For a student project, we're working on connecting a Bluetooth LE device (that both transmits and receives) to an iPhone or iPad in order to read data from it to display to the user in realtime. We have proof that this is doable by the company that made the device and we've actually managed to get a connection and get some data.. however it pings every 5-10 seconds and seems to be a random subset of numbers with minimal changes after changing something on the device which is making us none the wiser.
Now, of course, we went to the company that made the device and app first and we do have approval for us to use their hardware, but haven't been able to get a SDK / API from them to use with the application. So, our plan is to make our own way through it and find what we need.
This is where we're getting stuck. We have the following:
Connection based on Name or Bluetooth Device Address
Scan services (and cascading scan in case the services have services within them as specified in the CoreBluetooth documentation)
Read Characteristics from said services.
Decrypt value into 8bit UInt so we get some actual readable data.
This is an example of what we've got with the value still as it comes in.
Service: 0x1c0476440, is Primary = yes. UUID: 058d0001-ca72-4c8b-8084-25e049936b31
value <53636da1 7a616c74 73616c74 73616c74 73616c27>
Now, looking at this all, I presume the service here is some kind of 'staying alive' ping and it's giving some auxiliary info about the device's current state.
The question we have then boils down to this:
How can we further 'explore' the device? We don't seem to be getting any additional output aside from this however looking in the device manager from windows we get a couple of hits that look like this (Example):
{058d0001-ca72-4c8b-8084-25e049936b31}[6]
Which have values in either a hexidecimal value, boolean or datetime without clear identifiers. Is there a way for us to send a message to the device to change the value in that uuid using Swift, or is this impossible?
While solved now, I'm not accepting this as the answer. My solution? Try things. Stupid 'Needle in a haybale' things.
I changed the uuid from 058d0001-ca72-4c8b-8084-25e049936b31 to 058d0002-ca72-4c8b-8084-25e049936b31
and voila. I could do more. I tried 3, and again, a new result and a working data stream...
#Paulw11's comment is also a good way to solve this issue we found out.
Related
So the title sounds stupid. I'm not really sure how to really word it, but I want someone to help guide me on what to look for. Little back story first so I'm working on a Raspberry Pi project that involves using an LTE service currently I have a dashboard running on a AWS EC2 web server with a simple user working user login.
I have a raspberry pi that is directly pointed to the dashboard/account via an IP address. I want to know how to do something like giving a device an ID and having it connect to an account. So for example with Nest products you have the QR code on the camera you take a photo and that devices get applied to your account.
Is this even possible with Raspberry Pi(I'm sure anything possible, but is it feasible? If so what should I look into or learn how to do such thing. I know its not something that can be answered in a short paragraph just looking for some guidance.
Right, thanks. Well, I think you need to program this into the pi server app. So currently your Pi is reading a sensor and sending this data to the web server, right? I suppose you have a daemon running, taking readings, and doing an API REST call to the server backend, correct? So what you want is to have a unique code for each pi, sent with the API call, and then on your DB server side,you store all readings related to their unique code.
You don't need to pre-validate this code, there are GUID generators that will create a number for you, guaranteed to be unique for all eternity, so on the PI, you set it up once, to create the PI's code, and use it from then on. Now, server side, then associating a device with a user is a matter of choosing the data associated with a given gui. And I think that covers it.
You can improve on this basic idea by giving it more thought, but I think it's a good starting point! Do let me know if I can help you with anything else!
I have a lobby in which I want the users to be in sync. So when a user turns off his internet while the app is running, he should be removed. I know Firebase does not support server side coding, so the coding needs to be client side. The answers from How to delete firebase data after "n" days and Delete firebase data older than 2 hours do not answer this question since they expect that the user is online and they have an internet connection. So my question is if is possible to delete users when they got no internet? I thought maybe it is an idea to let the users update a value every 5 seconds, and when that update is not done, the other users in that lobby remove the player. This way is not good, since every player needs to retrieve and upload alot of data every 5 seconds. What is the best way to solve this?
Edit: to make it short, lets say each user has an image. The image should be green when the user is connected, and grey when disconnected.
Edit 2: after thinking it over, it is really hard to accurate present the connected users on a client-side server. That is why, if nobody has a different solution, I should add another server which can execute server-side codes. Because of the larges amount of servers, I would like to know which server I should use. The server should run a simple function which only checks if the users are connected or disconnected and can communicate with Firebase. If I am correct it should look like this:
But the server also needs to communicate with the users directly. I have absoluty no idea where to start.
If I'm not completely wrong, you should be able to use onDisconnect.
From the Firebase, documentation:
How onDisconnect:Works:
When an onDisconnect() operation is established, it lives on the Firebase Realtime Database server. The server checks security to make sure the user can perform the write event requested, and informs the client if it is invalid. The server then monitors the connection. If at any point it times out, or is actively closed by the client, the server checks security a second time (to make sure the operation is still valid) and then invokes the event.
In app in production I'm using onDisconnectRemoveValue, and when I close the app, the user removes himself from the lobby. Not sure how it works when you turn the device in airplane mode, but from the documentation it seems there should be no problem.
One thing: when you test it better do it on real device, the simulator have issues with turning it off and on, at least the on I have installed.
Edit: So i checked the onDisconnect when you put the device on airplane mode and it works! The question is, that it removes the user in about a 1:30 min, approximately, so if you read the documentation or ask the support, you may be (and only may be) able to find a way to set the time you want.
