The PDA of tungsten

In order to finalize this series of posts dedicated to the use of our Palm like tool of hacking, we will see some tools of security to protect, as much the equipment as the data that contains, of possible attacks.

• CryptoPad is a replacement for the application Notes that come by defect in PalmOS. It adds Blowfish encryption to notes, avoiding so whatever it accedes to the Palm them it can read. The program also has a complement for the PC, and so to publish kept notes it will be easier.

Cryptopad adds coding to our Notes

• CCrypt also allows us to base texts, in this case using the algorithm IDEA. The based text copy to the paper holder, of where it we will be able to stick in a Note or document that we want. In order to decipher it, simply we will have to copy the text to the paper holder from a program, and it will decipher it to CCrypt.
• If what we want is to maintain a series of archives in our Palm well safe, nothing better than to create a virtual unit encriptada with the CryptDrive program, del that already we spoke in another occasion.
• GridLock controls the access to the Palm by means of a grid of 5×5 squares, that it replaces to the field of the password. Instead of a key word, now it will be necessary to know the drawing that we have chosen to unblock the apparatus. This method makes more express the authorized access that to have to write a word whenever we ignite the Palm.

Gridlock replaces the password with a drawing in a grid

• Craddle Robber does not protect our data but the Palm to the complete one. Its objective is that they do not rob it to us while we left it loading in the pedestal: if somebody disconnects the Palm of the pedestal while it is loading, after seconds it will begin to sound an alarm and all the bellboys will block themselves, until a password of unfreezing is introduced correctly or it becomes to put the Palm in the pedestal. If the password is not introduced, will continue sounding until the battery is run out. In addition, hard and soft reset are blocked whereas the alarm is sounding.


Craddle Robber will avoid that they rob our Palm when is loading

• Since we have already seen in multiple occasions, the security of our systems depends completely on the election of a good password. I make reference to post previous where we have seen as our Palm could help us to choose good passwords, and also remember them of safe way. In order to increase the options, also I recommend to prove ALP (Account Login Password), that counts on a complement for the PC like Keyring.

Keyring is a complete manager of passwords

• Nevertheless, the method more surely to protect our PDA is, without a doubt, Thumb Scan, a program that the digital track in the touch screen recognizes, allowing therefore the access only to its owner. The unique problem is that… it is a joke, but is very well to make an impression to the friendly.

Finally recognition of digital track in the Palm

With this chapter dedicated to the security and based it concludes this series of posts dedicated to the Palm like tool of hacker. I hope that there are shortage new utilities for your Palm, that since we have seen day after day, is an authentic tool multipurpose.

By: Tricks
13 commentaries | Trackback |  To print this post

We follow with this series of articles on the Palm like tools of hacking, centering in this case in the telephony and the Phreaking to us.

Phreaking is a term coined in the computer science subculture to denominate the activity of those individuals that orient their studies and leisure towards the learning and understanding of the operation of telephones of diverse nature, technologies of telecommunications, operation of telephone companies, systems which they compose a wire net and finally; applied electronics to telephone systems.

The goal of phreakers is generally to meet intellectual challenges of increasing complexity reacted with security incidences or failures in the telephone systems that allow them to obtain nonaccessible privileges of legal form.

The term “Phreak” is a conjunction of the words phone (telephone in English) and freak (monster in English). Also one talks about to the use of several frequencies of audio manipulating a telephone system, since the word phreak is pronounced of form similar to frequency (frequency).

Phreak is a closely tie discipline with hacking conventional. Auque often is considered and categorisen like computer science a specific type of hacking: hacking oriented to the telephony and closely tie with the electronics, in fact phreaking is the germ of hacking since the telephone system is previous to the extension of computer science at popular level, hacking arose from the contact of phreakers with the first personal computer science systems and communications networks.

Many tools of phreaking and telephony for our Palm exist generally:

• DigiDialer is a telephone marker DTMF (marking by tones) for our Palm. Simply we must approach the Palm the earpiece of the telephone, and through loudspeaker it will emit the tones necessary to dial the number that we want. This avoids to us to have to key we the number, not even to remember it. The program allows to concern the telephone numbers of the list of Contacts of the Palm.

