User Controls
Posts by Merlin
-
2016-07-27 at 12:37 AM UTC in angular and what not for mobile appsI'm starting to look into all these libraries for mobile and desktop software seems pretty nifty, even though I know a bit of java and c++ it would take way too long to produce anything meaningful.
Besides performance what disadvantages are there? It seems many of the low level interfaces are still usable like the camera. Would I have full filesystem access to say make an app which encrypts directories? Would such a thing be hopelessly insecure if it was based on angular (or any other library)?
I kind of feel like it would be more useful to just do it right with the language which was meant to be used. On the other hand I won't ever do that in my downtime, so being able to skip a lot of the legwork is very appealing. Besides muh websites and some shitty javax swing gooeys might as well be dark arts (hue hue). -
2016-07-22 at 10:58 PM UTC in I know I'm not the only faggot here playing Pokémon go
-
2016-07-22 at 10:54 PM UTC in The retarded thread: Fuck, §m£ÂgØL made one first editionMalice what's the cane for?
-
2016-07-22 at 10:38 PM UTC in Sophie's public service announcement.I believe it. Also there were alot of sketchy details about the snowden revelations. I wonder if similar will happen with these augmented reality games. Just like nobody stopped using facebook solely because the government was spying on them, nobody will stop gaymen because the government is spying on them either.
I never played the game. How far away does someone have to be to catch a pokemon? Like hypothetically speaking, if I saw one that was located in a parking lot near an elementary school and I parked a van in the exact location and left the door open, would they have to go into the van to catch it?
You need to lure them with some pokecandy before you can poke poke. -
2016-07-22 at 10:23 PM UTC in Can we make the Thanks button a Swastika?SIEG HEIL
-
2016-07-20 at 3:42 AM UTC in brain wallet cracking
just had a look at the theory behind it - correct me if I'm wrong - a 'brainwallet' involves generating a BTC recovery seed, and keeping that seed as a means of ownership over a BTC wallet without actually storing the wallet itself.
…
I guess in terms of feasibility, it totally depends on how people are generating their keyphrases. the flaws in the system (moreover, the real flaw is relying on human input) are still there and still exploitable, but if the general userbase has moved to a more secure way of generating those phrases, you'll need to work out a new way to configure the attack (the attack itself, ie. guessing and bruteforcing keyphrases, is still viable in and of itself).
Yes exactly. Since it's ECDSA any sha256 hash can be used for the private key (idk what the standard way to generate them is, probably hashing /dev/random). And everything else can be generated from that.
After this specific piece of sofware, brainflayer, was released the main brain wallet site, brainwallet.io I think, shutdown. So I don't think anyone is still generating keys with the old school and easy to break method, but I'd bet there's a lot of forgotten wallets. A lot of the modern coin wallets still follow the concept of using words to create the key, but they source 8-12 random words and have some other more complex method of creating keys from them. Somehow those seed words are used to create as many keys as the wallet will ever use, including the wallet generating new addresses.
Also brainflayer does include some options for these fancy new schemes that still involve seed words. I haven't really investigated that, in theory it would work with the same bloom enhancement and word list you'd need to try different salts or something. -
2016-07-20 at 3:22 AM UTC in Ok guys i think phase one of my ransomware development is complete.Cool stuff. Is there a reason to use an RSA key? I think it's marginally more work to generate than just creating a random value to use as a symmetric key. I guess it doesn't really matter in the grand scheme.
-
2016-07-20 at 2:46 AM UTC in Merlin's Mega Thread!Fucking finally it works: http://niggasin.space/forum/technophiliacs-technophiles/118217-brain-wallet-cracking
-
2016-07-20 at 2:45 AM UTC in brain wallet crackingIs this still feasible? A couple years back someone released a program called brainflayer which facilitates this. There doesn't seem to be a lot of talk about it besides a more recent article this year saying it's still happening. Obviously all the one word wallets are long cracked. Would it be worth the time to try longer strings, song lyrics, famous phrases etc. Or am I too late to the game. I'll probably do it anyway since I've learned about bitcoin along the way.
Most of the early brainwallets where simply a sha256sum of some string and that was it (well that's used to generate the edcsa public key). With brainflayer you take a bunch of addresses from the blockchain, then turn that into a bloom enhancement, then you can sha256 some string and compare it against the bloom enhancement. The advantage of the bloom enhancement is that you instantly know whether the hashed value corresponds to a real address or not. From there you'd still have to check if it contained any coins.
Getting everything setup has actually been a huge pain in the balls, which makes me think maybe it hasn't been overrun with skids. Extracting all the addresses to ~2015 from the block chain took all night and produced a 14 gig file. Stripping that text file so it contained only the relevant info again took forever and f'd up my server in the process so now I have to let the raid rebuild before I can continue. And then after all that I have to create a wordlist before running the actual brainflayer program.
example:
# private key
$ echo -n "bitcoin" | sha256sum
6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b -
# turn it into an address
[greentext]>>> privtoaddr('6b88c087247aa2f07ee1c5956b8e1a9f4c7f892a70e324f1bb3d161e05ca107b')[/greentext]
'1E984zyYbNmeuumzEdqT8VSL8QGJi3byAD'
Looking that up on the blockchain:
Total Received 0.16922077 BTC -
2016-07-20 at 2:22 AM UTC in Merlin's Mega Thread!niggers
-
2016-07-19 at 1:37 AM UTC in The retarded thread: Fuck, §m£ÂgØL made one first editionI can't make new threads:
That action could not be completed. Please try again, and if this occurs again please contact the system administrator and tell them how you got this message.
