My journey of repairing and recycling anything I put my hands on that I believe is still useful. Not just hardware, but including software with relevant content and issues in the field of Cyber Security, Vulnerability Scanning and Penetration Testing.
My Dell Inspiron 15 7580 laptop has been working well since I bought it 3 years ago with Windows 10. The only real issue that I had with it was that it would be getting hot. The fan would go on under mild workloads. A search of the internet seems to show that this is quite a normal behaviour, except that I didn’t think it did this when it was new. A few months ago, it did its Windows 11 upgrade successfuly Last week, I was given a new work laptop to use. I wanted to copy files from my Dell and have them available on the new laptop.
I had a new Samsung Portable SSD T5 500GB sitting in its unopened box on my shelf, and I thought I would use that to do the file transfer. The problem is that when I plug in the Samsung T5 – it doesn’t come up with a drive letter, so I can’t use it. Could it be faulty – not likely since it was brand new, so tried it in my new Asus laptop. It works with the Asus – so what is going on? I had things to do, so left it for the time being until today.
How do I troubleshoot this issue? First of all, I checked Device Manager. I found the USB Attached SCSI (UAS) Mass Storage Device in Storage controllers, then looked at its properties. It seemed normal, then checked Events, and there I could see when I had tried the Samsung T5 SSD last week.
Device settings not migrated – that is weird, so decided to check the Windows Registry to look for this.
That was interesting. I suppose that I could delete this particular entry, but I will come back to this. Next, I opened the Event Viewer to see if any events were logged when I plugged in the Samsung T5 SSD.
I found Windows events from hcmon that was happening each second, since I plugged in the Samsung T5 SSD. I restarted my laptop, but ended up with a blue screen, so after it restarted, I checked the Event viewer again. The hcmon warning I could see was on bootup, and would occur when I plugged something into the USB ports.
The event was about an unrecognized driver, hhdusbh64.sys – which apparently is made by HHD Software as part of the Device Monitoring Studio. I don’t remember ever installing this, and found the file in my C:\Windows\System32\Drivers folder. I decided to rename the file to hhdusbh64.bak and then restarted my laptop.
After the restart, my USB mouse wasn’t recognized. In fact – removing the USB mouse cable didn’t make the beep that it should do, and inserting the mouse cable back in, no response. Maybe I should put that file extension back in, so did that and restarted the laptop. After restart, the mouse worked again – so I was back to checking the Samsung T5. I plugged it in, and lo and behold – Windows Explorer popped up showing the Samsung T5. Wow – so what did I do? I had previously tried plugging in the Samsung T5 many times with both the USB-C cable and the standard USB cable – with no success.
But now it is working. I ran usbdeview from nirsoft.net to view the USB devices. I did this earlier before the blue screen happened, and it had shown the USB Attached SCSI device connected as an unknown device type. This time, it was showing up as a Mass Storage Device which is correct.
After removing the Samsung T5 SSD, I rebooted the laptop. I connected the Samsung T5 SSD, and there was the familiar beep-beep and then Windows Explorer opened up. Well – I can’t complain – it seems to be fixed by either some action on my part, or by the blue sceeen. All I really did was to rename the hhdusbh64.sys driver, but had to put it back so that my mouse worked again. Could that have caused the USB’s to somehow reset – I don’t know, but if it happens again, I will update this article.
I also have no idea why this driver should be there – but will do further research on this. Bye for now.
[P.S. I do remember, a couple of years ago, using a friend’s Samsung Portable SSD T5 on this laptop – could that have been a factor?]
In my part-time job, one of my tasks is to build Windows 10 SOEs (Standard Operating Environments) for a client. The SOE includes the standard applications and settings which are required to provide some uniformity in the way that Windows is seen and used. This was to be able to replace older machines, or machines with outdated operating systems. The first SOE I built was based on Windows 10 build 20H2 and was for an Intel NUC7i5DNKE. This was done in due course, and perhaps later, I might elaborate further on that. For now, those NUCs were no longer available and we were looking at newer models.
