CyberGuerrilla 2013
 Vol.3--No.2013 | 7 Users Online
Saturday,Jan 25,2020 
By Anonymous avatar | December 6, 2013 - 15:22 | Posted in AnonyNews | Comments Off on Antisec LulzSec :: THANKSGIVING SPECIAL EDITION


    ##  "There come a time, when good men must wear mask.....kemosabe"  ##
       _  _                  __  .__                          #FREEHAMMOND
    __| || |_______    _____/  |_|__| ______ ____   ____      #FREEASSANGE
    \   __   /\__  \  /    \   __\  |/  ___// __ \_/ ___\     #FREECHELSEA
     |  ||  |  / __ \|   |  \  | |  |\___ \\  ___/\  \___     #FREESNOWDEN
    /_  ~~  _\(____  /___|  /__| |__/____  >\___  >\___  >    #FREEBARRETT
      |_||_|       \/     \/             \/     \/     \/     #FREEANONS16
    ##              ohai feds!!! we're still alive.                     ##
    ## the best trick ever pulled was to convince FBI they can catch us ##
         every single line of code is, today, equal to a magic spell.
           Magic that's able to change how things work around you, 
                    and eventually...the world itself.
    hi guise!!! <333
    so well...
    Hammond was sentenced to 10 years of prison for being a 
    political dissident, doing what he felt was the right thing.
    it was the second time he was jailed cause some coward betrayed him.
    you are probably asking yourself: why did he start hacking again after 
    being in prison the first time? well, Hammond was an honest idealist, 
    who blindly hated a system that rips off all freedom and humanity 
    from us. and he hated this to the point of trading 
    his own freedom on the fight, because nobody can understand better 
    how precious and fragile freedom is, than those ones who have lost theirs once.
    now he is being tortured by prison authorities and he is often kept in 
    total isolation whilst the coward of Sabu lives dressed on silk 
    kimonos and gets pimped in secret by FBI. 
    yeah we know, rapists and other shits get less punishment. 
    things are fucked up, but nobody seems to care to change this.
    our greetings then for all those ones who have sacrificed their own 
    comfort and freedom to tell us the truth.
    hammond, julian, snowden, chelsea(the hacker former known as brad),
    aaron and many others around the world, specially those ones
    whose existence will never be noticed by the world, those who save 
    our world everyday and those around the world who perhaps we'll never 
    know and who every single day make what they believe is the 
    right thing even if that means going against their own interests.
    freedom of choice. that's what made of us humans.

    so now that Snowden has stepped up to prove what we have been tried to 
    tell you for the last years, we consider ourselves on vacations. 
    work is still going on but, now we've got rid of the FBI influence, 
    we decided to play things with our own timings and rules.
    so what today?
    today we want to share some thoughts, concepts and stuff about 
    safe irc/im communications and openssl.
    stuff that could be useful for our fellows to avoid some problems.
    and bringing the mpOTR gift to our IRC/IM communications.
    (if you dont care about details and just want the toy and candy
    just skip to the 'WHAT THE FUCK THEN fuckNSA DOES????' part)
    well all this started by accident, it's a funny story  
    involving sex, hacking, japanese girls, NSA superspookcomputers,
    Julian Assange running naked through the underground of london
    and General Keith Alexander's personal pink tutus collection.
    so here we go:
    Once upon a time, in some remote irc channel on some hidden service,
    a bunch of guise trying to trade cool stuff were 
    dragged into the following conversation 
    (convo lightly changed for the sake of privacy):
	  xx  > do u have otr?
	  yy  > hold on, im sitting on a pwnd box, lemme check
	  yy  > nah, cant quick install it asap. i could compile and install it
	  yy  > but no time for it
	  yy  > what about blowjob?
	  xx  > ...
	  yy  > i mean
	  xx  > lololol
	  yy  > u irssi?
	  yy  > well its a quicky one at least
	  xx  > blowfish is useless man
	  yy  > anyway its all fine about otr but not sure about how it really works
	  yy  > didnt check the code yet
	  yy  > but i would prefer something i can tinker with, and easier to move with
	  yy  > when im jumping box to box so.. the perl script
	  xx  > okok at least gimme 2 min, can u check if you have some Crypt:: algo installed
	  yy  > wait
	  yy  > can get Rijndael quickly
	  xx  > ok cool
	  xx  > get it installed and gimme 2 min
	  xx  > ok check this paste
	  xx  > there, just a modified blowjob to use AES instead of blowfish, defaults to 256
	  xx  > ok?
	  yy  > got it
	  xx  > go to the other win and gimme a pass
	  yy  > ok was a quick solution to keep going on with the chat, thou not the best one. 
    even when we were able to deploy a stronger cipher algorithm we were lacking 
    of some important part, like solving a shared passphrase exchange. 
    so we kept thinking about it. yeah we love 2 irc, theres no many popular 
    options for encryption on it, we could use otr for irssi thou the current 
    implementation seem lil bit buggy, otr 2 protocol look quite good but it's 
    not always available for every situation sadly and even when ppl use it
    not everyone understand whats going on on the background, it just works 
    for many ppl and thats enough but well perhaps some other ppl would prefer 
    to get more control about whats going on and probably tweak and modify
    it as they think it fits better, like a group using their own 
    diffie-hellmann parameters or ciphers or whatever. so basically we were 
    discussing later this issue whilst modifying the original
    it was funny.
    so we ended up with some PoC about many ideas we were discussing about. 
    we read the OTR 2 protocol, we discussed about cipher algorithms, 
    about openssl thingies, about NSA, FBI and other shits. 
    what follows its the product of that dialog.
    Goddess on charge: Rinko Kikuchi  B====D
    we tried at the beginning to rely mainly on openssl 
    cause it's installed by default on many systems
    but the first problem was about what could be leaked and 
    watched through the process list, yeah we could 
    have just used files for everything but at the end 
    we ended up lurking on many shits and discovering 
    some interesting stuff. so we chose Camellia as cipher, 
    cause we don't trust AES anymore.

