I am creating a school project, a secure chat like whatsapp / signal.
https://github.com/andeluvian/React-Chat
The application works ok, its still a mess but what i need help with to continue the project is to create a local storage for registrationId, keyId,IdentityKeyPair, PreKey, SignedPreKey
What i have tested with is the InMemoryStorage and i can see from logs that i can save most of everything in there.
When i cleared the Authentication.Js to create the localStorage i kinda feel like its not really what i should be doing.
At the SubmitHandle(e)
i do
window.localStorage.setItem('username', this.state.username);
var registrationid = KeyHelper.generateregistrationId();
window.localstorage.setItem('registrationId', registrationId);
At this point everything is fine however when i add identitykeyPair/PreKey/SignedPreKey which is another object i feel like im getting into a mess i use JSON.Stringify to put the objects into localstorage and get Inside Storage
preKey:"{"keyId":1,"keyPair":{"pubKey":{},"privKey":{}}}"
And using JSON.parse i get:
Object
keyId:1
-keyPair: Object
+privKey:Object
+pubKey:Object
:D the pub and privkey should be ArrayBuffer. Can someone brave enough help me create this part where i can store my junk into localstorage and also retrieve it?
Ps. I know there is a lot of easy ways and different libraries out there, but I am kinda limited to the project scope and requirements.
-E2E encrypted chat
-Use whisper systems signal protocol
My app uses https://github.com/kentandlime/simple-chat-api as API because the frontend is made from their tutorial.
git elsehow/signal-protocol
I am using the forked library for signal protocol
Related
I want to know if there is a way to open a exe file from client side with jQuery or JavaScript.
I tried with windows.open("..") but it didn't work.
First off, Dalorzo is correct - you cannot escape the sandbox of a browser without earning lots of money. Recently Pinky Pie won over $60k from Google for performing such a task on Google Chrome.
http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html
However, sometimes I ask questions to try to find out-of-the-box solutions, so I'm assuming that you have a legitimate use-case for this question. I can help you think of a "hack" solution if you have a legitimate use for this. I'll probably get downvoted to oblivion for this response, but theoretically you could do this...
Back in college, I took a computer forensics class in which I wrote a chat web application which would forensically clean a user's computer from having ever accessed the chat webpage. This was done through the user running an executable they could download from the site. However, I wanted to have the users to not have to run the executable every time so I wanted a sandbox escape like you're asking about.
It's messy, but if your users are a participating party they can modify their computer to allow executables to be run from Chrome webpages.
Please Note: This will make your computer less secure, I only ever did it on Virtual Machines or Lab Machines. Reconsider whether you actually wanna try this or not.
Step One: Create a Chrome custom browser:
This is the python that I eventually compiled to a packed *.exe that accomplished creating a Google Chrome custom browser.
import sqlite3 as lite
con = lite.connect('C:\Users\USERNAME\AppData\Local\Google\Chrome\User Data\Default\Web Data')
c = con.cursor()
#idmax = c.execute('SELECT MAX(id) FROM keywords')
#c.execute("INSERT INTO keywords VALUES('cleanupeverybodyeverywhere','cleanupeverybodyeverywhere','','forensichat://C:>Windows>System32>calc.exe',0,'',0,0,'',0,'',0,0,'',0,'','','','','','','','','')")
c.execute("SELECT * FROM keywords WHERE short_name='cleanupeverybodyeverywhere'")
foo = c.fetchall()
if foo == []:
c.execute("INSERT INTO keywords (short_name,keyword,url,favicon_url) VALUES ('cleanupeverybodyeverywhere','cleanupeverybodyeverywhere','forensichat://C:>Windows>System32>calc.exe','')")
con.commit()
con.close()
Note that now when I open a Chrome tab and use the custom browser cleanupeverybodyeverywhere to run the key forensichat and it will open calc.exe as proof of concept.
Step Two: Modify your Windows Registry:
import _winreg as wreg
import getpass
user = getpass.getuser()
key = wreg.CreateKey(wreg.HKEY_CLASSES_ROOT, '')
wreg.SetValue(key,'forensichat',wreg.REG_SZ,'URL:forensichat Protocol')
# Create new subkey
kkey = wreg.CreateKey(wreg.HKEY_CLASSES_ROOT, 'forensichat')
wreg.SetValueEx(kkey, 'URL Protocol', 0, wreg.REG_SZ,'')
# Create new value
wreg.CreateKey(wreg.HKEY_CLASSES_ROOT,"forensichat\shell")
nkey = wreg.CreateKey(wreg.HKEY_CLASSES_ROOT,"forensichat\shell\open")
wreg.SetValue(nkey,"command",wreg.REG_SZ,'C:\Users\\'+user+'\Downloads\\forensicleaner.exe')
key.Close()
Note that I'm creating a key called forensichat which will run the exe found in the user's Downloads folder.
Of course, I ended up cleaning this all up and packing it so Anti-Virus wouldn't flag it, next thing I know Google Chrome has marked the site lol. It's still up if you wanna check it out - check Secure Chat and Repeat Customer. Chrome will flag it, but there's obviously ways around that.
