How to tell if square reader is encrypted or not - javascript

My company purchased an old square reader, the seller claims it is unencrypted. We are trying to develop a web application that uses this reader. The reader is supposed to fire a hard return keypress event after registering a swipe - it has never done that (using javascript event listeners). The only time this reader does anything is using the iOS Square Register app - that app does recognize the reader and the swipe (though it does a terrible job, asking me to 'retry swipe faster' a few dozen times before registering a swipe)
The fact that it only works in the app leads me to believe that this is an encrypted reader. Is there any way to tell if this assumption is correct? Without taking it apart.
Also, any tips on troubleshooting this would also be appreciated.
Thanks

I think you're pretty lucky to even be able to detect anything at all with javascript event listeners as you seem to imply....
Imagine the privacy intrusions we'd have all over (maybe already) if javascript stealthily downloaded from a web site could gain access to your microphone and/or microphone jack as you want to do. It might be possible, but the phone 'ifrastructure' is definitely designed to 'resist' this.
I think you're going to have to write an app that installs with user permissions to access the devices you need - otherwise the mic jack device is unlikely to be available to you.
BTW, credit card stripes are encoded in 7 bit, so if you are getting a string that looks 'encrypted' examine the unaltered string as 7 bit and it'll start making sense.

Related

web app- Would it be possible to disable Windows+Printscreen?

I am trying to prevent users from taking screenshot in my web application written in Java.From my research,it seems highly unlikely.I did found a link below:
https://stackoverflow.com/questions/3130983/stop-user-from-using-print-scrn-printscreen-key-of-the-keyboard-for-any-we
It's able to disable the printscreen button but it doesn't disable if a user tries to use windows+printscreen.Now, I know even if I do managed to disable it, there's other third party application like snipping tools,camera,etc to take a screenshot but that's way beyond my control and I'm not looking into those.
I was just wondering is there a way to disable Win+Printscreen to prevent user from screenshotting?
If anyone has done it before, I appreciate any sort of suggestion.
Simple answer: No
Have a quick think about why you need to hide this info, does it really matter if other people see it? I assume that you have proof that you came up with your conclusion/process first? The information will never remain exclusive forever, especially not on the internet.
You normally do not have access to higher level controls so it is normally not possible with a web app. Having said that, there are several possible ideas:
Send your content directly to the graphics device/card via an API so that it is never visible to the operating system screen space (Where print screen works). However, with the right tools it is still possible to catch a graphics stream but it's a little harder for the average user.
Make your webapp launch a custom desktop application with more control over the OS (Download an exe and run it?)
Design a plugin/extension for a web browser that limits the use of printScreen, and then only show content on your webapp if your site can see that the plugin/extension is installed and running. This may not work with the way that Chrome and Firefox now manage plugins, it would need more investigation.
The best answer would be to only show limited info/conclusions on your webapp, and keep all the proof of concept hidden. Then you can make people sign-up to your app if they want more information, and then give a strict set of criteria that must be met.

Is it possible for real time access to mobile device camera?

So I'm wondering if it's possible for a website to be able A) access the mobile device's camera and B) have real time facial recognition capabilities? Essentially what Snapchat does, albeit much simpler, but in a web application opposed to a mobile application?
I already know the answer to (A), as found here: https://davidwalsh.name/demo/iphone-camera.php
And I even found an example that uses Amazon Rekognition, as found here: https://hackernoon.com/building-a-face-recognition-web-app-in-under-an-hour-345aa91487c
Only nuisance with the rekognition example I found was that it seems to take the picture AND THEN do the recognition, I'm looking more for something to do it while the camera is up (so you point the camera to someones face, and it does the magic there).
Disclaimer: I am not asking anyone to do any work for me here. I know I'm not providing any code samples, and that's because I'm just in the research phase and wanted to see if anyone here has any input on what I'm trying to achieve.
Something tells me this may not be possible, from my google searches I didn't quite find anything that I'm looking for, but close.

JAVA - how to open a browser tab from eclipse?

