Norton Fucking Ghost

October 19, 2011 Leave a comment

I was working on a machine a few weeks back that suffered a hardware failure – I ended up having to rebuild all the components I could save into a new box – and it got me thinking that this would be a real good time to practice-what-you-preach, and do a backup.

Two birds with one stone and all that, I thought this might be the right time to do an upgrade on the boot drive too.

In my setup right now is a 32Gb SLC Intel SSD and I’m upgrading to a 64Gb Patriot drive, both have roughly the the same 250MB/sec throughput, but the inferno is larger in size. Windows 7 used only a fraction of the original 32 gig, but the patriot supports trim and I can move the static page file onto it too.

So I get Norton Symantec Ghost 15 up and running, set about making an clone of my Win 7 boot drive, turn off the PC when it’s done and exchange the Intel for the Patriot on the original SATA cable.

I turn on the computer, and it doesn’t boot. I take the case apart again, checking I didn’t accidentally cause a disconnect when I put the case back together, I checked the boot order in BIOS, nothing wrong. Maybe it’s faulty? I put the original drive back in, and it doesn’t boot.

Norton Fucking  Ghost

So I do a search on the internet through my Android phone and it’s apparent this is a known bug.

Source and destination drives do not start after I perform Copy My Hard Drive operation in Norton Ghost 15.0 on Windows 7 or Vista

It destroys the Boot Configuration Data, or BCD, that Windows needs to locate and boot the OS. The solution? Boot off your Windows installation disk and do a repair. Or DOS.

Ghost SRD

I was able to boot off the Ghost 15 System Recovery Disk, and get the BCD re-built using the following DOS commands.

To create a new bootloader, type the following commands one at a time.
Press Enter after you type each line:

del c:\boot\bcd
bcdedit /createstore c:\boot\bcd.temp
bcdedit /store c:\boot\bcd.temp /create {bootmgr} /d "Windows Boot Manager"
bcdedit /import c:\boot\bcd.temp
bcdedit /set {bootmgr} device partition=C:
bcdedit /timeout 10
del c:\boot\bcd.temp

That completes the steps required to rebuild the bootloader, and now we need to add our OS to it.

bcdedit /create /d "Windows 7" /application osloader

bcdedit should return a message with a unique GUID for the newly-created entry, something like this,

The entry {c0dfc4fa-cb21-11dc-81bf-005056c00008} was successfully created.

You’ll need to use the UNIQUE value that bcdedit returned for you below, instead of {your-guid}, along with the drive letter for the drive that Windows is installed on.

bcdedit /set {your-guid} device partition=C:
bcdedit /set {your-guid} osdevice partition=C:
bcdedit /set {your-guid} path \Windows\system32\winload.exe
bcdedit /set {your-guid} systemroot \Windows

And, last of all, tell the Windows bootloader to boot the new entry by default:

bcdedit /displayorder {your-guid}
bcdedit /default {your-guid}

Now the BCD has been completely rebuilt from scratch. Some of the details included here taken from Symantec and also NeoSmart. The NeoSmart article gives you more options and screen shots, including details on the repair of the bootloader using the Windows installation disk and how to attempt automatic repair with /rebuildbcd.


tcpdump on Android

September 11, 2011 2 comments

I’m interested in intercepting the data my Android device is sending – I use Wireshark under windows, using winPcap to capture packets.

WinPcap consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers.

WinPcap is based on libpcap, a linux tool that’s been ported to Windows.

porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed

Linux Kernel, Linux tools?

Android has a linux kernel, so surely there must be a libpcab based tool out there to capture packets?

tcpdump is a command line tool for linux that can capture and analyse packets from the console, or write them to a file. Luckily, the files generated are compatible with Wireshark, being based on the same packet capture software.
The only issue now is to find a version made for Android.. I know some basic shell command like cat, grep, ls, but not enough to do my own Android cross compile..

So I was searching around for a tool and came across – A site about Android and software engineering, and very kindly they host an Android version of tcpdump. It’s based on

tcpdump version 3.9.8 libpcap version 0.9.8

and the latest versions are 4.1.1 and 1.1.1 respectively, so it’s a little out of date, but fully functional.


So this probably only works if you have root – I have root, and I’m afraid I’m not going back to stock to test it. I have VillainRom 2.4.2 and these instructions are based on the steps I’ve taken to get packet capture working.

You need the Terminal Emulator installed, or you can run the same commands from the ADB shell on your computer, but this post is specifically about the terminal.

Download the file from your phone, so now the tcpdump file is on the handset. In this example, the file is stored in /sdcard/data/

The commands, file and directory names are all case sensitive, so tcpdump is NOT the same as TCPdump.


