Archive for September, 2011

Microsoft Windows stores Serial Numbers of USB Flash Drives used in the OS!

Friday, September 30th, 2011

I’ve recently been forensically examining a Microsoft Windows computer. [secret squirrel stuff – If I tell you …….]

The computing community grilled Apple recently about storing iPAD/iPhone GPS locations on the hardware, which was fixed by a security patch,

But I had no idea, that Microsoft Windows stores ALL the Serial Numbers of ALL the USB Flash Drives or USB External hard disks ever used, with first used date, and last used date on the computer in the Computers’ Registry, they are not encrypted.

So, with this information, it’s very easy to prove, a USB flash drives or USB External disk was used on your computer, for ill gotten gains etc

So if you work for a crime syndicate, destroy that USB flash drive or USB external disk!

Table of USB Devices extracted from Windows Registry

Table of USB Devices extracted from Windows Registry

I was surprised that the serial numbers do match, I checked my LaCie iamaKey, I did not realize, that USB flash drives have serial numbers!

Post to Twitter

Installing Microsoft Windows 8 on VMware ESXi 5.0 using Nested Hypervisors

Thursday, September 29th, 2011
Microsoft Windows 8 on VMware ESXi 5.0

Microsoft Windows 8 on VMware ESXi 5.0

Not being able to run Microsoft Windows 8 (Developers Preview) on ESXi 5.0 directly, I decide to try out the new Nested functions that exist within VMware ESXi 5.0. With VMware ESXi 5.0, it makes it easier to run Nested 64bit Operating Systems.

and all you need to do is the following:-

Add vhv.allow = “TRUE”‘  to /etc/vmware/config

Create a new virtual machine, I selected Microsoft Windows Server 2008 R2. Once you have created your new Virtual Machine, Power Down, and change the following Options.

Edit the Virtual Machine Properties, Select Options, General Options, and Change the Guest Operating System type to Other: – VMware ESXi 5.0.

Guest Operating System Version VMware ESXi 5.0

Guest Operating System Version VMware ESXi 5.0

This changes the OS, so you can run Nested Hypervisors, and makes the Intel VT or AMD-V functions available to your Guest OS.

Then I installed VMware Workstation 8.0 in the VM, and voila!

It’s a little cheat! But proves Nested Hypervisors works correctly in ESXi 5.0!

Post to Twitter

Red Admiral on Echinacea – late summer 2011

Tuesday, September 27th, 2011
Red Admiral, Vanessa atalanta on Echinacea purpurea

Red Admiral, Vanessa atalanta on Echinacea purpurea

Lindsey took this picture in the garden!

Post to Twitter

Andy at the Tate, St Ives – Martin Creed, Half the Air in a Given Space

Monday, September 26th, 2011
Andy at the Tate, St Ives

Andy at the Tate, St Ives

This was taken in July 2011, at the Tate Gate, St Ives, Cornwall.

This installation is by – Martin Creed, Half the Air in a Given Space, which sees the spectacular sea-facing galleries filled with hundreds of balloons!

Post to Twitter

Tweaking ESXi 5.0 – Adding un-supported hardware to VMware vSphere ESXi 5.0 – Adding a QLE-220 to ESXi 5.0

Tuesday, September 20th, 2011

A continuation of this article – Tweaking ESXi 4.1U1 – Adding un-supported hardware to VMware vSphere ESXi 4.1 U1 – Adding a QLE-220 to ESXi 4.1 U1.

No official support for the Qlogic QLE-220 in ESXi 5.0, vSphere GUI client before tweak

No official support for the Qlogic QLE-220 in ESXi 5.0, vSphere GUI client before tweak

Because I’m also now testing Production VMware vSphere 5.0 (ESXi 5.0), and also need to connect the ESXi 5.0 servers to the fibre channel SAN using the same Qlogic QLE-220 4GB fibre channel cards. These are the PCI-E cards that fit in the HP ProLiant MicroServer quite nicely. As these Qlogic cards were NOT supported in ESXi 4.1, it’s unlikely they are supported in ESXi 5.0, and they are NOT, and not included on the HCL (Hardware Compatibility List).

Again, trying to get ahead of the curve, it will not be long, before I’m asked the same question as before with ESXi 4.x.

“ESXi 5.0 does not “see my network interface card, or storage controller.”

“How do I add this mass storage controller, network interface card,  fibre channel HBA to ESXi?”

A.Andy’s Thoughts

It is my understanding, that rather than a single oem.tgz, which contains the simple.map Vendor and Device IDs of ESXi 4.x, the simple.map file has been broken down into likewise individual mapping files, /etc/vmware/driver.map.d reveals 60 individual map files which contain the Vendor Id and Device Ids similar to the original simple.map of ESXi 4.x.

