I love how this video starts by explaining what LAN is, and 2 minutes later it's binary reverse eng
@xephael3485 Жыл бұрын
Yeah it goes from basic concepts to insanity and no time at all
@spookycode9 ай бұрын
0-100 really fast
@lexolexoh5 ай бұрын
A fun roller coaster indeed
@Tobias-t3k3 ай бұрын
Its a video about finding vulnerabilities. You can't find vulnerabilities without reverse engineering and looking at the underlying code/machine instructions. Otherwise you are just a noob who uses templates based on other peoples work.
@thisisreallyme3130 Жыл бұрын
Great format. This is so clearly described and spoken that I listened to it a SECOND time, as a “podcast”. Thanks for going that extra “kilometer” and describing what’s on-screen.
@adama7752 Жыл бұрын
Excellent documentation and walk through. I love your stuff.
@DasIllu Жыл бұрын
When you showed your "Fuzzer" i totally lost it. Haven't had such a good laugh in years in this topic. But if i think about it some more, it is just about perfect. Easily accessible (but not perfect) entropy to cause spasms in badly written code. Being more or less available on any machine with and OS (no, Windows is not an OS, it's malware) means you can do preliminary tests even in absence of your "fav tools".
@antiquark6253 Жыл бұрын
I didn't get the joke :( was the netstar + grep somehow the fuzzer? Bc it looks it's only returning a specific line of Info from the previous, full, netstat cmd. Not seeing the usefulness unless 'conn' is supposed to be significant and understood as the grep string prior to beginning
@DasIllu Жыл бұрын
@@antiquark6253 piping /dev/urandom into a program was the fuzzer iirc. Urandom generates a never ending stream of random bytes. And like a thousand monkeys with a thousand typewriters, it will eventually come up with a sequence that breaks the program under test.
@antiquark6253 Жыл бұрын
@@DasIllu oh I see now, the multi tiled terminals had me confused to what he was referring to, but I never thought to use nc that way. Very cool trick thx for illuminating that
@dreamyrhodesАй бұрын
@@DasIllu Nothing about a thousand monkeys here tho. It's just flooding the buffer with bytes until segfault, that's where he got a hint that there might be a buffer overflow (segfault means you're writing crap into memory where you're not supposed to write to as allowed by the kernel so the kernel kicks you out). The actual content of the input stream doesn't matter as it's just random bytes.
@Eqqie-p5u Жыл бұрын
Can't wait to see the detailed analysis of Part2.
@blvckgames3381 Жыл бұрын
hell I really appreciate what this guys are doing, because I don't understand 70% of what they are talking about. There is soooo much to learn and it seems scary 🤯
@-Ncrypt Жыл бұрын
Incredible work. I'm blown away to see this entire research from start to finish, including the thought process. Well done. I hope to one day be able to do what you do!
@0x0456 Жыл бұрын
Glad to see you back :)
@swaggington Жыл бұрын
Waiting for part 2! Amazing work!
@soaphornseuo8630 Жыл бұрын
This is what I have been waiting for a long time
@jaopredoramires Жыл бұрын
Hyped for the second part, hope it comes soon!
@twitchtwitch9006 Жыл бұрын
keep up the great work. sometimes people feel like so many things are common sense and dont explain the things that help people understand stuff. thank you for such a detailed video
@brotatobrosaurus5411 Жыл бұрын
Regardless of the exploit, it's pretty disturbing that stock router firmware is spamming DNS requests to arbitrary commercial domains, just to blink an LED light...
@RealCyberCrime Жыл бұрын
I’m thinking about making a similar video but mine are done in documentary format‼️
@Marty_YouTuber Жыл бұрын
i have been trying to get into this for the long time. i feel like i don't understand programming which makes hacking so difficult. i love your moto at the end. i love the training at the end you talked about. i need to spend a lot more time getting a better understanding of programming so i can understand how to do what your trying and make money ethical hacking.
@M4D4F4K4. Жыл бұрын
The chances are slim to none unless you get a degree lol although they hire people who don’t have one, they are talented ones who just moves to action when others thinking how to get into this 😂
@Marty_YouTuber Жыл бұрын
@@M4D4F4K4. i am hopeless. i will figure something out.
@Mr_Magnetar_ Жыл бұрын
w8 for second part. Thanks!
@zhengren8461 Жыл бұрын
This is the most realistic and valuable hacker video I have ever seen
@silfvro1963 Жыл бұрын
Awesome stuff! waiting for the 2nd video.
@lookitsahorner Жыл бұрын
It's shocking how it's making unsolicited DNS queries for random domains for completely unrelated companies. Concerning. If I was watching the WAN and saw these random requests coming from a router, I'd be concerned it was compromised in some way, not operating normally with stock firmware...
