Hacker Public Radio
Hacker Public Radio
Hacker Public Radio
Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists.
HPR4645: ZERO HOUR: FRIDAY AFTERNOON APK HACKING
WARNING AI GENERATED NOTES AHEAD YMMW Here is a summary of the recorded training session regarding Android hacking from Hacker Public Radio, including web references for the main topics discussed. Overview The recording features a security consultant performing a live assessment of an Android application. The consultant uses a custom tool suite called "Jamboree" and various other utilities to test a location-sharing and vehicle management app. The session highlights the increasing complexity of mobile app security, specifically dealing with SSL pinning, encrypted traffic, and anti-tampering mechanisms 1 . Environment and Tools The assessment is conducted on a rooted Android emulator. The speaker utilizes several tools to set up the environment and intercept traffic: Jamboree : A custom automation tool developed by the speaker over six years to handle rooting, proxy setup, and app installation within minutes 1 . Burp Suite : The primary interception proxy used to analyze traffic between the app and the production server 1 . Frida : Used to bypass anti-root detection and SSL pinning 1 . Ghidra : A decompiler used to analyze the app's code, specifically helpful for patching the Flutter-based application 1 . Android Debug Bridge (ADB) : Used for troubleshooting, debugging, and analyzing logs ( logcat ) to extract user IDs and location data 1 . Technical Challenges: SSL Pinning and Flutter The target application is built using Flutter and implements rigorous security controls, including SSL pinning, which prevents standard Man-in-the-Middle (MitM) attacks. The app's HTTP client ignores system and user-installed certificates, and it does not respect device Wi-Fi proxy settings 1 . To overcome this: Traffic Redirection : The speaker uses iptables commands to force all HTTP and HTTPS traffic through the proxy's IP address at the network layer, bypassing the app's proxy ignorance 1 . Patching with AI : The speaker leverages AI (specifically mentioning Claude and access to "Kuro") to assist in patching the APK. The AI helped navigate Ghidra and generate Python scripts to bypass the app's protections, allowing the modified APK to trust the auditor's certificate 1 .
May 22
HPR4644: Response to comments on HPR4424: Newsboat...
Hi this is your host, Archer72 for Hacker Public Radio. In this episode I share some of my findings about a problem with the Newsboat naming of the HPR feeds, which was brought up in comments about my Newsboat show, HPR4424. hpr4424: How I use Newsboat for Podcasts: comment #6 : download-filename-format for HPR podcasts Ken already had some findings of his own about the ccdn.php extension in the feed. hpr4424: comment #10 : Summary of findings I thought that this might be able to be fixed on an invididual basis, and set out to ask Claude.ai a few questions. But first, some colaboration from Dave Morriss about a good renaming format. This was definitely more on Dave’s side than mine, but came up with this. You can tell Dave’s handywork from the short variable names, which stems from his extensive experience on Unix type machines in the University days. exif-rename-hpr-dave.sh #!/bin/bash URL="$(cat /tmp/hpr-url.txt)" echo "DEBUG URL: $URL" >> /tmp/hpr-debug.log AUDIO_URL="$(curl -s "$URL" | grep -Eo 'https?://[^"]*.(ogg|mp3)' | head -1)" echo "DEBUG AUDIO: $AUDIO_URL" >> /tmp/hpr-debug.log if [[ -z "$AUDIO_URL" ]]; then echo "ERROR: Could not find audio URL from: $URL" >> /tmp/hpr-debug.log exit 1 fi # Changed destination to HPR-queue DEST=~/podcasts/hub.hackerpublicradio.org/HPR-queue/ # Record files present before download BEFORE="$(ls "$DEST"*.{ogg,mp3} 2>/dev/null | sort)" wget -nc --content-disposition -P "$DEST" "$AUDIO_URL" cd "$DEST" # Record filename just downloaded (new file not in BEFORE) AFTER="$(ls "$DEST"*.{ogg,mp3} 2>/dev/null | sort)" DOWNLOADED="$(comm -13 <(echo "$BEFORE") <(echo "$AFTER"))" echo "DEBUG DOWNLOADED: $DOWNLOADED" >> /tmp/hpr-debug.log ~/bin/exif-rename-hpr-dave.sh # Find renamed file — newest file that wasn't in BEFORE AFTER_RENAME="$(ls "$DEST"*.{ogg,mp3} 2>/dev/null | sort)" RENAMED="$(comm -13 <(echo "$BEFORE") <(echo "$AFTER_RENAME"))" echo "DEBUG RENAMED: $RENAMED" >> /tmp/hpr-debug.log if [[ -n "$RENAMED" ]]; then echo ""$AUDIO_URL" "$RENAMED" downloaded" >> ~/.local/share/newsboat/queue else echo "WARN: Could not determine renamed file" >> /tmp/hpr-debug.log echo ""$AUDIO_URL" "$DOWNLOADED" downloaded" >> ~/.local/share/newsboat/queue fi At first the question was about something simple. The input was a query on one of the lines from Kevie’s hpr4398 :: Command line fun: downloading a podcast Particularly, the section on To get th
