The struggle to connect a dumb TV to a Bluetooth speaker

So the TV is far from where I usually sit and watch. For example, when watching a movie, as it probably happened also to you, the volume during dialogs is very low and then it becomes very loud during commercials, dramatic or action scenes. There are several solutions on the Internet but non solved the problem for me.

The solution that I wanted to have is a small bluetooth speaker very close to me that I can take around with me wherever I want to sit and watch. Imagine the setting blow. You are in a big room where the TV is a bit far away. The goal is to have a small bluetooth speaker next to you.

So I designed the “plan” on a piece of paper and identified the accessories that I’d need. On the TV, there are two HDMIs and one USB ports. Note that, a Chromecast receiver is connected to one of the HDMIs and it is powered directly from a wall outlet and an external hard disk is connected to the USB port. A subwoofer is connected to the 3.5 mm audio aux. Below are the accessories I initially thought I needed.

  • A bluetooth speaker
  • A bluetooth transmitter (as the TV doesn’t have one)
  • Headphone splitter (so that I can also use the subwoofer when I want)
  • A USB divider (to use the only USB port to power the bluetooth transmitter, the hard disk and the Chromecast)

So I got the accessories that I needed and started setting up as planned. Connected the headphone splitter to the TV and then connected the subwoofer and the bluetooth transmitter (3.5 mm aux) to the other side of the splitter. Paired the bluetooth transmitter and the bluetooth speaker. Connected the USB divider to the TV and then connected the external hard disk and the bluetooth transmitter to the divider. The USB divider had additional free port so I thought why not connect the Chromecast to it as well so that I minimize the clutter? 🤷‍♂️ The only thing left was to try if the setup is working. Turned on the TV and cranked up the volume. Annnnnd voilà! It works! 😍 But wait, the hard disk has some light but isn’t being detected by the TV anymore 🤔 Since I couldn’t find any information on how much current the TV was outputting through the USB port, the next day, I borrowed a USB Tester (similar to the image blow) from a colleague to see if the hard disk was getting enough power. So basically, I connected the USB Tester to the TV and the USB hub (without the hard disk, the Chromecast and the bluetooth transmitter) to the Tester. The Tester read that the TV is providing 1.5mA. Connected the Chromecast and the bluetooth transmitter and learnt that they draw more than half of the current and therefore the external hard disk wasn’t getting enough power to drive the motor.

So I ended up attaching the external hard disk directly to the TV and the hub to a wall outlet and I got everything working until I noticed that there is a interference noise coming out of the bluetooth speaker🤦‍♂️ . I couldn’t understand what the cause was but thought it was related to the quality of the bluetooth transmitter. After a bit of search, I read someone suggesting increasing the volume on the TV to the maximum and control the volume from the bluetooth speaker🤦‍♂️. A very annoying workaround but it kind of worked. The next day, I was rearranging the cables to avoid cluttering and decided to use a USB charger head to connect the bluetooth transmitter (instead of connecting it to the hub and the wall outlet that is also serving the TV and the subwoofer). All of the a sudden the noise disappeared 😳. That is when I understood the interference was coming from the divider that I was using on the wall outlet. Perfect! Problem solved. All this time I was testing with music videos and I didn’t pay attention to the contents. Once I was done with everything, it was time to enjoy the setup and theeeeeen I discovered that the audio and the video were out of sync — the audio has a delay!! 😤. The TV has a setting to adjust the delay to some extent but it wasn’t enough. That is when I said fuck it and started training my brain to sync the audio and the video.

I realized that when a bluetooth sound device is connected, mobile and computer operating systems can delay the video so that the audio and the video are in sync. The dumb TV doesn’t know that I am connected to a bluetooth speaker so it can’t delay the video (even if there was a built-in feature). Moreover, the further I go away from the TV, the delay become more noticeable. This happened a couple of years ago. Now I am used to it and I don’t even notice the delay. But when friend visit, they like to point out that there is a problem with the audio 😏.

ASOS Price Checker

ASOS Price Checker: Save up to 50% when shopping on ASOS. Did you know that the same product has different prices on different ASOS country-dedicated websites? Find out how you can save up to 60% or find your size just by comparing the different stores. You can also get notification when the price drops!

  1. Chrome extension for ASOS Price Checker

  2. ASOS Price Checker and Price Drop Alert for Telegram

  3. Web versions of ASOS Price Checker

ASOS Price Checker: Save up to 50% when shopping on ASOS. Did you know that the same product has different prices on different ASOS country-dedicated websites? Find out how you can save up to 60% or find your size just by comparing the different stores. You can also get notification when the price drops!