The question is quite simple, but I seriously couldn't find any sample that would demonstrate something I'm trying to achieve, maybe it's me who is didn't get the concept of background tasks in uwp applications (or windows / windows phone 8).
I'm creating an application that is polling some data (traffic incidents) and would like to be able to notify the user about the closes ones even if he is not using the application. So I reckon I would use the background task. (I hope I get that part right).
So in the background task, which I've set to run on timer of 15 minutes, under the condition of "InternetAvailable", I fetch the data asynchronously and once it's done, I'm completing the deferral object as it's required. All works ok.
The question is, what object shall I use in order to persist the data so I could read the data once the application is opened?
I've tried the WinJS.Application.sessionState but that gets lost once the application is ready (opened).
I've tried the Windows.Storage.ApplicationData.current.localSettings but it says there is a type mismatch, apparently I'm trying to put in there the object, if String is expected (I reckon)...
So does anyone know what is the best practice here ?
Thank you
You have full acess to the WinRT API, so you can write a file (and read the same file once the application is opened):
function saveData(dataObj) {
var applicationData = Windows.Storage.ApplicationData.current;
var localFolder = applicationData.localFolder;
return localFolder.createFileAsync("dataFile.txt", Windows.Storage.CreationCollisionOption.replaceExisting).then(function (sampleFile) {
return Windows.Storage.FileIO.writeTextAsync(sampleFile, JSON.stringify(dataObj));
});
}
Well here's a problem.
I've got a website with large javascript backend. This backend talks to a server over a socket with a socket bridge using http://blog.deconcept.com/swfobject/
The socket "bridge" is a Flex/Flash .swf application/executable/plugin/thing for which the source is missing.
I've got to change it.
More facts:
file appExePluginThing.swf
appExePluginThing.swf Macromedia Flash data (compressed), version 9
I've used https://www.free-decompiler.com/flash/ to decompile the .swf file and I think I've sorted out what's the original code vs the libraries and things Flash/Flex built into it.
I've used FDT (the free version) to rebuild the decompiled code into MYappExePluginThing.swf so I can run it with the javascript code and see what happens.
I'm here because what happens isn't good. Basically, my javascript code (MYjavascript.js) gets to the point where it does
window.log("init()");
var so = new SWFObject("flash/MYappExePluginThing.swf"", socketObjectId, "0", "0", "9", "#FFFFFF");
window.log("init() created MYappExecPluginThing!!!");
so.addParam("allowScriptAccess", "always");
log("init() added Param!!");
so.write(elId);
log("init() wrote!");
IE9's console (yeah, you read that right) shows
init()
created MYappExecPluginThing!!!
init() added Param!!
init() wrote!
but none of the debugging i've got in MYappExePluginThing.as displays and nothing else happens.
I'm trying to figure out what I've screwed up/what's going on? Is MYappExePluginThing.as running? Is it waiting on something? Did it fail? Why aren't the log messages in MYappExePluginThing.as showing up?
The first most obvious thing is I'm using FDT which, I suspect, was not used to build the original. Is there some kind of magic "build javascript accessible swf thing" in FlashBuilder or some other IDE?
First noteworthy thing I find is:
file MYappExePluginThing.swf
MYappExePluginThing.swf Macromedia Flash data (compressed), version 14
I'm using Flex 4.6 which, for all I know, may have a completely different mechanism for allowing javascript communication than was used in appExePluginThing.swf
Does anyone know if that's true?
For example, when FDT runs this thing (I can compile but FDT does not create a .swf unless i run it) I get a warning in the following method:
private function init() : void
{
Log.log("console.log", "MYappExePluginThing init()");
//var initCallback:String = Application.application.parameters.initCallback?Application.application.parameters.initCallback:"MYjavascript.MYappExePluginThing_init";
var initCallback:String = FlexGlobals.topLevelApplication.parameters.initCallback?FlexGlobals.topLevelApplication.parameters.initCallback:"MYjavascript.MYappExePluginThing_init";
try
{
ExternalInterface.addCallback("method1Callback",method1);
ExternalInterface.addCallback("method2Callback",method2);
ExternalInterface.call(initCallback);
}
catch(err:Error)
{
Log.log("console.log", "MYappExePluginThing init() ERROR err="+err);
}
}
I got a warning that Application.application was deprecated and I should change:
var initCallback:String = Application.application.parameters.initCallback?Application.application.parameters.initCallback:"MYjavascript.MYappExePluginThing_init";
to:
var initCallback:String = FlexGlobals.topLevelApplication.parameters.initCallback?FlexGlobals.topLevelApplication.parameters.initCallback:"MYjavascript.MYappExePluginThing_init";
which I did but which had no effect on making the thing work.
(FYI Log.log() is something I added:
public class Log{
public static function log(dest:String, mssg:String):void{
if(ExternalInterface.available){
try{
ExternalInterface.call(dest, mssg);
}
catch(se:SecurityError){
}
catch(e:Error){
}
}
trace(mssg);
}
}
)
Additionally, in MYjavascript.js MYappExePluginThing_init looks like this:
this.MYappExePluginThing_init = function () {
log("MYjavascript.js - MYappExePluginThing_init:");
};
Its supposed to be executed when MYappExePluginThing finishes initializing itself.
