Firefox: Transforming The UI

Firefox is an open source web browser developed by Mozilla. I have been using Firefox for a long time. I believe I first started using it back in 2009 (v3.5). I was also a contributor.

Two features that I have always loved about Firefox is that it is open source, and it has a large variety of addons. An open source project means no hidden surprises for users. A closed source or semi open source project may contain hidden code that violates users privacy.

What is also great about Firefox, is that you can change the UI however you want. Before the release of Firefox Quantum, you could easily manipulate the UI using addons. I have always been fond of the Firefox classic theme, and used an addon named “Classic Theme Restorer” for it.

With the release of Firefox Quantum, you could no longer manipulate the UI from within the browser. That meant the the end of the CTR addon. This was a huge nuisance for me. Luckily, Firefox Quantum offered external CSS customizations.

UI customizations, by using userChrome.css, allows you to change the UI of Firefox, using CSS. This gave birth to a new project, from the same author as CTR. CustomCSSforFx is the name of the new project and can be found here:

https://github.com/Aris-t2/CustomCSSforFx

I have decided to use the project to transform my Firefox UI into the classic theme, that I have always used. CustomCSSforFx saved me a lot of work. Though, it was not enough for me, because I wanted the exact look that I am used to.

After many customizations and tweaks, I have managed to copy the look. This was my pre-Firefox Quantum look:

This is my current post-Firefox Quantum look:

Note that I am also using a different project for supporting external JS scripts, and that is how I managed to replace the search bar with the classic version.

I was also missing an addon that allowed me to check tab history by clicking on tabs (instead of forward/back buttons). So, I have created a script to compensate for that. I will release it when I have the time.

If you want to customize your Firefox browser UI, check the project link above. If you do not know much about CSS visit the following link:

https://www.w3schools.com/Css/

If you have any questions, let me know.

Introducing The Security Tool: WebHelper

WebHelper is one of my oldest private projects. I wanted to release it years back. Though, I did not have the time. I have decided to go ahead and clean the project a bit, to make it release worthy. The project is almost complete, though it could use some extra work.

WebHelper is a security tool that allows you to view and modify programs web traffic. It works by utilizing a web proxy server (that the programs connect to), and it supports both normal (HTTP) and encrypted (HTTPS) traffic.

I have mentioned, on previous articles, that developers need to focus on making their web traffic secure. Sadly, many developers are not aware of this. I have examined several products, and found many of them to be vulnerable to man-in-the-middle (MITM) attacks. One of those products is an anti-malware solution, which is quite ironic.

Using a tool like WebHelper, one is able to capture/replay the response of a web request, sent by a program. Not only that, but the response can be modified to anything before sending it to the requesting program (MITM attack).

Developers offer trials for their products, for example. Those products may perform web checks to see if the trial is active or not. Using WebHelper, a malicious user can record the response of those requests. After that, he can replay it back to the program, using one of the response rules. He could also modify it. The response could be something like remaining_days=0, and the user can respond with remaining_days=30, forever.

One could evaluate the product, without paying for it, indefinitely. This means lower funds for the product, which leads to a failed product. This is only a simple example of how an attack can affect products. An advanced malicious user can go beyond MITM attacks. He can analyze the requests and manipulate them, at server side, to gain access to restricted information.

Some developers focus on the security of their products, but not the web traffic. Normally, it would take a while to reverse engineer a product to defeat its protections. Though, without protecting the web traffic, a malicious user can defeat products restrictions in seconds.

Mobile devices are also affected by those attacks. A malicious user can use an app like "Postern" on Android devices, for example, to redirect all apps traffic to a tool like WebHelper. He can then view and modify all requests.

WebHelper will help you reevaluate your products security. It will also help you monitor malicious products. Some of those products use advanced obfuscation. So, you will find it hard to trace their malicious behavior. Using WebHelper, you can analyze and even manipulate their traffic.

