Posts by vidister@chaos.social
(DIR) Post #APRkdYZMgZ3a4Ts5Jo by vidister@chaos.social
2022-11-10T00:25:37Z
0 likes, 0 repeats
So no interactive shell for us. :(But we need to find a way stream video data to this device.No telnet client, no netcat. /dev/tcp doesn't work, this isn't bash. There's no python, no perl, no lua...Sure, we could cross-compile something and put it on the device in base64 encoded. But that sucks. We'd need to get the platform and libc version right... and copying will be a pain with the request size limit of our entry point.
(DIR) Post #APRkdZBIPXOjy7cNRQ by vidister@chaos.social
2022-11-10T00:34:03Z
0 likes, 0 repeats
I crawl through the filesystem to find anything that might work. Maybe there's something in the software that powers the phone that we can use?Oh, there are some really interesting binaries.. openvpn? bluetoothd? lighttpd? another busybox?!?Nice. They compiled wget in!
(DIR) Post #APRkdZhYTbCbaAi8iu by vidister@chaos.social
2022-11-10T00:43:40Z
1 likes, 0 repeats
Now we can fetch files. So, how do we draw to the display of the phone? There's no X11/Wayland or something like that, it looks like the software directly writes to the frame buffer.Let's try this... cat /dev/urandom > /dev/fb0Beautiful. 😎
(DIR) Post #APRkdaFwPkhxIonbJw by vidister@chaos.social
2022-11-10T01:00:39Z
0 likes, 0 repeats
I'm sure we can trick our good ol' friend ffmpeg into generating the raw frames in the right format.The display has 480x272 pixels, the first color format that comes to my mind is rgb24. For a moment I descend into chaos when trying to use ffmpeg, but eventually I succeed.With confidence I start pythons built in http server using `python -m http.server` to serve the files.The idea is simple: `wget -O - <url> > /dev/fb0`.This looks... wrong.
(DIR) Post #APRkdaj0ffxakyOod6 by vidister@chaos.social
2022-11-10T01:16:08Z
0 likes, 0 repeats
To figure out what's going on we need to generate some test images.This image should be completely blue. But we only get some weird white vertical stripes.Turns out, there are sooo many weird pixel formats!https://usage.toolstud.io/docs/ffmpeg/usage/pix_fmts/
(DIR) Post #APRkdbGKfmcCQJzQZM by vidister@chaos.social
2022-11-10T01:32:03Z
0 likes, 0 repeats
Never gonna give up finding the right format.We actually have 16 bits per pixel.5 for red, 6 for green and 5 for blue. Little endian.It's rgb565le. sure.. 🙄
(DIR) Post #APRkdbkSrkiZvm5UXI by vidister@chaos.social
2022-11-10T01:39:46Z
0 likes, 0 repeats
This is just a single frame. How do we make a video of it?First idea: Let's just write something that keeps telling our phone to fetch a new frame over and over again. How bad can it be?So I get my curl command, wrap it in a for loop and... it's bad. Maybe ~2 frames per second? We need something better.
(DIR) Post #APRkdcJujx4fhifnn6 by vidister@chaos.social
2022-11-10T01:48:55Z
1 likes, 0 repeats
the obvious improvement is to run the loop on the phone itself. Easier said than done, with our bare busybox shell..Actually it took me quiet a while to find a way that works.for i in {{1..1200}}Nope. Not supported.for i in $(seq 1 1200)No seq binary.while (( $i < $frames ))Not supportedwhile [[ $i -lt $frames ]]This works!Now we need to increment our variable.i++of course noti=$(( $i + 1 ))no arithmetic supported.i=$(expr $i + 1)this works!
(DIR) Post #APRkdcmH2Vl97fwRzk by vidister@chaos.social
2022-11-10T02:10:21Z
2 likes, 1 repeats
And this is it, the moment we all have been waiting for...Bad Apple on my desk phone!
(DIR) Post #AQ8yiAWZLlSKXqETWS by vidister@chaos.social
2022-11-30T22:54:29Z
1 likes, 0 repeats
tired: instance admins can read your DMswired: everybody can read your DMshttps://chaos.social/@zerforschung/109434915173065283
(DIR) Post #ARg3KvG3Qm51ev6gkK by vidister@chaos.social
2023-01-15T11:15:21Z
1 likes, 0 repeats
Some servers allow you to share an Ethernet interface between the host and the management controller (BMC, IPMI, iLO, iDRAC, etc.)I always found this strange and have been wondering how it works. Today I learned about NC-SI, the network controller sideband interface, and it's even more cursed than expected.Fortunately the spec is freely available, so let's have a quick look at it: https://www.dmtf.org/sites/default/files/standards/documents/DSP0222_1.1.1.pdf[thread]
(DIR) Post #ASGidErTN82CUjsJkm by vidister@chaos.social
2023-02-02T11:17:07Z
9 likes, 11 repeats
fyi, since many people don't know this exists:Almost all computer screens made in the last decade support DDC/CI. (The Display Data Channel Command Interface).You can use it to control stuff like the backlight brightness without fiddling with the awful screen buttons and OSD.On Linux once you load the ddcci kernel module the screens appear in /sys/class/backlights and can be controlled like a laptop screen.
(DIR) Post #AWUe4MVtRLeSFTXAvY by vidister@chaos.social
2023-06-08T20:59:44Z
0 likes, 1 repeats
Boop'n'Loop at #GPN21Come play with the loop station @janamarie and I built.Feel free to bring your own synths, we have a line in.
(DIR) Post #AY7bRBAsS9LLDVr1Em by vidister@chaos.social
2023-07-27T13:56:25Z
1 likes, 0 repeats
(DIR) Post #AdgPiBqqZiOLYnCny4 by vidister@chaos.social
2024-01-08T22:07:38Z
0 likes, 0 repeats
do you notice a lag when using a bluetooth mouse? [poll]
(DIR) Post #AiRrewRWQZCrcMxeM4 by vidister@chaos.social
2024-05-30T22:14:16Z
0 likes, 0 repeats
i ported bad apple to #GPN22
(DIR) Post #AktHLVzZddpCy6Ky1I by vidister@chaos.social
2024-08-12T12:18:46Z
4 likes, 3 repeats
born to share, copyright is a fuck, download em all 2038.I am license violation girl.410,757,864,530 COPIED FILES
(DIR) Post #AnG3VaJAYwnIVxmt7Y by vidister@chaos.social
2024-08-14T17:47:55Z
2 likes, 0 repeats
my gf just sent me laoganma via SSTV
(DIR) Post #AoJCufOpmVgrRoN9N2 by vidister@chaos.social
2024-11-22T13:13:16Z
1 likes, 2 repeats
Outlook wants to stop me writing "python script from hell" in work emails 🙃
(DIR) Post #ApWgsMVYycM42FrEmW by vidister@chaos.social
2024-12-29T02:15:24Z
1 likes, 0 repeats
"Blåhaj - The most cult-ish phenomenon in hacker spheres since Club Mate"