Email or username:

Password:

Forgot your password?
All posts Rairii's posts Back to profile
4 posts total
Rairii

This string was found by @w - I have confirmed its presence in the Threads APK from apkcombo, "Threads, an Instagram app_289.0.0.68.109_apkcombo.com.apk", sha256 83a1f270aa2447f4e7310072b4d3217f9af8a03b7679b7760db03ff0bbf8e432, valid signature by "C=US, ST=California, L=Menlo Park, O=Meta Platforms Inc., OU=Meta Mobile, CN=Meta Platforms Inc." (rsa-4096 + sha-256, cert expires in 2053)

at offset 0xB7AE in assets/strings/en_GB.frsc

"Soon, you'll be able to follow and interact with people on other fediverse platforms, such as Mastodon. They can also find people on Threads using full usernames, such as <b>@%1$s</b>."

cc @FediPact

This string was found by @w - I have confirmed its presence in the Threads APK from apkcombo, "Threads, an Instagram app_289.0.0.68.109_apkcombo.com.apk", sha256 83a1f270aa2447f4e7310072b4d3217f9af8a03b7679b7760db03ff0bbf8e432, valid signature by "C=US, ST=California, L=Menlo Park, O=Meta Platforms Inc., OU=Meta Mobile, CN=Meta Platforms Inc." (rsa-4096 + sha-256, cert expires in 2053)
2 Jul 2023 at 15:46 | Open on haqueers.com
Rairii

I found the code that is used with that string, in class X.10G (my jadx renamed it to p00X.C10G). A debug string calls it "FediversePromiseViewModel", and it confirms that the threads.net domain will be the one used for activitypub (or at least webfinger).

threads.net - we have confirmation now!
2 Jul 2023 at 15:58 | Open on haqueers.com
Ariadne Conill 🐰

@Rairii @w @liaizon I still say this is an exercise to show congress they don’t need to be regulated, and all interest will wane once they have done so successfully

2 Jul 2023 at 21:21 | Open on social.treehouse.systems
MadeByPaul

@Rairii @w @FediPact bad time to bring up that the post-hardcore band I played drums for while in college was named "the threads"?
Great detective work and thank you to those who boost and share!

3 Jul 2023 at 4:35 | Open on writing.exchange
Rairii

hey look, an actually useful orange-site comment, about HP ink cartridge hardware hacking

"Put a resistor, about 1kohm, in the power line to the security chip on the cartridge.

Now, whenever the printer tries to read data from the chip, it works. Whenever it tries to record data to the chip (for example, marking the cartridge as empty), that uses more power, and the memory chip doesn't respond.

Amazingly, the whole setup just works and prints forever, saying the cartridges are always full... "

news.ycombinator.com/item?id=3

hey look, an actually useful orange-site comment, about HP ink cartridge hardware hacking

"Put a resistor, about 1kohm, in the power line to the security chip on the cartridge.

Now, whenever the printer tries to read data from the chip, it works. Whenever it tries to record data to the chip (for example, marking the cartridge as empty), that uses more power, and the memory chip doesn't respond.

28 May 2023 at 14:52 | Open on haqueers.com
Show previous comments
eri :vlpn_smol:

@Rairii That is likely the best solution for those who are encumbered with such a printer.

For those who are looking to buy a new printer, I personally enjoy Canon’s line up of ink tank printers. I’ve been using one for like, a year or two now on the ink that came in the box.

The USB interface on the printers works great on both Mac and Linux, I personally have mine plugged into a Mac that shares it to the network, but you can do the same with Linux as well.

A note on the ink tank printers is that they use up the absorber sponges faster than normal printers (due to having to flush the lines out sometimes). This part is usually non-replacable on printers, but Canon allows you to replace it for 10-20 bucks as a “maintenance cartridge” on some models. Make sure you’re buying one that takes one of those, especially if you don’t print constantly. It doesn’t need replacing often, but it’s nice to be able to do it.

Out of the models that are currently available, the G1220, G2260, and G3260 are the ones you’d want to get, depending on the features you need.

@Rairii That is likely the best solution for those who are encumbered with such a printer.

For those who are looking to buy a new printer, I personally enjoy Canon’s line up of ink tank printers. I’ve been using one for like, a year or two now on the ink that came in the box.

The USB interface on the printers works great on both Mac and Linux, I personally have mine plugged into a Mac that shares it to the network, but you can do the same with Linux as well.

