my sexy new multifunctional bootable autorunning switchblade, drive.
Dec 18, 2007 Tech
So ive had my 4gb u3 enabled cruzer micro (I may actually buy a cruzer titanium because the plastic case feels a bit thin on this one) usb flash drive for a while now, and id been planning to setup a number of things on it.
- an implementation of switchblade.
- a portable applications menu.
- a bootable version of winPE.
Ive just finished setting up all of these on my drive, and now it rocks 
The implementation of switchblade is pretty good as its sets to run completly from the u3 partition so that any anti virus software that thinks its a virus cant delete any of the files as the u3 partition is basically an emulated cd rom drive and as such is read only. log files are saved the the flash partition of the drive but theyre hardly likely to be detected as viruses this autoruns in the background on the drive when i plug it in. no popup windows or anything, thanks to CHP.exe 
the options of this ‘payload’ are configurable from a configuration program that is kept on the root of the flash drive, which is handy. One improvement to this that i might consider looking into is packing some of the ‘detected’ files with a uPX packer or something similar this should make them less detectable by anti virus softwares.
Btw, for the uniformed, Switchblade is a set of applications and scripts setup in such a way that they run silently when the drive is plugged in, these scripts applications, rip & decrypt usernames and passwords for windows, IE, firefox, email accounts, IM accounts such as MSN/WML/IRC etc, /network usernames and passwords, wireless keys, internal and external ip addresses and probably a lot more. it also sets vnc up as well as a mail server that sends email thorugh a secure tunnel to a specified email address, the emails contain attachments of the files that are ripped from pendrive and usb drives that are plugged in after mine. yeah im nosey. there is an option rip the contents of the my documents folder to the pendrive too, but ive left that option disabled just incase the mydocuments folder turns out to be like 8gb and then a copy error shows up, that’d be hard to explain lol.
the portable apps menu doesnt run automatically, but thats because its contained in a portable truecrypt partition. when plugging the drive in, truecrypt will auto start up and ask me for a password to the partition, upon entering this password i have full access to a whole load of applications tyhat i use normally on my home pc (the whole encrypted truecrypt partition only takes up 512mb so theres penty of space) if i dont enter the password i can just use the drive as a normal storage drive if i dont need to access my applications. Im also using a forked version of the portable apps menu which gives a lot more functionality and flexibility in terms of menu organisation.
The drive is also formatted as FAT (yes just FAT) so that it can be set bootable, there is an installation of BartPE on the drive which boots when you plug the drive in. Unfortunatly my motherboard doesnt support USB Booting 
So i havent been able to test it, VMware doesnt give me much luck either, but it should work depending on if the motherboard supports it, hopefully more motherboards will start to support it soon. This brings me onto my next project which i will talk about in a bit.
Also on both the u3 volume and the flash partition there are custom autorun.inf files that define custom context menu items ahd control what the default action is on a double click of that drive. I always hated that “autorun” or “autoplay” because the default action when there was a CD or autorun USB stick in the drive. So ive changed those back to “open” which just opens the “Files” folder on the flash drive when you double click it. same for both partitions, except for the u3 partition where its the root of the drive. but you wont find much there as all the files have been hidden. (as in hidden from windows too, you cant access them from explorer or DOS.) the context menu entries include an option to run truecrypt and an option to dismount all truecrypt partitions, as well as the autorun option which i cant seem to get rid of but that doesnt bother me really, and then theres the other uselless options that windows adss like explore and search. the autorun files also define the icon and the label for each drive, the icons are kept on the flash part so they dont default to windows icons, bu you know what windows is like, it still refuses to set my virtual drives to the same icon as my actual optical drive but never mind. the icons arnt a big deal tbh, just a nice feature.
Some more techincal details of how the drive is setup:
I used UltraISO to create a custom ISO to be ‘flashed’ to my u3 partition using universal customiser, my custom ISO is about 9.30MB so the original sandisk installer wont work, i think it can only handle an ISO thats around 3-4MB.
The custom ISO contains:
- Smithtech applauncher.
