I recently upgraded my home network router from a pfSense SG-1100 to a Ubiquiti Unifi Gateway Ultra. The main reason I upgraded was because I already had a unifi switch and unifi wireless access points, and so wanted to complete the eco-system. ISP limitation My ISP uses Carrier-Grade NAT or CGN which means it uses a IPv4 network shared with other house-holds. It also means I cannot port forward services like VPNs to the Internet....
Overview This post should help users who want to create offline backups of Authy TOTPs secrets, using a rooted Android device, or a patched .APK file. I wrote a python script which can be used to import and export token secrets into a standardized format, including (re)generating QR codes. I briefly cover app reversing, specifically the API endpoints for device registration. Once a device is registered, each request uses 3 OTP tokens as URL parameters that rotate every 7 seconds....
This is second part of the Hacking Amazon鈥檚 eero 6 device, which covers reading and extracting firmware data directly from a eMMC flash chip. This is after the chip had been desoldered (not by me) off the device. I also share the equipment I bought during this project, including what didn鈥檛 work and what did. You can skip to this section on modifying a BGA159 chip reader. The firmware on the eMMC at the time version v7....
Overview A short blog on how to install and run the latest version of OpenWRT using QEMU, on a machine with Apple M1. This is similar to my previous blog post on How to build a Debian MIPS image on QEMU. This guide uses the OpenWRT ARMv8 edition, which runs nicely on a Apple M1 chip. It also covers how to install the LuCI web management interface. Download and Install Select and download the necessary files from the link below....
Update: Fixed proof of concept link. Background This research project started back in July 2023, at around the same time when a critical vulnerability in a popular file-sharing software called MoveIt Transfer was disclosed. More details about that particular vulnerability can be found here and here. I was curious and looked for other similar file-sharing software with security issues. And so a few Google searches later, I found a candidate, a software for enterprises called MFT Server by JSCAPE....