## burp suite – Needing help intercepting local SSL traffic on a difficult Android app

I’m trying to intercept traffic from an Andriod app.

I’ve forwarded ports 80, 443, 6699 and 6698 on Kali to a listener port and set up arp-spoofing. I’m using BurpSuite on the same computer to listen and intercept (invisible proxy).

Certificates have been installed properly on both host and device and are working for all traffic except the app I’m interested in.

Using Frida I’ve tried various SSL pinning bypass scripts (the most popular) and none have been successful, Burp continues to report a TLS fatal exception ca_unknown and the app’s function remains restricted.

The app in question is a ISP router companion app, you use it to get live information about the internet connection and can use it to change settings on the router. The traffic is local, using TCP port 6699 but can also use 6698.

Are there any clues I can look for in the apk which may point me towards the SSL methods being employed by the app? I’ve had a look and can see directories for OKHTTP3 and BouncyCastle.

The parts of the app that communicate remotely (cloud API calls) can be intercepted without issue.

Could the problem be something entirely different than SSL pinning given this particular issue is solely based on local communication? My train of thought being, why employ SSL pinning for traffic that’ll only ever be local?

## Needing help intercepting local SSL traffic on a difficult Android app (Kali) (Arp-spoofing) (BurpSuite) (Frida)

I’m trying to intercept traffic from an Andriod app.

I’ve forwarded ports 80, 443, 6699 and 6698 on Kali to a listener port and set up arp-spoofing. I’m using BurpSuite on the same computer to listen and intercept (invisible proxy).

Certificates have been installed properly on both host and device and are working for all traffic except the app I’m interested in.

Using Frida I’ve tried various SSL pinning bypass scripts (the most popular) and none have been successful, Burp continues to report a TLS fatal exception ca_unknown and the app’s function remains restricted.

The app in question is a ISP router companion app, you use it to get live information about the internet connection and can use it to change settings on the router. The traffic is local, using TCP port 6699 but can also use 6698.

Are there any clues I can look for in the apk which may point me towards the SSL methods being employed by the app? I’ve had a look and can see directories for OKHTTP3 and BouncyCastle.

The parts of the app that communicate remotely (cloud API calls) can be intercepted without issue.

Could the problem be something entirely different than SSL pinning given this particular issue is solely based on local communication? My train of thought being, why employ SSL pinning for traffic that’ll only ever be local?

Find a+b+c where a,b and c are postive integers

## statistics – Dice mechanic that handles very easy and very difficult tasks

I’ve always liked the Ars Magica stress dice mechanic.

Roll a d10 – a zero indicates a potential problem, a one doubles the next roll (where a subsequent 0 is a 10) and anything else is the value given.

If a zero is rolled, you then get to roll a number of botch dice according to how risky the action was, a single die if it was not particularly risky, up to dozens or more (botching a casting roll in a divine aura when using raw vis to boost your spell casting *8′). If a botch die comes up zero, something has gone badly wrong – the character has actually botched. If you rolled more than one botch dice and more than one of them came up zero multiple zero’s you have the potential for a double botch or triple botch etc. which allow for more extreme failures. If non of the botch dice come up zero, then you’ve been lucky and you just got a zero on the roll – which may still be enough to succeed if your stat/skill is high enough.

It doesn’t have the ugly discontinuities that the shadow-run exploding dice mechanic has (what use is difficulty 6?), it allows botches to be 1 in a 100 or worse depending on risk and very occasionally allows really quite awesome rolls (one time in 10,000 you could roll 80 with the sequence 1,1,1,10).

It also leads to the amusing “Yes! Going up!” only to be followed by “Oh, only to 4” moments later.

Ars also has the concepts of simple and quality dice. Simple dice are just a straight 1-10 roll, for un-stressful situations where there is no chance of a catastrophic failure, but no chance of an exceptional success either. Quality dice rolls are the best kind. These rare beasts are for situations where there is no chance of a botch, but a small chance of things going exceptionally well.

The combination of these three basic dice mechanics provides a rich set of options for the Ars Magica GM to call upon to randomise outcomes.

