Sunday, July 13, 2008

CMOS/BIOS

How to hack CMOS/BIOS password
DISCLAIMER: This information is intended for experienced users. It is not intended for basic users, hackers, or computer thieves. Please do not try any of following procedures if you are not familiar with computer hardware. I’ll not be responsible for the use or misuse of this information, including personal injury, loss of data or hardware damage. So use it at your own risk.


1. Retrive using BIOS backdoor passwords
Some BIOS manufacturer put a backdoor password in BIOS which always works irrespective of what password you have set in BIOS. Its a master password which is used for testing and troubleshooting purposes.

AMI BIOS Passwords:


AWARD BIOS Passwords:
Click to enlarge>


PHOENIX BIOS Passwords:


Other Manufacturer BIOS Passwords:



2. Using MS-Dos prompt
This method works only if you have access to the system when its turned on because this method requires MS DOS. Open MS DOS from programs menu and provide following commands one bye one:

debug
- O 70 2E
- O 71 FF
- Q

NOTE: The first character in the above commands is “O” and not the number 0.

3. Using Mother board Battery

In most motherboards CMOS battery is soldered, which makes it difficult to remove the battery. In this case we use another method. Almost all motherboards contain a jumper that can clear all CMOS settings along with the BIOS password. The location of this jumper varies depending upon the motherboard brand. You should read your motherboard manual to check its location. If you don’t have the manual then look for the jumpers near the CMOS battery. Most of the manufacturer label the jumper as CLR, CLEAR, CLEAR CMOS, etc.

When you find the jumper, look carefully. There will be 3 pins and the jumper will be joining the center pin to either left or right pin. What you need to do, is remove the jumper and join the center pin to the opposite pin. e.g. if the jumper joins center pin to left pin, then remove it and join center pin to right pin. Now wait for a few seconds and then again remove the jumper and join the center pin to left pin. Make sure to turn the PC off before opening the cabinet and resetting the jumper.



5. Using Softwares

a) CMOSPWD
- Download cmospwd from http://www.cgsecurity.org/wiki/CmosPwd
- Save the file to C: drive (unzip the file if needed)
- Using MS Dos reach C:/CMOSPWD>
- Type 'CMOSPWD /K' to kill CMOS password
- Close Dos prompt and restart the machine
http://web.archive.org/web/20020203191544/www.cgsecurity.org/index.html?cmospwd.html

b) !BIOS (More details on below link)
http://www.11a.nu/software/bios-pc-bios-security-and-maintanance-toolkit/

c) KillCmos (More details below)
http://www.majorgeeks.com/download2969.html

Issue I had was with Phoenix BIOS password and I was able to solve the issue using CMOSPWD tool without making any hardware changes. I recommend this tool esp' for laptops as other options might be little bit dangerous to perform on a laptop.

Thursday, July 10, 2008

Gateway v/s Firewall

Gateway
A gateway is a network point that acts as an entrance to another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of Internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your company's network or at your local Internet service provider (ISP) are gateway nodes.

In the network for an enterprise, a computer server acting as a gateway node is often also acting as a proxy server and a firewall server. A gateway is often associated with both a router, which knows where to direct a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet. IP is a unique 32-bit number that identifies the location of your computer on a network

Firewalls:
A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.



Firewalls use one or more of three methods to control traffic flowing in and out of the network:

Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.

Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded

Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are

IP addresses: Each machine on the Internet is assigned a unique address called an IP address
Domain names: A company might block all access to certain domain names, or allow access only to specific domain names.
Protocols: The protocol is the pre-defined way that someone who wants to use a service talks with that service.

- IP (Internet Protocol) - the main delivery system for information over the Internet
- TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
- HTTP (Hyper Text Transfer Protocol) - used for Web pages
- FTP (File Transfer Protocol) - used to download and upload files
- UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
- ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers
- SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
- SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
- Telnet - used to perform commands on a remote computer

Proxy Servers and DMZ
A function that is often combined with a firewall is a proxy server. The proxy server is used to access Web pages by the other computers. When another computer requests a Web page, it is retrieved by the proxy server and then sent to the requesting computer. The net effect of this action is that the remote computer hosting the Web page never comes into direct contact with anything on your home network, other than the proxy server. Proxy servers can also make your Internet access work more efficiently. If you access a page on a Web site, it is cached (stored) on the proxy server. This means that the next time you go back to that page, it normally doesn't have to load again from the Web site. Instead it loads instantaneously from the proxy server.

There are times that you may want remote users to have access to items on your network.