@lukasandresson3990 Жыл бұрын
Ghidra makes it easy to reverse engineer. You would think there would be standard practices on operational flow that prevents the behaviour. Standard Libraries for dns handling.
@FlashbackTeam Жыл бұрын
conn-indicator needs to know when it has network connectivity, and the programmers chose this way to verify it. This is normal, and in this specific case quite benign in our opinion, as the DNS domains it is trying to query are well known. The mistake here was to make their own DNS parser (why TP-Link? WHY???). They could have used a shell script and standard utilities for checking connectivity, and a separate binary for controlling the LED lights! If this makes you worried, then have a look at what your phone, Windows or MacOS computer is doing for the same connectivity checks, without any user program running or any kind of user interaction, you will be VERY surprised 🙈
@friedrichhayek4862 Жыл бұрын
@@FlashbackTeam As a Linux user, no idea how it does the check, likely it will not be google.
@yourlinuxguy Жыл бұрын
Nice video, added this to my watch list, will comeback and share my thoughts, for the time being its time to work.
@dineshvlog369 Жыл бұрын
Excellent documentation we want 2part😊
@XYZ56771 Жыл бұрын
Love your voice, is so soothing for teaching/learning. Thanks!
@LinuxCoder-Root Жыл бұрын
I appreciate every video in this channel, This is very useful. Thank you, guys.
@Thomas0x00 Жыл бұрын
So awesome that you guys share this knowledge, really, keep up the great work!
@snowdaysrule Жыл бұрын
I don't think I've ever said "Oh my God you can do that?!" so many times while watching a video haha. Amazing stuff
@man0warable Жыл бұрын
It didn't occur to me until watching this video, but AI would be amazing at reverse-engineering like this. Renaming functions and variables and creating comments based on context is already so close to how AI models interpret code.
@skeeberk.h.4396 Жыл бұрын
Catch up, Ppl been doing this ever sense chatgpt hit the streets
@maktiki Жыл бұрын
AI has not catched up to thinking like this.
@skeeberk.h.4396 Жыл бұрын
@@maktiki Lol , Yes it did, There plenty of Plugins that do just That Already
@azurescenss Жыл бұрын
I feel like half of the hacking attempts at this point are *most likely* made by AI botnets that are programmed to execute these types of attacks using rogue / zombie ip's that operate on virtual machines that can't be traced.
@skeeberk.h.4396 Жыл бұрын
@@azurescenss 💀🧢
@dpk3090 Жыл бұрын
Best hackers from pwn2own 😊
@hacorial Жыл бұрын
You are a legend people. Proud of taking your courses.
@FlashbackTeam Жыл бұрын
We're not affiliated with TryHackMe and have not developed any courses or tutorials for them :-) Our courses are developed and taught by us privately, check flashback.sh/training
@sanfordfloridarepairs9668 Жыл бұрын
I have no clue wtf your saying half the time but, I still watch hoping something will stick. something better than nothing, right? I love hearing the actual thought process of the hack as if you're going threw it for the first time. I like this very much.
@0xkavish Жыл бұрын
This is what we are looking for, nice job . Keep it up. Happy hacking
@flrn84791 Жыл бұрын
Can't wait for part 2! :)
@FlashbackTeam Жыл бұрын
It should be out very soon. We are on the last stretch in recording.
@siolagetsirave2311 Жыл бұрын
Hi. I’m Japanese, and I could understand your video because of your very smart and cool presentation. Thank you for uploading this video! (I’m sorry about being not good at English.)
@MykolaTheVaultDweller Жыл бұрын
Wooowww amazing!!!! But how did you run MIPS executable on PC? Or you we're was on target via ssh?
@HelloworldXY32 Жыл бұрын
Can't wait until the second part pops out. I really want to hit the ground running with this kind of exploitation
@sinancetinkaya Жыл бұрын
Vendor-supplied router firmwares that use ancient kernel and code is commonly recognized to be insecure. This is why I always use OpenWRT
@comosaycomosah Жыл бұрын
lmao i love these videos you two are relatable yet much smarter...ive learned quite abit watching you guys thanks💯
@Gabriel-kz8ns Жыл бұрын
Amazing work... !
@PwnySlaystation01 Жыл бұрын
Awaiting part 2!
@tabycatkitty4126 Жыл бұрын
Crazy ammount of research, good job
@memy4460 Жыл бұрын
After the first 30 seconds, I subed and liked the vid.
