Thursday, April 27, 2017

Theory of Time Travel using Quantum Mechanics is plausible

This post's video will disprove the following popular cultural beliefs;

  1. The "Grandfather Paradox" was described as early as 1931, and even then it was described as "the age-old argument of preventing your birth by killing your grandparents".[5] Early science fiction stories dealing with the paradox are the short story Ancestral Voices by Nathaniel Schachner, published in 1933, and the 1943 book by René Barjavel Future Times Three.
  2. The "butterfly effect" coined by Edward Norton Lorenz (1972), but first alluded to in the Ray Bradbury's 1952 short story "A Sound of Thunder". Ray Bradbury's concept of how the death of a butterfly in the past could have drastic changes in the future is a representation of the butterfly effect, and used as an example of how to consider chaos theory and the physics of time travel.
  3. The so called "Mandella effect" popularized in 2010. The Mandela Effect refers to a phenomenon in which a large number of people share false memories of past events, referred to as confabulation in psychiatry and currently disproved.

    Some have speculated that the memories are caused by parallel universes spilling into our own (thereby rewriting our past and present memories) this will proven impossible. 

There are very times I would use the label genius, but it applies to Dr. Seth Lloyd and he's break boundaries of space. For the uninitiated, Dr. Seth Lloyd, a MIT professor, quantum experimentalist (his words) and is the lead voice in quantum mechanics and who dubbed the term "Quantum Hanky-Panky" and published hit PHD Thesis April 1, 1988, proving humor, fun and math go hand-in-hand.

He describes the quantum mechanics of time travel during a guest lecture at the Institute for Quantum 
Computing, University of Waterloo. Recorded on Nov. 4, 2010 (how did I miss this?), this is the entire lecture entitled "Sending a Photon Backwards in Time."


Time travel is explained near the end of the lecture at time 59:40 (https://youtu.be/yCQ_3qE6SmQ?t=3580)

Summary

Watch the whole thing to understand it, but at a minimum a qubit is is a two-state quantum-mechanical system, such as the polarization of a single photon. It's as theoretical as close as you will get to time travel. 

According to Dr. Seth Lloyd; 


  1. qubits can travel back in time
  2. a qubit state in a past cannot be change to alter the state of the same qubit in the future

Are qubits timeless then? (my 4 cents). Has Seth just broken timespace in half? There has been some theories suggesting that we spacetime is broken, and you can replace completely rewrite gravity as an Entropic Force

Seth's alludes that he has mathematically proven and  has the experimental evidence the above holds true.

So you cannot go in the past and change things in the future. So self-consistency applies in the universal spacetime fabric.


Seth proves you cannot kill yourself in the past and change a potential future outcome and worlds. 

Countless plot lines and sci-fi adventures like Back to the FutureContinuum, have been proven not feasible. The sci-fi world is going to collapse into itself in an apocalyptic idea black-hole singularity:)  


So this disproves 1, 2, 3 above. Sorry folks.


 

Wednesday, April 26, 2017

The best, top rated, fastest, open source (free) Windows grep tool with a GUI

This post quickly reviews and recommend the best Windows Grep tools with a Graphical User Interface (GUI).  

A little backgrounder, grep originated from unix and now has linux and windows equivalents. It's a  command-line utility for searching within files for lines that match a text search or regular expression. Command-lines are difficult for the novice user to master hence the the need for a Graphical User Interface (GUI)


This is an current popular list of current  Windows Grep tools with a Graphical User Interface (GUI) with issues I found; 

  1. PowerGREP (paid $159 USD)
  2. Windows Grep (dead)
  3. Bare Grep (not open source, last update 2006, free unlimited trial, licensed is $25 USD)
  4. AstroGrep (open source, C# code base but super slow, tested personally)
  5. dnGrep (open source, C# code base but slow complaints by users)


The winner grepwin, an active open source initiative, last release 2017-04-08.

grepwin  "A powerful and fast search tool using regular expressions"


No. 1 for the following reasons; 

  1. Speed, this project is coded in C and is super speedy
  2. Open source and free, freely to inspect for malware and spyware, none so far
  3. Flexibility, you can combine search for file names and/or search for content separately!




Tuesday, April 25, 2017

mySQL Workbench vs SQL Server Management Studio (SMSS) vs SQL Formatting Beautify SQL Code

This post will examine SQL Server Management Studio vs mySQL Workbench SQL Formatting vs "Beautify SQL Code" online

Beautification or SQL Formatting basically will syntactically colorize and format SQL to be multi-line so it is human readable.

