A couple of months ago, i asked around on Mastodon if anybody was able to provide some HDDs with hardware faults. Clicking, Buzzing, Silent. Whatever. I wanted to learn the art of Head Swapping and other shenanigans. Two weeks later, somebody I know, answered my call into the Fediverse, with a drive i could try to get the data from it. I was delighted and scared. Why scared, you might ask.

The first electronic device which a young child autonomously uses, is most likely an audio device to chose their own music or stories. I am in my mid 30s now and we used cassette tapes, which we were pretty much a common standard back then. Nowadays multiple different licensing methods exists. Tonies, Kekz, Jooki, Coins, you name it. Every company has their own methods and ways to store, encrypt and work with audio files.

From time to time my girlfriend brings electronic children’s toys home which she found in give-away boxes. Most of the time these don’t work and i am intrigued in fixing them.

It was a beaten up “Vtech Pinguin Rasselspass”.

tl;dr; My knowledge in Bluetooth LE Communication got quite rusty over time and i wanted to refresh it with an easy target the other day. I wanted to open up the lock with a simple bluetooth command but ended up having access to their entire backend database with a lot of unique users across their entire product lineup. It didn’t go as planned. The Lock and API As all BLE-Locks work, they require an App to talk to the Lock itself and an API on the company side.

Storyline It all started with a simple question from my beloved girlfriend: “A friend of mine has problems connecting her external harddrive to her PC. She said she transported the USB drive with the cable attached and now the USB Port looks weired. Can you fix it?”. Okok…No Problem. “No Backup, no pity” doesn’t mean “No Backup, no help” and that should be a fast fix. Popping the Harddrive out of the enclosure, connecting to an external SATA to USB connector, and bob’s your uncle.

Storyline It all started with a simple question from my beloved girlfriend: “Is it possible to download the entire map from this page?”. Okok…we have to look back a little bit. She was asked by a friend of ours to scan an old map of an area in the local university library. But: Scanning such a massive picture would cost ~40 Euro and nobody was willing to pay that. I can understand that nearly every scan could damage the map, so, wouldn’t it be a better option to use an already scanned one?

I like a good challenge. During some reconnaissance, i found the career challenges of contextis and was kind of drawn into the web application ones. The challenge The challenge itself is a basic PHP Code Review with the following task: You have downloaded a fancy CMS. Can you identify a way to extract the administrator hash? The accepted solution is the payload used to receive the hash. IF YOU READ ON, SPOILER AWAITS

Infosec Person.

Security Researcher

Germany