lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
98177f3fd5d6c9b184dd33396ae6897969fab561
hpr-knowledge-base/hpr_transcripts/hpr3321.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

312 lines
28 KiB
Plaintext
Raw Blame History

Episode: 3321
Title: HPR3321: DNS66 URANDOM RANDOM
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3321/hpr3321.mp3
Transcribed: 2025-10-24 20:46:17
---
This is Hacker Public Radio Episode 3,321 for Monday, the 26th of April 2021.
To its show is entitled, DNS66 and Mrandom. It is hosted by operator and is about 32 minutes long
and carries a clean flag. The summary is, I talk about DNS66 and go over some comments from
in the episode. This episode of HPR is brought to you by archive.org. Support universal access
to all knowledge by heading over to archive.org forward slash donate.
Hello and welcome to the episode of Hacker Public Radio, your host operator. I'm going to be talking about, um,
DNS66 for Android and Blocking ads. So this is in response to the podcast, uh, you random,
and Todd was talking about it. Now I'm obligated to do a show on it, which I've been using DNS66 for a while
and I've got some comments that will probably help some people out and I can put them in the show
and would see, but anyways, um, I'm going to kind of follow up on some other stuff too.
But anyways, uh, Todd said mention some of my comments from the random podcast, which if you haven't
watched it or listened to it, I mean, um, it's a great show. There's a lot of good chemistry there
and they've been around since 2016, so there's tons of stuff. I actually had to go back and tell
which one was, uh, who was Taj and who was Lyle. I can't remember and get him swapped out. So now, um,
anyways, I've got the names with the voices. But anyways, uh, let's see, what about the brave browser?
I'm actually going to look that up and see, um, all I guess I'll do that at the end. So I'll get to the meat,
meat potatoes first. So we're talking about DNS66. DNS66 is a lot like if you remember, uh,
for your kids back in the day, there's a thing called a host file and you get to add a bunch of
black lists to, um, you know, add stuff to your host file. And instead of that DNS request going out
for, you know, ads.google.com, it resolves locally to this Etsy host file. Um, it's kind of a,
you know, networking standard thing. So that was the technique early on to block ads. Now we've got,
you know, you know, all these weird content dryers and all that stuff and it's really hard to block
ads nowadays. So you have to do weird JavaScript stuff and look for specific keywords and
scripting languages and whatever. But anyways, back then it was just DNS and all the ads were hosted
at one place. So if you had a block list of servers big enough, dot coms, then those would
resolve locally, which would point you to the local host. Now there's other stuff like, um,
if you have a whole house proxy, you can set up the whole pie hole, which is an app that has a
bunch of DNS stuff in there. Um, and it pulls from all different places. Um, and what I actually
tried to do was parse out all the domains and IPs from every single input file that, uh, that,
uh, feed for, for ads and whatever that, uh, pie holes had. And I had this, you know, I don't know,
it was like a 60 meg hose file. Well, obviously in Windows, um, every time you
looked to a DNS request, it has to look up that, you know, 60 meg file and it completely took
the system down to a crawl. So, um, that's just because you have something doesn't mean you should
go crazy with it. Anyways, so if you have like a, you know, five meg or 60 meg, some ridiculous
DNS file, then it's not going to work. But anyways, um, getting back to topic here, I digress, uh,
DNS 6.6 is a local VPN. So things have kind of opened up for, uh, for Android over time, um,
allowing more access to low access, slow privilege, uh, apps. So you can do overlay stuff so I can
create an app that will search for objects on other applications, I think. Um, so that gives you
the ability to basically do whatever you want across multiple apps. Um, I'll go to get a
little bit like any of those apps that clean up your clean up something and they delete something
and they ask for the escalated privileges. That's when they're pulling that, uh, uh, that,
that security, uh, they're escalating their privileges so that they can have access to things
like clearing cash out or ending processes or killing tasks and they do it a bit wonky.
