Forwarded from WEB UNDERCODE - PRIVATE
π¦The Cracking process:
#expertHACKing
1οΈβ£Process 1: Initialize the DS28E01 key
The initialization key is only operated at the factory before the product is produced, and only needs to be operated once.
Procedure flow chart:
1) Read the chip ROMID
2) Generate a unique 64-bit key through a certain algorithm to ensure that the key generated by each motherboard is different.
3) Write the key to the chip temporary storage area, and read back to verify whether the writing is correct
4) Execute the chip load key command to let the chip save the 64-bit key in the temporary storage area to the key storage area
5) Finish.
2οΈβ£Process 2: verify the DS28E01 key
The verification key is carried out in the product application. Every time the product is started, the DS28E01 key is verified to be correct.
If the verification is passed, it will work normally. If the verification is not correct, the product will not work properly through certain means.
3οΈβ£Procedure flow chart:
1) Read the chip ROMID
2) Generate the 64-bit key by the same algorithm as in the initialization process
3) Write an 8-byte random number to the chip temporary storage area (only 5 bytes are used), and read back to verify
4) Send encrypted authentication commands to the chip, you can read back 32 bytes of EEPROM data and 20 bytes of hash value
5) Use the data read above to generate a 55-byte digest message and perform SHA1 operations
6) Compare whether the calculated hash value is consistent with the hash value read back from the chip
π¦ Crack method:
1) As can be seen from the above application process, the key algorithm here is SHA1, and there are two copies of the data involved in the SHA calculation. One copy is inside the chip, and we cannot read it.
2) But the other one is generated inside the MCU, so as long as the process of generating messages inside the MCU is obtained, there is a possibility of cracking.
3) The key data is the 8-byte key, because the 8-byte key is generally bound to the ROMID and CPUID,
4) Therefore, we must first be able to read the binary code of the program from the chip, and then disassemble and analyze the algorithm for key generation to achieve the purpose of cracking.
5) However, disassembling and analyzing the algorithm is not easy.
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
#expertHACKing
1οΈβ£Process 1: Initialize the DS28E01 key
The initialization key is only operated at the factory before the product is produced, and only needs to be operated once.
Procedure flow chart:
1) Read the chip ROMID
2) Generate a unique 64-bit key through a certain algorithm to ensure that the key generated by each motherboard is different.
3) Write the key to the chip temporary storage area, and read back to verify whether the writing is correct
4) Execute the chip load key command to let the chip save the 64-bit key in the temporary storage area to the key storage area
5) Finish.
2οΈβ£Process 2: verify the DS28E01 key
The verification key is carried out in the product application. Every time the product is started, the DS28E01 key is verified to be correct.
If the verification is passed, it will work normally. If the verification is not correct, the product will not work properly through certain means.
3οΈβ£Procedure flow chart:
1) Read the chip ROMID
2) Generate the 64-bit key by the same algorithm as in the initialization process
3) Write an 8-byte random number to the chip temporary storage area (only 5 bytes are used), and read back to verify
4) Send encrypted authentication commands to the chip, you can read back 32 bytes of EEPROM data and 20 bytes of hash value
5) Use the data read above to generate a 55-byte digest message and perform SHA1 operations
6) Compare whether the calculated hash value is consistent with the hash value read back from the chip
π¦ Crack method:
1) As can be seen from the above application process, the key algorithm here is SHA1, and there are two copies of the data involved in the SHA calculation. One copy is inside the chip, and we cannot read it.
2) But the other one is generated inside the MCU, so as long as the process of generating messages inside the MCU is obtained, there is a possibility of cracking.
3) The key data is the 8-byte key, because the 8-byte key is generally bound to the ROMID and CPUID,
4) Therefore, we must first be able to read the binary code of the program from the chip, and then disassemble and analyze the algorithm for key generation to achieve the purpose of cracking.
5) However, disassembling and analyzing the algorithm is not easy.