There are a plethora of sites (see chart at bottom) online to beautify but only a few sites that work when you SQL is syntactically incorrect.

The true test of you beautifier is whether or not it can parse SQL that is broken, incomplete or has an systax error. Many online SQL Formatting sites and tools will fail.

There is original and best is Poor Man's T-SQL Formatter (org. Oct 2013) and a upstart https://sqlformat.org/ is also good (it's interface is just slightly slicker).

Let's take this sample incorrect SQL statement that is missing the s in select


1
elect p.shipid,   p.shipname,   c.desc ContactShipCOM,   a.desc SpacialCoordiantes from profile p left join contact c   on p.id = c.profileid   and c.ord = 1 left join address a   on p.id = a.profileid   and a.ord = 1 where p.shipid = 'Rocinante' and c.show='The Expanse'

Paste into https://sqlformat.org/ a SQL Formatting engine that works on incorrect SQL

Not exactly as shown, but very close.



SQL Server Management Studio (SSMS)

SQL Server 2016 Management Studio (SSMS) is a free download, get it here.

There is no built-in SQL Formatting for SSMS, but because of Microsoft's architecture to make it's tools extensible the community stepped-up and made a tool to fit this need. Poor Man's T-SQL Formatter has a 
SQL Server Management Studio (SSMS) and Visual Studio Add-in for many years now. The installer is same for both, but it will give you an option for the Visual Studio add-in during the install wizard steps.


incorrect SQL Statement, still formatted 

















MySQL Workbench 

The latest MySQL Workbench 6.3 Community does have a built-in SQL Formatter but it does not work when the SQL is incorrect. Sadly, I have made a request for a fix for this in 2014, and still nothing has been done. Even though this is "open source" doesn't mean you get your request through the request queue and there is not other way to extend this product unlike SSMS. 


incorrect SQL Statement, NOT formatted 












So for the best SQL Editor and Formatter, I declare 
SQL Server Management Studio (SSMS) - Winner! 

Friday, April 21, 2017

Easy way to find, locate, edit and delete multiple Google Chrome cookies

There are 3 main ways to view your Google Chrome cookies, but the easiest way and most convenient way is a great little app called ChromeCookiesView from Nirsoft. It allows you to search, locate and delete multiple cookies for a particular domain quickly in a easy-to-use interface.

There is only 1 way to edit your cookie, 
you want to use review the last method which uses DB Browser for SQLite. 


Method 1 : Using ChromeCookiesView from Nirsoft

Download ChromeCookiesView from Nirsoft and run.

















Right-click to Delete the selected multiple cookies. No editing allowed.
Double-click on the highlighted item to reveal details, that are plainly readable. 




















Method 2 : Using Chrome built-in viewer

chrome://settings/cookies


Allows you to search for a particular domain and view the values. But you can only delete one domain at a time. No editing allowed.


































Method 3 : DB Browser for SQLite

Navigating to Google Chrome Windows path location on disk

C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data\Default\

Open the Cookies file in DB Browser for SQLite to view all cookies.

C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data\Default\Cookies

You can filter for domain in under host_key column. Select your row and to view the cookie. 
You can edit the value of the cookie by examining the encryted_value column (not in sight in screen capture below but value is highlighted in blue).

Click Mode Binary and edit the cookie, it's in hexadecimal (hex)
. But you can change values in the blue highlighted are in screen capture below.

Cut and paste into this HxD - Freeware Hex Editor to manipulate hexadecimal easily.












Wednesday, April 19, 2017

Skype hacked by CIA


Skype has comprised and targeted by your friendly neighborhood CIA agent as revealed in latest WikiLeaks leak, code-named "Vault 7".

This is not trivial since Skype boasts that it has more than 300 million monthly active users as of March 2016.
Recent CIA Wikileaks release mentions "Skype" hack for spying on users, under the section called "Fine Dining Tool Module Lists". Below is the relevant section.
DLL HijackSkypeUser, Video-ChatOperator uses Skype to chat or call while collection is occurring
For the uninitiated, the Wikileaks"Vault 7" release list a host of exploits for common everyday free and paid applications by the CIA. The "Fine Dining Tool Module Lists" section list applications whose modules or libraries (which are loaded to run the program known as dynamically loading libraries (DLL))  have been compromised and replace. This is know as "DLL Hijack" in the document.  A hijacked DLL enables practically anything to be done by the remote collectors; it can collect keystrokes, take screenshots, record microphone, snoop on your mail and the dreaded scenario of complete control over you computer using a remote administration tool RAT.   



