In that case I call bullshit. What I described can work (relaying banking apps on the victim’s phone to authenticate to ATM), with cards it should not. If you read the comments on the site you’ll see people are just as confused as to how this can work.
There’s no credit card involved in this scenario.
This isn’t about subscribing to NFC events, the malware is creating fake NFC events without the NFC sensor being involved in a physical interaction with a tag or reader.
That’s what I mean, it shouldn’t be possible to relay anything. It should only trigger when there’s a reader physically in proximity to the phone.
Please keep in mind this is happening on the victim’s phone which is not rooted, the malware is a regular non-system app.
If it were happening on a rooted phone I could understand being able to subvert the NFC chain because at some point it has to pass from hardware to software and if you’re privileged enough you can cut in there. But the malware app is not privileged.
For those confused about how this could work with chip cards, the malware has two components, one installed on the victims phone and one on the attacker’s. The attacker initiates the contactless authentication at an ATM or contactless payment and their phone communicates in real time with the victim’s, which is tricked by the malware into reacting to that event and producing the one time token which is then relayed to the attacker and used.
They also previously social-engineered the card PIN from the victim, in case the contactless event requires it (definitely in case of ATM login).
The fact you can trick the NFC system on the phone into reacting to “phantom” payment events and intercept the resulting token sounds like a pretty big problem. The former should be entirely hardware controlled, and the latter should not allow the token to go anywhere else except to the hardware.
There’s more to a movie adaptation than good casting, nice imagery, good music and loosely following the events.
There are huge plot holes, for example. To mention just one, how can a bunch of savages on a backwater planet win against the resources of the entire Empire? They might pull off a victory here and there, in carefully planned condition, on their own planet, but how can they win a war against a space-faring enemy with entire fleets at their disposal?
Even on home turf they’re outgunned, the movie actually shows what happens if the Harkonnen were to use conventional weapons in earnest, they bomb the shit out of them because the Fremen have no shields. But its only done once then conveniently never again. There’s a limit to how far hand-to-hand combat will go, especially in a high-tech future war. It’s suited to guerilla warfare, assassinations, but not all-out war.
There are of course answers to all of the above but they’re not in the movies.
The movie is basically “guy gets cast as Messiah by evil cabal machinations and is too big a baby to do anything about it”. The end.
Leaving aside for a moment the sheer complexity of the themes and the plot and the universe in the book —that didn’t make it through— the movie doesn’t even stay faithful to itself. Every single person who’s had any influence on Paul gets discarded just so he can fulfill his ultimate destiny of being a sad, wet blanket with a “welp, I guess we’re doing that” attitude.
But seriously, how do you manage to make two movies and have nothing important from the rich Dune universe make it through? This could have just as easily been set in the Star Wars universe with only minor alterations and nobody among the general public would have batted an eye.
Part 2 is done in the same spirit as 1. The characters and plot don’t get any better, if anything they become outright one-dimensional. Everything (facts, characters) are over-simplified caricatures of themselves — they like to take one thing that’s technically true and run it down into the ground.
The two things that bothered me the most is how Paul is completely robbed of any agency, and becomes this listless puppet with a sad smile, and how the plot revolves around religious fanaticism with only token mentions about prescience. Hell, I don’t remember if they even mentioned why spice is so important.
To be honest it’s killed any interest in me about seeing more movies. I mean I’ll watch them, I liked the image and music, but in a detached way like I’d watch an Avengers movie. I can imagine exactly how they’re going to be, shallow as fuck. Which is going to be completely stupid and pointless because the amount of political and sociological intrigue increases exponentially as you advance in the series.
Obtainium is usually for getting apps directly from their development page, like straight from GitHub. It’s best reserved for apps that don’t bother with F-Droid, or to get them faster.
If you need a replacement for the F-Droid app there are alternatives like Foxy Droid, Neo Store, F-Droid Classic etc.
Magisk is a complete platform that focuses on hiding “unauthorized” modifications from the rest of the system. You can add any mods as a virtual overlay, it supports plugins etc. Root is only one of its benefits.
Or it’s a language where each number is a different instance, and != compares addresses.
Having two launchers is a good point but it doesn’t have to be the stock launcher. You can install any random launcher for backup as long as it can show the app list.
AFAIK the problem is not LSPosed itself because LSPosed doesn’t show an app in the app list so it can’t be detected by normal means. (To run the LSPosed GUI you have to either use the action button on the persistent notification or dial ##LSPOSED## in your phone app; or the GUI can create a launcher shortcut for you.)
The problem is that the LSPosed modules are normal apps that can be detected. So if they see something like GravityBox or XPrivacy installed it’s pretty easy to figure out that you must be using Xposed/LSPosed.
I use TB Checker and it seems to be aware of most of the LSPosed modules I have installed (the above and also AFWall, Secure Settings, UpdateLocker), even of a Sony-specific module (Physical Button Master Control). It doesn’t detect a couple of modules (Undo and BubbleUPnP Audio Cast) but I think the others are enough to conclude I have rooted the device. 😃
So to sum up you don’t need to hide root anymore because Magisk takes care of that, and you don’t need to hide LSPosed either. You can use the Hide module to hide LSPosed modules. But I would avoid doing it until all else fails for a specific app.
Obligatory note, if you add an app to the Magisk deny list it won’t detect anything that has to do with Magisk but you won’t be able to apply LSPosed to it so it will see the LSPosed modules.
Play Integrity Fix, a Magisk module by chiteroman. It has basically replaced USNF (Universal SafetyNet Fix) as the preferred method to foil Google’s integrity detection. PIF + Zygisk + Shamiko can get you to pass Basic and Device Integrity.
It’s not up to the devs.
That’s like saying that Apple started the home computer competition going.
There’s a big difference between bucking trends and skipping steps for the sake of being different, and actually moving the industry forward.
Under a non-sociopathic leadership Tesla battery and engine tech would have been in most Western car brands by now.
Instead, let’s look at what Tesla has really brought us:
That’s the Tesla legacy that the car industry has inherited.
How do you turn them off. I mean, do you go through every Google product and dig for the settings? Or do you just mean you revisit the ad settings?
Double meaning?
SMS has read receipts too. I’m not sure I care about any of the others.
May I ask what fake location do you intent to provide? And have you considered that it might invalidate your claims? Like, you say your car had an accident but your location says you’re in Antarctica, and they use that to weasel out of coverage.