Ruxcon 2017 HHV Badge Flag – Part 2 – The "Hard" Way

In this part we’ll go through how to retrieve the flag directly from the binary. This should be easier than it is but there are some eccentricities to the NodeMCU Lua compiler which break most of the tools out there, after spending some time trying various decompilers and attempting to get ChunkSpy to behave with the NodeMCU bytecode (if I can be bothered I might write up a post on said eccentricities at some point, but don’t hold your breath), I ended up doing the decompilation manually. Took a while but wasn’t particularly “hard”. The full annotated listing is in...

Ruxcon 2017 HHV Badge Flag – Part 1 – The "Easy" Way

As promised, here’s a walkthrough for retrieving the Badge Flag from the Ruxcon 2017 HHV Badge. The easy way requires that you have the badge hardware up and running (though you could just load the firmware onto some random ESP8266 module for the same effect). If we connect to the UART port on the badge we see the following at startup; Boot messages In this data we see; flag: cbd3f82962b3b38679fba0250f243c4c7dc5b8aa5ff403383f43de6e9dd2e23a32de120d62776077e2196c36ae0a330d SWEEET! that was easy! Err, no… Typically for a CTF flag...

Ruxcon 2017 Hardware Hacking Village Wrap

Only eight hours sleep across the weekend (gotta love insomnia…) but we’re done for another year. I was pretty happy with the level of engagement we saw at the Hardware Hacking Village this year, catering to a group like that is always a bit tough. You can find my slide deck, the badge and simple solder build docs and badge firmware at my Ruxcon 2017 HHV page. We handed out 111 of the “Simple Solder” kits across the course of the weekend, so we were pretty much spot on with the 120 that we ordered for (Gotta say, really...

Adventures in IPv6 – The Next Generation – Part 2

Part 2 - Configuring The IPSec Tunnel First thing you’ll need to do is decide whether you’re going to use certificate based or PSK authentication between the ends of the IPSec tunnel, if you decide on certificate based auth, you’ll of course need some certificates, your choice where you get them from, I created an internal CA on my local pfSense box and used that to issue the certificates for my tunnel. Next step is to configure IPSec Phase 1 (the configurations of each end of the IPSec tunnel are basically mirrors of each other, so I’ll only show...

Adventures in IPv6 – The Next Generation – Part 1

Part 1 - Background and Approach I posted a few days ago about my Adventures in IPv6 which was a brief summary of getting IPv6 connectivity via the Hurricane Electric free IPv6 Tunnel Broker service, in that post I remarked about some issues I had due to the fact that my tunnel was terminated in Japan, this series of posts will cover “The Next Generation” where I basically set up a “personal” IPv6 Tunnel service. A quick note ahead of time; in my setup, I’m using pfSense on both ends of the tunnel, this is mainly...

Adventures in IPv6

So I was having a discussion on one of the boards I lurk on some weeks ago around IPv6, and that spurred me to finally pull my finger out and actually DO something about it (up until this point I’d been basically taking the “Ostrich” path of sticking my head in the sand and pretending it didn’t exist). My current provider has not deployed dual-stack to the edge, and all indications are that there will be significant costs involved in doing so (and they’ve recently been purchased by the biggest cheapskate in the ISP game, so I’m not going to...

Injecting Your Own SSL Certs Into The Uniclass Prima IP-16 Redux

So apparently I’m a muppet, I spent a while doing some digging around in disassemblies of the client and server components, only to discover that the certificate file I dropped onto the KVM was in the wrong format… So, I grabbed another copy, renamed the files appropriately and restarted the webserver, lo and behold it came up and is now presenting the correct certificate. Hallelujah. Next step, convince it to use that cert for the actual KVM bits, easy enough, copy webserver.crt and webserverkey.pem to dserver.crt and dserverkey.pem respectively, restart kleserver, comes up and all is happy, now it’s time...

Injecting Your Own SSL Certs Into The Uniclass Prima IP-16

I’m presently contemplating a project to build a small DC/storage outbuilding down the side of my garage, basically to relocate all the random servers and such which are currently located in my study to somewhere else, ideally with proper climate control. Now of course I don’t want the inconvenience of actually having to go out there to yutz with things when I need to so I went digging around on eBait for an IP KVM, turned up a “Prima IP-16 Uniclass” for $140, seemed like a reasonable price, unfortunately it’s one of the ones that uses an oddball cable that...

Installing NUT on ESXi 4.1

The final battle in my quest for properly integrated UPS Monitoring was to get my ESXi 4.1 box into the mix. Some rummaging around online turned up a NUT Client for ESXi 5 (french) which doesn’t work for ESXi 4, fortunately the same guy has also done a NUT Client for ESXi 4 (french) which will work, but takes some effort. The tricky part is that it seems that the only way to customise an ESXi 4 install is via oem.tgz, whereas in ESXi 5 we have the concept of “packages”, I broke my ESXi box several times...

Creating the DropBot9k (AKA; ESP8266 throwies) Part 3

Part 3 - The tools which Espressif hath provided So we’re still chasing power savings at this point, the next logical step is to reduce the TX power of the ESP8266 because we don’t need much range in this application, unfortunately NodeMCU does not expose the TXPower API… Looks like we need to write a patch against NodeMCU… Or not… Something of a diversion; Around about this time I decided I needed the rtc API for the software which necessitated a new build, off to the NodeMCU Build service we go; build a new image, flash to ESP8266,...
Page 2 of 3