Hacker Public Radio is an podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that are of interest to hackers and hobbyists.
This is sort of a response to hpr4097 :: Will they take our jobs? Of course they will. by dodddummy, and also the latest community news show, and other shows about the topic.
https://github.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy
Java Android Magisk Burp Objection Root Emulator Easy
(JAMBOREE)
Get a working portable Python/Git/Java environment on Windows in SECONDS
without having local administrator, regardless of your broken Python or
other environment variables. Our open-source script downloads directly
from proper sources without any binaries. While the code may not be
perfect, it includes many useful PowerShell tricks.
Run Android apps and pentest without the adware and malware of BlueStacks or NOX.
Features / Request Core Status RMS:Runtime Mobile Security ✔️ Brida, Burp to Frida bridge ❌ SaftyNet+ Bypass ❌ Burp Suite Pro / CloudFlare UserAgent Workaround-ish ✔️ ZAP Using Burp ✔️ Google Play ✔️ Java ✔️ Android 11 API 30 ✔️ Magisk ✔️ Burp ✔️ Objection ✔️ Root ✔️ Python ✔️ Frida ✔️ Certs ✔️ AUTOMATIC1111 ✔️ AutoGPT ✔️ Bloodhound ✔️ PyCharm ✔️ OracleLinux WSL ✔️ Ubuntu/Olamma WSL ✔️ Postgres No admin ✔️ SillyTavern ✔️ Volatility 3 ✔️ Arduino IDE / Duck2Spark ✔️ Youtube Downloader Yt-dlp ✔️How it works:
Temporarily resets your windows $PATH environment variable to fix any
issues with existing python/java installation
Build a working Python environment in seconds using a tiny 16 meg
nuget.org Python binary and portable PortableGit. Our solution doesn't
require a package manager like Anaconda. I would like to make it even
easier to use but I don't want to spend more time developing it if
nobody is going to use it! Please let me know if you like it and open
bugs/suggestions/feature request etc! You can contact me at https://rmccurdy.com !
Installation/Requirements ( For Android AVD Emulator) :
Local admin just to install Android AVD Driver:
HAXM Intel driver ( https://github.com/intel/haxm )
OR
AMD ( https://github.com/google/android-emulator-hypervisor-driver-for-amd-processors )
Usage:
Put ps1 file in a folder
Rightclick Run with PowerShell
OR
From command prompt
powershell -ExecutionPolicy Bypass -Command "[scriptblock]::Create((Invoke-WebRequest "https://raw.githubusercontent.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy/main/JAMBOREE.ps1").Content).Invoke();" More infomation on bypass Root Detection and SafeNet https://www.droidwin.com/how-to-hide-root-from-apps-via-magisk-denylist/
( Watch the Video Tutorial below it's a 3-5 min process. You only have to setup once. After that it's start burp then start AVD )
Burp/Android Emulator (Video Tutorial )
Update Video with 7minsec Podcast!
name
(Video Tutorial)
name
USB Rubber Ducky Scripts & Payloads Python 3 Arduino DigiSpark
name
Old payloads: https://github.com/hak5/usbrubberducky-payloads/tree/1d3e9be7ba3f80cdb008885fac49be2ba926649d/payloads
PhreakNIC 24: Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE)
https://www.youtube.com/watch?v=R1eu2Ui1ZLU
name
I was inspired by Knightwise's
episode
4109 on future-proofing HPR.
I agree with many of your criticisms, but I'm not sure that a marketing
strategy is the best way forward. Many of the most successful and
sustainable businesses and organizations have been built on
word-of-mouth.
For example I heard of Google, Zoom, Gmail, Facebook, Slack, Twitter,
Discord, etc from my IRL friends and coworkers rather than from a
marketing message. And most of the open source communities I'm a part of
(Linux, Python, Firefox, Hugging Face, etc) are successful precisely
because their success is not subject to a BigTech algorithm or
exploitative terms-and-conditions.
