What is Hackers' Pub?

About 1.5 years ago my friend was (wrongly) accused of terrorism.

All of their electronic devices were seized, plus my stash of hard drives (stored at their place for reasons).

Of course police didn’t find any evidence. Culprit that framed my friend (and many others) got arrested recently (article in Polish).

Police returned the hardware few months ago and I found that all of my drives are now e-waste thanks to their carelessness, which made me (understandably) furious. I even considered suing them.

Said very good friend of mine entrusted me with their personal phone and pattern to unlock it. I charged and booted it for the first time since February 2024 and were curious how it was pwned. I knew police used cellebrite on it.

My crime is that of curiosity

As it turns out, police forgot to clean after themselves (there was an attempt) and left payloads, logs, and backdoor intact.

Took a peek at the first-stage payload but it’s too complex for me to reverse-engineer on my own. It’s relatively well obfuscated, but I can tell it’s using RNDIS (likely spawning a server?) and TLS-encrypted connection to talk to Cellebrite box.

If you’re a security researcher (or just curious nerd with more spoons than me) and you would like to take a look - here you go.

Payload was uploaded onto the device on 2024-02-21. If you want to re-create the environment it was executed on, you will need a:

• Samsung Z Flip3 5G (SM-F711B)
• Android build SP2A_220305.013.F711BXXS2CVHF

Rough execution flow:

1. USB device plugged in (Cellebrite Cheetah)
2. USB controller switches to host mode
3. Gadget switching USB VID/PID to load kernel modules
4. Module 'hid_akeys' leaks memory
5. Screen unlocked
6. ADB key '82:E5:EA:F3:DC:D1:7D:CA:65:3C:D4:58:65:CD:81:8E' added to trusted keys on the device
7. First-stage payload '/data/local/tmp/falcon' copied onto the device.
8. Second-stage payload (seemingly) executed as root:
	- /data/local/tmp/chrome-command-line
	- /data/local/tmp/android-webview-command-line
	- /data/local/tmp/webview-command-line
	- /data/local/tmp/content-shell-command-line
	- /data/local/tmp/frida-server-16.1.4-android-arm64
	- /data/local/tmp/init
9. Data extraction (photos, telegram, firefox, downloads)

# Unanswered question: What the hell is "jtcb.sdylj.axpa" running as root? Seems to have been dropped around the same time...

Have fun!

アプデ後のなんかで配送再開処理機能がおかしいのかもねえ

Wait the US has more Spanish speakers than any other country except Mexico?! And there's like half as many Spanish speakers in the US as Mexico?

https://simple.wikipedia.org/wiki/List_of_countries_by_Spanish-speaking_population

테토에겐은 밈이 아니라 혐오로 쳐요 저는

うーん

自鯖の連合が止まったまま復活しない...問い合わせてみる？

aaa

Camera: SONYILCE-7C
Lens: 45mm F2.8 DG DN | Contemporary 019
Date: 2025:11:12 20:05:51
45mm f/2.8 1/125s ISO1600 #photography

하루를 시작하는 새로운 기회를 만나세요.

오늘도 긍정적인 마음가짐으로 앞으로 나아갈 준비를 하세요.

선호 불호 에 대해서 좋아하는거면 좋아좋아 하면 되고 싫어하는거에 대해서는 거친 표현만 안했으면 좋겠다구 생각합니다 특히 당사자 앞에서 이걸 왜 먹냐..ㅇㅅㅇ 으.. ㅈㅈ 못 먹을거 먹는 사람 보듯 하면 기분이 좋지 않지요 먹는거 이해 못 할 수는 있는데 그걸 면전에다 대고 뭐라 하면 좀 그렇죵.. 그냥 너는 그걸 조아하는구나 나는 이거 그다지 좋아하진 않아 하면 될텐뎅 ㅎㅎ..ㅎ 누가 억지로 먹어먹어 하지 않는 이상 그냥 부드럽게 말해주면 좋겠어용

noted: on Zig, GitHub’s ensloppification, victims fleeing "AI", and the bubble

https://dbushell.com/notes/2025-11-27T06:18Z/

ピーチプリデのベビたん

#多肉植物
#マストドン園芸部 
#succulents 
#echeveria 
#peachpride

DIY NAS: 2026 Edition

Link: https://blog.briancmoses.com/2025/11/diy-nas-2026-edition.html
Discussion: https://news.ycombinator.com/item?id=46065034

Camera: SONYILCE-7C
Lens: 45mm F2.8 DG DN | Contemporary 019
Date: 2025:11:12 20:05:51
45mm f/2.8 1/125s ISO1600 #photography

[속보]‘계엄 해제 방해’ 추경호 체포동의안 가결···국힘 표결 불참 www.khan.co.kr/article/2025... "국회는 이날 본회의를 열고 무기명 비밀투표로 추 의원 체포동의안을 재적 의원 180명 중 찬성 172명, 반대 4명으로 가결했다. 기권은 2명, 무효는 2명이었다. 체포동의안은 재적 의원 과반 출석에, 출석 의원 과반이 찬성하면 가결된다."

[속보]‘계엄 해제 방해’ 추경호 체포동의안 가결···...

17도씨 공지가 심상치 않다... 헤어컷...? 메이크업...? 네일아트...?

苦しいなら麺食べよう (ずるずる)
苦しいなら麺食べよう (ずるずる)

'おbrother where art thou' is 敬語 for 'bro where you at ' then ?