The Intel NUC11TNHv5 was one that we chose to investigate. In due course, I built the SOE for that, which generally just involved adding the appropriate drivers for the hardware that was different to the NUC7i5DNKE. Testing involved performing the MDT build and then doing some performance benchmarks. As this was available to me, I thought I would try the Windows 11 upgrade on it and at the same time do some performance comparisons.
The way to go about it, is to run the WindowsPCHealthCheckSetup first which goes and checks the hardware on the machine, then run the Windows11InstallationAssistant. If you run the Windows11InstallationAssistant first, it will prompt you to do the PC Health Check, so I find it easier to run the PC Health Check first.
The problem I am about to describe is happening each time I build the Windows 10 on the NUC11 and then upgrade to Windows 11. When it happened the first time, I though that it was just a fluke occurrence, but I have done this 3 times, and it has happened each time.
After the Windows 11 upgrade, if I right click on the Start button, and choose Windows Terminal or Windows Terminal (Admin) – I get an error message that Windows cannot find ‘wt.exe’:
That is weird, right? The Windows 11 upgrade has completed, but this happens. As I know that Windows Terminal is an Appx package, I did my usuall check to see if there is a problem with it – like I did with the Photos and Microsoft Store app, but my search came up empty. Windows Terminal was just not installed.
One way to rectify this, is to go to the Microsoft Store, then search for Windows Terminal like this:
I can see that it isn’t installed because it shows the Get button, then I can click on the Get button, to install it. I want to show the alternative method, which I used for my previous fixes because I hadn’t shown how I was able to download the appx packages previously.
I go to this website https://store.rg-adguard.net/ – that I found in a number of articles on downloading appx packages, and I choose as follows:
How do I know the PackageFamilyName? I get this from another working Windows 11 machine, where wt.exe does work, like this:
Once I have entered the PackageFamilyName and set the channel to Retail, I click the check box and then get the links returned, like this:
I could then click on the msxibundle to download it, then install the bundle using the Add-AppxPackage command in PowerShell – just like in my previous article. After doing this, the Windows Terminal will open successfully.
Problem solved. If you don’t have a working Windows 11 machine, you can just get the Windows Terminal from the Microsoft Store, and this will rectify the problem.
At least this was fairly easy to rectify – but it was reproducible – at least for me. Build a machine with Windows 10 build 20H2, then upgrade to Windows 11 manually. I suppose I could try this same process but with building on Windows 10 build 21H2 – which I am currently looking at. Anyway, that’s it for today.
Did I mention that I was doing some study in Cyber Security? Over the past couple of years, I made a decision to do something about it, and eventually got certified in a number of certifications. It all started with CCNA CyberSecurity Operations – a free course that came up in NSW Tafe. When I heard that a friend was going for it, I decided to join in, especially as it was free at the time (it isn’t now). Then afterwards, I decided to get trained in CompTIA Security+, followed by CompTIA CySA+ and then naturally continued with CompTIA PenTest+. I was able to get through the exams ok, and actually thought that was going to be enough, but then the opportunity came around last year to do EC-Council’s Certified Ethical Hacker.
CEH is something that I had been wanting to do for many years, and finally last Saturday, I sat for the CEH exam and to my surprise, passed. We had been training in CEHv10, but this year, the exam went to CEHv11 which introduced additional concepts and had a very much hands on approach, so there were a lot of questions about the actual tools that hackers would use to perform their nefarious activities. A few days ago, I received my confirmation that I am now a Certified Ethical Hacker.
Ok, I might be digressing – but during CCNA CyberOps, we looked at web application security and Arachni was one of those popular applications that could test websites for vulnerabilities. It wasn’t the only one, but it had a large following. We also looked at this during the CompTIA training especially in CySA+ where we want to know what vulnerabilities our web applications have, so that we can fix them or mitigate them.
Late last year, my teacher mentioned that he had some problems running Arachni on Kali Linux. I did remember that I had tried this some time ago, and had mixed results. Yesterday, I looked up my notes on Arachni, and it seemed straight forward, download Arachni, unzip it, start the web interface, then log on to http://localhost:9292/
I did this and much to my surprise, when I put in the default username and password to logon to the web interface, I get a screen showing the following:
Naturally I went to Google for a solution, as we usually do, but the solution was not forthcoming. There were various fixes that people had suggested, but the comments were that it might work for someone, but not for others. I found people having this problem from a year ago, and it seems that in January 2020, the development of this application was stopped, which meant that support was no longer available.
