Skip to main content


Showing posts from 2009

Chrome+YouTube=ZiTube ! :)

Hello again!As you can see from the image above I coded a simpleextension for Chrome.After installing the extension from HERE you will havemore fun and freedom on youtube.I know there are many extensions and script around,but, believe it or not, this extension is madeof only 7 lines of javascript (for now).It also grabs the download URL in a very different way.As of now, this script won't work if you enabled the "feather"option on youtube, but I keep updating the extension, so it will.Feel free to leave me a feedback and any suggestion.
Have fun,Zibri

Native TomTom for Windows & Mac!

Many of you are surely familiar with the image above, but if you inspect the image carefully you will notice something 'weird'...

Yep! No tricks.
This image is 960x544 (without the footer with the buttons). How did that happen?! :)
Well this "TomTom" is running natively under windows. I know, there's no such a thing.
And NO, it's not windows emulating something that is running tomtom! Thrilled?
Many people think that the application TomTomHOME connects to the device and "somehow" runs the software in there...
TTHome uses a DLL which is,
as a matter of fact, the FULL TomTom navcore application compiled for windows and mac!
So, I modified the TTHome application to get the coordinates from a GPS! As simple as that!
All that is needed is the tomtom application and your original tomtom SD card containing maps and firmware (which is checked but not used).
The image above is a cropped screenshot of my PC with just my sdcard in my cardreader.
Obviously this work…

Obfuscation will never work.

Hello again, sweet readers !
OpenRG is an embedded OS for routers. It's based on Linux and it's inside many ISP routers out there.
Inside OpenRG configuration file, passwords appear in a way that can seem to be crypted, but it's just obfuscated.
For example: (username(admin)) (password(&b7;X&5c;&b9;&a2;))
Above you can see a simple deobfuscator. Enjoy!
You can try it with: &ad;Y&5b;&b3;&a3;&17;T&8b;&c4;&b9;#&96;&04;c&ea;&1d;$%&5d;&16;&08;B3&c0;

Success! :)

I successfully connected theUncle Milton's Force Trainerto my PC..It was easier than expected.Here's a sample interface, butyou can also use a cellular cable like the CA-42And connect it to RX,TX and GND on the base.The serial speed is 57600 8N1 and the data streamis pretty easy to understand.I also (lousily) coded a sample applicationwhich gives the two brain 'parameters' the headsetsends to the main game station.In the above example I was focusingon a particular thought very intensely.In this other example I was relaxingand focusing on my breath with my eyes closed.Stay tuned for more about this!

May the force be with you :)

Yes.. I bought this game.Fun aside, both the headsetboth the base have a nice JTAG portand maybe a serial interface.I got it this morning and I just startedinspecting the devices.They communicate on 2.478 and 2.408 Ghz frequenciesit's not bluetooth but a normal serial overthe air. If you are curious like me,the FCC site has FULL documentationand pictures of the inside.You will find them under theseFCC IDs: XCY150511UMI2009 and XCY150512UMI2009.I'll keep you posted.Yoda.Zibri

The 'unknown' chip on the base
you can't see on FCC site is a PIC16F727 44 pin.The other 'blank' chip on the headsetis a PIC16F722 28 pin.

Hidden things are usually the best :)

Well, what to say? The best feature I've seenin blackberry phones is hidden!Let's unhide it!On 8900 and 9000 (for example)press ALT+CAP+H.You will get to the "Help Me!" screen.That screen is not really what you thinkit is. It's a crippled engineering screen.How to uncripple it?Enter on the above formthe data you see on your 'crippled' screen.For App Version you must includethe space and parethesis.For Uptime, just enter the number.After filling all the form, you'llget your key.To enter it just press the keys.(You won't see anything)Use ALT for numbers andnormal keys for the characters.To enter C8, for example, youwill have to type: c then ALT+xAs soon as you have entered all 8characters you will see the abovescreen every time you willpress ALT+CAP+HStay tuned,Namaste!Zibri


When I heard the new blackberry 8900 was'difficult to unlock' I got curious.The BB security is nothing compared to the iPhone's.Do you want to laugh?I initially thought this unit had a defective you see that strange stripe of dotted vertical lines?Well.. putting a ruined image as the default backgroundis a really nice joke... RIM, you got me on this.If anyone else have "secure" devices for me to test,you're welcome to send them in ;)Happy holidays,Namaste!Zibri

Qualcomm chips insecurity.

