Wednesday, November 21, 2012

Etisalat Post Pay Bill Viewer

Application Download Link: http://www.mediafire.com/?vq0zp3tdjn7746h

*** This does not work anymore. Etisalat guys have fixed this security hole within 24hrs since I released this! Impressive! So kudos to them :) And cheers to anyone who got lucky and had fun while it lasted ;) ***

Suddenly my Etisalat data package stopped working so I logged in using my other Airtel connection to check what's wrong. After bit of Googling, found this official portal which lets you view your current and previous bills. While on it, it appeared that their portal is easily vulnerable to exploit. Although you need authentication to view the bills, but once you know the bill URL and get the hang of how they are classified, getting the  customer data out is a piece of cake!

After checking few bills of random users, I thought of writing a utility which can be used to check the outstanding bill amount when a customer number is given. Customer number is printed as 'Customer No' in your actual bill. You can download the application  here. You can use it to view your previous bills too. But the best part is you can check details of other random users. Just for the kicks, I decided to reveal their name, address, post pay plan and the actual phone number. So have fun while it lasts ;)

The application has a simple interface. You will have to enter your customer number and choose the month and year of the bill which you want to see. When you click 'Get Bill Details' button, it will get busy for a while and display details if available. Check out the screenshot.


Do try out the app and comment if you need any improvements to be added in the later versions. Also comment if there are any bugs. Enjoy!

Application Download Link: http://www.mediafire.com/?vq0zp3tdjn7746h

Monday, November 19, 2012

C#: Handling the “The remote host closed the connection” exception in WCF REST

In a recent project, I was involved in developing WCF Restful services for mobile clients. There were some services where the clients send files as multi-part POST requests. In some cases the file data parsing on the server fails due to missing form data fields or missing file data but those scenarios ended up throwing exception on the server. It was the most common communication exception 'The remote host closed the connection'.

The WCF method signature looked like this:
public bool SaveImage(Stream stream)

And inside the method, there is absolutely nothing special I am doing when parsing fails. I am returning true when parsing failed and false otherwise. But when it fails, it throws this exception for no reason.
After much of Googling, I found that when client is no longer connected to the service this exception may occur on the server. And the solution was to check Response.IsClientConnected property and act accordingly if its false. When I checked it, to my surprise it was false even when the method itself gets called! That is only when the parsing failed. So my conclusion was that the WCF infrastructure takes care of those requests which are not legit at the very beginning of its pipeline and releases the client to free its connection pool. But I still wonder why it passes the context to the method, if it is not willing to listen for the response.
So to fix this I added this method to my base service class:
protected bool IsClientConnected
{
    get { return HttpContext.Current.Response.IsClientConnected; }
}
In every method which takes in a Stream, I call this method and make sure client is still listening and return the response. So what do I return when client is not connected? Just null. This gets rid of getting the nasty 'remote host' exception and you can save you logs from overflowing with that.
Happy coding!
PS: The downside of using this method is that you have to use HttpContext which forces you to use AspNetCompatibilityRequirementsMode.Required, in your service which will prevent you from self-hosting it. But then again I don think clients would be disconnected in this fashion unless in that case. So I guess it's fair enough :)

Tuesday, August 7, 2012

SLT Usage Meter

[This does not work now. Please refer this post, it has browser plugins which do the same thing.]

Application Download Link: http://www.mediafire.com/?5ndfsq7ytz92zu4

One of my colleagues was checking his ADSL usage via the SLT's usage meter found on their website. But it was a lengthy process and practically not worth logging in every time just to see how much he has utilized from his quota. So he requested me to write a windows application to automate it.

I tried to develop it during a weekend and when I was inspecting the http traffic through Fiddler, I found that although the web users have to login to view their usage, the actual page which shows the usage is not checking any user session. That means if we can directly post data to the usage page, we can get the results without providing credentials. The creepiest thing is even we can check other people's usage if we know their usernames! Way to go SLT!

