Thanks again for your patronage of TechTraction, and please start checking back in September for new weekly content.

Bret

Share, Bookmark, or Email this post

Click-n-drag to resize

Flex Builder 3 has a “design” view that allows you to drag and drop visual components into the application space making it easier to design your application (whether it be for the web or as a desktop application using AIR).  Nearly all of these components can be “resized” by clicking and dragging the object handles to a desired size. Most times you can just “free hand” the click and drag but when it comes to something like an image, you might want to preserve its aspect ratio as you resize it which is easily done by holding down the shift key while you click and drag the object handles.

Click first and then shift

My experience with similar click-n-drag resize features in other applications always required that I hold down the shift key first, and then click and drag.  In Flex Builder 3 the process is reversed.  You need to click with your mouse on a resize handle FIRST, and then you press and hold the shift key.  At this point you can begin to resize the image by dragging the handle of the image box.  Once you have the size you want, simply release the mouse and then the shift key.

This tech-tip isn’t an earth shattering discovery; however, some people might not be used to the order in which you need to click, hold shift, and drag. Hopefully this little tip has helped someone overcome a minor aggravation.

Share, Bookmark, or Email this post

Let’s blame technology

When the local television station reported the story, the standard implications were made — technology is to blame. The implication is far from the truth. In this case, technology was an enabler for criminal conduct. Someone still had to make the recording and someone still had to send it to friends and classmates.  The cell phone didn’t commit the crime, a couple of teenagers did.

If you buy into the idea of “technology is to blame,” then you might call for cell phone manufacturers to take some level of responsibility.  Normally I’d roll my eyes to this type of response and chalk it up to technical ignorance.  This time, however, my opinion is a little different.

New market for a step backwards

I won’t go so far as to insist that cell phone manufacturers take responsibility, I will say these types of incidents (which are becoming more common place) are creating a new marketplace for cell phones — phones with fewer features.

Yes, smart phones are certainly the source of techno lust for gadgets hounds; however, not everyone wants or needs a cell phone stuffed with a myriad of features. Sometimes people just need to place or receive a call. When it comes to parents that have given their kids a cell phone, they’d probably love to have the option to give them “just a phone.” Yes, kids with “just a phone” could use a digital camera, email account, and Internet access and commit the same crime.  The difference is that it requires more steps and more devices readily accessible and most teenagers are simply not that prepared.  With the “all-in-one” cell phones so common today, kids have everything they need to commit such a crime with them all the time.

Limiting technology isn’t the complete solution

As much as technology is not to blame for this recent incident, limiting technology wouldn’t have prevented it either. There is no substitute for good parenting and educating kids on proper cell phone use. Nevertheless I’m one parent that would love to see a bare bones cell phone: make a call, receive a call, and address book. Try and find a cell phone that just does that — it’s impossible.

In my opinion, there is a market for a technological step backwards.

Share, Bookmark, or Email this post

Whether you agree or disagree with that logic makes no difference.  The Macintosh now represents over 10% of the computing population and is starting to feel the pains of its rising popularity.  You can see evidence of these pains in the recent articles shown below. Again, whether you agree that these articles document “real” Macintosh attacks makes no difference. The conclusion one can draw is simple: the Macintosh is gaining market share and therefore has become an area of interest for hackers. Will the hackers get very far on a platform that has touted itself as “more secure?” Only time will tell.  Personally, I’m betting on the hackers.

ArsTechnica: Newly-discovered Mac exploit to be Detailed at Black Hat

CNet News: Trojan found in Pirated Apple iWork software

CNet News: Apple issues critical QuickTime security update

Share, Bookmark, or Email this post

Original problem: computer shuts down after a few minutes of usage

About a week ago I turned on my computer. Windows XP completely loaded, and the computer sat there idle for a few minutes ready for use. I was about to check my email when “click”, the computer shut off. I flipped the power switch off and then back on and the computer rebooted. With Windows XP completely loaded I started to check my email and sure enough a few minutes later it shut off again. Confused by the problem, and little time to spare, I gave up and turned to my laptop and carried on with my day.

