Review ASMedia 1042, Cheap USB 3.0 Express card for your Macbook Pro, Hackintosh

Review of ASMedia 1042 controller, Cheap USB 3.0 Express card for your Macbook Pro, Hackintosh

I bought a cheap USB 3.0 Express card for my Macbook Pro which did not have a USB 3.0 by default like it’s latest iterations. So I needed an USB 3.0 express card as I wanted to leverage better Data Transfer Rate from my 1Terabyte Seagate Go Flex External HDD with STAE 104 USB 3.0 Adapter. My Go Flex HDD came with a USB 2.0 so I made a gamble by buying the express card first, testing it with USB 2.0 and then moving to USB 3.0. Everything went picture perfect and I’ll tell you how you can upgrade your old MBP or Hackbook to USB 3.0, Read on.

You need an Express card with ASMedia 1042 Chip to work on OSX. I bought USB 3.0 2 Port Express Card 54mm Notebook Adapter BC398 from Amazon for $10.37, though the previous versions of it had NEC USB 3.0 Controller mine had ASMedia 1042 Controller (even the cd had NEC drivers !), So confirm that your Express card has ASMedia 1042 before buying it.

Note : USB 3.0 Kexts should be installed, up & functioning in your OS X for  the steps below.


I have included the Amazon link of an express card with ASM 1042 controller above. The card I bought was semi flush-fit (i.e though it fit perfect, it needed some superglue to fix it in place). Make sure you buy the right size 54mm (or) 34mm supported by your MBP/hackintosh laptop. Also if you are planning to use your  Bus powered External HDD with USB 3.0 it would need external power supply to work, so your best bet is to get an express card which supports external power supply through USB like mine shown below (Also like the card shown above).
Here are the benchmarks of ASM 1042 USB 3.0 on OSX Mountain Lion 10.8.2 with Seagate Goflex 1Terabyte external HDD with USB 2.0/USB 3.0 adapter cable.
As you can see from the above benchmarks even USB 2.0 device performs better on this ASM USB3.0 express card and with USB 3.0 adapter cable my Goflex HDD gave me nearly twice the performance considering the bottle-neck of an PCI powered Express card slot which can provide only 5.0 Gb/sec at an maximum, the double increase in Read/Write speeds are consistent with realtime performance of  USB 3.0 devices on native USB 3.0 slots of modern laptops.
Any queries regarding this or suggestion can be posted in comments and you can also ask me though my twitter/facebook page.

Continue reading “Review ASMedia 1042, Cheap USB 3.0 Express card for your Macbook Pro, Hackintosh”

How to enable flash player in jellybean dolphin browser

How to enable flash player in jellybean dolphin browser

Adobe has quit developing Flash Player for mobile devices and it’s last update was for Android Ice Cream Sandwich, luckily this version works for Jellybean too but dolphin browser for Android which supported Flash player plugin till ICS has quit the support for the plugin from Jellybean.

I would tell you the work around to enable flash player plugin support in jellybean dolphin browser.

Download the official flash player apk from adobe from the link below,

Though there are some developer versions of flash player available for JB, I would recommend you to download the official release for better stability.

Step 1: Install dolphin browser from Google Play to your JB android device.
Step 2: Install flash player downloaded above.
Note : make sure you have enabled unknown source install in the security section of your device.
Step 3: Connect the rooted-Android device to the computer and issue the following commands –
Note : make sure you have installed Android tools in your computer.

adb shell

cd data/data/mobi.mgeek.TunnyBrowser/shared_prefs

rm -rf mobi.mgeek.TunnyBrowser_preferences.xml

The above command will set the Flash player plugin to ‘Always On’ in the dolphin browser.

I have made the video of the steps above for your understanding
Step 4 : Test the flash player in the dolphin browser by clicking the flash player app and opening the link through dolphin browser. If  you see the flash player settings then you are good to go.
Step 5 : Disable the auto-update of dolphin browser in the Google Play, if you wish to update the browser you have to do the above steps again.
Ask your queries to me in the comments or through Facebook/twitter.

Picture curtesy : digital trends

Continue reading “How to enable flash player in jellybean dolphin browser”

Install AOKP Jellybean ROM in Samsung Galaxy Tab2

Install AOKP ROM based on Cyanogenmod on your galaxy tab2

Android Open Kang Project(AOKP) is a custom ROM project based on Cyanogenmod. But unlike CM which offers only nightlies(as of writing), AOKP has released a milestone(stable) version of Jellybean 4.1.2 ROM for Galaxy Tab 2 7.0 P3100. AOKP ROM’s are light weight and have kernels capable of realtime processor speed stepping thereby giving maximum performance at the same time conserving battery charge.

