Category Archives: default

O Factor, Where Art Thou?

Posted on 24.06.2016 by hph

The DHL Packstation is a great thing. Think of it as a vending machine. But instead of sweets and soda, this one dispenses precious DHL parcels. And instead of quarters and dimes it takes a swipe card and a one-time-password … Continue reading →

Posted in default | Leave a comment

#Phreaking2016: Authentication Flaw in O2 (Telefónica) ACS

Posted on 08.01.2016 by hph

Today, the details on a major authentication flaw in the Auto Configuration Server (ACS) of the German ISP O2 (Telefónica) were released. A tl;dr could be “Tell me your IPv4 address and I may place and accept phone calls on your behalf!”. … Continue reading →

Posted in default | Tagged cwmp, tr-069, vulnerability | 2 Comments

New domain, new certificate, new server

Posted on 16.11.2015 by hph

Recently, I have purchased the domain heinrichs.io as the IO top-level domain was one of the very few which still had “heinrichs” (my surname) available as a second-level domain. It is meant as the successor of hph.name. Simultaneously, I purchased a … Continue reading →

Posted in default | Leave a comment

Rooting the Sphairon Speedlink 5501

Posted on 29.09.2014 by hph

Last week I was asked if I knew how to enable SSH access on a Sphairon (ZyXEL) Speedlink 5501. My previous technique for the HomeBox 3232 (also manufactured by Sphairon) did not work as the expected magic bytes in the … Continue reading →

Posted in default | Tagged embedded hacking, reverse engineering, Sphairon | Leave a comment

Rooting and Looting of the o2 HomeBox 3232

Posted on 23.07.2014 by hph

In November 2012 I published a tool which decrypts configuration backup files of Sphairon-based routers. This tool was mainly used by o2 customers who wanted to extract their VoIP login data so they could use any router they prefer – … Continue reading →

Posted in default | Tagged embedded hacking, Sphairon, vulnerability | Leave a comment

AVM FRITZ!Box remote command injection vuln

Posted on 16.02.2014 by hph

Today I am featured in an article on heise.de. Have fun reading and do not forget to update your FRITZ!Box 😉

Posted in default | Tagged embedded hacking, vulnerability | 1 Comment

Arcadyan IAD Decrypter v0.05 released

Posted on 30.11.2013 by hph

Today I would like to announce a major update to the Arcadyan IAD Decrypter which you might know from the IP-Phone-Forum or from my previous blog post. It is now capable of decrypting the new “OBC6” configuration backup file format … Continue reading →

Posted in default | Tagged Arcadyan, cryptography, embedded hacking, reverse engineering | Leave a comment

Extract VoIP login data from o2 Box 4421 and o2 Box 6431

Posted on 13.02.2013 by hph

Please note, that the information presented in this post may be outdated. An updated technique has been posted here. The German ISP o2 (which has acquired the brand “Alice” from HanseNet in 2010) tries to prevent its customers from installing … Continue reading →

Posted in default | Tagged Arcadyan, cryptography, embedded hacking, reverse engineering | 1 Comment

Extract VoIP login data from an Alice IAD 3232 backup file

Posted on 19.11.2012 by hph

Please note, that the information presented in this post may be outdated. An updated technique has been posted here. The German ISP o2 Alice Hansenet enforces their customers to use the router that is distributed to them along with the … Continue reading →

Posted in default | Tagged cryptography, embedded hacking, reverse engineering, Sphairon | 2 Comments

How FTPRush encrypts site passwords

Posted on 01.12.2011 by hph

FTPRush (formerly known as “UltraFXP”) is a popular closed-source freeware FTP Client for Windows and comes with some handy features. If the user chooses to store site passwords FTPRush applies some cryptography to the plaintext password before writing it to … Continue reading →

Posted in default | Tagged cryptography, reverse engineering | Leave a comment

Category Archives: default

Tags

Archives

Meta