How Secure BBM (Android) ID Creation Is

This is some morning brain distraction I had. The queue for my Android's BBM ended this morning, and throughout the process, some ideas came into my mind.

So, BBM ID takes 8 characters, digit and letters.That would make 31 possible characters per position. Thus, the number of possible BBM ID is 31^8, or ~850 billion IDs, ignoring possibility of error checking character which would make it much less than that.

Now, from my experience this morning, it seems that the process of ID creation happens in the device. My friend also told me that if you want to bypass the queue for the email signups, you could use someone else's email who is already dequeued, for example my email, then just make new BB user ID or sign in if you already have one (apparently I have one since I signed up as BB App Vendor long ago).

My question is, since Android is so open source, how secure is BBM ID creation? I am no hacker, but here is a possible attack I thought of:

You could reverse engineer Android apps by decompiling the APK (never tried to decompile, but read about it before; on the other hand, extracting APK is very easy with the many file explorers available). So, we could reverse engineer BBM APK, then look for the function that calls the ID creation. Then, we make a dummy application which function is to keep calling that ID creation. This would exhaust BBM IDs for no users.

Let's now look at how long this process would take to exhaust all possible IDs, which worst case is 850 billion in numbers. From this morning, ID request takes around 3 minutes for me on WiFi. So for one hour, I could exhaust 20 IDs and for one day, I could exhaust 480 IDs. It would then take 850 billion/480 = ~1.8 billion days. So, BB could still fix it if possible! Really? Let's make a better approximation. Typically, an Android developer has more than one device to work on. Assume each attacker has 10 devices. Assume again, there are around 100 attackers per group, and there are 4 groups. The attack would then last for 850 billion/(480 * 10 * 100 * 4) = ~440 thousand days or ~1000 year. Fiuh! Still safe!

Yes, this is the kind of thoughts that go through my mind when I start thinking. I am not BB hater. I think BB is awesome with their QWERTY phones (I would use them if they don't lag when I open WhatsApp). I am just curious how would the BB engineers protect their system from such possible attack. Well, good day, folks.

Unity Bowling Game

Unity Bowling

I made a simple bowling game to learn Unity. Currently, the game would reset level when the ball fell, there is scoring counter, and Android version for touch system.

Ubuntu in VirtualBox - Mouse Scroll Not Working

There was another problem with Ubuntu on VirtualBox. It does not detect mouse wheel scroll if you are using integrated mouse. I checked it here:

http://askubuntu.com/questions/152742/how-to-enable-mouse-wheel-in-virtualbox/153301#153301

I tried the answer; it worked! However, the mouse cursor is not integrated, which I loathe and thus I looked add the second voted answer. This really works!!! It was unclear on how to do what the person wrote, so JFGI. Here is the link to do what the person wrote:

http://www.virtualbox.org/manual/ch04.html

Lagging Ubuntu (Desktop) on VirtualBox in Windows - Updated

Background story: I wanted to look at GIMP source code and hack it. Sadly, the tutorial preferred Ubuntu to auto build the latest source code. So I tried installing Ubuntu, dual boot with my Windows 8. Due to UEFI problem, I could not boot to Ubuntu. I tried Ubuntu on VirtualBox before, but since it was too laggy, I dumped it.

So, since my laptop could never boot to Ubuntu, I retried Ubuntu on VirtualBox. It is still laggy, even after I gave 2GB RAM. Apparently, it seems that the problem is due to Ubuntu's Unity using 3D acceleration. I am trying this solution to improve the lag problem:

http://namhuy.net/951/how-to-fix-slow-performance-ubuntu-13-04-running-in-virtualbox.html

It still lags in my laptop and I am still working on it, especially that the 3D support and software rendering is still off.

Update:
Stupid me. I did not enable 3D acceleration in the VirtualBox setting. After I enabled it (I followed the above help before it, so not sure if the link is the one that solve the problem or just the setting), it becomes silky smooth. Nice!

Java: File and Buffered Reader/Writer

Well, this is kind of logical situation, but I thought it should not matter since all of them would be closed anyway. Here's the story:

So my task was to build a Java application which would accept commands and ultimately you want to record everything that you have done in a text file (you could also open the file to continue the work). Without hesitation, I looked at an old code that has text file reading function (written by my Prof. of course as a template to do tutorial), thus I decided to use FileReader and BufferedReader instead of other methods available around. Logically, I looked up into FileWriter and BufferedWriter, and both of them do exist.

Here comes my stupidity: I close the FileWriter before the BufferedWriter. I thought it was fine, since that was what happened in some old template code given to me (for reader and not writer). The problem was, in those codes, the reader was only called once for every program execution. In my case, I repeatedly call FileWriter and BufferedWriter for every operation that changes the text file as a risk mitigation in case my program crashes due to invalid and error-causing input or the computer crashes. And that, somehow somewhat, makes closing BufferedWriter before FileWriter important! Otherwise, I would get run time error and my text file would just be reset into empty forever and ever.