Just cp file to bin and chmod

Now, in the terminal type;

  1. su
  2. mount -o remount,rw /system
  3. cp /sdcard/data/tcpdump system/bin
  4. cd system/bin
  5. chmod 777 tcpdump
  6. mount -o remount,ro /system

To explain the commands; you need to request root, set /system as read-write, copy tcpdump to /system, give it read/write/exec permissions and finally remount /system as read-only.

Packet Capture

Finally, you’re ready to capture some packets. In terminal window, type;

tcpdump -vv -s 0 -w /sdcard/tcp.cap

-vv puts tcpdump into verbose mode – to give us some extra information
-s 0 sets the size of sender to look for to zero, telling the program to grab all packets
-w /sdcard/output.cap will let us set the packets grabbed to be written to the sdcard for analysis later.

and all packets will be logged to tcp.cap – Ctrl+C ends capture. This can be done with volume down and C in the emulator.

tcpdump in the Terminal window

Categories: Android, Software Tags: , ,

Busbi Bolt 16GB USB 3 Flash Drive Review

August 31, 2011 4 comments

Busbi Bolt USB 3 / USB 2 16GB Review

The Busbi Bolt is a USB 3.0 and USB 2.0 compatible flash drive.
Today I’m reviewing the 16GB version and testing the speed in USB 2 and USB 3 mode.

Busbi Bolt 16GB USB3

First Impressions

I can’t tell you much about the Busbi brand, but it’s probably just a repackaged OEM device, which isn’t necessarily a bad thing. If the memory chips and the controller are good enough, why should it matter who fabricates them?

The Bolt feels robust and light when first released from it’s blister pack. The surface on which the Busbi logo is printed has a different feel from the plastic outer, it’s almost rubberised, and tactile enough to provide grip when inserting and removing.
There is a brilliant blue LED that also illuminates the transparent base. The base houses a metal loop for a lanyard, although one is not supplied.


#1 – Retail Front

Retail Package Front

#2 – Retail Rear

Retail Packaging Rear

#3 – Blue Illumination

Blue Illumination When In-Use

Free Space

Windows detected the drive without requiring drivers, my system runs windows 7.

Windows shows the drive as a 14.9GB capacity.

16GB is 14.9GB Free Space

This is the same for every device, it is not a fault with your drive.

A device advertised at 16GB is actually 16 billion bytes or 16,000,000,000 bytes.
On your packaging somewhere is should say 1KB equals 1000 Bytes.

In reality, 1KB is 1024 Bytes, so your real capacity is less. To calculate what size you should get, take your 16 billion Bytes, divide this by 1024 to get the number of Kilobytes.
Divide again for Megabytes, and again for a Gigabytes.. 14.9011..

Speed Test

On the back of the packaging, Busbi claim this drive will operate at of 20MB/sec read and 10MB/sec write through USB 2 and they claim 50MB/sec read speed and 20MB/sec write speed through USB 3.

USB2 - 20MB/10MB sec USB 3 - 50MB/20MB sec

The Software

The software I’m using to test the Busbi Bolt has changed in version only, from previous flash drive tests.
The physical way in which the drives are tested is relatively unchanged – a file is written to the drive and verified, and the read and write speeds are calculated.

You can download the test software yourself, from the following locations.

CheckFlash by Misha Cherkes version 1.16.2
Barts Stuff Test version 5.1.4
Crystal Disk Mark version 3.0.1b – available in 32 bit and 64 bit versions.

The test system is a custom-built i7 930 with 6GB ram, running windows 7 x64.
The flash drive is formatted to NTFS to allow a full drive read write test.
FAT32 has a file size limit of 4GB

Check Flash – USB 2

Check Flash is set to complete 3 passes of the Small Pattern Set read write test.

#1 – Nearing end of 2nd cycle

Check Flash coming to end of 2nd cycle.

#2 – Check Flash finished 3rd cycle

Check Flash Finished Testing

Our final values for USB 2 testing with Check Flash are 32.94 MB/sec read and 17.94 MB/sec write.

Check Flash – USB 3

Check Flash is set to complete 3 passes of the Small Pattern Set read write test.

#1 -Check Flash 1st cycle

Testing USB 3 In-Progress

#2 – Final Check Flash results

USB3 - 52.76MB/sec read 18.02MB/sec write

Our final values for USB 3 testing with Check Flash are 52.76 MB/sec read and 18.02 MB/sec write.

Where To Buy?

Shop through Quidco for cashback at Right now, the Busbi Bolt is only £15 from with free delivery.

or use code DSTORE10 at Currys (UK) for 10% off and free delivery.

£13.49 with 10% off and free delivery

Seen a better offer? Post a comment!

Quidco App for Android Updated – v1.0.5 and v1.0.6

August 24, 2011 2 comments

On the 23rd August, a new version of the Quidco App for Android was released to the Android  market. It claims to resolve the security problem indicated here.


