View previous topic :: View next topic |
Author |
Message |
mufon Dan isn't smart enough to hire me
Joined: 25 Jan 2008 Posts: 296 Location: HIghland Village, Texas
|
Posted: Fri Jan 25, 2008 11:14 am Post subject: Running the "Jack" as the UTSCSI service |
|
|
This is a spin on running the MJ as a service. Instead of creating a new service to run MJ, we use the already installed UTSCSI, assuming of course that you don't care to have UTSCSI running on your machine.
I will assume you are up to speed on installing MJ as a service.
Open the registry editor, and then open "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UTSCSI"
Create a new key and name it "Parameters". Now open key "Parameters" and add the string value "Application". Sound familiar? The string value is the fully qualified path to the binary you wish to launch. Existing MJ service, if installed should be disabled.
Now, change the log on value for the service from the system account to the user account you wish to run MJ under. Delete "UTSCSI.EXE" from "x:\WINDOWS\System32" and replace it with "srvany.exe" and renamed to "UTSCSI.EXE"
So where I am going with this? You could also use this instead to launch a spoofing script/exe or anything else you desire. |
|
Back to top |
|
|
testing123 Dan Should Pay Me
Joined: 13 Nov 2007 Posts: 703
|
Posted: Sat Jan 26, 2008 12:28 pm Post subject: Re: Running the "Jack" as the UTSCSI service |
|
|
mufon wrote: | This is a spin on running the MJ as a service. Instead of creating a new service to run MJ, we use the already installed UTSCSI, assuming of course that you don't care to have UTSCSI running on your machine.
I will assume you are up to speed on installing MJ as a service.
Open the registry editor, and then open "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UTSCSI"
Create a new key and name it "Parameters". Now open key "Parameters" and add the string value "Application". Sound familiar? The string value is the fully qualified path to the binary you wish to launch. Existing MJ service, if installed should be disabled.
Now, change the log on value for the service from the system account to the user account you wish to run MJ under. Delete "UTSCSI.EXE" from "x:\WINDOWS\System32" and replace it with "srvany.exe" and renamed to "UTSCSI.EXE"
So where I am going with this? You could also use this instead to launch a spoofing script/exe or anything else you desire. |
Interesting technique -- kills two birds w/ one stone: gets rid of UTSCI & sets up the service.
Not bad ... newbie ... |
|
Back to top |
|
|
HolmanGT MagicJack Sensei
Joined: 08 Jan 2008 Posts: 1127 Location: Saint George, UT
|
Posted: Sat Jan 26, 2008 10:23 pm Post subject: |
|
|
mufon,
Ya-But !
Anything I change in my MJ setup sooner or later (mostly sooner) gets overwritten by MagicJack. I don't exactly know what goes on with MJ but I think it tends to overwrite everything in an effort to keep the resident code portable and fresh/updated.
By that I mean if you come in behind someone that has already rung MJ on that machine it rebuilds everything from the ground up. I had deleted everything pertaining to UTSCI.EXE including the file itself and per it's name Magically the whole damn thing reappeared.
It is actually a good feature unless you want to do something a little different than MJ wants you to do. Sneaky little sucker!
PS - I just had to add this little tid-bit, your can format you magicJack and magically that will all reappear also, you can't even kill it. It has to be the first toy I have ever owned that I can't even break. And by the way I am a master at breaking stuff. |
|
Back to top |
|
|
SpamBox Dan isn't smart enough to hire me
Joined: 14 Dec 2007 Posts: 417 Location: Rocky Mountains Front Range
|
Posted: Sun Jan 27, 2008 6:28 pm Post subject: Re: Running the "Jack" as the UTSCSI service |
|
|
mufon wrote: | We are currently accepting donated aluminum foil to help alleviate the shortage in Stephenville Texas. |
At first I was like "What the...?"
But just read about the UFO sighting! That's crazy!
And your sig is funny! |
|
Back to top |
|
|
laserjobs Dan Should Pay Me
Joined: 12 Nov 2007 Posts: 670
|
Posted: Sun Jan 27, 2008 6:57 pm Post subject: |
|
|
Change UTSCSI to read-only |
|
Back to top |
|
|
HolmanGT MagicJack Sensei
Joined: 08 Jan 2008 Posts: 1127 Location: Saint George, UT
|
Posted: Sun Jan 27, 2008 7:10 pm Post subject: |
|
|
laserjobs,
I am embarrassed that I didn't think of that. Have you tried it, read only? The reason I ask is if there is one think that MJ does very well it is rebuild itself and thwart any attempts I have made to fool it (but I haven't tried read only - YET).
