[ Also available at https://lucasteske.dev/2020/06/hacking-a-esp32-into-fpga-board ]
Last year I saw a russian guy that found out that this cheap board (US$15~) had an Lattice ECP5 FPGA, which is compatible with Open Source Tool-chains for synthesis. He was running a RISC-V Core inside that and piping the serial through the ethernet ports. I wanted to get one and start playing by myself.
These boards are relatively cheap, about US$15 and contains a Lattice ECP5 FPGA ( LFE5U-25F-6BG381C ), 4MB DRAM, Two Gigabit Ethernet and several level shifters for I/O. This is good because:
[ Also available https://lucasteske.dev/2020/05/hack-a-sat-talk-to-me-goose/ ]
This challenge is just after the “Can you hear me now?” challenge (see https://medium.com/@lucasteske/hack-a-sat-can-you-hear-me-now-c6f68ed6086b ). Now LaunchDotCom has a new Satellite called Carnac 2.0.
There are two attached files. The first one is the manual of the satellite in which we can see the onboard equipment:
[ Also available at https://lucasteske.dev/2020/05/hack-a-sat-phasors-to-stun/ ]
I got really excited about it because its a SDR one. And everyone that knows me know that I love SDR stuff.
The zip file itself contains a wav file which they told us is not an audio but an radio signal
[ Also available at https://lucasteske.dev/2020/05/hack-a-sat-can-you-hear-me-now/ ]
That challenged asked us to decode a Telemetry data that was being sent over a TCP port. If you open the netcat, the following happen:
[ Also available at https://lucasteske.dev/2019/12/integrating-hacked-touch-panel-into-home-assistant/ ]
In the previous article I showed a simple hack of a chinese Touch Panel. Now I have successfully integrated it Home Assistant and I’m able to turn my room light on / off. Here is how.
From now on I will assume you have ESPHome working on your machine and Home Assistant configured. ESPHome is very easy to install if you have python pip:
pip install esphome
Should install everything you need.
First let’s create our project. I will call it
Check the comments in this file to change the required…
[ Also available at https://lucasteske.dev/2019/12/hacking-dimmer-touch-panel-with-esp8266/ ]
I bought two of these LED Touch Panel Dimmers in Banggood and they look pretty good. But since my house automation has its own way to controlling the lights I wonder if I could hack them to send info to Home Assistant.
The first thing I opened one of them to check what’s inside. It has two boards connected by a Flat Cable
DISCLAIMER: This procedure is highly ilegal basically anywhere in the world. Be sure to run this in a closed RF environment (aka Faraday Cage)
This article works with any LimeSDR version.
[ Also available at https://lucasteske.dev/2019/12/creating-your-own-gsm-network-with-limesdr/ ]
For this example we will use the Osmocom GSM Stack in the NITB (Network in the box) mode. In this mode the phones connected to you BTS will be able to call each other and send SMS messages. There is also the Interconnect mode in which the BSC (Base Station Controller) connects to a ISDN or IPBX (for example Asterisk) to manage the…
How to perform a very simple MitM Attack on a Intelbras/Dahua IP Cameras / DVR. This uses Ettercap to do an ARP Poison and a simple GoLang Script to fetch the username/password.
Disclaimer: This type of attack is basically illegal anywhere in the world. My intentions with this tutorial is to demonstrate why you should ALWAYS use a TLS connection for ANYTHING. Use for you own risk.
For the purpose of responsible disclosure, I contacted Intelbras on Twitter on 11/08/2019 and let them know I expected a reply from them until 17/08/2019. …
That’s not the first time I get a Chinese hardware that has some proprietary protocol that does not follow a single standard. It’s funny because when you get a VERY cheap thing, you expect to use many standards as possible to reduce the development cost, but some chinese developers just want to do it yourselves.
I present you the “VRCAM” and it’s SOUP protocol (any relation to SOAP is just a mere coincidence :P)
Let’s first start with the hardware itself. It’s a 2 Megapixel sensor with 1280x960 video resolution. It features 3 IR Lamps (same model as the raspberry…
When the GOES-16 was first announced I got interested in their GRB Downlink (although the first try was at HRIT downlink). Basically GRB is a replacement for the old PDR downlink in GOES 13/14/15 generation, which gives few advantages over the old link:
For those who don’t know, the GRB is a direct rebroadcast of GOES data, with minimum processing as possible (usually just packaged into NetCDF files with calibration parameters) and is intended for anyone that want’s to get…