Most open source projects are able to build community much by actively
resisting the temptation to create a marketing message or social media
campaign and instead focusing on the authenticity and quality of their
"product" and catering to their contributors' and users niche needs and
sensibilities.
My FOSS podcatcher Antennapod,
automatically skips the intro. I had to rewind in order to hear the
episode number and host username in order to compose my reply.
And I have trouble engaging with the comments interface on the HPR
site.
I wasn't even aware of comments on my previous episodes and once I did
learn of it I found it easier to reply on Mastodon rather than on the
HPR website.
As a community, I think we take it on faith that there is a place in the
world for people like us that just want to share ideas, unmediated by
shadow-banning, rug-pulling corporations and attention-hacking
algorithms. I want to have a conversation with thoughtful people. I
don't want to be engaged or monetized or exploited
In the last episode we looked at how JSON data is structured and saw how jq could be used to format and print this type of data.
In this episode we'll visit a few of the options to the jq command and then start on the filters written in the jq language.
In general the jq command is invoked thus:
jq [options...] filter [files...]It can be given data in files or sent to it via the STDIN (standard in) channel. We saw data being sent this way in the last episode, having been downloaded by curl.
There are many options to the command, and these are listed in the manual page and in the online manual. We will look at a few of them here:
--help or -hOutput the jq help and exit with zero.
-f filename or --from-file filenameRead filter from the file rather than from a command line, like awk´s -f option. You can also use ´#´ to make comments in the file.
--compact-output or -cBy default, jq pretty-prints JSON output. Using this option will result in more compact output by instead putting each JSON object on a single line.
--color-output or -C and --monochrome-output or -MBy default, jq outputs colored JSON if writing to a terminal. You can force it to produce color even if writing to a pipe or a file using -C, and disable color with -M.
--tabUse a tab for each indentation level instead of two spaces.
--indent nUse the given number of spaces (no more than 7) for indentation.
The -C option is useful when printing output to the less command with the colours that jq normally generates. Use this:
jq -C '.' file.json | less -RThe -R option to less allows colour escape sequences to pass through.
Do not do what I did recently. Accidentally leaving the -C option on the command caused formatted.json to contain all the escape codes used to colour the output:
$ jq -C '.' file.json > formatted.jsonThis is why jq normally only generates coloured output when writing to the terminal.
As we saw in the last episode JSON can contain arrays and objects. Arrays are enclosed in square brackets and their elements can be any of the data types we saw last time. So, arrays of arrays, arrays of objects, and arrays of both of these are all possible.
Objects contain collections of keyed items where the keys are strings of various types and the values they are associated with can be any of the data types.
Simple arrays:
[1,2,3] [1,2,3,[4,5,6]] ["Hacker","Public","Radio"] ["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"]Simple object:
{ "name": "Hacker Public Radio", "type": "podcast"}This more complex object was generated by the Random User Generator API. It is a subset of what can be obtained from this site.
{ "gender": "female", "name": { "title": "Mrs", "first": "Jenny", "last": "Silva" }, "dob": { "date": "1950-01-03T21:38:19.583Z", "age": 74 }, "nat": "GB" }This one comes from the file countries.json from the Github project mledoze/countries. It is a subset of the entry for Mexico.
{ "name": { "common": "Mexico", "official": "United Mexican States", "native": { "spa": { "official": "Estados Unidos Mexicanos", "common": "México" } } }, "capital": [ "Mexico City" ], "borders": [ "BLZ", "GTM", "USA" ] }This is the simplest filter which we already encountered in episode 1: '.'. It takes its input and produces the same value as output. Since the default action is to pretty-print the output it formats the data:
$ echo '["Hacker","Public","Radio"]' | jq . [ "Hacker", "Public", "Radio" ]Notice that the filter is not enclosed in quotes in this example. This is usually fine for the simplest filters which don't contain any characters which are of significance to the shell. It's probably a good idea to always use (single) quotes however.
There may be considerations regarding how jq handles numbers. Consult the jq documentation for details.
This form of filter refers to object keys. A particular key is usually referenced with a full-stop followed by the name of the key.
