ghell
-
Posts
16 -
Joined
-
Last visited
Posts posted by ghell
-
-
Episode 5x03
in Hak5
I don't see what was so hard to "decipher", that's a fairly standard way of writing it (though it is not a written language, of course).yeah...i would have found it easier to decipher had it been in a format like:
.-.
...
....
--
.--
where each character has its own line
Personally, I'm just too lazy to look for the letters when I am trying to watch the show. When I am busy watching a segment I tend to miss them anyway so I would have to go back and look for them specifically. I don't see why the letters are necessary anyway, it's the random selection of the winner out of all of the correct answers (rather than the first answer posted) that helps fairness, not the letters.
-
Episode 5x03
in Hak5
TV Tuner sharing.You could use Skype and set the video to use the TV tuner then set up an automatic chat and script some chat commands to send channel changes, volume changes by keywords in chat.
You could also use MythTV if you have a spare machine to put the tuners into. The backend needs to be Linux but there are Windows (and probably Mac) frontends. My main problem with Myth is that it seems to only work with either really old tuners or small crappy USB tuners, while I also find the myth frontend to be a nightmare to use when compared with Windows Media Center's interface (I also find GIMP and Blender to be horrible).
-
Episode 5x03
in Hak5
I've just got up to the part where Darren is disappointed at the lack of analogue points on the little board so I thought I'd point out that you can probably do whatever you want with PWM, depending on what it is you want to do of course (this lets you use a digital output for an LED that you can dim, for example, as long as the frequency of the chip is high enough that you don't see the flicker - LEDs turn on and off fast).
-
Try these tools:
http://www.forensicswiki.org/index.php?tit...s:Data_Recovery
Your in file carving territory here to get the missing data back but it is possible. You should take an raw image of the drive to work from though.
Windows isn't that robust so the odd things your seeing are to be expected, you should see if you can access the event logs to throw some light on the issues but I would skip this test and go straight to a forensic recovery of the data.
Thanks, I'll take a look.
-
It was stupid by my own admission (see first post) but before this thread, I was completely oblivious to testdisk's existence, let alone knowing what it did (the name doesn't really imply anything to do with recovery, I had assumed it was something closer to fsck) so I panicked and set up the partition again with gparted, with exactly the same geometry (as you said) but it didn't work. I expect gparted overwrote part of the filesystem data when I did this, even though I left it on no filesystem when I made the partition.The first thing you did (use gparted to 'recreate' the partition) was the big mistake. The only chance it had of working was if the partition start and end points are the same as they where before, but even then depending on how you deleted the partition, it may be not.What you should have done instead is run testdisk. I'v fouled up in this way before and testdisk has saved me. Still, testdisk left the system unbooable, but that is only a minor problem compared to not having access to the data on the partition.
The file permissions would have been an issue. A new install of XP/Vista would have generated new UID's which wouldn't match those on your existing files.They would have been an issue with copying the files over an existing installation but not if I could have just recovered the partition table and any filesystem metadata that probably lives right at the start of the partition. However, I could get up to the login prompt fine by copying recovered files over an existing installation (even getting my screen resolution correct, so it must have loaded my graphics drivers properly from the recovered data). It seems to start logging in but then goes back to the login screen rather than showing a desktop (but it must still be logged in because I can hear it loading away on my hard drive and if I try to log in again, it logs out as if it is switching users).
The reason I was (I've all but given up now) trying so hard to get it back to a working partition rather than copying files over was that I had spent 2 years without formatting that Windows installation and I had everything exactly as I wanted. Even though the disk has not been written to since I messed it up, there were a couple of files here and there (roughly 1 in every 1000 files) that had holes in or were missing when I recovered them too. Annoyingly, one of these was also a directory so I couldn't recover anything in that directory (which seems odd to me, as that recovery software will recover deleted files and directories fine so I would have thought that it would be able to see at least the files inside there even if the directory itself had a problem.
I also assume that $MFT (which recovered fully) contains the information for the whole file system on that partition, so if the recovery software looked in there, wouldn't it be able to recover everything quickly without having to deep scan for anything else?
-
Thanks for the suggestions but I have tried copying all of the recovered files to a new hard drive, setting it as active and running windows repair from the Vista disk (it is Vista). It doesn't show up in the list for the Vista repair DVD so unless there is a command I can run from the repair command prompt, I don't think I can get that to work.
I will have a look at the ptdd.com link.
