Finally I seem to have completed my conversion script which can be used to convert a palm address CSV file as output by the pilot-addresses tool (from the linux pilot-xfer suite of tools) to a sql script which can be used with sqlite3 to load the addresses into an android contacts db.
This is useful if you do not want to use the google contact service to transfer your old contacts to your new phone. Perhaps you like keeping your contacts' info private for them. Afterall, there's hardly a less public way to expose their personal data then to give it to google, the largest search provider, eh!!!
Since there is not a perfect match between palm fields and android fields, your results may vary. The script makes a best attempt to match things logically, it even tries to combine entries with the same name (in case you have multiple addresses for a person). If you have non US addresses, you should probably edit the country list in the BEGIN{} section.
Once you have converted your palm db to sql, you may want to check the transformation visually before loading it to your phone.
HowTo:
1) Before loading your palm db onto your phone, it makes sense to make a backup of your droid contacts to your PC like this:
adb pull /data/data/com.android.providers.contacts/databases/contacts.db .
2) Output your palm db to a file with the linux pilot-xfer tool (note the important -a switch):
pilot-addresses -a -w add.palm
3) Convert the add.palm created above like this:
palm2droid < add.palm > droid.sql
4) Load the sql onto your phone like this:
adb push droid.sql /cache/droid.sql
5) Load the sql into your contacts db like this:
adb shell
su
sqlite3 /data/data/com.android.providers.contacts/databases/contacts.db < /cache/sroid.sql
That's it!
If you do not like your results, restore your contacts db like this:
adb push contacts.db /data/data/com.android.providers.contacts/databases
Good luck, I hope this helps!
Download: palm2droid (GPLed)
Related
The native text editor on CyanogenMod 12 is launched by selecting a file using the File Manager app. It might be the same app, I don't know.
I would like to make it use Windows line-endings (CR+LF) rather than Unix line endings (LF).
Furthermore, it when I export files from the handset to Windows, all bullet characters (ASCII decimal #149) show up as 3 characters (�, image attached). This is regardless of whether I drag it over using the Windows Explorer interface (MTB USB) or adb pull. Obviously, I want the bullet symbol rather than 3 unrelated characters.
Is there any way to customize the native text editor to behave like Windows text editors?
For context, I just use text files for notes without having to install a non-native app e.g. Notes & Tasks for Microsoft Exchange. If possible, I'm also trying to avoid external text editor apps (basically, apps in general). The reason why I seek compatibility with vim/Windows is because I use vim and Cygwin's diff to sync the files between the handset and the laptop.
Since my text editing needs on the handset are so minimal, I don't need powerful editor that supports code development. I was hoping that there would user settings on the phone for things like line endings and proper interpretation of bullets. I wasn't sure whether those settings would be specific to the editor or OS.
In fact, I wasn't sure that the editor was a separate app (from the file manager or the OS). Using adb to issue a "ps" in the handset did not show any difference in processes between when I was editing a file vs when I was not (at least in the process names, though the process numbers did change), so I haven't been able to identify a separate editor app.
This might be an inaccurate way to suss out the app, since I hear that unless more memory is needed by active apps, smart phone OSs tend to keep apps in memory rather than actually terminatimg the processes. Not something I'm familiar with.
my1stSmartPhone said:
For context, I just use text files for notes without having to install a non-native app e.g. Notes & Tasks for Microsoft Exchange. If possible, I'm also trying to avoid external text editor apps (basically, apps in general). The reason why I seek compatibility with vim/Windows is because I use vim and Cygwin's diff to sync the files between the handset and the laptop.
Since my text editing needs on the handset are so minimal, I don't need powerful editor that supports code development. I was hoping that there would user settings on the phone for things like line endings and proper interpretation of bullets. I wasn't sure whether those settings would be specific to the editor or OS.
In fact, I wasn't sure that the editor was a separate app (from the file manager or the OS). Using adb to issue a "ps" in the handset did not show any difference in processes between when I was editing a file vs when I was not (at least in the process names, though the process numbers did change), so I haven't been able to identify a separate editor app.
This might be an inaccurate way to suss out the app, since I hear that unless more memory is needed by active apps, smart phone OSs tend to keep apps in memory rather than actually terminatimg the processes. Not something I'm familiar with.
