Hi,
You'll need some special equipment and knowledge to do this (don't try this
at home).
Cheers,
Joseph
-----Original Message-----
From: Marcus L McCrae [mailto:marcusm318@xxxxxxxxx]
Sent: Tuesday, April 21, 2015 8:32 PM
To: justforlistmessages531@xxxxxxxxx; joseph.lee22590@xxxxxxxxx;
braillenote@xxxxxxxxxxxxx
Subject: re: [BNU] Re: problem when keysoft 9.5 comes out
So what your saying is this is not an easy task to perform and noone and or
anyone should try this for the ribbk of messing up their braillenote? Do I
Have this correct?
Marcus L McCrae
Administrator of the Braillenote users forum.
Contact information
Business email: marcus.mccrae@xxxxxxxxxxxxxx List email:
marcusm318@xxxxxxxxx Personal email: masterchef512@xxxxxxxxx Emergency
contact email: marcusmccrae@xxxxxxxxxxxxx Jabber or Google-Talk Address:
mccrusher685@xxxxxxxxx
skype: marcus.mccrae1
List information.
To subscribe use: braillenote-request@xxxxxxxxxxxxx Put subscribe in the
subject.
To get in touch with your list administrators and moderators email
braillenote-moderators@xxxxxxxxxxxxx
To post on the Braillenote users forum email:
braillenote@xxxxxxxxxxxxx
Thank you.
----- Original Message -----
From: Jessica Brown <justforlistmessages531@xxxxxxxxx
To: joseph.lee22590@xxxxxxxxx, bn list <braillenote@xxxxxxxxxxxxx Date sent:
Tue, 21 Apr 2015 19:16:59 -0800
Subject: [BNU] Re: problem when keysoft 9.5 comes out
Yes, I am interested in how CE and KS boot and I can think of some others on
this list who may also be interested.
----- Original Message -----
From: "Joseph Lee" <joseph.lee22590@xxxxxxxxx
To: "'petras'" <zumbagecko@xxxxxxxxx>,"'rajmund'"
<brajmund2000@xxxxxxxxx>,<braillenote@xxxxxxxxxxxxx
Date sent: Mon, 20 Apr 2015 16:19:57 -0700
Subject: [BNU] Re: problem when keysoft 9.5 comes out
Hi,
That's why Rajmund was suggesting a "workaround" from outside the Apex (in a
way, from security point of view, this is more towards data access).
Ordinarily, Apex will be locked with a password, but some were saying that
there might be a way to delete the password bank file while browsing Apex's
file system from a PC (the only way to do that is through ActiveSync/WMDC),
and if that cannot be done, then the second to last method is to go through
the tedious method of calling HumanWare and installing the HWL file. The
last type of attack that is hypothetically possible is called "cold boot
attack". Basically, a user would force BrailleNote to stop before KeySoft
loads, access the Flash Disk and delete the password bank file.
In reality,
the chance of this procedure succeeding is quite slim.
This is how it is usually done with reasons why it is possible or may not
work (sorry for jargon here; listen carefully):
The idea of the cold boot attack is to steal secure data while computer is
being powered on. When you turn off a computer such as BrailleNote Apex,
you may think all secure data is wiped from RAM (physical memory) when in
fact it is not. The design of computer memory modules, especially RAM is
such that memory contents are kept for a little while (up to several
seconds), potentially containing both secure and nonsecure data. The goal
of the attacker is to power on a computer right after it shuts down, access
RAM using a program and read (or dump) the contents of previous data before
the computer was turned off.
BrailleNote obeys this rule. As Apex is really a specialized computer, when
you reset your unit by pressing the reset button, previous content from RAM
is still visible. This may include document you might have been editing,
files not saved to disk, password information that were not deleted,
possible content from the password bank file and so on. A hypothetical
procedure to retrieve or force a BrailleNote to surrender its password is as
follows (don't try this at home, as you'll need specialized equipment and
knowledge of how machines and operating systems work):
1. While the Apex is unlocked (that is, a correct password is given when
KeySoft starts), reset the BrailleNote.
2. Using an external debugger (typically a hardware or from Visual Studio),
force Windows CE kernel to stop booting at a point where you can access
Flash Disk content.
3. Access Flash Disk content from a host PC and delete the password bank.
Why this procedure may work:
* When you reset your Apex, the Apex goes through the booting procedure
similar to your desktop or laptop computer with a twist. This means that,
given the correct hardware equipment and programming knowledge, you can halt
Apex's booting sequence (how Apex boots and a summary of the bootloader file
is the subject of another topic, as it is very technical).
