Jump to content

Vista install of U3 packages

DingleBerries

By DingleBerries
in USB Hacks

 Share

Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

DingleBerries Newbie

DingleBerries

Posted
  • Author
Posted
server as in vps or can it be a web site hosting thing?

As long as i have ftp access to it, it really doesnt matter. Its hard for me atm because i am in the dorms and my access to open ports is limited. I tried a few free host, but they would not allow iso files or they just sucked my balls. I tried my college webspace, but the servers here, mtsu, suck ass and are always down or broken...

Link to comment
Share on other sites
twocs Newbie

twocs

Posted
Posted

Instead of reverse engineering the sandisk app, would it be easier to change the dns entry? dailygeeks.com/howto/add-a-permanent-entry-to-the-dns-cache-in-vista/ You would change your dns settings before running the installer. Instead of going to the real u3.com, the traffic would be redirected from u3.sandisk.com/download/apps/lpinstaller/isofiles/X.iso to the IP address of the server that holds X.iso that you want to be installed on the U3 partition. Once complete, you could just revert your dns settings.

You would insert this code into the host file:

75.126.127.87       u3.sandisk.com          # Redirects all traffic bound for u3.sandisk.com (in this example: redirects to hak5.org)

The advantage of this approach would be that you wouldn't need to change the installer, nor would you need to run the server on your own computer. On the other hand, if you've already nailed down how to change the installer, that approach would avoid the need to switch the Windows host file that holds this dns settings.

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
  • Author
Posted

I just switched over to Linux, so now i am trying to learn the ropes and will not have time to continue this but here is what i foud so far, hopefully some one can continue this.

1. Download Installer from the sandisk website

2. Unpack the archive, with WINrar or 7zip.

3. In your new directory,where the exe was unpacked, open the unpacked LPinstaller in a hex editor. I used Hex-Ed.

4. In hex-ed go to line 111810

5. You will see this, or something like it...REMEMBER THE "." between letters is null "00" When you see three consecutive "." in the middle there is an actual period.

s.a.n.d.i.s.k...com...u3

6. the u3 is appended to the from of sandisk so there we can either put an IP address of a server...

example

s.a.n.d.i.s.k...c.o.m...u.3 >>>>>>>>> 1.6.8....0...1...1.9.2

this will end up going to 192.168.0.1

or

s.a.n.d.i.s.k...c.o.m...u.3 >>>>>>>>> m.y.s.e.r.v.e.r...com...w.w.w

7. modify the code and sniff your traffic to make sure that it worked

8. just make the proper directories on your server

9. 3f.3f.3f.3f

10. Profit

Also, i didnt get to try this but maybe this will work on cruzers as well with a bit of editing.http://hak5.org/forums/index.php?showtopic=10367

Forget it, a Cruzer Titanium Plus is not like all the other U3-enabled cruzers ..

it has hardware AES-encryption and uses a slightly different LP-installer (and controller-chip)

than all the other sandisk u3's .

The really funny thing about it is that it uses ... "Universal Customizer" a'la Sandisk :)

Download the "Titanium Plus Only" LP-installer from Sandisk

(Note for resource-hacker fans : supports drives larger than 4GB)

http://mp3support.sandisk.com/downloads/u3updater1.0.7.8-plus.exe

Extract it with 7zip and there you have it : same DIR-structure as the "Universal Customizer"

go to : \bin and you find "LAUNCHPAD.ISO" Note the size : 10,643,456 bytes (10.1MB) !!

From there it's same procedure as always ..

NB : I think you will loose the ability to use encryption if you remove the original sandisk LP ..

As far as I recall you can delete all the CHM-helpfiles and other useless stuff inside the actual

LP-ISO an get sufficient space to include the hacksaw-files ..

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

Yeah thats the method i use in my script... just changing the hosts file.

Instead of reverse engineering the sandisk app, would it be easier to change the dns entry? dailygeeks.com/howto/add-a-permanent-entry-to-the-dns-cache-in-vista/ You would change your dns settings before running the installer. Instead of going to the real u3.com, the traffic would be redirected from u3.sandisk.com/download/apps/lpinstaller/isofiles/X.iso to the IP address of the server that holds X.iso that you want to be installed on the U3 partition. Once complete, you could just revert your dns settings.

You would insert this code into the host file:

75.126.127.87       u3.sandisk.com          # Redirects all traffic bound for u3.sandisk.com (in this example: redirects to hak5.org)

The advantage of this approach would be that you wouldn't need to change the installer, nor would you need to run the server on your own computer. On the other hand, if you've already nailed down how to change the installer, that approach would avoid the need to switch the Windows host file that holds this dns settings.

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

Can this be changed to 127.0.0.1 or localhost?

If so could you post instructions on how you did it and the programs you used to edit the hex

I just switched over to Linux, so now i am trying to learn the ropes and will not have time to continue this but here is what i foud so far, hopefully some one can continue this.