    check the camellia code please. original camellia.c, camellia.h and 
    camellia on pure perl are available on the repository 
    but you can google them too.
    we use Camellia 256
    we strongly suggest you to install them by yourself, by the alikes of using cpan,
    but, for a quickie, we made some ready-to-go .deb packages
    containing the originals without modification, cause well, 
    it seems there aren't .deb packages available on the
    debian repositories. and when you're using some stuff temporarily sometimes 
    you don't have time to cpan burdens.
    so well then we discovered that the Crypt::CBC's password based key derivation fn
    was inspired by the openssl passphrase base key derivation fn and the use of a salt
    so using salts are good. but well, Crypt::CBC shared the fate of openssl... 
    they both use md5 as default to hash the passphrase and salt. 
    and we all know md5 has many issues about collisions and shits. 
    if you are using openssl for symmetric encryption, 
    it defaults to use md5 on 1 single round. 
    eventually ppl could use the undocumented '-md ' 
    flag to change this default.
    thought even when it would be possible to,    
    for example:                                                                    
    cat testtxt.txt | openssl enc -camellia-256-cbc -e -a -salt -md sha512  
           | extracted from openssl's enc.c:   |
           |                                   |
           | if (dgst == NULL)                 |
           |     {                             |
           |      dgst = EVP_md5();            | 
           |      }                            |
    < kayla> lololol md5    
    you are still limited to use 8 byte salts, even if you try to manually  
    set, for example, a 16 byte salt manually like this:                   
    cat testtxt.txt | openssl enc -camellia-256-cbc -e -a  \                 
                            -S 9e5de8d47165d15c46a4dca04c3352ce -md sha512  
    because this                      
        | extracted from openssl's evp.h:      |
        |                                      |
        | #define PKCS5_SALT_LEN            8  |                        
        |                                      |
    |  and also this                                                          |
    | again from openssl's enc.c:                                             |
    |                                                                         |
    | EVP_BytesToKey(cipher,dgst,sptr,                                        |
    | (unsigned char *)str,                                                   |
    |   strlen(str),1,key,iv);                                                |
    |                                                                         |
    | so checking... evp_key.c :                                              |
    |                                                                         |
    | int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,            |
    |        const unsigned char *salt, const unsigned char *data, int datal, |
    |        int count, unsigned char *key, unsigned char *iv)                |
    |                                                                         |
    |   [...]                                                                 |
    |                                                                         |
    |   for (i=1; i<(unsigned int)count; i++)                                 |
    |       {                                                                 |
    |       if (!EVP_DigestInit_ex(&c,md, NULL))                              |
    |           goto err;                                                     |
    |       if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))                       |
    |           goto err;                                                     |
    |       if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))                    |
    |           goto err;                                                     |
    |       }                                                                 |
    |                                                                         |

    > really guise... defaults to count = 1 ?
    > #?@!%    
    wat the fuck was that?
    fuck with pkcs5 on these fuckin crazy times of mass surveillance
    if this was a decision made to keep retro-compatibility,
    why dont we also make enc algo to default to the caesar cipher?
    so we could easily decrypt also our old papers from the roman empire times, huh? 

