Browsed by
Author: Peter

Who Wrote the Mirai Worm

Who Wrote the Mirai Worm

This long article details one security investigator’s endeavor in revealing the real identity of the the Mirai worm:


“So long” To RapidVPS

“So long” To RapidVPS

After about 8 years of hosting my site and various other things on RapidVPS, I have finally decided to move things off of it.  I have been wanting to do that for 2 reasons:

  1. The VPS host was originally based on Ubuntu 9.04, and I wish to take advantage of newer TLS cipher suites that are not available.
  2. $20 USD per month isn’t much, but since I am already running a bunch of other sites from my home ESXi, I don’t see the need to pay for another VPS that isn’t mission critical anyway.

The new home is a ESXi VM based on:

  • Ubuntu 16.04 with 8GB RAM
  • ESXi 5.1.0
  • Intel Core i7-3770 with 32GB RAM

The blog is still based on WordPress, but I’ve upgraded it and switched to a much lighter-weight theme.  I’ve also put apache2 in front of gitlab-ce as a reverse proxy, and obtained TLS cert from Lets Encrypt.


A Little Primer on Bootloaders, Encryption, and Signing

A Little Primer on Bootloaders, Encryption, and Signing

A tweet from #AndroidPolice on Android booloaders and the security mechanism around it came to me through #cyanogen today.  While it’s not meant to be comprehensive, I think it does help point developers and modders in the right direction to understanding come fundamental building blocks in information security.  The fact that these security circumvention techniques float about on the Net goes to show that although the underlying encryption schemes and ciphers remain intact, hackers have consistently managed to find attack vectors that “side step” these measures, hence the term “circumvention”.  It’s a proverbial game of cat and mouse perhaps calculated to cost-effectively block a majority of users while appeasing to script kiddies and modders alike.  Link to the post on Android Police here.

Vibo A688 Runing CM7

Vibo A688 Runing CM7


I recently arrived in Taiwan, where my Sprint EVO 4G/HTC Supersonic became more of a Wifi-only device. While Asia Pacific Telecom offers CDMA 1X here in Taipei, EvDO with 3G speed is sorely lacking, let alone WiMax implementation.  Besides, the rest of my family members here are on Chung Hwa Telecom, which happens to be the largest network here by virtue of its heritage as a state-run monopoly until recently, so I find it more economically sound to stick with Chung Hwa.  The problem is, however, I need a GSM phone.

Prior to the explosion of data-minded smartphones flooding the market, I had a couple of free or near free GSM phones subsidized by US carriers like PacBell (which then became Cingular before morphing back to Ma Bell – AT&T) and T-Mobile.  It was pretty sweet, get a new phone for free or even get money back after rebate for jumping over to T-Mobile and be on the hook for only a year.  These days, you would most likely need to sign up with a two-year contract.  Now that I have switched to the CDMA camp with Sprint, the freedom of swapping out my home SIM with a local one is no longer an option.

Enter Vibo A688 (Commtiva Z71 Varient)-

A friend here had a Vibo A688 Android device on the Vibo GSM network.  At a first glance, it looked a lot like T-Mobile’s myTouch, but was made by Foxconn instead of HTC.  My friend had it for more than a year, and said she never liked it because it was not very responsive.  She had dropped the device, and now it has a cracked screen, but still functional, for the most part.

It came prettty crippled with Android 1.5, so I looked around on the web for ways to root it and perhaps load some updated ROM.  Vibo’s support website has a link for an updated 2.1 firmware, which underclocked the device from 600MHz to 480MHz max freq on purpose.  My guess is for power consumption’s sake.  I tried it for a few minutes, but didn’t like it much, so I looked to the good folks at CyanogenMod.

Time to Tinker-

I found z4root on xda-developers to be exceedingly simple to root this phone with pretty much a one-touch root process.  Of course there are inherent dangers in rooting your phone, so the usual disclaimer applies, especially with a one-click root process where you, the script kiddie, may not understand what it is that you’re doing to your phone.  After the A688 is rooted and a custom bootloader installed, it was time to load a custom recovery (I used koush’s clockworkmod recovery).  It wasn’t immediately obvious to me which device this A688 falls under, but a trip to Google came back with the hint of Commtiva Z71 Varient.  I loaded CM and a custom boot splash that I cooked up, and all was done within 3 hours of getting my hands on this poor device.

I have since flashed back and forth between Vibo’s 2.1 ROM and CM7, and find that user experience to be superior on CM7 with ondemand governor and  600MHz/122MHz max/min freq.  Because of the dismal amount of available RAM, I have had to do away with many apps I had grown accustomed to on the EVO 4G, or the system would start killing processes when switching among multiple apps.   I didn’t try to tinker with CMPart’s setting to lock home in momory or decrease VM heap size, so your mileage may vary.

*Update May 23, 2011 15:10 GMT*
I enabled Compcache pursuant to this post, and have found marked improvement in available memory without noticeable performance hit.  Granted that I’ve only just turned it on an hour ago, but the difference seems obvious for my use case.  I’m using 18% of the RAM as Compcache, and find a corresponding increase in available RAM.  I expect more drain on the battery, but I’ll report back once I have more time playing with this setting, so stay tuned.

A few gripes-

So far, I have had problems with the SD card being unmounted by itself at random times.  I’m not sure if it’s a defective card or something else.  Coming from the EVO 4G with 1GHz snapdragon, A688’s MSM7227 (also by Qualcomm) definitely is quite a bit slower.  It is especially annoying  when using Google Maps to navigate around Taipei’s crisscrossing streets.  I’ve missed innumerable turns while the phone struggles to keep up with my location.

Anyway, that’s all for now.  I’ll try to post some screenshots and updated links in a few days.