How to make an iPhone Case at Home? [Guide + Video Tutorial]

Everyone is very caring for the safety of his iPhone and no doubt you will be too one of them if you use an iPhone. You won’t like to get scratches on its back and would prefer to protect it with a custom casing or skin. It can be bought from the market, but in my case, I never like buying a skin for my iPhone from the market. I would prefer to make it at home with my choice of colors, material and design because when I visited the market to get a cover for my iPhone, I found some covers too glossy with the colors I never like. Whereas some were good in material, but they were in matte and dull colors that were never my favorite. So, what to do the next is just to create my iPhone casing at home. The below listed things are must to create an iPhone case, if you don’t have, then avoid this guide and buy one from any trusted cell phone accessories shop, I personally buy and recommend if you’re looking for affordable accessories, otherwise you can order them on famous Online shopping site.. If you want to join me, you require some very ordinary things for this purpose to collect appreciation from your friends.

Required Items

  • Foam Sheet (It should be in matte, and I would prefer in dull yellow color as it is my favorite)
  • Glitter Foam Sheet (It is used to give a glossy look or design to the casing. If you want a casing in matte only, you can select another matte sheet in a bit different color, but it should be in darker color)
  • Cardboard
  • Pencil
  • Ruler
  • X-Acto knife (If that is not available, you can buy a sharp paper cutter)
  • Scissors
  • Glue (If you buy Super glue, it works the best instead of an ordinary glue. So, ask for super glue)
  • Velcro
  • Markers (In two different colors)


  • Take the flat colored matte foam sheet and use ruler and pencil to draw two lines each in 1 cm width.
  • Now use scissors to cut the strips. These strips will cover the four sides of your iPhone.
  • Paste some glue to the edges of the strips and join them to make one long strip.
  • Start putting the long strip to the four sides of your iPhone. Mark the place where is the “Off/On” button and the “Volume” key. You need to cut the area with X-Acto cutter.
  • Now take cardboard. Put your iPhone on it to trace its shape from the front and the rear side with 2 cm distance between them. (It is because when you open or close the casing after attending a call on your iPhone, it should be flexible enough to work accordingly)
  • Mark the places where the camera exists and cut that in squares. Cut the shapes of front and rear you have traced on cardboard.
  • Now you have front and rear sides of your iPhone in cardboard. Paste these sides on the glittering foam sheet you selected earlier.
  • Don’t forget to mark and cut the holes for camera and flashlight on the glittering sheet.
  • Now put some glue on the edges of the shapes of front and rear for your iPhone and put your phone between them.
  • The ring on the width of your phone you created with the matte foam sheet will fit the front and back covers. Press the sheet on all sides so that it sticks on every inch.
  • Keep it aside. Now you should draw some attractive shapes like stars, the flag of your country, your favorite fruit, bird or animal on the matte foam sheet with a marker. Cut these shapes and paste them with the help of glue to the rear and front covers on glittering foam sheet.
  • Take about 4 inches long and half 1-inch wide piece of the glittering foam sheet and paste at the mid of bottom side of the casing
  • Now put some glue on both sides of Velcro and stick it on the mid of the front side of the casing and join the 4 inches long piece you pasted on the back side of the casing. Now it is easy for you to open and close the casing.

Video Guide:

That’s all guys! Your creation is ready to collect the appreciation of the people.

Michael Daw Anthology

michaeldaw.org is pleased to announce the first “Michael Daw Anthology” award.

For those of you curious, anthology is a collection of published works. The original idea behind the michaeldaw.org website was to build stories upon a fictional hacking icon named, Michael Daw, as well as to host other security related material. As a close friend pointed out to me, the name is very relevant “when pondered upon”. Some believe that the archangel Michael holds the keys to the doors of Heaven.

Use cutting-edge security wizardry, use sci-fi… write a hacking story centered around Michael Daw and be 1 of 6 to stand the chance of winning.

