Jen Posted October 23, 2008 Share Posted October 23, 2008 server as in vps or can it be a web site hosting thing? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted October 23, 2008 Author Share Posted October 23, 2008 server as in vps or can it be a web site hosting thing? As long as i have ftp access to it, it really doesnt matter. Its hard for me atm because i am in the dorms and my access to open ports is limited. I tried a few free host, but they would not allow iso files or they just sucked my balls. I tried my college webspace, but the servers here, mtsu, suck ass and are always down or broken... Quote Link to comment Share on other sites More sharing options...
Jen Posted October 23, 2008 Share Posted October 23, 2008 i can provide the hosting then, just don't mess up the accts. pm me and i'll pm you the details Quote Link to comment Share on other sites More sharing options...
twocs Posted October 26, 2008 Share Posted October 26, 2008 Instead of reverse engineering the sandisk app, would it be easier to change the dns entry? dailygeeks.com/howto/add-a-permanent-entry-to-the-dns-cache-in-vista/ You would change your dns settings before running the installer. Instead of going to the real u3.com, the traffic would be redirected from u3.sandisk.com/download/apps/lpinstaller/isofiles/X.iso to the IP address of the server that holds X.iso that you want to be installed on the U3 partition. Once complete, you could just revert your dns settings. You would insert this code into the host file: 75.126.127.87      u3.sandisk.com          # Redirects all traffic bound for u3.sandisk.com (in this example: redirects to hak5.org) The advantage of this approach would be that you wouldn't need to change the installer, nor would you need to run the server on your own computer. On the other hand, if you've already nailed down how to change the installer, that approach would avoid the need to switch the Windows host file that holds this dns settings. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted October 26, 2008 Author Share Posted October 26, 2008 I just switched over to Linux, so now i am trying to learn the ropes and will not have time to continue this but here is what i foud so far, hopefully some one can continue this. 1. Download Installer from the sandisk website 2. Unpack the archive, with WINrar or 7zip. 3. In your new directory,where the exe was unpacked, open the unpacked LPinstaller in a hex editor. I used Hex-Ed. 4. In hex-ed go to line 111810 5. You will see this, or something like it...REMEMBER THE "." between letters is null "00" When you see three consecutive "." in the middle there is an actual period. s.a.n.d.i.s.k...com...u3 6. the u3 is appended to the from of sandisk so there we can either put an IP address of a server... example s.a.n.d.i.s.k...c.o.m...u.3 >>>>>>>>> 1.6.8....0...1...1.9.2 this will end up going to 192.168.0.1 or s.a.n.d.i.s.k...c.o.m...u.3 >>>>>>>>> m.y.s.e.r.v.e.r...com...w.w.w 7. modify the code and sniff your traffic to make sure that it worked 8. just make the proper directories on your server 9. 3f.3f.3f.3f 10. Profit Also, i didnt get to try this but maybe this will work on cruzers as well with a bit of editing.http://hak5.org/forums/index.php?showtopic=10367 Forget it, a Cruzer Titanium Plus is not like all the other U3-enabled cruzers .. it has hardware AES-encryption and uses a slightly different LP-installer (and controller-chip) than all the other sandisk u3's . The really funny thing about it is that it uses ... "Universal Customizer" a'la Sandisk :) Download the "Titanium Plus Only" LP-installer from Sandisk (Note for resource-hacker fans : supports drives larger than 4GB) http://mp3support.sandisk.com/downloads/u3updater1.0.7.8-plus.exe Extract it with 7zip and there you have it : same DIR-structure as the "Universal Customizer" go to : \bin and you find "LAUNCHPAD.ISO" Note the size : 10,643,456 bytes (10.1MB) !! From there it's same procedure as always .. NB : I think you will loose the ability to use encryption if you remove the original sandisk LP .. As far as I recall you can delete all the CHM-helpfiles and other useless stuff inside the actual LP-ISO an get sufficient space to include the hacksaw-files .. Quote Link to comment Share on other sites More sharing options...
SWFu Posted October 26, 2008 Share Posted October 26, 2008 I really didn't think it was possible to change the length of the url easily! Hey, if i find time over the xmas hols I might rewrite the customizer, for remote or local iso, it's really not rocket sceince. Quote Link to comment Share on other sites More sharing options...