[Edit] Does anyone know what UTSCSI is. I searched it and about the best answer I could find is some flash drive installs it but no one seem to know why or what it does. I assume that some portion of the MJ drive installs it, but I know MJ will run just fine without it or at least until it reinstall it - whatever the hell "IT" is. |
|
Back to top |
|
|
kumar Dan Should Pay Me
Joined: 15 Nov 2007 Posts: 806
|
Posted: Sun Jan 27, 2008 7:22 pm Post subject: |
|
|
What does it mean to run it as a UTSCSI. What are the pluses?
Thanks
Kumar |
|
Back to top |
|
|
HolmanGT MagicJack Sensei
Joined: 08 Jan 2008 Posts: 1127 Location: Saint George, UT
|
Posted: Sun Jan 27, 2008 7:35 pm Post subject: |
|
|
kumar,
And in addition to your question what happens if you don't run UTSCSI because you have a fake running?
So many questions and so many phone calls to make before someone wises up to the fact that MagicJack is giving away free long distance phone calls and goes after them with a vengeance, someone like AT&T who makes a lot of money SELLING the same service. |
|
Back to top |
|
|
kumar Dan Should Pay Me
Joined: 15 Nov 2007 Posts: 806
|
Posted: Sun Jan 27, 2008 7:41 pm Post subject: |
|
|
HolmanGT wrote: | kumar,
And in addition to your question what happens if you don't run UTSCSI because you have a fake running?
So many questions and so many phone calls to make before someone wises up to the fact that MagicJack is giving away free long distance phone calls and goes after them with a vengeance, someone like AT&T who makes a lot of money SELLING the same service. |
But what is UTSCSI?
Kumar |
|
Back to top |
|
|
HolmanGT MagicJack Sensei
Joined: 08 Jan 2008 Posts: 1127 Location: Saint George, UT
|
Posted: Sun Jan 27, 2008 7:45 pm Post subject: |
|
|
kumar,
I Googled that program until I was numb reading people say "beats the hell out of us". I could not find any article that claimed to know what it is only some claims that it is installed by some flash drives. |
|
Back to top |
|
|
laserjobs Dan Should Pay Me
Joined: 12 Nov 2007 Posts: 670
|
Posted: Sun Jan 27, 2008 7:54 pm Post subject: |
|
|
You don't need UTSCSI running but since MJ installs it, mufon pointed out why not use it to run MJ as a service. Thanks mufon!!! |
|
Back to top |
|
|
mufon Dan isn't smart enough to hire me
Joined: 25 Jan 2008 Posts: 296 Location: HIghland Village, Texas
|
Posted: Tue Jan 29, 2008 11:08 pm Post subject: |
|
|
UTSCSI is a rootkit. It runs in a highly privileged account. In and of itself, it does nothing. It allows unprivileged accounts to execute procedures through it. Its like an invisible administrator sitting at your console doing what ever you ask it to do. You can tame your MJ by disabling it. |
|
Back to top |
|
|
LikeMagic Dan Should Pay Me
Joined: 01 Jan 2008 Posts: 613 Location: LikeMagic Pacific NW
|
Posted: Tue Jan 29, 2008 11:16 pm Post subject: |
|
|
mufon wrote: | UTSCSI is a rootkit. It runs in a highly privileged account. In and of itself, it does nothing. It allows unprivileged accounts to execute procedures through it. Its like an invisible administrator sitting at your console doing what ever you ask it to do. You can tame your MJ by disabling it. |
Where did you find the info for UTSCSI? That's very fascinating. This could open the door to all kinds of hack attack
So why does MagicJack need the UTSCSI service? |
|
Back to top |
|
|
mufon Dan isn't smart enough to hire me
Joined: 25 Jan 2008 Posts: 296 Location: HIghland Village, Texas
|
Posted: Tue Jan 29, 2008 11:38 pm Post subject: |
|
|
LikeMagic wrote: | mufon wrote: | UTSCSI is a rootkit. It runs in a highly privileged account. In and of itself, it does nothing. It allows unprivileged accounts to execute procedures through it. Its like an invisible administrator sitting at your console doing what ever you ask it to do. You can tame your MJ by disabling it. |
Where did you find the info for UTSCSI? That's very fascinating. This could open the door to all kinds of hack attack
So why does MagicJack need the UTSCSI service? |
It does three things for magicJack. It lets them get by with writing crappy insecure code. It minimizes their need to support their product. It let's them do whatever else they want, since they have they ability to use your computer. It is actually a powerful little devil as it appears it can use a scsi channel to run as a device driver thereby "flying under the radar" and bypassing any auditing since a scsi channel is unmonitored as far as data passage, hence the reason no one seems to know what it does. Suffice to say, it is a rootkit, and a very effective one at that.
