TerraMaster NAS TOS <= 3.0.30 Unauthenticated RCE as Root


Recently I bought a TerraMaster F2-420 NAS from Amazon in order to store my private code, backups and this kind of stuff. As soon as it arrived I started to play with its web interface and eventually I wanted to see how it was implemented, moreover I was curious to see if I could find any remotely exploitable vulnerability.

As you can see … I succeeded :)

nas

Read More

Android Applications Reversing 101


Every day we see a bunch of new Android applications being published on the Google Play Store, from games, to utilities, to IoT devices clients and so forth, almost every single aspect of our life can be somehow controlled with “an app”. We have smart houses, smart fitness devices and smart coffee machines … but is this stuff just smart or is it secure as well? :)

Reversing an Android application can be a (relatively) easy and fun way to answer this question, that’s why I decided to write this blog post where I’ll try to explain the basics and give you some of my “tricks” to reverse this stuff faster and more effectively.

I’m not going to go very deep into technical details, you can learn yourself how Android works, how the Dalvik VM works and so forth, this is gonna be a very basic practical guide instead of a post full of theoretical stuff but no really useful contents.

Let’s start! :)

start

Read More

Thoughts on WhatsApp E2E Encryption AKA Security Is Real Only if It's the Default.


Yesterday Tobias Boelter posted on his blog this article which essentially highlights a message rentransmission vulnerability on WhatsApp which makes it leak sensitive information if the recipient’s key changed, only alerting the user after the message has been sent.
The Guardian has then picked up the info and posted the article “WhatsApp vulnerability allows snooping on encrypted messages“.

In a matter of hours, a shit load of experts (and unfortunately also lot of ppl who are not experts at all) pointed their fingers at The Guardian, arguing that it’s not a backdoor and all other kind of sterile polemics. At some point, Moxie from Open Whisper Systems, the noprofit organization who made Signal, the only really secure messaging app we’re aware of and the library that WhatsApp recently integrated in order to give E2E encrypted messaging to all of their users, published on the blog this: “There is no WhatsApp ‘backdoor’“, which seemed to have put the word END to this conversation.

I do not agree and, since a lot of ego is going on here, I’d like to share my thoughts as well.

Read More

Reversing the Smarter Coffee IoT Machine Protocol to Make Coffee Using the Terminal.


I love coffee, that’s a fact, and I drink liters of it during the week … I also am a nerd and a hacker, so a few days ago I bought a Smarter Coffee machine on Amazon, basically a coffee machine that you can control over your home wifi network using a mobile application ( both for Android and iOS ).
The app is really nice: you can set the amount of cups you want, the strength of the coffee, etc, then you only need to press a button and wait for your delicious coffee to be brewed.

Since I work from home, most of the times I’m using the computer keyboard, not a smartphone, therefore I wanted/needed a console client for it, something that the vendor never released, so I started reversing the Android application in order to understand the communication protocol and write my own client implementation … guess what? :D

Yep, i can make coffee using the terminal now :D


terminal

Read More

Un Po Di Consigli per Aspiranti Professionisti Del Settore Della Sicurezza Informatica


Recentemente è stata pubblicata una mia intervista su Motherboard di VICE e appena qualche ora dopo ho iniziato a ricevere un quantitativo stupefacente di email da persone che chiedevano fondamentalmente tutte la stessa cosa, un po di consigli per aspiranti professionisti nel settore della sicurezza informatica.

Considerando che rispondere individualmente ad ogni email sarebbe poco fattibile ho allora deciso di scrivere un post nel quale raccogliere alcuni di questi consigli.
Se per alcuni di voi lettori dovessero sembrare delle banalità, mi scuso fin da subito, ma l’età di chi mi ha mandato quelle email è molto varia, così come il loro background professionale, quindi volerò abbastanza basso ed elencherò solo alcune delle basi.

Chiedo anche scusa fin da subito per gli errori di sintassi, grammatica e via dicendo. Non sono abituato a scrivere in Italiano, non sono abituato a scrivere cose non tecniche e soprattutto non sono uno scrittore :D

Read More

WiFi Pentesting With a Pineapple NANO, OS X and BetterCap


After a few weeks of testing on the field, I’ve found the perfect configuration for WiFi pentesting using a WiFi Pineapple NANO, an OSX laptop and BetterCap.
Since different people from different forums had issues making this work ( mostly due to the difficulties of internet connection sharing between OSX and the Pineapple ) I’ve decided to share my setup today ^_^


nano

Read More

DISCLOSURE - RCE Against Every Open Source BTS Software.


This is a repost of an analysis of mine that has been posted on Zimperium’s blog, basically I’ve found that the following products are vulnerable to remote command execution, plus other various logic errors n’ stuff:

  • YateBTS <= 5.0.0
  • OpenBTS <= 4.0.0
  • OpenBTS-UMTS <= 1.0.0
  • Osmo-TRX/Osmo-BTS <= 0.1.10
  • Other products that share the same transceiver code base.

bts

Read More

Samsung Galaxy Apps MITM Vulnerabilities


The Samsung “Galaxy Apps” application installed on every recent Samsung device, a parallel store application with both apps for Samsung smartphones and smart watches, is vulnerable to MITM attacks which could cause user information leaks, permissions dialog bypass and session hijacking.

Affected Products

Samsung Galaxy Apps <= 4.1.01-14


galaxy apps

Read More

How the United Arab Emirates Intelligence Tried to Hire Me to Spy on Its People


Recently, we’ve been overwhelmed with news of horrors, attacks, monsters who murder the innocent in the name of a faith they don’t truly know. I’m publishing this article today to talk about other monsters, and I can guarantee these can be much worse than the ones we are now familiar with. They are the ones you don’t see coming, those you cannot conceive to be real.

Benjamin Franklin said:

Either write something worth reading or do something worth writing.

Well, I’ll do my best.

Read More

Presenting OpenBank, a Safe and Easy to Use BTC Tracker


Are you a BitCoin user and do you happen to have many wallets and have a hard time to track their whole balance like me? If your answer is yes then you might find useful my latest project called OpenBank!

OpenBank is a Laravel and Angular based web application that you can use to keep track of your BitCoin public keys, your total balance and so forth. All the data is collected in realtime and will be shown to you on its web interface.

Read More