π¦ What is the system shutdown/reboot attack technique?
1) System shutdown and reboot is something that everyone who has touched a PC is at least familiar with. Attackers can use this feature to cause interruption to system access or in furtherance of target system destruction.
2) For the most part, when attackers use this technique, they are not using the shutdown/reboot button located in the Windows Start menu (unless they are remoted into a system unbeknownst to the user) but rather use commands to shutdown/reboot. No matter which method is used, the result is the same β disrupting access to computer-based resources of target system users.
3) Attackers may incorporate this attack technique after other techniques are used to impact the target system, such as with the inhibit system recovery and disk structure wipe attacks. When system shutdown/reboot is used in this way, it is intended to quicken denial of system availability in order to support these previously used attack techniques β sort of like a supplementary attack technique. The system shutdown/reboot attack technique is useful for adversaries and can be frustrating for legitimate users (to say the least!).
π¦ The danger of abuse of system features :
1) Before we discuss the shutdown attack in any detail, we first should discuss what makes it so dangerous.
2) This attack technique is considered an abuse of system features technique. What this means is that the attacker or malicious hacker is leveraging the inherent features of the compromised system against itself. Unfortunately for compromised user systems, there is no counter-move to system shutdown/reboot because it is about as essential as information input through a keyboard or mouse.
@UndercodeTesting
> sourcewiki
1) System shutdown and reboot is something that everyone who has touched a PC is at least familiar with. Attackers can use this feature to cause interruption to system access or in furtherance of target system destruction.
2) For the most part, when attackers use this technique, they are not using the shutdown/reboot button located in the Windows Start menu (unless they are remoted into a system unbeknownst to the user) but rather use commands to shutdown/reboot. No matter which method is used, the result is the same β disrupting access to computer-based resources of target system users.
3) Attackers may incorporate this attack technique after other techniques are used to impact the target system, such as with the inhibit system recovery and disk structure wipe attacks. When system shutdown/reboot is used in this way, it is intended to quicken denial of system availability in order to support these previously used attack techniques β sort of like a supplementary attack technique. The system shutdown/reboot attack technique is useful for adversaries and can be frustrating for legitimate users (to say the least!).
π¦ The danger of abuse of system features :
1) Before we discuss the shutdown attack in any detail, we first should discuss what makes it so dangerous.
2) This attack technique is considered an abuse of system features technique. What this means is that the attacker or malicious hacker is leveraging the inherent features of the compromised system against itself. Unfortunately for compromised user systems, there is no counter-move to system shutdown/reboot because it is about as essential as information input through a keyboard or mouse.
@UndercodeTesting
> sourcewiki
π¦What is MITRE ATT&CK?
1) MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base β including cybersecurity.
2) To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use
1) MITRE is a not-for-profit corporation dedicated to solving problems for a safer world. Beginning as a systems engineering company in 1958, MITRE has added new technical and organization capabilities to its knowledge base β including cybersecurity.
2) To this end, MITRE released the MITRE ATT&CK list as a globally accessible knowledge base of adversary techniques and tactics based upon real-world observations. This information can then be used as the basis for the foundation of the development of threat models and methodologies for cybersecurity product/service community, the private sector and government use
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Real-world examples of system shutdown/reboot attack techniqu
Different attack groups and threats have used this attack technique in different ways, all toward the same end β interrupting system availability during the course of an attack.
1) APT37
This cyber-espionage group is suspected of being North Korea-based and has been around since 2012, with its targets being mainly in Asia. In their βAre you Happy?β campaign, they used a Master Boot Record (MBR) wiping technique followed by the command shutdown /r /t 1 to reboot target systems as the proverbial icing on the cake.
2) LockerGoga
LockerGoga is ransomware that has been wreaking havoc on industrial and manufacturing organizations in Europe. This relatively new ransomware has been observed shutting down infected systems. Because it targets high-stakes and critical infrastructure, shutdown is even more damaging than for non-critical infrastructure organizations.
4) NotPetya
Originally categorized as a type of ransomware, it appears that its attackers never planned on making the data it encrypts recoverable, making it more of a wiper malware. First spotted in June of 2017, NotPetya is known to reboot systems one hour after infection.
5) The problem with mitigation
As mentioned earlier in this article, this attack is an abuse of system features attack. Abuse of system features-based attacks cannot be effectively mitigated because they take advantage of legitimate, necessary features.