The next day I went through the same process and encountered the same auto shut off problem. At this point I concluded there was some hardware problem but I didn’t have time to identify the source of the problem. My desktop computer would have to wait till the weekend for further attention.

Computer running once again but new clues to the source of the problem

Over the weekend it took me several attempts to finally get my computer to stay on long enough to update my data backup. Before I started to probe into the source of the problem, I wanted the latest backup of my important data so that in the event the machine completely melted down, it wouldn’t bother me too much.

I actually thought the machine was overheating due to a failed cooling component. I opened the case and checked the CPU fan, case exhaust fan, video card fan, and power supply fan.  Everything was working as it should. Next I booted the machine and launched the BIOS setup. I checked all the settings and everything appeared as it should.  I let the computer sit idle in the BIOS setup for at least 20 minutes. I thought that if it shut down now, the problem was definitely hardware related. Nothing. The machine happily sat there well beyond what it had when I booted into Windows. Maybe it needed a little more activity to get it to shut down.

I booted from an Unbuntu live CD (popular Linux distribution) and started to use the machine. I browsed the web and tried various applications long enough to where it should have shut itself down. Nothing. The machine happily hummed along as it always had. Now I was starting to think this was a hard drive problem or even worse some issue with Windows XP (I dreaded the thought of having to reinstall XP).

I booted back into Windows and combed through the Event Log to see if anything gave me a clue to the source of the problem. Nothing. I thought maybe it was a fluke and I wouldn’t see the problem again. I doubted that conclusion but knew that the only way to really solve the problem was to be able to recreate the problem at will.  Unfortunately, once the computer got running after a few restarts, the problem didn’t return.

Happy that I had at least updated my backup I turned the machine off and decided to continue my research tomorrow.

Memtest86 provides some insight into the problem

The next day I started my computer as I always had and sure enough after completely starting Windows XP and sitting idle for a few minutes, the computer shut down. I spent some time researching my troubleshooting options and decided the next best step was to run Memtest86 and validate that my 2 GB of RAM was not the source of the problem.

Note: Before disaster strikes, take a moment and build some system recovery tools from a machine that has CD burning software capable of creating a CD from an ISO file. My desktop has such software but my laptop does not. I wasted more time than I care to mention on searching for decent and free CD burning software. A frustrating experience.

I ran Memtest86 version 2.11 from a floppy disk. The test got as far as test #3 (moving in versions, 8 bit pattern) before it started to report a failing address at 0006FE1CC74 and gave a RAM size marker of 1790.7 MB. I’m not certain exactly what that means but I came to the conclusion my problem was in my second RAM module. I was overjoyed because replacing that module would be easy and cheap. Nevertheless, I thought I would double check by rebooting my machine and run the test again.

Some version of Murphy’s Law kicked in when I reran Memtest86 because everything checked out. Memtest86 found absolutely no problems with my RAM. One nice feature of Memtest86 is that it will repeat its series of RAM tests over and over until it’s told to stop so I let Memtest86 do its thing. I thought maybe a second run of tests would reveal the problem. Nope. A third pass and everything remained perfect, and the fourth run was just as clean as the first. What happened to my problem?

Completely frustrated I killed the test, pulled out the floppy and let the machine completely reboot.  Once back in Windows everything was running as if nothing was ever wrong. Ahhhhggggghhhhhhh!

Now what? Next steps for problem shooting this problem

A few computers ago (first generation Pentium machine to be exact) I had a machine that suddenly starting having booting problems. I’d press the power button and the computer would indicate it had power but it would just sit there. If I let it sit for about 5 to 10 minutes and then switch it off and on, it would finally boot the rest of the way. It was as if it needed to “warm up” before it would completely start. I hated the problem but eventually accepted it as a fluke and built in the “warm up” routine into my start up process.

