Sunday, January 4, 2009

Which phone provider to choose from

I live in Denmark and when the iPhone 3G came out there, you only (legally) had one choice of phone provider. A company called telia which has the worst 3g coverage of all the companies. It also costs 100$ (600 DKK) per month to have which is quite a lot. After the first 6 months you start to pay 67$ (400 DKK) but I am looking out for other providers.
I have looked at https://www.bibob.dk/ which has very phone calls and text messages but 1 MB costs 17 USD cents (1 DKK). So I am currently checking out to see how many MBs I use when I browse the internet one hour using PdaNet on my jailbroken iPhone. I am writing this blogpost while waiting that hour.
The company that provides the best 3G coverage in Denmark is soon going to make an offer for all the iPhone owners and I am very excited about what they will provide and at what cost.

Thursday, January 1, 2009

Reverse engineering a nonpublic API

I have been a user of ordbogen.com for quite a while. For those who don't know what it is, it's an online dictionary that is not free, however it's the best one yet, supporting danish (my main language). The site has a quick word translate widget for Windows, but nothing for Mac OS X which has been bothering me for some time.

Recently I learned how to develope widgets for Mac OS X and I wanted to make my own ordbogen.com widget. I emailed their staff asking for an API, however they couldn't really help except for giving me ideas (sounds like they are not against the idea either). So I started brainstorming.
I came to the thought that there must be some way to find out what the Windows Widget did, to get its information. I was certain that the information was at ordbogen.com itself so I found out what to do.
I wanted to know the link, which the program accessed so I figured I could modify my hosts file, stored in C:\Windows\System32\drivers\etc\hosts . This file allows you to tie IPs to hostnames. So I tied ordbogen.com to 127.0.0.1 (localhost) which means that the program will try to access the webserver on my local computer, instead of ordbogen.com's own webserver.
127.0.0.1       ordbogen.com
127.0.0.1 www.ordbogen.com

I needed to catch the program's intentions, so I installed WAMP which means Windows+Apache+MySQL+PHP. Which is the most common website setup. So now the program will connect to my webserver.
Since I did not know where on the webserver, the program wanted acccess, I had to catch it in any case, so I enabled mod_rewrite on the server, and added a .htaccess file with the following contents:
RewriteEngine On
RewriteCond %{REQUEST_URI} !=/test.php [NC]
RewriteRule ^(.*)$ /test.php?file=$1

which basically tells the webserver that whatever page is requested, will be sent to my test.php file, which then would log what the program had to say. So I made my test.php file:
<?php// start output
ob_start();
// print everything form-posted
echo "Post ";
print_r($_POST);
echo "\n";
// print everything in-url posted
echo "Get ";
print_r($_GET);
echo "\n";
// get everything outputted
$d = ob_get_contents();
// clean output
ob_end_clean();
// start logging
$saved = false;
$n = 0;
while($saved == false) {
$n++;
$name = 'log_'.$n.'.txt';
if(!file_exists($name)) {
file_put_contents($name,$d);
$saved = true;
}
}
?>

To understand the code, read the comments (//) in the code. This file just logs everything you tell it.

I then opened the ordbogen.com program and instantly a new logfile was created, containing the following contents:
Post Array
(
[username] => MyUsername
[password] => MyPassword
[key] =>
)
Get Array
(
[file] => plus/login3.php
)

This told me everything I needed to know. The program sends the username and password I had defined in the settings of the program, and sent it to ordbogen.com/plus/login3.php
The program then gave me an error, saying that it was missing a header, so I installed Live HTTP Headers in FireFox to see which headers the website sent when logging in, but first I had to fake the login myself. So I created a HTML form to connect to login3.php :
<form method="POST" action="http://www.ordbogen.com/plus/login3.php"><input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" value="Login" />
</form>

I read through the headers and found this:
Set-Cookie: PHPSESSID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (removed for security)

This is the header that tells you to basically know that you are logged in, which is what the program wanted to know.
So I just added session_start() to my test.php file and the program didn't complain anymore.

Now I needed to know what to do next, when I pressed "Login" on my little form I got the following details:
00x######## (I hid the numbers cause I didn't want to reveal my account)
http://www.ordbogen.com/kundecenter/program/ordbogen-1.5.2.10.exe
daen=- Dansk-Engelsk
enda=- Engelsk-Dansk
a000=Auto. Dansk/Engelsk
dasp=- Dansk-Spansk
ddno=- Den Danske Netordbog
dase=- Dansk-Svensk
auto=Automatisk

This just tells you what dictionaries you have permission to use. So I edited my test.php file and added this:
if(isset($_POST['username'])) {
session_start();
echo '0
0x########
http://www.ordbogen.com/kundecenter/program/ordbogen-1.5.2.10.exe
daen=- Dansk-Engelsk
enda=- Engelsk-Dansk
a000=Auto. Dansk/Engelsk
dasp=- Dansk-Spansk
ddno=- Den Danske Netordbog
dase=- Dansk-Svensk
auto=Automatisk';
}

This will be the response, when the program logs on to my fake server.

So now, I wanted to know what the program wanted to do next, so I restarted the program, it logged in successfully (my fake server didn't check passwords, so it's easy to remember the login) and then I typed in a word to look up in the dictionary, and instantly a new log file appeared in my web root:
Post Array
(
[dict] => daen (danish -> english)
[word] => words (what I entered)
[PHPSESSID] => xxxxxxxxxxxxxxxxxxxxxxx (removed for security))

Get Array
(
[file] => plus/opslag3.php
)

So now I know how to send the query to the server about which dictionary to use and which word to translate and I will have to send my Session ID aswell, to ordbogen.com/plus/opslag3.php .

I went to edit my test.php file to fake this part of the server aswell, I added this to my code:
if(isset($_POST['word'])) {
session_start();
echo 'You have looked up the word '.$_POST['word'];
}

I now opened up the dictionary program from ordbogen.com, it logged in, I typed a word and voila:



I have later found out that the widget contacts http://www.ordbogen.com/plus/keepalive.php and posts the session id to keep the php session alive.

I will now begin to develope my Mac OS X widget..

First post

Hello everybody!
I have often felt like writing what I am doing. Mostly to keep track of my thoughts so I do not care much who reads this.
I am 19 years old and live in Denmark.
I am very interested in the evolution of hardware and the different companies that manufacture it.
I currently own a Macbook Pro (late 2007), a PC running Windows Vista (3 GB Ram, 2.2 Ghz C2D E4500, GTX 260 Core 216).

I hope to be posting now and then about the different things I do around the interwebs. The stuff I develope, the games I play and my hardware.