ESXi 5.0  contents of /etc/vmware/driver.map.d

ESXi 5.0 contents of /etc/vmware/driver.map.d

The file I need to modify is the qla2xxx.map file, to add the Vendor ID and Device ID. I may also have to alter the pci.ids files as well, but it’s unlikely!

the console command lspci -v reveals the same vendor ID and device ID

console output of lspci -v on ESXi 5.0

console output of lspci -v on ESXi 5.0

When ESXi 5.0 boots up you can see the individual driver modules files being extracted from their tarbal archives and loaded into ramdrive memory. These tarballs contain the mapping PCI ID mapping file and also the drivers for the device. All that is required is to add your new qla2xxx.map file (modified mapping file) into the scsi-qla.v00 tarballed file.

B. Adding the device to the mapping file

I’ve completed this by, extracting the original contents, including sub directories, copying my new mapping file, and creating a new archive.

  1. cd tmp
  2. mkdir tweak
  3. cd tweak
  4. cp /bootbank/scsi-qla.v00 scsi-qla.tgz
  5. tar -xvf scsi-qla.tgz
  6. rm scsi-qla.tgz
  7. Update and tweak the qla2xxx.map file.
  8. Modifying the qla2xxx.map file to add additional Vendor and Device ID

    Modifying the qla2xxx.map file to add additional Vendor and Device ID

  9. tar -cvzf scsi-qla.tgz etc usr
  10. mv scsi-qla.tgz scsi-qla.v00
  11. cp scsi-qla.v00 /bootbank/scsi-qla.v00
  12. restart server.
Qlogic QLE-220 in ESXi 5.0, vSphere GUI client after tweak

Qlogic QLE-220 in ESXi 5.0, vSphere GUI client after tweak

Viola! An un-supported Qlogic QLE-220 added and working in ESXi 5.0.

Post to Twitter

Tweaking ESXi 4.1U1 – Adding un-supported hardware to VMware vSphere ESXi 4.1 U1 – Adding a QLE-220 to ESXi 4.1 U1

Monday, September 19th, 2011

I’ve decided to write this article, because I get many queries about ESXi does not “see my network interface card, or storage controller.”

How do I add this mass storage controller, network interface card,  fibre channel HBA to ESXi?

Usually storage controllers, network interface cards are already supported within VMware vSphere ESXi 4.1 U1, they been tested and verfied by Vendors and VMware, ESXi 4.x can have limited support for hardware, check the HCL to check it it’s supported. But with a few tweaks, you can successfully add the unsupported storage,  network interface card to ESXi 4.x.

This is un-supported by VMware, your mileage and stability of your OS could be affected. Unfortunately, this cannot be discussed on some IT Technology websites, due to breach of their policy, possibly it is classified as “hacking” – this is a grey area.

I have some Qlogic QLE-220 4GB Fibre Channel PCI-Express cards, these are not listed on the VMware Hardware Compatibility List. You can quickly deduce if the hardware is not supported because ESXi 4.x, will not load the drivers at Bootup, and the devices will be missing from Network or Storage Adaptors.

From previous experience I know that the Qlogic QLE-220 uses the same driver as the qla2xxx.o (module driver), the reason it is not recognised in ESXi 4.x, is because the PCI ID is not present in the “simple.map” file on ESXi. (you may need to add you module!)

ESXi 4.1 U1 Storage Adaptors listed in vSphere GUI Client before tweak

ESXi 4.1 U1 Storage Adaptors listed in vSphere GUI Client before tweak

A. Finding the PCI ID
I need to find the PCI ID for the un-supported network or storage device. The PCI ID can be obtain in two ways, you could check the The PCI ID Repository, and check if the device has been added and available (Qlogic QLE-220 is here http://pci-ids.ucw.cz/read/PC/1077/5432). The PCI ID is in two parts, the first four characters are the Vendor ID, and the second four characters are the Device ID. But as I’ve got to install this in the ESXi server, it can be verfied by using the lspci -v command. With these devices, ESXi is able to recognize the devices and thus includes the device name.

output from lspci -v

output from lspci -v

from the output of lspci -v
000:002:00.0 Fibre Channel Serial bus controller: QLogic Corp SP232-based 4Gb Fibre Channel to PCI Express HBA
Class 0c04: 1077:5432

Vendor Id: 1077, Device Id: 5432

B. Adding the device to the mapping file
These values needed to be added to files called “simple.map and pci.ids”, which is contained in a file called oem.tgz. This is how we add the vendor and device id

  1. cd /tmp/
  2. mkdir -p oem/etc/vmware
  3. cd oem/etc/vmware
  4. cp /etc/vmware/simple.map simple.map
  5. vi simple.map (add PCI IDs as found above)
  6. simple.map modify

    simple.map modified with vendor id and device id

  7. Exit vi – press ESC and enter :wq
  8. cp /etc/vmware/pci.ids pci.ids
  9. vi pci.ids (this file is self-explanotory, it’s the description of the controller)
  10. pci.ids already contains a description for my device!

    pci.ids already contains a description for my device!

