March 26, 2009

How to create a self-signed SSL Certificate


The following is an extremely simplified view of how SSL is implemented and what part the certificate plays in the entire process.

Normal web traffic is sent unencrypted over the Internet. That is, anyone with access to the right tools can snoop all of that traffic. Obviously, this can lead to problems, especially where security and privacy is necessary, such as in credit card data and bank transactions. The Secure Socket Layer is used to encrypt the data stream between the web server and the web client (the browser).

SSL makes use of what is known as asymmetric cryptography, commonly referred to as public key cryptography (PKI). With public key cryptography, two keys are created, one public, one private. Anything encrypted with either key can only be decrypted with its corresponding key. Thus if a message or data stream were encrypted with the server's private key, it can be decrypted only using its corresponding public key, ensuring that the data only could have come from the server.

If SSL utilizes public key cryptography to encrypt the data stream traveling over the Internet, why is a certificate necessary? The technical answer to that question is that a certificate is not really necessary - the data is secure and cannot easily be decrypted by a third party. However, certificates do serve a crucial role in the communication process. The certificate, signed by a trusted Certificate Authority (CA), ensures that the certificate holder is really who he claims to be. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. Without certificates, impersonation attacks would be much more common.

Step 1: Generate a Private Key

The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage.

The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:

Step 2: Generate a CSR (Certificate Signing Request)

Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR, which will be demonstrated in the next section.

During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for "Common Name (e.g., YOUR name)". It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL. If the website to be protected will be, then enter at this prompt. The command to generate the CSR is as follows:

openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:New Jersey
Locality Name (eg, city) [Newbury]:EastOrange
Organization Name (eg, company) [My Company Ltd]:Mycompany
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []
Email Address []
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Step 3: Remove Passphrase from Key

One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

cp server.key
openssl rsa -in -out server.key

The newly created server.key file has no more passphrase in it.

-rw-r--r-- 1 root root 745 Jun 29 12:19 server.csr
-rw-r--r-- 1 root root 891 Jun 29 13:22 server.key
-rw-r--r-- 1 root root 963 Jun 29 13:22

Step 4: Generating a Self-Signed Certificate

At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.

To generate a temporary certificate which is good for 365 days, issue the following command:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=US/ST=NewJersey/L=EastOrange/O=Mycompany Group/OU=IT/CN=Mycompanygroup/

Getting Private key

Step 5: Installing the Private Key and Certificate

When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled.

chmod 755 /etc/httpd/conf/ssl.crt/server.crt
mv /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.crt/server1.crt
cp server.crt /etc/httpd/conf/ssl.crt/server.crt
chmod 600 /etc/httpd/conf/ssl.crt/server1.crt
chmod 600 /etc/httpd/conf/ssl.crt/server.crt

chmod 755 /etc/httpd/conf/ssl.key/server.key
mv /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key/server1.key
cp server.key /etc/httpd/conf/ssl.key/server.key
chmod 600 /etc/httpd/conf/ssl.key/server1.key
chmod 600 /etc/httpd/conf/ssl.key/server.key

Step 6: Configuring SSL Enabled Virtual Hosts

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Step 7: Restart Apache and Test

/etc/init.d/httpd stop
/etc/init.d/httpd start"

March 20, 2009

InnoSetup - exclude files

"Specifies a list of patterns to exclude, separated by commas. This parameter cannot be combined with the external flag.

Patterns may include wildcard characters ("*" and "?"). Note that unlike the Source parameter, a simple Unix-style pattern matching routine is used for Excludes. Dots in the pattern are always significant, thus "*.*" will not exclude a file with no extension (instead, use just "*"). Also, question marks always match exactly one character, thus "?????" will not exclude files with names less than five characters long.

If a pattern starts with a backslash ("") it is matched against the start of a path name, otherwise it is matched against the end of a path name. Thus "foo" will only exclude a file named "foo" at the base of the tree. On the other hand, "foo" will exclude any file named "foo" anywhere in the tree.

The patterns may include backslashes. "foobar" will exclude both "foobar" and "subdirfoobar". "foobar" will only exclude "foobar".

