Category Archives: English

Maps, activation codes and server-side validation

If you skip server-side validation, someone will eventually find out. Hi, I’m someone, and this is a story about why you should think about server-side validation.

Story time

In July 2013, I bought a new, previously owned, Volvo V60. As part of the deal, the dealership included the latest map update. So, I left the dealership with the car and a box containing not one, not two, but three DVDs. Each that would spend hours in the DVD tray while updating the maps.

Now, these DVDs were probably dime a dozen. You could buy them used on the Internet, pick them up at any Volvo dealership and I would not be surprised if they were available for download from the Internet as well. So, to prevent piracy, you had to type in an activation code when starting the upgrade progress. But wait – then everyone with an activation code could sell their DVDs and the code to the next person once they had updated their maps? Well, no. You see, the activation code only worked on your car.

Getting the activation code

The way you got your activation code was simple: you would visit a web site, type in your vehicle identification number (VIN for short) and a drop-down list would show the part number for the maps you had the right to use. I mean, you could literally type in any valid VIN for that brand and model series and see what map options they had. You could even request their activation code sent to your email address. Now that is user friendly.

So, the activation code only worked with the correct combination of map number and VIN. However, when I entered my VIN, the part number for my DVDs did not show up in the drop-down. A few others appeared, presumably already installed by the previous owner.

Apparently, the company selling the maps had not yet received the order from the dealership. This was late Friday afternoon, if I recall correctly, so contacting the dealership would have to wait … but then I thought, what if I change the options in the drop-down list? It cannot be that easy? Surly they would validate the input, check it against their database one more time before sending out an activation key?

You already know the answer; I opened developer tools and changed the product to match the one I had. I pressed submit and a few moments later, voila! You got mail!

“Dear Valued Volvo Driver, […] Here is your activation code.”

Would you look at that. It was almost too easy. So, just to confirm, I found another number on the Internet and, once again, I received an email with a new activation code.

So, here you have a service that gives you a list of choices, and they do not even check if you have selected within that range. That is just lazy.

In the end, I could have saved me the trouble; after the weekend, the part number automatically appeared in the drop-down list, and a year or so later, Volvo put the maps on the Internet for free. All you had to do was download them to a USB stick and plug it into your car. Well, you also had to upgrade your navigation system to remove the need for an activation code, for a small fee, of course.

Doing the right thing

I reported the bug to the company responsible for the map service, but I never heard back from them. Since this service no longer exists, I think it is okay to share this story. I did not break any rules, from my point of view, but I can see how this could have been abused.

To be honest, for a split second, I was thinking about sampling a few VINs, note down the map options and crossmatch them to generate a lot of activation codes, which I then could try to figure out how the code generation worked. But that would have been crossing a line.

So, the takeaway is this: Do not trust the client-side, always do server-side validation.

I don’t keep bookmarks, I keep tabs

Ever since browsers added tabs – and the ability to restore them on start up – I’ve been using them almost religiously. Bookmarks, on the other hand, was never my thing. And while I do have them, 219 to be precise, I don’t use them. They are out of sight, whereas my tabs aren’t.

Right now, I have 30 tabs open in Chrome (I just closed four to tidy up a bit) and 26 in Edge. I have kind of a system, with emphasis on “kind of”, where Edge is used for work-related sites that require login and Chrome is used for (almost) everything else.

Tabs are like to-do lists, ever-growing and mostly ignored.

So, to close a few – and at the same time expose some of my various interests – I will post some of them here. That way I can close a few tabs, keeping just this page open instead.

(I see the irony, no need to point out that this will end up as a glorified bookmark)

On Corona

All I need to know about the corona situation in Norway (in Norwegian). This page is gold if you like graphs and statistics. It’s also an exception to my general rule of not reading VG (it’s a tabloid newspaper after all).

On security and cloud (advent calendar 2020)

You would assume it was possible to read one article per day during December – this was an advent calendar after all – yet it didn’t happen. I never got around to reading any of them. Not one. I’ll might get to them, eventually, once they are outdated.

On learning Vim

I use Vim as my coding editor, for the most part – I’ve written about it before (in Norwegian). My plan is to read these guides some rainy day, so it could be any day now, according to the forecast. Could even be today.

On programming

Reading material or just for reference; I don’t know yet, but I still kept them around.

On stories

The name of this site should be self-explanatory.

