The examples I've seen ( 1, 2 ) all assume a "modern" Raspberry Pi with a 40-pin GPIO connector.
If you want to use a Raspberry Pi 1 (26-pin GPIO), you need to pass -r, -c and -d to the flash_cc2531 tools, based on how you want to wire things (I'm using GPIO.3->Reset, GPIO.4->DC, GPIO.5->DD).
Check the example/pictures below.
root@octopi:~# gpio readall
There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.
These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.
The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.
Well, there are some vendor locked dongles out there (I'm looking at you Panasonic!) that use regular off-the-shelf chips but cost a lot of money and not $5 that they're really worth. E.g. there's the AJ-WM50E dual band AC dongle (sold for 160 USD) that you should use with AG-UX180 camera to get wifi CCU running.
I happen to have one such dongle, couple of summer holiday nights and family far, far away. Why not do some hacking then?
The camera is - as far as I can tell - running Linux or a similar system. If so, it has a limited set of tools to get to know what's getting connected to it.
Make the not-so-Panasonic dongle resemble the Panasonic one as much as possible, so that the camera just enables it thinking it's legit.
| # | |
| # python3 code to extract the Dell firmware update for SKHynix SSD. | |
| # | |
| # hacked together over morning coffee by xorloser 14th march 2019 | |
| # | |
| # STEPS TO USE THIS |
| #include <time.h> // Robert Nystrom | |
| #include <stdio.h> // @munificentbob | |
| #include <stdlib.h> // for Ginny | |
| #define r return // 2008-2019 | |
| #define l(a, b, c, d) for (i y=a;y\ | |
| <b; y++) for (int x = c; x < d; x++) | |
| typedef int i;const i H=40;const i W | |
| =80;i m[40][80];i g(i x){r rand()%x; | |
| }void cave(i s){i w=g(10)+5;i h=g(6) | |
| +3;i t=g(W-w-2)+1;i u=g(H-h-2)+1;l(u |
| #!/bin/bash | |
| # Simple CA cert generator & leaf cert signer | |
| # By dominic@sensepost.com | |
| # All rights reserved 2019 | |
| ca_prefix="ca" | |
| leaf_prefix="host" | |
| ca_validity="1825" #days | |
| leaf_validity="730" #days | |
| size=2048 |
| void inject_trusts(int pathc, const char *paths[]) | |
| { | |
| printf("[+] injecting into trust cache...\n"); | |
| extern uint64_t g_kern_base; | |
| static uint64_t tc = 0; | |
| if (tc == 0) { | |
| /* loaded_trust_caches | |
| iPhone11,2-4-6: 0xFFFFFFF008F702C8 |
| param( | |
| [Parameter(Mandatory)] | |
| [string]$Path | |
| ) | |
| #Created by Pierre.Audonnet@microsoft.com | |
| # | |
| #Got keytab structure from http://www.ioplex.com/utilities/keytab.txt | |
| # | |
| # keytab { |
| > [Description] | |
| > ** DISPUTED ** An issue was discovered in the org.telegram.messenger | |
| > application 4.8.11 for Android. The Passcode feature allows | |
| > authentication bypass via runtime manipulation that forces a certain | |
| > method's return value to true. In other words, an attacker could | |
| > authenticate with an arbitrary passcode. NOTE: the vendor indicates | |
| > that this is not an attack of interest within the context of their | |
| > threat model, which excludes Android devices on which rooting has | |
| > occurred. | |
| > |
| ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; | |
| ;;; | |
| ;;; Copyright (C), zznop, brandonkmiller@protonmail.com | |
| ;;; | |
| ;;; This software may be modified and distributed under the terms | |
| ;;; of the MIT license. See the LICENSE file for details. | |
| ;;; | |
| ;;; DESCRIPTION | |
| ;;; | |
| ;;; This PoC shellcode is meant to be compiled as a blob and prepended to a ELF |