How Secure BBM (Android) ID Creation Is

This is some morning brain distraction I had. The queue for my Android's BBM ended this morning, and throughout the process, some ideas came into my mind.

So, BBM ID takes 8 characters, digit and letters.That would make 31 possible characters per position. Thus, the number of possible BBM ID is 31^8, or ~850 billion IDs, ignoring possibility of error checking character which would make it much less than that.

Now, from my experience this morning, it seems that the process of ID creation happens in the device. My friend also told me that if you want to bypass the queue for the email signups, you could use someone else's email who is already dequeued, for example my email, then just make new BB user ID or sign in if you already have one (apparently I have one since I signed up as BB App Vendor long ago).

My question is, since Android is so open source, how secure is BBM ID creation? I am no hacker, but here is a possible attack I thought of:

You could reverse engineer Android apps by decompiling the APK (never tried to decompile, but read about it before; on the other hand, extracting APK is very easy with the many file explorers available). So, we could reverse engineer BBM APK, then look for the function that calls the ID creation. Then, we make a dummy application which function is to keep calling that ID creation. This would exhaust BBM IDs for no users.

Let's now look at how long this process would take to exhaust all possible IDs, which worst case is 850 billion in numbers. From this morning, ID request takes around 3 minutes for me on WiFi. So for one hour, I could exhaust 20 IDs and for one day, I could exhaust 480 IDs. It would then take 850 billion/480 = ~1.8 billion days. So, BB could still fix it if possible! Really? Let's make a better approximation. Typically, an Android developer has more than one device to work on. Assume each attacker has 10 devices. Assume again, there are around 100 attackers per group, and there are 4 groups. The attack would then last for 850 billion/(480 * 10 * 100 * 4) = ~440 thousand days or ~1000 year. Fiuh! Still safe!

Yes, this is the kind of thoughts that go through my mind when I start thinking. I am not BB hater. I think BB is awesome with their QWERTY phones (I would use them if they don't lag when I open WhatsApp). I am just curious how would the BB engineers protect their system from such possible attack. Well, good day, folks.

Unity Bowling Game

Unity Bowling

I made a simple bowling game to learn Unity. Currently, the game would reset level when the ball fell, there is scoring counter, and Android version for touch system.

Ubuntu in VirtualBox - Mouse Scroll Not Working

There was another problem with Ubuntu on VirtualBox. It does not detect mouse wheel scroll if you are using integrated mouse. I checked it here:

http://askubuntu.com/questions/152742/how-to-enable-mouse-wheel-in-virtualbox/153301#153301

I tried the answer; it worked! However, the mouse cursor is not integrated, which I loathe and thus I looked add the second voted answer. This really works!!! It was unclear on how to do what the person wrote, so JFGI. Here is the link to do what the person wrote:

http://www.virtualbox.org/manual/ch04.html

Lagging Ubuntu (Desktop) on VirtualBox in Windows - Updated

Background story: I wanted to look at GIMP source code and hack it. Sadly, the tutorial preferred Ubuntu to auto build the latest source code. So I tried installing Ubuntu, dual boot with my Windows 8. Due to UEFI problem, I could not boot to Ubuntu. I tried Ubuntu on VirtualBox before, but since it was too laggy, I dumped it.

So, since my laptop could never boot to Ubuntu, I retried Ubuntu on VirtualBox. It is still laggy, even after I gave 2GB RAM. Apparently, it seems that the problem is due to Ubuntu's Unity using 3D acceleration. I am trying this solution to improve the lag problem:

http://namhuy.net/951/how-to-fix-slow-performance-ubuntu-13-04-running-in-virtualbox.html

It still lags in my laptop and I am still working on it, especially that the 3D support and software rendering is still off.

Update:
Stupid me. I did not enable 3D acceleration in the VirtualBox setting. After I enabled it (I followed the above help before it, so not sure if the link is the one that solve the problem or just the setting), it becomes silky smooth. Nice!

Java: File and Buffered Reader/Writer

Well, this is kind of logical situation, but I thought it should not matter since all of them would be closed anyway. Here's the story:

So my task was to build a Java application which would accept commands and ultimately you want to record everything that you have done in a text file (you could also open the file to continue the work). Without hesitation, I looked at an old code that has text file reading function (written by my Prof. of course as a template to do tutorial), thus I decided to use FileReader and BufferedReader instead of other methods available around. Logically, I looked up into FileWriter and BufferedWriter, and both of them do exist.

Here comes my stupidity: I close the FileWriter before the BufferedWriter. I thought it was fine, since that was what happened in some old template code given to me (for reader and not writer). The problem was, in those codes, the reader was only called once for every program execution. In my case, I repeatedly call FileWriter and BufferedWriter for every operation that changes the text file as a risk mitigation in case my program crashes due to invalid and error-causing input or the computer crashes. And that, somehow somewhat, makes closing BufferedWriter before FileWriter important! Otherwise, I would get run time error and my text file would just be reset into empty forever and ever.

So folks, remember to close what's opened last before closing what's opened first (like chestception where you would need to close the innermost chest first before closing the outermost one).

NUS ModCrasher: Behind the Scene #1 - GQL Restriction

GitHub: NUS ModCrasher on GitHub

Project: NUS ModCrasher on AppSpot

While we were doing the search system, we ran into a trouble: GQL query restriction. It only allows one inequality to be in the query, while we need two to find lectures between the start time and the end time. So, how should I approach this, since I was the one in-charge of the search system?

Initially, I thought of appending the search result one by one, meaning since lectures start time is on half-hourly period, I could just make a loop between start time and end time, essentially no inequality in the query at all. But then, I did not know how to append the queries, and time was not on our side. I decided to find something else.

I was thinking that Jinja2 template that we are using supports python one way or another. Could I utilize that? Probably! So I tried it; our GQL query run with one inequality and our Jinja2 template would do the other by using "for if" statement. It works! I am not sure about the performance of such solution, but it works for the time being and we are keeping it for now.

Svbtle Kudo button Copy

I have been fascinated by Svbtle Kudo button since I first saw it. Thus, my intuition was to try make one. Actually, the button has been done for some time. (I was on holiday and on holiday mood)

To try it out, go to:

hansnewbie.github.io/files/svbtle.html

I hacked most parts of the button, such as the size and positioning so that it looks perfect. I am not sure the reason behind some bugs if I didn't hack it, such as 1 px lines between the outer ring and the inner circle even when I have normalized the web page and clear all margin and padding of the two.

There are differences between the Svbtle real button and mine, though:

1. Svbtle button has the inner circle even before the mouse cursor hovers in it while mine has none. I could do the same but I prefer no inner circle on initial state.
2. Svbtle button has constant speed while my button has constant time. This means that for Svbtle button, if you move your cursor away from the button then put it in again before it returns to initial state, the time taken to make it finish is lesser than if it was from initial state to final state. For my button, it takes the same amount of time to go from any state to final state, thus slower animation if you move the cursor halfway then continue on.
3. I didn't do the decoration, such as the "don't move" command and successful notice.

Note: It seems there is a lag for the Javascript online. It works fine locally.

GitHub Repo Slimming Down

As I scrapped some projects that I had in mind, I ensure my Github repo is maintained. I deleted my Android Live Wallpaper repo since I am not continuing that, and also deleted Scipane (Scissor Paper Stone) HTML game as my knowledge now is not enough to make such and when I have the knowledge probably I forget about it already. My Chrome Social Extension is still there because I believe it could work, though I put it away for now in my mind.

I am very out of focus for side project. I will do what I can.