Tien Phan describes in detail how one possible Skype DLL Hijack works, 
quoted from https://packetstormsecurity.com/files/138873/skype-dllhijack.txt
Hi,

There are a dll planting vuln in skype installer. This vuln had been
reported to Microsoft but they decided not fix this.

Here is the vulnerability details:
------
Skype installer in Windows is open to DLL hijacking.

Skype looks for a specific DLL by dynamically going through a set of
predefined directories. One of the directory being scanned is the
installation directory, and this is exactly what is abused in this
vulnerability.

Reproduce Notes:
1. Download this dll
https://mega.nz/#!b4ViSLJL!Pv99pN2d_WxsUHGPH0Ej3onwVeSdh41mpyKfQJfAq8E
2. Copy msi.dll to Downloads directory
3. download skype installer
4. execute the downloaded installer from your "Downloads" directory;
Observed behavior: message box ahyhya

Another dll can be used to hijack: dpapi.dll cryptui.dll
------

Regards,
Tien


-- 
Tien Phan
Blog : http://tienpp.blogspot.com
twitter : @_razybo_ 
This still works for the latest version of Skype 7.34 version, using dpapi.dll. 
Source code available here, I advise making your own DLL.   I created my own sample mock-up and video below shows the result.  

You can see how this would be a issue if dpapi.dll was downloaded in the background into same  "downloads" directory, and the Skype installer came days later. This would be the result.


The another favorite target seems to be  "msimg32.dll" DLL since it 
The DLL export 5 functions with the following prototypes:

  • typedef VOID(WINAPI *vSetDdrawflag)(VOID);
  • typedef BOOL(WINAPI *AlphaBlend)(HDC, int, int, int, int, HDC, int, int, int, int, BLENDFUNCTION);
  • typedef DWORD(WINAPI *DllInitialize)(DWORD, DWORD);
  • typedef BOOL(WINAPI *GradientFill)(HDC, PTRIVERTEX, ULONG, PVOID, ULONG, ULONG);
  • typedef BOOL(WINAPI *TransparentBlt)(HDC, int, int, int, int, HDC, int, int, int, int, UINT);

Re-route all calls to any of these functions to the "real" functions and return appropriately.

From https://www.codeproject.com/Articles/30659/Windows-Live-Messenger-Plug-in-Development-Bible


We've chosen MSIMG32.DLL as the proxy DLL that will reside in the WLM executable directory, forcing it to load our fake DLL instead of the MSIMG32.DLL which is located in the Windows system directory. Note that we can force the loading of our DLL from the WLM executable directory since this DLL is referenced on PE imports therefore loaded by the NT Loader, not by the executable itself. Keep in mind that other applications may load DLLs manually with LoadLibrary, either using the default Operating System library search order, or overriding it using absolute paths.


How to Prevent this?  

No guarantees here, especially if you are already infected and don't know it. If any dll like this exists in any of your PATH variables, then it will be picked up by default.

But best practice is to clear your temp files of all files;

  • C:\Users\{username}\AppData\Local\Temp
  • C:\Windows\Temp
These are accessible by typing at Start->Run
  1. TEMP
  2. %TEMP%
Do a deep clean using https://www.bleachbit.org/ to remove all temporary files from you browsers.

Lastly: Don't install your products from download folder. Create a new folder and move installer there. Then blow it away. 

References: 
https://blogs.sophos.com/2017/03/10/qa-wikileaks-the-cia-fine-dining-and-dll-hijacks/ 

Monday, April 17, 2017

Powershell ConvertToDateTime Method Definition and Implementation Error, ConvertToDateTime Bug

The post deals with the hunt for the definitive Powershell ConvertToDateTime method definition and implementation error. I will prove that ConvertToDateTime in Powershell yields the incorrect result every time.

Let's start with a typical Powershell classes that you will invariable touch upon and that is the Win32_OperatingSystem class that has properties about the version and name of Windows you are running. It also has some interesting methods, which are Reboot, SetDateTime, Shutdown, Win32Shutdown, Win32ShutdownTracker which are well documented on MSDN.