You can find the project here:

https://github.com/samehb/WebHelper

Also, refer to my other article here for more information on how to protect your products web traffic:

https://sres.tumblr.com/post/186381853943/security-tips-protecting-your-programs-traffic

P.S. If you like WebHelper, check my VibePlayer project in here:

https://play.google.com/store/apps/details?id=com.sensationsoft.vibeplayerfree&hl=en

One Year Later: Migrating to DuckDuckGo

I have been using DuckDuckGo, my new favorite search engine, for more than a year now. I have to say that I totally love it. DuckDuckGo is one of two great search engines out there. The other one being Google.

If you have read my previous article, you will know that I have switched to DuckDuckGo to avoid the Google ReCaptcha system. I do a lot of searches, while I work on projects, and Google throttled my searches with "suspicious traffic" messages and ReCaptchas. By the time I was done solving the captchas, I would have no idea what I was searching for.

Using DuckDuckGo for more than a year, I can tell you that this search engine is as good as Google. You may be surprised to hear this. Though, it is true. Not only that, but DuckDuckGo offers extra privacy. DuckDuckGo does not collect/store your personal information, and does not track you.

Now, let us talk about the quality of search results. I have originally thought that I would need Google to augment my searches, when DuckDuckGo would not find what I want. Though, DuckDuckGo managed to deliver, with the exception of three searches. I wanted to see if Google could provide results for those searches, but it did not.

DuckDuckGo is my favorite search engine, now. It is there when I need it, with no restrictions. I would love to thank the people working on DuckDuckGo. You have done and continue to do an amazing job. Keep on the good work.

P.S. If you have not tried DuckDuckGo, go check it out now.

Security Tips: Protecting Your Programs Traffic

Security is a major aspect of software development. A secure program can mean the difference between a successful or failed product. There are many products out there, which offer trials/services, that rely on internet communications. Many of those products are vulnerable and can be easily circumvented. Some of those products use HTTP communications while others use HTTPS.

Many junior developers believe that HTTPS communications provide absolute security, but that is not the case. HTTPS protects communications from outside entities. It does not protect clients/programs traffic from target (malicious) users.

Using a tool like Fiddler, malicious users can intercept and view traffic between client and server, even when HTTPS is used. Not only they can intercept the traffic, but they can record/modify the data and replay it to the client/program, which mostly results in defeating the product's restrictions.

While there is no such thing as perfect security, developers can make it hard for malicious users to manipulate products, easily. HTTPS needs to be used at all times. Client's data needs to be sent securely, which has nothing to do with target (malicious) users.

To protect a product from target (malicious) users, the data between the client and server must be encrypted (before transmission), even when using HTTPS. Though, that is not enough. The communicated data needs to be usable only once (cryptographic nonces may be used, for example). In this manner, a malicious user will not make any sense of the sent data, and will not be able to replay the data back to the client.

In doing this, malicious users would have to put extra work in reverse engineering the program (if they have the knowledge), which would take much time. Also, if the program is being updated regularly, those users will be forced to try and reverse it, with every update.

This article lists a few techniques, for securing clients/programs traffic, to help new developers get started. There are several others. For example, one may find it beneficial to develop a custom secure protocol for communications.

Migrating to DuckDuckGo

I would like to say that I have been a Google user since the very beginning. If memory serves me right, I have found about it from an ad on Yahoo.com.

Prior to Google, I have used Yahoo and Altavista, mainly. They were nice and all, but they were not as good as Google. Google was that amazing since the launch.

Lately, Google have introduced a strict "suspicious traffic" or anti-botting feature, where your search is blocked and you are forced to solve nightmarish ReCaptchas.

The ReCaptcha system is not even accurate. You can solve the captchas over and over, and sometimes get lucky. Sometimes you keep solving the captchas and receive an error, that you did not solve them right (while you know you did).

This annoying feature gets triggered when you are trying to search for specific stuff, which I do a lot as an IT professional. Imagine having to solve 5+ captchas to gain access to your search results. Not only that, the system can be triggered again after a few searches, and you face this nightmare all over again.