@sas408 Жыл бұрын
TP-Link be like: - Unit testing? Nah bro, we in China trust each other
@squid13579 Жыл бұрын
Vamos 🔥🔥🎉
@zhykollJ Жыл бұрын
Thanks so much, we are learning! 😍
@vaisakh_km Жыл бұрын
Your thumbnail is shokingly un clickbaity for sucha good video...
@Dropshock20XX Жыл бұрын
The jump scare at 1:21
@zeekertron6 ай бұрын
Amazing video. Subscribed
@johnybonny8262 Жыл бұрын
Best series ✨
Жыл бұрын
Waiting for part 2!
@devanshujain3222 Жыл бұрын
Found Your channel from @liveoverflow Great Content 🙌🙌
@Thattipp Жыл бұрын
Smart fridge 😂 01:32
@noredine Жыл бұрын
Seeing my exact router in this vid is funny and terrifying
@antiquark6253 Жыл бұрын
I feel like $20k is a paltry sum to pay hackers for a hardware (firmware?) Bug on a device sold to hundreds of thousands of people
@matthewbascom Жыл бұрын
Nice presentation. You touched on a couple points that are just outside my full understanding. Specifically, at the segmentation fault, what makes a memory address "unmapped". Is it unmapped because it is outside the allocated stack frame? Anyway, really nice work! Thank you.
@FlashbackTeam Жыл бұрын
Hi Matthew, glad you liked the video! You are correct. When a program starts, it allocates ("maps") memory ranges for the stack, the heap, libraries, the executable code, etc. These regions are not contiguous in memory. For example let's say a stack of 0x1000 in size, mapped in memory starting from 0x10000, which means its range is 0x10000 to 0x11000. Then we have a heap of size 0x1000, which is mapped at 0x12000 to 0x13000. In this example, if we try to access memory at 0x11001, it will cause a segmentation fault, as that memory is not mapped to either the heap or the stack. This was exactly what happened in the example in the video, albeit with different (more realistic) addresses.
@cleatus232 Жыл бұрын
It seems almost impossible for a regular person to be able to protect themselves over someone accessing their computer or phone. After having all of my data stolen from a big tech company it has been so difficult to feel safe.
@khanhtaquang5204 Жыл бұрын
Very appreciate your sharing
@g4t375 Жыл бұрын
LETS GOOOOOOOOOOOOOOO i love yall
@MygenteTV21 күн бұрын
I really love you guys videos. But there is something no one talks about and is how to set up a lab to test. Can you guys make a video about how to set up qemu or anything else to mount firmware for testing?
@bnk28zfp Жыл бұрын
thank you for your hard work!!!!
@tonycamposmejia7024 Жыл бұрын
Thanks for sharing
@alvinrock71906 ай бұрын
Thanks a lot!
@Brather2 Жыл бұрын
I won the last 3 years WASP competition, but my method for doing this cannot be disclosed because of the damage it will cause, here is a sample of what i know: bluetooth follows the standard made by cisco on their routers where you make one the master the rest just follow. the same applies in Bluetooth yet here the clients that connect allow you root access to them as the technology defined.
@olivierlasne2346 Жыл бұрын
Thank you for this
@davidsantos1630 Жыл бұрын
The best Pedro.
@learnprogrammingwithsam5080 Жыл бұрын
this is cool. what O.S are you using though
@alimustafa2682 Жыл бұрын
Amazing !!
@jboss1073 Жыл бұрын
If the CPU used by a server had as its lowest-level language a managed language, say for instance a Lips CPU, where there is no memcpy and other such potentially bug-infested C code behind the Lisp code, then how would you find a vulnerability?
@onlyplaysveigar7241 Жыл бұрын
Can you link the video you recommended that we watch on the beginning of the video?
@maxxxb4uh4us80 Жыл бұрын
Isso sim é qualidade parabéns
@jheimissantos8682 Жыл бұрын
verdade
@harbibo Жыл бұрын
what a nice research
@duntarigaming7624 Жыл бұрын
Thats another lvl...
@RandomGeometryDashStuff Жыл бұрын
why does conn-indicator need to parse dns response? can't it just receive response, ignore contents, turn on LED?
@FlashbackTeam Жыл бұрын
How would it know it received a valid response to its request if it doesn't parse it?
@kurtlester7613 Жыл бұрын
Thanks this was very helpful! I wonder why they used DNS instead of ICMP? Surely DNS was never intended for such things?
@khatharrmalkavian3306 Жыл бұрын
More and more places blocking ICMP these days. Moreover, even if they wanted to ping a well known CNAME, it would still require a DNS query, so just doing the query is more efficient, since it's only checking for connectivity.
