-
Posts
638 -
Joined
-
Last visited
-
Days Won
6
Everything posted by co4ie
-
Inteleg ... "Quote This" x 6... "Post preview" nu merge (doar la mine?)... Nytro iar ai stricat forumul ..
-
What could be the best way to take over and disrupt cyber espionage campaigns? Hacking them back? Probably not. At least not when it's Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups. It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by "Fancy Bear" hacking group by using the lawsuit as a tool — the tech company cleverly hijacked some of its servers with the help of law. Microsoft used its legal team last year to sue Fancy Bear in a federal court outside Washington DC, accusing the hacking group of computer intrusion, cybersquatting, and reserving several domain names that violate Microsoft's trademarks, according to a detailed report published by the Daily Beast. Fancy Bear — also known as APT28, Sofacy, Sednit, and Pawn Storm — is a sophisticated hacking group that has been in operation since at least 2007 and has also been accused of hacking the Democratic National Committee (DNC) and Clinton Campaign in an attempt to influence the U.S. presidential election. The hacking group is believed to be associated with the GRU (General Staff Main Intelligence Directorate), Russian secret military intelligence agency, though Microsoft has not mentioned any connection between Fancy Bear and the Russian government in its lawsuit. Instead of registering generic domains for its cyber espionage operations, Fancy Bear often picked domain names that look-alike Microsoft products and services, such as livemicrosoft[.]net and rsshotmail[.]com, in order to carry out its hacking and cyber espionage campaigns. This inadvertently gave Microsoft an opportunity to drag the hacking group with "unknown members" into the court of justice. Microsoft Sinkholed Fancy Bear Domains The purpose of the lawsuit was not to bring the criminal group to the court; instead, Microsoft appealed to the court to gain the ownership of Fancy Bear domains — many of which act as command-and-control servers for various malware distributed by the group. "These servers can be thought of as the spymasters in Russia's cyber espionage, waiting patiently for contact from their malware agents in the field, then issuing encrypted instructions and accepting stolen documents," the report reads. Although Microsoft did not get the full-ownership of those domains yet, the judge last year issued a then-sealed order to domain name registrars "compelling them to alter" the DNS of at least 70 Fancy Bear domains and pointing them to Microsoft-controlled servers. Eventually, Microsoft used the lawsuit as a tool to create sinkhole domains, allowing the company's Digital Crimes Unit to actively monitor the malware infrastructures and identify potential victims. "By analyzing the traffic coming to its sinkhole, the company’s security experts have identified 122 new cyber espionage victims, whom it’s been alerting through Internet service providers," the report reads. Microsoft has appealed and is still waiting for a final default judgment against Fancy Bear, for which the hearing has been scheduled on Friday in Virginia court. Sursa
- 1 reply
-
- 1
-
Solaris, Java, have vulns that let users run riot What's big, red and has 308 patches, 30 of them critical? Oracle's quarterly patch dump Oracle's emitted its quarterly patch dump. As usual it's a whopper, with 308 security fixes to consider. Oracle uses the ten-point Common Vulnerability Scoring System Version 3.0, on which critical bugs score 9.0 or above. The Register counts 30 such bugs in this release. Not all can be laid at Oracle's door. For example, a glibc glitch is hardly Oracle's fault. Nor are the Apache Tomcat and Struts bugs that MySQL users need to squash. But a few others are Big Red boo-boos, such as CVE-2017-3632, a mess that means a remote user can exploit a flaw in the Solaris CDE Calendar component to gain elevated privileges. Lesser Solaris bugs allow DDOSing and unauthorised data alterations. Java SE has 10 critical flaws, nine of them rated 9.6. Most allow remote users to do things you'd rather they couldn't. Oracle says 28 of 32 Java vulnerabilities “may be remotely exploitable without authentication”. Oracle Retail Customer Insights and Oracle WebLogic also have critical vulns, the latter the only product to earn a perfect 10.0 severity rating for CVE-2017-10137 which allows a remote user to obtain elevated privileges. We could go on and explore the other 278 patches rated 8.9 or lower, but by now you get the idea: there's something terrifying for almost every Oracle user because even a bug rated a wimpy 5.3, such as CVE-2017-10244 discovered by Onapsis, means “attackers to exfiltrate sensitive business data without requiring a valid user account” in Oracle E-Business suite. Sursa
-
