▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Install ADB & FastBoot Tools in Termux!
2019
t.me/UndercOdeTestingOfficial

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

A) Silent installation:

1) Copy and paste the following command in Termux to silently install Tools:

> apt update > /dev/null 2>&1 && apt --assume-yes install wget > /dev/null

2) wget https://github.com/MasterDevX/Termux-ADB/raw/master/

3) InstallTools.sh -q && bash InstallTools.sh

B) Common installation:

1) Copy and paste the following command in Termux to install Tools with logs output:

> apt update && apt install wget && wget https://github.com/MasterDevX/Termux-ADB/raw/master/InstallTools.sh && bash InstallTools.sh

🦑Tested

@M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm)
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How To Compress / Decompress Brawl Stars SC files on Windows / Linux / Android!
instagram.com/UnderCodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

> On Windows:

1) Download Python 3.5 or newer version from official page.
>https://www.python.org/downloads/

2) Install Python. While Installing, enable such parameters as "Add Python to PATH", "Install pip", "Install py launcher", "Associate files with Python" and "Add Python to environment variables".

3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases

4) Execute "Init.py" file to install required modules and create workspace directories.

🦑On Linux:

1) Open Terminal and install Python by executing following command:

2) sudo apt-get update && sudo apt-get install python3 python3-pip

3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases

4) Execute "Init.py" file to install required modules and create workspace directories.

🦑 On Android:

1) Download and install PyDroid app from Google Play.
> https://play.google.com/store/apps/details?id=ru.iiec.pydroid3

2) Open PyDroid and wait until Python installs.

3) Download XCoder from releases page and extract it.
> https://github.com/MasterDevX/XCoder/releases


4) In PyDroid open and execute "Init.py" file to install required modules and create workspace directories.


🦑 How to use

> To compile SC:

1) Put folders with texture name and .png files inside them in the "In-Decompressed-SC" directory and execute "SC-Encode.py" script. After the process will be finished, your .sc files will appear in "Out-Compressed-SC" folder.

2) To decompile SC:

> Put .sc files in the "In-Compressed-SC" directory and execute "SC-Decode.py" script. After the process will be finished, your .png files will appear in "Out-Decompressed-SC" folder.

🦑Tested By undercOde

> win server essentiel

> android 8.0

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁


🦑IP Spoofing FULL :

The term IP (Internet Protocol) address spoofing refers to the creation of IP packets with a forged (spoofed) source IP address with the purpose of concealing the identity of the sender or impersonating another computing system.
T.me/UnderCodeTesting
🦑Why it works ?
IP-Spoofing works because trusted services only rely on network address based authentication. Since IP is easily duped, address forgery is not difficult.
The main reason is security weakness in the TCP protocol known as sequence number prediction.

🦑How it works ?
To completely understand how ip spoofing can take place, one must examine the structure of the TCP/IP protocol suite. A basic understanding of these headers and network exchanges is crucial to the process.

🦑Internet Protocol (IP) :
It is a network protocol operating at layer 3 (network) of the OSI model. It is a connectionless model, meaning there is no information regarding transaction state, which is used to route packets on a network. Additionally, there is no method in place to ensure that a packet is properly delivered to the destination.

> Examining the IP header, we can see that the first 12 bytes (or the top 3 rows of the header) contain various information about the packet. The next 8 bytes (the next 2 rows), however, contains the source and destination IP addresses. Using one of several tools, an attacker can easily modify these addresses – specifically the “source address” field.

🦑Transmission Control Protocol (TCP) :
It is the connection-oriented, reliable transport protocol in the TCP/IP suite. Connection-oriented simply means that the two hosts participating in a discussion must first establish a connection via the 3-way handshake (SYN-SYN/ACK-ACK). Reliability is provided by data sequencing and acknowledgement. TCP assigns sequence numbers to every segment and acknowledges any and all data segments recieved from the other end.


> As you can see above, the first 12 bytes of the TCP packet, which contain port and sequencing information.

> TCP sequence numbers can simply be thought of as 32-bit counters. They range from 0 to 4,294,967,295. Every byte of data exchanged across a TCP connection (along with certain flags) is sequenced. The sequence number field in the TCP header will contain the sequence number of the *first* byte of data in the TCP segment. The acknowledgement number field in the TCP header holds the value of next *expected* sequence number, and also acknowledges *all* data up through this ACK number minus one.

> TCP packets can be manipulated using several packet crafting softwares available on the internet.

