Recover media files from HTC HSMBackup

Posted by bb on Thursday 9th of October 2014 at 2:42 pm.
Filed Under IT Tipz & Trix

Due to my M7 going in for repair, I have temporarily got a Samsung as a loan phone. With an upcoming weekend away I wanted to grab my music and stick it on the Samsung so I could listen to it in the car on the long drive.

However, as most things in bb_land, this is not just a case of using the HTC Sync Manager to Restore -> New Phone where it extracts the files into their native format and copies them over. In fact you can’t do it at all.

A quick bit of bumbling around and I find the files stores in AppData/Local/HTC MediaHub/HSM Backup/ in folders helpfully named things like BR_534833355459393033373038 and 35F67E512C69CF39ECF43E90A40F2BDE5A510F2C with useful filenames such as 0C52E903FFEC6CDFBB37A3113D99476A0BB46891. Awesome.

Some quick peeking with a Hex Editor reveals these to be the files I need, just with no extension and a garbled filename. Only wanting to grab the MP3s and not any videos etc I banged up this quick script to be run from the HSM Backup folder

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<?php

$di = new RecursiveDirectoryIterator('C:\Test Directory');
foreach (new RecursiveIteratorIterator($di) as $filename => $file) {
//read first 3 bytes of file
echo "Attempting File : $file \n"; //Show file we are attempting
if (substr($file,-1) <> ".") { //Eliminate whining when attempting . and .. in the dir structure
$newhandle = fopen($file, "r");
echo "Opened File : $file \n"; //Show we have a handle on the file
$contents = fread($newhandle, 3);
echo "Read File : $file \n"; //Show we have read from the file
//is it ID3
if ($contents == "ID3") {
//Yes -> copy to place and rename to MP3
$newfile=$file.".MP3";
copy ($file, $newfile);
}
fclose($newhandle);
}
}
?>

Running the script copies any files with ID3 as the first 3 bytes of the file to a new file with the same name but an MP3 extension (thus preserving the original for when the M7 comes back from repair to be resynced. After that a simple Windows Search for *.MP3 showed me all my files that I just cut and pasted into the Music folder on the Samsung.

Script is easy to change for different formats (i.e if you are looking for a video just change the number of bytes read and the compare constant)

Hope it helps someone recover their music if they’ve swapped phones and this is the only backup they have.


1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 3.67 out of 5)
Loading...

RPC_S_Server_Unavailable error (0x6ba) and Microsoft Exchange is unavailable.

Posted by bb on Tuesday 29th of April 2014 at 10:48 am.
Filed Under IT Tipz & Trix, Sighs

This post probably falls more under the doh! category than anything else but it might still be useful if anyone else suffers from the same apparent brain failure as I did 🙂 When setting up a remote user to use Outlook and was struggling massively to get it to connect. Every time Outlook would give me the following error stating that Outlook must be online or connected to complete this action.
Exchange Unavailable
Could something have changed that I was unaware of? I tried testing it with the Exchange Connectivity Tester (which is a brilliant troubleshooting tool btw) and that failed too with the horrible “The RPC_S_SERVER_UNAVAILABLE error (0x6ba) was thrown by the RPC Runtime process” error.

Remote connectivity results

Remote connectivity results – click for full version


Google advice on the 16000+ results for that term ranged from disable IPv6 to registry edits on the server. But since it was only this one user that had issues, I didn’t think we needed to go that far. I could happily connect to ports 6001,6002 and 6004 and every other remote user was having no issues. Then it occurred to me, like a 100 year old lightbulb slowly, so very slowly, dispelling the dark fugue of confusion – this looks like a DNS error. Why is it unable to ping the server? What is it trying to ping? OWA works find for the user so it’s not an account issue. The problem – I had entered the external server name in the Outlook Account Settings (:facepalm:).