Azure Introducing Windows Azure™ for IT Professionals PDF MOBI EPUB Azure Microsoft Azure Essentials Azure Automation PDF MOBI EPUB Azure Microsoft Azure Essentials Azure Machine Learning PDF MOBI EPUB Azure Microsoft Azure Essentials Fundamentals of Azure PDF MOBI EPUB Azure Microsoft Azure Essentials Fundamentals of Azure, Second Edition PDF Azure Microsoft Azure Essentials Fundamentals of Azure, Second Edition Mobile PDF Azure Microsoft Azure Essentials Migrating SQL Server Databases to Azure – Mobile PDF Azure Microsoft Azure Essentials Migrating SQL Server Databases to Azure 8.5X11 PDF Azure Microsoft Azure ExpressRoute Guide PDF Azure Overview of Azure Active Directory DOC Azure Rapid Deployment Guide For Azure Rights Management PDF Azure Rethinking Enterprise Storage: A Hybrid Cloud Model PDF MOBI EPUB BizTalk BizTalk Server 2016 Licensing Datasheet PDF BizTalk BizTalk Server 2016 Management Pack Guide DOC Cloud Enterprise Cloud Strategy PDF MOBI EPUB Cloud Enterprise Cloud Strategy – Mobile PDF Developer .NET Microservices: Architecture for Containerized .NET Applications PDF Developer .NET Technology Guidance for Business Applications PDF Developer Building Cloud Apps with Microsoft Azure™: Best practices for DevOps, data storage, high availability, and more PDF MOBI EPUB Developer Containerized Docker Application Lifecycle with Microsoft Platform and Tools PDF Developer Creating Mobile Apps with Xamarin.Forms, Preview Edition 2 PDF MOBI EPUB Developer Creating Mobile Apps with Xamarin.Forms: Cross-platform C# programming for iOS, Android, and Windows PDF MOBI EPUB Developer Managing Agile Open-Source Software Projects with Microsoft Visual Studio Online PDF MOBI EPUB Developer Microsoft Azure Essentials Azure Web Apps for Developers PDF MOBI EPUB Developer Microsoft Platform and Tools for Mobile App Development PDF Developer Microsoft Platform and Tools for Mobile App Development – Mobile PDF Developer Moving to Microsoft® Visual Studio® 2010 XPS PDF MOBI EPUB Developer Programming Windows 8 Apps with HTML, CSS, and JavaScript PDF MOBI EPUB Developer Programming Windows Store Apps with HTML, CSS, and JavaScript, Second Edition PDF MOBI EPUB Developer Programming Windows® Phone 7 (Special Excerpt 2) XPS PDF Developer Team Foundation Server to Visual Studio Team Services Migration Guide PDF Dynamics 5 cool things you can do with CRM for tablets PDF Dynamics Create Custom Analytics in Dynamics 365 with Power BI PDF Dynamics Create of Customize System Dashboards PDF Dynamics Create Your First CRM Marketing Campaign PDF Dynamics CRM Basics for Outlook basics PDF Dynamics CRM Basics for Sales Pros and Service Reps PDF Dynamics Give Great Customer Service with CRM PDF Dynamics Go Mobile with CRM for Phones – Express PDF Dynamics Go Mobile with CRM for Tablets PDF Dynamics Import Contacts into CRM PDF Dynamics Introducing Microsoft Social Engagement PDF Dynamics Introduction to Business Processes PDF Dynamics Meet Your Service Goals with SLAs and Entitlements PDF Dynamics Microsoft Dynamics CRM 2016 Interactive Service Hub User Guide PDF Dynamics Microsoft Dynamics CRM 2016 On-Premises Volume Licensing and Pricing Guide PDF Dynamics Microsoft Dynamics CRM for Outlook Installing Guide for use with Microsoft Dynamics CRM Online PDF Dynamics Microsoft Dynamics CRM Resource Guide 2015 PDF Dynamics Microsoft Social Engagement for CRM PDF Dynamics Product Overview and Capability Guide Microsoft Dynamics NAV 2016 PDF Dynamics RAP as a Service for Dynamics CRM PDF Dynamics Set Up A Social Engagement Search For Your Product PDF Dynamics Social is for Closers PDF Dynamics Start Working in CRM PDF Dynamics Your Brand Sux PDF General 10 essential tips and tools for mobile working PDF General An employee’s guide to healthy computing PDF General Guide for People who have Language or Communication Disabilities DOC General Guide for People who have Learning Disabilities DOC Licensing Introduction to Per Core Licensing and Basic Definitions PDF Licensing Licensing Windows and Microsoft Office for use on the Macintosh PDF Licensing VLSC Software Assurance Guide PDF Licensing Windows Server 2016 and System Center 2016 Pricing and Licensing FAQs PDF Office Access 2013 Keyboard Shortcuts PDF Office Azure AD/Office 365 seamless sign-in PDF Office Content Encryption in Microsoft Office 365 PDF Office Controlling Access to Office 365 and Protecting Content on Devices PDF Office Customize Word 2013 Keyboard Shortcuts PDF Office Data Resiliency in Microsoft Office 365 PDF Office Excel 2013 Keyboard Shortcuts PDF Office Excel 2016 keyboard shortcuts and function keys DOC Office Excel Online Keyboard Shortcuts PDF Office File Protection Solutions in Office 365 PDF Office First Look: Microsoft® Office 2010 XPS PDF Office Get Started With Microsoft OneDrive PDF Office Get Started With Microsoft Project Online PDF Office Getting started with MyAnalytics DOC Office How To Recover That Un-Saved Office Document PDF Office InfoPath 2013 Keyboard Shortcuts PDF Office Keyboard shortcuts for Microsoft Outlook 2013 and 2016 DOC Office Keyboard shortcuts for Microsoft Word 2016 for Windows DOC Office Licensing Microsoft Office 365 ProPlus Subscription Service in Volume Licensing PDF Office Licensing Microsoft Office software in Volume Licensing PDF Office Microsoft Access 2013 Quick Start Guide PDF Office Microsoft Classroom Deployment PDF Office Microsoft Excel 2013 Quick Start Guide PDF Office Microsoft Excel 2016 for Mac Quick Start Guide PDF Office Microsoft Excel 2016 Quick Start Guide PDF Office Microsoft Excel Mobile Quick Start Guide PDF Office Microsoft Excel VLOOKUP Troubleshooting Tips PDF Office Microsoft OneNote 2013 Quick Start Guide PDF Office Microsoft OneNote 2016 for Mac Quick Start Guide PDF Office