Quantcast
Channel: hacks – Tinyhack.com
Browsing latest articles
Browse All 18 View Live

Image may be NSFW.
Clik here to view.

Adding Bluetooth Serial Port to Asus RT-N16

I am running DebWrt on my Asus RT-N16 and it works well. The only problem that I have is: in case I misconfigure something and the device is inaccessible via network, I need to open the case then...

View Article



Image may be NSFW.
Clik here to view.

RFID based toy/game for toddlers

Hardware Inspired by this toy fromm LeapFrog that we got for free on a yard sale, I made this toy for my son: This is a simple toy, he can pick a card from this set of alphabet cards: And put it above...

View Article

Implementing a web server in a single printf() call

A guy just forwarded a joke that most of us will already know Jeff Dean Facts (also here and here). Everytime I read that list, this part stands out: Jeff Dean once implemented a web server in a single...

View Article

Exploiting the Futex Bug and uncovering Towelroot

The Futex bug (CVE-2014-3153) is a serious bug that affects most Linux kernel version and was made popular by geohot in his towelroot exploit. You can read the original comex report at hackerone....

View Article

Image may be NSFW.
Clik here to view.

Teensy LC U2F key

Around beginning of last month, GitHub users can buy a special edition U2F security keys for 5 USD (5000 keys were available), and I got two of them. Universal 2nd Factor (U2F) is an open...

View Article


Image may be NSFW.
Clik here to view.

Raspberry Pi as Alphasmart Dana Access Point and File Share

Alphasmart Dana is a Palm OS device with a keyboard form factor that is still popular among writers. One of the Alphasmart Dana version has a wireless capability, but it only supports WEP 40/128 bit....

View Article

Image may be NSFW.
Clik here to view.

An alternative way to exploit CVE-2017-15944 on PAN OS 6.1.0

On the beginning of 2018 during a pentest work, I found a firewall that has that should be exploitable using the bug CVE-2017-15944, but somehow the exploits I found doesn’t work on the last step: we...

View Article

Image may be NSFW.
Clik here to view.

Reverse Engineering Pokémon GO Plus Part 2: OTA Signature Bypass

It has been almost 6 months since I published my Pokemon Go Plus finding and so far no one has published their Pokemon Go Plus Key. One of the reason is the difficulty in extracting the key from OTP...

View Article


Image may be NSFW.
Clik here to view.

Dissecting a MediaTek BootROM exploit

A bricked Xiaomi phone led me to discover a project in Github that uses a MediaTek BootROM exploit that was undocumented. The exploit was found by Xyz, and implemented by Chaosmaster. The initial...

View Article


Image may be NSFW.
Clik here to view.

When you deleted /lib on Linux while still connected via ssh

Let’s first not talk about why this can happen, but deleting /lib, /usr/lib, or some other essential runtime files happens quite a lot (as you can see: here, here, here, and here). In this post, I...

View Article
Browsing latest articles
Browse All 18 View Live




Latest Images