🦑The Attack
IP-spoofing consists of several steps. First, the target host is choosen. Next, a pattern of trust is discovered, along with a trusted host. The trusted host is then disabled, and the target's TCP sequence numbers are sampled. The trusted host is impersonated, the sequence numbers guessed, and a connection attempt is made to a service that only requires address-based authentication. If successful, the attacker executes a simple command to leave a backdoor.

> Spoofing can be implemented by different ways as given below -

🦑Non-Blind Spoofing :- This type of attack takes place when the attacker is on the same subnet as the victim. The sequence and acknowledgement numbers can be sniffed, eliminating the potential difficulty of calculating them accurately.

🦑Blind Spoofing :- Here the sequence and acknowledgement numbers are unreachable. In order to circumvent this, several packets are sent to the target machine in order to sample sequence numbers.

🦑Usage :


IP spoofing is almost always used in what is currently one of the most difficult attacks to defend against – Denial of Service attacks, or DoS.

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑ITWSV- Integrated Tool for Web Security Vulnerability.
ITWSV is automated penetration testing tool which performs information gathering, auditing and reporting.
Instagram.com/UndercodeTesting

🦑𝕀ℕ𝕊𝕋𝔸𝕃𝕃𝕀𝕊𝔸𝕋𝕀𝕆ℕ & ℝ𝕌ℕ:

1) git clone https://github.com/penetrate2hack/ITWSV.git

2) cd ITWSV

3) chmod +x start.sh

4) chmod +x update.sh (only if required)

5) ./start.sh

🦑FEATURES :
• WHOIS
• DNSWALK
• FIERCE
• DNSRecon
• DNSenum
• NMAP
• DMitry
• theHarvester
• LBD
• SSLScan
• SSLYze
• WhatWeb
• Automater
• Grabber
• Parsero
• Uniscan
• Metagoofil
• A2SV
• WPScan
• Droopescan
• WPSeku
• XssPy
• Spaghetti
• sublist3r
• WAFW00F
• nslookup
• nslookup
• dirsearch
• OWASP Joomscan
• Spaghetti
• Globuster
• Grabber

🦑TESTED ON :

> PARROT

> DEBIAN

> KALI


▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Malicious Scanner Script 2019 websites bug
twitter.com/UndercodeNews


> At first glance, you notice a curl request to a hacked Russian website, along with a list of 14 typical filenames of the adminer script:

1) _adminer.php

2) ad.php

3) adminer-4.2.5-en.php

4) adminer-4.2.5-mysql.php

5) adminer-4.2.5.php

6) adminer-4.3.0-en.php

7) adminer-4.3.0-mysql-en.php

8) adminer-4.3.0-mysql.php

9) adminer-4.3.0.php

10) adminer-4.3.1-en.php

11) adminer-4.3.1-mysql-en.php

12) adminer-4.3.1-mysql.php

13) adminer-4.3.1.php

14) Adminer.php

🦑SO WHAT THIS SCRIPT CAN DO ?

Batches of Domain Names:

> When we made a curl request to that Russian site, it returned a list of 10,000 domain names.

Except for the alphabetical order of the list, there was no apparent pattern in the way the list was compiled. The sites used all kinds of CMSs that were hosted on different servers.

> When we made another request to that URL, it returned a new list of 10,000 domain names. Again, the list was alphabetically sorted – this time, the new list began where the first one left off.

The same happened on each subsequent request.


🦑Estimating Scan Coverage

> This way, request by request, this single script can receive a significant number of domain names. Let’s estimate this number.

> A typical batch of 10 thousand domains consists of domains that begin with the same letter. The difference between #1 and #10,000 might only appear in the 4th letter

>Overall, the script returned over 300,000 domains that began with letter
“b”.

🦑WILL SEND IT LATER ON UNDERCODE TESTING ENGLISH GROUPES
AFTER few nessasary tests

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How Does the Scanner Works in websites ?
t.me/UNdercOdeTesting


> Now let’s see how these large lists of domains are being processed. First of all, we know that the scanner script requests them in chunks of 10,000 domains. That’s quite a big number when you need to make requests to external websites.

> As you might recall, for each domain the script needs to probe 14 adminer filenames. This means there are 140,000 requests per batch (or around 100 million requests per campaign.). Of course, you can’t expect a script to complete such a large task in one go.

🦑 To work around this, the scanner uses the following approach:

1) It saves the list of 140,000 URLs in the “s” file and the current position in that list in the “c” file.

2) The script reads URL from position “c” and then makes requests for up to 3,000 seconds (50 minutes). To do it, they have the following setting:

> and this condition:

if((time()-$t)>3000){ exit(); }

3) To speed things up, the script makes 20 asynchronous requests at once using the “curl_multi_…” function, instead of regular curl.