I use to do several online shopping. They are one of the best online fashion shops. They have several stores in different parts of the world. Each store might have different price for the same product. Sometimes, you might find up to 50% price difference between different stores. If you, for example, always buy from ASOS UK, then you have to compare the price, for example, with ASOS Germany as you might save a lot.

asos price checker
Telegram bot showing prices of a product in different ASOS stores

You can do this buy opening the different store websites for the same product and compare the prices… sometimes you might need to convert the currency to your preferred one. To facilitate this process, I have created an ASOS Price Checker Telegram bot that can help you do these automatically. Check prices on all ASOS country sites of the same products. You simply copy the product’s link and paste it in the chat and the comparison is done automatically and a summary is provided. It is easy to use and has the following features:

  • ASOS Price comparison: compares the prices of a product in the different ASOS stores and tells you which store has which size and how much it costs followed by the link to the cheapest store
  • ASOS Price Tracker/Price Alert: if you want to wait until the price for a given product drops, you also have the possibility to get price alert for the product and get notification as soon as its price changes (drops/increases or the product goes out of stock/comes back to stock)
  • ASOS Size check: sometimes the product that you wanted to buy from your preferred store might no longer exist in the size you want. By using either the Telegram bot or the web version, you can see which other stores have your size.
  • ASOS back in stock alert/notifications: Get back in stock alerts for any item on ASOS. It will send you a notification when your favorite product comes back into stock on ASOS.

It is very easy to use. You just send a link to an ASOS product to this bot and the bot responds with content similar to the image above: the price and the available sizes in each store followed by a summary pointing out cheapest store.

If you are on mobile and have the ASOS app, you can just click on the “Share” button, then choose Telegram from the list and share the link to the bot. Before sharing the link to the bot, you should first “Start” using the ASOS Price Tracker bot. By following the link or by searching for @asos_price_tracker_bot on Telegram, you can START conversation with the bot.

If you’re using a web browser, just copy the link of the product and send it to the bot on Telegram web.

If you’re not using Telegram, you can use ASOS Price Checker on the web that does similar things without the price alert feature.

The ASOS Price Checker Chrome extension tells you the cheapest price while you are still on ASOS website. For example, below we see a product listed in the Italian ASOS website. The Chrome extension displays automatically the available cheapest price for this current product. As you can see, this product is available €100 cheaper in other ASOS stores.

ASOS price tracker shows an ASOS product sold for €300 in ASOS Italy found €100 cheaper in another store
ASOS product sold for €300 in ASOS Italy found €100 cheaper in another store

The other advantage of the Chrome extension is when you come across a product that is out of stock in your preferred store but is available in another store. Look at the following image.

asos price comparison tool helping discover out of stock product
ASOS product that is out of stock in ASOS UK but available in another ASOS store.

As you can see, the product that you gave up on because you thought it was out of stock could actually be available in another ASOS store.

This is a personal project that was intended to help me manage my shopping on ASOS. I benefited from it by getting price drop alerts as well as finding the cheapest store. As some friends found it interesting and are using it, I thought it might also be interesting to others.

Feedbacks are welcome!

The provided property ‘og:url’ (‘*’) does not represent the input URL. You can safely ignore this message after double checking the provided value

The provided property ‘og:url’ (‘*’) does not represent the input URL.

Yes. We know why you are here. It looks like, after a couple of years, Facebook has finally fixed the loophole.


ASOS Size Checker

If you always shop at a specific ASOS website, you might be missing out on the different advantages that you have from looking at other ASOS stores. Apart from the prices, different ASOS stores might stock different sizes of a given product. For example, say you wear size L T-shirt and you normally buy from ASOS DE. For a specific T-shirt, the ASOS DE does not have your L size. However, by just checking the ASOS IT or ASOS FR store, you might find your size. Ordering from any ASOS store is fine and therefore, by just checking the different stores, you can find your size.

The following website does this automatically for you along with the price.

As you can see on the image, it shows you the photo, the cheapest price, how much you save, the cheapest store and the prices at the different stores and the sizes in the different stores.

Screen Shot 2019-06-30 at 7.41.33 AM

With this, you save time, money and at the same time find your preferred size.


The Secret Method to Getting Large Facebook Link Thumbnail For YouTube Videos

This was the trick people used to bypass Facebook’s algorithm and have full thumbnail on Facebook for YouTube links.