Source: "*"; Excludes: "*.~*"
Source: "*"; Excludes: "*.~*,Temp*"; Flags: recursesubdirs

March 19, 2009

HOWTO: Automatically get svn revisions number under windows

"The example below shows how keywords in a template file are substituted in the output file.

// Test file for SubWCRev: testfile.tmpl

char *Revision = "$WCREV$";
char *Modified = "$WCMODS?Modified:Not modified$";
char *Date = "$WCDATE$";
char *Range = "$WCRANGE$";
char *Mixed = "$WCMIXED?Mixed revision WC:Not mixed$";
char *URL = "$WCURL$";

#if $WCMODS?1:0$
#error Source is modified

// End of file

After running SubWCRev.exe path\to\workingcopy testfile.tmpl testfile.txt, the output file testfile.txt would looks like this:

// Test file for SubWCRev: testfile.txt

char *Revision = "3701";
char *Modified = "Modified";
char *Date = "2005/06/15 11:15:12";
char *Range = "3699:3701";
char *Mixed = "Mixed revision WC";
char *URL = "

#if 1
#error Source is modified

// End of file

Reloading profile - how to reload Unix profile

"Use the following command to reload a unix profile (/etc/profile, ~/.profile, ~/.bash_profile ...):
$ . ~/.profile
$ . /etc/profile

Notice: . (dot) is a command that originates from source command. On some unix flavours (FreeBSD 6 for example) source command works still:
$ source ~/.profile
$ source /etc/profile

.profile settings overwrite those in /etc/profile. You can also use .bash_profile in your home directory to customize your bash shell's profile.

Basically, if you need to load shell variables from any file just run the . (dot) command, followed by space and (the absolute path is necessary) the path to the file. (Be carefull what file you're loading variables from because you meight overwrite some important environment variables and your system could become unstable). "

March 18, 2009

WORKED: Automated APPS to SD (EASY!!!!)

"1. Must have a rooted phone
2. Must have two partitions on the sd card (fat32 for everything, and ext2 for "expanding" the phone's memory).
3. Must have Android SDK installed (so that adb will work)

Ok.. So I got sick of all the commands running back and forth. I found that I'm wiping my phone several times testing out new things and didn't want to continuously put in all these commands to get the apps to sd thing to work.

Therefore, I created a file to automatically do it for me!!! I just run this file with the usb connected to the phone, and let it run all the commands.

I've attached a file "". Download this file and extract it to your c:

The folder it extracts NEEDS to be at c:/tmp

After extracting, navigate to the folder and double click on "appsToSD1.bat". Follow the instructions and you'll be on your way.

It worked for me.... ...but Im not sure if ext2 patitioon should be primary

...I made it primary and it worked...

$ df
/dev: 49520K total, 0K used, 49520K available (block size 4096)
/sqlite_stmt_journals: 4096K total, 0K used, 4096K available (block size 4096)
/system: 69120K total, 66180K used, 2940K available (block size 4096)
/system/modules: 1532K total, 1532K used, 0K available (block size 4096)
/system/xbin: 3172K total, 3172K used, 0K available (block size 4096)
/system/sd: 1033712K total, 5116K used, 1028596K available (block size 4096)
/data: 76544K total, 21760K used, 54784K available (block size 4096)
/cache: 69120K total, 1160K used, 67960K available (block size 4096)
/sdcard: 6172916K total, 588568K used, 5584348K available (block size 4096)

sdcard - 6GB
sd - 1GB

$ mount
rootfs on / type rootfs (ro)
tmpfs on /dev type tmpfs (rw,mode=755)
devpts on /dev/pts type devpts (rw,mode=600)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
tmpfs on /sqlite_stmt_journals type tmpfs (rw,size=4096k)
/dev/block/mtdblock3 on /system type yaffs2 (ro)
/dev/block/loop0 on /system/modules type cramfs (ro)
/dev/block/loop1 on /system/xbin type cramfs (ro)
/dev/mmcblk0p2 on /system/sd type ext2 (rw,noatime,nodiratime,errors=continue)
/dev/block/mtdblock5 on /data type yaffs2 (rw,nosuid,nodev)
/dev/block/mtdblock4 on /cache type yaffs2 (rw,nosuid,nodev)
/dev/block/mmcblk0p1 on /sdcard type vfat (rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1000, fmask=0711,dmask=0700,codepage=cp437,iocharset=iso 8859-1,utf8)