After a month of struggling with the new system, I have decided to check alternative search engines. I have to say I was really disapointed that most of them did not come close to Google. Though, when I have used DuckDuckGo, I knew it was the right search engine for me.

I have used DuckDuckGo years back, and I will be honest. It did not provide accurate results. Though, that is in the past. I have been using DuckDuckGo, for months now, and I love it. It is almost as good as Google. Also, it is a search engine that does not track you.

I only had two persnal issues with DuckDuckGo. The first issue was the theme, and I have changed it (no problem). The second issue was the name. I recommend DuckDuckGo to people, now. Though, they have an issue with the name. I wish DuckDuckGo would offer a more professional name. Though, all in all, DuckDuckGo, is an amazing search engine. I have no doubt that in a few years, DuckDuckGo, will surpass Google.

I have fully migrated to DuckDuckGo. I only perform a few searches on Google, for Google related users/stuff, only. Google devs should totally rework the ReCaptcha/anti botting system. I believe many people have issues with them.

VibePlayer Phase One: Finished

Sorry for the lack of updates. I have been really busy working on my VibePlayer project. It has been two months since my last update. I am glad to announce that phase one is finally over.

I have surveyed what people are interested in, during the course of development. With every feature, I have tried my best to add something extra that is unavailable on other apps.

The VibePlayer app is the most customizable media player on the Google Play store. You can use the custom theme feature to colorize most elements of the app. Some other players offer theme customization but only to a few elements. You will find that you have other customizable options, too.

The app offers a simple interface without cluttering. You can watch the preview video (of previous update) for the features here:

https://youtu.be/TZ5qCaTTEpU

I have recently added a “Folders” tab (not available in the preview), and it offers folder.jpg files support which are used as cover art for folders.

If you are new to this project. The VibePlayer app is an audio/video player and more. This app enables you to create vibration data for audio/video files, that allow you to feel the music/sound physically in vibrations. This provides accurate results as opposed to using the automated, yet limited, audio processing methods.

Store link: https://play.google.com/store/apps/details?id=com.sensationsoft.vibeplayerfree&hl=en

I appreciate your feedback. Rate the app if you like it.

The VibePlayer App: Update #1

The VibePlayer app has been updated with performance and visual improvements. You are now able to create and use vibration data without restrictions. You can also share the vibration data with your friends. Visit the Google Play store for the latest release.

If you are new to this project. The VibePlayer app is an audio/video player and more. This app enables you to feel the music/sound physically in vibrations (in audio/video), by allowing you to create and use vibration data, using the ©Sensations technology. This provides accurate results as opposed to using the automated, yet limited, audio processing methods.

I appreciate your feedback. Rate the app if you like it.

The Story Behind The VibePlayer Project

Back in 2005-2006, when I was in college, I came up with this wild idea. Would not it be awesome if you could feel the music and sound effects in audio!!! I have used my fast internet connection (5kB/S), to research the concept and discuss it with other developers. I was lucky enough to find an expert on signal processing. I have explained to him that I wanted to process a song into data that can be used to vibrate devices. He told me that it was not possible, at that time. He continued to explain that developers involved with audio processing had quite the challenge, when it came to processing even a single musical instrument, within a song. He was (and still) right.

The problem with audio processing algorithms is that they are very limited. Converting an audio file into data that represents musical instrument notes, for example, would yield inaccurate results, mostly. In terms of Signal-to-Noise ratio, the noise is too high. There is a best case scenario, where audio processing might work. In that scenario, the musical instrument plays without any external interfering sounds, and the notes have gaps between them, too. That mostly never happens.

Anyway, I have continued researching the idea for over a month. I came to the conclusion that it was not possible to do what I wanted, using audio processing methods. Though, I was not the one to give up. I continued thinking the idea over and over until I came to the right approach. The human brain is a miracle. You can listen to a song, and single out a musical instrument within the song without any effort. So, why not simply allow the people to create the data required to vibrate the devices, instead. That is when I have figured it out.

