fsebugoutzone.org:9999

       Posts by cryptax@mastodon.social
 (DIR) Post #ASuKarjbtLbBjxoycS by cryptax@mastodon.social
       2023-02-21T14:56:09Z
       
       0 likes, 0 repeats
       
       @eighthave hi! I&#39;ve just released a v3.4.1 + merged your request + removed dependency with androguard. Looks OK, but do tell me if you find any issue. Thx!
       
 (DIR) Post #ATDbAxNGCrcu1StVNA by cryptax@mastodon.social
       2023-03-02T15:21:26Z
       
       0 likes, 0 repeats
       
       I&#39;ve encountered an #Android Manifest which lists many apps in a &quot;queries&quot; field. The Android doc says this is the way to specify your app wants to discuss with the listed apps.Any more details on this someone? What does this give access to? Have you already seen it in #malware?cc: @maldr0id @apkunpacker @frenchyeti @verovaleros @alex_burris
       
 (DIR) Post #AWcYyhXTkGjiBMaseO by cryptax@mastodon.social
       2023-06-12T15:04:08Z
       
       0 likes, 1 repeats
       
       Currently disassembling an Android malware, where part of the malicious code seems to be in #Flutter app. Blog post to confirm when I know more.#JEB  #Android #Flutter #malware
       
 (DIR) Post #AWuTmP68JGAEUEF6mW by cryptax@mastodon.social
       2023-06-20T07:49:35Z
       
       0 likes, 0 repeats
       
       Dart really has unique mechanisms, which make its reverse engineering difficult. I&#39;ve written a new blog post on how byte arrays are written in assembly. I think it&#39;s the first language I see which generates such custom assembly...?https://cryptax.medium.com/reversing-flutter-apps-darts-small-integers-b922d7fae7d9#dart #flutter #reverse #SMI #assembly
       
 (DIR) Post #AWuTmQ4OhCMzV8REiO by cryptax@mastodon.social
       2023-06-20T08:01:56Z
       
       1 likes, 1 repeats
       
       Wrote 2 basic scripts to comment assembly with the correct byte &amp; character value.- Radare2: https://github.com/cryptax/misc-code/blob/master/flutter/dart-bytes.py- JEB: https://github.com/cryptax/misc-code/blob/master/jeb/DartBytes.py
       
 (DIR) Post #AWwb17gQQ3l1b53AdE by cryptax@mastodon.social
       2023-06-15T16:29:25Z
       
       1 likes, 0 repeats
       
       I&#39;ve published a blog post on reverse engineering Dart. This is the programming language used by Flutter.This is a specific point on a non-standard way Dart assembly performs routine calls. It explains why decompilers just don&#39;t get it right when it comes to Dart...https://medium.com/@cryptax/darts-custom-calling-convention-8aa96647dcc6#Dart #reverse-engineering #Flutter #Android #ABI #assembly #disassembler #decompiler
       
 (DIR) Post #AXSM1yIbbKlZshaRIe by cryptax@mastodon.social
       2023-07-07T16:04:21Z
       
       0 likes, 0 repeats
       
       Given the amount of Android malware I analyze who read 2FA codes, I wonder how secure the feature is now [on a smartphone].In the screenshots below, the malware reads 2nd factor codes via accessibility tweaks, retrieves the value, encrypts them with RC4 and sends that to a REST API on a remote C2. This is a sample of Android/SOVA.Conclusion: 2FA don&#39;t &quot;work&quot; on a device which can be compromised.
       
 (DIR) Post #AXUPKi1l0mUp61Fhqa by cryptax@mastodon.social
       2023-07-08T16:07:16Z
       
       0 likes, 0 repeats
       
       @eighthave I&#39;ll give it a try (on an emulator ;P) but I don&#39;t think the screenshot will show anything particular to detect the first screen is not the real banking app.
       
 (DIR) Post #AXW7Vbb3qomtTjjPGq by cryptax@mastodon.social
       2023-07-09T11:56:58Z
       
       0 likes, 0 repeats
       
       @eighthave yes they&#39;re using accessibility to read 2fa, often from known apps like Google authenticator, or just SMS.
       
 (DIR) Post #AXW7bvOBB1P2bIiecC by cryptax@mastodon.social
       2023-07-09T11:58:07Z
       
       0 likes, 0 repeats
       
       @eighthave difficult to &quot;block accessibility&quot; because people with handicaps legitimately need it...
       
