No video
Hacking a WiFi Fireworks Firing System - The FireFly Plus
Рет қаралды 13,392
Күн бұрынIn this video, we reverse engineer the binary protocol used to send firing commands to the FireFly Plus Firework Firing System.
IoT Hackers Hangout Community Discord Invite:
/ discord
🛠️ Stuff I Use 🛠️
🪛 Tools:
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
twitter: / nmatt0
linkedin: / mattbrwn
github: github.com/nma...
#hacking #iot #cybersecurity
@avri210984 Ай бұрын
Up next is flashing it with esphome and connecting it to home assistant 😉
@dowster593 Ай бұрын
going to update my morning automation to show me the weather _and_ launch a random pyro
@MonkGD Ай бұрын
“Hello Dispatch, i have someone breaking into my house; please look for the mortars firing off every 3 minutes, and when you are 2 minutes out, i will trigger a green smoke screen at the entrance of my house.”
@I_hu85ghjo Ай бұрын
It has been a while since i have enjoyed learning something. Such a gem of a channel. Keep on the great work!
@SailAway33 Ай бұрын
Thanks Matt you fill a space on KZbin that too few fill. I love learning what the devices around us are doing.
@Jennn Ай бұрын
This should have so many more views.
@AngDeLuca Ай бұрын
Having this protocol, which is safety-critical, be of such low quality is concerning.
@bleh198 Ай бұрын
happy late 4th of jul matt!
@AceTrainerBanjo Ай бұрын
Hell yeah brother! Rock, Flag, and Eagle!
@XYZ56771 Ай бұрын
really nice material, keep it up!
@fireteamomega2343 Ай бұрын
When you want revenge against your rich pyrotechnic neighbor... or a Mr beast set 😅
@mattbrwn Ай бұрын
Judging by how buggy this SW is I'm going to guess there is no way Mr Beast is using this thing 😂
@fireteamomega2343 Ай бұрын
Good point but great exercise nonetheless. I love hardware hacking and that you're incorporating microcontrollers from what I've seen you are the real deal so subbed. It would be cool to see you build a portable standalone uart decoder with a text editor. I'm thinking an esp32 maybe a wroom or a capable dev model along with a 3.5" touchscreen. Then your parts list is a uart module a voltage detection module a 5v and 3v relay a logic level converter a battery pack and a mini keyboard module and of course a decent amount of programming and debug. 3d print up a custom case and you could definitely sell them.
@ChrisS-oo6fl Ай бұрын
@@mattbrwnI have a Racing (lap time) RF Transponder Id love to hack. We used to be able to purchase one and it always worked. Now you purchase them for the same $300 but they are all “subscription based” and you need to activate it. They constantly transmit the Transponder ID via RF as long is it’s charged and your service is valid. It never shuts off. Each year you connect the device Via Bluetooth and pay for your service duration of 6 months or a year. Then it’s always transmitting. You never connect Bluetooth agin so it must have an internal timer triggered by a Bluetooth command. After a year it stops transmitting and you have to pay another $125.. I’m not familiar with this world but I’d assume you could listen to the Bluetooth traffic and then spoof the command/ packet somehow . Think you could get one to transmit without service? Or permanently Transmit?
@d3stinYwOw Ай бұрын
Great material! But definitely those scripts need some love LOL :D
@drumba Ай бұрын
thats damn cool
@TornTech1 Ай бұрын
20 seconds in an already enjoying it!!! "A Wifi Based Firework Launching device" sure!!! lets put explosives on a wifi network!
@tekvax01 Ай бұрын
BTW... they are called fuses not wicks...
@Donn29 Ай бұрын
Is it possible that some of the bytes are different, for different serial numbers of devices? Meaning, what is the likelihood that that code would work on any machine?
@mattbrwn Ай бұрын
It could be, however I never entered the SN or any other device information when setting up the app. So if anything in that data is unique it's getting pulled over that same protocol.
@caseysmith5585 Ай бұрын
I really like your videos but I just wish I knew what everything was 😂
@cognisent_ Ай бұрын
Not knowing what everything is means you still have more to learn! That's exciting!