Sometime ago Facebook used to allow embedding a YouTube video so that people can watch a YouTube video while still on Facebook. Then Facebook started their own video section and wanted people instead to watch Facebook’s video only so they stopped the option to embed YouTube videos. In an attempt to drive less traffic to YouTube, Facebook even decided to show tiny ugly thumbnails whenever a YouTube link is shared on Facebook.

Using YouTube Gaming to have bigger Facebook thumbnail

A lot of YouTube to Facebook publishing websites emerged to fix this problem but this services suffer from low New Feed distribution as they are probably used by a lot of people for sharing YouTube video and considered spammy.

So, I was looking for the best way to publish a YouTube video to Facebook with it’s full thumbnail and maintaining the YouTube authority. So, if Facebook intentionally did this, it means that they have a check somewhere that looks like:

if ($domain === “” || $domain === “”)  {

// then fuck up the thumb


So, I started digging for other subdomain or TLDs owned by YouTube that do not redirect to… with the hope that Facebook did not include those in the ‘blacklist’.

So after trying several of them, fortunately, I came across, the YouTube Gaming App companion site. The good thing about this was any normal YouTube video would work by just changing the to and Facebook would show the full thumbnail and you have full post reach since the YouTube domain is trusted. Additional traction comes from the full thumbnail.

Like what they say, all good things come to an end, on May 30th, YouTube shutdown this service and this subdomain now redirects you to which brings us to the original problem of shitty YouTube thumbnails on Facebook.

This was kept secret for obvious reasons but I am sure there were a lot of people using it.

Playing with NSA’s Ghidra

A couple of weeks ago, the NSA released a complex binary analysis tool called Ghidra. When I discovered that, I was working on an ARM binary analysis tool (personal project). I was excited and I slapped a couple of different platform binary files I had to it and saw what the tool does. It was amazing. It performs several analysis and even generates pseudo-C code. IDA Pro is in a real competition now, I guess — a free tool with almost all the features one could ask for…

The last time I did Windows binary reverse engineering was probably more than 10 years ago. It was when I used to do malware analysis. Back in those days, I used to have sets of tools such as WinDbg, OllyDbg, PE Explorer, Dependency Walker, SoftICE, IDA along with Sysinternals tools such as FileMon, Regmon and Process Explorer. Each tool provided different interesting functionalities that made the overall malware analysis a lot easier.

With the excuse to see how Ghidra works, I decided to try reversing a simple Windows program. I grabbed the first Windows entry at, a site hosting CrackMe challenges. The challenge is to find the password.

I ran the CrackMe challenge program in a VM and noticed it asks username and password. When we enter the wrong details, it displays “Wrong password.” as shown below. With this in mind, we open Ghidra and load the EXE (we skip a couple of screenshots regarding loading the EXE…).

Screen Shot 2019-03-23 at 4.18.00 PM

We could start from the entry-point and look for the location where the password check happens. But that means we have to do unnecessary manual static analysis going through different dependences until we reach the interesting location. Instead, the easiest way is to walk through the import address table (IAT) looking for printing functions the program references. The idea is to find the location where “Wrong password.” is printed as it is the most probable location where the password comparison is done. If the function was loaded dynamically, then it wouldn’t appear in the IAT and we might need a different solution.

Screen Shot 2019-03-23 at 4.26.38 PM

We see a printing function printf in the IAT. We look up its reference as shown below.


We see that a wrapping function _printf is calling the actual printf. We repeat the same process and find reference to _printf.

Screen Shot 2019-03-23 at 4.42.07 PM.png

To do so, we click on _printf in the Location Reference Provider window, then we close the window and right click on the function identifier _printf then References > Show references to _printf in the context menu. Screen Shot 2019-03-23 at 4.45.56 PM.png

Selecting any one of the references shows the following result. On the left pane, the disassembly and on the right pane, pseudo-C. If we know some details about the function, such as the signature, we can, for example, change the function signature so that the tool better decompiles the program.

Screen Shot 2019-03-23 at 4.48.35 PM.png

For this function, we don’t need to add much. So basically, it looks like it allocates a buffer for user input and calls _promt_user(buffer). _promt_user() looks like it is doing the following. Show the ‘Enter your username’ message, store a max of 19 bytes on the buffer as the username. Then prompt ‘Now enter your password’, then store the input with up to a max length of 29 bytes on the buffer at offset 0x1e (30) — which will be the password. Then look for ‘\n’ (decimal 10 or hex 0x0D) in the password section of buffer (offset 0x1e). If we find ‘\n’, then we set it as the end of the buffer by setting it to ‘\0’. Now, the buffer looks like the following.

