Saturday, November 1, 2014

Basics of PNG File Format with libPNG example

PNG (Portable Network Graphic) is well known image format used widely over internet. PNG is lossless compressed image file format due to which it is the most favorable file format of images which are likely to be transferred over network. A PNG file consists of PNG Header + Multiple PNG Chunks. A simple PNG file consist of following structure

PNG Header + IHDR Chunk + IDAT Chunk + IEND Chunk


PNG Header:

OffsetHex ValueASCII

89 50 4E 47 0D 0A 1A 0A

PNG Chunk : Structure of chunk is shown below. A single PNG file can contains multiple chunks of different type. Type is identified using Chunk Type field. Each type of field has its own interpretation.

  • Data Length (4 byte)
  • Chunk Type (4 byte ASCII name)
  • Data Bytes
  • CRC (4 byte)

IHDR Chunk: Length of IHDR is fixed 13 bytes and its data field consists of
Image Width (4 byte)
Image Height (4 byte)
Color Depth (1 byte)
Color Type  (1 byte)
Compression method (1 byte),
Filter method (1 Byte)
Interlace method (1 byte).

00 00 00 0D 49 48 44 52 00 00 01 F4 00 00 00 64 08 06 00 00 00 70 C7 C2 7D

IDAT: This chunk contains the compressed image pixel data. A PNG file can have multiple IDAT chunks which will allows the renderer application (like web browser) to display part of image as when the chunk will be available and loading remaining image at the same time.

IEND: This chunks indicates the that are no more chunks. It contains 0 bytes data . It always comes at the END of PNG file. Hex output of
00 00 00 00 49 45 4e 44 ae 42 60 82

Summary related to other common types of chunk is available at

libPNG is open source library used to decode and encode PNG files. A very good example on how to create a PNG image is available at but this example creates PNG file on disk what if we want to write PNG into buffer?
To achieve that we can use png_set_write_fn as mention on this post

Friday, October 3, 2014

Shellshock Test

Here is the one line of code to check if your bash is vulnerable to shellshock bug or not. Just copy and run the command on the shell prompt and if it shows "Yes vulnerable" then patch your bash

env x='() { :;}; echo Yes vulnerable' bash -c "echo Test complete"

This is a test script so it just have echo statement but in real attack this vulnerability can be use to exploit almost anything. Many bots around the globe has already started exploiting this vulnerability. The worst part is that no one can come up with the list of program which uses bash internally.

Sunday, September 14, 2014

Capture android HTTP traffic on Fiddler

Fiddler is windows application for debugging HTTP traffic. It can also be used to capture HTTP traffic from a android device to analyse or debug any android HTTP application. To capture HTTP traffic Fiddler setup a web proxy server and monitor any traffic flowing through the proxy. By default  fiddler proxy service listens on the loopback adapter only due to which this proxy cannot be used by other application. Follow these steps to enable remote connections to Fiddler proxy and steps to define this proxy in android.

Step 1: To enable fiddler to accept remote connection goto Tools->Fiddler Options->Connections in Fiddler and Enable "Allow remote computers to connect". Also not the port number on which fiddler proxy listens default port is 8888.

Step 2: Using ipconfig find out IP address of fiddler's machine,

Step 3: Disable Firewall or add exception in firewall to allow fiddler for incoming connection.

Step 4: Now connect your android device to the same wifi network and goto wifi settings, long tap the connected wifi name and Now selet Modify Network option.

Step 5: Enable "Show advance options", set Proxy Settings to Manual then put ip address and port of fiddler proxy server. Now start your application in android and debug the HTTP traffic in fiddler. Remember to remove proxy once your done with debugging.

Friday, July 25, 2014

Camera not working in Micromax A250

In Micromax Canvas turbo i.e. A250 camera often failed to start and camera app only display a black screen the root cause for the issue is that mediaserver process is having open handles to camera device (see screenshot below). To make the camera work again either restart phone or kill mediaserver process if device is rooted using below script.

su -c "kill `pidof mediaserver`"

Sunday, October 6, 2013

Auto Hathway Authentication is now available on Android Play Store

What is AHA?

Hathway internet users need to authenticate on hathway through a web page to start internet services. AHA short for Auto Hathway Authentication was the first application for Hathway Internet user which auto authenticates users to Hathway portal for internet connectivity. Initially AHA was developed in C#.NET for windows platform only but now the new version of AHA is available on Google PlayStore (PlayStore Link).

How It works?

Whenever you will turn on Wifi and connect to a Wifi network on your device then AHA will determine if network is having Hathway internet by detecting the Hathway modem. Once the modem is detected AHA will continue to check the internet connectivity. For internet connectivity it will ping web after every 30 to verify that the device has internet connectivity and if the ping result is negative then it will attempt to authenticate to Hathway.

Similarly if you will disconnect Wifi network or if your Wifi network has ISP other than hathway then AHA will disable itself so that it will not use resources on your device.


1. Install AHA from Play Store (PlayStore Link).
2. Open AHA and go to settings screen.
3. Enter your Hathway User Id and Password and Click on "Save Settings" button.
4. Now connect to your wifi network and AHA will do the rest whenver required.