Digidialer will dial by us a number on a conventional telephone

• Similar to the previous one, DTMF GIVES is a Desktop Accesory to generate tones DTMF to realise telephone calls.
• War dialing or wardialing is a method to scan automatically telephone numbers using a modem, normally calling to each number in a local area to discover what computers or faxes it has available. Then it is tried to accede to them guessing the passwords. The name of this technique makes reference to the film of 1983 Games military, where the protagonist used her computer to call to each telephone of Sunnyvale, California, looking for other computers. A program for PalmOS exists, TBA that will serve to us if our Palm is connected to a modem. For other systems many programs of wardialing exist. For PC the famous THC-Scan program exists, of which I have found a tutorial in video.
• Spoofing, in terms of security of networks, makes reference to the use of techniques of suplantación of identity generally with malicious uses or investigation. SMS Spoof sends messages SMS modifying the telephone number of the sender, doing so it seems that the message has been sent from this other number.

Sending a message SMS with a false sender

• A Network Box is an apparatus that simulates the inserted salary currencies on a pay telephone, emitting certain sounds that the telephone interprets. RedPalm is a Network Canadian Box that generates tones of the currencies “to quarter”, “tell me” and “nickel”. This application requires to also install cbasPad, a BASIC interpreter. The source code is really very simple.
• You make a draft Extra is a program for telephones Kyocera and Treo to control the telephone cost approximately, and to obtain interesting statistics of the use.

Controlling our telephone cost with You make a draft Extra

• Smorse (Simple Morse code to sender) sends Morse code through loudspeaker of the Palm to 1-80 words per minute. At more speed it is not possible due to the limit of 10 milliseconds of resolution of the internal loudspeaker.
• Like curiosity, although related to telephony (at least the traditional one) RJ45 it is not a small program for Palm that shows the ways to finish a network cable we are going when it to crimpar: direct (host to hub) and cruzado (host to host).

Everything a world the one of phreaking, and as always, a world transferable to our Palm. In next post we will see the last chapter of this series of posts dedicated to how using the Palm like tool of hacking.

By: Tricks
5 commentaries | Trackback |  To print this post

Continuing with this series of posts on how to turn our Palm into a tool of hacking, today we will see like, once our Palm is within the network, we have all the tools necessary to explore it:

• Mergic Ping is an implementation for Palm OS of the commando Ping de UNIX (ICMP echo). It can be used jointly with Mergic VPN to verify our connectivity with the virtual private network or, generally, with any equipment of the network.
• After giving a name of host or direction him IP to analyze, PalmPing will prove different services (for example the echo), detecting if the same exist in the equipment under test. Also it provides network statistics, using the requests of native statistics of PalmOS.

Verifying that an equipment is connected to the network

• A tool as Traceroute we cannot need, if we want to use the Palm to analyze incidences in our network. Traceroute consists of discovering the equipment that a package crosses in its way between our PDA and the equipment destiny of the same.
• Like client of WHOIS, a service that allows to obtain data on Internet dominions (like proprietor or email of contact), we can use vWhois. Another gratito program with the same purpose is WHOIS.
• In order to by hand have all these small utilities of network easily, we can install CheckWWW, a tool that Integra WHOIS, Ping, Traceroute, NS Lookup and Finger.

Obtaining data of a dominion

• PScan is another fundamental tool, in this case a scanner of ports for PalmOS. The last version is functional, and its code is free.
• PalmMap is another scanner of ports, in this case trying of being similar to famous nmap. It is necessary to compile it from his source code.

Escanenado the ports of an equipment of the network

• PortScanner is another scanner of ports for networks TCP/IP. Escáneres of ports allows to know what ports are open in a given equipment their IP or names of host. Wifi is useful for example in networks, to know what services are available in hotspot.
• PingAlink is a service of external monitoring for Web servers and other equipment of network. Constantly the yield of our servant or equipment monitors.
• A similar tool is also HTTP ServerWatch, which compiles information on the response time of our servants, among others.
• Something that has surprised to me to find, and that would wish that you tried in your Palm to see if it is certain, it is that PalmOS brings integrated network tools (info, to finger, nettrace, and ping), but are only accessible through a Passover egg. Info shows information on the active connection, Finger is used to find users in host remote, nettrace allows to prove the connection to host remote and Ping as we know serves to prove the connectivity. In order to find we must them go to “Preferences”, to enter “Network”, the menu “Options” to choose the element “To see Logs”, once open write in graffitti one “” and to beat to accept: she will appear one lists with the tools of network available.
• Cgicheck99 is one of carried escáneres cgi more, running in a total of 37 operating systems, including PalmOS. It detects 119 CGIs habitual and other details. It even reports vulnerabilities with his YOU GO Bugtraq. Rebol interpreter needs.
• Of Hydra already we have spoken like utility to discover passwords, but this so complete program also has capacity in this category.
• In order to sail by the information that the IANA publishes, we have iDomains (to the level dominions superior) and iServices (to know to the ports and protocols that uses the services of network).
• In order to avoid that our Palm goes out while we are connected to the network, the small Powernet utility exists. Thus we will not become disconnected of the servants to leave the unheeded Palm during minutes. If what we want to deactivate the temporisation of dull of the Palm of definitive way, we can use AlwaysOn.