I did have an older Ubuntu virtual machine, version 19.04 actually, and I installed Arachni on it, and it was working fine, so the problem seemed to be related to newer releases of the operating systems. Ubuntu 19.04 though, was no longer supported, and could no longer update patches. Then I downloaded Ubuntu 20.04 Desktop LTS. I installed this in a new virtual machine, installed Arachni and tried to log onto the web interface, and got that “We’re sorry” message just like almost everyone else is getting. I could access the log file, and it showed that there was an invalid hash during the logon process – that’s interesting. Sure enough, this is the same problem that others had been reporting as well, for a year or so, and no concrete solution was at hand.
This morning, I was up early and thought I should try to get to the bottom of this. There was a suggestion by someone that it was the database – it might be corrupted or missing. Since I knew that Arachni it was using a sqlite3 database, I was able to download a Sqlite3 database browser, and extracted the production.sqlite3 database file from my machine (by the way, the database did exist! and hacking is what we do!)
I opened the database and browsed to the users table and could see the encrypted password, which is a bcrypt hash. I copied each hash, then tested it in an online bcrypt generator site which allows me to check password hashes against a known password. Both of those hashes were fine, when I entered the expected password. So these tests validate that the database is accessible, intact and not corrupted.
Next step, is to narrow down the problem. I ran the command to change the password for a non-existent user. This was ./arachni_web_change_password user1@user.user 12345
Good, I get a message saying that the user email address was not found – which was what I expected, but wasn’t sure that I would get that. Ok, how about I create a new user account – ./arachni_web_create_user test@test.test 12345 tester (had to add the full-name) – and I got the invalid hash message as seen below:
Now we are getting somewhere by ruling out possible causes. I went through the password.rb Ruby file and the error comes up because the password hash passed to it did not pass the valid_hash test.
Ok, so the hash wasn’t valid – what was the hash that it was trying to test? I then modified the error line to replace “invalid hash” with raw_hash, then tried creating a new user again to check the error log. I did this by ./arachni_web_create_user test@test.test 12345 tester
We are making progress! I can see the bcrypt hash, can you? I know that it starts with $2a$10$… so this is bcrypt with 2*10 rounds and should be followed by a salt and then the password hash, but what is that garbage on the end. I copied the readable parts of the bcrypt hash, then tested it and failed. I then tested it again, but this time I only used the first 60 characters of the raw hash and it passed the hash test with the 12345 password.
Great – we are getting somewhere! This means that something in the bcrypt process was giving extraneous characters, which is why the generated hash did not pass the valid hash test. After some further digging, I traced it going back to the engine.rb file – line 51, and decided to just try truncating the generated hash. This would not be a fix, but would be a good workaround, and a simple one at that. The change would be like this:
__bc_crypt was somehow returning a hash that had some corruption at the end, so the addition of [0…60] is saying that I only want the first 60 characters (truncating the returned hash). Why 60 characters? Let me explain – this bcrypt hash is comprised of, $2a$ which is the algorithm, then 10 is the cost parameter, i.e. 2 to the power of 10 key expansion rounds, a $, then the salt which is 22 characters long followed by a 31 character hash. If I got my maths right, it means that the bcrypt hash is 60 characters long. Having already tested the first 60 characters of the generated hash, I was very confident that truncating the hash would end up with a valid hash, and therefore – no more invalid hash error.
Time to try this out on one machine – by making that change to the engine.rb file. Fantastic, it worked, Eureka! I then continued with my other test machines. Does it continue to work? Yes, it worked on my Ubuntu 20.04 desktop. It worked on my Parrot OS virtual machine on my laptop. It worked on my Kali Linux 2020.02 virtual machine, it worked on my Kali Linux 2020.04 virtual machine. Now, I have to say that when I say that it worked, I mean that I was able to log in to the Web Interface – which was the main problem that people were having, you remember? The “We’re sorry, but something went wrong” problem.
