All right, let's jump into another deep dive. This time it's into something pretty unique.
Yeah, definitely unique.
The International Journal of Proof of Concept or Get.
The Fuck Out PAC or GTFO for short.
Exactly PAC or GTFO. We've got a whole stack of articles here, and they're all about hacking.
And vintage tech and some seriously impressive engineering.
It's a really cool mix it is.
This issue is curated by well, they call themselves Pastor Manul Lafrag. Quite a name, right, and they have some pretty strong opinions. Oh yeah, about the current state of software exploitation.
You could say that again.
I was really struck by the analogy they use, comparing it to like the early days of steam power.
Ah, before people really understood thermodynamics.
Yeah, exactly. What do you make of that?
I think it's a really interesting point. They're basically saying that, you know, back then, engineers were building these functional steam engines, right, but without fully grasping the underlying of physics.
They knew it worked, but not exactly why precisely, And the pastor seems to be suggesting that a lot of today's exploit developers.
They're kind of in the same boat.
Yeah, they're creating things that work, but maybe without that deep theoretical understanding.
So are they saying we need like a more scientific approach to hacking exactly.
They're calling for this balance between building engines, which means creating practical exploits, right, creating those practical exploits and then constructing theories.
So building that solid theoretical foundation.
Yeah, bridging that gap between practice and theory.
That makes a lot of sense. And this issue of PC or GTFO it really embodies that, really does. There are articles here on everything from hacking satellites to breaking copy protection on vintage Apple two games.
What a range?
Talk about range?
Seriously. One that really caught my eye was about hacking Global Stars Simplex Data service Global Stars. Yeah, and did you know that inner accepting data from.
Satellites from satellites.
Yeah, it's becoming surprisingly accessible.
Really. I always thought that was like the.
Realm of you know, like superspies.
Yeah, government agencies and supervillains.
Right, but apparently not anymore. This article it lays out the tools and techniques.
So you're saying like anyone.
Could do it, well, anyone with the right technical skills of course, of course.
Yeah, but still it's kind of mind blowing it is.
Of course, there's a difference between intercepting data and actually like understanding.
It, right, being able to actually use it. Yeah, exactly, but it's still pretty wild. What else is in there?
There's this fascinating piece on exploiting unused data type identifiers ttis for short in APRS, the Automatic Packet Reporting.
System used by ham radio operators.
Right, and it's about creatively repurposing these unused identifiers.
To hide data exactly, to hide.
Data within APRS transmissions.
Hold on, you're saying you can sneak in hidden messes through ham radio.
That's exactly what they're saying.
That's a pretty ingenious it is, right if bit sneaky, Yeah, bit sneaky. Can you give me an example?
Sure, Imagine you have this DTI let's say zero by twenty two, zero by twenty two, and it's not used for anything, okay, But it's right next to these valid DPIs like zero by twenty one and zero by twenty three, okay, which are used for location reporting.
Yeah, so you could potentially sneak in some extra data.
Slip it right in there using that unused DTI. Wow clever, But of course there are ethical considerations. Oh yeah, for sure, especially if APIs is used for emergencies.
Right, you don't want to mess with that exactly.
The article does warrn about the potential consequences.
Good. Good. Now for something a little more nostalgic. Oh yeah, there's an article on building a Galaxiga home computer, a Galaxiga from scratch using techniques from the nineteen eighties.
Wow, that's taking it back. It really is.
And I gotta admit this one. It kind of sparked my inner geek. I bet the Galaxiga it was the first Yugoslavian home computer.
Really, I had no idea.
Yeah, introduced back in nineteen eighty four, eighty four. Wow, this article, it gives you detailed instructions on how to build.
One yourself, like just like they did back then.
Exactly. It's incredible to think about.
The ingenuity and the resourcefulness.
Yeah, back in those early days.
Can you imagine building a computer from scratch today?
It would be a completely different experience, right, I mean.
This article it talks about making jumper wires from telephone wire.
From telephone wire, yeah.
And meticulously soldering each component. Wow, it really captures that diy spirit.
There's something really appealing about that. You know, they know you can make that satisfaction of creating something so complex from basic parts.
Yeah, from scratch, absolutely.
And speaking of vintage tech, there's this real gem in here.
Oh tell me more.
A comprehensive guide to breaking copy protection way on Apple two games.
Apple two Classic.
This is the work of Peter Ferry, right.
Oh yeah, he's a legend, a.
Legend in the world of classic game cracking.
He's uncovered all these techniques.
For protecting those early games.
And of course the methods to break them.
We're talking about manipulating sectors on floppy discs.
Exploiting vulnerabilities and disk drives, even using self modifying code. It's incredible.
It's constant back and forth, a real arms race between the developers and the hackers.
It's fascinating.
You know what's amazing is how these early innovations they still resonate today.
