Monday, December 23, 2013

Debug SIP little tips

Debug SIP

Capturer les flux sur  IN / OUT.

Ouvrir les fichiers captures (.cap) dans Wireshark, utiliser un filtre d'affichage:

sip || rtp


Rechercher les paquets de type INVITE:

 


Puis rechercher le champ O: dans les propriété SDP, Cela donne l'ip réelle du poste (l'ip privée):


 

ou l'ip publique, si aucun nat n'a été utilisé:

 


Pour voir les ip virtuelles de la comm (les ip publiques):

 

autre ex:

 



Une connection, une communication est charactérisé par son id de comm: RTP.SSRC:

499    8.479371    200.57.7.204    200.57.7.196    irdmi    40376    RTP    214    PT=ITU-T G.711 PCMA, SSRC=0xD2BD4E3E, Seq=1, Time=160, Mark

autre ex:

626    1444.582579    192.168.1.2    212.242.XX.XX    30000    40392    RTP    214    PT=ITU-T G.711 PCMA, SSRC=0x3796CB71, Seq=28592, Time=1560



On peut alors filtrer les paquets d'une même communication:

Filtre Wireshark:

rtp.ssrc==0xD2BD4E3E



 


Dans cet exemple, on voit bien que la comm. est unidirectionnelle:

 




Tuesday, June 11, 2013

Arreter le Hoquet: ma méthode 100% réussite

Voici ma méthode, celle que j'utilise et qui arrête mon hoquet :

Prendre un verre d'eau à moitié rempli, se pencher en avant et boire à l'envers,
le verre posé sur la lèvre du haut, donc en faisant couler l'eau sur son palais!!!

C'est bien sur très difficile, et vous ne pourrez prendre que des petites quantitée.

Mais le résultat est stupéfiant.

Testez ... vous serez surpris !


A bientôt.

Philippe.

Monday, March 25, 2013

Links: Hard and Symbolics - Windows DRAFT

How to deal with links in windows, here we will need ntfs. Because that feature isn't available in FAT.
We wiil use 2 tools:
  • fsutil
  • mklink

I will do the same as with Linux:
echo "FILE 1" >FILE-1.txt
 
cat FILE-1.txt
"FILE 1"
 
fsutil hardlink create FILE-2.txt FILE-1.txt
Hardlink created for D:\opt\temp\DIR1\FILE-2.txt <<===>> D:\opt\temp\DIR1\FILE-1.txt
dir
 Volume in drive D is DATA
 Volume Serial Number is 7637-FD99

 Directory of D:\opt\temp\DIR1

25/03/2013  17:04    <DIR>          .
25/03/2013  17:04    <DIR>          ..
25/03/2013  16:55                 9 FILE-1.txt
25/03/2013  16:55                 9 FILE-2.txt
               2 File(s)             18 bytes
               2 Dir(s)  39 250 927 616 bytes free

type FILE-1.txt
FILE 1
type FILE-2.txt
FILE 1
del FILE-1.txt

dir
 Volume in drive D is DATA
 Volume Serial Number is 7637-FD99

 Directory of D:\opt\temp\DIR1

25/03/2013  17:55    <DIR>          .
25/03/2013  17:55    <DIR>          ..
25/03/2013  16:55                 9 FILE-2.txt
               1 File(s)              9 bytes
               2 Dir(s)  39 250 927 616 bytes free
              
type FILE-2.txt
FILE 1
So, we have the same result for the hardlink. I will update both post, to see what happen with directory links.

Links: Hard and Symbolics - Linux

Let's quickly talk about links, and see how to deal with them.

