19/02/2012 Leave a comment

A innovative anti brute force solution to store your credentials on iPhones?

The Fraunhofer Institute for Secure Information Technology recently released a password manager (iMobileSitter) for the iPhone with an innovative approach which makes brute force attacks useless. The idea of the iMobileSitter is not to notify the user if the entered master password for authentication is incorrect. The app lets the user in anyways, but the plain text credentials (pins, passwords) are not correctly encrypted as well.

Accordingly the user would not know if he mistyped his password. Therefor an optical feedback exists. It shows a unique set of icons for any password.

A main reason for buying is that I do not want to save my secrets within a password manager from any company. Nothing about their know how or their technology public. Things are different with Fraunhofer SIT. A well know German research institute.

The app is available on the AppStore.

Cheers, mavi

Categories: General Tags: , ,

Forensischer Bericht

17/02/2012 1 comment

Forensicher Bericht zum Tatvorwurf der Kinderpornographie!

Die Anzahl meiner Posts ist in der letzten Zeit wieder besonders stark gesunken. Leider liegt das nicht an mangelden Themen, sondern an Dingen die ich für die Uni oder Arbeit erledigen muss. Nun recycle ich einfach mal meine Prüfungsleistung der Vorlesung Computer Forensik.

Dazu sollte ich als fiktiver Sachverständiger einen Datenträger forensisch analysieren. Es sollte die Vermutung untermauert oder entkräftet werden, dass Karsten Karton kinderpornographisches Material (dargestellt durch Cheerleader) im Internet bezogen und verbreitet hat.

Vielleicht interessiert jemanden so etwas oder ihr müsst eine ähnliche Prüfung ablegen. Der Bericht wurde anonymisiert.

Download: Forensischer Bericht

Cheers, mavi

Categories: General Tags: , ,

Quicktip: CMD symlink

28/01/2012 1 comment

If you want to preform a specific command always after opening the console, there is the possibility to create a symlink with command:

C:\Windows\System32\cmd.exe /K “COMMAND”

/K tells cmd that a command is going to follow and that the cmd window should stay open afterwards.

Cheers Chris

Categories: Quicktip Tags: , ,

db4o at Honeycomb and Ice Cream Sandwich – UPDATE

18/11/2011 6 comments

Did you receive a NetworkOnMainThreadException while opening a new db4o database?

Since my last post I just worked with Andorid 2.x on which I could get db4o easily to run. When I wanted to run my db4o app at Android Honeycomb I received the NetworkOnMainThreadException exception.

Google introduced with Honeycomb the Android.os.NetworkOnMainThreadException which occurs when an application attempts to perform a networking operation on it’s main thread (see here). This doesn’t sound like it matters for a database environment. But that’s exactly what happens when I call

Db4oEmbedded.openFile(Db4oEmbedded.newConfiguration(), dbPath);

for the first time. Just for the first time because it seems that when db4o creates a new db file it generates it’s unique internal signature by calling Because belongs to the network classes the exception is thrown.

Here is the piece of db4o code which causes the exception:

try {
  String hostName = + "_";
    if(hostName.length() > 15){
      hostName = hostName.substring(0,15);
} catch (UnknownHostException e) {
int hostAddress = 0;
byte[] addressBytes;
try {
  addressBytes =;
  for (int i = 0; i < addressBytes.length; i++) {
    hostAddress <<= 4;
    hostAddress -= addressBytes[i];
} catch (UnknownHostException e) {

A workaround is to just catch the NetworkOnMainThreadException (okay, then it’s a android specific jar) or change the UnknownHostException to a generic Exception. This is kind of dirty but if nothing happens within the the catch it doesn’t matter anyways.

Another aproach would be to to preform the first call for opening a new db not into the UI Thread. A possibility could be to use the AsyncTask:

class OpendDBTask extends AsyncTask<Void, Void, ObjectContainer>{

   protected ObjectContainer doInBackground(Void... params) {
      String dbPath = "/data/data/" + DBManager.getPackageName() + "/database";
      ObjectContainer db = Db4oEmbedded.openFile(Db4oEmbedded.newConfiguration(), dbPath);
      return db;

Maybe I’ll provide a android database manager framework for db4o later. If you want to try db4o check out this post.

