CJ Heres

Today, Google finally killed off one of our oldest rooted devices, the Chromecast. Although it wasn't the same as the gen 1, it's sad to see it go nonetheless So long old friend... blog.google/products/googl… Read about our root method from 2013 on our blog: blog.exploitee.rs/2013/chromecas…

As of a little over 2 weeks ago, I've been laid off from my previous gig and am looking for new opportunities. DM me if you have a role you think I may be a good fit for. 👁️🔬🐛

Yass, let’s go @adafruit 😍

@David3141593 I've had more recent success with this one. Apologies on the Amazon link. However I can confirm that the one you've identified no longer seems to work. Manhattan USB 2.0 Card Reader / Writer – a.co/d/agxg92T

Has anyone had success dumping emmc using a USB SD card reader? I bought the widely recommended TS-RDF5, however it enumerates as an TS-RDF5A, as opposed to TS-RDF5K. If I plug in an SD, it shows up under /dev/sdx as opposed to /dev/mmcblkx, which iiuc is the Wrong Thing

.@Exploiteers handed me a bunch of the low voltage adapters. A must have for every hardware hacker. Happy to hand some out if you find me at DEF CON!

Great presentation from @LennertWo on hacking Starlink terminals with a surprise appearance of our Low Voltage Adapter!

@jbit4n6 If you are monitoring this. Can you follow back / shoot a DM? Trying to figure out how to report something... Thanks!

Last week, I discovered (and reported) a critical bug (which has been fully patched) in @optimismPBC (a "layer 2 scaling solution" for Ethereum) that would have allowed an attacker to print arbitrary quantity of tokens, for which I won a $2,000,042 bounty. saurik.com/optimism.html

@Themariocrafter Unfortunately, no. Searched what I have, but it was 8 years and many hard drives ago...

@cj_000 Do you still have the zip file

Google TV v4, soon! Source from LG: goo.gl/uCEKvm Linux version 3.4.5 /home/work/inho.roh/gtv_platform/v4/ #GoogleTV

@oneplus @OnePlus_Support #wtf this is the $780 bill you sent to fix a SIM issue on my $400 #oneplus 8 which is only 6mo old and otherwise working

Presenting a root #jailbreak for most Roku TVs and some Roku set top boxes: github.com/llamasoft/Root… We've been working hard on this one, so I'm glad to finally be able to share it! A big thank you to ammar2 and popeax from the @Exploiteers Discord. #infosec

This is amazing

@cybergibbons @joernchen Yeah had a requirement for a box to be able to take an update at any point in its life, and date of 1970 / certs rolled. They opted to keep it in the clear vs over any type of TLS due to the multitude of problems it could cause. Meanwhile they refused to encrypt anything...

@cybergibbons @joernchen Once looked at a cheap thermostat that pinned certs, and encrypted comms via a proprietary means (inside the cert pinning). For $100, they checked the boxes of almost everything you could do right, which was awesome! Except the stupid shell with root/oemname for a logon.

@cybergibbons @joernchen Actually.. I'll one-up myself. It's on their website.... pilotaware.lode.co.uk (ironically, the update file vs the full installation image, which is a zip)

@cybergibbons @joernchen Magic of course! To be honest I didn't look at the url, but intercept/dns alterations and strip/serve a bogus cert? Are they pinning certs?

@joernchen @cybergibbons That's my bet. See a .pgp in a packet sniffer. Dismiss as probably encrypted instead of digging deeper. Yet another example of security by obscurity. Not saying it's not effective at "preventing" something trivial, better than a zip, not as good as something actually encrypted.

@cybergibbons To make it *look* secure?

@rmspeers @nolsen311 @mitch_berry Thanks - this isn't even the worst of the offenders (in terms of privilege), just the easiest to quickly find and hit over a network. Loads of silliness going on in here, but at least they encrypted the firmware updates...

@cj_000 @nolsen311 @mitch_berry Nice work! Of course it’s fcgi leading to a binary for command injection... we keep seeing that common pattern all too often!

So, turns out that Vizio exploit... plan is to release it tonight, it affects multiple models and multiple chipsets and multiple software stacks. No longer as clean as I would have liked it, but have two POC's ready to go, may need some tweaks depending on model. #exploiteers

ViziOwn - Exploiting Vizio TV’s SmartCast by @cj_000 added to our blog featuring a remote root method for #Vizio TVs with a JavaScript based PoC exploit. #ViziOwn blog.exploitee.rs/2021/viziown-e…