+++++++++++++++++++++++++++++++++++++++
.section .text
.globl _start
_start:
nop
mov $0×8, %ah
mov $0×0, %dl
int $0×13
mov $1, %eax
mov $0, %ebx
int $0×80

++++++++++++++++++++

compilation is done in following way

+++++++++++++++++++++++++++++++++++++++++
as -gstabs -o second.o second.s
ld -o second second.o
+++++++++++++++++++++++++++++++++++++++++

error obtained is :
Segmentation Fault

Content of different registers are as follows

info registers

rax 0×800 2048
rbx 0×0 0
rcx 0×0 0
rdx 0×0 0
rsi 0×0 0
rdi 0×0 0
rbp 0×0 0×0
rsp 0x7fff53ae6260 0x7fff53ae6260
r8 0×0 0
r9 0×0 0
r10 0×0 0
r11 0×300 768
r12 0×0 0
r13 0×0 0
r14 0×0 0
r15 0×0 0
rip 0x40007d 0x40007d
eflags 0×10202 [ IF RF ]
cs 0×33 51
ss 0x2b 43
ds 0×0 0
es 0×0 0
fs 0×0 0
gs 0×0 0

Kindly help what exactly is the reason

using AES . Rebooted system took dump and serched for aes key using Pciceton university

s/w. Detection s/w found few occurence of aes key. As far as I know detection of key is

done by searching in contiguous memory location for key and round keys. using key

round keys are derived and then hamming distance with contiguous location is found

out. In my case hamming distance is zero. I am trying to understand Truecrypt in detail

particularly how aes key is derived from password. I have a query kindly help me

I think that if hamming distance is zero with round key derived and values stored in

contiguous memory location probability that it is a aes key will be extremely high,

because it can not happen with random data. Or in other way probability that it is

happening with random data will be very low (near to zero). I am true or not ?

Kindly help.

i) ran a program to fill the content of memory with some string.

ii) switched of system

iii) Rebooted system using bootable pen drive

iv) After dumping completed rebooted the system without pen drive. Dumped the partition

using dd command into a file. Searched for the occurence of string. Occurence of string

was detected.

Give a shot at partitioning the disk. Be sure you’re doing the right one by seeing what disk is assigned to the usb drive in dmesg. It’ll be /dev/sda, /dev/sdb, etc. without the number.

Again when I am trying to make fat16 partion using
mkfs.msdos /dev/sda1p1

error message is that /dev/sda1p1 does not exist. This is
happening in both fdisk and cfdisk.

I am unable to proceed further, kindly help.

Other problem is that I was going through source code of Princeton university. I found

that scarper.bin is cancatenation of two files boot.bin amd usb.bin. Now boot.bin is mbr.

Problem is that first 512 byte is loaded automatically by BIOS (i.e boot.bin) but after that

code is loaded into memory using value ah=42h and calling interrupt 13( packet mode.

for usb) After that ljmp $scraper. is called. Before jumping everything is getting executed.

After that it does not proceed further. I believe that problem is with value assigne to

structure packet at the end of code . Kindly help help me.

Have you tried any other utilities for creating the partitions? cfdisk might work better for you.

Warning : Reading partition table failed with error 22. Invalid argument.

Kernel still uses the old table

New table will be used at next reboot
syncing disk

recommended by you. I was trying to follow steps recommende by you. I faced following problem. kindly help

step 1) pendrive is used as /dev/sda1

wrote 0 at every l locations using command recommended by you i.e

dd if=/dev/zero of=/dev/sda1

command worked fine it took some time. I am using Kingston 4GB pen drive

step2 ) created three partition usinfg fdisk.

/dev/sda1p1 1MB FAT16 bootable

/dev/sda1p2 1GB Venix 80286

after creating these partitions I used w command to write information.

step 3) mkfs.msdos /dev/sda1p1

message I am getting is that /dev/sda1p1 is not known

after this I amd unable to proceed further.

This problem is related with fdisk or something else