Testing file system repair attempts on a read-only disk image

By dose | September 1, 2021
Under: Uncategorized
Comments: No Comments »

I recently got a damaged HFS+ formatted volume for analysis and repair.
Now I did what has to be done first on all data recovery attempts, obviously: Create a dd Disk image from the disk before messing around with it.
As the volume was very large, it would cost a lot of time and disk space to always make a copy of the image, mess around with it and if it fails, restore the original image. Copying around terabytes of data on a slow medium like classic harddisks is taking a lot of time, after all.
So I was searching for a way to operate on a snapshot-overlay of the original image to mess around with it and just dump the snapshot and revert, if something goes wrong.
Fortunately, I found this Stackoverflow post, which describes a way to do what I want.
So here is a little mount script mount_ovl.sh:

#!/bin/sh
if [ $# -eq 0 ]; then
  echo Usage: $0 ro-device \[overlay-size\]
  echo i.e.: $0 /dev/loop0
  exit
fi
if [ ! -e $1 ]; then
  echo $1 does not exist
  exit
fi
if [ -z "$2" ]; then
  ovlsz=10G
else
  ovlsz=$2
fi
 
ovl=/tmp/ovl
newdevname=ovldev
truncate -s$ovlsz $ovl
size=$(blockdev --getsz "$1")
loop=$(losetup -f --show -- "$ovl")
echo "0 $size snapshot $1 $loop P 8" | dmsetup create "$newdevname"
echo Mounted $loop to $newdevname

So, to i.e. do a fsck.hfsplus without ruining the original image, I first create a loopf device of the disk image:

# losetup -P /dev/loop0 /mnt/winhexraw.dd

Let’s list the partitions that it autodetected with -P:

# fdisk -lu /dev/loop0
Disk /dev/loop0: 931,5 GiB, 1000170586112 bytes, 1953458176 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: B9D171AA-7F12-4DD2-B1BD-FAE6A14B1DA8

Device        Start        End    Sectors   Size Type
/dev/loop0p1     40     409639     409600   200M EFI System
/dev/loop0p2 409640 1953195991 1952786352 931,2G Apple HFS/HFS+

So /dev/loop0p2 is the partition that needs to be checked.
Now mount it R/W with the script to /dev/mapper/ovldev:

./mount_ovl.sh /dev/loop0p2

Now it can be i.e. checked with

fsck.hfsplus -f /dev/mapper/ovldev

and possibly fixed. In my case, file system was damaged and fsck was unable to fix it, so I finally resorted to HFS+ rescue to get the files off from it. But this little hint can still be useful for futher attempts to i.e. repair the filesystem by hand.

To drop the snapshot again, assuming that it got mounted to /dev/loop1:

dmsetup remove "ovldev"
losetup -d /dev/loop1

And to release original loop device for disk image:

losetup -d /dev/loop0

Might become handy some day.

Open in VLC Media Player in Firefox 52.9.0 ESR on WinXP

By dose | February 27, 2021
Under: Uncategorized
Comments: 3 Comments »

Recently, the ORF tvthek made some really bad updates to their player.
1) the fullscreen function now throws a javascript error in Firefox 52.9.0 ESR (last version that works on WinXP), so you cannot put the video to fullscreen anymore.
2) No matter what resolution you choose, the video resolution always gets adapted during playback and worsens over time, so videos cannot be viewed in full quality anymore rendeing the player useless.

So I needed an alternative to open up the videos in VLC media player, which also has the advantage that it uses much less CPU than the Firefox integrated video player.
Now there is this usedful “Open in VLC media player” Firefox plugin.
The problem with it is that it requires a node.js native client and nodeJS executable only works up to version v5.12.0 on Windows XP.
Therefore you need an older client script version and need to adapt it for the old node.js version.