My current problem is starting to feel like that old Pentium machine — given enough time to “warm up” the machine will eventually work as it should. This time, however, I’m not about to “accept” this quirk. I want answers, damn it! My next step to solving this problem will be to try and find a way to recreate it at will. I plan to start the machine every morning with the Memtest86 floppy and see if I can get the memory test to fail.  If it does, I’ll make note of the failure point. Then I’ll reboot the machine and rerun the tests. I’ll make note of any failed tests and also see how many times I have to repeat the process before I get a clean Memtest86. Once I can recreate the problem, I’ll figure out my next steps.

I’ll try to update my troubleshooting progress in a new post each week until this problem is finally solved, or I’ve thrown the machine out the window in complete frustration. Also, as always, any suggestions or insights are always welcome.

Share, Bookmark, or Email this post

Why clone a SIM chip in the first place

If you have a PDA/phone device like a Blackberry, then you know these devices are big and bulky. Most of the time their functional benefit outweighs their inconvenient size. Other times the benefit does not justify the bulk. The simple solution to this dilemma is to get a basic cell phone and swap the SIM chip between the phone and your PDA/phone depending on your needs. While the manual chip swapping works, the process becomes very annoying very quick. Wouldn’t it be great to have a copy of your original SIM chip so you could leave one chip in each device? If you could duplicate or “clone” your current SIM chip, the problem would be solved.

Why you can’t clone a SIM chip — in my opinion

Explained in my original article on this subject, SIM chip cloning was only possible with the early V1 SIM chips.  Cell providers quickly put a stop to V1 cloning by introducing the next generation SIM chip. Yes, you can purchase chip duplicators but if you read the fine print you’ll see that they only work with V1 chips. Furthermore, if SIM chip duplication (beyond V1) was truly possible, how-to information would be as easy to find as jail breaking an iPhone.

Some have said cloning can be done

Despite the assertion in my first article, some readers claimed they had successfully cloned a SIM chip beyond V1. After several requests for more details one reader, DonJuan, finally offered a detailed explanation of how he successfully cloned his SIM chip. With high hopes I began to follow his instructions only to give up when I found a virus in the required software. I was determined to try DonJuan’s cloning process but free time was limited and when I saw a recent comment I finally gave up.

CyberDemon’s explantion for why you can’t clone a SIM chip

At last we arrive at the latest “why you can’t clone a SIM chip” explanation from TechTraction visitor CyberDemon. The explanation is long, very detailed but very much worth the read if you’ve struggled with an answer for how to clone a SIM chip. The final conclusion does give hope for chip cloning but at present it is NOT possible or at the very least not something for mere mortals:

“Years back I looked into doing this ( right after the v1 swap ) and found that it was not possible “yet”.

At the time I even purchased all of the equipment available and found that it would read the contacts , sms messages and was even able to display other folders and files on the SIM. The ki was stored in a different portion of the card (not readable via any reader as it is hard coded into an unaccessable ROM)

The way I understand it the data request from the phone works like this

A typical smart card has three separate memory banks, two of which are ROMs (read only memory) and one is RAM (random access memory) – 8 kilobytes of RAM, 346 kilobytes of ROM and an additional programmable ROM with 256 kilobytes of memory, controlled through a 16-bit microprocessor.

1. The phone query’s Network to look up subscriber information based on IMEI and ESN numbers.

2. The network sends a authorization packet back to the phone so it can prove it is authorized for the known network account. (or checks if it is roaming in which case stores all information / keys to forward to original provider to request remuneration)

1. The phone then query’s the SIM with this request (stores request and data to be processed into RAM)

2. The SIM then passes this request to the embedded microprocessor (The microprocessor has its own built in algorithms for calculating data)

3. The microprocessor processes this information against the data stored in one of the ROM Banks. The one you can not read with a card reader. (second cipher?)

4. Then calculates the decrypted data against the second ROM (where your number is stored and data is readable)

5. It then sends this data back to the phone which then sends the data back to the network to verify.

6. If the network verifies everything is correct. Sends provider information to the phone ( Network ID, Signal strength, etc…)and a new key to authorize the SIM. It is now when data decryption takes place.