The proxy server you enter for RPC over HTTPS for the Exchange account details here :

Account Settings

Account Settings


 is NOT the same as the address you enter for your server here :

Outlook Config

Outlook Config – click to enlarge

Once I changed the Outlook Config to point to exchange.contoso.local – BOOM! Problem solved. And a quite shocking amount of “OMFG I wasted so much time on this, what a numpty I am” 🙂


1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

The Case of Metasploit and the Facebook Cookies.

Posted by bb on Tuesday 1st of April 2014 at 12:34 pm.
Filed Under IT Tipz & Trix

Or How I Started My Metasploit Scripting Journey

I have been using MetaSploit for a while now and have slowly got comfortable enough with it to start tinkering under the hood so to speak. Most of this has been driven by a desire to get the most out of the trial version of Cobalt Strike which is hands down one of the most awesome pieces of software I have played with in a while.

Whilst Cobalt Strike’s built in browser pivoting is awesome, I believe it is most useful on a reliably exploited box, rather than one that might only connect occasionally like a laptop. There are many wonderful post modules already supplied with the Metasploit framework for gathering credentials, but I couldn’t find an out of the box solution for grabbing Windows 8 cookies (enum_ie for example won’t work on a Win8 box) so I thought I would go about writing my own.

After all – how hard can it be!!

A little research shows that Windows 8 cookies are stored in %USERPROFILE%\AppData\Local\Microsoft\Windows\InetCookies and %USERPROFILE%\AppData\Local\Microsoft\Windows\InetCookies\Low in TXT files.

With my test target exploited I thought the best approach would be to search those folders and download each TXT file so we could have a complete copy of all of the IE Cookies for the logged on user.

What follows is many different approaches, one ultimately successful and IMHO a good demonstration of thinking outside the box to solve issues when you are on your own! If anyone knows of a good place for discussing newbie level Metasploit issues and being guided through the process – please let me know. Always keen to learn!

Read more


1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...

Geoffrey Clifton-Brown MP

Posted by bb on Friday 22nd of March 2013 at 9:23 am.
Filed Under Rants

Geoffrey Clifton-Brown is the local MP where a friend of mine lives. My friend has being trying to get some straight, simple answers on The Communications Data Bill since December 2012.

If there is any wonder why people get disenfranchised by attempting to engage their local politicians on subjects, only to be fobbed off by bland, empty rhetoric and then ignored when daring to question those elected to represent them, then this is a perfect example.

In December 2012, my friend wrote to Geoffrey Clifton-Brown asking for his position on the draft Communications Data Bill and the reasons for that position using the very popular WriteToThem website. In due course he received a reply from Mr Clifton-Brown which was, shall we say, less than satisfactory. Not only did the reply instantly fall back on the old ‘we must stop the pedophiles and terrorists’ it contained a standard, boiler plate bunch of statistics indicating how vital it was that we get this new law rushed through as soon as possible.

My friend took the time to reply asking for some sources on the statistics quoted by Mr Clifton-Brown as he had located the same statistics on other websites (including one about Indian policing!) and wondered if Mr Clifton-Brown had done any checking on these statistics. As well all know, there are lies, damned lies and statistics.

Several further emails, sent directly to Mr Clifton-Brown went unanswered. Finally at the beginning of February 2013 after spotting an article quoting the head of MI5 stating that the statistics quoted by Mr Clifton-Brown in his initial reply, rested on ‘some pretty heroic assumptions’ my friend attempted to contact him again via the WriteToThem website.

My friend received a reply from an intern stating that “The information you require in response to your comments is detailed in nature and Mr Clifton-Brown MP will require a few more days to reply.”. Awesome! Hopefully he will actually get an actual response. An actual response was forthcoming, eventually.

In this reply Mr Clifton-Brown appears to genuinely believe that his opinion of the bill is enough to justify his support for it. Let’s not bother with trifling details such as doing your damn job which is to represent the views of those who elected you. Being an MP sometimes means that you have to go against your personal beliefs rather than use the position as a vehicle to further your personal agenda. Apparently being an MP also means you get to duck awkward issues like where you got these statistics from, what research you have done about a bill, checking to see what your constituents feel about issues. Simples.

