Every now and then, I find myself digging through some arbitrarily compressed binary and in IDA, when you have to keep doing it over and over again, you should write a script or a loader to handle that (as any good programmer would). So I started wiring up a loader in python and thought that I’d use the zlib library to decompress things … boy was I wrong.  Not only did zlib fail to actually work correctly (because it can’t actually handle ZIP files, more on that in a moment), but the error messages were basically the same low-level messages you got out of zlib’s internal functions. Really? This is the best we can do right now? What I tried:

[wyatt@lazarus:~/Downloads]$ zip derp.zip Untitled\ drawing.png
[wyatt@lazarus:~/Downloads]$ cat Whatsnew.txt derp.zip > file.out
[wyatt@lazarus:~/Downloads]$ python
Python 2.7.3 (default, Apr 10 2013, 06:20:15)
[GCC 4.6.3] on linux2
Type “help”, “copyright”, “credits” or “license” for more information.
import struct
import zlib
f = open(‘file.out’,‘rb’)
c = f.read()
offset = c.find(‘PK’)
uncmp_size = struct.unpack("<l",c[offset+22:offset+22+4])
z = zlib.decompressobj()
out = z.decompress(c[offset:],int(uncmp_size[0]))
Traceback (most recent call last):
File "", line 1, in
zlib.error: Error -3 while decompressing: incorrect header check

This of course fails because zlib doesn’t actually work right with zip files (you’ll find a vauge note to such things in the ) and of course … I should have really known that ZIP isn’t actually zlib. Instead of trying to be clever, I decided to give up and be lazy. What actually worked:

import subprocess
7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18
p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs)

Processing archive: file.out

Extracting Untitled drawing.png

Everything is Ok

Size: 24513
Compressed: 22290

So yes … apparently this is the best we can do with the zlib library.

If you haven’t heard about SOPA / PIPA, then you’ve probably been living under a rock for the past several weeks. I’m not going to talk about why it’s bad, or how it’s oppressing the freedoms provided by the internet because pretty much anyone who would even come across this site knows exactly what’s at stake.

Instead, I encourage you to contact your congressional representatives and light a fire under their asses to reconsider sanity once more as an option for governance.  If you want to know more about SOPA, click here.

As Americans, we continually take for granted the freedoms we have in the country for granted, everyday. Stop taking things for granted and start standing up for them; earn your keep Americans.

Dear GoDaddy:

You suck.  Seriously, you suck so bad it makes my vacuum cleaner feel inadequate.  Do you realize how much vacuum cleaner therapy costs these days?  A lot.  And I’m not made of money, which is obvious since I’m using your crappy, cheap-ass tools as my domain registration service.

Can someone down there, preferrably someone without their head permenatnly lodged in their lower digestive-tract, please tell me why, out of all the horrible stupid and awful things you do on your site, that you choose to “automatically renew” a domain ON A CREDIT CARD THAT HASN’T BEEN ON FILE WITH YOU FOR AT LEAST 4 YEARS?!?!?!?  Why for the love of all that is holy and fully of rainbow-shitting unicorns would you have NOT used the credit card you’ve had on file for the past 4 YEARS?!?!?!

Seriously?  What kind of amateur night are you running down there?  All of the stupid crap that your website does (or for that matter, doesn’t do) I can forgive (or at least tolerate) but how in Al Gore’s name can you not get the one piece of software that makes you bank right? What. The. Hell.  I know damn sure that if those vultures at Visa/J.P. Morgan/Best Buy/Citi/Home Depot/etc would have had any, ANY, other account number on file for me they, they would have pounced on that sucker like Sheen on tiger blood and they would have surely charged me some dumb-ass tax for the fact that their system didn’t like it, filed under “account maintenance fees” or some bullshit.

I can deal with the crappy interface, the 9001 ads that I have to click through to effin’ checkout a $8 domain that will ultimately be $50 by the time you’re done adding fees to it, and the insanity that I can’t transfer a domain to another GoDaddy user without a sacrifice to Blood Chicken of Waataephukuistan … but for all that didn’t get raptured today, TAKE MY DAMN MONEY WHEN I TELL YOU TO!