First an exemple, to see  hardlinks:

$ mkdir DIR1
$ cd DIR1/
$ echo "FILE 1" > FILE-1.txt
$ ll
total 4,0K
-rw-r--r-- 1 philippe philippe 7 25 mars  17:15 FILE-1.txt

$ cat FILE-1.txt
FILE 1

$ ln FILE-1.txt FILE-2.txt
$ ll
total 8,0K
-rw-r--r-- 2 philippe philippe 7 25 mars  17:15 FILE-1.txt
-rw-r--r-- 2 philippe philippe 7 25 mars  17:15 FILE-2.txt

$ cat FILE-2.txt
FILE 1

$ rm FILE-1.txt
rm : supprimer fichier « FILE-1.txt » ? y

$ ll
total 4,0K
-rw-r--r-- 1 philippe philippe 7 25 mars  17:15 FILE-2.txt

$ cat FILE-2.txt
FILE 1

 

As you may seen, i' ve created a directory, put inside a file. The content of this file is 'File 1'. Then i create a hardlink to it, named file2, so when i list the directory content, i can see two regular files, with same size, and same modification time. I've verified that the content are the same for file1 and file2.

We can also see, if i delete file1, that file2 remain, and that the content also remain available.

Let's do the same thing with symbolic

$ ln -s FILE-2.txt FILE-3.txt
$ ll
total 4.0K
-rw-r--r-- 1 philippe philippe  7 Mar 25 17:15 FILE-2.txt
lrwxrwxrwx 1 philippe philippe 10 Mar 25 17:46 FILE-3.txt -> FILE-2.txt
$ cat FILE-3.txt
FILE 1
$ ll
total 0
lrwxrwxrwx 1 philippe philippe 10 Mar 25 17:46 FILE-3.txt -> FILE-2.txt
$ cat FILE-3.txt
cat: FILE-3.txt: No such file or directory
[Exit 1 ]

Now, we created a symbolic file, this can be seen with the arrow in the ls -l output (ll). In this case, when i removed the file File2, the content of File3 wasn't avaible anymore.

This post was the introduction for the next one, handling links in windows, soon.

 

Friday, March 8, 2013

How to reset forgotten Restrictions password without iPhone restore

How to reset forgotten Restrictions password without iPhone restore
 *** Jailbreak Mandatory ***

So i put a passcode on restriction and as so many people i forgot it !

I search all over the and i found so many pages telling the official way,
a nigthmare, telling us to restore the iphone as a new phone !!

The result of this is that you have an empty iphone so you will have to confiure everything.

No, unsastisfying, i had to found an other solution.

Here it is. Of course, as usualy, when you want to do something against the apple way,
you have to jailbreak your iphone. So do it if it is not already done.

Then open cydia and install the iFile apps and the SBSettings.

Open iFile and browse to this directory:

/var/mobile/Library/Preferences 

Then scrolldown until you find the file:

com.apple.springboard.plist

click on it and then select 'Property Reader'

Scrolldown again and find the property named:

SBParentalControlsPIN

Don't Panic if you didn't find it, as it seems to be the case on newer version of IOS.

Just create it using the + button.

Create it as:

SBParentalControlsPIN type=string

validate and then enter in it, now put a 4 digit number.

I highly suggest to write 0000 !
Now leave the iFile app and open the SBSettings, from the springboard,
swipe the top of the screen from left to right.

Then click on respring icon, to reload the SpringBoard.

To validate our process, go to
Settings > General > Restriction
and tap the 4 digits code you've just writen.

It should have worked.

And That's all Folks !
Note: if you go inside the properties after reloading the spingboard, you can see, with recent ios, that the SBParentalControlsPIN property disapeared.

