Related
Hi all,
Eversince i bought my BA, i did not need to use Wlan on it (over a year now !!) but i am getting a bit frustrated in the last couple of days as i am unable to use it.
here is the situation - when i come to a place where i know there is a wifi signal (at my friends house) i tap the little icon on the bottom right side of the desktop screen and i get the "Wireless LAN manager" , i check the "Wireless LAN ON" checkbox and then tap "ok" . then the screen changes back to the desktop screen and i can see the little antenna in searching mode (accumulating dots beside it), then i get a popped up baloon asking if i wish to connect to "internet" or "work", i check the internet circle and tap ok (or connect - i dont remmember as i have no wifi signal at the moment), but than nothing happens - the little icon of the antenna is still searching and if i tap it i get the same "Wireless LAN manager" with no signal strength or any thing...if i try the internet explorer, it tries to connect via the GPRS connection...
PLEASE....HELP ANYONE....
It's only a notion but I'd check your friend's WiFi AP. I set one up recently in our place. The device used is a Wireless G Broadband Router and Access Point (AP) which also has a net port (4 physical connections).
I couldn't get a murmur out of it on the simplest device... ancient Jornada 720 Win 2000 with Aironet 340 card (they are matched) although it was evident that all parts were working and the setup programs recognised each other as being there. Tried our Acer n30 next on a Safecom card. Same result. Head scratching.
Eventually a light bulb went on.
Tried a hard reset on the AP/Router. It re-set from one channel (11) to another (6). Everything suddenly started talking.
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
The AP Router is full of encryption options from WEP up. Your gadget has to match the requirement from the AP/Router... that might mean a keyword used as a base for encryption or steadily more complex requirements... depends on what your friend's AP Router is set to.
My solution had to be simpler. I could not be bothered to prat about sticking code words all over the place every time I wanted to add a device... and getting encryptions to agree is sometimes not as easy as they'd have you believe.
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
So check with your chum and see what his settings on his WiFi are. Maybe try a hard re-set on it too if poking about in the admin program doesn't help.
QF
Yol said:
Hi all,
Eversince i bought my BA, i did not need to use Wlan on it (over a year now !!) but i am getting a bit frustrated in the last couple of days as i am unable to use it.
here is the situation - when i come to a place where i know there is a wifi signal (at my friends house) i tap the little icon on the bottom right side of the desktop screen and i get the "Wireless LAN manager" , i check the "Wireless LAN ON" checkbox and then tap "ok" . then the screen changes back to the desktop screen and i can see the little antenna in searching mode (accumulating dots beside it), then i get a popped up baloon asking if i wish to connect to "internet" or "work", i check the internet circle and tap ok (or connect - i dont remmember as i have no wifi signal at the moment), but than nothing happens - the little icon of the antenna is still searching and if i tap it i get the same "Wireless LAN manager" with no signal strength or any thing...if i try the internet explorer, it tries to connect via the GPRS connection...
PLEASE....HELP ANYONE....
Click to expand...
Click to collapse
quinbus_flestrin said:
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
[snip]
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
Click to expand...
Click to collapse
QF,
Are you aware that it's a fairly simple task for someone to spoof a MAC?
And in that you haven't implemented any kind of encryption that means you're broadcasting everything in the clear ... which means that anyone who wishes to access your network needs only wait until they pick up one of your valid MAC's and they're in.
Blocking MAC's is useful ... but enabling WEP (even though we all know it's not going to stop a determined attempt at penetration) will do more to keep out a casual 'visitor'. If your clients can handle WPA-PSK (which may not be the case) given a sufficiently long and random passphrase the only attack is bruteforce which can take years.
Implementing decent security just isn't that hard ... there are plenty of howto's on the net that will walk someone through everything from getting WEP going right through to setting up a VPN.
Yol,
Your friend may have set up some kind of encryption on his Access Point ... if he's connecting to it with a client then he should know what he's using.
If he's NOT connecting to it then check the manual and have a look at the settings on the Access Point. Almost all Access Points will let you connect to them using a web browser.
So if (as an example) your friends AP is at 192.168.1.254 you just plug that into your web browser on a computer that is on the network (in other words, NOT from your BA).
You'll then need to navigate your way to the settings for Wireless security (I can't help you with that ... it's different for pretty much every brand of AP) and see what's set up.
Once you know what the required settings ARE for his AP you need to configure your phone to match. Not having a BA I can't really help with that either ... but I'm sure someone else here can.
I just knew there'd be a more complicated way ;-))...
Seriously Mr Doormat... Thanks for the heads up though.
