Yono SBI - Scan QR and contactless ATM cash withdrawal

 Hi folks,

I had seen something, I want to do and I have done PoC sometime back. Which is contactless ATM cash withdrawal from SBI Yono Mobile app.

Procedure

1. Visit the SBI ATM which supports QR Scan option on KIOSK ATM screen
2. Select the QR based Contactless Withdrawal option on the touch screen
3. Open the Yono Mobile app which is already registered with your SBI account and have enough funds to withdraw
4. On mobile app, select "QR Cash Withdrawal" option
5. Scan the ATM displayed QR from the Yono mobile app
6. Select the amount to withdraw on ATM machine
7. Enter the PIN or OTP when prompted
8. Money from ATM will be dispensed
9. This is almost contactless except, you need to touch the ATM screen twice to select the QR option and to select amount.

This way, we can have less touch points to stay safe and secure way to withdraw your money.

Hope you will use this option to withdraw money from an SBI ATM.

Send your valuable feedback and comments to psrdotcom@gmail.com

Calculate the private key of RSA algorithm

 Hi folks,

Today we are going to see how we can calculate the private key of RSA.

Inputs

Random prime numbers p and q

Public key (n, e)

Procedure

1. Compute n (Random modulus)

n = p * q

2. Compute e (Derived Number)

e = (p - 1) * (q - 1)

3. Form the public key

GCD(pubkey, e) should be 1

pubkey = 1 mod e

4. Private key

prikey = (1 + k * e) / pubkey

0 < k < e - Iterate until we get a number without fraction

Real example

Inputs

p = 7, q = 17, pubkey = 11

1. n = 7 * 17 = 119

2. e = (7-1) * (17-1) = 96

3. pubkey = 11 

    GCD (11, 96) = 1

4. prikey computation

k=0, (1 + 0 * 96) / 11 = 0.09

k=1, (1 + 1 * 96) / 11 = 8.81

k=2, (1 + 2 * 96) / 11 = 17.5

k=3, (1 + 3 * 96) / 11 = 26.27

k=4, (1 + 4 * 96) / 11 = 35

prikey = 35

Hoping that this blog will be useful in understanding the RSA private key computation.

Send your valuable feedback and comments to psrdotcom@gmail.com

Fixing the Log4j2 vulnerability in spring boot application

 Hi all,

Software Industry was in a shock with the log4j2 zero day exploit.

Exploited area

The Apache Log4j2 version ( >=2.0 to <=2.14.1 ) is exploitable due to an attacker controlled LDAP and  JNDI endpoints.

Appendix

LDAP (Light Weight Directory Protocol) is an industry standard protocol to access directory services.

JNDI (Java Naming and Directory Interface) is a Java API for a directory service that allows Java software clients to discover and look up data and resources via a name.

Find more information about the vulnerability from NVD website link.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

NVD (National Vulnerability Database) is maintained by National Institute of Standards and Technology (NIST),  An official part of United States of America (USA) government's Department of Commerce.

Fix the vulnerability

• Even in the latest spring boot package uses the vulnerable 2.14.1 log4j2 version.
• So, we need to explicitly add the specific version in the properties as below
• In pom.xml file, creating <properties> tag if not exists and add the attribute log4j2.version with version 2.16.0 (latest)

<properties>

    <log4j2.version>2.16.0</log4j2.version>

</properties>

• To check the version applied to the project, run the following command

mvn dependency:tree | grep "log4j"

• The result should look like below

[INFO] |  |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.16.0:compile

[INFO] |  |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.16.0:compile

• The similar type of vulnerability fixes available for other project builds.

Hope you will find the above information useful and fix the issue immediately to keep the servers safe from attacks.

Send your valuable feedback and comments to psrdotcom@gmail.com

 

BitBucket to GitHub Repo Migration including history

Hi all,

In this blog, we are going to achieve how we can move/copy the bitbucket repo to GitHub.

