Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, August 31, 2010

ATA Passwords and Firmware Area

Almost all laptops and some modern desktop computers have the ability to lock a hard disk drive with an ATA password so that hard drive remains inaccessible until correct password is entered. Manufacturers call this technology different ways, for example, HP calls it DriveLock, but it is all the same. The password is stored inside of the hard drive's Firmware Area (on the surface). Since the password is stored on the surface, it cannot be removed by swapping circuit boards. And, since the Firmware Area cannot be read with any widely available software, the password cannot be easily read or removed.
Repair Station has the ability to access the Firmware Area and reset the password, thus making your hard drive unlocked. Unlocking process is done automatically and takes just a few minutes.
Since Repair Station does not alter partitions or file systems, it is absolutely safe to your data.
What is Firmware Area
Firmware Area (or System Area) is a reserved space dedicated to hard drive's own needs, such as: storing SMART logs, defect reallocation tables, program code (overlays) and so on. Flash EEPROM chip contains only a little part of the Firmware; its primary role is to spin up the spindle and unpark heads so that the drive can read the rest of the firmware from surface.
Firmware Area is inaccessible with generic ATA commands; it cannot be read or written with any software since the fact that the protocol is vendor-unique, and hard drive vendors do not disclose any information about their hard drive Firmware area structure or even about how to access it. We put more than four years of research and development into Repair Station, and we've made it able to access and recover the Firmware area.
Firmware Area failures
More than half of hard disk drive failures are caused by firmware area damage. Just a little damage is enough to render a hard drive totally unusable. In such cases hard drive becomes inaccessible and sometimes can completely disappear from the system.
For example, a hard drive can lose its parameters such as device model number and capacity. When it happens, there is no access to partitions and files. In most cases the problem is caused by firmware area damage and can be fixed with Repair Station.
Repair Station reads the Firmware Area, extracts and analyzes all firmware structures, rebuilds damaged parts and writes the firmware back to the drive. The process is absolutely safe to the data (partitions and files) and takes no more than 20 minutes.
If you have an issue with a hard drive, please feel free to download Repair Station and run diagnostics (which is free). Repair Station diagnoses the Firmware Area and hard drive mechanics and displays a short summary of hard drive's health.

hddguru Low-Level-Format-Tool & more

Thank you very much, Dimitry!
Firmware
files.hddguru.com/index.php 
files.hddguru.com/download/Software/
ultimatebootcd.com/
hdat2.com./
Atola Technology Archive Restoring Factory Hard Drive Capacity
HDDGURU: Software: HDD diagnostics and recovery
files.hddguru.com/download/Software/DiskInternals%20Recovery/
This utility, on the bootable CD, will then examine your system, detect all 2.5/1.8 inch hard drives installed, and then check the firmware revision of the drive. If required, it will prompt you to run the appropriate firmware update program for your drive. 
hddguru.com/content/en/software/2005.10.02-MHDD/
Utility for repairing HDD bad blocks, 0 sector, HDD bios settings
Restoring Factory Hard Drive Capacity to reduce hdd capacity
hddguru.com/software/2005.10.02-MHDD/ 
Partition Find and Mount allows you to recover deleted partitions. What's special in this program is that it allows you to mount lost partitions right into the system, so the operating system sees that lost partition like a good one. This software also has the possibility to create and mount images of the entire hard drive or separate partitions.
==================================
HDD Capacity Restore Tool allows you to restore factory capacity of any hard drive. A complete capacity restore guide is supplied with the application.
hdd-tools.com/products/cr/download/crsetup.exe 
this tool can NOT recognise USB Mass Storage devices
pull out an old PATA hard drive, install windows XP32bit on it, install SP3 and hdd capacity restore.
This utility has nothing to do with partitions or images of anything. It only works with the hard drive as a physical device. You certainly cannot alter (restore) capacity of a hard disk that you use to boot the Operating System… If this is the case, then you would have to boot from some other hard drive (or attach this hard drive to another working PC as a secondary drive).
If you’re looking to restore capacity on a notebook drive and you don’t have a desktop available, you can use Hitachi’s Feature Tool, which must be copied onto a bootable CD/DVD. Google Hitachi Feature Tool and follow the instructions. Good luck!
Unfortunately, it will not see hard drives on Promise or any similar additional cards; this is “normal”.
------------------------------------------------------
Samsung HD103UI 1TB:
hdd-tools.com/products/cr/download/crsetup.exe
==================================

This freeware Low Level Format utility will erase, Low-Level Format and re-certify a SATA, IDE or SCSI hard disk drive with any size of up to 281 474 976 710 655 bytes. Will work with USB and FIREWIRE external drive enclosures. Low-level formatting of Flash Cards is supported too. Low Level Format Tool will clear partitions, MBR, and every bit of user data. The program utilizes Ultra-DMA transfers when possibleFor use as portable application make sure that you put affhdd.sys into C:\Windows\System32
Also, the operating system has to be 32-bit only.

windows displays a yellow exclamation over dynamic disk in my diskmanagement. no partition. how can i get my data back?
http://www.computerbase.de/forum/archive/index.php/t-135480.html
Test the disk with ‘TestDisk’ and set the disk partition to primär and u get the data back
------------------------------------------
IBM/Hitachi Drive Feature Tool is a DOS-bootable tool for changing various ATA features. The Feature Tool allows you to control some of the features of IBM/Hitachi Deskstar and Travelstar high performance ATA hard disk drives and supports 48-bit addressing, so it will work with the new large capacity drives.
Seagate Technologies
The utilities of Seagate work for Western Digital hdd
Source 
System limitation: DiscWizard
older PCs may only recognize correctly drives under 32 GB.
Seagate has a piece of software that installs in the boot section of the drive and overrides the restrictive BIOS.
Seagate's capacity issues FAQ
Barracuda 5400.1 Installation Guide ST340015A and ST340015ACE ATA
And if the new ribbon does not fix it, then run the zero write program on that hdd a couple times.
SeaTools for DOS
Manual on how to do that

F. Set Capacity
Occasionally, a disc drive may be too large and its size needs to be reduced to a lower capacity. Similarly, a drive with a reduced capacity may need to be reset to its native maximum capacity. Three choices are available under this section:
S - Set 32GB Capacity. A common setting for older systems.
R - Reset to Drive Maximum. Full capacity is restored.
M - Set Manually. Allow you to set a specific size.
It's working! the SeaTools DOS program did the trick. I reset the drive and I now have full capacity.

