AUSTIN - A PalmOS Vulnerability Scanner

About three years ago I wrote a vulnerability scanner for the Palm OS named AUSTIN. It was just a fun side project and after presenting it at Defcon 11, I forgot all about it.

But recently a few people started asking me for the code. Turns out that the Defcon 11 site has my slides, the audio of my presentation, and even the video! But no code, even though I gave it to the organizers. [I wish defcon didn't use Real media formats, they're so annoying to convert. To do so, grab the RTSP stream with a downloader like Offline Explorer Pro and use SUPER to convert it (See my post on video conversion).]

So without further ado, for anyone interested, here is the code to AUSTIN - a PalmOS Vulnerability Scanner.

Caveat emptor:

  • It was written to PalmOS 3.5.2 on a Treo 300 (160×160 screen). I don’t know how it will fare on OS 5 Palms.
  • It was written with PocketC, I don’t know whether the latest version will still run this code.
  • It works but is fairly basic and may even have some bugs (shocking, I know ;-)
  • It’s GPL licensed.

If you end up finding it useful, please post a comment below and tell me what you’re doing with it…

Post a comment Post a CommentTrackback URI Trackback URI

XML RSS 2.0 feed for these comments

This entry (permalink) was posted on Friday, May 19th, 2006 at 12:25 AM by Paul Clip and categorized in programming, security.

Comments (4) left to “AUSTIN - A PalmOS Vulnerability Scanner”

  1. Matthew Leeds wrote:

    OK, I’m an idiot. Or blind, or something. Found the databases, results are in there. Now all I need to do is take the time to play with the config databases and try various options. Looks like this is a viable tool on the TX. The link to the databases in Austin doesn’t always seem to be reliable, but just starting the db program seems to work fine.

    And let me say, it’s screaming fast. Time to play and try out all the features.

    Don’t use the interactive feature, it forces a soft reset.

    Paul, thanks for this great tool. On a TX it’s a great way to scan hosts on a wireless network.

    Posted on 25-May-06 at 5:19 pm | Permalink

  2. Paul Clip wrote:

    Hey Matt,

    Thanks for trying this out. I’m happy to hear that it actually still works. And even happier that it runs fast (it was pretty slow on my Treo 300, but my expectations were then as well ;-). Does the UI look OK?

    Posted on 25-May-06 at 10:37 pm | Permalink

  3. Matthew Leeds wrote:

    It runs so fast that the first few times I was convinced it wasn’t really doing anything.

    The UI is fine. However I’ve found that you had better only scan a host that exists. Pointing it at an IP that has no host locks up the Palm, so no scanning a range. I could really use something like SuperScan for the Palm. It would be great to pick a class C and scan for active hosts.

    Any chance you’ll start Palm programming again?

    Posted on 26-May-06 at 9:11 am | Permalink

  4. Paul Clip wrote:

    The chances are very slim. This may change when I have a linux-ized Treo (i.e. in a couple years) but for right now there are too many other fun technologies to play with! :-)

    Posted on 26-May-06 at 9:04 pm | Permalink

Post a Comment

*Required
*Required (Never published)
 
« Review: Vosky Call Center
RailsConf 2006 »
Home