.exe executable reverse-engineering (Python)

 

Problem:

How can I extract files from an executable created by PyInstaller?

Solution:

1. Clone the pyinstxtractor-ng repository:

   git clone https://github.com/pyinstxtractor/pyinstxtractor-ng.git
   

2. Extract the executable:

   cd pyinstxtractor-ng
   python pyinstxtractor-ng.py "<path_to_/dist/app>"
   

3. Install dependencies:

   sudo yum install cmake make clang
   

4. Clone the pycdc repository:

   git clone https://github.com/zrax/pycdc.git
   

5. Build and compile:

   cd pycdc
   cmake CMakeLists.txt
   make
   

6. Decompile the bytecode:

   ./pycdc "<path_to_/app_extracted/app.pyc>"
   

By following these steps, you can extract and decompile files from a PyInstaller-generated executable.

The usage of pycdc will fail if you used a newer version of Python to compile.
If they were compiled by a newer Python version (i.e.3.9-3.12)
-- use PyLingual.io service!  <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

pylingual.io

Tech2Win + GDS2 multi-language

Tech2Win Multi-Language (CZ,PL,RO,EN,DE,NO,TR and others...) 

- install Tech2Win, copy the bin and conf files to a location 

- run Tech2Win , choose the bin file with language

GDS2 multi-language

- including keygen 

 

https://file.io/gDqMwu4PnIrN

LINK:   https://file.io/gDqMwu4PnIrN

https://file.io/gDqMwu4PnIrN

https://file.io/gDqMwu4PnIrN

BGP hijacking

 

Border Gateway Protocol (BGP) can be hijacked, and unfortunately, it has been hijacked in the past, leading to significant security incidents. BGP hijacking occurs when a malicious entity or even a misconfigured network advertises incorrect routing information to redirect internet traffic. This can result in traffic being intercepted, monitored, or rerouted through unintended paths, potentially leading to a range of harmful outcomes.

How BGP Hijacking Happens

BGP is a critical protocol used to exchange routing information between autonomous systems (AS) on the internet. Since BGP is based on trust between networks, it does not inherently verify the authenticity of the route advertisements it receives. This trust-based model can be exploited in several ways:

1. Prefix Hijacking: An attacker advertises ownership of an IP address block (prefix) that they do not actually own. Other networks may accept these routes and direct traffic to the attacker's network instead of the legitimate destination.

2. Man-in-the-Middle (MitM): The attacker advertises a route that causes traffic to pass through their network, allowing them to intercept and potentially alter the data before passing it along to the intended destination.

3. Route Leaks: A network mistakenly (or maliciously) advertises routes learned from one network to another network, violating expected routing policies. This can cause traffic to take inefficient or insecure paths.

Consequences of BGP Hijacking

The impacts of BGP hijacking can be severe, including:

• Traffic Interception: Sensitive data can be intercepted and monitored by malicious actors.
• Service Disruption: Traffic can be rerouted to the wrong destination, leading to service outages or significant delays.
• Malware Distribution: Hijacked traffic can be redirected to malicious websites or servers.
• Loss of Confidentiality: Unencrypted data can be exposed to attackers.

Mitigations and Best Practices

Given the potential severity of BGP hijacking, there are several best practices and technologies designed to mitigate this risk:

1. Route Filtering: Network operators should carefully filter incoming BGP routes to accept only legitimate prefixes from their peers.

2. Resource Public Key Infrastructure (RPKI): RPKI is a cryptographic method to secure BGP by associating a route advertisement with a verified, authentic source.

3. Monitoring and Alerts: Regular monitoring of BGP routes can help detect abnormal routing behavior that might indicate a hijack.

4. Mutual Authentication: Use of mutual authentication between BGP peers to ensure that route advertisements are coming from trusted sources.

New Key Programming Opel (Immobiliser,Central Lock,Alarm)

 You need a HQ clone (chinese 1.95 works fine) and 200603a PRO opcom software.

Open opcom.

Diagnostic > Choose your car > Body > BCM > Programming > Immobiliser > Program Transponder Key >  wait for the security timer (10mins 30secs) > All keys will be deleted > Now you can learn key #1 in ignition > Sync > choose to learn another key > turn off ignition > insert second key > Learn key #2 > Sync > you are done!

Warning: If you wait the timer and you don't learn the key - you won't be able to start the car!

Opel Odometer Adjustment How-To

 You need an ADV Op-Com software and HQ clone (chinese 1.95 works ok). 

First change the firmware to 1.67. 

Than install ADV Opcom (for me works ok 161001a).

Open ADV Opcom.

Click Settings > Change to B+ > Save config

Diagnostic > 2011 > Astra G > Body > Infotainment System > CD300 to correctly initiate the interface as ADV is not made for B+

Back > Choose your car

Go to Body > BCM (Body Control Module) > Programming > Set Odometer 

Change the wanted value and click WRITE

You are done! 

WARNING: The real value will still be stored in ECM!!! Visible in all OBD2 diagnostics! The value is changed only on dashboard!

ASUS TinkerBoard reset (only red LED, no boot)

 After resetting my RPi, I had to reset also the TinkerBoard to boot in the OS. Had only red LED light and it was not coming up. So before re-formatting the SDCard try to reset your board.

It is also done via shortcutting the pins, which are not marked on ASUS. See the picture, the RED mark is power/reset button. In case you power off your boaard, just shortcut them again to start it up. Board has to be connected to power.