1) Download nodejs nativeclient version 0.5.5
2) Download NodeJS node.exe v5.12.0
3) Unpack the nativeclient above and replace node\x86\node.exe with version from 2)
4) Fix install.bat and uninstall.bat by adding the following line after @echo off, as Windows XP doesn’t have a %LocalAPPData% environment (which can get quite danerous on later versions of uninstall.bat):

if "%LocalAPPData%"=="" set LocalAPPData=%AppData%

5) The host.js file is not fully compatible with the node.js version, therefore you have to patch the following lines:

a) Replace

const walk = (dir, depth = 0) => {

with

const walk = (dir, depth) => {

b) Replace

walk(msg.path);

with

walk(msg.path, 0);

6) Now you can run install.bat and finally install the “open in VLC” plugin into Firefox.

Here is a patched version of the nodejs-nativeclient that contains the appropriate node.js exe and patched files so that you just need to install it.

Removing the timebomb of the Adobe Flash Player

By dose | February 19, 2021
Under: Uncategorized
Comments: 3 Comments »

As known, Adobe placed a time bomb in their flash player in order to disable it by 12/01/2021.
This is – of course – a horrible move, rendering a lot of applications (i.e. HP Printer Software, interactive tutorials, Flash games, etc.) useless and therefore it has to be fixed in order to re-enable it.
Flash was available for download from Adobe, but an up-to-date version also was shipped and updated with Windows 10. So for the ActiveX-version, this one got maintained by Windows Update, whereas the other versions (i.e. npapi) got maintained by Adobe.
Lately, some people even said that the optional Microsoft patch KB4577586, which removes Flash from the system, got deployed to them via Windows Update.

So in order to re-enable flash (even when the evil, unremovable patch KB4577586 has been installed to the system), I made a little patcher, based on the work of KuromeSan which you can download here
Hopefully this will get you up and running again.

Install Winhlp32 (32bit Winhelp) on Windows 10

By dose | February 18, 2021
Under: Uncategorized
Comments: No Comments »

As I recently got asked on how to install WinHlp32.exe on Windows 10, I once wrote a little script to automate the task that I share here, as Microsoft fails to provide an installer for it on Windows 10.

Just copy the following lines into a file called install_winhelp.cmd and then execute it, it should download and install winhlp32.exe automatically:

@echo off
setlocal
echo Detecting language...
set LANG=%1
if "%1"=="" for /f "delims=" %%a in ('powershell.exe -ExecutionPolicy ByPass -Command "$PSUICulture"') DO set "LANG=%%a"
if "%LANG%"=="" set LANG=de-de
 
rem Ensure that we are run from 64bit prompt
if "%ProgramFiles(x86)%" == "" goto StartExec
if not exist %SystemRoot%\Sysnative\cmd.exe goto StartExec
%SystemRoot%\Sysnative\cmd.exe /C "%~f0" %*
exit /b
:StartExec
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if '%errorlevel%' NEQ '0' (
  echo Requesting administrative privileges...
  goto UACPrompt
) else ( goto gotAdmin )
:UACPrompt
echo Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs"
exit /B
:gotAdmin
if exist "%temp%\getadmin.vbs" ( del "%temp%\getadmin.vbs" )
pushd "%CD%"
CD /D "%~dp0"
 
set ARCH=amd64
reg query HKLM\Hardware\Description\System\CentralProcessor\0 /v Identifier | Find /i "x86" >nul
if not errorlevel 1 set ARCH=x86
 
echo Downloading Winhelp, using language %LANG% for arch %ARCH%...
bitsadmin /transfer Windows8.1-KB917607-x64.msu /download /priority normal https://download.microsoft.com/download/A/5/6/A5651A53-2487-43C6-835A-744EB9C72579/Windows8.1-KB917607-x64.msu %CD%\Windows8.1-KB917607-x64.msu
if not exist Windows8.1-KB917607-x64.msu goto fini
 