What I am saying is that you have managed to foul up the system beyond all hope of repair. You can't just copy over files from another install of windows because of the way windows managed permissions with things called SID's and pretty much every step you have done has made it worse. The correct thing to do would have been recover the partition on the drive and mark it as active again. but this is no longer possible. What you need to do is get your data back, and reinstall the system again, then mark this one up to experience. The disk is probally fine, as is the partition, but the windows install is FUBAR hence this is the correct term.Every step I have done has not made it worse, as I said I am not actually writing anything new to the problematic hard drive. Everything I have done has been using recovered files onto a different hard drive.
Permissions would not be an issue if I could just fix the partition table at the start of the disk. I am assuming that when you delete a partition in gparted, all it does is overwrite the partition table so if I can recover that (probably only a few hundred bytes at the start of the disk), all the data should still be there, similar to having a pointer in C. If you delete the pointer, the data is still there even though you can't access it but if you recreate the pointer, you can use it again easily.
-
There's no need for that. I'm only asking for help. If you don't have anything nice (or useful) to say, don't say anything at all.
Testdisk did not find the partition correctly in the deep scan. It seemed to find it at first on a backup sector but when I tried to list the files, it only showed one small file.
Strangely, even fdisk seems to think that the gparted created NTFS partition is ext (83) at first and when I put a USB pen drive in to get the log file, it thought it was FAT16.
Here's the log (it wouldn't let me attach the file itself as a .log, .txt, .log.gz, .zip, etc so sorry about posting it in the big code block):
Fri Feb 20 14:58:14 2009 Command line: TestDisk TestDisk 6.9, Data Recovery Utility, February 2008 Christophe GRENIER <grenier@cgsecurity.org> http://www.cgsecurity.org Linux version (ext2fs lib: 1.41.3, ntfs lib: 10:0:0, reiserfs lib: none, ewf lib: none) Hard disk list Disk /dev/sda - 250 GB / 232 GiB - CHS 30401 255 63, sector size=512 - ATA ST3250620AS Disk /dev/sda - 250 GB / 232 GiB - ATA ST3250620AS Partition table type: Intel Analyse Disk /dev/sda - 250 GB / 232 GiB - CHS 30401 255 63 Geometry from i386 MBR: head=255 sector=63 check_part_i386 failed for partition type 83 get_geometry_from_list_part_aux head=255 nbr=2 get_geometry_from_list_part_aux head=8 nbr=1 get_geometry_from_list_part_aux head=16 nbr=1 get_geometry_from_list_part_aux head=32 nbr=1 get_geometry_from_list_part_aux head=64 nbr=1 get_geometry_from_list_part_aux head=128 nbr=1 get_geometry_from_list_part_aux head=240 nbr=1 get_geometry_from_list_part_aux head=255 nbr=2 Current partition structure: No EXT2, JFS, Reiser, cramfs or XFS marker 1 * Linux 0 1 1 30400 254 63 488392002 1 * Linux 0 1 1 30400 254 63 488392002 Ask the user for vista mode Computes LBA from CHS for Disk /dev/sda - 250 GB / 232 GiB - CHS 30402 255 63 Allow partial last cylinder : Yes search_vista_part: 1 search_part() Disk /dev/sda - 250 GB / 232 GiB - CHS 30402 255 63 NTFS at 0/1/1 filesystem size 488392002 sectors_per_cluster 8 mft_lcn 4 mftmirr_lcn 30524500 clusters_per_mft_record -10 clusters_per_index_record 1 D HPFS - NTFS 0 1 1 30400 254 63 488392002 NTFS, 250 GB / 232 GiB get_geometry_from_list_part_aux head=255 nbr=2 get_geometry_from_list_part_aux head=8 nbr=1 get_geometry_from_list_part_aux head=16 nbr=1 get_geometry_from_list_part_aux head=32 nbr=1 get_geometry_from_list_part_aux head=64 nbr=1 get_geometry_from_list_part_aux head=128 nbr=1 get_geometry_from_list_part_aux head=240 nbr=1 get_geometry_from_list_part_aux head=255 nbr=2 Results * HPFS - NTFS 0 1 1 30400 254 63 488392002 NTFS, 250 GB / 232 GiB ntfs_device_testdisk_io_ioctl() unimplemented ntfs_ucstoutf8: iconv_open failed dir_partition inode=5 * HPFS - NTFS 0 1 1 30400 254 63 488392002 NTFS, 250 GB / 232 GiB Directory / 5 dr-xr-xr-x 0 0 0 18-Feb-2009 21:00 . 