Checkout BitBucket Repo

git clone https://USER@bitbucket.org/USER/PROJECT.git

Add GitHub repo as upstream

cd project-folder
git remote add upstream https://github.com:USER/PROJECT.git
Note: To get the already assigned upstreams, use the below command
git remote -v 

Push the branch(es)

git push upstream master
git push --tags upstream

On push unsuccessful, try the below to have same history

git checkout upstreambranch  
git branch main upstreambranch -f    
git checkout main  
git push origin main -f

Add redirect URL

git remote set-url origin git@github.com:USER/PROJECT.git

Clean up the BitBucket (old) repo [Optional]

Verify the content carefully on the GitHub repo

1. Go to BitBucket account
2. Navigate to the respective repository
3. Click Settings -> Delete repository

Hope this helps you to organize the repositories as per your choice to serve the best way for dev and ops.

Please send your feedback and comments to psrdotcom@gmail.com

Flutter Local (Inbuilt) Authentication usage

Hi folks,

Today I will explain the process of using local (in-built) authentication usage in Flutter.

Pre-requisites

1. pubspeck.yaml update

dependencies:

      local_auth: ^0.6.2+3

2. Install the packages from command line

    $ flutter pub get

    Note: In Visual Studio Code or Android Studio automatically by saving the pubspec.yaml file packages will get updated

Usage

1. Import the package in the respective dart file (say main.dart)

    import 'package:local_auth/local_auth.dart';

2. 

Troubleshooting

1. I/flutter : PlatformException(no_fragment_activity, local_auth plugin requires activity to be a FragmentActivity., null)

• Open /android/app/src/main/kotlin/../MainActivity.kt
• Update the file with following content

package com.[your.package]

import androidx.annotation.NonNull;

import io.flutter.embedding.android.FlutterFragmentActivity

import io.flutter.embedding.engine.FlutterEngine

import io.flutter.plugins.GeneratedPluginRegistrant

class MainActivity: FlutterFragmentActivity() {

    override fun configureFlutterEngine(@NonNull flutterEngine: FlutterEngine) {

        GeneratedPluginRegistrant.registerWith(flutterEngine);

    }

}

Please send your feedback and comments to psrdotcom@gmail.com

Extend Ubuntu VM hard disk space/size

 Hi all,

Today I will explain about the process to extend and existing disk space in Ubuntu VM.

Environment

1. VMWare
2. Ubuntu

Context

Increase hard disk space more than initially configured for the Ubuntu VM.

Reason

VM hard disk might running out of space.

Procedure

• Make sure we have shutdown the Ubuntu VM
• Increase the hard disk size
• Make sure it's in the allowed range
• 
• Start the VM
• Open the Disks application in Ubuntu
• 
• In below example we are extending it by additional 3GB
• Select the Extended Partition block
• Click Settings (Gear) icon
• Choose Resize option
• 
• Use the increment (+) icon or scroll bar to increase the partition size
• Click on Resize button
• Enter credentials when prompted
• By now, the extended partition will be increased
• Time to select the file system, where exactly our data is getting stored
• We will repeat the process of resizing like earlier
• Using scrollbar increase the disk size
• 
• Click on the Resize button
• 
• The harddisk size is been reflected.

Hurray !! You have increased your hard disk size to store more data on the Ubuntu VM.

The same process can be used for normal Ubuntu OS also.

Please send your comments and feedback to psrdotcom@gmail.com

Convert PEM to PFX/PKCS12(.p12) using OpenSSL

 Hi folks,

To keep it simple with a single command to convert the .PEM format file to .p12/.pfx we can use the below information.

$ openssl pkcs12 -export -in domain.pem -out domain.p12

It will ask you to enter the export password (twice for confirmation).

It's up to you to choose to enter the password or keep it empty (just press enter) based on the use case what you have.

Hope this helps you to convert the certificate format and use in your application or server.

Request to send your comments and feedback to psrdotcom@gmail.com