# Infinityflame

• ## Simulating a phone combination brute force

If a malicious individual were to steal your android or iPhone, plug in a device to emulate a keyboard and have it test every single pass code possible, it would take a while, using the following tutorial, you can calculate the time It would take to do so.

Firstly, you need to grab Python 3.4.3, or you can probably use the version you have installed. Next we need to create the code.

Firstly we need to import `datetime` to convert the guesses into time it would have taken, we also need to write down what the combination is, for this example, it will be ‘3502’.

`import datetime`
`combination = "3502"`

`print (" [Info] Starting")`

Then we need to add a guess and how long has passed while performing a guess, as it takes time to enter the numbers into the device, we will simulate this as well as 1 second.

`guess = "0000"`
`seconds_taken = 0`

`def addsec(seconds):`
`     global seconds_taken`
`     seconds_taken = seconds_taken + seconds`

I could have added the seconds section into the code directly, but adding as a def allowed me to edit it if I needed to, now that we have done the basics, we need to start guessing, there are 10,000 possible combinations, thats combinations such as 0001, this is problematic as leading zeros will not be carried over into integers in python, we can fix this using .zfill(4), which will add the leading zeros back into the guess, allowing us to compare it with the actual combination. This also means that we can convert the guess back into an integer in order to see if we have exceeded our limit. We also need to add a second for a combination guess.

`def addsec(seconds):`
`     global seconds_taken`
`     seconds_taken = seconds_taken + seconds`

`while int(guess) <= 9999:`
`     addsec(1)`
`     if guess.zfill(4) == combination:`
`          print (" [Alert] Combination guessed, combination is " + combination)`
`          break`
`     else:`
`          guess = str(int(guess) + 1)`
`          print (" [Info] Guess is now '" + str(guess).zfill(4) + "'")`

Finally, we need to convert our result into a time, we can do this by dividing our seconds_taken (which is coincidentally the number of guesses if you add one for ‘0000’) by 5 (because it takes 5 guesses before a penalty), and then tuning that into an integer, rounding down and then multiplying by 300, to simulate 5 minutes lockout. then we combine penalties_incurred and seconds_taken, to get the time it takes to guess the combination (in seconds), then use that to convert into an hh:mm:ss format, using `datetime`.

`penalties_incurred = int(seconds_taken / 5) * 300`
`time_taken = (str(datetime.timedelta(seconds=(penalties_incurred + seconds_taken))))`
`print (" [Finished] The combination would have taken '" + time_taken + "' to brute force. (h:m:s)")`
`print (" [Finished] You would have had to wait for " + str(int(penalties_incurred / 300)) + " lockout session(s)" )`

## What have we learnt?

• There are 10,000 possible combinations.
• For my combination, it would take 6 days, 30 minutes to guess.

On an Android Device,

• It would take over 2,000 lockouts to guess every combination.
• It would take 7 days, 1 hour, 26 minutes and 40 seconds to guess every combination.
• It would take 8 hours, 28 minutes and 20 seconds to guess 500 combinations.
• It would take 50 minutes and 50 seconds to guess 50 combinations, with 10 lockouts.

On an Apple Device*,

• It would take 1666 lockouts to guess every combination.
• It would take 5 days, 21 hours, 36 minutes and 40 seconds to guess every combination.
• It would take 7 hours, 3 mintes and 20 seconds to guess 500 combinations.
• It would take 40 minutes and 50 seconds to guess 50 combinations, with 8 lockouts.

*However, apple wipes their devices after 11 bad combinations, to avoid this, the combinations would have to be entered correctly after the sixth try in order for the apple device estimates to be correct, which defeats the purpose of brute forcing, for that reason apple devices are much more secure, however there is potential for data to be deleted accidentally.

This simulation is flawed because,

• It does not take into account combinations greater than 4 digits
• It does not take into account cumulative waiting times
• It does not take into account device combinations that don’t involve numbers
• You could increase the number of digits allowed in order to calculate your combination, for example if it was 67890, replacing the 13th line with 99999 would allow you to calculate it.

Here is the full code extract,

• ## How to setup MMS on O2 pay & Go Go Go

I recently had a problem with O2’s pay and go go go sim, where I was unable to send MMS or group text people, after a couple conversations with O2 chat and some form help, I was able to finally get it working, perviously when I tried to send an MMS or Photo, I would get the message ‘MMS blocked by Carrier’. But this solution should fix it for you, as it did for me.

The first issue I had was that my apn settings were wrong, here is how to fix it, your settings may vary, but essentially you need to get to your ‘APN’ settings menu in your phone, usually it is
` Settings > General > Mobile Data > Mobile Data Network > APN`
and for Iphones it is
`Settings > Mobile > Mobile Data Network > APN`
and for me it was ‘Quick settings’, then tap and hold ‘Mobile Data’ and select ‘Access Point Names’, see below.(I have a HTC Desire 610, but this may apply to most HTC’s)

Now you have located the menu, you should probably reset your ‘APN’ settings to default, you can do this by pressing the menu button and pressing ‘reset to default’, this stap is technically optional and may straight out fix your problem, so it may be a good idea to check it out. Once you have done that, you should have the following APN; (these may vary from phone to phone)

Name – ‘O2 Pay & Go’
APN – ‘payandgo.o2.co.uk’
Proxy – Not Set
Port – Not Set
Server – Not Set
MMSC – ‘http://mmsc.mms.o2.co.uk:8002’
MMS Proxy – ‘82.132.254.1’
MMS Port – ‘8080’
MMS Protocol – ‘WAP 2.0’ (2.0)
MCC – ‘234’
MNC – ’10’
Authentication type – Not Set
APN type – ‘default,hipri,dun,supl,mms’
Bearer – Unspecified

Now save.

(Settings may vary from phone to phone, so make educated decisions if you are stuck, or Google your specific phone settings for O2 (Or your Carrier).)

You now need to add a new APN for MMS, note that you should have 2 APN’s one for Calls, texts and Internet, and one for MMS. Give it the following settings;

Name – ‘O2 MMS’
APN – ‘wap.o2.co.uk’
Proxy – ‘http://wap.o2.co.uk’
Port – ‘9201’
Server – ‘http://mmsc.mms.o2.co.uk:8002’
MMSC – ‘http://mmsc.mms.o2.co.uk:8002’
MMS Proxy – ‘193.113.200.195’
MMS Port – ‘8080’
MMS Protocol – ‘WAP 2.0’ (2.0)
MCC – ‘234’
MNC – ’10’
Authentication type – Not Set
APN type – ‘mms’
Bearer – Unspecified

Now save.

(Settings may vary from phone to phone, so make educated decisions if you are stuck, or Google your specific phone settings for O2 (Or your Carrier).)

You should now have two APN’s and should now be able to use calls,texts,internet and mms (as well as group messaging and photo sending) on O2 Pay and Go Go Go.

• ## Using Hashlib to Securely store user passwords and credentials.

What is hashing?

Hashing a password means that users cannot have their passwords compromised when a database engineer is reading cleartext in user databases (to a degree, the passwords could be decoded, but hashing them makes them illegible to someone who is not doing anything extensive). And also prevents hackers from reading passwords in plain text and can be compromised by collision attacks.

Additionally when hashing a password a salt may be added to the password, this prevents a database from being attacked by dictionary attacks.