It's been awhile, am I supposed to do something special?
-
2016-07-19 at 1:31 AM UTC in Best security for my laptopHow you connect to the internet is probably the most important. If you fuck that up having your drive encrypted is the second most important.
Look at how other people have got busted:
DPR: bad opsec, got distracted by a couple fighting in the library, and probably other shit since they tracked him to the library
Daniel Rigmaiden: used a mobile hotspot but was busted with a stingray, didn't use tor afaik.
I also wouldn't trust vpn services to have your back or to be truthful about "absolutely no logs, promise".
And I wouldn't rely on tor:
https://news.ycombinator.com/item?id=12114069
Sounds like one of the main guys may be under subpoena and gag order, and lot's of people manage to get busted from it, I think it's always been javascript though.
Some infosec people say to hack a chinese windows xp box that you found with shodan or censys.io. Don't know how good an idea that is, they might be honey pots.
Really it depends how paranoid you want to be. And after all an IP address is not a person, but nobody wants to put that to the test of course. -
2016-07-19 at 1:14 AM UTC in I need to step up my Bash game.
Sorry the shebang line was a typo. Also good point about the dollar sign, I know some bash, but it's been ages since i wrote a shellscript. I'm much better with python TBH.
Yeah bash syntax always feels off. It's a good brain exercise to switch around I guess. -
2016-07-19 at 12:37 AM UTC in I need to step up my Bash game.Also Lanny plz halp, I can't make a new thread:
That action could not be completed. Please try again, and if this occurs again please contact the system administrator and tell them how you got this message.
-
2016-07-19 at 12:33 AM UTC in I need to step up my Bash game.
See the comments "# !!", I don't have clzip, but I assume that portion will work. You fucked up a bunch of basics, but good on the find and xargs stuff I never keep that straight.
#!/bin/bash
# !! nigga it's hash bang not bang hash
# !! don't use $ when assigning
dir="/home/backup/tmp"
echo "Move files?"
read -p 'Y/n? : ' choice
if [ "$choice" == "Y" ]
then
# !! make parent dirs too
mkdir -p /home/backup/tmp
# !! remove backtick (don't know if this matters) and quote the find string (you sick fuck)
sudo find / -name 'cp.*' >> /tmp/bla.txt
# !! don't use $ when assigning and use quotes
list='/tmp/bla.txt'
# you already mv'ed everything in list, just rm $list
cat $list | xargs -I % bash -c 'mv % -t /home/backup/tmp' && rm -f $list;
cd $dir
for i in $dir
do `clzip --fast`
done
exit 1
else
echo "Exiting..."
exit 0
fi -
2016-07-18 at 11:58 PM UTC in I need to step up my Bash game.Does /home/backup exist? If not use mkdir -p
-
2015-12-04 at 3:56 AM UTC in Some advanced bash scripting.Oh yeah it should redirect fine, the only problem I can see is if you needed ">" to be the parameter itself.
-
2015-12-04 at 3:54 AM UTC in Some advanced bash scripting.You will hate yourself if you use bash, just a warning.
I'd do it like this:
Read in the entire file to a variable (assuming it's not too large), then split by newline - saving each line to a dynamically created variable or hash list or regular list. You'll know you have reached the end when there are no more newlines. Then use system calls for the curl stuff, manipulate it etc.
Also you can call php from the command line, hell I think you can even call it like "./myPhpScript", same with javascript. You can write php and js scripts without intending on using it for the web. -
2015-11-22 at 12:14 AM UTC in My SetupThe standard way of cracking wpa is to capture the handshake and then crack that offline, never done this, I think it would take more than a few hours. A lot of routers have wps enabled and people either don't disable it or the router won't let them (even if they think they have). If you use reaver with the "pixie dust" parameter or some shit (it's been a minute I forget exactly) you can crack wpa in a matter of minutes (under ideal conditions, and having wps is an absolute must) or a matter of a few hours. No idea what the pixie dust thing does, but just because it is wpa doesn't mean it can't be broken as easily as wep. Newer routers will timeout after a set amount of failed attempts, so this is pretty limited.
-
2015-10-12 at 1:37 AM UTC in An Alternate InternetI don't see why anything would have to move away from Tor. I2p is cool, but when you use it it's obvious there are way fewer users, it's hard to find anything at all. I'm not totally sure how i2p differs from tor, besides that the users participate in the internal routing, but torrenting is encouraged which is cool. Tor has the advantage of being really easy to use, just download the tor browser, i2p is a major pain in the balls and you have to wait a few minutes to find peers before anything will work. Don't even get me started how tails doesn't automatically include i2p because of bullshit security reasons, but they default to allowing javascript - kind of sketch in my opinion.