05 December 2014

604. Got a 'fake' USB stick from ebay

If it sounds too good to be true...

I bought two 128 Gb usb sticks from ebay for $12 each. Typical prices are $60 and over PER drive. Obviously, the drives were fake, which is a well-known phenomenon: http://www.ebay.com.au/gds/Fake-USB-DRIVES-From-China-HK-/10000000007355216/g.html

(why did I still buy them? Part greed, part curiosity)

Once I received the sticks I installed f3 on debian, and ran the f3write/f3read test.

Both drives failed:
SECTORS ok/corrupted/changed/overwritten Validating file 1.h2w ... 2097152/ 0/ 0/ 0 Validating file 2.h2w ... 2097152/ 0/ 0/ 0 Validating file 3.h2w ... 2097152/ 0/ 0/ 0 Validating file 4.h2w ... 2097152/ 0/ 0/ 0 Validating file 5.h2w ... 2097152/ 0/ 0/ 0 Validating file 6.h2w ... 2097152/ 0/ 0/ 0 Validating file 7.h2w ... 2097152/ 0/ 0/ 0 Validating file 8.h2w ... 2097152/ 0/ 0/ 0 Validating file 9.h2w ... 2097152/ 0/ 0/ 0 Validating file 10.h2w ... 2097152/ 0/ 0/ 0 Validating file 11.h2w ... 2097152/ 0/ 0/ 0 Validating file 12.h2w ... 2097152/ 0/ 0/ 0 Validating file 13.h2w ... 2097152/ 0/ 0/ 0 Validating file 14.h2w ... 2097152/ 0/ 0/ 0 Validating file 15.h2w ... 2097152/ 0/ 0/ 0 Validating file 16.h2w ... 588128/ 1509024/ 0/ 0 Validating file 17.h2w ... 0/ 2097152/ 0/ 0 Validating file 18.h2w ... 0/ 2097152/ 0/ 0 Validating file 19.h2w ... 0/ 2097152/ 0/ 0 [..] Validating file 115.h2w ... 0/ 2097152/ 0/ 0 Validating file 116.h2w ... 0/ 2097152/ 0/ 0 Validating file 117.h2w ... 0/ 2097152/ 0/ 0 Validating file 118.h2w ... 45696/ 314496/ 0/ 0 Data OK: 15.30 GB (32091104 sectors) Data LOST: 101.87 GB (213635872 sectors) Corrupted: 101.87 GB (213635872 sectors) Slightly changed: 0.00 Byte (0 sectors) Overwritten: 0.00 Byte (0 sectors) Average reading speed: 14.37 MB/s

At this point I figured I might as well pop the drive open as it wasn't glued (just remove the clip and insert a screw driver gently in the hole at the back).

IDE, 5019SN-GT, D5P590-000FZ, 1433T8H4
 I googled the stuff written on the chip, but didn't find any exact matches.

I then logged into my ebay account, and filed a return with the reason being fake/counterfeit. I was advised to wait five days for the seller to reply, which I did, after which I clicked on the button on the ebay website that asked ebay to step in to resolve the case. After a few minutes I received an email letting me know they'll initiate a refund, and after ca 30 minutes I received an email from paypal informing me of the same. No need to return the two 16 Gb sticks.

I've obviously posted a negative review of the seller which lets the reader know about the fake sized USBs.

Interesting experience.

I don't have any complaints about ebay -- things moved fast and the resolution was fair and in my favour. I reckon that the seller makes a profit from most buyers not realising that their drive isn't as big as the OS reports it to be, and don't discover it until the off-chance that they fill it with data. A that point they'll probably attribute it to the drive being broken, rather than the seller being outright fraudulent.

20 November 2014

603. Mobile bankid; works fine in a VM too

Turns out I got it wrong in my earlier post -- mobile bankid has nothing to do with the telecom network.