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Detailed explanation of DS28E01 typical applications and cracking methods BY Undercode
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CISA ordered federal agencies to install patches to fix serious Windows vulnerabilities within 24 hours
> The Cybersecurity Department of the US Department of Homeland Security (DHS) issued an executive order on Thursday that requires federal civil agencies to immediately fix security for the newly discovered Windows vulnerability SIGRed on the grounds that the vulnerability constitutes "unacceptable" for the security of these agencies. Major risks of
> This is the third order ever issued by the Cybersecurity and Infrastructure Security Agency (CISA) under the DHS, requiring major institutions to patch Windows servers used for the domain name system within 24 hours . Or deploy other mitigation solutions. The organization is not used for DNS, but the affected servers must be patched before July 24.
>The directive is very urgent, CISA emphasized: "Based on the possibility of the vulnerability being exploited, the widespread use of the affected software in the entire federal enterprise, the possibility of damage to the organizationβs information system is high, and the serious impact of successful destruction ".
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦CISA ordered federal agencies to install patches to fix serious Windows vulnerabilities within 24 hours
> The Cybersecurity Department of the US Department of Homeland Security (DHS) issued an executive order on Thursday that requires federal civil agencies to immediately fix security for the newly discovered Windows vulnerability SIGRed on the grounds that the vulnerability constitutes "unacceptable" for the security of these agencies. Major risks of
> This is the third order ever issued by the Cybersecurity and Infrastructure Security Agency (CISA) under the DHS, requiring major institutions to patch Windows servers used for the domain name system within 24 hours . Or deploy other mitigation solutions. The organization is not used for DNS, but the affected servers must be patched before July 24.
>The directive is very urgent, CISA emphasized: "Based on the possibility of the vulnerability being exploited, the widespread use of the affected software in the entire federal enterprise, the possibility of damage to the organizationβs information system is high, and the serious impact of successful destruction ".
#News
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The main reasons for the slow functioning of a computer on Windows 7-8-10:
Rarely, this is caused by only one specific reason, since most often PC braking is caused by a number of minor problems, among which it is necessary to pay attention to the following factors:
1οΈβ£Lack of any targeted actions on the part of the user to optimize the operation of the operating system;
2οΈβ£Infection with malicious applications;
3οΈβ£Poor computer cooling system;
4οΈβ£Periodic defragmentation of hard disk partitions is not performed;
5οΈβ£Malfunction of some PC components.
6οΈβ£As you can see, the list of the main factors is not very long, but all of them usually take place in the average PC just a few years after purchase.
π¦Conventionally, all problems are divided into 2 groups:
1) Hardware
> Impaired cooling;
> Winchester defects;
> Damage to the rest of the PC components.
2) Systemic
> Errors in the OS configuration or BIOS;
> Infection with viral applications;
> Lack of system memory, overload.
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The main reasons for the slow functioning of a computer on Windows 7-8-10:
Rarely, this is caused by only one specific reason, since most often PC braking is caused by a number of minor problems, among which it is necessary to pay attention to the following factors:
1οΈβ£Lack of any targeted actions on the part of the user to optimize the operation of the operating system;
2οΈβ£Infection with malicious applications;
3οΈβ£Poor computer cooling system;
4οΈβ£Periodic defragmentation of hard disk partitions is not performed;
5οΈβ£Malfunction of some PC components.
6οΈβ£As you can see, the list of the main factors is not very long, but all of them usually take place in the average PC just a few years after purchase.
π¦Conventionally, all problems are divided into 2 groups:
1) Hardware
> Impaired cooling;
> Winchester defects;
> Damage to the rest of the PC components.
2) Systemic
> Errors in the OS configuration or BIOS;
> Infection with viral applications;
> Lack of system memory, overload.
Share usβ€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to properly install Windows 10 on your Lumia smartphone-BY Undercode ?