Where they click around the UI to, uh, clear out cash and stuff like that because
without route, there's not a whole lot you can do. I mean, it's limited to what access you have and
these guys are working around that by kind of hijacking your interface, uh, the input devices,
basically. So they're moving around, they're moving the, for the lack of a better term,
they're moving their mouse around on your phone and clicking these things and that's how you
grant them access to do whatever. So, um, what I'm saying about DNS X6 is it's one of those apps.
It's a good example of, uh, taking the minimum, the little privilege that you have within, uh,
within a, within a phone system, which is great, great security. We're better security than we
used to have, but giving that access to a program that you trust to do stuff. So they open that up
for, um, VPN, which is a virtual private network. Anyways, um, the idea is that you set up a VPN
and all your traffic gets encrypted and nobody can see what you're doing, whatever. I just think
everybody's watching anything. Anyways, especially if you have a, you know, VPN in the states,
and even outside of other countries, they're probably just copying the traffic from there to wherever
just to zoom. So, um, that the purpose of the VPN is that it's a local VPN. So all of the traffic
that sets up for DNS 6X, when you request a website, it goes through this VPN.
And that allows you to control the traffic at least, um, at a DNS level to, uh, do whatever you want.
Now, I don't know if there's any other applications that would be something that would process
JavaScript, right? That would process encrypted JavaScript and stuff, um, which, you know,
it's going to break a lot of things. And I'll talk about that later. But the idea there is that you
would basically have complete visibility into all the scripting that goes across the browsers and
applications, um, within reason. Um, I could probably tie it to just the browser. But anyways, um,
I guess we already have that somewhat with like, with, uh, you block things like that. Anyways, uh, so
when you say, for example, you go to a website, there's a bunch of ads on there. That local VPN
goes through, uh, pulls the traffic through that local VPN, which all it does is it kind of
says similar host file. It blacklists, um, specific DNS sites, specific ad providers. So it comes
with a few in there already. Um, and I think I've tried turning them all on before some of them don't
actually exist or aren't able to be downloaded from what I remember. Um, I had to add my own.
That was more inclusive. So even, I think even the ones that are already in there weren't
aggressive enough for me, which makes sense because, uh, the problem with blocking DNS and things
like pie hole, uh, a lot of stuff is going to go not right. It's not going to work. You're going to
get a lot of instances where stuff just won't work. And I don't know what people are doing when they
have pie holes set up, but you're, you're gonna have a bad day eventually. Um, but then I might be
wrong. Uh, but for all ints purposes, oh, I'm not gonna go crazy. Um, for all ints purposes, um,
the DNS six six stuff will, will need to have more, um, we don't want to say more, better,
better filter. And I think the filter that I'm using right now, I don't know which one it is.
So I'll just list off the ones that I have in here. And one of them is not the default.
Uh, seven black source file out of way host file, which is out of way for Android. I think that's
the one I added manually. Dan Poloxos file and add hill ADHELL. Those are the ones I haven't
able right now. And I'll talk about my Pinterest one too. So anyways, once you start the app, uh,
you start the VPN. And then you pick before that, before you start the DNS six six, you pick which
host files you want. And, um, which, uh, basically what, what providers you want, what blacklist or
ads providers you want to use. And I feel like, um, the ads ones weren't really all that good,
but I didn't do a whole lot of messing around. I just knew that I wasn't super happy with what I
had. So I think I added the add away one. I'm pretty sure that's the net new one. So you pick out
which ones you want. Um, you can also set which applications bypass the VPN, which I'll talk about
my issues later, but you can pick which applications bypass the VPN. And more importantly, you can set
a custom DNS server. So even if you have a local host file, you could, for example, set your DNS
to your house. And maybe your house is running, you know, some kind of advanced adblocker or whatever.
Okay. DNS based adblockers. And then if you wanted to use, you know, some other DNS besides your
phones provided DNS, you could do that in here also. Um, there's not a whole lot to it.
There's probably more that you can do with it. Um, because this is very exciting to me,
because this is, this allows you to have complete, the theory is, is that this will allow you
to have complete control over the network traffic coming across. So that's when I'll go into the issues
I have with it or not issues, but just, uh, problems I've had and I've had to work around them.