So folks, remember to close what's opened last before closing what's opened first (like chestception where you would need to close the innermost chest first before closing the outermost one).

NUS ModCrasher: Behind the Scene #1 - GQL Restriction

GitHub: NUS ModCrasher on GitHub

Project: NUS ModCrasher on AppSpot

While we were doing the search system, we ran into a trouble: GQL query restriction. It only allows one inequality to be in the query, while we need two to find lectures between the start time and the end time. So, how should I approach this, since I was the one in-charge of the search system?

Initially, I thought of appending the search result one by one, meaning since lectures start time is on half-hourly period, I could just make a loop between start time and end time, essentially no inequality in the query at all. But then, I did not know how to append the queries, and time was not on our side. I decided to find something else.

I was thinking that Jinja2 template that we are using supports python one way or another. Could I utilize that? Probably! So I tried it; our GQL query run with one inequality and our Jinja2 template would do the other by using "for if" statement. It works! I am not sure about the performance of such solution, but it works for the time being and we are keeping it for now.

Svbtle Kudo button Copy

I have been fascinated by Svbtle Kudo button since I first saw it. Thus, my intuition was to try make one. Actually, the button has been done for some time. (I was on holiday and on holiday mood)

To try it out, go to:

hansnewbie.github.io/files/svbtle.html

I hacked most parts of the button, such as the size and positioning so that it looks perfect. I am not sure the reason behind some bugs if I didn't hack it, such as 1 px lines between the outer ring and the inner circle even when I have normalized the web page and clear all margin and padding of the two.

There are differences between the Svbtle real button and mine, though:

1. Svbtle button has the inner circle even before the mouse cursor hovers in it while mine has none. I could do the same but I prefer no inner circle on initial state.
2. Svbtle button has constant speed while my button has constant time. This means that for Svbtle button, if you move your cursor away from the button then put it in again before it returns to initial state, the time taken to make it finish is lesser than if it was from initial state to final state. For my button, it takes the same amount of time to go from any state to final state, thus slower animation if you move the cursor halfway then continue on.
3. I didn't do the decoration, such as the "don't move" command and successful notice.

Note: It seems there is a lag for the Javascript online. It works fine locally.

GitHub Repo Slimming Down

As I scrapped some projects that I had in mind, I ensure my Github repo is maintained. I deleted my Android Live Wallpaper repo since I am not continuing that, and also deleted Scipane (Scissor Paper Stone) HTML game as my knowledge now is not enough to make such and when I have the knowledge probably I forget about it already. My Chrome Social Extension is still there because I believe it could work, though I put it away for now in my mind.

I am very out of focus for side project. I will do what I can.

Scrapping Projects

I am going to scrap most of my Android projects. It just seems that my interest is really on graphic, design and game. Anyway, my NUS Orbital app is online. Visit NUS ModCrasher to know more about it! (Built by me and Yos Riady)

Messed up situation

I know I have been posting several posts on different projects, but I am kind of having difficulty to focus especially that I am stuck in all my projects. Currently, my main project is still my NUS Orbital project on a lecture crasher for NUS students. Whenever I am stuck and dunno what to do, I tried to work on other ideas instead of wasting time on the Internet as an escape. That's why I have different ongoing ideas (when I am stuck on one, I work on another which stuck again thus another one and so on so forth). Still, sometimes I am trapped on other stuff. Hopefully all my ideas come to fruition.

Social Network Blocker Chrome Extension #0

Github repo: https://github.com/HansNewbie/Social-Chrome-Extension

This idea actually came up a while ago for a school project (that is still ongoing). The idea was to make a counter for how long have you spend on social network. Now I am making it into a personal project. Since I am still new to JavaScript and I would like to avoid making the time counter, I am making instead a blocker which would close the Chrome Tab if it is read as a registered social network (now I am trying to make it work for Facebook first). I am facing difficulties due to the unknown territory I am in (new in JavaScript and using chrome API).

Dropdown Menu #2

Project Page: http://hansnewbie.github.io/DropdownMenu/

I found out that the problem with the gap is the Github CSS. I tried to override everything, but it seems that there is a problem with the user agent stylesheet from Chrome (webkit), which I checked on StackOverflow and tried everything with no yield. The clean code would works perfectly though. If you could help me on the matter, could you contact me (probably through comment on this post)?

Thanks!

Dropdown Menu #1

Project Page: http://hansnewbie.github.io/DropdownMenu/

Okay. Now the rendering is fixed, but there is still a gap in the project page which made the occasional lost of the list.

Dropdown Menu #0

Project Page: http://hansnewbie.github.io/DropdownMenu/

This is a fun project by me to try making a dropdown menu. Why? I find it very fancy, and last time before CSS was universal, my friend helped me to make it (I cannot remember using what). I really want to try making it by myself.

Still need to improve some stuff, though. More consistent dropdown (there is a gap between the main button and the list that often makes the list to be gone) and render on top of the text.

