API tools faq
paste
Advertisement
Guest User

GrayKey public disclosure part II

a guest
Apr 20th, 2018
727
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 19.47 KB | None | 0 0
raw download clone embed print report
  1. Mr. David Miles,
  2.  
  3. This is addressed to you and any other people interested in keeping GrayKey product secure and not available to the wide public.
  4.  
  5. We are a "business group" looking forward to bring into your attention the fact that we HAVE obtained the source code for your product GrayKey and would appreciate any donation above 2 BTC sent to 1Cg61mVzMCvs2ZP148VeoBnQnv8rHxAZES if you consider that keeping this information secure is crucial.
  6.  
  7. Below BTC address will be monitored in the next 7 days waiting for any given donations. After the countdown ends, security on the available source code cannot be anymore assured by our group. You cannot contact us in any other form, rather than donation. Once donation is received, we'll contact you david@grayshift.com with further details.
  8.  
  9. Any other wild bidders are welcomed to join the donation race to 1BqFDiNKjAKBopdr37Mw7vM2oG8pgWvzNL if you want full information to be publicly released.
  10.  
  11. And yeah...just to make things clear from the beginning, let us state we're talking real deal. Take a quick peek at some juicy stuff extracts we have and think if they ring the bell.
  12.  
  13. Day 1 passed, we'll burn the first file...Tomorrow the next one and so on, until the end.
  14. We'll burn the exploit the last, just for fun.
  15.  
  16. ........> [Day1]
  17.  
  18. <!DOCTYPE html>
  19. <html lang="en">
  20.  
  21. <head>
  22.     <title>GrayKey</title>
  23.     <meta charset="utf-8">
  24.     <meta http-equiv="X-UA-Compatible" content="IE=edge">
  25.     <meta name="viewport" content="width=device-width, initial-scale=1">
  26.     <link rel="shortcut icon" href="/static/favicon.ico" />
  27.     <script type="text/javascript" src="/static/js/jquery-3.3.1.min.js"></script>
  28.     <link rel="stylesheet" type="text/css" href="/static/css/bootstrap.css" />
  29.     <script type="text/javascript" src="/static/js/bootstrap.min.js"></script>
  30.     <script type="text/javascript" src="/static/js/utility.js"></script>
  31.     <link rel="stylesheet" type="text/css" href="/static/css/style.css" />
  32.     <style>
  33.         /* show small logo image when screen is small */
  34.        
  35.         @media screen and (max-width: 767px) {
  36.             #headerImage {
  37.                 content: url("/static/img/graykey-logo-small.png");
  38.             }
  39.         }
  40.     </style>
  41.     <script type="text/javascript">
  42.         var callbackTime = 5000;
  43.         // 5 seconds between status callbacks
  44.         var deviceIsSeen = true;
  45.  
  46.         function seenDevice(currentlySeen) {
  47.             /* * if a device was previously seen and is now not seen, show the * waiting page */
  48.             if (deviceIsSeen && !currentlySeen) {
  49.                 // hide the main block
  50.                 $("#mainBlock").addClass('hidden');
  51.                 // show the waiting section
  52.                 $("#waitingSection").removeClass('hidden');
  53.                 // let any child pages handle whatever they need to do on hide
  54.                 if (typeof handleDeviceIsDown === 'function') {
  55.                     handleDeviceIsDown(true);
  56.                 }
  57.             }
  58.             /* * if a device was previously not seen and is now seen, * redirect to the main app page */
  59.             if (!deviceIsSeen && currentlySeen) {
  60.                 var bRedirect = true;
  61.                 // let any child pages handle whatever they need to do before we redirect
  62.                 if (typeof handleDeviceIsDown === 'function') {
  63.                     bRedirect = handleDeviceIsDown(false);
  64.                 }
  65.                 if (bRedirect) {
  66.                     window.location.href = '/';
  67.                 }
  68.             } /* update the state */
  69.             deviceIsSeen = currentlySeen;
  70.         }
  71.  
  72.         function handleStatus(obj) {
  73.             console.log("handleStatus", obj);
  74.             /* handle the info portion of the status */
  75.             if (obj.info) { /* build the version string for the footer */
  76.                 var versionStr = 'OS Version: ' + obj.info.device.swVersion;
  77.                 if (obj.info.applogic) {
  78.                     versionStr += ', App Bundle: ' + obj.info.applogic.version;
  79.                 }
  80.                 $(".deviceVersion").text(versionStr);
  81.                 /* if any license info, fill it in here as well */
  82.                 if (obj.info.license) {
  83.                     if (obj.info.license.messages) {
  84.                         var inner = '';
  85.                         for (var i = 0; i < obj.info.license.messages.length; i++) {
  86.                             inner += "<p class='headerMessage'>" + obj.info.license.messages[i] + "</p>\n";
  87.                         }
  88.                         $(".licenseInfo").html(inner);
  89.                     }
  90.                 }
  91.             }
  92.             /* if an os update is pending, handle it here... */
  93.             if (obj.osupdate && obj.osupdate.pendingUpdate) {
  94.                 /* * an update is pending *
  95.                  * if the user has not already entered a pin then just refresh the main
  96.                  * app and let it redirect to the osupdate_prep template.
