~POINT-OF-CONTACT:
BTC (no Segwit): 1131xzibe2NLLbSQ3NUQWDFQA4PtBEa3r1
YOU SEND AN EMAIL TO THE FOLLOWING: http://is.gd/Gmv6xu
(One Can Regard all the below as services we can provide..)..
Let's sum up This last month and better describe the purpose
and nature of our SERVICE.
let's begin with a quick introduction:
we (refereed as us/them/they) are an individual service providers specializing in Secure Computing,
with a special focus on Appl.inc.
we do everything from infrastructure intrusion, to Vulnerability and design issues,
threw social engineering, Software HACKS and HARDWARE Hacks.
This includes everything from Hardware, RT-Programming, Security Architecture Overview,
Web Technology & web-browsers, operating system, networking and so on..
it's no secret that's the fruit company is terribly flawed in regards to their security design,
due to the fact that the designers had the concept of creating an hidden malware of an operating system
who collects (systematically and intrusively) their users data w/o the option to OPT out in any form or manner.
(This is for example what LuLu outputs, when you opt out analytics on an Hackintosh vm..)..
We have shared (and would share more at this post..) how data is being collected, not only in the default
configuration, but even as an advanced user.
We can only see this as an architectural decision, They simply Forked openbsd and marketed that as malware,
with a very nice GUI.
as a result and to top on it they have added a fully capable operating system to operate above the normal operating
system powered by ARM.
well, we ain't no saint's but, they didn't take in mind that creating this backdoor for themselves,
they might leak the keys to others.
Over the past Month or so we have demonstrated and leaked (while offering the devil several times a change for a bailout), several outcomes of their rotten design.
~ I:
Given one device compromise one can compromise the entire chain of devices an account holder has.
never-mind the security of each individual application, a normal user's compromise of his iCloud account, would probably underline the security of all his data. This data is collected on billions of human being in an intrusive manner:
for a normal user this means access to his "wallet" cookies saved passwords all his applications and so on..
while the concept of a LIVE SYSTEM, is non-existent in apple's design, it basically means that since the beginning of your usage of apple services if one of your devices is compromised, than your entire past is given to the attacker..
we didn't stop there and have demonstrated how using very little credentials (initial assumption for entry point), one can compromise an account remotely:
For the sake of privacy (we did not exploit g'), we would not include further content.
be sure this can be done remotely, given certain initial conditions.
OFC, That a remote account LOCK, or an identity theft is much more easy to obtain (yes on sep enabled devices as well),
and yes on all SoC's, not to mention the 'iCloud Lock || Device Lost' ""feature"":
YES!!! REMOTE DATA RETRIAL IS INDEED POSSIBLE.
with physical access it's simply trivial:
Remotely (Even if "locked in the cloud it can be done..):
(But far less trivial!)..
~ II:
We have demonstrated the scope of internal material we managed to posses, and the extent of the companies internal resource compromise (from Hardware, to keys, to actual access to the fusing lab keychains, keybags, and accounts).
we would emphasize (laconically) the security implications of this section:
LAB ACCESS:
Internal Keys and Technology:
and so on..
INTERNAL NETWORK COMPROMISE:
(This can be done again and again, and we dumped in general outlines,
the algo for that intrusion, with the resource we possess alone, it should be possible over the course of at least the next 5 years, without any usage of any vulnerabilities at all, BY DESIGN ALONE!)
and this is the Scope (take aside 40,000 gb of data transfer via Mega alone..)
-III:
Let's go throw the implications of our "research", only for the above mentioned:
g' account was hacked using a custom SoC (we can serialize hardware, what you would call 'vendor refurnished'):
here is a proof we ain't bull-shitting you: (convert this back to ASCII: https://twitter.com/_0000100000/status/1370967293333766144, and go to mega /file/conversion
Decryption Key: 4-Cf6314Tdw64ip6G65egyz4wYw0DBRqtbnSeL1cc6s
(not directly related, the tweet we mean..), but there are only two people other than appl and commercial companies,
holding a DVT A13, us and "qwerty.." at some point (no hard feelings..).
https://twitter.com/qwertyoruiopz/status/1320944385010376705
Now, if we had physical access to his lab-device and the entire 'branja' is sharing resource, and we can vendor refurnish:
Than who the hell know's how many research was gained from the 'branja', if we installed anything in their other than NVRAM, this is true for any device you buy | find etc..