Microsoft OneNote 2016 Quick Start Guide PDF Office Microsoft OneNote 2016 Tips and Tricks PDF Office Microsoft OneNote Mobile Quick Start Guide PDF Office Microsoft Outlook 2013 Quick Start Guide PDF Office Microsoft Outlook 2016 for Mac Quick Start Guide PDF Office Microsoft Outlook 2016 Quick Start Guide PDF Office Microsoft Outlook 2016 Tips and Tricks PDF Office Microsoft Powerpoint 2013 Quick Start Guide PDF Office Microsoft PowerPoint 2016 for Mac Quick Start Guide PDF Office Microsoft PowerPoint 2016 for Mac Quick Start Guide PDF Office Microsoft PowerPoint Mobile Quick Start Guide PDF Office Microsoft Project 2013 Quick Start Guide PDF Office Microsoft Publisher 2013 Quick Start Guide PDF Office Microsoft Visio 2013 Quick Start Guide PDF Office Microsoft Word 2013 Quick Start Guide PDF Office Microsoft Word 2016 for Mac Quick Start Guide PDF Office Microsoft Word 2016 Quick Start Guide PDF Office Microsoft Word Mobile Quick Start Guide PDF Office Microsoft® Office 365: Connect and Collaborate Virtually Anywhere, Anytime PDF Office Monitoring and protecting sensitive data in Office 365 DOC Office Office 365 Dedicated Platform vNext Service Release PDF Office Office 365 Licensing Brief PDF Office OneNote 2013 Keyboard Shortcuts PDF Office OneNote Online Keyboard Shortcuts PDF Office Outlook 2013 Keyboard Shortcuts PDF Office Outlook Web App Keyboard Shortcuts PDF Office Own Your Future: Update Your Skills with Resources and Career Ideas from Microsoft® XPS PDF MOBI EPUB Office PowerPoint Online Keyboard Shortcuts PDF Office Project 2013 Keyboard Shortcuts PDF Office Publisher 2013 Keyboard Shortcuts PDF Office Security and Privacy For Microsoft Office 2010 Users PDF MOBI EPUB Office Security Incident Management in Microsoft Office 365 PDF PDF Office SharePoint Online Dedicated & OneDrive for Business Dedicated vNext Service Release PDF Office Skype for Business User Tips & Tricks for Anyone PDF Office Switching from Google Apps to Office 365 for business PDF Office Tenant Isolation in Microsoft Office 365 PDF Office Visio 2013 Keyboard Shortcuts PDF Office Windows 10 Tips and Tricks PDF Office Word 2013 Keyboard Shortcuts PDF Office Word Online Keyboard Shortcuts PDF Office Working with SmartArt Graphics Keyboard Shortcuts PDF Power BI Ask, find, and act—harnessing the power of Cortana and Power BI DOC Power BI Bidirectional cross-filtering in SQL Server Analysis Services 2016 and Power BI Desktop DOC Power BI Configuring Power BI mobile apps with Microsoft Intune DOC Power BI Getting started with the Power BI for Android app DOC Power BI Getting Started with the Power BI for iOS app DOC Power BI How to plan capacity for embedded analytics with Power BI Premium PDF Power BI Introducing Microsoft Power BI PDF Power BI Introducing Microsoft Power BI – Mobile PDF Power BI Microsoft Power BI Premium Whitepaper PDF Power BI Power BI mobile apps—enabling data analytics on the go DOC Power BI Propelling digital transformation in manufacturing operations with Power BI DOC Power BI Using Power BI to visualize data insights from Microsoft Dynamics CRM Online DOC PowerShell Microsoft Dynamics GP 2015 R2 PowerShell Users Guide PDF PowerShell PowerShell Integrated Scripting Environment 3.0 PDF PowerShell Simplify Group Policy administration with Windows PowerShell PDF PowerShell Windows PowerShell 3.0 Examples PDF PowerShell Windows PowerShell 3.0 Language Quick Reference PDF PowerShell WINDOWS POWERSHELL 4.0 LANGUAGE QUICK REFERENCE PDF PowerShell Windows PowerShell 4.0 Language Reference Examples PDF PowerShell Windows PowerShell Command Builder User’s Guide PDF PowerShell Windows PowerShell Desired State Configuration Quick Reference PDF PowerShell WINDOWS POWERSHELL INTEGRATED SCRIPTING ENVIRONMENT 4.0 PDF PowerShell Windows PowerShell Web Access PDF PowerShell WMI in PowerShell 3.0 PDF PowerShell WMI in Windows PowerShell 4.0 PDF SharePoint Configuring Microsoft SharePoint Hybrid Capabilities PDF SharePoint Configuring Microsoft SharePoint Hybrid Capabilities – Mobile PDF SharePoint Deployment guide for Microsoft SharePoint 2013 PDF SharePoint Microsoft SharePoint Server 2016 Architectural Models PDF SharePoint Planning and Preparing for Microsoft SharePoint Hybrid – 8.5 X 11 PDF SharePoint Planning and Preparing for Microsoft SharePoint Hybrid – Mobile PDF SharePoint RAP as a Service for SharePoint Server PDF SharePoint SharePoint Online Dedicated Service Description PDF SharePoint SharePoint Products Keyboard Shortcuts PDF SharePoint SharePoint Server 2016 Databases – Quick Reference Guide PDF SharePoint SharePoint Server 2016 Quick Start Guide PDF SQL Server 5 Tips For A Smooth SSIS Upgrade to SQL Server 2012 PDF SQL Server Backup and Restore of SQL Server Databases PDF SQL Server Data Science with Microsoft SQL Server 2016 PDF SQL Server Deeper insights across data with SQL Server 2016 – Technical White Paper PDF SQL Server Deploying SQL Server 2016 PowerPivot and Power View in a Multi-Tier SharePoint 2016 Farm DOC SQL Server Deploying SQL Server 2016 PowerPivot and Power View in SharePoint 2016 DOC SQL Server Guide to Migrating from Oracle to SQL Server 2014 and Azure SQL Database PDF SQL Server Introducing Microsoft Azure™ HDInsight™ PDF MOBI EPUB SQL Server Introducing Microsoft Data Warehouse Fast Track for SQL Server 2016 