> The payload isn't delivered as a raw binary or a Python file. It's disguised as a .wav audio file.
> The WAV file is a valid audio file. It passes MIME-type checks. But the audio frame data contains a base64-encoded payload. Decode the frames, take the first 8 bytes as the XOR key, XOR the rest, and you have your executable or Python script.
I've seen it at least once in code from a big car manufacturer who encrypted their software or parts of it to avoid you reading the xml files. They use a key, split into two or more parts, hidden as the first bytes of some file or as plain text somewhere it would not be out of order, then recombine, run through an deobfuscation function to be an old fashioned DES or XOR key to decrypt the (usually XML, could have been a different key format it's been a while) files. It's not that uncommon. It's also security theater. Funny part is they didn't obfuscate the code to read the key.
Actually SIMs aren't free, they're normally $10. You can sometimes find them for $1 if you look around hard enough [1].
I've been using this plan for about a month or so and coverage has indeed been a little spotty in my area but it's good enough for my needs. If you do want to try it out here's a tip port your number: do NOT do select the option to port during the online activation process. Sign up and activate your SIM FIRST and then call in to initiate a number port request. Once you've activated and signed up for the $30 plan with a port request, there's no way to get a temporary number while waiting for the port request to complete.
I consider $10 with a $10 discount (applied before payment) "free". I ordered straight through T-Mobile's web site. Yes, I may have actually paid some amount under a dollar, and no, I didn't pay more than a dollar. I'm still willing to call it "free".
Not just for police... I'd imagine event organizers would like to have just such a technology at their venues to prevent "unauthorized recording." Seems pretty useless in practice though. Couldn't you just put your phone into airplane mode?
Seems to be a fraud deterrent. I once had an eBay listing that was "purchased" by a Nigerian scammer. Buyers need to have a reputation system as well in a viable eBay replacement.
Yup - I think from a technical aspect we could totally have a user purchase before creating an account / signing in, however this limits us when it comes to dealing with fraud as well as brings up problems with the escrow system.
Since all payments enter escrow, without an account, the buyer can't release the payment to the seller.
> The WAV file is a valid audio file. It passes MIME-type checks. But the audio frame data contains a base64-encoded payload. Decode the frames, take the first 8 bytes as the XOR key, XOR the rest, and you have your executable or Python script.
Talk about burying the lede.
reply