5 dr-xr-xr-x 0 0 0 18-Feb-2009 21:00 .. interface_write() 1 * HPFS - NTFS 0 1 1 30400 254 63 488392002 search_part() Disk /dev/sda - 250 GB / 232 GiB - CHS 30402 255 63 NTFS at 0/1/1 filesystem size 488392002 sectors_per_cluster 8 mft_lcn 4 mftmirr_lcn 30524500 clusters_per_mft_record -10 clusters_per_index_record 1 D HPFS - NTFS 0 1 1 30400 254 63 488392002 NTFS, 250 GB / 232 GiB NTFS at 30400/254/63 filesystem size 488392002 sectors_per_cluster 8 mft_lcn 4 mftmirr_lcn 30524500 clusters_per_mft_record -10 clusters_per_index_record 1 D HPFS - NTFS 0 1 1 30400 254 63 488392002 NTFS found using backup sector!, 250 GB / 232 GiB NTFS at 30401/42/41 filesystem size 488392704 sectors_per_cluster 8 mft_lcn 786432 mftmirr_lcn 30524543 clusters_per_mft_record -10 clusters_per_index_record 1 D HPFS - NTFS 0 32 33 30401 42 41 488392704 NTFS found using backup sector!, 250 GB / 232 GiB get_geometry_from_list_part_aux head=255 nbr=2 get_geometry_from_list_part_aux head=8 nbr=1 get_geometry_from_list_part_aux head=16 nbr=1 get_geometry_from_list_part_aux head=32 nbr=1 get_geometry_from_list_part_aux head=64 nbr=1 get_geometry_from_list_part_aux head=128 nbr=1 get_geometry_from_list_part_aux head=240 nbr=1 get_geometry_from_list_part_aux head=255 nbr=2 Results D HPFS - NTFS 0 1 1 30400 254 63 488392002 NTFS, 250 GB / 232 GiB D HPFS - NTFS 0 32 33 30401 42 41 488392704 NTFS found using backup sector!, 250 GB / 232 GiB ntfs_device_testdisk_io_ioctl() unimplemented ntfs_device_testdisk_io_ioctl() unimplemented NTFS filesystem need to be repaired. ntfs_ucstoutf8: iconv_open failed dir_partition inode=5 ntfs_readdir failed D HPFS - NTFS 0 32 33 30401 42 41 488392704 NTFS found using backup sector!, 250 GB / 232 GiB Directory / 5 dr-xr-xr-x 0 0 0 23-Oct-2007 04:31 . 5 dr-xr-xr-x 0 0 0 23-Oct-2007 04:31 .. 141989 -r--r--r-- 0 0 1934 8-Feb-2008 19:31 MPUsbSIn.log ntfs_device_testdisk_io_ioctl() unimplemented ntfs_ucstoutf8: iconv_open failed dir_partition inode=5 D HPFS - NTFS 0 1 1 30400 254 63 488392002 NTFS, 250 GB / 232 GiB Directory / 5 dr-xr-xr-x 0 0 0 18-Feb-2009 21:00 . 5 dr-xr-xr-x 0 0 0 18-Feb-2009 21:00 .. Change partition type: D HPFS - NTFS 0 32 33 30401 42 41 488392704 NTFS found using backup sector!, 250 GB / 232 GiB Change partition type: D HPFS - NTFS 0 32 33 30401 42 41 488392704 NTFS found using backup sector!, 250 GB / 232 GiB interface_write() No partition found or selected for recovery simulate write! write_mbr_i386: starting... write_all_log_i386: starting... No extended partition Interface Advanced Geometry from i386 MBR: head=255 sector=63 check_part_i386 failed for partition type 83 get_geometry_from_list_part_aux head=255 nbr=2 get_geometry_from_list_part_aux head=8 nbr=1 get_geometry_from_list_part_aux head=16 nbr=1 get_geometry_from_list_part_aux head=32 nbr=1 get_geometry_from_list_part_aux head=64 nbr=1 get_geometry_from_list_part_aux head=128 nbr=1 get_geometry_from_list_part_aux head=240 nbr=1 get_geometry_from_list_part_aux head=255 nbr=2 1 * Linux 0 1 1 30400 254 63 488392002 Change partition type: 1 * HPFS - NTFS 0 1 1 30400 254 63 488392002 New options : Dump : No Cylinder boundary : Yes Allow partial last cylinder : Yes Expert mode : No TestDisk exited normally.
