shayanb

0x2e8d42d7e658a173e509c6eb329aa96a8b67bcce142e3040efa45673829628eb

shayanb

Anonymising PDFs

PDF metadata

Metadata in PDF files can be stored in at least two places:

• the Info Dictionary, a limited set of key/value pairs
• XMP packets, which contain RDF statements expressed as XML

PDF files

shayanb

- (NSString*)UDID {
    NSString *uuidString = nil;
    // get os version 
    NSUInteger currentOSVersion = [[[[[UIDevice currentDevice] systemVersion] componentsSeparatedByString:@"."] objectAtIndex:0] integerValue];
    
    if(currentOSVersion <= 5) {
        if([[NSUserDefaults standardUserDefaults] valueForKey:@"udid"]) {
            uuidString = [[NSUserDefaults standardDefaults] valueForKey:@"udid"];
        } else {
            CFUUIDRef uuidRef = CFUUIDCreate(kCFAllocatorDefault);

shayanb

import ecdsa
import ecdsa.der
import ecdsa.util
import hashlib
import os
import re
import struct

b58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'

shayanb

My router has been hacked. Here's what I know:

I'm unaware of how my router became infected, but the password has definitely been changed. I admittedly had not done any firmware updates in quite some time, which could be related to the infection.

The router was setting a custom DNS for google-analytics.com, which pointed to their apparently malicious server. Unfortunately, I did not realize it was DNS manipulation before I reset my router (I thought google-analytics.com was an invalid domain), so I did not get the original IP address. It servers up the script that spearheads this whole thing. The source for that script at the time of writing can be found in the file google-analytics.js

Once google-analytics runs, it inserts an iFrame that directs to http://storage.com/storage.html. The ad serving script is clever in that it will only serve you ads so many times in a given period, so that you won't be able to debug and you might not really think anything is wrong. It stores timed cookies on the storage.com