| github | https://github.com/spahan |
| Matrix | @hanfi:milliways.info |
| CCC/GPN/etc | Dect 2622 |
Irgendwie fehlt mir ein simples umgangssprachliches Verb für *etwas mit KI generieren". Mir ist vor allem wichtig, dass dabei sprachlich die Verantwortung für das Ergebnis beim Menschen verortet ist.
Ich schlage vor: etwas aus der KI ziehen
Positiv verwendbar (wichtig, damit die Bereitschaft zur Transparenz steigt): "Guck mal, was ich aus der KI gezogen habe!"
Ablehnend verwendbar: "Hast du den Quatsch aus einer KI gezogen?"
Erklärend verwendbar: "Wenn du das nächste Mal etwas aus einer KI ziehst, musst du es prüfen, ehe du es glaubst/verbreitest/whatever."
About 1.5 years ago my friend was (falsely) accused of terrorism.
All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).
Of course police didn’t find any evidence. Culprit that impersonated my friend (and many others) got arrested recently (article in Polish).
Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.
Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.
My crime is that of curiosity
As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.
Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.
If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.
Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:
Rough execution flow:
Ondřej Surý
reticuleena
Leena Simon
ᴮᵉⁿ ᴿᵒʸᶜᵉVOTE IN THE PRIMARIES
elly1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules (hid_steam, hid_apple, hid_prodikeys, hid_logitech_hidpp, hid_magicmouse, hid_aksys and tries to exploit quirks)
4. Module 'hid_aksys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
- /data/local/tmp/chrome-command-line
- /data/local/tmp/android-webview-command-line
- /data/local/tmp/webview-command-line
- /data/local/tmp/content-shell-command-line
- /data/local/tmp/frida-server-16.1.4-android-arm64
- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)
Have fun!
Randall Munroe's #XKCD comic has the power to make you laugh, to make you think ... and sometimes to make you cry. For the right reasons.
Wishing another fifteen (and many more) to Randall Munroe, his wife (name unknown but it's not Megan), and everyone else. #FuckCancer
The Python Software Foundation shows more spine than every single tech giant in just one single decision.
> Diversity, equity, and inclusion are core to the PSF’s values
https://pyfound.blogspot.com/2025/10/NSF-funding-statement.html
Flippin' 'eck, Tucker!
daniel:// stenberg://
niconiconi