“Hello Dispatch, i have someone breaking into my house; please look for the mortars firing off every 3 minutes, and when you are 2 minutes out, i will trigger a green smoke screen at the entrance of my house.”
Good point but great exercise nonetheless. I love hardware hacking and that you're incorporating microcontrollers from what I've seen you are the real deal so subbed. It would be cool to see you build a portable standalone uart decoder with a text editor. I'm thinking an esp32 maybe a wroom or a capable dev model along with a 3.5" touchscreen. Then your parts list is a uart module a voltage detection module a 5v and 3v relay a logic level converter a battery pack and a mini keyboard module and of course a decent amount of programming and debug. 3d print up a custom case and you could definitely sell them.
@@mattbrwnI have a Racing (lap time) RF Transponder Id love to hack. We used to be able to purchase one and it always worked. Now you purchase them for the same $300 but they are all “subscription based” and you need to activate it. They constantly transmit the Transponder ID via RF as long is it’s charged and your service is valid. It never shuts off. Each year you connect the device Via Bluetooth and pay for your service duration of 6 months or a year. Then it’s always transmitting. You never connect Bluetooth agin so it must have an internal timer triggered by a Bluetooth command. After a year it stops transmitting and you have to pay another $125.. I’m not familiar with this world but I’d assume you could listen to the Bluetooth traffic and then spoof the command/ packet somehow . Think you could get one to transmit without service? Or permanently Transmit?
Is it possible that some of the bytes are different, for different serial numbers of devices? Meaning, what is the likelihood that that code would work on any machine?
It could be, however I never entered the SN or any other device information when setting up the app. So if anything in that data is unique it's getting pulled over that same protocol.
If you go back to the Java code, you can see that commands always start with 550000 followed by device id and the command. FFFF as device id probably means 'all devices'.
Hello, greetings from Uganda. I have an isp nokia locked outdoor 4G reciever unit. How about we find means on how you can receive it and give it a try to log into it
Can't you capture the traffic on the PC, without ARP poisoning, if you use promiscuous mode in Wireshark? Assuming all the devices are on the same LAN.
Atleast they didnt just send a simple single digit over and atleast tried to do the right thing. Fun little device, anything else on the other side of the PCB or is the shift registers combined with transistors it?
I got a bit scared seeing someone using such an outdated esp-idf from a dirty branch, in such critical devices. Imagine having you hand blown out by a bug that may habe been fixed 5 years ago. Hardware seems ok, but cant say much as i dont have one.
Why type 'clear', just hit CTRL-L As a UNIX user back in the 90's, I HATED VIM, so I was so glad when Linux came along with 'nano', which is so much easier to move around in when editing, so why people still use VIM is beyond me!
its because its a cult, I always found it funny that people use a PC pretending the PC keyboard its a PDP one that didn't had arrow keys, pageup/down, home/end or the numpad or even the function keys. the proper sequence of commands for a iBM PC really is the DOS one (whichever DOS you like, it doesn't need to be the Microsoft one). also, the idea of having two modes for the keyboard is ironic, you have to keep pressing ESC, I pretty much prefer to press CTRL to access my commands, does that means I'm a Emacs user ? who knows. I paid for my 108 keys keyboard and I use all of the keys, not just the ESC
Up next is flashing it with esphome and connecting it to home assistant 😉
going to update my morning automation to show me the weather _and_ launch a random pyro
“Hello Dispatch, i have someone breaking into my house; please look for the mortars firing off every 3 minutes, and when you are 2 minutes out, i will trigger a green smoke screen at the entrance of my house.”
It has been a while since i have enjoyed learning something. Such a gem of a channel. Keep on the great work!
Thanks Matt you fill a space on UA-cam that too few fill. I love learning what the devices around us are doing.
This should have so many more views.
really nice material, keep it up!
Hell yeah brother! Rock, Flag, and Eagle!
happy late 4th of jul matt!
Having this protocol, which is safety-critical, be of such low quality is concerning.
When you want revenge against your rich pyrotechnic neighbor... or a Mr beast set 😅
Judging by how buggy this SW is I'm going to guess there is no way Mr Beast is using this thing 😂
Good point but great exercise nonetheless. I love hardware hacking and that you're incorporating microcontrollers from what I've seen you are the real deal so subbed. It would be cool to see you build a portable standalone uart decoder with a text editor. I'm thinking an esp32 maybe a wroom or a capable dev model along with a 3.5" touchscreen. Then your parts list is a uart module a voltage detection module a 5v and 3v relay a logic level converter a battery pack and a mini keyboard module and of course a decent amount of programming and debug. 3d print up a custom case and you could definitely sell them.
