Tech Tips & Tricks

Fritz-Box VPN with strongswan and DS-Lite

published on
Setting up a working ipsec configuration for the fritz-box seems to be rather painful. I couldn’t make the default wizard variants work since they seem to use aggressive mode with psk and I was getting errors such as: found 1 matching config, but none allows pre-shared key authentication using Aggressive Mode It took me a while, so here are some working results from me. Hopefully your journey becomes easier then :) Read More...

Low-cost attacks on STM8 readout protection

published on
As part of my HC-12 hacking project I needed to acquire the firmware of an STM8 microcontroller that had readout protection enabled. I was long-time intrigued by fault-injection attacks, most recently triggered by this 35C3 Talk on PS2 Vita Hacking which used voltage glitching to overcome protection measures. From the STM8 reference manual: 4.5.1: Readout protection Readout protection is selected by programming the ROP option byte to 0xAA. When readout protection is enabled, reading or modifying the Flash program memory and DATA area [using the SWIM debug interface] is forbidden. Read More...

Viomi Firmware Update Analysis

published on
After rooting the Viomi V2, the question arises whether it’s safe to perform a firmware update. So we look at the filesystem diff and some of the binaries. New in 3.5.3_0045 Looking at the diff comparing 0045 with the 0044 firmware, we see some minor changes to the base system. Looking at the changes in RobotApp we can infer changed features: new properties around lifetime of filter, brush or mop multimap management clean preferences management probably some improvements in area cleaning / navigation probably some work on dynamic obstacle detection (like doors) So performing the update to 0045 should be safe and preserve your root access. Read More...