I had some time yesterday to tryout Backtrack 4 Beta. For the most part it’s pretty good. I thought the mortal combat sounds were funny at first but could get kind of annoying. I was mainly in it to use the 2.6 kernel with the packet injection patched wireless drivers. This turned out pretty well with use with my HP nc8430 laptop. It has a Broadcom (I think) chip in it. I also ordered a EEE PC 701SD on Monday as well as a GIGABYTE GN-WI01GT Air Cruiser Mach G MINI PCI-EXPRESS wireless card because the 701SD apparently has a crappy ralink chipset that does not support injection. I will take pics and post them when I get it.

Turns out the new backtrack is now based on Ubuntu, Which is nice because I like aptitude, Ubuntu’s package manager. As I mentioned before I really wanted to try out the WEP cracking. I setup an extra router I had sitting around at home with WEP and a random generated WEP key. I found a good post about starting to use the aircrack-ng suite. It walks you through a couple steps on setting up the wifi card in monitor mode and to check if the AP has MAC filtering. I was able to crack it successfully a few times using different key and packet injection. I was amazed how fast it works and if everything is working correctly you really can crack that sucker in under a minute. I also listed to a blog on Security Now that really explains very well and in depth the workings behind WEP vs WPA and WPA2. Here is a link. I would suggest anyone interested in this topic to listen to it.

This weekend I had a chance to do a couple things. First I built a Hackintosh (osx86). I will talk about that in a later blog. I was also able to get a wireless bridge to connect my xbox by my TV to my network without having a crossover cable to my laptop.

I went down to Fry’s to see what kind of deals they had. I looked around a bit and found a couple wireless bridges that did exactly what I wanted to do but they were 65-120$. If you are cheap tech person like me you have in your mind what you think something should cost. I my mind I could not justifying paying more than $40 for a BRIDGE. So I found something that might work. It was a 802.11g Airlink Wireless Music Bridge.

Again if you are like me the first question you ask is, “why couldn’t you use this as a regular wireless bridge?” and that is exactly what I asked the guy at the Fry’s store. Of course they don’t pay people enough to know what they are actually selling. So he insisted on telling me it was for music only and insisted on grabbing the $96 one. I asked him if it was limited to only a certain audio protocol, he of course had no idea and after talking with me for a minute or two he gave up and left. I decided to get it.

It was a good call on my part that I did. I was able to set it up working over WEP, but not WPA-PSK. I messed with it for about 2 hours trying to get it to work and checking the error logs but it as just a no go. So I think it was worth the $30 I spent but it would have been nice to get the WPA to work. I guess I’ll just have to find other ways of securing my wifi.

So I actually did get my iPhone on Friday. I was in near perfect / brand new condition. I was very happy. In my last blog I mentioned that I had found a way to unlock and jailbreak the iPhone just by uploading hacked firmware. This did not work. So here is the way I actually did it.

First I downloaded QuickPWN from http://www.quickpwn.com/ . I then plugged in my iphone and started to walk through the steps. First I needed the firmware for my iPhone. Which I found http://www.quickpwn.com/2008/11/firmware-22-download-links.html. After browsing to the file that I needed to do the jailbreak / unlock it asked me for the two binary files 3.9 and 4.6 which I have hosted here and here.

After it ran through its whole process (took about 10-15 min) I tried the foreign SIM card. Well it threw and error. “Different SIM Detected” was my error. After some poking around I found out that there was a lockdown folder that need to be replaced. I took the SIM out and went into cydia and installed openssh-server. After that I found It’s IP on the wifi network and SSH’d to it using root and alpine. (You should change this password immediately after SSHing in for the first time.) I changed directories to

/private/var/root/Library/

Ok, I should have mentioned this earlier but you need to download a modified lockdown folder from here. After that you need to unzip it and SFTP it to your iPhone using your favorite sftp client (psftp, filezilla, etc.) I think I used filezilla because I could just drag and drop the entire lockdown folder to the iPhone. Don’t forget to backup the old lockdown folder. (I just changed the name) After that is installed I rebooted the iphone plugged the new (t-mobile and a different att) SIM into the phone and I worked.

Good work to the guys at QuickPWN and modmyi.com for making this such an easy task.

