Side Projects, tutorials, howtos and notes
Ok, you are tired of searching for XSS and XSRF in the web interface of a router to make it yours (root access) So how can we attack or hack the hardware? Hardware is any type of device with a PCB you can physically access. This post wil be a reference list for what tools…
Read More “A Hardware Hacker’s (or Penetration Tester’s) must haves” »
#include <stdio.h> #include <stdint.h> #include <inttypes.h> int main(void) { const char* s = “Hello World”; printf(” padding:\n”); printf(“\t[%10s]\n”, s); printf(“\t[%-10s]\n”, s); printf(“\t[%*s]\n”, 10, s); printf(“Fixed-width types:\n”); printf(“\tLargest 32-bit value is %” PRIu32 ” or %#” PRIx32 “\n”, UINT32_MAX, UINT32_MAX ); } C99 GCC 12.1 > gcc hlwld.c -o helloword> ./helloworld padding: [ Hello World]…
I’d like to add a post regarding the C-programming language regarding usage of deprecated or memory unsafe functions. 1. Background Functions that are the primary source for Buffer Overflow attacks. Aim is to increase awareness about them and make them forbidden to use, 2. Example that supports the background: Here is a good and fairly easy-read…
Read More “Secure C programming practices (or HowToMake C Memory Safe(r))” »
Keeping silent has never been more than security by obscurity. This is ridiculously dangerous news for everyone that uses Qualcomm chips. SecureBoot is pwned and its not just the WLAN chips or the Smartphone processors. Its for a wide range of industries. https://www.businesswire.com/news/home/20230109005782/en/Binarly-Discloses-Multiple-Firmware-Vulnerabilities-in-Qualcomm-and-Lenovo-ARM-based-Devices The list of chips affected is NOT complete and still its hundreds…
https://thehackernews.com/2022/12/researcher-uncovers-potential.htmlTo save you the trouble, here’s the write-up: https://downrightnifty.me/blog/2022/12/26/hacking-google-home.htmlAnd here’s his published paper: https://arxiv.org/ftp/arxiv/papers/2001/2001.04574.pdf((I prefer to give credit to the original source rather than just citing echoes from other news outlets.)) Ok, so there are two things to notice here. Firstly, over a 100k USD in bug bounty! Secondly, is really a 100k USD enough…
Read More “Addition to FISA702 rant about who has access to your living room” »
I have been given permission by Daniel Melin, who works as strategical advisor at Skatteverket (Swedish IRS), to republish parts of his posts from his private LinkedIn-page about the American surveillance act known as FISA702 and how it affects Swedish citizens. The text will be in translated form as I want to keep this blog…
Read More “The Right to Privacy, Data Protection and American legislative FISA702” »
A lot of interesting options available for the curious hacker when studying the PCB Also WLAN card that at least fits in a general laptop mobo (these are generally found in more expensive routers.)
Option A or Option B Or a combination of both
//// Parody on the first goal whenever messing with embedded systems, get a led to blink, example from wemos D1 Mini ESP12F 4mb //// With a Twist, The blink should be manually performed. Via a web server on the unit. Web server the size of a thumbnail. What a time to be alive. Below code…