The first thing I noticed is that, um, sometimes it'll just get weird, um, specifically with
um, Google, I think Google system applications, things like play network, part of the anything
within the regime of Google, um, seems to kind of get weird sometimes. So if like I'm trying to do
something really secret squirrel, like pay for an application, I want to say I've had issues
with that. So like if I try to, and of course it's not really going to do anything right now,
but I feel like I've had issues with like doing Google stuff, um, and it not working.
For example, I want to say duo, which is, I don't even want to get on about it, but I've been forced
to use duo, which is Google's whatever. And I'm pretty sure duo doesn't like it, um, because
you're taking that traffic and you're pushing it to somewhere else. Um, and so a lot of that has to
do with CPU intensive, very CPU intensive, and that might be the problems that I'm having,
because you're taking full motion video when your phone is already struggling,
you're receiving and sending full motion video, um, through things like Teams and, and
these apps that want more than, you know, three windows of full motion video,
you're following a struggling, right? You're following a struggling to keep up with that. So,
um, what I'm assuming is happening is there's too much traffic going across the VPN, local VPN,
and it's eating up all the CPU on the phone, and then it's sacking, walking. Um, that's probably
more of what's happening now that I say it out loud. Um, but I did notice that it's like sometimes
stuff gets weird with, with like Google applications or streaming. Um, I will say that when I get phone
calls now, since it's a different episode altogether, but since I was using Hangouts Byler,
they're getting rid of Hangouts Tyler and all the phone stuff in Hangouts. So, I had to switch
to regular Google Voice, and I've been using that. Unfortunately, it's not the best, but, um,
when I receive and send phone calls now, I have to turn off the VPN, even though I have, um,
uh, even though I have Google Voice in the bypass list, um, it doesn't seem to work, so there's
probably other applications I need to bypass, so I can actually make the phone calls, not,
not get destroyed. Um, so anyways, when I send and receive phone calls, unfortunately,
I can't use my phone as a phone because of all the ads and BS I have on it. So, I have to turn
off DNS66 to, um, make or receive phone calls. It's fine in the beginning, um, but I have to turn
it off because it's all start lagging and blip and blip and all over the place because the CPU is
trying to keep up. Um, let's see. I will provide, um, there isn't a reason I was doing this,
is that I wanted offline blacklisting of, um, of Pinterest, and I don't know how I fell into DNS66.
I'm out of scene on a Reddit post, and I'm, I'm a Reddit post, I'm, I'm, I'm derailing again.
I'm a Reddit, like, oh, I'm a Reddit late bloomer. Um, if you want to understand something or
figure out a hackery way to do something, or whatever reason Reddit has become that medium. So,
you know, you're talking about like stack exchange and stuff like that is more for like programming
and server-based stuff, but if you're looking for like client side hackery and just, you know,
I want to do this with this application. Guarantee there's a Reddit app or Reddit, uh, post that
someone's asking that same question and four other people answering it in four different ways,
and I think I fell into DNS66 for that reason. Uh, I started to, I didn't start to get frustrated.
I had been frustrated with Pinterest for, I don't know, three, four years now because every single
Google search is a Pinterest, um, result. And that's, that's, that's by design. That's not by accident.
So I have a block here at the house. I have a blocked, um, on my phone now with DNS66 and my
wife's phone. So if you were accidentally to click a link in Pinterest, guess what? It's not going
to do anything more or less. Um, and there's a whole long story about getting all the DNS servers
for Pinterest, but there is a lot of them and, um, a lot, a lot of, a lot of, uh, Pinterest, uh,
Pinterest servers out there and domains, subdomains, things like that. So if you just block
the main Pinterest domain, no, you'll get .eu and .io and .io and .io and all the other, uh,
languages plus other domains that are weird, um, subdomains that are weird. And even to this day,
even with my list, I still somehow managed to get Pinterest, uh, sites to come up. I think the
login site I need to block or one of the login sites is not, uh, not blocked or their API sites,
not blocked or something. Anyways, I'll provide the Pinterest, I think I've got the notes in here.