But when we list these members in Powersehell we get two additional methods 8,9 in results below with a Member Type of ScriptMethod.

There is no ScriptMethod type that is defined in any .NET class or CMI base classes, nor is there any mention of the ConvertFromDateTime and ConvertToDateTime methods in the CMI classes.

1
Get-WmiObject Win32_OperatingSystem | Get-Member -MemberType *method

results in

1
2
3
4
5
6
7
8
9
Name                 MemberType   Definition                                                                                             
----                 ----------   ----------                                                                                             
Reboot               Method       System.Management.ManagementBaseObject Reboot()                                                        
SetDateTime          Method       System.Management.ManagementBaseObject SetDateTime(System.String LocalDateTime)                        
Shutdown             Method       System.Management.ManagementBaseObject Shutdown()                                                      
Win32Shutdown        Method       System.Management.ManagementBaseObject Win32Shutdown(System.Int32 Flags, System.Int32 Reserved)        
Win32ShutdownTracker Method       System.Management.ManagementBaseObject Win32ShutdownTracker(System.UInt32 Timeout, System.String Com...
ConvertFromDateTime  ScriptMethod System.Object ConvertFromDateTime();                                                                   
ConvertToDateTime    ScriptMethod System.Object ConvertToDateTime(); 


So just what is a ScriptMethod?

Turns out that you can extended type data defines additional properties and methods ("members") of object types of the  Microsoft .NET Framework in Windows PowerShell. These extensions load by default is your session when powershell is started by loading built-in Types.ps1xml file that adds several elements  to the .NET Framework types.

This file is located at
$PSHOME\Types.ps1xml (that is not a typo, there is no ps1.xml)

In Types.ps1xml we can see how ConvertToDateTime ScriptMethod is defined at line 16 which calls

[System.Management.ManagementDateTimeConverter]::ToDateTime($args[0]) 


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<ScriptMethod>: Defines a method whose value is the output of a script.

         The <ScriptMethod> tag must have a pair of <Name> tags that specify
         the name of the new method and a pair of <Script> tags that enclose
         the script block that returns the method result.       
            
         For example, the ConvertToDateTime and ConvertFromDateTime methods of 
         management objects (System.System.Management.ManagementObject) are
         script methods that use the ToDateTime and ToDmtfDateTime static 
         methods of the System.Management.ManagementDateTimeConverter class. 

             <Type>
                 <Name>System.Management.ManagementObject</Name>
                 <Members>
                     <ScriptMethod>
                         <Name>ConvertToDateTime</Name>
                         <Script>
                             [System.Management.ManagementDateTimeConverter]::ToDateTime($args[0])
                         </Script>
                     </ScriptMethod>
                     <ScriptMethod>
                         <Name>ConvertFromDateTime</Name>
                         <Script>
                             [System.Management.ManagementDateTimeConverter]::ToDmtfDateTime($args[0])
                         </Script>
                     </ScriptMethod>
                 </Members>
             </Type>


This is a direct call to the .NET ManagementDateTimeConverter Class invoking the ToDateTime method, with following description.
ToDateTime(String)
Converts a given DMTF datetime (CIM_DATETIME) to DateTime. The returned DateTime will be in the current time zone of the system.
WMI uses the DMTF datetime formats defined by the Distributed Management Task Force (DMTF.org) Common Information Model (CIM) specification. The CIM_DATETIME format is implemented in the Microsoft Managed Object Format (MOF) by the DATETIME MOF datatype. The date and time formats can also express an interval of time. CIM_Datetime format is defined as yyyymmddHHMMSS.mmmmmmsUUU where UUU is number of minutes different from UTC/Greenwich Mean Time as per Microsoft TechNet "Working with Dates and Times using WMI"
We can use the following Powershell script to demonstrate to output CIM_DateTime format and its converted date and time using ConvertToDateTime ScriptMethod.

1
2
(Get-WmiObject Win32_OperatingSystem).InstallDate
([WMI]'').ConvertToDateTime((Get-WmiObject Win32_OperatingSystem).InstallDate)

which yields CIM_Datetime string and equivalent datetime value.