I've just got back into Eclipse after 2 years. I have finally forgiven it after I last used it for a mobile development class in 2015 (that was put together as well as a duct-taped carnival ride).
I have taken several for-credit coding classes before, and over the summer, I'm going to take several programming classes via Udemy.
The problem is, I've never built a worthwhile desktop app before via actual coding (because I don't think Multimedia Fusion 2 counts). Even worse, I rarely ever use Java.
So now, with blind and eager ambition, I'm looking to develop a desktop app for myself (and for others if it's of any use) that will allow users to create entries where they can enter urls and titles (merely for aesthetic purposes, no effect on the browser), and when some condition is met, the desktop application will open Chrome tabs with tabs to those exact urls.
From this, I'm hoping to understand Java better, like I understand C++. It would be really nice if I could just do it for any browser on the first try, but if I had to do each browser separately, I would like to try Chrome firstly, as it's what I use.
If all goes well, I could attempt to make the same app for Chrome as a Chrome App, but for now... :)
Here's the core idea/plan:
Declare a vector of a class called "tabs", where this class contains 2 strings: one for the title, the other for the url. Both should be editable by the user, but for simplicity's sake, we'll just make them an "enter these fields once and now don't edit them" kind of thing to start with.
When the user wants to add a url to open in Chrome, we add to (or "push back", whatever it's called) the tabs vector with whatever data the user enters.
When a user presses some key or button, then Chrome will open with those tabs.
Here are my ideas on how I could approach this:
I might be able to download some kind of official Chrome development tools into Eclipse that would allow me to manipulate the browser functions, such as opening and closing tabs. If I can pass arguments into those functions, I could iterate through my tabs vector and open them until the end. I've looked for tools like these, and though I may have come across the right one(s) already, nothing really struck me as the "I am your solution!" package deal. I almost imported an official package into Eclipse that looked super-promising, but the official link was dead. :(
I might be able to use Javascript somehow, because if I understand correctly, I could create a Window object, iterate through the tabs vector, and just call the window.open() function and pass in the url at [i] to the function. But then, would this work for a desktop app?? I've read that NW.js can use Javascript/CSS/hmtl for desktop apps, so I think it could do this, but I've also heard it's a little buggy on Windows 10.
I'm also looking into Electron, while still on the idea of desktop JavaScript. It looks pretty reliable, actually.
But beyond all those ideas, I don't absolutely know what tools I need to use or which ones I could even feasibly use to do this. :/ The options are a little overwhelming, and I'm not sure which ones are worth looking into to do what I want, given the idea I've shared (I'll worry about the rest of the program when the time comes). This really doesn't seem like a hard project, and I really want to get my feet wet into app development, but sometimes I feel a little lost on where to go.
I don't really know what exactly to ask, besides: "Even if it means downloading something else entirely, what IDE/dev kit/whatever could get me started in the right direction and do this task?
Hope this isn't too vague a question, cheers,
-Jon
There are 2 simple ways to do this..
The first: In the file menu, navigate as follows... Window -> Show View -> other -> General -> Internal Web Browser
The second: Right click your project in Project Explorer -> Run As -> Run on Server (assuming you have your server properly set up, etc...)

How can I protect javascript assets in an Adobe AIR app?

I have a large javascript / HTML Adobe AIR app and am looking for a way to protect the javascript files that get packaged up in the installer and installed (in plain text) onto an end user's PC. I'm thinking maybe there's a good encryption scheme to use. I'd like it to be a solution that I can apply when I create the installer and (since the app is already pretty large) ideally I'd like it to be a solution that doesn't require me to change the location of the js files in my code base, though that's doable if necessary.
Someone recommended maybe embedded them in a Flash file, but then I'd need to extract them at runtime, etc. It seems like there's probably a simpler solution.
Important: I'm looking for more than just minimizing the js or obfuscating it, I'm looking, ideally, for a solution involving encryption, but am open to other suggestions.
Any ideas? I've done a lot of googling around for solutions and have tried a popular user's group, but no luck. I would think this would be relevant for pretty much anyone making an AIR app in js/HTML that isn't for an open source app.
Thanks!
What you want to achieve is inherently impossible, unless your end users are using a trusted computing platform, ie. a platform that can be trusted to not obey orders from its owner (sometimes called treacherous computing for that reason). It's not just hard or not solved yet, it's as impossible as perpetual motion machine and you will save yourself a lot of trouble if you accept that fact.
The problem is that any encryption that you use would eventually need to be deciphered on the client computer, so you have to distribute any key that is needed to decrypt your code together with the encrypted code which is completely pointless and would give you no security whatsoever. It's not even a matter of algorithms used, it's just the fact that you have to give the secret keys to everyone.
If I understand what you're trying to do, we have just recently tested that with our encryption/protection tool kit. The key is that the executable that is installed on the user's machine is encrypted, so the javascript is never in plain text. Decryption happens at runtime via symmetric key exchange. Keys are stored either in software or in a hardware device (dongle).
However, because you're using Air and not just c++ or something similar, there are some issues that may not be solvable by our toolset. You can PM me for more info if you need it. But I don't think it's necessarily impossible.

Communication between RS422 serial device and Javascript

I've written a simple web page that uses Javascript to control a Quicktime plugin for movie playback. There's also some AJAX stuff using jquery to get info on the movies from an MSSQL database. The web page is served to the user from an Apache 2.0 server, this also hosts MSSQL. The end users will view the page in IE6 (unfortunately).
My problem is that the end users now want to use an RS422 jog/shuttle deck control to drive the movie timeline, in place of another jog/shuttle unit that relied on emulating keypresses which was easy for me to detect.
As I'm not a programmer I'm at a loss what to start looking at for a solution to receive the RS422 data and then send that to the Javascript to control the timeline. Is this something that a custom activeX bit of code could do? I've googled ActiveX with Javascript but it's unclear to me (as a novice) how the two work together, or whether this would be suitable at all.
If anyone could give me an overview of what to start researching that'd be much appreciated.
Many thanks.
Jon
JavaScript runs in a sandbox and has no access to the computer at all (for security reasons; you really don't want to make it any more simple for frauds to get at your credit card data).
ActiveX would work but it's a security risk, too. ActiveX is written in C++, no JavaScript there. You'll find information about that on the M$ Website. Note that ActiveX is usually disabled today because of said security risks. Depending how serious your client take security, the virus scanner might not allow to start an A/X control.
Another option would be to write small program which is installed on the client's computer that reads the serial port and send that to the web server where your JavaScript can query it. Okay, that's more than a bit convoluted but probably the least risky.
Or you write a program which transforms the serial codes into key presses (just create the event and post it to Windows). Again, you need C++ or maybe Python with the win32 package.
Your client must understand that this is something which sounds incredibly simple but you'll have to jump through a lot of hoops to make it work. A web browser is not a local application with full reign of the hardware (and it must never be).

Categories