h4ck

a collection of writeups and tools related to ~embedded device ~hacking

shiny devices are fun, finding and poking holes in their interface is a lot of fun

devices

name | description | url -----|-------------|----- CUJO | purposeful MiTM device for internet 'security' | cujo LG webOS | HTTP phone home is never a good idea | lg-webOS HooToo TripMate series | there are lots of problems, some end up at root access | hootoo TriCascade i-Bright7x | work in progress, SSID password from MAC address, telnet but no access | i-Bright7x Lametric Time | WiFi/internet enabled clock/LED display, unnecessary services exposed, root access obtainable | lametric Philips Hue | device communication insecure, Ruby library/CLI to control via REST HTTP | hued RAV FileHub | a HooToo by any other name.. but with a twist | rav-filehub RevoLabs flx UC1000 | more than just brute forcing the PIN | revolabs-flx_uc_1000 Ubiquiti mFi mPower | root access trivially obtained, credential leakage, unnecessary services exposed | ubiquiti/mFi Belkin Weemo Mini | work in progress, recon mostly done | weemo