$ cd /data
$ ls -al
ls: can't open '.': Permission denied
$ su
# ls -al
drwxrwx--x 1 1000 1000 2048 Oct 5 07:41 .
drwxr-xr-x 12 0 0 0 Mar 18 17:31 ..
drwxrwxrwx 1 1000 1000 2048 Oct 5 07:41 anr
lrwxrwxrwx 1 0 0 14 Mar 18 17:30 app -> /system/sd/app
lrwxrwxrwx 1 0 0 22 Mar 18 17:30 app-private -> /system/sd/app-private
drwxrwx--x 1 1000 1000 2048 Oct 5 07:41 dalvik-cache
drwxrwx--x 1 1000 1000 2048 Oct 5 07:41 data
drwxrwx--x 1 2000 2000 2048 Oct 5 07:41 local
drwxrwx--- 1 0 0 2048 Oct 5 07:41 lost+found
drwxrwx--t 1 1000 9998 2048 Oct 5 07:41 misc
drwx------ 1 0 0 2048 Oct 5 07:41 property
drwxrwxr-x 1 1000 1000 2048 Oct 5 07:41 system
drwxr-xr-x 1 1000 1000 2048 Mar 15 12:15 tombstones

Launchy: The Open Source Keystroke Launcher

"Launchy is a free windows and linux utility designed to help you forget about your start menu, the icons on your desktop, and even your file manager.

Launchy indexes the programs in your start menu and can launch your documents, project files, folders, and bookmarks with just a few keystrokes!"

March 16, 2009

How To Install Firebug In Browsers Other Than Firefox

"Firebug Lite makes it possible to put Firebug into any web browser! You should be able to use it with Internet Explorer, Opera, Safari, Chrome, and any other browser that supports JavaScript. Firebug Lite is written in JavaScript, so you can include it on a webpage with the following code:

Or even better you can use this bookmarklet:

Firebug Lite"

Firefox: Tab Scope

"Shows a popup on tabs and enables you to preview and navigate tab contents through popup. Major features are:

* Real-time preview of tab contents
* Navigate (Back/Forward/Reload/Stop) through popup
* Scroll pages or frames in preview with mouse wheel
* Click links or buttons directly in preview"

Firefox: FaviconizeTab

"This extension adds a new "FaviconizeTab" option to the context menu of the tab.
When it is clicked, The width of the tab becomes small up to the size of favicon.
It returns to the former size when "FaviconizeTab" is clicked again."

March 15, 2009

HOWTO: Combining multiple Word documents into a single document.

"In Word 2000, do the following:

1. Open the first document

2. Move cursor to end of that document (or the next page after the end)

3. Go to "Insert" on the top menu, and from the dropdown list select "File", and browse to the next document.

Repeat steps 2 and 3 until all documents (chapters) have been added."

March 14, 2009

[SOLVED] Android: How to register an Android device without a sim or data plan

"When you start up the phone without a sim card, it goes into a locked screen that says "no sim card found", and you can't even get into the registration app. So the first step is to get around that screen. You have to connect to your phone with adb shell and get root access, and then type the following command:
sqlite3 /data/data/ "INSERT INTO system (name, value) VALUES ('device_provisioned', 1);"

And then reboot the phone. When it starts up again it will go into the registration screen instead of the locked "no sim card" screen.

This assumes that you have the sqlite3 binary on your phone. This binary is provided in RC30 v1.2. Alternatively, you could manually copy the binary to your phone with adb push, or put it on the sdcard and copy it to your phone. I can post a copy of just the sqlite3 binary if needed.


The second step is to enable and configure wifi, so that the registration process can connect to the google servers. In an

adb shell

session, type the following command:

am start -a android.intent.action.MAIN -n

This doesn't have to have root access to work. It works fine with the "shell" user that adb on non-modded phones runs as.

That command will bring up the settings page on your phone. From there, you can enable wifi and connect to your wifi network, and then proceed with registration as per normal"



March 12, 2009

Learn CSS Positioning in Ten Steps

"This tutorial examines the different layout properties available in CSS: position:static, position:relative, position:absolute, and float."

