2014 Updates And Status Reports

I know it's been a while since this blog has been alive.  There have been a lot of developments since my disappearance, but its summer once again, and it's DEFCON season.  I will be publishing my previous Defcon notes with the purpose of helping Defcon newbies with some tips on navigating the con in August.  Stay tuned as I will start to notate my learning, research and findings in the next few weeks leading to the Con. This year's concentration will be on Network Packet Analysis. 

How to create a bootable USB stick on OS X

Note: this procedure requires that you create an .img file from the .iso file you download.

Tip: Drag and drop a file from Finder to Terminal to 'paste' the full path without risking typing errors.

1. Download the ISO you need.
2. Open the Terminal
3. Convert the .iso file to .img using the convert option of hdiutil 
   "hdiutil convert -format UDRW -o ~/path/to/target.img ~/path/to/<*.iso>)
   Note: OS X tends to put the .dmg ending on the output file automatically.
4. Run "diskutil list" to get the current list of devices.
5. Insert your flash media.
6. Run "diskutil list" again and determine the device node assigned to your flash media (e.g. /dev/disk2).
7. Run diskutil unmount Disk /dev/diskN (replace N with the disk number from the last command; in the previous example, N would be 2).
8. Execute sudo dd if=/path/to/downloaded.img of=/dev/rdiskN bs=1m (replace /path/to/downloaded.img with the path where the image file is located; for example, ./ubuntu.img or ./ubuntu.dmg).
   

   • Using /dev/rdisk instead of /dev/disk may be faster
   • If you see the error dd: Invalid number '1m', you are using GNU dd. Use the same command but replace bs=1m with bs=1M
   • If you see the error dd: /dev/diskN: Resource busy, make sure the disk is not in use. Start the 'Disk Utility.app' and unmount (don't eject) the drive
9. Run diskutil eject /dev/diskN and remove your flash media when the command completes.
10. Restart your Mac and press alt/option key while the Mac is restarting to choose the USB stick.

USB Flash Drive Restoration

I have a few flash drives I use for my "experiments", and I'm always out for a deal to get more.  Every so often, after installing and uninstalling a variety of distros on it, I notice that it starts running out of space even if  I have deleted the previous file.  If you try to format it to get the original size, it'll sometimes say access denied on.  Annoying at the very least.  The following is my cheat sheet to rest the USBs back to it's original state.  I plucked the info from the pendrivelinux.com website.  They are an excellent website to hangout in and check. One of my favorites from their site is YUMI.  Have a 32GB flash drive and have fun with YUMI.

Restore Your USB Key to it's original state

After having tooled around with a USB Linux version using your image overwritten or multi partitioned flash pen drive, you might find it necessary to revert it back to a single fat partition (restore the flash pen drive to it's original state) that can again be read by all computers. Windows users can follow the Windows instructions below to Restore a Flash Drive using the HP USB Format Tool. For those working from Linux this task can easily be accomplished via the Linux Flash Drive Restoration tutorial that follows.

Restoring your USB key to it's original state using Windows:
BOOTICE Site: http://www.ipauly.com/bbs/

1. Download, extract, and run Pauly's BOOTICE Tool
2. (1) Select your USB Flash Drive from the list, (2) Click Perform Format
3. (1) Under Disk Mode, Choose USB-FDD Mode (2) Click Next Step
4. (1) Select a File System type (2) Click Ok
5. (1) Make sure you have backed up any important info, then Click OK, (2) Verify the drive letter and Click Yes to Proceed to let BOOTICE partition and format the USB Flash Drive

Restoring your USB key to it's original state using Linux:
A. First we need to delete the old partitions that remain on the USB key.

1. Open a terminal and type sudo su
2. Type fdisk -l and note your USB drive letter.
3. Type fdisk /dev/sdx (replacing x with your drive letter)
4. Type d to proceed to delete a partition
5. Type 1 to select the 1st partition and press enter
6. Type d to proceed to delete another partition (fdisk should automatically select the second partition)

B. Next we need to create the new partition.

1. Type n to make a new partition
2. Type p to make this partition primary and press enter
3. Type 1 to make this the first partition and then press enter
   
4. Press enter to accept the default first cylinder
5. Press enter again to accept the default last cylinder
6. Type w to write the new partition information to the USB key
7. Type umount /dev/sdx1 (replacing x with your drive letter)

C. The last step is to create the fat filesystem.

1. Type mkfs.vfat -F 32 /dev/sdx1 (replacing x with your USB key drive letter)

That's it, you should now have a restored USB key with a single fat 32 partition that can be read from any computer.

