Re: USA 2020 Elections: Thread

Biden Admits Fraud Joe Biden Tuesday evening delivered remarks at a holiday celebration for the Democrat National Committee. Biden put the Republicans on notice: “Now we look at 2022. I want to tell my Republican friends, get ready bal, you’re in for a problem.” Then Joe Stalin Biden said the qu

Re: [tor-relays] Responding to Tor censorship in Russia

> How can you know the extent of possibilities, the wrongness of > plans, when you cannot see, read, discuss or post such things, > because this list is censored, not least from embarassing topics, > just like Russia does. Shame. > > "Tor Stinks -- NSA" As you can see by consulting the list arch

GRAMPS garbage scow deliveries - he's like the Sean Hannity of cypherpunks

Fox News’ Sean Hannity Lands Interview With WikiLeaks Founder Julian Assange https://variety.com/2017/tv/news/sean-hannity-julian-assange-fox-news-interview-1201951057/ Jesus Fucking Christie  - what a smell!

Laura Ingrahams insinuations and innuendo

Laura Ingraham's suggestions that some Antifa may have kickstarted the Jan 6 Capitol rumpus appear to be a sound and well-founded as , well. . . Zeynep Aydogan's unmasking of an alleged agent on the cypherpunks list.

I looked up Zeynep Aydogan and it said " See Laura Ingraham " .

LAURA INGRAHAM (HOST): So getting back to Seth Rich. Julian Assange suggested in a sit-down interview, remember Assange is -- he's basically on the run. He's living in an embassy because he can't -- they'll throw him in jail if he -- with an interview with this Dutch television reporter in this

Re: Turkish nationalist hates Arabs, Jews & women

Don't sweat the coder-morons - like Karl -  and the ratfuckers, Z https://www.google.com/search?q=roger+stone+London&client=opera&hs=oG6&source=lnms&tbm=isch&sa=X&ved=2ahUKEwi_q7ikjeX0AhW3_XMBHdaKCkkQ_AUoAnoECAEQBA&biw=911&bih=439&dpr=1.5#imgrc=P-Si-0aUL3X1_M

ASSMANGE was cosy as lice with Hannity, Ingraham and Don Jnr

Maybe his supporters here can explain how it was that these FOX hosts and a relative directly linked to their hero thought they had a direct line to advise POTUS Dumbfuck? Once is accident - twice is coincidence - THREE TIMES IS ENEMY ACTION!

Re: Cypherpunk Guild

You might recall that I've proposed an alternate anonymization network, perhaps based on Raspberry Pi computers, analogous to TOR.It could be hosted by ordinary people, or small businesses.  Perhaps all outputs would be encrypted, at least enough so that everyone could act as an output node: even i

Re: Turkish nationalist hates Arabs, Jews & women

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ‐‐‐ Original Message ‐‐‐ On Tuesday, December 14, 2021 8:35 PM, zeynepaydogan wrote: > ... don't sweat the rat fuckers, zeyne. they simply have bad taste :P cypherpunks always write code : reifying into reality... best regards! -

Re: " I love Wikileaks! " Donald Dumbfuck is well on his way to Club Fed

‐‐‐ Original Message ‐‐‐ On Wednesday, December 15, 2021 1:57 AM, professor rat pro2...@yahoo.com.au wrote: > Belmarsh Donny for the Graybar Hotel > Donald Trump is already under state-level criminal investigation in three > jurisdictions (Manhattan, Fulton County, Westchester), two of w

Anarchism decrypted

" . . . following Joseph Proudhon, “anarchists around the world began creating a theory and practice that was diverse yet centered around some basic points of agreement: (1) opposition to hierarchy, (2) decentralization [of state authority], (3) a commitment to freedom and autonomy, and (4) an o

" I love Wikileaks! " Donald Dumbfuck is well on his way to Club Fed

Belmarsh Donny for the Graybar Hotel Donald Trump is already under state-level criminal investigation in three jurisdictions (Manhattan, Fulton County, Westchester), two of which have already reached the grand jury stage, one of which has already begun indicting Trump’s company and underlings

KGB-Wikileaks-backed dictatorship at work

Belarus sentences opposition leader’s husband to 18 years in jail Sydney Morning Herald 9 hours ago Belarus jails opposition leader’s husband Syarhei Tsikhanouski for 18 years in ‘revenge’ verdict ABC News 4 hours ago https://reason.com/2010/12/14/the-assange-employees/

Re: Turkish nationalist hates Arabs, Jews & women

Thank you for your hatred. It's nice that an agent hates me. I also brush my teeth regularly. But as I recall, your whiskers were yellow.LOL. but maybe you should cut back on the storytelling and smoke Açık Sal, Ara 14, 2021 23:24, professor rat yazdı: > Zeynep Aydogan is a tiresome Wikileaks

What Information the FBI Can Obtain from Encrypted Messaging Apps

What Information the FBI Can Obtain from Encrypted Messaging Apps https://www.justsecurity.org/79549/we-now-know-what-information-the-fbi-can-obtain-from-encrypted-messaging-apps/ Fucking Bungling Idiots

FOX news - We report to Hillbilly dictator, Donald Trump - he decides

FOX news - We report to the fascist scumbag dumbfuck dictator, Donald Trump - he decides atrupar - 1h Fox News finally briefly covered Don Jr’s texts to Meadows, but omitted mention of the ones from their own anchors

Turkish nationalist hates Arabs, Jews & women

Zeynep Aydogan is a tiresome Wikileaks deadender who now lies through her rotten teeth about the Arab Spring.  Such depraved fascist scumbags are the enemies of all anarchists.  But you knew that.