This guy was just hanging here without a response this morning when I found this XDA board.
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
We have the AP/Router open for web access only AFAIK.
The only physical connection is the one you mention... to the computer via the Ethernet card, which accesses the Admin Menu.
I'm unable to get any access around logged in machines myself and I'm on the admin machine.
I dloaded WiFi for Dummies but, as usual, I haven't got past the boring bit in the front where they describe what you are dealing with rather than what you can do to/with it.
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
I picked up a Safecom 802.11g PCMCIA card to try in the laptop, but it really hated that and refused to see it in the end. But it really loves the old Aironets.
Both Vaio and PC are on a nice Windoze XP SP2, from our friends at Appznet. The Jornada is Win 2000, and the two Pocket PCs are 2003.
I looked for a walk thru for bringing this AP on stream. Even the suppliers were baffled... until we did the hard re-set and the channel changed. I don't know what else changed.
As for bringing security on stream... well I tried sorting out the lowest common denominator... the oldest handhelds... they balked at it and I reverted to the last good setting... an old tradition.
It seems to be a question of finding the level for whatever you have.
I can allegedly bring 802.11g on with this PCMCIA card and the AP, but if I do the XDA can only do 802.11b can't it? As can the Safecom for the Acer.
I am so pleased to have found a forum for the XDA, but you'll understand I hope that I'm a bit bemused to find the first topic I get into is WiFi. I thought that had been sorted... I should have known better. )
Any information you feel relevant to this would be much appreciated. Jornada forums are all but dead now. The Acer N30 is having an unusual revival for no reason I can think of. And the AP Router is from a pleasant bunch of folks, but they eveidently know about as much as I do.
QF
Doormat said:
quinbus_flestrin said:
Next problem... and this is where it gets close to yours... how to stop everyone getting on and in.
[snip]
Answer: Every net device, including the Xiis we now use, has a device specific MAC number.
The AP Router has a table you can enter MAC numbers you want to permit access to... so you needn't fool around with all the clever stuff.
Our AP Router now has our MAC numbers in the table and permits access to them only.
The XDA iis reveals it's MAC number when you tell it to look for a connection.
We now have a WiFi AP serving an ancient egyptian Jornada 720, an Acer N30, an XDAiis, an ordinary PC (using one of the old PCMICIA Aironet Cards which configure on anything with windoze and are dirt cheap on eBay as they're only 802.11b) , and a Sony Vaio Laptop (also using an Aironet), all into a single broadband account.
Click to expand...
Click to collapse
QF,
Are you aware that it's a fairly simple task for someone to spoof a MAC?
And in that you haven't implemented any kind of encryption that means you're broadcasting everything in the clear ... which means that anyone who wishes to access your network needs only wait until they pick up one of your valid MAC's and they're in.
Blocking MAC's is useful ... but enabling WEP (even though we all know it's not going to stop a determined attempt at penetration) will do more to keep out a casual 'visitor'. If your clients can handle WPA-PSK (which may not be the case) given a sufficiently long and random passphrase the only attack is bruteforce which can take years.
Implementing decent security just isn't that hard ... there are plenty of howto's on the net that will walk someone through everything from getting WEP going right through to setting up a VPN.
Yol,
Your friend may have set up some kind of encryption on his Access Point ... if he's connecting to it with a client then he should know what he's using.
If he's NOT connecting to it then check the manual and have a look at the settings on the Access Point. Almost all Access Points will let you connect to them using a web browser.
So if (as an example) your friends AP is at 192.168.1.254 you just plug that into your web browser on a computer that is on the network (in other words, NOT from your BA).
You'll then need to navigate your way to the settings for Wireless security (I can't help you with that ... it's different for pretty much every brand of AP) and see what's set up.
Once you know what the required settings ARE for his AP you need to configure your phone to match. Not having a BA I can't really help with that either ... but I'm sure someone else here can.
Click to expand...
Click to collapse
quinbus_flestrin said:
I just knew there'd be a more complicated way ;-))...
Click to expand...
Click to collapse
There is always a more complicated way ... that's part of the fun, I think
quinbus_flestrin said:
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
Click to expand...
Click to collapse
Yes and No.
An unsecured AP provides a simple means for someone to access the Net anonymously. For someone with malicious intent this has great advantages, as you can imagine. And whatever they might do would be traced back to you.
Don't get me wrong ... I'm not suggesting that there is a pack of rabid hackers circling your place using your wifi as an initial entry point to permit them to realise their schemes to bring down the Internet and western civilisation ;-)
But, as I often point out to my clients ... How would you feel if you found out that in the middle of the night someone used your unsecure AP to upload a couple of hundred MB of kiddie porn? And that you then had to prove that it wasn't YOU.