PDF SQL Server Introducing Microsoft SQL Server 2012 PDF MOBI EPUB SQL Server Introducing Microsoft SQL Server 2014 PDF MOBI EPUB SQL Server Introducing Microsoft SQL Server 2016: Mission-Critical Applications, Deeper Insights, Hyperscale Cloud, Preview 2 PDF MOBI EPUB SQL Server Introducing Microsoft SQL Server 2016: Mission-Critical Applications, Deeper Insights, Hyperscale Cloud, Preview 2 – Mobile PDF SQL Server Introducing Microsoft Technologies for Data Storage, Movement and Transformation DOC SQL Server Introducing Microsoft® SQL Server® 2008 R2 XPS PDF MOBI EPUB SQL Server Microsoft SharePoint Server 2016 Reviewer’s Guide PDF SQL Server Microsoft SQL Server 2012 Tutorials: Analysis Services – Data Mining Step-by-Step PDF SQL Server Microsoft SQL Server 2012 Tutorials: Analysis Services – Multidimensional Modeling Step-by-Step PDF SQL Server Microsoft SQL Server 2012 Tutorials: Reporting Services Quick Step-by-Step PDF SQL Server Microsoft SQL Server 2012 Tutorials: Writing Transact-SQL-Statements PDF SQL Server Microsoft SQL Server 2014 Licensing Guide PDF SQL Server Microsoft SQL Server 2016 Licensing Datasheet PDF SQL Server Microsoft SQL Server 2016 Licensing Guide PDF SQL Server Microsoft SQL Server 2016 Mission-Critical Performance Technical White Paper PDF SQL Server Microsoft SQL Server 2016 New Innovations PDF SQL Server Microsoft SQL Server 2016 SP1 Editions PDF SQL Server Microsoft SQL Server In-Memory OLTP and Columnstore Feature Comparison PDF SQL Server RAP as a Service for SQL Server PDF SQL Server SQLCAT’s Guide to: Relational Engine PDF SQL Server Xquery Language Reference PDF Surface Surface Book User Guide PDF Surface Surface Pro 4 User Guide PDF System Center Guide to Microsoft System Center Management Pack for SQL Server 2016 Reporting Services (Native Mode) DOC System Center Guide to System Center Management Pack for Windows Print Server 2016 DOC System Center Introducing Microsoft System Center 2012 R2 PDF MOBI EPUB System Center Microsoft System Center Building a Virtualized Network Solution, Second Edition PDF MOBI EPUB System Center Microsoft System Center Data Protection for the Hybrid Cloud PDF MOBI EPUB System Center Microsoft System Center Deploying Hyper-V with Software-Defined Storage & Networking PDF MOBI EPUB System Center Microsoft System Center Extending Operations Manager Reporting PDF MOBI EPUB System Center Microsoft System Center Introduction to Microsoft Automation Solutions PDF MOBI EPUB System Center Microsoft System Center Operations Manager Field Experience PDF MOBI EPUB System Center Microsoft System Center Software Update Management Field Experience PDF MOBI EPUB System Center Microsoft System Center: Building a Virtualized Network Solution PDF MOBI EPUB System Center Microsoft System Center: Cloud Management with App Controller PDF MOBI EPUB System Center Microsoft System Center: Configuration Manager Field Experience PDF MOBI EPUB System Center Microsoft System Center: Designing Orchestrator Runbooks PDF MOBI EPUB System Center Microsoft System Center: Integrated Cloud Platform PDF MOBI EPUB System Center Microsoft System Center: Network Virtualization and Cloud Computing PDF MOBI EPUB System Center Microsoft System Center: Optimizing Service Manager PDF MOBI EPUB System Center Microsoft System Center: Troubleshooting Configuration Manager PDF MOBI EPUB System Center What’s new in System Center 2016 White Paper PDF Virtualization Understanding Microsoft Virtualizaton R2 Solutions XPS PDF Windows Client Deploying Windows 10: Automating deployment by using System Center Configuration Manager PDF MOBI EPUB Windows Client Deploying Windows 10: Automating deployment by using System Center Configuration Manager – Mobile PDF Windows Client Getting the most out of Microsoft Edge DOC Windows Client Introducing Windows 10 for IT Professionals PDF MOBI EPUB Windows Client Introducing Windows 10 for IT Professionals, Preview Edition PDF MOBI EPUB Windows Client Introducing Windows 8.1 for IT Professionals PDF MOBI EPUB Windows Client Introducing Windows 8: An Overview for IT Professionals PDF MOBI EPUB Windows Client Licensing Windows desktop operating system for use with virtual machines PDF Windows Client Protecting your data with Windows 10 BitLocker DOC Windows Client RAP as a Service for Windows Desktop PDF Windows Client Shortcut Keys for Windows 10 DOC Windows Client Use Reset to restore your Windows 10 PC DOC Windows Client Volume Licensing Reference Guide Windows 10 Desktop Operating System PDF Windows Client Windows 10 IT Pro Essentials Support Secrets PDF PDF MOBI EPUB Windows Client Windows 10 IT Pro Essentials Top 10 Tools PDF MOBI EPUB Windows Client Windows 10 IT Pro Essentials Top 10 Tools – Mobile PDF Windows Client Work Smart: Windows 8 Shortcut Keys PDF Windows Server Automating Windows Server 2016 configuration with PowerShell and DSC DOC Windows Server Introducing Windows Server 2008 R2 XPS PDF MOBI EPUB Windows Server Introducing Windows Server 2012 PDF MOBI MOBI EPUB EPUB Windows Server Introducing Windows Server 2012 R2 PDF MOBI EPUB Windows Server Introducing Windows Server 2016 PDF Windows Server Introducing Windows Server 2016 – Mobile PDF Windows Server Introducing Windows Server 2016 Technical Preview PDF Windows Server Introducing Windows Server 2016 Technical Preview – Mobile PDF Windows Server Introducing Windows Server® 2012 R2 Preview Release PDF MOBI EPUB Windows Server Offline Assessment for Active Directory PDF Windows Server RAP as a Service for Active Directory PDF Windows Server RAP as a Service for Failover Cluster PDF Windows Server RAP as a Service for Internet Information Services PDF Windows Server RAP as a Service for Windows Server Hyper-V PDF Windows Server Windows Server 2016 Licensing PDF Sursa