> We will update the operating system on the basis of the previous version of the OS, which we will consider Windows 8.1 (although it could be the "Seven") build no lower than 8.10.14219.341. Before starting the installation, you need to make sure that all the latest service packs are installed on the system, as well as that you have an active Windows Insider account.
> If this is not the case, then you need to go to https://insider.Windows.com/ and register. There are no complex points in the registration procedure - everything should go smoothly. Then download the Windows Insider application, which can be taken from here: https://www.microsoft.com/uk-ua/store/apps/Windows-insider/9wzdncrfjbhk - this is the address of the Microsoft application store for this application.
> These preparations should be enough to get a fresh version of the OS on your computer. Another question: do you need it? Worth a try anyway. Without trying Win10 at work, it is difficult to form any idea about it, even if you shove through a mountain of materials on the Internet. So, let's put the tenth version.
1οΈβ£Launch the Windows Insider application - it is specifically designed for this purpose.
2οΈβ£Click on the inscription βGet assembliesβ
3οΈβ£Select a method for receiving patches for the system. There are two possibilities here: set the "Fast" option - and then you will be overwhelmed with patches up to your ears (keep in mind that not all of them will work correctly) or select the "Slow" option - then you will be sent only verified updates.
4οΈβ£Proceed to the βPhone Updatesβ settings item and click on the βCheckβ button.
5οΈβ£After that, the process of downloading the new version will begin, and after its completion you will see the Windows 10 interface on your screen. Sometimes the download stops halfway. For example, the system is upgraded to some intermediate version of the "Eight" and gets stuck there. You can get out of this situation by repeating all the above steps again.
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How to properly install Windows 10 on your Lumia smartphone-BY Undercode ?
> We will update the operating system on the basis of the previous version of the OS, which we will consider Windows 8.1 (although it could be the "Seven") build no lower than 8.10.14219.341. Before starting the installation, you need to make sure that all the latest service packs are installed on the system, as well as that you have an active Windows Insider account.
> If this is not the case, then you need to go to https://insider.Windows.com/ and register. There are no complex points in the registration procedure - everything should go smoothly. Then download the Windows Insider application, which can be taken from here: https://www.microsoft.com/uk-ua/store/apps/Windows-insider/9wzdncrfjbhk - this is the address of the Microsoft application store for this application.
> These preparations should be enough to get a fresh version of the OS on your computer. Another question: do you need it? Worth a try anyway. Without trying Win10 at work, it is difficult to form any idea about it, even if you shove through a mountain of materials on the Internet. So, let's put the tenth version.
1οΈβ£Launch the Windows Insider application - it is specifically designed for this purpose.
2οΈβ£Click on the inscription βGet assembliesβ
3οΈβ£Select a method for receiving patches for the system. There are two possibilities here: set the "Fast" option - and then you will be overwhelmed with patches up to your ears (keep in mind that not all of them will work correctly) or select the "Slow" option - then you will be sent only verified updates.
4οΈβ£Proceed to the βPhone Updatesβ settings item and click on the βCheckβ button.
5οΈβ£After that, the process of downloading the new version will begin, and after its completion you will see the Windows 10 interface on your screen. Sometimes the download stops halfway. For example, the system is upgraded to some intermediate version of the "Eight" and gets stuck there. You can get out of this situation by repeating all the above steps again.
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
Windows Insider
Join Windows Insider β Get early access to Windows 11 features & updates
Join the Windows Insider Program to preview Windows features, provide feedback, and shape what's coming next to Windows.
Tips for Reverse-Engineering Malicious Code.pdf
271.4 KB
Helpful reverse #Tips
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Anonymity and privacy tip :
#FastTips
1) You can break your anonymity very badly by using VPN / SSH in addition to Tor. (Proxies are described below.) But if you know what you are doing, you can improve anonymity, security, and privacy.