This is not a fix, but a workaround. A fix would mean identifying the underlying root cause and then rectifying it. But a workaround is as good as a fix – get it? Now whether or not Arachni will be completely usable is unknown, especially as it is no longer being developed, that means that newer vulnerabilities cannot be included unless someone takes up this task.
My testing shows that the Arachni framework is still usable when implementing my workaround, but did note that when using Kali 2020.04, I could log on, but when I configure a scan, the scan didn’t seem to do anything and timed out after 10 minutes.
After it times out, I can see an error:
I think I might have to leave that problem for another day!
To give a summary of this problem – if you are trying to log into Arachni Web Interface, and are getting that cryptic message that something went wrong, try modifying the file located at the path system/gems/gems/bcrypt-3.1.11/lib/bcrypt/engine.rb, find line 51 and add [0…60] to the end of the __bc_crypt command – like this:
Then you need to stop the arachni_web (if it is running) and then start arachni_web, and you should be able to log on without that message. One more thing, I forgot to mention that Arachni also works on Windows 10 – I tested and confirmed that yesterday and I didn’t need to do anything to it.
[P.S. I did run some scans of my web servers from those machines using Arachni. I even pointed it at a Metasploitable2 machine, which is a known vulnerable machine. The scans worked, with the exception of course, of Kali 2020.4 – but you knew that already!]
This came up recently for a client. When they open a Microsoft Word document, they get this popup message:
Now the funny thing is that there is no dialog boxes open, but if they click on OK, then the document comes up fine. The annoying thing is that it happens all the time. A google search on the internet shows a lot of people having encountered this problem, with just as many fixes like removing templates, etc. One thing that does work is to open Microsoft Word and then open the document – which is an extra step. Most people just want to open the document because they have browsed through windows explorer, found the file and double-click to open.
Now, it turns out that it is Microsoft Word 2007 which is really not supported anymore but still appears to work with Windows 10. After a bit of investigation, I determined that it must be something to do with antivirus, in this case McAfee. If I turn off the Real-Time Scanning for a short time, like 15 minutes, then this problem doesn’t happen at all. But turn it back on, and – yeap, you guessed it, the popup box is back again. We can’t really go without antivirus, so maybe the option is to look at alternatives for antivirus.
Then I checked to see if there was an update from McAfee and found that they already know about this. To see what they say, you can do a search for:
mcafee TS102841
I suppose that if it gets fixed, maybe that document might be updated. For now, accept it as it is, or use a different antivirus is really all I could suggest – apart from upgrading to perhaps Office 365.
One day, my son turned on the electric oven to bake something for lunch. I only found out when I got home that the oven had stopped working. It seemed that he turned on the oven and after a short time, there was a sound, and it went dark, with only the clock showing. This oven is a Kleenmaid TO500X which was quite expensive when we bought it back in 2007, and a few years later, Kleenmaid went out of business only to be resurrected after that.
With the digital clock working, it meant that it was getting power, but none of the other controls, such as oven light, fan, grill – even the thermostat light was dark. When I got around to it, I turned off the oven power at the switchboard, and pulled out the oven – removed a few metal panels so that I could inspect the inside of it.
Typically what usually happens is that the thermostat fails, so I had been checking on prices of thermostats. Anyway, with the covers off, I could check that the thermostat was – surprisingly ok, by turning the knob to any temperature, the contacts show a connection – which it should if it is working.
I decided to check the heating elements anyway, and each element had a measurable resistance meaning it should be functional. I couldn’t see anything else that might be wrong, so closed it up and went to do more research. After some further time, as in days, I came back to the oven, to check if the thermal overload had triggered. I found the device screwed onto the rear fan mount, but it showed continuity – and anyway, it would only be a problem if the thermostat had failed in the on position and caused overheating – which it didn’t have time to do.
Back to the drawing board – so anyway, I woke up one morning and realised something that had been staring me in the face – this multi function over has a timer switch that can cut the power after a set time – I use it all the time when cooking frozen pies, so that I don’t overcook them, as in – burn them to a crisp. Sure enough, after opening the oven again, the clock timer module has a board on the back with a relay, where the relay contacts control power to the thermostat – now we are getting somewhere.
Removing the clock timer module is complicated, by first removing the thermostat and the control switch – but the hard part was removing the front knobs which I worked out, just need some brute force. After that the assembly could be removed, then the clock timer module removed from the metal frame.