6) Detection of system shutdown/reboot
Unlike mitigation, system shutdown/reboot can be detected by a couple of methods. First, process monitoring should be used to monitor command line parameters involved in this attack technique and execution. Second, Windows event logs are capable of capturing evidence of this attack technique: monitor for Window event IDs 1074 and 6006.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Real-world examples of system shutdown/reboot attack techniqu
Different attack groups and threats have used this attack technique in different ways, all toward the same end β interrupting system availability during the course of an attack.
1) APT37
This cyber-espionage group is suspected of being North Korea-based and has been around since 2012, with its targets being mainly in Asia. In their βAre you Happy?β campaign, they used a Master Boot Record (MBR) wiping technique followed by the command shutdown /r /t 1 to reboot target systems as the proverbial icing on the cake.
2) LockerGoga
LockerGoga is ransomware that has been wreaking havoc on industrial and manufacturing organizations in Europe. This relatively new ransomware has been observed shutting down infected systems. Because it targets high-stakes and critical infrastructure, shutdown is even more damaging than for non-critical infrastructure organizations.
4) NotPetya
Originally categorized as a type of ransomware, it appears that its attackers never planned on making the data it encrypts recoverable, making it more of a wiper malware. First spotted in June of 2017, NotPetya is known to reboot systems one hour after infection.
5) The problem with mitigation
As mentioned earlier in this article, this attack is an abuse of system features attack. Abuse of system features-based attacks cannot be effectively mitigated because they take advantage of legitimate, necessary features.
6) Detection of system shutdown/reboot
Unlike mitigation, system shutdown/reboot can be detected by a couple of methods. First, process monitoring should be used to monitor command line parameters involved in this attack technique and execution. Second, Windows event logs are capable of capturing evidence of this attack technique: monitor for Window event IDs 1074 and 6006.
> Powered by wiki source
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ EDU ACCOUNTS β
β
:
sandra.ley@asu.edu:sandraley:imap.asu.edu
jtodt@nd.edu:maddux:imap-mail.nd.edu
jtbarott@ncsu.edu:molly:imap.ncsu.edu
matthew-kimsey@utc.edu:kmznooga:imap-mail.utc.edu
jth97001@uconn.edu:celtic:imap.uconn.edu
jta5y7@umsl.edu:miller:imap.umsl.edu
[matthew-brown@utc.edu](http://matthew-brown@utc.edu/):7777777:imap-mail.utc.edu
matthew-sanders@utc.edu:mrsdb03:imap-mail.utc.edu
matthew-pewsey@utc.edu:timex441:imap-mail.utc.edu
jtd0717@ecu.edu:j599223:imap.ecu.edu
jtjohns@bgnet.bgsu.edu:footbal$:imap.bgnet.bgsu.edu
[johnkkim@usc.edu:carnekaitlynkeyes@aol.com](http://johnkkim@usc.edu:carnekaitlynkeyes@aol.com/):allison:imap.aol.com
makmoo11@ku.edu:wer:imap.ku.edu
coff0076@umn.edu:sashadog84:imap.umn.edu
matthew-palumbo@utc.edu:aug1987:imap-mail.utc.edu
mcuster1@utk.edu:gladiator4:imap.utk.edu
jtrogers@usc.edu:beinboy:imap-mail.usc.edu
matt\brammer@baylor.edu:chevelle:imap-mail.baylor.edu
mcgillk@udel.edu:3510:imap.udel.edu
matt_giadrosich@baylor.edu:matt420:imap-mail.baylor.edu
coffeyma@email.uc.edu:heather:imap.email.uc.edu
coffett@auburn.edu:island:imap-mail.auburn.edu
coffeya@uwec.edu:1tagger.:imap.uwec.edu
coffeya@msoe.edu:drunken :imap.msoe.edu
juagardn@indiana.edu:9th47th:imap.indiana.edu
coffeya@msoe.edu:drunken:imap.msoe.edu
coffeyc@mville.edu:decaf2:imap.mville.edu
π¦ lOGIN HERE > https://www.office.com/
> non cracked by us
sandra.ley@asu.edu:sandraley:imap.asu.edu
jtodt@nd.edu:maddux:imap-mail.nd.edu
jtbarott@ncsu.edu:molly:imap.ncsu.edu
matthew-kimsey@utc.edu:kmznooga:imap-mail.utc.edu
jth97001@uconn.edu:celtic:imap.uconn.edu
jta5y7@umsl.edu:miller:imap.umsl.edu
[matthew-brown@utc.edu](http://matthew-brown@utc.edu/):7777777:imap-mail.utc.edu
matthew-sanders@utc.edu:mrsdb03:imap-mail.utc.edu
matthew-pewsey@utc.edu:timex441:imap-mail.utc.edu
jtd0717@ecu.edu:j599223:imap.ecu.edu
