Now that I've had some time to hack around with the Lenovo S10, I think someone will find some of this information useful. This entry is about re-installing Splashtop, Lenovo's Quick Start software on the S10.

What is Splashtop

Like I wrote before, the Lenovo S9,S10, and S10e, uses a streamlined Linux based environment that gets you from pressing power to surfing, chatting, Skyping, listening to music or checking out a photo gallery in 30 seconds or less. Oh and the not to be overlooked feature - it works!

The really interesting part is not that it's just one of those quick booting linux OS's like Ubuntu 9.04 is claiming to be. It actually is leveraged by the motherboard by using a small amount of flash memory which stores persistent changes to a location on the hard drive which unfortunately requires windows.

Re-installation

Let me say this right now - reinstalling splashtop is not fun! The only reason that this would happen to you is if you've deleted the files that came with the laptop or there was a problem with the hard drive itself. In mycase, the problem with the hard drive was me re-formatting the entire thing and installing Ubuntu Netbook Remix.

After a lot of research, here's how you do it:

• Install Windows XP on some partition of the hard drive. This could be interesting if you don't have an external CDROM. If you're good, you can try to install XP from a USB stick like I did with partial success.
• Install the latest Lenovo Quickstart software you can find here. NOTE: There may be an updated version that also works
• OPTIONAL: From Windows XP, upgrade the BIOS of the S10. See Lenovo's Support Site for the latest version.
• Download the patch that came from S10Lenovo.com here.
• Unzip the files and copy them to the C: drive of your computer.

This worked for my Lenovo S10 4231 but the guys at S10Lenovo.com have done a lot of good work on figuring out the quirks. On some S10's all you needed to do was install the newest Quick Start and you are on your way but for me the patch was the key.

If that doesn't work for some reason, I'd be interested in getting the feedback.

Last Security Warnings

I wrote last time that Splashtop was extreme functionality at the cost of security and after more research, it's still true.

In version 1.0.17.0, the Splashtop browser is based off of Firefox 3.0.6, the instant messaging software is based on an old version of Pidgin and Skype is Linux version 2.0.0.72. It's older software but it looks like someone is attempting to update it.

There are some good security precautions in place like you're not allowed to directly access the hard drive and you can't open a terminal and the persistent files are encrypted and signed so not just anyone can make changes to the config.

Still don't belive me? Here's an exploit proof of concept that can crash your browser and possibly allow an attacker to inject a payload:

Do not click if you have Firefox 3.0.8 or less!!

What's Next: BackTrack 4

I'm still working out some of the quirks of using the laptop with BT4 Beta and have gotten them pretty much ironed out but I just want to streamline the process a little better.

External Links

http://www.splashtop.com/ - Official Splashtop Website

http://s10lenovo.com - Great site for S10 hacking

http://hg.mozilla.org/releases/mozilla-1.9.1/file/cb01d655a1b1/content/xslt/crashtests/ - Exploit for Firefox 3.0.8 or less

http://s10lenovo.com/viewtopic.php?f=42&t=2283 - forum with more information related to Splashtop on the S10

I know this isn't a new subject by any means but I think it's still interesting and most of the material that's useful out there right now is antiquated so I thought I'd write my own version.

Background

The reason I got into war driving was to:

1. Learn the specifics about the technologies (Kismet, gpsd)
2. Have something to do on the drive to Notacon
3. Be a geek

Hardware

Here is the list of hardware that I used:

• Laptop (Wireless card, serial port)
• Garmin eTrex - Craigslist $35
• Garmin eTrex serial cable - $8
• Edimax RT73 (optional) - $43

Software

Software I used:

• Kismet - wireless sniffing tool
• GPSD - receives GPS data
• Ubuntu 8.10 - OS
• GPSDrive - (optional) Maps your current location as you drive
• Festival - (optional) Text to speech plugin for announcing when an access point is found
• KisGearth - convert kismet data to KML for GoogleEarth
• Google Earth - place access points on a map

GPS Setup

• sudo apt-get install gpsd
• Telnet to gpsd server and type "r" to receive the coordinates and "b" to confirm the console settings
  >telnet localhost gpsd Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. >r GPSD,R=1 >b GPSD,B=9600 8 N 1
• Plug in garmin using the console cable
• In the garmin, page over to the setup > Interfaces and make sure the output format is NMEA and the transfer rate is 9600 baud
• If you are successful you should see coordinates pop up in console of GPSD

Kismet Setup

• sudo apt-get install kismet festival
• Configure kismet.conf for your wifi cards (see KismetWireless.net under the Capture Sources section for a listing of your network card)
  #Edimax RT73 Usb source=rt2500,wlan0,RT73 #Intel Ipw2200 for Lenovo T43p laptop source=ipw2200,eth1,Intel
• Configure kismet.conf for festival
  festival=/usr/bin/festival
• Configure kismet.conf to save waypoints for GPSDrive
  # Do we write waypoints for gpsdrive to load? Note: This is NOT related to # recent versions of GPSDrive's native support of Kismet. waypoints=true # GPSDrive waypoint file. This WILL be truncated. waypointdata=%h/.gpsdrive/way.txt # Do we want ESSID or BSSID as the waypoint name ? waypoint_essid=true
• Configure kismet.conf to save GPS data in the log files
  logtypes=dump,network,csv,xml,weak,cisco,gps
• Start kismet to use your wifi cards. (only put in the cards you've setup in the sources or leave blank)
  sudo kismet -C Intel,RT73

GPSDrive Setup

NOTE: GPSDrive is a fun tool to show you access points while you drive. It's unnecessary if you're going to be mapping the coordinates on Google Earth later

• Download the latest deb from the GPSDrive website or download the stable release with apt-get sudo apt-get install gpsdrive
• Before you go on your war drive, make sure you download the maps for the location you'll be driving, otherwise you won't be able to get the specific streets. I'd suggest getting used to how gpsdrive works because there's a little bit of a learning curve.