- Custom autorun.inf
- Switchblade implentation.
the autorun file is set to automatically run applauncher on start. this application will then run the 3 programs defined in its configuration. the configuration file is kept on the flash partition. in addition to running the defined applications it will also set a system variable of my choosing (I chose “U3CD”) this means i can use %U3CD% in paths to certain files and applications and it will point to the letter currently assigned to the u3 partition of the pendrive. this is because the drive letter may change from pc to pc due to the different drive letter configurations.
the first application the applauncher runs is drivevar. this program is solely for setting a system variable (%PA_DRV%) from the flash partition of the usb drive, I dont mind that you cant customise this one though, its still usable . this runs with the paramenter -a which will add the system variable without prompting the user.
The next application it runs is “chp.exe” this small .exe file is used for creating and starting hidden processes, hence the name CHP (Create hidden process) this is run with the parameter of go.exe (this is a small .exe file i made myself that simly runs a .vbs file from the u3 flash partition. this is what starts the payload running. Yes that is a long winded way of getting it to run but thats because applauncher has a few limitations when it comes to running programs/files. the applauncher cant run an application from the drive its running for (e.g. the u3 partition) and it also seems it can run anything but .exe files. (hence not being able to just put the vbs file on the flash partition – plus this saves it from deletion by an anti virus as mentioned earlier).
the 3rd program that is set to run truecrypt, this runns with a few paramenters which means it just pops up a password box asking for my password, which is handy.
the way the switchblade is implemented also has some error ‘managment’ too, if for some reason the system variable for the u3 partition doesnt get set, instead of not doing anything or producing error messages on screen, it runs a substitue vbs file that simply pops up a dialog welcoming me. this is so that i know the payload hasnt run but anyone watching would just think it was a cool ‘toy’ that i’d set up. this works because there is an identically named vbs file on the root of the flash drive, if the system variable isnt set then the .exe file assumes it should run the vbs file from “\” (current directory) which turns out to be the vbs file that pops up the “cool” welcome message.
as well as error managment the switchblade is setup to check for a certain file on the root of the c drive before running, if it finds this file it will not run (it wont do anything at all) this is so that i can plug the drive into my own machine safely without owning myself with my own payload :p
as i said earlier, the drive is formatted in FAT and has been set bootable, also the volume boot sector id has been set to 0×80, this is what makes the usb drive bootable. (again, this depends on the motherboard/BIOS and if it supports booting from usb devices).
To do all this I used PetoUSB. You’ll need a bartpe build source directory. this will copy bartpe to the disk too so all you need to do is setup your bios to bott from usb, restart and test if it works.
As I said earlier, this beings me onto my next project:
A Bootable DOS CD.
Yes, I know it doesnt sound as exciting but this will enable me to use my bartPE stick on a lot more computers, for example if the computer doesnt support booting to usb devices, like mine, then i can boot from a CD and launch bartpe from that.
for this to work i’ll have to look into loading usb drivers in DOS and accessing devices from DOS.
maybe setup an autorun so that when the CD boots up it automatically looks for the USB drive and boots bartpe from there automatically.
I’ll probably attempt this sometime in the new year, get christmas over with first.
after that my next project will be something similar but with the ability to emulate drives or mount .iso files in DOS.
this is so I can create a customised version of a windows install, maybe an unattended install, and install it from the usb drive, without having to carry around CDs all the time.
When i finally get one of these other projects finished, i may post here to say how i did it
I might post a tutorial sometime on how to do this, although this post pretty much explains the majority of it.
Thats all for now, folks.
Yes, that was a very long post.
In other news: I’ve recently discovered the awesomeness that is ill nino, it really is a mystery why I havent heard of this band before.
