First Impression on the Xiaomi WiFi+

Here a first look at the Xiaomi WiFi+ PCB and Software is given.
Read more ›

Setting-up OpenPLC

The OpenPLC is a opensource Programmable Logic Controllers (PLC) alternative.
Due to this, it is possible to understand the black box of these systems.
It could be easily used with a Raspberry Pi.

Read more ›

Analysis of Mini 3G/4G WiFi Wireless Router (A5-V11)

Read more ›

Coreboot debugging, configuration, tint, etc.

Coreboot provides a lot of possibilities of configurations, primary and secondary payloads and debugging mechanisms.

Read more ›

Flashing Coreboot on the T430 with a Raspberry Pi

Coreboot is an Open Source project, which replaces the proprietary BIOS of a traditional computer. Coreboot initialize the Hardware and then executes a payload (e. g. SeaBIOS or Grub).

Read more ›

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 2

With OpenOCD it is possible to flash/upload programs to the spi flash of the Arty Board. From there the SiFive Risc-V “core” will boot.

Read more ›

Open Source Risc-V on the Xilinx Artix-7 35T Arty – Part 1

Configuring and programming the 100 € Xilinx Arty development board with an open source implementation of the Risc-V ISA from SiFive.
Read more ›

Hacking – Root @ Linksys E900 N300

How to get root at Linksys E900 N300

Read more ›

Hacking – Root @ NETGEAR DM111PBL ADSL2+

How to get a root shell on the NETGEAR DM111PBL?

Read more ›

Mirai Soruce Code Reveals Bad IoT Passwords

The Mirai source code reveals the passwords, which are used to create the botnet.

These passwords should never ever be used to secure a device.
Read more ›

Hacking IP-Camera Digoo BB-M2 – Part 3 – Getting root access

After getting access to the serial interface of the IP-Camera the next step is to get a root shell.

Read more ›

Hacking IP-Camera Digoo BB-M2 – Part 2 – Analyzing the boot process

The last article shows, how to identify the serial port on the IP-Camera. With this it is possible to solder wires on the IP-Camera and attach a USB to serial adapter to it.

Read more ›

Hacking IP-Camera Digoo BB-M2 – Part 1 – Identify serial interface

I have bought an WiFi security camera from banggood. The Digoo BB-M2 Mini WiFi HD 720P costs about 20 €, which is quite cheap for this kind of product.

This article will analyze the serial interface of the IP camera.

Read more ›

Advisory (ICSA-16-313-01) from the Department of Homeland Security

Read more ›

Offensive Security Wireless Attacks – OSWP Certification

In my part time I have done my first Offensive Security course and certificate. It is called Wireless Attacks (WiFu) and deals with all kind of wireless attacks.

Read more ›

Raspberry Pi – Hardware Hacking V0.1 update

The manufactured boards have arrived. Unexpectedly the component identifiers are printed on the PCB and i have not placed them. Due to this reason in the next version they have to be placed right.

Top of the PCB:
2016-06-05 23.14.16

Bottom of the PCB:

2016-06-05 23.14.32

Next steps:

  • Solder components on the PCB
  • Basic interface test with Raspberry Pi
  • Raspberry Pi – Hardware Hacking V0.1

    The idea behind the hardware hacking shield for the Raspberry Pi is to learn IT-Security hacks on different bus systems on embedded boards.

    Features for the first version of the Raspberry Pi Hardware Hacking Board (V0.1):

    • I2C EEPROM to learn the basics of the I2C bus
    • SPI EEPROM to learn the basics of the SPI bus
    • UART to USB FTDI converter to learn the basics of UART and USB
    • Two push buttons
    • Two user leds

    For the first versio (V0.1) the PCB layout and order process will be evaluated.
    Ordering from “” from China.

    Basic schematics:

    3d view of the PCB, some parts have no 3d model:

    The KiCad Datas are actually in a zip compressed folder, but will later by added to a git repository (KiCad + Gerber V0.1):

    Simple Binary Viewer

    With this simple Python script it is possible to view a binary file in different styles. This is also possible for example with the Linux tool hexdump. Nevertheless it is sometimes necessary to have this code in an own tool.

