 entered and sat down so uh... we're gonna get going guys at the back can you hear me okay no all right what if i speak like this really that loud still can't hear me let's move the microphone now so if i speak like this can you hear me okay yes just about huh all right while trying to remember to speak loud if i uh... straight into my old habits of speaking lower tell me to raise the sound and a way to put this so that we don't get the feedback uh... welcome to hacking from the palm of your hand as you can tell from the title this is all about too many mics my name is paul clip i'm a consultant at that state uh... they've been there for about a year for that i used to work in a system integration firm but both building online systems and then securing them this presentation is part hey here's some of the cool things that already there for the palm of the platform related to hacking and also part tool release and a little bit of ideas about the future about you know how the talk of the enhanced so before we start with your quick poll how many people have pda's in the audience uh... how many people have palm pilots upon upon a west-based pd i will not move close to the desk and try to fall off backstage of those palm based uh... devices how many of them have wireless or network capability you know eight or two eleven quite a few so we'll get started uh... the agenda talk about goals and when i really talk about past present future past meaning thank you meaning some of the tools that have been developed recently or not so recently basically have to do with uh... with hacking security present is all about often is a vulnerability scanner will be talking about to somebody said in some detail about how it was built some of the design criteria what it can do or show some demos and then future just i didn't want to go with it quick goals obviously review of palm is a hacking platform will walk through what it what it takes to build upon based uh... vulnerability scanner you know at least one way to do it right because of a lot of different ways uh... back again uh... obviously one of the goal is to release a tool to to the public and finally the obligatory have fun let's start with the past oh we have a trigger question who knows what this what the first time pilot was called one thousand yes how much how much memory did it have one hundred twenty eight k well i've yeah i five-twelve is five-twelve is what i've seen but i think one twenty eight was was before that yeah long time ago who had a pilot one thousand well some die-hard who still has a pilot one thousand all right to people here uh... so let's keep going so the palm platform has really been in transition i think a lot of people know this i'm not going to spend much time you've got the old in the new right the old is all based on the sixty-eight thousand core processor they call it the dragon ball processor it's basically the sixty eight thousand plus a bunch of uh... additional circuits uh... to uh... basically give you a uh... small make a possible for you to build a small form factor computer uh... you see the speeds etc sometimes you get color screen sometimes you don't uh... most of them all of them will have either serial or usb and infrared and uh... really looking at promise for and below for was really the transition or less palm basically said if if you're outruns on four will make short runs on five and beyond six will be i think released this year or is in the works at least me if not this year only next year all running on arm processor so i don't know what that what the max speed is in these things go very high as far as like and see from some of the uh... i packs that use them as well so this is a risk processor obviously a lot faster you basically have all around better screens color usb i r expansion slots some of the older problems had them to come back flash sdio for this presentation will be focusing on the old stuff two reasons for that one this tons of old stuff out there way more than any parmo s five uh... pilots or upon devices and the other reason is i don't have an os five on device and stuff i kind of developed it on the platform i have when we talk a little bit about security tools what i'm going to do here is welcome our friend the developers friend an excellent tool for the palm open source emulator this is basically actually how many people know about this okay so maybe about twenty percent this is a uh... an emulator for uh... the sixty thousand based parmo s's you basically it's the shell it's the hardware emulates the hardware you download roms you can get them from palm for free you can sign up as a developer you get them from handspring as well you basically download the emulator download the roms put the two together and you have upon development way faster developing on this than having to download stuff to your palm try it out and then you know make changes you have skins for it so there's actually the skin for the threat of the trail three hundred which is the device i have it is the third-generation trail i i like it a lot except from a manufacturing perspective it's not as reliable as you want it to be uh... the nice thing about is that on this trail is on sprint which has a one ex-arty t to use net three g network which means you get pretty good band with a can use it as a modem maybe get eighty k a second so that's not bad for myself but go back to security password generators there are a bunch of possible generators out there to i find kind of fun one is called posture not going to show you all these tools but they're kind of fun if you click on default will basically you know you give a valid characters and give it different options you generate it'll generate your passwords if ever you want to have a password you can type with your left hand only you click left and it only uses the characters from the left hand side of the keyboard or the right hand side of the keyboard so if you need you know if