Philippe Delteil pdelteil

## Wahoo_Elemnt.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                pdelteil
                / Wahoo_Elemnt.md
            
            
              Created
              May 2, 2023 05:12
                — forked from Intyre/Wahoo_Elemnt.md
            
              
                Wahoo Elemnt - Tips, tricks and custom images
              
          
    Wahoo Elemnt - Tips, tricks and custom images

TOC


Wahoo bike computer hardware
Firmware

Changelogs
BoltLauncher


Enable ADB
Tips and Tricks
Config backup


## exploit.sh
(ctf) [darkarnium::Callisto SpaceDB][0]$ python3 -i flagger.py
[x] Opening connection to spacedb.satellitesabove.me on port 5062
[x] Opening connection to spacedb.satellitesabove.me on port 5062: Trying 18.191.160.21
[+] Opening connection to spacedb.satellitesabove.me on port 5062: Done
[*] Sending ticket
[*] Waiting for Telemetry service endpoint
[*] 18.191.160.21:19587/tel/graphiql
[*] Starting voltage fix-up thread
[*] Waiting for Scheduler service to start
[!] VIDIODE fixed to 7.0 (from 6.47) for 1590260897.99999

## exploit.sh
(ctf) [darkarnium::Callisto MagicBus][0]$ ipython3 --no-banner -i magic_bus.py
[x] Opening connection to bus.satellitesabove.me on port 5041
[x] Opening connection to bus.satellitesabove.me on port 5041: Trying 18.222.201.16
[+] Opening connection to bus.satellitesabove.me on port 5041: Done
[*] Sent b'^93+00+00+35+.' to bus
[*] Sent b'^93+00+00+45+.' to bus
[*] Sent b'^93+00+00+55+.' to bus
[*] Sent b'^93+00+00+75+.' to bus
[*] Sent b'^93+00+00+85+.' to bus
[*] Sent b'^93+00+00+a5+.' to bus

## commands
# Disable Slot 1
cmd("KIT_SCH CFG_SCH_ENTRY with CCSDS_STREAMID 6293, CCSDS_SEQUENCE 49152, CCSDS_LENGTH 6, CCSDS_FUNCCODE 4, CCSDS_CHECKSUM 0, SLOT 1, ACTIVITY 0, CONFIG 0")

# Reprogram Slot 0, Activity 0 to call KIT_TO_TLM_FLAG_MID.
cmd("KIT_SCH LOAD_SCH_ENTRY with CCSDS_STREAMID 6293, CCSDS_SEQUENCE 49152, CCSDS_LENGTH 13, CCSDS_FUNCCODE 5, CCSDS_CHECKSUM 0, SLOT 0, ACTIVITY 0, CONFIG 1, FREQ 1, OFFSET 0, MSG_TBL_IDX 42")

# Reprogram Slot 1, Activity 0 to call KIT_TO_TLM_FLAG_MID.
cmd("KIT_SCH LOAD_SCH_ENTRY with CCSDS_STREAMID 6293, CCSDS_SEQUENCE 49152, CCSDS_LENGTH 13, CCSDS_FUNCCODE 5, CCSDS_CHECKSUM 0, SLOT 0, ACTIVITY 0, CONFIG 1, FREQ 1, OFFSET 0, MSG_TBL_IDX 42")

# Enable Telemetry

## crackWep.sh
# Checking for arguments
if [ $# -lt 3 ]
  then
        echo "Not enough arguments supplied"
        echo "Usage: ./deauth.sh  <bssid> <channel> <interface>"
else
        BSSID=$1
        CHAN=$2
        INTERF=$3
        TIMEOUT=20

## pubsploit.py
import urllib.request, json, sys, textwrap
# Run like
# python3 pubsploit.py CVE-2017-0143

def cveSearch(cve):
    with urllib.request.urlopen('http://cve.circl.lu/api/cve/'+cve) as url:
        data = json.loads(url.read().decode())
        try:
            if data['cvss']:
                print("{} | CVSS {}".format(cve,data['cvss']))
	(ctf) [darkarnium::Callisto SpaceDB][0]$ python3 -i flagger.py
	[x] Opening connection to spacedb.satellitesabove.me on port 5062
	[x] Opening connection to spacedb.satellitesabove.me on port 5062: Trying 18.191.160.21
	[+] Opening connection to spacedb.satellitesabove.me on port 5062: Done
	[*] Sending ticket
	[*] Waiting for Telemetry service endpoint
	[*] 18.191.160.21:19587/tel/graphiql
	[*] Starting voltage fix-up thread
	[*] Waiting for Scheduler service to start
	[!] VIDIODE fixed to 7.0 (from 6.47) for 1590260897.99999
	(ctf) [darkarnium::Callisto MagicBus][0]$ ipython3 --no-banner -i magic_bus.py
	[x] Opening connection to bus.satellitesabove.me on port 5041
	[x] Opening connection to bus.satellitesabove.me on port 5041: Trying 18.222.201.16
	[+] Opening connection to bus.satellitesabove.me on port 5041: Done
	[*] Sent b'^93+00+00+35+.' to bus
	[*] Sent b'^93+00+00+45+.' to bus
	[*] Sent b'^93+00+00+55+.' to bus
	[*] Sent b'^93+00+00+75+.' to bus
	[*] Sent b'^93+00+00+85+.' to bus
	[*] Sent b'^93+00+00+a5+.' to bus
	# Disable Slot 1
	cmd("KIT_SCH CFG_SCH_ENTRY with CCSDS_STREAMID 6293, CCSDS_SEQUENCE 49152, CCSDS_LENGTH 6, CCSDS_FUNCCODE 4, CCSDS_CHECKSUM 0, SLOT 1, ACTIVITY 0, CONFIG 0")

	# Reprogram Slot 0, Activity 0 to call KIT_TO_TLM_FLAG_MID.
	cmd("KIT_SCH LOAD_SCH_ENTRY with CCSDS_STREAMID 6293, CCSDS_SEQUENCE 49152, CCSDS_LENGTH 13, CCSDS_FUNCCODE 5, CCSDS_CHECKSUM 0, SLOT 0, ACTIVITY 0, CONFIG 1, FREQ 1, OFFSET 0, MSG_TBL_IDX 42")

	# Reprogram Slot 1, Activity 0 to call KIT_TO_TLM_FLAG_MID.
	cmd("KIT_SCH LOAD_SCH_ENTRY with CCSDS_STREAMID 6293, CCSDS_SEQUENCE 49152, CCSDS_LENGTH 13, CCSDS_FUNCCODE 5, CCSDS_CHECKSUM 0, SLOT 0, ACTIVITY 0, CONFIG 1, FREQ 1, OFFSET 0, MSG_TBL_IDX 42")

	# Enable Telemetry
	# Checking for arguments
	if [ $# -lt 3 ]
	then
	echo "Not enough arguments supplied"
	echo "Usage: ./deauth.sh <bssid> <channel> <interface>"
	else
	BSSID=$1
	CHAN=$2
	INTERF=$3
	TIMEOUT=20
	import urllib.request, json, sys, textwrap
	# Run like
	# python3 pubsploit.py CVE-2017-0143

	def cveSearch(cve):
	with urllib.request.urlopen('http://cve.circl.lu/api/cve/'+cve) as url:
	data = json.loads(url.read().decode())
	try:
	if data['cvss']:
	print("{} \| CVSS {}".format(cve,data['cvss']))