@@mattbrwnI have a Racing (lap time) RF Transponder Id love to hack. We used to be able to purchase one and it always worked. Now you purchase them for the same $300 but they are all “subscription based” and you need to activate it. They constantly transmit the Transponder ID via RF as long is it’s charged and your service is valid. It never shuts off. Each year you connect the device Via Bluetooth and pay for your service duration of 6 months or a year. Then it’s always transmitting. You never connect Bluetooth agin so it must have an internal timer triggered by a Bluetooth command. After a year it stops transmitting and you have to pay another $125.. I’m not familiar with this world but I’d assume you could listen to the Bluetooth traffic and then spoof the command/ packet somehow . Think you could get one to transmit without service? Or permanently Transmit?
Is it possible that some of the bytes are different, for different serial numbers of devices? Meaning, what is the likelihood that that code would work on any machine?
It could be, however I never entered the SN or any other device information when setting up the app. So if anything in that data is unique it's getting pulled over that same protocol.
If you go back to the Java code, you can see that commands always start with 550000 followed by device id and the command. FFFF as device id probably means 'all devices'.
Great material! But definitely those scripts need some love LOL :D
Hello, greetings from Uganda. I have an isp nokia locked outdoor 4G reciever unit. How about we find means on how you can receive it and give it a try to log into it
Hello Mat can you explain how to root shell of a router and change the MAC id of a device.
thats damn cool
I am just curious if the checksum function does a check for a checksum of 16? I am not great at Java so I didn't notice if it did or not.
How many amps are they switching through what seems to be an audio jack/wire to get that element hot af?
Can't you capture the traffic on the PC, without ARP poisoning, if you use promiscuous mode in Wireshark? Assuming all the devices are on the same LAN.
No as the traffic between the mobile phone and firing device won't be routed to the PC.
The 16 may be a time constant for how long the primer fires. Shooting in the dark here.
What OS do you use? And is it run in a VM or bare metal?
20 seconds in an already enjoying it!!! "A Wifi Based Firework Launching device" sure!!! lets put explosives on a wifi network!
1:53 it looks like you can add a hc05 blue tooth module in that white square.
That is actually labeled "Lora"
@@mattbrwn that's neat. A google search seems to indicate a LORA module is a "radio modem"
LoraWAN for long distance control 🤔
I really like your videos but I just wish I knew what everything was 😂
Not knowing what everything is means you still have more to learn! That's exciting!
Next we need a hacking video on hp printers 😂 hope they dont sue !!
2:19 oh no its upside down, the electrons are going to fall out as would say Dave Jones
10/10
Atleast they didnt just send a simple single digit over and atleast tried to do the right thing.
Fun little device, anything else on the other side of the PCB or is the shift registers combined with transistors it?
No there is nothing of note on the back
@@mattbrwn interesting, pretty simple hardware then.
BTW... they are called fuses not wicks...
Can you reverse engineering a linux smart watch?
I got a bit scared seeing someone using such an outdated esp-idf from a dirty branch, in such critical devices. Imagine having you hand blown out by a bug that may habe been fixed 5 years ago. Hardware seems ok, but cant say much as i dont have one.
Hello this seems interesting. Happy 4th of july even tho here is fifth already, maybe for you too.
Lol yeah the first part of the vid was filled on the 5th and the outdoor part on the 4th.
The only responsible thing to do is to hook it up to a public network and make it fireable through an unauthenticated web interface 😈
ez
byte[] command = new byte[]{...};
int sum = 0;
for(byte b : command){
sum += b;
}
return sum & 0xFF;
Why type 'clear', just hit CTRL-L As a UNIX user back in the 90's, I HATED VIM, so I was so glad when Linux came along with 'nano', which is so much easier to move around in when editing, so why people still use VIM is beyond me!
Great thing about unix is there's always 10 ways to do the same thing. We all rely on muscle memory to do things. :wq
its because its a cult, I always found it funny that people use a PC pretending the PC keyboard its a PDP one that didn't had arrow keys, pageup/down, home/end or the numpad or even the function keys.
the proper sequence of commands for a iBM PC really is the DOS one (whichever DOS you like, it doesn't need to be the Microsoft one).
also, the idea of having two modes for the keyboard is ironic, you have to keep pressing ESC, I pretty much prefer to press CTRL to access my commands, does that means I'm a Emacs user ? who knows. I paid for my 108 keys keyboard and I use all of the keys, not just the ESC