Creating your own GSM Network with LimeSDR
Creating your own GSM Network with LimeSDR DISCLAIMER: This procedure is highly illegal basically anywhere in the world. Be sure to run this in a closed RF environment (aka Faraday Cage) This article works with any LimeSDR version. For this example we will use the Osmocom GSM Stack in the NITB (Network in the box) mode. In this mode the phones connected to you BTS will be able to call each other and send SMS messages. There is also the Interconnect mode in which the BSC (Base Station Controller) connects to a ISDN or IPBX (for example Asterisk) to manage...
Dahua / Intelbras MitM Attack
Dahua / Intelbras MitM Attack How to perform a very simple MitM Attack on a Intelbras/Dahua IP Cameras / DVR. This uses Ettercap to do an ARP Poison and a simple GoLang Script to fetch the username/password. Disclaimer: This type of attack is basically illegal anywhere in the world. My intentions with this tutorial is to demonstrate why you should ALWAYS use a TLS connection for ANYTHING. Use for you own risk. For the purpose of responsible disclosure, I contacted Intelbras on Twitter on 11/08/2019 and let them know I expected a reply from them until 17/08/2019. If they didn’t...
Reverse Engineering cheap chinese "VRCAM" protocol
Reverse Engineering cheap chinese “VRCAM” protocol That’s not the first time I get a Chinese hardware that has some proprietary protocol that does not follow a single standard. It’s funny because when you get a VERY cheap thing, you expect to use many standards as possible to reduce the development cost, but some chinese developers just want to do it yourselves. I present you the “VRCAM” and it’s SOUP protocol (any relation to SOAP is just a mere coincidence :P) The Hardware Let’s first start with the hardware itself. It’s a 2 Megapixel sensor with 1280x960 video resolution. It features...
GOES GRB First Light!
When the GOES-16 was first announced I got interested in their GRB Downlink (although the first try was at HRIT downlink). Basically GRB is a replacement for the old PDR downlink in GOES 13/14/15 generation, which gives few advantages over the old link: Uses market standard DVB-S2 Generic Stream Have FEC (as defined by DVB-S2) Higher bandwidth Easier to receive due DVB-S2 FEC For those who don’t know, the GRB is a direct rebroadcast of GOES data, with minimum processing as possible (usually just packaged into NetCDF files with calibration parameters) and is intended for anyone that want’s to get...
Linux shim for Patching executable in run-time
Linux shim for Patching executable in run-time That’s something I already did a long time and few people know. It’s not something hard or complex to do, but few people know how easy is to make a Library Shim. First, what’s a shim? A shim is a small library that can intercept API calls transparently for a specific program / library. Basically it’s a proxy library that can transparently intercept some API calls to either change the content, monitor the data or just making a API translation. That has its variants over all Operating Systems (Linux, Mac OSX, Windows) but...