Tuesday, June 06, 2017

Github, Git, Git Extensions, using Git, Git Tips and Tricks, Git for Windows

Git Tutorial #1 - Reset current branch to delete local commits with no data loss, and replace with 1 better remote commit

When you are working on a project thats undergoing changes so rapidly that you have no chance to do milestones or take breaks to put out stable versions, you should still commit LOCALLY (Commit, not Commit&Push) often to back up your work, and have old code to go back to during troubleshooting. Taking the time is annoying so just write as little description as possible to save time. 
Then after you have gotten to a milestone or a stable point, you can throw all those away, and Commit and Push ONE single solid commit with complete description and thought put into it when you have time.
This is best to do with local commits only, otherwise there can be some weird situations.
I mean you can do it, but its bad practice to change the history.

Step 1 - Highlight the last commit you want to keep.



Step 2 - Right click on it and choose Reset current branch to here.



Step 3 - This is where you make important decisions. In this tutorial we want to leave our files unchanged, and just delete the commit indexes.



Step 4 - Now it will show the last commit as the past one you picked, and that "New" files can be committed. Still no file data has changed.  At this point you want to the final Commit, and (most likely Push to github too).



Step 5 - You see you've effectively turned all the junk into 1 well formatted commit.


Can the text/descriptions for the old ones can be copied to the new text? No. There is no easy way to aggregate them all like some other git merge commands do. This is why I said dont put that much effort into the temp names. You could copy/paste em manually if it was that important.

Saturday, June 03, 2017

Synergy and Serial Number Activation Key for SSL security - Reverse Engineering the source code (easy)

Intro:

Synergy is a great program, marketed and sold by a company called Symless. It's like a network KVM w/ drag&drop files and clipboard support so you can use multiple computers at once. Point being, it also supports SSL encryption - but not for free.
Theres a Basic license for $19 (which from what I can tell does exactly nothing extra from what you already get without paying)
And a Pro license for $29. Pro gives full SSL (TLS through OpenSSL) AES-256 bit security for your connections. AES256-GCM-SHA384 TLSv1.2

You can't even download the free version from their website anymore. But it is Open Source @ https://github.com/symless/synergy-core
EDIT: They have since moved to calling it "Synergy-Core" as Open Source to distinguish from the paid.

It doesnt matter whether you download binaries somewhere (current version is 1.88 stable as of this writing), or compile it yourself (pretty difficult) - because it ends up installing essentially an unregistered, not activated version without SSL.

But we can fix that.... (without even tampering with the program file)!

Reading the Code:

Since the source code is public, we can reverse engineer their pointless activation scheme. To reverse engineer it, start by heading to the source: https://github.com/symless/synergy-core/
You can look through the source code and you will find this;

https://github.com/symless/synergy-core/blob/master/src/lib/shared/SerialKey.cpp#L126 = The SerialKey::toString() definition neatly shows us the basic format of the key.

https://github.com/symless/synergy-core/blob/master/src/lib/shared/SerialKey.cpp#L226 =  The SerialKey::parse() function actually has an example key in the comments, and is showing the validation routine.

This is what we can gather: a string needs to begin and end with a {  } and has 8 semi-colon ; seperated fields (or 9 but we dont want that one - thats for starting a trial of pro). For the last two fields we put 0 for unlimited.

Such as :
{v1;pro;YOURNAME;#userLimit#;EMAIL;BUSINESSNAME;0;0}

However you cant just paste that in, it needs to be encoded into hex....

Cracking the Code:

I've made it easy, automatic, non-intrusive, anonymous, and not sketchy at all. Visit this online C++ compiler and hit the "RUN" button to run the code (in the cloud) that I've created, (based on the source code). The code runs in the cloud not your machine and is totally safe.  Feed it any values you want for name/email - they dont even have to be real!:
Activation Key Number Generator Script Serial  for Synergy http://cpp.sh/3mjw3

NOW you can paste that Hex code in. Voila, its activated.

Afterword:

You should still donate the company some money when you get the chance so they can continue to provide this great software AND keep it open source.

Note= both machines need to have the license key for SSL handshaking to work, and they both need to be on the same version (or close). The OpenSSL accept fingerprint window will pop up, thats how you know its working.

Proof of Concept Picture:
https://puu.sh/w9y0h/b67ecae2fb.png

Theres no way they can know, I checked. Unless they read this :) If they do, PM me.