X3N Posted October 28, 2008 Share Posted October 28, 2008 Yeah thats the method i use in my script... just changing the hosts file. Instead of reverse engineering the sandisk app, would it be easier to change the dns entry? dailygeeks.com/howto/add-a-permanent-entry-to-the-dns-cache-in-vista/ You would change your dns settings before running the installer. Instead of going to the real u3.com, the traffic would be redirected from u3.sandisk.com/download/apps/lpinstaller/isofiles/X.iso to the IP address of the server that holds X.iso that you want to be installed on the U3 partition. Once complete, you could just revert your dns settings. You would insert this code into the host file: 75.126.127.87      u3.sandisk.com          # Redirects all traffic bound for u3.sandisk.com (in this example: redirects to hak5.org) The advantage of this approach would be that you wouldn't need to change the installer, nor would you need to run the server on your own computer. On the other hand, if you've already nailed down how to change the installer, that approach would avoid the need to switch the Windows host file that holds this dns settings. Quote Link to comment Share on other sites More sharing options...
X3N Posted October 28, 2008 Share Posted October 28, 2008 Can this be changed to 127.0.0.1 or localhost? If so could you post instructions on how you did it and the programs you used to edit the hex I just switched over to Linux, so now i am trying to learn the ropes and will not have time to continue this but here is what i foud so far, hopefully some one can continue this. 1. Download Installer from the sandisk website 2. Unpack the archive, with WINrar or 7zip. 3. In your new directory,where the exe was unpacked, open the unpacked LPinstaller in a hex editor. I used Hex-Ed. 4. In hex-ed go to line 111810 5. You will see this, or something like it...REMEMBER THE "." between letters is null "00" When you see three consecutive "." in the middle there is an actual period. s.a.n.d.i.s.k...com...u3 6. the u3 is appended to the from of sandisk so there we can either put an IP address of a server... example s.a.n.d.i.s.k...c.o.m...u.3 >>>>>>>>> 1.6.8....0...1...1.9.2 this will end up going to 192.168.0.1 or s.a.n.d.i.s.k...c.o.m...u.3 >>>>>>>>> m.y.s.e.r.v.e.r...com...w.w.w 7. modify the code and sniff your traffic to make sure that it worked 8. just make the proper directories on your server 9. 3f.3f.3f.3f 10. Profit Also, i didnt get to try this but maybe this will work on cruzers as well with a bit of editing.http://hak5.org/forums/index.php?showtopic=10367 Quote Link to comment Share on other sites More sharing options...
Jen Posted October 28, 2008 Share Posted October 28, 2008 use hexworkshop? Quote Link to comment Share on other sites More sharing options...
X3N Posted October 28, 2008 Share Posted October 28, 2008 i started a new topic with some source code i will be posting the lpinstaller helper shortly Quote Link to comment Share on other sites More sharing options...
Jen Posted October 29, 2008 Share Posted October 29, 2008 dinglebell, did you get my pm? i fixed the ftp problem Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted October 29, 2008 Author Share Posted October 29, 2008 dinglebell, did you get my pm? i fixed the ftp problem I auctually stopped the whole thing. But the dummy payloads are still on your server. If someone wanted to modify it themselves then they could use your ftp server if thats still viable. Thank you so much for letting me use it and try it, but i think that encrypting packages is way more sufficient then. Thank you again Quote Link to comment Share on other sites More sharing options...
Jen Posted October 29, 2008 Share Posted October 29, 2008 wait, so wat is the latest way of doing it? Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted October 29, 2008 Author Share Posted October 29, 2008 wait, so wat is the latest way of doing it? changing your host file.. or downloading the newest u3 customizer. Its somewhere on the forums Quote Link to comment Share on other sites More sharing options...
X3N Posted October 29, 2008 Share Posted October 29, 2008 changing your host file.. or downloading the newest u3 customizer. Its somewhere on the forums so you didnt get the hex edit to work right? Quote Link to comment Share on other sites More sharing options...
X3N Posted October 29, 2008 Share Posted October 29, 2008 check out my codez http://hak5.org/forums/index.php?showtopic=10486 here is a preview of the xp and vista installer program im working on Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted October 29, 2008 Author Share Posted October 29, 2008 so you didnt get the hex edit to work right? I did. It should be explained in one of the above post. I just reformatted and switched operating systems. Plus the only real benefit of this would be distribution of a non malicious payload, say for a corporation. Quote Link to comment Share on other sites More sharing options...
Jen Posted October 30, 2008 Share Posted October 30, 2008 so dingleberries, teach me how to use my ftp and configure the installer to point to my ftp? Quote Link to comment Share on other sites More sharing options...
X3N Posted October 31, 2008 Share Posted October 31, 2008 after much searching apparently this has already been done. and the files were on hak5... woulda been nice if someone had mentioned there was already a modified lpinstaller.exe from 3 years ago now there's no need to spoof the website. <_< Quote Link to comment Share on other sites More sharing options...
