⚡️ #GitHub Real-Time Updates on Community

https://undercodenews.com/github-real-time-updates-on-community/

@Undercode_News

⚡️ A New Dawn for #Windows Search?

https://undercodenews.com/a-new-dawn-for-windows-search/

@Undercode_News

#Uber Moto Women: A Safer Ride for Women in Bengaluru

https://undercodenews.com/uber-moto-women-a-safer-ride-for-women-in-bengaluru/

@Undercode_News

📱 #Apple Ditches M4 Extreme Chip for #AI Focus

https://undercodenews.com/apple-ditches-m4-extreme-chip-for-ai-focus/

@Undercode_News

🖥️ Takedown Tuesday: Global Operation Shuts Down DDoS-for-Hire Platforms

https://undercodenews.com/takedown-tuesday-global-operation-shuts-down-ddos-for-hire-platforms/

@Undercode_News

🦑UEFI BIOS Hacking Notes:

I started my Desktop System after a couple of weeks, and found that the ASUS Z170-AR 1.03 motherboard was failing to POST successfully with the following error message:

1️⃣USB Device Over Current Status Detected !!
System Will Shut Down After 15 Seconds.
(November-2020): After downloading the BoardView file for a similar motherboard, I learned about the various OC (over current) detection sub-circuits present on the motherboard. I systematically checked the reference voltages present at all (4) of those voltage dividers and found them to be 3.26+ volts. Note: These voltage dividers ("sensors") are directly connected to the Mobo's PCH.

I also carried out the following debugging steps:

All of the USB ports were providing +5v and were able to detect the keyboard during BIOS POST (Caps Lock responded). They all seemed to be OK.

The single USB-C port on this mobo was also providing power to charge things just fine.

I connected the USB keyboard to the PS2 port but the BIOS was disabling all inputs when this 'USB OC' problem is detected.

All of the USB devices were subsequently disconnected for safety.

The cables for the front-panel USB connectors were disconnected as well.

However, the BIOS error about 'USB OC' persisted. I then dumped the BIOS from the W25Q128FV BIOS chip (thankfully present in DIP-8 form factor) using flashrom on Linux with CH341A Mini USB BIOS Programmer hardware.

3️⃣This dumping process took around 2.5 minutes. The dump matched the "BIOS ROM file" which I extracted from the Z170-AR-ASUS-3801.CAP (downloaded from ASUS' website) using UEFITool.

Note: This board uses the ASM1142 USB 3.0 chip which has its own over current (OC) detection. I couldn't find the BoardView for my Z170-AR 1.03 motherboard and hence I had to pause the hardware debugging process at this point.

Next, switching to the SW sides of things, I was able to patch the ASUS BIOS using UEFITool, GHIDRA, Cutter (Rizin GUI), and WinHex to bypass this USB OC error message (and the subsequent PC hang)!

binwalk -eM bios.rom # bios.rom is extracted from UEFItool.

[user@random _flash-me.rom.extracted]$ find . -type f -exec strings {} \; | grep "USB Device"
USB Device Over Current Status Detected !!

4️⃣I wrote the modded BIOS back using the following command,

$ sudo ./flashrom --programmer ch341a_spi -v 1402_modded_working.rom
flashrom v1.2-169-g10d71d9 on Linux 5.8.0-33-lowlatency (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Winbond flash chip "W25Q128.V" (16384 kB, SPI) on ch341a_spi.
Verifying flash... VERIFIED.
...
After patching the BIOS, I was able to boot into the system! After logging in, I was able to confirm that ASM1142 chip is generating those OC (Over Current) signals.

$ sudo dmesg | grep over-cu
[ 1.082715] usb usb4-port2: over-current condition
[ 1.086705] usb usb3-port2: over-current condition
$ lspci
...
00:14.0 USB controller: Intel Corporation 100 Series/C230 Series Chipset Family USB 3.0 xHCI Controller (rev 31)
02:00.0 USB controller: ASMedia Technology Inc. ASM1142 USB 3.1 Host Controller
03:00.0 PCI bridge: ASMedia Technology Inc. ASM1083/1085 PCIe to PCI Bridge (rev 04)
This controller can be disabled with the following command.

