This article describes the basics of cracking user passwords stored in the /etc/passwd and /etc/shadow directories. The passwd directory stores information regarding groups, uids, usernames, and passwords, in the following format:

misty:x:501:501::/home/misty:/bin/bash

where x is the password. This article will use John the Ripper to crack user passwords and display them as plain text.

Note: The methods described in the following text were performed on Red Hat Enterprise Linux 5 Server Edition. Although that shouldn’t matter and this information should be accurate in any UNIX environment, if something is not working and you use Ubuntu, that may be the problem. However, if you are using Ubuntu, you have much more serious problems than we can solve here.

Installing John the Ripper

The first step is to download John the Ripper (http://www.openwall.com/john/g/john-1.7.6.tar.gz) and install it. To install extract everything to your home directory (or whatever directory you want, but I use /root/) and go into the src directory. Enter the command “make” and then enter the command “make clean generic”. Now go into the “run” directory and test out the program through the following commands:

cd ../run
./john --test

Running John the Ripper

Now that you have successfully installed john the ripper (if you haven’t, try using “john” instead of “./john”) it is time to use it to crack user passwords on your UNIX system. Type the following commands into your terminal to give the program the information it needs to begin brute forcing password hashes (by the way I highly recommend adding more words to the file password.lst in the run directory, since this is the wordlist we will be using to try and crack passwords with):

./john password.lst
./unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db

check the file /tmp/crack.password.db and see where the x used to be, and the string now there instead of that x is the password. If it still isnt showing the password, use the following command:

./john /tmp/crack.password.db

Be warned that that process takes forever, but once it’s finally done, check ./john –show and you should be able to see each password that was cracked along with the corresponding username.

Congrats! You’ve just cracked the passwords of the users on your UNIX system!

As I get into Motorola that brings us into fragmentation. Many people believe that so many companies making so many different iterations of Android is diluting the system. Many Androids now have some form of proprietary software (bloatware) installed on them. Some of the companies even slap their own skin on the OS. HTC has Sense, Motorola has Blur and there are a few others. And these different OS’s come in different major Android versions. Some are 2.2 or 1.6 or 2.1. However as far as i can see this is no different than windows. If I can’t install Windows 7 x64 on a Pentium 3 from gateway does that make Windows fragmented? We have 4 or 5 different versions of windows on every release, however they are not called out on fragmentation. In recent news, Google has reported that when Gingerbread, Android 3.0, is released, there will be more high end hardware requirements. Like a 1 Ghz processor and at least a 3.5 in. screen for starters. However I don’t see a reason to get annoyed that the software is advancing with the hardware.

So as we move forward and more companies start focusing on blocking the hack, we will most likely see more creative ways of modding in the community. Many of these companies say that the locked bootloaders are for our benefit, after all, we would be running “unstable” software version. They say this may create an unsatisfactory user experience. This type of corporate reasoning does not even give the user a choice. Many people have rooted their phones without issue since the first G1. The community has done the trial and error and provided free R & D for the Android phones they are hacking. Many of these developers do this on their own time, and they do a very good job. Before I learned to root my android phones the experience was slow and cumbersome. I believe rooting unlocks the potential of the Android OS on any device. Here is a great example of how far people have taken the android OS:

Dream Drone: http://forum.xda-developers.com/showthread.php?t=615204&highlight=Dream+drone!

Nexus one Launched 5 Miles in the air for testing as a viable satellite.
http://www.wired.com/gadgetlab/2010/07/nexus-one-phone-rides-a-rocket-up-28000-feet/

Once you have rooted your phone the possibilities seem endless, from Drones to Satellite testing, I think android will stand the test of time. Hopefully Google will continue to produce Developers phones that are made to root and hack with. Maybe we will even see a company that only does Rooted Android phones out of the box. The future is bright for this Linux OS and we will be hoping for the best from our favorite companies.

“What is root?” People ask me this question all the time. Root on a Linux or Android phone is the equivalent of Administrator control on a Windows machine. Having Root access gives you unrestricted control over almost every aspect of the operating system. This unprecedented control opens up many possibilities. From Internet Tethering of your data connection to being able to make a backup of the current state of your OS. Rooting your phone unlocks the potential of your OS and hardware. You can install Android flavors from other devices and there are many more customization options.

If a device can be built it can be broken. Many phone manufacturers frown upon the practice of taking root control of android phones. With the exception of a couple of HTC Google branded phones,  most phones take some time to exploit. I have seen Root on a phone before it was released and up to 6 months after the release. It is all a matter of how complicated the manufacturer made the bootloader. One example of this is the new Droid X. This phone was built with a locked bootloader. This can only be unlocked with proprietary keys from Motorola. However, someone has at least rooted this phone. Now you may ask, “But doesn’t rooted mean they can do all the stuff you talked about?” The answer is a resounding no. Although you may get root access on the Moto Droid X, you cannot change the locked bootloader, which stops you from loading a custom OS, or ROM as it is more commonly referred too.