md ContentMSU
expand Windows8.1-KB917607-x64.msu /F:* .\ContentMSU
 
cd ContentMSU
md ContentCAB
expand Windows8.1-KB917607-x64.cab /F:* .\ContentCAB
 
cd ContentCAB
cd %ARCH%*winhstb*%LANG%*
if not exist winhlp32.exe.mui (
  echo winhlp32.exe.mui does not exist in requested langauge
  goto fini
)
takeown /f "%SystemRoot%\%LANG%\winhlp32.exe.mui"
icacls "%SystemRoot%\%LANG%\winhlp32.exe.mui" /grant "%UserName%":F
ren %SystemRoot%\%LANG%\winhlp32.exe.mui winhlp32.exe.mui.w10
copy /y winhlp32.exe.mui %SystemRoot%\%LANG%\winhlp32.exe.mui 
cd ..
cd %ARCH%*winhstb*none*
if not exist winhlp32.exe (
  echo winhlp32.exe does not exist ??
  goto fini
)
takeown /f "%SystemRoot%\winhlp32.exe"
icacls "%SystemRoot%\winhlp32.exe" /grant "%UserName%":F
ren %SystemRoot%\winhlp32.exe winhlp32.exe.w10
copy /y winhlp32.exe %SystemRoot%\winhlp32.exe
cd ..\..\..
rmdir /s /q  ContentMSU
echo Done
 
:fini
endlocal
pause

Convert (Debrand and remove SIMlock) of Nokia E63 from carrier Drei to standard E63

By dose | January 5, 2021
Under: Uncategorized
Comments: No Comments »

I love phones with keyboards. The modern touchscreen based Smartphones may be useful for i.e. Internet surfing, but their on-screen keyboard without the ability to type with physical feedback from the buttons is just very, very awful and makes them barely usable for my purposes.
Therefore I love the old Nokia E63 Symbian S60v3-based phones. Its “killer feature” is the flashlight that can be toggled by just pressing the space bar, it’s so much easier than fiddling around with a touchscreen to turn it on. That’s one reason why I prefer it over the Nokia E71, and according to some reviews, the E72 isn’t that great either.
Now my E63 aged, some plastic parts fell out and after carrying the phone in my pocket on a very rainy day, the phone shut down and didn’t recover from the water incident for serveral days.
After drying it for a few days and opening it to let the wetness dry out, the phone recovered and started back normally. So generally, these devices seem to be very robust. But I noticed over time that the signal quality got worse. Sometimes that phone just disconnected from the cell tower and it took minutes to reconnect and so I got missed calls depending on my location. And I suddenly was unable to get a proper signal in areas where I had no problems to at least get a low signal level before. So due to the water, some component may unfortunately have degraded.
Time to get a replacement! These old phones with European style keyboards are getting rarer on the market, but the Austrian carrier “Drei” once gave out these phones and some of them are still around for a few bucks, but with Drei Simlock in place and the firmware is also branded. But as these are still easy to get, I bought a used one and had to remove the Drei Simlock and debrand it.
In case someone likes the E63 as much as I do and still wants to do this procedure today, here is a short howto:

For all operations, I used the Nokia BEST (BB5 Easy Service Tool) v. 1.51 by Infinity-Box Team

1. Prepare

I carried out all Operations on Windows XP, but I guess it may also work on Win 7.
1.1 Download Nokia BEST V 1.51 and install it to your work directory
1.2 Download Nokia USB driver and install it (also contains driver for Bootloader which is needed).

I also had Nokia PC Suite installed, but I guess it’s not really necessary. I just had it on my machine anyway.

