Hello, everyone!

Welcome to my blog, its been a while, right?
Well anyway, this blog will be about what people get wrong about hacking. So, lets begin! For this time, when I refer to "normal person", I simply mean a bit unexperienced human in the topic. So, first thing people commonly get wrong is they think programmer means the same thing as hacker. This is far from true, and even tho hackers or security researchers will often know some level of some kind of scripting language, the same thing doesn't have to be true the other way around.

So, lets say you want someones account hacked, and you ask your programming friend if they could obtain someones facebook password. Now, few things can happen, they eighter not respond to you ever agin, refuse to do it(unlikely), or say yea, I will do it later and never mention it, hoping you'll forget. Why are they unlikely refusing it directly? Because programmers are often introverts, which hasve hard time saying no.

Why exactly do they refuse, eighter directly or indirectly tho? Its because its too dificult, and they don't wanna explain why, because you as a normal person wouldn't quite understand anyway, but I am here to explain why it is too hard. Its because everything on the internet is secure these days, including every single account. Why couldn't the programmer just guess the password using their script generating random passwords tho? This is called bruteforcing, and is effective if the password is really weak, however really really ineffective if the password is strong, or not in any password list. Why exactly is it so ineffective tho? Well, a single password has a common minumum of 8characters, and when you consider there is 24small letters, 24big letters and 10numbers for the password not even including special characters, that is 58 characters to choose from, and now because its 8characters, its ^8 so thats 58^8 and thats 128063081718016 combinations... and facebook blocks you from logging in after 5 failed.

Now, how could we bypass using bruteforcing? Well, getting into the database and stealing the hash, that should be preety easy, right? Not really. First of all you need to get unrestricted access to database servers. How to do this? Well, you can do that for example by being employee of the company with enough level to access production database, or you can perform world-wide exploid, and aim for the specific server. This was only managed by one guy in last 20years, and that was the person who hacked the infamous xz-utils package with a backdoor. He got caught before most people(let along servers) even updated to that package however, making the attack failed, and also his life and reputation was ruined forever by this, so back to the topic, your programming friend propably doesn't want to ruin their life because of your "smart" idea.

Now lets say your friend managed to do the backdoor, and hacked into the database without ruining their life. Now they preety easily obtain the hash, and with stolen hash and salt they can begin bruteforcing with near infinite attempts. So now, lets start random guessing our 128063081718016 combinations! Not only will this take time, but also so much power to guess, its definetly not worth it, esspecially when your friend can now delete the account directly and you can just create new one.. oh you wanted to read those secret dms? Bad luck!

And what about hardware hacking? Why can't your programming friend just take their flipper zero(if they have one), and hack into the closest car? Because of rolling codes. What does that mean? Well, first of all you must know the cars protocol, because without knowing that you are already reaching a preety large number to do it just overnight. And when you figure out the protocol, you must know the secret code. The rolling codes have the rolling id(0-4096), protocol(several hundred thousand), and some secret code for good measure(commonly 32bit, 2^32combinations, so about 2,141B). After this has been done, you get about 4096^9.381007423826506e1926591 combinations... hash that everytime, and here you go! If you do 100combinations/s, it will only take you propably few trilion years, atleast until quantum computers are presented to the wide public.


Hope you enjoyed!