Showing posts tagged #development

Return Home

Notice: This post does not endorse piracy. It's purpose is merely educational. Decompiling and cracking software is illegal in most cases.

OS X native software is written in Objective-C, a superset of C which is not very hard to hack away. In this post I will try to demonstrate the basics of reverse engineering in said platform.

The goal

Sublime Pop Up

Our goal will be to stop the annoying Sublime Text pop-up from reminding you to buy a license each now and then (but you totally should if you are going to use it). I will be using Sublime Text latest build

Read More

The Ruby on Rails framework provides a pretty good built-in filter for SQL injection if you use ActiveRecord methods such as find or find_by.
But that does not mean you can carelessly throw parameters to an ActiveRecord method as the methods that take an SQL fragment are still vulnerable to SQLi by default.

For example, I came across these lines in a production environment:

def some_controller_method
  MyModel.all.order("#{sort_column} #{sort_direction}")
end

private

def sort_column
  params[:sort] ? params[:sort] : 'created_at'
end

As you can see the sort parameter is being interpolated

Read More

Ruby has 3 methods for testing equality: ==, eql? and equal? that are implemented on the Object class. You would think that they are just aliases for doing the same as in Ruby and the Ruby on Rails framework method aliases are common. So, are they?

Checking the doc for Ruby's Object class throws this:

obj == other → true or false

equal?(other) → true or false

eql?(other) → true or false

Equality — At the Object level, == returns true only if obj and other are the same object. Typically, this method is overridden in descendant classes to provide class-specific meaning.

Unlike ==, the equal?

Read More

In Gecko, Safari, Opera, ‘visible’ becomes ‘auto’ also when combined with ‘hidden’ (in other words: ‘visible’ becomes ‘auto’ when combined with anything else different from ‘visible’). Gecko 1.8, Safari 3, Opera 9.5 are pretty consistent among them.

From the W3 Spec

The computed values of ‘overflow-x’ and ‘overflow-y’ are the same as their specified values, except that some combinations with ‘visible’ are not possible: if one is specified as ‘visible’ and the other is ‘scroll’ or ‘auto’, then ‘visible’ is set to ‘auto’. The computed value of ‘overflow’ is equal to the computed value of ‘overflow-x’ if ‘overflow-y’

Read More