I won an iPhone on ebay the other and while I am wait for it to arrive I was searching around for was to unlock and jailbreak it. I have had an Ipod touch for about a year now but it has its limitations. I have done the jail break back when the firmware version was 1.1.2 through 1.1.4, but I haven’t dealt with the verson 2.0+ firmware. I ended up buying a non-3g 4gb iPhone. I have a 3g iPhone for work but I didn’t want to rely on that for doing unlocking projects. This method is not for the 3g model. It will not work because of some hardware differences. After searching around I found what looks like to be the easiest solution ever.

So basically Someone has created a firmware version that has already been jailbroken/unlocked so all you need to do is restore you phone with that firmware version. It’s a 250mb file so it is split into 3 chunks. Here are the links for the download.

http://rapidshare.com/files/166467277/iPhone1_1_2.2_5G77_Custom_Restore.part1.rar http://rapidshare.com/files/166469392/iPhone1_1_2.2_5G77_Custom_Restore.part2.rar http://rapidshare.com/files/166470401/iPhone1_1_2.2_5G77_Custom_Restore.part3.rar

Once you have those files unrar them and you should have your firmware version. Now plug in your iPhone and try to restore it. When it gives you the “restore” button hold shift while clicking it and it will give you and option to specify the firmware version you would like to load. Select the one you just un-rared and let it install. After it’s done installing you should have a fully unlocked and jailbroken iPhone. I have not tried this since I do not have the phone yet but it seems pretty easy.

In the past couple years torrenting has become the craze for downloading everything from music to movies to any other type of file. I know that most of you probably used Napster back in the day and moved to kazaa, limewire, frost wire, and whatever other program you use to peer2peer. Now that torrenting has been the new way to get files it’s probably important to know who not to torrent from. I would rather not see people busted for torrenting.

If you are using windows, I would suggest Peergaurdian2 . I think it comes with one blocklist which other people have scanned through and found IP’s that could potentially track your download activity and get you in trouble if you are downloading copyrighted material. I have created my own second list which blocks even more IP’s I would suggest you do similar.

Just a heads up and hopefully it will keep you out of trouble when torrenting.

Yesterday I encountered a new package manager problem that I have never seen before. Basically I started with a .rpm package and wanted to create a .deb package with alien. The program was vmware-server. Long story short it failed and I ended up just downloading the tar ball and installing it that way and compiling some things. That worked. When I tried to then do something with apt-get it errored telling me that there was some package that needed to be reinstalled which was vmware-server. Since I had already deleted it from the server it could no longer be found. Here is a list of things I tried before using the technique I’m about to show you.

apt-get remove apt-get remove -purge dpkg --force-all -purge dpkg --remove --force-remove-reinstreq First I would try those if you are having problems with a package. Now if it’s really hosed and you can’t get any of those option to work listed above then I do have a solution for you, which did take a me a bit to find.

Edit /var/lib/dpkg/status with your favorite editor. Now find the package that is giving you trouble. Mine started with the line

Package: vmware-server

After I found that there are two options. Delete that whole section, which I ended up doing. Or change the status to:

Status: install ok installed

Either one should get you back working. Just save the file and try using the package manager again, and you should be all set.

A Passphrase, you would think that would be standard now right? Think again. Recently I have been talking to a few people asking them how their security is at their place of employment is. I have heard it over and over “The network itself is pretty secure, but it’s mainly end user error”. The main problem that I see is PASSWORDS. The actual word “password” implies that it is just one word no complexity. You would think with all the identity theft and cyber-warfare going on it would have took a long time ago. Well I was looking through my 8.5gig password file and rainbow tables and just realizing how easy it is to just run through these lists and match the hash values and get the passwords. (I’m implying you can get the hash values.) So basically I want to discuss making a passphrase so that you can avoid these types of easy cracking techniques.

An easy and my favorite way to pick a passphrase is, to think of a song. What is your favorite song? For testing purposes let’s use Black Bird by The Beatles. Remember you can pick any song you like. The point is that YOU remember it. Isn’t that the whole point of a passphrase/password? OK, let’s start. First I’m going to pick out which phrase I want to use.

Blackbird singing in the dead of night Take these broken wings and learn to fly

Now let’s take the first letter of ever word in the phrase.

B s i t d o n T t b w a l t f

That right there wouldn’t be a bad passphrase. But it’s best to have upper case and lower case and numbers in our passphrase. So let’s switch some ease numbers to letters like “B” to “8” and “o” to “0” and “s” to “5” and the letter “l” and use a number “1”. Here is is with those characters switched.

