Skip to main content

From Concept to Bench - Designing a Flipper-compatible nRF24L01 RF Module for Security Research

    Six months of design iterations, sourcing headaches, and a broken oscilloscope later — I am pleased to share a hardware module I designed to extend the Flipper ecosystem for RF security research. This write-up covers the motivation, engineering challenges, capabilities, and responsible-disclosure principles behind the project — and a frank look at a vulnerability that is very much alive in the Maldives today.   Left: 3D render of final PCB     ·     Right: Altium Designer PCB layout view Why I Built It  The trigger was reading the original MouseJack disclosure by Bastille Networks. It made me realize that a class of peripherals most people assume to be harmless — the cheap wireless mouse on your desk — can be weaponized from a car park. I wanted a research platform small enough to carry in a jacket pocket, native to the Flipper Zero ecosystem, and capable of passive scanning, protocol analysis, and controlled lab tests. What I...
Post a Comment

NMAP - What is NMAP and what is it used for?

What is NMAP & use of it?

Basically NMAP is a free security scanner and a network mapper mainly used by system administrators, hackers , pentesters and etc. These are few use cases of NMAP and there are tons of ways to use NMAP.

  • Finding hosts in the network
  • ports used by hosts and its status
  • Finding vulnerabilities
  • Information on versions and OS used

Basic NMAP Scan
nmap -sP 192.168.1.0/24
Ping multiple host to check if the hosts are alive or not

Screen capture of scan

TCP scan (full open scan)
nmap -sT 192.168.1.9
This is a TCP connect scan. TCP connections are done with a 3 way handshake
  • SYN
  • SYN-ACK
  • ACK
This is otherwise called as full open scan

Screen capture of scan

Wireshark packet capture

Stealth Mode Scan (Half open scan)
namp -sS 192.168.1.9
This is known as SYN scan / Half open scan / Stealth scan
  • SYN
  • SYN-ACK
  • RST
Screen capture of scan


Wireshark packet capture


OS detection scan
namp -O 192.168.1.6

With this command you can get which OS the system is running. Example: Windows, Linux, Android etc.

NMAP with OS detection, traceroute, host discovery and more
nmap -A 192.168.1.6                                                                                                                                                  

This is aggressive scan and do not use these commands on unauthorized networks. From this command you can get version informations, OS detection , traceroutes and ports status etc..  

NMAP Scripts
nmap --script exploit 192.168.1.6

With NMAP script can be run to check vulnerabilities, exploits and much more.  Details of scripts listed in official NMAP page and full list of attributes details are listed on the page.
If you are in a linux box just type 
man nmap
to view the manual of NMAP.

Output to a File
nmap -oN dump.txt 192.168.1.6
You can dump all the scans using this method. So you can refer later.

Reading host from file
nmap -iL targets.txt
In Order  to use this command you have to first create a file with list of targets as follows

192.168.1.6
192.168.1.2
192.168.1.8

Like the above you can enter a list of IP's to a file and save it. Then once you execute the command the scan starts by reading hosts from the file. This method is easy if you have multiple IP's or different subnets to scan.


Reference 

https://explainshell.com/ - This website will explain the commands in details



Labels:
Location: Maldives

Comments

Post a Comment

Popular posts from this blog

SIMCOM SIM900A fixed

Since everyone is interested in this post and lots of request comes to get the firmware, i have put a link so that everyone can download it easily. SIMCOM 900A firmware Its been a while that i was trying to fix the SIM900A GSM module. This module support local GSM band but after some researches it was concluded that it is carrier locked :(. After long conversion of days to actual chip manufacture SIMCOM, they told it can be fixed by updating its firmware to latest original version but unfortunately they don't provide firmware to small parties. I never stop trying to get the firmware and SIMCOM again replied, this time they said contact local SIMCOM supplier and request for firmware. But this little Maldives don't have SIMCOM or any electronics manufacturer. So i contacted my friend coody from NOA LABS/Smart prototyping (a friend in china) and told him to help me. I explained him what to do so he can communicate with SIMCOM in china. Finally he sends and email saying that...
4 comments
Read more

Clover Display M302 hack

Its been a while i have this LCD and today i thought of connecting the LCD display to Arduino. Unfortunately i could not found any pin outs of this from any where and from the manufacture. Actually this is very old model which i got from old FAX machine and this display is a very cheap from online sources. Clover Display M302 PCB Ver 1.0 (16x2) which has 10 pin flat cable. After researching for a while from the internet i have seen in many forums people are asking for help on how to connect it and what is the pin configurations? so i thought of helping them as well as my self at the same time. After going through some of my old collections of Russian data of displays and things i found a basic diagram of how 10 pin LCD display configuration.  PIN1   - VSS PIN2   - VDD PIN3   - CONTRAST PIN4   - RS PIN5   - R/W PIN6   - ENABLE PIN7   - DB4 PIN8   - DB5 PIN9   - DB6 PIN10 - DB7 I tried these configuration...
Post a Comment
Read more

How to setup 2FA On Linux SSH Login

  This is a simple setup guide to enabling Two Factor Authentication (2FA) on Linux SSH login. I this article I wont go deep into setup and issues that I have faced when implementing this. First thing is first Update your system first. I have used Ubuntu 20.04 and it is always up to date. To enable 2FA you need to install google authenticator modules sudo apt install libpam-google-authenticator Configuration for PAM and SSHD Add the the following line to /etc/pam.d/sshd and After adding this line please restart the sshd services.  auth required pam_google_authenticator.so Go to /etc/ssh/sshd_config and check if the following line exist. Default value will be "no" so change it to "yes" to activate.  ChallengeResponseAuthentication yes Configuration for Authenticator In the terminal run google authenticator command It will ask few things to acknowledge by user. Details you can see from the below video. Once this part is done you are ready to use the 2FA in ubuntu. T...
Post a Comment
Read more