-
Reverse Engineering a 433MHz Motorised Blind RF Protocol I’ve been doing a fair bit of DIY home automation hacking lately across many different devices - mostly interested in adding DIY homekit integrations. A couple of months ago, my dad purchased a bulk order of RAEX 433MHz RF motorised blinds to install around the house, replacing our existing manual roller blinds. Note: These blinds are the same model sold at Spotlight under the name Motion Motorised Roller Blind The blinds are a fantastic addition to the house, and allow me to be super lazy opening/closing my windows, however in order to control them you need to purchase the RAEX brand remotes. RAEX manufacture many different types of remotes, of which, I have access to two of the types, depicted below: R Type Remote (YRL2016) X Type Remote (YR3144) Having a remote in every room of the house isn’t feasible, since many channels would be unused on these remotes and thus a waste of $$$ purchasing all the remotes. Instead, multiple rooms are programmed onto the same remote. Unfortunately due to this, remotes are highly contended for. An alternate solution to using the RAEX remotes is to use a piece of hardware called the RM Pro. This allows you to control the remotes via your smartphone using their app The app is slow, buggy and for me, doesn’t fit well into the home-automation ecosystem. I want my roller blinds to be accessible via Apple Homekit. In order to control these blinds, I knew I’d need to either: Reverse engineer how the RM Pro App communicated with the RM Pro and piggy-back onto this Reverse engineer the RF protocol the remotes used to communicate with the blinds. I attempted option 1 for a little while, but ruled it out as I was unable to intercept the traffic used to communicate between the iPhone and the hub. Therefore, I began my adventure to reverse engineer the RF protocol. I purchased a 433MHz transmitter/receiver pair for Arduino on Ebay. In case that link stops working, try searching Ebay for 433Mhz RF transmitter receiver link kit for Arduino. Initial Research A handful of Google searches didn’t yield many results for finding a technical specification of the protocol RAEX were using. I could not find any technical specification of the protocol via FCC or patent lookup Emailed RM Pro to obtain technical specification; they did not understand my English. Emailed RAEX to obtain technical specification; they would not release without confidentiality agreement. I did find that RFXTRX was able to control the blind via their BlindsT4 mode, which appears to also work for Outlook Motion Blinds. After opening one of the remotes and identifying the micro-controllers in use, I was unable to find any documentation explaining a generic RF encoding scheme being used. It may have been possible to reverse engineer the firmware on a remote by taking an I2C dump of the ROM chip. It seems similar remotes allow dumping at any point after boot Capturing the data Once my package had arrived I hooked up the receiver to an Arduino and began searching for an Arduino sketch that could capture the data being transmitted. I tried many things that all failed, however eventually found one that appeared to capture the data. Once I captured what I deemed to be enough data, I began analysing it. It was really difficult to make any sense of this data, and I didn’t even know if what had been captured was correct. I did some further reading and read a few RF reverse engineering write-ups. A lot of them experimented with the idea of using Audacity to capture the signal via the receiver plugged into the microphone port of the computer. I thought, why not, and began working on this. This captures a lot of data. I captured 4 different R type remotes, along with 2 different X type remotes, and to make things even more fun, 8 different devices pairings from the Broadlink RM Pro (B type). From this, I was able to determine a few things The transmissions did not have a rolling code. Therefore, I could simply replay captured signals and make the blind do the exact same thing each time. This would be the worst-case scenario if I could not reverse engineer the protocol. The transmissions were repeated at least 3 times (changed depending on the remote type being used) Zooming into the waveform, we can see the different parts of a captured transmission. This example below is the capture of Remote 1, Channel 1, for the pairing action: Zooming in: In the zoomed image you can see that the transmission begins with a oscillating 0101 AGC pattern, followed by a further double width preamble pattern, followed by a longer header pattern, and then by data. This preamble, header and data is repeated 3 times for R type remotes (The AGC pattern is only sent once at the beginning of transmission). This can be seen in the first image. Looking at this data won’t