Committee chair Bernard Jenkin (Public Administration Committee) has recently come out and stated that,

“Good statistics underpin good policy and proper scrutiny of it. Public confidence in the information produced by government is vitally important to an effective democracy.
Without it there can be no confidence in the transparency and accountability of government, which in turn can only fuel public apathy and disengagement from the democratic process.”

Shame Mr Clifton-Brown appears to feel differently.

Undeterred, my friend, who at this time is showing the patience of a saint, again replied to Mr Clifton-Brown via WriteToThem. Since Mr Clifton-Brown was struggling with reading comprehension, he concisely summarised his questions as follows :

1. Could you please provide justification and sources for the statistics you are using to justify your support of the proposed bill?

2. Could you please provide details of what polling and research you have done a) within your constituency and b) to verify the statistics used, and results of that research (if any), to justify your support for this bill

3. Finally, could you please provide details of what preventative measures will be put in place to prevent ‘scope creep’ of the bill.

As of the date I make this post – he has yet to receive a reply. Quelle suprise

How the hell does government expect to engage people when the duck even slightly complicated issues? Voter turnout is at an all time low. People have little or no respect for politicians. And yet they wonder why? I feel terribly sorry for Mr Clifton-Brown who, on a comfy £65k+ tax payer funded salary, has to take time out of his day to instruct an intern to justify the data he mindlessly spews at his constituents as justification for the way he votes in Parliament. This is your job bozo! You get elected to represent the views of your constituents. This is not rocket science. They speak, you listen! It should not take months and repeated attempts to contact you for you to actually be able to justify your position. Having looked at all of the correspondence between you two, you have ducked, squirmed and downright avoided answering the questions posed to you. Grow a spine you feckless cunswup and answer the damn questions.

I know it sounds odd but the man who pays your wages deserves to be able to ask you what you are doing and why you are doing it. And if your answer is lacking in detail, cites, sources or anything concrete, do not be surprised when you are asked for more information. And when you are – provide it. Don’t just avoid the issue. In other words DO YOUR FUCKING JOB.


1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...

Extract embedded Flash (SWF) files from a PowerPoint presentation

Posted by bb on Tuesday 20th of March 2012 at 8:44 am.
Filed Under IT Tipz & Trix

I was recently asked by my boss if I could dump all of the Adobe Flash videos out of our corporate PowerPoint presentation so that we can convert them to .mp4/.mov so we can put some of the animations on iPhone so our reps can show them to the customer.

It really is not as easy as it looks!

I googled a fair few sites looking for answers and there really isn’t much out there that will do this auto-magically for you. So I rolled my own 🙂

The procedure is very simple.

  • 1. Open PowerPoint file and ensure that it is saved as .pptx (the new XML Office format)
  • 2. Rename the .pptx as a .zip file (we all know that the new format is already zipped up right?)
  • 3. Open the .zip file in winrar/winzip or your preferred utility
  • 4. Navigate to the .\ppt\activeX directory in the archive
  • 5. Extract all the .bin files to another directory
  • 6. Run the php script below on it

All the script does is scan the files in the current directoy to see if they are .BIN files (which is where PowerPoint stores SWF files, as well as other embedded file types), search through that file for the beginning of the SWF file header (denoted by FWS), read the file length as defined in the header and save that section out to a new file with a .swf file extension.

Simples really 🙂

As always, hope it helps someone. Script follows :

  Read more


1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...

What to look for in an IT support company

Posted by bb on Tuesday 8th of February 2011 at 5:01 pm.
Filed Under IT Tipz & Trix

A lot of people have recently asked me how to choose the right company for their IT support. Below are my guidelines on what to look for.

1. Check how many engineers they have on staff – not subcontracted.
2. If they do subcontract – ask why.
3. Visit their workshop – it is your lifeblood they are looking after. Make sure they have the tools to deal with it.
4. Get references – and make sure you have the name of the technician they worked with as good technicians will often leave a bad company.
5. Follow up the references – ask for examples of problems that they have solved for you. See if you can speak to the technician in the reference.
6. Ensure that you meet the technicians – after all, you will be dealing with them, not the guy who sold it to you.
7. Make sure that IT is their primary focus – you don’t ask your mechanic to fix a filling / perform heart surgery.

