Hacking Amazon’s oppressive OTP two-factor authentication

I am a vagabond. Last year without trying I lived in 8-9 countries. I use multiple sim cards.

I am also a manufacturer and third party seller on Amazon. I know and work with a lot of people around the world. My friends think my life is easy. It’s wonderful, it’s terrifying, it’s challenging, but it’s anything but easy. They think this because they settle. Shame on them, jealous bastards.

Back to the point: Amazon prompted me to activate OTP when I was in Brazil, so my authentication code comes to that number, but I moved several times and lost the Brazilian sim card.

I called Amazon, and they laughed at me. They wouldn’t help me.

I have over $100,000 in inventory sitting in a US warehouse. Without OTP I cannot log into my account and restock. The games are popular. (Check out DollTV.com to see them. This is not a gratuitous plug. Click on the links to Amazon, and you’ll see two of three of our games sold out.)

I have contacted Amazon repeatedly about this. I even set up a second account, yet they refuse to accept my passport, my bank statement, or any other document that proves who I am and have blocked that account, too.

Amazon is sick. Really sick.

I need a hacker to circumvent their bullshit. (Funny. BS Button Game® is one of our most popular.)

Any takers? I’m under surveillance, and I have nothing to lose.

Apple has blocked my account; Wells Fargo has, too.

I have quite a story.

The Indonesian government is not enforcing immigration laws during the bullshit Covid pandemic. I can live here forever. I know movers and shakers in this country.

You want my social security number? My blood type? (Covid regulations probably got yours. The Patriot Act insured that ALL your web browsing activity is government property. Just like “destroyed” merchandise in Amazon for third party sellers. “Destroyed” means it becomes Amazon’s property. You don’t think AWS is managed by Amazon to cripple some people presumed to be guilty of imagined crimes, you don’t think Amazon and Big Tech doesn’t collude with Big Federal/Worldwide Government to monkey with your lives? I’m living proof of it.

I so want to sell my games and take down these tyrants.

Any takers? I’ll collude with Russians. I’ll work with Chinese. I invite Indians to help. I know you guys are all brilliant.

I’ll tell you what I know.

Join me.

Can someone hack people in bulk with SMS RELAY hacking?

As it is not hard to interpret other people’s SMS with targeted attack, is it also possible that someone made a tool that can hack SMS’s in bulk? let me explain theoretical routes:

  1. Use a Relay Antenna with strong signal, to cause all nearby mobile devices to be switched to your fake Relay.

  2. Track all recipient numbers (depending the incoming SMS/logs) and record all those numbers.

  3. Use public libraries (there are plenty of dump infos, i.e. HaveIbeenPawned or alike) to find the holders for those numbers, or even just try out all those numbers if they have accounts on FB/GOOGLE/Bank accounts, etc

  4. With automated bot (for each of the catched number) try to recovery access for all those listed websites.

Is that theoretically possible, or hackers even already possess such tools? Any evidence?

Hacking a new OS

Imagine you are given a brand new OS, how would you try to hack it and why that particular place? You can target any particular component of course if you want.

data sets – Hacking a BLE Device

Ok, I’m a techie but not a codie. I have a very simple, and small device manufactured by Company A. The device is an accelerometer that reads the angle and speed of whatever it is attached to. It then sends that data to an iPhone App. What I want to do, is use data the accelerometer collects and send it to my PC (not the iphone) at which point the data will be used in a separate, unrelated software.

Here’s the problem: I can’t get the Bluetooth device to connect to my windows 10 PC. It shows up as a device but will not pair successfully.

How can I get this device to pair to my windows PC? Is it not pairing because it’s programmed to interact with iOS and therefore not compatible with PC? I can’t imagine that being the case since it’s just Bluetooth transmission.

Thanks,
Jake

hacking – Are hacked bitcoins spendable?

Your question indicates certain misconceptions about what Bitcoin is. I would advice you to take an afternoon to read the Bitcoin whitepaper, learn from other sources and understand as much as possible. It is possible to know what Bitcoins truly are without great technical knowledge. (Bitcoin transactions can only be made with the owner’s private key. A “theft” usually means performing a transaction towards a thief’s address, by manipulation of software or persons or obtaining other people’s private keys.)

They can be spent just like any other Bitcoin. The only thing is that you can trace every Bitcoin, and therefore know it has been partially stolen Bitcoin. This is called “Taint”.

A tainted Bitcoin could be considered less valuable as it would not be accepted everywhere and spending them at “legal” institutions would give a lead towards the thief. Buying stolen goods is illegal in most countries, stolen Bitcoin would count too.

If the Bitcoin community agrees on no longer accepting stolen coins they could even become practically worthless, the risk of arrest for theft and the low value or spendability of coins would be complicating.

The problem is that “theft” is a political issue, just like ownership. Some nations might not consider a hack a theft, and certain Bitcoiners definitely think so too ;). Who would be the judge in discriminating a stolen from an unstolen Bitcoin?