I have brainstormed and documented the idea, in one of my notebooks. I wanted to develop the idea at that time, but I had hardware limitations that prevented me from doing so. Though, this is a story for another time. Anyway, this was one of two topics that I wanted for my graduation project. I took the other topic, which is steganography, because I wanted to target companies, at my country.

After graduation, my real life began. I was busy most of the time. Two to three years ago, I came back to this idea while checking out my notebook. So, I have thought to myself. Why not finish what I have started? Audio processing algorithms were (and) still limited (no surprise there). So, I went ahead with my original idea. What you experience in the VibePlayer app (the technology to be exact) is my twelve-year-old idea.

Some developers have attempted something similar over the years. Though, they still do not realize that relying on audio processing algorithms, would always generate inaccurate results. Some other developers provided an alternative approach where they would manufature a sound file, for the sole purpose of generating data, to provide haptic feedback. Though, even with this approach, the result is not accurate because the noise in the output data is mostly high. This results in unenjoyable experience.

In order for the user to enjoy the experience, the haptic data e.g. vibration data, must be very clear. If you are vibrating the device most of the time, users will not be able to feel what you want them to feel. They will think that the device is vibrating over everything. Allowing users to easily create the vibration data, in an enjoyable experience, is essence of my ©Sensations technology. It provides accurate results and everyone without technical expertise can create haptic/vibration data. You simply start the audio/video file and tap whenever you want a note or sound effect vibrating the device. Let it be a song, movie, or anything else. It supports all speeds and durations.

VibePlayer - Feel The Music - Official Release

Sorry for the lack of updates. I have been busy working on my VibePlayer Android project. I have finally released the official version. If you are new to this project. Let me tell you all about it.

VibePlayer is an audio/video player and more. This app enables you to feel the music/sound physically in vibrations (in audio/video), by allowing you to create and use vibration data, using the ©Sensations technology. This provides accurate results as opposed to using the automated, yet limited, audio processing methods.

You can get the app from here:

https://play.google.com/store/apps/details?id=com.sensationsoft.vibeplayertrial

If you have any questions or suggestions, please let me know.

MKVStrip - Keep The Audio/Subtitles Tracks You Need

I have developed a lot of small projects in the past years, that do plenty of tasks. Most of them are yet to be released. This is a project that I have spent only a few hours on (similar to the HIDer project). This project allows you to strip/remove all audio/subtitles tracks that you do not need, from your video files. So, for example, if you have some video files with non-English audio tracks, you can simply use this tool to get rid of those, easily.

I originally intended for the project to remove the files after processing each file, to save storage space. Though, I decided against it, because anything can happen that could result in the loss of files. The program processes the files into a different folder,  keeping the original files intact. You can find the project here, plus a guide on how to use it:

https://github.com/samehb/MKVStrip

Let me know if you have any questions/feedback. If you like MKVStrip, feel free to check my VibePlayer project. It allows you to feel the music, physically, in vibrations on your android devices. It is available on the Google Play store.

HIDer - Hide Controllers From Applications/Games

So, a friend of mine had this issue with a computer game. The game only supports xbox controllers. I have tried x360ce. It did not work. I have tried ViGEm + VDX (x360ce to ViGEm sample application). That did not help either. You see, the game read my friend's controller which did not work with the game.

That is when I realized that the only way I can make this game work is to hide the connected controller in favor of the virtual controller. Luckily, I have found a project by the author(s) of ViGEm/VDX that did the job. It is called the HidGuardian.

Sadly, I could not find a working (+VDX) easy-to-use project that utilized the HidGuardian driver, for my non-tech savvy friend to use. So, I have decided to create the HIDer project. This project allows you to hide the connected devices, so that the applications/games see only the virtual ViGEm controller.

You can find the project plus a guide on how to use it in here:

https://github.com/samehb/HIDer

If you like the project, let me know. If you have any feedback, use the comments in here. Also, feel free to check my VibePlayer app on the Google Play store, that allows you to feel the music physically in vibrations on your smart devices.

P.S. I have cooked this project in a few hours. I have tested it on Windows 7 x64, only. It should work on recent operating systems, though.