Ars also has lovely rules for long term development. Want to research a level 30 spell but only have a lab total of 32, then that will take you 15 seasons (3.75 years) of downtime†, so it would be better to spend a few seasons studying your arts to bring your lab total up to 38 and then you can complete the research in 4 seasons‡. †2 (32-30) and ‡ 8 (38-30) points per season towards the 30 points required.

If you want, you could allow rolls to be re-rolled with whatever PC luck mechanic you use (Fate points in Warhammer, confidence in Ars, possibilities in Torg etc.). Each re-roll you allow makes it 10x less likely that characters are will botch and gives the players the chance to decide whether they use up that re-roll on the easy, but unlucky roll, or save it for an important roll later.

## difficulty – What does it mean to make mining more difficult?

Really I don’t know nothing about bitcoin but now I got curious read something and immediately come to something on mind.

I mean, there’s a social economic comunity somewhere generating value based on the transactions registered, but as they’re cheap and bitcoin wants to add value it adds some senseless? dificulty.

By the other way there’s a full community of scientists and mathematicians fighting for devealing mysteries of nature and knowledge, but most often they don’t have the economic resources for their task, hence there’s a lot of simulations and sequances to solve and here we have a lot of people wasting non renovable resources adding up to climate change doing useless calculations just to generate esteemed value.

Do you see the equation here? If the difficulty added be practical intead of needed, bitcoin would be based on real value, even the mayor value of all that is knowledge.

So Instead of do nothing in order to increase value why not solve some practical mathemathical sequence or do x simulation of some deterministic experiment and share the results with science?

Or am I being the idiot that believes that the world has solution with a naif approach?

## integration – Difficult logarithmic integral: \$int_0^Lambda r^{d – 1}log(1 + asqrt{r^2 + m_1^2} + bsqrt{r^2 + m_2^2}) dr\$

I’m working on QFT’s, and encountered the following integral
begin{equation} begin{aligned} I = int_0^Lambda r^{d – 1}log(1 + asqrt{r^2 + m_1^2} + bsqrt{r^2 + m_2^2}) dr , end{aligned} end{equation}
where $$a, b, m_1, m_2$$ are real, non-zero parameters all different from each other, and $$Lambda > 1$$. (I expect the integral to be divergent in the $$Lambdarightarrowinfty$$ limit.) I’m wondering if anyone here can help me perform this integration. I believe it might be useful to differentiate w.r.t. $$a$$
begin{equation} begin{aligned} frac{partial I}{partial a} = int_0^Lambda frac{r^{d – 1}sqrt{r^2 + m_1^2}}{1 + asqrt{r^2 + m_1^2} + bsqrt{r^2 + m_2^2}} dr . end{aligned} end{equation}
I tried to do these integrations in Mathematica, but it wasn’t able to do it. That said, if you know a program that can do these integrals that’s good enough. Moreover, finding a primitive function is probably also good enough.

I’m grateful for any help!

## why is granting ALL permissions and privileges to a new role/user for a new database difficult with postgresql?

With mysql and am sure countless other database softwares, it is pretty easy to create a new database, create a new user and grant that user to own and be able to do everything on that database

this is NOT the case with postgresql
Every time i am about to create a new database and user on postgresql it is a such a pain to think about because i KNOW i will come across head ache again

Why is postgresql such a pain with uses and database and allowing a user to own a database so the user/role has all permissions

It is crazy to always be getting errors like

``````permission denied for table sites
``````

How can one create a new database, new user with password and grant ownership of the new database to that new user so the user/role can do EVERY and ANYTHING on that new database? what commands to achieve all these? for postgresql?

Thanks!

## calculus and analysis – Algorithmically imposing a substitution in a difficult integral

Consider the following integral:

$$I = frac{1}{pi c^2} intlimits_{r=0}^c 2 pi r e^{-frac{ left( sqrt{a^2 – r^2} -sqrt{b^2 – r^2} right)}{lambda}} dr$$

under the conditions $$a>b>c>0$$ and $$lambda > 0$$ are all in $$mathbb{R}$$.

