Saturday, August 30, 2008

iPhone QuickPWN for Mac Released.

I know, everybody is speaking about new QuickPWN for MAC.
It's a light version of PWNTool, which makes an easy and quick pownage. It doesn't build a customized firmware, it doesn't break into the bundle; it's just a "pownage action" :)

So, why lots of people are flatting this tool ? I really don't understand that. Anyway, it's very cool, It looks very nice and it's very intuitive. So, I've also written about that :) .... Good Job guys !

Friday, August 29, 2008

How to break into a PIN locked iPhone

I know, it's not more a news, but in these days I'm quite busy. Sorry for that.
Anyway the new iPhone Firmware has a very huge bug which allows you to get access to a PIN locked device.
If you wanna try it, just follow this attack vector:

I would have never believed that Apple has these kind of buggy problems. Probably they need a security engineer :) ... and probably they know it.

Tuesday, August 26, 2008

Magic SysRQ key

Hi Folks, it's the first time that I see this kind of stuff : magic SysRQ Key .
It provides a way to send commands directly to the kernel through the /proc filesystem.

It is a 'magical' key combo you can hit which the kernel will respond to
regardless of whatever else it is doing, unless it is completely locked up.

It is enabled via a kernel compile time option, CONFIG_MAGIC_SYSRQ, which seems to be standard on most distributions.
So if you're administrating a remote server and suddenly it doesn't respond to commands, like for example :

you need a "magic command".
So, first you must activate the magic SysRq option:

And then you may reboot your system in such way:

Isn't it really cool ?
If you wanna learn more about magic SysRq you can read the sysrq.txt file in the kernel documentation.

of course if you wanna start it during the boot using sysctl you can by typing:

Sunday, August 24, 2008

Race condition or Antivirus ?

Hi folks,
What happens if on your voting machine is running an AV ? Maybe it will disturb your election like they say or maybe having an AV is a good ting but your voting system is logically bugged and the problem is still deep.

Joe Hall has the details. Check it here. The Premier reports aren't that clear. Here's the "technical background".
The GEMS poster works by receiving concurrent uploads from the memory cards and then saving that data in temporary files for posting to the election databse in a serialized manner, i.e. one at a time. This design is used to optimize the database access performance as well as the upload data performance.
The issue identified is a logic error that allows the poster to attempt to post a file that is still being received when two or more files are received in sequence, and the first file takes longer to save than the second file. If a sharing violation occures, the posting of the first file is the one affected. Note that files typically take very few milliseconds to save, whereas large files, with large number of votes, can take up to 100 milliseconds.

So it seems a common problem of race condition in concurrent distributed system. It's worth asking if there are ways where the file would be marked successfully uploaded but the votes get lost ??

Wednesday, August 20, 2008

iPhone Hacking Applications.

Hello everybody.
I'm sorry if I am quite slow to upgrade my blog, but during these days I focalized my research on iPhone Applications Hacking.
It seems very difficult but the reality is much different. Well, I don't want to write a post on that, I just wanna analyze what's happening on iPhone field.
Well folks, at the beginning the underground community was interested to have a "Free iPhone", that's means an unlocked and jailbroken iPhone. An iPhone where you can install 3-rd part applications and where you can use your favorite provider. Now everybody knows that is very easy to obtain a "Free iPhone"..... (well actually, it's not true for the iPhone 3G).. and lots of "underground people" (not necessary hackers/crackers) focalize own attention on Applications. Yep, not much people are still working on iPhone unlocking and iPhone Jailbreaking, the last trend is the Applications' Cracking.

I know, iPhone applications cost not more than $10, so it seems to make no sense try to crack them ! Cracking an iPhone Application takes 30 minutes if you're expert, so it's not so convenient crack them ! It is much more expensive 30 minutes of expert hacker time ! But you know, who's an hacker doesn't care about that, the only think in his mind is "hack the world".
Anyway, this is the actual iPhone trend; what will be the next one ? Maybe building own applications ?

Wednesday, August 13, 2008

Holler Back: [NOT] Voting in an American Town

Lulu, was in UCDavis this winter doing some filming. I know, that's so cool ! Unfortunately I've not seen her but Matt Bishop Yes ! She did some filming inside his class this winter and was really exiting. Anyway, this is the link of her work: [NOT] Voting in an American Town. The study shows some interesting things, like for example the 10 reasons why americans don't participate in Elections.

So, she says about that :
1) There's a lack in CONNECTION
2) Connection is created through INFORMATION & EDUCATION
3) Education & Information can be provided by the media (unfortunately..) THE MEDIA IS OFTEN BIASED & FOCUSED ON TRIVIA
4) And, of course, it takes TIME
5) To find accurate, comprehensive sources of information. Everyone knows that time is .... MONEY
6) Which may people feel controls politics and leads to .... DISHONESTY
7) Uninformed, disenchanted voters tune out ant turn to ... DISTRACTIONS.
8) They don't feel motivate to make an effort. On top of this.. THE VOTER REGISTRATION SYSTEM IS A CONFUSING OBSTACLE COURSE
9) Run by partisan selected officials who discuss the issue of .. NEGATIVE TONE
10 ) Who control and implement UNRELIABLE VOTING EQUIPMENT

That's not all, if you follow the reading on the official site you'll find other interesting stuff, like for example: the 4 reasons american still participate in an election, and the 10 step toward election reform.

Monday, August 11, 2008

IntelliScreen: Cracking

Thank to Crash-X, who founded time to crack one of the most amazing iPhone Application, we actually got a free IntelliScreen (by IntelliBorn). Of course you need a jailbroken iPhone and an Internet connection. The steps to crack IntelliScreen are really easy ! First of all you need to install it from Cydia, so open Cydia press the search button, type the word "intelliscreen", tap on it and install the application. After that you need to download the crack from here, open the zip file and replace the two files into "Crack folder" on the right places. Just a command line example:

scp Crack/IntelliScreenConfig root@:/Applications/
scp Crack/intelliScreen root@:/Library/Intelliborn/intelliScreen

That's all. You only need to download the "Demo license" when the application asks you and nothing more !
So, what else ! Thank you Crash-X !

Monday, August 4, 2008

Finally: Installer 4.0 works !

Nothing to report so far, I'm going to be on vacation for next 2 weeks :).
But, this news is so cool, so I've took my iPhone and I'm trying to write my first post from it.
So finally Installer 4.0 works properly on Iphone 2.0

Via ispazio