In the HPR statistics data there is a top-level key "hosts" which refers to the number of currently registered hosts. This can be obtained thus (assuming the JSON is in the file stats.json):
$ jq '.hosts' stats.json 357The statistics file contains a key 'stats_generated' which marks a Unix time value (seconds since the Unix Epoch 1970-01-01). This can be decoded on the command line like this:
$ date -d "@$(jq '.stats_generated' stats.json)" +'%F %T' 2024-04-18 15:30:07Here the '-d' option to date provides the date to print, and if it begins with a '@' character it's interpreted as seconds since the Epoch. Note that the result is in my local time zone which is currently UTC + 0100 (aka BST).
Using object keys in this way only works if the keys contain only ASCII characters and underscores and don't start with a digit. To use other characters it's necessary to enclose the key in double quotes or square brackets and double quotes. So, assuming the key we used earlier had been altered to 'stats-generated' we could use either of these expressions:
."stats-generated" .["stats-generated"]Of course, the .[<string>] form is valid in all contexts. Here <string> represents a JSON string in double quotes. The jq documentation refers to this as an Object Index.
What if you want the next_free value discussed in the last episode (number of shows until the next free slot)? Just typing the following will not work:
$ jq '.next_free' stats.json nullThis is showing that there is no key next_free at the top level of the object, the key we want is in the object with the key slot.
If you request the slot key this will happen:
$ jq '.slot' stats.json { "next_free": 8, "no_media": 0 }Here an object has been returned, but we actually want the value within it, as we know.
This is where we can chain filters like this:
$ jq '.slot | .next_free' stats.json 8The pipe symbol causes the result of the first filter to be passed to the second filter. Note that the pipe here is not the same as the Unix pipe, although it looks the same
There is a shorthand way of doing this "chaining":
$ jq '.slot.next_free' stats.json 8This is a bit like a file system path, and makes the extraction of desired data easier to visualise and therefore quite straightforward, I think.
We have seen the object index filter .[<string>] where <string> represents a key in the object we are working with.
It makes sense for array indexing to be .[<number>] where <number> represents an integer starting at zero, or a negative integer. The meaning of the negative number is to count backwards from the last element of the array (which is -1).
So, some examples might be:
$ echo '["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"]' | jq '.[1]' "Monday" $ echo '["Sun","Mon","Tue","Wed","Thu","Fri","Sat"]' | jq '.[-1]' "Sat" $ echo '[1, 2, 3, [4, 5, 6]]' | jq '.[-1]' [ 4, 5, 6 ]We will look at more of the basic filters in the next episode.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Some stuff I use to help make APIs
https://github.com/freeload101/Python/blob/master/Python_Includes_RMcCurdy.py
JAMBOREE.rmccurdy.com for burp suite. Have I done a podcast on JAMBOREE? I must have... If not I will
Welcome to our new host:
Dave Hingley.
These are comments which have been made during the past month, either to shows released during the month or to past shows. There are 21 comments in total.
There are 2 comments on 2 previous shows:
There are 19 comments on 10 of this month's shows:
With the kind permission of LWN.net we are linking to The LWN.net Community Calendar.
Quoting the site:
This is the LWN.net community event calendar, where we track events of interest to people using and developing Linux and free software. Clicking on individual events will take you to the appropriate web page.We received the sad news that fellow podcaster and host of the Open Metal Cast, Craig Maloney passed away.
This starts our look at the details of playing Civilization III. In this episode we look at the Early game, which sets the stage for everything that follows. Then we look at Revenue and Resources.
This will probably be one I'll get a lot of comments on, but I've looked at the marketing proposition of HPR in light of some of the challenges we face. To prevent us dipping into the reserve queue and seeing a slow but steady decline in both audience and hosts.. Maybe its time to give HPR a bit of a makeover.
Your feedback is valuable to us. Should you encounter any bugs, glitches, lack of functionality or other problems, please email us on [email protected] or join Moon.FM Telegram Group where you can talk directly to the dev team who are happy to answer any queries.