Archive for the ‘Hack!’ Category

I was about to choose a BaaS provider, after a quick research I found that the silver player is not materialized yet, however number of providers was more than my expectations since all what I knew was the big names only, I prepared a matrix for comparison in terms of the common features they should offer.

I’m interested to use App42, Kii or working with a big name like Parse or StackMob, whenever I use them in production I will share my experience.

Here it is!


I finally got tons of pirated movies from my friends on a HD, the movies number maybe was about 500 movies.

My problem was that which one to start with, I used to pick a name and search the Internet for the ratings, and repeat this till I get a recommended one, shit, no?!

What is nice about being a programmer? is you can help yourself ­čÖé

I wrote a Python script which expects the movies directory and will scan this directory and collect the movies sub-directories names and get the ratings from the Internet and sort them by rating, that’s it.

Example of the tool results:

arefaey@arefaey:~/workspace/Movies Rater: python /home/arefaey/movies/
Total movies found: 236
API response had no rating for movie: The Back-Up Plan
API response had no rating for movie: Once Upon a Time in the West
API response had no rating for movie: Cowboys and Aliens
API response had no rating for movie: New folder

Rated Movies: 222

(‘The Shawshank Redemption’, 9.3)
(‘The Rite’, 9.3)
(‘The Godfather’, 9.2)
(‘Pulp Fiction’, 9.0)
(‘The Dark Knight’, 9.0)
(‘The Godfather Part II’, 9.0)
(‘Fight Club’, 8.9)
(‘Inception’, 8.8)
(‘Inception ‘, 8.8)
(‘Goodfellas’, 8.8)
(‘Saving Private Ryan’, 8.6)

Unrated Movies: 14

Even the Rain
Gnomeo and Juliet
The Back-Up Plan
Undisputed III Redemption
Like Stars on Earth
Terribly Happy
Love Likes Coincedences
Once Upon a Time in the West
Cowboys and Aliens
New folder
Born to Raise Hell 2
King of Devil’s Island

Fork me

Mikrotik Auto Login Script

Posted: November 11, 2011 in Hack!, Technical

Unfortunately, I had to subscribe to some Internet provider and found that he uses Mikrotik Proxy. First of all he restricted my access to a single MAC address, however I access the network now through 2 laptops and desktop machine simultaneously ­čśÇ What was really annoying is that I have to create a session with the server by logging in using a username and password using their web interface every time I start my machine, so no internet connectivity unless I open my browser and login to their server..Boring :S I tried to login using Python/httplib2 using my plain username and password but it did not pay. So I inspected the Login web interface and found that the password is salted (Some HEX numbers and my password in between) then MD5ed before it is sent to server…interesting!

It was like this:

<script type="text/javascript" src="/md5.js"></script>
	<script type="text/javascript">
	    function doLogin() {
		document.sendin.username.value = document.login.username.value;
		document.sendin.password.value = hexMD5('\330' + document.login.password.value + '\155\153\216\266\076\244\006\261\251\237\164\021\307\047\212\015');
		return false;

At first I manually MD5ed my “salted” password as I found in the Login page html using Python/md5 module and tried to send it┬áprogrammatically┬á, But it failed again!

I noticed that the salt changed when I refreshed the page, so at the beginning of my script I grab the Login page html/content and using Python/re REGEX module I extracted the salt from the javascript code and added my password in between and using Python/simplejson I JSONed my POST request payload, But it failed again:S

I suspected that I miss some thing I can not see through Google Chrome Web Inspector Network sniffer, So I tried Wireshark..yes Wireshark­čśÇ to sniff myself and found that my login POST request payload/content is encoded not JSONed, which I did not notice since Chrome Inspector viewed my POST request payload in human readable format, then I changed my code to encode the POST request content to be encoded using Python/urllib.urlencode, tried again and it SUCCEEDED this time ­čśë

Added the Python shebang at the start of script and added it to the Ubuntu startup programs list and my username/password passed, so I get automatically logged in every time I boot my Ubuntu ­čśÇ

You can check my code here

I got a very simple idea when I was recharging my mobile using the normal way, scratching a card to get a secret code and either calling recharging automated service or requesting a shorthand like in Vodafone *858*secretcode#

I suggest adding the shorthand substituted with the secret code as a QR code!
Then when I scratch the card I get the QR code as an alternative way to recharge besides the code for manual recharging.

The motivation is that most of phones now have built-in QR readers or it can be installed as a third-part application, which will quickly translates the QR code to the correspondent code and you can quickly call it!

Vodafone Egypt Example:
The shorthanded code to charge with secret code *858*12345678901234#
The Generated QR code:

What do you think?