pdfcrack can find the numeric password of my bank pdf file credit-card bill in less than 1 second

Every month my bank sends me a PDF file with all my credit card expenses. Then normally I save these files. Today I tried to open an old file (more than 3 years), but I cannot recall the 4 numeric digits to open it.

Then I decided to use the pdfcrack tool to help me on this.

First, this file password is only 4 digits based on the credit card number:

xxxx xxxx XXXX xxxx

I can to instruct pdfcrack to only use numeric characters to test the password, passing “-c 0123456789”. Also because the password is 4 digit fixed I need to instruct pdfcrack to avoid testing password lesser than 4 chars using “-n 4”.

So that is it:

$ pdfcrack -f filepass.pdf -c 0123456789 -n 4

PDF version 1.4
Security Handler: Standard
V: 2
R: 3
P: -4
Length: 128
Encrypted Metadata: True
FileID: ddcb8e715b3c7347822d9548344a5964
U: ae718555d827f01765d0da553e9675e228bf4e5e4e758a4164004e56fffa0108
O: f86379060fbc201da762108dcdfe7846d1625dae9b9422e8d8fa7687eee97d05
found user-password: '7867'

I just pressed <ENTER> and it returned the password! Incredible!!!

Reference: http://www.cyberciti.biz/tips/linux-howto-crack-recover-pdf-file-password.html

Flashing firmware with OpenOCD without using telnet

Normally I use OpenOCD to flash firmware on my microcontrollers, but always use telnet to connect to openocd server in the port 4444.

Today I realized it is not necessary to use telnet to flash the firmware, I can do it from command line:

$ sudo openocd -f openocd_stm32f1.cfg -c init -c "reset halt" -c "flash write_image erase nuttx.bin 0x08000000"

I used this command to flash the nuttx.bin firmware on STM32F103 Minimum board. This is the “openocd_stm32f1.cfg” config file content:

# STM32F103Minimum Board

# Using stlink as SWD programmer
source [find interface/stlink-v2.cfg]

# SWD as transport
transport select hla_swd

# Use STM32F103C8 target
set WORKAREASIZE 0x4000
source [find target/stm32f103c8t6.cfg]

MC900 Mini Camera AV-in JACK Pinout

I bought a MC900 Mini CCTV Camera from DealExtreme two years ago and never got the chance to test it. Then today finally I decided to test it.

Unfortunately the single page manual that came with it is really bad. There are description about two models: MC900 with just the camera sensor and two small boards exposed and MC900D a complete enclosured camera box. The later was the model I bought.

My model came with an AV 3.5mm jack and can be seen here:
http://3rdeye-minicam.en.made-in-china.com/product/gBcJEebFbPWU/China-520tvl-Night-Vision-Mini-CCTV-Video-Camera-with-3-5mm-AV-in-Jack-Mc900.html

After some tests I figured out the correct pinout:

Fortunately the new MC900D-V9 model already come with RCA connector and power supply, but it is big and doesn’t have audio, as you can see here:
http://www.dx.com/p/mc900d-v9-mini-hd-1-3-cmos-cctv-security-surveillance-fpv-camera-black-ntsc-520line-207995#.V7oYfrPiveQ

This camera is small and good for spy application, but it is not color video.

Playing Gorilla.bas tune on NuttX

Now that I submitted the Audio Tone Generator to NuttX mainline I decided to search for some audio tunes to play. Then I searched for the Gorilla.bas game (I used to play this game in a 386 PC when I was child).

I found its source code here: http://telcontar.net/Misc/Gorillas/Gorillas.bas

Looking the source code I found the tune and copy it on NuttX shell:

nsh> echo "t120o1l16b9n0baan0bn0bn0baaan0b9n0baan0b" > /dev/tone0
nsh> echo "o2l16e-9n0e-d-d-n0e-n0e-n0e-d-d-d-n0e-9n0e-d-d-n0e-" > /dev/tone0
nsh> echo "o2l16g-9n0g-een0g-n0g-n0g-eeen0g-9n0g-een0g-" > /dev/tone0
nsh> echo "o2l16b9n0baan0g-n0g-n0g-eeen0o1b9n0baan0b" > /dev/tone0

These QBasic PLAY commands are a “modern” version of MML (Music Macro Language) :
https://en.wikipedia.org/wiki/Music_Macro_Language

Very nice! It worked fine.