May 21
HPR4643: HPR Beer Garden 13 - Triple IPA
Dave and Kevie continue the Beer Garden series with a look at a relatively new style of IPA known as a Triple. Dave samples Triple Hazy Jane by Brewdog , whilst Kevie tries out Glory Triple IPA by Northern Monk . Connect with the guys on Untappd: Dave Kevie
May 20
HPR4642: Hackerpublic Radio New Years Eve Show 2026 Episode 7
PFSense https://www.pfsense.org/ Chromebook https://www.google.com/chromebook/discover-chromebook/ AMD Sempron 140 https://www.techpowerup.com/cpu-specs/sempron-140.c820 Trinity https://www.trinitydesktop.org/ XFCE https://www.xfce.org/ Chrome OS https://chromeos.google/ SSH https://www.ssh.com/ Onshape https://www.onshape.com/en/ TinkerCAD https://www.tinkercad.com/ Thorium OS https://thorium.rocks/thoriumos Tech And Coffee https://techandcoffee.info/ Panera https://www.panerabread.com/en-us/home.html IHOP https://www.panerabread.com/en-us/home.html Waffle House https://www.wafflehouse.com/ In And Out Burger https://www.in-n-out.com/ Economies Of Scale https://www.investopedia.com/terms/e/economiesofscale.asp Dunkin Donuts https://w
May 19
HPR4641: Technical Dutch Open Source Event (T-DOSE)
Technical Dutch Open Source Event (T-DOSE) Ken interviews Peter van Ginneken who is chair of the Technical Dutch Open Source Event (T-DOSE) . It is a free conference to promote the use and development of Open Source software. This event has is organized yearly since 2006 in the Brainport region, near Eindhoven, The Netherlands. During this event, Open Source projects, developers and visitors can exchange ideas and knowledge. T-DOSE wil take place on 6 and 7 June 2026 at the Weeffabriek in Geldrop (near Eindhoven). https://t-dose.org/2026/ Contact Information Peertube Libera.chat IRC, #t-dose Mastodon LinkedIn Facebook Instagram Travel Times Country Typical Travel Method Example Destination Approx Duration Typical Budget Cost (One Way) Belgium Train / Flixbus Antwerp 1–1.5h €10–25 Germany Train / Flixbus Cologne 1.5–2h €20–40 United Kingdom Ryanair flight London Stansted 1h05 €20–70 Ireland Ryanair flight Dublin 1h40 €25–80 Denmark Transavia flight Copenhagen 1h25 €40–100 Austria Ryanair flight Vienna 1h40 €30–90 Czech Republic Transavia flight Prague 1h20 €35–90 Poland Ryanair / Wizz Air Kraków 1h50 €25–80 Hungary Wizz Air Budapest 1h55 €30–90 Italy Ryanair flight Milan Bergamo 1h35 €25–85 Spain Ryanair / Transavia Barcelona 2h05 €35–120 Portugal Ryanair / Transavia Porto 2h40 €45–130 Croatia Ryanair flight Zagreb 1h50 €35–90 Slovakia Rya
May 18
HPR4640: Robert A. Heinlein
Robert A. Heinlein Robert A. Heinlein was the author who many people claim kicked off the Golden Age, though that can be the subject of many a barroom argument. E.E. “Doc” Smith was already an established writer by this time, and A.E. van Vogt was contemporaneous with Heinlein. But Heinlein managed to outshine everyone in very short order. He was widely known as “The Dean of Science Fiction Writers,” which testifies to his stature in the community, and along with Arthur C. Clarke and Isaac Asimov he was one of the Big Three of the Golden Age. He was the first person to be named a Science Fiction Grand Master in 1974. Four of his novels won Hugo Awards (Double Star, Starship Troopers, Stranger in a Strange Land, and The Moon is a Harsh Mistress), and 7 more works were given Retro-Hugo awards, which are awarded for works that were written before the Hugos were established. He also had many more works nominated for both awards, as well as many other awards like Nebula Awards. In short, he was a big deal to the science fiction community at large, and to me personally. I was, for a short time, managing the web site for The Heinlein Society, and I have read every work of his that I am aware of. Heinlein Background Robert Anson Heinlein was born in 1907 in Butler, Missouri, and grew up in Kansas City, Missouri, which he described as the middle of the Bible Belt, and this background is reflected in some of his stories, particularly the later ones. His family tradition had it that the Heinlein’s had fought