When I Analysed Firmware And Found A Complete DDNS Server Fail

May 29, 2015

I am continuing the research I provided in this post. I have some notes before we go into this, as I’d just like to point a few things out.

I’ve censored the hosts because I don’t have money for a lawyer, but I think it is vital to release this information. This post is aimed to wake people up that embedded devices are no joke, I haven’t been looking at these for too long and already have a realisation how disastrous a lot of these products are. Without such security the biggest victim in all of this is the end user, the people who bought the product, that do not know the technicalities of these problems and stay unaware that they are at risk. This is why I decided to release this research, not for ego or 1ups. I should say right now I did not modify or change any values within this system.

read more …

Soundcloud Gives Me Everything For Free

May 7, 2015

I have little time for looking at CCTV systems so thought I should update this blog with something that took me about 2 minutes to do. Soundcloud is a great website that I’ve used for a couple years now, you should all know it by now, a lot of emerging music is on there. I decided to investigate how easy it would be to get the audio of a track with the download option disabled, sadly, it was painfully easy. For this test I will be using tracks I’ve uploaded on Soundcloud, so nothing wrong there. I was originally going to make a YouTube video on this but feel it’s too risky with YouTube’s strict rules.

The first place to start is to open up the source and see whats happening from there. I came across this, it’s one of the first few lines. This shouldn’t work, I’ve disabled the download option.


This is the correct response, I can’t just download something through the API when it’s disabled so I’m happy that this feature works.


So the next thing I choose is to track what’s happening with the network feature in Firefox, a great feature for capturing something like this and understanding how the system works. I intentionally wait before the page loads before clicking play on a track, this will help distinguish anything of relevance, although there is a possibility it’s already been loaded.


Checking the type in the network feature is also important, it helps you understand what the web application is doing. As we can see from the screenshot above, the type “mpeg” is delayed probably due to it trying to load the whole audio (some web apps do it differently). The mpeg is the actual audio, but for creating a Soundcloud downloader it doesn’t give us much clues. Another interesting part of these requests is the type JSON request.


The API needs a track ID which we can get (check the source, first picture). The client ID and App version are not unique to us, I checked with a Google dork and saw requests with the same client_id. When requesting this API we get a “http_mp3_128_url” and a “preview_url”. We ofcourse want the first, the response you will get is something like this.

{“http_mp3_128_url”:”https://cf-media.sndcdn.com/48IpIAsFWirw.128.mp3?Policy=(random)__\u0026Signature=(random)__\u0026Key-Pair-Id=(random)”,[redacted preview url]}

I have obviously modified things to make this easier, the first thing I notice is the \u0026, this is simply unicode for “&”.  If you’re confused why I have (random) replacement, this is what a actual response looks like.

dIf we copy the “http_mp3_128_url” value and replace the \u0026 with & we are pleasantly surprised with an mp3 which plays, this allows us to create an automated downloader, as we are simply using a API call to the URL. We do not have to be logged in or have cookie values, I’ve tested with the TOR browser and seems to go swimmingly. One thing to note is that if you wait too long after the API call you won’t be able to get the mp3. You will be instead given a not authorised message. This makes sense. If you just clicked the play button and it’s sent a JSON request it shouldn’t take longer than a second.





If you’re not later than a few minutes, you should have a track you can play nicely.