Introduction to Forensics

Source Apr 22, 2008  By Kyle Rankin
in
A break-in can happen to any system administrator. Find out how to use Autopsy and Sleuthkit to hit the ground running on your first forensics project.
Computer forensics (among other things the ability to piece together clues from a system to determine how an intruder broke in) can take years or even decades to master. 
If you have never conducted a forensics analysis on a computer, you might not even know exactly where to start. In this guide, I cover how to use the set of forensics tools in Sleuthkit with its Web front end, Autopsy, to organize your first forensics case.
Before You Start
One of the most common scenarios in which you might want to use forensics tools on a system is the case of a break-in. If your system has been compromised, you must figure out how the attacker broke in so you can patch that security hole. Before you do anything, you need to make an important decision—do you plan to involve law enforcement and prosecute the attacker? 
If the answer is yes, you should leave the compromised system alone and make no changes to it. 
Any changes you make post-attack could complicate and taint the evidence, and because of that, many people have a policy of unplugging a system once they detect an attack and leaving it off until law enforcement arrives. 
Investigators likely will want the complete system, or at least the drives, so they can store it safely; thus, your forensics analysis might end here until your system is returned.
If you do not plan to prosecute the attacker, you still need to set up some policies beforehand on how to respond to an attack. 
The first policy you should create concerns whether to pull the power from a compromised server immediately. Two main schools of thought exist on this. 
  • One school of thought says that because a live server contains valuable data in RAM, such as running processes, logged in users and so forth, that you should try to collect all of that live data first and then power off the server. 
  • The opposing school says that once a system is compromised, all parts of the system are potentially compromised and cannot be trusted, including any tools you might use to grab live system data, so you should pull the power from the server immediately. Otherwise, attackers also could have compromised shutdown scripts to remove their tracks.
I personally lean more toward the second school of thought and believe that no commands should be run and no changes made to a system once a break-in is discovered.
The second policy you should create beforehand concerns how and whether to image the hard drives on the system and how and when to bring the system back into service. If you cannot tolerate much downtime on the system, you probably will want to create an exact image of the drives to examine elsewhere, and then re-install your operating system on the original drives. 
Remember, once a system has been compromised, you can no longer trust the system. There could very well be a back door that you missed. It's worth saying again that if you plan to prosecute, you will not be able to bring the system back into service, at least not with the original drives as investigators will need them. 
If you have the extra space, I recommend creating images of your drives to work from and leaving the originals alone. If you accidentally write to the images, you always can create a fresh image from the original drives. Autopsy can manage raw disk or partition images, so any imaging tool, from dd to Ghost, will work.
Install Sleuthkit and Autopsy
For the purposes of this guide, I assume you have created an image of any drives on the system and have stored them on a separate machine that you will use for the forensics analysis. 
This new machine needs to have both Sleuthkit and Autopsy installed. Some distributions have both Sleuthkit and Autopsy available as precompiled packages, so you can use your distribution's package manager to install them. Otherwise, you can download and compile the tools from the tarballs available on the main project site, sleuthkit.org.
Autopsy works as a Web-based front end to all of the Sleuthkit tools and makes it easy to examine a filesystem without learning each of the different command-line tools. Autopsy also makes it easy to organize multiple forensics analyses into different cases, so you can reference them later. Once Autopsy is installed, get root privileges, and type autopsy into a terminal to start the program. Instructions on Autopsy's settings appear in the terminal, including the default location for evidence (/var/lib/autopsy) and the default port on which it listens (9999). Open a Web browser and type in http://localhost:9999/autopsy to view the default Autopsy page and start your investigation.

Figure 1. Default Autopsy Page
From the main Autopsy page, click Open Case to open a case you already have created, or for this example, click New Case. In the New Case page, you can name and describe your case, and you also can provide a list of investigators who will work on the case. Once your case is named and created, you will see the case gallery—a page that simply lists all the cases you have created. If this is your first case, simply click OK to proceed to the Host Gallery. The Host Gallery lists all the servers you are investigating for this case. In our example, only one host was compromised, but often an attacker will move from one compromised host to another, so include as many hosts as you need to investigate in this gallery. As with the Case Gallery, click Add Host to fill out information about the host you are adding.
You will see some interesting fields on the Add Host page relating to time. If the host was set to a time zone different from your local time zone, be sure to put its time zone in the Time Zone field. When you piece together a chain of events, especially across multiple hosts, having correctly synced time is valuable. The Timeskew Adjustment field lets you account for a server with out-of-sync time, and Autopsy automatically adjusts the times to reflect any skew you put in this field.
When you add the host and go back to the Host Gallery, select the host to analyze and click OK to go to the Host Manager page. If this is a new host, the first thing you should do is click Add Image File to add the image you created previously. The image page has only three fields: Location, Type and Import Method. Autopsy expects that the image is available somewhere on the local computer—either actually on the local disk or via an NFS or SMB mount. Type the full file path to the image file in the Location field. The Type field lets you inform Autopsy of the type of image you created. If you imaged the entire drive, select Disk; otherwise, select Partition. If you select Disk, Autopsy scans the partition table for you and lists all the image's partitions.
Autopsy needs the image file to be in its evidence locker in some form, and the Import Method field lets you choose how to put the image file there. If you store all your Autopsy evidence on a separate USB drive, you may want to select Copy, so that a copy of the image stays with the rest of the evidence. If your evidence locker is on your local disk along with the image (which is likely under the default settings), select Symlink or Move, depending on whether you want the image to stay in its original location. Repeat these steps to add any additional images for your host.