28 May 2023 at 15:31 | Open on moth.zone
glasspshr

@Rairii oh that’s delicious. Too bad I turned my back on hp a long time ago

28 May 2023 at 15:58 | Open on wonkodon.com
(((Jann Gobble)))🏳️‍🌈

@Rairii Great! Now, how many of us can do this? 😉

28 May 2023 at 18:13 | Open on twit.social
Rairii

mastodon.social now has over 1 million accounts

this seems like it should be a problem

edit: i realised what the problem is. the problem is gargamel re-enabled open registrations on mastodon.social

28 Mar 2023 at 16:56 | Open on haqueers.com
Show previous comments
💜 Dr. Blight ❤️

@Rairii that sounds like a moderation nightmare TBH

28 Mar 2023 at 17:39 | Open on raru.re
Daniel Gurney

@Rairii I feel like there isn't any tangible incentive for a layperson just wanting to follow and interact with people to look for a different server than the one they first heard of (which is probably going to be mastodon.social)

28 Mar 2023 at 17:52 | Open on mastodon.gurney.dev
Connie

@Rairii mastodon.social really lacks any feeling safety i have with any other instance mostly in part with questionable moderation from what i've heard

28 Mar 2023 at 19:59 | Open on wetdry.world
Rairii

hired a surveillance cop then reacted poorly to people criticising them?

I already released (partial) VCE disassembler, which is enough for an interested reverser to keygen the <=RPi3 codec licensing algorithm.

Maybe I should just, ya know, post the serial algo code.

(fuck software patents/etc anyway)

8 Dec 2022 at 16:02 | Open on haqueers.com
Rairii

// codec licensing serial algo (<=RPi3)
// shoutouts to fabien perigaud/synacktiv. your beerump 2017 presentation slides started me on this journey.
// (sure you redacted the fun stuff, I just rediscovered it myself)
// also shoutouts to everyone involved in BCM2708 reversing!
// greetings to elites, fuckings to lamers (second category includes broadcom and rpi foundation)

??=include <stdint.h>
??=include <stdio.h>

typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;

u8 vce_data[] = {
0x54, 0x6f, 0x76, 0x6b, 0x94, 0xce, 0x1a, 0x57, 0x56, 0x51, 0x0c, 0xb2, 0x72, 0xc9, 0xc3, 0x12,
0x13, 0xbc, 0xe8, 0xd2, 0x5b, 0xa3, 0x2d, 0x2a, 0x5a, 0x62, 0x4d, 0xeb, 0x16, 0x40, 0x05, 0x87,
0xe0, 0x98, 0x39, 0xf7, 0xac, 0xc6, 0xab, 0x7c, 0xe9, 0xfb, 0x07, 0xaa, 0x29, 0xcd, 0x1d, 0x9b,
0xf6, 0x0e, 0x01, 0xbb, 0x5c, 0xfc, 0x15, 0xae, 0xd9, 0xfa, 0x9c, 0xef, 0xf1, 0x75, 0x8e, 0x70,
0x46, 0x8b, 0xb0, 0x89, 0x50, 0xaf, 0x6e, 0x67, 0x18, 0xda, 0xee, 0xd4, 0x32, 0xbe, 0x4e, 0x58,
0x5d, 0x1f, 0x4b, 0x73, 0x88, 0xc0, 0x79, 0x02, 0xde, 0x47, 0xa0, 0x43, 0x9a, 0xdb, 0xc8, 0x35,
0x95, 0x3c, 0xcc, 0x8d, 0x64, 0x2f, 0x14, 0x68, 0x00, 0x71, 0x03, 0xb9, 0xed, 0x0b, 0xf3, 0x24,
0x60, 0xb1, 0x17, 0x63, 0xdf, 0x48, 0x41, 0xa4, 0x28, 0x5e, 0x2b, 0xd8, 0xb4, 0x90, 0xba, 0x83,
0xe4, 0x08, 0xd0, 0xe2, 0xb8, 0x6a, 0x10, 0x74, 0x9f, 0x7b, 0x19, 0x38, 0x8f, 0x91, 0xd6, 0xa8,
0x27, 0x06, 0x30, 0x33, 0x61, 0x34, 0x25, 0x21, 0x53, 0xc7, 0x66, 0x23, 0xff, 0xc5, 0x80, 0x85,
0xf4, 0xd7, 0x97, 0x99, 0x55, 0xf2, 0x8c, 0x04, 0x6c, 0x4f, 0xa1, 0x36, 0x20, 0x0a, 0xe1, 0x44,
0x59, 0xcf, 0x7d, 0xb6, 0xf9, 0x0f, 0x6d, 0x11, 0x78, 0x93, 0xe5, 0x3f, 0xf0, 0x9e, 0x84, 0xd3,
0x7e, 0xbd, 0xd1, 0xf5, 0xa5, 0x81, 0x22, 0x37, 0xf8, 0x52, 0xe3, 0x5f, 0xa9, 0xca, 0xfd, 0x42,
0x7f, 0x09, 0xa2, 0x9d, 0x8a, 0xb7, 0x4a, 0xe6, 0xa6, 0x77, 0x3d, 0x1c, 0x2e, 0xcb, 0x1b, 0x69,
0xb3, 0x1e, 0xc1, 0x7a, 0x82, 0xdd, 0x2c, 0xdc, 0x49, 0xea, 0x3a, 0xe7, 0x31, 0x4c, 0xad, 0xbf,
0x0d, 0xc2, 0xc4, 0x96, 0x65, 0x26, 0xfe, 0x92, 0x86, 0x3b, 0x3e, 0xec, 0xd5, 0xb5, 0xa7, 0x45
};