- IV:
Before losing your shit & calling us out criminals remember we go a long way with the vendor.
we didn't began our road with ppl yesterday although not veterans such as J or others:
WE REPEATEDLY OFFERED THE VENDOR OUR ENTIRE RESEARCH IN EXCHANGE FOR THE INFINITE AMOUNT IF TIME
AND RESOURCE IT TOOK US TO PRODUCE IT. AND WE WERE REPEATEDLY DECLINED.
Not "by the book" remote code execution and UXSS on webkit was good enough for payment, and our research,
we were told had shown no security implications..
(for example) had so little security implications that they added this:
That they have added those two (diff the iommu-mapper in the devicetree..):
0x23d280088 DEBUG_USB
0x23d280090 DEBUG_AUTH
comparing n104ap->d53gap..
(But don't you worry.. they can only HOTPATCH! as the apple is rotten from the ground up!, only change
in the design might help..).
well.. we know how the normal "game" works, therefor we take our masseurs,
to Provide to our costumers, while not doing free-work to some garbage collection (and metadata..) company..
not only that, we have went threw the entire possible chain of our legal options given the laws of our country,
and again were declined || or worse taken advantage of and our ideas and work stolen!
As for the vendor, the communication and network compromise alone (imagine rooting into the supply chain of
a by design monitoring operating system, being used by billions of people), we have records of the network infra,
hardware, software employed and flaws (even w/o the 'retailer hack') all over from years ago, up to the latest development process
(simple example that any kid can go on and dork his way into the product-security@.. SMTPNess:
== BEGIN SHORT DORK for the skids..
Now, take any of those, and lock them out (or hack if you got skills) remotely out of their own accounts..
(note what google is ever good for..)..
=== Dork ENDS..
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!WELL NOW OUR GIVEAWAY DAYS ENDS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Therefor we work only in the following manner:
-ONE-FORM-OF-BUSINESS:
Topics of Trade:
hacks (apple),
hacks (google),
hacks (cloud),
software & resource and research (top class, HW, SW all..)
personal account hack.
consult (paid by the hour).
iCloud Removal (software solution not on a personal basis).
THERE IS ONLY ONE WAY TO DO BUISNESS WITH US:
BTC (no Segwit): 1131xzibe2NLLbSQ3NUQWDFQA4PtBEa3r1
YOU SEND AN EMAIL TO THE FOLLOWING: http://is.gd/Gmv6xu
THE EMAIL CONTAINS ONLY THE BELOW:
==CUT==:
1: i am interested in buying XXX || investing XXX to get ZZZ...
2: my signal number is.
3: i am willing to pay VVV<BTC<UUU.
Thank you, John Doe.
==CUT==
you must use a temporary email address and signal, the later
communications would not be committed in signal one way or the other!
That's it!!!!!
NO OTHER OPTION TO CONTACT,
WE WOULD ANSWER IFF (IF AND ONLY IF),
ALL THE ABOVE CONDITIONS ARE SATISFIED.
Things that would trigger us to avoid you all together:
asking questions (any..).
asking for personal details (any..)
Bullshit in general.
"but i just wan.."
"but you said that ..."
and so on..
WHY: So we have learned that everyone are dirty little thief's who would steal your ideas, implementations and
we would end up with shit and promises of payment that was never received.
~This way we know the following:
I- you ain't scared of BTC, and we are not waisting our time (because you paid to get an answer to your email.
II - you ain't getting shit other than us taking in mind the price you offered to buy a certain solution.
IV - you show you know how to handle secure communications and that you are not a moron || recon snitch
VERY IMPORTANT!!
The Above Address is not an help line, if you in need for "help" call 911..
-SECOND-FORM-OF-BUSINESS:
a server would be up in a few serving Resource, you would be able to access it by Crypt-Currency-Trade.
every resource | hack, document, would be priced differently!
A Complete solution can be sold in the form of a pre-installed virtual machine, that can be used to perform
most of the above mentioned (including decryption and iCloud removal!)
#YouHaventseentheRabbitsholeendYet
EOF