On Linux productivity

I use Linux – maybe I could learn a new trick or two. Or maybe I’ll just pretend I’ll find the time to read 89 pages on various Linux tools I’ll never use again.

On algorithms

Algorithms, they are all around us, might as well learn a few. The fact that this site contains 26 e-books – one in what I assume is Chinese – didn’t stop me from keeping it in a tab for months. But will I ever read one of them? Will you? Let me know in the comments section.

On ports and pools

Network ports and connection pools, that is. Obviously work related … I don’t have a pool.

On calculus

What is it? Let’s find out … another day.

On the Internet

It’s no secret: I miss the old Internet, or at least the idea of the old Internet.

There you have it: 16 tabs I can close, pretending I will read them later – just like I’ll pretend to clean up my bookmarks.

Problems starting Steam on Linux

I recently installed Steam onto my Linux laptop. You know, to play games and such. Well, actually, just to try that one game which I knew was running in DOSBox. It’s that kind of game. Old. Should work on Linux, right? I mean, it’s DOSBox. Well — it didn’t — and Steam would not start either.

The problem

Trying to start Steam resulted in nothing. Tried several times. Nothing. Trying to start it from a terminal produced some error messages. That’s a good tip. If you have problem starting a program in Linux, try to start it in a terminal. It usually produce some information instead of dying silently.

$ steam 
 Running Steam on centos 7 64-bit
 STEAM_RUNTIME is enabled automatically
 Installing breakpad exception handler for appid(steam)/version(0_client)
 /home/torh/.local/share/Steam/ubuntu12_32/steam: symbol lookup error: /lib/ undefined symbol: xcb_send_request_with_fds
 mv: cannot stat ‘/home/torh/.steam/registry.vdf’: No such file or directory
 Installing bootstrap /home/torh/.local/share/Steam/bootstrap.tar.xz
 Reset complete!
 Restarting Steam by request…
 Running Steam on centos 7 64-bit
 STEAM_RUNTIME has been set by the user to: /home/torh/.local/share/Steam/ubuntu12_32/steam-runtime
 Installing breakpad exception handler for appid(steam)/version(0_client)
 /home/torh/.local/share/Steam/ubuntu12_32/steam: symbol lookup error: /lib/ undefined symbol: xcb_send_request_with_fds

The Solution

So I did a quick Google search, and instead of ending up on this blog post (like you did), I ended up at a GitHub issue where a post from 2017 gave me this answer. And guess what? It works! Just run this command from terminal, and after that it should work as normal.


In my case Steam started updating itself. So I guess the package available for CentOS isn’t kept up-to-date. And why would they, if Steam updates itself anyway.

The Question

Why on earth this hasn’t been fixed yet beats me. Actually, the Github issue says that it’s fixed, so I guess we are back to the point that the package in CentOS isn’t updated.

And why a game which “only” needs DOSBox isn’t supported on Linux is also a bit strange. I could always download it on a Windows machine and copy the files and see what happens.

Anyway. This was more about getting Steam running and less about me trying to play a game from my childhood years.

Knights of the Sky – Part 1

This post was written 4-5 years ago, back in October 2014, but for some reason never left the draft folder. Well, here it is. Maybe this will give me the necessary incentive to produce a part 2 in the near future.

I’ve recently become interested in doing some small programming projects. Mainly using C and assembly language. For some reason low-level programming and embedded systems appeal to me.

For fun, I decided to poke into the code of Knights of the Sky, the PC-version. A game which has given me hours of fun when I was young. Being a 16-bit DOS based game I thought it would be a relative easy task. The actual source code isn’t publicly available to my knowledge, so for this I had to look from the outside and in using different tools like hex editor and disassembly.

How the game is assembled

The game is split into several executables, none of which I was able to start directly from Dosbox. Neither was I able to disassemble them into anything useful. A quick peek using a hex editor reveals that they are compressed with the LZ91 algorithm. This isn’t a problem, the internet is full of tools which can uncompress them and make executables which can be dissassembled.

Notice the timestamp of the files

Splitting the files make some sense. Some because of the memory limit in early DOS era, but also because not all of the files are used. It all depends on the choices you make during setup, like sound and graphic options. Several of the executables have similar names, like CGRAPHIC.EXE, EGRAPHIC.EXE, MGRAPHIC.EXE and TGRAPHIC.EXE, and only one of them is used during game play. Same goes for sound.

Playing Knight of the Sky

To start the game the player would have to start KNIGHTS.COM, a basic binary executable which is loaded directly into memory location 0100h. This file acts as a loader which kicks off a chain of other executables.