Removing the circuit boards from the module was also a bit of a job, would be handy to a lot more hands, but eventually it came out. I checked the components and worked out that the relay was driven by a signal going to a PNP transistor, and eventually after applying some power (albeit carefully) confirmed to my satisfaction that there was no power going to the relay. I had earlier confirmed that putting 12V onto the relay allowed it to switch and I confirmed that the contacts were closing correctly, hence the relay is good – therefore it was not getting a signal to turn on.
Debugging it further would require removing the display module in order to work out what was wrong with the timer. The display has about 20 pins, being a vacuum fluorescent display – which is not an easy job, as I found that my desoldering station wasn’t heating correctly. So, to fix this, I decided to just bypass the relay – effectively by connecting the contacts to make it think that the relay was on. The relay contacts are Faston connectors and I remembered having a piggyback adapter in my stock of parts, so after checking a few boxes, found my little adapter. It plugs into one terminal and allows two cables to plug in – the ones that originally went to each relay contact, now go to this adapter.
After doing this, I started reassembling the control panel, putting wires back on – in the correct place which is why I usually take photographs of anything that has lots of wires. To my piggyback adapter, the red and orange wires are connected – which originally was to the relay contacts.
Then the final test, was to turn the oven power back on, and voila – the oven now works. I checked that the internal light came on, that I could choose heating modes and more importantly, if I set a temperature, the thermostat light shows that it is heating, so all good, except that we have lost the timer function – not a big problem. A replacement timer module would cost almost $500 which is already close to the cost of a new electric oven. The moral of the story, is that sometimes a repair only has to make the device work again, and if we accept that some functionality is lost, then that is ok.
Of course, I could have spent more time to actually determine the cause of the failure – but we needed a working oven, and adding this $2 part made it work.
On Saturday, while doing a few things around the house, amongst other things – I was checking to see whether or not I could get a second drive caddy for my Fujitsu Lifebook P8110 notebook. I was trying to remove the DVD drive and at the same time, decided to take all of the covers off the bottom of the notebook. One cover hid a mini PCIe socket which I believe is for an optional wireless card – or perhaps even a small SSD. Another slightly larger cover hid the memory socket, in which was installed a Kingston 4GB DDR3 1333 Sodimm, and of course the much larger cover was for the internal hard disk drive.
In due course, I put everything back together and put it back into my backpack since I use it for work as a Windows 10 machine from time to time. To my surprise this morning, it failed to power up – well, actually the power light came on, the disk light came on then the Scroll Lock light started blinking. I could still hear the hard disk drive spinning. There was no display at all, not even the Bios POST screen came on. I held the power button to force it to power off. I did this a few times to confirm that I was not imagining it and eventually put it back into my backpack and went on with my tasks using my work laptop.
After coming home, and watching a short movie, I got my Lifebook back out and tried it again – the same flashing Scroll Lock light. A quick check on the internet showed no solutions however one site did say that it may be power related. I eventually got the battery removed, and connected the power adapter and still the same. One site did suggest memory – and yes, I did remove the memory module on Saturday, so could this be it?
I opened the cover and removed the memory – a 4GB module as described above. I had the laptop screen down and the main body up – i.e. the laptop was open so that I could reach the power button and see the screen but could also access the memory slot. I pressed the power button, and the Lifebook came to life, as in the Bios screen came up then proceeded to boot to Windows. I powered off and went in search for some memory. I had another Kingston 4GB so tried that – no go. Then I found two new Kingmax 4GB Sodimm’s and tried one – and yes, it worked. Afterwards I decided to try the original memory – the first Kingston 4GB and while putting it in, I latched and unlatched it a few times since it could be just a contact problem.
So did it work, I can hear you all asking?
Yes, the notebook booted up! I shut it down, then put the cover back on, then put it right side up and powered on. Still working, so it appears that the flashing Scroll Lock light is indicating a memory problem. The motherboard has 2GB of inbuilt memory, so the notebook will boot from this, and my 4GB brought it up to 6GB – more memory of course, is better for Windows 10. At least I know what to do if this happens again.
R.IT 