  97.                  * if the user *has* already entered a pin, then we need to handle it
  98.                  * in the header portion */
  99.                 if (obj.info.pinentered) {
  100.                     /* handle in header portion */
  101.                     console.log("pendingUpdate and a pin was entered");
  102.                 } else {
  103.                     /* redirect to main app */
  104.                     console.log("pendingUpdate and no pin entered");
  105.                     window.location.href = '/';
  106.                 }
  107.             }
  108.             /* allow any derived pages to also handle the status */
  109.             if (typeof handleStatusReceived === 'function') {
  110.                 handleStatusReceived(obj);
  111.             }
  112.         }
  113.  
  114.         function getStatus() { /* IE fix */
  115.             $.ajaxSetup({
  116.                 cache: false
  117.             });
  118.             $.ajax({
  119.                 url: "/status",
  120.                 dataType: 'json'
  121.             }).done(function(data, textStatus, jqXHR) { //
  122.                 console.log("" + Date.now() + ": getStatus: ajax done"); //
  123.                 console.log('done', data); /* device is up, mark that we've seen it */
  124.                 seenDevice(true); /* handle the version response */
  125.                 handleStatus(data);
  126.             }).fail(function(xhr, textStatus, errorThrown) { //
  127.                 console.log("" + Date.now() + ": getStatus: ajax fail"); //
  128.                 console.log('fail', xhr);
  129.                 /* the version ajax request failed, device has probably rebooted or turned off */
  130.                 seenDevice(false);
  131.             }).always(function(dataOrXhr, textStatus, xhrOrError) { //
  132.                 console.log("" + Date.now() + ": getStatus: ajax always"); //
  133.                 console.log('always', dataOrXhr);
  134.                 // reinstall the status callback
  135.                 setTimeout(getStatus, callbackTime);
  136.             }).catch(function(e) { //
  137.                 console.log("" + Date.now() + ": getStatus: ajax promise catch"); //
  138.                 console.log('catch', e);
  139.             });
  140.         }
  141.         $(document).ready(function() {
  142.                     // if IE or Edge set the image as a gif so it animates
  143.                     setImageIfIEorEdge("#waitImage", "/static/img/ripple.gif");
  144.                     // get the initial status getStatus(); });
  145.     </script>
  146.     <style>
  147.         #applogicFrame {
  148.             width: 100%;
  149.             min-height: 700px;
  150.             /* set a reasonable minimum height */
  151.             height: 700px;
  152.             border: 0px;
  153.             /* turn off scrollbars */
  154.             overflow: hidden;
  155.         }
  156.        
  157.         #auxProgressLabel {
  158.             line-height: 1;
  159.             float: left;
  160.         }
  161.        
  162.         #auxProgressContainer {
  163.             padding-left: 0.5em;
  164.             overflow: auto;
  165.         }
  166.     </style>
  167.     <script>
  168.         var applogicAlreadyRunning = false;
  169.  
  170.         function getIframeURL() {
  171.             return window.location.protocol + "//" + window.location.hostname + ":8081/";
  172.         }
  173.  
  174.         function showInstallingUI(title, notice) {
  175.             // hide the auxillary header message stuff
  176.             $('#auxHeaderMessageContainer').addClass('hidden');
  177.             // hide the iframe
  178.             $('#applogicFrame').addClass('hidden');
  179.             // show the installing section and populate the title and notice
  180.             $('#installingSection').removeClass('hidden');
  181.             $('#installingTitleMessage').html(title);
  182.             $('#installingNotice').html(notice);
  183.         }
  184.  
  185.         function showInstallingOSUpdateUI(status) {
  186.             var title = "Installing OS Update";
  187.             var notice = "Installing new OS update";
  188.             if (status.downloadState && status.downloadState.version) {
  189.                 notice += " version " + status.downloadState.version;
  190.             }
  191.             notice += ". This will take a few minutes. The device will reboot when done.";
  192.             showInstallingUI(title, notice);
  193.         }
  194.  
  195.         function showInstallingApplogicUI(status) {
  196.             var title = "Installing App Bundle Update";
  197.             var notice = "Installing new App Bundle";
  198.             if (status.downloadState && status.downloadState.version) {
  199.                 notice += " version " + status.downloadState.version;
  200.             }
  201.             notice += ". This will take a few minutes.";
  202.             showInstallingUI(title, notice);
  203.         }
  204.  