4) Once a batch of 20 requests is complete, the script makes another 20 requests and repeats this routine until the execution time runs out.

5) Every 100 requests, a new position in the list is saved in the “c” file so that next time when the attackers activate the script it will start where it left off.

written by M̵͘ ̠̖r̶̕.̵́ ̷͠B̴͘O̷̓T̶̆Ń̴E̶͛T̶̅(tm)
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Proxy Service-Access Control by URL in Squid\

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> The method of access control in Squid through the URL of the visited site:

> In Squid, you can It is convenient to perform access control through the URL of the visited site. An example is as follows:

> Suppose you want to prevent users from accessing all sites with sex in the URL. You can do this:

1) Define a new acl via dstdom_regex. In this example we assume that this new acl is called badrul:
acl badurl dstdom_regex sex

2) Add the corresponding access control items. It should be noted that because Squid checks the legality of access one by one, you must add
http_access deny items (that is, prohibited items) before http_acces allow
to ensure that Squid can Check the project. For example:
http_access deny badurl
http_access allow all
http_access deny ...
and so on.

3) In this way, when the URL of the user accessing the site contains the word xxx, Squid will prohibit their access and give an error message of forbidden access.


Written by Under Code
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Configuration -del Domain Name Service-Setting up DNS server on Linux UnderCode Tutorial :
instagram.com/UnderCodeTesting
🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) As we all know, the DNS system used on the Internet was bind4, and
bind8 is the latter version of bind4. And bind4 compared, bind8 better, managers

2) can more fully control its behavior, but the difference between the two is still very large, changing
not only the format, you can have a lot of new concepts. The statements available in bind8 are logging,
options, zone, acl, key, trusted-keys, server, controls, include.

3) The instructions in it can be in the format of c, c ++, or shell / perl. I would like to introduce major
primary, secondary domain name server method of basic configuration to work with bind8 (they are on the internet

🦑 two kinds of domain name servers used mainly), if interested can refer to a deeper understanding of man and

> RFC 882, RFC 883 , RFC 973, RFC 974, RFC 1033, RFC 1034, RFC1035,

> RFC 1123, RFC 2308 "Name Server Operations Guide for BIND".


🦑 Necessary conditions for the master DNS server to work properly:

1) Install the bind8 software, which is available in many unix distributions You can find it in version,

2) Several required configuration files:
named.conf
named.ca
named.local
mater file (that is, the zone file

in bind4) Among these configuration files, the most important is named.conf. Under / etc,
it is the default startup file when named is started. A typical The named.conf file includes at least
options, and zones. For example:

options {
directory "/ var / named";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};

"." Zone in {
type hint;
File "the named.ca";
};

Zone "99.cn.net" in {
type Master;
File "db.99.cn.net";
};

3) in it, options to define the path of the master file is stored, corresponds to a certain
field, here will find the named data files, require a wwwexmaple site..net if the request,
the named will arrive at / var / named find db.99 .cn. net this file, find the ip of www.examplesite ...net.

4) zone define a domain, such as 99.cn.net this field, type type custom domain name server, master
stated that this is a primary domain name server, the first zone is defined as a local server to send back its own domain
master server, will address 127.0 .0.1 mapping to localhost, in almost all types of domain name servers where
you can see all this domain. The second zone is used to define a cache initialization file, in named.net

> contain at least the name and address (these root servers will change) root servers in general named.ca do not need to
modify, named.local in just Modify the domain and contacts in the SOA record. (Some books say
that the NS record in named.local is a display, but I suggest it is better to have this sentence) file defines
the master file of the domain 99.cn.net . The following is the content of this master file:


@ IN SOA ns .your.domain. Root.your.domain. (
1999110901; Serial Number
10800; Refresh after 3 hours
3600; Retry after 1 hour
3600000; Expire after 6 weeks
86400); Minimum TTL of 1 day

@ IN NS ns.your.domain .
localhost IN A 127.0.0.1
www IN A 202.98.xxy.xy

🦑 Here @ defines the current domain, that is, your.domain, IN defines that this is an Internet-

1) type record, SOA (start of authority) marks the beginning of an authorized domain, and ns.your.domain.
Is the server that created the domain, you can use the primary domain name server, root.your.domain. custom contact,
after the root. is in the email @, brackets and a few numbers define several parameters related to this field, the unit

2) is seconds, the first four parameters secondary domain name server for updated master file, which; the latter is explained, Serial
Number the secondary domain name server for the primary domain name server to determine whether to update the master file, so if
you have a secondary domain name server, you should modify the master file after each modify this sequence number, so that the secondary domain name

3) server to update master file of this domain. refresh defined secondary domain name server refresh time,

4) the retry is defined if the primary server does not respond, the secondary server retry interval, the expire specify the domain
expiration time is that if the secondary server 42 consecutive days did not get from the primary server to the domain
information, the secondary server discards area. The fifth parameter defines the domain name server's cache other

5) validity period, after this time other name servers will come here again relevant information.