be too useful. I need a way to turn it digital and analyse the bits and determine some patterns between different remotes, channels and actions. Decoding the waveform. We need to determine how the waveform is encoded. It’s very common for these kinds of hardware applications to use one of the following: Manchester Encoding, Tri-State/Tri-bit Encoding, Additional info PWM Encoding Raw? high long = 11, high short = 1, low long = 00, low short = 0? By doing some research, I was able to determine that the encoding used was most likely manchester encoding. Let’s keep this in mind for later. Digitising the data I began processing the data as the raw scheme outlined above (even though I believed it was manchester). The reason for this is that if it happened to not be manchester, I could try decode it again with another scheme. (Also writing out raw by hand was easier than doing manchester decoding in my head). I wrote out each capture into a Google Sheets spreadsheet. It took about 5 minutes to write out each action for each channel, and there were 6 channels per remote. I began to think this would take a while to actually get enough data to analyse. (Considering I had 160 captures to digitise) I stopped once I collected all actions from 8 different channels across 2 remotes. This gave me 32 captures to play with. From this much data, I was able to infer a few things about the raw bits: Some bits changed per channel Some bits changed per remote. Some bits changed seemingly randomly for each channel/remote/action combination. Could this be some sort of checksum? I still needed more data, but I had way too many captures to decode by hand. In order to get anywhere with this, I needed a script to process WAV files I captured via Audacity. I wrote a script that detected headers and extracted data as its raw encoding equivalent (as I had been doing by hand). This script produced output in JSON so I could add additional metadata and cross-check the captures with the waveform: [ { "filename": "/Users/nickw/Dropbox/RF_Blinds/Export_Audio2/tracks2/R1_CH1.wav", "captures": [ { "data": "01100101100110011001100101101001011010010110011010011010101010101010101010011001101010101010101010101010101", "header_pos": 15751, "preamble_pos": 15071 }, { "data": "01100101100110011001100101101001011010010110011010100110101010101001101010011001101010101010101010101010101", "header_pos": 46307, "preamble_pos": 45628 }, { "data": "01100101100110011001100101101001011010010110011010010110101010101010011010011001101010101010101010101010101", "header_pos": 73514, "preamble_pos": 72836 }, { "data": "01100101100110011001100101101001011010010110011010101010101010100101010101101001011010101010101010101010101", "header_pos": 103575, "preamble_pos": 102895 } ] } ] Once verified, I tabulated this data and inserted it into my spreadsheet for further processing. Unfortunately there was too many bits per capture to keep myself sane: I decided it would be best if I decoded this as manchester. To do this, I wrote a script that processes the raw capture data into manchester (or other encoding types). Migrating this data into my spreadsheet, it begins to make a lot more sense. Looking at this data we can immediately see some relationship between the bits and their purpose: 6 bits for channel (C) 2 bits for action (A) 6 bits for some checksum, appears to be a function of action and channel. F(A, C) Changes when action changes Changes when channel changes. Cannot be certain it changes across remotes, since no channels are equal. 1 bit appears to be a function of Action F(A) 1 bit appears to be a function of F(A), thus, G(F(A)). It changes depending on F(A)’s value, sometimes 1-1 mapping, sometimes inverse mapping. After some further investigation, I determined that for the same remote and channel, for each different action, the F(A, C) increased by 1. (if you consider the bits to be big-endian.). Looking a bit more into this, I also determined that for adjacent channels, the bits associated with C(Channel) count upwards/backwards (X type remotes count upwards, R type remotes count backward). Additionally F(C) also increases/decreases together. Pay attention to the C column. From this, I can confirm a relationship between F(A, C) and C, such that F(A, C) = F(PAIR, C0) == F(PAIR, C1) ± 1. After this discovery, I also determine that there’s another mathematical relationship between F(A, C) and A (Action). Making More Data From the information we’ve now gathered, it seems plausible that we can create new remotes by changing 6 bits of channel data, and mutating the checksum accordingly, following the mathematical relationship we found above. This means we can generate 64 channels from a single seed channel. This many channels is enough to control all the blinds in the house, however I really wanted to fully decode the checksum field and in turn, be able to generate an (almost) infinite amount of remotes. I wrote a tool to output all channels for a seed capture: ./remote-gen generate 01000110110100100001010110111111111010101 ... My reasoning behind generating more data was that maybe we could determine how the checksum is formed if we can view different remotes on the same channel. I.e. R0CH0, R1CH0, X1CH0, etc… Essentially what I wanted to do was solve the following equation’s function G: F(ACTION_PAIR, CH0) == G(F(ACTION_PAIR, CH0)) However, looking at all Channel 0’s PAIR captures, the checksum still appeared to be totally jumbled/random: Whilst looking at this data, however, another pattern stands out. G(F(A)) sits an entire byte offset (8 bits) away from F(A). Additionally the first 2 bits of F(A, C) sit at the byte boundary and also align with A (Action). As Action increases, so does F(A, C). Lets line up all the bits at their byte boundaries and see what prevails: Colours denoting byte boundaries Aligned boundaries From here, we need to determine some function that produces the known checksum based on the first 4 bytes. Initially I try to do XOR across the bytes: Not so successful. The output appears random and XOR’ing the output with the checksum does not produce a constant key. Therefore, I deduce the checksum isn’t produced via XOR. How about mathematical addition? We’ve already seen some addition/subtraction relationship above. This appeared to be more promising - there was a constant difference between channels for identical type remotes. Could this constant be different across different type remotes because my generation program had a bug? Were we not wrapping the correct number of bits or using the wrong byte boundaries when mutating the channel or checksum? It turns out that this was the reason 😑. Solving the Checksum Looking at the original captures, and performing the same modulo additions, we determine the checksum is computed by adding the leading 4 bytes and adding 3. I can’t determine why a 3 is used here, other than RAEX wanting to make decoding their checksum more difficult or to ensure a correct transmission pattern. I refactored my application to handle the boundaries we had just identified: type RemoteCode struct { LeadingBit uint // Single bit Channel uint8 Remote uint16 Action uint8 Checksum uint8 } Looking at the data like this began to make more sense. It turns out that F(A) wasn’t a function of A(Action), it was actually part of the action data being transmitted: type BlindAction struct { Name string Value uint8 } var validActions = []BlindAction{ BlindAction{Value: 127, Name: "PAIR"}, BlindAction{Value: 252, Name: "DOWN"}, BlindAction{Value: 253, Name: "STOP"}, BlindAction{Value: 254, Name: "UP"}, Additionally, the fact there is a split between channel and remote probably isn’t necessary. Instead this could just be an arbitrary 24 bit integer, however it is easier to work with splitting it up as an 8 bit int and a 16 bit int. Based on this, I can deduce that the protocol has room for 2^24 remotes (~16.7 million)! That’s a lot of blinds! I formally write out the checksum function: func (r *RemoteCode) GuessChecksum() uint8 { return r.Channel + r.Remote.GetHigh() + r.Remote.GetLow() + r.Action.Value + 3 } Additional Tooling My remote-gen program was good for the purpose of generating codes using a seed remote (although, incorrect due to wrapping issues), however it now needed some additional functionality. I needed a way to extract information from the captures and verify that all their checksums align with our rule-set for generating checksums. I wrote an info command: ./remote-gen info 00010001110001001101010111011111101010100 --validate Channel: 196 Remote: 54673 Action: STOP Checksum: 42 Guessed Checksum: 42 Running with --validate exits with an error if the guessed checksum != checksum. Running this across all of our captures proved that our checksum function was correct. Another piece of functionality the tool needed was the ability to generate arbitrary codes to create our own remotes: ./remote-gen create --channel=196 --remote=54654 --verbose 00010001101111110101010111111111010011001 Action: PAIR 00010001101111110101010110011111101101000 Action: DOWN 00010001101111110101010111011111111101000 Action: STOP 00010001101111110101010110111111100011000 Action: UP I now can generate any remote I deem necessary using this tool. Wrapping Up There you have it, that’s how I reverse engineered an unknown protocol. I plan to follow up this post with some additional home-automation oriented blog posts in the future. From here I’m going to need to build my transmitter to transmit my new, generated codes and build an interface into homekit for this via my homebridge program. You can view all the work related to this project in the nickw444/homekit/blindkit repo. Sursa
-
U still gay as fuck ... ia da 2 clickuri pe text "din greseala" sa vezi ce repede te arunca in "reply to thread" cu textul quoted.. dupa tre sa il stergi ca deh nu voiai reply ci doar sa dai clickuri de nebun 1 world problems:D
-
Pe mine chiar ma deranjeaza "Quote This" ... dau click-uri ca nebunul pe pagini cand citesc, selectez text si ma dispera de fiecare data cand apare...
-
Adaptoare Wireless L-Link la puterea de 2W
co4ie replied to WiFi_Team's topic in Wireless Pentesting
180 ron acum un an si ceva... cat despre antene habar nu am... nu am cautat nimic mai puternic pt ca isi face treaba f bine cu cele stock ! Sent from my GT-I9300 using Tapatalk -
@coffee: Ai fi surprins ... majoritatea routerelor de la romtelecom de exemplu vin cu parole standard pe wpa/2 , cu un passlist/mask in 16 ore cu cudahashcat si GeForce GTX 660M 2bg am prin 3 parole ... intradevar putea dura mult mai mult si am avut noroc mare dar se mai intampla !