Screen Shot 2019-03-24 at 11.13.41 AM

Some calculations do not add up. The buffer is 50 bytes long. However, the password is written at offset 30. Which means, the password length can only be 19 bytes (+ the remaining 1 byte being the terminating null character). But the program reads up to a maximum of 29 bytes from stdin as password (total 59 bytes, while the buffer is 50 bytes). This mean it allow the user to write 9 more character beyond the buffer size. We have buffer overflow here with only 9 bytes for the shellcode.  Not enough to have a jump shellcode to the interesting location —  0x004014aa. But DoS is possible, return address is modified by writing more than 4 bytes. Let’s forget about the buffer overflow and move on.

Screen Shot 2019-03-23 at 6.04.50 PM

We just saw that _promt_user() just askes the user to insert username and password and returns the user input. The next step is to check the password using  _check_password(buffer).

Screen Shot 2019-03-24 at 2.11.57 AM

Here, the ‘stored’ password is retrieved using _get_pwd(_buff) and buffer[30] is compared with some_pointer+_buff[0] (variable local_30 renamed to _buff). Let’s see what _get_pwd(_buff) does.

To summarize, this function creates and allocates a buffer[1000] in the heap, populates the integer array parameters (_buff) with random values, then assigns the following constants to variable _Memory.

_Memory[0] = 0x76;  // 118
_Memory[1] = 0x2f;   // 47
_Memory[2] = 0x6d;  // 109
_Memory[3] = 0x30;  //  48
_Memory[4] = 0x73;  // 115
_Memory[5] = 0x33;  //  51
_Memory[6] = 0xff;   //  255

Then it iterates 6 times setting values in the allocated memory as follows.

  • First, get _Memory[0]+1 = 119, then set buffer[_buff[0]] = 119, where _buff is the parameter to _get_pwd().
  • Second, get_Memory[1]+1 = 48, then set buffer[_buff[1]] = 48….
  • …. at the end return pointer to the heap buffer

Screen Shot 2019-03-24 at 2.39.00 AM.png

Now, we are back at _check_password(). Earlier, we said, the ‘stored’ password is retrieved using _get_pwd(_buff) and buffer[30] is compared with some_pointer+_buff[0] (local_30 renamed to _buff). Now, let’s refine it.

  • the ‘stored’ password is retrieved using _get_pwd(_buff), and buffer[30] is compared with buffer+_buff[0] (which is equivalent to buffer[_buff[0]]).
  • recall from _get_pwd()’s first iteration, we have that buffer[_buff[0]] = 119.
  • Therefore, the final check is: buffer[30] == 119 (buffer[30] == ‘w’)
  • In other words, the first character of the password phrase (buffer[30]) must be equal to ‘w’.

With that, we conclude that the password is anything that starts with ‘w’, e.g., ‘world‘ and the username doesn’t matter.

The pseudo-C code provided by Ghidra is very helpful in better understanding the binary, though, sometimes renaming and retyping could be required. This was an exercise to understand if I still remember the basics of reversing Windows binary with the additional challenge of using a new reversing tool. It was fun.

One thing that I would like to mention regarding Ghidra is that, I kind of had a problem with scrolling. I was not using an external mouse during this analysis. Instead, I was using the touchpad on a Mac. However, scrolling down in the disassembly pane was problematic as it was jumping several addresses down or up and making me lose the location and I had to redo the the different steps to arrive to the location I was investigating. I don’t know if this is a specific problem but I will give it a try with external mouse and additional monitor.

What I am actually interested in is the headless version where some analysis output is produced via command-line and building some other automated binary analysis tool on top of it. Let’s see how it will go.


Telegram channel with comment functionality

Do you want to include a comment in a Telegram channel? This is one way how you can include comment feature in a Telegram channel.


Note: Telegram recently included a native commenting feature and this post might not be that relevant anymore.

Telegram channels are one way in terms of communication — the admins send message and subscribers can view. By attaching buttons to messages, admins can let members interact with messages such as liking or disliking — which is the most common use case. What about if a member wants to comment on a given message? There are a couple of workarounds, one being having a bot that handles user messages. But this has a problem of not being able to associate a member’s comment to a given message. Anyway, as an initial workaround I created a bot that let members provide comments and the bot forwards the message to the channel. It works but nobody knew which comment was for which message. In addition, there is also a spam problem; people could spam subscribers.

