UZZAP Hack

I have received a MMS blast from Smart announcing its new service Uzzap -- although I have opted out already many times to these alerts!

It's time to teach these folks some lesson.

I downloaded the app and registered then my firewall alerted me that its trying to connect to an IP at port 5222.

Bingo it must be a Jabber server. I finished the registration and waited for the confirmation SMS and keyed in the PIN, at first the SMS didn't arrive so I have to click Resend PIN.

The UI is very mediocre so I fired up WireShark and started to sniff the Jabber packets. I need to do this to find out my JID -- WireShark didn't fail me and confirmed that its a Jabber server; it also found my complete JID.

It seems Smart bought another toy, this time from Kolipri. Why? Maybe because they wanted to kick out Chikka for the longest time already or they got envy because Globe has such an epic failure with IMEVRYWHR before that they had to top that too.

Anyway, whatever their reason is I don't really care but its time for some experiments.

I then added my JID to Trillian (you can use any other Jabber client) as a Jabber account and used the same password during registration and it works flawlessly.

Here is the settings for use with any Jabber client:

Jabber ID (JID): your_registered_username@demo.kolipri.com
Host: 125.5.109.121
Port: 5222

After login in using Trillian, Uzzap automatically gets disconnected. It seems there is an enforced single login rule in placed. That's Ok since I don't need the ugly Uzzap client anymore!

Lesson learned? Don't spam me with ads. Haha.

UPDATE:
Here is a screen shot of my Trillian Preferences showing that this hack works!

Build your own meebo.. or even better!

After being dunk from an office party, i decided to sleep over at my desk rather than go home but couldnt fall asleep. So i decided i'll do some far off experiment Txtdomain once again.. i set my goal to replicating Meebo (or atleast some part of it); don't get me wrong here, I dont hate Meebo. I think it's very cool and im always using it whenever im not at the office.

To cut my work short i Googled, found Jabberd2 easy enough as my Jabber/IM server and a few more scripts downloaded to support bindings to other transport. Then i caught a snag when I tried using purely PHP and Apache to connect to Jabberd2 so i decided to go Java with Tomcat since i was already able to make a Jabber Bot earlier with JivesSoftware.

It took me a while on how to handle cross server authentication without sacrificing security, so ive settled for one time embeddable javascript to pass the data plus it is protected by a session based login. Since i freely control the passwords i made them dynamic so Txtdomain will pick a random password every time a user logs-in then change it to something else again when the user logs-out. I could have deleted the Jabber account but i wanted the users to recieve offline messages as well.

In the end it took me 15 hours to finish the experiment and embed in into our Txtdomain site. I'll try to write a howto later when i have the time, i will also try using eJabberd instead of Jabberd2.

Check out the screen shot, SMS to IM and even to GoogleTalk! Now to think of it, it does sounds more like a Chikka competitor rather than for Meebo :P