jtjohns@bgnet.bgsu.edu:footbal$:imap.bgnet.bgsu.edu
[johnkkim@usc.edu:carnekaitlynkeyes@aol.com](http://johnkkim@usc.edu:carnekaitlynkeyes@aol.com/):allison:imap.aol.com
makmoo11@ku.edu:wer:imap.ku.edu
coff0076@umn.edu:sashadog84:imap.umn.edu
matthew-palumbo@utc.edu:aug1987:imap-mail.utc.edu
mcuster1@utk.edu:gladiator4:imap.utk.edu
jtrogers@usc.edu:beinboy:imap-mail.usc.edu
matt\brammer@baylor.edu:chevelle:imap-mail.baylor.edu
mcgillk@udel.edu:3510:imap.udel.edu
matt_giadrosich@baylor.edu:matt420:imap-mail.baylor.edu
coffeyma@email.uc.edu:heather:imap.email.uc.edu
coffett@auburn.edu:island:imap-mail.auburn.edu
coffeya@uwec.edu:1tagger.:imap.uwec.edu
coffeya@msoe.edu:drunken :imap.msoe.edu
juagardn@indiana.edu:9th47th:imap.indiana.edu
coffeya@msoe.edu:drunken:imap.msoe.edu
coffeyc@mville.edu:decaf2:imap.mville.edu
π¦ lOGIN HERE > https://www.office.com/
> non cracked by us
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best free office :
https://microsoft-us.evyy.net/c/221109/190407/3327?subId1=trd-8953582031285387000&u=https%3A%2F%2Fproducts.office.com%2Fen-us%2Foffice-online%2Fdocuments-spreadsheets-presentations-office-online
https://www.google.co.uk/docs/about/
https://www.freeoffice.com/
https://www.wps.com/
https://www.libreoffice.org/download/download/
https://www.polarisoffice.com/en/office
https://www.zoho.com/workplace/pricing.html
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best free office :
https://microsoft-us.evyy.net/c/221109/190407/3327?subId1=trd-8953582031285387000&u=https%3A%2F%2Fproducts.office.com%2Fen-us%2Foffice-online%2Fdocuments-spreadsheets-presentations-office-online
https://www.google.co.uk/docs/about/
https://www.freeoffice.com/
https://www.wps.com/
https://www.libreoffice.org/download/download/
https://www.polarisoffice.com/en/office
https://www.zoho.com/workplace/pricing.html
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Microsoft
Free Microsoft Office online, Word, Excel, PowerPoint, formerly Office Online
With Microsoft 365 for the web (formally Office 365) you can edit and share Word, Excel, PowerPoint, and OneNote files on your devices using a web browser.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 popular ide & code editor for android :
https://play.google.com/store/apps/details?id=com.aor.droidedit&hl=en > free
https://play.google.com/store/apps/details?id=xyz.iridiumion.enlightened > free
http://sololearn.com/
https://play.google.com/store/apps/details?id=com.foxdebug.acode >paid
https://play.google.com/store/apps/details?id=com.ashvin777.apps.jsitor&hl=en >paid
https://github.com/jecelyin/920-text-editor-v2 > free
https://spck.io/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 popular ide & code editor for android :
https://play.google.com/store/apps/details?id=com.aor.droidedit&hl=en > free
https://play.google.com/store/apps/details?id=xyz.iridiumion.enlightened > free
http://sololearn.com/
https://play.google.com/store/apps/details?id=com.foxdebug.acode >paid
https://play.google.com/store/apps/details?id=com.ashvin777.apps.jsitor&hl=en >paid
https://github.com/jecelyin/920-text-editor-v2 > free
https://spck.io/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Troubleshooting Slow Networks with Wireshark 956 MB
https://www.pluralsight.com/courses/troubleshooting-slow-networks-wireshark
>Download<
https://www.pluralsight.com/courses/troubleshooting-slow-networks-wireshark
>Download<
Pluralsight
Troubleshooting Slow Networks with Wireshark
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best Game Hacker Android Apps 2020 (No Root)
https://gamekiller.co/
https://sbgamehacker.net/
https://creehacks.net/
https://www.luckypatchers.com/
http://leoplaycard.info/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 Best Game Hacker Android Apps 2020 (No Root)
https://gamekiller.co/
https://sbgamehacker.net/
https://creehacks.net/
https://www.luckypatchers.com/
http://leoplaycard.info/
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Advanced dork Search & Mass Exploit Scanner
> rooted termux/linux
π¦FEATURES :
Engines: Google apis cache Bing Ask Yandex Sogou Exalead Shodan
β Mass Dork Search
β Multiple instant scans.
