Skip to content

Bored Pentester

Bored Pentester

A collection of spare time spent reverse engineering, hardware hacking and conducting vulnerability research.

Category: Uncategorised

1st June 2024 / Uncategorised

Smart Doorbell Security (Part 5) (LiteOS analysis)

In the previous part of this series, we analysed the bootloader of the device in order to understand whether the compression in use was trivial. We concluded it appeared to take place in hardware and as such, we didn’t have visibility of its underlying workings. This post intends to analyse the firmware of the device …

Continue Reading
1st June 2024 / Uncategorised

Smart Doorbell Security (Part 4) (Bootloader analysis)

Analysing the bootloader This part of our series intends to inspect the U-Boot bootloader in use by the device in order to understand the firmware decoding routine. It should be noted that I wasn’t able to gain a full understanding of the decoding procedure as this operation seems to have been delegated to hardware, nevertheless, …

Continue Reading
1st June 2024 / Uncategorised

Smart Doorbell Security (Part 3) (Wireless credential theft)

Device overview Previously, we looked at one facet of the software that was used to communicate with our device, focusing specifically on the security authentication and pairing mechanisms, as well as the protocol. In this part, we’ll tear down the device and review the hardware and exposed test ports. Hardware inspection Opening up the device, …

Continue Reading
1st June 2024 / Uncategorised

Smart Doorbell Security (Part 2) (Client credential theft)

Previously, we threat modelled the device and highlighted some primary concerns where I wanted assurance. In this part, we intend to inspect the protocol, authentication and pairing mechanism employed by the application and device. The pairing mechanism The doorbell’s pairing and authentication mechanisms are fairly odd, but not uncommon. For the initial pairing, the device’s …

Continue Reading
©2025 Bored Pentester - Powered by Simpleasy