Sony tried this a couple of years ago, and it made headlines.
Last edited by mufon on Wed Jan 30, 2008 12:00 am; edited 1 time in total |
|
Back to top |
|
|
LikeMagic Dan Should Pay Me
Joined: 01 Jan 2008 Posts: 613 Location: LikeMagic Pacific NW
|
Posted: Tue Jan 29, 2008 11:59 pm Post subject: |
|
|
But MagicJack can function without UTSCSI service. What are we missing if UTSCSI service is disabled? |
|
Back to top |
|
|
testing123 Dan Should Pay Me
Joined: 13 Nov 2007 Posts: 703
|
Posted: Tue Jan 29, 2008 11:59 pm Post subject: |
|
|
Now THIS is a thread that needs to be STICKIED ... (twilight zone music playing in the background).
Very interesting mufon
mufon wrote: | LikeMagic wrote: | mufon wrote: | UTSCSI is a rootkit. It runs in a highly privileged account. In and of itself, it does nothing. It allows unprivileged accounts to execute procedures through it. Its like an invisible administrator sitting at your console doing what ever you ask it to do. You can tame your MJ by disabling it. |
Where did you find the info for UTSCSI? That's very fascinating. This could open the door to all kinds of hack attack
So why does MagicJack need the UTSCSI service? |
It does three things for magicJack. It lets them get by with writing crappy insecure code. It minimizes their need to support their product. It let's them do whatever else they want, since they have they ability to use your computer. It is actually a powerful little devil as it appears it can use a scsi channel to run as a device driver thereby "flying under the radar" and bypassing any auditing, the reason no one seems to know what it does. Suffice to say, it is a rootkit, and a very effective one at that.
Sony tried this a couple of years ago, and it made headlines. |
|
|
Back to top |
|
|
mufon Dan isn't smart enough to hire me
Joined: 25 Jan 2008 Posts: 296 Location: HIghland Village, Texas
|
Posted: Wed Jan 30, 2008 12:01 am Post subject: |
|
|
LikeMagic wrote: | But MagicJack can function without UTSCSI service. What are we missing if UTSCSI service is disabled? |
I am not missing a thing |
|
Back to top |
|
|
scook587 magicJack Apprentice
Joined: 03 Jan 2008 Posts: 22 Location: Covington, Ga.
|
Posted: Wed Jan 30, 2008 12:06 am Post subject: |
|
|
utscsi is what i have to kill in order to speed up my cd burner on my circa 1999 hardware running xp pro. |
|
Back to top |
|
|
LikeMagic Dan Should Pay Me
Joined: 01 Jan 2008 Posts: 613 Location: LikeMagic Pacific NW
|
Posted: Wed Jan 30, 2008 12:06 am Post subject: |
|
|
mufon wrote: | LikeMagic wrote: | But MagicJack can function without UTSCSI service. What are we missing if UTSCSI service is disabled? |
I am not missing a thing |
Neither am I. I disabled UTSCSI service and my MJ service is still kicking butt |
|
Back to top |
|
|
scook587 magicJack Apprentice
Joined: 03 Jan 2008 Posts: 22 Location: Covington, Ga.