in every American war beginning with the War of Independence, and Robert and his brothers all joined the armed forces. Robert lied about his age when he was 16 in order to enlist in the Missouri National Guard, and a few years later obtained an appointment to the Naval Academy, graduating in 1929 with the equivalent of a bachelors degree in engineering (the Naval Academy did not award degrees at the time). His engineering background is very apparent in his writings. He served on several ships, rising to the rank of Lieutenant, before being discharged in 1934 due to pulmonary tuberculosis. It seems likely that if he did not contract this illness he would have continued his career in the Navy, and with World War II coming, well, who knows what might have happened. But he did get ill, and had to find things to do. He notably got involved with Upton Sinclair’s socialist organization EPIC (End Poverty in California). He ran for office unsuccessfully, running as a left-Democrat in a conservative district. And while he had a disability pension from the Navy, he turned to writing to pay off his mortgage. Heinlein’s Writing Heinlein was originally known as a “hard” science fiction writer, meaning one who puts plausible and accurate science at the heart of the story. But looking at his entire career, he was equally comfortable writing fantasy, though not the faux medieval kind that many writers. In fact, he coined the term “speculative fiction” to describe the kind of stories he wrote. And if he wanted to he was quite capable of mixing the hard science and the fantasy, particularly in his later novels. And his output was very substantial. Asimov wrote more than Heinlein, but Heinlein stuck to fiction, while Asimov wrote in a variety of fields, so Heinlein’s output in the general area of science fiction/fantasy is the greater. And he is known for works of all lengths from short stories to novels. A useful guide to his works is the book Robert A. Heinlein: A Reader’s Companion, by James Gifford. This book covers all of his science fiction/fantasy works known as of 2000, and gives additional information about the writing and circumstances of the st
May 15
HPR4639: NLUUG Spring Conference 2026
NLUUG Spring Conference 2026 "NLUUG is the association of (professional) Open Source and Open Standards users in the Netherlands" You can follow them on @[email protected] on Mastodon. I was particularly interested to attend their 2026 Spring Conference 2026 as our own Jeroen Baten was giving a talk on "Getting started with CI/CD using Forgejo Actions and why this is important AF" He assures me he will post it as a show. cough owes me a show cough . While there the urge to record came upon me, so I was able to snag a few interviews. Ronny Lam representing NLUUG NLUUG is the association for (professional) developers, administrators and users of UNIX/Linux, Open Source, Open Source, Open Systems and Open Standards in the Netherlands. The NLUUG community includes, system administrators, programmers and network specialists. If you are working as an open professional, then NLUUG is the excellent association where you can keep track of your technical knowledge, for example during our six-monthly conferences. The aim of NLUUG is to disseminate the application and knowledge of open standards and UNIX/Linux. NLUUG maintains close ties with many organizations and individuals who pursue the open mind. https://nluug.nl/organisatie/personen/ronny-lam/ https://nl.wikipedia.org/wiki/NLUUG https://nluug.nl/ Nico Rikken representing the FSFE The Free Software Foundation Europe is a charity that empowers users to control technology. Software is deeply involved in all aspects of our lives. Free Software gives everybody the rights to use, understand, adapt, and share software. These rights help support other fundamental rights like freedom of speech, freedom of press, and privacy. Learn more While we are no strangers to chatting with the Free Software Foundation Europe ( hpr857 , hpr1957 , hpr2223 , hpr2945 ,
May 14
HPR4638: Simple Podcasting - Episode 3 - Analyzing and Filtering