Click to expand...
Click to collapse
Better you can use POSIX based text editors in Windows, so that you can retain the collation and formatting.
Otherwise, you can try text converters like dos2unix ( it's available online I guess) to get it work in your phone
I use cygwin & vim. I still have the issue with corrupted bullet characters.
There is an advantage to defaulting to DOS type text files. Vim can handle DOS text files, although it is a paim to search & replace the odd character corruptions. In contrast, DOS text editors can't handle Unix text files. So you can be stuck if your text files are unix by default.
As for dos2unix, I sometimes pipe all vim buffer content through that rather than searching & replacing. I still need to fix the corrupt bullet characters. I don't want to do that for all text files when syncing between handset and laptop. To me, the most efficient solution seems to be to maintain vim/dos style text files on the handset.
So not to clutter up an 'apps' list, I am putting together pieces to enable my surface rt to have more functionality available for on device scripting and a put together a few utilities to fill some areas I think (?) were missing. I might use these from scripts, nodejs, powershell or anywhere else I might launch processes.
So for starters I made :
csnotify - A utility to simulate the toast notification banners (like what you see for weather or new mail alerts). Unfortunately the api used to actual system notifications are c++ sdk binaries which i can't use, so this is as close a clone as i could make. The options are many and explained in a readme file in the zip.
naudiocon - a simple console mp3 file player which i might use for sound effects but it plays a song just as well. There are many pieces to the open source NAudio library which could be useful for future audio media players.
wget - a simple way to download a file from a url via command line. not a true clone of wget but you can enter wget {url} or wget {url} newfilename. run without any params to see that usage syntax.
cryptocli - a simple command line file encryption and hashing utility. Possibly useful for email or sending between computers which has this utility installed. like most ports this runs on arm or intel windows.
speak - a simple text to speech utility to read text either from command line itself or from file specified in command line.
wscon - command line web server. spin up server on -p port and -d directory from command line or put shortcut to this app in 'shell:sendto' to send a -directory- to it (using default port or 8080)
The files are already signed, but if you download directly to your device you should probably right click the downloaded zip(s) and 'unblock' them on the file 'properties' page. This seems to be required when downloading to NTFS partitions, as it will flag the download as 'coming from an unsafe domain' (internet). If you save the file to non-ntfs sdcard/usb/nas you should not have to unblock.
nazoraios said:
So not to clutter up an 'apps' list, I am putting together pieces to enable my surface rt to have more functionality available for on device scripting and a put together a few utilities to fill some areas I think (?) were missing. I might use these from scripts, nodejs, powershell or anywhere else I might launch processes.
So for starters I made :
csnotify - A utility to simulate the toast notification banners (like what you see for weather or new mail alerts). Unfortunately the api used to actual system notifications are c++ sdk binaries which i can't use, so this is as close a clone as i could make. The options are many and explained in a readme file in the zip.
naudiocon - a simple console mp3 file player which i might use for sound effects but it plays a song just as well. There are many pieces to the open source NAudio library which could be useful for future audio media players.
wget - a simple way to download a file from a url via command line. not a true clone of wget but you can enter wget {url} or wget {url} newfilename. run without any params to see that usage syntax.
cryptocli - a simple command line file encryption utility. Possibly useful for email or sending between computers which has this utility installed. like most ports this runs on arm or intel windows.
The files are already signed, but if you download directly to your device you should probably right click the downloaded zip(s) and 'unblock' them on the file 'properties' page. This seems to be required when downloading to NTFS partitions, as it will flag the download as 'coming from an unsafe domain' (internet). If you save the file to non-ntfs sdcard/usb/nas you should not have to unblock.
Click to expand...
Click to collapse
Thanks definitely going to be using wget. If only we could make a port of bash...
Sent from my SGH-M919 using XDA Free mobile app
Qiangong2 said:
Thanks definitely going to be using wget. If only we could make a port of bash...
Sent from my SGH-M919 using XDA Free mobile app
Click to expand...
Click to collapse
Bash shell would be great, git-bash would be even better.