I'll provide the Pinterest stuff to block. Um, I think that's pretty much for DNS66.
Um, I've been using it. I have the auto reconnect setup. Um, I guess that's sometimes,
sometimes something will get wonky, um, but it's, it's very few and far between. Here recently,
it's just the, the, the Google voice, um, it would basically destroy my phone and, and give me
no internet for a while. And then I would, even after rebooting the phone, the internet would work.
So it's like very odd the way that it was screaming at the phone. Oh, anyways, uh, other than,
other than Google voice, thanks pretty much it. I want to talk about the Brave browser,
evil stuff. I don't know anything about that. While I talk about that, while I look at that up, um,
I want to talk about, um, the script that I made for Windows that can also be written for Linux
or cross, you know, rewritten for Linux. Um, uh, Brave browser really that bad.
What does it consist of some Brave browser?
I don't know.
Client themselves politics liberal. Not use their browser.
Various schemes such as when you type URL, the equivalent send to browser at one point,
read right, you do a different URL that generates money. Wow, I've seen that
time and time again. Um, I had a famous, I'm talking about Brave now, I was in reading, sorry,
I had a famous, uh, uh, for a while there was a browser-based AV scanner that was beautiful.
And it was called Panda Active Scan. Now, if anybody's seen Panda, it was, I think it's, uh,
I want to say it's like from Mexico or Chile or something like that. Um,
there's not, I don't think it's developed from here in the States. It was developed
here. There's still around, but nobody uses them. Um, but you had here like,
kind of win, win, um, the killer, the malware killer, what's the famous one? Everybody talks about
ad block or ad, it's by, by malware bytes. When malware bytes and whatever the other one that
used to be popular started getting super popular. Um, you had all these AV players in a space that
were just like grabbing money, grabbing to try to find people to buy their services. So you had
some anti-ignorant and all that, but then you had like all of these guys that were getting into
the AV space because that was like, everybody needed AV, um, and viruses were everywhere,
everybody had pop-ups and all that crap. And people were trying to get their hands on,
hand around the whole, you know, ads and potentially unwanted software, uh,
programs and all that ad bots and all that. Anyways, this thing, these guys go all over
called Panda and they had a client and I purchased their regular client because I loved it.
It was a good lightweight thing, but it did do that thing where if you type in the URL wrong,
it would redirect you to like a, you are a Yahoo search for whatever you typed in wrong.
And that was through the AV. So your, the AV was the proxy for all of your web traffic.
And I'm sure they did other, other things like that, but you know, even, I think even at one point
my ISP was doing that and I have, um, if you've ever, uh, if you ever want, if you want a block,
um, when you type in a DNS name wrong or website name wrong and it goes to an ad,
that is not you, that is not your phone, that is not your computer, that is your
internet service provider taking a bad DNS request and redirecting you to an ad revenue,
generating, revenue generating ad. So, um, I know Charter was doing it. If they're not still doing
it, you Google, um, it's called bogus, bogus DNS. And, um, basically, the idea is you can
set up in most, it's a DNS mask. When you set up a DNS server, you can set up bogus DNS.
And that will, you get the black list of all the Charter DNS servers that are in that list.
And it will, if it resolves to those IP addresses, it will, um, say that that's a bogus,
DNS, uh, in the bogus DNS list and it won't, it'll just give you the 404 or whatever.
So, wait, works, you get a list of all the DNS servers that you get redirected to basically
or the ad servers or whatever it is you get redirected to if you type a, if you type a website wrong.
So, it's a catch-all, uh, wildcard, for example. So, if I type brf.com and nothing comes up,
instead of them saying 404, they're like, hey, let's cash in on this, uh, and people do it,
and people that set up hotspots and stuff for living, um, I've heard stories of people getting
two, three hundred dollars a month because they set it up to so there's, you know, ads on every page
or ads on the portal or you type DNS wrong. It goes to their, their ads, which, I mean, to their,
I just, it's, it's not funny, it's not, it's not nice, but I mean, it's one way to make money.
