The basic functionality of the application is as follows:
- Application sends out a UDP broadcast on port 5978
- Camera sees the broadcast on port 5978 and inspects the payload – if it sees that the initial part of the payload contains "FF FF FF FF FF FF" it responds (UDP broadcast port 5978) with an encoded payload with its own MAC address
- Application retrieves the camera's response and creates another UDP broadcast but this time it sets the payload to contain the target camera's MAC address, this encoded value contains the command to send over the password
- Camera sees the broadcast on port 5978 and checks that it is meant for it by inspecting the MAC address that has been specified in the payload, it responds with an encoded payload that contains its password (base64 encoded)
After spending some time with the application in a debugger I found what looked like it was responsible for the decoding of the encoded values that are passed:
super exciting screen shot. |
Translated into english: the application first uses a lookup table to translate every byte in the input string, to do this it uses the value of the current byte as an offset into the table. After it is done with "stage1" it traverses the translated input buffer a dword at a time and does some bit shifting and addition to fully decode the value. The following roughly shows the "stage2" routine:
(Dword[0] << 2) + (Dword[1] >> 4) = unencoded byte 1
(Dword[1] << 4) + (Dword[2] >> 2) = unencoded byte 2
(Dword[2] << 6) + Dword[3] = unencoded byte 3
I then confirmed that this routine worked on an "encoded" value that went over the wire from the application to the camera. After confirming the encoding scheme worked, I recreated the network transaction the application does with the camera to create a stand alone script that will retrieve the password from a camera that is on the same lan as the "attacker". The script can be found here, thanks to Jason Doyle for the original finding (@jasond0yle ).
- World No 1 Hacker Software
- Best Pentesting Tools 2018
- Nsa Hacker Tools
- Hacker Tools Github
- Hack Tools Pc
- Game Hacking
- Hacking Tools Pc
- Hacking Tools For Games
- Hack Tools Github
- How To Install Pentest Tools In Ubuntu
- Hacker Tools
- Pentest Tools Website
- Pentest Tools Kali Linux
- Best Pentesting Tools 2018
- Hacking Tools Online
- Hack Tools Github
- Hacker Tools Windows
- Pentest Tools Online
- Hacking Tools For Mac
- Underground Hacker Sites
- Hacker Tools Github
- Hacking Tools Github
- Easy Hack Tools
- Hacker
- Hacker Tools Online
- What Is Hacking Tools
- Pentest Tools Find Subdomains
- Pentest Tools Tcp Port Scanner
- Hacker Tools For Mac
- Pentest Tools Linux
- Underground Hacker Sites
- Pentest Tools Url Fuzzer
- Hack Tools Download
- Hackrf Tools
- Pentest Tools Github
- Hackers Toolbox
- Hacker Tool Kit
- Hacker Tool Kit
- Hack Tools
- Hackers Toolbox
- Hacking App
- Pentest Tools Framework
- Termux Hacking Tools 2019
- Hacker Tools Mac
- Top Pentest Tools
- Hack Tool Apk No Root
- Hack Tools
- Install Pentest Tools Ubuntu
- Best Pentesting Tools 2018
- Hacking Tools For Beginners
- Tools Used For Hacking
- Hack Tools For Windows
- Hack Website Online Tool
- Hacker Tools Free
- Pentest Tools Online
- Hacking Tools Software
- What Are Hacking Tools
- Pentest Tools Open Source
- Pentest Tools Port Scanner
- Hacks And Tools
- Hacker Tools Github
- Hack App
- Pentest Tools For Mac
- Hacker Tools
- Hack Tool Apk
- Hacking Tools Windows
- Nsa Hacker Tools
- Hacker Hardware Tools
- Pentest Tools Apk
- Hacking Tools Pc
- Pentest Tools Website
- Github Hacking Tools
- Hacking App
- Hacking Tools Usb
- Hacker Tool Kit
- Hacking Tools Online
- Hack Tools For Mac
- Pentest Tools Apk
- Pentest Tools Online
- Github Hacking Tools
- Tools 4 Hack
- Hacker Tools Windows
- Pentest Tools Framework
- Hacker Tools Online
- Physical Pentest Tools
- Pentest Tools Port Scanner
- Pentest Tools Github
- Pentest Tools Subdomain
- Pentest Tools Apk
- Top Pentest Tools
- Pentest Tools For Ubuntu
- World No 1 Hacker Software
- Pentest Tools For Windows
- Hacking Tools For Pc
- Wifi Hacker Tools For Windows
- Hack Tools Pc
- Hack Tools 2019
- Hacker Hardware Tools
- Hack Tools For Windows
- Best Hacking Tools 2019
- Hack Apps
- Free Pentest Tools For Windows
- Pentest Tools Free
- Hacking App
- Pentest Tools Tcp Port Scanner
- Hacker Techniques Tools And Incident Handling
- Easy Hack Tools
- Pentest Tools For Mac
- Pentest Tools Windows
- Pentest Tools
- Pentest Tools For Ubuntu
- Hack Website Online Tool
- Hack Tool Apk
- Pentest Tools Windows
- Hack Tools For Mac
- Hack App
- Hacking Tools
- Pentest Tools Url Fuzzer
- Hacker Tools
- Hacking Tools For Windows 7
- Best Pentesting Tools 2018
- Pentest Tools For Ubuntu
- Hacker Tools For Mac
- Tools For Hacker
- Pentest Tools Free
- Usb Pentest Tools
- Hacking App
- Hacking Tools Download
- Hacking Tools For Beginners
- Hack Rom Tools
- Hacking Tools For Windows 7
- Best Hacking Tools 2019
- Pentest Tools Port Scanner
- Hak5 Tools
- Pentest Tools Alternative
- Hacking Tools For Beginners
- Hack Tools
- Hacking Tools Pc
- Hacking Tools Windows 10
- What Are Hacking Tools
- Hacking Tools For Kali Linux
- Hack Tools For Ubuntu
- How To Make Hacking Tools
- Pentest Tools List
- Easy Hack Tools
- Growth Hacker Tools
- Pentest Box Tools Download
- Nsa Hack Tools Download
- Hacker Security Tools
- Hacking Tools For Kali Linux
- Nsa Hacker Tools
- Hacking Tools Free Download
- Beginner Hacker Tools
- Pentest Tools Nmap
- How To Install Pentest Tools In Ubuntu
- Hack Tools Pc
- Hacker Hardware Tools
- Hacker Tools For Windows
- How To Install Pentest Tools In Ubuntu
- Pentest Tools Review
- Hack Tools Pc
- Hacking Tools Kit
- Pentest Tools For Android
- Hacking Tools Free Download
No comments:
Post a Comment