Skip to content

REST Security Cheat Sheet

2019 August 13
by admin

https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html

Wintergarden – building Marble Machine X

2019 August 13
by admin

Must Follow for any music, hacking, DYI, builders: https://www.youtube.com/channel/UCcXhhVwCT6_WqjkEniejRJQ

Lego + Pinball <3

2019 August 13
by admin

OMG: https://www.youtube.com/watch?v=Qrycqu1kTZM

How to be an Architect in a Microservice World

2019 August 13
by admin

Great Talk and deck by Felix (@fmueller_bln)

Hack my Car – ODB and GPS

2019 April 23
Comments Off on Hack my Car – ODB and GPS
by admin

I got myself a ‘ODB-diagnosegerät’ from China. Of course it didn’t work right away and I had to readz the internets for fixing. First I had to find a suitable driver. USB identifier was: Product ID: 0x7523 Vendor ID: 0x1a86. This looks like a CH340 / CH341 Serial / USB Chip. Luckily I found the drivers here:

http://0xcf.com/2015/03/13/chinese-arduinos-with-ch340-ch341-serial-usb-chip-on-os-x-yosemite/

VAG-COM 409.1 + Wine: https://appdb.winehq.org/objectManager.php?sClass=version&iId=33443
VAG-COM 409.1 + Win7: http://www.passatworld.com/forums/volkswagen-passat-b5-discussion/303177-vag-com-409-1-3rd-party-windows-7-64-bit.html

Kabel Fix:
– http://www.sprinter-forum.net/archive/index.php/t-16816.html?s=431faad6d4d5c53154b970ef0d7a5d65
– http://legacygt.com/forums/showthread.php/vag-com-cables-chipsets-ft232rl-ch340-214994p4.html
– https://github.com/nodemcu/nodemcu-devkit-v1.0/issues/2
– https://www.sgaf.de/content/vagcom-kabel-erkannt-412207

GuzziDag: http://www.von-der-salierburg.de/download/GuzziDiag/

Other Software:
https://www.blafusel.de/obd/obd2_soft.html

Other devices:
http://www.t4forum.de/wbb3/board19-technik-bereich/board120-umbauten-tuning/board8-tipps-und-tricks/173924-obd-diagnosegerät-aber-welches/

 

Next: get GPS Tracker.

Hope is to find my car, once it got stolen, but so far, it was more of a hack project :). I figured, the best opensource solution you currently get is traccar.org. Here’s how to set it up and dockerize: https://www.traccar.org/docker/

Alternatives:

https://shop.autoskope.de/geraete/1/autoskope-v2-starterset

Hacking mir:ror

2019 February 20
Comments Off on Hacking mir:ror
by admin

Finally! All of a sudden I got an evening with ccb23 to hack of lives away. This time: NFC like it’s 2009. Aka violet mir:ror.

Out of the blue we were brainstroming how to DYI hörbert, a smart mp3 player for our youngest. Here, a mp3 is selected via NFC sensor. O.T: “NFC sensor!? Wait, I remember having touch this years ago, lemme get the Nabaztag”. And indeed, along with the infamous Nabaztag IOT rabbit, violet released a side product called ‘mir:ror’ in 2009(?). It’s a NFC to USB device meant to showcase & utilize its capabilities. To bad official drivers were only released for WIN and discontinued with the bankrupt of violet. But opensource to rescue. We quick figure the device adheres to HID standard, so let’s get it working (on a mac/linux).

After confirming the device is recognised in MacOS X we got hooked. Next, with a quick google search we first discovered http://reflektor.sourceforge.net – an OOO implementation based on hidraw. too bad kernel extension is Linux specific, so next the HIDapi, an OS agnostic lib for general purpose use, felt promising. Indeed, we got the mir:ror up and running the first time on Mac, although reading was non blocking and we couldn’t really make sense out of it. After various back and forth, we jumped back to start: let’s check on linux first. So with virtualbox and ubuntu we were able to install reflektor and use it via hidraw. Worked like a charm! So next is porting this to MacOSX and getting deeper understand of mirware. What commands are supported? Modifying (or just turning off) the choreo would be a huge plus towards using mir:ror for our custom mp3 project. In anycase, this 10 years old device was way ahead of its time and still works like wooow!