01 This is the third in a four part series on simple podcasting. 02 In this episode we will cover the following topics: Analysis of audio noise problems and filtering methods used to deal with specific problems that we may find. Command line recording. Command line playback. Getting information about an audio recording. 03 Introduction When I did my first couple of podcasts I didn't notice that there was a quiet high pitched whine or buzz in the background. Nobody complained about it, but I thought I could do better in subsequent episodes. 04 Creating an Audio Sample If you have a similar problem, the first step is to find out where it is coming from. If there is no audible noise where you are recording, there is a good chance the problem is in the microphone or another part of the audio system. Plug in your microphone and record 2 or 3 seconds of quiet audio where you do not speak into the microphone or make other noise. 05 You will need a minimum amount of data in order to analyze it. For a flac file sampled at 44.1 kHz, 2 to 3 seconds of data should be enough. To get a sample of just electronic noise you can put the microphone in a drawer or somewhere like that if you want to be sure of getting a quiet signal. Any sound recorded in this way should be mainly from the microphone or other electronic elements in the analogue pathway. To get a sample of possible ambient noise, such as fans, make sure the microphone is in the open air in an area which is representative of where it will be when you are recording. -------------------- 06 Analyzing using Fourier Transforms Next you need to look at the wave form. At this point I will describe this using Audacity. I will show other ways later, but Audacity is actually the easiest if you are starting from nothing. You don't need to become an expert in Audacity to use it, just follow the steps I will describe. I myself don't know how to use Audacity beyond using this one feature. 07 We are going to analyze the sound spectrum in our sample. The technique being used is a Fourier Transform. A Fourier transform, often called an "FFT" for fast fourier transform, is a mathematical method of showing a signal in terms of frequency along the x axis instead of time. This allows us to spot troublesome noise frequencies which appear when we don't want them to. The FFT is a very common mathematical technique which is widely used in signal processing, not just in audio. 08 There is software which will create pretty coloured animations of sound waves, but this is not what you want. These are simply decorative patterns and won't tell us what we want to know. -------------------- 09 Using Audacity Install Audacity if you haven't already. Start Audacity. Select file > import > audio, then navigate to your sample and select "open". The file should load. 10 In the wave form part of the window, click anywhere and then type Ctrl-S to select all data points. The chart should turn a slightly darker colour. From the menu, select Analyze > Plot Spectrum. A new window will open, showing magnitude in db on the Y axis, and frequency in hertz on the x axis. For "algorithm" be sure it is set to "spectrum" 11 There are now two settings that we need to play with while we look for problems. One is "size" The de
May 13
HPR4637: UNIX Curio #6 - at and batch
This series is dedicated to exploring little-known—and occasionally useful—trinkets lurking in the dusty corners of UNIX-like operating systems. I would imagine that most users of UNIX-like systems have heard of cron —certainly any system administrator should have. Briefly, cron is a way of running a job repeatedly based on the time and date; for example, a job could run every hour, at 5:00am every Tuesday, or the 3rd of every month. It is commonly used for administrative or maintenance tasks that should be done on a regular schedule, such as checking for software updates, rotating log files, or updating the database for the locate command. As well-known as cron is, there is a similar utility that very few seem to be aware of: at . This is the word "at", and has nothing to do with the at symbol "@". An at job is very much like a cron job, except that an at job only runs one time. A job is submitted by running at timespec 1 , where timespec is the time and date the job is to be run. The linked POSIX specification page describes acceptable formats for timespec ; some examples are " now ", " 14:00 ", " noon tomorrow ", " 14:00 + 3 months ", and " 14:00 January 19, 2038 ". The utility then waits on standard input for you to enter a set of commands to be run in the job. You end input by typing Control-D to mark the end of text. (As an alternative to typing in the job, you could instead use the "<" symbol to redirect standard input to come from a file containing the commands