-
Will Getdataback NTFS and Testdisk be able to restore the deleted partition or just recover individual files? (because I can already just recover individual files)
I am currently running a deep scan with Testdisk from the latest gparted live CD. Before I started running the deep scan, it only found the new empty partition but now its 31% through the deep scan and nothing new has appeared yet.
Also, if you succesfully copied all of the files to another drive, it should be easy to make it bootable by using some windows repair tools.I tried the Vista install DVD's "repair" feature but it wouldn't even detect it as a windows installation, so it wouldn't repair it.
I have tried installing a new copy of Vista to a new drive (so that the original is still as untouched as possible) that is the same size and then overwriting that entire installation with the recovered directories (I just used \Users, \Program Files, \Program Files (x86), \ProgramData and \Windows). When I boot off that disk it tells me that the boot loader is damaged, so I repair it with the installation CD and after a reboot, I get up to a login prompt. I type my password and the screen goes black, just showing a cursor. It is fine up to there but then goes back to the login screen. If I type my password again, it says "Logging out", goes black and then back to the login screen again. I don't know if this approach will work in the end but it is the furthest I have got so far. Does anyone know what would be causing it to stop where it is stopping (e.g. if my user does not have permissions to read its own user directory) or how to fix that to get it to at least log in?
-
I accidentally deleted an NTFS partition with gparted then, stupidly, tried to recreate it (with gparted) hoping that the files there would reappear, which of course they didn't.
I didn't make a backup image with dd but I have been able to scan the drive with various commercial Windows tools and it can still find all of the files, even the system file \$MFT. The problem is that even if I manually copy all of the files out of these tools to a blank hard drive, I can't boot Windows off it as I could before, its just a drive with a bunch of files on it.
DiskInternals, for example, scans the drive (taking about 2 hours) and when it is done, shows a list of partitions, with some numbers in the names. I think these numbers may be where the partition starts and I know exactly which one I want to recover (it was supposed to be the only partition on the drive but it also shows some 3mb "Boot" partitions that I have never seen before). However, all it lets me do is recover files to another hard drive rather than restoring the file system that it has found.
Is it possible to restore an old partition that has been deleted with dd (or anything else)? I think that all I want to recover is the MBR (if that's all that contains the partition table) and any NTFS data at the start of the disk and all of the files should just reappear after that.
-
I just hope that Dirac (VC-2) is considered in the future, as it is completely free, really good quality at a relatively small file size and scales well on both SD and HD (and beyond). The whole point in it is to be good enough to carry HD broadcast signals down SD cables without any visual loss, which kind of speaks for itself with regards to impressiveness.
It currently plays on a few players including VLC and I think mplayer but it will probably be a lot more popular in about 6 months :)
I don't know how much control you have over it though or what restrictions rev3 put on.
-
God, the thing I hated most about university (and, to be honest, a lot of Linux users are like this but that doesn't make me want to stop using Linux) was elitist people picking out tiny little spelling mistakes and the like on my NNTP posts and making snide remarks about them.
I looked it up in a dictionary before posting but I'm not going to scan the page so I'll just quote the Wiktionary:
Adjective:
... the value of a data item (such as time) is represented by a continuously variable physical quantity that can be measured (such as the shadow of a sundial)
Noun:
Something that bears an analogy to something else. <-- may not be exactly correct but sounds about right to me and I definitely used it as a noun, not an adjective. The dictionary I used phrased it slightly differently and didn't use the word "analogy", of course, or I would have used that.
As far as I can see, that means that when you make an analogy, something becomes an analogue of something else. If you say something like "an analogue signal", you are saying that your signal (noun) is analogue (adjective).
In fact, when you say "My Analogues are all going digital and HD", you're using a plural form of the noun (and for some reason capitalised it), so you made some mistakes too. It's easy to nit pick but not very nice.
Back on topic now, I forgot to mention in my last post that I did have some problems with pfSense running as the firewall on a VMWare virtual network using pretty much the same setup that Matt showed in the episode (though on an older version I assume, since it was a while ago). I run a lot of VMs on one physical server and wanted some better control over it without having to pay for a proper firewall from the data centre, so I put pfSense on and connected the VMs to it (and only to it) through its own virtual NIC (#4 if I remember rightly). It worked fine for me but within a day the data centre had terminated my service because it was interfering with other physical machines somehow. I don't know how, it wasn't using DHCP on either side of it and it seems like being able to change the IP address that your neighbour gets from being on the same ISP as you with a Linksys "router" in your house. Just something to be careful of when setting it up.