You're right, It's like those fundamental principles of security, they haven't really changed.
It's all about understanding the.
System, find the weak points and exploiting them exactly. Whether it's floppy discs or complex software, the core concepts are.
Often the same, and this issue of PAKC or GTFO. It's like a treasure trove of insights, it really is. There's an article here on the security of zo wave door locks z waves okay, which are becoming really common in smart homes. Yeah, for sure, dells into the encryption and authentication.
Highlighting the role of the network key.
So z wave it relies on this single master key.
It's a common approach.
Sounds a bit risky.
It can be the network key. It's securely shared with new devices, okay, but if that key is compromised, then what it could give someone control over the whole network, including the door locks potentially.
Yeah, that's a little unsettling.
It is a reminder that even with fancy.
Encryption, there's often that single point of failure.
Exactly, it can undermine the whole system.
Wow, it seems like security is this constant cat and mouse game.
It really is.
And this deep dive into PAC or GTFO it's a fascinating glimpse into that battle.
It is. We've covered so much already.
From satellite hacking to building vintage computers and cracking those classic games.
There's still so much more to explore.
We've only just scratched the surface.
Stay tuned for Part two, will dive into.
Even more more fascinating and technical insights coming right up after a short break back again and ready for more from Poke c or GTFO.
You know, going through these articles, Yeah, I'm just blown away by the ingenuity.
And creativity for sure of the people behind this journal. It's really something.
They're not just demonstrating exploits. They're like pushing boundaries, shooting the limits absolutely often in these really creative ways. Oh yeah, very creative.
Okay, speaking of creative, there's this article that dives into arm debugging rmdbugging using something called the Serial wire DBUG PROTOCOLSWDD. Yeah, can you break that down a little.
So SWD it gives you this really low level access to these ARM micro controllers deep access. Yeah. Basically lets you peek inside and manipulate.
How the chip works.
You got it.
That's power, very powerful. It's like a secret back door.
That's a great way to put it. The author drives goodspeed. He does this fantastic job. Yeah, he's great of explaining this really complex protocol, making it understandable exactly. And he even built this tool called SP eight two sixty six arms DD.
SP eight two sixty six arms DBD. Okay, what does that even do?
It's an Arduino sketch basically turns this cheap esbaight two sixty six WiFi module.
Into an SWD debugger exactly. So like with a little know how, you can wirelessly debug these micro controllers.
That's the idea.
Wow, that's pretty impressive. It is this Travis goodspeed. He's quite the tinker, isn't he?
He really is. And he takes it even further talking about this future where SWD could be used for what he calls it literate reverse engineering.
Literate reverse engineering.
Yeah, imagine being able to interact with hardware okay, and document it in real time, wow, using like web based tools and all thanks.
To SWD exactly. That's a really cool concept. It kind of ties back to that, uh breaking the gap, Yeah, the gap between practice.
And the pastor was talking about.
Yes, exactly. But let's switch gears for a moment. Okay, Sure, there's this other article I just have to ask you about. It's titled ox Beef and ox Cafe Hacking a Digital pregnancy test for fun and nonprofit.
Oh yeah, this one's a wild one.
That title alone, right, So what's the story here.
Well, the author Amanda Wosney.
Act Amanda Wosniak.
Okay, she was actually contracted to reverse engineer a pregnancy test.
A pregnancy test.
Yeah, but she never got paid for her work.
Wow, that's rough.
Yeah, So she decided to publish her findings in this journal exactly.
This makes her a pretty unique article, right.
Definitely unique. So what she did was she delves into the hardware and firmware of like a typical digital pregnancy test, Okay, and she explains how it actually detects those those blue.
Lines, the blue lines. Yeah.
It turns out there's an optical fencer really yeah, and a micro controller.
So it's more complex than just a simple chemical react much more.
There's actual computing going on in there.
Wow. That's uh, that's surprising.
Yeah. And she even outlines how you could potentially like mess with it, well, manipulate the LCD display to show custom messages.
So you can make it say whatever you want theoretically. Yeah, that's thinking outside the box.
Right. Okay, let's get back to something we touched on earlier.
Okay, what's that.
Breaking copy protection on those vintage Apple two games?
Ah? Yes, that's a classic.
There's a whole section dedicated to this. Actually, it's a gold mine of information.
For retro game hacking.
Peter Ferry. He really goes deep, covering everything from sector manipulation, which is it's about how the data is arranged on the floppy disc, to self modifying code, which is where the program actually changes its own instructions as it's running.
Why.
It's wild.
It's mind boggling the effort that went into all.
This, both protecting and circumventing those protections in the day, and it was this constant arms.
Race between developers and hackers. And you can see the evolution of those techniques over time.
It's really fascinating.
It's amazing how these early innovations they still matter today.
They do right, It's like the fundamentals of security, they haven't really changed that much.