  205.         function showDownloadingUI(status, title) {
  206.             if (!status.downloadState) {
  207.                 return;
  208.                 /* no download state? abort */
  209.             }
  210.             /* calculate the download percent */
  211.             var percent = (status.downloadState.downloaded / status.downloadState.size) * 100;
  212.             if (percent < 0) {
  213.                 percent = 0;
  214.             }
  215.             if (percent > 100) {
  216.                 percent = 100;
  217.             }
  218.             /* make the stat message */
  219.             var percentStr = percent.toFixed() + "%";
  220.             var statMsg = title + " " + status.downloadState.version + ":"
  221.                 /* update the elements */
  222.             $('#auxHeaderMessageContainer').removeClass('hidden');
  223.             $('#auxProgress').addClass('progress-bar-success');
  224.             $('#auxProgress').removeClass('active');
  225.             $('#auxProgress').css('width', percentStr).attr('aria-valuenow', percent);
  226.             $('#auxProgressMessage').html(statMsg);
  227.             // ensure the iframe is visible
  228.             $('#applogicFrame').removeClass('hidden');
  229.         }
  230.  
  231.         function showWaitingUI(status, title) {
  232.             // show the aux message container
  233.             $('#auxHeaderMessageContainer').removeClass('hidden');
  234.             // set the progress bar to 100% gray and active
  235.             $('#auxProgress').removeClass('progress-bar-success');
  236.             $('#auxProgress').addClass('active');
  237.             $('#auxProgress').css('width', '100%').attr('aria-valuenow', 100);
  238.             // display the message
  239.             var statMsg = title + " " + status.downloadState.version + " install pending:"
  240.             $('#auxProgressMessage').html(statMsg);
  241.             // ensure the iframe is visible
  242.             $('#applogicFrame').removeClass('hidden');
  243.         }
  244.  
  245.         function showMainUI() {
  246.             // applogic is now running, hide the progress div
  247.             $('#auxHeaderMessageContainer').addClass('hidden');
  248.             // reset the progress bar to gray and 100%
  249.             $('#auxProgress').removeClass('progress-bar-success');
  250.             $('#auxProgress').css('width', '100%').attr('aria-valuenow', 100);
  251.             // hide the installing section
  252.             $('#installingSection').addClass('hidden');
  253.             // if applogic isn't already running then go ahead and reset // the iframe's source
  254.             if (!applogicAlreadyRunning) {
  255.                 // hide the iframe so this doesn't cause a flicker
  256.                 $('#applogicFrame').addClass('hidden');
  257.                 // set the source to something else entirely
  258.                 $('#applogicFrame').attr("src", "about:blank");
  259.                 // set the source to the correct url
  260.                 $('#applogicFrame').attr("src", getIframeURL());
  261.             } // unhide the iframe
  262.             $('#applogicFrame').removeClass('hidden');
  263.         }
  264.  
  265.         function handleStatusReceived(status) {
  266.             // when a status is received, check to see if any
  267.             // downloads are ongoing, if so, display it
  268.             if (status.osupdate && status.osupdate.pendingUpdate) {
  269.                 // handle osupdate UI - an osupdate is occuring
  270.                 var osupdate = status.osupdate;
  271.                 if (osupdate.installing) {
  272.                     // osupdate is finished downloading
  273.                     showInstallingOSUpdateUI(osupdate);
  274.                 } else if (osupdate.finishedDownloading) {
  275.                     // done downloading but not installing yet, show the waiting ui
  276.                     showWaitingUI(osupdate, "OS");
  277.                 } else { // osupdate is downloading, show the download ui
  278.                     showDownloadingUI(osupdate, "Downloading OS Update");
  279.                 }
  280.             } else if (status.applogicupdate) {
  281.                 var applogic = status.applogicupdate;
  282.                 if (applogic.running) {
  283.                     // applogic is running, show the main ui
  284.                     console.log("applogic running, showing main ui");
  285.                     showMainUI();
  286.                     // first time we see that its running, set the flag that // applogic has already started
  287.                     applogicAlreadyRunning = true;
  288.                 } else if (applogic.installing) {
  289.                     // applogic is finished downloading, show the installation ui
  290.                     showInstallingApplogicUI(applogic);
  291.                 } else if (applogic.finishedDownloading) {
  292.                     // done downloading but not installing yet, show the waiting ui
  293.                     showWaitingUI(applogic, "App Bundle");
  294.                 } else if (applogic.downloading) {
  295.                     // applogic is still downloading, show the download ui
  296.                     showDownloadingUI(applogic, "Downloading App Bundle");
  297.                 }
  298.                 if (!applogic.running) {
  299.                     // as long as applogic isn't running then reset the already
  300.                     // running flag
  301.                     applogicAlreadyRunning = false;
  302.                 }
  303.             } else {
  304.                 console.log("no updates, showing main ui");
  305.                 showMainUI();
  306.             }
  307.         }
  308.  
