Monday, July 09 2007
Tuesday, May 22 2007
I'm back from SyScan (and Singapore). It was a lot of fun I and I met many interesting
people. It was a really good time.
The slides for my talk are available here.
Wednesday, January 10 2007
In early July I am giving my PocketPC MMS talk at
SyScan in Singapore. Looking at the speakers list you will find another trifinite member and many guys from Germany :-)
This will be my first time to Asia and I'm really looking forward to it!
Saturday, January 06 2007
see the story in the F-Secure Labs blog here.
Very cool to have your own VirusScanner signature (without writing a virus) ;-)
Thursday, January 04 2007
Friday, December 29 2006
here is a quick and easy way to protect yourself against NotiFlood (my MMS notification attack against PocketPC-based mobile phones, see my PocketPC Security Research).
As I explained, the PushRouter
is the application that listens on port 2948 it basically gets all WAP push messages and routes them the destination application.
If the PushRouter doesn't know which destination application to use it discards the WAP push message. So in order to
protect us against a NotiFlood attack we simply need to remove the MMS mime type from the PushRouter configuration, after this
the PushRouter will not be able to forward any WAP push messages to tmail.exe (the MMS application).
The PushRouter configuration for MMS is stored in the WinCE registry at:
The only value in this registry key is
DEFAULT for me it is set to
Now we have a couple of options: delete the complete key, delete the value, and modify the value. I for my part
just modified the value (so I can easily switch MMS back on). I basically just added a underline (_) to the key value.
Now since the value of the key is wrong the PushRouter can no longer forward the MMS message to tmail.exe.
Note, also these settings are from my IPAQ PocketPC 4.2 they should be the same on all 4.2x devices.
This modification disables receiving MMS all together! Don't do it if you still want to receive MMS messages.
Since there is no regedit on PocketPC you need to get a third party application. I used PHM RegEdit.
That is it! You're secure now ;-)
Tuesday, August 15 2006
...get the proof-of-concept exploit here.
I also updated the slides but just cosmetics.
Have fun and be responsible!
Wednesday, August 09 2006
I posted some action shots of the PocketPC MMS / SMIL exploit on
my PocketPC Security Research page. The screen
shots are somewhat older (I think this might even be from the first day
I got this to work). Anyway I just didn't want to keep these from you
guys. Btw. as far as I remember I took the pictures with the camera of
the i-mate PDA2k my only other test device next to the iPAQ h6315.
Friday, November 18 2005
So I'm really wondering if all PocketPC-based phones are affected by the
vulnerabilities I found and presented at defcon. Since I released
a proof-of-concept tool for the M-Notification.ind/WapPush/UDP denial-of-service
attack I would like to get some feedback from people who tested their device.
I would especially like people to test WinCE5.0 devices.
So if you have tested any device besides the iPAQ h6315 or the i-mate PDA2k
please send me an email at: collin[at]trifinite.org
All the info is here: My PocketPC Security Research site
Saturday, July 30 2005
so I finally got around to look for some decent podcasting software
for PocketPC (for my h6315). Until now I just downloaded the stuff by hand
and transfered it to a SD or MMC card, this was pretty annoying. Even
if you have an automated download this sucks. The software I use now is
Its pretty simple, just select the feeds you want - choose the download
directory (e.g. /Storage Card/ to use the SD card) and you're done.
It nicely downloads the feeds and you can use what ever player you want.
I really like it this way, I just need to have a wireless connection
and I'm good to go. I guess I will listen to more stuff then before,
since its so easy now. Any show suggestions?
Wednesday, April 06 2005
The slides from my talk on PocketPC exploits at What The Hack! can be
downloaded from my PocketPC section.
Friday, April 01 2005
...it really helps. I have much better reception (more bars) and the battery seems to live longer (could be due to the
fact that the device is not constantly trying to connect to a cell tower). Now a general OS upgrade would be nice,
I know it's unlikely to become true.
Also the Linux port seems to make some progress, this would be the better solution anyway.
Wednesday, December 15 2004
Just got an SMS from T-Mobile which told me to get my update.
Get it TMO_SP29764_1_10_08.exe
I hope it's not a very bad April joke :-)
I just played with my h6315's
registry (using PHM Registry Editor) and found this
MinorClass key (in \HKEY_LOCAL_MACHINE\SOFTWARE\Widcomm\BtConfig\General) which lets you (only!) change the MinorDeviceClass of your
iPAQ. Now I have to find out how to change the MajorClass and the ServiceClass to build something like
BtClass. I tried to add several keys like MajorClass or ServiceClass but non did work.
I will keep on working on this.