you're looking for that really how to how to crack password this kind of interesting the one passphrase basically comes up with random words that you can start to string together to to build a passphrase uh... if you're looking for encryption right now you know the palm of us especially four and three and i'm guessing five as well as basically you know it's not really dmca friendly uh... there's no memory protection whatever there's a copy bit that is easy to flip what we'll show you we'll show that very briefly uh... if you wanna encrypt something crypto pad is a replacement from the memo pad it's a very regular program top on source for which tells you that it's free most of these programs are either free or shareware uh... secret is another place that will another basically encrypted memo pad the nice thing about it is that it has a a conduit so you can update your secrets on the bc on the mac and then downloads download them to you all a bunch of password crackers that have been written by uh... some of the ad state guys uh... one was to crack the uh... the cisco passwords another one is a tool called not think is kind of funny because there's there's actually development environment equal not think now basically what not think that not a very nice to a bit you really have to work at it get some of these parts of it what you have to do is you start not think and then you say to someone bob would you mind uh... starting an infrared hot sink and just pointed at my pilot and if bob does that then the first thing that gets sent over is the uh... the lock password the password that you can set to basically secure some of your records on the palm up to almost for it was easily crackable if you're if you're in need of fun you can do this i did this i forewarned the gentleman and i told him hey let's try it out right security guy and we got his password and his comment was crap i guess i need to change my windows password as well now so don't don't use the same password not a good idea plus i mean he must have been like if i like my windows passwords are long right now crap right the time i pass what every time i want to see a record will look up a phone number and another thing what i like to be a uh... that's actually pretty neat is written by a gentleman called kingpin used to work at at stake uh... very very well-versed in the uh... in error hand-held devices and so this is actually a complete war dialer you can basically you know configure it you give a prefixes mosques and start time and times all sorts of stuff i haven't tried it with my trail theoretically it should actually work so this is actually maybe a really small what i think about security tools uh... communication tools not going to go through all these talent tonic useful not just for tonic to host but also i see a port if ever you happen to be in a uh... uh... hosting facility and you have a serial cable with you and you plug it in you plug it one and into your palm the other end into a that's a Cisco device you can maybe access console that way ssh is available free where only the one which is kind of sad i believe there is a commercial version by a secure that does the two uh... web and mail against all three uh... you don't have a very nice week will see you don't wear briefly in action all free the nice thing about you don't wear this when you're a lot of the browser's on the palm basically go through a proxy right in the proxy reform arts there the content everything you don't wear is a text only browser and it goes directly has uses no proxy goes right to the source so you see exactly what kind of a team what comes back when you're doing tests and things that that's pretty useful uh... magic pink is actually pretty cool it's a uh... pink utility that has a ton of options you can specify retries timeouts the contents of the pink packages whether you want to flood which i'm not quite sure on a device with this amount of bandwidth what flood pink really means but you can you can try ftp exists also there's a bunch of infrared tools as well uh... from like an infrared monitor if you believe that some evil agency is trying to monitor you know what's really as you can tell this digital or virtual uh... problems and really have my own part but basically what it will do is it will tell you how much i i was coming in and actually so if you believe someone's trying monitor or or emits rather uh... infrared this is a tool to use the uh... the last one on the list is on the remote which is a commercial tool but it it was featured a while back because people are using it to basically record the uh... unlock sequence car keys you know a lot of car keys work in radio frequency someone working i i so what people would do they'd just be standing around your car with a palm pilot pointing at your keel surreptitiously record that and apparently on some models i'm guessing must have been older models of our right because typically these codes change every time you use them you could actually reply to you could steal cars with a palm pilot not a good thing to do uh... finally palms are anybody uses this that i made that one up but it sounds good doesn't it so so if if you see it you heard it here first and you can probably download one mp3 before for your palm fills up moving rather quickly because it does a lot of stuff that they go through uh... dev tools the big fan of reverse polish notation so i like our pn it's shareware but it's cool uh... long time is actually need little tool often find myself looking at logs with you next time minute and this is a very you know nice to all i can just plug in a new next time will say hey what what they are we today what you next time we today and so it'll it'll calculate stuff for me just small stuff but comes in handy files files is actually a really cool free program i can find it here that we go and it does a lot of things so you can basically view all the files that are in your on your pc uh... on