyone loves to use cracked versions of games, IDEs, utilities et cetera so that they don’t have to pay for the licensing fee. Now, Licensing schemes vary from company to company and software bundling too. I definitely appreciate the efforts put by engineers in cracking the license keys so as to get the software working till eternity. Cracking license keys work till the time software is just a demo version and opens up only if the license key is provided to the system or it belongs to different licensing schemes which vary from node lock to server based licensing. But, there are still good softwares which do not put in too much of security. I don’t know the reasons. either they really don’t care about the licensing of their highly used softwares or they just don’t know about it. I believe that the former must be true as latter questions the capabilities of engineers sitting in that company.

 

To cut the long story short, If we target such softwares, we actually don’t need to crack the license keys. In turn, what we can apply is the simple reverse engineering philosophy of reading the assembly and modifying it. This works with quite a few softwares. For example: Source Insight is a very popular IDE used for coding in C/C++/Java like languages and it widely used in the world. Its license is also very costly which is about INR 10,000 or approximately $200. Now, if you go wish to use this software, then you need to buy the license otherwise it won’t work after 30 days. Changing the system clock etc are outdated techniques which are no longer valid. Moreover, changing system clocks might affect the functioning of other softwares installed on your machine.

So, For softwares like Source Insight, you can try out few basic things. Disassemble the binary of the targeted software, for example: Source Insight binary is “insight3.exe”. Once disassembled, you need to look for pop up like “trial screens/license key input screen” etc. How does this occurs? Software itself might be checking for some date of installation reading from somewhere. In most of the cases, it is registry files but then, it can vary. So, Attach a debugger (Ollydbg/IDAPro) to this software and try to trace the call looking for date of installation. Once you find it, replace it with calls of NOP instruction. Yes, this is one of the most useful redundant instructions assembly language provide. Once you suppress this call, software thinks that it is a fresh installation. After that, just suppress the function call which displays the “trial version” popup. After this, just reset the installation date by again putting NOP instructions in place of function call of date replacement. There are lot of tools available to make changes to the binary like “HexEdit” etc. Once you do this, Source Insight will never ask you for a license as it thinks itself as a fresh installation every time.

Now, This leads us to think that why a company like source dynamics keeps such a weak licensing system? Either this is their marketing strategy or mere stupidity. I still give benefit of doubt to the former.

Quote of the Day:"Too bad drinking scotch isn't a paying job or Kenny's dad would be a millionare!" -- Cartman

Isn’t the title of the post geeky enough? Atleast I think so, I never thought of something like this even in my dreams until I came across this research from the Security and Cryptography Laboratory at Ecole Polytechnique Federale de Lausanne.

Can you just imagine, Everything you type on your keyboard sitting alone in your room on a highly secured PC is still captured by someone else sitting in another room 20 metres away. The technology being experiemented out is compromising the Electro Magnetic Radiations emitted out by a PS/2 , USB or a LAPTOP keyboard. These EMR (electro magnetic radiations) are captured by a receiver and the whole spectrum is analyzed to get the key presses. So, If you are typing an email or a password or your banking account details, some one can still sniff them out without using any spywares or keyloggers.

Although Electro magnetic eavesdropping is not a new stuff and people keep on doing it. But This is some startling finding I could never ever thought of.

The two researchers have outline four separate attack methods, some that work at a distance of as much as 65 feet from the target. And you thought, Even disconnecting the PC from internet makes it secure..

Watch out the following two videos demonstrating the hack.

And the second one…

Get the actual paper here…

“COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS” by Martin Vuagnoux and Sylvain Pasin.

The paper is still under review and not much details are available about it.

…

Quote of the Day:Homer: Kids, you tried your best and you failed miserably. The lesson is, never try.

Just an update to my previous post.

This War intensifies with Tata Sky annoucing its PVR Set Top Box to be launched Soon. Check out Tata Sky Website for details. With this, you’ll be able to pause, rewind, record Live TV.

I won’t talk much about it right now and will wait for its official launch

Till then, keep thinking whether to buy Airtel OR wait for this launch

…

Quote of the Day:Grandpa: My Homer is not a communist. He may be a liar, a pig, an idiot, a communist, but he is not a porn star.

ALRIGHT!!! THE PARTY IS ON. The war has begun with the latest entrant being Bharti in the Indian Satellite TV (DTH) space. Bharti entered the market with the brand name “Airtel Digital TV” a day before. For the past one week, Airtel was running teaser campaign (”See you at home soon”) for its Digital TV launch. Reliance retaliated almost overnight by takign over this teaser campaign almost same to Airtel one and played the spoiler for Airtel. Remember that age old Pepsi Vs. Coca Cola advert battles. That’s what Reliance did to Bharti.

Please make sure to read the complete post if you are planning to buy one or shift to another broadcaster.

First things first. I’ll explain the basics of satellite TV so that many of you can understand the logic behind all this hooplah. Satellite TV or DTH (Direct To Home) is not a new concept. Many of the other countries are already into this for donkey years. US being the leading brat among everyone as usual. DirecTV has been there for long enough with best of technology to offer. Satellite TV offers you to watch everything directly on to your TV sets beamed from the Satellites. That means, no more hassles of cable operators. If you are from India, you must have faced irrational charges, cable operator strikes, power outages, not getting your favourite channels, channels shifting their channel number positions, bullying of cable operator staff bullying, monopolized area distribution. And the list of problems goes on. Satellite TV puts an end to all the woes of the customers. Because, in DTH, your cable operator is a satellite now which never goes down on a strike.

In Satellite TV, the signal is beamed directly from a satellite which the broadcaster has hired. The signal is received directly by the small dish antenna installed at your house or premises. Broadcaster provides a Set Top Box which connects to this dish antenna directly with a cable and in turn, this Set Top Box connects to your TV. Bang!!! Watch the channel you wish. The best part is that you pay for only those channels you wish to watch. For example, you don’t need to pay for Sports channels if you don’t like sports. Or why to pay for Fashion TV if there is no more “Midnight Hot” being allowed in India.

Continue Reading

Quote of the Day:Morpheus: If real is what you can feel, smell, taste and see, then 'real' is simply electrical signals interpreted by your brain