-
@sorelian conditia se aplica doar daca nu vrei sa stai 10000000 de ani ... poti folosi hashcat si doar cu procesorul din dotare ! daca ai placa dedicata asta nu inseamna ca are cuda sau ocl si daca nu detii asa ceva sansele ca sa spargi o parola cu mask sau direct bruteforce sunt extrem de mici (dar nu e imposibil ... daca ai un passlist decent) "doar masochistii se chinuie sa scrie comenzile astea multe in konsola" ... we love pain ... we love struggle ... cuz what doesn`t kill you makes you stronger !!
-
Fucking finally ... thx Sent from my GT-I9300 using Tapatalk
-
LINK citeste in link-ul de mai sus... desi nu cred ca o sa reusesti sa faci ce ti-ai propus ... Solutia pe scurt e: foloste wpa_suplicant sa te conectezi la retea cu pinul obtinut ..
-
esti prost ? LE: era o intrebare retorica ... nu trebuie sa raspunzi LE2: (defapt e LE1) ahahahahhahaha deja ma cracanez de ras ...
-
@tedeus dar de ce nu faci tu ? [inteleg de ce vrei sa faca altii ... dar totusi ... lasa-ne "vere" ca in afara de 5 pagini de offtopic si alte cacaturi de genu nu ai contribuit la forum (sau cel putin cu nick`ul asta)] // edit: fara insulte
-
@garryone omul a zis ca e routerul lui ( da da da ... bullshit ) ... @sulea... Din start ai inceput gresit ... daca tu incerci sa spargi ceva fara sa intelegi mecanismul din spatele "sistemului" deja ai plecat pe un traseu gresit ... Ca "sfat" pt tine si restul care fac aceeasi greseala ... Luati in pula mea si puneti mana pe carte, ca fara teorie nu faceti nici un cacat in domeniul asta (a.k.a. informatica de orice fel)!!! btw: daca ar fi dupa mine a-ti lua "ban" toti care dati mura`n gura si nu impingeti lumea spre teorie si lucrurile cre sunt cu adevarat de invatat .... si pe langa voi ar lua ban toti care vin aici si intreaba inainte de a se informa despre ce pula lor vor sa faca ... cacatu de gogu e la degetele voastre .. eu chiar nu inteleg cu cacat nu reusiti sa faceti ce v-ati propus ... Offtopic: @Nytro: sezi ( Good Boy )
-
In timp ce incerci sa aduni pachetele ai un alt pc conectat la wifi ? Lasa fern si goyscrit... ia si fa manual totul si vei descoperi mult mai usor problema !! tutoriale: aircrack 1 aircrack 2 aircrack 3 toate cacaturile de scripturi folosesc aircrack dar cea mai simpla metoda ramane sa faci totul manual !!
-
Spam: Care dintre voi se pricepe la modificat BIOS ?? Sau care stie ceva mai mult decat mine pe acest subiect ??? PM sau reply in thread ! acer emachines e725 , BIOS Vendor "eMachines " BIOS Vension "V3.10" -- BIOS Instalat : KAWF0310_UlkMenus_ByCamiloml Release Date "11/04/2010" BIOS-ul nu este cel Original ... are in plus tab-ul advanced unde se gaseste doar: ASF Configuration cu 4 optiuni : -mini watchdog timeout -bios boot timeout -os boot timeout -power-on wait timeout Pe mine ma intereseaza functia de Wake on lan ... nu am gasit nicaieri nici un alt bios modat ... singurul lucru pe care il pot face este sa incerc sa ii dau de cap singur si cum problema imi depaseste capacitatile cer ajutorul vostru !! Fara reply-uri inutile !
-
Probabil esti prea departe de AP ... incearca sa te folosesti de cat mai multe detalii in reaver inclusiv canalul si essid-ul retelei, pune si -w (sa simuleze conectarea din windows) , -a pt a detecta automat setarile pt acel ap .... combina optiunile pana cand gasesti o configuratie care sa functioneze !
-
5 min... am anuntat din timp ca sa vedeti toti...
-
Nytro prezinta @Defcamp 2013 Live streaming: Transmisii live (distinct.ro)
-
@bubu2005 intrebarea este corecta si raspunsul este corect ... daca o citesti cum trebuie raspunsul corect este C pt ca nu ai voie sa mergi (inapoi) mai mult de 50m pe raza indicatorului "sens unic" ! Si da ... daca te opresti din 50 in 50 m este valida manevra (am avut o problema de genul si politistul stia legea...)
-
Adaptoare Wireless L-Link la puterea de 2W
co4ie replied to WiFi_Team's topic in Wireless Pentesting
Modelul: LL-1002 am eu ... merita ! -
[Video] Automated Wep Cracking With Wiffy Script
co4ie replied to Nytro's topic in Wireless Pentesting
verifica permisiunile scriptului.. chmod +x script -
xsser si xssme si xenotix ... altceva?