Another fraud victim has sent me an email with this:
It has the same quality as Conrado Davila's previous fraud: he modified my code a bit (removing the GPL license, attributions, etc.), claiming this time that it can calculate Toshiba unlock codes, and sold it to some guy for $460. Interesting, the payment went to "Luis Eugenio Davila de Garate". He probably has burned his personal paypal account and is tapping into the account of a relative now.
In other news, here are some of his clumsy attempts to advertise on youtube, and here is a fan site which he created with all of his skills in a pretty lame attempt to extort me to retract all the information about his scams...
Update 11/1/12: Conrado's getting desperate:
Update 7/5/12: Another victim...
Tuesday, December 27, 2011
Sunday, October 9, 2011
Dell 1D3B
Surprisingly, it was even easier than older models:
Dell Laptop Master Password Generator.
Copyright (C) 2011 dogbert; 2007-2010 hpgl
Short service tag should be right padded with '*' up to length 7 chars
HDD serial number is right 11 chars from real HDDSerNum left padded with '*'
Some BIOSes has left pad HDD serial number with spaces instead '*'
Input: #ABCDEFG-1D3B
09.10.2011 22:42 DELL service tag: ABCDEFG-1D3B password: xvn0qEeftqyrkG52
In light of this (and this), a pack of monkeys looks sophisticated in comparison to Dell engineers. Also, please don't even bother to send me emails: you're just wasting both our time.
P.S.: DELL service tag: #NOSOUP4-3A5B password: zvd97y9h
P.P.S.: http://www.bios-pw.org has a free password generator.
Dell Laptop Master Password Generator.
Copyright (C) 2011 dogbert; 2007-2010 hpgl
Short service tag should be right padded with '*' up to length 7 chars
HDD serial number is right 11 chars from real HDDSerNum left padded with '*'
Some BIOSes has left pad HDD serial number with spaces instead '*'
Input: #ABCDEFG-1D3B
09.10.2011 22:42 DELL service tag: ABCDEFG-1D3B password: xvn0qEeftqyrkG52
In light of this (and this), a pack of monkeys looks sophisticated in comparison to Dell engineers. Also, please don't even bother to send me emails: you're just wasting both our time.
P.S.: DELL service tag: #NOSOUP4-3A5B password: zvd97y9h
P.P.S.: http://www.bios-pw.org has a free password generator.
Monday, September 5, 2011
"Donate" Button
I've been asked a few times to accept donations. Please find a button linking to Animal Rescue International on the right side - I'm quite certain that your donations are better off with them.
Sunday, July 31, 2011
Free Unlocker for Palm/HP Phones
A few weeks back, I ditched my iPhone for good and got my hands on a used Palm Pre. Unfortunately, it was net-locked by the provider. Fortunately, the modem is Qualcomm device and hence, all security features can be bypassed so easily that they appear meaningless in the first place. I've written unlocking scripts that work on every webOS phone, i.e. Palm Pre (Plus), Palm Pre2, Palm Pixi (Plus), HP Veer, or HP Pre3. You do not need a SIM card for obtaining the unlock code, and the unlock is perfectly safe, i.e. you can't brick your device. Here's a quick how-to:
- Install python 2.6.x (32 bit/x86 version): http://www.python.org/download/releases/2.6/. Python 3.x will not work.
- Windows: Install pywin32 for python 2.6: http://sourceforge.net/projects/pywin32/files/
- Install pyserial: http://sourceforge.net/projects/pyserial/files/
Linux: Use your packet manager to install the required libraries, e.g. sudo apt-get install python-serial for Debian based distributions (Ubuntu, Mint, etc.) - Download the unlocker (Pre/Pre2/Pixi, or Pre3/Veer) and unpack it (e.g. into the directory C:\unlock)
- Calculate the USB passthrough key: go to device info, write down the "Serial Number", and use pre_keygen.py to generate the key from this number. The serial number is also printed on the back of your device and/or underneath the battery.
- Start the phone without a SIM card, then start the dialer. If the phone has not been activated before, you can either select "emergency call" with the icon from the notification area at the bottom (Pre, Pre2, Pixi) and delete the number (911, 112 etc.), or just type "BZ" (#*) blindly on the keyboard (Veer, Pre3). Enter "#*USBPASS# (#*8727277#) in the dialer application and press the dial icon. A window will appear which asks you to enter the passthrough key. After you've done that, select "Diag" for the "USB PORT 1" (only for that port, the rest has to be set to "None").