@RandomGeometryDashStuff Жыл бұрын
16:59 does offset to name point to start of length+string or can if point to another compression mode?
@nickmalone3143 Жыл бұрын
What toolsets(s) are you using ie caller??
@markc6714 Жыл бұрын
Just another example of cops thinking they're above those they're supposed to serve
@user-ju8km5hl8e Жыл бұрын
The best
@draxler.a Жыл бұрын
we're waiting for the part 2 for 2 week 😭😭
@huskytail Жыл бұрын
Just came here to find it but I will have to join the queue waiting for part 2 😅
@draxler.a Жыл бұрын
@@huskytail 3month of waiting im not interested anymore i well unsubscribe they don't respect us ....
@huskytail Жыл бұрын
@@draxler.a I must confess I had even forgotten about it.
@fullpower8382 Жыл бұрын
I have a Question for Experts what I can not extract from that what is. My Provider had a Damage in a Knot where a Car crashed in.... first the internetconnection was lost, a few Minutes....after That it was ok for a few Minutes.... then it crashed again and was a longer Time out of Order. Since that I can not connect my Handy and my TV but every other Device works as usual. One Thing is that my Handy and the TV dont find the Port anymore... How is that possible?
@antiquark6253 Жыл бұрын
At 6:50 you mention that you're using gdb while having a laugh for your buddy who uses a 'lame java's one, were you referring to ghidra? Lol
@Marty_YouTuber Жыл бұрын
i watched the video, but i feel sad i am understanding very little. i didn't know you had a real world hacker course.
@augusto256 Жыл бұрын
This is 💎
@NIKHIL-yl1ws Жыл бұрын
Which OS you are using?
@FlashbackTeam Жыл бұрын
Pedro prefers Debian, and Radek likes Ubuntu more.
@Byteswap Жыл бұрын
Anybody knows which code editor he is using there?
@marcusaurelius34872 ай бұрын
So, if we reduce everything, it is basically as many other vulnerabilities: The software does not check the size, it assumes that it will be as intended, in this case placing it into a fixed size variable. So an input validation error?
@FlashbackTeam2 ай бұрын
At the end if the day all is the same. Find vuln get RCE :p
@Ivo-- Жыл бұрын
Part 2 when? :D
@azizamanaaa6006 Жыл бұрын
Please release a course in hacking please i want to learn or atleast link a good course that is useful to learn deep hacking please!!
@_wanteed8618 Жыл бұрын
looks like dns reading memory overflow
@zeeshawnali4078 Жыл бұрын
Where is part 2?
@wasekaug Жыл бұрын
Watching this makes me feel mad and dumb. This is like an art that I just can't seem to get. How do you learn all of this?!
@FlashbackTeam Жыл бұрын
In our course :D But honestly, if you don't know the basics of assembly, scripting and Linux command line, you will get lost. The best book to learn reverse engineering ("Reverse Engineering for Beginners") is completely FREE: beginners.re/ Once you master the basics, come to our course and we will teach you how to find and exploit vulnerabilities in real embedded devices!
@wasekaug Жыл бұрын
@@FlashbackTeam thanks for this, I will definitely check it out
@georgewbushcenterforintell147 Жыл бұрын
Why KZbin am recommended video this me not know but watch interesting brain capacity limited open to expansion thank you I will sub
@jeffersonmarques3843 Жыл бұрын
part 2 ??
@FlashbackTeam Жыл бұрын
soon. It takes a lot of time to record and we are super busy. Subscribe if you don't want to miss it.
@FromRootsToRadicals_INTP Жыл бұрын
Excellent on how to also think it up. Not just run some tools.
@zakariahmimssaelfakir3325 Жыл бұрын
What knowledge should i have to understand this video ??!!
@anonim5052 Жыл бұрын
Where is the second part?
@FlashbackTeam Жыл бұрын
We are still working on Part2. You can subscribe not to miss when we release it.
@anonim5052 Жыл бұрын
@@FlashbackTeamok thank you :)
@LifeChanger_._ Жыл бұрын
I do not understand, so you need to hack the router physically before you can do all this right? If true, how when you don't have access to routers in other places.
@khatharrmalkavian3306 Жыл бұрын
This is not the attack. This is the research for the attack.
@pppkenken6610 Жыл бұрын
Exploit machine language x000x
@53buahapel Жыл бұрын
🤓🤓🤓🤓
@전재영-l1l Жыл бұрын
DNS DAS 닫힌문닫혀있는문 DZS OPDZM 모래시계가작용하여연문
@bofeng6910 Жыл бұрын
where is part2? ❤
@FlashbackTeam Жыл бұрын
We are still working on Part2. Will be released as soon as we have finished it.