For various reasons I need to get from the iPhone the current date and time that can't be meddled with by the user. Yes, I've seen how one can check a server (e.g., here), but that's not invulnerable to tampering if you take a moment to reflect.
There are two knee-jerk reactions I'm expecting to hear:
Use the GPS time.
It can't be done.
In answer to another question, I've described my researches into this matter. To summarize them:
The GPS time shifts with the user-defined settings.
The iPhone definitely has an internal tamper-proof time and date, as shown when date-time reverts after Set Automatically in Settings > General > Time & Date is turned back to on even in a fallout shelter.
What I want to know is how to access this tamper-proof time.
Edit
Just to be clear, the server-based solution is not suitable. For one, it could be faked. For another, the app needs to work without a network connection.
Assuming you always have Internet available, you could implement a class or object that connects to a remote Network Time Protocol server.
Here's an open source GitHub project that should get you started, and the related StackOverflow question I found it at.
Okay, I want to have an app that takes phone numbers from an online database and displays them in a table view. When the user is not online, I want them to still be able to see the numbers they already got from the database in the table view. If the user manages to go back online, the database updates the view. My question is, is this possible to do and if so, what's the best way to approach it? (bit of a newbie, please help me out)
There are many ways to do what you are asking, depending on the complexity of what you are after.
Could I suggest the following steps (I'm not sure which ones you can do, and which ones you are having trouble with).
Connect to the server and retrieve the list of phone numbers
If the database has a web server front end this might be as simple as sending a get request to the server (see NSURLConnection) and parsing the result. Otherwise you will need to know/tell us what type database you are using.
Store the phone numbers on the device
Use SQLite to store the numbers on the device (See iPhone SQLite Resources)
Check for internet connectivity
Periodically check for internet connectivity, and if a specific time has elapsed since you last polled the server, retry. (See Checking iPhone internet connectivity)
Although you’re probably looking for a native app solution, you can also do this with a web app.
http://diveintohtml5.ep.io/offline.html
I am a new developer iPhone developer, "learning" to be precise. I came across the useful NSUserDefaults (a dictionary in which you can store/restore state even after your application relaunches). Problem with this dictionary will be memory in your case. NSUserDefaults is sort of global to all applications and yours may spoil the show for other innocent applications (like Weather :D ).
To work around this, you can have your application declare a property list file where you store a few numbers (best practise would be the most recent but you can use any selector of choice). Look for an appropriate time in your run loop to store these numbers into your property file and load them when the application starts.
I'm working on a game for the iPhone and would like it to be able to submit scores back to the server. Simple enough, but I want the scores to be verified to actually come from a game-play. With the (defacto) prohibition on real crypto with the export conditions, what would be the best way to get information back in a secure/verified channel?
All my thoughts lead back to an RSA-style digital signature algorithm, but would prefer something less "crypto" to get past that export question.
Thanks!
Couldn't you just use a client certificate (signed by you) and establish an HTTPS connection to your server, which has been configured to only accept connections begun with a client certificate signed by you?
To make a long story very short, you're allowed to export digital signature code with very few restrictions. To learn more, start at the BIS export FAQ.
You probably want to look at EAR 742.15(b)3, which covers the digital signature exemptions.
Of course, I Am Not A Lawyer, and the rules may have changed in the last year.
Using real crypto won't actually buy you anything here. You basically have the reverse of the typical DRM problem. In that case, you want to prevent people from decrypting content, but they have to decrypt it to watch it, so you have to give them to key anyway.
In your case, you want to prevent people from signing fake scores, but they have to be able to sign real scores, so you have to give them the key anyway.
All you need to do is make sure your scheme requires more effort to crack than the potential rewards. Since we're talking about a game leader board, the stakes are not that high. Make it so that someone using tcpdump won't figure it out too quickly, and you should be fine. If your server is smart enough to detect "experimentation" (a lot of failed submissions from one source) you will be safer than relying on any cryptographic algorithm.
generate a random, something fairly long, then tack the score to the end, and maybe the name or something else static, then sha1/md5 it, and pass both to the server, verify that the random hashes, to be equal to the hash.
After-thought: If you want to make it harder to reverse engenier, then multiply your random by the numerical representation of the day (monday=1, tuesday=2,...)
One idea that might be Good Enough:
Let Secret1, Secret2, Secret3 be any random strings.
Let DeviceID be the iPhone's unique device ID.
Let Hash(Foo + Bar) mean I concatenate Foo and Bar and then compute a hash.
Then:
The first time the app talks to the server, it makes a request for a DevicePassword. iPhone sends: DeviceID, Hash(DeviceID + Secret1)
The server uses Secret1 to verify the request came from the app. If so, it generates a DevicePassword and saves the association between DeviceID and DevicePassword on the server.
The server replies: DevicePassword, Hash(DevicePassword + Secret2)
The app uses Secret2 to verify that the password came from the server. If so, it saves it.
To submit a score, iPhone sends: DeviceID, Score, Hash(Score + DevicePassword + Secret3)
The server verifies using Secret3 and the DevicePassword.
The advantage of the DevicePassword is that each device effectively has a unique secret, and if I didn't know that it would make it harder to determine the secret by packet sniffing the submitted scores.
Also, in normal cases the app should only request a DevicePassword once per install, so you could easily identify suspicious requests for a DevicePassword or simply limit it to once per day.
Disclaimer: This solution is off the top of my head, so I can't guarantee there isn't a major flaw in this scheme.