$ echo -n "0000:02:00.0" | sudo tee /sys/bus/pci/drivers/xhci_hcd/unbind
Here is a Linux hack to ignore the misbehaving ASM1142 USB 3.0 controller on bootup.

$ cat /etc/rc.local
#!/bin/bash

# "Fix" "2:00.0 USB controller: ASMedia Technology Inc. ASM1142 USB 3.1 Host Controller"
echo -n "0000:02:00.0" | sudo tee -a /sys/bus/pci/drivers/xhci_hcd/unbind

exit 0
This made the system pretty usable again. Victory!?

🦑Be Ethical, Use it for learning purposes !!!

Ref: Hacking Notes
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#iPhone 17 Pro Rumored to Feature Horizontal Camera Bar

https://undercodenews.com/iphone-17-pro-rumored-to-feature-horizontal-camera-bar/

@Undercode_News

⚡️ Gamaredon Expands Arsenal: New #Android #Spyware Emerges

https://undercodenews.com/gamaredon-expands-arsenal-new-android-spyware-emerges/

@Undercode_News

SmartThings Music Sync Expands: Now Supports #YouTube Music

https://undercodenews.com/smartthings-music-sync-expands-now-supports-youtube-music/

@Undercode_News

⚡️ #Apple's AirTag: A Traveler's New Best Friend

https://undercodenews.com/apples-airtag-a-travelers-new-best-friend/

@Undercode_News

🚨 Major Security Breach: Chinese Hacker Exploited Sophos Firewall Vulnerability, US Issues 0 Million Reward

https://undercodenews.com/major-security-breach-chinese-hacker-exploited-sophos-firewall-vulnerability-us-issues-0-million-reward/

@Undercode_News

🦑LeakedDBParser :

A tool to parse leaked databases in CSV-like or SQL format.

>> LeakedDBParser

git clone https://github.com/hegusung/LeakedDBParser.git
./leakeddbparser.py <hashfile> [-o <output_file>] [-n max_lines] {csv|sql} [csv or sql options]

>> CSV Format Options

1️⃣. -c: Select columns and apply checks.
- Syntax: -c <column_number>,<condition>
- Example:

     -c 1,2=40,?3
     

- Includes columns 1 and 2 in the output if:
- Column 2 has a length of 40.
- Column 3 exists.

2️⃣. --no-header: Ignore the first line of the CSV file.

>> SQL Format Options

3️⃣. --list-tables: List the tables and their columns in the SQL dump.
- Example:

     ./leakeddbparser.py sqldump.sql sql --list-tables
     

4️⃣. --dump <table_name>: Export a specific table.
- Can use -c to select specific columns.

5️⃣. Column Selection (-c):
- Syntax: -c <column_numbers>
- Example:

     ./leakeddbparser.py sqldump.sql -o export_user_hash.txt sql --dump users -c 3,5
     

- Exports columns 3 and 5 from the users table to the file export_user_hash.txt.

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Digital IDs in Your Wallet: A State-by-State Guide

https://undercodenews.com/digital-ids-in-your-wallet-a-state-by-state-guide/

@Undercode_News

🦑10 Cybersecurity Marketing Strategies To Grow Your Business:

1. Create A Product-Led SEO & Content Marketing Strategy

2. Get Targeted Media Coverage With Strategic PR

3. Build Authority With Anonymous Case Studies

4. Invest In PPC Campaigns For Faster Growth

5. Build Your Tribe With Email Marketing

6. Secure Your Cybersecurity Firm’s Online Reputation

7. Generate Social Proof On Review Aggregator Sites

8. Grow Your Social Media Influence

9. Drive Traffic From Reddit & Quora

10. Start A Podcast To Offer In-depth Advice

Ref: Chris Greer
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ Cultivating a Hacker Mindset: A New Cybersecurity Defense

https://undercodenews.com/cultivating-a-hacker-mindset-a-new-cybersecurity-defense/

@Undercode_News

🖥️ Chinese Surveillance Tool, EagleMsgSpy, Spying on Mobile Devices

https://undercodenews.com/chinese-surveillance-tool-eaglemsgspy-spying-on-mobile-devices/

@Undercode_News