wiki.mbirth.de

All you never wanted to know

View on GitHub
:new: 2008-09-12

OggSync for Windows Mobile

Tested Version: 4.19

OggSync connects to https://oggsync.com/r/r or https://oggsync.com/r/e and sends the entered info (PayPal eMail or Registration Code) along with some other info. You can find these URLs in cleartext Unicode inside the ogsync.exe. The relevant fields of a $_SERVER dump are those:

PayPal: (I entered anon@anon.com as eMail address.)

    [CONTENT_TYPE] => application/x-www-form-urlencoded
    [HTTP_A] => 2008-09-10 3:58 PM
    [HTTP_B] => 419
    [HTTP_C] => 9465c02d-d768-4892-bc4d-45ea13c042dc
    [HTTP_D] => your-gmail@gmail.com
    [HTTP_E] =>
    [HTTP_F] => 9/12/2008 8:03 PM
    [HTTP_G] => 49e744a1-ff3b-40f7-baf0-a96239fa0830
    [HTTP_H] => PayPal
    [HTTP_I] => anon@anon.com
    [HTTP_K] => W. Europe Daylight Time
    [HTTP_L] =>
    [HTTP_M] => mobile
    [CONTENT_LENGTH] => 22
    [HTTP_CONNECTION] => Close
    [HTTP_EXPECT] => 100-continue

Registration Code: (The 12345 is the code I entered.)

    [CONTENT_TYPE] => application/x-www-form-urlencoded
    [HTTP_A] => 2008-09-10 3:58 PM
    [HTTP_B] => 419
    [HTTP_C] => 9465c02d-d768-4892-bc4d-45ea13c042dc
    [HTTP_D] => your-gmail@gmail.com
    [HTTP_E] =>
    [HTTP_F] => 9/12/2008 8:01 PM
    [HTTP_G] => c4781924-a538-41e8-8cb6-624e02b8d271
    [HTTP_H] => Registration
    [HTTP_I] => 12345
    [HTTP_K] => W. Europe Daylight Time
    [HTTP_L] =>
    [HTTP_M] => mobile
    [CONTENT_LENGTH] => 22
    [HTTP_CONNECTION] => Close
    [HTTP_EXPECT] => 100-continue

The first UUID in HTTP_C might be a unique code to identify your device. The second one changes with every try to register. There was a post in the PPCWarez-Forum that OggSync expects the server to answer with “Pro” if the registration data is correct. Any other answer will be interpreted as failure.

Knowing this, you might wonder what happens if you use your favourite hex-editor, change the URLs to point to a server you own and put this totally complicated PHP script onto it:

<?php
  echo 'Pro';
?>
Loading Google+ comments…