Android and IOS 1click 0day Trojan with persistence (IOS 15.5/Android 12)

[marauda18]

I don't know if this is legit or not,and I don't care,but $50mi would be a price for selling as a company,like NSO direct to a contractor like gov,not on underground forums.

If legit,there are people who will pay for this with this price,but probably not here.

 

[oDmC3oJrrSuZLhp]

I don't know if this is legit or not,and I don't care,but $50mi would be a price for selling as a company,like NSO direct to a contractor like gov,not on underground forums.

If legit,there are people who will pay for this with this price,but probably not here.

I tell you that the company (Intellexa) does not sell the source code but puts the software on rent by limiting the number of possible targets (requiring an extra payment each time the threshold is reached) in order to earn more.
It also limits the position of the targets to avoid political scandals (see Kashoggi issue).
If the software were for sale, more than a billion would be asked for sure, my price of 50M is really much reduced and proportionate to the fact that we are on a forum (even if it may not seem at first impact).
I wrote at the beginning that the post is dedicated to APT groups with state funding (such as North Korea, China or other)
you understand that I can't show up in North Korea and no company can publicly sell war technology (because it's considered war technology) to adverse states, and I honestly don't want to end up like Joshua Schulte or Snowden.

 

[th3tr0ll]

If the guarantor says that deposit was made there is no need for them to show you a hash of the transaction. This is quite fishy also no android bot is worth 50 Million no matter the functionalities.

i can confirm the first part of the message, as they manage many funds and not only the ones related to that transaction.
Probably they were afraid of leaking the main address.

Regarding the 2nd part you just said a bullshit.
Price for this kind of software ( As it does affect almost every device worldwide no matter the brand ) is based upon the functionalities+exploits that are implemented ( But they start from a few M's $ and isn't sold to Private Citizens but only to govt/big telco companies)

 

[devi0s]

i'm not selling a bot for android but a 1click trojan (installs with just one click from the victim) developed to fight terrorism that has numerous 0day exploits, bypasses sanbox and gets root permissions on practically every mobile device (including apple iphone ). If the price seems exaggerated to you, I suggest you read the commercial proposal sent to a government, where the use was limited to the country itself, to a very limited number of users and the price is tens of millions (I sell the complete source). do you just know what a full chain RCE is worth on iOS? Do you know how long it takes to reverse, to bypass the ASLR, do you know how much time spent doing fuzzing? do you know how long to try not to crash the device trying to get stable overflow?

I am sorry that you think that a transaction of this amount does not matter transparency and you were not entitled to see the hash of the transaction but to rely only on the word of the guarantor. Escrows on other sites do not have these problems and from what I have heard for lower amounts even on exploitin they refuse to show hashes for lower transactions. (Don't you think this is strange in this case?) I remind you that with hash not i can steal the funds in any way.

Goodluck with sales. I think appropriate price would be maybe 2 Million. The value is correct but as you said you did not develop this you dont know what types of backdoors the developer has hidden. The cost of a stolen "Mona Lisa" painting cannot be sold on the blackmarket for 10% of the value. Authenticity is important and there will be no support for this product so it would be best to get a quick sale rather than pitching this to state funded actors.

 

[oDmC3oJrrSuZLhp]

i can confirm the first part of the message, as they manage many funds and not only the ones related to that transaction.
Probably they were afraid of leaking the main address.

Regarding the 2nd part you just said a bullshit.
Price for this kind of software ( As it does affect almost every device worldwide no matter the brand ) is based upon the functionalities+exploits that are implemented ( But they start from a few M's $ and isn't sold to Private Citizens but only to govt/big telco companies)

theoretically they use a wallet dedicated to each escrow, not a single main wallet. And you also know that for a transaction of this amount, creating a new temporary wallet was a matter of 5 minutes.

 

[marauda18]

Anyway,if I had the access to a 0day 0/1click mobile exploit source code,I would spend one week looking at it fascinated.

The forcedentry exploit of pegasus was beautiful.

 

[oDmC3oJrrSuZLhp]

Goodluck with sales. I think appropriate price would be maybe 2 Million. The value is correct but as you said you did not develop this you dont know what types of backdoors the developer has hidden. The cost of a stolen "Mona Lisa" painting cannot be sold on the blackmarket for 10% of the value. Authenticity is important and there will be no support for this product so it would be best to get a quick sale rather than pitching this to state funded actors.

I sell the source, the buyer can read every single file in search of hidden backdoors and if he finds them he can make changes to the code (there are not because governments push a lot on the fact that they want to keep the data they steal under their exclusive custody), there is a way to remote access via credentials and certificate that can be enabled (for diagnostics).

The code is literally state of art

 

[th3tr0ll]

theoretically they use a wallet dedicated to each escrow, not a single main wallet. And you also know that for a transaction of this amount, creating a new temporary wallet was a matter of 5 minutes.

Disclosure of the hash would allow you and others to follow the flow of money.
I don't know specifically how they implement the escrow system but I'm mostly sure that they would have to move the "commission" they take to another external wallet which could be easily trackable and linkable to them(OPSEC comes first!).
I understand your point of view but as I said it's a really difficult transaction to make for both sides ( You / Them ) as the amount is really high.

However, I truly hope you're gonna find a buyer for this and you can actually get the money you're looking for.
I would suggest to deal directly with forum admins/famous exploit shops.

