Email or username:

Password:

Forgot your password?
ezhevita

had to reverse-engineer an app to interact with my home’s intercom to integrate it into #HomeAssistant, what a museum of horrible development and security practices. there is a possibility that i could break into their infrastructure, hasn’t thought of a way to do it though

i’ll make a write-up and an integration for Home Assistant in some future, too lazy rn

2 comments
ezhevita

for starters: authentication over a plain http, login in the request is “encrypted” with Caesar cipher, password is double MD5 of the original password (worth mentioning that app calculates MD5 of a hex string and not of a byte array second time, treating every hex digit as an ASCII byte; that’s because their MD5 function is only capable of returning hex strings)

what’s up with the response? it’s sent as base64 text, decoded data is AES-256 encrypted with a key = (a half of MD5 hash in form of a hex string + constant string (which is manufacturer name + 8 digits + two special characters)) and an IV = “1234567887654321”

you can’t make this shit up

for starters: authentication over a plain http, login in the request is “encrypted” with Caesar cipher, password is double MD5 of the original password (worth mentioning that app calculates MD5 of a hex string and not of a byte array second time, treating every hex digit as an ASCII byte; that’s because their MD5 function is only capable of returning hex strings)

ezhevita

and here it goes, i’ve spent a few hours on the first prototype and then delayed tidying up the source code for a few weeks because i’m an irresponsible human being without any sense of time and also because i forgot

anyway, here’s the link — lots of stuff still not implemented but i’ll keep going later

github.com/ezhevita/AkuvoxAPI

Go Up