Mon 27 November 2023 by Xilokar
Bypassing a noexec by elf roping
In this post, I will show you how I bypassed a noexec permission in a limited chrooted env.
more...Thu 21 July 2022 by Xilokar
Extracting stm32wb55 CPU2 firmware key
The stm32wb55 mcu is a dual core (cortex-m4/cortex-m0) mcu with integrated wireless capabilities (ble/thread/zigbee).
more...Tue 07 June 2022 by Xilokar
Firmware key extraction by gaining EL3
A bit of history
A few months back, I turned my attention on my fiber gateway. So I ordered the same model on ebay, unsoldered and dump the nand, and after a lot of work, managed to have a clear view of the system, from bootloader to userland.
Basically, the bootloader check the signature of the kernel image, uncrypt the kernel image with a bootloader stored key, which in turn, uncrypt the rootfs image and voila.
[YYYY] / # ls README dev lib opt sbin usr bin etc media proc sys var config exports mnt root tftpboot ctmp home nonexisting run tm [YYYY] / # cat README If you can read this, congratulations ! Feel free to drop me an email, xxxx@yyyy.zz
Mon 04 April 2022 by Xilokar
Pwning the bcm61650
The percello prc6000, also known as bcm61650 after Broadcom bought the company, is a chip used in 3g femtocells (Home-nodeB).
Here is a summary writeup of how I achieved to bypass its secure ROM to run arbitrary firmwares.
more...Tue 06 March 2018 by Xilokar
Thu 11 January 2018 by Xilokar
It Didn't Work
A picture is worth a thousand words...
Mon 10 April 2017 by Xilokar
Video Distorsion
Found this old piece of code, written in 2013. Only needed to change hardcoded resolution of the webcam to get it working again.
Fri 17 April 2015 by Xilokar
Hello World
#include <stdio.h>
int main(int argc, char** argv) {
printf("Hello World\n");
return 0;
}
Page 1 / 1