ghost as a forensic image

here is a fun little read on the use of ghost as a forensic capture tool.

Using FRS radio for Digital Modes

So I have been getting into digital modes a lot more since HRD really has stepped up the cool factor. However I have a few issues with testing and playing. First I have no good antenna in my RF-Hell area to get out to any fellow nerds who have the time to play. Second I have no radio yet that is good for transmitting hours of testing.

I had a idea for the problem I have a stack of old FRS radios that I never use whynot adapt the VOX of the Motorola FRS to the PC for use with HRDDigital Master 780

I set to work, first thing I learned was that the 2.5 mm jack that motrola uses isthis weird "long jack" you can just hack up some cable for cell phone vox kits, Ihappen to have a texas instruments link cable from the old TI-85's I have sittingaround. I have more then one so hack hack. I hacked up this particular cable becauseof two things 1. it had a nice ferrit coil so I eliminate (if any) RF into my soundcard 2. you can hack away plastic and T.I. actually uses the long 2.5mm plug thatmotrola uses to make you buy their shit.

After some tinkering with the VOX I learned that you must short the MIC to get theradio to power up in VOX mode, however if you short it outright you get PTT mode.Simple fix throw in a resistor, I had a stack of 450kohm resistors sitting on my deskfrom a prior mess so used them. However I assume a 1k will work just fine.

Then just play simple hook up game, plug the radio speaker into the PC MICand radioMIC into PC speaker.

Simple little test shows it works, the volume is high but appears to not be clippingI havent scoped the audio yet to check but rather just went right to a test. hookedup two cables for two FRS radios. Turn on DM780 on two PC's and yup I have communicationin CW. I havent tried any other modes yet but I would assume the only issue is theaudio gain, DM780 will allow you to transmit at less then 0db gain right from theapplication, this is a setting to tinker with. Also volume on the radios I didnt fusswith (it was 2am with a working product I wanted to sleep)

Improvments might come from putting a cap in line or a POT to lower the input to theVOX on the radio, but I assume that I can fix all this in software with no need foradditional hardware.

Next step is to heatshrink it all up and now I have a nice little demo kit for digitalmodes. I can also have some fun at any public space by transmitting oliva and watchingpeople think its space creatures.

I have no idea if this is FCC legal, I couldnt find any data saying that you canttransmit digital modes on FRS bands. Seeing as its public domain frequency space Iam also not very concerned with my transmissions since people also transmit musicand swear there.

I used two Motrola T5420 FRS radios in this test. I also used 500k resistor

Update: I got some feedback in the legality of this - longboring legal document summerised: The most onerous restriction seems to be thatthe data transmission can't exceed one second, and there can't be more than one ina thirty-second period.

So if your super worried plug it into something else ... hell thinking about it youcould just plug it right into another computer ...duh. But where is the fun in that?Legally you also cant swear on the FRS radios or CB radio so keep that in mind.

ShoreTel RTP Traffic

ShoreTel Phone system 8.0 recently put L16/256"Linear Broadband 256kbps" as the default #1 codec to use phone to phone, Howeverthe newest copy of Cain will not identify this as a call - I assume its because ofthe bandwidth used. Now you can change the server to not use this bandwidth and keepon the 128k but for my current classroom material and pentesting this isn't a plausiblecase. I would like cain to auto-magically detect and dump the 256k stream.

Name/ Clock/ Bandwidth/ Description
L16 256/ 16000/ 256 Kbps/ Linear 16-bit Audio 256 Kbps

update: here is the handshake data with info

t=0 0
m=audio 5004 RTP/AVP 110
a=rtpmap:110 LRWB/16000

update2: cain now supports this codec,wireshark get this on the dev I cant find anywhere to request this.

I also put the notes into NetworkObserver


Resources for Scanning or Amateur Radio in the NorthWest

A commonquestion I get is resources for the HAM hobby in the area. So here is alist of sites that I have found for Seattleand the pacnw.

RadioReference – possibly the singlegreatest Internet database of law enforcement, and Public Frequency’s if youwonder what the light bar out side your house is talking about this is the locationto get data. Also make sure to check out the forums thereis a great location for learning and gathering data about how to scan or use radios.