There's a lot of c++ projects that I haven't been able to set up visual studio to compile for arm. vs2013 and 2015 haven't been playing very well so far, I think mamaich successfully did some arm ports with vs2012. Then there's Win10 iot efforts which Microsoft may be more inclined to support officially. They seem to support console c++ apps on win10arm using vs2015 here :
http://ms-iot.github.io/content/en-US/win10/samples/ConsoleApp.htm
I have not even begun trying to set up MinGW/Cygwin which I believe is the toolchain required for cross compiling Linux source projects for win/arm.
nazoraios said:
Bash shell would be great, git-bash would be even better.
There's a lot of c++ projects that I haven't been able to set up visual studio to compile for arm. vs2013 and 2015 haven't been playing very well so far, I think mamaich successfully did some arm ports with vs2012. Then there's Win10 iot efforts which Microsoft may be more inclined to support officially. They seem to support console c++ apps on win10arm using vs2015 here :
http://ms-iot.github.io/content/en-US/win10/samples/ConsoleApp.htm
I have not even begun trying to set up MinGW/Cygwin which I believe is the toolchain required for cross compiling Linux source projects for win/arm.
Click to expand...
Click to collapse
Windows RT was probably coded using vs2012, that's why it's better to use vs2012. Also, Microsoft removed and changed lots of stuff in vs2013 and even more in vs2015 from vs2012. Vs2013 and 15 probably don't have the right commands built in
Sent from my SGH-M919 using XDA Free mobile app
hey i made batch file with sample commands for csnotify
p.s save the file with .bat
p.p.s i seek a bug, the -m text dont support long words
roxas22 said:
hey i made batch file with sample commands for csnotify
p.s save the file with .bat
p.p.s i seek a bug, the -m text dont support long words
Click to expand...
Click to collapse
since your parameter has spaces in it you should wrap it in quotes like :
Code:
csnotify -t "hi xda!!!" -m "i love xda!!!"
nazoraios said:
since your parameter has spaces in it you should wrap it in quotes like :
Code:
csnotify -t "hi xda!!!" -m "i love xda!!!"
Click to expand...
Click to collapse
Thanks, i have some problems with usising batch language
Well I finally figured out how to tap into speech libraries on windows rt, so I created a command line utility.
You can use it to speak some generic text by using this command line :
Code:
speak -t "hello world this is text to speech on windows rt"
Or you can pass in a filename :
Code:
speak "c:\some path to\filename.txt"
Or you can type "shell:sendto" into the address bar of windows explorer and create a shortcut to speak.exe in there and then you can then send text files to it and it will read them.
File should be attached for download.
I added a command line version of simplewebserver, which is called 'wscon' (webserver console).
bundled readme :
This is a console/parameter based version using much of the same code as SimpleWebServer program, but created for command line/script invocation.
The use case for this app is when you frequently change hosting directories and just want to spin up a server on some port and directory.
You can specify port and directory with -p and -d command line options or you can create a shortcut to this wscon program in your shell:sendto folder and right click a directory and 'send to' it.
If you use sendto it will use the default port set in wscon_settings.xml file, which is automatically generated in same folder as executable. Once this file exists you can override the default port of 8080 to be something else if you want.
If you launch from console with just -d option it will use default port in wscon_settings.xml also.
By default this application serves up only to local machine (localhost), if you run it as admin it will be visible to other computers (provided firewall allows).
Click to expand...
Click to collapse
Looking for a note taking app that encrypts it's contents but with cross platform access (e.g. Linux or Windows).
It can either have clients for Android, Linux and Windows or it just encrypts notes and saves them as text files which can be read easily on other platforms.
Any suggestions?
Hmm, i still have this problem myself as i hate putting personal data online.
I've been searching for a simple solution for quite some time and yet nothing optimal arised.
I have 2 approaches to this problem:
1 The simple way:
Use a cross platform password manager which has the ability to store notes like:
StickyPassword, SafeInCloud , etc ...
Do this if you can trust them and beleve their claims.... :laugh:
2 The hard(core) / paranoid / scratch your head with your foot way:
a) Find an android note taking app that saves regular text files eg: Jota
b) Use GnuPG (pgp) on your desktop and OpenKeychain on android to encrypt/decrypt your txt files
c) Use your favorite cloud storage provider client to sync your encrypted txt files
This solution has so many many things to overcome
- Setting this up is not as easy as my bullet points
- Maybe some steps can be automated
- Data (text files) on your devices is stored in plaintext and duplicated in encrypted form which poses some risks when you loose control over your devices (stolen/lost) this can be solved by using full disk encryption and/or deleting the plain text files after encryption
Sorry for may bad english & for being a bit elusive
Hi all,
As part of a class I'm doing, we are required to post some content to a forum to engage in discussion on security:
.
