This time on an exciting brand-new-studio edition of Hak5 we’re getting hands on with the latest version of BackTrack-Linux, configuring virtual machines and wireless. Shannon’s flashing the firmware on a Dingoo Digital A320 and installing a custom distro of Linux and so much more.

Download HD Download MP4 Download WMV

Hacker Headlines

Oh Skype… They have another security problem. Skype on Mac OS X has a bit of a flaw. You can send a Skype message to another user and potentially get remote access to that other computer. Gordon Maddern, a security researcher, found the flaw and told Skype about it more than a month ago, but there was no fix until after the news started spreading that there was an issue. Skype has released a small term patch, but no full fix has been released, nor has users been notified to update.

Just days before Google I/O begins, French security firm Vupen demonstrates a zero-day vulnerability in Google Chrome allowing remote execution. The exploit, which hasn’t been released to the public, bypasses Chrome’s praised Sandbox as well as Address Space Layout Randomization and Data Execution Prevention. Google, busy introducing the Chromebook, has not verified VUPEN’s claims and says that if necessary an update will be pushed to users automatically.

The death of Osama Bin Laden has spurred several scams throughout the interwebz. Malware has shown up on certain websites, a Facebook scam popped up, and even the blog of the guy who accidentially live twittered the event has been compromised. Scammers are smart and they know what you’re looking for. People want to see the ‘Osama death video’, which doesn’t exist. So for anyone out there who was considering clicking that video on Facebook and sharing it with your friends, DON’T, and while you’re at it, delete it from your profile if someone else posted it.

Symantic security researchers are reporting that a flaw in the way application authentication works on Facebook, nearly 100,000 apps may have complete access to your account. Facebook now uses OAUTH 2.0 for authentication, however older authentication schemes are still in use. The firm advises users to change their passwords immediately — which essentually thwarts the access token bug.

Hot off the heals of Ubuntu’s 11.04 “Natty Narwhal” release — which has been getting mixed reviews due to the new Unity window manager, Backtrack Linux releases the much awaited version 5. In addition to native 64-bit and ARM processor support the security distribution now comes in both KDE and Gnome flavors. Are you excited? Have you checked it out? It’s available via torrents, has a stealth mode, comes with Metasploit, and sounds just plain awesome!

Kerby’s oldschool app of the week
Oregon Trail

Hacking the Dingoo Digital A320

This week I’m introducing this fun little device called the Dingoo Digital.

The Dingoo Digital A320 is a gaming handheld for open game development. It has modest hardware specs: 400MHz CPU, 32MB of RAM, 4GB internal storage, a miniSD reader, a 2.8″” LCD screen with a 320×240 resolution, and your normal jacks. The cool part is the software. You can playback several video and audio file types, there is a built in FM tuner for radio, you can record voice, and the SDK is available for free. My favorite part is it’s customization features and ability to play ROMs. Because who doesn’t like video games?

The device comes preinstalled with several arcade games like Centipede, Mine Sweeper, and has built in Emulators for your convenience as well. But if you want more with your new toy, what is better than installing Linux on it?

Enter Dingux, the Linux Distro for the Dingoo. You can get Dingux on the dingoo-scene website as well as really easy steps to follow if you want to check it out.

First off, you’ll need to download a couple of files. Booboo’s dual boot installer zip file for Windows, and the local-10 or local zip file. Charge your Dingoo so it doesn’t die during the reflashing process. We don’t want a bricked Dingoo!

Once your files are downloaded, unzip the Dual Boot file into a new folder wherever you want on your PC.

Turn on the Dingoo and go to the ‘System Setup’ menu, ‘About’, and press A. Press up-right-down-up-right-down and an easter egg diagnostics screen pops up. On the screen it should say ILI9331 or ILI9325 at the end of one of the lines. Mine says 9331. This is an LCD model and pertains to the flashing procedure.

Now, reset the Dingoo by holding B and pressing in the power button. The screen will stay dark so don’t panic!

Plug the Dingoo Digital into your PC. Choose cancel if any ‘new hardware found’ screens pop up. When your PC asks for a driver location choose your newly created Dual Boot folder. The driver should successfully install and you’re ready to flash your Dingoo!

Unplug the Dingoo, press the reset button, and let it boot into the normal firmware. You won’t need to hit the on button during this reset.

Hold the B button down and press POWER AGAIN. Plug the Dingoo back into your PC.

