EELive Slides – /dev/ttyS0
Just got back from the EELive conference in San Jose – great talks, great people, and way better weather than we had back here on the east coast. For those interested, the slides for my talk, “Finding...
View ArticleClik here to view.
Hacking the D-Link DSP-W215 Smart Plug – /dev/ttyS0
The D-Link DSP-W215 Smart Plug is a wireless home automation device for monitoring and controlling electrical outlets. It isn’t readily available from Amazon or Best Buy yet, but the firmware is up on...
View ArticleClik here to view.
Hacking the DSP-W215, Again – /dev/ttyS0
D-Link recently released firmware v1.02 for the DSP-W215 to address the HNAP buffer overflow bug in my_cgi.cgi. Although they were quick to remove the download link for the new firmware (you must “Use...
View ArticleClik here to view.
Hacking the DSP-W215, Again, Again – /dev/ttyS0
Here we go again…again. In the last DSP-W215 exploit, I mentioned that the exploit’s POST parameter name had to be “storage_path” in order to prevent the get_input_entries function from crashing...
View ArticleClik here to view.
Hacking the DSP-W215, Again, Again, Again – /dev/ttyS0
So far, the vulnerabilities found in the DSP-W215 have only been practically exploitable from the LAN, unless someone was foolish enough to make their smart plug remotely accessible on the Internet....
View ArticleClik here to view.
Reversing D-Link’s WPS Pin Algorithm – /dev/ttyS0
While perusing the latest firmware for D-Link’s DIR-810L 80211ac router, I found an interesting bit of code in sbin/ncc, a binary which provides back-end services used by many other processes on the...
View ArticleClik here to view.
Reversing Belkin’s WPS Pin Algorithm – /dev/ttyS0
After finding D-Link’s WPS algorithm, I was curious to see which vendors might have similar algorithms, so I grabbed some Belkin firmware and started dissecting it. This particular firmware uses the...
View ArticleClik here to view.
Hacking the D-Link DIR-890L – /dev/ttyS0
The past 6 months have been incredibly busy, and I haven’t been keeping up with D-Link’s latest shenanigans. In need of some entertainment, I went to their web page today and was greeted by this...
View ArticleClik here to view.
What the Ridiculous Fuck, D-Link?! – /dev/ttyS0
As mentioned in an update to my post on the HNAP bug in the DIR-890L, the same bug was reported earlier this year in the DIR-645, and a patch was released. D-Link has now released a patch for the...
View ArticleDefcon 24: Blinded By The Light – /dev/ttyS0
I won’t be at Defcon this year in body, but I’ll be there in spirit! I got to design the hardware used in @tb69rr’s and @bjt2n3904‘s Defcon talk, Blinded By The Light. A walk through of the hardware...
View Article