wrm

Truecrypt and physical hard drive errors

So you have a hard drive encrypted using Truecrypt. A very good solution to keeping data secure, but it does make your data more fragile. When* the drive goes TU, you can’t just run a recovery program on it, because encryption.

And of course so it came to pass. My hard drive developed read errors.

First thing, make a backup copy. For this you need a Linux box and ddrescue. And a large drive to recover to.

# ddrescue /dev/hdb /mnt/large-disk/diskimage /mnt/large-disk/logfile.log

(This takes a while, but when it’s done you can unplug your faulty disk, save it as much trauma as possible)

You now have an image of the whole disk. You want an image of the partition.

# fdisk -lu diskimage

Disk diskimage: 0 MB, 0 bytes
255 heads, 63 sectors/track, 0 cylinders, total 0 sectors
Units = sectors of 1 * 512 = 512 bytes
Disk identifier: 0x2fa13928

Device Boot Start End Blocks Id System
diskimage 63 976768064 488384001 7 HPFS/NTFS

Your partition starts at “Start” x “Units”, which would be 63 x 512 = 32256 in this case.

# losetup -o 32256 /dev/loop0 diskimage

You can now attempt to recover /dev/loop0. I found this easier in Windows, so

# dd if=/dev/loop0 of=/mnt/nfs-volume/diskimage.tc

And then back in the Windows world, you can use truecrypt to mount diskimage.tc and if you’re very lucky your files will be there. If you’re unlucky, truecrypt won’t recognise the image as a truecrypt volume, and you’re in more shit than I can help you with today.

In my case, truecrypt mounted the volume but Windows did not recognise it as a drive (i.e. a corrupted file system). There are tools for this. Unfortunately most of them work on physical disks, not virtual ones. Thank Finagle for google, who told me about GetDataBack. Specifically, GetDataBack 4.25. Pointed it at the virtual disk (G:) and it recovered all my files with absolutely no worries.

* Not if.

2014-08-08 by wrm Geek 0

Streisand Effect

There’s a hoary old bit of Internet folklore, that in the mists of time when dinosaurs roamed the computer rooms, there existed a machine which could be upgraded by cutting a single wire.

In other words, the machine shipped with more power than you paid for, with some kind of a silicon handbrake to cripple the hardware until such time as you could afford to pay for an upgrade.

But that’s long ago and ~~we do things differently now~~ some people don’t learn from history.

Because apparently Tektronix sells equipment with built-in capabilities that costs money to enable, except if you can program an EEPROM. And not with some encrypted password or string, no, apparently plain text available straight off of Tektronix’ website will do the trick.

So after Hackaday linked to Oontz’ website, Tektronix got all butthurt and issued a DMCA takedown notice.

Notes to Tektronix:

1. Streisand Effect. I wouldn’t have written this post if you had not got all upset.

2. Wayback Machine. Jason saved it all for us. Including the original post.

3. Once the cat is out of the bag, it becomes trivial to replicate. Even if you DMCA the Wayback Machine, and me, and everyone else… you still lose. See Note 1.

So, learn from this and design better security next time.

2014-08-06 by wrm Computers Farting around 0

Ons was jonk gewees

I remember when this album hit the shops. We loved it. I drove from Cape Town to Johannesburg, via St. Francis Bay, with one tape in the car. It was amazing.

2014-07-31 by wrm Farting around Get Off My Lawn 2

History lesson

21 Years ago, one man with a gun made a difference.

Having a gun, even an inexpensive ineffective low-capacity 38 Special snubnosed revolver, is better than not having a gun at all.

2014-07-25 by wrm Guns soapbox 1

The $25 Network

These days one can network a bunch of computers for $25 without breaking much of a sweat, since most if not all computers these days come with a network port right there on the motherboard, and if it’s a notebook there will be wi-fi right there as well.

But back in 1987 networks were a big deal. Arcnet came out in 1982 and Ethernet was standardized in 1983 — using almost-a-centimeter-thick coax cables with the delightfully named “vampire tap” connecting stations to the backbone. Yes, we’ve come a long way.

