Email or username:

Password:

Forgot your password?
14 posts total
q3k :blobcatcoffee:

Looks like Newag isn't satisfied with how their civil lawsuit against us in Warsaw is going - because they just filed another one, this time in Gdańsk, and from another corporate entity they manage. And to add to the pile of arbitrary accusations, this time it's about unfair competition (again) and violation of their corporate personality rights (slander?).

1. Powództwo NEWAG IP Management sp. z o.o. przeciwko Serwis Pojazdów Szynowych sp. z o.o. sp. k. w Lisim Ogonie
oraz członkom organizacji hackerskiej o nazwie „Dragon Sector” o zaprzestanie i usunięcie skutków naruszeń
majątkowych praw autorskich i czynów nieuczciwej konkurencji, stanowiące przedmiot postępowania wszczętego
w czerwcu 2024 roku i prowadzonego przez Sąd Okręgowy w Warszawie (postępowanie na wstępnym etapie, złożono
odpowiedź na pozew wraz z powództwem wzajemnym). Odbyła się pierwsza rozprawa, na której przesłuchano kilku
świadków, a strony zostały zobowiązane do wniesienia dalszych pism procesowych. Wartość przedmiotu sporu:
5.820.000 zł.

2. Powództwo NEWAG S.A. przeciwko Serwis Pojazdów Szynowych sp. z o.o. sp. k. w Lisim Ogonie oraz członkom
organizacji hackerskiej o nazwie „Dragon Sector” o zaprzestanie i usunięcie skutków naruszeń dóbr osobistych
i czynów nieuczciwej konkurencji, stanowiące przedmiot postępowania wszczętego we wrześniu 2024 roku
i prowadzonego przez Sąd Okręgowy w Gdańsku (postępowanie na wstępnym etapie, nie złożono
odpowiedzi na pozew). Wartość przedmiotu sporu: 5.100.000 zł.
q3k :blobcatcoffee:

We didn't receive the paperwork yet - we just learned about this through a post on Twitter by someone who happened to look at their executive board report for 2024H1. We'll only know what this is about once we actually receive the lawsuit. Hopefully this time they managed to use our real postal addresses.

newag.pl/wp-content/uploads/20 (page 26).

q3k :blobcatcoffee:

✅ Attend a legal hearing about train hacking
✅ Wait for defense attorney stuck in train for hours because of a railway incident
✅ Get in a road collision on the way back from the court (we're fine)

certainly one of the most days

Show previous comments
Sobex

@q3k Is there any way Newag could have engineered such a rail incident ?

Hopefully the delay doesn’t get them any advantage in court ?

q3k :blobcatcoffee:

Just two days left until the first hearing in Newag's lawsuit against us (Dragon Sector members) and SPS. It will take place on 28.08.2024 at 10:00. In case you've missed it, we're being accused of infringing upon Newag's intellectual property and unfair competition. This is, of course, bullshit and a great example of a SLAPP case.

comic sans, blue: newag
comic sans, black: we sue researchers
q3k :blobcatcoffee:

The hearing will take place in the 22nd Department of Intellectual Property at Czerniakowska 100 in Warsaw. To those interested are invited to observe on site as audience members, you can refer to the hearing number XXII GW 493/24. Of course, the hearing will be in Polish.

q3k :blobcatcoffee:

Anyone looking to hire a generalist software engineer with a knack for low-level, security and distributed systems?

I've been at my job for 5 years, built up a codebase from prototype to a working product with strong foundations. But I think I need a change of scenery now.

I feel most comfortable working with Go and Rust, but I'm flexible, as long as there's space for solid engineering practices in your org.

CV available on request, email me (q3k@q3k.org). Remote or Munich-based.

#FediHired

q3k :blobcatcoffee:

It's finally happened! NEWAG IP Management just sued us for copyright infringement and unfair competition. This is a civil lawsuit in Warsaw, parallel to a criminal investigation that's happening in Cracow.

Of course, they got our postal addresses wrong (they could've just asked!) so we only just got a copy from the court, but hey, we now have 164 pages of content to dive into.

Lawsuit front page showing defendants: Jakub Stępniewicz, Sergiusz Bazański, Michał Kowalczyk and SPS sp. z o.o.

Personal data (like national ID numbers and addresses) are redacted with black rectangles.
Show previous comments
Leszek

@q3k Have fun!
I hope you'll have the throughput to decide what can be published live, and what has to be held back until the trial.

