AutoPro and 3rd Party Carplay/Android Auto Dongle Security Research

I have some very backlogged projects I've decided to just release to get them out of my backlog. The first one is related to aftermarket Apple CarPlay and Android Auto dongles. This release is the majority of my notes, tools, findings, and research artifacts from looking at the Mayton/AutoPro-style dongle ecosystem. It includes documentation, test … Continue reading AutoPro and 3rd Party Carplay/Android Auto Dongle Security Research

Reverse engineering the MISIRUN Instant Print Kids Camera

My tubs of hardware to hack continues to grow and the rediscovery of Woot! (miss the OG Woot!). Although it's in the future, I decided to pick up a few of these cameras as they were on a steep sale. I figured that they weren't going to be groundbreaking but fun to hack, especially as … Continue reading Reverse engineering the MISIRUN Instant Print Kids Camera

CVE-2024-32210, CVE-2024-32211, CVE-2024-32212, CVE-2024-32213 LoMag (Integrator/CE) WareHouse Management

The post discusses the discovery of multiple CVEs in LoMag WareHouse Management, including hard-coded credentials, weak hash usage, and SQL injection vulnerabilities. The author provides insights into their discovery process and highlights the insecure coding practices in the application.