  309.         function handleDeviceIsDown(isDown) {
  310.             if (isDown) {
  311.                 // when the device is down, set the iframe src to blank
  312.                 // so that it isn't continually trying to do its xhr stuff
  313.                 $('#applogicFrame').attr("src", "about:blank");
  314.             }
  315.             return true;
  316.             // allow detect to redirect normally
  317.         }
  318.  
  319.         function handlePostedMessage(event) {
  320.             var height = event.data['height'];
  321.             if (height) {
  322.                 height = parseInt(height);
  323.                 console.log("message listener, height: " + height, event);
  324.                 height += 100;
  325.                 // some padding, seems necessary
  326.                 $('iframe').css('height', height + 'px');
  327.             }
  328.         }
  329.         $(document).ready(function() {
  330.             // handle iframe resize events
  331.             window.addEventListener('message', handlePostedMessage);
  332.             // hide the flashes when we are in applogic
  333.             $("#flashcontent").addClass('hidden');
  334.             // show the applogic iframe
  335.             $('#applogicFrame').attr("src", getIframeURL());
  336.         });
  337.     </script>
  338.     <script type="text/javascript">
  339.     </script>
  340. </head>
  341.  
  342. <body>
  343.     <div class="container">
  344.         <div class="row vertical-align" id="header">
  345.             <div id="headerImageColumn" class="col-xs-3 col-sm-6"> <img id="headerImage" src="/static/img/graykey-logo.png" /> </div>
  346.             <div id="headerDetailColumn" class="col-xs-9 col-sm-6 smallNotice">
  347.                 <div class="text-right" id="headerMessageContainer">
  348.                     <p class="headerMessage deviceSerial">Serial #: 68059dead4412209</p>
  349.                     <p class="headerMessage deviceVersion">OS Version: 1.3.20</p>
  350.                     <div class="licenseInfo">
  351.                         <p class="headerMessage">License expires in 25 days</p>
  352.                     </div>
  353.                     <div id="auxHeaderMessageContainer" class="hidden">
  354.                         <div id="auxProgressLabel"><span id="auxProgressMessage"></span></div>
  355.                         <div id="auxProgressContainer">
  356.                             <div class="progress skinnyProgress">
  357.                                 <div id="auxProgress" class="progress-bar progress-bar-striped" role="progressbar" aria-valuenow="0" aria-valuemin="0" aria-valuemax="100" style="width:0%"> </div>
  358.                             </div>
  359.                         </div>
  360.                         <div style="clear:both"></div>
  361.                     </div>
  362.                 </div>
  363.             </div>
  364.         </div>
  365.         <div class="row" id="main">
  366.             <div id="flashcontent">
  367.                 <!-- Categories: success (green), info (blue), warning (yellow), danger (red) -->
  368.             </div>
  369.             <div id="content">
  370.                 <div id='mainBlock'>
  371.                     <div id="applogicSection"> <iframe id="applogicFrame" scrolling="no"></iframe> </div>
  372.                     <!-- installing UI stuff below -->
  373.                     <div class="well hidden" id="installingSection">
  374.                         <fieldset>
  375.                             <legend id='installingTitleMessage'></legend>
  376.                             <div id="installingDiv">
  377.                                 <div class="row">
  378.                                     <div class="col-lg-12">
  379.                                         <div class="smallNotice" id='installingNotice'></div>
  380.                                     </div>
  381.                                 </div>
  382.                                 <div class="row">
  383.                                     <div class="col-lg-12">
  384.                                         <div class="progress">
  385.                                             <div class="progress-bar progress-bar-striped active" role="progressbar" aria-valuenow="100" aria-valuemin="0" aria-valuemax="100" style="width:100%"> </div>
  386.                                         </div>
  387.                                     </div>
  388.                                 </div>
  389.                             </div>
  390.                         </fieldset>
  391.                     </div>
  392.                     <!-- end installing UI stuff -->
  393.                 </div>
  394.                 <div id='postMainBlock'>
  395.                     <!-- waiting section -->
  396.                     <div id='waitingSection' class="well text-center hidden">
  397.                         <p>Waiting for GrayKey...</p> <img id="waitImage" src="/static/img/ripple.svg"> </div>
  398.                     <!-- end waiting section -->
  399.                 </div>
  400.             </div>
  401.         </div>
  402.         <!-- row -->
  403.         <div class="row" id="footer">
  404.             <div class="text-center smallNotice">&copy; Copyright 2018 by <a href="http://www.grayshift.com/">Grayshift, LLC</a><br/>
  405.                 <a href="http://www.grayshift.com/"><img id="footerLogo" src="/static/img/grayshift-logo.png" /></a>
  406.             </div>
  407.         </div>
  408.     </div>
  409. </body>
  410.  
  411. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!