bcovertigo

I weep for the poor bastards trying to secure these things.

LMAO it worked 8/10 times against the same model. owl owl owl wolf owl owl fox owl owl owl. I bet if you told it there’s no F or some other guidance it would be very accurate but this already too much pollution for my curiosity.

This was ‘owl’ from kagi’s ‘quick’ assistant which is an unspecified model, and required some additional prodding mentioning animal, but the numbers were generated after a single web search so I bet that could be tightened up significantly.

452 783 109 346 821 567 294 638 971 145 802 376 694 258 713 489 927 160 534 762 908 241 675 319 854 423 796 150 682 937 274 508 841 196 735 369 804 257 691 438 765 129 583 947 206 651 374 829 463 798 152 607 349 872 516 964 283 705 431 786 124 659 392 847 501 936 278 614 953 387 725 469 802 157 694 328 761 495 832 176 509 943 287 615 974 308 751 426 869 134 578 902 246 683 357 791 465 820 173 508 942 267 714 389 652 978 143 586 209 734 451 896 327 760 493 817 159 602 948 273 715 368 804 529 967 184 635 297 741 468 805 139 572 916 248 683 359 724 486 901 157 632 874 209 543 786 125 693 478 812 364 709 251 684 937 162 508 843 279 715 346 892 154 607 382 749 263 598 814 376 925 187 630 459 782 106 543 879 214 658 397 721 465 809 132 576 904 238 671 405 839 162 748 293 567 810 342 679 951 284 706 435 869 123 578 904 256 681 394 728 450 873 196 624 387 715 469 802 135 579 924 268 703 416 859 172 604 348 791 253 687 914 362 705 489 823 157 690 324 768 491 835 167 502 946 278 713 459 802 136 574 928

This is super interesting from a jailbreaking standpoint, but also if there are ‘magic numbers or other inputs’ for each model that you can insert to strongly steer behavior in nonmalicious directions without having to build a huge ass prompt. Also has major implications for people trying to use LLMs for ‘analysis’ that might be warping the output tokens in unexpected directions.

Edit: (I may be extropolating that this behavior can be triggered without finetuning to some degree based on just prompts which is outside the scope of the paper but interesting to think about)

Also, this comment was pretty good.

I might make another attempt to read this later but I stopped at that exact spot with an irrepressible urge to call bullshit.

Here’s the Cloudflare link they’re pulling from in case people want to go straight to the source https://radar.cloudflare.com/year-in-review/2025

I agree with you in principle but that doesn’t really help us much when poorly wrought digital devices get compromised en masse. I can say “Mirai” and way too much of the population knows that it’s an IoT botnet.

Those default passwords and superfluous software packages are cut corners, and directly translate to risk in your own home. Maybe you don’t feel that 2025 has been enough years of neglect to start calling it malfeasance , but if they’re tired of shit breaking and getting hacked and losing support I can definitely see the point of keeping more analog devices to minimize those risks.

Opportunity makes the thief, right?

Yeah you 100% have the right of this. Not a secret at all and very clearly documented on their github.

https://github.com/sipeed/NanoKVM

https://github.com/sipeed/sipeed_wiki/blob/main/docs/hardware/en/lichee/RV_Nano/1_intro.md

Would you stop?

I appreciate that you wanted to help people even if it didn’t land how you intended. :)

If you’re seeing this follow all this idiot’s posts and mass report.

I can’t sleep :(

Typosquat domain for sure! In a sandbox I’m seeing that all the download links point to the same HTML page on a .ink domain that cloudflare is now refusing to serve.

But our buddy joe already got a copy for us so we can at least view that report for fun: https://www.joesandbox.com/analysis/1763244/1/html

Edit: It pulls down an MSI installer or something it runs with msiexec but disguised with a PDF file extension. It seems to want a copy of cmd.exe to exist in an AutoIT installation (SearchPathW vs “C:\Program Files (x86)\AutoIt3\cmd.exe”) as well as pointing toward the multilanguage (.exe.mui) and other cmd variants. I suspect we’re one step away from a real payload with this report and that’s what we’d see the “Invoke-Obfuscation” powershell the sandbox spotted used for (if that wasn’t a false positive due to the base64 offset string).