  11. Exit vi – press ESC and enter :wq
  12. cd /tmp/oem
  13. tar -cvzf oem.tgz etc
  14. cp oem.tgz /bootbank/oem.tgz
  15. restart ESXi host.

At ESXi bootup, you will see the driver load, Fibre Channel adaptors always take a while to load the modules.

The following vSphere GUI client Storage Adaptors screenshots confirms the drivers have been loaded

ESXi 4.1 U1 Storage Adaptors listed in vSphere GUI Client after tweak

ESXi 4.1 U1 Storage Adaptors listed in vSphere GUI Client after tweak

I just need to find some fibre cable, 4GB FC Switches, and spare LUNs for testing!

At the ESXi console you can also use esxcfg-module -l (-q) to check for the module loaded (driver). You can also use this to load the module for testing.

I’ll be investigating ESXi 5.0 later this week.

UPDATE A few hours this afternoon (Tue 20th), tweaking ESXi 5.0, to provide support for the Qlogic QLE-220, and understanding how to add un-supported hardware to ESXi 5.0.

See here

Post to Twitter

Windows 8 Preview vcpu-0:NOT_IMPLEMENTED! error in your Hypervisor!

Wednesday, September 14th, 2011

Windows 8 Preview vcpu-0:NOT_IMPLEMENTED! error in your Hypervisor!

Microsoft Windows 8 Developer vcpu-0:NOT_IMPLEMENTED!

Microsoft Windows 8 Developer vcpu-0:NOT_IMPLEMENTED!

Avoid the vcpu-0:NOT_IMPLEMENTED! error in your Hypervisor, and use the following:-

VMware Workstation 8.0 Download (trial)
http://downloads.vmware.com/d/info/desktop_end_user_computing/vmware_workstation/8_0

Microsoft Windows 8 Developer Preview Boot

Microsoft Windows 8 Developer Preview Boot

Oracle Virtualbox 4.0
http://www.virtualbox.org/

Microsoft Hyper-V Server 2008 R2 with Service Pack 1 (SP1)
http://technet.microsoft.com/en-us/evalcenter/dd776191.aspx

Post to Twitter

GCOD – Green Circle of Death – Humax FoxSAT-HD STB PSU Repair

Tuesday, September 6th, 2011

from an earlier post….

“But this has some good news, because I managed to salvage a 3300uF 16v Capacitor from this broken power supply to repair the power supply in my Humax FoxSAT-HD STB!”

It would appear that Humax have used rubbish cheap Foxcon capacitors in the STB, and after 24 months, it will stop working with the “GCOD – Green Circle of Death”, when if you turn on your STB, it will just sit there, with green leds rotating in a  circle, The fix is to replace

C23 – 680 uF  25 volts (this is the 12v line to the LNB)

C12 – 2200uF 10 volts

as a quick fix, I’ve just replaced C12, with a 3300uF 16v cap, and I now have a working STB, but I’ve got some Panasonic Caps, on order from Boot Ferrule Man.

It’s a very quick fix, if you can use a soldering iron and solder sucker!

Post to Twitter

BIG BANG – PC Workstation power supply!

Monday, September 5th, 2011

And on occasion, I have to deal with the physical world of computing, when the power supply in PC Workstation No.2 decided to go bang, and then tripped the circuit breaker for the sockets in the house! (the computer was not even powered up, but it has a smart power supply, Wake on LAN, low power etc so although plugged into AC, it’s “on”.)

I’ve been disassembling the PC Workstation No.2, little service vacuum out the dust from heatsinks, fans, hard drives, and replacing the PSU with a new working supply from the spares cupboard.

Checking the broken power supply to check which side of the power supply decided to go bang, (AC or DC) fuse had not blown inside the power supply, but here are the photographs from the broken power supply. I think you’ll see the fault immediately.

Capacitor cap blown-out

Capacitor cap blown-out

But this has some good news, because I managed to salvage a 3300uF 16v Capacitor from this broken power supply to repair the power supply in my Humax FoxSAT-HD STB! (but that’s another blog!)

Post to Twitter

All Donations made to Andysworld! in September 2011 will be given to WaterAid

Thursday, September 1st, 2011

I have decided to give all the donations received for the month of September 2011 to WaterAid.

Post to Twitter