Figure 2. Host Manager Page
Start the Investigation
Now that you have created the case, added a host and selected any disk images, you are ready to start the analysis. On the Host Manager page, you will see all the partitions available to analyze. The root (/) partition is a good place to start, so select it, and click Analyze. The Analyze page lists a number of different ways to investigate the filesystem, but click the File Analysis button along the top of the screen to enter one of the main pages you will use for this analysis.

Figure 3. File Analysis
The File Analysis page gives you a complete view of the filesystem, starting at its root. The top-right frame lists all the files in the current directory, along with additional information each in its own field, including MAC times, permissions and file size. MAC (Modified, Accessed and Changed times), refers to three different changes the filesystem keeps track of for each file. The modified time is the last time the file or directory actually was written to. For instance, if you open a text file, edit it and save the changes, this updates the modified time. The access time is the last time the file or directory was accessed at all. Reading a file updates its access time, and listing the contents of a directory also updates its access time. The changed time keeps track of the last time the file's metadata (such as file permissions and owner) were changed. It's possible, in some cases, for some or all of these times to match.
Each of the files or directories in the File Analysis page are hyperlinked. If you click a directory, the page changes to list the contents of that directory. If you click a file, the bottom-right frame changes to list the contents of the file (even if it's binary) along with a number of functions you can perform on that file. You can display the ASCII or Hex versions of a file or have Autopsy scan the file and display only the ASCII strings inside. This feature is particularly handy to try on suspected trojan files. Often the ASCII strings inside a trojan binary list strange IRC channels or other remote servers or passwords the attacker is using. You also can export a copy of the file to your local disk for further examination.
Attackers often like to delete files to cover their tracks, but Autopsy can attempt to recover them from the free space on the filesystem. Go to the File Analysis page, click the All Deleted Files button on the bottom of the left-hand frame, and Autopsy lists all the deleted files it finds on the system. If Autopsy can recover that much information, you also can see the MAC times and may even be able to click on the file and recover its original contents!
All of these features are handy, but one of the most useful is the Add Note feature. If, for instance, you notice a system binary in your /bin directory that has a strange recent modified date and you notice some suspicious ASCII strings inside, you could click Add Note and list your findings. On the Add Note page, you also can add a sequencer event based on MAC time. If you thought the modified time was suspicious, you might select M-Time on the Add Note page. When you add notes like this for a number of files or directories, you end up with a large series of notes on what you have found along with interesting times. From the Host Manager window (the window that lists the host's partitions), click View Notes to see the list. This is an invaluable feature when you are trying to piece together the sequence of events from an attacker—particularly when you want to share your findings with others.
If you find a piece of information, such as an IP address or a particular server name as you scan files, you also can click Keyword Search at the top of the Analysis page to scan the entire filesystem for that keyword. You might find log entries or additional files the attacker uploaded that reference that keyword in unlikely places with this tool.
One thing you will discover is that the sequence of events is very important when figuring out an attacker's steps. The File Analysis window lets you sort by any of the headers, including the MAC times. An attacker often will replace a system binary under /bin or /sbin with a trojan, and because that will update the modified time for a file, if you sort the /bin and /sbin directories by modified time in the File Analysis window, you quickly can see suspicious file changes, such as a series of core programs, like ls, vi and echo, all modified a few days ago at a time when you know you didn't update any programs.
Where to Search
If you are new to forensics, you might not be sure of exactly where to start looking in your filesystem. A few directories often contain evidence of an attack that will at least give you a starting point. I've already mentioned the /bin and /sbin directories, as attackers often replace core system binaries in these directories with trojans. The /tmp and /var/tmp directories also are favorite locations, as any user on the system can write to them, so attackers often start their attacks in these directories and download rootkits and other tools here. Pay particular attention for hidden directories (directories that start with a .) in /var/tmp, as that's one way for attackers to cover their tracks from a casual observer. Finally, scan under /home and /root for suspicious files or strange commands in each users' .bash_history file.
What you hope to find is some idea of when attackers were active on your system. Once you have an idea of when the attackers were there, you can check file access and modify times during that period to track down where the attackers were on your system and which files they touched. Although you certainly could browse through the File Analysis window directory by directory, Autopsy provides an easier way via its File Activity Time Line. If you are currently in the File Analysis window, click Close to return to the main Host Manager window that lists the images you have added for your host. From there, click the File Activity Time Line button. Next, click Create Data File, click the check box next to all of the images it lists, and then click OK. This job will take some time, depending on the size and speed of your disk and your CPU.
Once the data file is created, click OK to proceed to the Create Timeline window. In this window, you can narrow down your timeline so that it lists only a particular time period; however, just leave all the options as they are for now and click OK. As you never exactly know where an investigation will lead, you don't want to rule out periods of time that might have valuable clues. When the timeline has been created, click OK to view the Web-based timeline viewer, but a note on that page gives a valuable tip—the timeline is easier to view via a text editor than from the Web interface. Find the raw timeline text file under /var/lib/autopsy/case/host/output/timeline.txt. If you named your case Investigation1 and your host Gonzo, you can find the file under /var/lib/autopsy/Investigation1/Gonzo/output/timeline.txt.