See my AOKP ROM vs Official Jellybean ROM benchmarks for Galaxy Tab 2.0 here –

Samsung has started giving out OTA updates of Jellybean ROM based on 4.1.1 for Tab2 see the guide here to install official jellybean ROM from samsung, but those of you who demand better performance and timings between recharging battery can opt for light weight AOKP ROM. Read on how,

Disclaimer : Flashing ROM’s are risky, void’s warranty and could brick your device if not done properly. I am not held responsible in such cases. This guide is for educational purposes only, to follow this guide is solely under your discretion .

Since it is an aftermarket ROM, you have to download ROM and Google apps package separately.

Download the AOKP Milestone ROM and gapps-jb-20121011-signed from the link below,

[display_adsense ad_type=”300×250″]

Step 1: Install Clockworkmod recovery if you had not done earlier. Follow 1-6 steps from here.
Step 2: Take backup of your current ROM using ROM Manager or Titanium Backup app.
Step 3:  Press power button+volume up to enter into Clockworkmod recovery.
Step 4:  Wipe data/factory reset three times.
Step 5 : Select install, and select the download AOKP ROM from your internal/external sd-card.
Step 6:  After Install, Wipe cache/dalvik cache three times.
Step 7 : Now select the install again and install  in the same way as you install ROM.
Step 8:  Reboot

Hope you like the new AOKP ROM, incase you don’t then install the backed up ROM found in the clockworkmod directory just the way you installed AOKP ROM.

Security Vulnerability in third party IRCTC android applications in Google Play

About security vulnerability in third party IRCTC Android apps on Google Play

Update : If you have come here to download my IRCTC Android application, I am sorry I’ve removed it from google play as there are many IRCTC applications in Google play but with serious security risk.

I had developed an Android application for my personal use to book IRCTC (Indian Railway Catering and Tourism Corporation) railway tickets. I found it useful, So I released it on Google Play for the benefit of the others. Since then there has been an influx of numerous IRCTC apps on the Google play with added features like storing username/password, credit/debit card details, automatic login and session management. Though these features are undoubtedly useful, they pose a serious security risk which could lead to loosing your IRCTC login credentials to loosing your Credit/Debit card credentials thereby loosing your hard earned savings altogether to some malicious hacker/developer !

The reasons below states why it is not advisable to store user credentials on webview applications which make use of third party websites. Webview is the mecahnism by which android applications can make use of websites to provide a mobile application and it is the widely used method for number of IRCTC applications found on Google Play. You can check out the IRCTC applications from Google Play from the link below,

For this demo I am choosing IRCTC Pro app Shahul3D, it is the most well built IRCTC app  from the Google Play but is prone to following vulnerability in rooted Android devices,


As you can see from the images above (if not click the image to enlarge), the application takes in user credentials like username, passwords to credit/debit card details even with the pin !! and what does it do with it ?

Stores it in a plain xml format in the android preferences
Google implemented the preferences as a simple database mechanism to store in user preferences in an application like dates,settings and it was never meant to store credit card details like the above application. unfortunately many developers still use preferences to store in sensitive information which in turn gets saved as an un-encrypted plain xml.
How to retrieve user data stored from android application stored in preferences,
Above screen capture of my terminal shows the basic set of commands I used to navigate into an rooted android file system to access the sensitive information stored in the above android application.
I made a video of the same for your understanding !
Any newbie could code an android application to parse the above xml data and take it to his home server. Even better he could target users of an particular application like the one shown above using similar package signatures and steal the user data.
Update : As few few visitors like Ajay (see comment section below) doesn’t like me being subtle about the scope of the vulnerability mentioned above, I would like to clarify it further.
1. shared_preferences by design cannot be accessed by another app in a non-rooted Android device,
Unless !
The developer has put in a android:sharedUserId with the hope of sharing is own preferences with his future apps. You can create same application context used in the target app using the UserId and access the shared_preferences.
And you know how to access the UserId, right ? See my Ultimate Android Decompilation Guide.
2. In rooted android devices, you can just build an app which would parse through the .xml in the /data and display the shared_preferences of other app or just mail it to your server !
So for the developers it is foolish to store sensitive data in preferences, unless if you want to steal the user data some how ! and for the users it is foolish to install any app you see on the Google Play without looking through it . Think well, when you see an app asking for your user credentials and take some time to contact the developer to know how your data is being stored and for what it is used for.
There are other risks involved in web view applications using third party websites by exploiting the javascript exploits, I will keep it for the next session. Take care.
Thanks to AndrewChamp for the great Evil Android picture !

Continue reading “Security Vulnerability in third party IRCTC android applications in Google Play”