Love to hate, don’t hate to love,


While writing on my cousin’s wall, I came across the following revelation and it seems rather accurate:

  • Warning: Pregnant women, the elderly, and children under 10 should avoid prolonged exposure to Facebook.
  • Caution: Facebook may suddenly accelerate to dangerous speeds.
  • Facebook contains a liquid core, which, if exposed due to rupture, should not be touched, inhaled, or looked at.
  • Do not use Facebook on concrete.
  • Discontinue use of Facebook if any of the following occurs:
    • itching
    • vertigo
    • dizziness
    • tingling in extremities
    • loss of balance or coordination
    • slurred speech
    • temporary blindness
    • profuse sweating
    • heart palpitations
  • If Facebook begins to smoke, get away immediately. Seek shelter and cover head.
  • Facebook may stick to certain types of skin.
  • When not in use, Facebook should be returned to its special container and kept under refrigeration. Failure to do so relieves the makers of Facebook, Mark “Big Daddy” Zuckerberg, and its parent company, Global Chemical Unlimited, of any and all liability.
  • Ingredients of Facebook include an unknown glowing substance which fell to Earth, presumably from outer space.
  • Facebook has been shipped to our troops in Saudi Arabia and is also being dropped by our warplanes on Iraq.
  • Do not taunt Facebook.
  • Facebook comes with a lifetime guarantee.

I was sitting at a coffee shop today I was disappointed I forgot to ask for the wifi key. Now I could totally sit here and crack the WEP key, but that takes precious CPU and battery life and well, I just wasn’t that interested in getting the tools to compile for my Mac. This led me to wax poetic about the days I used to have a tether to my iPhone 3G and I thought … “Man, I would sure like to be able to tether again;” but the last time, that didn’t go over so well. The last time I installed the tethering packages from Cydia, I lost access to voicemail for 2 weeks, couldn’t get them to uninstall, yada-yada-yada, annoying experience. But today, I actually had time to think about how to solve this issue and then it hit me: I’m a moron, I should have seen this last year. Five minutes later, I was on the net.
Continue reading ‘Stupid iPhone and Stupid Tethering’ »

Alright, I goofed and accidentally updated a stable revision that I thought was being tested correctly and well … it wasn’t. So if you’re having issues with Code Snippet, just roll back to version 2.1.5 and life should be better.

Sorry for the screw up, but this has actually brought to light some bugs I never even knew were there so I’ll have those fixed up soon and we’ll be rolling again.

Download for 2.1.5 is here: http://downloads.wordpress.org/plugin/codesnippet-

It’s been a long time since I’ve actually had to think about using Denyhosts and if you’ve read my post before, you’ll know I’ll swear by it’s functionality.

Recently, we’ve been getting hit by lots of SSH brute force attacks at HTG … and hit hard. The most recent stat was more than 2400 failed login attempts from over 50 unique attackers in a 24 hour period. Most times, I don’t care as long as they don’t get in … but then I sat back and thought, “Man, those fsckers are probably costing on bandwidth somehow.” and that’s where I draw the line.

So once again, Denyhosts is up and running, more than 60 hosts have been banned just today and more are going to get taken down. Now, if only I could come up with a good legal reason to just give my servers the capability to attack back … but that’s not legal … yet.

There’s an updated version of Code Snippet. Fixed some bugs with GeSHi and the WordPress plugin API. Their site is not showing the right information now, so here’s an accurate link:

Let me know if there are any problems over on the Code Snippet page!

Just because I spent so much time looking for this last night and found so many broken carrier data files, I figured I’d keep this around for me.


  • Make a backup of your /Library/iTunes/iTunes Carrier Support/ATT_US.ipcc file.
  • Quit iTunes
  • Open Terminal and type “defaults write com.apple.iTunes carrier-testing -bool TRUE”
  • Open iTunes, select your phone and press “check for updates” while holding down the ‘Alt’ key on your keyboard. You will be prompted to select a file. This is the one that worked for me after numerous other failures. (found in gizmodo’s cache somewhere)
  • After you load the file, make sure you restart the phone

Instructions for Windows are the same, but you’ll have to use the Windows Paths for stuff (C:\Program Files\iTunes\blah blah blah).

Right, and I’m not responsible for you running up a trillion dollar bill with AT&T or if your spine curves or if your teeth yellow or if you drink rat poison because you fell in love with a rough trick named Jim or anything else as a result of you trying to do something to your bejebus phone :-)

Dear Facebook,

Your iPhone app is great … almost. Please fix the extremely annoying bug that doesn’t allow me to use apostrophes. It’s really annoying to have to type out “does not” or “do not” in place of “doesn’t” or “don’t.” I know, I could override the auto suggest and go with “dont,” but that just pisses me off. I already commit enough infractions against the English language without purposefully littering misspellings all over just because your application has to stupidly provide a server error every time I include an apostrophe in a comment.