This time on an exciting brand-new-studio edition of Hak5 we’re getting hands on with the latest version of BackTrack-Linux, configuring virtual machines and wireless. Shannon’s flashing the firmware on a Dingoo Digital A320 and installing a custom distro of Linux and so much more.
Oh Skype… They have another security problem. Skype on Mac OS X has a bit of a flaw. You can send a Skype message to another user and potentially get remote access to that other computer. Gordon Maddern, a security researcher, found the flaw and told Skype about it more than a month ago, but there was no fix until after the news started spreading that there was an issue. Skype has released a small term patch, but no full fix has been released, nor has users been notified to update.
Just days before Google I/O begins, French security firm Vupen demonstrates a zero-day vulnerability in Google Chrome allowing remote execution. The exploit, which hasn’t been released to the public, bypasses Chrome’s praised Sandbox as well as Address Space Layout Randomization and Data Execution Prevention. Google, busy introducing the Chromebook, has not verified VUPEN’s claims and says that if necessary an update will be pushed to users automatically.
The death of Osama Bin Laden has spurred several scams throughout the interwebz. Malware has shown up on certain websites, a Facebook scam popped up, and even the blog of the guy who accidentially live twittered the event has been compromised. Scammers are smart and they know what you’re looking for. People want to see the ‘Osama death video’, which doesn’t exist. So for anyone out there who was considering clicking that video on Facebook and sharing it with your friends, DON’T, and while you’re at it, delete it from your profile if someone else posted it.
Symantic security researchers are reporting that a flaw in the way application authentication works on Facebook, nearly 100,000 apps may have complete access to your account. Facebook now uses OAUTH 2.0 for authentication, however older authentication schemes are still in use. The firm advises users to change their passwords immediately — which essentually thwarts the access token bug.
Hot off the heals of Ubuntu’s 11.04 “Natty Narwhal” release — which has been getting mixed reviews due to the new Unity window manager, Backtrack Linux releases the much awaited version 5. In addition to native 64-bit and ARM processor support the security distribution now comes in both KDE and Gnome flavors. Are you excited? Have you checked it out? It’s available via torrents, has a stealth mode, comes with Metasploit, and sounds just plain awesome!
Kerby’s oldschool app of the week
Hacking the Dingoo Digital A320
This week I’m introducing this fun little device called the Dingoo Digital.
The Dingoo Digital A320 is a gaming handheld for open game development. It has modest hardware specs: 400MHz CPU, 32MB of RAM, 4GB internal storage, a miniSD reader, a 2.8″” LCD screen with a 320×240 resolution, and your normal jacks. The cool part is the software. You can playback several video and audio file types, there is a built in FM tuner for radio, you can record voice, and the SDK is available for free. My favorite part is it’s customization features and ability to play ROMs. Because who doesn’t like video games?
The device comes preinstalled with several arcade games like Centipede, Mine Sweeper, and has built in Emulators for your convenience as well. But if you want more with your new toy, what is better than installing Linux on it?
Enter Dingux, the Linux Distro for the Dingoo. You can get Dingux on the dingoo-scene website as well as really easy steps to follow if you want to check it out.
First off, you’ll need to download a couple of files. Booboo’s dual boot installer zip file for Windows, and the local-10 or local zip file. Charge your Dingoo so it doesn’t die during the reflashing process. We don’t want a bricked Dingoo!
Once your files are downloaded, unzip the Dual Boot file into a new folder wherever you want on your PC.
Turn on the Dingoo and go to the ‘System Setup’ menu, ‘About’, and press A. Press up-right-down-up-right-down and an easter egg diagnostics screen pops up. On the screen it should say ILI9331 or ILI9325 at the end of one of the lines. Mine says 9331. This is an LCD model and pertains to the flashing procedure.
Now, reset the Dingoo by holding B and pressing in the power button. The screen will stay dark so don’t panic!
Plug the Dingoo Digital into your PC. Choose cancel if any ‘new hardware found’ screens pop up. When your PC asks for a driver location choose your newly created Dual Boot folder. The driver should successfully install and you’re ready to flash your Dingoo!
Unplug the Dingoo, press the reset button, and let it boot into the normal firmware. You won’t need to hit the on button during this reset.
Hold the B button down and press POWER AGAIN. Plug the Dingoo back into your PC.
Open cmd, and go to the Dual Boot File directory. cd shannon\downloads\Dingoo Dual Boot and execute the usbtool-win file. We’re going to upload a file to a specified address, so we’ll type usbtool-win 1 hwinit.bin 0×80000000. This should start the flashing. Then type usbtool-win 1 zImage_dual_boot_installer_ILI9331 0×80600000 and press enter. A screen will appear on the Dingoo saying Dual Boot Flasher and press start to coninue.
Follow the on screen instructions. If done correctly, it’ll say Success at the end. You should see a Dingux startup screen when your Dingoo restarts. There is another step to getting Dingux to startup, so right now it’ll just boot to the original firmware.
Reset your Dingoo and plug it into the PC. Your PC should find it in a few seconds.
Next, plug in your mini SD card and format it to FAT32. Unzip everything from the second file you downloaded, local-10.zip, to the root of your mini SD card.
After unzipped, go to the mini SD card and rename your LCD screen file to zImage. So, mine is ‘zImage-20090707-ILI9331′, and I’ll change the name to ‘zImage’. Delete the other LCD image file if you want to.
Then, you’re done! Unplug and reset the Dingoo while holding down the Select key. It should boot into Dingux and launch the Dmenu. You should see a new menu on your screen.
Now that you have Dingux installed, go online and find some handy ROMs!
There is a ton of stuff you can do with this gaming device. The growing online community has tons of homebrew video games to try out, theme packs, and ROM’s available. I’ve linked a bunch of the websites in our shownotes. I’m thinking next week I’m going to try to stick Doom on here, because, why not? It’s DOOM!
Email me at email@example.com with questions and comments.
HakTip: BackTrack 5 first-boot
Darren is excited to be playing with the new BackTrack 5 linux. BackTrack is a fantastic distribution for security auditing. Version 5 is available in 32 and 64 bit flavors as well as ARM processor support and now comes in either Gnome or KDE.
Darren demonstrates how to setup either a USB drive to boot directly off, or a Virtualbox VM. Darren goes on to show off ethernet configuration and setting up a wireless adapter over USB.
Nick writes in:
set type speed to 1 for a more realistic look.
Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up firstname.lastname@example.org.