β Mass Exploitation
β Use proxy.
β Random user agent.
β Random engine.
β Mass Extern commands execution.
β Exploits and issues search.
β XSS / SQLI / LFI / AFD scanner.
β Filter wordpress & Joomla sites.
β Wordpress theme and plugin detection.
β Find Admin page.
β Decode / Encode Base64 / MD5
β Ports scan.
β Collect IPs
β Collect E-mails.
β Auto detect errors.
β Auto detect forms.
β Auto detect Cms.
β Post data.
β Auto sequence repeater.
β Validation.
β Post and Get method
β IP Localisation
β Issues and Exploit search
β Interactive and Normal interface.
β And more...
π¦INSTALLISATION & RUN :
1) git clone https://github.com/AlisamTechnology/ATSCAN
2) cd ATSCAN
3) chmod +x ./atscan.pl
4) chmod +x ./install.sh
5) ./install.sh
6) Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan
β vERIFIED BY uNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Advanced dork Search & Mass Exploit Scanner
> rooted termux/linux
π¦FEATURES :
Engines: Google apis cache Bing Ask Yandex Sogou Exalead Shodan
β Mass Dork Search
β Multiple instant scans.
β Mass Exploitation
β Use proxy.
β Random user agent.
β Random engine.
β Mass Extern commands execution.
β Exploits and issues search.
β XSS / SQLI / LFI / AFD scanner.
β Filter wordpress & Joomla sites.
β Wordpress theme and plugin detection.
β Find Admin page.
β Decode / Encode Base64 / MD5
β Ports scan.
β Collect IPs
β Collect E-mails.
β Auto detect errors.
β Auto detect forms.
β Auto detect Cms.
β Post data.
β Auto sequence repeater.
β Validation.
β Post and Get method
β IP Localisation
β Issues and Exploit search
β Interactive and Normal interface.
β And more...
π¦INSTALLISATION & RUN :
1) git clone https://github.com/AlisamTechnology/ATSCAN
2) cd ATSCAN
3) chmod +x ./atscan.pl
4) chmod +x ./install.sh
5) ./install.sh
6) Portable Execution: perl ./atscan.pl
Installed Tool Execution: atscan
Menu: Applications > Web Application analysis > atscan
β vERIFIED BY uNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Hack News by Undercode
> The report shows that the botnet will use Baidu Tieba and other common services for management
1) Relevant research reports show that the botnet of the double-gun malicious program is managed by domestic commonly used services.
2) The number of botnets exceeds 100,000. The researchers observed that the double-gun malicious program used Baidu Tieba pictures to distribute configuration files and malware, used Alibaba Cloud storage to host configuration files, and used Baidu statistics to manage the activity of infected hosts. Tencent was also found in malware samples many times. URL of Weiyun.
3) For the first time, it integrates the services of the three major manufacturers of BAT into its own programs. Baidu has taken action to block download links for malicious code.
4) From May 14, we contacted the Baidu security team and took joint action to measure the spread of the malicious code and take countermeasures. As of this writing, the related malicious code download links have been blocked.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Exclusive sharing, STM32 series ID number encryption cracking method -For Experts @UndercodeTesting
1) Read the complete program segment, search the keyword section "E8F7FF 1F", because the unique
96-bit (12 byte) ID base address of STM32 is located at 0x1FFF7E8, if the ID
verification is involved in the program segment , the ID index in the chip will be read The address. .