So being able to network two or three machines for $25 was a Big Deal. At around the same time you could get two Ethernet adapters and a cable from LANtastic for $699.

How? Point-to-point serial cables, with one machine acting as a hub in three-machine installations. According to the documentation, this is good for 80 feet at full speed (115 kbit/s). This and some very clever DOS software from D. Jindra and R Armstrong, calling themselves Information Modes and operating from a drawer in Texas. All drives (which in 1987 meant 360k to 1.2Mbyte floppies, and maybe a 20Mbyte hard drive somewhere) and printers could be accessed from all the machines in this network.

It was magic, I tell you. Kids of today, they don’t believe a word of it.

Link to the files I have (Time has not been kind. There’s some bitrot in the filenames I think)
The Data Packrat has a disk image of a different version of the $25 Network and delightfully odd ideas of how the internet works.

2014-07-23 by wrm Computers Get Off My Lawn 1

Yes!

2014-07-16 by wrm Farting around Geek 0

Kenwood TK-2000 password

A tale of how not to do it, with a happy ending.

Our hunting club has eight Kenwood TK-2000 walkie-talkies. This is hardly ever enough, even when I take my Baofeng UV-B5* with.

So when a fellow ham had two TK-2000s for sale, I bought them. The programming cable is easy, and the software (KPG-137D) is not hard to find.

The first radio programmed fine, the second one… is password protected. I’m sure there’s a trick to resetting the password, I just don’t know what it is. So out comes the schematic from the service manual, and there’s an EX24016 hanging off the side of the R5F2136A microcontroller. EX24016 being another way of saying 24C16 which is an EEPROM. Memory. Where things get stored.

And while my favourite programming language is not solder, I’m not half bad at it.

And one universal programmer and one of my favourite tools later we have (the bits not shown are all just FF).

OK, so what does this mean? Stumped me too. The stuff at the end is self-explanatory, it’s a TK-2000 and the serial number of this one is B1104749. I’m pretty sure it’s on the same frequency as the other one, that would be one channel only, 169.43750 with a 103.5 Hz subtone, high power, narrow band. Oh look, right at the start there’s a sequence of bytes, 50 37 94 16 repeated twice. Back to front, transmit and receive frequencies. Given enough time one could decipher the whole thing, but that’s not important right now. We need the password.

The KPG-137D help file tells me that there are two passwords, one to allow you to read the data and the other for writing. The password is a number from zero to 999999 (six digits). This eliminates a whole bunch of hopefuls like “PTK-2000” or one of those long strings at 1824/1840.

So I stuck the EEPROM back into the radio, wired the cable up, and started guessing. I had some hope for “222222”, for example. But no, it wasn’t going to be that easy.

So I thought, maybe the KPG-137D software “knows” what the password is. In other words, is the password sent to the transceiver, or checked on the local machine? I’m not expecting strong security here. I wired a second serial port to eavesdrop on the datastream (19200 N81) and saw that there’s no traffic on the line while I’m guessing passwords. So I tried looking on the heap of the KPG-137D but I suspect the password is stored as a number, not as text, no joy there either. There’s a lot of data on the heap and anything could be the password. Someone who knows Windows better than I do would be able to trap this thing at the right place and get the password.

Next I hauled out my working transceiver, and eavesdropped the datastream with different passwords set (I started with 000000, 000001, 000002). I noticed that the first 52 bytes of a read are the same and that after that things change.

Password Bytes 53-56 Binary
000000   AC B3 AF AD 1010 1100 1011 0011 1010 1111 1010 1101
000001   B8 A7 BB B9 1011 1000 1010 0111 1011 1011 1011 1001
000002   A9 B6 AA A8 1010 1001 1011 0110 1010 1010 1010 1000
                     ^^^  ^ ^  ^^^  ^ ^  ^^^  ^ ^  ^^^  ^ ^

Note the columns that stay the same in the binary. This suggests that old favourite, XOR encryption. The only problem is that I’m changing two bits in the password and three bits are changing in the data, which suggests some other nefarious seekrit manipulation.