2. Remove SIM-Lock

This video shows the process.
It may be a good idea to verify that the connetion to the phone works, therefore first let’s read it:
2.1 Power on the E63
2.2 Start Nokia BEST and connect USB cable between Nokia and PC, select “PC Suite” when asked on the phone in which mode you want to connect.
2.3 Noka BEST should now detect the phone and be able to read it. So under “Service Tool” tab, click “Read info”. On Lock status, you will see Lock  closed, type of your phone is PA_SL2 phone. If this applies, the phone is SIM-locked and you need to continue, otherwise it may already be unlocked.
2.4 Ensure that your phone has enough battery and unplug the charger, if you have plugged it in (I found the process easier with no charger attached). Go to “Repair” tab and click “Rd key”.
You will be presented with a dialog with instructions:
2.5 Unplug USB cable, shut down your hpone with the red Hangup key and wait till it is turned off.
2.6 Press OK in the dialog
2.7 Replug USB cable and press the red Hangup key for just about half of a second. Nokia BEST should detect the phone and read out data. Phone is booted into service mode.
2.8 When it shows “Key file updated”, then you can finally unlock it, go to tab “Unlock” and press “Unlock”.  Unlock should be done now and locks removed.

Don’t showdown or unplug cable yet to get out of service mode, you can do one more step to debrand phone on the next step:

3. Debrand phone

Change product code

First, you need to find out the production data of your current phone and the production data of the phone, you want to convert it to. Normally, this number can be found on a label under the battery in the field named “Code”, bot to see the real code, on Nokia BEST, go to tab “Service Tool” and in “Prduction Data Edit”, click “Read”.
To make sense of the number, there are lists of the production codes available, i.e. this list seems to be pretty complete.
Now in my example, the phone I want to debrand is a:

0583827 200.21.012 E63-1 RM-437 3 AT AT ULTRA BLUE GV

Now I need to find the product code for the phone that I want to turn it into. For the central European market with QWERTZ keyboard, this code is the correct one for my purposes:

0568835 RM-437 CTR EURO-C ALS ON Ultramarine 200.21.01

So, enter the code above in the input field and click “Write”.
“ALS ON” stands for “Ambient light sensor” activated, I think, which detects light conditions and handles keyboard light accordingly (the sensor is right next to the speaker).

Download firmware

Unfortuntely, Microsoft shut down the old update servers for the BB5 phone firmwares, but luckyly, some people have archived the complete firmware packages. See this thread on gsmhosting forum. Download the EURO firmware package (Nokia_E63_RM-437_EURO_DP_15.00_MCU_510.21.010.exe). Should it get lost somehow, The Internet Archive also has an archive of BB5 firmware packages.

After download, install the Firmware package and note down the path you installed it to. The directory contains a file named readme_euro.txt

Flash the firmware

Take note of the respective firmware flash files you need for the Product code that you changed the code to in the previous step. I.e. for out 0568835 phone, the readme_euro.txt tells us:

Transceiver: 0568835: RM-437 CTR EURO-C ALS ON Ultramarine
 Images:
 - rm437_510.21.010_prd.c00
 - rm437_510.21.010_prd.v33
 - rm437_510.21.010.42U
 - sofie_erase_y_drive.fpsx
 - RM437_ENO_008.07.45_100.71.952.a018.fpsx

Now go to Nokia BEST again to tab “Flashing”. Select phone Model (RM-437 in our case), and check the following boxes

[x] Use INI
[x] Manual
[x] Dead mode
[x] Backup
[x] Chk/Read
[x] Set Normal
[x] FactorySet

After previous step, I disconneted the phone, reboted it normally, checked that it still booted and then did the flash (you can leave local mode on phone my just pulling out the battery).
If you are doing this in one step, “Dead mode” checkbox may not be available. Not sure if flashing can be done in one step after SIM-unlocking.
Now select the respective files fro the README above for the Fields MCU, PPM1, CNT1, CNT2, CNT3 (leave out PPM2).
The process can be seen on this video.
Be aware that all data gets deleted from the phone!! Also ensure to remove an SD-Card from the phone, if you have one sitting in the phone.
Finally click “Flash” to flash the new firmware on the phone.
If you have previously disconnected the phone, you must follow the same procedure as in first step. Disconnect cable, power off phone, reconnect cable, press hangup for half of a second and let the flash process start.

After flashing is done, you should have a new stock firmware on the device.

