Splents

Backtrack 4 supports the use of the ZTE MF626 out of the box.
While there are plenty of tutorials on how to connect the device, it took me a while to figure out why I could not see the device /dev/ttyUSB0.

When you plug the internet stick into a Windows based operating system, a virtual cd-rom is created. Once the software is installed, inserting the device runs the autorun.exe.
Obviously linux can’t use the system libraries in order to perform the same action, so what you will need to do is eject the cd-rom in linux.
The easiest way in backtrack 4 is to pop open the Konqurer->Storage Devices, hit refresh and you’ll see the cd-rom. Right click and eject.
Now, if you head to your console and type lsusb you will note that you have the correct drivers loaded, and /dev/ttyUSB0 will be available for your choosen modem dialer to use!

I’m currently hosting S-T-D and Backtrack distributions in the mirrors folder. These can be used with my rainbow tables, or for a whole range of fun activity’s.

A few years ago I created some rainbow tables for cracking a particular type of password. I’ve been hosting them for a fair while but now I’ve updated the site I thought I would point towards their location.
You can download the lm_alpha-numeric-symbol14-space1-7_0_4000x46000000 tables by clicking on the Rainbow Tables link. The tables can be used with Backtrack or S-T-D.

I had a situation where I needed to recover some MYOB backup files from a corrupt Norton Ghost (version 8.0) file. Ghost Explorer wouldn’t open the backups, due to some form of corruption, somewhere. There was little information that was available, despite the file corruption being a common problem. Ghost is no longer a supported product, and future versions were essentially a completely new program. I read a thread on corrupt ghost images that discussed my problem in depth. Praise to Nigel who provided the inspiration to try what I did, although unfortunately the header fix program was simply slack data when I downloaded it… sabotage?

Out of desperation I used HxD to search for the file header of a MYOB backup. It was tedious and took a while, particularly considering I was sifting through 20gB of hexadecimal data.

If I get some time I would like to produce a program that can automatically recover these files (and others, especially .jpeg) from a corrupt ghost image. In summary however, if you are trying to recover data from a norton ghost image file that seems to have become corrupt. Here is a brief overview of what you’ll need to do to recover the data.

1. Load it in HxD
2. Search for the file beginning
3. Write down this location
4. Search for the file end
5. Write down this location
6. Select between the start and end locations
7. Copy it, then paste it into a new Hex file
8. Save it

If everything went correctly, you’ll be left the file you were trying to recover.

You may be asking “What is the file start/end?”.

I would say that is a good question – this is what took me a while to figure out.

For MYOB:
version 13, file start “6D 79 6F 62 31 33 2F 50 4B 03 04 0A”
version 18, file start “6D 79 6F 62 31 38 2F 50 4B 03 04 0A”

You will notice that the 6th byte is the only thing that changes between the two. Thats because its specifying the version number. In hex, 0×31=1, 0×33=3, 0×38=8.

The end of the MYOB files was always “50 4B 01 02 14 0B 14″ followed by a large null padding (…00 00 00 00 00 00…), although the amount of padding varied from file to file.

Generally I selected a few zeros after the file end so… “50 4B 01 02 14 0B 14 00 00 00 00″.

I successfully recovered 8 backups doing this manually.

Feel free to contact me via email if you would like a more in depth tutorial on recovering files from Ghost backups, or donating if I just saved you!