Tags: autorun, bartpe, computer, portable, portableapps, software, switchblade, Tech, usb, windows
A visual representation of my hard drive
Dec 6, 2007 Tech
So I recently downloaded something called WinDirStat that scans all your hard drives and gives you a visual representation of whats useing up what space, it really is pretty cool because each little block shows 1 file and the size of the block shows up the amount of space used by that file, it gives some other interesting stats too. heres mine:
- Physical Hard drives: 3
- Partitions: 6
- total space: 1000.8GB
- Used space: 843GB
- 741,733 items
- 694,062 Files
- 47,671 Folders
(I Actually added the first two stats myself). Yeah i have too much stuff lol, I’d really like to get like a 2TB NAS at sometime, just so i can backup this up really lol, I only really backup the important stuff atm. here is mine. (yeah thats a pretty, wide pic. ) Read the rest of this entry »
Tags: computer, hard drive, space, wordpress
Carry on using MSN 7.5 after a forced upgrade
Sep 16, 2007 Tech
So the other day I went to login to msn (using version 7.5) and it asked me to upgrade before i could login. So either I upgrade or dont login, nice.
Ive never really liked the WLM Versions really. mostly because MsgPlus! has removed a much used feature from the newer version of the app which is compatible with the newer versions of WLM. I would use WLM if Plus! added this feature back in. although I believe it was removed because WLM aoffered the function in itself anyway. (which isnt exactly true but still)
Anyways, on to the good stuff…
To carry on using MSN 7.5 or any other version that requires you to upgrade before logging in.
Close MSN down from the tray so its not running at all.
Open Reshacker and open msnmsgr.exe from the MSN Folder in program files.
Click the + next to “Version info”, then click the + next to “1″ and finally click “1033″.
On the left hand side you will see version information for the file.
replace the line that says
VALUE “FileVersion”, “[your file version]“
with
VALUE “FileVersion”, “8.5.0324″
[your file version] will be the version of msn your currently have and want to carry on using.
also replace this line
VALUE “ProductVersion”, “[your file version]“
with
VALUE “ProductVersion”, “8.5.0324″
again, [your file version] will be whatever your msn version is.
Once you’ve done that click “compile script” and then click “file” > “Save as” and save it over the original msn executable.
This will fool the msn servers into thinking that your version of msn is the “latest and greatest” WLM version.
Start MSN again and login as normal, and you should have no problems.
Mess.be suggests you could use a HEX editor to do this too, but I think this way is easier myself.
Just make sure you dont accept any webcam requests from people you dont know, as this is why the upgrade was forced, there was an explit while allowed remote code execution and injection. Since your still using the same version the exploit is not patched, but if your smart enough to reshack your own msn executable I think it would be safe to say you would do this by default anyway.
An alternative method would be to download the newly released MSN version 7.0 (which includes the webcam exploit patched) and run it in win2000 compatibility mode, while this is a lot easier than hacking your current version with reshacker, it is a step down from MSN 7.5.
Enjoy!
Tags: forced upgrade, msn, upgrade, wlm
Support Autopatcher
Sep 3, 2007 Tech
Recently a app called autopatcher which contains current windows patches for patching offline windows installations was ‘terminated’ by Microsoft.
This is after 4 years of the app being in existence which is a bit odd tbh. Microsoft have said its not to do with WGA concerns, which is probably true because WGA is installed with autopatcher patches anyway.
my personal opinion is Microsoft is closing the project down now as they are creating thier own similar services (the windows update catalog) also with the first vista service pack on the horizon, they will want to restrict the ways users get the patches ensuring they go through a correct Microsoft channel to authenticate their windows installation.
the official reason from Microsoft is that they dont want the possibility of malicious code being installed alongside thier patches.
while microsoft have every right and concern to do this, it still pisses off a lot of people who used it.