@Sama_09 Ай бұрын
Next we need a hacking video on hp printers 😂 hope they dont sue !!
@spotpkt Ай бұрын
The 16 may be a time constant for how long the primer fires. Shooting in the dark here.
@josh9761 Ай бұрын
10/10
@ClumsyCars Ай бұрын
1:53 it looks like you can add a hc05 blue tooth module in that white square.
@mattbrwn Ай бұрын
That is actually labeled "Lora"
@ClumsyCars Ай бұрын
@@mattbrwn that's neat. A google search seems to indicate a LORA module is a "radio modem"
@ErebuBat Ай бұрын
LoraWAN for long distance control 🤔
@monad_tcp Ай бұрын
2:19 oh no its upside down, the electrons are going to fall out as would say Dave Jones
@italosoares69 Ай бұрын
I got a bit scared seeing someone using such an outdated esp-idf from a dirty branch, in such critical devices. Imagine having you hand blown out by a bug that may habe been fixed 5 years ago. Hardware seems ok, but cant say much as i dont have one.
@tonirhtdm Ай бұрын
Hello Mat can you explain how to root shell of a router and change the MAC id of a device.
@mikescholz6429 Ай бұрын
The only responsible thing to do is to hook it up to a public network and make it fireable through an unauthenticated web interface 😈
@jsc0 Ай бұрын
Can't you capture the traffic on the PC, without ARP poisoning, if you use promiscuous mode in Wireshark? Assuming all the devices are on the same LAN.
@mattbrwn Ай бұрын
No as the traffic between the mobile phone and firing device won't be routed to the PC.
@samuraidriver4x4 Ай бұрын
Atleast they didnt just send a simple single digit over and atleast tried to do the right thing. Fun little device, anything else on the other side of the PCB or is the shift registers combined with transistors it?
@mattbrwn Ай бұрын
No there is nothing of note on the back
@samuraidriver4x4 Ай бұрын
@@mattbrwn interesting, pretty simple hardware then.
@arraybytes7214 21 күн бұрын
I am just curious if the checksum function does a check for a checksum of 16? I am not great at Java so I didn't notice if it did or not.
@cybertechug7900 Ай бұрын
Hello, greetings from Uganda. I have an isp nokia locked outdoor 4G reciever unit. How about we find means on how you can receive it and give it a try to log into it
@SoldererOfFortune Ай бұрын
How many amps are they switching through what seems to be an audio jack/wire to get that element hot af?
@danvasicek4122 Ай бұрын
Hello this seems interesting. Happy 4th of july even tho here is fifth already, maybe for you too.
@mattbrwn Ай бұрын
Lol yeah the first part of the vid was filled on the 5th and the outdoor part on the 4th.
@FreshaThen Ай бұрын
What OS do you use? And is it run in a VM or bare metal?
@yusuf9356 Ай бұрын
Can you reverse engineering a linux smart watch?
@AUATUWVSH Ай бұрын
ez byte[] command = new byte[]{...}; int sum = 0; for(byte b : command){ sum += b; } return sum & 0xFF;
@tubeDude48 Ай бұрын
Why type 'clear', just hit CTRL-L As a UNIX user back in the 90's, I HATED VIM, so I was so glad when Linux came along with 'nano', which is so much easier to move around in when editing, so why people still use VIM is beyond me!
@a97807 Ай бұрын
Great thing about unix is there's always 10 ways to do the same thing. We all rely on muscle memory to do things. :wq
@monad_tcp Ай бұрын
its because its a cult, I always found it funny that people use a PC pretending the PC keyboard its a PDP one that didn't had arrow keys, pageup/down, home/end or the numpad or even the function keys. the proper sequence of commands for a iBM PC really is the DOS one (whichever DOS you like, it doesn't need to be the Microsoft one). also, the idea of having two modes for the keyboard is ironic, you have to keep pressing ESC, I pretty much prefer to press CTRL to access my commands, does that means I'm a Emacs user ? who knows. I paid for my 108 keys keyboard and I use all of the keys, not just the ESC
Fabiosa Best Lifehacks
Рет қаралды 18 МЛН
Matt Brown
Рет қаралды 97 М.