The full details of the competition will be provided soon. We are currently seeking sponsors to donate towards the winnings. For more information please contact us.

Hacking HomePlug Networks

I don’t know whether HomePlug networks are growing in use or not, but the following statements caught my attention:

“Officials at Intellon, the chip maker that developed the HomePlug spec, say that hacking into a HomePlug network would require cracking the government’s DES encryption standard.” – link

My favourite:

“HomePlug specification products also protect data by utilizing powerful DES encryption, which makes hacking into a HomePlug network virtually impossible.” – link

If you are not sure what a HomePlug network is then maybe the following diagram will help:

As you can see above, HomePlug’s in many cases can replace a Wireless infrastructure or work along side it (i.e. your house or office has thick walls weakening the signal). You simply plug it into your wall socket and attach a network lead to it.


Now I didn’t really spend ages on coming up with advanced hacking techniques for these things. It would be overkill me thinks. These devices are insecure in their default state. They are also insecure in their “secured” state.

So lets put our attack together:
1. HomePlug Detection & Enumeration
2. Exploitation in its default state
3. Exploitation in its “secured” state
4. Hacker Countermeasures

1. HomePlug Enumeration

You need a compatible HomePlug to start. A single plug can cost between £20 – £30. Ensure that the plug is HomePlug v1.0 certified or you will most likely fail in your endeavor.

You will then require a target, testing your own network is easy enough, attackers will most likely test your network from an outside wall socket.

Install the software that comes with the plug – this software was exactly same with both my HomePlug makes (other then a few logo changes). Plug your HomePlug into the wall socket of the network you what to connect to. Load up the software and simply click “Scan Powerlines Network”. You could also just load a sniffer and check if your rogue plug has already joined the network.

2. Exploitation in its default state

I couldn’t find the v1.0 specification rfc, but it was trivial to work out that all these devices use a default network key of “HomePlug” to start with. Obviously this was done to allow for plug and play. Load up your sniffer and monitor network traffic. If the default key is used you should see NetBIOS broadcasts etc. Job done.

3. Exploitation in its “secured” state

56-bit DES encryption may have been considered cryptographically strong in the stone ages but not today.

Even though 56-Bit DES encryption (2^56 possible keys) is breakable, it may take a fair chunk of time to crack – although Rainbowtables has made this alot easier. Personally, I would try some weak passwords to begin with.

4. Hacker Countermeasures

Do the obvious. Use a very strong key to secure your HomePlug’s. Ensure thats your network devices are firewalled. Hopefully the newer versions will provide stronger encryption options.

Bypassing ASP.NET XSS Filters

This attack is only possible with Internet Explorer users as it exploits the old IE CSS comment hack; a very creative find indeed from the guys at ProCheckUp.

Proof of Concept:

Alert box injection - simply provided for testing purposes
(may cause DoS issues on Internet Explorer)

ASP.NET will also escape double quotes(“), so although a number .NET servers are vulnerable to this, it is somewhat mitigated by this fact.

ASP Auditor (with a little mod) could be used to test if your web server(s) are vulnerable. Let me know if your interested. I hope to add this check to the tool shortly.

AVs prove less-effective

Last year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the following:

  • A tool to aid penetration testers and web developers with security testing document management applications.

Recently I made a pre-v2 release of the tool, which has received even more feedback then the previous version and the project just got even more exciting.

During web applications security audits, I have come across a couple of situations where my uploaded file just vanished off the server – I am sure many reading this have come across this too. The reason behind this was that an Anti-Virus (AV) application had detected the malicious script and removed it. My future plans for this project is to check the effectiveness of AV filters against the scripts in WBC. Dancho Danchev has gone ahead and made a fantastic start to this!

I have gone ahead and added his research into the WBC table for easy viewing and as a centralised location for AV vendors and other interested parties. The results are certainly not a shocker but definately an eye opener. WBC has certainly demonstrated what all security researchers already know, this area needs work!