more info on the subject can be found at these links:
the official “its closed down thread” at neowin. http://www.neowin.net/forum/index.php?showtopic=584427
the official “its closed down story” at autopatcher.com
http://www.autopatcher.com/134#comment-3702
one user took it upon himself to form a one man protest outside a Microsoft campus:
http://www.neowin.net/index.php?act=view&id=42304
Microsoft remains silent over autopatcher:
http://www.neowin.net/index.php?act=view&id=42295
for those interested, the C&D email received from Microsoft:
http://www.neowin.net/forum/index.php?showtopic=584427&view=findpost&p=588813856
register your protest by contacting Microsoft here:
https://support.microsoft.com/common/survey.aspx?scid=sw;en-gb;1348&showpage=1&WS=mscomukform1
letters others have written to Microsoft on the issue:
http://www.neowin.net/forum/index.php?showtopic=584427&view=findpost&p=588814393
http://www.neowin.net/forum/index.php?showtopic=584427&view=findpost&p=588814439
more ways to contact Microsoft:
http://www.microsoft.com/presspass/PR_Contacts.mspx
the story on digg:
http://digg.com/microsoft/Microsoft_Ceases_AutoPatcher_Project
cnet’s opinion:
http://news.com.com/Patch+service+shuts+after+Microsoft+request/2100-7350_3-6205191.html
the inquirer’s opinion:
http://www.theinquirer.net/?article=42008
the online petition to save autopatcher:
http://www.ipetitions.com/petition/SaveAutoPatcher/signatures.html
lunarsofts opinion:
http://lunarsoft.net/news-324.html
the register’s opinion:
http://www.theregister.co.uk/2007/08/30/autopatcher/
the story at PC pro:
http://www.pcpro.co.uk/news/news_story.php?id=123635
the story at slashdot:
http://yro.slashdot.org/article.pl?sid=07/08/29/1917221
the story at tech spot:
http://www.techspot.com/news/26809-microsoft-shuts-autopatcher-down.html
the story at search security – aus.
http://searchsecurity.techtarget.com.au/topics/article.asp?DocID=1270060
Atomic – Aus.
http://www.atomicmpc.com.au/forums.asp?s=2&c=21&t=1796
As you can see the news has reached the far corners of the web, from australia to the UK and the US.
If you still want to download autopatcher or its updates you can still use this mirror:
http://windowsedge.com/Mirror/AutoPatcher/Autopatcher-XP.html
Also here are some alternatives to autopatcher:
DIY Service packs:
http://www.heise-security.co.uk/articles/80682
Get all the security updates in one .ISO file from Microsoft for august:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E4DCC3E7-36BD-4C6F-A8B6-421CB8902EAA&displaylang=en
(unfortunately this contains updates for every version of windows so the file size is huge.)
windows updates downloader:
http://wud.jcarle.com
at the moment there is no news on weather autopatcher will survive.
Support auto patcher by displaying this image on your web site. (or create your own)
Thanks goes out to all those on the autopatcher team and everyone that made it possible
Tags: autopatcher, beta, neowin, site, support, Tech, updates, windows
10 Reasons why Gay marriage is unamerican
Aug 3, 2007 Other
Yes I know i live in the UK but i just found this via stumbleupon and thought it was pretty good.
Being gay is not natural. Real Americans always reject unnatural things like eyeglasses, polyester, and air conditioning.
Gay marriage will encourage people to be gay, in the same way that hanging around tall people will make you tall.
Legalizing gay marriage will open the door to all kinds of crazy behavior. People may even wish to marry their pets because a dog has legal standing and can sign a marriage contract.
Straight marriage has been around a long time and hasn’t changed at all; women are still property, blacks still can’t marry whites, and divorce is still illegal.
Straight marriage will be less meaningful if gay marriage were allowed; the sanctity of Britany Spears’ 55-hour just-for-fun marriage would be destroyed.
Straight marriages are valid because they produce children. Gay couples, infertile couples, and old people shouldn’t be allowed to marry because our orphanages aren’t full yet, and the world needs more children.
Obviously gay parents will raise gay children, since straight parents only raise straight children.
Gay marriage is not supported by religion. In a theocracy like ours, the values of one religion are imposed on the entire country. That’s why we have only one religion in America.
Children can never succeed without a male and a female role model at home. That’s why we as a society expressly forbid single parents to raise children.
Gay marriage will change the foundation of society; we could never adapt to new social norms. Just like we haven’t adapted to cars, the service-sector economy, or longer life spans.
New Harry Potter book leaked!
Jul 15, 2007 Other
The new harry potter book has been leaked, and just so you dont have to wait for the book to be released, here is the last page.