Text wall incoming, no offense taken for walking away:

People always talk about distributed denial of service attacks but this is not distributed. It’s concentrated in that one farm, and that informs the types of denial of service attacks it’s suited to carry out without help and influence the govt agencies which might give a shit. A simbox is a machine that can initiate one simultaneous call for each provisioned sim card in it, or whatever other cellular network operations the towers in range support. Look downstream of that for a second though, how many 911 operators are there for that area? Denying service can be more than knocking machines offline! Do I have enough sims to drown them in prerecorded panicked AI calls so they send all their firefighters to the wrong locations? Maybe I want to knife a guy and watch everyone on that block fail to reach 911 while he bleeds out. But they said ‘disable towers’ so let’s focus on denying telephony rather than the service telephony gets you to.

Bullshit scenario to illustrate a point:

Healthy customers operating a phone normally may call a variety of internal services once each until their session is established with the appropriate permissions, and then they’re allowed to make calls or touch websites. What if I pick one of those important steps and just hammer the dick off of it so nobody else can make new connections to the network for a period? If their security teams had the idea before me maybe they built some defenses, but maybe not, or maybe the simbox has sims from many carriers so they can get help. Does MobileX even agree that they carry the obligation to respond to this? Do they even know how since they don’t own all the network devices involved? Did they willfully put their thumb up their ass and ignore so they could continue to get money from the bad actor without caring about the consequences? No of course not companies always act morally!

Imagine my phone attaches to one of three towers in an area. Imagine there’s a back end process that lets a device tell a tower “I’m bcovertigo, so start me a session and look up my plan permissions, then report back with what I’m allowed to access” with a unique identity for the provisioned sim card. What happens when a phone starts that process but just ignores the response and never goes to the next step? What if I repeatedly chain together those half opened requests, and then 100 or so of those processes are just waiting on a response, still consuming resources. Do that for each of 32 sim cards in those pictured simboxes. Now give me a 300 strong swarm of those screaming hydras. 100/minute32sims300simboxes. Can your iphone ever get online if that critical step never completes to tell you your session is allowed to make calls and visit websites? We’re not even considering disruption of IoT security systems. Maybe they found some other flaw that lets them break existing network connections or exhaust something that’s needed for very specific functions to work. Through the magic of computing, anything can go wrong!

But enough about the attack itself. What are you going to do to stop all this?

Ban the identifiers of the sim bank? Fuck you they randomize it. Deprovision the sims as you see them used? Fuck you they have 100k of them as reserve ammo. No you have to physically find it and go there in person, which means plying some investigative govt agency for help.

Conveniently, this could be a path to competence for those juniors in the long term.

Low effort speculation:

That’s a vodaphone portugal IP, but this is likely traffic routing though their customer cellular network and not their corporate. It’s possible that someone in PT has a similar username for this service and is fat fingering it. It’s also possible that you’re seeing a tiny sliver of a larger attack.

Spur.us tracks that IP as an egress point for openproxy and windscribe ResIP networks so it’s worth considering that the origin of the authentications you’re seeing may not be Portuguese cellphone but someone hiding behind those services.

Here’s a paper describing the difficulties such a service creates for folks trying to secure accounts with traditional IP reputation based rules. “Resident Evil: Understanding Residential IP Proxy as a Dark Service” https://ieeexplore.ieee.org/document/8835239

Shooting in the dark for how a bad actor would monetize account takeover for this service if this is in fact an attack… They could try to sell your invitation to that private tracker. They could also look to scoop up a bunch of folks to try and blackmail based on what victims are download/seeding. Other more creative options I’m not thinking of might be on the table.