PDABomb™ Version 1.0
ReadMe Contents
PDABomb Zip File Contents
Overview
Contact Information
Installation
Application Startup
Start Form
Menu
Encryption Setup Form
Register Form
Why is PDABomb so powerful?
Owner/Contact Information
Trial Usage
What to do if the "bomb" goes off
Warnings/Special Notes
Security.prc - PDABomb program
PDABomb_ReadMe.html - Help file in HTML format
PDABomb_ReadMe.txt - Help file in text-only format
PDABombVisor.prc - A small Palm OS program that corrects a problem some users may encounter with the default launcher on some Visors (particularly the standard Visor and the Visor Deluxe). If the user cannot see PDABomb on the default application launcher of their Visor after installing the PDABomb "security.prc" file, installing PDABombVisor.prc will correct this problem. This is only intended for Visor users AND only if they cannot see PDABomb in the default application launcher.
AutoLock.prc - For advanced Palm-OS users only (at least those users who run "HackMaster"). AutoLock.prc is a Palm OS hack utility that attempts to start the newest security application to lock the device. Users who have installed HackMaster should use the AutoLock.prc hack. Users who do install AutoLock.prc MUST NOT enable the AutoLock checkbox in the PDABomb setup screen.
Other files:
End User License Agreement.txt - End User License agreement for the installation and use of PDABomb
pdabomb-splash.jpg - PDABomb splash screen graphic
PDABomb is a robust security application that addresses an increasingly growing need to protect the data and information contained in Palm OS handheld devices. PDABomb provides an easy-to-use interface and flexible protection alternatives. The user can choose which databases they wish to encrypt and the different encryption algorithms. The PDABomb user can also choose between enabling the ultimate in data protection, by activating the "bomb" after a limited number of password tries, or allowing unlimited attempts to enter the correct password.
PDABomb was developed at Asynchrony.com, a unique virtual community where members share ideas, form teams and collaborate on software projects. Asynchrony markets the finished software and gives the lion's share of revenues to the team members who created it. Visit www.asynchrony.com to find out how you can earn cash by developing, documenting and/or testing new applications!
If you experience bugs or have enhancement ideas for this program, please visit http://www.asynchrony.com/project_change_request_list.jsp?projectid=1547 where you can post change requests and receive shares of revenues in future versions of the program. If you are not already a member of the Asynchrony and would like to join free-of-charge, please visit http://www.asynchrony.com/member_create.jsp to register.
For questions or suggestions to the PDABomb development team, you can send an e-mail to PDABomb@asynchrony.com.
Use the Palm OS installer to install the program file Security.prc (or double click on Security.prc from explorer after you have extracted the contents of the PDABomb zip file). PDABomb will appear on your Palm OS device after the next HotSync. Follow the same procedure if you would like to install the AutoLock hack (only recommended for advanced Palm OS users who have hacks installed) or the PDABombVisor.prc file (only for Visor users who encounter a problem viewing PDABomb in Visor's default application launcher).
Instructions on how to use the Palm OS Installer are in the documentation that came with your Palm OS device.
Due to the nature of this program, you are strongly advised to back up your PDA following the instructions in your PDA device documentation before activating PDABomb. In the event you should forget your password, you will have to rely on your backup and/or HotSync to restore your data.
When upgrading PDABomb from older versions or a beta version, you must disable the PDABomb autolock feature before installing the new version.
1. Private records: Show/Hide push button - allows show or hide private records in the handheld databases.
2. Password push button shows password status (assigned or unassigned) and it allows you to assign a new password or change your current password.
3. Encryption pop-up trigger allows you to choose one of four encryption modes during device locking:
1) No - no encryption at all
2) Private records - encrypt only private records in all user databases.
3) Private from list - encrypt only private records in the selected databases.
4) All from list - encrypt all records in the selected databases.
4. "Lock device on power-off" check box enables/disables the AutoLock feature. If the user enables AutoLock, then PDABomb will lock the device when it is subsequently turned off (either by the power button or auto power-off).
For advanced Palm OS users: The AutoLock feature can conflict with some hacks. If you wish to utilize the AutoLock feature while running HackMaster, install the AutoLock.prc file provided and ensure that the AutoLock check box is cleared.
5. "Attempts Limit" check box enables/disables the "bomb" feature of PDABomb. When enabled, the user selects between 3 and 10 attempts that PDABomb allows for correct password entry. For example, if the user selects 3, then when a locked PDA device is turned on, the user has 3 attempts to enter in a correct password. After three unsuccessful attempts, PDABomb will wipe the device clean by deleting all data and applications. If this feature is disabled, a user will have unlimited attempts to enter in the correct password. However, they still cannot gain access without the correct password. The password must be one that you will not forget.
6. "Setup encryption..." button opens the "Encryption setup" form.
7. "Turn Off and Lock device..." button turns off and locks the device.
1. "Encryption..." (/E)
is equal to "Setup encryption..." button.
2. "Register....." (/R) to Register and purchase PDABomb
3. "About PDABomb" (/A) opens the "About PDABomb" form.
This form allows the user to exclude databases from protection and choose the desired encryption algorithm for private and public records.