I admit - it's unlikely and a bit graphic ... but it IS a possible senario.
Less dramtically there is the cost. I'm not sure what your deal is with your ISP ... but in Australia a lot of people have quota's - a given data allowance per month, after which they are either charged excess data rates or are shaped to narrowband speeds. I imagine it would suck to experience either because someone has been downloading movies over your wifi.
quinbus_flestrin said:
We have the AP/Router open for web access only AFAIK.
Click to expand...
Click to collapse
It is fairly simple to tunnel any kind of connection through port 80 (which is used for http). Goggle for http AND tunnel and count the hits.
quinbus_flestrin said:
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
Click to expand...
Click to collapse
There is, of course, an overhead with WEP or any other encryption scheme. I personally haven't ever had a problem, although I know some who have.
Generally they found updating the firmware on the router/AP end, and using the latest drivers for their client got them the best performance. YMMV of course.
quinbus_flestrin said:
I looked for a walk thru for bringing this AP on stream. Even the suppliers were baffled... until we did the hard re-set and the channel changed. I don't know what else changed.
Click to expand...
Click to collapse
Quite possibly nothing ... it is not uncommon for people (even people who should know better) to focus on everything but the channel. Everyone does it
quinbus_flestrin said:
As for bringing security on stream... well I tried sorting out the lowest common denominator... the oldest handhelds... they balked at it and I reverted to the last good setting... an old tradition.
Click to expand...
Click to collapse
If WEP is your only common denominator and updating firmware and drivers doesn't improve your peformance sufficiently under WEP then there is one security measure that I routinely employ, which rarely seems to be mentioned. TURN THE WIFI OFF WHEN YOU AREN'T USING IT.
Case in point ... my home AP is currently running (I see no point in power cycling it over and over) but the wireless is disabled. It takes 30 seconds to browse to the setting on the menu to enable it. It then takes about 30 seconds before I can associate. Before I go to bed at night I make sure that the wireless on the AP is disabled ... I'm not going to be using it so there's no need for it.
There is a lot of discussion about how easy it is to crack WEP ... and it IS easy. IF you have the hardware and sofware and know what you're doing, etc. I should point out that I do NOT have the setup to crack a WEP key ... but I've studied it sufficiently so that I know it's not really secure. BUT it will keep the majority of those who wish to jump on your bandwidth out. So if you can get it going, do so.
The other aspect is the security of what you are moving across the network. Internet banking, for example, is pretty secure as the data is encrypted anyway. But your usernames and passwords for your email, forum accounts, and anything that you are sending that isn't encrypted by default is being broadcast in clear.
This only becomes a problem IF someone is bothering to gather the packets being broadcast and then extracts the relevant info from all the other noise. Which is probably pretty unlikely. Unless, like a mate of mine, you live in a block of apartments with 3 unsecure wifi AP's in reach. I recently suggested that if he were to sell his flat, he could get more by pointing out that it came with free internet
Now thats what I call some good advice. A lot of the topics in this board are a bit over my head... upgrading or cooking new ROMs for example... but this is good practical advice for relatively simple old boys like me.
Our police are so good at arresting people who are not criminals, and so bad at catching those who are, that it is more than likely that bandwidth stolen to upload stuff like porn would land us in prison. They are pathalogically unable to admit that they themselves lie as much as the criminals do and deliberately cause miscarriages of justice now, so unless you can produce an iron-clad case then you are stuffed. They stopped policing some time ago when they started working for the government.
Eight of them performed a judicial murder in the tube, in full view of everyone, and still they deny that they were responsible for a needless death. That about sums them up now. Overpowered and Overpowering.
Sometimes I'm glad I'm confined to the house and the locale so much.
I will certainly turn off the WiFi when not in use. Thanks a lot for the tip.
<Less dramtically there is the cost. I'm not sure what your deal is with your ISP ... but in Australia a lot of people have quota's - a given data allowance per month, after which they are either charged excess data rates or are shaped to narrowband speeds. I imagine it would suck to experience either because someone has been downloading movies over your wifi.>
Here in the increasingly Orwellian UK we use an outfit called ntl. The deal we have is £25 pm 2Gig Broadband and (as yet) no practical dload limits. Although traffic limits are in the agreements, no one so far has reported a penalty. I stayed on 512k for a while when they brought them in, as the limit on there was far higher. But next door went on the 10Gig and dloaded more in a week than I had in a year (films mostly I think) and suffered no hit from ntl.
