Singapore parenting, practical reviews and tech notes

Category: Geeky

Cloning a Banapassport Card

Howard Toh

I recently spoke to a client who wanted me to try to help him clone his “Arcade Card”. I immediately rejected him as I wasn’t into illegal stuff like cloning stored value cards. Besides, I was highly doubtful that modern stored value cards are that easily duplicated. He went on to explain that the card has no stored value and was simply sort of an identification card for the Wangan Midnight series of racing games in the arcade. The card authenticates the user to his/her Banapassport account which stores the cars acquired through the game. 

After speaking to a few players, I found out that the common reasons why they would want to clone their original cards are:

  • Convenience. The Banapassport card can now exist also in the form of a key tag or even sticker. Hanging the key tags with your other keys seems like a great idea. 
  • Backup. While players with Banapassport cards that are properly linked to their email address can recover the data in the event of the loss of the original card, there is a cost involved as a new original card needs to be obtained. Also, if the player’s Banapassport card is not linked to an irrecoverable account, there is no way to recover the data. Having a physical clone will solve the problem. 
  • Security. Leaving the original card at home and only going to the arcade with the generic looking cloned tag makes it unlikely that anyone knows what the tag is for if it gets lost. 
  • Sharing. While one cannot log in to two machines simultaneously, two or more players who are not staying close to each other can each hold on to a card/tag to play at different times. 

After doing some research, I managed to crack the keys and successfully clone a Banapassport card into a generic RFID key tag:

 

Interested? Head over to Carousell : Banapassport Card Cloning

Singapore Airlines Free First Class Tickets WhatsApp scam

Howard Toh

Lately, I kept receiving the following message from contacts on my business WhatsApp number:

Hello, Singapore Airline is giving away 2 Free FirstClass Tickets to celebrate 45th anniversary, Now you can get your tickets too ! go here to get it: http://www.singaporeaır.com/firstclass Enjoy your flight!.

singapore air free business class tickets whatsapp scam

It is surprising how careless people can be when forwarding such messages around. There are a few things in the message above that clues one in on its authenticity:

  1. The English. Singapore Airlines was spelled without an “s” at the back, Inconsistent and unnecessary capitalisation of letters, inappropriate spaces and punctuation.
  2. The hyperlink might appear to be singaporeair.com but if you take a closer look, you will notice that there’s something wrong with the letter “i” in the word “air”. We’ll elaborate below.

So what happened to the dot in the “i”? Turns out that the letter is actually:

ı

The letter i without a dot above.

Source: Wikipedia

This is a visual trick used by people with malicious intention to lower the guard of people who have learned to be suspicious of obviously dubious URLs. These people will go “Hey the URL looks legit” and proceeds to click on it.

By the time I found some time to write this post, the site has been taken down. However, I still want to explain more about the web technologies used to bait people to the site.

How did the scammer do it?

Scammers have been using internationalized domain names (IDN) to create resemblance to leigitimate domain names for some time now. But because DNS servers cannot handle the unicode characters of IDNs, Punycode is used to convert the unicode back to ASCII characters. For the above domain, www.singaporeaır.com actually converts to www.xn--singaporear-8zb.com. And if you were you look up the domain name, it claims to be registered in the Bahamas:

Domain Name: XN–SINGAPOREAR-8ZB.COM
Registry Domain ID: 2182998491_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.internet.bs
Registrar URL: http://www.internetbs.net
Updated Date: 2017-11-04T05:16:54Z
Creation Date: 2017-11-04T04:45:22Z
Registrar Registration Expiration Date: 2018-11-04T04:45:22Z
Registrar: Internet Domain Service BS Corp.
Registrar IANA ID: 2487
Registrar Abuse Contact Email: abuse@internet.bs
Registrar Abuse Contact Phone: +1.5167401179
Reseller:
Domain Status: clientTransferProhibited – http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Domain Admin
Registrant Organization: Whois Privacy Corp.
Registrant Street: Ocean Centre, Montagu Foreshore, East Bay Street
Registrant City: Nassau
Registrant State/Province: New Providence
Registrant Postal Code:
Registrant Country: BS
Registrant Phone: +1.5163872248
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: xn--singaporear-8zb.com-owner-ysp5@customers.whoisprivacycorp.com
Registry Admin ID:
Admin Name: Domain Admin
Admin Organization: Whois Privacy Corp.
Admin Street: Ocean Centre, Montagu Foreshore, East Bay Street
Admin City: Nassau
Admin State/Province: New Providence
Admin Postal Code:
Admin Country: BS
Admin Phone: +1.5163872248
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: xn--singaporear-8zb.com-admin-85n9@customers.whoisprivacycorp.com
Registry Tech ID:
Tech Name: Domain Admin
Tech Organization: Whois Privacy Corp.
Tech Street: Ocean Centre, Montagu Foreshore, East Bay Street
Tech City: Nassau
Tech State/Province: New Providence
Tech Postal Code:
Tech Country: BS
Tech Phone: +1.5163872248
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: xn--singaporear-8zb.com-tech-qfid@customers.whoisprivacycorp.com
Name Server: ns-canada.topdns.com
Name Server: ns-uk.topdns.com
Name Server: ns-usa.topdns.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-11-07T06:47:31Z <<<

