Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- Twinkly is an IoT Christmas light product. Overall, this is a cool reverse engineering process.
- The lights work with RESTful HTTP API endpoints over port 80. The Android app is also pretty trivial to reverse by analyzing the traffic.
- 'To program an ESP8266, you pull GPIO0 Low and reset the device via the RST pin which causes the device to enter its ROM based serial bootloader. This allows the device to be programmed over UART (TXD/RXD) but can also be used to read the SPI flash. This explains the test pads on the device and thus it is likely that these pads would allow for us to pull the firmware off the device or update it, but as we will see this was not required.'
- In the end, it was discovered that Home assistants were using the a protocol known as 'Message Queuing Telemetry Transport' (MQTT). It connects to a central broker using a hardcoded password in the application.
- Because any user can post to any topic, it is possible to change the lights on any of the lights! Talk about broken access control!
