{"@attributes":{"version":"2.0"},"channel":{"title":"homepage","link":"https:\/\/ursache.io\/","description":"Recent content on homepage","generator":"Hugo -- gohugo.io","language":"en-us","lastBuildDate":"Tue, 23 May 2023 16:00:00 +0100","item":[{"title":"Baby's First Steps in Android App Reverse Engineering","link":"https:\/\/ursache.io\/posts\/baby-steps-android\/","pubDate":"Tue, 23 May 2023 16:00:00 +0100","guid":"https:\/\/ursache.io\/posts\/baby-steps-android\/","description":"This post is a summary of what I learned on the way of finding my first low-severity vulnerability in an Android application. I describe the modern tools which can be used for reverse engineering, how theory helps structure the work in order to save time, show a POC for an XSS in the Foreign Affairs Magazine v3.0 Android application and end with how looking into apps written by the same developer led to discovering the same vulnerability in a different app - The Spectator Magazine v7."},{"title":"How to change your boot splash logo using an SPI programmer, UEFITool and flashrom","link":"https:\/\/ursache.io\/posts\/boot-splash-logo\/","pubDate":"Tue, 25 Apr 2023 00:21:00 +0100","guid":"https:\/\/ursache.io\/posts\/boot-splash-logo\/","description":"This is a quick guide on how to retrieve and change the firmware of a machine in order to replace the logo shown on the UEFI boot screen.\nFirst, open up the machine and identify the SPI flash chip. In my case, the machine is a refurbished Fujitsu Esprimo Q920 (more powerful and cheaper than a Raspberry Pi) and its SPI flash is easily identifiable.\nAfterwards, hook up an SPI programmer like the CH341A."},{"title":"Tale of an old write-up: hardcoded credentials to remote firmware update in consumer-grade router","link":"https:\/\/ursache.io\/posts\/router-firmware-update-via-hardcoded-creds\/","pubDate":"Sat, 15 Apr 2023 00:00:19 +0100","guid":"https:\/\/ursache.io\/posts\/router-firmware-update-via-hardcoded-creds\/","description":"In late 2021 I found a vulnerability in a consumer-grade router (D-Link’s DIR-X1860), but I never published the writeup, so I took it and modified it to make this blogpost. It describes some of the steps I went through in finding a hardcoded credentials in D-Link’s DIR-X1860, which combined with a DNS rebinding attack led to a remote firmware update vulnerability.\nInitial access After a lot of trial and error, I mananged to establish a serial connection to the device’s UART connector using a FT232H and a bit of soldering."},{"title":"UEFI Hello World with qemu and EDK2","link":"https:\/\/ursache.io\/posts\/uefi-hello-world-2023\/","pubDate":"Sun, 02 Apr 2023 00:00:00 +0100","guid":"https:\/\/ursache.io\/posts\/uefi-hello-world-2023\/","description":"This is a quick guide on how to write a UEFI Hello, world application and run it using qemu.\nFirst, create a working directory and git clone the EDK 2 repository inside it:\n$ mkdir ~\/uefi-hello && cd ~\/uefi-hello $ git clone https:\/\/github.com\/tianocore\/edk2 $ cd edk2 Then follow the setup instructions in the EDK 2 repository to set up prerequisites for the build tools:\n$ sudo apt install gcc build-essential uuid-dev iasl nasm python-is-python3 Afterwards follow the common instructions to set up a build environment:"},{"title":"How to sign a kernel module for Secure Boot on Debian in 2023","link":"https:\/\/ursache.io\/posts\/signed-kernel-module-debian-2023\/","pubDate":"Sun, 26 Mar 2023 00:00:19 +0100","guid":"https:\/\/ursache.io\/posts\/signed-kernel-module-debian-2023\/","description":"This is a quick guide on how to write a Hello, world kernel module and sign it so that it’s loadable with Secure Boot enabled on Debian.\nFirst, create a working directory, write a simple kernel module named hwkm (hello world kernel module) and compile it:\n$ mkdir ~\/src\/hwkm && cd ~\/src\/hwkm $ echo '#include <linux\/module.h> #include <linux\/printk.h> #include <linux\/init.h> static int __init minit(void) { printk(KERN_INFO "hwkm loaded.\\n"); return 0; } static void __exit mexit(void) { printk(KERN_INFO "hwkm unloaded."}]}}