Cracking Palm and other Handheld Passwords
Name - Paper - pdd - Memory Imaging and Forensic Analysis of Palm OS Devices
Download URL - pdd_palm_forensics.pdf Developer - Joe Grand OS - Any OS with a PDF reader. File Size - 171 KB Supported Software Versions or File Systems - Any File system that supports a PDF reader. Description - "One goal of incident response is to preserve the entire digital crime scene with minimal or no modification of data. This paper introduces pdd or "Palm dd", a Windows-based tool for memory imaging and forensic acquisition of data from the Palm operating system (OS) family of Personal Digital Assistants (PDAs). pdd will preserve the crime scene by obtaining a bit-for-bit image or "snapshot" of the Palm device's memory contents. Such data can be used by forensic investigators, incident response teams, and criminal and civil prosecutors. This paper also presents the Palm OS internals (hardware, file system, and debugger functionality), pdd details (usage, process, flowchart, and timing), and forensic analysis results (flash memory, record removal and deletion, retrieval of system passwords, and telephony applications).4.3.." "Retrieval of System Passwords: The Palm OS system password is set by the user with the built-in "Security" application. The maximum length of the ASCII password is 31 characters. In all versions of Palm OS up to 4.0, it has been confirmed that an obfuscation or hash of the user's system password is stored on the device in the "Unsaved Preferences" database and is also transmitted over the serial cable, airwaves, and networks during a HotSync operation. Depending on the version of Palm OS, the system password is encoded and stored differently. For Palm OS versions 3.5.2 and earlier, a weak obfuscation method is used to mask the actual ASCII password. Regardless of the length of the ASCII password, the resultant encoded block is always 32 bytes. Two methods are used to encode the ASCII password, depending on its length. For passwords of four characters or fewer, an index is calculated based on the length of the password and the string is XOR'ed (a logical operation) against a 32-byte constant block.." Comment - Paper discusses the basics of Palm Passwords among other things like how to image a Palm.
Name - PalmLoyal.com's A Look at Mobile Device Security and Palm Forensics
Download URL - http://www.palmloyal.com/new/index.php?option=content&task=view&id=123& Itemid=2&mosmsg=Thanks%20For%20Your%20Vote Developer - Originally released on the L0pht Heavy Industries website. OS - Any with a Web browser File Size - NA/This is a Web page Supported Software Versions or File Systems - Any that supports a Web browser. Description - "I watched a TV program recently where a serial killer was caught because he sent the police a map (that was from an online map site) to show where a body could be found. The authorities were able to track him down and gather proof and evidence from his home PC. These types of evidence obtaining resources can be used on PDAs too. Any forensic examiner knows better than anyone that the difference between making a case and losing a case is hard evidence. And with more bad guys going high tech, obtaining that evidence is becoming more difficult than ever. There are tools that can help forensic examiners gain useful information from PDAs." Comment - Excellent resource!
Name - pdd
Download URL - pdd_v1_11.zip Developer - Grand Idea Studio, Inc OS - Windows 95/98/NT/2000 File Size - 26.3 KB Supported Software Versions or File Systems - tested with Palm OS v1.0 to v4.0Description - "pdd - Memory imaging tool for forensic analysis of Palm OS platform devices" Comment - None yet.
Name - Tool - Ointment - A password recovery tool for Palm OS devices Screenshot not available Download URL - ointment.zip Developer - @Stake OS - PalmOS File Size - 5.15 KB Supported Software Versions or File Systems - Palm OS 3.5.2 and earlierDescription - "Ointment exploits a particular design problem with the Palm OS backdoor debug mode and the use of weak obfuscated system passwords. Ointment will emulate the serial link protocol and the 'export' and 'reset' commands of the Palm OS Console Debug Mode, retrieve the encoded password block from the "Unsaved Preferences" database of the target device, and decode and display the resultant ASCII password."
Comment - See "How to Apply Ointment". Name - PalmCrypt
Download URL - palmcrypt.zip Developer - Grand Idea Studio, Inc OS - Windows 95/98/NT/2K File Size - 16.1 KB Supported Software Versions or File Systems - FAT32?/NTFS?Description - "Demonstrates the weak encoding scheme used to obfuscate the Palm system password in devices running Palm OS 3.5.2 and earlier. This tool converts an encoded password block to an ASCII password and vice versa. Written for the "Palm OS Password Retrieval and Decoding" security advisory.
Originally released on the @stake website." Comment - None
Name - NotSync Screenshot not available Download URL - notsync.zip Developer - Grand Idea Studio, Inc OS - Palm OS File Size - 26.2 KB Supported Software Versions or File Systems - Palm OS 3.3 and greaterDescription - "Demonstrates the simplicity of obtaining and decoding the Palm system password. This tool imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device. Written for the "Palm OS Password Retrieval and Decoding" security advisory.
Originally released on the @stake website." Comment - None
Name - ppwdump Screenshot not available Download URL - ppwdump.zip Developer - Grand Idea Studio, Inc OS - Palm OS File Size - 2.57 KB Supported Software Versions or File Systems - Palm OS 3.5.2 and earlierDescription - "Palm system password recovery tool for Palm devices. Obtains the "Unsaved Preferences" database from the local device (where the encoded system password is stored) and decodes the password to its original ASCII equivalent." Comment - None
Name - Palm Boulevard Software Security pCrack
Download URL - pCrack 1.0 Developer - Not Specified OS - 2.0 File Size - 3 KB Supported Software Versions or File Systems - Not Specified Developer Provided Description - pCrack is a utility that will crack the built-in Palm password. If you've ever forgotten your password this is the utility for you. Simply install and run and you've got the password. Comment - Not currently available. May be added later.
Name - Palmloyal.com Not Available Download URL - Palmloyal.com Developer - Palmloyal.com OS - Palm OS File Size - Varies upon application Supported Software Versions or File Systems - Not Specified Developer Provided Description - Various utilities are listed for Palm OS. Some of them are Palm dd, Palm OS Password Lockout Bypass, etc. Comment - Not currently available. May be added later. |