Most importantly you should remember that if your IT fails, your business will suffer. Don’t just accept at face value what a salesperson tells you a company can do as sales people are generally not technical people. Sales people are commission focussed – technical people are solution focussed. No one (that I know of) pays their technicians on a per fix basis. Sales people are commissioned on a per contract basis (generally).

Ultimately you need to be sure that the company you choose values your business as much as you value your IT. That is why it is important to pick a company that has made an investment in staff, workshop and spares and not just in a flashy advertising campaign/website.

Personally speaking, if the company who approaches me for IT support doesn’t have 100% focus on IT solutions, I’m not interested. My lifeblood should be their lifeblood – my data is vital to me and it should be to them. I don’t want anybody looking after my business / data who isn’t 100% focussed on that.


1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Jerky Mouse in Windows 2008 R2 under ESXi4.1

Posted by bb on Tuesday 5th of October 2010 at 12:31 pm.
Filed Under IT Tipz & Trix

The laggy mouse issue seems quite common and after a bit of Googling I have found a solution that worked perfectly, at least for me.

It’s a simple video card driver upgrade!

    If you go Start -> Right Click on My Computer -> Manage and under Diagnostics you find the Device Manager.

    Scroll down to Display Adapters and expand the selection so that you can see the currently installed adapter. Right Click and go to Update Driver Software.

    Select ‘Broswe my computer for driver software’ and navigate to C:\Program Files\Common Files\VMWare\Drivers\wddm_video folder

    Update the driver and reboot!

Everything is now fixed 🙂

Hopefully this will help anyone else who is having poor mouse performance in Windows 2008 R2 under ESXi4.1 – it is no fun using vSphere to work on a VM with a horrible, jerky, jumpy, laggy mouse!


1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading...

Moving shares between SBS 2003 & SBS 2008

Posted by bb on Tuesday 15th of June 2010 at 10:36 am.
Filed Under IT Tipz & Trix

Still migrating the data over for my client, I ran into the usual problem of moving data from one drive to another preserving both NTFS ACLs and share details.

The easiest way round this, that I have found, is as follows

Issue the following commands from the command prompt on the destination server to copy all of the NTFS ACLs and data over from the source server to the destination server (in my instance I was copying their data drive, which was D) so my commands looked like this

net use z: \\source_server\d$
robocopy z:\ d:\ /E /COPYALL

However, this does not preserve the share info. Since mine was a fresh install, I just needed a complete copy of the drive and share permissions I just exported the following registry info from source server :

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\Shares]

Re-importing that on Destination server had everything up and running in copy_time+2 mins 🙂

Happy days


1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Moving lists between SharePoint sites

Posted by bb on Tuesday 15th of June 2010 at 10:24 am.
Filed Under IT Tipz & Trix

Once I’d overcome the issues with user permissions outlined here I noticed that the companyweb was different to oldcompanyweb.

A lot of the metadata was missing, including version history. Turns out that this is quite the problem just using stsadm from the command line.

However, I found a great tool called SharePoint Content Deployment Wizard.

In my case, I just deleted the lists that didn’t have the data required and re-imported them using this tool though you could use it just as well to skip the whole stsadm -o export/import proceedure. Though please make sure which account you are logged in as else you may run into the problems outlined in my previous post.

Again – hope it helps!


1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

SBS 2003 -> SBS 2008 Migration

Posted by bb on Tuesday 15th of June 2010 at 10:16 am.
Filed Under IT Tipz & Trix

Long time no post!

Thought I would update my blog with some hints and tips for some problems I hit in a recent client migration from SBS 2003 -> SBS 2008.