Except its not. The message is NOT displaying on the console.
Unfortunately, I cannot find any references explaining how you allow javascript communication in Flex 4.6 so I can check if I've got this structured correctly.
Is it a built in kind of thing all Flex/Flash apps can do? Is my swf getting accessed? Is it having some kind of error? Is it unable to communicate back to my javascript?
Does anyone have any links to references?
If this was YOUR problem, what would you do next?
(Not a full solution but I ran out of room in the comment section.)
To answer your basic question, there's nothing special you should need to do to allow AS3-to-JS communication beyond what you've shown. However, you may have sandbox security issues on localhost; to avoid problems, set your SWFs as local-trusted (right-click Flash Player > Global Settings > Advanced > Trusted Location Settings). I'm guessing this not your problem, though, because you'd normally get a sandbox violation error.
More likely IMO is that something is broken due to decompilation and recompilation. SWFs aren't meant to do that, it's basically a hack made mostly possible due to SWF being an open format.
What I suggest is that you debug your running SWF. Using break-points and stepping through the code you should be able to narrow down where things are going wrong. You can also more easily see any errors your SWF is throwing.
Not really an answer, but an idea to get you started is to start logging everything on the Flash side to see where the breakage is.
Since you're using IE, I recommend getting the Debug flash player, installing it, then running Vizzy along side to show your traces.
Should give you a good idea of where the app is breaking down.
Vizzy
Debug Player
I've been trying to write a typescript application in visual studio using node.js to store and access data in an azure table store.
I've been having some trouble with the tutorials I've found. I've yet to get one to work properly.
I have Node installed on my machine and a tablestore set up in azure.
I'm not exactly sure what needs to be done in visual studio to get all the necessary packages/modules/whatever installed correctly.
Many of the tutorials I've read have used express.js and or have "npm install"ed things and while I have no issue running the commands I don't really understand what I'm installing.
tl;dr I want to make an html page where I can submit and display items to/from azure table store using node.js, typescript, and visual studio
Also: I'd be willing to drop the typescript in favor of javascript if need be.
That tutorial looks like it might be based on the old Node storage package. We have recently posted a new storage library for node - which can be found here: https://www.npmjs.org/package/azure-storage. Also take a look at the following Getting Started to help get you up and running: Store structured data with Table storage.
I will follow up tomorrow to see what we can do to either remove the old tutorial or get it updated. Let me know if anyone wants to volunteer to update the old tutorial!
Jason
I followed this one (I'm assuming you probably tried this as well)
http://azure.microsoft.com/en-us/documentation/articles/storage-nodejs-use-table-storage-web-site/
To boil it down to just what you need in javascript ...
1.Create the table in Azure portal with appropriate data/partition key.
2.NPM necessary packages: azure, async
3.Add the following to app.js (change table_Users to whatever you want to name your table):
var azure = require('azure');
var storageClient = azure.createTableService("<accountname>", "<accountkey>");
storageClient.createTableIfNotExists("table_Users", function tableCreated(error) {
if(error) {
throw error;
}
});
var query = azure.TableQuery
.select()
.from("<tablename>");
//.where('completed eq ?', false); put criteria here.
storageClient.queryEntities(query, function entitiesQueried(error, result) {
// do what you want with result
});
So, there is a WebRTC inside Firefox and there is a convenient class for making RTC communication possible called RTCPeerConnection which can be instantiated and used from the JavaScript app. You can find some decent example of it on [1].
And here am I with my custom transport (if you're interested - [2]) would like to use it for RTC communication. Briefly, I need to "substitute" the transport layer of WebRTC engine by my custom transport while providing the same RTCPeerConnection-like JavaScript interface for the user. And preferably, it should not look like custom build of Firefox (no patches).
So I've come up with the idea of extension, which will be written in C++ (since it need to be linked with WebRTC library and my custom transport library) and somehow will expose its interface to Javascript. And I've found XPCOM which, as I thought, can provide me this.
So I've started to fight with out-dated and sparsed info on this topic and after 3 days of struggling finally ended up with builded add-on. Unfortunately, I can't access it from Javascript, because of Javascript's "Components.classes is undefined" error. And it seems that there is no way to access it at all. Or I'm wrong on that?
Here is Javascript:
function check()
{
console.debug("checking...");
const {Cc,Ci,Cu} = require("chrome");
var rtc = Components.classes["#named-data.net/ndnrtc;1"].createInstance();
rtc = rtc.QueryInterface(Ci.ndINrtc);
console.debug("rtc: "+rtc);
}
My component is visible with XPCOM Viewer addon and the code above I can execute in the console while empty page is open in Firefox.
Given all that, I would like to ask Firefox experts regarding possible approaches which I can take in order to implement my idea.
Thank you in advance
1 https://apprtc.appspot.com/
2 http://named-data.net
Finally, I've figured out one possible solution for that and describe it in my post