<It is fairly simple to tunnel any kind of connection through port 80 (which is used for http). Goggle for http AND tunnel and count the hits.>
This I must look into further. Thanks.
<
quinbus_flestrin said:
I tried bringing in WEP on the AP and setting the old Jornada to WEP too. Firstly it slowed everything to a crawl... and a Jornada is not quick at this anyway as you can imagine... and then the on-board Jornada driver decided to "dis-associate" itself... which is of course Jornada for "adios amigos"... and stopped working altogether.
Click to expand...
Click to collapse
There is, of course, an overhead with WEP or any other encryption scheme. I personally haven't ever had a problem, although I know some who have. >
I'll try the WEP once more.
<Generally they found updating the firmware on the router/AP end, and using the latest drivers for their client got them the best performance. YMMV of course. >
This AP/Router is UD'd to date AFAIK. Drivers for the old Jornadas are built-in to the ROM... they don't do Firmware... it's hard wired. I'll really have to retire them I suppose. They're prematurely becoming as anachronistic as my old Atari Portolio and DIPs. )
This is the kicker... simple, effective, and easily done by the punter. The mark of the professional at work.
<If WEP is your only common denominator and updating firmware and drivers doesn't improve your peformance sufficiently under WEP then there is one security measure that I routinely employ, which rarely seems to be mentioned. TURN THE WIFI OFF WHEN YOU AREN'T USING IT.>
<Case in point ... >
Funny you should mention flats. There are some next door and some houses on the other side.
Yesterday our XDAiis and PC notified me that a net was operational and the usual "did I want to connect". I didn't then.
However after reading your post I have.
You're right again. I needn't have bothered with all the work I did WiFi-ing, and the £40 for the AP/Router. This lets the XDA and our laptop in the upstairs sitting room on-line anyway.
My initial task was to get off dial-up in the upstairs sitting room and on to our downstairs BB account... saving the cost of the old account and the extra phone line we had put in, then to re-direct that saving to upping the BB speed.
The AP is off at night anyway... my lady won't have electrics on (aside from the phone) at night... and religiously goes round shutting them off b4 we retire.
I'm going to get my nose back into WiFi for Dummies now, and another one I just 'found' called Wireless Network Hacks and Mods. Please let me know if anything else occurs to you.
QF
quinbus_flestrin said:
This AP/Router is UD'd to date AFAIK. Drivers for the old Jornadas are built-in to the ROM... they don't do Firmware... it's hard wired. I'll really have to retire them I suppose. They're prematurely becoming as anachronistic as my old Atari Portolio and DIPs. )
Click to expand...
Click to collapse
I love old hardware ... I think it's a shame to waste it and with the passion everyone has for 'latest and greatest' one can pick up 'outdated' stuff really cheap.
Add to that the fact that never I upgrade OS or software unless it very clearly provides something that I really want. So I can totally empathise with your desire to keep the Jornada alive as it were.
I'll send you a PM, as we're really drifting into stuff that has little relevance to these forums.
YOL anyone having WIFI WIRELESS PROBLEM
YOL anyone having WIFI WIRELESS PROBLEM
http://forum.xda-developers.com/viewtopic.php?t=40712&highlight=wifi+problem
read this thread fully.. should help..
Doormat said:
quinbus_flestrin said:
I tested our net pretty hard but I was unable to get in without a valid MAC and could find no way of revealing one... not to say there isn't one... I just couldn't find it... which apparently doesn't mean a lot.
What would they gain by getting in though?
Interent Access... sure, but not access to our systems as there is no network in that sense surely? So we could lose bandwidth?
Click to expand...
Click to collapse
Yes and No.
An unsecured AP provides a simple means for someone to access the Net anonymously. For someone with malicious intent this has great advantages, as you can imagine. And whatever they might do would be traced back to you.
Click to expand...
Click to collapse
More importantly, once someone has access to the wireless side of your router (i.e., you don't use encryption or you use WEP/WPA-PSK and they cracked your key/passphrase), it's possible for them to poison the ARP tables and launch a man-in-the-middle (MITM) attack against BOTH your wireless clients AND the wired clients plugged into the router. This sounds hard, but it actually quite simple with a tool like Cain. Once they are set up as a MITM, anything goes, including attacks on your SSH connections and web browser SSL sessions (i.e., https). A successful MITM attack such as this can compromise all of the data in these "secure" connections, including usernames, passwords, PINs, etc.