Then there’s the fact that someone might have accepted Bitcoins not knowing they were stolen, or even whom they’re really from. Or accepting them before it was decided they were stolen. Similarly to counterfeit money. This means that Bitcoins once stolen, are not per definition “stolen” or “illegally accepted” now. Certain Bitcoin laundry services are available to attempt to disturb the usual tracebility.

Overall I would say that a thief would have to be very careful not to expose him/her self. An effective laundry service could help him/her with that. But the coin is still the coin, and can still be spent.

Please let me know if this answered your question. Comment if you are unsure of something.

disk encryption – Is a BIOS password enough to prevent someone from hacking into my laptop if they have physical access?

Would my laptop be secure if i set up a bios password and full disk encryption? And someone has physical access to it?

If not then is there any way to secure your laptop from someone with physical access?

How hard would it be to hack into such a laptop? How long would it take? What methods would be used? Does it matter if the hacker is on his own or if it is a government agency?

encryption – How Wifi prevent hacking in the same network(cell)? (No matter WPA2)

We all know that the client device and WiFi AP will perform the 4 way handshake to generate the session key (PTK). Here is the recap of the 4 way handshake.

1.Client device<—–ANonce—–WiFi AP

2.Client device——SNonce—->WiFi AP

3.Client device<–Install PTK—WiFi AP

4.Client device——–OK——->WiFi AP

I understand why Anonce and Snonce has to share to each other, they need to create a Initialization vector to increase the randomization of the PTK. PTK is actually the session key.

PTK=PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

My problem is that all those components here can be sniffed by another client device in the same network who share the same PMK(pre-shared key).
Mac address of AP is no secret, mac address of another device in the same network can be sniffed too.
Anonce and Snonce can be captured, the only problem is to distinguish it is nonce, but anyway it can be done.
PMK is shared to all the member.

so…

We all know wpa-psk is vulnerable but it should not be that vulnerable. Even no need to do brutte force!!!!!!
I believe i must miss some concept. Hoped someone can help

hacking – Guess current date/time on remote server

I want to know the current date/time of a remote server.
I do not have any access on this server.

This server expose OpenSSH (port 22) and apache2 (port 80)

Is there a fingerprint technique that can reveal current timestamp on this 2 services ?

Thanks

javascript – Fallout Hacking Minigame

I made the UI for the hacking minigame from the Fallout series. Could I get some feedback on the main Game.js component? It’s my first React app.

Try it here: https://eacdev.github.io/fallout-hacking-game/

Code: https://github.com/eacdev/fallout-hacking-game/blob/master/src/components/Game.js

Game.js

import React from "react";

import CharacterSequence from "./CharacterSequence";

function Game() {
  let nbAttempsLeft = 3;

  let characters = "./@.!@#$%^&*()-=+><,(){}";
  let words = ("STORY", "SYNOPSIS", "THE", "PLAYER", "CHARACTER", "STUMBLES", "IRRADIATED", "PRESSURE", "ABILITY");

  /**
   * Generates a string from filler characters. Ex: "*.!++}/.,.#^"
   * @param {*} characters the characters to randomly choose from
   * @param {*} length the length of the filler string
   */
  function generateFiller(characters, length) {
    let filler = "";

    for (let i = 0; i < length; i++) {
      filler += characters.charAt(Math.floor(Math.random() * characters.length));
    }

    return filler;
  }

  /**
   * Each row is preceded by 0x${HEXCODE}.
   * @param {*} hexStart the decimal number to use as a starting point.
   * @param {*} i number of times to multiply increment by.
   * @param {*} increment the increment to use when adding to hexStart.
   */
  function generateHex(hexStart, i, increment) {
    // Each row has a HEX identifier which starts at 61623 (decimal) and increases by 12 every row.
    // Ex: 0xF0B7, 0xF0C3, etc.
    const hex = `0x${(hexStart + increment * i).toString(16).toLocaleUpperCase()}`;

    return hex;
  }

  /**
   * Generates an array of sequences in the Fallout terminal format.
   * Ex: 0xEF8B %^ABILITY/.}
   * @param {*} amount how many sequences to put in the array.
   */
  function generateSequences(amount) {
    let sequences = ();

    for (let i = 0; i < amount; i++) {
      let sequence = `${generateHex(61323, i, 12)} ${generateFiller(characters, 12)}`;
      sequences.push(sequence);
    }

    return sequences;
  }

  /**
   * Randomly adds words from a word list to an array of sequences.
   * @param {*} sequences the array of sequences to add words to.
   * @param {*} words the word list to choose from.
   * @param {*} amount the amount of words to add in the sequences array.
   */
  function addWords(sequences, words, amount) {
    const lengthOfHex = 7;

    for (let i = 0; i < amount; i++) {
      // Choose a word in the word list and remove it after (prevent duplicates).
      let wordIndex = Math.floor(Math.random() * words.length);
      let word = words(wordIndex);
      words.splice(wordIndex, 1);