Here you can download the application. It has a really simple interface. You will have to enter your username at start and it will be saved in the registry. The application runs in the system tray and when you click the icon, it will notify you of the total usage. Check out the screenshots.







If you want this app to be loaded automatically when you start Windows, just copy it to your start-up folder.

Do try out the app and comment if you need any improvements to be added in the later versions. Also comment if there are any bugs. Enjoy!

Application Download Link: http://www.mediafire.com/?5ndfsq7ytz92zu4

PS: I wrote a Google Chrome Extension to do the same thing. Go here if you do not trust running EXEs :)

PPS: I ported it to Firefox as well. Get it here.

Monday, July 30, 2012

How to unlock your Huawei E173 dongle

I had a Huawei E173 dongle locked to Dialog and was able to unlock it successfully.
If that interests you, keep on reading... 



Download the following stuff: 
3. Unbranded dashboard (optional)

Steps: 
1. Run the code generator and enter your IMEI. Note the unlock code. 
2. Run the new firmware installer and input the unlock code when prompted. 
3. Optionally install unbranded dashboard software. (Dialog dashboard works with other SIMs!) 

Enjoy!!!

Wednesday, February 29, 2012

C#: Exploring OpenSSL.NET

I am currently involved in a project module which involves a bit of cryptography. The basic requirements are:
  • Generating RSA key pair
  • Creating a CSR file
  • Generating a Checksum
  • Encrypting with private key
  • Reading a certificate file
  • Verifying a signature 
So while I was googling for hints, I came across this free library called OpenSSL.NET which looked promising. Find the code below which I use to accomplish the above tasks.

This function generates an RSA key pair and returns a CryptoKey object. The length of the keys are hard-coded to be 2048.
        /// <summary>
        /// Generates a 2048 bit RSA key pair.
        /// </summary>
        /// <returns>The key container</returns>
        public static CryptoKey GenerateRsaKeyPair()
        {
            using(var rsa = new RSA())
            {
                rsa.GenerateKeys(2048, 0x10021, null, null);
                return new CryptoKey(rsa);
            }
        }

The following function takes in a RSA key and creates a CSR file. I have used a DTO to pass in the additional details needed for the CSR generation.
        /// <summary>
        /// Generates a CSR file content according to the details given.
        /// </summary>
        /// <param name="csr">CSR details</param>
        /// /// <param name="key">RSA key</param>
        /// <returns>The CSR file content</returns>
        public static string GenerateCsr(CsrProperties csr, CryptoKey key)
        {
            using (var subject = new X509Name
                              {
                                  Country = csr.CountryName,
                                  Organization = csr.OrganizationName,
                                  OrganizationUnit = csr.OrganizationalUnitName,
                                  SerialNumber = csr.SerialNumber,
                                  Common = csr.CommonName
                              })
            {
                using (var req = new X509Request(0, subject, key))
                {
                    return req.PEM;
                }
            }
        }

For Checksum generation, which is also knowing as generating the hash, I used the following code. The algorithm was SHA256.
        /// <summary>
        /// Generates checksum using SHA256 algorithm.
        /// </summary>
        /// <param name="payLoad">Data to be used for hashing</param>
        /// <returns>The hash</returns>
        public static byte[] GenerateChecksum(byte[] payLoad)
        {
            using (var algo = new SHA256Managed())
            {
                return algo.ComputeHash(payLoad);
            }
        }

To do RSA encryption, I used .NET's native cryptography methods.
        /// <summary>
        /// Encrypts the data using RSA key.
        /// </summary>
        /// <param name="payLoad">Data to be encrypted</param>
        /// <param name="key">RSA key</param>
        /// <returns>The encrypted data</returns>
        public static byte[] Encrypt(byte[] payLoad, CryptoKey key)
        {
            using (var rsa = key.GetRSA())
            {
                return rsa.PrivateEncrypt(payLoad, RSA.Padding.PKCS1);
            }
        }

Well that's about it for now. I will update this with more functions as I move on.
Cheers!