Some examples are:
· Web site
· Online business
· FTP download and upload area

In cases like this, you may want to create a DMZ (Demilitarized Zone). Although this sounds pretty serious, it really is just an area that is outside the firewall. Setting up a DMZ is very easy. If you have multiple computers, you can choose to simply place one of the computers between the Internet connection and the firewall. Most of the software firewalls available will allow you to designate a directory on the gateway computer as a DMZ

Vonage

What is Vonage?
Vonage is an all-inclusive phone service. Vonage gives you local and long distance calling anywhere in the US, Canada and Puerto Rico for one low price. We can do this because we use your existing high-speed Internet connection (also known as broadband) instead of standard phone lines. You'll save money and get great features like Caller ID with Name, Call Waiting and Voicemail Plus included at no additional cost.

How does Vonage work?
With Vonage, you connect your telephone to your high-speed Internet connection using the Vonage phone adapter that we send you. Pick up the phone, and use it just like you do today. You can be up and running within minutes of receiving your Vonage phone adapter.





Protocol used for this:
VoIP (or Voice over Internet Protocol) is a great new way to make and receive phone calls using your broadband Internet connection instead of your standard phone line. Vonage converts your phone calls into data that zips through your high-speed Internet connection just like email. It comes out the other end just like a regular phone call. Your callers will never know that it's any different since it sounds just like a regular phone call

BIOS Beep Code

What is a BIOS Beep Code?
When you power on a computer the BIOS immediately takes control of the computer and performs the P.O.S.T (Power On Self Test). At the end of the POST the computer will play an audible 'BEEP' through either the PC's internal speaker of through speakers attached to the sound card (if you have a built-in sound chip). If the POST completed successfully without detecting any problems with then system will play a single short beep to let you know the test is complete and the computer will continue to startup and load the operating system.

If during the POST the BIOS detects a problem it will normally display a visual error message on the monitor explaining what the problem is. However, if a problem is detected before the BIOS initializes the video card, or a video card is not present or not detected then the BIOS will play several 'BEEPS' through the speaker to let you know there is a problem. Depending on the type of the BIOS you have the BIOS may play beeps in a specific pattern to indicate what the problem is, or play the same beep a number of times indicating the problem. It is very important that you pay close attention to the number and/or pattern of the beeps your computer plays on startup.

Below is a Tip n Tricks table of the most common AMI, Phoenix and Award BIOS beep codes.

AMI (American Megatrends International) BIOS Beep Codes.
AMI BIOS uses beeps of the same length and pitch. The error is displayed as a number of beeps. For example, 4 beeps indicated a timer failure.

Click image to enlarge:

Award BIOS Beep Codes

Award BIOS uses beeps of varying duration. A long beep will typically last for 2 seconds while a short beep will last only 1 second. Award BIOS also uses beeps of different frequency to indicate critical errors. If an Award BIOS detects that the CPU is overheating it may play a high pitched repeating beep while the computer is running.

Click image to enlarge:

Phoenix BIOS Beep Codes

Phoenix BIOS uses beep code patterns to indicate problems. In the table below the '-' indicates a brief pause between beeps. Example: 1 - 1 - 2 would sound like BEEP BEEP BEEP BEEP
Click image to enlarge:

XP Tips n Tricks

WINDOWS TIPS COLLECTION


Display legal notice on startup:
Wanna tell your friends about the do's and dont's in your computer when they login in your absence. Well you can do it pretty easily by displaying a legal notice at system start up.REGEDIT[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]"legalnoticecaption"="enter your notice caption""legalnoticetext"="enter your legal notice text"



Automatic Administrator Login:
Well here's the trick which you can use to prove that Windows XP is not at all secure as multi-user operating system. Hacking the system registry from any account having access to system registry puts you in to the administrator account.REGEDIT 4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"AutoAdminLogon"="1"

No Shutdown:
Wanna play with your friends by removing the shutdown option from start menu in their computer.Just hack it down !!!RegeditHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer"NoClose"="DWORD:1"



Menu Delays:
Another minor and easy tweak to remove any delay from menus sliding out. For this you will need to use regedit (open regedit by going to Start -> Run..., then typing 'regedit' and pressing enter). The key you need to change is located in HKEY_CURRENT_USERControl PanelDesktop. The actual key is called MenuShowDelay - all you have to do is change the value to 0. Remember, you will have to re-boot your computer for this tweak to take effect.


Automatically Kill Programs At Shutdown:
Don't you hate it when, while trying to shut down, you get message boxes telling you that a program is still running? Making it so that Windows automatically kills applications running is a snap. Simply navigate to the HKEY_CURRENT_USERControl PanelDesktop directory in the Registry, then alter the key AutoEndTasks to the value 1.