1
2
20100216010920.000000-300
Tuesday, February 16, 2010 1:09:20 AM

Now lets test the C# equivalent

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
private static string WindowsOSInstallDate()
{
    try
    {
        ManagementObjectSearcher _mbs = new ManagementObjectSearcher("Select InstallDate From Win32_OperatingSystem");
        ManagementObjectCollection _mbsList = _mbs.Get();
        string installCIMdatestring = string.Empty;
        foreach (ManagementObject _mo in _mbsList)
        {
            installCIMdatestring = _mo["InstallDate"].ToString();
            break;
        }
        // Converting DMTF datetime to System.DateTime
        DateTime installdatetime = ManagementDateTimeConverter.ToDateTime(installCIMdatestring);
        // returns both
        return "CIM_DATE : " + installCIMdatestring + "\n" + String.Format("{0:ddd d-MMM-yyyy h:mm:ss tt}", installdatetime);
    }
    catch
    {
        return string.Empty;
    }
}

which yields identical result! But.................

1
2
CIM_DATE : 20100216010920.000000-300
Tue 16-Feb-2010 1:09:20 AM

But there's a gotcha!


Testing in with different time zones


When I changed my time zone to (UTC) Coordinated Universal Time (UTC+0:00), I get the following result using C# code. 


1
2
CIM_DATE : 20100216060920.000000+000
Tue 16-Feb-2010 6:09:20 AM

The CIM_Datetime string (+000) indicates the correct time zone which is UTC.
The datetime value (6:09:20 AM) has adjusted to the current UTC time zone, as expected.


However, when I run the Powershell script in the 
(UTC) Coordinated Universal Time (UTC+0:00) time zone, get the following result.


1
2
20100216060920.000000+000
Tuesday, February 16, 2010 1:09:20 AM

The CIM_datetime string (+000) indicating the correct time zone which is UTC.

But the datetime value (1:09:20 AM) has NOT CHANGED. It's the same as in my my default (UTC-05:00) Eastern Time (US & Canada). The returned DateTime is not in the current time zone of the system. In fact it's the same in all time zones I tested.


DANGER WILL ROBINSON DANGER, ERROR, ERROR



Powershell ConvertToDateTime Bug


Powershell ConvertToDateTime does NOT adjusted to the current time zone! 

Running ConvertToDateTime on any WMI class will result in the datetime not be in the current time zone. Line 2 of Powershell script will produce the same result in any time zone, for any CIM_datetime property in any WMI class.

1
2
(Get-WmiObject Win32_OperatingSystem).InstallDate
([WMI]'').ConvertToDateTime((Get-WmiObject Win32_OperatingSystem).InstallDate)


1
2
20100216060920.000000+000
Tuesday, February 16, 2010 1:09:20 AM

It's a subtle error that I am still try to get an answer to from Microsoft.

Is this the returning the original timezone the computer was installed in? Or is just ignoring the timezone completely.

This applies both powershell.exe and powershell_ise.exe.

Please upvote this issue "Powershell ConvertToDateTime bug" on the Microsoft's PowerShell forum site.



Update May 10, 2017 PowerShell forum site



Hi Ilya, thank you and you are correct, in your assumption of not restarting Powershell (PS). (koodoos).
          However, there is an error still occuring.
When you run the PS code line 1, (Get-WmiObject Win32_OperatingSystem).InstallDate it emits CIM_DATE 20100216060920.000000-300 for me in my default Eastern Time Zone. Then while PS is still running, I change the time zone to UTC, rerun line 1 and get CIM_DATE 20100216060920.000000+000 which indicates it correctly grabbed new change time zone to UTC (indicated by +000). Time zone offset being indicate by +/-xxx in minutes in CIM_DATE format.

The InstallDate in UTC time zone remains the same, if you restart PS or not. This tells us PS is grabbing the correct changed time zone, while PS is still running. So far, so good, behaviour as expected.

But the next PS code line 2, ([WMI]'').ConvertToDateTime((Get-WmiObject Win32_OperatingSystem).InstallDate) does not apply the change time zone to UTC (while still running PS) as you keenly indicated. (great catch btw!). Only when you reboot PS code line 2 gives you the correct result and applies the change time zone. This is the error.

So I vote this still a PS issue, since the line 1 is saying it pick-up the time zone change, but does not apply it to line 2 calculation. Conversely, if PS did not pick-up time zone change in line 1, then you would think to restart PS so it might get the new time zone.

Solved : Resolution from above

Restart of Powershell does produce the correct calculation, taking into account UTC time zone. See above for the remaining issue.  


1
2
20100216060920.000000+000
Tuesday, February 16, 2010 6:09:20 AM