Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-08-2017, 14:45
chants chants is online now
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
Trove of CIA hacking tools

https://wikileaks.org/ciav7p1/

Perhaps we can maintain a thread that highlights the key articles with reverse engineering related exploits and zero day vulnerabilities. There is a huge amount of documents and unfortunately key code snippets are redacted. Nonetheless, I think a lot relevant to RE can be gleaned.
Reply With Quote
The Following 4 Users Say Thank You to chants For This Useful Post:
alekine322 (03-11-2017), niculaita (03-09-2017), tonyweb (03-08-2017), _Servil_ (03-09-2017)
  #2  
Old 03-08-2017, 17:32
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 73
Rept. Given: 0
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 146
Thanks Rcvd at 159 Times in 64 Posts
abhi93696 Reputation: 10
WARNING- DOWNLOAD AT YOUR OWN RISK!!

I was searching regarding this and found this torrent-:
Quote:
pass-: SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds
PS- I have not seen what's inside it!!So use it at your own risk!!

Regards
Reply With Quote
  #3  
Old 03-08-2017, 18:46
Kerlingen Kerlingen is offline
VIP
 
Join Date: Feb 2011
Posts: 324
Rept. Given: 0
Rept. Rcvd 276 Times in 98 Posts
Thanks Given: 0
Thanks Rcvd at 308 Times in 95 Posts
Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299 Kerlingen Reputation: 200-299
The published "leak" doesn't really contain anything interesting, just a bunch of text messages and a few PDFs. No libraries, binaries or sources are included.

I looked into a few of these messages and some of them made me really believe they were written by some business economist since no "spy" or "coder" could be that stupid.

A few examples:
  • The registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run was classified as "secret" and "don't share with foreign nationals" in the year 2014. It's not like that was public information worldwide for 20 years...
  • SHA384 must be used without truncating. I have no idea how SHA384 is supposed to do that since it is truncated per definition.
  • AES must be used with at least 256 bit. AES is only specified with a maximum of 256 bit. And what should we use as a key? A non-truncated SHA384?
  • Coders should use secure random number generators. If that is not possible, coders should use SHA256 on that weak random number in order to make it a secure random number. Did they get that information from the tabloids?
  • If some covert US spy enters a country and customs asks him what he's doing there, he should answer "I'm an engineer, I'm here for engineering stuff". No comment on that...
  • The CIA has a 3-user WinHex 16.1 license. If somebody gets access to a newer license they should share it in the CIA wiki. Seriously... ? (no WinHex license in the leak, don't ask)
  • Don't compile malware binaries in US business hours since the timestamp would allow to trace them back to the US. I'm wondering if paying for all that overtime is cheaper than telling the coders about SetFileTime.
  • In order to update their iPhone/iPad operating systems the employees must fill out a form so an admin can activate internet access for that device from the secret CIA network which isn't connected to the internet. And they're really wondering how things "leak" to the public?

Last edited by Kerlingen; 03-08-2017 at 18:55.
Reply With Quote
The Following User Says Thank You to Kerlingen For This Useful Post:
klvgen (03-08-2017)
  #4  
Old 03-08-2017, 19:20
klvgen klvgen is offline
Friend
 
Join Date: Feb 2017
Posts: 21
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 3 Times in 3 Posts
klvgen Reputation: 0
I can agree to Kerlingen, same with UAC bypass codes or code injection. Most if not all techniques are known since x years.
Reply With Quote
  #5  
Old 03-08-2017, 19:52
mcp mcp is offline
Friend
 
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
Without citing sources for you claims, your "collection" of statements is practically worthless, sorry.

Just a few less hyperbolic comments:
  • The registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run certainly wasn't classified as "secret" as you claim. The page talking about a *module* which exposes functionality to create a key in that path was. It even says that on the page "Technique Origin: Internet/open-source (Well-known)".
  • wrt SHA384 it's pretty clear that advice is to not truncate the result any further. Not that truncation may never happen in any form.
  • Same for AES. It says minimum bit length is 256 - entirely correct from a mathematical perspective.
  • It's not only about the time stamp of the executable file itself - it's also about time stamps in included files, resources or other lesser known compiler/linker artifacts that might carry time stamps with them. In general, these folks of course do care a lot about making it harder for 3rd parties to attribute anything to them. See their internal discussion about the equation group kaspersky reports.
Reply With Quote
  #6  
Old 03-08-2017, 21:35
gabri3l's Avatar
gabri3l gabri3l is offline
Parity Error 0x0FF2131D
 
