Gregory's Server
had to reverse-engineer an app to interact with my home’s intercom to integrate it into #HomeAssistant, what a museum of horrible development and security practices. there is a possibility that i could break into their infrastructure, hasn’t thought of a way to do it though
i’ll make a write-up and an integration for Home Assistant in some future, too lazy rn
for starters: authentication over a plain http, login in the request is “encrypted” with Caesar cipher, password is double MD5 of the original password (worth mentioning that app calculates MD5 of a hex string and not of a byte array second time, treating every hex digit as an ASCII byte; that’s because their MD5 function is only capable of returning hex strings)
what’s up with the response? it’s sent as base64 text, decoded data is AES-256 encrypted with a key = (a half of MD5 hash in form of a hex string + constant string (which is manufacturer name + 8 digits + two special characters)) and an IV = “1234567887654321”
you can’t make this shit up
for starters: authentication over a plain http, login in the request is “encrypted” with Caesar cipher, password is double MD5 of the original password (worth mentioning that app calculates MD5 of a hex string and not of a byte array second time, treating every hex digit as an ASCII byte; that’s because their MD5 function is only capable of returning hex strings)