If you have trouble enabling the passthrough mode, bypass the activation, install Preware and install the "Enable USB Passthrough" application from Preware. - Windows: Connect your phone to your machine and install these drivers for the serial diagnostics port (not the R-ACM or any other device). The first time you plug in the phone in diagnostics mode, Windows will ask you for drivers. You can also force the driver installation in the device manager by right-clicking the unknown serial port under "Other devices" and selecting "Update drivers". You might have to acknowledge a few warnings about broken driver signatures.
Linux: Insert the module usbserial module with vendor and product parameters matching the vendor and product ID (lsusb), e.g. sudo modprobe usbserial vendor=0x0830 product=0x8043. You have to make the device file (usually /dev/ttyUSB0) accessible to regular users, or you have to run the unlock script with root privileges. - Run pre_unlock.py / pre3_veer_unlock.py and write down your network unlock code.
If the serial port is not found automatically or if the search is stuck, you can specify it as a command line parameter. Open up a command prompt, navigate to the directory (cd \unlock) and run the unlocker, e.g. pre_unlock.py --diagPort COM5
If the firmware version has not been recognized, update your device to either the latest webOS 1.4.x or 2.x version. If you don't have a Palm account, you can obtain the updater here. - Disable the passthrough mode: enter "#*USBPASS# (#*8727277#) and press the dial icon again. Set "None" for "USB PORT 1".
- Shutdown the phone. Put in a SIM card that is not accepted by the phone and boot it up again. You might have to bypass the activation mechanism.
- Carefully enter the network unlock code obtained in step 8. If it gets rejected, please contact me with the perso.txt file that has been saved to the directory of the script. Reboot and enjoy your unlocked phone.
If and only if the unlock code does not work for you ("Enter Unblock Code"), try running the script with the parameter --writeBack from the command prompt, e.g. pre3_veer_unlock.py --writeBack. After it has completed successfully, reboot your phone and it should be unlocked.
If you need to activate your phone, but your carrier does not support data services, you can try this.
Tuesday, April 26, 2011
Shmuck of the Week: Alexis Toledo / novatec / biosremoval
Here's another guy selling passwords to people for ludicrous prices: $35 for 2 minutes of work - not bad. You'd think that he can afford a nice website by now, but it still looks like the final project of a community college web design class in the nineties:
Thankfully, his apparent lack of discernible technical knowledge made it very easy to find docs:
alexis toledo
422 mystic ave
somerville, MA 02145
US
781-330-1378
Another address of someone who is involved with this is:
Edisley Sousa
6xx American Legion Hwy
Rosindale, MA 02131
US
There's a bunch of websites and accounts he operates under:
biosremoval.com
novatecdirect.com
revertendotecnologia.com.br
palmastec@gmail.com
hi5geeksolutions@gmail.com
biosremoval@gmail.com
youtube.com/user/alexisakaedisley
I've been collecting his stuff long ago, but never had the time to award him properly until he sent me this reminder:
Guess what...
If you ever have been foolish enough to send this guy money, please contact the paypal fraud department.
Update 1: I just love emails like that.
Update 2: Alexis resorts to empty threats in LARGE LETTERING. I won't be able to sleep tonight :(.
Update 3: Another victim has come forward...
Thankfully, his apparent lack of discernible technical knowledge made it very easy to find docs:
alexis toledo
422 mystic ave
somerville, MA 02145
US
781-330-1378
Another address of someone who is involved with this is:
Edisley Sousa
6xx American Legion Hwy
Rosindale, MA 02131
US
There's a bunch of websites and accounts he operates under:
biosremoval.com
novatecdirect.com
revertendotecnologia.com.br
palmastec@gmail.com
hi5geeksolutions@gmail.com
biosremoval@gmail.com
youtube.com/user/alexisakaedisley
I've been collecting his stuff long ago, but never had the time to award him properly until he sent me this reminder:
Guess what...
If you ever have been foolish enough to send this guy money, please contact the paypal fraud department.
Update 1: I just love emails like that.
Update 2: Alexis resorts to empty threats in LARGE LETTERING. I won't be able to sleep tonight :(.
Update 3: Another victim has come forward...
Thursday, March 31, 2011
Roll Call - State of Electronics
The trailer of Karl von Moller's latest documentary gets my mouth watering:
Roll Call - State of Electronics from karl von moller on Vimeo.
Hopefully, it'll be out soon.
Roll Call - State of Electronics from karl von moller on Vimeo.
Hopefully, it'll be out soon.