Increasing the time of car-dull of the PDA

As we see, a considerable list of utilities, that demonstrates the interest to use the Palm like tools of hacking and networking. In next post we will follow with this series of articles.

By: Tricks
9 commentaries | Trackback |  To print this post

Continuing with the series of articles in which we are seeing how the Palm can be the tool preferred of hacker, after to have seen the necessary tools for the most habitual tasks of networking, we are going to treat techniques to detect networks and to create less conventional connections:

• For the Palm with bluetooth, BtSerial Pro allows to connect them to any device bluetooth, that has supported to the service of port series bluetooth. This allows us to easily connect movable, sensorial telephones, etc. In the same page we can find but gratuitous BtSerial, and BtServer more basic, that allows to create the port series bluetooth in masterful way, so that other devices bluetooth connect him. For example, using BtSerial in a PDA and BtServer in another one, we have a basic system of chat by bluetooth.

Connecting by bluetooth with BtSerial

• With respect to the networks wifi, whenever our Palm has east type of integrated connectivity, like in the Lifedrive or the TX, or we have bought a card SD wifi, we will be able to use the tools that already we saw in this other article on the subject: NetChaser, Wiffi, Wifi-where, etc, that will allow to detect networks us wifi in our environs without having to load with a portable one.

Detecting networks wifi with NetChaser

• For the equipment that has an infrared port (IrDA), the utility will come to us very well TO GO Ping. This program allows to verify the communications between a Palm and any other equipment with infrared port, like printers, movable telephones, or another PDA.

Analyzing a connection by infrared

Finally, a peculiar use of the port infrared is the one to use the Palm like remote control of a car, although of course, in the old models that used this type of connection, since nowadays all the controls work by radio frequency.

It is possible to emulate a control of infrared our Palm

Now already we know like connecting our Palm in a network. In next post of this series we will see all the tools of network analysis that exists for our Palm.

By: Tricks
8 commentaries | Trackback |  To print this post

Carlos, of Lost in Japan, has remembered to me that today is the BlogDay. Thank you very much Carlos to choose the PDA of tungsten! It has animated to participate to me clearly, so I am going to mention five blogs that does not have anything to do with the Palm but that itself by far interest (besides Lost in Japan and all the others blogs which I connect from the PDA of Tungsten,):

BlogDay 2007 (31 of August - 3108)

• SigT is blog where his author, Armonth, publish much interesting information regarding WordPress, the CMS on which works the PDA of Tungsten. But also I like many other things that generally write on the world of computer science and the technology. For that they want to be up-to-date of the new features in the world of Wordpress in Spanish, I recommend the Wordpress Planet, where Anieto and many others also collaborate bloggers with very good hand with this CMS.
• Flashes are blog of surprising histories. I really ask myself which can be the sources that Aberron has to have always material so interesting. Test of its quality is that it has appeared several times mentioned in Microsiervos, and has gained it by own merits.
• Obsolete technology is another one blog that is worth the trouble, with histories not so startling, but with their own “style” that makes interesting, besides emphasizing by the information that contributes. Note when there is somebody behind blog that knows than is spoken.
• Histories of science are another one of my favorites to read long and interesting entrances. Cargadito of scientific anecdotes and details of the life and discoveries of the scientists who have marked the difference in our History, is a very pleasant reading, and with the same sensation at the end of reading something written by which it knows than it speaks.
• In order to finish, Diariomotor is blog that itself to be abreast of the launchings of new models, new spy photos, peculiar histories related to the world of the motor, etc. They do not overload to the reader with so many posts daily as in others blogs of motor, something that is thanked for, and its style turns out pleasant to read, I suppose that for that reason it has gotten to be one from my favorites.

I hope that these recommendations make discover some you blog that you did not know and that you like. Animaos to continue this “meme” recommending other five blogs, and between all we will unearth many that the pain is worth to know.

By: generally
5 commentaries | Trackback |  To print this post