Join Date: Aug 2003
Location: Eastern Shore
Posts: 118
Rept. Given: 0
Rept. Rcvd 5 Times in 1 Post
Thanks Given: 8
Thanks Rcvd at 21 Times in 10 Posts
gabri3l Reputation: 5
One interesting find is that the CIA use an internal debugging environment developed by the NSA called Ghidra. Obviously no binary included but interesting none the less.
__________________
-=RETIRED=--=http://cracking.accessroot.com=--=RETIRED=-
Reply With Quote
The Following 2 Users Say Thank You to gabri3l For This Useful Post:
kienmanowar (03-08-2017), sh3dow (03-30-2017)
  #7  
Old 03-08-2017, 23:05
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 73
Rept. Given: 0
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 146
Thanks Rcvd at 159 Times in 64 Posts
abhi93696 Reputation: 10
Yeah it doesn't contain binaries but has many interesting things!!
For eg-:CIA hackers were able to bypass the encryption implemented by most popular secure messaging apps such as Signal, WhatsApp, and Telegram. And much more....
Reply With Quote
The Following User Says Thank You to abhi93696 For This Useful Post:
Fragrance (08-30-2023)
  #8  
Old 03-09-2017, 03:47
mudlord's Avatar
mudlord mudlord is offline
Family
 
Join Date: Aug 2015
Posts: 83
Rept. Given: 11
Rept. Rcvd 69 Times in 25 Posts
Thanks Given: 37
Thanks Rcvd at 190 Times in 50 Posts
mudlord Reputation: 69
Quote:
Originally Posted by Kerlingen View Post
The CIA has a 3-user WinHex 16.1 license. If somebody gets access to a newer license they should share it in the CIA wiki. Seriously... ? (no WinHex license in the leak, don't ask)
So the CIA is allowed to violate license agreements at will because its the CIA. Fun. What truly pisses me off is they can claim its for some bullshit "national security" reason....

Last edited by mudlord; 03-09-2017 at 03:56.
Reply With Quote
The Following User Says Thank You to mudlord For This Useful Post:
abhi93696 (03-09-2017)
  #9  
Old 03-09-2017, 04:11
ionioni ionioni is offline
Friend
 
Join Date: Jul 2016
Posts: 80
Rept. Given: 8
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 92
Thanks Rcvd at 154 Times in 49 Posts
ionioni Reputation: 3
--not needed anymore--

Last edited by ionioni; 03-12-2017 at 01:24.
Reply With Quote
  #10  
Old 03-09-2017, 12:56
abhi93696 abhi93696 is offline
Friend
 
Join Date: Mar 2017
Location: India
Posts: 73
Rept. Given: 0
Rept. Rcvd 8 Times in 2 Posts
Thanks Given: 146
Thanks Rcvd at 159 Times in 64 Posts
abhi93696 Reputation: 10
Quote:
Originally Posted by mudlord View Post
So the CIA is allowed to violate license agreements at will because its the CIA. Fun. What truly pisses me off is they can claim its for some bullshit "national security" reason....
Yup! All rules r for us! & No rules for them!!
Hope they will not read this thread!
Reply With Quote
  #11  
Old 03-09-2017, 18:17
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,342
Rept. Given: 947
Rept. Rcvd 89 Times in 61 Posts
Thanks Given: 4,282
Thanks Rcvd at 479 Times in 338 Posts
niculaita Reputation: 89
more links contain fake leaks!
__________________
Decode and Conquer
Reply With Quote
The Following User Says Thank You to niculaita For This Useful Post:
m0nix (09-23-2018)
  #12  
Old 03-12-2017, 16:33
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 300
Rept. Given: 111
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 178
Thanks Rcvd at 215 Times in 92 Posts
deepzero Reputation: 64
I so hope we'll see some binaries once they got the zerodays fixed.
Reply With Quote
  #13  
Old 03-13-2017, 00:21
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 614
Rept. Given: 111
Rept. Rcvd 14 Times in 13 Posts
Thanks Given: 217
Thanks Rcvd at 238 Times in 152 Posts
bolo2002 Reputation: 14
Quote:
Originally Posted by deepzero View Post
I so hope we'll see some binaries once they got the zerodays fixed.
it would'nt be a leaks anymore,a lots of noise for nothing as usual,the recents leaks created articles but nothing usable.
__________________
I like this forum!
Reply With Quote
  #14  
Old 03-13-2017, 12:55
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 114
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 22
Thanks Rcvd at 46 Times in 31 Posts
cybercoder Reputation: 11
It's giving the alphabet agencies enough time to cover their tracks and update their stuff.. These tools will be useless once they are released..
Reply With Quote
  #15  
Old 03-13-2017, 15:16
mudlord's Avatar
mudlord mudlord is offline
Family
 
Join Date: Aug 2015
Posts: 83
Rept. Given: 11
Rept. Rcvd 69 Times in 25 Posts
Thanks Given: 37
Thanks Rcvd at 190 Times in 50 Posts
mudlord Reputation: 69
Yep, and considering the billions in government funding these agencies have...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 17:56.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )