sudo rm -rf --no-preserve-root / pcaversaccio

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

[
{
"slot": "8366820",
"parent_hash": "0x27dcb717d5921af93e2b56a82f546e1c11b33619238510cbe36e4d8c43f446a8",
"block_hash": "0x6868f8e474a163bb17f39d05847aa8e3f1b38db3cca0dfc9bd139db1da8dcde2",
"builder_pubkey": "0x8e6df6e0a9ca3fd89db2aa2f3daf77722dc4fbcd15e285ed7d9560fdf07b7d69ba504add4cc12ac999b8094ff30ed06c",
"proposer_pubkey": "0xb6d5424e28a738d002c96a19db7434fff22877272649e0ca38b579bb44398f3977f43af6c055414b7a71ec2bd7cb8480",
"proposer_fee_recipient": "0x72FDdC41CA177551Ce5949C75a92b945eFa04141",
"gas_limit": "30000000",

	import { usePublicClient } from "./usePublicClient";
	import { IToken } from "@/types/token";
	import { parseAbi, parseEther } from "viem";
	import { ethers } from "ethers";
	import { useAbstractClient } from "@abstract-foundation/agw-react";
	import { useAbstractSession } from "@/hooks/useCreateAbstractSession";
	import { privateKeyToAccount } from "viem/accounts";
	import { useSessionClientChain } from "./useSessionClientChain";

	export const useBondingCurveBuy = (chain: any) => {

	List of domains that are registered with squarespace and thus could be vulnerable:

	celer.network
	pendle.finance
	karak.network
	compound.finance
	hyperliquid.xyz
	dydx.exchange
	thorchain.com
	threshold.network

	// SPDX-License-Identifier: GPL-3.0

	pragma solidity >=0.7.0 <0.9.0;

	/**
	* Workaround example on how to inject and execute arbitrary bytecode in solidity contract
	* Currently only YUL supports verbatim: https://github.com/ethereum/solidity/issues/12067
	* But you cannot import Solidity code in YUL, or YUL code in solidity, so this workaround is necessary.
	* It works as long the byte sequence `0x7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F00` appear in the runtime code.
	*

	There appears to be a string encoded in the binary payload:
	https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01#file-hashes-txt-L115

	Which functions as a killswitch:

	https://piaille.fr/@zeno/112185928685603910

	Thus, one workaround for affected systems might be to add this to `/etc/environment`:

	```

	0810 b' from '
	0678 b' ssh2'
	00d8 b'%.48s:%.48s():%d (pid=%ld)\x00'
	0708 b'%s'
	0108 b'/usr/sbin/sshd\x00'
	0870 b'Accepted password for '
	01a0 b'Accepted publickey for '
	0c40 b'BN_bin2bn\x00'
	06d0 b'BN_bn2bin\x00'
	0958 b'BN_dup\x00'

	RPC="https://polygon-mumbai.blockpi.network/v1/rpc/public"

	P256VERIFY="0x0000000000000000000000000000000000000100"

	CALLDATA="4cee90eb86eaa050036147a12d49004b6b9c72bd725d39d4785011fe190f0b4da73bd4903f0ce3b639bbbf6e8e80d16931ff4bcf5993d58468e8fb19086e8cac36dbcd03009df8c59286b162af3bd7fcc0450c9aa81be5d10d312af6c66b1d604aebd3099c618202fcfe16ae7770b0c49ab5eadf74b754204a3bb6060e44eff37618b065f9832de4ca6ca971a7a1adc826d0f7c00181a5fb2ddf79ae00b4e10e"

	echo "testing RIP-7212 on Mumbai"

	cast call --rpc-url ${RPC} ${P256VERIFY} --data ${CALLDATA}

	###
	# access_control.vy
	owner: address

	def __init__():
	self.owner = msg.sender

	def check_owner():
	assert msg.sender == self.owner
	###