Sources worth to check:

http://reflektor.sourceforge.net/links.php

http://arduino-projects4u.com/violet-mirror/

https://github.com/suan/mirlite

https://github.com/leh/ruby-mirror

http://arduino-projects4u.com/violet-mirror/

MakerBall

2018 January 27
Comments Off on MakerBall
tags:
by admin

Very nice slick DYI Pinball Kit:

https://www.makerball.org/

Hacking Rainbowduino 2017 – now BLE support

2017 January 29
Comments Off on Hacking Rainbowduino 2017 – now BLE support
by admin

It’s 2017 and I finally wanted to get my hands dirty with some Bluetooth 4.0 LE gadget hacking.

Luckily I found this outdated project MacOSXVirtualSerialPort which gave me the final piece: Use socat to create two new serial ports which are innerconnected and send thier received data viceversa.

brew install socat

and exectue

sudo socat -d -d pty,link=/tmp/tty.ble,raw,echo=0,user=tobi,group=staff pty,link=/tmp/tty.serial,raw,echo=0,user=tobi,group=staff

Voila now we have one port /tmp/tty.serial where we connect mtXcontrol to and /tmp/tty.ble where we connect the simple noble service too.

Finally the data chain looks like:

mtXcontrol -> rainbowduino processing lib -> processing serial -> /tmp/tty.serial -> /tmp/tty.ble -> nodejs serialport -> nodejs noble -> HM-10 -> Rainbowduino Serial

Sources worth a read

2016 December 1
Comments Off on Sources worth a read
by admin

A couple of my bookmarks worth a read

API Design:
* Bad Oauth2: https://blog.teller.io/2016/04/26/tauth.html
* Hawk: https://alexbilbie.com/2012/11/hawk-a-new-http-authentication-scheme/
* Test Tools: http://www.techsling.com/2016/02/12-great-tools-web-services-testing/
* REST Design: http://restlet.com/blog/2015/11/16/the-never-ending-debate-on-rest-api-design/

Go:
* https://www.infoq.com/news/2016/03/go-patterns

Ruby:
*  ruby-install, chruby: https://medium.com/@heidar/switching-from-rbenv-to-postmodern-s-ruby-install-and-chruby-f0daa24b36e6#.hwo71ieyk
* Ruby -> Go: http://blog.parse.com/learn/how-we-moved-our-api-from-ruby-to-go-and-saved-our-sanity
* Ruby 2015: https://www.sitepoint.com/a-retrospective-on-ruby-in-2015
* Calling services: https://pawelniewiadomski.com/2016/08/29/calling-services-asynchronously-in-ruby

Learn:
* http://www.seamgen.com/blog/mentoring-junior-developers/
* http://play.elevatorsaga.com
* http://www.holacracy.org
* http://firstround.com/review/the-30-best-pieces-of-advice-for-entrepreneurs-in-2015/
* https://hbr.org/2004/01/what-makes-a-leader

Other:
* New Keyboard layout: https://colemak.com
* Docker, nginx, Stripe, MongoDB, CloudFlare, Xamarin, Mixpanel, DigitalOcean, Twilio:
http://www.inc.com/business-insider/companies-that-run-the-internet-besides-google.html
* https://www.techempower.com/benchmarks/
* A minimalist real-time framework: https://docs.feathersjs.com/

 

 

List of (my)SQL-Tutorials

2016 November 16
Comments Off on List of (my)SQL-Tutorials
tags:
by admin


I did an introduction to (my)SQL once. This were my sources:

MySQL for Absolute Beginners: http://www.elated.com/articles/mysql-for-absolute-beginners
Examples for Beginners: https://www3.ntu.edu.sg/home/ehchua/programming/sql/MySQL_Beginner.html

(My)SQL Cheat Sheet: http://cse.unl.edu/~sscott/ShowFiles/SQL/CheatSheet/SQLCheatSheet.html
Another one: https://en.wikibooks.org/wiki/MySQL/CheatSheet

My notes/write along: https://gist.github.com/rngtng/f2751a7c0f8b3106e0d9