your palm i should say and let's let's take some of us take the austin network library you can look at details you can modify things like the crater id which is the unique idea for the uh... the library you can set attributes takeaway attributes you see this copy protect if this is set palm or is told program not to allow you to be many right so if you see files like this you can easily on unprotect them honestly it's been a long time since i saw anybody still use that but i think i'm a lot of people know that what's really like i said it's not quite the d r m platform of uh... of the future the cool thing about it is that it also has an editor right so you can view you can you've got a hex editor and you can do you can make modifications to stuff now we're starting to get into more of the hacking stuff if you're looking at at files and you want to make changes this is one way to do it right there you can go in make whatever changes see what happens the next tool that we have resource at it is another way the way palm applications work is upon file is actually called a database inside that database there are multiple resources some are called some are text you know a lot of executable so what resource editor does is allows you to edit resources so if we take i don't know let's take um... let's try date so we open date book you can see all the different resources it has the m bar that's a menu bar so we can open that and we can see that the menu bar has three different kind of menus right you can open that and you can see what menus there are and you can change them obviously if you're in uh... i probably wouldn't change appointment because you're looking at a wrong application right now uh... you can change a lot of things the core thing about resource edit is that it will let you to allow you to edit icons like maps and stuff and i can find out here we go something we have disassembly she's kind of cool right so you're on your palm you're like whoa i think i know what this program is doing well dammit i want infinite lives in this game so you fire up you fire up resource edit you go look at the car and you think how that's it it's a branch not equal right usually it's that you you've got to change a branch you got to basically get rid of a test or jump over a test so you think you found it now here the issue is you have to know how to assemble sixty eight thousand in your head well maybe actually we'll see another tool that might help us that but if you didn't know the opcode you go back to files you go patch the binary and then you get to play your game until the batteries run out very cool to all this is sure well files is freeware uh... i think this is like fifteen bucks so very very new to all the last kind of i think the the tour de force of you know death tools and kind of hackerish stuff on the palm is on board c on board c is like a c development environment that runs on the palm really impressive stuff it's not completely you know and cc there are a few restrictions but literally you are coding c i had a create like a hello all my call the hello all dot c and it depended on c to it but we can do we can go to edit we don't want to go to a resource editor you go back to on board c really want to do the code there we go so this is the editor that comes with it also freeware source edit and you can see this is hopefully if you can read this from the back and you guys read it's all the way from the back okay that's good here it is here the application right all c code you could compile in your desktop you can do it right there on the palm so if we go back to on board c oops sorry if we go back to on board c and we click on hello world and we say build we go building header compiling we go it built and we can go to unfiled if we have an application yes hello world dot c we go that's the application we just built she could literally develop c-con on your phone in my opinion you've gotta have a masochistic streak to do that because if you could like i do you make mistakes then you're gonna be crashing upon all over the place does not very forgiving environment right you you have bus errors and all sorts of stuff so it's still very cool yes question on the emulator not so much a masochist but you're really looking for the difficult way to do it because what you do on the set of using the emulator will actually talk about the tools development environment on the on the pc and you develop and on the pc just uploaded to the emulator and then run it there it would be less painful to do it on the emulator not recommended uh... but the emulator is awesome interestingly as a side note the emulator doesn't have an equivalent in uh... os five now as far as i have what they call is a simulator what they've done is a compiler as five into native x86 code i believe they've done it for the uh... power pc as well so you can run on macOS and the reason i'm guessing they've done that is it would have been way too much overhead to train emulate a uh... a device that is running way faster then the old palms were right because now you've got an arm chip that's running at maybe four hundred megahertz and it's expecting to run at that speed unless you have a really powerful pc it's not going to look that good so anyway os five has a simulator tool intensive purpose is pretty much the same thing quick tour of some of the cool some of the cool applications or at least the application i think a cool on the palm i had a question here earlier about can we get these slides question is yes but i'm not quite sure how defconn has a copy and i'm hoping that they either go on a cd or on the website if that doesn't happen i will bundle them pretty much the same the same one you see here with the actual release of the tool and so in a few days you'll be able to download them that will be included with that the distribution of the tool right at the end of the press to make sure that you stay because i know you want this tool there