It is very important to lock down the wireless side of your router, even if you do all of your "sensitive" surfing from the wired side. Also, you should always be careful when accepting certificates for secure sites in your web browser. For more information, I suggest you read this whitepaper: http://www.eecs.umich.edu/~aprakash/eecs588/handouts/arppoison.pdf.
Good luck,
Paul
I was just thinking.. does anyone know if we really need a Firewall and anti-virus for our S621.
Fortunately for everyone, there's no need of a AV or firewall package for our excaliburs (or we need one?)
dont waste your phones resources on a firewall or av. not needed
gixxum said:
dont waste your phones resources on a firewall or av. not needed
Click to expand...
Click to collapse
Yep egsacto my point tooooo.
"There's money to be made by Anti-Virus Fireawll Rea=tailers for SP PPC but valuable RAM to be lost by consumers and for what?"
I posted this about a year ago somewhere else in hyperspace:
I would like to share with you my findings over the last week i have been looking into the aledged WM smartphone virus's and i'm sure you will already know my findings to which only 3 smartphone virus's have been logged, i do believe that the ammount of software advertised would like us to believe different but? The 3 know virus's are not a virus as PC users know a virus but are used to collect data not kill system, please feel free to do a search i used many criterias.
In a search you will get most will be companys trying to sell you a product, i am by no means saying that we should not be careful and think before we download a file and also to use the PC to scan files before transfer, i'm merely stating the fact there is money to be made and that considering how much RAM these anti-virus software take up and is not needed...............
In the end it your choice?
Click to expand...
Click to collapse
stylez said:
Yep egsacto my point tooooo.
"There's money to be made by Anti-Virus Fireawll Rea=tailers for SP PPC but valuable RAM to be lost by consumers and for what?"
I posted this about a year ago somewhere else in hyperspace:
Click to expand...
Click to collapse
Is like you said, scan files on your pc before transfering them to your phone, and if people want to be extra carefull , don't try to download anything straight to your phone from the internet unless absolutely sure.
i had flexilis mobile spyware and anti-virus with firewall on my dash, it would make my phone realy slow on bootup, and all it block was incomeing ports and just took up lots of memory, took it off and now run better then befor,but very true no need for a antivirus app on windows mobile, and as far as downloading something that well mess your phone up dont worry phone dont have a hard drive, and if you do try downloading a app thats not good for your dash the os securtiy wont let you, and if you do download a app that wont delite you can always hard reset your dash or even download a frish rom if any thing were to ever happen to itor just buy a new one at ebay, only thing to worry is a new app thats out thats called super bluetooth hacker, if some one has that app on there phone thay can try to hack your phone via bluetooth, but thay only can if you let them in, oh ya if thay do get in your phone via there bluetooth hack thay can see and upload everything you have on your phone also make calls useing your number,so for any reason you have your bluetooth open and see someone trying to send you some thing becareful make sure its someone you know,also if someone calls you and says its your phones carrer and want to do a update on your phone and say thay want you to hit the #90 or #9 keys dont its a hack just tell them you well call them back at there home customer care number and do so, and if you lose your phone and its unlocked were as if you dont have a lock code to open it get one make one,on the dash just go to settings then security there you can adjust your phone to stay locked till you unlock it,
The firewall also means call filter.
totillas said:
The firewall also means call filter.
Click to expand...
Click to collapse
Not in a traditional sense of the meaning of firewall and depends on the software if it has a call filter, far better on resouces just to use MagiCall.
http://www.thenewspaper.com/news/34/3458.asp
http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
regardless of my reasons behind this this makes all phones inherently tappable if stolen etc or from other corporate espionage attempts
this is a serious flaw and i would like to see if its possible for you custom rom bakers to cook us up some protection
if they want my info they should subpoena my records from sprint or Google not be able to brute force into any and every phone with a device
i and many other would be more then happy to donate for such a solution especially if it wasn't dependent upon only 1 rom
seen this but doesn't yet support the evo
http://www.whispersys.com/whispercore.html
+1 to this for my hd2 too please! or just android
I'll throw in
We should start a Kickstarter for this or something. Either way, count me in to contribute $150+
I could foresee a specific app that launches when plugged into a computer.
If the phone fails to receive user authorization or is plugged into a blacklisted device (say, CelleBrite UFED), then the phone is locked down/wiped.
And/or spoof information, a fake system dump.
tropicalbrit said:
I could foresee a specific app that launches when plugged into a computer.
If the phone fails to receive user authorization or is plugged into a blacklisted device (say, CelleBrite UFED), then the phone is locked down/wiped.
And/or spoof information, a fake system dump.
Click to expand...
