Setting-up OpenPLC

The OpenPLC is a opensource Programmable Logic Controllers (PLC) alternative.
Due to this, it is possible to understand the black box of these systems.
It could be easily used with a Raspberry Pi.

Read more ›

Analysis of Mini 3G/4G WiFi Wireless Router (A5-V11)

Read more ›

Coreboot debugging, configuration, tint, etc.

Coreboot provides a lot of possibilities of configurations, primary and secondary payloads and debugging mechanisms.

Read more ›

Flashing Coreboot on the T430 with a Raspberry Pi

Coreboot is an Open Source project, which replaces the proprietary BIOS of a traditional computer. Coreboot initialize the Hardware and then executes a payload (e. g. SeaBIOS or Grub).

Read more ›

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 2

With OpenOCD it is possible to flash/upload programs to the spi flash of the Arty Board. From there the SiFive Risc-V “core” will boot.

Read more ›

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 1

Configuring and programming the 100 € Xilinx Arty development board with an open source implementation of the Risc-V ISA from SiFive.
Read more ›

Hacking – Root @ Linksys E900 N300

How to get root at Linksys E900 N300

Read more ›

Hacking – Root @ NETGEAR DM111PBL ADSL2+

How to get a root shell on the NETGEAR DM111PBL?

Read more ›

Mirai Soruce Code Reveals Bad IoT Passwords

The Mirai source code reveals the passwords, which are used to create the botnet.

These passwords should never ever be used to secure a device.
Read more ›

Hacking IP-Camera Digoo BB-M2 – Part 3 – Getting root access

After getting access to the serial interface of the IP-Camera the next step is to get a root shell.

Read more ›

Hacking IP-Camera Digoo BB-M2 – Part 2 – Analyzing the boot process

The last article shows, how to identify the serial port on the IP-Camera. With this it is possible to solder wires on the IP-Camera and attach a USB to serial adapter to it.

Read more ›

Hacking IP-Camera Digoo BB-M2 – Part 1 – Identify serial interface

I have bought an WiFi security camera from banggood. The Digoo BB-M2 Mini WiFi HD 720P costs about 20 €, which is quite cheap for this kind of product.

This article will analyze the serial interface of the IP camera.

Read more ›

Advisory (ICSA-16-313-01) from the Department of Homeland Security

Read more ›

Offensive Security Wireless Attacks – OSWP Certification

In my part time I have done my first Offensive Security course and certificate. It is called Wireless Attacks (WiFu) and deals with all kind of wireless attacks.

Read more ›

Raspberry Pi – Hardware Hacking V0.1 update

The manufactured boards have arrived. Unexpectedly the component identifiers are printed on the PCB and i have not placed them. Due to this reason in the next version they have to be placed right.

Top of the PCB:
2016-06-05 23.14.16

Bottom of the PCB:

2016-06-05 23.14.32

Next steps:

  • Solder components on the PCB
  • Basic interface test with Raspberry Pi
  • Raspberry Pi – Hardware Hacking V0.1

    The idea behind the hardware hacking shield for the Raspberry Pi is to learn IT-Security hacks on different bus systems on embedded boards.

    Features for the first version of the Raspberry Pi Hardware Hacking Board (V0.1):

    • I2C EEPROM to learn the basics of the I2C bus
    • SPI EEPROM to learn the basics of the SPI bus
    • UART to USB FTDI converter to learn the basics of UART and USB
    • Two push buttons
    • Two user leds

    For the first versio (V0.1) the PCB layout and order process will be evaluated.
    Ordering from “” from China.

    Basic schematics:

    3d view of the PCB, some parts have no 3d model:

    The KiCad Datas are actually in a zip compressed folder, but will later by added to a git repository (KiCad + Gerber V0.1):

    Simple Binary Viewer

    With this simple Python script it is possible to view a binary file in different styles. This is also possible for example with the Linux tool hexdump. Nevertheless it is sometimes necessary to have this code in an own tool.

    $./ | less
    ADDRESS    | BIN                                 | HEX         | ASCII
    0x00000000 | 00000001 00000000 00000000 00000000 | 01 00 00 00 | . . . .
    0x00000004 | 01010100 01010000 00101101 01001100 | 54 50 2d 4c | T P - L
    0x00000008 | 01001001 01001110 01001011 00100000 | 49 4e 4b 20 | I N K .
    0x0000000c | 01010100 01100101 01100011 01101000 | 54 65 63 68 | T e c h

    Read more ›

    Hacking TL-MR3020 – Part 4 – Qemu test

    Qemu with RootFS of TL-MR3020
    This tutorial should show, how it is possible to set-up a Qemu virtualized environment.


    Read more ›

    Hacking TL-MR3020 – Part 3 – Firmware analysis

    Extracting and Analysis Firmware of the TL-MR3020
    This tutorial shows how the firmware of the TP-Link TL-MR3020 could be analysed.

    Read more ›

    Hacking TL-MR3020 – Part 2 – Firmware dump over SERIAL

    TL-MR3020 Serial Dump over Python Script

    This tutorial show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 via a serial connection.

    2016-01-10 17.02.58

    Read more ›