Um, and I just sit particularly like it. So, I use the bogus DNS stuff on the server here at the house.
I don't think I've had to do it here recently. So, um, maybe it's built into
ubiquity stuff or maybe charter quit doing it. Um, but for a while there, you type in a wrong DNS
and it would take you to the wrong thing. Anyways, it looks like the brave browsers just doing
the same thing. They're money grabbing and doing all this kind of political crap, um, you know,
they're, they're equal corporate, right? Um, let's see, the Pinterest stuff I'll drop in.
Oh, a YouTube VL script. Sorry, I didn't go explain all of that. Let me just bring up the script.
This is a standard. I'm supposed to be doing chores right now so I don't have a whole lot of time
to do notes. That's why I'm on all over the place. This is what it's like if I do an ad hoc ad hoc
episode of Hacker Moped Radio. So my script for, my bad script, which is a Windows script for
YouTube, you know, it's for Windows obviously, but that same logic can be applied to Linux. So,
I'll briefly go over what it does. You don't need WGit. Let's make up the calls. This is just
a hack that batch file. I'm a Downloads WGit, which most every Linux distribution already has.
ARIA C2, which is a multi-string downloader. So think of it as torrent for normal files. So I can
request, you know, 16 different threads to the same file and download it 16 times faster. Usually,
that's not the case, but you're more often than that. You're, you're surprised. I actually
update from four threads to 16 by default. In the GitHub, I think. Anyways, yeah, I set it
to 16 to 16. So 16 times 16 is how many things you can download at once from 16 different websites.
You can download 16 things from 16 different websites. And it will, it'll have that many threads
going at a time. Anyways, so ARIA allows you to download multi-threaded downloads something.
So for example, if you were to single thread download something from YouTube, it's going to be fast,
right? But it's not going to be as fast as a bunch of little files or a bunch of little short
requests. I think Charter Comcast calls it boosting or something stupid. But I know Charter
recently kind of got on that boat, meaning that if you request a small little tiny file,
it will download it at a phenomenal speed. That's why I use net. And that's a completely
different episode that I've probably already done before. Why use net is so fast because you're
taking 120 different threads and downloading little tiny files with each one of those 20 different
threads. And it's exceedingly fast. So whereas if you were to download a file, a single file from
a non website, and this is the whole net neutrality thing, I think a single file from a non-streaming
provider, it would come down at two megabits, right? I get locked down to like two megabits of
traffic, anything that's not known. It might even be just like HTTPS and HTTP. If it's not HTTPS
or HTTP, it throttles you down to two, which is not good, which is not the full speed of the line.
So what you can't do to offset that is I can take 16 different chunks and download a little
rummol at two and max out at 20. I think I max out at 20 and this is the cheapest Charter connection
we have here in Atlanta. And so instead of getting the file at two, I'm getting it at 20,
which is still not the full speed of the line because of the bursting and stuff. It still caps it
out, but it's definitely better than two. So what is it? Ten times faster, right? I suck at math. So
that's what that does. So not only can you use YouTube GL, you can use it with RSE2 in most cases.
Sometimes what I discovered is that the way the different parsers that get brought into the mix,
YouTube GL is like a multi-stream downloaded parser thing. So when it analyzes a URL or analyzes a site,
it looks at it says either there's a white listing or looking at the script on the page or whatever
it knows, it tries to guess what the best way to download the media is and it's pretty spot on
most of the time. Sometimes I have to use a app called bulk media downloader, along with
I've talked about these before, bulk media downloader and the other one you want is called
bulk media downloader and perbo something or other and I don't see it in here for whatever reason.
Turbo downloader, whatever. And those are but the same people. There's like addon.com all spelled
funny and it's a bit sketch, but they that's why I don't run as a user. I have a separate user
that I run my browser with. So that way if anything happens with the browser, then I'm not my
system is still protected because I'm running it as an internet user. I run the browser as a
different user than my home user. So if and when a plug-in gets compromised, like what's the
one that recently got compromised? The one that I like to like, nano block and nano block is one
of the ones that got used for spam or whatever. It will infect my home machine which is in fact
that internet user anyways. So Arya, we got the multi-threaded stuff. We use SFNPEG which is
it gives you better control and options for your media. So what you get with SFNPEG is things like
I think the ability to pull subtitles and stuff. You also get I want to say subtitles.