    $./ | less
    ADDRESS    | BIN                                 | HEX         | ASCII
    0x00000000 | 00000001 00000000 00000000 00000000 | 01 00 00 00 | . . . .
    0x00000004 | 01010100 01010000 00101101 01001100 | 54 50 2d 4c | T P - L
    0x00000008 | 01001001 01001110 01001011 00100000 | 49 4e 4b 20 | I N K .
    0x0000000c | 01010100 01100101 01100011 01101000 | 54 65 63 68 | T e c h

    Read more ›

    Hacking TL-MR3020 – Part 4 – Qemu test

    Qemu with RootFS of TL-MR3020
    This tutorial should show, how it is possible to set-up a Qemu virtualized environment.


    Read more ›

    Hacking TL-MR3020 – Part 3 – Firmware analysis

    Extracting and Analysis Firmware of the TL-MR3020
    This tutorial shows how the firmware of the TP-Link TL-MR3020 could be analysed.

    Read more ›

    Hacking TL-MR3020 – Part 2 – Firmware dump over SERIAL

    TL-MR3020 Serial Dump over Python Script

    This tutorial show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 via a serial connection.

    2016-01-10 17.02.58

    Read more ›

    Hacking TL-MR3020 – Part 1 – Firmware dump over TFTP

    Firmware dump of the TP-Link TL-MR3020

    This tutorial will show, how it is possible to make a firmware dump of the TP-Link TL-MR3020 Router.
    As a possible method the /dev/mtd* data will be transferred over tftp.

    Router connection

    Read more ›

    Raspberry Pi – Python Flask

    Python flask

    The aim is to display content on the Waveshare touchscreen on the Raspberry Pi. For this the Python module Flask is used. With this it is possible to generate a webside with dynamic Python content and much more.


    Read more ›

    Raspberry Pi – Start Iceweasel on startup

    Start into full-screen iceweasel
    The aim of this tutorial is to start iceweasel in full-screen automatically on boot up of the Raspberry Pi.

    2016-01-06 14.26.06

    Read more ›

    Raspberry Pi – HDMI Display

    Connect a 7″ HDMI touch display to a Raspberry Pi:
    Here a short set-up tutorial about the waveshare 7″ touchscreen for the Raspberry Pi is described.

    Read more ›

    HackMe4 – Timing

    This password crack should be hacked by timing analysis. A timing analysis is the time variation a program needs to check the password.

    Download File: HackMe4(Linux)
    Download File: HackMe4(Windows)

    Read more ›

    HackMe3 – Buffer overflow

    This password crack should be hacked by buffer overflow.

    Download File: HackMe3(Linux)
    Download File: HackMe3(Windows)

    Read more ›

    HackMe2 – Dynamic analysis

    This password uses a simple check-sum comparison for authorization.

    Download File: HackMe2(Linux)
    Download File: HackMe2(Windows)

    Read more ›


    With a disassembler it is possible to analyze binary files. There are a lot of different programs on the market for different platforms. A lot of them supports different architectures too. Some of them are listed bellow.

    Read more ›

    HackMe1 – Strings

    This should be a very simple introduction about reverse engineering. The aim of this lab is to get access by getting the password out of the provided binary file. The source code in the solution is totally unusable for any kind of protection and is only for demonstration purpose.

    Download File: HackMe1(Linux)
    Download File: HackMe1(Windows)

    Read more ›


    Etching equipment:

    • Temperature regulated etching bath
    • Exposure unit
    • Several containers
    • Etching chemicals



    Read more ›




    Read more ›

    Exposure unit

    Exposure unit:


    Read more ›


    The Gnublin board is a small form factor PCB with an embedded Linux  on it. It can be bought on

    Picture of the Gnublin board:


    Read more ›

    LED cube

    LED cube:
    LED cubes are a very popular project , while the sizes go from 3x3x3 to 10x10x10 on with RGB LEDs. At the university we have build a monochrome 5x5x5 LED cube.

    Read more ›

    Vacuum cleaner

    Vacuum cleaner:
    At the present time there are many autonomous vacuum cleaner. In summer 2012 I have designed and built a vacuum cleaner by myself. The following video shows a short section of it.


    Read more ›