2) Read the 96-bit (12-byte) ID code of the address of this chip with an anal device, find the empty area,
3) write to this address, and change the index address: for example, the chip ID code is "34 FF DA 05 4E50 38
31 19 65 18 43 "select the starting address area 0x80000020, enter" 34
FF 1843 " in the first four bytes , and enter" 34 FF DA 05 4E 50 38 31 19 65 18 43 "in the last 12 bytes
, the index" E8F7FF1F "in the chip All are changed to "20000008"
> This is a common method of removing soft encryption
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Exclusive sharing, STM32 series ID number encryption cracking method -For Experts @UndercodeTesting
1) Read the complete program segment, search the keyword section "E8F7FF 1F", because the unique
96-bit (12 byte) ID base address of STM32 is located at 0x1FFF7E8, if the ID
verification is involved in the program segment , the ID index in the chip will be read The address. .
2) Read the 96-bit (12-byte) ID code of the address of this chip with an anal device, find the empty area,
3) write to this address, and change the index address: for example, the chip ID code is "34 FF DA 05 4E50 38
31 19 65 18 43 "select the starting address area 0x80000020, enter" 34
FF 1843 " in the first four bytes , and enter" 34 FF DA 05 4E 50 38 31 19 65 18 43 "in the last 12 bytes
, the index" E8F7FF1F "in the chip All are changed to "20000008"
> This is a common method of removing soft encryption
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦For Experts-Case analysis DS28E01 typical application and cracking method by undercode > 2 parts
π¦Case DS28E01 Typical Application and Cracking Method
ο»Ώο»Ώ
The DS28E01 series of chip decryption has always been consulted by customers. For this reason, our company's engineering technology department decrypted the DS28E01 chip as a typical case to explain it to our customers.
At present, our company specializes in providing
1. Various types of software dog cracking such as: parallel port dongle, USB dongle, license cracking;
2. Modify the software function without source code, encrypt the software after cracking, and repackage;
3. Crack the registration code and enjoy it for life for once;
4. Provide encryption lock revision service;
5. One-stop service for PCB copy board, production and processing.
π¦DS28E01 is generally used in encryption protection to prevent products from being easily copied and pirated.
1) The first most popular one is disassembly, decompile the code of the main control chip, and then find the code of encryption verification, jump directly over, or force the verification of the modified memory RAM to be legal.
2) This method is very effective but complicated, and requires The cracker's assembly instructions, chip architecture, encryption chip usage, and development tools for various microcontrollers and controllers are well-versed.
3) Another is that it is not operable from a commercial point of view, because no one can complete it until the crack is completed. It is guaranteed that it can be cracked, but the decrypted machine code must be obtained first, and the customer needs to get the cost of cracking the chip to get the machine code.
4) Finally, the decryption cost of the customer is spent regardless of whether it is successful or not. The second method is to simulate the communication waveform at the time of verification. The slow speed can be simulated by the single-chip microcomputer. The high-speed communication protocol can only use CPLD. However, before this method, one task is to make the main control chip The same random number is generated every time.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦For Experts-Case analysis DS28E01 typical application and cracking method by undercode > 2 parts
π¦Case DS28E01 Typical Application and Cracking Method
ο»Ώο»Ώ
The DS28E01 series of chip decryption has always been consulted by customers. For this reason, our company's engineering technology department decrypted the DS28E01 chip as a typical case to explain it to our customers.
At present, our company specializes in providing
1. Various types of software dog cracking such as: parallel port dongle, USB dongle, license cracking;
2. Modify the software function without source code, encrypt the software after cracking, and repackage;
3. Crack the registration code and enjoy it for life for once;
4. Provide encryption lock revision service;
5. One-stop service for PCB copy board, production and processing.
π¦DS28E01 is generally used in encryption protection to prevent products from being easily copied and pirated.
1) The first most popular one is disassembly, decompile the code of the main control chip, and then find the code of encryption verification, jump directly over, or force the verification of the modified memory RAM to be legal.
2) This method is very effective but complicated, and requires The cracker's assembly instructions, chip architecture, encryption chip usage, and development tools for various microcontrollers and controllers are well-versed.
3) Another is that it is not operable from a commercial point of view, because no one can complete it until the crack is completed. It is guaranteed that it can be cracked, but the decrypted machine code must be obtained first, and the customer needs to get the cost of cracking the chip to get the machine code.