you want to run.) When the specified time arrives, the job will be run. That is the theory, anyway, but some things may interfere. The normal configuration for some implementations only checks for due at jobs every five minutes, so there can be a delay before a job is actually run. Also, if the system isn't running, obviously it can't execute any jobs. When it comes back up, typically it will check for any pending at jobs that are currently or past due and run those. It is best to think about an at job being run no earlier than the time it was scheduled for, and probably soon after, provided the system is up. The POSIX standard doesn't specify anything about when jobs are actually run, just that they are scheduled for a particular date and time. The user does not need to be logged in for a job to run—if the job outputs anything to standard output or standard error, that text will be e-mailed to the user, presuming the system is set up to send mail. This is often true for a server, which might be running a Mail Transfer Agent like sendmail , postfix , or exim , but many desktops are not. If nothing is output to standard output or standard error, or if that output is redirected to a file, then mail will not be sent on job completion. This behavior can be changed with the -m option; in that case, mail will always be sent when the job finishes whether or not there is any output. The batch command is very similar 2 —POSIX specifies it as being equivalent to at now
May 12
HPR4636: 7 seconds memory
There are two themes of the human experience that influence greatly our feelings and our behaviours: the memory, and the pain. Today we are going to talk about the first. Clive Wearing was a conductor, a musician, that lost a part of his brain. A virus, herpes simplex, that causes fever, in his case trespassed the barrier between blood and brain and caused an inflammation that damaged permanently the hypothalamus, responsible for memory. Immediately — after being cured of the infection by antiviral medicine —, he was a man with no memory. He couldn’t recognize his children — who, later, recognized they kind of abandoned the father, ceased the visits to him, because that condition was too sad for them. In the first moments, Clive was too angry, “I can’t think” was a constant. “Prisoner of the consciousness”, is the title of the TV documentary produced on him soon after the event. His wife — the second, not the mother of his two sons and one daughter — was his fullest “item” of memory — if we could picture memory as drawings in a piece of furniture, what of course is inexact, to say the minimum. He could still know, ever, that she, Deborah, was his wife; and, apart from his own’s, Deborah’s name was the only one he still knew. His angriness was surplice by a calm and gentle and gistful personality. Like, apart from the loss of memory, he kept two thirds of this personality: he definitely was Clive. (That observation is from one of his sons, in the documentary made 20 years after the first, called “7 seconds memory”). That is why Deborah, after divorcing him, and couldn’t having find another love (she was searching for Clive in other experiences, which she couldn’t find), later renewed the wedding vows with her husband; even though they couldn’t live together because of his need of constant supervision. The doctors — as the 2nd documentary, that is the line for this program, says — could not explain how he became more peaceful. I have a guess. Clive lost memory of events, he could not live in his mind any happenings. He knew her wife was his wife, but had no memory of the wedding; remembered having worked for BBC, but not one thing, not one activity, that he has done or participated. Maybe he have retained a little bit of what we could call (and I lack any technical precision here) descriptive memory. He could retain the old relations of a name with a characteristic, a face with the level of proximity he had with the person, as long as they (these relations) were verbalized in his understanding. Because he could not evoke any fact, he lost the (other term with precision) narrative memory — but words still made sense to him. So, in living the same day every day, with no time, no continuity, maybe some perception could have been engraved in his mind, unconsciously or not, even with the damaged memory, in the direction of going on (letting go) without despair. This is only a guess. Thank you.
May 11