Julian Gonggrijp jgonggrijp

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

	{-# OPTIONS_GHC -fno-warn-missing-signatures #-}
	module Main where

	import Control.Applicative
	import Text.Printf
	import Prelude hiding (and, or, flip)

	True `nand` True = False
	True `nand` False = True
	False `nand` True = True

	#!/usr/bin/ruby
	# Create display override file to force Mac OS X to use RGB mode for Display
	# see http://embdev.net/topic/284710

	require 'base64'

	data=`ioreg -l -d0 -w 0 -r -c AppleDisplay`

	edids=data.scan(/IODisplayEDID.*?<([a-z0-9]+)>/i).flatten
	vendorids=data.scan(/DisplayVendorID.*?([0-9]+)/i).flatten