Feel Good #1

Project Page: http://hansnewbie.github.io/MyFirstApp/

Feel Good has been updated (a while ago actually, but I just remembered to write the post)! Now there are 4 messages that could appear. If you have suggestion for other messages, leave a comment on this post!

Note: Download link (the APK) is available in the Project Page as well!

Feel Good #0

Project Page: http://hansnewbie.github.io/MyFirstApp/

Actually, I made this app before the calculator. Anyway, this is a modified version of Android MyFirstApp tutorial. Screenshots below:

Basically, type in your names, and a message would pop out. The app name is Praise Yourself, but it sounded not so nice, so in the next version, I will change the name to Feel Good. In the update, I would also enable randomization of the message.

Android Calculator #0

I tried making a calculator for Android, but it failed horribly TT.TT

Several problems I met:
- Designing the buttons is not easy. Some decisions needed: which key layout do I want to use; which implementation of Android Layout do I want to use
- How to handle when the button is pressed. I tried to utilise something like the Android Beginner tutorial, but it was very different thus I needed to find something else.
- How to handle the calculation

Then, I found a tutorial -.- I will try to follow the tutorial soon. Hope I could fix my calculator.

Tetris

Project Page: http://hansnewbie.github.io/Tetris-in-Java/

Why did I pick that tutorial?

I was using Java (and started to learn it) this semester for my programming module. Since I would like to make some games, I was looking for making something graphical in Java. I thought it would be hard since I always use Eclipse IDE and I don't think it would support making a graphic output like HTML5 Canvas. So I tried looking for simple game (not like those current console and PC games) in Java, and that's when I found the tutorial. It was interesting, learning Java Swing, though in the end I matched my code with the given code (I retyped the code and tried to optimised here and there, but in the end it didn't work, so I matched back D: ).

Why did I have the idea of doing stuff outside school work when that time was crucial deadlines time?
Simply said, at least it is better than spending my time on Facebook when I can't focus.

Screenshot

---

My Use of Java Swing
Apparently, in my programming class, there was this problem set on solving mazes. However, the mazes look like this:

On the maze above, ## means a wall, while PP is the path from the source (which in this case was (0,0)) to the destination (3,3). But when I saw the question, the printed maze was very confusing. And indeed, some people in the class had the same confusion as me.

On the maze above, we were asked to implement the maze with superpower of going through some wall. The broken wall is marked by XX (we need to implement the XX marking by ourselves while the maze printer for ## and PP was given). The two mazes pictures are of the same maze, with the previous one without superpower and this one with superpower of 5 (means can go through 5 walls).

================================

So, naturally, there was a bonus question on the problem set to implement a better visual for the maze for 0 points. Well, I paused for a second and was thinking, would implementing better visual worth the 0 bonus points? Apparently, since I could reuse the code from the Tetris (though need more than just copying), I implemented the better visual (despite pressing homework, because making better visual is much more fun than doing my other homework). The result?


On the left is solving the maze without superpower while on the right is the one with superpower, with the maze and the source and destination points being the same as the ASCII maze above. Dots mark the path, blue blocks mark the walls and yellow blocks mark the destroyed wall. Quite neat, eh?

Apparently, it seems my tutor gave me some extra points for implementing this, not sure by mistake or not. Either way, it was fun :)

I had a trouble, though; there was another bonus question which has some marks allocated for it, and that is to generate the maze. I had brain freeze due to the piling homework that I could not implement it even though the algorithm is very much available on the Internet. :(

Global Game Jam 2013 - Hallucination of A Night with A Beer Bottle

Project Page: http://hansnewbie.github.io/GGJ2013-Deborah/

I participated in Global Game Jam 2013 in Singapore with a few friends of mine from Game Development Group of NUS. The theme of the jam was heartbeat. Here's a preview of the game:

I had different roles in the team. I wasn't confident of my programming skills so I did the artwork. The base model for the offering statue was made by me (the sprite was made by Sandra). I also made the sprite for the hero when he is sacrificing his HP (the hero and its movement sprite was made by Vanessa). I made the whole thing about the monster. Now, many people in the jam asked me what kind of monster it is. My idea was actually a modified leech. Apparently, it is too gross and too striped to be recognized as a leech.

At some point of the jam, I jumped into some parts of the game programming due to the time constraint that we had and extra programmers were needed (the main programmers were Chunmun and Richard). Notably, I coded the traps' position randomization and the collision detection. They weren't up to my expectation, but they did fine. The game engines were actually made by Richard, and Richard and Chunmun made some other game with that engine before, thus our game developed very fast, just that the many numbers of mechanics involved means extra work was needed.

After our game could run fine, we need to add the sound, because it was a mute game. I made the background music using Soundation, an awesome online free music studio. I made the BGM, but then it sounded to bland, so I added the dubstep bit. Turn down your volume when playing. The sound effect was made by Sandra. I also felt the ruin-kind background image was a little unpleasing on the eye, so I made the grassy plain background.