This problem is too difficult for Mathematica (v. 11.3) to solve directly:

``````Assuming(a > b > c > 0 && (Lambda) > 0,
1/((Pi) c^2) Integrate(
2 (Pi) r Exp(- (Sqrt(a^2 - r^2) - Sqrt(b^2 - r^2))/(Lambda)),
{r, 0, c})
)
``````

However, if one makes the substitution $$k = sqrt{a^2 – r^2} – sqrt{b^2 – r^2}$$, then one gets the following integral:

$$frac{2}{c^2} intlimits_{k = a – b}^{sqrt{a^2 – c^2} – sqrt{b^2 – c^2}} left( frac{(a^2 – b^2)^2}{k^3} – k right) e^{-k/lambda} dk$$

This integral can be broken up and solved analytically, where Mathematica employs the

$$E_q (x) – intlimits_1^infty frac{e^{-x t}}{t^q} dt$$

which Mathematica implements as `ExpIntegralE(q,x)`.

I accept that finding this $$k$$ substitution requires “intelligence” that Mathematica does not yet have. But assume the user has this insight and wants to give it as a hint or condition to Mathematica. Hence the core of my question:

Question

In the integral for $$I$$, defined above, how would the user impose the $$k$$ substitution as a “hint” and have Mathematica perform all the substitutions (including differentials and limits) and produce an analytic solution for $$I$$?

## vanitygen – How do extremely difficult vanity addresses get found in the first place?

Funds are spendable by public keys and addresses contain public key hashes. Vanity addresses are created by hashing lots of public keys until the hash is in an expected range. What you mentioned is an example of a burn address, not a vanity address. Burn addresses are crafted by manually editing the public key hash with a specific the corresponding address in mind. Burn addresses do have corresponding public key(s), but since we it is impossible to find the public key from the public key hash, burn addresses cannot spend their funds. They are similar to addresses whose owners mistakenly deleted their wallets, where the funds are in a locked state.

The last digits of burn addresses is random is because addresses also contain a checksum which is the hash of everything else encoded in the address.

## It depends on the party’s make up

(*Based on the original question, location 12)
The party I DM’d for in that one handled it pretty well. Here’s the line up:
1 Barbarian, Bear Totem
1 Sorcerer, Shadow Magic
1 Druid, Shepherd
1 Artificer, Artillerist
1 Monk, Drunken Master

Tactical Points: artificer’s protector canon was up, and the Monk Stunned the

minotaur statue {aside, the monk was wearing the medallion, not sure if that is the plot hook that you are referring to, I suspect that it is)

twice. They had just dealt with

a bunch of traps

and were not at full resources, but they also were not at the end of their rope either. IMO, the stun was a significant difficulty mitigation. If your party fights well as a team, they’ll probably handle it unless the dice hate them.

### No, it’s not overpowered for your party of 6 PCs.

As you noted in a comment, the adjusted XP is 7300 for 5 in area 12, but since the party has 6 party members, it’s 5475 adjusted XP; between hard (4500) and deadly (6600) for 6 fifth level PCs.

For location 11, they dealt with it in a non combat manner. Also, since your party has six PCs, per the DMG and the Basic Rules

If the party contains six or more characters, use the next lowest
multiplier on the table.

you use a 1.5 rather than a 2.0 multiplier. The 5400 ajusted XP puts it between ‘hard’ and ‘deadly’. In my experience, the addition of that sixth party member is a significant benefit to any party. (I have a memory of hearing that the encounter math in the DMG is based on a 4 PC party, as an estimate, I can’t find where I had heard that. I have even found that with a fifth member in a party the extra ability to do a thing or two during a round can make a substantial difference unless, as above, the dice hate the party during that encounter … )

### The adjusted XP method is for estimates, and has soft edges

A few points:

1. using the d20 system is by it’s very nature ‘swingy’ – if you miss
that hold person save the burst of damage that can hit your
character really spikes.

2. Some party combinations are better than others (Example: in area 11, if the party has a cleric there are some abilities that mitigate the numbers better than if the party has no cleric).

3. Some players are a lot better at applying synergistic effects and party combinations than others.

Use those numbers as a ‘best estimate’ rather than ‘this is written in stone’ for your encounter assessments and creation.