8 5 i t d 0 n T t b w a 1 t f

Now we have a pretty strong passphrase that I guarantee is not in any rainbow list or password file. (unless they see this blog of course) The reason I like this method is because it’s your favorite song and your favorite part of the song so it’s easy to remember. Once you start using it a couple times you will get the hang of typing it in and if you ever forget it just sing the song a little bit in your head.

Well as you know I have been doing some xbox hacking lately. I was looking for the latest build of XBMC for the xbox and I came across T3CH’s Site Which did have the latest build. I was happy to find this because there were some good updates that I previously didn’t have. When I started poking around I was looking through the skins and found something called Mediastream. I had no idea what this skin was, so I looked into it. I found out that this was a skin developed by some guys in the UK and it was an awesome looking skin. Here is a couple screen-shots from their site: All in all it’s awesome to say the least. Definitely revamped my interest in doing modded xbox and using XBMC. I showed my brother and now he wants one so I am going to do one for him as well. I am still working on my xbox -> 360 hack but I have a feeling that will take a bit longer. I have some picture and I’ll post them up in the projects section. I also need to get some motivation to get some of the other projects that had from the old site ported over.

[caption id=”” align=”alignnone” width=”300” caption=”TVBOX”][/caption]

Since I am in Seattle and still looking for a place of my own, I haven’t shipped out all my computer stuff yet. Two things I did have shipped out were my Xbox and my LCD monitor. Since the Xbox was hooked up to the TV sometimes there were things that I wanted to watch or play that other people didn’t. So my idea was to hook the Xbox up to the LCD monitor. Sounds simple right? Well, kinda. I figure there were a couple ways to go about this.

1. Buy a cable hack it up and put a VGA connector on it and hope that the LCD had Sync-on-Green.

2. Try to make a converter .

3. Buy a converter box.

I first started to look on how to make a cable but I didn’t want to get all done and find out it was a waste of time. So I decided to try and find a converter box. I went to pretty much all the electronic stores I could think of and not one had what I wanted. RCA (Yellow aka composite) to VGA. So my second option was to buy a crappy computer and put a tvtuner card in it an run it through there, which is what everyone was telling me to do in the stores. Bah! I didn’t want to do that but I wasn’t going to shell out 150$ for some ridiculous converter box online. So I decided to go the computer route. I was searching through craigslist.org and low and behold a converter box for 30$. Right up my alley. So I picked that up and it turned out to be this one. Let me tell you it works awesome. It has composite RCA in, VGA in, S-Video in, and TVtuner in with VGA out. It also has a remote and channel up and down, and volume which work great. The only gripe I have right now is that the signal is a little fuzzy. The videos and movies play alright but the XBMC dash is pretty fuzzy. I was reading that If you use the S-Video In it’s better, but it’s good for the time being. If anyone has a chance to pick one of these up for cheap I would highly recommend it. I was thoroughly impressed. I’ll post a picture when I get a chance. Now that I have all my stuff working, I started playing around with XBMC some more. I have an XBMC dash from at least a year and a half ago my guess is probably longer. So I was looking around and seeing if anyone has done updates because I have seen that It came out on linux and windows a while back, which is cool. So when I was poking around I came across T3CH’s site. I looks like this is the latest update for Xbox’s XBMC. I’m going to give it a try tonight hopefully there are some cool updates from what I have.

[caption id=”” align=”alignnone” width=”400” caption=”Nagios “][/caption]

This past week I was able to try out some new software that I have heard about, Nagios. Nagios is an open source network monitoring tool. It can monitor servers/PC’s along with switches and routers. On the PC side there is a little light weight client that gets installed called NSClient++, which then Nagios then Monitors. Yeah, yeah, that’s all cool and good but what I really wanted to get working was the network monitoring with SNMP. At my work they have 3 switches and a Cisco Pix 501. I went through and allowed SNMP on the Cisco router and configure the Nagios file and It worked. Then I went through and did the other switches. When I found one of the GS724T switches was a Version 1 (older one) there was no SNMP option and after updating the firmware to the latest version I have kind of given up hope on that switch. The other switches on the other hand worked great. Here’s a pic of the basic Nagios service Next I really wanted to get the bandwidth usage working. So I needed to install MRTG on the ubuntu box. MRTG basically uses SNMP to get information from the devices every 5 minutes and logs it. Then it creates a web page with the data displayed in a graph. After that was working I then pointed the ports on the Nagios configuration to the log files from MRTG. Now the devices in Nagios show the ports up/active and bandwidth usage. detail screen.