7. The process starts off all over again at intervals specified in your phones settings.

This all happens in a mater of nanoseconds.

The only way you can clone a SIM card is if you could read both sets of ROM (current readers can only access one) and the calculating algorithms stored inside the microprocessor. Currently this is not possible to read the second ROM nor is the microprocessor architecture known.

What older V1 SIM’s allowed was multiple BAD requests be sent to the microprocessor. thus enabling the SIM itself to decrypt the ki from one of the ROM banks. (the one not readable by card readers.) via a brute force method. (sending multiple random requests until it got a good answer and using that “key” to dump the ki)

In newer SIM’s the microprocessor will shut itself off after so many simultaneous BAD requests. Therefore shutting down all access to the card. (e.g. the need to get another from the provider)

I do not believe there is a way to shut off this kill switch and here is why.

Disabling this protection would be suicide for smart card manufactures. The same technology is used for bank cards, satellite systems, military security and numerous other securities.

If anyone were to divulge this information they would have to reinvent billions upon billions worth of new technologies including; hardware, software, smart cards, people etc…

There is however the possibility of circumventing the protection (as seen in the satellite industry in the past)

The satellite smart card was never “hacked” like some are led to believe. The code in one of the ROM banks was used to pass keys from the receiver to the microprocessor before account activation was verified. Since no one (not even the satellite company or the hackers) had access to the second ROM bank data was re pushed to the first ROM bank to change how the information was passed to the microprocessor. Thereby thwarting the hackers attempts to get free TV. There has since been several safeguards to prevent this form of piracy from happening again. If you search Google for “Black Friday” you can see how one of thoes attempts went. Ultimately the security on the current cards (same design as V1 SIM cards) had been so easily circumvented that the satellite company was forced to do a “card swap”.

The satellite industry swapped out all of the smart cards to every paid customer with Smart Cards that have much stronger security. This card has yet to be “hacked” and still the satellite industry continues to build more secure cards and swapping them out periodically as a preventive measure.

How many SIM card “swaps” have there been since the V1’s vulnerability? Granted most of these swaps were due to new technologies but surly they took the time to beef up security while they were at it.

If a method to clone a SIM card exists it would have to be done on a card with an identical microprocessor (one from same provider), the KI stored into the first ROM bank (if there is room), and the check for ki re-routed from the second ROM bank to the new location on the first ROM.

Don’t get me wrong it can be done it just is not an easy task. I was kind of hoping that someone had done it already. e.g. me at this forum.

But alas it has not been done and I haven’t the energy to put to the task. Just no real incentive.

I don’t think it would work all that well if we did clone a sim as the network will only allow the first phone that registered itself to stay active on the network. the other phone would simply be rejected. (unless connected to a different tower / network) or one phone would have to be turned off for the other to work. This may not be the case with data networks as they do operate differently and on other frequencies simultaneously (on the same phone)

In short unless someone posts a “How to clone a SIM to one identical to original provider without querying the microprocessor”. Well, it cant be done.”

Someday it might be possible

Where there is a will, there is a way. Therefore I do believe that someday cloning the current version of SIM chips will be possible with inexpensive tools. Unfortunately, technology keeps driving forward at break-neck speed and just when a solution is found the cell providers will undoubtedly find another way to break the hack.

The only real solution will come when the cell providers change their policy regarding multiple copies of the same SIM chip. And while it’s unlikely their policy will ever change, the providers did finally make available an “all-you-can-eat” phone/data plan. Such new plans demonstrates the willingness of cell providers to make significant changes but probably only when they see it as a way to make more money or gain marketshare. In the meantime, my fingers are crossed, but I’m NOT holding my breath.

Share, Bookmark, or Email this post

ColorPix is a small utility “that grabs the pixel under your mouse and transforms it into a number of different color formats.”  The application is small, free of viruses (refer to this Virus Total analysis for details), and free to download.

Share, Bookmark, or Email this post

Share, Bookmark, or Email this post

Share, Bookmark, or Email this post

Share, Bookmark, or Email this post