<Martani/> Blog

Update:
Version 2.0 of Twitter Archive Eraser can fetch tweets by month from the *.js data files again (the previous version used *.csv files which were eliminated from the archive in current versions.)
Version 2.0 comes with a setup program also that installs all the missing perquisites like .NET 4.0 etc.

---

Until very recently, there was no obvious way to access your old tweets. In fact Twitter imposes a limit of 3200 tweets (the more recent ones that is) that an application can access. This means also that you cannot delete your old tweets. Several tools exist to help you delete your old tweets but, according to my experiments, most of them do not work properly due to Twitter API's limitations.

Last week however, Twitter enabled the option for users to download their whole archive of tweets, which contains among other things the IDs of all the tweets of a user, the exact piece of information that can be used to wipe out any tweet.

I have developed a simple application called "Twitter Archive Eraser" that helps you delete the oldest tweets from your timeline, or wipe out the whole archive too if you would like so.
The application is the simplest possible, it works in 3 steps: authenticate Twitter, select which tweets you want to delete, wipe them out.

Step 1

In this step, you give access to Twitter Archive Eraser to your twitter account so that it can delete the tweets you select. This works by providing a Pin number that twitter provides after authentication.

Step 2

After you download your twitter archive (from https://twitter.com/settings/account) and extract it (to C:\Twitter_archive for example), you choose which tweets from your archive to delete. The tweets in the Twitter archive are grouped by month, ie. all the tweets of a month are stored in the same file.

These files are found in [your Twitter archive path]\data\js\tweets.
For instance, to delete the tweets from September 2009 you choose the file 2009_09.js.

Step 3

Once you have selected the correct files, you are now presented with all the tweets contained in these files. By default, all the tweets are marked for deletion, if you want to keep any specific tweets, you uncheck them as shown in the following picture. One you hit "erase selected tweets" button, there is no going back (unless you force the app to exit!).


You can find the code of the application on github: https://github.com/martani/Twitter-Archive-Eraser. All the Twitter logic is done using the excellent LinqToTwitter library.

Requirements:
.NET Framework 4.0.


Download the standalone version : Download.
Download the installer : Download.

Back when I took the Cryptography class on coursera, one of the programming projects was to develop a padding Oracle attack, I have forgotten about the code, but now it is on github with more tweaks.

The code is modular and in order to be used with a new padding Oracle, one has only to create an object representing this Oracle and wire it to the PaddingOracleAttacker; it's that simple.

The new code is available here: http://martani.github.com/Padding-Oracle-Attack/.

The Oracle must implement the interface ICBCOracle which has one function: bool RequestOracle (byte[] cipher), returning true when the padding is correct, false otherwise. There exists 2 examples of such oracles in PaddingOracleAttackTest/Oracles.
This is an example of an online Oracle which return HTTP code 403 when the padding is bad, and 404 on a correct padding.

Another offline Oracle that uses AES is also provided, it can be used for testing.
Once you have the Oracle ready, all what is left is to attach it to the PaddingOracleAttacker and you are in business:

While trying to solve the 2nd programming assignment from the excellent crypto class on coursera, it was required to implement the CBC and CTR modes of operation starting from a simple AES block encryption/decryption.

To get this done using .NET's Cryptography.AesManaged or Cryptography.RijndaelManaged, the example on the MSDN documentation was not enough to have a one block encryption. Indeed, the example codes show how to encrypt/decrypt complete clear/cipher texts; this implies applying the chaining in the CBC mode and the underlying padding.

After some tinkering, I used the TransformBlock method of the ICryptoTransform interface. This method does exactly one block transformation of the underlying block cipher (AES in our case), there is no explicit padding involved nor chaining in the case of CBC.

To get a consistent AES block encryption/decryption, it was mandatory to eliminate the XOR with the Initial Vector (IV). This can be achieved whether by using the ECB mode or using the CBC mode with an initial IV = 0^{128}.

The following two methods show the encryption/decryption of a single block using AES. Notice that it is considered cheating if you use the built-in encryption to find the solution to the coursera problem.