6) NS indicates that the domain name server for this domain is ns.your.domain. There can be multiple NS records.
The meaning of the two A records of localhost and www is to resolve localhost to 127.0.0.1 and

7) www.your.domainResolved to 202.98.xxy.xy, a basic master domain name server is now set up,
but it needs to be noted that in the master file, the s.your.domain. Is followed by
this. This indicates that this is a complete record, otherwise The server will automatically add the current domain to you.
For example, www means www.your.domain, and www.your.domain will become
www.your.domain.your.domain . The correct method can be www or www. .your.domain.
If you don't pay enough attention to this, it is easy to make mistakes.

8) If you need to maintain a lot of domains, you can add the corresponding zone in named.conf, and then
establish a master file of the domain in the / var / named, finally SIGHUP to reload domain name server.

9) If you need to make reverse analysis, you can follow the above named.conf carried out in the first zone, in which corresponding
the master file in use PTR pointer ip converted to a domain name.

10) The secondary DNS server to establish

a method to establish the secondary and the primary domain name server's domain name server substantially the same, the main difference
lies in the zone named.conf type, it is Slave type, the following is a secondary name server
named.conf:

Options {
Directory "/ var / named";
};


zone "0.0.127.in-addr.arpa" in {
type master;
file "named.local";
};

zone "." in {
type hint;
file "named.ca";
};

zone "example.net" in {
type slave;
file "db.exmaple .NET ";
Masters {202.98.xxy.xy};

12) As can be seen, the difference between the profile of the primary domain name server, salve type defined by
the server, supplemented domain name server, and then indicate the primary domain name server ip. But the need to pay attention to the first
zone of the type still master. Another difference is that the secondary domain name server's master file without
manually build it they will pass over from the primary domain name server, named-xfer default time pass 10 fields.
The master file of the secondary domain name server is basically the same as the master file of the primary domain name server.
Such a working

Written by Under Code
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Windows hacking remontly tutorial :
> LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
T.me/UnderCodeTesting

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

1) download the zip file on your android or linux

2) unzip in non root folder

3) IOpen "LimeRAT.sln"

4) Set Compiler to "Release" mode

5) On Solution Explorer, Right click on "Solution LimeRAT Project" and press "Rebuild Solution"

7) Everything will be under "\Project_EXE\Release"

8) Convert stub.exe to stub.il, using Ildasm

🦑Creating plugin example:

VB.NET
'Easy to create a DLL plugin
Public Class Main
'Simple Msgbox
Public Shared Sub CN(ByVal H As String, ByVal P As Integer, ByVal K As String, ByVal SP As String, ByVal PW As String, ByVal FP As String, ByVal HW As String, ByVal BT As String, ByVal PB As String)

Msgbox("Hello Client!")

Send("MSG" + SPL + "Hello Server!")
'Client will send msg back to server, MSG will be showen in [LOG] Tab

End Sub
End Class

@UnderCodeOfficial
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑 Why apk encryption and hardening :
> Android applications are mainly based on Java development
instagram.com/UnderCodeTesting
🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :

> Easily cracked

>Make an impact

> Code or key interfaces exposed

> It has even been repackaged and released by others, including advertisements and viruses.

>Huge risks for companies and users

>The most convenient and effective way to deal with cracking
Reinforce

> Through reinforcement, the effects of decompilation and preventing secondary packaging can be achieved to a certain extent
Some other reasons

> For learning purposes, I want to understand, analyze, and learn the internal design and code logic of an Android app

>So need to decompile and crack

>So to prevent others from cracking it is necessary to encrypt and strengthen

>But there are some disadvantages to reinforcement:

>Impact on the application after strengthening
volume
>Startup speed
compatibility

>All platforms can run normally without crashing
The cost

>Charges for some reinforcement schemes

>Customer service response speed

>Some platforms have different response speeds after encryption problems

Wrten by UnderCode

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to decompile and encrypt apk package in Android security > Your first step for cracking - or edit code...