Friday, March 1, 2013

iPhone: ios 6.1.2 : Issue with call manager: call history too long

Hi,
so i updated my iphone ( one 3gs and one 4s ), so everytihng in the update goes fine.
But then i encounter one strange comportment, strange issue, when i ran the call manager.
So 80% of time, when i launch call manager, it takes 10 to 15s to show up with call log, call history.
And it is even more with the 3gs. Worse, manytimes the call manager crashes, and i'm stuck, not completly because taking the contact app allowed me to call my people.
I tried to delete all the history of calls, i guess i had 1000 of log calls, but it didn't worked.
Then i found this web page:
http://avi.alkalay.net/2011/12/iphone-call-history.html
Thanks to Avi Alkalay !!
So i connected my ifunbox ( http://www.i-funbox.com/ ), it is a tool to browse the files on your iphone, and copied localy the file:
/var/wireless/Library/CallHistory/call_history.db
Then i opened it up with sqlite3 shell  ( https://dl.dropbox.com/u/8229862/Iphone_CallHistory_Default/sqlite3.exe ), and i dumped the db in a sql text file.
open a cmd console, then:
cd your_local_dir
sqlite3 call_history.db
sqlite> .output call2.sql
sqlite> .dump
sqlite> .quit
Open the file call2.sql and  cleaned it up:
- deleted call log ( 7500 call !!! ),
- reseted counters,
- reseted sequences,
- removed sql command (those for the system table ie: sqlite_sequence, wich not need to be created
Here i put a copy of the finalized file :  https://dl.dropbox.com/u/8229862/Iphone_CallHistory_Default/call_history.sql
You just have to modify the UID with yours !
ex:
'_UniqueIdentifier','XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
Then you have to create a new db file:
cd your_local_dir
move call_history.db call_history_old.db
sqlite3 call_history.db
sqlite> .read call_history.sql
sqlite> .quit
So you have a new db file !
Here is a copy (be aware of the uid) :  https://dl.dropbox.com/u/8229862/Iphone_CallHistory_Default/call_history.db
Just sync it with your iphone and open call manager: in less than a sec, with no more crashes !!!
At least for me.
Best Regards.

Tuesday, February 26, 2013

Firewall: How to know the full range of ip used by google or by another company

Hi,

we can use the spf entry of dns. Used by mail servers to knoiw how is allowed from a domain to send mail for that particular domain. Usually, companies put their full range of ip. Ok you may find one exception, in that case forget this tips :-)

 

The request in general is:

 

dig txt logmein.com

; <<>> DiG 9.7.3 <<>> txt logmein.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52340
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;logmein.com.                   IN      TXT

;; ANSWER SECTION:
logmein.com.            3600    IN      TXT     "v=spf1 " "mx:3amlabs.com ip4:82.150.61.82 ip4:63.251.133.64/27 ip4:77.242.192.1 ip4:69.25.20.1 ip4:74.201.74.1 ip4:173.48.77.106 ip4:195.56.119.18 ip4:67.20.183.208/28 " "ip4:216.52.233.0/24 ip4:64.94.18.0/24 ip4:64.94.46.1 ip4:74.112.65.204 ip4:74.112.65.210 ip4:72.22.169.96/27 ip4:207.106.191.64/26 ip4:67.208.179.240/28 include:salesforce.com -all"

;; Query time: 116 msec
;; SERVER: 172.16.165.248#53(172.16.165.248)
;; WHEN: Tue Feb 26 16:04:16 2013
;; MSG SIZE  rcvd: 389

 

For google in particular, it is:

dig TXT _netblocks.google.com

; <<>> DiG 9.7.3 <<>> TXT _netblocks.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65120
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_netblocks.google.com.         IN      TXT

;; ANSWER SECTION:
_netblocks.google.com.  3583    IN      TXT     "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"

;; Query time: 20 msec
;; SERVER: 172.16.165.248#53(172.16.165.248)
;; WHEN: Tue Feb 26 15:59:19 2013
;; MSG SIZE  rcvd: 254

Found using:

 dig txt google.com

; <<>> DiG 9.7.3 <<>> txt google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21752
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      TXT

;; ANSWER SECTION:
google.com.             2465    IN      TXT     "v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"

;; Query time: 1 msec
;; SERVER: 172.16.165.248#53(172.16.165.248)
;; WHEN: Tue Feb 26 16:08:26 2013
;; MSG SIZE  rcvd: 116

Then:

dig txt _spf.google.com

; <<>> DiG 9.7.3 <<>> txt _spf.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42788
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_spf.google.com.               IN      TXT

;; ANSWER SECTION:
_spf.google.com.        183     IN      TXT     "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ?all"

;; Query time: 0 msec
;; SERVER: 172.16.165.248#53(172.16.165.248)
;; WHEN: Tue Feb 26 16:08:58 2013
;; MSG SIZE  rcvd: 149

So, you'll found the _netblocks.google.com

And then you can use all the netblock in a group, and then used that groupe in a firewall policy to allow/disallow/dowhatuwant with the packet from/to those network.

That's all folks!