4) Finally, the decryption cost of the customer is spent regardless of whether it is successful or not. The second method is to simulate the communication waveform at the time of verification. The slow speed can be simulated by the single-chip microcomputer. The high-speed communication protocol can only use CPLD. However, before this method, one task is to make the main control chip The same random number is generated every time.
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Brief introduction to DS28E01:
1) The DS28E01 communicates with the MCU through a single bus.
Not much to say about the single bus, the time is very strict and accurate to us level.
DS28E01 has four storage areas:
2) Data memory (EEPROM) (4 pages, 32 bytes per page)
Key storage (secret) (8 bytes)
Register page containing specific functions and user bytes
Volatile scratchpad (scratchpad) (8 bytes)
3) The MCU can only read and write temporary registers through a single bus, but cannot directly read and write other storage areas.
4) When writing data to the data memory, loading the initial key, or writing data to the register page, first write the data to the scratchpad, and then use the corresponding command to let the chip copy the data from the scratchpad to the destination address.
5) working principle:
There is a SHA-160 encryption module inside the chip. The 55 bytes of data in a specific format participating in the SHA algorithm,
6) These data include 8 bytes of key, 5 bytes of user-specified random number, 32 bytes of EEPROM content, 7 bytes of ROMID, 2 bytes of fixed data (0xFF) and 1 byte of EEPROM address TA1.
The MCU can read the 20-byte hash value encrypted by the chip through SHA, and compare it with the hash value calculated by the MCU itself through the same algorithm.
7) Since the MCU wants to perform the same encryption operation, or it must generate 55-byte messages that are exactly the same as inside the chip, how can it be obtained?
The 8-byte key is generated and written by itself.-> OK
The 5-byte random number is the value written into the scratchpad before the chip performs SHA.-> OK
The 32-byte EEPROM data, before reading back the 20-byte hash value, the chip will return the 32-byte content. -> OK
7 bytes ROMID, you can read the ROMID of the chip at any time.-> OK
2 bytes fixed value, see the manual to know-> OK
1 byte TA1, write it in yourself.-> OK
π¦Typical application process:
Process 1: Initialize the DS28E01 key
The initialization key is only operated at the factory before the product is produced, and only needs to be operated once.
Procedure flow chart:
1. Read the chip ROMID
2. Generate a unique 64-bit key through a certain algorithm to ensure that the key generated by each motherboard is different.
3. Write the key to the chip temporary storage area, and read back to verify whether the writing is correct
4. Execute the chip load key command to let the chip save the 64-bit key in the temporary storage area to the key storage area
5. Finish.
Process 2: verify the DS28E01 key
The verification key is carried out in the product application. Every time the product is started, the DS28E01 key is verified to be correct.
If the verification is passed, it runs normally. If the verification is not correct, the product will not work properly through certain means.
Procedure flow chart:
1. Read the chip ROMID
2. Generate the 64-bit key by the same algorithm as in the initialization process
3. Write an 8-byte random number to the chip temporary storage area (only 5 bytes are used), and read back to verify
4. Send encrypted authentication commands to the chip, you can read back 32 bytes of EEPROM data and 20 bytes of hash value
5. Use the data read above to generate a 55-byte digest message and perform SHA1 operations
6. Compare whether the calculated hash value is consistent with the hash value read back from the chip
.
π¦Brief introduction to DS28E01:
1) The DS28E01 communicates with the MCU through a single bus.
Not much to say about the single bus, the time is very strict and accurate to us level.
DS28E01 has four storage areas:
2) Data memory (EEPROM) (4 pages, 32 bytes per page)
Key storage (secret) (8 bytes)
Register page containing specific functions and user bytes
Volatile scratchpad (scratchpad) (8 bytes)
3) The MCU can only read and write temporary registers through a single bus, but cannot directly read and write other storage areas.
4) When writing data to the data memory, loading the initial key, or writing data to the register page, first write the data to the scratchpad, and then use the corresponding command to let the chip copy the data from the scratchpad to the destination address.
5) working principle:
There is a SHA-160 encryption module inside the chip. The 55 bytes of data in a specific format participating in the SHA algorithm,
6) These data include 8 bytes of key, 5 bytes of user-specified random number, 32 bytes of EEPROM content, 7 bytes of ROMID, 2 bytes of fixed data (0xFF) and 1 byte of EEPROM address TA1.