Greasemonkey on steroids for Android

"inserts custom JavaScript for any pages that match a URL pattern. Here's a script that would insert a "Scan Barcode" button like the one shown earlier:
view plaincopy to clipboardprint?

1. // ==UserScript==
2. // @name Scan barcode into
3. // @description Add button to search box to scan barcode
4. // @author Jeffrey Sharkey
5. // @include http://**
6. // ==/UserScript==
8. function generate(item) {
9. var helper = document.createElement('input');
10. helper.type = 'button';
11. helper.value = 'Scan barcode...';
12. helper.addEventListener('click', function(event) {
13. // use the intentHelper bridge to fire an intent to Barcode Scanner
14. // it's available in Market, or from
15. var result = window.intentHelper.startActivityForResult(JSON.stringify({
16. action:'',
17. category:['CATEGORY_DEFAULT']
18. }));
20. // parse the result we get back, and read the barcode from the extras
21. result = JSON.parse(result);
22. item.value = result['extras']['SCAN_RESULT'];
23. }, false);
24. return helper;
25. }
27. // find the 'query' form field
28. var items = document.body.getElementsByTagName('input');
29. for(i in items) {
30. var item = items[i];
31. if( == 'query') {
32. // build our 'scan barcode' helper button
33. // then insert it after the query form field
34. var helper = generate(item);
35. item.parentNode.insertBefore(helper, item.nextSibling);
36. }
37. } "

March 10, 2009

Auto Rotate for the Android Browser

"Installation Instructions (you must have root access):

* Download the updated Browser.apk
* Run the following from the command prompt to back up your current Browser file to your sdcard and install the new one:
o adb remount
o adb pull /system/app/Browser.apk BrowserBackup.apk
o adb push BrowserBackup.apk /sdcard
o adb shell rm /system/app/Browser.odex
o adb push Browser.apk /system/app"

WORKED: Rooting your G1

"On RC29 phones and lower, anything you type into your keyboard is also being run in a hidden console with root permissions. More information regarding that at the bottom of this post. But, to get root access, do the following:


1. Download recovery.img and copy it to your SD card (see the previous instructions on how to copy from your computer to your Phone's SD card).
2. Download the Hard SPL and copy the zip file to the SD card.
3. All files must be on the root of your SD card.
4. Restart your phone. Wait for your phone to start up fully and show the home screen.

5. After your phone starts up, at the home screen, hit the enter key twice, then type "telnetd" and hit enter again. (Yes, it will start up a contact search, don't worry. Just type it.)
6. Download an Android "Telnet" application from the Market and connect to localhost.
7. If you connect successfully, you will have a root prompt "#".
8. Type the following into Telnet (these commands will give you root access easier in the future):
* mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
* cd sdcard
* flash_image recovery recovery.img
* cat recovery.img > /system/recovery.img

Now you have root!"

Why should you root your Dream/G1?

" * You can install a full Linux distribution, like Debian.
* You can run applications that require root, like Screenshot and Auto Rotate your Browser and or any other application.
* You can install the latest Android build directly from the Android source tree.
* Customize your boot image.
* Create full backups of the state of your phone.
* Create custom ROMs.
* Install Applications to your SD Card to save space.
* Use your phone as a tether to connect your computer/laptop to the internet.
* Turn your phone into a wireless router that provides internet access.

Well, hopefully one of those reasons convinced you to get root access on your phone!"

HOW TO: downgrade, root and upgrade ANY G1/Dream (even Continental European)

- Micro SD card formated FAT32 (128 MB to 2 GB), Sandisc cards may not work (but worked for me).
- Connected Windows Mobile device (application unlocked)

SD Card:
- Format recommended

format F: /FS:FAT32 /A:4096

(Replace F: with your SD card reader drive letter.)