With enough sample cases, I can figure it out, I’m sure.

Time to try something else. I didn’t really want to potentially break my working transceiver, but desperate times. Yup, I ripped the EEPROM out of that sucker and read it as well.

Byte 16 is “0A” instead of “FF” and bytes 22/23 and 25/26 is “FF FF” instead of “56 91”. That’s the first difference in the EEPROM, might as well start there. I first converted 0x5691 and 0x9156 to decimal, that didn’t work, but plain old “5691” did. I would have put money on “9156” being more likely to work than “5691”, based on the frequency being stored arse-endian, but no.

So there you have it. If I’d tried enough numbers from the EEPROM instead of giving up after not finding the password in plain text, I would have been there a lot earlier.

* A cheap and nasty, but extremely versatile little radio. Does VHF and UHF amateur bands, PMR and FRS, marine… you can get yourself into all kinds of trouble with this thing.

2014-07-16 by wrm Electronics Radio 0

I think I coined a new term.

Someone who looks at a picture like this one

and comments

Finger off the trigger tsk tsk :)

shall henceforth be known as a gunorak.

2014-07-14 by wrm Farting around Guns 0

Be vewy quiet…

If you wear camo and sit very quietly in the shade of a bush you can get to see interesting things.

See it? Lemme zoom in a bit for you.

I sat watching this fellow as he was making a beeline pretty much straight for me.

This is a split second after he saw me (the camo in the foreground is me). Changed his mind pretty quickly and made for the hills.

And the evening I had to eat a gemmerkoekie* as punishment for not shooting the blighter. Because there are two problem animals that get shot on sight on farms, jackal** and caracal***.

Why didn’t I shoot? The gemsbok were just behind that ridge ahead of me, and I was seriously considering changing my priority from kudu to gemsbok. That ended up not happening and I walked-and-surprised**** a nice young kudu bull the next day. So all turned out well.

* “gemmerkoekie” = ginger biscuit. But laced with Stroh rum. I like Stroh rum. This is a game I play to lose.

** Black-backed jackal, known as “rooijakkals” or red jackal in Afrikaans. The little bat-eared foxes and silver foxes are also “jakkals” in Afrikaans but you don’t shoot those.

*** I don’t think I’ll ever be able to shoot a caracal. And of course the african wild cat is rightly so a no-shoot.

**** You don’t walk-and-stalk a kudu. You walk-and-surprise it. It will see you before you see it, if you’re moving, and it won’t stay around for too long. And once they’re gone, they are gone. Over the mountain, down the other side, over the next mountain, and still going strong, while you’re still trying to find your second wind.

2014-06-30 by wrm Farting around Guns 2

The war that didn’t end all wars

100 years ago, it seems that everyone all over Europe was itchy as all hell, and all that was needed was a tiny spark.

Enter stage left, a troop of ~~idiots~~ students* who figure that killing the Archduke Ferdinand would be a just dandy way of getting the sweetties they’ve been stamping their foot about all along. This crazy is well matched on the Archduke’s side, who after being narrowly missed by a bomb in the morning sticks around town instead of getting the hell out**.

And even then all would have been well for Franz Ferdinand had they not got lost to the tune of accidentally finding Gavrilo where he sat nursing a cup of coffee, a grudge and a gun.

Not that anyone much cared.

But Europe was spoiling for a fight, and the finger poking and name-calling and posturing escalated. Germany had a long-polished plan to invade France which, by all accounts, it didn’t really want to use at the time, but then France went and tweaked Germany’s tail and then the trouble started.

Or at least, that’s how we mostly see things. Because history is written by the winners.

Nevertheless, the result was major bloodshed. Would they really have done it had they known what the price would be?

Photo: Wikimedia Commons

100 years later, and there’s still no end to itchy idiots, military posturing or war.

Remember.

* Repeating myself, of course.

** In the finest tradition of some authors whose work I like, I will mention that the whole story is exquisitely explained on Wikipedia, for the low low price of free.

2014-06-28 by wrm Uncategorized 0