Author: Matthias Niedermaier

Setting-up OpenPLC

The OpenPLC is a opensource Programmable Logic Controllers (PLC) alternative. Due to this, it is possible to understand the black box of these systems. It could be easily used with a Raspberry Pi.

Analysis of Mini 3G/4G WiFi Wireless Router (A5-V11)

Coreboot debugging, configuration, tint, etc.

Coreboot provides a lot of possibilities of configurations, primary and secondary payloads and debugging mechanisms.

Flashing Coreboot on the T430 with a Raspberry Pi

Coreboot is an Open Source project, which replaces the proprietary BIOS of a traditional computer. Coreboot initialize the Hardware and then executes a payload (e. g. SeaBIOS or Grub).

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 2

With OpenOCD it is possible to flash/upload programs to the spi flash of the Arty Board. From there the SiFive Risc-V “core” will boot.

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 1

Configuring and programming the 100 € Xilinx Arty development board with an open source implementation of the Risc-V ISA from SiFive.

Hacking – Root @ Linksys E900 N300

How to get root at Linksys E900 N300

Hacking – Root @ NETGEAR DM111PBL ADSL2+

How to get a root shell on the NETGEAR DM111PBL?

Mirai Soruce Code Reveals Bad IoT Passwords

The Mirai source code reveals the passwords, which are used to create the botnet. These passwords should never ever be used to secure a device.

Hacking IP-Camera Digoo BB-M2 – Part 3 – Getting root access

After getting access to the serial interface of the IP-Camera the next step is to get a root shell.

Hacking IP-Camera Digoo BB-M2 – Part 2 – Analyzing the boot process

The last article shows, how to identify the serial port on the IP-Camera. With this it is possible to solder wires on the IP-Camera and attach a USB to serial adapter to it.

Hacking IP-Camera Digoo BB-M2 – Part 1 – Identify serial interface

I have bought an WiFi security camera from banggood. The Digoo BB-M2 Mini WiFi HD 720P costs about 20 €, which is quite cheap for this kind of product. This article will analyze the serial interface of the IP camera.

Advisory (ICSA-16-313-01) from the Department of Homeland Security

Offensive Security Wireless Attacks – OSWP Certification

In my part time I have done my first Offensive Security course and certificate. It is called Wireless Attacks (WiFu) and deals with all kind of wireless attacks.

Raspberry Pi – Hardware Hacking V0.1 update

The manufactured boards have arrived. Unexpectedly the component identifiers are printed on the PCB and i have not placed them. Due to this reason in the next version they have to be placed right. Top of the PCB: Bottom of

Raspberry Pi – Hardware Hacking V0.1

The idea behind the hardware hacking shield for the Raspberry Pi is to learn IT-Security hacks on different bus systems on embedded boards. Features for the first version of the Raspberry Pi Hardware Hacking Board (V0.1): I2C EEPROM to learn

Simple Binary Viewer

With this simple Python script it is possible to view a binary file in different styles. This is also possible for example with the Linux tool hexdump. Nevertheless it is sometimes necessary to have this code in an own tool.

Hacking TL-MR3020 – Part 4 – Qemu test

Qemu with RootFS of TL-MR3020 This tutorial should show, how it is possible to set-up a Qemu virtualized environment. DRAFT!

Hacking TL-MR3020 – Part 3 – Firmware analysis

Extracting and Analysis Firmware of the TL-MR3020 This tutorial shows how the firmware of the TP-Link TL-MR3020 could be analysed. DRAFT!  

Hacking TL-MR3020 – Part 2 – Firmware dump over SERIAL

TL-MR3020 Serial Dump over Python Script This tutorial show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 via a serial connection. DRAFT!

Top