NorthwestRadio (Intercept Northwest) –Same Idea as the Radio Reference but specifically for the northwest, they have a lotmore of the nitty gritty freq’ allocations like W hotel security, or McDonald'sin Fife. forms totalk about local information

NWHam –here is a new kid on the block, this site is very slick. Has a repeater lookup databasethat is seemingly bad ass. Normally you must buy a book or do a lot of research forthis data. This is a community fed database like to keep the data living. Againforms for HAM radio talk in the area.

I leave forlast because as its ‘the’ lookup database for amateur call signs. Theforms are full of angry, know it all-Old farts that think that vista is cool becauseits new. Or google browser is great because its from ‘a real good company’(translated to I wish my retirement was wrapped up in the google stock)

Other realms are the FCCULS search which is the databasefor anything FCC (or everything).

HRO whichis a suppler of radio equipment, the prices are not as good as they once were.but free shipping on over 100 bucks from Portlandis normally good. Compare them to AES forbest prices. Vetco is in Bellevueand has things if you need them now, but I very much dislike the staff there. (theyalso turned into the largest seller of HDTV crap ever)

Local Groups, Or Clubs are good if you’reinto the group thing. TheMike and Key Club and the PugetSound Repeater groups are goodplaces to look into. There is a thousand groups in the area, from emergency to Boeingand Microsoft. Just Google search ‘Puget Sound Amateur Radio Club/Group’ to find more.

If you have uniden scanners check out the freetool bctool or freescan.Don’t buy the Butel Arc software its buggy and crappy for the price.

What to buy? Pages such as eham or RadioReferenceWiki can help. The sites Ihave listed at the top all have Classifieds go there before you go to ebay. Craig’slist also always has mountains of crap. I find the local swap meets to be a wasteof time for the most part. (Other then looking at other nerds) also check out

Antenna’s …long topic, outis better then in. Big isn’t always the best. If it’s noisy get a tuned.Anything will work as good as the most expensive if you tinker. Noise blockers andRFI eliminators should be last resort.

Magazines, I find that the ARRL officialmag is possibly the best. I am not an advocate of dumping money into ARRL but thesubscription and online stuff you get is worth the cash. PopularCommunications is also a great oneto get. I have nothing good to say about MonitoringTimes they don’thave good stuff on radios or the hobby IMO a lot of crap that PCMagazine alsohas. Sorry I don’t need a monthly grove catalog.

Books– the NorthwestFrequency Database I carry with meeverywhere I go. Official ARRL Repeater directory books are handy but sometimes aredated, However they are good to have. The ArtSci booksare good, but also wrong or dated but you cant always have internet and they havesometimes better data then the ARRL.

Other things I would check out, is HamRadioDeluxe hasa application for decoding digital modes, so far its the best I have found (includingvery $$$ apps) it will do most things that are still around.  MixW is a nicetool for some comparative analysis on digital modes as one solution won’t alwayswork. It’s a pay for app with no development but you can use it with out paying. FlDigi isan open source app that you want on your tool belt as well expanding again some ofthe things you can do with digi-modes is another analyzer to use. If you want to trysome fun the DigiPup bootableLinux distro will throw a lot of apps at you for testing.

Other applications that might be handy for toolingaround the RF is TrueRTA forsound card digital analysis.  And unitrunker fortrunk decoding,  PDW fordecoding other commercial digital modes. GoogleEarth is also a good application tohave handy, just don’t install the Google updater to keep the NSA from keepingits link to you updated.

You need to take a Radio Test? Look around,most people will do it for the cost of the license work (15 bucks or so) don’tpay a lot unless you want to support the cause. Email me and I can get you in touchwith free study groups w/ test.

If you don’t have a radio or have no placefor antennas check out EchoLink thiswill allow you to link your computer to a repeater to talk to stations all over theworld, something you cant do as easy or reliably even with the most expensive radio.

And don’t tell people you have aGRMS license they will only snicker.

Hope this little blurb of informationfinds your Google search and that I can help.

drop the netbios hell in XP

When you run explorer and its using mapped drives or printers, there is a lot of crapnetwork traffic that hangs up the kernel and your experence with your OS in here is a tip that I never bloged about. Disable the qutomatic query for networkresources. This will speed up your work PC a bit if your a poweruser.