Figure 4. Sample timeline.txt File
The timeline.txt file lists every file on your image sorted by MAC time. This file contains a lot of information, but once you figure out what each field stands for, it's easier to decipher. The first column lists the time in question for a file followed by the file size. The next field denotes whether this time was a time the file was modified, accessed, changed or any combination of the three. If a file was both modified and accessed at this time, but its metadata was not changed, you would see “ma.” in this field. The next field lists the file permissions, followed by the user and group that owned the file. The final two fields list the filesystem inode and the full path to the file or directory. Note that if a group of files has the same time, only the first time field is filled.
If you have found one of the attackers' files, try to locate it in the timeline and see what other files were accessed and especially modified during that time period. With this method, you often can see a list of accessed files that show someone compiling or executing a program. If you notice that the attackers used a particular account on the system, use the File Analysis window to check the /home/username/.bash_history for that user and see any other commands the attackers might have run.
In addition, look at the login history, which often is found under /var/log/messages, for other times that user has logged in and try to correlate those times with any other file activity on the system inside the timeline.txt file. Remember to add notes for each clue you find—as you dig further and further into the filesystem, it can be difficult to keep track of all the different files and how they correlate, but the notes page makes it easy to see. The ultimate goal is to try to locate the earliest time attackers left tracks on the system and use that information to figure out how they got in.
As you might gather, thorough forensics analysis can be a time-consuming process. Even with a tool like Autopsy, it still takes time and experience to make sense of all of the data it presents so you can piece together an attack. One easy way to gain experience is to image your personal system and view it through Autopsy. Create a timeline and see whether you can track down some of the commands you last ran or files you last edited. You might possibly even want to attack your own machine and see if you can use Autopsy to retrace your steps. Although nothing can replace real data, this sort of practice goes a long way toward understanding forensics so you're prepared when a real attack occurs.

Samsung hdd probs and tools

Quelle
http://www.samsung.com/global/system...tionjumper.jpg
DON’T CHANGE THE LBA SETTING FOR SAMSUNG DRIVES!!!
Samsung HD753LJ (750GB) drives with removed LBA48 support, using the Samsung ESTool utility. Neither the ESTool, or the HDD Capacity Restore utility can fix them.
---------------------------- 
Bei Samsung F1 - Serien lohnt das Benutzen des Programms für Diagnose und mehr, ES-Tool.
Abgesehen davon, dass es keine falschen Fehlermeldungen wie HUTIL produziert, gibt es für den 32GB - Clip einen eigenen Menüpunkt, "RECOVER NATIVE SIZE".
----------------------------
NHDP hat bei mir übrigens nicht funktioniert _ABER_ RHDP und manuell die LBA grenze setzen wollte dann.RHDP? Den Befehl gibts irgendwie garnicht bei MHDD
Wenn ich NHPA mache und manuell den LBA Wert eingebe bekomme 
HPA set: Fail. Repower hdd and try again
Samsung HD103UI 1TB:
hdd-tools.com/products/cr/download/crsetup.exe
Es tool ersetz hutil tool
http://www.samsung.com/global/busine...s/ES_Tool.html
ESTOOL300g_CDROM.zip (Size : 1.76 MB)
ESTOOL_FDD(3.00g).zip (Size : 710 KB)
Preliminary
  • ES Tool (The Drive Diagnostic Utility) is made with the aim of testing a Samsung hard disk drive while it is installed inside a PC, regardless of the status of user's operating system. In fact of the drives returned to Samsung, a large percentage are NTF("No Trouble Found") after testing. So it is strongly recommended to test the drive if it is truly defective by a few fundamental troubleshooting of ES Tool first, to avoid user's unnecessary effort and inconvenience of replacing a good drive.
  • ES Tool can test a drive solely manufactured by Samsung. It is strongly recommended to back up the user's significant data in advance because ES Tool has a Write operation that can erase it. Samsung has no responsibility of lost data.
  • The version on pictures may be different from that you download.
Execution
  • ES Tool is a DOS based utility so it is needed to prepare a bootable 1.44-MB diskette in advance.
  • Download ES Tool.exe on the diskette prepared from the internet.
  • Reboot the system by above diskette.
  • Execute the program by typing A:\> ES Tool.exe in DOS prompt.
  • Please Back-up your data before executing this program.
Functions
  • DRIVE DIAGNOSTIC
  • LOW LEVEL FORMAT
  • SET MAX ADDRESS
  • SET MAX UDMA MODE
  • AAM MODE (Automatic Acoustic Management)
  • LBA MODE
  • ENABLE SMART
  • DISABLE SMART
  • INFORMATION
  • AUTO DETECT
  • ABOUT ESTOOL
  • EXIT TO DOS
Habe Hutil 2.10 verwendet, nach dem LLF-Fornat unter Hutil und einem Oberflächenscan sind keine fehlerhafte Sektoren vorhanden. Bleibt also nur der Time Out Fehler bei Simple Read/Write. Aber das dürfte nichts zu sagen haben, alles andere wie Check M.C sind mit Pass beendet worden.

HDD Security System

Source
BIOS password was the first method widely used to protect the computer from unsolicited use. The idea was that your computer won’t boot until the correct password entered.
This type of protection was rather weak and was primarily intended to protect from intruders who have no access to the hardware itself. To bypass such protection, one could take the drive off the computer, attach it to another computer and all the data can be copied.
At that time, to protect the data on the drive, one had to create additional layers of security by using special software for data encryption.
The idea to protect data by setting the password not only to the BIOS but to the drive itself was proposed a decade ago, but only now the technology has spread enough to be widely used.
Nowadays all modern notebook computers set a password to the drive simultaneously with setting it to the BIOS. That is why it is important to understand how the disk drive security works.
HDD Passwords
The possibility to restrict access to the data exists on almost all modern drives. This restriction is implemented by the security system of the drive itself. Thus, it makes the attachment of the drive to another computer meaningless as the password is physically stored on the drive.
Every drive which supports security features can contain simultaneously two passwords: User and Master.
User Password
User Password is the password that you use to restrict the access to the data on the drive. When User password is set the drive becomes Locked. When the drive is locked, no data can be read or written to it.
So the drive is locked when, and only when the User password is set.
When locking the drive (i.e. setting User password), you can choose how the drive can be unlocked. Either only User password can unlock the drive or both User and Master passwords can be used. This is done by setting Security level flag. This flag can be modified only while setting User password. Security level can be either ‘High’ or ‘Maximum’.
Master Password
Master password is intended to be used in case User password is lost or forgotten.
Every hard drive has some predefined Master password set. Unfortunately it is not standardized. Usually it contains just 32 spaces, but it may vary depending on the hard drive manufacturer and model number. Master password can be easily changed if the hard drive is not in the locked state.
The capability of Master password (what you can do with it) depends on Security level flag which is set during locking the drive (as described in the previous section):
  • If the Security level is ‘High’, Master password can be used in place of User password.
  • If Security level is ‘Maximum’, the drive can be unlocked using Master password only with the erasing of all data on the drive.
By the way, the term “Security Level” will be substituted in the future versions of ATA Standards by the better one: “Master Password Capability”.
Back to BIOS
So, when you set a password on a notebook computer, BIOS will do the following:
• Store the password in the BIOS itself.
• Change Master Password of the HDD to protect the user from using manufacturer’s default.
• Change User Password of the HDD. This operation will lock the drive.