The four push buttons with labels 'Fast' and 'Slow' selects the encryption algorithm for private and public records. PDABomb uses two encryption algorithms - one fast and one slow. The slow encryption algorithm is about ten times slower than the fast one, but it is more sophisticated. If you have a lot of information on your handheld device stored as public records, it is recommended that you use fast encryption for public records to avoid a time delay when unlocking the device. If you put really important information in the private records and the total size of private records is not too large, it is recommended that you use slow encryption for private records for maximum protection. Both algorithms use a 128-bit key.
The "Protect databases" table allows the user to exclude less important databases from encryption. For example: you may want to protect your mail but you really don't need to protect your expense information. NOTE: The table doesn't show applications that don't include databases with user information. For example, you will never see the Calculator application or other similar applications in the list because they don't include user databases.
This form displays the registration code you need to provide along with your payment in order to activate the registered version of PDABomb. When payment has been received, Asynchrony will send you your personal license key. To activate the registered version, enter the license key you receive into this form.
IMPORTANT: YOU MUST ENTER THE REGISTRATION CODE EXACTLY AS IT APPEARS ON YOUR SCREEN IN ORDER FOR THE CORRECT LICENSE KEY TO BE GENERATED.
To purchase PDABomb, register through Handango.com. Please ensure that you provide your registration code when you order!
1. It disables the Palm OS built-in debugger. The Palm OS built-in debugger is a big security hole because it allows the retrieval of a full memory dump even from a locked device.
2. It disables any data transfer mechanisms such as HotSync and IrDA. When the device is protected by PDABomb there is no way to retrieve any information from the device.
3. It doesn't store the actual password on a locked device, only MD5 hash. (This only applies to the registered version. The TRIAL version will store the user's actual password AND DISPLAY IT ON THE "System Lockout" screen).
4. It erases the encryption key from the device after device is locked. The encryption key will be generated when user enters the correct password. There is no way to recover an encryption key from the stored password hash.
5. It prevents the use of a brute force attack because it can limit the number of attempts to unlock the device. When the user exceeds the maximum number of attempts, PDABomb destroys all RAM databases without a user prompt.
6. If the user accidentally destroys information on their handheld, (s)he can restore information by invoking HotSync. Although HotSync generally provides a good backup, in some older versions of the Palm OS, a HotSync may not provide a complete backup of all 3rd party application databases. Palm OS upgrades are available at http://www.palmos.com.
7. Passwords entered cannot be seen on the screen because all symbols are replaced with an '*' as the password is typed..
8. The AutoLock feature allows you to lock the device after power-off without a prompt.
9. If you use the AutoLock feature, then your device will be locked automatically after power-off. After unlocking the device, you will be returned to the last running application.
10. You can choose which information on the handheld will be encrypted by PDABomb using the "Encryption setup" form.
11. On a locked device, PDABomb will be started even after a device reset, and the user will still have to provide a password to access the device.
The "System Lockout" screen will display the first 3 lines in your Palm OS "Owner" preferences. This will enable people to view who is the owner of the device in the event that it is lost. Place whatever contact information you want to appear on the PDABomb System Lockout screen in the first 3 lines of your "Owner" information.
This software is a "shareware program" and is provided at no charge to the User during the evaluation period. The trial version is fully functional, with the exception that it will store the user's actual password AND DISPLAY IT ON THE "System Lockout" screen. The registered version stores only an MD5 hash and does not store or display the actual password on a locked device. If you would like to register the product, please see the Registration Form above.
WHAT TO DO IF THE "BOMB" GOES OFF
If the security "bomb" is activated and deletes the data on your PDA device, you need to perform a "memory erase" or "erase reset" to restore your device to its original factory settings before restoring your data and applications. With most Palm OS devices, you can perform a memory erase by pressing the "reset" switch (the one that needs a paper clip or other small object) while holding down the power switch. Consult your device user manual for specific instructions. If this does not totally reset your device, remove the batteries for a few minutes before re-inserting them.
Once your device is reset to its original factory condition, you can restore data from your back up or "HotSync" as directed in your device's user manual. See the warning below for more information on older Palm OS versions.
IF YOU ARE UPGRADING PDABomb (from a previous release or beta version), YOU MUST DISABLE THE AUTOLOCK FEATURE BEFORE INSTALLING THE NEW VERSION.
PDABombVisor.prc is provided ONLY for those Visor users who do not see PDABomb on the default application launcher after installing PDABomb. Installing PDABombVisor.prc will solve this problem for those Visor users who need it. This does not appear to be a problem for newer Visors, but primarily can impact older Visor users. Newer Visors running Palm OS 3.1H2 or later do not appear to have this problem. If you have an older Visor operating system, Palm OS software patches are available for certain Visor models at http://www.handspring.com (follow the links to product support under customer support).
PDABomb is intended for Palm OS users who desire a higher-level of protection for the data residing on their PDAs than other applications currently provide. PDABomb is an application that WILL delete all the data and applications residing on your PDA if unauthorized attempts are made to access your device (with the "bomb" enabled). You MUST set a password that you will not forget! If you do forget your password, you will have to rely on restoring your data and applications from your "HotSync" or backup.
Please note that in older versions of the Palm OS, a "HotSync" does not guarantee that all 3rd party applications and databases will be backed up. There are several alternative packages that offer full back-up protection for you PDA for those who desire. For those PDA devices that will accept an upgrade, Palm OS upgrades are available at http://www.palmos.com.
Copyright 2000 Asynchrony™