4. Remove signature enforcement

The Nokia Symbian phones have the annoying feature that all software installed on the phone must be signed with a certificate. You can turn off the ceritficate verification, but it still checks the certificate date/timestamp and you cannot install unsigned software. In order to remove these limits, Installer needs to be patched.
This video shows you how to do it.
It is said that a memory card should be used to carry over the files and a SIM card needs to be inserted in order to work properly. Havent’t tried if this is really needed, but did so:

Copy Norton Symbian hack, RomPatcherPlus, X-Plore and installserver.exe to a directory on memory card.
Menu -> Office -> clock -> Change phone date to 01.01.2009
Menu -> Installations -> App mgr. -> Options -> Settings -> Software installation -> All
Menu -> Office -> File manager -> Memory card -> Install NortonSymbianHack.sisx
Menu -> Installations -> Norton -> Options -> Antivirus -> Quarantine list -> Options -> Restore all -> Yes
Menu -> Installations -> App mgr. -> Symantec Symbian Hack -> Options -> Remove -> Yes
Menu -> Office -> File manager -> Memory card -> Install RomPatcherPlus_3.1.sisx (Into Phone memory)
Menu -> Installations -> RomPatcher+ -> [x] Install Server RP+ (turns red) -> [X] Open4All RP+ (turns green)
Meno -> Office -> clock -> Change phone date to 01.01.2012
Menu -> Office -> File manager -> Memory card -> Install X-plore V.1.56 S60v3+v5+…
Menu -> Installations -> X-plore -> Menu -> tools -> configuration -> [x] Show system files/folders -> Back
Copy installserver.exe to C:\sys\bin

5. Install language pack for TTS (Text to Speech)

As the default language for Text-to-speech is only English, you need to install additional TTS-Langpacks. i.e. the German language pack can be found here.

 

Now I was able to install all applications from the old phone on the replacement phone, migrate data via Nokia PC Suite and finally got my replacement phone running as new main phone. Mission accomplished ­čÖé

In case some files linked here are missing (files are not available anymore), just drop me a comment and I can supply them to you.

Installing MS SQL Server 2019 on Devuan Beowulf (~Debian 10)

By dose | December 22, 2020
Under: Uncategorized
Comments: No Comments »

As this systemd plague has also caught Debian, I’m mostly using Devuan for new servers now to have the normal SYSV-Init system I’m used to.
I already wrote an article on how to install MS SQL Server 2017 on Debian Jessie. Now here is a little Tutorial on how to install it on lates Devuan Beowulf:

I assume you are root and fixed the annoying Debian 10 su bug with:

echo "ALWAYS_SET_PATH yes" >/etc/default/su
apt-get install gnupg
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
wget -qO- https://packages.microsoft.com/config/ubuntu/18.04/mssql-server-2019.list | tee /etc/apt/sources.list.d/mssql-server.list
wget -qO- https://packages.microsoft.com/config/debian/10/prod.list | tee /etc/apt/sources.list.d/mssql-client.list
apt-get update
apt-get install mssql-server
/opt/mssql/bin/mssql-conf setup
# Ignore error about failed systemctl start after setup
vi /etc/init.d/mssql-server

# Insert script from http://hardwarefetish.com/781-ms-sql-server-2017-upstart-script

chmod +x /etc/init.d/mssql-server
update-rc.d mssql-server defaults
/etc/init.d/mssql-server start
apt-get install mssql-tools unixodbc

Pretty straightforward. No more messing around with openssl lib like on Jessie.