Having just performed Hermione’s third abortion, Harry Potter decided it was time to move on from Hogwarts. It seemed like only yesterday when he first looked upon this new and magical place with wonder and excitement in his eyes. But it had been a long seven years and he had seen too many muggles get raped and tortured for this place to ever feel the same again.
Young Harry, his innocence long ago lost to the fingers and tongue of Professor Snape, set out to enter a new world and leave this place behind him forever. But before he did, he decided to make one last trip through these hallowed halls to double-check the wiring on his bombs and to rub out one last load onto the pale, lifeless face of Ron Weasley.
Now a safe distance away from the campus, Harry was filled with a sense of pride and a smile slowly worked its way across his face. ‘This is it,’ he thought. Then he pressed the button that left the Hogwarts’ grounds covered in nothing but flaming rubble and the charred remains of hundreds of young wizards and witches.
Harry was now ready to move into Voldemort’s secluded castle in the hills, where the two of them would live out the remainder of their lives exchanging Rusty Trombones. He slowly made his way down that dark and lonely path that would take him to his destiny. That’s when the ghost of Dumbledore appeared, decapitated Harry, and drank the precious blood that would once again give him life. Then a pack of wolves ate him.
You should thank me, I just saved you some money.
Just Kidding
(Shamelessly stolen from T-Shirt Hell’s Mid-July Thing.)
Tags: life
The pinnacle of shitty software
So today I remembered an app that i used to use to “wipe free space”, it basically writes over your blank space with 0′s. because as everyone knows when you delete something its not actually deleted. so this app would actually go through your hard drives and “clean” your disks. I thought I hadnt done that for a while, but thats because I lost the app, and the only thing i remember about it is that the .exe file was called restore.exe, and google didnt give any results. anyways, so i thought I’d search google for an alternative, I didnt find many that were free(maybe im just rubbish at searching), the most i could find was a shareware version of a pprogram called “12ghosts shredder”. so i downloaded and installed, and looking through the options I thought it seemed quite a through program, so i clicked the “clean now button”, and within a few mins it tols me it was finished, odd I though as i Have around 500gb of space for it o work though, so looking further into the program, i had to tell it what to clean, so after ticking the box’s and pressing the button again, the program then proceeded to fill up my hard drive with files called “delete_me_delete_me_delete_me_(random_number).del”, they filled my desktop, my start menu, my quick launch menu, and pretty much any other folder I could find. WTF? and by the the prgress indicator said it was only 10% done, it stopped every 10 seconds with a dialog asking me to buy the program, which got really fucking annoying, So i quit, and then using windows search i searched for all files beggining with “delete_me”, there were over 50,000 files found, all of them 0kb. what possible use could these files have? apart from pissing off the user. I tried selecting them all and deleting them, but as you can imagine trying to delete 50,000 files in one go wasnt going to be easy. I tried system restore, but that didnt seem to affect it. so eventually I had to open a DOS prompt and use the “del” command to the delete them.
Never again am I going to use such shitty software. and if i Have to i’ll set up a sandbox or VM or something.
>.<
/end rant
Allofmp3 shutdown by russian government, iphone firmware released to web
Jul 3, 2007 Tech
Well it seems that the RIAA have finally got thier way, they threatened not to let the russian government into the WTO unless the site was shutdown. arses, lol.
More info: http://torrentfreak.com/allofmp3-shut-down-by-russian-government
The good news though is that, the company behind allofmp3.com have launched another mp3 website called MP3sparks.com, which uses the same interface, and user database, users of allofmp3.com can login to the site with thier details and access thier balance and download tracks. So really all I can see thats changed is that they’ve changed thier name and created a new skin for thier interface. I’ve always thought the name “all of mp3″ was a bit naff anyways, mp3sparks sounds much better 
Also another similar site that got my attention was mp3sugar.com, I dont think they’re run by the same people, but it looks like a similar service, ive yet to try it out though. plus theres always torrents, newgroups etc.
In other news, the recently released iPhone has had its root passwords cracked and had its firmware released onto the web.
more info: http://digg.com/apple/iPhone_Firmware_for_download
I think it’ll be cool to see all the new things people can come up with..
Thats all for now folks