Conversation

Notices

1. Embed this notice
   Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 08:07:37 JST Foone🏳️‍⚧️

   oooh, the redbox uses full AES encryption!

   and they always use the same key which is embedded in the executable right next to the encrypt() and decrypt() functions. well done, guys

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 08:07:35 JST Foone🏳️‍⚧️

     in reply to

     they wrote their code as a fuckton of C# services that are always HTTP POSTing at each other

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 08:07:35 JST Foone🏳️‍⚧️

     in reply to

     HTTP is, as always, the poor man's IPC

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 08:07:36 JST Foone🏳️‍⚧️

     in reply to

     this code is enterprise as hell

     you need the url for the base client? well you use Redbox.Rental.Services.KioskClientService.KioskClientServiceBaseUrl which is a property that'll ask the ServiceLocator to find an instance of IConfiguration to get the KioskClientServiceBaseUrl object out of it

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 08:07:37 JST Foone🏳️‍⚧️

     in reply to

     correction: they hardcode two separate keys in the two separate places (that I've found so far) which use AES.

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 08:07:48 JST Foone🏳️‍⚧️

     in reply to

     they logged the first six digits and last 4 digits of every credit card transaction.

     HAVE YOU EVEN HEARD OF PCI?

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     mark (atleagle@mastodon.online)'s status on Wednesday, 16-Oct-2024 08:35:59 JST mark

     in reply to

     @foone hahahahah

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:25 JST Foone🏳️‍⚧️

     in reply to

     oh good they implemented both an internal C# dynamic plugin loading system, as well as the ability to craft arbitrary Invoke()s over TCP/HTTP.

     So you can call any C# function from anywhere on the machine, I think?

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:26 JST Foone🏳️‍⚧️

     in reply to

     Redbox.HAL.IPC.Framework.ClientSessionFactory

     PLEASE, NO MORE FACTORIES

     MY CHILDREN ARE STARVING

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:27 JST Foone🏳️‍⚧️

     in reply to

     example code:

     POP START-DECK
     POP START-SLOT
     POP END-DECK
     POP END-SLOT
     
     IF END-SLOT > MAX-SLOT-PER-DECK
     SET END-SLOT MAX-SLOT-PER-DECK
     ENDIF

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:27 JST Foone🏳️‍⚧️

     in reply to

     Foone's official list of things they never expected to implement their own multitasking programming language, yet found one anyway:

     * Redbox vending machine motors
     * Wheel of Fortune (2011, Wii)

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:28 JST Foone🏳️‍⚧️

     in reply to

     okay by "compiling" they mean "parsing". The output of the compiler is a list of tokens, the input is a text file

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:29 JST Foone🏳️‍⚧️

     in reply to

     it's a compiled (to bytecode? I think?) cooperative-multitasking BASIC.

     and god I wish it was the only one of those I'd ever seen

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:30 JST Foone🏳️‍⚧️

     in reply to

     this is the kind of code you get when you hire 20 new grads who technically know C# but none of them has written any software before

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:30 JST Foone🏳️‍⚧️

     in reply to

     so these people wrote a mostly C# program, with some lua for glue scripting.

     and then they implemented their own language. it's some bastardized version of BASIC

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:31 JST Foone🏳️‍⚧️

     in reply to

     AND HEY YOU DON'T NEED A SEPARATE C# CLASS FOR EACH XML FILE YOU LOAD

     YOU CAN JUST HAVE AN XMLLOADER CLASS AND A GENERIC CONFIG FILE. PLEASE

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:32 JST Foone🏳️‍⚧️

     in reply to

     Redbox.HAL.Configuration
     .ConfigurationFileService implements IConfigurationFileService

     STOP MAKING SERVICES AND FACTORIES AND INTERFACES AND JUST READ THE FUCKING JSON FILE YOU ENTERPRISE FUCKERS

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:33 JST Foone🏳️‍⚧️

     in reply to

     Somebody I'll call Dave Fakename rented The Giver and The Maze Runner in Morganton, NC on 2015-05-23 at 6:43pm

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:33 JST Foone🏳️‍⚧️

     in reply to

     found a THIRD set of encryption code.
     this one is 3des instead of AES, and YEP they still hardcode the passkeys

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:34 JST Foone🏳️‍⚧️

     in reply to

     I have 2471 transactions here.

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:35 JST Foone🏳️‍⚧️

     in reply to

     the unit I've got an image for has records going back to at least 2015.

     I was able to easily match one of them to a real name

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:36 JST Foone🏳️‍⚧️

     in reply to

     OH HEY BAD NEWS:

     when someone opens up the hard drive of a redbox unit, they can pull a file which has a complete list of titles ever rented, and the email addresses of the people who rented them, and where and when

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:37 JST Foone🏳️‍⚧️

     in reply to

     I'm trying to tar up a redbox install and upload it, but each time the tar gets past 50% we find another file with PII in it

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:37 JST Foone🏳️‍⚧️

     in reply to

     You're telling me!

   • Embed this notice
     Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 16-Oct-2024 09:41:39 JST Foone🏳️‍⚧️

     in reply to

     1234 56## #### 7890

     can I buy a vowel?

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Erin 💽✨ (erincandescent@akko.erincandescent.net)'s status on Saturday, 19-Oct-2024 02:05:25 JST Erin 💽✨

     in reply to
     @foone PCI actually permits this. There's approx no entropy in the first 6 digits; they just identify your bank. There's a US federal law against this IIRC, but for those of us who work in card payments in Europe first6 + last4 is what we see all the time
     Haelwenn /элвэн/ :triskell: likes this.