@searchspIoit @fs0c131y this has nothing to do with that i’m talking about or what is shown in the vid im replying to
English
Dan 🪛
744 posts
Dan 🪛
@gigdotzip
i like android framework/platform development, flutter, and linux.
18 he/him 🇮🇹🇨🇿 เข้าร่วม Ocak 2022
219 กำลังติดตาม212 ผู้ติดตาม
@gigdotzip @fs0c131y Vous pouvez obtenir le token d'une victime (entièrement réutilisable) en lui faisant scanner un QR code mdr
Français
Je confirme, Paul is right
Paul Moore - Security Consultant @Paul_Reviews
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Português
Dan 🪛 รีทวีตแล้ว
Seriously just stop..
I HATE when Windows Laptop vendors sacrifice user experience for a couple of bucks from McAfee and Dropbox..
THIS is why people buy MacBooks
English
Dan 🪛 รีทวีตแล้ว
The fundamental problem with this "hack" is it requires three things being true.
1. An attacker must possess the device
2. An attacker must be able to unlock the cell phone
3. The cell phone must be "rooted", all additional cell phone security already bypassed
In the event all three of these conditions are true, you have far greater issues than someone modifying the PIN on your age verification app or... verify they're an adult using your stuff.
If you want to do this, for whatever reason, using this you can now reset the PIN on your age verification app arbitrarily or give yourself unlimited verifications.
Paul Moore - Security Consultant @Paul_Reviews
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
English
@fs0c131y What's the threat model here? An attacker has ADB access to your device? The biometrics are there to stop minors living in your home (like your kids) from using your age verification credentials. You could argue it should be more locally secure, but calling it a bypass is silly.
English
The biometric authentication of the #EU #AgeVerification app can be easily bypass too...
Baptiste Robert@fs0c131y
Je confirme, Paul is right
English
@fs0c131y If a malicious actor has root permissions on your phone then you have other issues mate. Can you reproduce it on a phone/emulator without adb root and Magisk? It’s not good that they put it in shared preferences but it’s not that big of a deal especially since it’s a demo
English
Dan 🪛 รีทวีตแล้ว
The craziest thing ever happened on YouTube.
La7, an Italian television channel has used footage from Nvidia DLSS 5 Trailer and then sent a copyright strike to every YouTube video that supposedly used “their footage”, including Nvidia themselves.
Nvidia’s own DLSS 5 announcement video has now been taken down by La7 as you can see here.
English
Dan 🪛 รีทวีตแล้ว
@MNateShyamalan bespoke; confidently using only semicolons even though youre doing it wrong 90% of the time
English
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
This is it, native PCVR on MacOS! The OpenXR SDK can be compiled on MacOS, So I implemented a runtime and a streaming app. Godot supports OpenXR on MacOS so I use it to test my integration. Unity could work too and of course native C++. 1/x
English
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
"Disappearing for 6 months" is literally the dumbest thing you can do. You will lose most of your contacts, lose leverage across the board, and slowly become irrelevant. People will learn to live without you; that's what humans do. They adapt. And then, when you return, they will perhaps be happy, but you will be demoted to a short 'novelty'. If you truly want to change, do it without the unnecessary disappearing. You're not a ghost.
English
Dan 🪛 รีทวีตแล้ว
Dan 🪛 รีทวีตแล้ว
Google photos making moments out of recordings I did by accident
Breaking911@Breaking911
New Jeffrey Epstein video release 👇
English