is the url for the tool uh... go quickly over this interesting hardware things you might want to have a or use if you're writing stuff up on the way cool things that people have done like putting pilots in robots and things like that the keyboard is kind of neat but a lot of these folding keyboards this keyboard is actually have one works fairly well the nice thing about it is that it doesn't use a connector uses a little arm that swings up and talks to your infrared port so it actually works for power pcs and pocket pc sorry and palms and other devices as long as you have the driver if you buy a keyboard you don't have to give it up once you decide to change uh... pds i couldn't resist some comic relief this isn't all dilbert about the uh... the handwriting recognition of the of the palm the original palms some of you one graffiti and maybe right graffiti better than they write normal handwriting walk appreciate this uh... let's go on okay present another trivia question how many part of us handhelds are in the market today according to palm i'm guessing what in the market means just sold right since the beginning of time i've got to believe some of them four million i have four million do i hear more forming going once five million you guys are way too low do i hear more thirty-eight okay that's too high twenty four is what they say which is still pretty cool the twenty four million what they claim and i'm assuming they're counting palm OS devices not just palm handhelds but sony handspring and their cusera all the rest so now we're going to talk about upon vulnerability scant so the first question you may ask is why right well to good question i'm isn't exactly a really powerful platform so that couple answers one i thought it'd be fun to kind of the reverse everest answer you know it's like why did you climb everest because it was there while i wrote this because it nothing was there already stuck couldn't couldn't i didn't know of any other scanners potentially it could be it could be you know useful if you're on the road or in some cases you'll see what you can do with it obviously if you're going to do any sort of serious security work you are not going to hand in a report to clients that was purely done on a palm OS based vulnerability scanner you'll see kind of cool so what did i originally want to do wanted to do tcp utp scanning i wanted to support multiple hosts and ports and do banner grabbing and save results in some kind of a reusable format and i can read the last text stand alone it it needed to be so i did was if you think about the nessus route nessus has a client the server well why not today put a server out there somewhere and then right little client interfaces to it why wanted to have something that was just relying on the palm nothing else so you ask what about the scanners are you sure there are none not entirely but other than a mention of a n-map an n-map port for the palm and two thousand someone's claiming to be working on it i never saw anything released so little different programs here but that's about as close as i've seen anybody will anybody gain say that statement okay so maybe i did do enough research goodness happy that no one says wait a minute i s s has a palm based vulnerability uh... so if you're gonna write something right you gotta choose development environment there are tons of development environments almost any language has been ported to the palm in some form of fashion either development on the pc on your palm on all the rest it's all that there's tons of stuff i decided what i'm gonna go for what i need right technical features i want to leverage the palm ui i want to be responsive kind of want to be able to extend it and i'd like to be able to develop on the pc i just don't want a language that force to be developed on the palm be nice to be able to develop on the palm and most important i want to reuse other components which really means i want to be lazy right because if i can interface with something else that's already written that's less work for me so you'll find that the the reuse other components of the laziness factor was influence a lot of design decisions so anyway look at that spending finally i chose pocket c tell you why so pocket c is like this interpreted c-like language c-like is good right because one of us program in c and it's pretty accessible it does all the memory management for strings of stuff for you it allows you to do multi-dimensional raise through a little bit of a hack you can do strokes as well with a minor hack reasonably fast develop on the palm it actually has a palm development environment uh... sorry pc development environment and uh... you can obviously do it on palm as well and it's extensible you can see the how the world right what's not to love in a language that makes how the world look like a c-program the pocket pc program is here thank you anybody programmed in pocket pc nobody all right well maybe that'll change you can extend pocket pc in a couple ways one is through just what they called include files basically include you know dot h files but you put code in there and you can include you create different modules which is what we did for boston and you can also create native libraries which you can face to which is also what we did must have library for pocket pc is called pocket toolbox it basically allows you to access all the palm-wise GUI functions so that is a very very key feature to be able to do has some database functions graphic punch a lot of stuff that i'm not using this program a really useful tool it's free as long as when you release a tool kind of let joe know you say hey joe i just released something and you bundle you know you make sure that people know how to get to uh... to his side so you might want to you might be wondering what you've been talking about often right what is often stand for so that's what it stands for uh... officially unofficially really stands for is when you