Quidco App for Android Updated - v1.0.5

Quidco App for Android Updated - v1.0.5

The updates include #11 – Removed debug logs..
It’s great to see such a quick response to a problem, however the raft of updates created some further bugs, and v1.0.5 was quickly superceded by v1.0.6.


Quidco App for Android Updated - v1.0.6


Software Updates

As always, I advise you to keep all your software up to date. You can access the latest version of the Quidco app for Android directly from the Android Market.

I have not yet confirmed the claims that logging is removed and the log file created by the v1.0.4 version is deleted, will update when these checks have been completed.

Beta Testing

If you’re going to release beta software, make it by invite only, then you know who is running it.
If you get a serious issue, you know who’s affected and have a central place to disseminate information.

Wikipedia says

Versions of the software, known as beta versions, are released to a limited audience outside of the programming team. The software is released to groups of people so that further testing can ensure the product has few faults or bugs. Sometimes, beta versions are made available to the open public to increase the feedback field to a maximal number of future users.


Want To Know More About Quidco?

Read my post on Quidco – how it works and why you should sign up.

Quidco App for Android Logs Username, Password, IMEI and Card Details Without Encryption

August 21, 2011 3 comments

Quidco App for Android v1.0.4 – Still Just A Beta Test

I installed the Quidco app for Android from the Market a few days back, and I thought it would be nice to do a review.
However, after a bit of poking around I found a log file – Qlog.txt – with my Quidco username and password stored plain-text.

Quidco Username & Password

A quick check revealed also the app was logging my quidco userID and my phones IMEI number.
The IMEI is unique to every handset, and doesn’t necessarily relate to any individual, the SIM does that through the IMSI.

Anyway, the quidco app gets your IMEI through the READ_PHONE_STATE permission, which is requested on installation. It is shown below as Read Phone Status and ID.

Quidco App Permissions

Store Card

The app gives you the opportunity to register a credit card, for earning in-store cash back.
I read through the terms and conditions first, to see what safe guards are in place to protect my data.

T&C Section 2

Great! My card details are only stored and processed in encrypted format..

Screen grab was made after bug found, to illustrate the problem, but log file is exact except redactions.

My Card 8888..

Logged Un-Encrypted

Data Protection Fail.
Please note, the screen grab of card number was made after the bug was found, to better illustrate the problem, but the log file is exact except redaction.

Further Development

This fault has been reported to Quidco, un-installing the app does not delete the log file.
My handset has root privileges, you may be able to view or delete you own log file without root.

Update; the Quidco response to this issue is

..that the android version of the Quidco app is only a test version and this is not meant for use at the moment.

We have not launched the android version of the app so any personal use of this is completely at your discretion as we are currently running our own tests on this to ensure everything is ready before our official release.

If you have any worries or concerns, contact the app developer or read the Information Commissioners Office guides;

Disclosure of personal information
If your personal information has been disclosed in a way that you did not expect you can complain to us.

Security or loss of personal information
If your personal information has been lost or is not held securely you can complain to us.

I’m sure it’s possible a malicious program could be written to extract these details from your log, and gain full access your account.
You do use a different username and password for all sites, don’t you?

Google Web and Mobile Search UI Update

June 29, 2011 Leave a comment

The new Google UI is based on 3 key principles, focus, elasticity and effortlessness. You can read more about the three key design principles directly from the official Google blog.


On Android handsets, there is a really nice UI update to the Google Search page, tightly integrating the touch functionality of the handsets.
On launch, the address bar is hidden out of sight, however you can still scroll the page to reveal it. The focus in on Search.

Google Search in Browser

Click more to reveal extra search options – as you click, the screen smoothly scrolls to reveal icons for the more popular search tools, Images, Shopping, Places, YouTube and even Apps.

Select More for Extra Search Options and Apps for Quick Access to Google Web Apps

However, if you choose Search and select Apps, it doesn’t link directly to the new web based Market, nor does it load market app on the handset, instead showing search results with matching App details.
Indeed, choose Apps, and it presents icons for Gmail, but click the limk and it redirects to the Gmail website. So is this new mobile UI  purely superficial?

Even if the new UI loaded the apps on the handset, why would I load the browser, and navigate through to the right page, when I’ve got icons on the homescreen to do that for me?

Apps One Touch or Swipe Away

Unless you’re using the stock browser, you miss out on this over engineered front end. Opera and Firefox display the standard Google mobile search interface.

Web Interface

Google updated their Search user interface for the rest of it’s users to include a nice black bar across the top.

The new contrasting top bar is designed to focus your eyes on the logo – the search bar remains un-noticed and unobtrusive until you actually look for it.
The look and feel of the search results has changed, or feels like it – there seem to be fewer ‘sponsored links’ at the top of the search results.