Hack a Sat - Can you hear me now?

Hack-a-sat — Can you hear me now? That challenged asked us to decode a Telemetry data that was being sent over a TCP port. If you open the netcat, the following happen: Then if you connect to the Telemetry Service using netcat: In the provided zip file there is a telemetry.xtce file which is a XML file that tells us how the binary packet is encoded. A quick search over the internet lead me to the Wikipedia: https://en.wikipedia.org/wiki/XML_Telemetric_and_Command_Exchange It is defined in the CCSDS Green Book (the spec https://public.ccsds.org/Pubs/660x0g1.pdf ) The file has several sections. I will describe a few of them:...

Integrating Hacked Touch Panel into Home Assistant

Integrating Hacked Touch Panel into Home Assistant In the previous article I showed a simple hack of a chinese Touch Panel. Now I have successfully integrated it Home Assistant and I’m able to turn my room light on / off. Here is how. From now on I will assume you have ESPHome working on your machine and Home Assistant configured. ESPHome is very easy to install if you have python pip: pip install esphome Should install everything you need. First let’s create our project. I will call it touchpanel.yml: esphome: # Change it for any name you want. This is...

Hacking Dimmer Touch Panel with ESP8266

Hacking Dimmer Touch Panel with ESP8266 I bought two of these LED Touch Panel Dimmers in Banggood and they look pretty good. But since my house automation has its own way to controlling the lights I wonder if I could hack them to send info to Home Assistant. The first thing I opened one of them to check what’s inside. It has two boards connected by a Flat Cable Touch Panel Board Dimmer Board The dimmer board does have some micro controller that looks like a PIC, few mosfets and a buzzer. The touch panel has a WTC801SPI controller. WTC801SPI...

Creating your own GSM Network with LimeSDR

Creating your own GSM Network with LimeSDR DISCLAIMER: This procedure is highly ilegal basically anywhere in the world. Be sure to run this in a closed RF environment (aka Faraday Cage) This article works with any LimeSDR version. For this example we will use the Osmocom GSM Stack in the NITB (Network in the box) mode. In this mode the phones connected to you BTS will be able to call each other and send SMS messages. There is also the Interconnect mode in which the BSC (Base Station Controller) connects to a ISDN or IPBX (for example Asterisk) to manage...

Dahua / Intelbras MitM Attack

Dahua / Intelbras MitM Attack How to perform a very simple MitM Attack on a Intelbras/Dahua IP Cameras / DVR. This uses Ettercap to do an ARP Poison and a simple GoLang Script to fetch the username/password. Disclaimer: This type of attack is basically illegal anywhere in the world. My intentions with this tutorial is to demonstrate why you should ALWAYS use a TLS connection for ANYTHING. Use for you own risk. For the purpose of responsible disclosure, I contacted Intelbras on Twitter on 11/08/2019 and let them know I expected a reply from them until 17/08/2019. If they didn’t...