How it works:
1. Phone: Start BankID on your phone. The program will say that it's waiting for a connection.
2. Computer: You go to your bank/government service web page, select Mobile BankID, then type in your 'person nummer' (like SSN).
3. Phone: BankID on your phone will then prompt you for your PIN.
4. Computer: You're logged in.

It's all happening over the internet. Sure, it might not work if you change SIM, for example, but at least it's not telephony based.

Best of all, I could get an activation code for mobile bankid using the win 7 bankid instance I set up in http://verahill.blogspot.com.au/2014/11/602-surviving-bankid-rant-moving-nge.html and now I never have to use it again.

[if you're on linux and in Scandinavia, just install mobile bankid on your phone or on android in a vm]

So, if you're on linux and you've been using the official bankid application and you happen to be a couple of continents removed from Scandinavia follow this post which basically does the following:
1. Install ubuntu 10.04 LTS in a VM
2. Install bankid 4.19.XXXX or earlier in the ubuntu VM
3. Copy your ~/.personal from your regular linux computer to the ubuntu VM
4. export your key using persadm export to a USB stick
5. Install windows 7 in a VM using the free, legal isos and the free, legal installation key. The copy will expire after 30 days (but will still continue working).
6. Install bankid in the Win 7 VM
7. Under File/Preferences in bankid add the directory on your USB stick with the exported bankid key
8. Log in to your BankID issuer (probably your bank) using bankid 'on file', and request a mobile bankid. You'll get an activation code
9. Install the bankid app on your phone (e.g. bankid from the play store on android)
10. Start the bankid app on your phone, and type in your personnummer and the activation code. Create a pin, which is your password
11. You're done.

I mean, sure, it's a very awkward way of going about it, but it works and is conceptually simple.

Android in a VM
And there's absolutely no reason you can't use mobile bankid it in a virtualbox VM if you want to -- I used an android 4.4 x86 iso and created a virtual machine, and then set up bankid which works fine.

19 November 2014

602. Surviving bankid + rant. Exporting bankid files from linux to windows

This post probably isn't interesting unless you live/have lived in Sweden (Scandinavia)/deal with Swedish(Scandinavian) banks and their unbelievably crappy electronic ID solution.

This post will not show you how to use BankID on Linux -- it will show you how to move bankid files from debian linux to windows 7. Nor is the method elegant as it involves using two VMs.

I should make a long rant about how the company, Finansiell ID teknik, behind BankID should be sued into oblivion and the Swedish  politicians allowing it to be used to access government service without requiring open specifications be jailed indefinitely. But I'm tired.

[looks like I got into a rant after all]
rant begin:
Long story short: BankID has always been a real pain in the backside to use on linux, and now support has ended altogether. Support for Windows XP has been dropped as well, which will become relevant later.

No more linux announcement: https://support.bankid.com/syskrav

Either way, there's no linux-friendly solution out there, as in moving from v4 to v5 of bankid the format has changed completely. To my understanding, that means that fribid also will not work with providers requiring bankid versions newer than

There's a linux-friendly solution: mobile bankid, which runs on android. However, it seems to require a Swedish (or northern European) SIM card. Actually, I have no idea how it works since there's hardly any bloody information out there -- the bankid.com website is incredibly bad. The most detailed info I've found is this, which says that it's SIM card and service provider dependent: https://www.bankid.no/Dette-er-BankID/BankID-pa-mobil/. On the other hand, this page says it isn't: http://www.stockholm.se/mobiltbankid

[NOPE -- that's not how it works -- it's actually a lot better. See here instead: linktocome ]

In the end it doesn't matter since you'll have to walk into a Swedish bank in person to order a new bankid set-up code. Not something you can do if you're abroad.

There's one other solution available -- ID via the Swedish tax office. Unfortunately it is only available for people residing in Sweden. Anyone who has business with Sweden but lives abroad is SOL.
rant end.

Step 1. Windows 7 in a VM -- overview
So, I had to find a pragmatic solution, and quickly since my current ID key is expiring. I have an old Windows XP disk that I could install in a VM, but since XP isn't supported anymore, that wouldn't work anyway.

