Friday, August 31, 2007

Yahoo new-old policy

I dont know when did yahoo start this new (for me) policy, it is regarding yahoo messenger channels, the last time as I remember the channels were riddled with bots,spambots,worms...etc.
Until today I discovered that they have changed the channels a little bit,they put their own bot, "yahoo messenger admin", where it supervise who gets in,so in order to chat in a channel you must verify your account by a link .
Alot of messengers and internet chat servers do that, so I consider it as waking up late from yahoo, it maybe a wise step but a late step they lost alot of costumer confidence in past time.
As I tried to understand the way how the 'new' policy workes I used packetyzer(just like ethereal) it really helped me to see what that verification link is all about.
After your browser launches the link :
GET /go/captchat/?img=http://ab.login.yahoo.com/img/oPzKLOVZFel3pZkmT67Oq329Tsbza6rvU
kVoIPnhURbTiD4FwuiEAMSIKC64X0B4xEuyecptqsUVWs2NfAjAlo5z_Ens1E1U_A--.jpg&.intl=us%20) HTTP/1.1

Reply:
question=http%3A%2F%2Fab.login.yahoo.com%2Fimg%2FoPzKLOVZFel3pZkmT67Oq329Tsbza6rvUkVoIPnhURbTiD4FwuiEAMSIKC64X0B4x
EuyecptqsUVWs2NfAjAlo5z_Ens1E1U_A--.jpg&.intl=us&answer=BV78zl......
After the server checks your word verification, it will send a a link to deferred link:
The document has moved < href="http://captcha.chat.yahoo.com/go/captchat/close?.intl=us">
And there at that link /captchat/close?.intl=us , a page displaying a congratulation sentence of you verified your account.
So that "Messenger Chat Admin" is linked to the servers and get the answer of the verified account from them.
Lastly , will this stop malware programmers ..I might be paranoid but I can sense some bots here and there in some channels, but they are much less than before.

Labels:

Smilar pages

Sunday, August 19, 2007

Cracking C3 RTL 8186 Firmware

Some proprietary firmwares are available to provide alot of useful features and options for the RTL8186-based accesspoints. Mine is Senao/Engenius NCB/ECB-3220. From examining the log produced by the firmware (Management->Log), one can see several lines mentioning the firmware, eg:

8186NIC Ethernet driver v0.0.5 (Mar 3, 2006)
rtl8186_crypto_init()...

One of the most popular proprietary firmwares is AP router, however, cracking this firmware requires the availability of a serial connection to the accesspoint, a luxury i didn't have. So i searched for other firmwares, C3 popped up. C3 is a Brazilian-only rtl-8186 firmware, that supports much of the features provided by AP router (actually, there is great similarity between the two, even filenames of web server HTML files seem to be identical in a number of respects).

In addition cracking C3 firmware is alot easier than AP router and doesn't require the cable.
It seems that when unlicensed the firmware prevents any change to the flash of the accesspoint. upon uploading a firmware of any other accesspoint, the firmware will display Update successful and will change your accesspoint MAC address to that of the license file, disabling the protection on the flash memory of the AP. All you have to do is to change that MAC address to our original address and voila, you have cracked C3 firmware.

The Major disadvantage of C3 firmware is that it doesn't have English support and you

have to get accustomed to see the Portuguese equivalent for some words.

1. Obtain the MAC address of your AP, either from the default firmware or by using SSH

(eg by using Putty for example) Username and password are root, and writing,

flash get HW_NIC1_ADDR
flash get ELAN_MAC_ADDR (<- this line is not required for my AP type)

write ur MAC address or save it somewhere safe.
* to install the c3 firmware, either select update firmware from original firmware or check this for the TFTP mode
** mind that there are 2 versions of c3 firmware, so select the one that suits ur AP, for me this one did the trick. this however is for Dlink G700AP)
2. select Upload de Licença and upload this file to it
3. Connect via Putty to the AP and write the following
flash set HW_NIC1_ADDR [ur MAC address without brackets and semicolons]
flash set ELAN_MAC_ADDR [ur MAC address without brackets and semicolons]

4. Reboot ur AP, either from the web interface or by writing reboot at the SSH prompt.
5. Congrats ur done, grab a dictionary!

This work is done based on AreaWireless.Net efforts

Labels: ,

Smilar pages

Saturday, August 11, 2007

The dreadful trip of updating my accesspoint

It all started when i was thinking about using the linux shell inside my AP, which sounded (and still) like a very exciting idea since i could change things directly from the AP without the need for the very limited web interface.
however, since this required a cable of some sort and due to my poor ability to arrange such a tool i unwillingly dropped the AP shell idea, until i found out of proprietary firmware updates that granted this ability like AP router(http://www.aprouter.com.br) and Wive(http://rtl8186.sourceforge.net/).
i read about those and found wive to be more appropriate since its free and should have larger supporter community.
however after selecting the firmware file from my web interface firmware update choice i was severely disappointed to see my AP didnt came up again. and thought to my self that i have "bricked" my AP and could see those posts on different forums advising people on such issues by suggesting the use of the bricked device as a $xxx paperweight. i was devastated.
however i read aday later that some APs upon holding the reset button before turning them on and keeping on pressing that button for few seconds then letting go of the button, the AP will enter a special mode during which it will start a tftp server(trivial FTP) and assume an address of 192.168.1.6. it will blindly accept anything sent to it (via tftp client, eg try tftpd32) be it a firmware or an mp3 file however, u shouldnt send anything other than firmwares since after the upload the AP will attempt to burn it to its EEPROM and i dont know what will happen if u upload things other than the firmware. Heck, even if u do upload a firmware theres no guarantee that it will work.
anyways i tried that and it worked! i got euphoric and retried that other firmwares and found AP router to be the best in this field...with a major flaw, it is licensed and will kill u to get registered, eg it will make an SSID with UPLOAD YOUR LICENSE or something like it and will not save anything u change and some say it disables the whole radio.
in my effort to activate it and while trying to make it save changes and detect wireless signals around i got my self into a problem i never thought existed!
i managed to get several license files for other users, noticing the file names and the contents of the file, i knew i wouldnt be able to do anything to license my firmware but wat the hell, i decided to give it a shot, i renamed the file to corrospond to my APs MAC address but didnt change any of the contents of the file and uploaded it as a license...thinking the firmware will simply ignore the file and display the invalid license message, i went on and pushed the upload button...but to my surprise the message didnt appear and the file was accepted...upon refreshing the MAC address of my AP was now the one in the license file and if i attempted to change anything and select to apply the changes the all changes would be lost but the MAC woudlnt be changed.
this is when i ruled out AP router as a firmware, returning to my orignial firmware it installed flawlessly but the wireless part of the AP didnt work...it didnt scan networks, create SSIDs or join networks. in the midst of confusion i noticed that the MAC address is still the same as the one i uploaded in the license of AP router firmware, this persisted through several firmware updates and blankings of the EEPROM. attempts to return to AP router failed since it continuously refused to save and apply my changes...this is when i lost hope and the Bricking issue began coming true... later i tried to scan networks with one of the original firmwares and it did scan and showed the available networks but the LED of the wireless activity never blinked and remained off?!!
someday i hope i can figure out wat happened.
Bottom Line: DO NOT GAMBLE ON LICENSING FIRMWARE IF UNSURE, ITS NOT LIKE NORMAL PROGRAMS

Labels: ,

Smilar pages