VibePlayer Project - Feel The Music

I was really busy at the past six months. I had a lot of work. Also, on my spare time, I was working on a project that I have been putting off for years. This project will allow people to experience audio files like never before.

The VibePlayer project takes advantage of the Sensations Technology to allow the user to feel accurate vibration feedback for audio files such as songs and audio books.

For example, a user can use the VibePlayer app to listen to a song, with the smart device vibrating to notes of a musical instrument within that song. This technology is different and it provides the accurate results needed for an enjoyable experience.

You can find a working demo at the Google Play store. I hope you like it. Please share your feedback and let me what you think about the demo.

The project is not finished, yet. I have launched an Indiegogo campaign to get the funds required for the project. You will find all the information regarding the project there:

https://www.indiegogo.com/projects/vibeplayer-feel-the-music-application-technology/

Edit: The VibeMaker demo is available on the Google Play store now. This app will allow you to create vibration data for one audio track of choice.

Continuous Page Loading On Firefox With Options

I like to discover (and create) new addons to make my Firefox browser more awesome. Anyways, I was trying to find an addon that allows me to load multiple pages at once on paginated pages. I had this great addon named Autopager that worked nicely. Though, it longer works with the current version of Firefox. Even the fixed version got plenty of issues.

I found multiple alternatives and they all had issues, sadly. I came across PageZipper. Though, it provides endless scrolling only. This means you have to scroll down in order for the new pages to show. This is nice but I needed the preloading option because I do not like waiting for the new pages to load. I wanted to be able to preload say 10 pages and start finding what I want using the Find option on Firefox..

I gave up on finding an addon to accomplish what I need and I was this close to starting my own addon. That is when I stumbled upon a great Greasemonkey script. Greasemonkey is a Firefox addon that allows you to run scripts (in case you have not heard of it). The script is called Super_preloaderPlus_one. Do not let the odd name fool you. This is an amazing endless and custom scrolling script with plenty of options.

I have installed the script and refreshed my paginated page and it was there. It actually shows as a small square to the top right corner of the browser. When I scrolled over the sqaure icon, I discovered that the addon is in Chinese. I could not find an option to change the language. I could not find any documentation to see how it works, either. I decided to experiment with it to see if it worked. After so many tries (and so many Google Translation attempts), I managed to make it work. It did exactly what I wanted. It had plenty of options, too.

I liked the script a lot. That is why I decided to localize it. I wanted to see all the options in English. So, I went ahead and edited the script copying the Google Translation strings over and over. I managed to localize the main options (more or less). I refined some of the strings but not all (I can refine it further if people request it). I decided to share the localized version so other people benefit. I will also show you how to use it.

Here is what I want you to do:

1. Install Greasemonkey and restart your browser (if you do not already have the addon).

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

2. Install the Super_preloaderPlus_one localized version from here:

https://greasyfork.org/en/scripts/25340-super-preloaderplus-one-english-version

3. Search for anything on Google to test if its loaded. It shows as a small green square to the top right corner of your browser, like I mentioned earlier.

4. Scroll over the square icon and make sure the options look like this:

This is the default settings. I am just putting this step just in case. If you see that the box is green then the script is enabled and you can simply scroll down endlessly.

5. If you are like me and want to preload the pages, you would have to tick the Manual Mode box and Save. The page will be refreshed. After that, change the number in the box between “turn’ and “page” then click Start. The script will preload the number of pages specified in that box.

That is it. There are plenty of options in that script that you can explore. Also, check the Settings, if you want to experiment. Whats great about this script is that it runs on all the sites (all the ones that I have tested) without issues. When I had AutoPager I had to add custom profiles. This is not the case here.

You can also download the script from the following link then pull it into the browser window and install if you want:

http://www.mediafire.com/file/yt6v2848ctzoe3i/Super_preloaderPlus_one.user.js

This should also work for Google Chrome, but I have not tested it. Feel free to try. Let me know if you have any questions.