Create a Shortcut to Lock Your Computer
Leaving your computer in a hurry but you don’t want to log off? You can double-click a shortcut on your desktop to quickly lock the keyboard and display without using CTRL+ALT+DEL or a screen saver. To create a shortcut on your desktop to lock your computer: Right-click the desktop. Point to New, and then click Shortcut. The Create Shortcut Wizard opens. In the text box, type the following: rundll32.exe user32.dll,LockWorkStation Click Next. Enter a name for the shortcut. You can call it "Lock Workstation" or choose any name you like. Click Finish.

You can also change the shortcut's icon (my personal favorite is the padlock icon in shell32.dll). To change the icon: Right click the shortcut and then select Properties. Click the Shortcut tab, and then click the Change Icon button. In the Look for icons in this file text box, type: Shell32.dll. Click OK. Select one of the icons from the list and then click OK You could also give it a shortcut keystroke such CTRL+ALT+L. This would save you only one keystroke from the normal command, but it could be more convenient.


Speed up Internet Explorer 6 Favorites:
For some reason, the Favorites menu in IE 6 seems to slow down dramatically sometimes--I've noticed this happens when you install Tweak UI 1.33, for example, and when you use the preview tip to speed up the Start menu. But here's a fix for the problem that does work, though it's unclear why: Just open a command line window (Start button -> Run -> cmd) and type sfc, then hit ENTER. This command line runs the System File Checker, which performs a number of services, all of which are completely unrelated to IE 6. But there you go: It works.


Aspi
WinXP does not come with an Aspi layer. So far almost 90% of the problems with WinXP and CD burning software are Aspi layer problems. After installing WinXP, before installing any CD burning software do a few things first: 1. Open up "My computer" and right click on the CD Recorder. If your CD recorder was detected as a CD recorder there will be a tab called "Recording". On this tab uncheck ALL of the boxes. apply or OK out of it and close my computer. 2. Next install the standard Aspi layer for NT. Reboot when asked. That's is. after the reboot you can install any of the currently working CD recording applications with no problems. If using CD Creator do not install direct CD or Take two as they are currently incompatible but Roxio has promised a fix as soon as XP is released.

Dell Diagnostics

How to: Run Dell Diagnostics on a C6XX and D6XX Laptop.
This post will assist determining whether a hard drive hardware failure exits when troubleshooting laptops. This is not a definitive indication of a good hard drive, but if an error is indicated as described below, the hard drive is definitely defective.

Tips n Tricks to run Dell diagnostics as follows:

1. Turn on the laptop.

2. At the Dell splash screen, depress when prompted in the upper right hand corner of the screen. The system displays “Preparing one-time boot menu”.

3. At the next screen, arrow down to “Diagnostics” and press .

4. Pre-boot System Assessment starts and typically completes in less than 5 minutes. One user input is required (enter “Y” to indicate video tests passed).

5. Hard drive failures are characterized by “DST Short Status Test” failures. Note the error code.

6. If the system assessment completes without errors, a message will typically be displayed that “no diagnostic utility partition found”. Either enter “C” to cancel and then any key to reboot or simply turn off the system

Explorer.exe

Missing Desktop Icons & Taskbar

INFORMATION
Windows Explorer manages the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager. By removing this process the graphical interface for Windows will disappear. This program is important for the stable and secure running of your computer and should not be terminated.

Missing can occur before or after the boot process. 'explorer.exe' file may be deleted or corrupted in both scenario. This post mainly focused on missing icons and taskbar after the boot process.

Few Tips n Tricks to solve the issue

i) Restore explorer.exe file manually. Press Ctrl + Alt + Del. Go to Application TAB and select ‘New Task’. Type explorer.exe and click OK to restore manually

ii)This issue may occur if the Norton CleanSweep program was installed. Pls refer http://support.microsoft.com/kb/314867

iii) You can also try 'system restore' to a date before you had the explorer.exe problem. If it was long ago, you might not want to do it because it looses all the data saved after the restore point chosen.

If you don't have the taskbar, use Task Manager
Press CTRL+ALT+DEL. File>New Task (Run). Type C:\WINDOWS\system32\Restore\rstrui.exe

OR if you have taskbar, Start>Programs>Accessories>System tool>System retore

iv) Copy the 'explorer.exe' file from 'C:/WINDOWS' folder from any working/healthy(eg., your friend's)computer and paste it in your 'C:/WINDOWS' directory and Restart your system

v) To restore windows ability to gain access to explorer.exe and iexplore .exe please remove the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File
Execution Options\explorer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File
Execution Options\iexplorer.exe