|
Posted: Wed Jan 30, 2008 12:09 am Post subject: |
|
|
how do you disable vs. kill utscsi. |
|
Back to top |
|
|
mufon Dan isn't smart enough to hire me
Joined: 25 Jan 2008 Posts: 296 Location: HIghland Village, Texas
|
Posted: Wed Jan 30, 2008 12:12 am Post subject: |
|
|
scook587 wrote: | utscsi is what i have to kill in order to speed up my cd burner on my circa 1999 hardware running xp pro. |
This is not suprising, the UTSCSI service generates a buttload of useless interrupts. |
|
Back to top |
|
|
LikeMagic Dan Should Pay Me
Joined: 01 Jan 2008 Posts: 613 Location: LikeMagic Pacific NW
|
Posted: Wed Jan 30, 2008 12:16 am Post subject: |
|
|
scook587 wrote: | how do you disable vs. kill utscsi. |
- Right-Click "My Computer", select "Manage"
- Click on "+" sign of "Service and Application" to see sub list
- Click on "Services", a list of all Windows services will be displayed on the right windows
- Locate service called CLCV0 and double click on it
- Properties of CLCV0 will be opened,
- Click "Stop", wait for service to be stopped
- then in "Startup type", select "Disable" then press OK |
|
Back to top |
|
|
mufon Dan isn't smart enough to hire me
Joined: 25 Jan 2008 Posts: 296 Location: HIghland Village, Texas
|
Posted: Wed Jan 30, 2008 12:22 am Post subject: |
|
|
LikeMagic wrote: | scook587 wrote: | how do you disable vs. kill utscsi. |
- Right-Click "My Computer", select "Manage"
- Click on "+" sign of "Service and Application" to see sub list
- Click on "Services", a list of all Windows services will be displayed on the right windows
- Locate service called CLCV0 and double click on it
- Properties of CLCV0 will be opened,
- Click "Stop", wait for service to be stopped
- then in "Startup type", select "Disable" then press OK |
You will also need to edit the registry and dissallow "change value" and "delete" permissions on the appropriate key, else it will re-enable itself just like a virus or rootkit can. |
|
Back to top |
|
|
scook587 magicJack Apprentice
Joined: 03 Jan 2008 Posts: 22 Location: Covington, Ga.
|
Posted: Wed Jan 30, 2008 12:28 am Post subject: |
|
|
so are you saying it would restart after a boot?
are there any possible negative effects with it disabled? |
|
Back to top |
|
|
mufon Dan isn't smart enough to hire me
Joined: 25 Jan 2008 Posts: 296 Location: HIghland Village, Texas
|
Posted: Wed Jan 30, 2008 12:30 am Post subject: |
|
|
scook587 wrote: | so are you saying it would restart after a boot?
are there any possible negative effects with it disabled? |
It depends on what you call negative. If you are running in a reduced-privelage account, as we all know we should do, then you may need to tweak some permissions. UTSCSI eliminates the need, because it allows MJ software to run highly privileged regardless of the assigned user account. There are many benefits to running without UTSCSI, I won't elaborate now, but it has to do with running software the way you want to run it. On the other hand, if you think running a rootkit is a good thing and you trust Dan and the boyz... |
|
Back to top |
|
|
scook587 magicJack Apprentice
Joined: 03 Jan 2008 Posts: 22 Location: Covington, Ga.
|
Posted: Wed Jan 30, 2008 12:39 am Post subject: |
|
|
very interesting, i only have one user account (mine). thanks for the info. |
|
Back to top |
|
|
msjfb MagicJack Newbie
Joined: 04 Feb 2008 Posts: 3
|
Posted: Fri Feb 08, 2008 1:12 pm Post subject: |
|
|
mufon wrote: | LikeMagic wrote: | scook587 wrote: | how do you disable vs. kill utscsi. |
- Right-Click "My Computer", select "Manage"
- Click on "+" sign of "Service and Application" to see sub list
- Click on "Services", a list of all Windows services will be displayed on the right windows
- Locate service called CLCV0 and double click on it
- Properties of CLCV0 will be opened,
- Click "Stop", wait for service to be stopped
- then in "Startup type", select "Disable" then press OK |
You will also need to edit the registry and dissallow "change value" and "delete" permissions on the appropriate key, else it will re-enable itself just like a virus or rootkit can. |
Could you elaborate on which keys (There aer about 6-7 entries for UTSCSI), and what users should be limited in their permissions?
I have MJ running on a server, and I do not like this rootkit business. I have disabled the Service, but I would like to have it stay like that, even if the Server is rebooted, or if MJ re-installs itself.
Thanks |
|
Back to top |
|
|
XD45 magicJack Apprentice
Joined: 07 Feb 2008 Posts: 13
|
Posted: Sat Feb 09, 2008 2:26 am Post subject: Re: Running the "Jack" as the UTSCSI service |
|
|
SpamBox wrote: | mufon wrote: | We are currently accepting donated aluminum foil to help alleviate the shortage in Stephenville Texas. |
At first I was like "What the...?"
But just read about the UFO sighting! That's crazy!
And your sig is funny! |
hence, mufon's username!
MUFON |
|
Back to top |
|
|
|