Login

u/Livid-Dark8276

▲ 25 r/computerviruses

  1. Fake download page generates the ZIP on your device using javascript (It adds junk filler data to an existing zip hosted on their server to evade anti-virus)

  2. RenPy game has data/arch_x64.rpa, this contains the malware loader

  3. Loader goes into hidden file in data directory (starting with a .) and base64 decodes to get the config for the loader

  4. The config has the name of the file containing the next stage and the XOR key ("pasw"), it xors then unzips the file specified in the config and runs the next stage

  5. The Golang loader, which is rotated literally every few hours and is usually never seen before by virustotal (Also obfuscated with custom protection, seems like they no longer use Garble)

  6. It loads a stealer, which loads a powershell payload as well, along with a persistent exe

reddit.com
u/Livid-Dark8276 — 9 days ago
▲ 32 r/itrunsdoom

JPay JP5Mini prison tablet officially runs doom. I would do it on a newer model, but eBay prices on those are insane (Got this tablet just to get doom running on it lol)

Guide:

  1. Get code execution and enable ADB (You gotta find your own zero-day, not leaking my private one)

  2. Adb install MyBoy Free APK (Old version that runs on android 4.1)

  3. Patch the /data/jpay/config and /data/jpay/config.md5 to allow the application to run

  4. Adb push a DOOM ROM

  5. Reboot then open MyBoy Free and load Doom faster than the file scanner detects the unsigned ROM

u/Livid-Dark8276 — 10 days ago