Forwarding A Domain Name To Another While Keeping Responsiveness

So, you have an extra domain name that you want to forward to your main domain. That is pretty easy, all you have to do is go to that domain’s settings and configure forwarding to the main domain. You pick the “Forward Only” option and you enter your main domain name and you are done. When you go to your secondary domain, you get forwarded to your main domain without issues. Though, what if you want to keep the name of the second domain displayed in the address bar of the user’s browser. That is when you pick the “Forward With Masking” option instead of the “Forward Only” option. That works nicely for most sites but not the responsive ones.

If you decide to use the “Forward With Masking” option that will result in you losing the responsiveness because of the way this feature works. Forward With Masking works by wrapping the target domain in an iframe. This results in the browser not catching your viewport meta tag. This in turn means your responsiveness is gone. Some people settle for “Forward Only” but others do not and try to find hacks to make responsiveness work with the masking option.

There are some workarounds (or hacks) available but most of them are not reliable. I personally have a different approach that worked for me without issues. I will try to make this as easy as possible for you. Here is what I need you to do:

1. Backup everything on your site, just in case you mess something up and you need to start over. You mainly need to backup the DNS settings on your DNS Manager.

2. If you have forwarding enabled on your second domain, remove it completely. Then, make sure your site does not point to anything anymore by going into your browser and checking.

3. After you are done backing everything, you need to go to the DNS Manager of your secondary domain (the one that you will need to forward to the main site) and undo any custom changes you did. After that, create a new DNS “CNAME” record with the following values:

Host: www

Destination (or Points to): www.destinationsite.com (replace this with your main destination site changing the .com part if needed).

Then, click save.

4. I want you to take a deep breath and wait now. You need to navigate to your secondary forwarding site (www.sourcesite.com for example) and wait for it to show anything. You have to type the “www.” before your site name. Keep trying until you see something. This usually happens within 5 minutes. Do not skip the waiting steps, because you are building towards the final result. You need to know that every step succeeded. Note that all the changes we are going to do are done to the secondary site only.

5. After you are done with the last step, I want you to go to Domain Forwarding (on your domain’s front page or DNS Manager) for your secondary site and add the following values:

Forward to: http:// (or if the sourcesite is https, pick that) then www.sourcesite.com. Replace this value with your source domain name but make sure that the value has to start with the “www.” part.

Forward Type: Permanent.

Settings: Forward Only.

Then, select the option (checkbox) to update DNS settings. After that, save and wait like you did on step 4.

You need to visit your secondary site like this:

http://sourcesite.com (without the “www.” part)

until you see what you saw on step 4. Wait as long as it takes. Let me show you what we did so far so you understand what we are trying to accomplish.

sourcesite.com -- FW --> www.sourcesite.com -- CN --> www.destinationsite.com

We want souresite.com to go to www.sourcesite.com to go to www.destinationsite.com.

6. We are not done yet. Make sure step 5 succeeded. Do not skip the waiting. Now, I need you to go to your hosting link and open the cPanel then scroll down to Domains and click Aliases.

Under “Create New Alias” type your secondary domain name like www.sourcesite.com. Then, click “Add Domain.” Make sure the domain is added.

That is it. You are done. When you go to www.sourcesite.com it will show you www.destinationsite.com while the souresite’s domain name stays at the address bar. If you attempt to go to sourcesite.com it will forward you to www.sourcesite.com and then you will see the destination site while www.sourcesite.com stays at the address bar. Some browsers cache pages so you would have to keep clearing the cache after some step to see the changes.

If you like the article or have any questions let me know.

LANMonitor - Detect Users On Your Local Network

This is a project that I have worked on for a short while. I was supposed to release it months ago but something came up. I decided to clean the code a bit and test it, yesterday. The program is still in its alpha stage. I did not have time to fully test it, but it should work without problems.

I started working on this project months ago when I came across a similar tool from nirsoft.net. Nirsoft is a home for a lot of useful tools. Anyway, when I saw the tool from the site, I decided to start my own open source project with some extras.

