Trove of CIA hacking tools
 

https://wikileaks.org/ciav7p1/

Perhaps we can maintain a thread that highlights the key articles with reverse engineering related exploits and zero day vulnerabilities. There is a huge amount of documents and unfortunately key code snippets are redacted. Nonetheless, I think a lot relevant to RE can be gleaned.

WARNING- DOWNLOAD AT YOUR OWN RISK!!

I was searching regarding this and found this torrent-:
PS- I have not seen what's inside it!!So use it at your own risk!!

Regards

The published "leak" doesn't really contain anything interesting, just a bunch of text messages and a few PDFs. No libraries, binaries or sources are included.

I looked into a few of these messages and some of them made me really believe they were written by some business economist since no "spy" or "coder" could be that stupid.

A few examples:

• The registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run was classified as "secret" and "don't share with foreign nationals" in the year 2014. It's not like that was public information worldwide for 20 years...
• SHA384 must be used without truncating. I have no idea how SHA384 is supposed to do that since it is truncated per definition.
• AES must be used with at least 256 bit. AES is only specified with a maximum of 256 bit. And what should we use as a key? A non-truncated SHA384?
• Coders should use secure random number generators. If that is not possible, coders should use SHA256 on that weak random number in order to make it a secure random number. Did they get that information from the tabloids?
• If some covert US spy enters a country and customs asks him what he's doing there, he should answer "I'm an engineer, I'm here for engineering stuff". No comment on that... ;)
• The CIA has a 3-user WinHex 16.1 license. If somebody gets access to a newer license they should share it in the CIA wiki. Seriously... ? (no WinHex license in the leak, don't ask)
• Don't compile malware binaries in US business hours since the timestamp would allow to trace them back to the US. I'm wondering if paying for all that overtime is cheaper than telling the coders about SetFileTime.
• In order to update their iPhone/iPad operating systems the employees must fill out a form so an admin can activate internet access for that device from the secret CIA network which isn't connected to the internet. And they're really wondering how things "leak" to the public? ;)

I can agree to Kerlingen, same with UAC bypass codes or code injection. Most if not all techniques are known since x years.

Without citing sources for you claims, your "collection" of statements is practically worthless, sorry.

Just a few less hyperbolic comments:

• The registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run certainly wasn't classified as "secret" as you claim. The page talking about a *module* which exposes functionality to create a key in that path was. It even says that on the page "Technique Origin: Internet/open-source (Well-known)".
  
• wrt SHA384 it's pretty clear that advice is to not truncate the result any further. Not that truncation may never happen in any form.
  
• Same for AES. It says minimum bit length is 256 - entirely correct from a mathematical perspective.
  
• It's not only about the time stamp of the executable file itself - it's also about time stamps in included files, resources or other lesser known compiler/linker artifacts that might carry time stamps with them. In general, these folks of course do care a lot about making it harder for 3rd parties to attribute anything to them. See their internal discussion about the equation group kaspersky reports.

One interesting find is that the CIA use an internal debugging environment developed by the NSA called Ghidra. Obviously no binary included but interesting none the less.

Yeah it doesn't contain binaries but has many interesting things!!
For eg-:CIA hackers were able to bypass the encryption implemented by most popular secure messaging apps such as Signal, WhatsApp, and Telegram. And much more....

So the CIA is allowed to violate license agreements at will because its the CIA. Fun. :( What truly pisses me off is they can claim its for some bullshit "national security" reason....

--not needed anymore--

Yup! All rules r for us! & No rules for them!!
Hope they will not read this thread! :D

more links contain fake leaks!

I so hope we'll see some binaries once they got the zerodays fixed.

it would'nt be a leaks anymore,a lots of noise for nothing as usual,the recents leaks created articles but nothing usable.

It's giving the alphabet agencies enough time to cover their tracks and update their stuff.. These tools will be useless once they are released..

Yep, and considering the billions in government funding these agencies have...