??=define INLINE static inline __attribute__ ((optimize (3))) __attribute__((always_inline))

INLINE u32 GET(u32 var, u8 bits) {
return vce_data[(var >> bits) & 0xff] << bits;
}

// should probably use bitwise OR, but this is what the vce code does
INLINE u32 GET32(u32 var) {
return GET(var,24) ^ GET(var,16) ^ GET(var,8) ^ GET(var,0);
}

// vce has no rotate instructions, so it does it the long way as in C
INLINE u32 ROR(u32 var, u32 right) {
return (var >> right) ^ (var << (32 - right));
}

u32 codec_license_hash(u32 board_serial /* r1 */,u32 codec /* r2 */) {

??=define CODEC_XOR_BOARD_ROR(bits) codec ^= ROR(board_serial,bits)
??=define BOARD_XOR_CODEC_ROR(bits) board_serial ^= ROR(codec,bits)

for (u32 i = 0; i < 17; i++) {
CODEC_XOR_BOARD_ROR(1);
BOARD_XOR_CODEC_ROR(6);
CODEC_XOR_BOARD_ROR(13);
BOARD_XOR_CODEC_ROR(17);
CODEC_XOR_BOARD_ROR(21);
BOARD_XOR_CODEC_ROR(29);

board_serial = GET32(board_serial);
codec = GET32(codec);
}

??=undef CODEC_XOR_SHIFTS_BOARD
??=undef BOARD_XOR_SHIFTS_CODEC

return codec;
}

// This board serial taken from hxxps://web.archive.org/web/20221208160705/forums.raspberrypi.com/viewtopic.php?t=38901
// The person who owns the SoC with this serial burned in fuses did a nice thing and provided their own WVC1 + MPG2 keys, we can use that to verify this implementation is correct:
// decode_MPG2=0x6fd66307
// decode_WVC1=0x01a512b0
??=define BOARD_SERIAL 0x9d3e8cb1

void main() {
printf("??= VC1 key\ndecode_WVC1=0x%08x\n\n", codec_license_hash(BOARD_SERIAL, 0xf00bad34 ^ 0x57564331 /* 'WVC1' */));
printf("??= MPEG-2 key\ndecode_MPG2=0x%08x\n\n", codec_license_hash(BOARD_SERIAL, 0xf00bad34 ^ 0x4D504732 /* 'MPG2 */));
printf("??= Super-secret key ;)\n??=\n"
"??= start.elf, before booting ARM, reads bootsig key from efuses, then compares against 1/2 of 5 hardcoded keys.\n"
"??= If not equal, then this key is checked, if not correct then infinite loop + LED flash\n"
"??= (same as if 3rdsig -- ARM kernel binary HMAC signature -- verification fails)\n"
"??= As to *why* this is done, I have no idea. Bootsig key is also 128-bit HMAC key and this reduces the available\n"
"??= possible entropy for unique bootsig key (necessary for boot-time security I would think!) down to either\n"
"??= 51, 52, or 77 bits depending on what key was burned into your Pi's efuses...\n"
"decode_0001=0x%08x\n\n", codec_license_hash(BOARD_SERIAL, 0xf00bad34 ^ 0x30303031 /* '0001' */));
}

// codec licensing serial algo (<=RPi3)
// shoutouts to fabien perigaud/synacktiv. your beerump 2017 presentation slides started me on this journey.
// (sure you redacted the fun stuff, I just rediscovered it myself)
// also shoutouts to everyone involved in BCM2708 reversing!
// greetings to elites, fuckings to lamers (second category includes broadcom and rpi foundation)

8 Dec 2022 at 16:34 | Open on haqueers.com
rugk [DECT: 7845]

@Rairii uhm sorry i don't get what this is. What is that algorithm? And the RaspPi has patented it? Why? Is it secret? Was not that stuff supposed to be open-source? What is even disassembled here? And why is disassembling needed? What is even? (Reads like and thought yet another app using when first reading this.)

28 Sep 2023 at 20:26 | Open on chaos.social
Go Up