Knights of the Sky code execution
My interpetation of the execution flow.

SU.EXE is the setup where the player can choose input (keyboard, mouse and/or joystick), sound and graphics options. This is passed along to DS.EXE which, and I’m guessing now, is the part responsible for the stack and the memory layout (remembering the choices made, etc). After SU.EXE, DS.EXE is run between every executable until the player exits the game.

Copy protection

ID.EXE is the game “copy protection” scheme, where you are presented with an image and have to choose the right option. This is found in the game manual. Remember those?

If the player selects wrong she or he is only able to play a training session. Again, I would guess that the result of this “copy protection” is also stored somewhere in memroy. MISC.EXE is also loaded into memory (overlay, not executed) by KNIGHTS.COM. This seems to be the code responsible for handling the game port (joustick). In my copy of the game this executable has a creation date of 1989, while the rest of the files are compiled in 1990.

Catalog files – think of uncompressed .zip files – just a big buch of different data stored within the same file.

Going back to ID.EXE, there is also a file called ID.CAT, which is basically a container for the images used by this executable. It contains one background image and several logos. One of the logos are presented and the user has to select the correct name which belongs to that particular logo. Creating a program to extract those files was (almost) straight forward after using a hex editor to figure out the internal data structure.

The two first bytes tells how many files are “packed”, immediately followed by the following data structure times the number of the two first bytes. In this case, 18 times. The same structure is used for the other CAT-files in the game as well.

struct fileHeader {
    char name[12];       // Filename with a maximum of 8.3, DOS-style
    unsigned short u1;   // ?? I Have no idea ??
    unsigned int size;   // File size in bytes
    unsigned int offset; // Offset from beginning of file

There are also some files ending with PLN, all of which has the same size (256 bytes) and almost the same content. The name is almost a dead give away that we’re talking about different colors, and swapping one file with another reveals that these are responsible for the color of your plane, seen from the outside (hitting F2 during flight) that is. However they do not seem to impact the landscape in any way. I’ll just assume that PLN is an abbreviation of the word “plane”.

Savegame file

The last file I will mention is the ROSTER.DAT. This is the only file which changes during game play (did someone say save game?). It’s 35K bytes, and since the game supports 10 saved players (no more, no less), it was fairly easy to guess how much “space” each player occupies. The structure of this file has to be well-defined, but I have only scratched the surface so far. Then again, I’m more interested in decoding the graphics and sound then trying to cheat the game. It’s a pain to play without a joystick anyway.

Now that we know where the different files are used and why, we are ready to dive deeper and do some real disassembly. The focus next will be on extracting and viewing images as well as be able to play the music from the game.

Fixing Yongnuo RF-600TX

A few years ago I bought two Yongnuo RF-602 RX receivers and a Yongnuo RF-600 TX transmitter for my Canon flash units. Recently they started misbehaving. Sometimes the flash didn’t fire, sometimes it fired to late. When using the test button however, the transmitter worked fine. What I noticed was that the green light on the front of the transmitter was flashing more or less continuously (when connected to a camera and the camera was on).

The green light is supposed to light up when the shutter button is half-pressed, and I assume it sends a signal to the receivers to wake up the flash. I also suspect that this behaviour, where the green light is on for no apparent reason, is “jamming” the other signal.

If you have this problem, the easiest way to verify is to block all the pins on the hot shoe except the one in the middle, which is transmitting the trigger signal. I used a thin piece of plastic to test this. This silenced the false signal and allowed the real trigger signal to function.
Image by OzAdr1an on Flickr

The more permanent solution is to open up the RF-600TX and remove the wiring to the offending pin. The unit has 3 wires. One for the trigger signal, in my case the wire in the middle, one wire for the base of the hot shoe, let us call it ground, and a third wire going to one of the other pins. This will vary depending if you have the Canon or the Nikon model.

Figure out which wire goes to the center pin, and which goes to the ground. Cut the third wire. Or take a soldering iron and gently remove it, in case you want to reattach it. That is what I did. To figure out what’s what I used a multimeter.

By the way, this might slow down the sync speed. But in my case it never worked with anything higher then 1/160 anyways…

Update: I just thought about this. To wake up the flash unit(s) you can half-press the test button instead of the shutter button. Or just force the flash units from going into sleep mode.

The image in this blog post is from OzAdr1an on Flickr and has been modified.