Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

For marketing and other reasons, detecting the device is common practice. From bots to difference UI experiences, changing this can be a good option. At first, the User-Agent string was used in order to determine a device. However, as the internet has gotten older, this has became more and more complicated.

At this point, it has became an arms trace for detection and prevention: this article is about spoofing devices and how to protect against it. There are so many tricks that go into figuring this out.

On mobile devices, there are a plethora of tricks for this. If its not touch capable, then the device is clearly not a mobile phone. Or, what about checking the screen resolution depending on the type of device it claims to be? This works too!

Another way to determine the device is system defaults. On different devices, emojis are represented in different ways. For instance, Apple and Android have a completely different unicode encoding for the smiley face. Additionally, default fonts are different on MacOS vs. Linux vs. Windows. By using the fonts, it can be determined what device is being used.

To top this off, a tool called Google Picasso fights device spoofing attempts in the Google Play store. It works by doing some rendering operations that are dependent on the browser OS and graphic hardware. Since the release in 2006, Cloudflare uses this tool in order ot prevent spoofing.

Overall, interesting article that calls the never ending race between device spoofing and device detection.