Click to collapse
excellent thinking glad im not the only paranoid one at this point
or make it so ur phone gives it a virus or borks the device somehow
{ParanoiA} said:
or make it so ur phone gives it a virus or borks the device somehow
Click to expand...
Click to collapse
Wouldn't want to screw up the device, they ain't cheap. A bit too aggressive
Bumping for continued interest.
im not sure if the fulldisk encryption option in android negates this or not but i believe with ICS if u have full disk encryption enabled should negate what this can do correct me if im wrong
spyngamerman said:
im not sure if the fulldisk encryption option in android negates this or not but i believe with ICS if u have full disk encryption enabled should negate what this can do correct me if im wrong
Click to expand...
Click to collapse
Only if you can manage to power off your device before the cops take it from you. Otherwise, the data partition is already mounted, and they can suck it down into their UFED via the ADB interface.
A question, though: if you have USB debugging disabled, then ADB isn't available over USB, so could the UFED still access your data? The cops would need to turn on USB debugging, wouldn't they? And if you have a pattern/passcode lock, they wouldn't be able to get into the settings to do it.
Anyway, encrypting your data partition and powering off your phone before the cops get to it is the safest option. Use a really long passphrase, though, because they could still grab an image of your encrypted data partition and take it to a lab where they could try to brute-force the passphrase.
whitslack said:
Only if you can manage to power off your device before the cops take it from you. Otherwise, the data partition is already mounted, and they can suck it down into their UFED via the ADB interface.
A question, though: if you have USB debugging disabled, then ADB isn't available over USB, so could the UFED still access your data? The cops would need to turn on USB debugging, wouldn't they? And if you have a pattern/passcode lock, they wouldn't be able to get into the settings to do it.
Anyway, encrypting your data partition and powering off your phone before the cops get to it is the safest option. Use a really long passphrase, though, because they could still grab an image of your encrypted data partition and take it to a lab where they could try to brute-force the passphrase.
Click to expand...
Click to collapse
yes good points
the simplest method i find to protect against this is use Full disc encryption for starters
then use cryptfs to set a long ass password for preboot and keep a short pin for lockscreen that's reasonable and have a nice shortcut for immediate poweroff on lockscreen if concerned about this and then powering off is easy/fast
and ofc keep usb debugging off unless needed
if your really adventurous you can also use yubikey key second slot for partial password for the preboot if you have a microsd adapter for it and your device supports it preboot via OTG etc as input
then
type in a brainpassyouknow+yubikeyslot2
and its 2 factor auth and secure as **** long ass random password combining something you know and something you have
I'm also interested in this project
Let me tell you a little story about a guy (me) who was sitting in a car while his girlfriend was working when an officer approached. I wasn't doing anything wrong but due to a little misfortune I had nowhere I could go and stay so I had to just sit in the car until she was done working. The cop came to the car and asked me what I was doing and why I was sitting in the car on my laptop in a public garage. I told him I had nowhere to go and I was waiting on my girl. I noticed his hand placed on his weapon and I realized very quickly this was not going to be a casual encounter. he asked me to step out of the vehicle and I asked him why. Now I know normally you shouldn't question an officer but something seamed very off about this gentleman. It was when I locked the doors that things started to escelate and my anxiety went through the roof. I told the officer that I did not feel safe with him holding his weapon to me when I had done absolutly nothing wrong. He just became aggitated like a guy on steroids and called in some other officers. Well things wasn't looking good for me but I decided to try and use my phone camera as some added protection so I wouldn't get shot for absolutlly no reason at all. Well the cops did back off, but this is where things got really crazy. a few minutes later, and it couldn't have been more than 5 minutes, my phone went to some screen like when you have emergency dialing only. I tried calling my girlfriends job but nothing worked at all. I got scared so I dialed 911...NOTHING!!! These guys basically turned my phone into a paperweight. I couldn't do anything with it. I didn't know what to do so I called out the window to a crowd of people and told them to call 911 for me. I then noticed the officers leaving in their vehicles and I got out and ran to my girlfriends job where I stayed until she got off of work.
Now in all of this there is two main points that I really feel are extreme issues. One is how is it legal for anyone, even an officer of the law, to take away your ability to use emergency services?? And second why do they need this software that basically can give them an opening to do whatever they want to you without you being able to protect yourself. Law enforcement is becoming more and more alarming to me with all the technology that they have at their disposal. I say if they want to be able to have surveillance on us 24/7 I believe we should get the same respect. We cannot stand by and have our basic human rights violated like this!!!!
Everything is hacked.
All my computers. My desire. All hacked.
Since February... getting worse.
