Jump to content

Zylla

Dedicated Members
  • Posts

    647
  • Joined

  • Last visited

  • Days Won

    46

Everything posted by Zylla

  1. RT @0xDUDE: The best place to store your private keys of your production environment is probably NOT a public Amazon AWS S3 bucket. This is…

  2. The issue with Wifite2 in the first screenshot comes from not having installed coreutils-stty. In the second screenshot i can see you're installing it. So i'm a bit puzzled. Does it happen after installing coreutils-stty? And by the way, i saw you drew a red line around some errors in the second screenshot. Those are not actual errors that are causing the Nano to misbehave. Those errors appear on every package you try to install with OPKG on the Nano. I guess the overlay filesystem is fooling opkg to think that something is wrong, when actually it's not. So every line that contains: .prerm / .postinst / .list / .control can safely be ignored on the Nano. Nothing is actually wrong.
  3. RT @taviso: First of a few remote code execution flaws in various popular torrent clients, here is a DNS rebinding vulnerability Transmissi…

  4. RT @dragosr: If you have/use any Western Digital MyCloud drives, recommend disconnecting them immediately and transitioning the data to ano…

  5. RT @benhawkes: Project Zero blog post: "Reading privileged memory with a side-channel" by Jann Horn (@tehjh) - https://t.co/eVKlU7eiGy

  6. RT @CharlieOneTime: @NYPDnews @NYPDPSA9 Great job NYPD, the war on drugs is over now ?

  7. Zylla

    Blizzard games

    Yeah i know! But after the obfuscation, and the all the heavy anti-debugging was added, it's a nightmare injecting/attaching anything into WoW without crashing it. But i'm still trying! :D
  8. RT @i41nbeer: tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch…

  9. Zylla

    Blizzard games

    Sounds exactly like my story, except my wife and i continued playing after our daughter was born in 2014. But not nearly as much as before. We both had all classes (13 characters) leveled to 110, and then we both got a 6 month suspension on our accounts. This is two months ago. We were using FireHack, which is a LUA-unlocker. And i wrote combat-rotations for our characters, which got quite popular in the community. And yeah, i had a lifetime sub. to HonorBuddy, which i purchased in 2007. But i stopped using it around 2010-2011 because Blizzard targetted them so much, and it was almost guaranteed perma-bans. Rumour has it that Blizzard really upped their game on the anti-cheat stuff. We've heard talk about that exact department within Blizzard tripling the amount of employees, and now with HonorBuddy out of the picture i think it's really easy for Blizzard to target other stuff (client-side). I also have no doubt they're testing out some Artificial Intelligence software to detect stuff server-side as well. Papers released several years ago describes having no problems detecting bots, and that's without AI-software. (link to paper) Blizzard also implemented the same anti-cheat system that Overwatch has with patch 7.3 a little while ago, which also added obfuscation and heavy anti-debugging to the client. This also killed alot of other cheating software, like oLUA (free lua-unlocker), and many other projects. FireHack was the only one that managed to pull through this, but we had a detection two months ago approx. God knows how many hidden detection stuff they might have added to the client. And they're not always active either, so it's hard to track it.
  10. Zylla

    Blizzard games

    World of Warcraft! No doubt. I've been playing it since the early European "closed beta" in late 2003/ early 2004 to this day. WoW also sparked an interest in me for developing and reversing software. So i've been developing "addons" for WoW for a while now, and reversing Blizzards anti-cheat system; as it's basically behaving as malware. And i enjoy finding out how it's working and the stuff they're scanning on your computer.
  11. I've uploaded it to a github repo. with a little tutorial to get it up and running on a fabric-reset Pineapple Tetra. Usage on the Nano should be the same, except using the SD-card for storage/installation stuff. (For example adding --dest sd to all the opkg install lines) The custom hostapd and wpa_supplicant is readily cross-compiled for the device with the same source-files that are in the directories. I've also included a enable-hwcrypto.sh script, to reset the changes made when you disable it. And a last thing: When you've enabled/disabled hwcrypto you will need to reboot to get the changes. Please test it, and report back any changes you'd like to see. :)
  12. I'll be a honest. I haven't studied his attack into details, but it's starting to look a bit interesting now after i got it working on my Tetra. It says that the hostapd version he's' using is patched. It'd be interesting to merge these patches with hostapd that already has the Karma/Mana patches. We could then find vulnerable clients without having them to connect manually. Which i'll actually start doing some testing on. This also gave me some tips for possibly improving my scripts for the Mana attack. Sweet. :)
  13. Yeah. I've got the script/attack working on my Tetra now. Just need to compile everything, and make a tutorial on how to set it up. Screenshot when testing on my iPhone 7+ connected.
  14. I don't want to sound like a douchè here, but yes it actually will help. To be honest, me and my wife are having a tough time here economically, so i'm having to prioritize working on stuff that gives a bit of income over other stuff.
  15. RT @josephfcox: The stance of ‘I’m not important enough for hackers’ is one infosec needs to help people overcome. An email account is a pe…

  16. I'm working on it. :) Have a lot on my schedule though so progress is a bit slow.
  17. If we're talking about something that's "reasonable": i'm suggesting a microwave, or as we used on my old workplace: this insane magnet, built for destroying data on HDDs. We need to consider the time you have to react when your house is being raided by feds. (If they know your "1337 haxer skillz" they might be ready for you to pull something like this off.) It's seconds! So, either a microwave next to your computer, ready to go. Or some custom rig with a trigger that will ignite some thermite around the HDDs. (Saw this in a video a long time ago) If you have time on your hands the 3-pass should be fine.
  18. Holy moly, that's alot of interfaces! Have you upgraded your version of aircrack-ng on the Pineapple? This output looks alot like the bogus output you get after upgrading to another version of aircrack-ng, not using the airmon-ng customized for the Pineapples.
  19. Try "chmod +x Wifite2.py" or "python Wifite.py"
  20. Do i have any fellow OpSec. friend that have any idèas on intercepting and decrypting SSL/TLS traffic from a... https://t.co/wGOEaskY3m

  21. #SnapchatDown #FML

  22. @hak5darren @Hak5 Was equally impressed ordering my Pineapple two years ago. It took 3 days! From San Fransisco to… https://t.co/qdSXZ8Rh3m

  23. RT @Hak5: https://t.co/GYsV1n1mqq Introducing the Packet Squirrel, the ultimate pocket-sized Ethernet man-in-the-middle ??️??️ https://t.co…

  24. @ElvisTheAlienTV https://t.co/MWQqINDkEz

×
×
  • Create New...