Tuesday, 27 January 2015

AWAS Pengguna Handphone Samsung

Spare-Part Dileraikan




Baru-baru ini, saya cuba untuk membaiki handphone yang rosak, jadi saya telah pergi ke sebuah kedai di daerah Kuala Lumpur, nama kedai tersebut terpaksa dirahsiakan untuk kepentingan bersama. Saya menggunakan handphone jenis Samsung Galaxy Note 2, untuk makluman semua, handphone jenis Samsung ini memang selalu rosak, jadi parts ataupun barang gantian untuk handphone jenis ini amat sukar didapati dan amat mahal. Jadi apa yang dia orang buat?

Apabila diperiksa handphone ini, mereka mengatakan yang logic board untuk handphone itu telah rosak, dan perlu digantikan dengan logic board yang baru. Anda perlu berwaspada jika juruteknik tersebut mengatakan yang logic board anda perlu ditukar, ini kerana ada beberapa parts atau barang gantian yang masih boleh digunakan akan dirembat.

Apa yang perlu anda buat?

Minta juruteknik tersebut meleraikan handphone itu dihadapan anda, dan anda perlu juga bertanya, apa yang menyebabkan handphone itu rosak, atau apa sebenarnya yang telah rosak? Dan anda juga perlu mengambil gambar dibeberapa bahagian logic board tersebut, seperti dibahagian hadapan dan bahagian belakang, ini kerana untuk memudahkan anda membuat perbandingan jika perkara ini berlaku kepada anda.

Dibawah ini saya lampirkan untuk pengetahuan semua dibeberapa bahagian logic board.

Model: Samsung Galaxy S3




Jika anda mempunyai sebarang masalah, ataupun pertanyaan, bolehlah anda menghubungi saya di nombor hotline dibawah. Saya akan cuba membantu sebaik mungkin.

PakarPC Kolej 10, Universiti Putra Malaysia, 43400 UPM Serdang, Selangor Darul Ehsan
FB:facebook.com/thepakarpc Hotline:1800-88-7508

Tuesday, 6 January 2015

For Unifi Users



There’s a lot of documentation online on how to hack your neighbours Wi-Fi, but sometimes you need to hack your own system. Usually its because you’ve change your router password and forgot it completely.

Don’t fear though, its actually pretty easy to hack your standard Dlink Dir-615 router (pictured above) that came with your Unifi subscription. Make no mistake, the router actually has some sleek features, but Telekom Malaysia has been put "certain backdoor" approach to bypass the security that makes hacking this router very easy.

The default Unifi access credentials are:

Username : admin
Password : (blank)

Where the password field is literally left blank, (as it is).
However, if you’re locked out of your Unifi router, here’s a couple of things you could do to get your connection back:

OPTION 1: LOGGING IN WITH OPERATOR ACCOUNT

Most of the time, I recommend you use the admin account to change your Unifi settings, TM themselves admit that they don’t even set a password for this account on their user guide (page 9, 2nd bullet). However, if you’ve changed the password to this account and forgot it, there’s still a second account that is left lurking in the system.

This is the ‘Operator’ account, and actually has more features than the standard ‘Admin’ account. TM have left this here, presumably for support purposes, but quite frankly, they shouldn’t. It’s like your house contractor, keeping a spare key to your home for ‘support’ purposes, it’s just not good security.

Fortunately though, if you’ve just changed the ‘Admin’ password, you’ve still got a chance to go back into your router and set things up correctly, just logon with the Operator account using one of the following credentials:

Username: Management
Password: TestingR2

Username : operator
Password : h566UniFi

Username : operator
Password : telekom

Username : operator
Password : <your Unifi username in reverse order>

Needless to say, please change the operator password once you’ve logged on, and remember it wisely this time.

OPTION 2: HACK THE D-LINK DIR-615 ROUTER

This options isn’t as hard as it might seem. For those running a router with a firmware version of 7.09 and below, there is a well documented vulnerability on the Dlink Dir-615 router that enables you to access your router without even knowing the username or password. To do so, just enter this url;        http://192.168.0.1/tools_admin.php?NO_NEED_AUTH=1&AUTH_GROUP=0

The vulnerability is called an authentication bypass, and literally allows you to access the router with no credentials at all! You can visit any page from the router menu, by just adding the:                       “?NO_NEED_AUTH=1&AUTH_GROUP=0″ to the end of the link.

OPTION 3: THE ONE THAT ALWAYS WORK

Unifi users should really scared with this one. As from my checks with a couple of Shodan searches ALL Unifi routers are susceptible to this attack. All you need to do this is visit this link:

Shodan Search Engine Website; Using this METHOD:

http://192.168.0.1/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd

And you’ll see in plain-freaking-text, your unifi routers username and password, for both the admin and operator/management accounts. This is all public information at this point and you deserve to know that your unifi router is insecure. So get out there and buy a new router already.

HOW TO SECURE YOUR UNIFI ROUTER

It’s also important to learn how to secure your router, the first bit is easy. Change the passwords, TM have a really bad habit of setting the router password to blank, meaning there literally is NO PASSWORD. Needless to say, that’s a bad security. What’s even worse is the average customer isn’t aware of the operator account which is left on the system with default passwords as well. From my quick checks, about 50% of people don’t change they’re router Admin passwords, and nearly 99% of people haven’t changed their operator password. You can’t really blame them, they didn’t know the operator account was there in the first place. So basically 99 times out of a 100, you’ll be able to ‘hack’ your unifi router using nothing but default passwords.

Securing the router, 

1. Requires that you change the passwords from their default values.
2. If you’re using a firmware version of 7.09 and below, it’s time to upgrade your firmware. Upgrading your router firmware is actually pretty common stuff, there are entire websites that are dedicated to documenting router vulnerabilities, not for hackers, but security research–and this concept actually helps make our everyday appliances more secure.
3. Change your router to a new Asus/Tp-Link router.

That may fix the short-term though, in the long run, you’ll need to pay attention to security practices and upgrade your router firmware accordingly–provided the manufacturer actually releases patches. It’s inconvenient, but security requires effort.

PakarPC Kolej 10, Universiti Putra Malaysia, 43400 UPM Serdang, Selangor Darul Ehsan
FB: facebook.com/thepakarpc Hotline:1800-88-7508