Hack A fingerprint …. Mission Accomplished

Firstly let's know the basics :) :

Fingerprints are the tiny ridges, whorls and valley patterns on the tip of each finger. They form from pressure on a baby's tiny, No two people have been found to have the same fingerprints -- they are totally unique. There's a one in 64 billion chance that your fingerprint will match up exactly with someone else's.

Fingerprints are even more unique than DNA, the genetic material in each of our cells. Although identical twins can share the same DNA -- or at least most of it -- they can't have the same fingerprints.

Fingerprinting is one form of biometrics, a science that uses people's physical characteristics to identify them. Fingerprints are ideal for this purpose because they're inexpensive to collect and analyze, and they never change, even as people age.

Crime Scene Scenario

 
let your mind free , imagine :D .. you are a criminal investigator like Kudo Shinichi ( great animation I think you should watch it :) )
let's go …..

With respect to a crime scene .. what about fingerprint impressions ???

at a crime scene involves three different types of fingerprint impressions: latent, patent, and plastic.

 A latent print is not visible to the naked eye, which means a person must process the scene and enhance the latent print using black powder or chemicals.

A patent print is visible without processing and includes fingerprints left in blood, oil, and dirt.
A plastic print is a three-dimensional impression where the friction ridge skin of the finger sinks into a surface, such as window caulk.
 

Fingerprint Patterns :

Once fingerprints have been located at a crime scene, either the item is collected or the print is powdered and lifted using tape or a fingerprint lifter. The recovered print is then identified as one of the three main categories of prints : Loop , Arch and Whorl .

Loop :

A loop is a pattern in which the ridges of the print enter on one side, curve in the middle, and exit out the same side. The loop is the most common type of fingerprint pattern and can be sub classified as either an ulnar loop or a radial loop. An ulnar loop has the opening of the ridges pointing toward the little finger of the hand, which is closest to the ulna bone of the forearm. A radial loop has the opening of the ridges pointing toward the thumb of the hand, which is closest to the radial bone of the forearm .

Arch :

An arch is a pattern in which the ridges enter on one side of the print and exit out the opposite side with a slight rise in the center. The arch can be sub classified as either a plain arch or a tented arch. A plain arch has a slight rise in the center of the print, as opposed to a tented arch, which has a very steep rise in the center of the print.

Whorl :

A whorl is a pattern in which the ridges have a circular or swirled center. A whorl can be sub classified as a plain whorl, a central pocket loop whorl, a double loop whorl, or an accidental whorl.


FINGERPRINT 10-PRINT CARD :

Inked prints are patent or visible to the naked eye due to the fact that reproduction of the friction ridge skin is completed using black printers’ ink. An inked fingerprint card is completed by law enforcement at the time of arrest, for employment applications ,and for pistol permits. The fingerprint card or 10-print card is arranged into three sections: information, rolled impressions, and plain impressions. The information section on the card contains relevant data regarding the person being printed and the individual completing the card. The rolled impression portion of the card contains 10 individual fingers rolled from nail to nail. The plain or flat impression portion of the card contains the 10fingerprints placed directly onto the card .A fingerprint card is arranged by right hand over left hand ,always starting at the right thumb and moving through to the right little and then left thumb to left little. When rolling a fingerprint, the investigator should have a firm hold of the hand or finger of the individual and start with finger#1, right thumb and work through to finger #10, left little. Each finger should be checked for proper ink distribution and rolled from one side to the other side. Never roll back and forth because this will cause a distortion of the ridge detail .

Then you need Fingerprint Processing :

In order to visualize latent prints at a crime scene, the crime scene technician must use fingerprint powder and a fingerprint brush to dust the areas where suspected fingerprints are located. When a darkened fingerprint is exposed with the brush-and-powder technique, the fingerprint can then be lifted as evidence and saved for future comparisons at the crime laboratory. All enhanced fingerprints at crime scenes should be saved even if you cannot determine the pattern type with the naked eye. That's a small guide in some details : Here .

