The Central Deployed Hack to Mount Exploit by Adb 1

Moj Račun
na Open.Tube Instanci Peertube-a
Kompromitiran
Trenutačno, poveznice na, i stranice sa, slikopisima na www.vankina2-10.com kao i na www.croatiafidelis.hr, ne prikazuju se ili se krivo prikazuju. Radim na popravku.

Vriedne Poveznice

Duck Duck go tražilica

Tor Project

Poviest hrvatskoga jezika

Peer Tube

The Central Deployed A Hack to Mount an Exploit by Android Debug Bridge from my Nowhere-Ever-User-Connected Huawei Y6 2019 (1)

(No. 0) No. 1 No. 2 No. 3 No. 4 No. 5

Here is the screencast with well visible logging of (formerly) mine Huawei Y6 2019 (bought on Fri Jun 21, but on Fri Jun 28 returned and now I am to be reimbursed).

The serial is visible at seconds 21 from start (or peruse the dump_190628_0235_gdO_messages.

2019-06-28T02:35:48.534755+00:00 gdOv kernel: [407292.333497] usb 1-1: New USB device found, idVendor=12d1, idProduct=107f, bcdDevice= 4.09
2019-06-28T02:35:48.534803+00:00 gdOv kernel: [407292.333502] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
2019-06-28T02:35:48.534809+00:00 gdOv kernel: [407292.333505] usb 1-1: Product: MRD-LX1
2019-06-28T02:35:48.534813+00:00 gdOv kernel: [407292.333507] usb 1-1: Manufacturer: HUAWEI
2019-06-28T02:35:48.534817+00:00 gdOv kernel: [407292.333510] usb 1-1: SerialNumber: 5WH6R19320005917

In bottom right corner I overlayed the screencast taken by its own "screen recorder" program, but little use there was in this case, because for the most part it showed nothing on the GUI. Except at 0:20 from the start, where it shows genuine GUI pop-up to offer options once I connected the USB cable from my computer to it. So for the most part I made that overlayed screencast very transparent, so text from my computer's screencast can be seen well.

---

And here is the network trace:
dump_190628_0235_gdO.pcap

---

WARNING: Familiarity with and use of some Unix-like OS such as GNU/Linux or BSD, (or being able to use Cygwin on Windows but I haven't tested that yet) is required to be able to follow.

Most of the original files of this section are produced with my (primitive) set of scripts:

uncenz.

Notice there are different scripts there, some I use for minimal anonymization of the dumps (dump_perl_repl.sh). Ah, and another could be useful for downloading, instead of of click-downloading each file in a list (dump_dLo.sh). If not downloading uncenz, you can get it directly: https://raw.githubusercontent.com/miroR/uncenz/master/dump_dLo.sh or later version if that looks too old.

It's also available here locally.

For analysis/stream extraction I often use my modest and lacking in good programming practices, but doing what I created them for, scripts:

tshark-hosts-conv

and:

tshark-streams.

as well as:

workPCAPs which can run tshark-streams and tshark-hosts-conv
( and from May 2018 also stream-cont.pl from program

stream-cont )

on (a lot) of PCAP(s) (usually) non-interactively.
NOTE: A better way than my stream-cont, since recently to my writing of it, is in tshark. Pls. see how to extract files taught by a Wireshark core dev.

Readers are advised to try and analyze the traffic dumps for themselves, with the above programs (I also try to offer some educational usefulness to them). There would anyway be too little point posting all the streams and the listings that those would produce. I usually post just the ones among that produce which are crucial for the discussion in question.

And just another one thing: I post lots of command lines and snippets of scripts. Be aware that some of those are in HTML, so before using them, check that they correspond to what the page shows, and of course, report (see the contact page) back to me the typoes and errors if you find any.

My Huawei Y2 was nowhere ever used by me to connect to anything internet. I sent no email messages, no SMS, accepted no Schmoogle license (such as you can't browse with Chrome if you don't), gave no personal data of mine whatsoever into it. To the contrary, I took care to disable all google-schmoogle that I could --but of course, you can't disable google Android's own backdoors from user's GUI--...

I didn't even know, nor cared to know the phone number that was on the SIM-card, as I really bought it only to use it as camera, let alone telling anybody that number, nor any other data... I did use bluetooth, but only later, having returned home on Sat Jun 22 from a pilgrimage where I made some maybe two hours video footage total.

I filmed those at Jazovka, location of Tito's partisans' atrocities in 1945, a cave deep in the ground which is a mass grave of hundreds of prisoner soldiers, but also nuns and children, in North-Western Croatia... So yes I did use bluetooth, because that was the only relatively safe means left to me to transfer those cca. 13 GB of footage that I filmed there... Surely I wouldn't use Google Drive, or sync, or backup or such, c'mon...

The SIM-card that when I bought the phone (Fri Jun 21) appeared necessary for the phone to function --however on Fri Jun 28 I managed to start it after I took SIM-card out, see in the video, "no SIM" there-- the SIM-card was (is, I still have it) the "A1", sold in Croatia.

And their central --or they could have delegated that work to some hacker, no other could have been the case-- deployed, in some way unknown to me, the hack that made my smartphone act like a CD-ROM when connected via USB.

Pls. note at minute 5:00 of the video the SHA256 hashes of the files that would likely wreak some havoc if this hacked smartphone were to be mounted on some Windows machine:

5caf400d65378d12a601cf434c5c6cd3cb4b9ed65024e3833b289a68cb617ddc  Autorun.inf
ce0e394983b97f542b9e87115714130cd8c5fe7c601e2ea63c9ec2ed480d888e  HiSuiteDownLoader.exe
03d289f11428b3cd48e52335538c7ea105cf29c88b2da9855b3f3aab59a8522b  HiSuite.ico

I plan to post logs, seen in the video, on this and No. 2 page and more, and maybe improve the videos (the webm creation lost too much, esp. with the video of that second page). Pls. allow more time.

(NOTE 2019-07-20: was done by the first update, days after first posting)

The exploit files I'd like to present and discuss what those contain, maybe will try Huawei Croatia directly...

(NOTE 2019-07-20: I did email Huawei by the first update of these pages, days after first posting, but they did not reply)

Because they are clean in this regard. The hacking work and the exploit were from the central (I think it's VIP the owner of A1, not sure)...

Because truly, if I were to offer those here on these pages for analysis, I'd need to learn a little about what they are, as they may be technically obnoxious stuff.

And also I'll try and explain a little for the less advanced, I hope, as people will be visiting here who can't easily follow as well...

(NOTE 2019-07-20: was done by the first update, days after first posting, see third page)

I have to say I met people who should be technically capable of following this story reading incredulously and dismissively where instead they ought to have been able to prompty understand and manage this situation.

Because I already asked for support where due (the firm that sold me the device) and I told the whole story to them.

The logs that you see on this and the second page are obtained on my modified Debian by my manually compiled kernel with device debugging on (which is never set in any of the usual distro kernels). You would not get this story without it. Little or no logging in normal kernels would there be to tell what there happened upon connecting my Huawei Y6 to my computer. It would be just: it doesn't work. Full stop. So, kind of, the central that hacked my device hoped I wouldn't find out...

---

The files necessary for this study are listed in:

ls-1pg1

dump_190628_0235_gdO_messages
dump_190628_0235_gdO.pcap
Screen_190628_0235_gdO_HuaY6-sr0.webm

and verify to: ls-1pg1.sum signed by: ls-1pg1.sum.asc