Potentially Related Portable Linux Posts

• Install Pendrive Linux V1 from CD
• Install gOS to a USB Flash Drive from Live CD
• Install KNOPPIX 5.1.1 to a Flash Drive using the CD

Installing VLC in Backtrack 5

1. apt-get install vlc
2. hexedit /usr/bin/vlc
3. find "geteuid._libc_start_man" and change it to "getppid._libc_start_man"
4. you can also run "apt-get install non-free-codecs" which will help play additional video formats.

Nook Simple Touch Rooting Recipe

Hardware and Software Needed:

1. Nook Simple Touch 1.2.1
2. NookManager-0.5.0
3. win32diskimager-binary.zip
4. MicroSD card
5. MicroSD adaptor or one a multi-memory card reader



The download must be unzipped and the NookManager.img file must be written to an empty SD card. On windows, you can usedisk imager. Linux and mac users can use dd.



Detailed Information borrowed from xda-developers.com

[Root] NookManager - graphical rooter for 1.2.x and beyond This is a graphical, interactive rooting system with the ability to create/restore backups and factory settings. This has been tested on systems 1.1.5, 1.2.0 (US/UK), and 1.2.1. It will probably work on earlier versions and should be safe to use on future versions. For best results, however, you should be on 1.2.1 before using this tool. If you've tried rooting your nook unsuccessfully with another utility, it's best to do a factory restore (from NookManager, choose the "Restore" menu and then "Restore factory.zip") and, if your nook came with older firmware, upgrade to the latest 1.2.1 firmware. Features: Root your nook Backup/Restore Restore to factory settings Disable B&N Apps Custom plugins The actual rooting procedure: uRamdisk is patched to enable ADB database setting is changed to allow installation of non-market apps the DroidSansFallback font is replaced with the updated font from jellybean to add support for extended characters the su/Superuser binary/package is installed Relaunch is installed ADB Konnect is installed for enabling/disabling ADB over wireless on systems running firmware 1.2+, the ModManager jars and package are installed on 1.2+ systems, the PackageInstaller.apk from the 1.1.2 firmware is installed to resolve issues with package installers and, finally, the Amazon appstore is installed just to have some easy way of downloading new apps The uRamdisk patching is done with scripts rather than copying pre-compiled binaries, so this should be safe for all existing versions of the Nook firmware and (hopefully) will be forward compatible with any new releases. The rooting procedure is non-destructive and can be run multiple times without causing problems. Under the hood, this is a minimal linux environment with the nook drivers/binaries and a few core android binaries. The display is generated with imagemagick and written directly to the framebuffer. Wherever possible, the parts of this system are compiled from source including the Linux kernel, uBoot, and all of the buildroot utilities. The hardware drivers and associated binaries are extracted from the 1.2.0 upgrade package. The source for the project, including an automated buildscript is available at GitHub. Support for custom menu items and scripts is documented here. Download The download must be unzipped and the NookManager.img file must be written to an empty SD card. On windows, you can usedisk imager. Linux and mac users can use dd. To run, shut down your nook, install the SD card and power on. You should see the NookManager boot screen followed within 15 seconds by the welcome screen. After rooting, you can install Google Apps using straygecko's excellent NTGAppsAttack package if you want to use Google Market/Gmail/Calendar/etc.

Mac Spoofing on Mac OSX

Spoof your Mac address by typing:

ifconfig en0 ether 00:00:00:00:00:00 

The zeros can be changed to any combination of characters 0-9 and a-f, and I think the 2nd character has to be an even number.  You can then replace the en0 with whichever adapter you’d like to implement the spoofed address on, and hopefully the series of zero’s here with the actual MAC address of a target host.

arp -a

Will display your arp cache with the mac address of all your network neighborhood.

=====================

You can delete an IP address from the arp table using the arp command along with the -d option followed by an address.  For example, to delete IP 10.10.10.1:

arp -d 10.10.10.1

If you’re not sure which IP address you’re looking for then you can look at the arp table to check the IP against the MAC address by using the -a option along with arp.  For example:

arp -a

To delete all of the entries in an arp table (they do regenerate after all) you can use the -d option in conjunction with the -a option:

arp -d -a

If you then want to manually add an entry into the arp table you can use the -s option followed first by the IP address and then by the MAC address, as follows (assuming an IP of 10.10.10.10 and a MAC of 00-00-00-00-00-00):

arp -s 10.10.10.10 00-00-00-00-00-00

In some cases I’ve had to revert to using hostnames instead of MAC addresses.  To do so, first define the hostname in /etc/hosts, adding a line that has the IP followed by the name of the server, as follows:

havok.krypted.com 10.10.10.10

Then simply use the name instead of the MAC address with the -s option, as follows:

arp -s havok.krypted.com 10.10.10.10