    we wrote a patch for the openssl commandline utility thought        
    well...lets be honest:                                                      
    we don't think it will make it through mainstream considering it would      
    be coming from us (we tried on the past, didnt work)
    but whoever from the OpenSSL community would be          
    able to easily implement it.                                                
    the patched version works on this way:                                      
    cat testtxt.txt | openssl enc -camellia-256-cbc -e -a -fuckNSA              
    this enable to default 16 byte salts and the use of the algo sha512 breaking
    pkcs5 lines but wtf anyway                   
    longer salts should be available to be used ofc.                            
    also (currently being tested) it would be possible to do symmetric          
    encryption with 2nd-stage-passphrases, derived from an additional extra     
    function that complements the standard method                               
    cat testtxt.txt | openssl enc -camellia-256-cbc -e -a  \                    
                                     -fuckNSA -KeithAlexanderLovesCocks       
    (yeah he and his transplanted hair loves cocks )                              
    will pass the given passphrase to the 'KeithAlexanderLovesCocks'            
    function (a PoC already implemented into the '' irssi perl script 
    for secure communications and also into the simple commandline              
    encryption utility '')                                              
    this function will derive a new passphrase (or proto-key seed)              
    that will...seed(sic) the iv and key derivation standard procedure.         
    think about it as something that produces complex passphrases               
    from (possible) weaker and simpler ones; eventually forcing an adversary    
    aka FBI, NSA, Teletubbies, Cartman, etc...                                  
    into building tables for all possible combinations of the                   
    sha512 output (for example) and blah blah... 
    or least add the fucking scrypt snippet into it....  
    you can use also just go gpg, way. installed by default on many *nices 
    thou that doesnt change the fact openssl must modify some basic stuff to 
    fit modern times.
    so well, we touched Crypt::CBC to address this whole thingie,
    enabling on it 16 byte long salts and sha512 digest algo. 
    We make available our version of in the repository
    and we made a .deb package to quick install it. (we worked around the 
    security of dh-make-perl to forge it)
    we strongly suggest you to read the code first, verify you r fine with it
    and then install the .pm by yourself.   
    so thats all about perl modules needed to run our 
    we use those 2 modules, also check if your Digest module is updated. 
    and we kept openssl for dh and rsa keys stuff to avoid demanding 
    more perl modules to be installed, etc.
    WHAT THE FUCK THEN fuckNSA DOES????    ..mpOTR man, its all about mpOTR
    it implements advanced encryption over IM/IRC communications resolving 
    the how-sharing-the-fucking-passphrase problem & deploying an inspired OTRv2 
    key exchange agreement. it uses Camellia256, DH keys of 4096 bits, RSA 
    keys of 4096 bits and sha512, sha256, etc. it produces 2 keys: one for encrypted
    communications and the second one to use on file encryption (in case
    ppl need to share stuff) it implements a flexible mpOTR solution, flexible
    enough to be easily hackable, letting a group of ppl on a given channel for 
    example to exclude a non-trusted part (aka FBI snitch) from knowing other keys 
    used for that channel, the use of temporary common keys to reduce flooding, the use 
    of individual keys and all & whatever u prefer to do. If a computer belonging to
    some individual is seized by FBI, only last keys used would be compromised and only
    those ones shared with some individuals for the last conversation the individual
    has participated, therefore not compromising conversations that happened between 
    other individuals on the same channel at different times. Users retain full control of the 
    decisions to make. the DH parameters are easy to change, so different 
    groups can easily employ their own parameters with keys of 16384 bits for example. 
    it offers good verbosity and keep history of your peer's fingerprints in case 
    you need to check it later, when you go full paranoid, and many other etc & etc...
    go to  
   Keith Alexander does with his hair???
    stop spending our taxes into your hair transplantation ops
    we know that your hair is coming from your ass!!!
    how to install:
    go here    
    put on your irssi script folder for example
    and then:
    /script load  
    < kayla> that was silly to explain...  :o
    install Crypt::Camellia or Crypt::Camellia_PP
    the pure perl version can slow down things lil bit
    but perhaps it's the simplest to get installed 
    quickly on the run
    put and
    on a 'Crypt' folder where you have your perl modules
    example on freeBSD:
    (yeah works not only on Linux but on freeBSD too, 
    and it rocks there)
    it works on OSX too but... 
    Apple couldnt have better idea than fuck openssl even more compiling the
    default installed version without 'pkeyutl' nor camellia algorithm neither
    why? WHY APPLE???
    so theres no option guise and you need to install your own openssl thingie
    check internetz for that, its not that difficult. 
    ofc you can modify the 
    whole thingie to tap on gpg instead. so be free to do what u want.
    check the 'INSTALL' file for more info
    if you want to change from Camellia_PP to Camellia
    dont forget to modify (commenting the option)
    tune the irssi builtin flood control to speed up the key exchange process
    { cmds_max_at_once = "256"; cmd_queue_speed = "15ms"; }
    code is easy hackable to make suspected fbi snitches or regimes'spiez (for example)
    into believing they ve been infiltrating a conversation 
    whilst sensitive parts of it
    are being modified on the fly for them.
    TO-DO and how to help:
    port fuckNSA for libpurple and other clients (pl0x help, we r lazy cunts)
    further testing and fix whatever appearing buggy, remember we 
    wanted to release this for thanksgiving so it needs more testing & blah blah
    keep improving it
    write tutorials, explain others how to use it, read the code first. THE CODE FIRST.   