The MCU can read the 20-byte hash value encrypted by the chip through SHA, and compare it with the hash value calculated by the MCU itself through the same algorithm.
7) Since the MCU wants to perform the same encryption operation, or it must generate 55-byte messages that are exactly the same as inside the chip, how can it be obtained?
The 8-byte key is generated and written by itself.-> OK
The 5-byte random number is the value written into the scratchpad before the chip performs SHA.-> OK
The 32-byte EEPROM data, before reading back the 20-byte hash value, the chip will return the 32-byte content. -> OK
7 bytes ROMID, you can read the ROMID of the chip at any time.-> OK
2 bytes fixed value, see the manual to know-> OK
1 byte TA1, write it in yourself.-> OK
π¦Typical application process:
Process 1: Initialize the DS28E01 key
The initialization key is only operated at the factory before the product is produced, and only needs to be operated once.
Procedure flow chart:
1. Read the chip ROMID
2. Generate a unique 64-bit key through a certain algorithm to ensure that the key generated by each motherboard is different.
3. Write the key to the chip temporary storage area, and read back to verify whether the writing is correct
4. Execute the chip load key command to let the chip save the 64-bit key in the temporary storage area to the key storage area
5. Finish.
Process 2: verify the DS28E01 key
The verification key is carried out in the product application. Every time the product is started, the DS28E01 key is verified to be correct.
If the verification is passed, it runs normally. If the verification is not correct, the product will not work properly through certain means.
Procedure flow chart:
1. Read the chip ROMID
2. Generate the 64-bit key by the same algorithm as in the initialization process
3. Write an 8-byte random number to the chip temporary storage area (only 5 bytes are used), and read back to verify
4. Send encrypted authentication commands to the chip, you can read back 32 bytes of EEPROM data and 20 bytes of hash value
5. Use the data read above to generate a 55-byte digest message and perform SHA1 operations
6. Compare whether the calculated hash value is consistent with the hash value read back from the chip
.
π¦ The Crack method:
1) As can be seen from the above application process, the key algorithm here is SHA1, and there are two copies of the data involved in the SHA calculation. One copy is inside the chip, and we cannot read it.
2) But the other one is generated inside the MCU, so as long as the process of generating the message inside the MCU is obtained, the crack is completed.
3) The key data is an 8-byte key, because the 8-byte key is generally bound to the ROMID and CPUID,
Therefore, as long as the key generation algorithm can be analyzed from the program, the purpose of cracking can be achieved. This process is only a matter of time
written by Undercode -@Experthacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1) As can be seen from the above application process, the key algorithm here is SHA1, and there are two copies of the data involved in the SHA calculation. One copy is inside the chip, and we cannot read it.
2) But the other one is generated inside the MCU, so as long as the process of generating the message inside the MCU is obtained, the crack is completed.
3) The key data is an 8-byte key, because the 8-byte key is generally bound to the ROMID and CPUID,
Therefore, as long as the key generation algorithm can be analyzed from the program, the purpose of cracking can be achieved. This process is only a matter of time
written by Undercode -@Experthacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What to Use Port Forwarding For ?
Since port forwarding fundamentally changes the way that your network interacts with online requests, it offers many benefits and uses. You can utilize port forwarding to:
1) Connect to video game servers.
One of the most common reasons users want to enable port forwarding is so they can play their favorite online video games. Sometimes, routers will block internet traffic from gaming servers, since they see these connections as potentially unsafe. Similarly, if gamers set up their own private servers so they can play with their friends, their routers might not recognize the port numbers these servers are attached to. Port forwarding can help you and your friends connect to your favorite servers and enjoy playing together.
2) Host servers and applications for the world to view and use.
More tech-savvy users may want to set up servers and applications for their friends, family, or even internet users at large to enjoy. However, if these are linked to unfamiliar ports, your hard work might never make it past their protective routers. Port forwarding can teach routers that allowing others to visit these pages and services is safe and should be allowed.
Improve your connection speed.
3) As we described above, your router usually sorts out internet traffic to determine which requests are βsafeβ to send on to your deviceβs private IP address. In addition to being potentially error-prone and unnecessarily restrictive, the routerβs methods can take time. By setting up port forwarding, you can immediately direct online traffic to your device, speeding up your connection. This may be especially helpful for heavy bandwidth online activity, such as gaming, streaming, torrenting, or running complex applications.
