dzervas @ dzervas @lemmy.world

Posts

2

Comments

87

Joined

2 yr. ago

I knooooooow, my feeling for WebUSB/whatever are completely love/hate. I come from a security background (and hobby) but the alternative to WebUSB is horrible and implementation specific - you need to download the binary, install the correct version of the X programmer and make it kiss your debugger. It’s bad.

Also I just don’t wanna open chrom* - I do but I’d like to tell a huge fuck off

About camera blur: What I wanted to point out is the lack of some “exotic” features that firefox lacks. the blur implementation is not in chrome but in each web app - means there’s the required api to do that

But it’s niche, I don’t care that much. there’s also a py project on gh that does exactly that: blur your background and expose a fake cam. It’s not “production ready” but it’s ok

there’s a very high chance that something’s off with my profile but deleting my profile is not worth it (yet?)

Losing my history isn’t something I take lightly - at all

Tell you the truth I’m just “harvesting” anger to fix the fucking bug and fix it “properly”. I hope

I’ve never (almost?) used chrome as main for the past 15+ years

but he’ll, the last years updates are more and more unstable. Tab and browser crashes are to be expected multiple times per week (ok browser crash maybe once per week)

Also I actually miss WebUSB, WebBluetooth (I work with embedded as a hobby and it’s very convenient) and background blur (nobody wants to allow camera blur in ff, especially linux)

I’m usually on the flip side of C/C++ compilers: reversing

I tell you: MSVC is batshit crazy

do you have a name for the provider?

if you’re talking about UI/UX check out stremio. it’s groundbrakingly good

i can’t describe you how much joy your comment gave me. an (at least) anti-capitalism comment in a completely random post. i love it.

thanks for making my day

arrrrrgh 🏴‍☠️

i found out about htmx just yesterday and I was blown away. i think it’s an amazing idea, really

for small projects that you want to make in less than an eternity it should be very convenient

are these choc or x?

awesome design! love the mountainy form

ok so first of all you need to know programming. nothing crazy but you should definitely know what a “function” “loop” or “variable” is and some basic HTTP knowledge (what is an HTTP reuest, what’s a header, etc.).

now, your target is to bypass the license check. there are many ways to go about that:

• the web way: intercept the traffic between the app and the server. maybe the app tells the server “am i licensed” and the server responds “no” and if you just change that you’re golden. to intercept traffic the golden standard is “burp proxy”
• the exported function way: I’m sure that you’ve seen that all the apps that you install come with various dlls. these are “libraries” which means that they’re a bunch of functions in a package. most times they also include the name of their functions and more often than not you’ll find a “is_user_licensed” that returns a 0 or a 1. hooking that to return 1 will hand you a win
• the exe exported function way: same as the above but the function lives inside the exe. BTW exes are exactly the same as a DLL (and you can actually execute a dll or import functions from an exe!)

you can find any function that gets called and has a name (the names are called “symbols”) using frida-trace

afterwards you can write a frida script (javascript) that either replaces the entire function or append/prepend code to it. most times you want to append code that just returns a value as to not mess with the programs internals

if you have a .net app though the whole process is WAY easier as you can read all the code of the app using a decompiler - dnspyex is the gold standard

of course not all apps are that easy to crack. it’s more of a time/mind game and less of a skill one. sure, you get much more efficient and the solutions start to “smell”, but trying to crack an app that has stripped symbols (no function names) and everything is statically compiled (all the dlls are shoved into the exe to make it harder for us) can make your life much more difficult

since this is a “starter guide” i’m gonna leave anti-reverse, anti-debug and obfuscation completely out of the discussion. unless you get a moderately good grasp what the above terms mean, don’t bother

I also didn’t talk about actual reversing with a debugger/decompiler/disassembler as I think that it’s better to find out about them as-you-go. don’t start from that. it’s intimidating

Don’t get intimidated. You’ve got it. Remember that it’s not about skill (ok don’t go cracking IDA Pro or denuvo), it’s about patience and methodology As the hacker say: Try harder and happy hacking 🙂

NOTE0: ALWAYS ask chatGPT stuff. if it refuses to answer put the question in the context of “malware research” NOTE1: I think that someone somewhere may have told me that a very popular app owned by dickheads used in the 3d printing community is a very good starting point 😀 NOTE2: You’re more than welcome to ask anything - PMs or otherwise

EDIT: I forgot to mention reversing divas: since this is such a niche thing to do and you spend your life away from grass, some people involved are in the mindset of "this is not for everyone, you're stupid and you can't do it, etc". Fuckem

same with china

unfortunately I’ve not released any crack and the reason behind it is that I develop them in a way that you can read what they do (which function they hook, what do they expect and more) using https://frida.re so the crack ends being a javascript file that is run through a power shell script. so no “copy this dll” or “disable your antivirus” - super clean and you can always see what the crack does. my base is ALWAYS that you download and install the app from the manufacturer

due to that though I “can’t” release the scripts to the public as:

1. I’ll go to jail
2. the companies will start to implement anti-cracking measures as I give them exactly the way I crack their app on a silver platter

We are in the era that other than games, the companies have not yet caught up with anti-cracking techniques. I crack shit as a hobby and everything is fun and challenging until you start to mess with games. It's insanely difficult, a CONSTANT cat n mouse run and sooooo damn time consuming

I have the hobby of cracking stuff like that (but mainly windows apps to tell you the truth) and there are many-ish people out there with the same hobby. search around a bit and google stuff like "Spotify Car Thing github" or "Spotify Thing bypass" or jailbreak. Heavily rely on github and russian forums. Also random small blogs

If you're so determined though and nobody else has done it and you're fine not using it for 3+ months, there's a very slim chance that I could find the time to bypass it

EDIT: Yeap it's cracked and it's easy too

where did read it? do you have a link?

HAHAHAHAHAHAHAHHAHA

just a side note for everyone out there that uses bitwarden: you can reset your password with just your email. that means the admin can see your passwords. The only 3 upstream password managers that don't have that "feature" are 1Password, lastpass and keypass (not counting gpg-based script in bash n friends). Lastpass is obviously a mediocre solution (too many breaches), keypass isn't for everyone (UX). 1Password is a very solid solution and it has public security audits

I've got nothing with agilebits/1Password - i just use it after spending days researching (also I'm a former IT security engineer)

pffft there’s no way you draw even near enough battery to even notice any temperature change

how many hours does the battery last?

continuing my above answer: your cell should be a cheap 1C (which is just cheaper than the 3+C, not bad, it’s totally fine for your application) The C rating means “the max amperage you can draw from the battery to be safe is

<C rating>

<battery mah rating>

If your battery lasts for more than 10 hours straight that means you draw 1/10th of max amp - meaning a cool battery. In case of a 1C 2000mAh you draw 200mA

So: if your keeb lasts more than 10-15 hours you’re more probably fine as the battery is kept cool

The amount of current you draw should be super low, even for 1C batteries so the produced heat should be negligible. I would however leave some space for potential puffing and maybe somehow a small window to check (if possible)

1-2mm would be fine. if you don’t have such space, i’d personally do it but i wouldn’t recommend it