DISCONTINUED

If you are reading this, you might be more interested in checking out the new, WordPress-powered Howettblog!
Bounce on over to http://blog.howett.net!

iTunes App Store Hacking

Last night, I tried to figure out how the iTunes App Store (as accessed from the iPod Touch) worked.
I was able to simulate the app store experience, and here are the few notes I took on the matter.

All replies from the App Store are gzip-compressed.
If any of these steps fails, the connection is terminated.

1. The device queries phobos.apple.com for a "bag" (ix=2), which contains a signature and a signing key.
2. The device sends a non-binary plist (XML property list) of its current applications to a WebObject called "availableSoftwareUpgrades"
3. The app store replies with a list of all the information for those applications. It is up to the iPod itself to determine whether/not there are upgrades.
4. Periodically, the device makes a request to metrics.apple.com (which replies 100 Continue instead of 200 OK), which I believe is for stats tracking.
5. The device reads software categories and loads icons (WebObject viewFeaturedSoftwareCategories)
6. The device loads the contents of a category (WebObject viewGenre)
7. The device loads an application's information descriptor (WebObject viewSoftware). This for some reason contains the text to be used in the price display, as well as the "INSTALL" or "BUY NOW" text.
8. The device initiated a secure connection to download an application. This is where I had to stop my research, as I couldn't track this.

Tools used:

• curl (Commandline URL Fetcher)
• Wireshark (packet capturer/analyzer)
• Apache (Web Server, used here to serve fake App Ptore pages)
• A single firewall rule on my router to redirect all traffic coming from the iPod back to my computer (iptables -t nat -A PREROUTING -s ipod -p tcp -j DNAT --to 192.168.254.1. Note: I couldn't redirect to a computer inside the router's network, so I had to hook up via WiFi to the router AND via Ethernet to the modem)

Not much useful information into the app loading process was gleaned from this, unfortunately, though I did manage to snap some "neat" screenshots of my meddling.


Applications are signed, though, so even if this was an exploitable vector, the device would need to be jailbroken first, thus making this useless.
Neat nonetheless.

If Gentoo Linux were a Car...

1. You go pick up an engine (in pieces) and body parts from the central warehouse.
2. You find that your version of sys-car/transmission is too new and you need to get a newer version of sys-car/engine out of storage.
3. You put together the engine, transmission, and body. You're pretty psyched, only to find that you have yet to install car-misc/seats.
4. You install the seats, but find that the latest version of car-misc/seats does not correctly recognize the human body, due to an incompatibility.
5. You downgrade car-misc/seats and in the process must downgrade sys-apps/steering-wheel for height concerns.
6. You install the radio separately, which is the easiest part.
7. You turn the car on and it explodes.

Latenight philosophy with DH and DS

"Me" is me, "Dustin" is DSollick. Dustin was reading through (and critiquing harshly) a story he wrote.

Dustin: No shit, nothing without life?@!
Me: Actually it's wrong
Me: :P
Dustin: that too, lifeless worlds
Dustin: lifeless universes
Me: The earth existed long before there was life, for example
Me: indeed
Me: THEN AGAIN
Me: what if all these lifeless worlds and lifeless universes
Me: are just things in our lives? Just things that exist because we, life, observe them?
Me: Sometimes I look in a mirror and wonder how I came to be. How I inhabit this body. What if I inhabited a different body? What recognizes vision and sound and acknowledges it? Is it a mind? Does a mind do that? Or is it the soul. I don't think you can hook up eyes and ears to a brain and have a person. I don't think they'll see the world like any of us. If at all. But what.
Me: What happens when I die? When I am reborn. Do I inhabit another body? Obviously. Do i live through 18 years before I ask the same questions? I had life experiences at 3 that I can't remember but I know i saw them through my eyes, these eyes. These. Where would they be stored? That says it's the mind. My soul would remember. Can I tap into that?
Dustin: I wasn't expecting a philosophical discussion
Dustin: x.x
Me: Neither was I.
---
Me: is that how it happened
Dustin: yes.
Dustin: XD
Me: in your collective consciousness?
Me: What if we are made up of collective cohesive consciousnesses working as one? Hmm. I don't feel like multiple people, but what if we are? What if I are? Am? Is.. ? But really.
Me: Interesting thought
Dustin: I'm really glad the 11-page copy I wrote didn't make it; these are laughable, that one was grimace-worthy
Me: lmao!
Me: Maybe we are mosaics of consciousness. Each part of us coming from a different place. Varying morals. Maybe people get tainted. Maybe serial killers are tainted with a single bad piece. Spreading out like ripples.

Total: ∞ packages (0 good luck, 1 mistake)

I'd just like to put this out there for everybody...

1. Make frequent backups. Maybe every month.
2. Do not, under ANY circumstances, accidentally try to install Haiku to /dev/sda. Ever.

Now that the advice is out of the way, it's story time!

Yesterday, I was trying to install Haiku to my 512MB flash drive, which, when I plugged it in, got assigned /dev/sdb. The Haiku build system was, at the time set to write to /dev/sda2 (my 3GiB Haiku partition). I deleted the "2" and went on with my business. I ran jam -q haiku-image to build it.
"Hmm, this is taking a while."
"dd, wrote 134 MB to /dev/sda"
"/dev/sda?! WHAT?!"
"OH MY GOD!"

It wrote 134 MB of 0x00s to the beginning of my hard drive, clobbering the bootloader, partition table, and the root filesystem of my Linux installation (/dev/sda1).

It also got to the "Populating Image" step, so it was happily chugging along writing a Be File System over my entire hard drive and filling it with Haiku data.
^C!

Programs still ran, not all the files on / were lost, and I was in a state of panic.
One reboot later confirmed the obvious - no more system. Also, no more files in /. The filesystem layout was in memory, and I should have taken the time to recover some of the data before I reformatted.

fsck told me that /usr was trashed.. /usr is like "Program Files" and more for Linux... Random data written in random places on a volume is... bad ;)
/ was definitely a goner...
/home somehow survived, guaranteeing that my 8 years-worth of data would stick around for a while longer!
Fortunately, I had backups from August 15th!
Unfortunately, they were from August 15th. That means 3 months worth of upgrades to do...

Restored / and /usr, some of /var (installed package database only), and went to work upgrading.

500 compiled and installed packages later (the last of which are still going) and Jesus is... Well, for the situation, I have to say he's done pretty darn well. Kudos, me.

Once this is all done?

BACKUP TIME!

I think I need a NOS.

Prayer to install Linux

Leon wanted to bless his system before he installed Linux, and I came forth with the following:

Blessed be this computer system. Remove from it under the name of the system lord Linux all sins of the hard drive and RAM. Cleansed be its bits and its bytes. Praise be the system lord Linux.

- Dustin L. Howett

It releases the system from the grips of the demons of Windows, and thus asks for it to be forgiven of its Windowsy transgressions. :)

Election 2008

I'm making a note here-
HUGE SUCCESS.

OBAMA 2008!