Fingerprint Scanner :

Fingerscanning, also called fingerprint scanning, is the process of electronically obtaining and storing human fingerprints. The digital image obtained by such scanning is called a finger image. In some texts, the terms fingerprinting and fingerprint are used, but technically, these terms refer to traditional ink-and-paper processes and images.

Finally Hacking Apple touch ID :D :

iPhone 5S fingerprint sensor hacked by Germany's Chaos Computer Club

                                

After These long introduction with great information some are important and other for further reading . this is practical approach for what we have red but you will face problems like labs , tools and more but i think we can even determine fingerprints and extract it for anything we want 3:) .. I won't say this is for educational purpose only but sharing is caring .. knowledge is a flow and I'm not an expert  :) :)

Recommended Resources :

fingerprint analysis
Image Processing Basics
Apple Touch ID and NSA
Fingerprints used in Forensic Investigations

Ahmed Hashad Security Researcher @ 701 Labs
Twitter , Facebook

Hard Disk Drive in depth

Firstly what's hard disk drive ?

A hard disk drive (HDD) is a nonvolatile storage device that stores data on a magnetic disk .

Nonvolatile means that data remains after computer is switched off . Data is written on the disk by magnetizing particles within a magnetic material in a pattern that represents the data. The hard disk is able to read back this data by detecting the magnetic patterns created during the write process .

Main Parts Hard disk at a glance :

 HDD have two main parts : PCB ( Printed Circuit Board ) and HDA ( Head and disk assembly ) .

 -->PCB :

any PCB have green mask , copper tracks , core i.e ( fiber glass ) , Components and solder to join components with skeleton PCB . 

in our case HDD : there are number of ICS as Buffer Ram , MCU ( Microcontroller Unit ) , Rom Chip and Motor Driver  also some components like Ceramic Capacitors , SMT Coils , Motor Contacts , Head Stack Contacts and Interface like P-ATA , S-ATA …etc. 

MCU : MCU usually consists of Central Processor Unit or CPU which makes all calculations and Read/Write channel - special unit which converts analog signals from heads into digital information during read process and encodes digital information into analog signals when drive needs to write. MCU also has IO ports to control everything on PCB and transmit data through interface.

Motor Driver  or (VCM Controller ) : This fellow is the most power consumption chip on PCB. It controls spindle motor rotation and heads movements. The core of VCM controller can stand working temperature of 100C/212F.

Rom chip : rom which  contains firmware of hard disk . When you apply power on a drive, MCU chip reads content of the flash chip into the memory and starts the code. Without such code drive wouldn't even spin up. Sometimes there is no flash chip on PCB that means content of the flash located inside MCU .  

buffer Ram : Size of the memory defines size of the cache of HDD. you can find such information in data sheet on this HDD . CPU eats some memory to store some firmware modules and as far as we know only Hitachi/IBM drives show real cache size in data sheets for the other drives you can just guess how big is the real cache size .

-->HAD :

HDA has 4 major components :

Spindle , Platter , Head and Actuator

Spindle :A spindle holds one or more platters, it is connected to a motor that spins the platters at a constant revolutions per minute (RPM) .

Platter : A platter is the disk that stores the magnetic patterns. It is made from a nonmagnetic material, usually glass or aluminum, and has a thin coating of magnetic material on both sides.

>> a platter can spin at a speed of 7,200 to 18,000 RPM. The cost of an HDD increases for a higher speed.

Head :The read-write head of an HDD reads data from and writes data to the platters. It detects (when reading) and modifies (when writing) the magnetization of the material immediately underneath it. Information is written to the platter as it rotates at high speed past the selected head.

>> There is one head for each magnetic platter surface on the spindle, these are mounted on a common actuator arm.

 Actuator :An actuator arm moves the heads in an arc across the spinning platters, allowing each head to access the entire data area,similar to the action of the pick-up arm of a record deck.

Another concept must be known is The performance of an HDD which is measured using the following parameters:

Capacity : The number of bytes an HDD can store. The current maximum capacity of an HDD is 4TB.