2) VPN / SSH providers keep a history of financial transactions and you will leave traces if you don't choose a truly anonymous payment method. VPN / SSH acts as a persistent ingress or persistent egress node. This may solve some problems, but create new risks.
3) Who is your opponent? Against a global adversary with unlimited resources, adding new intermediate nodes makes passive attacks (a bit) harder, but active attacks become easier as you provide more surface to attack and send more data that you can use. Adding nodes strengthens you against collusion of Tor nodes and against blackhat hackers targeting Tor client code (especially if Tor and VPN are running on two different systems).
4) If the VPN / SSH server is under the control of an attacker, you are weakening the protection provided by Tor. If the server is trustworthy, you can increase the anonymity and / or privacy (depending on the settings) provided by Tor.
5) VPN / SSH can also be used to bypass Tor censorship (if your ISP is blocking access to Tor, or if the end node is blocking connections from the Tor network).
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Anonymity and privacy tip :
#FastTips
1) You can break your anonymity very badly by using VPN / SSH in addition to Tor. (Proxies are described below.) But if you know what you are doing, you can improve anonymity, security, and privacy.
2) VPN / SSH providers keep a history of financial transactions and you will leave traces if you don't choose a truly anonymous payment method. VPN / SSH acts as a persistent ingress or persistent egress node. This may solve some problems, but create new risks.
3) Who is your opponent? Against a global adversary with unlimited resources, adding new intermediate nodes makes passive attacks (a bit) harder, but active attacks become easier as you provide more surface to attack and send more data that you can use. Adding nodes strengthens you against collusion of Tor nodes and against blackhat hackers targeting Tor client code (especially if Tor and VPN are running on two different systems).
4) If the VPN / SSH server is under the control of an attacker, you are weakening the protection provided by Tor. If the server is trustworthy, you can increase the anonymity and / or privacy (depending on the settings) provided by Tor.
5) VPN / SSH can also be used to bypass Tor censorship (if your ISP is blocking access to Tor, or if the end node is blocking connections from the Tor network).
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best-FASTEST Internet Browser for Mac
> To say that only one browser is the best Mac browser would be untrue. It depends what you are looking for. Perhaps you want your browser to be super fast like UC Browser , or you are looking for a custom browser. We will look at other browsers, such as Safari, Mozilla, Opera and Chrome, a little further.
1οΈβ£ Safari
Let's start with Safari, as it is the default browser for Mac, iPad and iPhone. If you're a big Apple fan, you're unlikely to give up Safari. There are add-ons, bookmark sync between Mac and iOS computers and many other cool features. If, like me, you like browsers that look nice and tidy, then Safari is the browser for you. This provides a pleasant viewing experience.
2οΈβ£Mozilla
If you're looking for a fast browser, Mozilla may not be the best internet browser for Mac, but it does have its qualities. When it comes to customization, this is one of the best options. You can try all kinds of extensions, add-ons and super exciting features that will enhance your online experience. If you've never used Mozilla before, we suggest you give it a try.
3οΈβ£Opera
Opera isn't as popular as Safari, Mozilla, or Chrome, but it's a pretty good browser nonetheless. In case your internet connection is not so fast, this browser may be the best browser for Mac, because it comes in Off Rode mode. While browsing the Internet, this mode saves bandwidth, also compresses data and makes the browser faster and more enjoyable, even if you have a slow network connection. We often feel like he's a little underestimated and shouldn't be. There are many great features, and it is visually appealing.
4οΈβ£Chrome
Chrome is not only the best internet browser for Mac, but also one of the best browsers in general and works great on PC too. It's fast, and if you're looking for a custom browser, Chrome won't disappoint you. There are many features and add-ons to explore. It's a user-friendly browser, and it's also pretty attractive. Developers love it because it offers many options.
