Monday, April 21, 2014

Diskware of Hard disk

Although
i have a fucken' exam tomorrow in GIS But it doesn't matter :D :D .... press power on button of your Pc or Lap then you can Sound small sound from your Bios POST ensures that every thing is ok all is ready to boot OS . But what about Hard disk ?? What happen when it receive power ??
I have learned something on that let's share with you :)


when Hard disk is powered on , the first thing is checking for a return status from the chip to ensure that electronics are functioning and every thing is ok . then like Bios the Hard disk does something like POST but for it's components ( Self- Check ) and wait for another return status . to start properly the two return status must have been returned then the next is to spin up the spindle .


spindle has been spinned up , platters begin to revolve , we need to un-mount head from its parking position to reach system area and read its firmware but head doesn't reach system area until it read servo timing firmware which contains
the location and geographic info for each sector . reading process happen without any touch from head to platter otherwise physical damage to platter so RIP hard disk :D . head gets the location and geographic info for each sector so it can reach System Area and reads its sectors . what's system area ?

System Area (SA) : some sectors always on the extreme outer edge of platter which contain all hard disk information . these information differs from hard disk drive also the family . it has some different names like diskware , maintenance tracks , Calibration Area , Initialization Area , Reserved Cylinders .
System Area Info or Modules :

1. Smart Data
2. System Logs
3. Serial Number
4. Model Numbers
5. P-List (Primary Defects List –  manufacture defect info that does not change)
6. G-List (Grown Defects Lists – sector relocation table)
7. Program Overlays – Firmware, Executable Code, or updates
8. Zone Tables .
9. Servo Parameters

10. Specific Tables like RRO – (recalibrate repeatable run-out and head offsets)
11. Test Routines
12. Factory Defaults Tables
13. Recalibration Code Routines
14. Translator Data:
    a. Converts Logical and Physical Address to locations on the drive
    b. Heads and Track Skewing Info
15. Security Data Passwords for drive – possible encrypted info.





Each module occupies a UBA block. The information contained in the system area is critical to the operation of the drive electronics, so as a result manufacturers have designed drives where this information is copied to other places, such as the outer edge of another platter. This is the manufacturers method of maintaining fault tolerance.



  System Area Architecture :


SA consists of UBA ( Utility Block Addressing ) which are sector blocks logically grouped together that contain a specific module .
The UBA area is inaccessible over the standard interface .also , commands deals with them are previously specified by manufacturer and not made publically available but you can access it by some boxes like PC3000 and more
J . UBA1 blocks occupy 3 sectors and contains the bad area list. UBA2 blocks occupy 2 sectors and contain information such as the drive ID and other modules .It should be noted, that every access to the hard disk is made via the hard disk controller. There is no way to bypass the controller .The controller limits access to the data area on the disk. Other areas are not accessible in the normal operation mode.

but you can crack password on locked hard disk drives by tools hardware or software which needs knowledge with ATA commands , HDD Architecture and some digital forensics that's with software . for using hardware any box can access SA and erase password like PC3000 which I have dealt with simple and easy to use but you will still like a jerk clerk , you don't know what has happened in background you just follow instructions by others you will loss knowledge , basics
:)  

Finally .. I have made a small tool can get some hard disk information using C# and WMI specially class Win32_DiskDrive .
Output like this
:)  :


References :

1- Forensics & Data Recovery book by Scott A. Moulton .

2- Hard disk ATA Security by Adrian Leuenberger .
3- articles at http://www.hddguru.com , http://www.datarecovery.net .
4- Hard Disk System Area . by Peter J. Vis .
5- HDD from inside . by Artem Rubtsov .


thanks for my bro Adham Mohammed for his help :) . 

Saturday, April 12, 2014

It's Wireless .. it's Crackable , Journey into Wireless card modes


Firstly I'm sorry I know I'm too late in writing this article but I had a lot of troubles . let's start in our new article . you need to crack wireless networks around you this can be easy process a cup of coffee , some needed hardware backtrack or kali or even backbox or any Linux distribution with air crack package airmon , airodump …… etc.
 Feel free to install Linux on physical or virtual the most vital part in all process is your wireless card especially it's chipset . your embedded card in laptop can only work to connect you :D ( only Egyptians will understand what behind connect you ) to internet but we need to know password of wireless network so we have to sniff traffic between client and router then you need to capture packets contain this pass then analyze it or crack to get pass .. your target .
Some external wireless cards have the ability to sniffing in especial mode to capture packets depends on chipset of card . not all external cards support linux so we will go here a little to know the best for this .After we get card assuming this Alfa or tp-link you have to connect it and start configuration to start process that's ok we all do this to get internet but what about capture packets or inject it let's know more . remember we use card differently .

first mode managed mode :
When you use card normally to connect to an access point to get connection so we all had done this before that's normal .
Second mode promiscuous mode :
That's what we need monitor mode .. monitor for action , promiscuous for position . In this mode you can sniffing network data , perform attacks .

we are only able to see the Ethernet (802.3) data when we are connected, and not the wireless (802.11) traffic, which is what we want to be able to use. What this means is with 802.3 traffic, you will see the normal web traffic and other normal network information with 802.11 traffic, you will see the wireless data that is used to communicate over wireless networks

  finally you can visit packtup.com you will find a lot of books which will be useful for all levels beginner , intermediate and advanced for securing and cracking wireless networks . Also some useful courses from securitytube.com like Wlan Security , Air-Crack Megaprimer and you tube have some useful tuts too .
remember to share what you learn … Happy Cracking
:) .