Screen Shot 2019-03-13 at 2.30.25 PM
Telegram channel with comments feature

After a bit of thinking, I came up with this simple solution. Have a new button called Add comments associated to a message (in addition to the like and dislike buttons) that when clicked, takes the user to a website that hosts the comment for that specific message. The end result looks like the image above. Very simple idea but having the ‘chicken or egg’ problem. When broadcasting a message with those 3 buttons (comment, like and dislike), the comment button should point to a unique URL (e.g., that identifies that given message. However, while broadcasting the message, we do not have the message ID as the ID is generated later by Telegram after broadcasting.

The workaround for this problem is to broadcast the message first without the button, get the ID, then immediately modify the message by adding the button with the required ID. Works perfectly.

Of course, we are required to implement the backend that handles comments (i.e., That is not related to Telegram. However, you can either use a readymade script (considering security regarding user input) or integrate disqus avoiding the hassle.

In order to add a little bit of gamification to motivate people to read/add comments, I added the count of current comments for that message on the button.

You can then extend the comments page to add additional interesting stuff including monetizing your Telegram channel.

The idea presented here is implemented for a fully automated Telegram breaking news channel with thousands of subscribers. Instead of passively reading contents, members can now comment or discuss on messages.


Why are Facebook engineers confused about App Review?

So Facebook recently changed the policy about their API. Yes, Cambridge Analytica ruined it for everybody. Facebook has limited API access and included also app review for most of the permissions an app requires. Though there are still some loopholes but recently they almost closed everything saying your app has to pass through review.

Image result for facebook engineers

So they basically want to see how you use their API. But this is with the assumption that you are dealing with user data. For example, having a Facebook login for OAuth on your website and when a user uses the plugin to login to your website, you request permissions from the user (e.g., permission to post the user’s behalf). The permissions could be for user profile or the privilege to manage the users pages.

The problem comes here. What if you want to access your own data? Do you have to pass through the review? As long as you’re only accessing your own data, it should NOT be a problem. So, basically, I create my access_token via Graph Explorer and use the API to access my data.

When Facebook required app review, I submitted the app along with a screencast (as they requested). I got a response saying they don’t see the login plugin in the video. But I don’t use the fucking login plugin because I am not asking people to login using Facebook. Basically, I don’t use the app to interact with Facebook users.

I explained in details what I want to do and the fact that my app is not related to users. Their response was “we can’t find the login plugin on our website.” For fucks sakes, Facebook.

During all this time, the API was working on and off without review for a reason that I do not know.  And the people I have been in contact with were developers not just tech support (at least said Facebook). Why they were not able to understand the use-case is beyond me. This is the point where I said fuck their API. I will find a way, though it will be painful, because Facebook API has become useless.

The fix should be very easy though for Facebook. If an app is not reviewed, just limit the access to the app developer’s data/page/group… just like when the app is in development mode except being able to publish on your profile/page/group.


How the latest Facebook hack could have cost money to its users

fbhkFacebook has recently reported that external actors have exploited a bug in its system to gain access to more than 50 million users. Apparently, three different bugs were used together to get access-token of the affected users that lets the attackers login to Facebook without needing the user’s password.  Though Facebook is still investigating what data the attackers could have gotten, considering the fact that the access-token is powerful (it has the permission of the Facebook mobile app), we can assume they’ve got everything. However, apart from getting user data, the attacker could have also performed several (automated/manual) actions using the affected user’s account including costing money! The following are off the top of my head assuming 50 million user accounts:

Bypass Facebook News Feed algorithm

We know the Facebook News Feed algorithm favors posts that have initial momentum (reactions, comments and shares). Thus, that attackers could have used the affected users’ accounts to generate fake reactions, comments and shares in order to fool the algorithm.

Sell Facebook Page Likes

In order to increase a Facebook Page’s Likes, one has to pay for Facebook and advertise the Page to a given audience that most likely will like the Page. However, using the 50 million accounts, the attackers could bypass Facebook advertisement and sell Likes directly to their users. Well, this could also apply for the first case, where the attackers sell traction.

Takeover users Facebook Pages and Facebook Groups

Imagine having a Page with millions of Likes that you spent money on and because of a bug on Facebook system, the attackers take control of and remove you from the admins list? Though Facebook might restore ownership, it is reported that it is not that simple to get back.

Use configured Facebook ad account

This actually will cost money to the user. If a user has a configured ad account, the attackers could use it to promote something that costs money. Moreover, the attackers could advertise something that violates Facebook’s policy and get the users ad account disabled.

According to the notification I received on Facebook, I am one of the 50 million affected users. Though Facebook is still working on it, I tried to go through the possible places where I could see if my account was used to perform some actions. For now, it seems fine. But I can’t say anything about the data they have.


Stay safe on this unsafe platform.