Registrar: Internet Domain Service BS Corp
Whois Server: whois.internet.bs
Creation Date: 2017-11-04T04:45:22Z
Updated Date: 2017-11-04T05:16:54Z
Expiration Date: 2018-11-04T04:45:22Z

Nameserver: NS-CANADA.TOPDNS.COM
Nameserver: NS-UK.TOPDNS.COM
Nameserver: NS-USA.TOPDNS.COM

The profile of the registrant has been anonymised as part of a value-added service provided by the registrar but even then, we should take the above information with a pinch of salt. One important point to note is that the domain was only registered 3 days ago and we don’t know what else this person plans to do.

Be very careful even if the link was sent by someone you know

Whatever you do, please be very careful even when friends forward links to you via WhatsApp, Facebook or any other platform. There are two main possible scenarios:

  1. Your friend/contact knowingly forwarded the link to you but didn’t know that the link is fake
  2. Your friend/contact’s device sent the link to everyone in the contact list without his/her knowledge. This can happen to a compromised device.

Do your friend/contact a favour and alert him/her about the link instead of just clicking on it. Together, we can foil the plans of these scammers.

[Solved] Intel Compute Stick Wi-Fi broke after Windows 10 Creators Update!

Howard Toh

I currently manage a small cluster of 25 Intel Compute Sticks (STK1AW32SC) as a small part of my day job. I allowed Windows 10 to do its regular Windows Update as part of security best practice to protect my devices from unpatched vulnerabilities.

Windows 10 Creators Update came a little late for me, trickling in between July and August 2017. During this period, privacy review dialogues kept appearing on my machines’ displays. After I’m done with all these privacy reviews, the nightmares begun.

Upon reboot after the Windows 10 Creators Update, each and every Intel Compute Stick did not have internet connectivity!

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

I checked and found that the wireless network adapter had disappeared from the Network Connections page!

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

Going to Device Manager, I found that the wireless network adapter Intel Dual Band Wirelss AC 7265 has an error on it. On some sticks, the wireless network adapter is totally missing from Device Manager! For this, go to the end of the post to see how you can perform a Network Reset to get back the device entry. For those who can see the Intel Wireless AC 7265 with a yellow triangle, double click it and go to the Driver tab.

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

Click Update Driver and then Browse my computer for driver software because you’ll want to rollback to the last version of the driver.

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

Choose Let me pick from a list of available drivers on my computer since the older driver would still be on your computer. Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

When you get to this point, make sure you click on any older driver i.e. anything but the driver with the newest date.

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

There you go! Wi-Fi fixed. You don’t (usually) need to even restart the PC!Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

As shared earlier, I encountered a strange situation on some of the sticks whereby the wireless network adapter cannot be found in the Device Manager. For such a situation, you will need to perform a Network Reset as shown in the following screenshot. Warning! You will lose ALL saved Wi-Fi networks/passwords. Once done, you will need to restart your computer and go back to Device Manager to do the driver rollback described above.

Intel Compute Stick Wireless AC 7265 can't start after Windows 10 Update

I’ve informed Intel about this but they kept referring me to Microsoft. I give up. Microsoft is NOT going to care about someone like me. What I can do is to share this fix on my blog to help as many people as I can. This is quite obviously a case of Microsoft bundling a faulty driver for this device as part of a major update! How careless!

Cheers!

Remove yellow background in Google Adsense Responsive Ads

Howard Toh

If you have implemented the responsive Google Adsense code into your website or blog, you may notice that some ad formats introduces an unwanted yellow background to fill the area that is not covered by the ad.

Refer to the example on the right. The ad format is smaller than the width of my main blog column and Google decided to just fill it in with a strange yellow fill. Is there a way to get rid of it? Yes! And thankfully, WordPress made it really easy for you to do it by simply inserting a custom piece of CSS via the WordPress interface!