For most users I think the trick here is that you can set the rules in "Rules" or you can set them in "NAT". If you set them in one, you can make it automatically set the other and it's fine but it doesn't work the other way around.Adding rules to pfSense isn't the most intuitive thing going...you really need to know what you're doing.I also find that when I change rules and then hit "Apply", it tends to close all of my existing connections during the split second it takes to make the changes so it can be a problem if I am downloading files or whatever. I've never had that problem using the "Port Fowarding" tab on a WRT54G.
-
I've been using pfSense since the original SmoothWall segment (since SmoothWall has nuisances like not working if you have 2 hard drives and m0n0wall is mainly aimed at embedded devices) and I've loved it the whole time.
Setting up a Squid server (or whatever) in it in just a few clicks is awesome. They did tell me that they would never support IPv6 for it back then though.
I loved Matt's analogue, as I come out with weird crappy analogues like that all the time but people just look at me funny.
I also hope that Darren does more code segments like last week rather than taking the code corrections to heart. It was a little messy but its not about elegant code in those segments, it's about doing cool new things that people probably haven't thought of before. Like he said in 4x24, people on the forum can tidy it up anyway. Even the "tidy" version posted could be tidied further if it were really that important.
-
Episode 4x24
in Hak5
If you are going to do that (assuming python is the hammer available, etc) you may as well just use a dictionary inside the actual python file, making the python file pretty much 1 dictionary of hosts (or old IP addresses) to new ones and then 1 line of code to run the netsh command line, passing in the current data as the key to the dictionary and concatenating that into the command line to run.
I expect it is also possible entirely inside the Windows PowerShell if that is available but I can't get my head around that massive list of weird, long named, hyphenated commands.
If you didn't have internet access working after the command line change, your network is probably set up differently to the example (e.g. common default gateways for home LANs are typically one of 192.168.0.1, 192.168.1.1 or 192.168.0.254). In this case, they are moving from 192.168.*.* to something like 10.*.*.* so the default gateway would change anyway and someone in control of such a large network is unlikely to make such mistakes.
By the way, Python supports booleans so you don't have to use 't' and 'f' strings (you could use the True and False keywords) and if you are going to use a boolean to toggle between the lines like that, you may as well just read 2 lines on each pass of the loop.
-
Episode 4x24
in Hak5
What about sending out a batch file to all the computers that you need to update, just have it retrieve the ip from a second batch file on the network. The batch file on the network could keep track of the ips it has given out via a text file. The only problem i see is if all the computers try and run the batch file at the same time, is there a way you could stagger when the computers ran the file?This race condition is commonly overcome with a lock file or a semaphore of some sort. If something is already asking for an IP address, wait until it is done and then try again (usually a small but random wait).
If that isn't possible in batch, it may be better to use vbs or even C, C#, python, dare I say php, etc (depending on what is available).
Alternatively, they could just be scheduled so that they are staggered. If you know the order they ask for them in (and are sure that none will be skipped because they are turned off or whatever), you can infer which IP address they should get.
I would have thought the bigger problem with this approach would be keeping some kind of structure for the topology (e.g. one range of IP addresses for one physical room).
If the host name is already structured, that could be used to structure the new IP addresses too without having to build a table for it.
As for the Magpie thing, go ahead and add that to the list of shit Darren can't pronounce. Like Yahsager and "C.O dot U.K"I'm glad you took it well. I didn't mean any offence but getting your pronunciation corrected is never nice. Just goes to show the awesomeness of Darren!
-
Episode 4x24
in Hak5
Just a quick one:
I don't like to complain and correct people but assuming it isn't due to a cultural difference I'm pretty sure Magpie RSS is pronounced mag-PIE (like the bird - the bird they actually show on their sourceforge page) rather than mag-pee.
Just think of this, you eat pie not pee ;)
Otherwise good so far, still watching it :) I love the epic code. It's been so long since a proper code segment!
P.S. any chance of the HD RSS feed getting onto hak5.org (rather than just revision3)?
Episode 5x03
in Hak5
Posted
If its analogue input that is needed (as, obviously, PWM is only useful to simulate analogue output), I don't think an ADC would work to well, at least not a simple one. However, there should be plenty of digital probes and such that can be used if there are digital inputs. I'm not sure on pricing though. I had assumed output was all that was needed as it is all you need to control an RC tank. My experience has all been at the Microchip PIC level with USB/HID directly on Windows and Linux, not using phidgets or whatever the similar thing was that Darren mentioned in the episode.