Data transfer rate : The amount of digital data that can be moved to or from the disk within a given time. It is dependant on the performance of the HDD assembly and the bandwidth of the data path.

• The average data transfer rate ranges between 50-300 MB per second.

Seek time : The time the HDD takes to locate a particular piece of data. The average seek time ranges from 3 to 9 milliseconds .

Some important concepts about Disk Storage system :

The surface of a disk is formatted into invisible concentric bands called tracks, on which data are stored magnetically. A typical 3.5" hard drive may contain thousands of tracks. Moving the read/write heads from one track to another is called seeking. The average seek time is one type of disk speed measurement. Another measurement is RPM (revolutions per minute), typically 7,200 . The outside track of a disk is track 0, and the track numbers increase as you move towards the center. 

 

A cylinder refer s to all tracks accessible from a single position of the read/write heads .A file is initially stored on a disk using adjacent cylinders.This reduces the amount of movement by the read-write heads.

A sector is a 512-byte portion of a track, as shown in Figure 14-2. Physical sectors are magnetically (invisibly) marked on the disk by the manufacturer, using what is called a low-level format. Sector sizes never change, regardless of the installed operating system. A hard disk may have 63 or more sectors per track.

Physical disk geometry is a way of describing the disk 's structure to make it readable by the system BIOS .It consists of the number of cylinder s per disk,the number of read/write heads per cylinder, and the number of sectors per track.

Fragmentation Over time, as files become more spread out around a disk, they become fragmented.A fragmented file is one whose sectors are no longer located in contiguous areas of the disk. When this happens, the read -write heads have to skip across track s when reading the file's data.This slows down the reading and writing of files, and makes the data more susceptible to errors .

Translation to Logical Sector Numbers Hard disk controllers perform a process called translation,the conversion of physical disk geometry to a logical structure that is understood by the operating system.The controller is usually embedded in firmware,either on the drive itself
or on a separate controller card.After translation,the operating system can work with what are called logical sector numbers.Logical sector numbers are always  numbered sequentially, starting at zero .

 Partitions , volumes , Logical , Extended , Primary …. What are ?
On a typical microcomputer, a single physical hard drive is divided into one or more logical

units named partitions , or volumes . Each formatted partition is represented by a separate drive letter such as C, D, or E, and it can be formatted using one of several file systems .

A drive may contain two types of partitions: primary and extended. Two configurations are possible, depending on whether you want an extended partition:

• Up to three primary partitions and one extended partition.

• Up to four primary partitions and no extended partition.

An extended partition can be divided into an unlimited number of logical partitions.
Each logical partition appears as a separate drive letter. Primary partitions can be made bootable ,whereas logical partitions cannot. It is possible to format each system or logical partition with a different file system .in file system files stored in clusters where a cluster is the smallest unit of space used by a file; it consists of one or more adjacent disk sectors. A file system stores each file as a linked sequence of clusters . The size of a cluster depends on both the type of file system in use and the size of its disk partition.
 

Hint : Using assembly language, you can bypass the operating system completely when accessing data.This can be useful: you might have to store and retrieve data stored in an unconventional format, to recover lost data, or to perform diagnostics on disk hardware .

References : 

1-Assembly Language for Intel-based Computers by Kip Irvine
2- HDD from inside: Main parts Artem Rubtsov , www.hddscan.com
3- Hitachi Data Systems at www.hds.com .


Ahmed Hashad Security Researcher @ 701 Labs
Twitter , Facebook

Windows Kernal Overview

Simple Overview About Windows Kernel

Please Read this First :) ,,  http://7shad01.blogspot.com/2012/11/kernal-in-brief.html

Windows has a monolithic kernel  Because Core Of Operating System and Device Drivers Share The Same Memory Address space  ,, running at the highest possible privilege level.

