Windows 95 on a GP2X

bochs-gp2x-1-thumbThe GP2X is a portable game console that runs Linux and was released in November last year. This is a console that encourages you to hack its open platform and has a dev wiki to document those projects. Mandleman has recently gotten Bochs, the x86 emulator, running on the platform. He then booted Windows 95 (Internet Archive) on top of that; It takes six and a half minutes. He’s also built emulators for the NES, NeoGeo pocket, and Wonderswan. Recently released Linux based devices like the GP2X and the Nokia 770 are interesting because they encourage development. I hope in the future we’ll see an open device that has the market penetration of the PSP.

[thanks togi]

Continue reading “Windows 95 on a GP2X”

Using Mologogo with Google Earth


[yug1taht] wrote in to tell us about his lastest addition to Mologogo. You may remember Mologogo from its launch last fall. It lets you track GPS enabled phones using Google maps. It works with most Nextel phones and the inexpensive pay-as-you-go Boost Mobile phones; which is what our friend PT used when he tried it out. This latest addition to Mologogo lets you output the data as .kml file which you can then play with in Google Earth.

Continue reading “Using Mologogo with Google Earth”

Shmoocon 2006: Behavioral malware analysis using sandnets


A common approach to analyzing malware is to turn it loose inside of a VMware session, but some malware have methods for detecting virtual machines and will refuse to run if they encounters one. Joe Stewart has developed a tool called Truman that can be used to construct a sandnet. The sandnet expands on the idea of using VMware as a sandbox. The malware runs inside of a normal OS environment not a virtual one and it interacts with what it thinks is an entire network.

This is how the setup works: You have two machines connected using a crossover network cable. Machine 1 is the server and machine 2 is the client that the malware will be run on. Machine 2 is booted via PXE into a clean Windows install (or whatever OS your malware is for). Once booted it begins watching a directory on the server for the malware’s exe. Once you copy the executable into the directory the Windows machine copies the file and executes it. After 10 minutes the Windows machine dumps its physical memory to disk and then shuts down. An image of the newly infected Windows file system is then saved. The client machine then boots into Linux for analysis of the new Windows image. Truman improves analysis speed because you don’t have to constantly reimage the client machine by hand.

The PXE server also acts as a fauxinternet for the client machine. By watching tcpdump you can see what outbound connections the malware is trying to make. To aid in this process, Truman includes several fauxservers which are just simple Perl scripts designed to act like servers. The fauxservers tell the malware exactly what it wants to hear in hopes that it will cough up logins, passwords and other useful information.

Continue reading “Shmoocon 2006: Behavioral malware analysis using sandnets”

Standalone microcontroller based LUA development platform

Hack-A-Day reader Bogdan Marinescu does a better job summarizing his project than I ever could. You can get his source code, schematics and more details by following the “read” link.

This project is a truly stand-alone development platform. What does that mean? Well, you plug-in a PS/2 keyboard, a 320×240 LCD, and start typing code. The code is written in LUA. The compiler and interpreter for LUA run from the microcontroller. The code also contains a small editor (for the code), support for FAT12/FAT16 on MMC/SD cards, support for remote connections and a new FLASH-friendly embedded file system. The platform is ‘self-reproducible’, i.e. you can transfer code from one platform to another. The LCD/keyboard/MMC are optional, so you can have a big ‘development’ platform with everything in it and a lot of bare ‘production’ platforms that ‘reproduce’ their code directly from the development platform. A M16C microcontroller and an external 512K SRAM chip are all that is required to build the bare platform, the other components are just for interfacing different peripherals. Hope you’ll like the idea. The code is 95% functional, but it needs some more work and a lot more testing.

Continue reading “Standalone microcontroller based LUA development platform”

Shmoocon 2006: Dan Geer keynote

I attended ShmooCon 2006 Jan. 13-15th. I had been waiting for the video and slides from the con to be posted, but I figured I should start posting before I completely forget what went on. Over the next few days I’ll be posting about the various talks I attended.

Dan Geer‘s keynote was one of my favorite talks from the con. He believes that “if people respect you enough to have you deliver a keynote, respect your audience enough to write it out”. Thanks to that he’s provided the full text and a pdf of the slides from his talk. My summary won’t do it justice, but you can at least know what you are getting yourself into. Read on.

Continue reading “Shmoocon 2006: Dan Geer keynote”

Playstation 2 serial port

playstation serial

As odd as it might sound, I never paid attention to the Playstation 2 homebrew scene because I own a Playstation 2 Linux kit. The Linux kit hides the hardware behind a software layer while the PS2Dev project was an attempt to run code natively on the hardware. So the two projects didn’t really have a lot in common. Of course ignoring that part of the scene means I missed out on this serial port mod. The Playstation’s Emotion Engine core has a serial debugging interface and by wiring up a MAX3323EEPE you can watch the processor as it is running. That’s an interesting hidden feature and I hope Sony is a little more supportive of the developer community when the Playstation 3 comes out than they have been lately with the PSP scene.

[thanks fbz via Pixel]

Continue reading “Playstation 2 serial port”