~n

@q3k Competition? Didn’t know you were building trains too. You seem to have a lot of time for side projects :D

q3k :blobcatcoffee:

„Zainstalowane przez hackerów oprogramowanie” - jak PAP.pl kłamie o aferze z Newagiem

q3k.org/2024-06-11-pap-newag-p

To nie jest to co miałem nadzieję zapostować w najbliższym czasie w sprawie afery z Newagiem... ale tego typu kłamstwa nie powinny pozostać bez odpowiedzi.

Show previous comments
Denis W. Wychowałek

@q3k władza się zmienia, niezmienne pozostają praktyki niezależnie kto jest u władzy.

DELETED

@q3k Eee... A może PAP znowu zhakowali

q3k :blobcatcoffee:

“Software installed by hackers”- how the Polish Press Agency lies about the Newag scandal

q3k.org/2024-06-11-pap-newag-e

Whatever update I was hoping to post about the Newag scandal wasn't this - but this sort of lie has to be corrected.

Show previous comments
Leszek

@q3k Since you were named as the hackers in multiple articles related to Newag trains is this grounds for a libel lawsuit? *sips tea*

Juliet Merida (she/they) 🚝🏳️‍⚧️🏹🎯

@q3k@social.hackerspace.pl "Software installed by hackers" as in ... the people who were hired by the owners of the trains to fix them and consider themselves "hackers" by trade, not by crime?

The right to repair the things we own is so fucking important. If you can't repair it, you don't own it. You're leasing it at best.

Rens

@q3k well, if they have judged that Newag are hackers now, it might be true...

q3k :blobcatcoffee:

I would like to thank Jia Tan for authoring the best CTF challenge of the past decade.

q3k :blobcatcoffee:

I have managed to extract a list of encoded strings within the liblzma/xz backdoor payload (5.6.1):

gist.github.com/q3k/af3d93b6a1

The code has a dictionary of strings that are encoded as a prefix trie, which helps to keep things stealthy. This is eg. then used to look up symbols, eg. bd_elf_lookup_hash(..., 0x2b0, ...) means bd_elf_lookup_hash(..., "__libc_stack_end", ...). This is also why it's slow :).

This should bring us one step closer to knowing what the binary payload does.

I have managed to extract a list of encoded strings within the liblzma/xz backdoor payload (5.6.1):

gist.github.com/q3k/af3d93b6a1

The code has a dictionary of strings that are encoded as a prefix trie, which helps to keep things stealthy. This is eg. then used to look up symbols, eg. bd_elf_lookup_hash(..., 0x2b0, ...) means bd_elf_lookup_hash(..., "__libc_stack_end", ...). This is also why it's slow :).

Show previous comments
penguin42

@q3k Hmm what's the magic string 2nd from the last one?

zeno

@q3k I got too curious about what that weird string was so I did a test, seems to just "defuse" the backdoor as running sshd with it makes it exit much faster than without.

robryk

@q3k

Re the supposed killswitch: I don't get the point of a killswitch. Where would malware authors use it?

qwertyoruiopz

@q3k I could have sent you the abomination of a 30 pin uart cable I made when I was like 10 held together by cold solder joints and hot glue

Dr. Oździak

@q3k just one palet more bro they'll skyrocket in value please bro just one truckload more

Andy

@q3k "lol, what kind of idiot buys all of this left-over and obsolete shit? Let's not complain, but rather be glad that it's finally gone."

q3k :blobcatcoffee:

I can finally reveal some research I've been involved with over the past year or so.

We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties.

1/4

@mrtick@infosec.exchange in front of an Impuls.
Show previous comments
Rheristies
Incredible work, the manufacturers of this EMU endangered lives and should face the full brunt of the law for this antisocial rent-seeking
Timo Kramer

@q3k pre-installed ransomware. Any clue on the legality of incorporating such a system, either with or without disclosing it to the customer?

q3k :blobcatcoffee:

behold, a penguin

(too tired to figure out the colors now, good night)

An iPod Nano 5g showing a linux boot prompt, including penguin, but the colors are wrong.
Show previous comments
Aires

@q3k Never thought I'd see an iPod nano again, let alone Alpine running on it. 👏

StellaFoxxie :spinny_fox_nb:​

@q3k oh cool, i really want one of those for some reason, they look tasty

q3k :blobcatcoffee:

Finally put together a full writeup about wInd3x, the iPod Nano 5G bootrom vulnerability I discovered and exploited last year:

q3k.org/wInd3x.html

Logotype. Text: “wInd3x, signature-free DFU!”.

Logo is old-Apple-style silhouette of a bottle of window cleaner with an iPod connected to it. Art.
q3k :blobcatcoffee:

Warning: might contain trace amounts of ARM machine code / USB polyglots.

Go Up