Following the Microsoft tech document everything went smoothly until I needed to recreate the old companyweb.

stsadm -o export -url http://OldCompanyWeb -filename cweb.bak -includeusersecurity completes with no errors

[6/14/2010 12:09:49 PM]: Progress: Export Completed.
[6/14/2010 12:09:49 PM]: Finish Time: 6/14/2010 12:09:49 PM.
[6/14/2010 12:09:49 PM]: Completed with 0 warnings.
[6/14/2010 12:09:49 PM]: Completed with 0 errors.

Though I do notice the following in the log file :

[6/14/2010 12:09:10 PM]: Debug: Security check failed in OnListItemExport

The actual site http://OldCompanyWeb looks and runs just fine

When issuing the stsadm -o import -url http://companyweb -filename cweb.bak -includeusersecurity I get the following errors

Multiple instances of :
[6/14/2010 1:30:09 PM]: Debug: Security check failed in OnUserGroupExport
[6/14/2010 1:30:10 PM]: Warning: The specified user could not be found.
*** Inner exception:
User cannot be found.
at Microsoft.SharePoint.SPUserCollection.FindUserSID(String strSearchText)
at Microsoft.SharePoint.SPUserCollection.GetBySID(String strSid)
at Microsoft.SharePoint.SPUserCollection.GetBySID(Byte[] byteSid)
at Microsoft.SharePoint.Deployment.SecurityObjectSerializer.ResolveUser(ImportStreamingContext context, SPWeb web, Byte[] sid, Int32& idUser)
[6/14/2010 1:30:10 PM]: Debug: Security check failed in OnUserGroupExport
[6/14/2010 1:30:10 PM]: Warning: The specified user could not be found.
*** Inner exception:

and at the end

[6/14/2010 1:34:50 PM]: Progress: Importing Role Assignment for _catalogs/users.
[6/14/2010 1:34:51 PM]: FatalError: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at Microsoft.SharePoint.SPGlobal.HandleUnauthorizedAccessException(UnauthorizedAccessException ex)
at Microsoft.SharePoint.Library.SPRequest.ResetSecurityScope(String bstrUrl, UInt32 dwObjectType, String bstrObjUrl, Guid guidDoc, Boolean bUnique, Boolean bCopyRoleAssignments, Guid& pguidScopeId, Int32& piError)
at Microsoft.SharePoint.Deployment.RoleAssignmentsImport.ProcessComplexElement(ImportStreamingContext context, XmlReader xr, SqlSession session)
at Microsoft.SharePoint.Deployment.SqlBatchImport.Run()
at Microsoft.SharePoint.Deployment.SecurityObjectSerializer.SetObjectData(Object obj, SerializationInfo info, StreamingContext context, ISurrogateSelector selector)
at Microsoft.SharePoint.Deployment.XmlFormatter.ParseObjectDirect(Object objParent, Type objectType)
at Microsoft.SharePoint.Deployment.XmlFormatter.DeserializeObject(Type objectType, Boolean isChildObject, DeploymentObject envelope)
at Microsoft.SharePoint.Deployment.XmlFormatter.Deserialize(Stream serializationStream)
at Microsoft.SharePoint.Deployment.ObjectSerializer.Deserialize(Stream serializationStream)
at Microsoft.SharePoint.Deployment.ImportObjectManager.ProcessObject(XmlReader xmlReader)
at Microsoft.SharePoint.Deployment.SPImport.DeserializeObjects()
at Microsoft.SharePoint.Deployment.SPImport.Run()
[6/14/2010 1:34:51 PM]: Progress: Import Completed.
[6/14/2010 1:34:51 PM]: Finish Time: 6/14/2010 1:34:51 PM.
[6/14/2010 1:34:51 PM]: Completed with 18 warnings.
[6/14/2010 1:34:51 PM]: Completed with 1 errors.

Turns out that the account I was using (one created with full admin rights as the deployment document states that it is recommended that you create a new administrator account on the Source Server for migration instead of using the built-in Administrator account) did not have the correct permissions to do this.

Even though I used the ‘Run as’ option to run the command prompt as administrator :/

Logging on as a different user (in my case using the built in Administrator account) solved all the above issues.

Hope it helps someone


1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

keep looking »