Hacking a WiFi Fireworks Firing System - The FireFly Plus
HTML-код
- Опубликовано: 21 авг 2024
- In this video, we reverse engineer the binary protocol used to send firing commands to the FireFly Plus Firework Firing System.
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nma...
#hacking #iot #cybersecurity
Up next is flashing it with esphome and connecting it to home assistant 😉
going to update my morning automation to show me the weather _and_ launch a random pyro
“Hello Dispatch, i have someone breaking into my house; please look for the mortars firing off every 3 minutes, and when you are 2 minutes out, i will trigger a green smoke screen at the entrance of my house.”
It has been a while since i have enjoyed learning something. Such a gem of a channel. Keep on the great work!
Thanks Matt you fill a space on RUclips that too few fill. I love learning what the devices around us are doing.
This should have so many more views.
Having this protocol, which is safety-critical, be of such low quality is concerning.
happy late 4th of jul matt!
Hell yeah brother! Rock, Flag, and Eagle!
really nice material, keep it up!
When you want revenge against your rich pyrotechnic neighbor... or a Mr beast set 😅
Judging by how buggy this SW is I'm going to guess there is no way Mr Beast is using this thing 😂
Good point but great exercise nonetheless. I love hardware hacking and that you're incorporating microcontrollers from what I've seen you are the real deal so subbed. It would be cool to see you build a portable standalone uart decoder with a text editor. I'm thinking an esp32 maybe a wroom or a capable dev model along with a 3.5" touchscreen. Then your parts list is a uart module a voltage detection module a 5v and 3v relay a logic level converter a battery pack and a mini keyboard module and of course a decent amount of programming and debug. 3d print up a custom case and you could definitely sell them.
@@mattbrwnI have a Racing (lap time) RF Transponder Id love to hack. We used to be able to purchase one and it always worked. Now you purchase them for the same $300 but they are all “subscription based” and you need to activate it. They constantly transmit the Transponder ID via RF as long is it’s charged and your service is valid. It never shuts off. Each year you connect the device Via Bluetooth and pay for your service duration of 6 months or a year. Then it’s always transmitting. You never connect Bluetooth agin so it must have an internal timer triggered by a Bluetooth command. After a year it stops transmitting and you have to pay another $125.. I’m not familiar with this world but I’d assume you could listen to the Bluetooth traffic and then spoof the command/ packet somehow . Think you could get one to transmit without service? Or permanently Transmit?
Great material! But definitely those scripts need some love LOL :D
thats damn cool
20 seconds in an already enjoying it!!! "A Wifi Based Firework Launching device" sure!!! lets put explosives on a wifi network!
BTW... they are called fuses not wicks...
Is it possible that some of the bytes are different, for different serial numbers of devices? Meaning, what is the likelihood that that code would work on any machine?
It could be, however I never entered the SN or any other device information when setting up the app. So if anything in that data is unique it's getting pulled over that same protocol.
I really like your videos but I just wish I knew what everything was 😂
Not knowing what everything is means you still have more to learn! That's exciting!
Next we need a hacking video on hp printers 😂 hope they dont sue !!
The 16 may be a time constant for how long the primer fires. Shooting in the dark here.
10/10
1:53 it looks like you can add a hc05 blue tooth module in that white square.
That is actually labeled "Lora"
@@mattbrwn that's neat. A google search seems to indicate a LORA module is a "radio modem"
LoraWAN for long distance control 🤔
2:19 oh no its upside down, the electrons are going to fall out as would say Dave Jones
I got a bit scared seeing someone using such an outdated esp-idf from a dirty branch, in such critical devices. Imagine having you hand blown out by a bug that may habe been fixed 5 years ago. Hardware seems ok, but cant say much as i dont have one.
Hello Mat can you explain how to root shell of a router and change the MAC id of a device.
The only responsible thing to do is to hook it up to a public network and make it fireable through an unauthenticated web interface 😈
Can't you capture the traffic on the PC, without ARP poisoning, if you use promiscuous mode in Wireshark? Assuming all the devices are on the same LAN.
No as the traffic between the mobile phone and firing device won't be routed to the PC.
Atleast they didnt just send a simple single digit over and atleast tried to do the right thing.
Fun little device, anything else on the other side of the PCB or is the shift registers combined with transistors it?
No there is nothing of note on the back
@@mattbrwn interesting, pretty simple hardware then.
I am just curious if the checksum function does a check for a checksum of 16? I am not great at Java so I didn't notice if it did or not.
Hello, greetings from Uganda. I have an isp nokia locked outdoor 4G reciever unit. How about we find means on how you can receive it and give it a try to log into it
How many amps are they switching through what seems to be an audio jack/wire to get that element hot af?
Hello this seems interesting. Happy 4th of july even tho here is fifth already, maybe for you too.
Lol yeah the first part of the vid was filled on the 5th and the outdoor part on the 4th.
What OS do you use? And is it run in a VM or bare metal?
Can you reverse engineering a linux smart watch?
ez
byte[] command = new byte[]{...};
int sum = 0;
for(byte b : command){
sum += b;
}
return sum & 0xFF;
Why type 'clear', just hit CTRL-L As a UNIX user back in the 90's, I HATED VIM, so I was so glad when Linux came along with 'nano', which is so much easier to move around in when editing, so why people still use VIM is beyond me!
Great thing about unix is there's always 10 ways to do the same thing. We all rely on muscle memory to do things. :wq
its because its a cult, I always found it funny that people use a PC pretending the PC keyboard its a PDP one that didn't had arrow keys, pageup/down, home/end or the numpad or even the function keys.
the proper sequence of commands for a iBM PC really is the DOS one (whichever DOS you like, it doesn't need to be the Microsoft one).
also, the idea of having two modes for the keyboard is ironic, you have to keep pressing ESC, I pretty much prefer to press CTRL to access my commands, does that means I'm a Emacs user ? who knows. I paid for my 108 keys keyboard and I use all of the keys, not just the ESC