Nyastrid @ 39c3 (☎️4222) @nyastrid@computerfairi.es
- Pronouns
- She/Her
Computer nerd of IT-(in)security, hacking & ctf, loves to design stickers, radio signals interest me.
Joined Nov 2024
OH, piss
@ChaosKitsune just Congress things #39c3 #bazedleaks link: https://chaos.social/@bazed/115799396254737158
@ChaosKitsune press the button that puts it into Bluetooth mode, when in Bluetooth mode, push the same button again to turn it off.
@sophie this 737 EGPWS system unfortunately missed the beeping meetup! Hopefully an unplanned approach will activate TCAS
OH, piss
"i want to taste yours" #39c3
CCC #39c3 Cohost #cohost meetup on Day 2 after CSS Crime talk (21:05 Hall Ground) by @rebane2001 around 21:45 at the food court outside Hall Ground! There will be stickers!
Nyastrid @ 39c3 (☎️4222)
boosted
Saw this on Tumblr & thought it deserved a wider audience
🩵🩷🤍🩷🩵 🏳️⚧️
#Trans
@pollyglot saaaaame! You should come by bzd and play with a printer!
She Chaos on my Communication 'til I Congress
Nyastrid @ 39c3 (☎️4222)
boosted
Used Theremin
Like new. Never been touched
@link This is WRONG! Scandinavian countries celebrate on 24th (Christmas eve) so we had our unique Christmas last year - 2024
Nyastrid @ 39c3 (☎️4222)
boosted
First bit of art with the corru.observer art style that I am quite happy with :3
Self-OH
She's yawn baiting me
Nyastrid @ 39c3 (☎️4222)
boosted
they killed god and replaced her with an autocomplete and a subscription model and the devil does not haunt this world anymore because our souls are no longer worth taking
Nyastrid @ 39c3 (☎️4222)
boosted
About 1.5 years ago my friend was (wrongly) accused of terrorism.
All of their electronic devices have been seized, plus my stash of hard drives (which were at their place for reasons).
Of course they didn’t find any evidence. Culprit that framed my friend (and many others) was arrested (article in Polish).
Upon returning the hardware, I found that all of my harddrives have been destroyed, which made me (understandably) pissed.
We’re very good friends, so I’ve been given their personal phone that was pwned with cellebrite. It hasn’t been turned on since police extracted data from it so I decided to do some forensics on it.
As it turns out, police forgot to clean after themselves. Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer. It’s clear it’s full of obfuscations and is even using TLS to talk to Cellebrite box.
If you’re a security researcher (or just curious nerd with more spoons than me) and you wanted to take a look at it - here you go.
Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:
- Samsung Z Flip3 5G (SM-F711B)
- Android build SP2A_220305.013.F711BXXS2CVHF
Rough execution flow:
1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules
4. Module 'hid_akeys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload executed as root:
- /data/local/tmp/chrome-command-line
- /data/local/tmp/android-webview-command-line
- /data/local/tmp/webview-command-line
- /data/local/tmp/content-shell-command-line
- /data/local/tmp/frida-server-16.1.4-android-arm64
- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)
# Unanswered question: What the hell is "jtcb.sdylj.axpa" running as root? Seems to have been dropped around the same time...
Have fun!
@niko Ubuntu server installation does something similar where you can enter your GitHub username and it will pull the pubkey from there. I don't remember exactly but i think they support some other platform as well but no generic url.
Nyastrid @ 39c3 (☎️4222)
boosted
Do you consent to have your picture taken at #39C3?
Nyastrid @ 39c3 (☎️4222)
boosted
- Pronouns
- She/Her
Computer nerd of IT-(in)security, hacking & ctf, loves to design stickers, radio signals interest me.
Joined Nov 2024