4) Protect your online privacy.
The forwarding aspect of port forwarding can also be useful if you want to protect your sensitive information online. By requiring online traffic to have the right key before it can be sent to your private IP address, you can make sure that only those with both your public IP address and your port number can access your device. In addition, when paired with other techniques, port forwarding may be able to relay internet requests sent to an IP address and port to a different IP address. Setting up this kind of system could help mask your true IP address online, so you can browse more anonymously.
5) Virtually access your desktop.
If you want to use a virtual machine and host your desktop on the cloud, you may need to set up port forwarding so that you can pull your information up on whatever device you choose to access it from. With port forwarding, you can retrieve your virtual desktop from whatever private IP address stores it without your router interfering.
6) Back up your files.
Itβs a good idea to save copies of your most important files in a few different online locations. Of course, once you have these backups in place, youβll also need to be able to securely access them, ideally from any device, anywhere. By setting up port forwarding and storing a backup at your private IP address, you can make sure that you can retrieve your most important data from wherever you are, as long as you know your public IP address and the proper port number.
7) Connect with your VPN (Virtual Private Network) from afar.
If you have a VPN installed on your router at home, you may have trouble accessing its features remotely. Port forwarding can help you enjoy all the speed, privacy, and security features of your VPN while youβre out of the house by providing a fast, safe connection to your private IP address.
@UndercodeTesting > powered by wiki
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ What to Use Port Forwarding For ?
Since port forwarding fundamentally changes the way that your network interacts with online requests, it offers many benefits and uses. You can utilize port forwarding to:
1) Connect to video game servers.
One of the most common reasons users want to enable port forwarding is so they can play their favorite online video games. Sometimes, routers will block internet traffic from gaming servers, since they see these connections as potentially unsafe. Similarly, if gamers set up their own private servers so they can play with their friends, their routers might not recognize the port numbers these servers are attached to. Port forwarding can help you and your friends connect to your favorite servers and enjoy playing together.
2) Host servers and applications for the world to view and use.
More tech-savvy users may want to set up servers and applications for their friends, family, or even internet users at large to enjoy. However, if these are linked to unfamiliar ports, your hard work might never make it past their protective routers. Port forwarding can teach routers that allowing others to visit these pages and services is safe and should be allowed.
Improve your connection speed.
3) As we described above, your router usually sorts out internet traffic to determine which requests are βsafeβ to send on to your deviceβs private IP address. In addition to being potentially error-prone and unnecessarily restrictive, the routerβs methods can take time. By setting up port forwarding, you can immediately direct online traffic to your device, speeding up your connection. This may be especially helpful for heavy bandwidth online activity, such as gaming, streaming, torrenting, or running complex applications.
4) Protect your online privacy.
The forwarding aspect of port forwarding can also be useful if you want to protect your sensitive information online. By requiring online traffic to have the right key before it can be sent to your private IP address, you can make sure that only those with both your public IP address and your port number can access your device. In addition, when paired with other techniques, port forwarding may be able to relay internet requests sent to an IP address and port to a different IP address. Setting up this kind of system could help mask your true IP address online, so you can browse more anonymously.
5) Virtually access your desktop.
If you want to use a virtual machine and host your desktop on the cloud, you may need to set up port forwarding so that you can pull your information up on whatever device you choose to access it from. With port forwarding, you can retrieve your virtual desktop from whatever private IP address stores it without your router interfering.
6) Back up your files.
Itβs a good idea to save copies of your most important files in a few different online locations. Of course, once you have these backups in place, youβll also need to be able to securely access them, ideally from any device, anywhere. By setting up port forwarding and storing a backup at your private IP address, you can make sure that you can retrieve your most important data from wherever you are, as long as you know your public IP address and the proper port number.
7) Connect with your VPN (Virtual Private Network) from afar.
If you have a VPN installed on your router at home, you may have trouble accessing its features remotely. Port forwarding can help you enjoy all the speed, privacy, and security features of your VPN while youβre out of the house by providing a fast, safe connection to your private IP address.
@UndercodeTesting > powered by wiki
β β β ο½ππ»βΊπ«Δπ¬πβ β β β