My desire installs all these services on its own. Recovery was fake. Didn't let me install apps.
Now I managed to restore my froyo. But still remote vpn services and more.. running in background.
Computers go into a windows powershell mode.. even when I was about to give an old non infected computer.. it started with same issue.. into powershell like ... mode. Everything seems set up.
My flat screen and keyboard was only thing used on old one. So it must be one of those extending my BIOS... taking over my administration account. Sets up homegroup network and so on...
I suspect it all to be metasploid or some kind of port hack. Same with phone... its in some kind of VMWare..formatting partitions , trying to get Su access.. non works.. just faking. Maybe the radio is edited and scripted. Any site download gets an script added on it. Any help will be great
Sent from my HTC Desire using xda premium
By win powershell mode I mean... it use powershell commands and scripts. Going into old win nt server like mode with windows7 themes.
Sent from my HTC Desire using xda premium
Clawsman said:
Everything is hacked.
All my computers. My desire. All hacked.
Since February... getting worse.
My desire installs all these services on its own. Recovery was fake. Didn't let me install apps.
Now I managed to restore my froyo. But still remote vpn services and more.. running in background.
Computers go into a windows powershell mode.. even when I was about to give an old non infected computer.. it started with same issue.. into powershell like ... mode. Everything seems set up.
My flat screen and keyboard was only thing used on old one. So it must be one of those extending my BIOS... taking over my administration account. Sets up homegroup network and so on...
I suspect it all to be metasploid or some kind of port hack. Same with phone... its in some kind of VMWare..formatting partitions , trying to get Su access.. non works.. just faking. Maybe the radio is edited and scripted. Any site download gets an script added on it. Any help will be great
Sent from my HTC Desire using xda premium
Click to expand...
Click to collapse
If it is that bad then no choice but to wipe, reformat and re-install - both phone and PCs otherwise you will never know if you are really clean At least most stuff is stored on google so it wont take too long to rebuild your data.
This sounds weird. I have never heard of such a problem. There is no virus that can infect a keyboard or a monitor then transfer itself to the BIOS of a computer, then hack a Windows machine from there. Also, there is no virus that i know of that can infect both a Windows and a Linux machine. If i were you, i'd check for how secure my network is (some viruses can hack a Linux-based router then do all sorts of stuff from there), and thoroughly scan all my machines for viruses while disconnected from the network (using a good and up-to-date antivirus program).
LOL. I knew this happened before.
http://forum.xda-developers.com/showpost.php?p=23044595&postcount=1
This guy has to be mocking us. Next thing you know, he's gonna tell us that his case has been hacked and now, whenever he puts a phone in it, the phone gets hacked too and all kinds of bad software get installed on it.
TVTV said:
This guy has to be mocking us. Next thing you know, he's gonna tell us that his case has been hacked and now, whenever he puts a phone in it, the phone gets hacked too and all kinds of bad software get installed on it.
Click to expand...
Click to collapse
I wanted to say he's trolling too.
Sent from my HTC Desire using Tapatalk 2
I think we're done here.
I needed help with a problem, and XDA is the best place, in my mind, to help:
The Story:
As of yesterday, and until May, I am in possession of a chromebook (HP-14 model). It is registered to my school, and the system has it on lockdown. On lockdown, it is almost useless for me (I love tinkering with stuff, as I am a member of this website). I want to boot from USB.
So far, the only way to boot from USB that I have found is this here, which tells me I need to be in developer mode. Easy stuff. I run into trouble when getting to dev mode it will delete all local data. This will take all of the school's administrator settings and configurations off, which will not be acceptable when I turn the laptop back in.
The Point of the Post:
This is what I really need help with:
1) How can I backup all the settings and configurations (and restore them)? (not just files, files are easy)
--Preferably something like a recovery on an android device where I can just restore before turning it back in.
2) Is there another way (without losing data) to boot into USB?
Thanks in advance.
OK
I'm sure you want have control over your chromebook
I did this last year (my senior year)
We had Lenovo chromebooks
check this out:
dustychrome.wordpress.com
follow the instructions to the T
seriously
hit that thanks button!
rbheromax said:
OK
I'm sure you want have control over your chromebook
I did this last year (my senior year)
We had Lenovo chromebooks
check this out:
dustychrome.wordpress.com
follow the instructions to the T
seriously
hit that thanks button!
Click to expand...
Click to collapse
Thanks so much for the link. My questions are: What was deleted when you went to developer mode? And how did you get it back to original condition before returning to the school?