It's still about understanding the system, finding the weak point, and exploiting them exactly. Okay, speaking of exploiting systems, there's an article that really peaked my curiosity with that. It's called DMR Digital Mobile Radio DMR, and it goes into this world of two way radio hacking.
Interesting. So DMR stands for digital mobile radio and it's used by a lot of different groups, amateur radio enthusiasts okay, even emergency services.
Oh wow, so important stuff.
This article focuses on a specific radio, the Tiara MD three.
Eighty that t Tara MD three eighty okay, and the author, Travis Goodspeed oh am again shows you how to.
Reverse engineer the radio's bootloader. Bootloader, Yeah, that's the initial program that runs when the device starts up.
Okay.
He explains how to bypass security predictions. Yeah, even modify the firmware to add new.
Features, so you could basically like take control of the radios software essentially. Yeah, that seems like you could have some uh, pretty serious implications.
It definitely could. The article talks about things like eavesdroppings, dropping, and private conversations, potentially even disrupting communications.
That's a bit unsettling, it is.
It highlights the importance of understanding these vulnerabilities, even.
In devices we might not think of as being hackable, exactly like a two way radio.
You wouldn't think of it, right.
It raises questions about the balance between security and accessibility. For sure, as tech gets more complex, how do we keep things secure? Yeah, but also usable? It's a tough question, a question we'll be dealing with for a while. I think, well, we've covered a lot in this part of our deep dive.
We have from pregnancy tests to two way radios.
This issue of POSSE or GTFO has it all.
There's one more article we should discuss.
Okay, what's next? All right, we're back for the final part of our deep dive into POSSE or GTFO. And there's this one last article.
Oh yeah, I'm.
Really curious about. It involves something called a polyglot.
Polyglot sounds kind of like a Harry Potter.
Spell or something I know, right, But in this context, a polyglot is it's a file.
That can be interpreted in multiple formats.
Like it can be read as different things exactly.
This article it describes how to create.
A PDF, okay, PDF.
That can also be read as a ZIP archive.
Wait, so it's both a PDF and a ZPR.
And a PostScript program.
All at the same time. How is that even possible?
It's all about how you structure the file format, you know, Okay, By embedding different types of data in specific sections.
You can kind of trick different programs.
Yeah, you make it so it can be understood in different ways.
That's that's incredible, like a digital chameleon, is.
Right, it changes depending on who's looking at it.
And the author's Evan sultanic In Philip Tuwen.
Yeah. They walk you through the whole process, step by step, explaining the challenges and workarounds. It's really cool.
It must take some serious knowledge of file formats to pull that off.
Oh yeah, for sure.
It's amazing. These hackers. They're not just exploiting systems, they're like bending the structure of information itself.
It's pretty mind blowing when you think about it.
Speaking of bending things to your will, there's this article on reverse engineering.
Reverse engineering.
Okay, the classic game Star Raiders.
The Star Raiders Classic. I spent hours on that game.
I know, right, So the author Lorenz.
Wisest Lorenz wisest He.
Actually reverse engineered the entire game, the whole thing. Yeah, created this fully documented assembly language source code.
Wow. So he figured out how the whole game.
Works down to the code.
That's amazing.
He explains the process, like how he deciphered the game's logic, the graphic, even the math behind the spaceship rotation.
It's incredible the detail he goes into.
He even mentioned something called the core algorithm, quordic algorithm, coordinate rotation digital computer. Okay, I'm following, and it's this, it's this mathematical trick, a trick, yeah, used to calculate trigonometric functions.
Okay.
The developers of Star Raiders, they used it to make the spaceship rotate smoothly even with.
The limited processing power back then.
Pretty clever, right, very clever.
This article really gives you a look inside.
The inner workings of a classic.
Game and the minds of the people who made it.
It's inspiring.
Definitely.
Well, this deep dive into posse or GTFO has been quite a journey, it has.
We've seen some incredible stuff.
Hacking techniques from across decades.
Covering all sorts of tech.
It's amazing.
I think it's safe to say that post c or GTFO liz up to its name.
It does. It's proof that there's always more to learn, more to explore, more to understand about the systems around us.
Absolutely, and you know, it makes you think about the Pastor's analogy.
About building engines versus constructing theories. Yeah, like a lot of these articles, they're trying to do both.
They're showing us the practical side of hacking, but also encouraging us to think deeper about the underlying principles.
So why behind the how?
Yeah, it's not just about hacking for the sake of it.
It's about understanding the system, the consequences, the ethical side of things.
Responsible exploration, sharing knowledge.
That's what makes this journal so fascinating. Absolutely, well, I think it's time to wrap up this deep dive.
Yeah, I think so too.
Thanks for joining us on this exploration of POC or GTFO.
I hope you enjoyed it as much as we did.
As always, keep your minds open, stay curious, and may your code always be proof of concept material.
Amen to that.