The Drive

This is a no brainer but I wanted to give a few tips that I learned:

• Plan laptop power settings before hand - make sure your laptop isn't going to shut off the hard drive after 15 minutes of inactivity
• Setup the equipment beforehand so it doesn't slide
• kitchen drawer sponge - a friend of mind gave me the idea of using that spongy material that goes at the bottom of a silverware drawer. Throw it on your dash and put your hardware on it so that it's not sliding around during turns.
• Secure the laptop however you can in your car
• Ideally buy a magnetic antenna to latch onto the top of your car so nothing is sliding around
• Test everything a couple of times before trying to do it in the car - reboot, unplug, undo everything because sometime or another it's going to happen and you're going to need to know what to do
• Make sure your GPS always has a good signal or your maps will be inaccurate

Importing into Google Earth

So you've finished your drive and you want to map out everywhere you've been. Google earth is perfect for this.

• Install google earth either from Google Earth's site or from the Ubuntu repositories
  sudo apt-get install googleearth
• Download an extract KisGearth
• Run kisgearth to use the kismet .xml file and .gps file. (You can use just .xml but using the .gps file as well makes it more accurate)
  ./kisgearth.pl --gps /var/log/kismet/Kismet-Apr-26-2009-6.gps -oN Kismet.kml -- /var/log/kismet/Kismet-Apr-26-2009-6.xml
• Open Google Earth and go to file>open and open the KML file you created

With a little luck you should have an accurate map of where all the access points are using Google Earth's satellites. Just for fun I've attached the KML file that I used for Notacon.

You can download it here.

External Links

http://code.google.com/p/kisgearth/ - Kisgearth

http://www.gpsdrive.de/download.shtml - GPSDrive

http://www.kismetwireless.net - Kismet

The sixth installment of the annual hacker convention, Notacon happened this last weekend. It drew the same crowd as other hacker cons like Defcon, Shmoocon, and Random but as the name implies, Notacon wasn't like the others. The general subject for the talks asked the question, what would geeks like to hear? So it ranged from rules of the board game GO to SQL injections to silly internet videos to healthy cubicle life to hacking consumer routers - all over the place.

The scene was the same as a standard con with all of the same characters we've grown to know and love. Because the talks were all over the place, some people didn't have interest in listening to them. This lead to more off the field antics where you had more time to take in the Lockpick village, check out HackerSpaces.org and the guys from PumpingStation:One, hang out with Deviant and have a go at his Gringo Warrior. There was a guitar hero/karaoke/Commodore64 game room that was a lot of fun. There was also a pirate radio that asked anyone to just walk in and talk.

PS:One

I don't get to really talk about these guys to many people around here because it's completely out of context in Rochester but Pumping Station One is the newest if not the only open hacker space in Chicago. One of the founders Eric who helped start HacDC teamed up with Rogue Clown and many others to create a not for profit organization, hold regular meetings, and find their own space which they just signed the lease for. You'll see a lot more of these hacker spaces popping up as the HackerSpaces.org team becomes more and more organized and provide templates for other people around the world.

Check them out here: http://pumpingstationone.org

DualCore

Dual Core is a nerdcore group from Cincinatti. Int Eighty is the rapper/frontman for the group and happens to show up at all the popular cons. If you haven't listened to them you may have the assumption that oh it's just another one of those nerdcore groups that focus on geeky lyrics and lack rapping skills but you'd be wrong. Eighty is a seriously skilled rapper who is into the hip-hop scene and the hacker scene. It's like if Emminem and Kevin Mitnick had an illegitimate child together. You know it'll be a party when DualCore is there.

External Links

http://notacon.org/ - Notacon's website

http://dualcoremusic.com/nerdcore/ - DualCore's website

http://pumpingstationone.org - PS:One website

http://hackerspaces.org - HackerSpaces.org

There are a lot of people already blogging about their perspectives of Shmoocon this year so go check them out if you're interested. I wanted to dump some thoughts for posterity.

Shmoocon rocked. I haven't really heard any perspectives that would disagree. Most of the people that went, knew what to expect and I think it lived up to those expectations.

Shmoo VS Defcon

Every year 9000 hackers - er I mean security professionals - turn out for Defcon. The culture ranges from script kiddies to 1337 h@x0rz and from overpaid business men to Feds. It's all over the board. Usually once you get there, the crowd partitions off into separate factions. Skiddies look for things to hack (see steal), 1337's start working on the challenges, business men keep track of their receipts, and Feds quietly hover in a cloud of self-content. Good times are had by all that know how to have good times and the technical information in the talks is very informative.

In contrast, Shmoocon had a gathering of 1300+ people with less skiddies and Feds, and more of the in between. There were a lot of black shirts and alot of business casual. The aren't as many talks as Defcon but there seems to be more of an open community. In my opinion it seems friendlier.

What seemed to be the best part was the smaller amount of people in a smaller area which made it more likely for the same people to be in the same place over and over. Same thing with the parties. Smaller parties, same people attending. But anyone that can throw a party in a church is pretty awesome in my book

Lessons Learned

1. Script the registration to get lower costs - it's very unlikely that someone clicking register now over and over again can beat a multi-threaded instance of curl.
2. Play the contests - there are a lot of cool contests and games that not a lot of people play. If you're good at that stuff, you're likely to place somewhere
3. Don't make fun of the Steel Workers Union's Mullets - learned the hard way (sorry Sysmin)