I don't know where the I don't know where SFNPEG comes into play. I just know that it allows you
to do certain things that this regular youtube.pl project doesn't have. Or if you want to
extend command lines out for SFNPEG specifically that isn't supported by youtube.pl. You can tell
it to do that through SFNPEG. So anyways that's that's the SFNPEG piece. Let's see.
After SFNPEG we check to see if it's updateable. So we run youtube.pl-u and that will update it.
And then it pulls in the list of all the URLs. It does this really long. There's a comment in
there that's called like I think I got rid of it. Yeah Linux dot dot dot youtube.pl. So I have
a mark and in front of that mark it says Linux and that's the same basically the same command
almost verbatim. But it's missing the start parameter and that's really all it does.
So you could essentially modify this script and swap out like three or four different lines
and make it a bash script that will do everything you need to do. But this automatically downloads
through I think PowerShell. Yeah. I think through PowerShell it downloads WGET and then WGET
it uses to pull the latest RIA and SFNPEG through WGET. WGET's a great tool to download
stuff from GET Hub without needing GET. You can do filters. So this is a really actually this
this bash script is a really good example of how to use WGET to download stuff
to as a as a downloader. So I have like some filters in here for for
SFNPEG so that it downloads the right you can use RegX filtering. My headset died I guess
because it wasn't getting any input and thought that I wasn't using it. But sometimes I'm just
using the mic the headset cut off. So that's interesting. I think at the HDR about this headset
it's really cool. Other than it cutting off when I'm trying to do an episode HDR. So
SFNPEG has a RegX filtering which you can do all kinds of cool stuff which essentially means
I can pick out what I want to download from GET Hub and with some magic you can download
kind of use WGET as a as a GET tool. So that's what I'm doing there. Instead of pulling down a
GET binary and checking out the GET I just pull the zip down and unzip it and then go from there.
YouTube BL is downloaded straight from YouTube BL. That's pretty much it for YouTube BL stuff.
We covered browser, we covered Pinterest and we covered YouTube and we covered DNS66 so I think
we're good. I know I was all over the place but at the end of the day check the show notes
for the URLs that I use for DNS66 and if it doesn't work if you're having issues you can always
just disconnect the VPN, see if it works and then reconnect it and then know that you need either
bypass that application or you need to figure out a way to you know turn it off when you need to
use it which I do for Google Voice right now. So anyways it's a long episode supposed to only be
like 15 minutes but I randomly went off tangent a few times and that's what happens when I do an ad hoc
HDR. So I hope you guys learned something. If you have anything to add again I would like to see
something where I have script control at the VPN level where I can decrypt on my traffic locally.
Pick for example specific apps that I know are ad heavy and do advanced you know pcaps style
filtering on them just to take out scripting languages or take out ads. That would be interesting
to see somebody if there's a project out there already. Almost like a better cap but for Android.
Would be really awesome and I would need to have this set up like nox and all kinds of crazy
crap to look at the traffic because I could just look at the traffic on the phone locally or even you
know dump it to a pcap pile or whatever. Anyways it's pretty much it.
I'll take it easy and check out you random if you have it it's great show.
You've been listening to hecka public radio at hecka public radio dot org. We are a community
podcast network that releases shows every weekday Monday through Friday. Today's show like all our
shows was contributed by an hbr listener like yourself. If you ever thought of recording a podcast
then click on our contributing to find out how easy it really is. Hecka public radio was found
by the digital dog pound and the infonomican computer club and it's part of the binary revolution
at binrev.com. If you have comments on today's show please email the host directly leave a comment
on the website or record a follow-up episode yourself unless otherwise status. Today's show is
released on the creative comments, attribution, share a like, 3.0 license.
Reference in New Issue View Git Blame Copy Permalink