Re: [spam][crazy] bomb malware

it was pleasant to add those bits we'll see whether and how this continues i have appointments and things today now

Re: [spam][crazy] bomb malware

> 08048169 83 e4 f0ANDESP,0xfff0 > > $ecx is $esp before being aligned to 16 bytes. 0xfff0 would be 8 bytes i suppose, not 16

Re: [spam][crazy] bomb malware

param_2 is edx which is 0 that's the first three pushed values then the function pointers, two of them ecx here is 0xc944. I type `p *$ecx` into gdb and see it's a valid dereferencable pointer. wonder where this came from. glancing up at the entrypoint assembly 08048167 89 e1

Re: [spam][crazy] bomb malware

i type 'run' into gdb to restart from the entrypoint param_1 is eax which is 0 esp=>local_8 is just plain esp.

Re: [spam][crazy] bomb malware

Here's where the entrypoint hands off control. It pushes function addresses and registers. It's rare for function addresses to be passed to other functions in mainstream code. In gdb, we can see what values all these parameters and registers have. 0804816c 50 PUSH par

Cypherpunk Guild

My friends at the NEAR Cypherpunk Guild are keenly looking for cypherpunk-oriented development that, ideally, also promotes NEAR. Both grants and investments are possible. If you are a developer and have a cypherp

Re: [spam][crazy] bomb malware

The first thing I notice here is that the function takes a _lot_ of parameters. This is more poignant because it makes the assembly complex, but back in the entrypoint we saw what values were passed for each one of these parameters. **

Re: [spam][crazy] bomb malware

so let's go back to ghidra, which probably has a debugger of its own even somewhere, and guess what this function will be doing before we step further through it.

Re: [spam][crazy] bomb malware

here it is after 'si'. something to remember when doing this is that it is a very old practice for binaries like this to detect whether or not they are being run in a conventional debugger. so this approach can only get you so far (and is very risky). ┌─Register group: general───

Re: [spam][crazy] bomb malware

here i've repeatedly typed 'ni' to move it to the function call that initiates the mysterious behavior of the malware. you don't have to type 'ni' over and over again, gdb will assume you meant to type the same thing again if you just hit 'enter'. here, we don't want to type 'ni'. we'll type 'si

Re: [spam][crazy] bomb malware

here it is skinny enough to see i don't usually use these views but they're fastest to find people reminding you of the commands to enable online ('layout asm', 'layout regs') up at the top are the registers of the process. the 'working memory'. they're lowercase now, instead of uppercase. then

Re: [spam][crazy] bomb malware

this is what a gdb reg/asm layout looks like when copy-pasted into an email ┌─Register group: general┐ │eax0x0 0 │ │ecx0x0 0 │ │ed

Re: [spam][crazy] bomb malware

I found this command from the web: (gdb) info file Symbols from "/media/3/pkg/ghidra-projects/Log4J Malware/Mirai/776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00". Local exec file: `/media/3/pkg/ghidra-projects/Log4J Malware/Mirai/776c341504769aa67af7efc5acc66c338dab5684a85

Re: [spam][crazy] bomb malware

people always say you should push your edge, challenge your fears! i'll be running it with a debugger so that it doesn't go too far. if you aren't a crazed homeless software developer, you'll want to have a vm or a dedicated offline system for something like this. $ gdb 776c341504769aa67af7efc5a

Re: [spam][crazy] bomb malware

i'm destabilising here. sounds like you want a quick summary of these binaries. a researcher for an antivirus group would likely have that. i'm not one, so i'm a lot slower. i really enjoy this work, it's very rare for me to be able to do something like this.

Re: [spam][crazy] bomb malware

i'm just gonna run the binary. i bet that idea is part of some of my fears.

Re: [spam][crazy] bomb malware

on with FUN_0804d23f !

Re: [spam][crazy] bomb malware

we could skip all the details and try to profile more attributes of the binaries.

Re: [spam][crazy] bomb malware

The function called from the entrypoint is FUN_0804d23f . It's bigger.