USBASPI V2.20 MS-DOS Driver

Source
Operating System: MS-DOS
Panasonic USBASPI V2.20
This MS-DOS driver makes it possible to access your USB device under MS-DOS.
Supports USB (OHCI/UHCI) and High Speed USB (EHCI) external Mass Storage devices such as hard disk drives, CD/DVD-ROM, flash disks and flash cards attached via card-readers.
All major chipsets are supported (Intel/Sis/Via/nVidia)
Important notes: Hotplug is not supported. Attach your device BEFORE you power on the computer. Also, refrain from use of any intermediate hub devices while using this driver.
The following line is needed in your config.sys:

device=X:\USBASPI.SYS /w /v 
Where X:\ — full path to the driver.
Now MHDD can access your USB storage as SCSI device in ASPI mode.
Download link: USBASPI V2.20 MS-DOS Driver

BackTrack Linux

Netstumbler is out!
BackTrack Linux - Penetration Testing Distribution
Back|Track LiveCD Blog

Download the ISO of the Linux liveCD, burn it or use in a startable USB flash memory and try running it on your laptop and see if your usb wireless adapter works with these killer applications.
You can be able to crack your own router with a very strong WEP key after capturing about 50,000 IPV4 packets. 
It is possible to crack a weak WEP key on a router in less than 3 minutes

5 ways to a faster internet experience

1 Group policies
start - execute

gpedit.msc 
then
administrative templates - network - QoS packet scheduler
Limit reservable bandwith: 0%
OK
2 Browsing tuning
In the firefox or flock browser type in the address bar:
about:config
filter the following term:
http
and change according the image



3 Change the DNS IPs
opendns.org DNS
208.67.222.222
208.67.220.220
google DNS
4.2.2.1
4TZ connection booster To speed up your internet connection speed & to have a faster internet surfing.
It also keep your connection secure & prevent automatic disconnections.
Connection Booster Wizard can configure any modem, ADSL, Cable, DSL, and LAN connection types for maximum performance for faster surfing the Web, playing online games, and downloading files. It also configures Internet Explorer for better stability. It also keeps your connection secure and prevents automatic disconnections. Adds more speed greater than 115200 to your modem settings. Speeds up your connection without any networking or communication background requirements. Detects your OS to indicate the best settings for your system. Adjusts MTU (Maximum Transmission Unit) and MSS (Maximum Segment Size). Automatically detects the MTU for all networks along the path to a remote host (MTU discovery procedure), thus avoiding packet fragmentation and performance problems. Detects bad routers (Black hole routers) that may prevent MTU discovery procedure to be completed correctly. Adjusts RWIN to the best size settings for your system. Configures the TTL (Time To Live) value, etc.

  • Detect your OS to indicate the best settings for your system.

  • Adjusts MTU (Maximum Transmission Unit) & MSS (Maximum Segment Size).

  • Automatically detect the MTU for all networks along the path to a remote host (MTU discovery procedure), thus avoid packet fragmentation & performance problems.

  • Detecting bad routers ( Black hole routers) that may prevent MTU discovery procedure to be completed correctly.

  • Adjusts RWIN to the best size settings for your system.

  • Configure the TTL (Time To Live) value that defines how long a packet can stay active before being discarded.

  • Configure Keep Alive Time & Keep Alive Interval values to prevent your connection from being automatically disconnected after an ideal connection.

  • Protect your system against SYN Flood attack.

  • Protection against ICMP redirect attack.

  • Is compatible with Windows 9X/ ME/ NT/ 2000/ XP/Vista Windows
5 Firefox extensions
Ad block
No Script

Monday, August 30, 2010

Analog to digital (mp3 or wav)- Open Source SW

Audacity
Excellent open-source audio editing tool.
The same software that comes with many of the dedicated USB turntables.
InfraRecorder
Open-source CD writing application - lets you burn the captured .wav files to regular audio CDs.
If you already have Nero Suite, you can use that instead.

Edimax Bluetooth Booster

with an SMA WiFi omnidirectional antenna 7dBi (up to 250 m)

