Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

JS8 is a protocol for communicating over vast differences using radio. It's a text based protocol for chat.

The protocol is operates at 7MHz-14MHz, which is extremely low. At these frequencies, the E and F layers of the ionosphere reflect the radio signals. This means that line-of-sight is not important for us! Point to point can go from one spot on earth to another, which is truly amazing.

Jesse was looking at a website that parsed all JS8 traffic and displayed it. The message can literally contain anything after the callsign. So, they decided to add an HTML injection payload to their JS8 payload and it caused modification of the page! Since the page has no authentication, what could we do that would be useful?

Cosmetic change are interesting... logging requests and where the users are located... Even with this, the stored HTML injection has some impact. Overall, a classic vulnerability found in a very bizarre place.