The first thing you’ll have to do is to log in to your wordpress. Mine is a self hosted WordPress instance but it shouldn’t differ too much. Once you are logged in, you should see the usual administrative black bar on top of your site. Click on “Customize”.

A sidebar will now appear. Somewhere near the bottom, there will be a menu item called “Additional CSS”. Clicking on that will produce a large edit box for you to insert custom CSS code. Paste the following code into it:

ins.adsbygoogle { background: transparent !important; }

The “!important” syntax tells the site to override the original CSS by Google. This will make the yellow background disappear. Good luck!

Oh, what if you are not using WordPress? Simply insert this into your html page’s header within <style> tags.

Helo LX – Measures Blood Pressure, ECG/EKG, Heart Rate, Breathe Rate, Steps and more!

Howard Toh

So about a month ago, I wrote about my frustrating time with my Fitbit Charge HR which I have owned for less than a year.  I wasn’t satisfied with the quality of the product as the device couldn’t power on within a few months, started peeling and bloating at the band which cannot be replaced. After the 3rd replacement, I think enough is enough. Time to move on. My colleague moved on from the Charge HR to the Blaze which costs $300++ here in Singapore. I wasn’t inclined to remain loyal to Fitbit as this was already my 2nd Fitbit product and technologies used isn’t exactly groundbreaking either.

After searching for almost a month, skipping mainstream brands such as Apple, Garmin,  Fitbit, Jawbone, etc, I caught sight of the Helo (Pronounced Hee – Lo).

Helo is a healthcare wristband that can be worn 24/7 much like your typical fitness band. The key difference is that it is not just a fitness band. It is a health and wellness wearable that is developed to continuously monitor your vitals such as:

  • Blood Pressure (Yes, without the cuffs!)
  • Heart Rate
  • Breathe Rate
  • ECG/EKG
  • Steps
  • Mood and Fatigue Levels
  • Sleep Quality
  • Blood Glucose Levels (No needles, coming Q4 2017)
  • Blood Alcohol Levels (Q4 2017)
  • And more to come

I was initially skeptical. How the hell can this device measure some of these vital signs without cuffs, needles and such? As a technology savvy person, I had my reservations so I questioned the company and did my research and found that PPG (Photoplethysmography) is used by many products such as Apple Watch, Fitbit and more for their Heart Rate detection. From my investigation, a PPG signal offers much more than just your heart rate. For example, a simple Google search on PPG ‘s role in blood pressure measurement yields plenty of medical articles on them such as this. They key takeaway is that PPG is able to provide reasonably good estimations of the blood pressure measurements in a continuous manner (due to the portability of the Helo) which is impossible to achieve with a standard blood pressure measurement device with a cuff. You can’t really go about your day with a blood pressure machine attached to you all  day with the air pump going off every 30 minutes to inflate the cuffs right?

Vital signs measurements are useless if no one sees them (or only you see them). We tend to procrastinate about going to the doctor or seeking medical treatment when we are not feeling that good. This is usually because of the fear of being diagnosed with something serious. Isn’t it the case that your spouse, parents or children are the ones who will drag you to the clinic or hospital when you let slip that something isn’t right about you? Spend some time thinking about this!

Working together with the Helo, the Android / iOS mobile companion apps work to close the gap between receiving and abnormal vital reading and getting the follow up actions. The Guardian function allows you to pre-set conditions that will automatically trigger an alert to yourself and your loved ones / caregiver. You just need to set upper and lower thresholds for your systolic/diastolic blood pressure, heart rate and breathe rate and the app will do the rest for you. Of course, you’ll first have to set up your guardian(s)’ contact details to use this feature.

Another useful feature is the Panic Button. This is a physical button on the Helo for very easy access (just press twice) but works hand-in-hand with the mobile app to send mobile notifications and SMSes to your guardian(s) containing the last known GPS location as a way to report an emergency. This is extremely useful for anyone especially young children and the elderly. Potential use cases:

  • Child who got lost
  • Child feeling unsafe (e.g. suspect being followed by stranger)
  • Elderly who fell down
  • Elderly who got lost
  • Anyone feeling dizzy, on verge of collapsing, etc (potential medical emergency)

At the end of the day, it is not only the technology of the health and wellness band but also the thought put into developing a product that does more than just display pretty numbers on an app. Even as a tech person, I am more intrigued by the Guardian and Panic Button feature.

Want to find out more? Drop me an email at howard@hj.sg

If you want to order a Helo, please use this link: http://catalog.worldgn.com 

P.S. I have ordered one for my wife too.