mi WiMax de Viva en Santa Cruz, Bo

Cansado ya de conexiones a medias (mal crimpado y soldado de los conectores) de los técnicos de WiMax en Santa Cruz de la Tierra Quemada, Multinación Cocalera de Bolivia, doy una sugerencia técnica para los cables coaxiales y sus conectores para la antena externa.
How to Connect Coaxial Cable Connectors
A cutaway view of a coaxial cable.
Coaxial cable is any cable that has an inner wire shielded an outer conductive sheath by a dielectric (non-conductive) material. The outer conductive sheath is then encased in a protective cover. First invented in 1929, and used commercially in 1941, today coaxial cable comes in hundreds of types and is used in thousands of applications. Originally created with copper, today coaxial cable may use a variety of internal metals. Most of us are familiar with how the coaxial cable is used to wire cable and televisions systems. In this wiki, we'll look at how to attach your own connectors to cable TV coaxial cable.
Asumo que por reducción de costos de Viva o por razones técnicas de los cables y el tipo de conector de la antena externa, usan dos tipos de cable para conectar la antena con el CPE ZyXel, que no son más de 8-9 m (Ver el texto resaltado en negrita y rojo abajo sobre el tipo de cable grueso y la distancia mayor a 60 m o unas 200 yardas). 
Tampoco usan cintas de caucho y tubos retractables bajo calor para hacer las conexiones estancas o resistentes a la intemperie para evitar la entrada de humedad o agua a los cables coaxiales.
Respecto a los cables coaxiales, usaron un cable grueso de 50 Ohms conectado con  el  delgado LMR 240 como latiguillo o pigtail super largo (5-6 m=un valor de 20-25 US$) para conectar al CPE. 
air802.com/connector-identification-chart.html
La unión de ambos tipos de cable fue hecha
-asumo yo- con Neill conectores baratos o con conectores reversos TNC  que son weatherproof por diseño, pero si el crimpado fue mal hecho y  como sobresalía la malla que cubría el anillo de crimpar, pues dudo que sea estanco sin el tubo del plástico retractable al calor (Clamps with clamp gaskets, Crimps with heat-shrink tubing), pero la cubrieron de cinta aislante 3M y quedó por suerte bajo las tejas, pero a la aislación  del conector con la antena no le tengo mucha fe, por más cinta aislante que tenga. Veremos qué pasa tras unos meses de lluvia y sol.
RTNC -Moisture Resistance: MIL-STD-202, method 106
Si por lo menos hayan aprendido a crimpar los conectores como se debe!
youtube.com/cable connectors howto
Amphenol TNC Developed in the late 1950's, the TNC stands for threaded Neill Concelman and is named after named after Paul Neill of Bell Labs and Amphenol engineer Carl Concelman. Designed as a threaded version of the BNC, the TNC series features screw threads for mating. TNC are miniature, threaded weatherproof units with a constant 50 Ω impedance and they operate from 0 - 11 GHz. There are two types of TNC connectors: Standard and Reverse Polarity. Reverse polarity is a keying system accomplished with a reverse interface, and ensures that reverse polarity interface connectors do not mate with standard interface connectors. Amphenol accomplishes this by inserting female contacts into plugs and male contacts into jacks. RG stands for "Registered Gauge" The numbers of the various versions of RG cable refer to the diameter and internal characteristics of the cable, including the amount of shielding and the cable's attenuation, which refers to how much signal loss there is per length of cable.
There is no meaning to the numbers used for different cables types; they are arbitrary labels assigned long ago.
Most non-industrial coaxial cable is now RG-6, although the previous thinner lower-quality standard of RG-59 is still used in some applications and older homes. Commercial installers may use a thicker RG cable, like RG-11 (which is only used if the distance from the source tap to your point of termination at the home is greater than 200 feet)
Be aware that all cables (and their connectors) come in a variety of qualities
Get the best quality cable you can.
coaxconectors.info/Crimpconnectorinstall/crimp_installation.html

TNC connector on the left beside BNC.

Reverse-polarity TNC (RP-TNC) is a variation of the TNC specification which reverses the polarity of the interface. This is usually achieved by incorporating the female contacts normally found in jacks into the plug, and the male contacts normally found in plugs into the jack. RP-TNC connectors are widely used by WiFi equipment manufacturers to comply with FCC regulations designed to prevent consumers from connecting antennas which exhibit too much DB gain and breach compliance. This connector is common on WiFi or Broadband Routers and Antennas from Cisco, Linksys and other lines of Wi-Fi products. RP-TNC can also be abbreviated as RPTNC.
Abajo el conector de polaridad reversa (RP-SMA) para el cable coaxial
LMR-240 y el ZyXel MAX-210M1 como un simple CPE acorde al estándar IEEE 802.16e (Ver WiMAX) y frecuencia de 3,5 GHz
female rpsma connector Back of Router RP-SMA Female Connection
Conector hembra de polaridad reversa del CPE ZyXel
rpsma male
Sub-Miniature version A
Reverse Polarity SMA Male Connector
SMA-1001-15-G-RP-TGG
SMA MALE RP FOR RG59U/LLC240/H155/LMR240
Product Spec.
cómo hacer las conexiones
SMA connectors are semi-precision, subminiature devices that provide repeatable electrical performance from DC to 12.4 GHz with flexible cable. These devices offer broadband performance with low reflection and constant 50 ohm impedance. These properties, along with minimum attenuation and low VSWR have made the SMA extremely popular in the microwave community. The SMA design has been broadened to accommodate many interconnect requirements and is available in pressure crimp, clamp and solder terminal attachments. SMA design parameters have incorporated the considerations of balancing cost, size, weight and performance to yield the best value in your microwave system. Among typical applications are components such as dividers, mixers, amplifiers, trimmers and attenuators. SMA connectors are also used to provide interconnections from printed circuit board stripliness to coaxial cable.SMA is available both in Standard and Reverse Polarity. Reverse polarity is a keying system accomplished with a reverse interface, and ensures that reverse polarity interface connectors do not mate with standard interface connectors.
Reverse Polarity SMA
Electrical:
Impedance50 ohm
Frequency Range0 to 12 GHz
• for flexible cable→max operation frequency of cable per MIL-C-17(12.4GHz max)
VSWR
RG178U→1.2+0.025 f GHz max(Straight)
1.2+0.03 f GHz max(Right Angle)
RG316U→1.15+0.02 f GHz max (Straight)
1.15+0.03 f GHz max (Right Angle)
RG142U→1.15+0.01 f GHz max (Straight)
1.15+0.02 f GHz max (Right Angle)
Working Voltage375 volts rms max
Dielectric Withstanding Voltage100 volts rms
Insertion Loss0.06 dB maximum x??GHz@ 6GHz;
Insulation Resistance5,000 Megohms min
Mechanical and Environmental:
Mating1/4"-36 threaded coupling
Durability500 matings
Coupling Nut Retention60 lbs Min
Cable RetentionRG-58,141,142,223→41 lbs min
RG-174,188,316→20lbs min
Thermal shock-65°C to 165°C
Materials / Finish:
MaterialPlating
Connector BodyBrassNickel or Gold
Center ContactMale:Brass
Female:Beryllium Copper
30 µ " gold over 100 µ " nickel
InsulationTeflonNone
GasketSilicone RubberNone
Crimp FeruleAnnealed CopperSame as Body
Assemblies Instruction
Do not use the screw-on style F-type connectors. Cable signal will "leak" out of a cheap or poorly terminated connector such as these. This can cause unwanted signal "ingress" to get into the cable line and cause odd distortions such as vertical lines, dash lines moving horizontally across the screen as well as "beats" or little white dots randomly over the entire screen. If you have high speed internet and more than two TV's, make sure you use a high quality RG 6-type connector. On this note, when putting a connector on the cable wire, proper preparation is essential to get a clear picture as well as a good seated connection for the cable modem. Use a compression style connector available at any popular home improvement center. Also, when preparing the end of the wire, be sure not to "score" or nick the copper center conductor as this can cause problems with your internet such as intermittent connectivity and packet loss.
Warnings