I can really see AV vendors catching a wake up call in this area or atleast I hope they do. The fun will soon begin to see how we can circumvent their restrictions and help improve some of these products!

Hotlinks and Persistent CSRF

[Hotlinking] is the placing of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located. Inline linking is also known as hotlinking, leeching, direct linking or bandwidth theft – wikipedia

Hotlinking has been around for ages, and the attack vector shown in this paper is not new either; I merely take two known attacks and merge them to create a super dangerous client side attack that is persistent!

I released the Web Hacking 2.0 mindmap at the beginning of this year (2007). Someone from the Phoenix OWASP chapter liked the idea and posted it on owasp.org. I have no problem with this, although an email saying how and where my work was to be used would have been nice. Enough of that, the point here is to demonstrate the concept of exploiting hotlink trust relationships. This is the primary problem with hotlinking. Site 1 is creating bandwidth problems for Site 2, however, Site 2 is now in a position of trust (persistent).

Two possible attacks are as follows:

  • Attack 1: We deface the page with a lovely picture of stallowned
  • Attack 2: We setup a 302 or 304 redirect on my web server with the image filename used on the site who’s trust we are exploiting. The redirect exploits a CSRF vulnerability. Everytime the page is loaded, the CSRF attack is executed. This is now persistent! Everytime a user loads the Site 1, our CSRF attack is executed.

Lets take this concept a little further. If the site is hotlinking an object or iframe type, it is now possible to turn a reflective XSS attack into a persistent XSS attack. For this attack we require both a reflective XSS vulnerability and a hotlink. What’s really neat and tidy is that an attacker can display the correct object after exploitation, remaining completely invisible to the user.

Our malicious redirects are as follows:

Redirect 302 /a.jpg http://www.owasp.org/index.php?title=Special:Userlogout
Redirect 302 ^/flashobj.swf$ http://site/trusted.html?<script>alert(1)

This attack concept is a security catastrophe especially when taking Web 2.0 which is designed around this form of trust.

In summary, don’t hotlink. Rather download the file onto your local server, although with Web 2.0, this will become increasingly difficult.

Web servers can enable hotlinking protection to prevent this; however, since alot of browsers now restrict the referrer field, this security method will not really help.

Thanks to pdp (architect) for allowing me to bounce ideas off him.


Input Validation Cheat Sheet

Related articles: SQL Injection Cheat Sheet

We sometimes carelessly throw characters up and about in an attempt to find a gem. This paper covers miscellaneous injection characters and their meanings when applied to web application testing.

Character(s) Details
NULL or null Often produces interesting error messages as the web application is expecting a value. It can also help us determine if the backend is a PL/SQL gateway.
{‘ , ” , ; , <!} Breaks an SQL string or query; used for SQL, XPath and XML Injection tests.
{– , = , + , “} These characters are used to craft SQL Injection queries.
{‘ , &, ! , ¦ , < , >} Used to find command execution vulnerabilities.
“><script>alert(1)</script> Used for basic Cross-Site Scripting Checks.
{%0d , %0a} Carriage Return Line Feed (new line); all round bad.
{%7f , %ff} byte-length overflows; maximum 7- and 8-bit values.
{-1, other} Integer and underflow vulnerabilities.
Ax1024+ Overflow vulnerabilities.
{%n , %x , %s} Testing for format string vulnerabilities.
../ Directory Traversal Vulnerabilities.
{% , _, *} Wildcard characters can sometimes present DoS issues or information disclosure.

These characters can be represented in many different ways (i.e. Unicode). It is important to understand this when restricting input to these character sets.



WordPress Adsense Deluxe Vulnerability

David Kierznowski of Operation n has discovered some serious flaws in the WordPress Adsense Deluxe plugin as part of the WordPress Angel Project. The vulnerability(s) affect all versions.

This vulnerability reminds me of the the old Hacker movies, where a worm is released that steals random pennys from unsuspecting victims. This vulnerability is the closest I have seen to this scenario.