Cross Site Scripting (XSS)
OWAPS describes Cross Site Scripting (XSS) where a website has been marked as a trusted website, which for some reason, can run malicious code or scripts through inputs such as forms. As the end user’s browser sees this site as trusted, it allows the malicious script or code to execute, which can give access to client side information before it is encrypted (such as usernames, passwords, session IDs, cookies, etc).
In PHP for example, a normal input box where a user would enter their name, would be able to enter the following:
When PHP prints this back out after submission, it will execute the script between the script tags (In this case, just a simple popup).
In this scenario, this can be solved by wrapping the input value with htmlentities:
This would print any script as literal text rather then executing it.
In Java,
XSS is still a major issue, both due to some sites not implementing simple work around such as htmlentities or htmlspecialchars, or for reasons where these cant be used. XSS affects PHP applications by as much as 86% - its PHPs biggest vulnerability.
In Java, the easiest method is to simply validate inputs and to encode special characters (<>[email protected]#$%^&*). Alternativley, OWASP have a XSS class which includes easy methods to best prevent against certain types of XSS.
Code Injection
Code injection is where using the sites scripting language, you can inject (rather, have the site pull) code from somewhere else.
For example, php can call one of its own pages like so:
however, if we replace the contact.php page with an external hosted script:
This will cause the enduser to execute that script. This all comes down to PHP validation which is coded within the PHP to ensure only valid respsonses are accepted.
This is unlike command injection. Command Injection is an attack which is designed to execute commands on the PHP hosted system (server). This can be done where most parameters are passed (headers, input boxes, etc) and will typically display any output on the returned webpage.
For example, to return a password for a certain user, you could use a command like:
Typically, to prevent such commands from executing, a whitelist of command can be made, whereby only those listed are allowed to be executed on the server. Alternativly, it is recommend where the application needs to invoke system side commands, to do this through local python scripts, rather then PHP calling the commands.
CRLF injection
CRLF injection comes from the elements CR (Carriage Return) and LF (Line Feed) – together (CRLF) this denotes a new line (done simply by pressing the enter button). If a website for example, allows you to upload a file, an attacker may name this file as follows:
This would result in a system command being carried out to delete everything in the /bin folder.
It also allows an attacker to write to the log file, by creating it own new line. If the logs are configured in such a way that they will email out any WARNINGS or ERRORS, an attacker may add these to a new log line repetitively, backing up the email and bandwidth.
The simple way around this is for JAVA to sanitise any input strings, either through substituting known commands, or through methods such as
SQL Injection
.NET SQL Injection allows an authorised SQL command to be sent to the SQL server and executed.
An SQL string may be built using inputs from a form. A possible example of this is:
Code:
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'formemail';
where the red is the text from an input field.
However, we can modify this string which can allow some malicious stuff to happen:
Code:
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'formemail'; DROP DATABASE members --';
Adding the red text to the email input box, would allow us to delete the whole table, or alternatively insert a new record into a table, or possible delete records, modify records (change passwords), or even delete whole tables.
To prevent this, you can limit the damage an SQL injection can do you using proper database permissions (deleting records, tables, etc), and to also use good sanitisation – look for -- or ; in any field and invalidate the data if it has these characters.
Directory Traversal
Directory traversal can also be referred to as a “dot dot slash” attack.
In php, a resource (page) can be called as follows:
However, it may be possible to get other files, not even part of the web directory using the following examples:
The easiest way to prevent this is to assign proper permission on the server itself. However, many web developers do not own the server, therefore, another layer of protection is fully qualify the file path, with the root being where the webpage sits.
Connection String Injection
Also known as connection string pollution, it is possible for an attacker to inject parameters into a connection string to a database. Typically a connection string is built by delimiting each value with a comma. In an injection attack, strings can be built using semi colons as a delimiter.