 

Kernel Executive , I thinks we must pay attention to this component as implements the basic OS functions: processes, threads, virtual memory, interrupt and trap handling,exception management, cache management, I/O management, asynchronous procedure calls, the Registry, object management, events and many other low  level interfaces..... it implemented in Ntoskrnl.exe Whose Binary is in the C:\WINDOWS \SYSTEM32\ directory path.


Also , There is separation between  uniprocessor and multiprocessor versions of the kernel still exist Like 32 Bit systems in Which there are different kernels based on Physical Address Extension (PAE ) asTable :

 

 Another Component in Kernel , Hardware Abstraction Layer (HAL) which is responsible for device driver and Kernel Executive isolation from platform-specific hardware differences.

HAL is implemented within hal.dll module ,, also There are different versions of the HAL with regard to the Kernel Executive, depending on whether one is on a uniprocessor or a multiprocessor system.

The remaining components are loaded as kernel drivers (or as modules) into the running kernel Like win32k.sys implements the kernel side of the Windows subsystem and the GUI of the operating system, while tcpip.sys implements most of the TCP/IP networking stack.

 

Kernal in Brief

What About Kernal ??

Kernal Is The Important Part in any OS. used To Manage All resources of computer like I/O , Virtual Memory , Disk Management and More .

When We Speak As Layers Kernal is second layer before CPU, Memory , Devices Then Kernal Finally Application With Gui Or Not that isn’t the point :).

From Here About Types Of Operating systems
http://7shad01.blogspot.com/2012/09/operating-systems-types.html

Some Special Systems don’t Need Kernal But All multitasking and multiple users
Most in need to kernal as principle part of its parts 

in order to manage processes , tasks , users , time and usage in general for all users or management tasks in multitasks os .

this important part need design in order to work correctly with no errors

there are 3 models of designs : Monolithic kernels


In this model os merged in one part kernal not separated this make os faster but any error make all system fails like virus or malware in general .Microkernels Kernals


not as one this divides os into parts but time for sending and receiving data is wasted . any part is standalone .
Hybrid kernels


merged design from Microkernels and Monolithicto make system faster and working with high performance .

That as i can say a definition about kernal


Wait your Feedback

Dr.7shad

Interesting Reverse Engineering :)

What is reverse engineering?

Reverse engineering is the process of taking a compiled binary and attempting to recreate (or simply understand) the original way the program works. A programmer initially writes a program, usually in a high-level language such as C++ or Visual Basic (or God forbid, Delphi). Because the computer does not inherently speak these languages, the code that the programmer wrote is assembled into a more machine specific format, one to which a computer does speak. This code is called, originally enough, machine language. This code is not very human friendly,  and often times requires a great deal of brain power to figure out exactly what the programmer had in mind.

What is reverse engineering used for?

Reverse engineering can be applied to many areas of computer science, but here are a couple of generic categories;

• Making it possible to interface to legacy code (where you do not have the original code source).
• Breaking copy protection (ie. Impress your friends and save some $$).
• Studying virii and malware.
• Evaluating software quality and robustness.
• Adding functionality to existing software.

The first category is reverse engineering code to interface with existing binaries when the source code is not available. I will not be discussing this much, as it is boring.

The second category (and the biggest) is breaking copy protection. This means disabling time trials, defeating registration, and basically everything else to get commercial software for free. This we will be discussing at great length.

The third category is studying virus and malware code. Reverse engineering is required because not a lot of virus coders out there don’t send instructions on how they wrote the code, what it is supposed to accomplish, and how it will accomplish this (unless they are really dumb). This is a pretty exciting field, but requires a great deal of knowledge. We will not discuss this much until later on.

The fourth category is evaluating software security and vulnerabilities. When creating large (think Windows Operating Systems), reverse engineering is used to make sure that the system does not contain any major vulnerabilities, security flaws, and frankly, to make it as hard as possible to allow crackers to crack the software.

The final category is adding functionality to existing software. Personally, I think this is one of the most fun. Don’t like the graphics used in your web design software? Change them. Want to add a menu item to encrypt your documents in your favorite word processor? Add it. Want to annoy your co-workers to no end by adding derogatory message boxes to Windows calculator? Let’s do it. This we will be getting into later in the series.