Re: [spam][crazy] bomb malware

i'm seeing that pattern, with the skipped code calling a void pointer, elsewhere in the code. for something confusing like that, it's clearest to watch the system execute to see what is important. so it would make sense to move to code that i can run. this function is passed as a pointer in the

Re: [spam][crazy] bomb malware

// dereference the pointer and move the discovered value into EDX. // ghidra here is reminding us that PTR_DAT_0804e024 in EAX points to DAT_0804e00c // and if one of those values is renamed in the interface, it will update the name everywhere 080480e0 8b 10 MOVEDX,dword p

Re: [spam][crazy] bomb malware

There are a handful of different ways to notate assembly code. Luckily, I stumbled on what appears to be the same one. https://www.cs.virginia.edu/~evans/cs216/guides/x86.html#memory Some examples of mov instructions using address computations are: mov eax, [ebx] ; Move the 4 bytes in memory at

Re: [spam][crazy] bomb malware

// call EDX as a function. EDX is the 4th 32-bit register, i.e. cpu working-memory. 080480d9 ff d2 CALL EDX // this is where the jump statement from 080480cd ends up. So, this is the start of the while loop, and the code immediately above isn't executed until this is.

Re: [spam][crazy] bomb malware

// this next line is 080480d1 . this line is jumped to (referenced XREF (j)) from 080480e4 LAB_080480d1 XREF[1]: 080480e4(j) // add 4 to the first active value (EAX is the first 32-bit register, the working memory of a cpu) 080480d1 83 c0 04AD

Re: [spam][crazy] bomb malware

so let's go through that chunk by chunk // function prolog, set up a C-style function 080480c0 55 PUSH EBP 080480c1 89 e5 MOVEBP,ESP 080480c3 83 ec 08SUBESP,0x8 // compare the flag with 0 (false) 080480c6 80 3d 8

Re: [spam][crazy] bomb malware

I'm looking at this autogenerated ghidra decompilation. I labeled the flag as a bool. PTR_DAT_0804e024 contains the address of DAT_0804e00c which contains void at start. The logic here is a little confusing. I'm trying to put comments inline below. void FUN_080480c0(void) { code *pcVar1;

Re: [spam][crazy] bomb malware

i wrote a lot more and my system froze quite thoroughly and i rebooted it

Fwd: [tiactivism] Havana Syndrome Equality Act

I haven't reviewed this but I infer some would be interested. -- Forwarded message -- From: "Jane M via groups.io" Date: Thu, 2 Dec 2021 22:00:52 + (UTC) Subject: [tiactivism] Havana Syndrome Equality Act https://www.ipetitions.com/petition/havana-syndrome-equality-act HAV

Re: [spam][crazy] bomb malware

> while over them and end up hitting 'F' to reanalyse them as functions. in ida pro one hits 'P' to do this

Re: [spam][crazy] bomb malware

I didn't end up including comments. the LAB_* references pushed onto the stack (to be passed to FUN_0804d23f) are function pointers. I click on them or hit enter while over them and end up hitting 'F' to reanalyse them as functions. I can tell they are functions because the instructions at their

Re: [spam][crazy] bomb malware

fork situation resolved i've loaded the mirai binary into the ghidra analyser. Here's how ghidra displays the mirai entrypoint. Comments from me are preceded by "//" inline. ** * *

Re: [spam][crazy] bomb malware

i found where i had ghidra downloaded, and booted it up again. i'd like to find the entrypoint to the mirai binary i have a fork in a food container that has shattered. i'll leave this system to replace it. i don't want to accidentally eat a fork fragment in food in the container in a few days

Re: [spam][crazy] bomb malware

Mirai/776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped Mirai/3f6120ca0ff7cf6389ce392d4018a5e40b131a083b071187bf54c900e2edad26.sh ASCII shell script, with CRLF line terminators, indicating

Re: [spam][crazy] bomb malware

this was incredibly helpful for me. working with this malware. i am just going to go back to it and poke around.

Re: GovCorp conspiracy theory fails again

> such as? constant bandwidth onion routing? were you not here for the discussions of anonymity improvements to replace tor that happened over the years? i've lost most of my references to that stuff i'm afraid, but it would be good to find where it is now

KGB Russia calls for more education on Climategate

Straight out the Pooter KGB Russia calls for more education on Climategate https://www.google.com/search?q=climategate+assange&client=opera&hs=69S&source=lnms&tbm=isch&sa=X&ved=2ahUKEwic9aiZheP0AhUC8XMBHZ4mBUkQ_AUoAnoECAEQBA&biw=1366&bih=650&dpr=1#imgrc=LPmDksMI4emMiM

Re: Coronavirus: Thread

Elites Double Down On COVID Quagmire Despite Obvious Signs Of Failure https://dossier.substack.com/p/the-war-on-a-virus-has-resulted-in https://twitter.com/USMortality/status/1466444104682901506 https://twitter.com/nycgov/status/1467857327076388867 https://twitter.com/Lyndonx/status/1467561771972

Re: USA 2020 Elections: Thread

> Bidenomics, Democrats failed at maths, > and Constitution class ... Income taxes were never constitutional, the government just voted itself more power. Now people like Angry Joe Biden just rob you. And arm twist their subservient fake news media with propaganda items. The High Price Of Bideno

Re: Coronavirus: Thread

Unconstitutional Idiot Joe Biden's Mass Worker Firings Now Causing Massive Nationwide Embarassment As Hospital Worker Shortage and ER Bed Care Etc Shutdowns... https://www.wsj.com/articles/some-hospitals-drop-covid-19-vaccine-mandates-to-ease-labor-shortages-11639396806 https://www.wsj.com/articl