know how in the matrix to trinity is hacking into the computers and stuff and she's using these cool ssh uh... c-r-c vulnerabilities well i find a way to talk to you say well to pity austin powers doesn't have anything lost in power doesn't have anything he doesn't get it to like hack into networks and stuff so we're joking around about how it will be cool that austin would say doctor evil be me a contact info baby and what doctor it was doing that often was really scanning his network unofficially it's all named after austin powers i think austin likes it yes he likes it when we have a quick demo of austin you can kind of see what it how it works and i will talk a little bit about the structure of the program architecture here is austin and i will also always talking start up a uh... anybody use vmware yep yep very cool program isn't it vmware creates these little virtual computers inside your computer and i happen to have one which is a uh... uh... windows two k server which i use for a bunch of things so i'm gonna start one up and that's actually what we're going to be scanning what i'm also going to do with the uh... windows two k server because i don't have very much this thing on utp and i want to do utp scan i will use a netcat listener this is going to listen on the port and when someone tries to read it it's going to send back some some information okay that way we'll actually actually get something so you guys want to see the command for netcat but you don't care i miss out okay i had to let's see it here just so you can and see i'm not quite shooting here is our little windows two k box and here is my netcat so we're listening on port two thousand so first thing to do find a mouse with this out of the way alright so the austin interface so you can enter one or more hosts and to the ip address of our host here one ninety nine one twenty nine believe i checked in correctly if you want to put multiple hosts you can but w w w dot yahoo you can have calm as if you want to use ranges you can do that too but we're not going to do that for ports you can basically specify them right here there's another way to specify them we'll talk about that later tossing a few let's do one thirty five to one thirty nine since a window box let's do four four three and let's not forget two thousand all right so we're going to do a utp and tcp and let's do a banner grab alright so basically what this will do is it's going to try and connect to these ports with utp tcp and it's going to try and do a banner grab now banner grab you'll see in the preferences but you can specify the string it's going to send right now by default it sends an options htp command which is kind of useful because a lot of things talk htp and you might as well see what what comes back the options come on basically tells you all the htp verbs if the server supports it it will tell you all the htp verbs that the server uh... recognizes that is the emulator context menu which we don't really need so we hit we start scan and with a bit of luck says scanning it's found eighty open one thirty five that's trying thirty six thirty seven thirty eight thirty nine is open as well for four three and that's okay so great scan is complete here is the one of the first laziness principles in action this little button here down at the bottom which looks like a filing cabinet goes to a program called pilot db pilot db is a free gpl uh... database which is what Austin writes it's um... it scans it you'll see there are a couple other databases will talk about those latest one thing you have to do is kind of rescan databases you can see there's a new database here unfortunately there's a limitation with the pocket toolbox in the size of the the actual database i can use so i've i've put in a a timestamp and then as much of the appeared as i can fit and i need to ask you to extend it so if we click here you can see okay we found a port open port on eighty four you know these are the open so and you can see all the different things we found this is what what's what gets logged and right here is the banner okay microsoft is five we know and all the rest okay so if we scroll down here we're actually seeing all the different open ports you see no banner there one bite banner that came back here and then udp two thousand we got a hello world back which is what was in my my file but basically gives you the results the reason so a couple reasons why using pilot db well obviously why it's it's great right if i if i as long as i write the results in pilot db i don't have to write an interface for you to access it it's a database program so you can search on things and you can manipulate the uh... the column of their stuff to show so different information the other reason is once you think this your desktop there are tools to convert these files into csv so once you have a common separated value file you can do whatever you want with humanly you can integrate that into other information so let's go back to support eighty right now i go okay well that's kind of interesting we had we had here uh... mix of the is let's go to another feature of austin actually do a url scan we'll use the vulnerability database here the vulnerability databases actually rather a grand time because it's really url scanning database i will typically what you do is you fire off the whole thing we're going to select which test you want to do if these are those nice web server we'll do this a quick test to check whether debug.sp is there you can see i haven't really used this checkbox kind of that to say what if this is a DOS a check that might DOS the server you know at least let people know method head or get HTTP method to use a request to request the url match our colon colon basically says look for two hundred right look for a return code of two hundred and then here's what to say if it if there are issues so go further down different vulnerabilities and here's one of the infamous unit code