What I wanted the most is the ability to switch off reporting for my own devices which was not available in any other solution. Also, I had some other features I wanted to add. Anyway, I started searching for network monitoring open source projects, similar to the one mentioned above, without luck. The only project I found was LANNotifier by cDima on github. It did not provide an interface, sadly. Anyway, I started by attempting to give LANNotifier an interface. After an hour, I found myself replacing a lot of the code. So, I decided to drop working on LANNotifier and start from scratch. Also, with me adding my own license, I had to start fresh.

LANMonitor is a program that allows you to detect users on your network and find information about their devices such as names, MAC addresses, and MAC vendors (useful for identifying the devices that have no useful names). This is useful if you want to know if someone is using your connection without permission. It detects all devices on your network (both wired and wireless).

You can do measures to protect yourself from those users by enabling WiFi WPA2 security / MAC address filtering on your network device. Though, some people prefer convenience over security when it comes to connecting to their network, especially when they are sharing the connection with neighbors. Though, what if you share the connection and after days you find that your connection is very slow. You can use this program to identify the users connected.

The project has other uses. It can be used as a network monitoring tool to detect when devices are up or down (has network connectivity). The program records last seen time, so I guess you can use it to find out when someone left. If you own a company and want to keep tabs on your employees, you can use this tool. Though, keep in mind that if they keep their computers (for example) on. It will not help. You can see who is wasting your electricity, though.

There are two features I will be adding in the future when I have the time. I will be adding a logging feature (to record when users log on and off your network). The program already stores all the devices details even if you restart it. Though, it does not provide the feature mentioned. I will also be adding the ability to trigger actions when users log on or leave the network. For example, you can perform a shutdown of your computer when your cell phone is nowhere near the network. In other words, you can leave the house and your computer will detect that your phone is longer there and shuts down.

You can find the project here:

https://github.com/samehb/LANMonitor

Let me know if you like the project. If you find any bugs or have any ideas you want added to the project, let me know.

Your Software and Trial Resetters

So, you decided to develop a program and after weeks/months of work, you go ahead and release it offering a trial. Though, after releasing the trial, you find out that only a handful of people bought it. A simple search lands you on a shady website with a “trial resetter.” So, after all this time you spent on the software, nobody has to buy it because once the trial is over, one can use the trial resetter to start it all over again.

Sadly, there is no guaranteed way to protect your software against trial resetters. Though, what you can do is make it harder for anyone to make those. In order to do that, you will have to be creative. You can add a value to the registry, create a file on disc, check the date for a specific file, and/or get a unique value pertaining to the computer then send it to your server to be processed and stored.

Many trial applications generate registry keys in order to preserve trial information. Most of the time, they do not do it right. The keys need to be very subtle. After checking some of the applications available, I noticed how they add keys with values like the company or product names. So, anyone can launch the registry editor and search for those keys then delete them. One does not even have to be tech savvy to do this. If you want to create registry keys, you will have to make them very subtitle. One of the best approaches is to create a new file extension key (HKEY_CLASSES_ROOT\.zip would be an available example but you will have to use a unique extension that is not used by any other application) and simply add the values there. So, this makes it harder for users to search for your trial data. Also, you can go ahead and create multiple keys at different subtle locations to make the process of finding the keys and removing them more complex.

You can create a file on disc that has the trial information. Again, use vague filenames/paths to make it harder for ordinary users to search for them. You can also create multiple files to make removing them a very complex procedure. Refrain from using the same filename for all files.

You can also check the application (or some file the application generates) creation date and verify it against the current date. That should help, too (I have not tried that myself, though). Remember that you need every trick to add complexity to your trial information retention. A user needs to uninstall the application or remove the application files then readd them in order to bypass this, if he knew that you are using this method. There are other means of changing the files date information, but I will not discuss them in this article.