1. Download Installer from the sandisk website

2. Unpack the archive, with WINrar or 7zip.

3. In your new directory,where the exe was unpacked, open the unpacked LPinstaller in a hex editor. I used Hex-Ed.

4. In hex-ed go to line 111810

5. You will see this, or something like it...REMEMBER THE "." between letters is null "00" When you see three consecutive "." in the middle there is an actual period.

s.a.n.d.i.s.k...com...u3

6. the u3 is appended to the from of sandisk so there we can either put an IP address of a server...

example

s.a.n.d.i.s.k...c.o.m...u.3 >>>>>>>>> 1.6.8....0...1...1.9.2

this will end up going to 192.168.0.1

or

s.a.n.d.i.s.k...c.o.m...u.3 >>>>>>>>> m.y.s.e.r.v.e.r...com...w.w.w

7. modify the code and sniff your traffic to make sure that it worked

8. just make the proper directories on your server

9. 3f.3f.3f.3f

10. Profit

Also, i didnt get to try this but maybe this will work on cruzers as well with a bit of editing.http://hak5.org/forums/index.php?showtopic=10367

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
  • Author
Posted
dinglebell, did you get my pm? i fixed the ftp problem

I auctually stopped the whole thing. But the dummy payloads are still on your server. If someone wanted to modify it themselves then they could use your ftp server if thats still viable. Thank you so much for letting me use it and try it, but i think that encrypting packages is way more sufficient then. Thank you again

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

after much searching apparently this has already been done. and the files were on hak5... woulda been nice if someone had mentioned there was already a modified lpinstaller.exe from 3 years ago now there's no need to spoof the website.

<_<

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted
lol, how did you find out?

looking around the interwebs... anyways i suppose it only works with sandisk u3 drives i tried it on my geeksquad u3 drive and the old lpinstaller.exe from 06 doesnt work on it. It says its not a compatible drive. However the new lpinstaller program still works if you spoof the website. Maybe we could get some input on whoever modified the original one to see if we can modify the new one too?

if possible it would be nice to be able to use a local iso only like the old one allowed. At the very least it would be nice to have it only search localhost as opposed to u3.sandisk.com. I have wrote a script that works around it by changing your hosts file for you but id rather not even do that if its possible to install an iso from the local harddrive.

Link to comment
Share on other sites
Steve8x Newbie

Steve8x

Posted
Posted

I had tried this a long time ago, and I recently tried it again it does not work for me!

I have an apache web server running on my machine... If I modify my hosts file and and point u3.sandisk.com to 127.0.0.1(localhost)

When I try to run lpinstaller it fails immediately! It says "Download of u3 launchpad failed!"

exactly like this image that someone posted:

hexed.jpg

it does not even seem like it tries to download it, and just immediately says download failed!

I have my directory structure setup correctly you can double check:

http://popeax.com/download/apps/lpinstaller/isofiles/

(popeax.com is my domain name, which forwards to my ip address)

also you claim:

Step 8. None of the data on the flash partition will not be touched.

When I ran it it said my data would have to be backed up, and it gave me the option to backup the data or format the drive!!! <_<

I had downloaded the latest version of lpinstaller from the website too!

Also I tried looking through the EXE in olly and a hex editor and I did not find "u3.sandisk.com" or /download/apps/lpinstaller/isofiles/" or anything in between! not in ascii or unicode!! So i'm not sure how you found those strings. If I could find those strings I could easily mod it to point somewhere else since the EXE is not packed! but it still probably wont work (at least for me)

the closest thing I found was "u3.com" but thats all...

Anyways, I don't have vista but I don't see why that would matter...

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

well when i was trying to debug it i realized that the download is a zip archive of a few files including the lpinstaller.exe so you have to extract it with 7zip first then run olly on the extracted lpinstaller... i found the location of the url but i wasnt really sure how to modify that value... im no good with hex editing... also i found out that the program checks the autorun.inf file on the iso partition and whatever you have as the brand=X3N actually is what it appends to the front of the iso name for example...

brand=cruzer then it looks for cruzer-autorun.iso and

brand=X3N then it looks for X3N-autorun.iso

so if you customized your own autorun.inf file or have a non cruzer u3 drive you have to change the name of your file.

Link to comment
Share on other sites
X3N Newbie

X3N

Posted
Posted

here is where i found the url in olly debugger. also i found some interesting things about what system calls it uses when it runs the copy process.

First the program extracts itself to a temp location

C:\Documents and Settings\engineer1\Local Settings\Temp\RarSFX0 this is where the 7zip and dll files and the lpinstaller goes when you double click on the original downloaded file lpinstaller.exe

the iso file gets downloaded to this location

C:\Documents and Settings\engineer1\Application Data\U3\temp

The download starts immediately when you start the lpinstaller.exe program. and stores the iso in the temp location till you click through all the dialog prompts.

then the program reaches out to the internet and downloads the appropriate iso file depending on the brand name on your autorun.inf file. i.e. $yourbrand-autorun.iso

then the program uses a windows call

IRP_MJ_DEVICE_CONTROL to control the usb device and then uses the

IOCTL_SCSI_PASS_THROUGH_DIRECT to write the data to the iso portion of the drive copying the iso skipping offset=0 length=512 to start the upload of the iso at offset=512 and length= 4096 and then 4096 chunks till the entire file is written to the iso partition.

I would say im decent at investigating stuff but i suck at programming and hex editing. I've only just started to learn c++ but am not much further then just doing simple math with it.

It seems logical enough to be able to write our own program for flashing the drive but i wouldnt even know where to start.

Link to comment
Share on other sites
DingleBerries Newbie

DingleBerries

Posted
  • Author
Posted

does the installer for the titanium work for non titanium drives?

C++ I might be able to help you with this in a few days, school and what not. If you will send me a pm just to remind me & with your email, I will do a quick modified installer and send it to your email.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...