* at some point during the boot sequence, Windows CE will try to access
contents of Flash Disk. This is the earliest point where you can force Apex
to stop booting (this is right before KeySoft starts).
* Once you take control of Apex, you can then delete a file, and that should
unlock your unit unless some security measure is in place.
* A more automated way is to write a program that'll run on Apex that'll
force itself to load right before KeySoft loads. However, this cannot be
done (you'll see why in a second).
Why this procedure will ultimately fail:
* Windows CE (and in extension, KeySoft) uses a different procedure when
booting. Whereas you can choose to boot using a USB thumb drive on your
laptop, Apex's Flash ROM is told to boot from KeySoft ROM image first.
* In order to ship a password hijacker, you need to build a custom KeySoft
ROM image (in fact, when you "upgrade" your Apex, you are in fact burning
the new Windows CE/KeySoft image onto Flash ROM), and in order to build one,
you need Microsoft Visual Studio with Windows CE tools installed along with
source code for KeySoft (only HumanWare have this).
* One alternative is to hijack a program that KeySoft depends on to also
delete password bank file. Again because of the nature of ROM images, it'll
not work.
Please do let me know (on and offlist) if you do want me to describe how
Windows CE 6/KeySoft boots.
Cheers,
Joseph
-----Original Message-----
From: petras [mailto:zumbagecko@xxxxxxxxx]
Sent: Monday, April 20, 2015 3:55 PM
To: rajmund; joseph.lee22590@xxxxxxxxx; zumbagecko@xxxxxxxxx;
braillenote@xxxxxxxxxxxxx
Subject: re: [BNU] Re: problem when keysoft 9.5 comes out
For the password to turn on the braillenote, you cant do a flash disk
format, until it is unlocked.
----- Original Message -----
From: rajmund <brajmund2000@xxxxxxxxx
To: joseph.lee22590@xxxxxxxxx, zumbagecko@xxxxxxxxx,
braillenote@xxxxxxxxxxxxx Date sent: Mon, 20 Apr 2015 21:04:19
+0100
Subject: re: [BNU] Re: problem when keysoft 9.5 comes out
Hello All, And Joseph,
Now, I will say no details, but my helpers, in school, can not use the bn,
what so ever. But especially not computer braille.
So for one thing, they can't set a password. Especially if I set a password
on the unit beforehand, in computer braille. Then once, (if
ever) they get
in, we still have a few problems. If, I set the password, I will obviously
unlock the thing, whenever I want it to. I think, due to the terminal mode,
doing a flash disk format will in fact, be doable. I can see a few work
arounds, that could be put into place, but I will not say them, at this
point. If my teacher sets up the password, I speed back up speech, and
could gather password, and get out. But, after my discovery, here's another
thing. Since, I know where login.ini is, and the bn would be connected to a
pc, someone could get in a bootable image of NVDA, start it, and the process
from then on is smooth. Once I get in, I can refresh active synk, and
delete the login. After that, reset bn, and off I go, chat with my friends.
This is just an idea for now, but if someone feels adventurous, like
yourself, I would really have a go at this. PS. I think, the regular
unlock file, would unlock it. Too bad I have never got my hands on one, to
play with it, even more.
Sent from the BrailleNote
----- Original Message -----
From: "Joseph Lee" <joseph.lee22590@xxxxxxxxx
To: <zumbagecko@xxxxxxxxx>,<braillenote@xxxxxxxxxxxxx
Date sent: Mon, 20 Apr 2015 12:46:32 -0700
Subject: [BNU] Re: problem when keysoft 9.5 comes out
Hi,
This is only my guess, based on Greg's video:
If you set a password (for that's what locks the unit into exam mode),
you'll be stuck in braille terminal mode. Even if you reset the unit, it'll
be locked into this mode unless we can figure out a flaw to unlock this
functionality.
The following is my guesses as to what Apex will do when this mode is
engaged:
1. The framework uses the password feature, introduced a few years back.
This is evidenced by the fact that exam mode can be engaged just as one
would set a password.
2. Once the exam mode password is set, BrailleNote will launch braille
terminal mode once you confirm the password and answer yes to confirm
changes (does not return you to main menu at all). This suggests that some
major refactor has been done on KeySoft.exe source code to enable future
scenarios where apps can be locked via a password.
3. Once in exam mode, you cannot exit exam mode unless you type the exam
mode password at the exit prompt, akin to unlocking your Apex with a
password. The fact that this persists even after a warm reset tells me that
a file-based password bank is in use (Rajmund and others found this out a
few months back), which means a malicious user could hypothetically gain
access to Apex's storage system (Flash Disk) to remove the exam mode
password unless ActiveSync lockdown is in place.