Converting a NetAPP SAS-drive (i.e. Seagate ST3300655SS) to a normal PC-Harddisk

By dose | December 22, 2020
Under: Uncategorized
Comments: No Comments »

Recently my boss discovered that he had some spare SAS 300GB drives which weren’t accepted by the Adaptec RAID Controller.
When trying to use them, the Adaptec RAID controller (8805) just showed that the drive is “currently not supported by the raid adapter” on bootup and refused to show the drive in its list. It showed drive name and Firmware version and is seems that these drives were made for NETAPP Storage appliance according to the Firmware version (also indicated by the Firmware NA01 on the drive’s label).
Now I found out that these drives seem to be formatted with 520 bytes sector size instead of the “classic” 512 byte, thus the RAID controller refused them.
To make them standard drives, I flashed Standard firmware on them, a step, that may not be necessary, but I did it anyway to ensure proper operation:

I first downlaoded a package containing SeaFlashLin, a little Linux distribution by Seagate that included their flash program and put it an a bootable USB stick by just running 
bootable tools/USBbootBuilder-16_Kernel4.3.0-SeaFlashLin-046.USBsetup.exe from the archive.
Next, I downloaded Standard firmware (Release 006) for the drive from HP, as none is available from Seagate’s website. HDDGURU also has a mirror of the needed 15K5_SAS0006.lod firmware file. I put the mentioned .lod file on the USB stick I created and booted it up.

I then flashed the drive with

seaflashlin -f 15K5_SAS0006.lod -d /dev/sgX

where /dev/sgX is the device node of the harddisk on the controller that gets shown in the list of the startup script (which basically just does seaflashlin -i).
After flashing the firmware, drive reset fails, but I just powered down the machine with poweroff command so that the drive gets reset.

Next, I booted up a USB stick with Knoppix Linux which contains the sg3_utils which are needed to reformat the drive with 512 byte Sector size.
One can verify the device node /dev/sgX where the drive is located by checking dmesg, as lsscsi command is not available in Knoppix per default. But it should usually be the same as before when the drive was flashed with new firmware. These drives seem to need a 6 byte command instead of 10 bytes, that’s why the –six parameter is needed. So as root:

 sg_format --format --size=512 --six /dev/sgX

In my case, the formatting was completed very quickly but it showed an error DID_NO_CONNECT when querying status before success-mssage. 
One can either wait a few hours until it is believed that the formatting is complete, or reformat the drive in the RAID controller’s menu. 
After that, the drive just worked fine in the RAID.

 

Fixing Kyocera fs-6021dn errors 7401 7402 7403 and 7404

By dose | June 4, 2020
Under: Uncategorized
Comments: No Comments »

At the office, we had a cheap Kyocera fs-6021dn. After a few years of use, the printer finally gave up with error 7403. Looking at the service manual, the error description is:

Developing unit M noninstalling error
No density detection signal is output from toner sensor M in developing unit M.
Possible causes:
 – Defective connector cable or poor contact in the connector.
 – Defective toner sensor M.
 – Defective engine PWB.

So I found a video showing the disassembly of the printer in order to find the drum developer transfer units. This video showed the removal of the toners and the transfer belt in order to find the drums. When I removed toner and transfer belt (which also wasn’t completely sane, but it seems that the defect found here didn’t really cause real problems for the printer), I found out that the contact of one of the drum units was loose. I just pushed it down so that the connector had contact again and tadaa – no more error 7403

Pl├Âtzlicher SCHANNEL Fehler von Outlook auf Win7 nach Let’s Encrypt Zertifikatswechsel

By dose | February 9, 2020
Under: Uncategorized
Comments: No Comments »

Hatte heute ein l├Ąstiges Problem. Habe SoGO mit EAS auf einem Server laufen, dessen Zertifikat von Let’s Encrypt ausgegeben und automatisch erneuert wird.
Seit der Zertifikatserneuerung heute war pl├Âtzlich eine Mailsynchronisation mehr m├Âglich, Outlook zeigte immer nur “getrennt” an.

