Monday, May 12, 2008

Booting The Heron from a U3

Well, one day last week, I got bored and decided to tinker with my Sandisk Cruzer Titanium 4GB with U3. Normally, when you jam one of these in your USB port, it shows up as a 6MB CD-ROM drive and the rest of the space as a USB Mass Storage Device (USB Harddrive).

Now, here's the neat thing: It does this all in hardware.
The chipset inside registers as two distinct devices, a CD-ROM with autoplay software for windows with the fancy U3 launchpad, and the actual flash drive. Windows Device Manager shows two devices, and jamming it in my Ubuntu 8.04 installation also displays as two drives. So, thinking about this, I walked over to a friend's PC, rammed it in the front panel USB, hit the power button, and whacked F12 to show the boot drive selection menu.

Imagine my surprise when even the BIOS recognized it as two distinct devices...
So, I started tooling around google, and discovered the "U3 Universal Customizer".
Normally, people would use this to patch in a new ISO under 6MB to replace the existing one.

I began screwing around with some of the other software from the Hak5 site, and poked around with the USB Switchblade & USB Hacksaw software...

Basically, what they are, is a replacement for the 6MB portion of the drive that contains some 'malware' that will bleed a windows system dry -- swipes all the passwords, sets up an encrypted stunnel, and emails it all off to an address of your choice. Interesting, but not terribly useful unless you're a vengeful 14 year old intent on swiping some other kiddie's myspace passwords for fun and pr0fit. Big deal. Since I run Ubuntu primarily now, it wouldn't affect me, even with WINE installed, due to the very nice "This disc has autoplay, do you want to execute it?" dialog.

So I tinkered around with it some more... And then I found out by trial and error that the U3 Universal Customizer can change the domain size of the CD side of the device! The first time I tried this was with a 10MB ISO containing Process Explorer and some other bits including DiskTrix's Ultimate Defrag. From everything I read, I was told this would brick the unit, but I tried anyway. It worked!

So then I figured, hey, wait a minute. If I can shoehorn 10MB on there, what about 700MB?
Well, first try, it didn't work... but LPUninstaller managed to unbork my drive and LPInstaller got me back to the standard U3 Launchpad.

Then I thought... Hey, what if there's a signature stuck on the ISO somewhere that the U3 bits are looking for?

I dug up a copy of MagicISO, which can normally remaster ISOs, opened up cruzer-autorun.iso, deleted everything but the autorun.inf, dropped process explorer in there, edited the autorun.inf, opened up my Ubuntu 8.04 ISO, saved the bootsector to a BIF file, copied all of the files out of the ISO to C:\Ubu804, loaded the bootsector.bif into the cruzer-autorun.iso, and dropped all the files in C:\Ubu804 in there, and ran U3 Universal Customizer...

*45* minutes later, SUCCESS!

So I jammed the drive into my friend's PC, hit the power button, whacked F12 to get to the boot menu, and selected the U3 Titanium CDROM device...

And bricked my pants as Ubuntu's CD Bootloader came up. Hit enter twice, and about 45 seconds later, I'm staring at the Ubuntu 8.04 desktop, grinning my ass off like an idiot. Plus you can use the rest of the Mass Storage side for "persistant" mode! Now if I could just figure out how to get "toram" working again, and dump openoffice from casper, I'd be one happy camper!

To sum it all up:

Edit the existing cruzer-autorun.iso with MagicISO instead of creating a new ISO.
"Burn" the ISO onto the Cruzer with U3 Universal Customizer.

This should work with just about any bootable ISO that doesn't rely on things expecting hard coded ISO9660 LBA addresses.

(And it should even work on an UBCD4Win / BartPE / OpenSolaris Indiana or Nevada /Nexenta ISO under 4096MB!)

The only thing you need is unrestricted access to a Windows NT5.x (Windows 2000 / Windows XP) machine for about an hour.

Good luck, beware of bricking your $50 keychain bootable CD-ROM!

Wednesday, April 30, 2008

Forcing Vista Home Basic/Premium to play with SAMBA

After spending hours trying, I finally managed to come up with a solution...
From my posting in the MSDN forum:

[quote user="Jim Frost"]


controls the security level mandated or allowed for logins. In Vista it defaults to 0x3, which means "NTLMv2 only". This is not supported by Samba, or at least not supported by any of the Samba servers I use (Mac OS X, Debian Sarge, or Buffalo TeraStation). This is despite the fact that the Samba documentation implies that it should work.

NTLMv2 did not work reliably until recent samba 3.0.2X releases.
Vista Home Basic/Premium does not have secpol.msc. Ultimate does.

[quote user="K Frazier"]

I had the same issue with my Linksys Media Server Router (WRTSL54GS) which offers SAMBA based NAS.

In addition to the suggestion to change the LSA Compatability from 3 to 1 (NTLMv2 required to NTLMv2 if available), which reverts back to XP type of authentication, I also found that treating the UserID as that of a foreign domain controller works.

That is...If your NAS is a member of the FOO workgroup, when you pass your authentication info, you can specify the format of "FOO\userid" in the username field. It is important to use the Workgroup name and not the NAS server machine name. This should work for most current generation SAMBA implementations.


The full solution for Vista Home Basic/Premium+ SambaV2/V3:

Set HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LMCompatibilityLevel from 0x3 to 0x1 to switch from "0x3: Try NTLMv2" (Confuses samba) to "0x1: Negotiate NTLMv2 if possible, Try NTLMv1, else use MSLANMAN".

Vista also REQUIRES a domain identifier before the username:
For all of us home users without a domain controller, use your WORKGROUP name instead of a DOMAIN identifier:

If I wanted to log in on a machine named "SERVER", one would assume you would use "SERVER\username" but this is incorrect.
What you actually want to do is login as "WORKGROUP\username" with Vista AFTER setting LMCompatibilityLevel to 0x1.

So, for many people this would look something similar to:
"MSHOME\Owner" or "MSHOME\Administrator"

Remember, you need both the registry edit AND the identifier\username!

Good luck!