I then decided to see how much a copy of Windows 7 costs. I'm not keen on throwing money at MS, but I was still at the point of simply investigating solutions. According to http://www.cheapaussiesoftware.com/microsoft-windows/microsoft-windows-7  the cheapest copy is $124. Not keen.

I am surrounded by computers with Windows 7 Pro OA stickers (that are running debian), so I figured if I could only get my hands on a DVD I could use the license that has already been paid for. I also had a vague memory of the Windows 7 isos being freely and legally available from Microsoft via download.

Using google a bit I eventually found it: http://www.heidoc.net/joomla/technology-science/microsoft/14-windows-7-direct-download-links
which provides Windows 7 isos freely and legally via Digital River. Note that you'll still need to find your own activation key.

Activation key -- you can either:
* get that legally by paying for it. Not interested in paying that much money for something I'm not going to use much.

* use google for a few minutes, find tons of activation keys which appear to work during installation but really don't allow you to activate your copy (go to Computer, Properties and click on Activate Now). This is obviously not legal.

* Put in an installation key (D4F6K-QK3RD-TMVMJ-BBMRX-3MBMV... read more) which allows you to finish the installation but won't activate your copy. Actually, reading the linked post you might not have to enter anything.

Either way, after 30 days your copy will expire. You can still use it -- the only things that change is the background (goes black), you can't install updates anymore, and Aero turns off. See here. This is fine by me.

As OA licenses are limited and I really don't care about using Windows for anything but bankid, I went with the last option.

Installing Windows 7 Ultimate 64 bit in VirtualBox went without a hitch, and I awarded it 30 Gb HDD and 2 gb RAM (I have 4 Tb HDD and 8 Gb RAM on my system). So far so good..

From within Windows 7 I then downloaded bankid v 6.1 from here: https://install.bankid.com/ (ignore the whole linux/ubuntu link -- that's for v 4 which isn't supported by most banks anymore...)

Step 2. Ubuntu (yup) in a VM *yup).
At this point I figured I was doing pretty well. I connected a USB stick to my computer (i.e. debian) and ran persadm.
me@beryllium:/media/highio$ persadm export BankID Security Application 4.19.1 Available tokens: 0: (140110 yy.xx) Me - BankID on file 1: (130304 yy.xx) Me - BankID on file Choose token: 0 Enter pin: Enter removable media export directory (must exist): /media/fat32/bid Failed to export token. The reason might be that the export directory is not on a removable media, or that you don't have permission to write to it.
No matter what I tried in terms of permissions and destination file systems made any difference.

In desperation I then copied the ~/.personal structure containing the bankid keys from my debian box to my USB stick, fired up an old Ubuntu virtual machine with bankid installed (you may want to download bankid for ubuntu from here for THAT purpose: https://install.bankid.com/)

Running persadmin in the Ubuntu 10.04 LTS 32 bit VM worked perfectly, and I now had the exported .nge file in a folder on my USB stick.
me@me-desktop:~$ persadm export BankID Security Application 4.19.1 Available tokens: 0: (140110 yy.xx) Me - BankID on file 1: (130304 yy.xx) Me - BankID on file Choose token: 0 Enter pin: Enter removable media export directory (must exist): /media/fat32/bid Successfully exported token.
In retrospect you might be able to do this in a chrooted ubuntu instance under debian. Who knows?

Step 3. Importing the BankID key files
I then fired up the Windows 7 VM, started BankID and went to File/Preferences. Under locations I added the folder on the USB stick that held the exported BankID file, clicked Add, then Save, and everything was good.

Well, apart from the fact that I had to use two VMs, and am now stuck with a Windows 7 VM.

My Win 7 .vdi file is about 9 Gb, which as a tar.gz file is compressed to 3.8 Gb. I've backed it up in three different locations, so hopefully there won't be any issues with losing the bankid due to MS update idiocies.