Netgear Nighthawk R7800 : add USB camera support to create a security webcam

Posted on Wed 22 November 2017 in Article • Tagged with kernel, netgear, usb, v4l2

This article explains how to customize Nighthawk X4S firmware to add a security camera feature to this always-online & almost-always-idle device. Alternative firmwares like OpenWRT or LEDE exist, but they don't fully support all stock features yet. So instead this approach is based on modified stock firmware.

Netgear Nighthawk X4S Serious webcam

Main steps are:

  • Customize …

Continue reading

Amlogic S905 SoC: bypassing the (not so) Secure Boot to dump the BootROM

Posted on Wed 05 October 2016 in Article • Tagged with vulnerability, amlogic, arm, security, firmware, trustzone, bootrom, bug

The Amlogic S905 System-On-Chip is an ARM processor designed for video applications. It's widely used in Android/Kodi media boxes. The SoC implements the TrustZone security extensions to run a Trusted Execution Environment (TEE) that enables DRM & other security features :

S905 block diagram
Amlogic S905 System Block Diagram

The SoC contains a Secure …


Continue reading

PowerLine (PLC) support in OpenWrt for D-Link DHP-1565

Posted on Sat 20 February 2016 in Article • Tagged with PLC, dhp-1565, AR7400, openwrt

D-Link 1565 is one of the few routers which integrates a PLC (Power line Communication) chipset (in this case QCA AR7400). Unfortunately, OpenWrt does not provide support for this feature yet.

This post presents configuration steps to enable PLC support in OpenWrt for this device.

Hardware configuration

By digging into …


Continue reading

Analysis of Nexus 5 Monitor mode

Posted on Thu 25 December 2014 in Article • Tagged with arm, security, qualcomm, firmware, android, nexus, trustzone

This article will first describe how to locate the Monitor mode code in Nexus 5 firmware (hammerhead-ktu84p-factory-35ea0277, bootloader-hammerhead-hhz11k : c32f8bec310c659c1296739b00c6a8ac). Then, we will try to understand what it does (its functionalities). Finally, you will have to find bugs by yourself because I didn't find any...so far !

Note: Terms (Non-)Secure …


Continue reading

Exploitation of Philips Smart TV

Posted on Thu 13 November 2014 in Article • Tagged with mips, smarttv, libupnp, philips, exploit

This post is a translated summary of the article published for my talk at SSTIC 2014 conference (french).

My Philips Smart TV is a Linux box standing there in my living room : that's a sufficient reason to try to get root.

Debug serial port

Internet hackers have already discovered a …


Continue reading