I can see some major issues with exam mode:
* What if the student forgot the password? A tedious procedure must be
followed to unlock the unit, if it exists.
* There is no time limit feature where exam mode can be disengaged
automatically.
* If access to Options Menu is possible and if support information mode can
be accessed, this may not stop the student from "forcing" the BrailleNote to
surrender the password (Flash Disk Reformat) unless if it prompts for a
password.
With exam mode in place, I can see a host of possibilities, including
locking some features of the brailleNote with a password, further
refactoring of KeySoft.exe source code (written in C++) and so on.
Cheers,
Joseph
-----Original Message-----
From: braillenote-bounce@xxxxxxxxxxxxx
[mailto:braillenote-bounce@xxxxxxxxxxxxx] On Behalf Of petras
Sent: Monday, April 20, 2015 12:31 PM
To: braillenote@xxxxxxxxxxxxx
Subject: [BNU] problem when keysoft 9.5 comes out
Hi, My braillenote has been having major issues and exam mod when it comes
out will not work properly. I could potenally get out of the test by doing
a reset and when it would start it would go to the main menu.
That's why
exam mode will be no use. What should I do when it comes out?
-------------------------------
BNU: BrailleNote Users - a forum for users of BrailleNote family of products
from Humanware.
Website: www.braillenoteusers.info
IMPORTANT: By default, replies will be sent to individuals. If you feel
that your reply would be useful for others, please use "reply to all"
feature in
your email client.
If you wish to unsubscribe from this list, send an email with the subject
line of "unsubscribe" to braillenote-request@xxxxxxxxxxxxx.
You can also visit our list page at:
www.freelists.org/list/braillenote
From this page, you can unsubscribe, change email delivery settings and view
list archives.
If you have any comments or questions for list moderators, please send an
email to braillenote-moderators@xxxxxxxxxxxxx. Thanks.
-------------------------------
BNU: BrailleNote Users - a forum for users of BrailleNote family of products
from Humanware.
Website: www.braillenoteusers.info
IMPORTANT: By default, replies will be sent to individuals. If you feel
that your reply would be useful for others, please use "reply to all"
feature in your email client.
If you wish to unsubscribe from this list, send an email with the subject
line of "unsubscribe" to braillenote-request@xxxxxxxxxxxxx.
You can also visit our list page at:
www.freelists.org/list/braillenote
From this page, you can unsubscribe, change email delivery settings and view
list archives.
If you have any comments or questions for list moderators, please send an
email to braillenote-moderators@xxxxxxxxxxxxx. Thanks.
-------------------------------
BNU: BrailleNote Users - a forum for users of BrailleNote family of products
from Humanware.
Website: www.braillenoteusers.info
IMPORTANT: By default, replies will be sent to individuals. If you feel
that your reply would be useful for others, please use "reply to all"
feature in your email client.
If you wish to unsubscribe from this list, send an email with the subject
line of "unsubscribe" to braillenote-request@xxxxxxxxxxxxx.
You can also visit our list page at:
www.freelists.org/list/braillenote
From this page, you can unsubscribe, change email delivery settings and view
list archives.
If you have any comments or questions for list moderators, please send an
email to braillenote-moderators@xxxxxxxxxxxxx. Thanks.
-------------------------------
BNU: BrailleNote Users - a forum for users of BrailleNote family of products
from Humanware.
Website: www.braillenoteusers.info
IMPORTANT: By default, replies will be sent to individuals. If you feel
that your reply would be useful for others, please use "reply to all"
feature in your email client.
If you wish to unsubscribe from this list, send an email with the subject
line of "unsubscribe" to braillenote-request@xxxxxxxxxxxxx.
You can also visit our list page at:
www.freelists.org/list/braillenote
From this page, you can unsubscribe, change email delivery settings and view
list archives.
If you have any comments or questions for list moderators, please send an
email to braillenote-moderators@xxxxxxxxxxxxx. Thanks.
-------------------------------
BNU: BrailleNote Users - a forum for users of BrailleNote family of products
from Humanware.
Website: www.braillenoteusers.info
IMPORTANT: By default, replies will be sent to individuals. If you feel that
your reply would be useful for others, please use "reply to all" feature in
your email client.
If you wish to unsubscribe from this list, send an email with the subject line
of "unsubscribe" to braillenote-request@xxxxxxxxxxxxx.
You can also visit our list page at:
www.freelists.org/list/braillenote
From this page, you can unsubscribe, change email delivery settings and view
list archives.
If you have any comments or questions for list moderators, please send an email
to braillenote-moderators@xxxxxxxxxxxxx. Thanks.