Jen Posted October 31, 2008 Share Posted October 31, 2008 lol, how did you find out? Quote Link to comment Share on other sites More sharing options...
X3N Posted October 31, 2008 Share Posted October 31, 2008 lol, how did you find out? looking around the interwebs... anyways i suppose it only works with sandisk u3 drives i tried it on my geeksquad u3 drive and the old lpinstaller.exe from 06 doesnt work on it. It says its not a compatible drive. However the new lpinstaller program still works if you spoof the website. Maybe we could get some input on whoever modified the original one to see if we can modify the new one too? if possible it would be nice to be able to use a local iso only like the old one allowed. At the very least it would be nice to have it only search localhost as opposed to u3.sandisk.com. I have wrote a script that works around it by changing your hosts file for you but id rather not even do that if its possible to install an iso from the local harddrive. Quote Link to comment Share on other sites More sharing options...
Steve8x Posted October 31, 2008 Share Posted October 31, 2008 I had tried this a long time ago, and I recently tried it again it does not work for me! I have an apache web server running on my machine... If I modify my hosts file and and point u3.sandisk.com to 127.0.0.1(localhost) When I try to run lpinstaller it fails immediately! It says "Download of u3 launchpad failed!" exactly like this image that someone posted: it does not even seem like it tries to download it, and just immediately says download failed! I have my directory structure setup correctly you can double check: http://popeax.com/download/apps/lpinstaller/isofiles/ (popeax.com is my domain name, which forwards to my ip address) also you claim: Step 8. None of the data on the flash partition will not be touched. When I ran it it said my data would have to be backed up, and it gave me the option to backup the data or format the drive!!! <_< I had downloaded the latest version of lpinstaller from the website too! Also I tried looking through the EXE in olly and a hex editor and I did not find "u3.sandisk.com" or /download/apps/lpinstaller/isofiles/" or anything in between! not in ascii or unicode!! So i'm not sure how you found those strings. If I could find those strings I could easily mod it to point somewhere else since the EXE is not packed! but it still probably wont work (at least for me) the closest thing I found was "u3.com" but thats all... Anyways, I don't have vista but I don't see why that would matter... Quote Link to comment Share on other sites More sharing options...
X3N Posted October 31, 2008 Share Posted October 31, 2008 well when i was trying to debug it i realized that the download is a zip archive of a few files including the lpinstaller.exe so you have to extract it with 7zip first then run olly on the extracted lpinstaller... i found the location of the url but i wasnt really sure how to modify that value... im no good with hex editing... also i found out that the program checks the autorun.inf file on the iso partition and whatever you have as the brand=X3N actually is what it appends to the front of the iso name for example... brand=cruzer then it looks for cruzer-autorun.iso and brand=X3N then it looks for X3N-autorun.iso so if you customized your own autorun.inf file or have a non cruzer u3 drive you have to change the name of your file. Quote Link to comment Share on other sites More sharing options...
X3N Posted October 31, 2008 Share Posted October 31, 2008 here is where i found the url in olly debugger. also i found some interesting things about what system calls it uses when it runs the copy process. First the program extracts itself to a temp location C:\Documents and Settings\engineer1\Local Settings\Temp\RarSFX0 this is where the 7zip and dll files and the lpinstaller goes when you double click on the original downloaded file lpinstaller.exe the iso file gets downloaded to this location C:\Documents and Settings\engineer1\Application Data\U3\temp The download starts immediately when you start the lpinstaller.exe program. and stores the iso in the temp location till you click through all the dialog prompts. then the program reaches out to the internet and downloads the appropriate iso file depending on the brand name on your autorun.inf file. i.e. $yourbrand-autorun.iso then the program uses a windows call IRP_MJ_DEVICE_CONTROL to control the usb device and then uses the IOCTL_SCSI_PASS_THROUGH_DIRECT to write the data to the iso portion of the drive copying the iso skipping offset=0 length=512 to start the upload of the iso at offset=512 and length= 4096 and then 4096 chunks till the entire file is written to the iso partition. I would say im decent at investigating stuff but i suck at programming and hex editing. I've only just started to learn c++ but am not much further then just doing simple math with it. It seems logical enough to be able to write our own program for flashing the drive but i wouldnt even know where to start. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted October 31, 2008 Author Share Posted October 31, 2008 does the installer for the titanium work for non titanium drives? C++ I might be able to help you with this in a few days, school and what not. If you will send me a pm just to remind me & with your email, I will do a quick modified installer and send it to your email. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.