@searchspIoit @fs0c131y this has nothing to do with that iโm talking about or what is shown in the vid im replying to
English
Dan ๐ช
744 posts
Dan ๐ช
@gigdotzip
i like android framework/platform development, flutter, and linux.
18 he/him ๐ฎ๐น๐จ๐ฟ ๊ฐ์
์ผ Ocak 2022
219 ํ๋ก์212 ํ๋ก์
@gigdotzip @fs0c131y Vous pouvez obtenir le token d'une victime (entiรจrement rรฉutilisable) en lui faisant scanner un QR code mdr
Franรงais
Je confirme, Paul is right
Paul Moore - Security Consultant ๎จ@Paul_Reviews
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Portuguรชs
Dan ๐ช ๋ฆฌํธ์ํจ
Seriously just stop..
I HATE when Windows Laptop vendors sacrifice user experience for a couple of bucks from McAfee and Dropbox..
THIS is why people buy MacBooks
English
Dan ๐ช ๋ฆฌํธ์ํจ
The fundamental problem with this "hack" is it requires three things being true.
1. An attacker must possess the device
2. An attacker must be able to unlock the cell phone
3. The cell phone must be "rooted", all additional cell phone security already bypassed
In the event all three of these conditions are true, you have far greater issues than someone modifying the PIN on your age verification app or... verify they're an adult using your stuff.
If you want to do this, for whatever reason, using this you can now reset the PIN on your age verification app arbitrarily or give yourself unlimited verifications.
Paul Moore - Security Consultant ๎จ@Paul_Reviews
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
English
@fs0c131y What's the threat model here? An attacker has ADB access to your device? The biometrics are there to stop minors living in your home (like your kids) from using your age verification credentials. You could argue it should be more locally secure, but calling it a bypass is silly.
English
The biometric authentication of the #EU #AgeVerification app can be easily bypass too...
Baptiste Robert@fs0c131y
Je confirme, Paul is right
English
@fs0c131y If a malicious actor has root permissions on your phone then you have other issues mate. Can you reproduce it on a phone/emulator without adb root and Magisk? Itโs not good that they put it in shared preferences but itโs not that big of a deal especially since itโs a demo
English
Dan ๐ช ๋ฆฌํธ์ํจ
The craziest thing ever happened on YouTube.
La7, an Italian television channel has used footage from Nvidia DLSS 5 Trailer and then sent a copyright strike to every YouTube video that supposedly used โtheir footageโ, including Nvidia themselves.
Nvidiaโs own DLSS 5 announcement video has now been taken down by La7 as you can see here.
English
Dan ๐ช ๋ฆฌํธ์ํจ
@MNateShyamalan bespoke; confidently using only semicolons even though youre doing it wrong 90% of the time
English
Dan ๐ช ๋ฆฌํธ์ํจ
TIRED: using โโโ and everyone thinks youโre a bot
WIRED: never learning the difference between colons and semicolons: dont let it stop you
INSPIRED: assert dominance with the mega-hyphen. itโs not just punctuation โโโโโ itโs a statement.
English
Dan ๐ช ๋ฆฌํธ์ํจ
Dan ๐ช ๋ฆฌํธ์ํจ
This is it, native PCVR on MacOS! The OpenXR SDK can be compiled on MacOS, So I implemented a runtime and a streaming app. Godot supports OpenXR on MacOS so I use it to test my integration. Unity could work too and of course native C++. 1/x
English
Dan ๐ช ๋ฆฌํธ์ํจ
Dan ๐ช ๋ฆฌํธ์ํจ
Dan ๐ช ๋ฆฌํธ์ํจ
Dan ๐ช ๋ฆฌํธ์ํจ
Dan ๐ช ๋ฆฌํธ์ํจ
Dan ๐ช ๋ฆฌํธ์ํจ
Dan ๐ช ๋ฆฌํธ์ํจ
"Disappearing for 6 months" is literally the dumbest thing you can do. You will lose most of your contacts, lose leverage across the board, and slowly become irrelevant. People will learn to live without you; that's what humans do. They adapt. And then, when you return, they will perhaps be happy, but you will be demoted to a short 'novelty'. If you truly want to change, do it without the unnecessary disappearing. You're not a ghost.
English
Dan ๐ช ๋ฆฌํธ์ํจ
Dan ๐ช ๋ฆฌํธ์ํจ
Google photos making moments out of recordings I did by accident
Breaking911@Breaking911
New Jeffrey Epstein video release ๐
English