  • Professionals use compression fittings on coax with a compression tool that is not much more expensive than a crimper. These are used now instead of crimping as it makes a more waterproof seal, and affects the signal less at the joint point.
  • Make sure you make a good connector.
    Do not settle for a less than perfect job.
    Cable TV signal can leak out of bad connectors and interfere with lots of devices that use RF technology (including airplanes).
    Not to mention that if too much signal leaks out it can be an FCC violation.
    If you are unsure leave the job up to the professionals at your cable provider.
Bien, por eso escribo ésto, pues al proveedor de internet (ViVA) no parece importarle la calidad de sus conexiones. Y por eso paran sus técnicos atendiendo reclamos!!!

Sunday, August 29, 2010

Incorrect source of XXX files

Source

flyakite.msfn.org/  (downloads)
Windows XP/2003 x86
I386\dosnet.inf
I386\eula.txt
I386\txtsetup.sif
I386\dosnet.inf

Windows XP/2003 x64
AMD64\dosnet.inf
AMD64\eula.txt
AMD64\txtsetup.sif
AMD64\dosnet.inf

Windows XP/2003 PE x86
I386\SYSTEM32\hal.dll
I386\SYSTEM32\kernel32.dll
I386\ntdetect.com
I386\setupldr.bin

Windows Vista/2008/7 x86 x64
sources\license\_default\_default\ultimate\license.rtf *or* sources\license\_default\_default\serverenterprise\license.rtf
sources\install.wim
sources\boot.wim
sources\product.ini
sources\idwbinfo.txt
bootmgr
folder boot

Windows Vista/2008/7 PE x86 x64
sources\boot.wim
bootmgr
folder boot

Windows XP/2003 Emergency bootloader x86 x64
I386\ntldr
I386\ntdetect.com

MS-DOS
IO.SYS
MSDOS.SYS

Saturday, August 28, 2010

Update of Superantispyware in NT6.1 OS

When I try to install a SUPERAntiSpyware program update, I receive the error message
"The update must be done from an account with administrator priviledges"
This is caused by a Windows Vista permission anomaly. This procedure works in most cases to reset the permissions.
On some Windows NT6.1 systems, particularly with 64-bit Windows Vista and 7, it's necessary to temporarily run SUPERAntiSpyware as administrator each time a program update is available.
  1. Right-click the SUPERAntiSpyware icon (the yellow/brown bug) in the system tray (near the Windows system clock) and select "Exit."
  2. Right-click on the SUPERAntiSpyware icon on your desktop, and select "Run as administrator."
  3. Close the SUPERAntiSpyware main menu when it opens.
  4. Right-click the SUPERAntiSpyware icon in the system tray again, and select "Check for Updates."
  5. After the updates are installed, restart Windows.
Very rarely, it's necessary to reinstall SUPERAntiSpyware to reset the permissions when the steps above don't resolve this issue.
Exit SUPERAntiSpyware, and uninstall using the Uninstaller Assistant:
http://www.superantispyware.com/downloads/SASUNINST.EXE
Then restart Windows. Re-install the current version of SUPERAntiSpyware from our web site and register/activate and you should no longer have the problem.
You can re-download the software from:
http://www.superantispyware.com/download.html

Server MoBos entry level and higher

Top 10 Server Motherboards/ Mainboards

Without a good foundation, even the best processor and operating system will deliver poor performance. Choosing even a high end desktop board would not be a great solution as they contain sound, video, ethernet controller and other fluffy stuff if we consider it from the perspective of a server. Unlike the desktopmotherboards, server boards generally require less power and generate less heat. They do this by using server based processors like the XEON line and redundant power supplies. Also a good server board should have a good number of expansion slots to help your business grow. Here is a list of 10 motherboards for servers that will keep your business up and running.
  1. Intel 3210 SHLX Snowhill Server Motherboard
  2. ASUS DSEB-DG Server Motherboard
  3. Supermicro H8SSL-I
  4. Intel S5500BC Server Motherboard
  5. TYAN S4985G3NR  Server Motherboard
  6. ASUS Z8NA-D6C  Server Motherboard
  7. SUPERMICRO MBD-X8DT3-O  Server Motherboard
  8. Intel S3200SHV  Server Motherboard
  9. Asus M2N-LR (Socket AM2)
  10. Tyan Tomcat H1000s S3950 (Socket AM2)


1. Intel 3210 SHLX Snowhill Server Motherboard

  • 6 onboard SATAII that can be configured as RAID, IDE, and JBOD through the BIOS
  • 2 PCIX SLOTS
  • 1 PCI Slot
  • 2 PCIe Slots (1 16X, 1 4X)
  • Up to 8 GB DDR2 1066 RAM
  • Processor support for Pentium D, Dual Core, Quad Core, and Xeon based CPU (There are over 20 different processors this board can support)
  • Gigabit NIC (There are two, but one can be disabled TOTALY through the bios)
  • 6 USB ports (2 on the board, 4 external)