A bug entry has been created and it seems that it is fixed now. I didn’t retest yet.

Once again I would like to point out that this issue only occurs when a new db is created via “Db4oEmbedded.openFile(Db4oEmbedded.newConfiguration(), dbPath);” at Android Honeycomb or later!

Cheers, mavi

Categories: General Tags: , , ,

Using db4o as Database for Android

04/11/2011 6 comments

Sick of object rational mapping with SQLite?

I read a long time ago about the object database db4o, which is very handy for storing objects instead of mapping the variables of objects to tables of a database. After some work with SQLite at Android it crossed my mind and I finally had enough time to give it a try. Normally you have to do the mapping by hand, means writing kind of DB manager which handles requests. These requests need to be coded in SQL which makes it very time-consuming. So you need to take care of all CREATE, INSERT, SELECT, UPDATE and DELETE operations by yourself.

The approach of db40 is to persist an entire object. To make clear how it works in practice I’m going to give some code snippets:

The class for the objects which should be persisted:

public class Person{
   public String name;
   public int number;
   public String email;

   //empty constructor
   public Person(){}

   //constructor for a retrieve operation
   public Person(String name, int number, String email){ = name;
   this.number = number; = email;

Create the DB:

   String dbPath = "/data/data/" + getPackageName() + "/database";
   ObjectContainer db = Db4oEmbedded.openFile(Db4oEmbedded.newConfiguration(), dbPath);

Insert an object:

   //creates object
   Person person = new Person("Tom", "100", "");
   //saves object
      try {;
      } finally {

Retrieve all objects:

   try {
      result = db.queryByExample(Person.class);

         Person person = (Person);
         Log.v("TAG", "Name: " + + " Number: " + person.number + " eMail: " +;
   } finally {

Retrieve all objects with the “Tom”:

   //Specifies the search pattern (null and 0 is wildcard)
   Person protoPerson = new Person("Tom", 0, null);

   try {
      result = db.queryByExample(protoPerson);

         Person person = (Person);
         Log.v("TAG", "Name: " + + " Number: " + person.number + " eMail: " +;
   } finally {

Do you see what my point is? Very straight forward to use db framework which has in accordance with this document even high performance. Further documentation on how to use db4o is available here. Source of a prototype test app maybe later here.

There is a small snag: It is under GPL or a commercial license.

Cheers mavi

Categories: General Tags: , ,

Blur the Background of Android Standard Search Dialog

13/08/2011 4 comments

How to blur the background of a standard search dialog?

I didn’t find any good solution on this topic in the web. The common response was “it’s not possible”. So I began to figure out a solution by myself, which finally works fine! Let’s start over:

Because you don’t get a handle of the standard android search dialog it seems to be impossible to blur the background by calling


But there is an other approach: Generally you want to perform a search on a list. The ListView can be set on a RelativeLayout. On top of it you can set a View with the android:background=”@drawable/aShape”, which covers the entire ListView. The visibility should be “gone”. The drawable aShape is in my case a gradient with an alpha value.

The RelativeLayout:

<ListView android:id="@+id/list"
<View android:layout_weight="1" 

The shape (search_overlay in my case):


Now onSearchRequested() must be overridden and set the View (in my case to visible. Finally a listener must be registered at SearchManager.setOnDismissListener() to set the View to visible again if the search dialog is closed.

The code (from the activity):

public boolean onSearchRequested() {
 ((View) findViewById(;
 final SearchManager searchManager = (SearchManager) this.getSystemService
 searchManager.setOnDismissListener(new OnDismissListener() {

 public void onDismiss() {
return super.onSearchRequested();

I hope this will assist you by optimizing the user experience with your app.

Cheers Mavi

Categories: General Tags: , , ,