What knowledge is required?

As you can probably guess, a great deal of knowledge is necessary to be an effective reverse engineer. Fortunately, a great deal of knowledge is not necessary to ‘begin’ reverse engineering, and that’s where I hope to come in. That being said, to have fun with reversing and to get something out of these tutorials you should at least have a basic understanding of how program flow works (for example, you should know what a basic if…then statement does, what an array is, and have at least seen a hello world program). Secondly, becoming familiar with Assembly Language is highly suggested; You can get thru the tutorials without it, but at some point you will want to become a guru at ASM to really know what you are doing. In addition, a lot of your time will be devoted to learning how to use tools. These tools are invaluable to a reverse engineer, but also require learning each tool’s shortcuts, flaws and idiosyncrasies. Finally, reverse engineering requires a significant amount of experimentation; playing with different packers/protectors/encryption schemes, learning about programs originally written in different programming languages (even Delphi), deciphering anti-reverse engineering tricks…the list goes on and on. At the end of this tutorial I have added a ‘further reading’ section with some suggested sources. If you really want to get good at reversing, I highly suggest you do some further reading.

MBR and GPT Disks

What is the different between MBR and GPT Disks ??

MBR is the standard partitioning scheme that's been used on hard disks since the PC first came out. It supports 4 primary partitions per hard drive, and a maximum partition size of 2TB.

GPT disks are new, and are readable only by Windows Server 2003 SP1, Windows Vista (all ersions), and Windows XP x64 Edition. The GPT disk itself can support a volume up to 2^64 blocks in length. (For 512-byte blocks, this is 9.44 ZB - zettabytes. 1 ZB is 1 billion terabytes). 

It can also support theoretically unlimited partitions.Windows restricts these limits further to 256 TB for a single partition (NTFS limit), and128 partitions.Only Itanium systems running Windows Server 2003 and Windows Vista systems with an EFI BIOS can boot from a GPT disk. The other operating systems mentioned earlier can use GPT disks as data disks but not boot disks.

Operating Systems Types

                         بسم الله الرحمن الرحيم 

                                    

                 Operating Systems Types 

• Real-time operating system (RTOS) - Real-time operating systems are used to control machinery, scientific instruments and industrial systems. An RTOS typically has very little user-interface capability, and no end-user utilities, since the system will be a "sealed box" when delivered for use. A very important part of an RTOS is managing the resources of the computer so that a particular operation executes in precisely the same amount of time, every time it occurs. In a complex machine, having a part move more quickly just because system resources are available may be just as catastrophic as having it not move at all because the system is busy.
• Single-user, single task - As the name implies, this operating system is designed to manage the computer so that one user can effectively do one thing at a time. The Palm OS for Palm handheld computers is a good example of a modern single-user, single-task operating system.
• Single-user, multi-tasking - This is the type of operating system most people use on their desktop and laptop computers today. Microsoft's Windows and Apple's MacOS platforms are both examples of operating systems that will let a single user have several programs in operation at the same time. For example, it's entirely possible for a Windows user to be writing a note in a word processor while downloading a file from the Internet while printing the text of an e-mail message.
• Multi-user - A multi-user operating system allows many different users to take advantage of the computer's resources simultaneously. The operating system must make sure that the requirements of the various users are balanced, and that each of the programs they are using has sufficient and separate resources so that a problem with one user doesn't affect the entire community of users. Unix, VMS and mainframe operating systems, such as MVS, are examples of multi-user operating systems.

It's important to differentiate between multi-user operating systems and single-user operating systems that support networking. Windows 2000 and Novell Netware can each support hundreds or thousands of networked users, but the operating systems themselves aren't true multi-user operating systems. The system administrator is the only "user" for Windows 2000 or Netware. The network support and all of the remote user logins the network enables are, in the overall plan of the operating system, a program being run by the administrative user.

With the different types of operating systems in mind, it's time to look at the basic functions provided by an operating system.