National Vulnerability Reporting Programme

Recent incidents have convinced me of the need to have a single avenue where the public can responsibly disclose vulnerabilities found on both government as well as commercial systems in a secure and efficient manner. While using these systems on a day to day basis, we sometimes do chance upon ...

Analysing smali code

Mobile apps have become increasingly widespread compared to their desktop counterparts. In addition, many apps often have stricter security requirements since they incorporate micropayments. We also perform sensitive transactions through mobile apps. For example, there are no desktop internet banking applications, we use the browser to perform such transactions. But ...

DES key parity bit calculator

I was doing some reverse engineering and I could not find any tool which expands a 56 bit DES key into a 64 bit key with the parity bit included. Expanding the key is a pretty laborious process involving hex to bin conversions and plenty of manual counting. To add ...

Bangladesh bank heist

The media initially attributed the hack to a couple of cheap second-hand $10 switches. However, according to further reverse engineering, this is not a snatch and grab but a full scale bank heist perpetrated by determined adversaries with resources at their disposal. Even if the bank had purchased and properly ...

Measuring Power Consumption

I have recently acquired an electricity usage meter off ebay and decided to measure the power consumption of some of my devices. For a device that costs just 15 SGD, it works wonderfully and can measure voltage, amperage and wattage. It is supposed to be able to calculate electricity cost ...

Saturating 1Gbps bandwidth

My ISP recently gave me a free speed bump from 500Mbps to 1 Gbps. I wanted to test if it was possible to fully utilise the bandwidth on a single file transfer. Firstly, we need to look at the test file size. I settled on a roughly 500MB to 1GB ...