🦑 𝕃𝔼𝕋𝕊 𝕊𝕋𝔸ℝ𝕋 :


1) The first one: code obfuscation technology (ProGuard) This technology is mainly used for code obfuscation to reduce the readability of the code after reverse compilation, but this technology cannot prevent the shelling technology from performing shelling (added code such as fee collection, advertising, and viruses) And, as long as it is a careful person, the code can still be reversely analyzed, so the technology does not fundamentally solve the cracking problem, but only increases the difficulty of cracking.


2) The second kind: signature comparison technology This technology mainly prevents the packing technology from packing, but the risk of reverse code analysis still exists. And this technology can't solve the problem of being packed at all. If the cracker commented out the signature comparison code and compiled it back, the technology will be cracked.

3) The third type: NDK.so dynamic library technology, this technology is to put all the important core code in the C file, use NDK technology to compile the core code into .so dynamic library, and then use JNI to call. Although this technology can protect the core code, the risk of being packed still exists.

4) The fourth type: Dynamic loading technology, which is a relatively mature technology in Java, but the technology has not yet been fully utilized by everyone in Android.
Fifth: third-party platform use

Mainly explain the fourth method. This technology can effectively prevent reverse analysis, cracking, and shelling. The dynamic loading technology is divided into the following steps:

5) Jar package that compiles core code into dex file

6) Encrypt the jar package
Use NDK to decrypt at the main entrance of the program
Then use ClassLoader to dynamically load the jar package
Use reflection technology to set ClassLoader as the system's ClassLoader.

🦑 The main advantages are:

1. The core code is in the encrypted jar, so the cracker cannot decompress the class file. If the encryption key is obtained by the cracker, it will be another level of security issues.

2. This technology can also effectively prevent the packing technology. The code is dynamically loaded. The cracker's shell program cannot be added to the encrypted jar package. The cracker injects the shell program entry in time. The shell program is not in the ClassLoader's jar package. Therefore, it cannot be executed unless the cracker replaces the ClassLoader jar package and turns off the NDK decryption code. But this kind of installation on the mobile phone is no longer our application, and users will definitely uninstall it.

written by undercode
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
🦑Apple's Bluetooth protection framework MagicPairing was revealed 10 0day vulnerabilities were not fixed

> Recently, researchers from the University of Darmstadt in Germany checked the MagicPairing protocol and found that its three implementation methods iOS, macOS and RTKIT-there are ten public defects between them, these defects have not yet been resolved.

> Apple Bluetooth protection framework: MagicPairing protocol

MagicPairing is a proprietary protocol of Apple, it can provide seamless pairing function, for example, between the user's Airpods and all their Apple devices through the Apple cloud service iCloud synchronization key to achieve. The ultimate goal of the MagicPair protocol is to derive a Bluetooth link key (LK) for use between a single device and Airpods. Create a new LK for each connection, which means that the lifetime of this LK can be effectively shortened.

🦑When a new or reset pair of Airpods initially belongs to an iCloud account with an Apple device, Secure Simple Pairing (SSP) is used. All subsequent Airpods and devices connected to the iCloud account will use the Magicpair protocol as a pairing mechanism. MagicPair contains multiple keys and derived functions. It relies on the Advanced Encryption Standard (AES) in Integrated Initialization Vector (SIV) mode for authentication and encryption.

> The general logic of Magic Pairing is that it can be integrated into any IoT-based ecosystem, thereby increasing the relevance to the entire security community.

> Although MagicPairing protocol overcomes two shortcomings of Bluetooth device pairing : poor scalability and easy to collapse security model defects . (If the permanent key Link Layer or Long-Term Key is trapped, it will crash.)

> However, the researchers used code called ToothPicker to perform wireless fuzzing and in-process fuzzing and found 8 MagicPairing and 2 L2CAP vulnerabilities, which can cause crashes, CPU overload, and paired device associations. According to foreign media reports, the information was disclosed between October 30, 2019 and March 13, 2020, and has not yet been determined

🦑"Because MagicPair is used before pairing and encryption, it provides a huge zero-click wireless attack surface. We found that all different implementations have different problems, including lock-in attacks and denial of service that can cause 100% CPU load. These issues were discovered during the general wireless test and the in-process fuzzing test on iOS. "

@iUndercode
▁ ▂ ▄ iｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

> full report written by iUndercode
Apple's Bluetooth protection framework MagicPairing was revealed 10 0day vulnerabilities were not fixed

🦑 Send screanshoats @Undercode_bot

prem proxies
pastebin.com/WWJ5GDRL ✅