I just read this quite nice article about a backdoor in HP’s D2D/StorOnce Storage unit. It is unbelievable how a vendor can ignore such a huge problem.
Anyhow, I decided to publish the password behind the SHA1, mainly because the first Google hit for “online sha1 cracker” simply had this hash already in it, so I don’t see the point of not publishing it. I am just making your life easier to spare you a trip to this free service, enter their captcha and see the password:
As I can read it it says Badgers, so I assume HPSuport must be in love with Wisconsin, which is a good thing: the Wisconsin Badgers are the athletic teams representing University of Wisconsin from Madison (Wisconsin’s capital). I like the Badgers too, that’s why I have a badger hangin’ on my keychain all the time. Guess I am kind of similar to HPSupport (? :D).
I jsut bought some really old data cables for my Nokia 3410 and I must tell you they suck really bad. Let me tell you a little bit about the background:
I am currently really into everything that is security & GSM, therefore I thought it would be great to have a data cable which I can use with my old Nokia 3410 to enable the so called “Network Monitor” mode. In this mode the phone shows you a lot of useful information like the frequency it is using (ARFCN) or the current temporary ID of the SIM card (TMSI).
So, as a normal user would do I went to my friend Google and asked him about this cable. He quickly showed me some results which were quite funny: some Hungarian webshops still have these cables in stock! I was quite happy because the price was really low and I thought it would be great to buy from a shop and not from some random person.
So the cables came like two days later, and I tried to connect them to my phone. None of the cables seemed to fit. I was really angry, and thought about calling the shop telling them they are selling junk (which wouldn’t be surprising at all sadly) but then I found an archive website that shows you how to connect the cable properly.
The secret is quite easy once you know it: you need to get rid of the nice soft protecting foam that is glued all around the pins of the cable (who would have thought…). After that I connected the phone to my computer and I was able to turn on the Network Monitor – yeah, let’s all be happy.
But how is this related to poor quality Chinese cables?
Let me finish the story:
As time went on I wanted to get more information out of the phone and I already found the tool for this, naturally it is part of the Osmocom-family, it is called dct3-gsmtap. It can use the serial connection to your phone to actually capture GSM and SIM-card data and then forward it to Wireshark for later analysis. Sweet, just what I wanted to try out.
I installed it, tried to run it, and it says something like “no answer from the phone”. What the ****? I just communicated with the phone, and turned on the Network Monitor!
So I went back to Google and tried to research this, and finally found the cause:
Apparently for Nokia phones you can have 2 kind of cables, one is called MBUS (M2BUS) the other one is called FBUS. They differ in speed, baudrate and also capabilities. MBUS is an older simpler implementation of a serial line – it only uses GND and MBUS_PIN (data pin) to communicate. It is slow, and not really useful, that’s why Nokia decided to introduce FBUS which uses GND, RX_PIN and TX_PIN so it is a lot faster and more reliable serial connection.
Guess which connection is supported by pretty much all of the tools available. Yes, FBUS.
Guess what kind of cable do I have? Yes, MBUS. Sweet…
But I didn’t stop there, I wanted to see, if there were truly only 2 pins connected in my cable, or what was going on (because the interface facing the phone actually has all 4 pins). It turned out, that I do have 4 pins connected, but if I trace the whole cable it turns out that one of the magic plastic boxes on the cable (you know those little plastic boxes that are Â on some cables for noise-cancelling or something like that) has all 4 cables coming in and only 2 cables going out.
So, I have an awesome cable which has all of its capabilities limited because some retard thought ‘yeah, why don’t we cut these two wires right at the middle of the cable?’.
Fortunately Google is still my friend and I found a random guy on the Internet who is Hungarian and has one perfectly fine FBUS cable for Nokia 3310/3410 which he is willing to sell. Ironic.
Jay Freeman (saurik, creator of Cydia for example) applied for the Google Glass developer program and he received his glass not long ago, but still he had enough time during a dinner with his friends to gain root access to the device to remove all limitations Google put in it.