43f50d2faa7fc28ca2a0267fa7456a0bdf5eec16e0cb84842166dbd242d20e0a  libcrypt-camellia-perl_2.02-1_all.deb
e137d9b335facb9aeaa7c77b424f8414c970a01e406d4a14b3b81c1b2b267344  libcrypt-camellia-perl_2.02-1_amd64.deb
e3df84cfa22eb4d980317faf1e03cd567c0cdc80e1209ab7809418d1f74a980f  libcrypt-camellia-pp-perl_0.02-1_all.deb
74cf6b69cbd379566168e5ae605317e7c935d04023fe9fae52ae0fd01cb1a9c8  libcrypt-cbc-perl_2.33-1_Lulzsec-mod_all.deb

3c35aa070086abacf429fabb75c696b963c8904475502ddc25f9828d8992f2c1  camellia.c
0d4acde103ad556aac4ec502358113ec7fdefc543266e68bf748a6048231ceaa  camellia.h

      ##             LulzSec License              ##
      ##                                          ##
      ## Do whatever you fucking want with this,  ##
      ## but you must produce at least one act of ##
      ## civil disobedience against the System    ##
      ## and its rules, even if that represents   ##
      ## not honoring this license at all.        ##
      ## Fuck Cops' daughters, send cigarettes    ##
      ## to those of us who are jailed, smash     ##
      ## down CCTV cameras and...                 ##
      ## also cocks, because lulz.                ##
      ##                                          ##

    the fucking idiots @ FBI were trying to take our bittie$ 
    so pl0x show some love
    and drop some pennies to this one:
    ^ bitcoin
    Remember always the biggest danger we faced came from the human
    side (aka Sabu, other lame informants & other kind of feds'bitches)
    not from the tech side and if it happened, it came from mistakes 
    made by ourselves or from the h4k0rz' usual drama & mutual pwnage.
    FBI can't find even when their wives are cheating on them.
    So be careful about who you trust to and what you are doing and 
    how you are doing it, always. stay safe <3
    and code your freedom.
    < theo> & use condoms for buttraeping!

    dont forget to go to this CCC conf, even if many of us cant because feds lurking.
    feds suck, d'you know?	
    if u have read all this PR without having brainzcancer
    at least because grammar
    u have our respect

    we wont give more details about this till Adrien Chen appears
    on the front page of Hustler, disguised as a baby on pink clothes
    with a buttplug on his mouth and...
    ok, we're joking...

"Now I know what a ghost is. Unfinished business, that's what."
??? Salman Rushdie, The Satanic Verses 

     :@@@@@@@@@@@@@@@@@@      .'@@                
      #@@@@@@@@@@@@@@@@+;  .+@@@@@                
         +;;'#@@@@#+;`      ,:                    
         .#@@@@#++:  @.    ...`                   
      `'@@@@#++'. +  .#++;;+  +                   
    ,@@@@@#++:``::+   `',:+,. ,                   
  `@@@@#, #+` ',.`'.   +` ``  `,  .+              
   @@:`  ,+. ,`:``.:   '. .',+++   #              
   ``    #+`++,.`:,``    :`+@@'@@@@'    ````      
         #'`#+:`.,`:` .@@@+@#  +`.      :  `:     
         #:: +.`,.., `@@,#@':. +        :   '     
         #: ` ',:`,, @#``    + +        ' `,;     
         #: ` `:''`  @` #:.. , '        #+++:     
         #: ,     ;#'#  + :   `:         #++      
         #; '     `''         ,          '.       
         ;' '                 #         `@#       
          #.;                ;`       ,#.:;       
          `+;               '.        @   `       
           :#;            `@:        :`  `,       
            .#+;        `'+.'        +            
              .@++#'+@+@++` ;@.     '             
               `' ., ` #:`# `+.#+  :.             
                ., :  @#;.`;`:  `#@.              
                 +``,.;`@+,. '#                   
                 @' ' ;`@:+`#`;`                  
                `#+  ,'`#  :.  '                  
                ' #.  :`#` '`. +                  
                # +.  .:+: :`. .                  
               `, +,   ..+ '`   :                 
               ;` #+@:,:#.;``   '                 
               #'##:#+.  : `;   ;                 
               #. #:      `'`   :                 
                  #,        `   .         
       2013. All Your Base Are Belong To Us.
(Visited 10 times, 1 visits today)

  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

This Post is Tagged with:

Comments are closed.

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

nonymous. Whoever you are, we are ungovernable!
> =[]= This site is run by cyberguerrilla, your friendly anonymous autonomous tech collective since 2010 =[]= This the past that can NOT be changed! <