1. Insret SD card to WM device and connect it do desktop. WM has to be application unlocked.
2. Download QMAT (
3. Start QMAT and select Hardware Forensics -> Generate HTC Goldcard
4. Select Dream from the list of devices, Click "Get SD Card Serial from WINCE Device" and then "Save Goldcard Image to WINCE SD".
5. Copy DREAIMG.NBH to the root of sd (UK - RC7 recommended for our DREA110)
6. Power off the G1, put the card inside, hold camera button and press power button
7. Press power button to start flashing
8. To apply HardSPL, root & upgrade:
9. You don't need the GoldCard any more (HardSPL fixes it, you should be able to flash any image now). So format the SD once again or borrow to a friend to downgrade his G1. "

WORKED: Application unlocked WindowsMobile (WM) device

"1) Simply put the *.zip file with the regeditSTG.exe in it with ActiveSync into a folder on your phone (but not onto the memory card).
2) Unzip the file with the *.zip program that comes with your phone.
3) Now start regeditSTG.exe and change the following Registry Keys:

HKEY_LOCAL_MACHINE\Security\Policies\Policies0001001 = 2
-> Change the value data from 2 to 1

HKEY_LOCAL_MACHINE\Security\Policies\Policies0001005 = 16
-> Change the value data from 16 to 40

HKEY_LOCAL_MACHINE\Security\Policies\Policies0001017 = 128
-> Change the value data from 128 to 144

HKEY_LOCAL_MACHINE \Security\Policies\Policies
-> Add new value "0000101b": Dword = 1

After you have done all these steps close Regedit STG with the task manager (TaskMan) of your phone and reboot. That’s it.
Your phone is now totally application unlocked."

March 5, 2009

S-bit set on the user

"With Linux processes run under a user-ID. This gives them access to all resources (files etc...) that this user would have access to. There are 2 user IDs. The real user-ID and the effective user-ID. The effective user-ID is the one that determines the access to files. Save the following script under the name idinfo and make it executable (chmod 755 idinfo).

#idinfo: Print user information
echo " effective user-ID:"
id -un
echo " real user-ID:"
id -unr
echo " group ID:"
id -gn

When you run the script you will see that the process that runs it gets your user-ID and your group-ID:

effective user-ID:
real user-ID:
group ID:

When Tux runs your idinfo program then he gets a similar output that shows the process now running under the ID of tux. The output of the program depends only on the user that runs it and not the one who owns the file.

For security reasons the s-bit works only when used on binaries (compiled code) and not on scripts (an exception are perl scripts). Therefore we create a C-program that will call our idinfo program:

int main(){
/*secure SUID programs MUST
*not trust any user input or environment variable!! */

char *env[]={"PATH=/bin:/usr/bin",NULL};
char prog[]="/home/alice/idinfo";
if (access(prog,X_OK)){
fprintf(stderr,"ERROR: %s not executable\n",prog);
printf("running now %s ...\n",prog);
execle(prog,(const char*)NULL,env);


Compile the program with "gcc -o suidtest -Wall suidtest.c" and set the s-bit on the owner:

>chmod 4755 suidtest
>chmod u+s suidtest

Run it! What happens? Nothing ? Run it from a different user!

The file suidtest is owned by alice and has the s-bit set where normally the x is for the owner of the file. This causes the file to be executed under the user-ID of the user that owns the file rather than the user that executes the file. If Tux runs the program then this looks as follows:

>ls -l suidtest
-rwsr-xr-x 1 alice users 4741 Jan 1 21:53 suidtest

running now /home/alice/idinfo ...
effective user-ID:
real user-ID:
group ID:

As you can see this is a very powerful feature especially if root owns the file with s-bit set. Any user can then do things that normally only root can do. A few words on security. When you write a SUID program then you must make sure that it can only be used for the purpose that you intended it to be used. Always set the path to a hard-coded value. Never rely on environment variables or functions that use environment variables. Never trust user input (config files, command line arguments....). Check user input byte for byte and compare it with values that you consider valid.

When a SUID program is owned by root then both the effective and the real user-ID can be set (with setreuid() function).

Set-UID programs are often used by "root" to give ordinary users access to things that normally only "root" can do. As root you can e.g modify the suidtest.c to allow any user to run the ppp-on/ppp-off scripts on your machine.