Lastly, you can get a unique value that can be acquired from the computer. Some people go for MAC addresses hoping that the computer has only one interface. Though, any advanced user can easily bypass this by using a MAC address changing application. On the other hand, you can get the hard disc serial number (for example) which I personally suggest. After acquiring the unique value you can send it back to your server and verify the trial information. Keep in mind that some users will not have access to the internet. So, you can use this as an optional mean of verification when you find that the user has internet access. Though, if your software requires an internet connection to function, you can go ahead and make this mandatory. Also, as an extra measure, you can require the users to register a trial account using their cell phone number to limit abuse.

I suggest you utilize a combination of all the above verification methods. That will make it harder for anyone to make a trial resetter. There are advanced users who can use programs to monitor storage/registry activity to capture the modifications to the filesystem/regisry and then remove those. The last verification method is the only way you can combat most of those users (some users are so advanced that they can send spoofed information, but you do not have to worry about those because if they know how to spoof data you can bet they can crack your application). Also, change the verification data with each version you release. That will be a nuisance for anyone who tries to reset your application. Also, when they distribute the trial resetters they will work for one version limiting the people who will have access to the uninterrupted software. Some people even give up when they try some trial resetters and see they do not work.

Keep in mind that anyone with assembly knowledge can disassemble your application and crack it. None of the above methods can protect you from that. If you are concerned with piracy, create two versions of the same application. One with limited features for trial users and another with all features available. The full version will only be available for purchase only. That should limit the full version exposure. Though, with plenty of cracking groups around, they can buy the full version and crack it for everyone to use. Adding a subtle signature to your application can make it possible to know who leaked the software, so you can attempt to track them and hopefully sue them. Keep in mind that an advanced cracker can attempt to find the signature and remove it, when (and if) he detects it. The only way you can protect your application from crackers is by denying the users the full application logic or some of it. In other words, keep some of the processing to be handled server side. Refer to my other article below (Protecting Your Applications From Piracy).

X3 Voice Control

A friend of mine asked me if he could play his favorite X3 space exploration game using his voice. Looking into the game, I did not find any voice control built into it. Though, that was not really needed. My friend uses Windows 7 which has a built in speech recognition support. All that was required is Windows Speech Recognition Macros which allows you to program Speech Recognition to respond to your commands however you please. All I needed was the option to convert voice commands into keystrokes. In other words I wanted to map voice commands into keys. WSRMacros supported that.

I opened one of the two X3 games that my friend plays (X3 Terran Conflict). Then, I started writing down the commands plus the keys associated with them. I went ahead and created a macro then started testing. I realized that the script was not quite finished. WSRMacros does not support holding down keys. So, the commands to firing did not work as expected since you needed to keep holding down keys/buttons. I decided to keep the project really simple so anyone with little programming knowledge can modify it if needed. So, I decided to use AutoHotKey to allow support for holding down keys. It is really simple. You call the AutoHotKey script from within the WSRMacro with and without arguments. I even allowed the script to suspend key holding to allow for a cease fire voice command.

So, after completing that I decided to add more control over steering or flight controls. I decided to allow for short movements in all directions by voice commands. Holding down the W, A, S, D will allow you to move in every direction until you release the keys. So, what I did was simply time those buttons to allow short movements. I did the same for rolling the ship left and right and reverse movement. I even added the command to reset the controls to stop all directional movement.

Lastly, I wanted the zoom in option to be more efficient. In X3 zooming in would require you to press the zoom key for a second or so. Then, when you release the key the game just zooms out automatically. So, I decided to keep the camera zoomed in until you ask the game to release it and thus allowing you to focus on any object you want without having to keep asking the game to zoom in.

WSRMacros is a great way to accomplish anything you need. You can program your macros to do whatever you want. You can use external executables to accomplish what WSRMacros cannot do. It is flexible that way. Though, the only thing that I did not like about WSRMacros is that it did not support environmental variables (to my knowledge). I could simply use an external program to accomplish what I needed. Though, I believe WSRMacros should support this by default.

If you are interested in X3VoiceControl project. You can find it in here:

https://github.com/samehb/X3VoiceControl

The project supports both X3 Albion Prelude and X3 Terran Conflict PC games. Let me know what you think.