Since I can't be too far from phones and alikes,I started studying Qualcomm chips.These chips are included in a LOT of data cardsand MANY phones (blackberry,android based phones, etc)Well Security on these chips (all of them)is ridiculous compared to competitors.Now, let me tell you one thing:I found a way to know the unlock code(SP lock, sim lock, network lock, whatever)directly from the card with a simple procedure.For now I won't spread this information.I will wait sometime and give time toqualcomm or any company producingphones or cards based on qualcomm chipsto contact me.If you want to contact me,you can write your message andcontact as a comment to this post.Namaste,Zibri

He's growing...and learning... :)



I kept this image for a long time know, but I knewI would have used it for a post sooner or later.Finally developers fought back piracy of iPhone apps:with a simple yet effective method they are securingtheir apps so that if you crack them (any of them) your iPhone will be blacklisted.As a bonus, any developer can choose not to allow anyone who cracked ANY app to run theirs.To get deleted from the blacklist, fairly enough, you have to buy all cracked apps.As I already told you, I stopped developing ZiPhone when I noticed the MAIN reason the most of you used it was to install cracked applications.In short:I am the one who allowed you to use the iPhone worldwide when that wasn't possible.The "others" are the ones allowing you to run cracked apps.And stop bragging about "freedom" since the "alternate" download services are now just a hypocritical way to circumvent the AppStore.In a single word: black market.To Apple:learn from developers: it's time y…

Powerline Ethernet fun and secrets.

Many 200 Mb/s powerline adapters nowadays are based on the INTELLON 6300 chipset.
Despite what can be thought looking at them, they are all using the same hardware and firmwares.
I heard many people with Netgear XAV101 or Linksys PLK 200 or PLE 200 having problems after firmware updates and many other people with other brands having much more problems because of lack of support or configuration/upgrade utilities.

So let me explain a few things I learnt studying them.

Many of 200 Mb/s powerline ethernet adapters follow the "HomePlug AV" standard. (85 Mb adapters use HomePlug 1.0 standard which is completely different).
This standard uses ethernet broadcast packets using the HomePlug AV protocol.

The interesting thing is that their firmware is made of two different parts:
a .PIB file (Parameter Information Block) and a .NVM file (the code itself).
In the P.I.B. there are many interesting things:
The branding (mac address, device name, etc) and the tone map.

I tested many firmw…

Unleash your ADSL horses!

Hello! I just made a discovery I want to share with you:As a few of you may know, on broadcom based adsl modems/routers there is a command line utility which allows to tweak the adsl physical connection.This command is adslctl and accepts many parameters.One of them is SNR which is used to force a lower (or higher) SNR.On the information page you will see that there is a maximum speed achievable on your own line due to noise, distance and quality and then you read the actual connection speed.An example:Max(Kbps): 18420 1027Rate (Kbps): 17972 1013If you issue the commandadslctl configure --snr 1You are telling the modem to set the minimum SNR(it may not give you any performance improves on a very noisy line)thus allowing the modem to 'hook' at higher speed.Since my line performed very well with snr=1 I wondered if it could be possible to lower the snr below 1. Then I thought that the variable used in the code is a signed WORD sosince a negative value is not possible why not try…

Microsoft suicidal? :)

Well, see for yourself! Isn't this a MacBookPro? Believe it or not this was captured from a MicroSoft commercial for SongSmith. SongSmith is the Microsoft way to try to destroy the music industry :) Oh by the way, get a HEX editor and search for: 20 60 54 00 00 inside SongSmith.exe change it to: 20 FF FF FF 7F (6 occurences) You will have a lifetime trial time :D (Product security must be revised) To get rid of the annoying splash screen search for: 2D 5B 14 73 27 02 00 06 and change 2D into 2C. :D

Google: Hack or Bug ?

For a few minutes GOOGLE today suffered of a denial of service. Every search was redirected to a page stating that the site (ANY!) could harm your computer. Was this a stupid glitch/bug or a hack ? Lucky for them it's Saturday and stock exchange is closed. I wonder what will happen on monday.

Knight Rider phone...

What's this ?The UI looks like the iPhone's..The phone doesn't.(Spotted in episode 12 of first season)

Nostalgy :,)

I'm a nostalgic, I know.Since David changed the layout of the old site.Here you have a backup of the original ZiPhone site.Not much of fun, but much better than google cache :)
The new address is:

R.I.P. Ricardo Montalban