Note: It is possible to switch off Suid when mounting a file system. If the above does not work then check your /etc/fstab. It should look like this:
/dev/hda5 / ext2 defaults 1 1
If you find the option "nosuid" there then this Suid feature is switched off. For details have a look at the man-page of mount. "

An Illustrated Guide to SSH Agent Forwarding

"In this paper, we'll present the various forms of authentication available to the Secure Shell user and contrast the security and usability tradeoffs of each. Then we'll add the extra functionality of agent key forwarding, we hope to make the case that using ssh public key access is a substantial win. "

March 2, 2009

Unicode characters up to uFFFF full list of character ranges.

"# Blocks-5.1.0.txt
# Date: 2008-03-20, 17:41:00 PDT [KW]
# Unicode Character Database
# Copyright (c) 1991-2008 Unicode, Inc.
# For terms of use, see
# For documentation, see UCD.html
# Note: The casing of block names is not normative.
# For example, "Basic Latin" and "BASIC LATIN" are equivalent.
# Format:
# Start Code..End Code; Block Name

# ================================================

# Note: When comparing block names, casing, whitespace, hyphens,
# and underbars are ignored.
# For example, "Latin Extended-A" and "latin extended a" are equivalent.
# For more information on the comparison of property values,
# see UCD.html.
# All code points not explicitly listed for Block
# have the value No_Block.