One of the most dedicated Android Community Developers is Steve Kondik, A.K.A. Cyanogen. Cyanogen is the most infamous coder in the community. His ROMs are smooth and usable. This coder writes from google source and has formed a team that is developing the Official CyanogenMod 6 version for the Nexus One, Droid, G1, myTouch 3G, Desire, Incredible and the Evo. The CyanogenMod team seems to be taking over the android world, with fragmentation becoming less of an issue if you are rooted with CyanogenMod.

This article details the items you need to scan and how and where to scan to find the coolest numbers, quick. Let’s begin with the few free things you need to start impressing friends and family with cool numbers right away! Let’s go!

First, you need toll access. You likely have a cell phone or a VoIP line, and if you’re lucky you big spender you, you have a land line with toll access. You will be making “long distance” calls within the NANPA, most likely the US and Canada. Next you need internet access. Yes, you need to access the online to get the infos on the juiciest exchanges. You will need a text editor or word processor. Notepad++ on Windows or nano on Linux are examples. Mac is not supported for cool stuff.

The last thing you need is your finger. Because you’ll be di, di, dialing your way to cool in no time! It helps to have a desktop set with programmable dialing so you can at least program the *67 1, or more if you find a particularly interesting exchange. With everything in place, head to bellsmind.net and click “frontend” to access the Bell’s Mind NPA-NXX/CLLI search. That’s where you’ll determine where to scan.

Enter the NPA of the area you’re interested in to get a list of exchanges. Cycle through the list of assigned exchanges to find those assigned to RBOCs or CLECs. Once you find one, start dialing from 9990 to 9999 to find the coolest numbers. Once you find one, record it in your text editor using the BM2L format so you can easily share and search your numbers later on. What’s that you say? You want to save even more time? Ok! You can even just dial 9999 to find cool numbers! Wow! What kind of numbers will you find? Test lines, parked error messages, carriers, voicemail access lines and more!

So you found a cool number, what now? Record the number and see if you can extend its coolfulness. If it’s a voicemail system hit * or #. Try biblical names in directories, like Michael, Paul and John, and try passwords like 1111, 1234 and the extension. If you find cool numbers, maybe extend your scan. Try different one-thousand blocks, like 0000 to 0009. Or go to handscan.net and generate a 100 or 1000 list and scan the day away!

The limits are limitless! With this simple scanning method, you too can show cool numbers to your friends and family and the get the same blank stares a real phreak gets in no time! So scan safe, my friend, remember to write those numbers down and use a cool accent when someone answers. Because you’re officially a phreak! With Kool Numberz! Guaranteed!

Citizen journalism is not a modern phenomena in fact we can trace it back to the earliest forms of communication. Throughout history powerful and often corrupt organizations have done everything within their power to spin public opinion to view facts and ideas to suit themselves. Most fortunate for us, people and groups stood up against churches, governments and the such in power to spread other truths and ideas. Benjamin Franklin had “Poor Richard’s Almanac” and Martin Luther had “95 Theses”. In the modern era technology has given us much better tools in our arsenal.

Our first tool is also the oldest form of mass media next to screaming in the streets. Printed word. Some will say the printed word is dead.  I say they are wrong.  First, we have the old media style of paper and ink. Every town has a store like Kinkos, Staples or even better, a locally owned store that can make mass copies at a decent price. Get some copies of your report or get together with some friends who write get a stapler and you have yourself a ‘Zine. This can be a bit tricky to distribute when starting out. So we have a cheaper and even easier way for you to get your written words out. WordPress and Tumblr are just two examples of free blog services out there. Get a blog, start writing and spread the word it’s really that simple. Also out there are micro blog services like Twitter and Facebook which allow you to easily connect with friends and family and have them see your work.

Our next weapon against the corporate fueled media is the radio or the spoken word. First, let me point out that I fully support and will help defend pirate radio broadcast but alas it is still illegal and the government can and will do everything they can to shut you down and punish you. If you are still interested in starting a pirate broadcast I suggest googling and reading “Radio is my Bomb” and check out Free Radio Berkley for good information on the technology, building, running, legal issues and history of this form of citizen journalism. Worried about the FCC kicking in your door and slamming you face first to the floor? Fear not there is a legal outlet for you, too. Pod-casts. Pod-casts are great, they require little technical skill, very little equipment and there are free hosting sites out there such as Podbean and Mypodcast. The best part is your listeners can download and take it with them to listen whenever they have the time.

Youtube is the king of free video hosting and a fairly easy service to use and with a wide variety  of video cameras out there you have your counter to the for profit video media. Youtube does have its problems though mainly a lot of bogus DMCA take downs. So be warned if you say something that pisses someone off, be prepared for them to come up with some BS to try and take you down. In fact that applies for all the above. People in power absolutely loath people exercising freedom.