 

[admin]

Настоятельно рекомендую работать ТОЛЬКО ЧЕРЕЗ ГАРАНТ (наш https://xss.pro/escrow/ или любого другого трастового форума). Никаких частичных оплат вперед быть не может, что это за бред. Это противоречит понятию "работа через гарант". Или по-русски говоря, кидок на предоплату. ТС никого не кинул, поэтому бан ему пока не дублируем. В надежде, так сказать, что человек просто не разобрался в процессе работы. На этом предлагаю эту часть обсуждения пока завершить.

oDmC3oJrrSuZLhp, if you ask for an advance payment on our forum also, you will be banned.

 

[TheProfessor786]

За время, потраченное на обсуждение программного обеспечения на эту тему, я мог бы заработать 50 миллионов долларов с помощью программного обеспечения)

Даже если бы у меня было 0 долларов в банке/кошельке, я бы даже никому не рассказывал о программном обеспечении, не говоря уже о том, чтобы предлагать его миру на форуме - я бы использовал его с пользой; легко генерировал пару миллионов в неделю.

По причинам, изложенным выше, я считаю, что очень маловероятно, что человек владеет таким программным обеспечением!

 

[TheProfessor786]

If the software were for sale, more than a billion would be asked for sure, my price of 50M is really much reduced and proportionate to the fact that we are on a forum (even if it may not seem at first impact).

В контракте указано, сколько стоит мягкий - 8 м - не 1б)) Хотя я согласен, это не исходный код.

 

[bbi34yy]

do you think that I have not given evidence on the actual functioning before asking to request the guarantor? I have given all the necessary evidence of legitimacy.
the negotiation did not take place on exploit.in because the guarantor and also the buyer refused to show proof that the sum had been deposited to the guarantor

Я думаю, вы не читали ветку, я ПРИНИМАЮ гаранта, но гарант или покупатель, когда они говорят, что они внесли деньги, должны показать хэш транзакции или кошелек, на который они были внесены. Я не прав?



"Срок внесения депозита не регулируется, на усмотрение пользователя."
From FAQ

If you tell me where it says that a seller MUST have a deposit on the site in order to sell, I will make the necessary deposit

Какой хэш, что ты несешь?
Тебе должно быть достаточно того, что гарант тебе скажет, что покупатель внес деньги в гарант.
Если ты не согласен, то помни, что ты тут - гость.

Ну а ниже уже дали твои высказывания о том, что помимо гаранта ты должен получить бабки лично перед выдачей, что, лично для меня, помимо использования тобой телеги, как средства комуникации, red flag.
Но это, как говорится, лично мое мнение.

 

[oDmC3oJrrSuZLhp]

Какой хэш, что ты несешь?
Тебе должно быть достаточно того, что гарант тебе скажет, что покупатель внес деньги в гарант.
Если ты не согласен, то помни, что ты тут - гость.

Ну а ниже уже дали твои высказывания о том, что помимо гаранта ты должен получить бабки лично перед выдачей, что, лично для меня, помимо использования тобой телеги, как средства комуникации, red flag.
Но это, как говорится, лично мое мнение.

эксплойт в гаранте отказался показывать хэш транзакции только для 50-миллионной транзакции, а в транзакциях с меньшим значением он не возражает. Разве это не красный флаг для вас?
По этой причине я попросил аванс на эксплойты.
Я не буду просить предоплату на этом форуме, как мне написал админ.

 

[jolkha]

imagine someone falling for this shit, damn
No need guarantee. I will give you my number, send me link I'll click it and download all the chats and post here for proof.

 

[johndoe7]

imagine someone falling for this shit, damn
No need guarantee. I will give you my number, send me link I'll click it and download all the chats and post here for proof.

Yes, it is total bullshit. I still don't understand why there is no ban after all that bullshit written here.

But, yes, let him do a test. Let a moderator give him a phone number and let's see the "exploit" in action. I hope this will stop the shit because really it's too much shit already - someone should really, really ban him.

 

[nxsrt2]

the software is pegasus, spain has bought it for much less millions than you say, and the company is from israel but the owner was born in spain, an ex-military if i remember correctly, i know of governments that have paid a lot of money but your sum doesn't even approaches

 

[jose101]

After reading this thread yesterday, i became so curious i had to google Pegasus + The NSO Group. What an irony that Pegasus developed by the NSO Group was allegedly used in the murder of Khashoggi. Same yesterday Biden raised Khashoggi murder talks with the crown prince of Saudi Arabia.... indeed, this must be a sign that this software really exits.

That been said, the time everybody putting in for Guarantor and Escrow talks, i coulda made $10million overnight. Dear seller, i wish you luck in sales, but in the case you changed your mind, i could rent the soft and remit $5million in BTC to you weekly.

 

[oDmC3oJrrSuZLhp]

imagine someone falling for this shit, damn
No need guarantee. I will give you my number, send me link I'll click it and download all the chats and post here for proof.

I do not sell Pegasus from NSO (Q CYBER TECHNOLOGY) but I am selling Nova / Helios which is the update of Predator a Spyware from Cytrox company which was bought by Intellexa.
Intellexa is a competitor in this market to NSO (Q Cyber Technology), I have attached if you have read the post a purchase proposal for a government where it is also written how the software works (you can read it).
I will not send the payload as a sample to some admin because I risk the reversing and disclosure of the exploits, but I am available for a demonstration for those who really intend to buy it.
Those who do not believe in the existence of software simply refrain from commenting because you do not know how the world works.
I attach other screenshots

 

[TheProfessor786]

I am available for a demonstration for those who really intend to buy it

Как будет работать демонстрация?

I attach other screenshots

Ссылки не работают!

 

[Quake3]

заканчивайте с флудом, Админ все сказал. Работа только через гаранта (ибо никакой депозит не покроет такую сумму). Отказ от гаранта со стороны ТС - сразу бан.