Monday, June 25, 2012

Python: Glide, instead of move, mouse cursor from one point to another

I couldn't find a function in pywin32 to smoothly glide a pointer from one point to another, instead of simply "moving" the cursor by making it jump from its current position to a given position.  I needed a way to make the mouse sort of "glide" from point A to point B at a seemingly natural pace, so here's my solution:

import time
import win32api

MOUSE_SPEED = .4 #seconds

def mouse_glide_to(x,y):
    """Smooth glides mouse from current position to point x,y with default timing and speed"""
    x1,y1 = win32api.GetCursorPos()
    smooth_glide_mouse(x1,y1, x, y, MOUSE_SPEED)

def smooth_glide_mouse(x1,y1,x2,y2, t, intervals):
    """Smoothly glides mouse from x1,y1, to x2,y2 in time t using intervals amount of intervals"""
    distance_x = x2-x1
    distance_y = y2-y1
    for n in range(0, intervals+1):
        move_mouse(x1 + n * (distance_x/intervals), y1 + n * (distance_y/intervals))

def move_mouse(x, y):
mouse_glide_to(x,y) will move the cursor from its current position to point (x,y) in MOUSE_SPEED seconds. It works perfectly!

Saturday, June 23, 2012

Road Runner (SMC Networks) routers - practically NO security

Upon registering for Time Warner's Road Runner internet service, customers are offered a router manufactured by SMC Networks.  The router ships with WEP encryption enabled by default, using a 128-bit key based on its MAC address.   While WEP encryption is already the most insecure form of wireless encryption out there,  SMC Networks amplifies this weakness further by not generating a random WEP key; something which a home user almost never changes unless forced to do so during first time installation, whether it is because he or she is ignorant about the risks of a vulnerable network, or because he or she simply doesn't know how to or care enough to change it.  While a randomly generated WEP key can be defeated just as easily as any other, the default encryption key for these routers is trivial and can be determined just by spotting it in a regular AP (Access Point) scan of the area.

The encryption key can be discovered in seconds, without the need for conventional wireless cracking tools such as the aircrack-ng suite. These routers effectively have no security whatsoever, as even the most tech-challenged of computer users can break into them.  From there, the users of the network are vulnerable to all kinds of harm, ranging from innocent piggy-backing to malware and identity theft.

In under a minute, one can find the key using only the router's wireless network name (SSID) and its wireless MAC address (BSSID).  These routers stick out like a sore thumb because their SSIDs are simply 4 hex characters (e.g. 'D78A') and their MAC addresses typically begin with 00:26:F3, 00:22:2D, or 78:CD:8E (OUI). 

Here's how:

In this example, let's assume we see a router whose SSID is '4B5F' and whose wireless MAC address is 00:26:F3:73:4B:52. The WEP key is generated in this format:

[first 10 characters of MAC] + [last two characters of SSID] + 14 0's

Following this format, we take the first 10 hex digits (or first 5 octets) of the MAC address, which we can easily find when performing a normal everyday wireless scan in Windows or OS X: "00:26:F3:73:4B", append the last two digits of the SSID: "5F", and tack on 14 0's to form the router's 128-bit encryption key:


Knowing this, any joe-shmo can "hack" into an Road Runner SMC-Networks router with just a smartphone and optionally a pen and paper.  I would highly recommend that either SMC Networks or Road Runner move on to WPA2 encryption in their new routers and attempt to update these routers to use WPA2.  New Verizon FiOS Actiontec routers come factory default with WPA2 enabled with a randomly generated 32 character string and WPS disabled; they could learn something from Verizon!

EDIT: Apparently, the insecurity of these routers was already covered in an article from 2009; it's sad to see nothing has been done about it since then!  
"However, the Time Warner devices come pre-configured and locked, with URL blocking being the only feature available to the customer through the web administration interface."
According to the article, the router's web administration is locked and the home user cannot change the encryption scheme nor the encryption key, even if he or she wanted to.  This is definitely a huge issue.  

Python: Calculating the average color of an area of an image (PIL)

Here's a snippet of code I whipped up in Python to calculate the the average color of a square shaped area of an image.  I used the Python Imaging Library (PIL) to load the image, so be sure to have it available if you're using this.

import Image

def get_average_color((x,y), n, image):
    """ Returns a 3-tuple containing the RGB value of the average color of the
    given square bounded area of length = n whose origin (top left corner) 
    is (x, y) in the given image"""

    r, g, b = 0, 0, 0
    count = 0
    for s in range(x, x+n+1):
        for t in range(y, y+n+1):
            pixlr, pixlg, pixlb = image[s, t]
            r += pixlr
            g += pixlg
            b += pixlb
            count += 1
    return ((r/count), (g/count), (b/count))

image ='test.png').load()
r, g, b = get_average_color((24,290), 50, image)
print r,g,b

This is great for detecting the color of an area of an animated and constantly changing game screen, where finding the color of a single pixel may not be accurate enough for your needs.