Β» All of these browsers are great, and choosing the best browser for Mac depends on your needs and network connectivity.
enjoy β€οΈππΏ
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Best-FASTEST Internet Browser for Mac
> To say that only one browser is the best Mac browser would be untrue. It depends what you are looking for. Perhaps you want your browser to be super fast like UC Browser , or you are looking for a custom browser. We will look at other browsers, such as Safari, Mozilla, Opera and Chrome, a little further.
1οΈβ£ Safari
Let's start with Safari, as it is the default browser for Mac, iPad and iPhone. If you're a big Apple fan, you're unlikely to give up Safari. There are add-ons, bookmark sync between Mac and iOS computers and many other cool features. If, like me, you like browsers that look nice and tidy, then Safari is the browser for you. This provides a pleasant viewing experience.
2οΈβ£Mozilla
If you're looking for a fast browser, Mozilla may not be the best internet browser for Mac, but it does have its qualities. When it comes to customization, this is one of the best options. You can try all kinds of extensions, add-ons and super exciting features that will enhance your online experience. If you've never used Mozilla before, we suggest you give it a try.
3οΈβ£Opera
Opera isn't as popular as Safari, Mozilla, or Chrome, but it's a pretty good browser nonetheless. In case your internet connection is not so fast, this browser may be the best browser for Mac, because it comes in Off Rode mode. While browsing the Internet, this mode saves bandwidth, also compresses data and makes the browser faster and more enjoyable, even if you have a slow network connection. We often feel like he's a little underestimated and shouldn't be. There are many great features, and it is visually appealing.
4οΈβ£Chrome
Chrome is not only the best internet browser for Mac, but also one of the best browsers in general and works great on PC too. It's fast, and if you're looking for a custom browser, Chrome won't disappoint you. There are many features and add-ons to explore. It's a user-friendly browser, and it's also pretty attractive. Developers love it because it offers many options.
Β» All of these browsers are great, and choosing the best browser for Mac depends on your needs and network connectivity.
enjoy β€οΈππΏ
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
SQL FOR BEGINERS :
#FastTips
π¦What is SQL?
SQL is a Structured Query Language, which is a computer language for storing, processing, and retrieving data stored in a relational database.
SQL is the standard language for the database system. All relational database management systems such as MySQL , MS Access, Oracle, Sybase, Informix, Postgres and SQL Server use SQL as the standard database language.
> In addition, they use various dialects, such as:
1) MS SQL Server using T-SQL,
2) Oracle with PL / SQL,
>the version of MS Access from SQL is called JET SQL (native format), etc.
π¦Why SQL?
1οΈβ£Allows users to access data in relational database management systems.
2οΈβ£Allows users to describe data.
3οΈβ£Allows users to define and manage data in the database.
4οΈβ£Allows embedding into other languages ββusing SQL modules, libraries & precompilers.
5οΈβ£Allows users to create and delete databases and tables.
6οΈβ£Allows users to create views, stored procedures, functions in the database.
7οΈβ£Allows users to set permissions on tables, stored procedures, and views
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
SQL FOR BEGINERS :
#FastTips
π¦What is SQL?
SQL is a Structured Query Language, which is a computer language for storing, processing, and retrieving data stored in a relational database.
SQL is the standard language for the database system. All relational database management systems such as MySQL , MS Access, Oracle, Sybase, Informix, Postgres and SQL Server use SQL as the standard database language.
> In addition, they use various dialects, such as:
1) MS SQL Server using T-SQL,
2) Oracle with PL / SQL,
>the version of MS Access from SQL is called JET SQL (native format), etc.
π¦Why SQL?
1οΈβ£Allows users to access data in relational database management systems.
2οΈβ£Allows users to describe data.
3οΈβ£Allows users to define and manage data in the database.
4οΈβ£Allows embedding into other languages ββusing SQL modules, libraries & precompilers.
5οΈβ£Allows users to create and delete databases and tables.
6οΈβ£Allows users to create views, stored procedures, functions in the database.
7οΈβ£Allows users to set permissions on tables, stored procedures, and views
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β