Hacker Fantastic @hackerfantastic@social.hackerfraternity.org

cool-retro-term is ace.

St. Maximilian Maria Kolbe - the patron saint of Amateur Radio. He volunteered himself to die in place of another man at Auschwitz and is celebrated on August 14th. A friar, he is pictured here using his radio rig. During World War II his radio transmissions under the callsign SP3RN helped foreign allies learn of the atrocities in Poland.

Chaos Computer Club Congress this year is a browser based MMORPG https://rc3.world/rc3 (requires ticket).

Missed out on ticket? You can live-stream the talks and join Matrix chats:
DE: #rc3:fairydust.space
EN: #rc3-en:fairydust.space
Fahrplan: https://rc3.world/rc3/public_fahrplan
Live stream: https://streaming.media.ccc.de/rc3

Send your cyber friends a post card from the event! #rc3 https://rc3.c3post.de

36C3 Android app works with rC3 schedule - APK https://f-droid.org/en/packages/info.metadude.android.congress.schedule/
URL setup - https://fahrplan.events.ccc.de/rc3/2020/Fahrplan/schedule.xml

SunOS kernel mode payload, this neat little trick will form the basis of my LPE exploit's for the OS, a very short payload stub that will locate and overwrite a process privilege structure to obtain root privileges. This is the basis of how a kernel read/write exploit primitive could be used to gain root.

Using Android anbox on the pinephone, you can virtualize an Android 7.1.2 image (API 25) in an LXC container, as you can run it is as root you can use it to dynamic instrument and mitmproxy the communication on-device. It's linux so all the usual Linux dm-crypt & LUKS applies. An interesting thing I learned https://linux-sunxi.org/JTAG - this has to be the most interesting place to hack the CPU :-) insert a magic MicroSD card to get root or pop a hidden secret file system.

privacypwn pinephone

If only this worked on the latest kernel for pinebook pro, the GPU/VGA output in QEmu under KVM doesn't load post 5.5 kernels. It's the only thing so far that seems to run under QEmu that is worth hacking around on. I definitely need to find a nice virtual Win10 aarch64 platform, it's going to become more widespread and even with the x64 translation layer it's going to cause headaches for testing tools.

Built Windows 2003 from source code. Interesting to note that there are now several never-to-be-patched vulnerabilities in this OS as it reached EoL and aside from SMBv1 patches in MS17-010 many other RCE have been left in the platform and didn't get patches but have mitigations. I doubt anyone still running this applies mitigations.

ZTE Blade Vantage Z839 Emode.APK android.uid.system LPE exploit https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/zte-emode.txt

AIX 5.3L libc locale environment handling local root exploit, 0day bought to you via the letters “su” ;) https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/aix53l-libc.c

AIX 5.3L local root 0day. Happy hax0ring. https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/aix53l-lquerypv.c

SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871 - now supports 3 targets for Solaris 10 through 11 on x86. I added bind shells but any other shellcode can be swapped into the buffers place if you prefer a connect back. In the future I will add some SPARC targets, pty handler and a find socket payload. I may even add a few targets for Illumos based distributions. This issue can't be triggered on Solaris 11.1 & up nor does Solaris 9 ship vulnerable.

https://github.com/hackerhouse-opensource/exploits/blob/master/hfsunsshdx.tgz

Finally got the pinephone GTK rust starter app to build on device & pinebook. Had to use Manjaro beta phosh, it appeared like it might build on pmOS edge but definitely wouldn’t on stable. Pretty excited to write a mobile app in rust, glade opened the app UI fine and it builds the same on both devices which will make testing & developing simpler.