[ blog ]
-
Sekai CTF Rev Challenge: Crack Me
Writeup for the 2024 Sekai CTF rev challenge CrackMe
-
What is BusyBox?
What is BusyBox and how it can be abused.
-
Blog What Is Ash
-
Aoqee C1 Security Camera: Firmware Security Assessment
Full technical writeup of the firmware security assessment of the Aoqee C1 IP camera (flashdump.bin, MIPSEL/Ingenic T23)
-
Boykeep K30 IoT Camera: Firmware Security Assessment
Full firmware security analysis of the Boykeep K30 indoor Wi-Fi camera
-
Ekan Smart Doorbell: Full Firmware Teardown
Static firmware analysis of the Ekan Smart Video Doorbell (Allwinner V837S / Tina Linux) uncovering multiple critical vulnerabilities including unauthenticated remote code execution via unsigned OTA updates, a fleet-wide hardcoded API signing key, and unauthenticated root shell access over UART and USB.
-
Writeup lightsocket - IoT Security Camera Firmware Assessment
Full firmware teardown of the lightsocket consumer security camera. Allwinner TinaLinux ARM32, hardcoded secrets everywhere, ADB on by default.
-
Writeup Phantom Cheque
-
Tapo Indoor Camera Firmware Analysis: From Flash Dump to Root Shell
Full firmware analysis of a TP-Link Tapo indoor camera (Ingenic T23 SoC) - 6 critical findings including unauthenticated command injection via the factory calibration protocol, a shared TLS private key shipped across all devices, and an EOL kernel with 36 unpatched CVEs.
-
Writeup Wiz Ai
-
XL-B1310L Router: Firmware Teardown
Static firmware analysis of the XL-B1310L wireless router (MediaTek MT7628 / OpenWrt-derived) uncovering plaintext credentials stored in config files, a passwordless root account via OverlayFS whiteout, no binary hardening on the web server, and multiple unpatched CVEs in dnsmasq, lighttpd, and OpenSSL.