Sunday, March 6, 2011
Shmuck of the Month: Sony
Two types of companies exist: those which are growing and those which are dying. Sony clearly belongs to the latter for over a decade now. The high level of engineering that once made their products excel has been replaced by bland mediocrity and delusional control ideas that are manifested in recent Sony products such as Bluray, the PS3, etc. In their latest act of desperation, they are suing a couple of guys who have successfully hacked the PS3 to bring Linux back to the console after it has been illegally removed in a firmware update. The flaws they used to obtain access to the multi-millon dollar security system can almost solely be attributed to crass design blunders that would have been completely avoidable in the first place.
Sony has a line of laptops ("Vaio") which compete mainly in the high value market segments. They implemented a master password bypass which is rather sane in comparison to the rest of the bunch:
python pwgen-sony.py
Master Password Generator for Sony laptops (16 characters otp)
Copyright (C) 2009-2010 dogbert
After entering the wrong password for the third time, you will receive a code from which the password can be calculated,
e.g. 73KR-3FP9-PVKH-K29R
Please enter the code:
D63K-XFVF-TK7H-RJKX
The password is: 43878945
I'm not the first one who discovered this: hpgl also reversed this scheme quite a while back. There are even some idiots on eBay who sell these master passwords.
Update: released here
Sony has a line of laptops ("Vaio") which compete mainly in the high value market segments. They implemented a master password bypass which is rather sane in comparison to the rest of the bunch:
- The randomly generated master password is only stored in RAM, e.g. it's lost after the next reboot ("one time password").
- RSA is used for encrypting the password which is then converted to a human-readable form (4x4 characters/8 bytes/64 bits).
- Their customer support apparently allows for one free password generation per device which is pretty decent by the industry standard.
python pwgen-sony.py
Master Password Generator for Sony laptops (16 characters otp)
Copyright (C) 2009-2010 dogbert
After entering the wrong password for the third time, you will receive a code from which the password can be calculated,
e.g. 73KR-3FP9-PVKH-K29R
Please enter the code:
D63K-XFVF-TK7H-RJKX
The password is: 43878945
I'm not the first one who discovered this: hpgl also reversed this scheme quite a while back. There are even some idiots on eBay who sell these master passwords.
Update: released here
Wednesday, February 9, 2011
Shmuck of the Month: Conrado Davila / laptoprebirth.com
Among the many contestants for this award, there are always some who stand out as exceptionally smug. Conrado has successfully gained access to this select class of people. This is an email from the first time he tried to contact me:
By stating that he is "involved in the world of laptop hacking", he actually means that he defrauds people by selling them my stuff for only 40-50 $/password on his website:
Among the clusterfuck of typographical mistakes and perspective errors in his graphics, he has thankfully put his full name and address in the whois record of the domain:
The icing on the cake, however, is his sale of my GPL'd code to some gullible sucker for big bucks. That guy actually wanted to buy a generator for the Sony one-time-password stuff from him, so Conrado just modified my 5dec script to the effect that it seems to generate the password from the Sony one-time key. Suffice to say that it doesn't work at all since he has no technical expertise whatsoever. The other thing that he conveniently removed is my authorship of the script. Here's his delivery email:
So this month, the prestigious "Shmuck" award goes to Spain. Congratulations - you earned it!
By stating that he is "involved in the world of laptop hacking", he actually means that he defrauds people by selling them my stuff for only 40-50 $/password on his website:
Among the clusterfuck of typographical mistakes and perspective errors in his graphics, he has thankfully put his full name and address in the whois record of the domain:
laptoprebirth.com #17036respectively
conrado davila (conradodav@hotmail.com)
eugenio sue 1279 colinas de san jeronimo
Monterrey
,41600
ES
Tel. +34.955842323
NAME: Conrado Dávila de GárateI'm sure that the local DA has an extensive record on him.
ADRESS: La Luisiana #3
CITY: ARAHAL (SEVILLA)
COUNTRY: SPAIN
POSTAL CODE: 41600
The icing on the cake, however, is his sale of my GPL'd code to some gullible sucker for big bucks. That guy actually wanted to buy a generator for the Sony one-time-password stuff from him, so Conrado just modified my 5dec script to the effect that it seems to generate the password from the Sony one-time key. Suffice to say that it doesn't work at all since he has no technical expertise whatsoever. The other thing that he conveniently removed is my authorship of the script. Here's his delivery email:
So this month, the prestigious "Shmuck" award goes to Spain. Congratulations - you earned it!
Sunday, January 23, 2011
Subscribe to:
Posts (Atom)