      // Choose a random number that will determine where the word starts in the sequence.
      // (12 - word.length) is the remaining spaces for filler characters.
      let wordStart = Math.floor(Math.random() * (12 - word.length));

      // Choose a random sequence to add a word to. TODO: Prevent duplicates.
      let index = Math.floor(Math.random() * sequences.length);
      sequences(index) = sequences(index).substr(0, wordStart + lengthOfHex) + word + sequences(index).substr(wordStart + word.length + lengthOfHex);
    }
  }

  let sequences = generateSequences(34);

  addWords(sequences, words, 9);

  return (
    <div id="App">
      <div id="terminal">
        <div className="header">
          <p>ROBCO INDUSTRIES (TM) TERMLINK PROTOCOL</p>
          <p>ENTER PASSWORD NOW</p>
        </div>
        <div className="attempts">
          <p>{nbAttempsLeft} ATTEMPT(S) LEFT...</p>
        </div>
        {sequences.map((sequence) => (
          <CharacterSequence sequence={`${sequence}`}></CharacterSequence>
        ))}
      </div>
    </div>
  );
}

export default Game;
```

javascript – Fallout Hacking Minigame

I made the UI for the hacking minigame from the Fallout series. Could I get some feedback on the main Game.js component? It’s my first React app.

Try it here: https://eacdev.github.io/fallout-hacking-game/

Code: https://github.com/eacdev/fallout-hacking-game/blob/master/src/components/Game.js

Game.js

import React from "react";

import CharacterSequence from "./CharacterSequence";

function Game() {
  let nbAttempsLeft = 3;

  let characters = "./@.!@#$%^&*()-=+><,(){}";
  let words = ("STORY", "SYNOPSIS", "THE", "PLAYER", "CHARACTER", "STUMBLES", "IRRADIATED", "PRESSURE", "ABILITY");

  /**
   * Generates a string from filler characters. Ex: "*.!++}/.,.#^"
   * @param {*} characters the characters to randomly choose from
   * @param {*} length the length of the filler string
   */
  function generateFiller(characters, length) {
    let filler = "";

    for (let i = 0; i < length; i++) {
      filler += characters.charAt(Math.floor(Math.random() * characters.length));
    }

    return filler;
  }

  /**
   * Each row is preceded by 0x${HEXCODE}.
   * @param {*} hexStart the decimal number to use as a starting point.
   * @param {*} i number of times to multiply increment by.
   * @param {*} increment the increment to use when adding to hexStart.
   */
  function generateHex(hexStart, i, increment) {
    // Each row has a HEX identifier which starts at 61623 (decimal) and increases by 12 every row.
    // Ex: 0xF0B7, 0xF0C3, etc.
    const hex = `0x${(hexStart + increment * i).toString(16).toLocaleUpperCase()}`;

    return hex;
  }

  /**
   * Generates an array of sequences in the Fallout terminal format.
   * Ex: 0xEF8B %^ABILITY/.}
   * @param {*} amount how many sequences to put in the array.
   */
  function generateSequences(amount) {
    let sequences = ();

    for (let i = 0; i < amount; i++) {
      let sequence = `${generateHex(61323, i, 12)} ${generateFiller(characters, 12)}`;
      sequences.push(sequence);
    }

    return sequences;
  }

  /**
   * Randomly adds words from a word list to an array of sequences.
   * @param {*} sequences the array of sequences to add words to.
   * @param {*} words the word list to choose from.
   * @param {*} amount the amount of words to add in the sequences array.
   */
  function addWords(sequences, words, amount) {
    const lengthOfHex = 7;

    for (let i = 0; i < amount; i++) {
      // Choose a word in the word list and remove it after (prevent duplicates).
      let wordIndex = Math.floor(Math.random() * words.length);
      let word = words(wordIndex);
      words.splice(wordIndex, 1);

      // Choose a random number that will determine where the word starts in the sequence.
      // (12 - word.length) is the remaining spaces for filler characters.
      let wordStart = Math.floor(Math.random() * (12 - word.length));

      // Choose a random sequence to add a word to. TODO: Prevent duplicates.
      let index = Math.floor(Math.random() * sequences.length);
      sequences(index) = sequences(index).substr(0, wordStart + lengthOfHex) + word + sequences(index).substr(wordStart + word.length + lengthOfHex);
    }
  }

  let sequences = generateSequences(34);

  addWords(sequences, words, 9);

  return (
    <div id="App">
      <div id="terminal">
        <div className="header">
          <p>ROBCO INDUSTRIES (TM) TERMLINK PROTOCOL</p>
          <p>ENTER PASSWORD NOW</p>
        </div>
        <div className="attempts">
          <p>{nbAttempsLeft} ATTEMPT(S) LEFT...</p>
        </div>
        {sequences.map((sequence) => (
          <CharacterSequence sequence={`${sequence}`}></CharacterSequence>
        ))}
      </div>
    </div>
  );
}

export default Game;
```