2. ASUS DSEB-DG Server Motherboard

  • Dual LGA 771 Intel 5400 SSI EEB 3.61 Dual Intel Xeon
  • Number of DDR2 Slots    8 x 240Pin
  • DDR2 Standard : DDR2 800
  • PATA : 1 x ATA 100 2 Dev. Max
  • SATA : 6 x SATA II
  • SATA RAID : 0/1/5/10
  • Additional SATA : 2 x SATA II
  • Additional SATA RAID : 0/1/10
  • LAN Chipset : Intel 6321+ Intel 82563EB Dual Port GbE
  • 2 x Intel 82573 GbE
  • Max LAN Speed    Quad 10/100/1000Mbps
Price
$390
13-121-328-03

3. Supermicro H8SSL-I

  • AMD Opteron™ 100 Series processor support, 800 MHz HyperTransport™ Link
  • ServerWorks HT1000 Chipset
  • Up to 4 GB DDR 400/333 SDRAM
  • Dual-port Broadcom BCM5704C Gigabit LAN / Ethernet Controller
  • Up to 4 SATA drives via HT1000 6
  • 1 64-bit PCI-X 133MHz 2 32-bit PCI 33MHz 7
  • ATI RageXL 8MB Graphics & VGA port
  • IPMI 2.0

4. Intel S5500BC Server Motherboard

  • Dual LGA 1366 Intel 5500 Tylersburg Dual Intel Xeon 5500 Series
  • Number of DDR3 Slots    8 × 240pin
  • PCI Express x8 : 2 half-length PCI Express 2.0 x8 slot
  • PCI Express x4 : 1 half-length PCI Express 2.0 x4 slot (x8 mechanical)
  • 1 half-length PCI Express 1.0 x4 slot
  • PCI Slots    1 half-length PCI 32/33 5V slot
  • SATA : 6 x SATA II
  • SATA RAID : Integrated SATA RAID levels 0/1/10
  • Optional SW RAID 5 with activation key
  • Max LAN Speed : Dual 10/100/1000Mbps
Price
$400

5. TYAN S4985G3NR  Server Motherboard

  • Thunder n4250QE Quad 1207(F)
  • NVIDIA nForce4 Professional 2200 + 2050
  • SSI MEB footprint
  • Four AMD Opteron (Rev. F) 8000 series (dual/quad-core) processors
  • Number of DDR2 Slots    16 x 240Pin
  • Maximum Memory Supported    128GB
  • PCI Express x16 : 2 x PCI-E x16 slots (with x16 signal)
  • 2 x PCI-E x16 slots (with x4 signal)
  • Max LAN Speed : Triple 10/100/1000Mbps
Price
$400
13-131-378-s03

6. ASUS Z8NA-D6C  Server Motherboard

  • Dual LGA 1366
  • Intel 5500 ATX
  • Quad-Core Intel Xeon X5500 Series (95W)
  • Quad-Core Intel Xeon E5500 Series (80W)
  • Quad-Core Intel Xeon L5500 Series (60W/38W)
  • Number of DDR3 Slots    6 × 240pin
  • Maximum up to 48GB (RDIMM), Maximum up to 24GB (UDIMM)
  • PCI Express 2.0 x 16 : 1
  • PCI Express x8 : 2 x PCI-E x8 (Gen2 X4 Link)
  • PCI Express x1 : 1 x MIO Slot for Audio card (PCI-E x1 is not supported)
  • SATA : 6 x SATA II
Price
$260

7. SUPERMICRO MBD-X8DT3-O  Server Motherboard

  • Dual LGA 1366 Intel 5520 Extended ATX Dual Intel Xeon Processor 5500 sequence (Nehalem-EP processor)
  • Number of DDR3 Slots    12 × 240pin
  • DDR3 Standard : DDR3 1333
  • Maximum Memory Supported : 96GB
  • PCI Express x8 : 3 PCI-E 2.0 x8 (1 in x16 slot)
  • PCI Express x4 : 1 PCI-E x4
  • PCI Slots    2
  • 8 x SAS ports
Price
$500

8. Intel S3200SHV  Server Motherboard

  • LGA 775 Intel 3200 Intel Xeon/Core 2
  • Number of DDR2 Slots    4 x 240Pin
  • Maximum Memory Supported : 8GB
  • PCI Express x8 : 1
  • PCI Express x4 : 1
  • PCI Slots    2
  • SATA : 6 x SATA II
  • SATA RAID : 0/1/5/10
Price
$200

9. Asus M2N-LR (Socket AM2)

  • AMD Opteron™ 1000 Series processor support
  • nVIDIA nForce Professional 3600 MCP
  • Maximum up to 8GB, Dual Channel ECC Un-buffered DDRII800
  • 5 Total slots : 1 * PCI-E x 16, 1 * 64bit/ 133GHz PCI-X, 1 * 64bit/ 133GHz PCI-X, 1 * 32bit / 33MHz PCI, 1 * SODIMM socket for ASMB3-SOL
  • 2 * Broadcom® BCM5721 PCI-E Gb LAN

10. Tyan Tomcat H1000s S3950 (Socket AM2)

  • AMD Opteron™ 1000 Series processor support
  • Broadcom HT1000 HyperTransport™ System
  • Four 240-pin DDR2 DIMM sockets, Up to 8GB of unbuffered DDR2 400/533/667
  • 2 Gbe LAN ports
  • (4) PCI v2.3 32-bit/33MHz slots, (1) PCI-X 64-bit/133MHz (3.3V) slot, (1) Tyan TARO™ SO-DIMM socket
  • XGI Volari Z7™ (XG20) graphics controller
 Asus server motherboards
Intel® Entry Server Board S3200SH - Ad Builder
Intel® Server Board S3420GP
Intel® Server Chassis SC5650