Yes, its true you may see something or report on something that will really get under someone’s skin (that is why we do this to expose what the corporate news won’t or expose the spin they put on it) and they will probably have some lawyer who will try and twist the law to go after you, but you are not alone. The EFF is a great source for legal advice and are out there fighting for your rights. So support them for they support you.

Okay, so you have to tools, you have the will, now what do you report on? The beauty of it is whatever you want. Whatever floats your boat. Your rants don’t even need a motif. If you want to write about your local hackerspace then follow it up with an article about local government corruption, go ahead, you’re your own boss in this, you make the rules. Your local hackerspace is more likely to talk to you than a politician or big business will, but I think an article on how one of these avoided your questions says a lot about the person running away from you.

Now, just because you run the show doesn’t give you the right to abuse it. First, have some integrity. Maybe you don’t like someone, that’s cool, but don’t go editing comments or video to make this person look the way you want them to. The commercial media does this enough. Second, be firm, but don’t be an ass. If you score an interview with someone you don’t agree with, ask your questions, challenge their comments, but don’t go in there and insult them. Now I’m not telling you to pucker up for them either. Question and challenge everything, just don’t be a tool while doing it. Once again, the corporate media already does this. Lastly, you don’t have to go alone. Check out your local free press, local 2600 meetings or just get together with like minded friends. Now get out there, find some truth and show it to the world.

That brings us to today.  As of late it seems the PHX2600 forum/blog seems to have quieted down a considerable amount and, at times, feels empty and forgotten.  The meetings are still going on and, for the most part, are of a reasonable size and bring lots of good information and occasionally presentations, but the bulk of our community discussions seemed to always come from the site.  In an effort to reinvigorate some contribution to our site and potentially drive more traffic to it, I’d like to announce the Save our Site Contest.

Contest Overview

As a participant, write an article on a topic of your choice that is in some way relevant to the PHX2600 (hacking, modding, phreaking, etc..).  These articles will be published via our blog after review and voted upon by our members at the end of the competition.  The article with the most number of votes at the end of the competition will be awarded a $30 credit to our swag store (http://www.cafepress.com/phx2600) paid for by me.  If anyone else would like to contribute to the winners pool, we may be able to have a second and third prize as well (please contact me if interested in contributing).

Rules

• The article must pertain to the PHX2600 scene in some way.  This can be as directly relevant as an article explaining how to pen test LAMP servers or as loosely relevant as “hacking together” the perfect formula of pony food to give them a pretty coat.
• 400 words + is desired, but not required.  If you can make a good, coherent article in 300 words, great!
• Original content is a must. Copy/pasta (plagiarism) will be means for immediate disqualification.  Currently published content (on PHX2600.org or another website) will not be counted for entry (sorry Penguin, Evil1 and anyone else who’s already contributed… we still love you!).
• Images/diagrams are desired (if relevant).
• All articles must be submitted to PHLAK by the deadline in one of the following formats: .txt, .odt, .doc, Google Docs or by creating a draft on the blog (email me if you need access to this).
• You do not have to be signed up on the forums or blog or regularly attend meetings to submit an article.  If you don’t have an account though, make sure to provide me with some contact information.
• Multiple articles will be accepted for multiple entries.  If you submit more than one article, each article will be weighted separately for quality and poor quality articles will not be count for entry. (Basically, if you submit 10 x 200 word articles, there’s a good chance none will qualify for entry)
• Any and all entries submitted are subject to be posted on the blog, even if they do not qualify for entry to the competition. And we reserve the right to not post any entry we feel is inappropriate or does not meet the criteria stated above.  All entries published will be released under the Creative Commons Attribution 3.0 license and credited to the author properly.
• AMENDMENT: PHX2600 Wiki articles will also be accepted for entry.

I found a Mouser part number for everything except the reset switch I’m using which is just a simple SMD pushbutton.

I have a project set up for this on Mouser, if anyone else has an account there and would like me to share the project let me know.

The basic process goes something like this:
1) Tin all your pads.
2) Apply flux to your tinned pads.
3) Stick the components where they go using tweezers / forceps using the flux as a sort of tacky glue.
4) Heat the entire board until the solder “re-flows” and binds the components to the board.
5)Immediately remove the board from the oven to prevent heat damage.

The key to toaster oven reflow is the temperature, basically you want to get to 180-190 Degrees Celsius without getting any higher than ~210 Degrees Celsius. At 180 Celsius most solder will begin to melt, by 190 it will all have become liquid, By 210 Many components will begin to burn, By 230 the entire board and copper substrate will begin to burn.

In the photo’s below you can see the toaster oven I used as well as a multimeter connected to a thermocouple device for monitoring the temperature inside the toaster oven. There are also a couple images of the final board minus some headers attached to a pic-kit 3 for programming.