one here we're doing a get and we're trying to match these characters inside the inside the results so what we'll do now is we've selected these when we just select port 80 which we know that's the web server forget about UDP right now let's click on url scan alright so it says scanning complete and what we want to do is rescan databases nothing right found nothing so that's kind of disappointing so we go back to austin we can enter the interactive mode like why i could have sworn that debug.asp was there you can basically type in the url I'll type in the IP address I should say let me know if I make a mistake it's kind of hard to see it from here and let's let's actually verify that this that the debug.asp is not there HTTP colon double return alright so oh thank you good I'm glad that you noticed so let's connect let's send and oh we got a whole page back and what do we got we got a 404 now I have a suspicion that instead of instead of debug.asp this might be an infamous the infamous vulnerability debugging.txt which you guys may not have heard about but is really bad so we'll see if we find that on the server and we do a head and yes we got a 200 this server by the way is one of the the training servers that we use got an application I won't show it to you now but it's got an application called at stake bovine products it also has a file called debugging.txt on it to explain to you SQL injection so since we know this like okay let's disconnect let's go back to the database we can do a quick modification here debug.asp you can become debugging.txt and instead of doing head we're going to do a get and we're going to look for colleague of mine who I hope is not in the audience otherwise he'll be upset with me look for his name so if we find a document written by Mr. Hawthorne we're in trouble right so we want to match on Hawthorne and that's it I'll leave that go back to Austin you see the Austin remembers the settings you gave it so we'll run this again it's banner grabbing okay and we rescan databases you always have to do that because oh there we go we have a red vulnerability so it kind of gives you a feel for Austin what you can do now is you can kind of if you want to you want to see what the page looks like you can grab the URL copy it and go to let's say our favorite program Udora Web I haven't run this before so we're going to agree to the license say visit and I will paste it in and say okay and there we go and that actually Udora went and downloaded the information you can see it's from Mr. Hawthorne and it's a secret injection demonstration that's it that is in a nutshell most of Austin and let's get back to the press so very briefly Austin architecture you can see how it's written obviously palm hardware, palm OS and then we've got pocket C which is a runtime with two native libraries I'm not going to spend much time on the blue stuff that's written in pocket C I'm going to spend a little bit of time on the network library because even if you don't care about Austin if you do want to develop stuff with pocket C or network stuff you can actually use the net library on your own and do a bunch of stuff with it so tools to develop Austin we talked about the emulator pocket C desktop environment PRC tools is what includes all the GCC tools PRC tools has GCC and a bunch of other tools to create executables all free palm SDK and then the pilot resource compiler is used to compile those little resource files that describe GUI's so the palm OS network library is actually pretty cool it's actually fairly comprehensive supports TCP UDP you can have raw sockets available as well some of the lessons learned close the socket as soon as possible the sockets you know you get about six to play with you use up six sockets and you're not closing them everything stops until some of the sockets get closed so make sure you close them all the time and you do have a Berkeley interface into these network library calls so you can do socket and open and bind and all these things but using the actual palm OS calls gives you a lot more flexibility I'm going to skip over the native library you can kind of see this is an example of actual native C code this is a quick example of what it would take to do to program ahead so just go to a go to a web server ask for IP address and port go to the web server connect actually I there's a mistake there see I'm connecting on port 80 but I'm I'm I should be connecting on the port that was specified write something read something and close the socket so really simple code right now to to write TCP code in or network based codes in pocket C once you have the wonderful Austin net library a lot of lessons on about net libraries it was about native libraries for for the pocket C it was painful because there is a much documentation if you're going to be doing it I suggest you download by the way Austin is gpl so feel free to download it look at the code use it make changes to it and then you know tell everybody about the wonderful improvements you've made so you can definitely reuse the Austin net library and make sure you look at the make file stuff like that because it took me a while to get everything working correctly and there isn't there really is a much documentation especially around passing some more complex structures between pocket C and database access we talked about that a little bit we actually support two database formats pilot db is what what I'd recommend the uh... there are three two types of databases we use preferences webvones and results you've seen the webvones you've seen the results really the the other preferences the preferences the other preferences of Austin I should say basically places where you can say okay well this is the banner I want to use if you don't specify TCP ports you can actually specify them here if you leave the ports field blank you can actually select different ports to check here so if you're doing the same kind of scans all over