# Property: Block
# @missing: 0000..10FFFF; No_Block

0000..007F; Basic Latin
0080..00FF; Latin-1 Supplement
0100..017F; Latin Extended-A
0180..024F; Latin Extended-B
0250..02AF; IPA Extensions
02B0..02FF; Spacing Modifier Letters
0300..036F; Combining Diacritical Marks
0370..03FF; Greek and Coptic
0400..04FF; Cyrillic
0500..052F; Cyrillic Supplement
0530..058F; Armenian
0590..05FF; Hebrew
0600..06FF; Arabic
0700..074F; Syriac
0750..077F; Arabic Supplement
0780..07BF; Thaana
07C0..07FF; NKo
0900..097F; Devanagari
0980..09FF; Bengali
0A00..0A7F; Gurmukhi
0A80..0AFF; Gujarati
0B00..0B7F; Oriya
0B80..0BFF; Tamil
0C00..0C7F; Telugu
0C80..0CFF; Kannada
0D00..0D7F; Malayalam
0D80..0DFF; Sinhala
0E00..0E7F; Thai
0E80..0EFF; Lao
0F00..0FFF; Tibetan
1000..109F; Myanmar
10A0..10FF; Georgian
1100..11FF; Hangul Jamo
1200..137F; Ethiopic
1380..139F; Ethiopic Supplement
13A0..13FF; Cherokee
1400..167F; Unified Canadian Aboriginal Syllabics
1680..169F; Ogham
16A0..16FF; Runic
1700..171F; Tagalog
1720..173F; Hanunoo
1740..175F; Buhid
1760..177F; Tagbanwa
1780..17FF; Khmer
1800..18AF; Mongolian
1900..194F; Limbu
1950..197F; Tai Le
1980..19DF; New Tai Lue
19E0..19FF; Khmer Symbols
1A00..1A1F; Buginese
1B00..1B7F; Balinese
1B80..1BBF; Sundanese
1C00..1C4F; Lepcha
1C50..1C7F; Ol Chiki
1D00..1D7F; Phonetic Extensions
1D80..1DBF; Phonetic Extensions Supplement
1DC0..1DFF; Combining Diacritical Marks Supplement
1E00..1EFF; Latin Extended Additional
1F00..1FFF; Greek Extended
2000..206F; General Punctuation
2070..209F; Superscripts and Subscripts
20A0..20CF; Currency Symbols
20D0..20FF; Combining Diacritical Marks for Symbols
2100..214F; Letterlike Symbols
2150..218F; Number Forms
2190..21FF; Arrows
2200..22FF; Mathematical Operators
2300..23FF; Miscellaneous Technical
2400..243F; Control Pictures
2440..245F; Optical Character Recognition
2460..24FF; Enclosed Alphanumerics
2500..257F; Box Drawing
2580..259F; Block Elements
25A0..25FF; Geometric Shapes
2600..26FF; Miscellaneous Symbols
2700..27BF; Dingbats
27C0..27EF; Miscellaneous Mathematical Symbols-A
27F0..27FF; Supplemental Arrows-A
2800..28FF; Braille Patterns
2900..297F; Supplemental Arrows-B
2980..29FF; Miscellaneous Mathematical Symbols-B
2A00..2AFF; Supplemental Mathematical Operators
2B00..2BFF; Miscellaneous Symbols and Arrows
2C00..2C5F; Glagolitic
2C60..2C7F; Latin Extended-C
2C80..2CFF; Coptic
2D00..2D2F; Georgian Supplement
2D30..2D7F; Tifinagh
2D80..2DDF; Ethiopic Extended
2DE0..2DFF; Cyrillic Extended-A
2E00..2E7F; Supplemental Punctuation
2E80..2EFF; CJK Radicals Supplement
2F00..2FDF; Kangxi Radicals
2FF0..2FFF; Ideographic Description Characters
3000..303F; CJK Symbols and Punctuation
3040..309F; Hiragana
30A0..30FF; Katakana
3100..312F; Bopomofo
3130..318F; Hangul Compatibility Jamo
3190..319F; Kanbun
31A0..31BF; Bopomofo Extended
31C0..31EF; CJK Strokes
31F0..31FF; Katakana Phonetic Extensions
3200..32FF; Enclosed CJK Letters and Months
3300..33FF; CJK Compatibility
3400..4DBF; CJK Unified Ideographs Extension A
4DC0..4DFF; Yijing Hexagram Symbols
4E00..9FFF; CJK Unified Ideographs
A000..A48F; Yi Syllables
A490..A4CF; Yi Radicals
A500..A63F; Vai
A640..A69F; Cyrillic Extended-B
A700..A71F; Modifier Tone Letters
A720..A7FF; Latin Extended-D
A800..A82F; Syloti Nagri
A840..A87F; Phags-pa
A880..A8DF; Saurashtra
A900..A92F; Kayah Li
A930..A95F; Rejang
AA00..AA5F; Cham
AC00..D7AF; Hangul Syllables
D800..DB7F; High Surrogates
DB80..DBFF; High Private Use Surrogates
DC00..DFFF; Low Surrogates
E000..F8FF; Private Use Area
F900..FAFF; CJK Compatibility Ideographs
FB00..FB4F; Alphabetic Presentation Forms
FB50..FDFF; Arabic Presentation Forms-A
FE00..FE0F; Variation Selectors
FE10..FE1F; Vertical Forms
FE20..FE2F; Combining Half Marks
FE30..FE4F; CJK Compatibility Forms
FE50..FE6F; Small Form Variants
FE70..FEFF; Arabic Presentation Forms-B
FF00..FFEF; Halfwidth and Fullwidth Forms
FFF0..FFFF; Specials
10000..1007F; Linear B Syllabary
10080..100FF; Linear B Ideograms
10100..1013F; Aegean Numbers
10140..1018F; Ancient Greek Numbers
10190..101CF; Ancient Symbols
101D0..101FF; Phaistos Disc
10280..1029F; Lycian
102A0..102DF; Carian
10300..1032F; Old Italic
10330..1034F; Gothic
10380..1039F; Ugaritic
103A0..103DF; Old Persian
10400..1044F; Deseret
10450..1047F; Shavian
10480..104AF; Osmanya
10800..1083F; Cypriot Syllabary
10900..1091F; Phoenician
10920..1093F; Lydian
10A00..10A5F; Kharoshthi
12000..123FF; Cuneiform
12400..1247F; Cuneiform Numbers and Punctuation
1D000..1D0FF; Byzantine Musical Symbols
1D100..1D1FF; Musical Symbols
1D200..1D24F; Ancient Greek Musical Notation
1D300..1D35F; Tai Xuan Jing Symbols
1D360..1D37F; Counting Rod Numerals
1D400..1D7FF; Mathematical Alphanumeric Symbols
1F000..1F02F; Mahjong Tiles
1F030..1F09F; Domino Tiles
20000..2A6DF; CJK Unified Ideographs Extension B
2F800..2FA1F; CJK Compatibility Ideographs Supplement
E0000..E007F; Tags
E0100..E01EF; Variation Selectors Supplement
F0000..FFFFF; Supplementary Private Use Area-A
100000..10FFFF; Supplementary Private Use Area-B

# EOF"