I avoid jumping into these kind of wars. Back in my college days when I told my professors that numerical interpolation does not have any limit on the degree of polynomials, they went mad laughing at me. What hurted me that they never assign me any logical reason and never bothered to go through my research work because they considered that they know very well about the subject and I am an idiot who after spending countless nights of hardwork arrived at the stupid result. I decided during that era if somebody in the future comes to me with something which voilates even my own theory then I'll give him a fair trail. This is the very reason I am here. I don't think that Joe has been assigned a real reason why his work is useless. What I am seeing is something very similar to what I had seen in my college days.
Any way Joe your product is great (You made cracking simpler :-). You must have done a lot of hard work to implement the debugger protocol and certainly it requires a degree of sophistication to send RPC over the serial link. However, as many of my fellow developers have pointed to you that this task can be accomplished using debuggers also. Most important of all I would like to add in your knowledge that the tool "can not" be used as a forensic analyser. Do you know about Developer's Backdoor no 2? While you may think device does not know about what you are doing but the fact is it keeps a very fair log about what your tool is doing. Anybody can write a program to keep track of these changes and destroy the data if it finds that an attempt of unauthroize access to the device is going on. I am not a legal expert but as far as I think if you have changed the memory contents of the device while taking the memory dump then I don't think that you stand a chance that your memory dumps are worth anything in the court (you have tempered with the evidence). Memory dumps which can used for forensic analysis in case of Palm should be done in other ways :-) debugger protocol is not the correct method. Now, if you are a mature person you should accept your mistake else I don't care. I have seen a lot of stubborn people. If only we have more people in our society who are ready to accept their mistakes instead of putting the blames on others the world would be wonderful place to live besides Moon, Mercury, Venus blah..blah...blah..... :-D Khurram+ ----- Original Message ----- From: "Joe Grand" <[EMAIL PROTECTED]> To: "Palm Developer Forum" <[EMAIL PROTECTED]> Sent: Saturday, November 24, 2001 10:34 PM Subject: Re: OT: ANN: pdd > > Script kiddies for what? Memory imaging? This is by far a malicious tool. > > Have either of you (Alex or Aaron) ever considered the necessity for a > tool like this by forensic investigators and law enforcement personnel who > deal with PDAs on a daily basis, but may not have (or may not want) the > programming skills or patience to deal with the Debugger? Apparently not. > Why do you feel that memory dumping should be performed only by > programmers with specific skill-sets (as Aaron said: "forth > understanding")? You need to take a step back and realize the other useful > possibilites instead of instantly equating this tool with a "script > kiddie" just because it doesn't fit with your particular needs. > > Conferences like http://www.first.org/conference/2002, > http://www.aafs.org, http://www.sans.org, and http://www.tisc2001.com are > regularly looking for new tools to help educate people and simplify the job of > forensic acquisition. There is a world outside of Palm OS development > that rely on our ideas and tools. > > Additionally, this tool directly answers some questions iposted to this > list in the past about the possibilities of imaging memory for > troubleshooting purposes (instead of borrowing the client's device, you > can just image it and perform troubleshooting on the model using HostFS > and POSER). > > Is the next complaint going to be that this tool is free and we're not > charging money for it? I bet if we "productized" this in some sort to be a > glossy, GUI-based, "official" development tool, there would no criticism > at all (well, maybe from Aaron). Think about that. > > Aaron, if you had bothered to look at the program or the source code, you > would see there is no "click, click, click" about it. It is a command-line > tool. > > Thanks for the wonderful comments and contributions to the furthering of > Palm use and development. > > Joe > > > On Sat, 24 Nov 2001, Palm Developer Forum digest wrote: > > > From: Alex Robinson <[EMAIL PROTECTED]> > > X-Message-Number: 37 > > > > The script kiddies of the world thank you. > > and > > > From: Aaron Ardiri <[EMAIL PROTECTED]> > > X-Message-Number: 39 > > > > On Fri, 23 Nov 2001, Alex Robinson wrote: > > > The script kiddies of the world thank you. > > > > um. script kiddies have better ways of getting such memory dumps.. > > this program is the "idiots way" to do it (ie: click, click, click) :) > > rather than using debuffer (req: forth understanding) :) > > > > // az > > [EMAIL PROTECTED] > > > -- > For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/tech/support/forums/ > -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/tech/support/forums/