Im Ereignisprotokoll habe ich dann einen Haufen SCHANNEL Fehler gefunden, immer gleichlautend:

“Es wurde eine schwerwiegende Warnung empfangen: 40”

und auch:

“Es wurde eine schwerwiegende Warnung empfangen: 70”

Sehen wir uns also einmal die Fehlercodliste an:
SSL3_ALERT_HANDSHAKE_FAILURE  40
TLS1_ALERT_PROTOCOL_VERSION  70

Outlook d├╝rfte also – vermutlich aufgrund des Zertifikatswechsels – aus irgendeinem Grund nicht mehr mit der bevorzugten SSL-Version mit dem Server kommunizieren k├Ânnen. Nach Pr├╝fung der Liste der vom Server unterst├╝tzten TLS-Versionen kommt heraus, dass dieser nur TLS 1.2 angeboten hat. Dies wird jedoch wiederum standardm├čig von Win7 WinHttp nicht unterst├╝tzt. Zum Gl├╝ck hat mich dieser Artikel dann auf die richtige Spur gebracht: KB3140245. Das war zwar schon installiert, jedoch muss man noch 2 Registry-Schl├╝ssel anlegen, um die Standards zu ├Ąndern:

Unter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

und

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp

(sofern 64bit Win7) einen DWORD-Wert namens DefaultSecureProtocols mit dem Hex-Wert 0xA80 anlegen, und schon funktioniert es wieder.

Der Grund f├╝r die pl├Âtzliche Umstellung d├╝rfte ├╝brigens sein, dass die Zertifikatserneuerung ├╝ber certbot funktioniert, und dieser aktualisiert sich offensichtlich bei einer Erneuerung auch selbstst├Ąndig und hat mit dann in der Datei /etc/letsencrypt/options-ssl-apache.conf folgende Zeile eingef├╝gt/ge├Ąndert:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Damit wurden also dann fieserweise die alten TLS-Versionen einfach abgedreht.

Crack f├╝r Monkey Island 2 / Deutsch

By dose | February 5, 2020
Under: Uncategorized
Comments: 1 Comment »

Nachdem ich in einem Kommentar gefragt worden bin, wie man Monkey Island 2 crackt, geht’s weiter in der Serie von LucasArt Adventure cracks.
Wie auch bei Monkey Island 1 sind die files mit 0x69 verXORt.

Fehlerfall:

Script 130, offset 0x24f: [14] o5_print()
Script 130, offset 0x254: [14] o5_print()
Script 130, offset 0x259: [9A] o5_move()
Script 130, offset 0x25e: [88] o5_isNotEqual()
Script 130, offset 0x265: [14] o5_print()
Script 130, offset 0x276: [AE] o5_wait()

Erfolgsfall:

Script 130, offset 0x24f: [14] o5_print()
Script 130, offset 0x254: [14] o5_print()
Script 130, offset 0x259: [9A] o5_move()
Script 130, offset 0x25e: [88] o5_isNotEqual()
Script 130, offset 0x287: [2E] o5_delay()
Script 1, offset 0x96e: [68] o5_isScriptRunning()

Als die Kommandos in MONKEY2.001 ansehen (nachdem wir 0x69 XOR gemacht haben):

879289: 9A EA 01 03 40 88 06 02 ea 01 22 00

Warum steht hier 9A und nicht 1A f├╝r o5_move und 88 und nicht 08 f├╝r o5_isNotEqual?
Weil der Parameter (PARAM_1) als Variable genommen werden soll und nicht als Wert.
In Variable 1EA wird also der Wert von Variable 4003 eingef├╝gt, anschlie├čend wird verglichen, ob in Var 1EA der Wert von Var 206 steht, wenn ja, dann um 22 Bytes gesprungen.

Nachdem der Wert vielleicht sp├Ąter auch nochmal gepr├╝ft wird, moven wir einfach den korrekten Inhalt von Var 206 in var 1EA, indem wir also 4003 mit 206 ersetzen:

879289: 9A EA 01 06 02 88 06 02 ea 01 22 00

Das Ganze wieder mit 0x69 verXORen, fertig ist der Crack 🙂
 (Keine Garantie, dass er funktioniert, aber zumindest nimtm der Kopierschutz dann jede Eingabe an).
Jetzt k├Ânnt ihrs aber dann schon langsam alleine auch, oder? *g├Ąhn*