Open cmd, and go to the Dual Boot File directory. cd shannon\downloads\Dingoo Dual Boot and execute the usbtool-win file. We’re going to upload a file to a specified address, so we’ll type usbtool-win 1 hwinit.bin 0×80000000. This should start the flashing. Then type usbtool-win 1 zImage_dual_boot_installer_ILI9331 0×80600000 and press enter. A screen will appear on the Dingoo saying Dual Boot Flasher and press start to coninue.

Follow the on screen instructions. If done correctly, it’ll say Success at the end. You should see a Dingux startup screen when your Dingoo restarts. There is another step to getting Dingux to startup, so right now it’ll just boot to the original firmware.

Reset your Dingoo and plug it into the PC. Your PC should find it in a few seconds.

Next, plug in your mini SD card and format it to FAT32. Unzip everything from the second file you downloaded, local-10.zip, to the root of your mini SD card.

After unzipped, go to the mini SD card and rename your LCD screen file to zImage. So, mine is ‘zImage-20090707-ILI9331′, and I’ll change the name to ‘zImage’. Delete the other LCD image file if you want to.

Then, you’re done! Unplug and reset the Dingoo while holding down the Select key. It should boot into Dingux and launch the Dmenu. You should see a new menu on your screen.

Now that you have Dingux installed, go online and find some handy ROMs!

There is a ton of stuff you can do with this gaming device. The growing online community has tons of homebrew video games to try out, theme packs, and ROM’s available. I’ve linked a bunch of the websites in our shownotes. I’m thinking next week I’m going to try to stick Doom on here, because, why not? It’s DOOM!

Email me at feedback@hak5.org with questions and comments.

HakTip: BackTrack 5 first-boot

Darren is excited to be playing with the new BackTrack 5 linux. BackTrack is a fantastic distribution for security auditing. Version 5 is available in 32 and 64 bit flavors as well as ARM processor support and now comes in either Gnome or KDE.

Darren demonstrates how to setup either a USB drive to boot directly off, or a Virtualbox VM. Darren goes on to show off ethernet configuration and setting up a wireless adapter over USB.

Emails

Nick writes in:

http://hackertyper.net/
set type speed to 1 for a more realistic look.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

13 Comments

  • Why Cant You Make A new Episode On Metaspoiled Attacked….
    We Realy Want To Know ……

  • TrY tO PuT ViDeO On yOuTuBe sO We cOuLd dOwNlOaD It eAsYlY…..

    KeEp iT uP gUyS…….

  • Hi, we are from http://www.thehackernews.com/ , can we have Link Exchange ? Contact us at thehackernews@gmail.com , Thanks

  • Nick Bouwhuis 2 years ago

    Stil no Crack the code walktrough that you promised two episodes back? Realy like those

  • Whoah! The brick wall is back? :)

  • Woah! The brick wall is back? :-D

  • Martin 2 years ago

    Great episode, as always! I was just going to email you guys to ask if you could recommend a good usb wireless adapter for BT5…! I just ordered the same one online. I can’t wait for “Hak Tip” to start! Cheers!

  • Hey,

    Question. Does the Backtrack LiveCD need to be placed into the computer CD tray in order to download the Backtrack 5 onto the VM ware HD?

    -B

    • Martin 2 years ago

      B,
      You can just download the ISO and create a new VM off it; you don’t need to burn the image. VMWare is going to ask you to browse for the image or CD where the OS is located; just point it to where you saved the ISO. Once you’ve created the VM and booted into Backtrack 5, you’ll see an icon on the desktop named “Install”. Just double-click on it and it will guide you thru the steps to complete the hard drive installation on your new VM. Once it’s finished, you won’t need that ISO anymore.

  • Nicos 2 years ago

    Hak5,

    Hello guys! Just want to take a quick moment to say that I love your show. With being a newb and trying to take in the limitless hacking world tricks in, you guys have helped by showing me the 101. I recently inherited an old laptop (Sony Viao, 512 mb ram, 70 gbs, 1.5 ghz processor) and I installed backtrack 5 on the hard disk. No dual boot. This is my primary OS now. Is it possible to find an usb wireless adapter that will be compatible with this laptop and if so, what brand and model do you guys recommend? Keep up the good work. Thanks.

    Nicos

  • Someone 2 years ago

    Testing Backtrack 5.
    Just writing to get your captcha pic for pwntcha :)

  • Bruno 1 year ago

    Hi. Iam a macbook user and i had backtrack installed on vmware. The problem was…i couldnt use the gpu cracker because it just wouldnt recognize my ati.

    Is there any way to solve this? If i create a bootable usb will i have the same problem?If there is a mac user out there plz let me know how o solve this

  • It would be nice if you would show how to use backtrack on ubuntu virtualbox.