The vendor has been notified, and more information regarding the vulnerability will be released after 30 days or until such a time as the author feels that WordPress users have had a chance to upgrade.

Unfortunately, the developer has not gotten back to me, and as many blogs use this plugin as a source of income, I have gone ahead and made the necessary changes myself as a temporary solution. Please note this is an unofficial release. Hopefully the vendor will verify the changes and make an official release shortly.

As with any plugin, please make sure you have made a backup before downloading and installing this.

Download adsense-deluxe.zip.

The vendor was notified: 18/05/07
Response received: None as yet
Fix received: Temporary fix released as part of the WordPress Angel Project.


WordPress Persistent XSS

Vulnerability Title: WordPress Persistent XSS
Author: David Kierznowski
Homepage: http://michaeldaw.org
Software Vendor: WordPress Persistent XSS
Versions affected: Confirmed in v2.0.5 (latest)

WordPress is a popular open source blogging software.
A persistent XSS vulnerability has been found in WordPress (to be honest I have found a few problems and hope to publish these soon). This issue affects the latest version v2.0.5.

When editing files a shortcut is created titled ‘recently accessed files’. The anchor tag text is correctly escaped with wp_specialchars(); however, the link title is not sanitised. Instead, it is passed to get_file_description($file). The only restriction or limitation here is that our text is passed through basename. This means standard script tags will fail when ending with ‘/’. We can get around this by using “open” IMG tags; this works under FF and IE.

Vulnerable code:

[line 22]$recents = get_option('recently_edited');
[line 72]update_recently_edited($file);
[Line 116]:foreach ($recents as $recent) :
        echo "<li><a href='templates.php?file="
          . wp_specialchars($recent, true) . "'>"
          . get_file_description(basename($recent))
          . "</a></li>";

Vulnerable function:

function get_file_description($file) {
        global $wp_file_descriptions;

        if (isset ($wp_file_descriptions[basename($file)])) {
                return $wp_file_descriptions[basename($file)];
        elseif (file_exists(ABSPATH.$file)) {
                $template_data = implode('', file(ABSPATH.$file));
                if (preg_match("|Template Name:(.*)|i",
                   $template_data, $name))
                        return $name[1];
        return basename($file);

Proof of concept:


Temp Fix:
Comment out the following line in wp-admin/templates.php
[Line 72] update_recently_edited($file);

WordPress was contacted: 26/12/06 22:04 BST
Reply received: 27/12/06 06:11 BST
WordPress has fixed this for v2.0.6 and a patch has been released
for v2.0.5, see

RSS Injection in Sage part 2

2 months ago, both pdp any myself released a vulnerability “Cross Context Scripting in Sage”. This issue was resolved in Sage release 1.3.7 (see: http://mozdev.org/bugs/show_bug.cgi?id=15101). I found a new vulnerability which affects the latest version, Sage 1.3.8. In addition to the XSS vulnerability, it should be noted (as in the previous vulnerability) that this issue occurs within the Local Browser Context.


A number of popular online RSS readers allow images to be embedded within Feeds. It has been known for some time now, that the amount of people subscribed to your feed can be determined by using the image src functionality. This is interesting from an anonymity point of view. I was curious to know just how well these applications would prevent and/or restrict the “img onload” features.

Ironically, Sage seems to handle this quite well. It removes any “onload” attribute within an IMG element. Sage also completely removes offending JavaScript code. However, it fails to remove the script tags when inserted within the IMG element. In addition to this, it will actually end the IMG element for us. For example:

<img src=”http://michaeldaw.org/images/jss.jpg” <script>alert(’blah’);</script> ></img>
<img src=”http://michaeldaw.org/images/jss.jpg” > <script>alert(’blah’);</script> </img>
Notice the trailing > is removed and added before our JavaScript code.
This feed will open “/etc/passwd” for Linux users and “…./etc/hosts” for MS Windows users. Please note I have not tested the Windows feed.

Page 1 of 3

Powered by WordPress & Theme by Anders Norén