the place you can just create one entry here put in the ports you want and make sure it's selected and that will get used you know banners you know and different banner entries and stuff like that and then there are different there are different uh... basically preferences you can set and each preferences has a description so if you're playing around with Austin you can go in there and just see what it does and mess around see what what what changes it's very nice I mean you really get a lot of benefit from using this stuff because the whole database manager is there and I didn't have to do very much for it graphic user interfaces could be a complete talk in and of itself not going to go there you can see basically I put in a little bit of how you would define one you can see the the different uh... tags that you use like hey I want a button and here's why I want it and here's the idea and in your code in your vent code you basically wait for an event to happen and when it does you look at the idea you can say oh someone clicked on scan so that's basically how it schedule scanning there are two buttons that I didn't really show in Austin schedule scan and nasal scan nasal scan is future it doesn't work or it's not enabled the nice silhouette schedule scanning basically pockety will tell the palm to go to sleep and wake up at whatever interval you set and then run the scan so if you want to scan like for a week on end it's kind of a fun feature that was cheap to add so I added it if you want to scan once a day for a week you can just you know leave your leave your pilot plugged in every day wake up and run a scan and then go back to sleep again so tying it all together basically if you want to create an application this is typically what you do you have source code and icons and a creator ID you have to register one from palm otherwise you have conflicts and if people have multiple creator ideas the palm always gets confused you get one from palm you run it through the palm desktop the pockety desktop environment that creates an executable you take the resource compiler the resource definitions you run it through the resource compiler that creates a file you can combine that program called pa into a file called austin you could also bundle in the network library I left everything split apart in the distribution so people can mess with different files you know more easily but that's how you basically integrate everything very different very different tack now when it talk to you about tools that a friend of mine has written who has a sony ericsson p eight hundred two people are right one of three people excellent so some of you have it colleague of ours called only white house very skilled security guy knows a ton of stuff very good developer doing a bunch of different tools so that's a little bit about the p eight hundred basically to you know cell phone gsm based while he lives in london so he's all gsm uh... runs the sim you know that different tools he developed one is net scan tcpdp port scanner kind of like kind of combination of or uh... austin is kind of combination of that mobile pentester so mobile pentester is a little bit like us and although it's a little bit more powerful in some features can do net scan can do some p d a cat which is like a net cat and they can see all these all these hand playing with his phone there's also he also wrote talk of p d a zap which is a uh... total basically down your own download all your memory so you can use it for is the response of forensics right you can get them at that state website and you can see all these things and if ever you need only to have only i saw you at defcon and uh... if you want to see only in person he is speaking at the chaos communication camp in august anybody going to cast communication camp no what's disappointing right i have a tribute question who can tell me what that is and the person who guesses what that is first a compact speed pack cellular pc card no no no no at stake at stake employees may not may not reply say say again ericsson hotline that's kind of annoying i don't know if my what i know i've been told what this is that i know i did but i don't know what the make a model is so what is ericsson hotline what is it it was a lot of fun ancient alright i think the gentleman i think the gentleman has it right it is a very ancient mobile phone so these kind of joke but very good who knows what caption goes with this congratulations come on or someone remember this this is performance pump close close redneck pda yes so that's the redneck pda this by the way will not be in the official presentation if ever i put it all right let's briefly talk about the future by the way if anybody works for palm here i would love to get in on the beta trials for the new trio six hundred so the idea and that's what's going you saw that the checkbox you know why do it national for those of you don't know is the nested tax relation language what's used to write about ninety five percent of the nestle scripts uh... basically if you look at nestle pocket see there's a lot of similarity it's not interpreted see like languages and one thing i'm looking at is to see whether it would be possible to write a translator or translate the nestle into pocket see and yet we've got where we're done that's what the pocket see and uh... and then run it on on austin so that will be kind of cool other ideas for features i think we could create custom id i p packets given the fact we can do what i think and there are a bunch of other things that of the support you have suggestions email to me thumbs up thumbs down do we achieve the goals yeah for a care you don't care for it friends a colleague of mine being difficult all right well thanks for listening the url is down there you can just grab it from the tool section and uh... if you have any questions from time just come find me may not hang out of the poor but i'm here the rest of the uh... thanks a lot