Update: Ode to Joy:

nsh> echo "L8eefggfedccdeL6eL16dL4d" > /dev/tone0

Update2: Instead of implementing the QBasic Play I could have implemented the RTTTL monophonic format used on old cellphones: https://www.autoitscript.com/forum/topic/177265-rttl-ringtone-transfer-language-monophonic-ringtones-lib/
More about RTTTL: https://en.wikipedia.org/wiki/Ring_Tone_Transfer_Language

Converting Music to MIDI and MIDI to Note Numbers

I’m trying to create a buzzer tone notes generator to NuttX.

During my searches I discovered that PX4 guys already implemented a buzzer tone alarm, but they did in their way (as a C++ driver instead of a standard NuttX C driver) :
https://github.com/PX4/Firmware/blob/master/src/drivers/stm32/tone_alarm/tone_alarm.cpp

They implemented the music notation used on QBasic PLAY command.

You can find the Note Numbers notation here:
http://cs.nyu.edu/courses/fall03/V22.0201-003/notes.htm

In that table we have the frequency, we can double check it here:
http://newt.phys.unsw.edu.au/music/note/

Now we need to convert MIDI to Note Numbers, it helps:
http://www.electronics.dit.ie/staff/tscarff/Music_technology/midi/midi_note_numbers_for_octaves.htm

Then I found that this guy did something similar, but used the values to AVR timer used on Arduino:
https://github.com/LenShustek/miditones

All I need to do is to convert his program to show Note Numbers instead AVR timer values.

To convert Music to MIDI I use WAON program:
https://sourceforge.net/projects/waon/

Update: Just discovered that miditones has a miditones_scroll that does exactly what I want:

$ miditones -b file
$ miditones_scroll -c file

The file.c will be created with the Note Numbers this way:

//duration    time    gen0  gen1  gen2  gen3  gen4  gen5         bytestream code
/*   11       0.000    5F#   6D#                           0000: */ 0x90,0x4E,0x91,0x57,0x00,0x0B,
/*  186       0.011    5F#   6D#   3B    6A    7C#   7F    0006: */ 0x92,0x3B,0x93,0x5D,0x94,0x61,0x95,0x65,0x00,0xBA,
/*   11       0.197    5F#   6D#   3B    6A    7C#         0010: */ 0x85,0x00,0x0B,

Update2: You can find the MIDI format explanation here: http://www.petesqbsite.com/sections/express/issue18/midifilespart1.html

Adding NuttX repositories as sub-tree to my project repository

Adding nuttx main repository:

$ git remote add my-nuttx https://bitbucket.org/nuttx/nuttx
$ git subtree add --prefix=firmware/nuttx my-nuttx master

Adding apps repository:

$ git remote add my-apps https://bitbucket.org/nuttx/apps 
$ git subtree add --prefix=firmware/apps my-apps master

To update the subtree:

$ git fetch my-nuttx master
$ git subtree pull --prefix firmware/nuttx my-nuttx master

Send my modifications to the project repository:

$ git push origin master

SDCC went from worst STM8 compiler to best in a very short time

I never used STM8 but I’m impressed with this achievement of SDCC compiler.

The ST marketing materials put STM8 Dhrystone performance at 0.29 DMIPS / Mhz.

Commercial compilers as Raisonance achieves 0.289 DMIPS / Mhz, Cosmic achieves 0.296 DMIPS / Mhz and IAR achieves 0.347 DMIPS / Mhz. See benchmark comparison here: http://colecovision.eu/stm8/compilers.shtml

SDCC 3.5.0 achieves 0.151 DMIPS / Mhz and SDCC 3.6.0 achieve 0.167 DMIPS / Mhz.

Now the SDCC in the repository (Revision #9652) outperforms them all at 0.355 DMIPS / Mhz.

If you want to use STM8 on Linux, these links could be useful:
http://embedonix.com/articles/linux/setting-up-development-and-programming-for-stm8-on-linux/
http://www.cnx-software.com/2015/04/13/how-to-program-stm8s-1-board-in-linux/

Source: Philipp Klaus Krause email in the SDCC mailing list “STM8 Dhrystone performance – new record at 0.355 DMIPS / Mhz using SDCC”.