으~ 두통이 와서 힘드네

oh hey new visual studio just dropped??

https://devblogs.microsoft.com/visualstudio/visual-studio-2026-is-here-faster-smarter-and-a-hit-with-early-adopters/

❌ Move fast, break things
✅ Move breakfast things

아 그냥 21로 다운 그레이드하고 정신 건강을 챙겼습니다 24는 이클립스에서 안되면 어디에 쓰는지 의문이다

​​

직장에서 성장하는 5가지 비결

1. 실수를 두려워하지 않는다
2. 배움의 자세를 잃지 않는다
3. 긍정적인 태도로 임한다
4. 의사소통 능력을 키운다
5. 스스로를 지속적으로 개발한다

범여권, 노웅래 1심 무죄에 "한동훈 잘못, 사과해야" 입력 2025-11-27 11:37 | 수정 2025-11-27 11:37 imnews.imbc.com/news/2025/po...

범여권, 노웅래 1심 무죄에 "한동훈 잘못, 사과해야"

요양병원에서 혼자 외롭게 죽으려면 어느정도 돈이 있어야 가능한건데
그런 조건은 상대적으로 좀 적지 않나

@syuiloしゅいろ(本物)
ロケットナウが11月30日まで毎日17時に2000円配ってる

고독사 통계에 빠진 것 중 하나는 요양병원에서 혼자 돌아가시는 분들.

지하철타고한참왔는데왜아직도내방이지

이준석 불송치 경찰 “성적 흥분 유발 안 해”…“면죄부” 반발 수정 2025-11-27 15:32 www.hani.co.kr/arti/society...

이준석 불송치 경찰 “성적 흥분 유발 안 해”…“면죄부...

고독사 통계에 빠진 것 중 하나는 요양병원에서 혼자 돌아가시는 분들.

대……세 …각…로 ……토토 가로토닌 네모토닌 모 토 토 모 닌토모네

고독사라니 내 미래인가
https://n.news.naver.com/article/081/0003595987

​​ ​​

https://x.com/kawauso_m/status/1993891309745279462?s=46&t=0a-zkyXJAxTBm8bJ0cndIQ

[속보]‘계엄 해제 방해’ 추경호 체포동의안 가결···국힘 표결 불참 www.khan.co.kr/article/2025... "국회는 이날 본회의를 열고 무기명 비밀투표로 추 의원 체포동의안을 재적 의원 180명 중 찬성 172명, 반대 4명으로 가결했다. 기권은 2명, 무효는 2명이었다. 체포동의안은 재적 의원 과반 출석에, 출석 의원 과반이 찬성하면 가결된다."

[속보]‘계엄 해제 방해’ 추경호 체포동의안 가결···...

고독사라니 내 미래인가
https://n.news.naver.com/article/081/0003595987

[속보] 국민의힘 추경호 체포동의안, 국회 본회의 가결 송고2025-11-27 15:38 www.yna.co.kr/view/AKR2025...

[속보] 국민의힘 추경호 체포동의안, 국회 본회의 가결...

늙어서 모니터 오랫동안 못쳐다보겠어

覚え書き更新 よみせ通りわくわく大感謝祭・オオフジツボライブ https://kidachi.kazuhi.to/blog/archives/043206.html

覚え書き更新 仙台で1泊2日 https://kidachi.kazuhi.to/blog/archives/043205.html

所以
churchporn -> church
churchwife -> wife (曹家軍表示興奮
#笑死

RE: https://g0v.social/users/EZ4ME/statuses/115620225817511258

대……세 …각…로 ……토토 가로토닌 네모토닌 모 토 토 모 닌토모네

https://www.theguardian.com/uk-news/2025/nov/26/rachel-reeves-targets-uks-wealthiest-in-26bn-tax-raising-budget

I'm really pissed off with yesterday's budget, and not because they put up my taxes - I'm glad they did.

No, my problem is they pussied out, didn't put them up enough. They touched everything except VAT, income tax (on wages) and national insurance.

A few pennies on those would have raised money to spend on infra we need.

I'm all for conservativism, but we need bold spending, it's why Labour is in power. And I say that as a conservative. Labour should act like Labour.

지나가는 개발자 분들께… 혹시 해결방법 있으면 알려주시길 바랍니다… 아니면 정녕 jdk 21로 다운 그레이드 하는 방법 밖에 없을까요?

RE: https://bsky.app/profile/did:plc:qqwzbhdnsy3jjmt3uy332hhy/post/3m6lqz6ixs22s

아 이클립스에서 jdk 24 못 쓰겠음 계속 에러남

. 테 크 토 닉 youtube.com/watch?v=NHfK...

RE: https://bsky.app/profile/did:plc:wuaity445q2mh3erfknu72er/post/3m6cdxbgsmc2l

테크토닉 여신 전소미(JEON SOMI)의 ⏩Fast ...

Uruguay has built a power grid that runs almost entirely on renewables, creating 50,000 jobs and halving costs compared to a fossil system. The physicist who led that transformation says the same playbook could work anywhere: https://www.forbes.com/sites/kensilverstein/2025/10/19/uruguays-renewable-charge-a-small-nation-a-big-lesson-for-the-world/

아키하바라 이쁜 사람들과 오타게를 보여주는 엄청난 영상
https://www.youtube.com/watch?v=_mkiGMtbrPM

法國廢除徵兵制近30年後 因應俄國威脅宣布恢復「志願兵役」 https://news.ltn.com.tw/news/world/breakingnews/5259811

어흐으 피곤해

ちょっと足りない