A typical connection string to a windows SQL server may look like the following:
Code:
Data source = SQL2005; initial catalog = db1; integrated security=no; user id=+’User_Value’+; Password=+’Password_Value’+;
However, if an attacker places a rouge windows SQL server on the internet, and then uses a connection string like follows:
Code:
Data source = SQL2005; initial catalog = db1; integrated security=no; user id=;Data Source=Rogue Server; Password=; Integrated Security=true;
This allows the target windows SQL server to connect to the rouge server using its own Windows credentials, exposing much data.
Backdoors
Backdoors can be common within applications and web applications and can occur across many types of frameworks, however, it’s the security around the knowledge of backdoors, and what they allow, which can be of concern. All modems, routers and some managed network infrastructure have administrator usernames and passwords. However, sometimes, the network vendor (CISCO, NETGEAR, etc) or ISP may choose to put a backdoor access onto these devices. This may be in case a user forgets their administrator credentials, for automatic firmware updates, or for remote troubleshooting. Some of these backdoors may allow for more settings then what is normally shown to an end user.
For example, some older Optus supplied modems had the hidden user: Admin, and a password of: Y3S0ptus. This was standard across thousands of supplied modems. The problem was, the end user had no way of changing the default setting for remote web access from Enabled to Disabled, which meant anyone that knew of their IP address or domain name, could now remote access their modem router, add port redirects, and now connect to devices within their LAN.
In the case of ISP provided modems, it might be safer to simply by something else, not supplied by the ISP.
Interacting with the Clipboard from the shell can be difficult.
It used to be easier and you could use service call clipboard ...
Nowadays Clipboard only takes ClipData.
Ok, you could still do it using the service executable but you'd have a long list of opaque numbers.
I wrote a regular executable (not using any Java itself) to fill the Clipboard with your text.
It works for UTF-8, although I haven't gotten it to work pretty-like on Windows.
(I got the CHCP 65001, but I don't have a font for the console.)
Code:
# /data/local/tmp/copyclip 'I want to go to 中关村科贸电子城.'
This is an ELF64, you have to be rooted, it's a beta and everything is subject to change.
It works on A10. Later Android might need some fixes for attribution tags.
You should rename it to plain "copyclip".
Just park it somewhere (/data/local/tmp is fine) and chmod 755 it.
I've made a few tiny tweaks.
You can do the paste automatically, but there's a rub.
The input keyevent is pretty stupid because it rolls out a whole zygote just to inject a key.
Still, if you don't expect performance you can always:
Code:
# ./copyclip 'The short tedious text' && input keyevent 279
Normally, I do either a USB HID device or a key injector daemon if I want performance.
As noted previously, copyclip itself doesn't roll out a zygote, so it's quick.
Edit: Update again March 7th.
Yet another fine tuning.
I'm thinking about -e processing like echo has.
copyclip can be found in my sig.
Hmm, that's interesting. There were big changes in ClipData from A10 to A11.
This wouldn't work if you are on A11.
There's a two new versions out that works for at least A9, A10 & A11, either 32 bit or 64 bit.
If you're not rooted you'll probably get:
Code:
Error: Package android does not belong to 2000
You'll find it in the sig.
I'd appreciate any feedback on success/failure.
It seems like this would be really useful for entering snippets of Unicode text selected from the desktop.
input text can't handle Unicode.
One of the reasons that I'm having fun with this is the efficiency of not using app_process/Zygote/Java.
Code:
Poke3:/ # time input text Hello
0m00.51s real 0m00.28s user 0m00.20s system
Poke3:/ # time /data/local/tmp/copyclip Hello
0m00.04s real 0m00.01s user 0m00.02s system
Yow! I love talking to myself! I'm 7 posts in and no interruptions from somebody who wants to know something.
I just posted (Win32) adbclip.exe, an amazing accessory that works in concert with (Android) copyclip.
If you're on your desktop you can go to some nice Korean (or Japanese or Arabic or English) website, select some text and then paste it to the Android clipboard!
Amazing, eh?
All the details are in my sig, or more directly: http://www.temblast.com/copyclip.htm.
The Android utility copyclip has been updated:
You can style the text bold with -b and/or italic with -i
You can pipe other shell commands to it: date | /data/local/tmp/copyclip