 (DIR) Post #AYHiBn7TeggMz0g15s by cryptax@mastodon.social
       2023-08-01T10:48:21Z
       
       0 likes, 1 repeats
       
       Impressionnant ce télephone fait par un jeune de 15 ans: https://www.paxo.frOn voit l&#39;évolution aussi. Il a commencé avec un Arduino Mega, puis un LILYGO TTGO T-Call, puis il a fait son board.L&#39;OS est custom aussi: PaxOS.https://github.com/paxo-rch/paxos_8
       
 (DIR) Post #Aa1j458ebVII64GXb6 by cryptax@mastodon.social
       2023-09-22T11:29:47Z
       
       1 likes, 0 repeats
       
       I&#39;m not sure people tell you often @radareorg but I often laugh at radare&#39;s welcome message. I like it (to be honest, I haven&#39;t tested all messages, but this one made me laugh).
       
 (DIR) Post #AblYgRbsjvnKj9v2Q4 by cryptax@mastodon.social
       2023-11-13T12:06:05Z
       
       0 likes, 2 repeats
       
       Connaissez-vous des gens intéressés par les CTFs chez ST Microelectronics, Thalès, Amadeus?On n&#39;a pas de bon point d&#39;entrée dans ces entreprises, résultat on a généralement personne de chez eux à @ph0wn alors que ça pourrait normalement les intéresser...[Ph0wn CTF - 25 novembre 2023 - Sophia Antipolis]
       
 (DIR) Post #Am6Mm76XLkuyE35iCW by cryptax@mastodon.social
       2024-09-17T15:42:04Z
       
       1 likes, 0 repeats
       
       I got decai (radare2&#39;s AI-assisted decompiler) to work with a local model, and tried it over a basic Caesar implementation in C and in Dart.To be honest, I think the conclusion is that the model I selected is not good enough ;) but #r2ai and #decai are really great tools. Read my post to understand how to install, configure and use. Or RTFM :Phttps://cryptax.medium.com/using-ai-assisted-decompilation-of-radare2-e81a882863c9many thanks to @Pancake for his patience! &quot;it&#39;s not working on my laptop&quot;, &quot;try this then&quot; etc#radare2 #decompiler #dart #C
       
 (DIR) Post #Ar6kif1HE7sR2Qg3fs by cryptax@mastodon.social
       2025-02-14T09:58:04Z
       
       0 likes, 0 repeats
       
       For a Ph0wn Labs party at Sophia Hacker Lab, I created a 4-level CrackMe, with growing difficulty.The first 3 levels are really quite simple. The 4th is a bit more complex, but if you are used to decompiling, you&#39;ll have no issue with it.Get the binary here : https://github.com/SophiaHackLab/ph0wnlabs/blob/main/lab-01/bins/meet-pico #ph0wn #SHL #crackme 1/2
       
 (DIR) Post #Ar6kigE4k1i0mPfnGK by cryptax@mastodon.social
       2025-02-14T09:59:53Z
       
       1 likes, 0 repeats
       
       Spoiler alert! Watch how easily r2ai solves level 4 (of course, it solves the first 3 levels no problem either)https://asciinema.org/a/B8UalyH6I3AhSapmfYo5rvm3WDon&#39;t watch the video if you intend to try the CrackMe on your rown ;)#r2ai #AI #radare2
       
 (DIR) Post #ArDAEYrxICc924Nw6S by cryptax@mastodon.social
       2025-02-17T12:54:04Z
       
       1 likes, 1 repeats
       
       That guy hacked his air purifier, reversed part of the Android app, then the PCB, downloaded the firmware and reversed everything .. to integrate it to HomeAssistant! :oDidn&#39;t know about MessagePack nor esp32knife.https://jmswrnr.com/blog/hacking-a-smart-home-device#IoT #homeassistant #reverse #esp32 #ghidra
       
 (DIR) Post #AszIkyLSdK3pTAjuU4 by cryptax@mastodon.social
       2025-04-11T16:07:20Z
       
       0 likes, 1 repeats
       
       Qui sait calculer, de tête, 20% de 1540?J&#39;ai posé la question plusieurs fois à Bac+5 maths en entretien et j&#39;ai eu toutes les réponses, sauf la bonne.
       
 (DIR) Post #AszRgprh7STfb8v1fs by cryptax@mastodon.social
       2025-04-11T16:18:09Z
       
       0 likes, 0 repeats
       
       @aeris je me pose la question...
       
 (DIR) Post #B2zDENaUvFzqvE6BW4 by cryptax@mastodon.social
       2026-02-04T18:42:29Z
       
       0 likes, 0 repeats
       
       @davidrevoy amazing! But I&#39;m surprised you put in the text first, image after! I do it the other way, but I&#39;m a real amateur, so maybe actually what I do is stupid!