Sent from my SGH-T999 using XDA Free mobile app
nothing was deleted
once signing back in using school account, it'll sync school wifi passwords, school information and all that
you can add a ubuntu chroot to the hard drive and use that in parallel (someone who isnt me used this to cheat on every test )
to remove it, just restart chromebook. press spacebar. it'll wipe the chromebook completely
rbheromax said:
nothing was deleted
once signing back in using school account, it'll sync school wifi passwords, school information and all that
you can add a ubuntu chroot to the hard drive and use that in parallel (someone who isnt me used this to cheat on every test )
to remove it, just restart chromebook. press spacebar. it'll wipe the chromebook completely
Click to expand...
Click to collapse
Thanks again, I think I am going to try it. All I need is to be able to boot from USB. Last question (I am hesitant just because I am part of the pilot program for these notebooks, and I really don't want to get caught modding): When the notebook (HP 14 model) is wiped, I will be able to sign in on my account and all of the original school restrictions and WiFi password will be synced? (In other words, you are suggesting all of the restrictions are saved with my school Google account)
Sent from my SGH-T999 using XDA Free mobile app
Christopher4tw said:
Thanks again, I think I am going to try it. All I need is to be able to boot from USB. Last question (I am hesitant just because I am part of the pilot program for these notebooks, and I really don't want to get caught modding): When the notebook (HP 14 model) is wiped, I will be able to sign in on my account and all of the original school restrictions and WiFi password will be synced? (In other words, you are suggesting all of the restrictions are saved with my school Google account)
Sent from my SGH-T999 using XDA Free mobile app
Click to expand...
Click to collapse
you'll have to play with it a little bit. i was part of my school's pilot program. Didn't get caught, although they suspected but couldn't prove it because of how I said you can wipe it so fast. All the restrictions are saved with your Google Account yes, but with a chroot you can switch between normal chrome os and ubuntu with a keypress and hide it whenever. Deniability is key.
rbheromax said:
you'll have to play with it a little bit. i was part of my school's pilot program. Didn't get caught, although they suspected but couldn't prove it because of how I said you can wipe it so fast. All the restrictions are saved with your Google Account yes, but with a chroot you can switch between normal chrome os and ubuntu with a keypress and hide it whenever. Deniability is key.
Click to expand...
Click to collapse
I think you are now my favorite person. That is hilarious. If I may ask, what state did you go to high school in (or high school if you want to put that out there)? I believe I am really going to enjoy this chromebook program. I already have a bootable Ubuntu USB flashdrive, so that's the root (pun intended) I want to take. I really appreciate the help.
Sent from my SGH-T999 using XDA Free mobile app
Christopher4tw said:
I think you are now my favorite person. That is hilarious. If I may ask, what state did you go to high school in (or high school if you want to put that out there)? I believe I am really going to enjoy this chromebook program. I already have a bootable Ubuntu USB flashdrive, so that's the root (pun intended) I want to take. I really appreciate the help.
Sent from my SGH-T999 using XDA Free mobile app
Click to expand...
Click to collapse
South Carolina
With stuff like this, you will. When you have to turn it back in you will miss it. I know I do...
rbheromax said:
South Carolina
With stuff like this, you will. When you have to turn it back in you will miss it. I know I do...
Click to expand...
Click to collapse
Didn't work. My friend tried it before I could and the chromebook said developer mode was disabled by administrator and then was directed to the setup screen where he just put in his username and password and it told him he was just enrolled again (I'm sure the administrator was notified when he was re-enrolled).
Christopher4tw said:
Didn't work. My friend tried it before I could and the chromebook said developer mode was disabled by administrator and then was directed to the setup screen where he just put in his username and password and it told him he was just enrolled again (I'm sure the administrator was notified when he was re-enrolled).
Click to expand...
Click to collapse
I get the same problem...
Christopher4tw said:
Thanks so much for the link. My questions are: What was deleted when you went to developer mode? And how did you get it back to original condition before returning to the school?
Sent from my SGH-T999 using XDA Free mobile app
Click to expand...
Click to collapse
Powerwash ? Works for me everytime...Can't seem to perm. remove the Local Admin's crud for anything. something about giving a little scrub a dub to the copper and then while in dev using command prompt and then somehow being able to rewrite the internal S/N and straight flexin on the OS to make it think
i think its like...on the sign in screen oress and hold esc+Restart+power until the screen flashes off and back on..then its something like...Shft+ wait wait.. dont do that lol....Ctrl+D then enter hang on lemme grab something for ya
I need help getting into facebook on my chromebook without messing up the chromebook but i have to return it to the school at the end of the year do ya'll know a shortcut that may not be blocked.