Reversing the Smarter Coffee IoT Machine Protocol to Make Coffee Using the Terminal.

I love coffee, that’s a fact, and I drink liters of it during the week … I also am a nerd and a hacker, so a few days ago I bought a Smarter Coffee machine on Amazon, basically a coffee machine that you can control over your home wifi network using a mobile application ( both for Android and iOS ).
The app is really nice: you can set the amount of cups you want, the strength of the coffee, etc, then you only need to press a button and wait for your delicious coffee to be brewed.

Since I work from home, most of the times I’m using the computer keyboard, not a smartphone, therefore I wanted/needed a console client for it, something that the vendor never released, so I started reversing the Android application in order to understand the communication protocol and write my own client implementation … guess what? :D

Yep, i can make coffee using the terminal now :D


Read More

Un Po Di Consigli per Aspiranti Professionisti Del Settore Della Sicurezza Informatica

Recentemente è stata pubblicata una mia intervista su Motherboard di VICE e appena qualche ora dopo ho iniziato a ricevere un quantitativo stupefacente di email da persone che chiedevano fondamentalmente tutte la stessa cosa, un po di consigli per aspiranti professionisti nel settore della sicurezza informatica.

Considerando che rispondere individualmente ad ogni email sarebbe poco fattibile ho allora deciso di scrivere un post nel quale raccogliere alcuni di questi consigli.
Se per alcuni di voi lettori dovessero sembrare delle banalità, mi scuso fin da subito, ma l’età di chi mi ha mandato quelle email è molto varia, così come il loro background professionale, quindi volerò abbastanza basso ed elencherò solo alcune delle basi.

Chiedo anche scusa fin da subito per gli errori di sintassi, grammatica e via dicendo. Non sono abituato a scrivere in Italiano, non sono abituato a scrivere cose non tecniche e soprattutto non sono uno scrittore :D

Read More

WiFi Pentesting With a Pineapple NANO, OS X and BetterCap

After a few weeks of testing on the field, I’ve found the perfect configuration for WiFi pentesting using a WiFi Pineapple NANO, an OSX laptop and BetterCap.
Since different people from different forums had issues making this work ( mostly due to the difficulties of internet connection sharing between OSX and the Pineapple ) I’ve decided to share my setup today ^_^


Read More

DISCLOSURE - RCE Against Every Open Source BTS Software.

This is a repost of an analysis of mine that has been posted on Zimperium’s blog, basically I’ve found that the following products are vulnerable to remote command execution, plus other various logic errors n’ stuff:

  • YateBTS <= 5.0.0
  • OpenBTS <= 4.0.0
  • OpenBTS-UMTS <= 1.0.0
  • Osmo-TRX/Osmo-BTS <= 0.1.10
  • Other products that share the same transceiver code base.


Read More

Samsung Galaxy Apps MITM Vulnerabilities

The Samsung “Galaxy Apps” application installed on every recent Samsung device, a parallel store application with both apps for Samsung smartphones and smart watches, is vulnerable to MITM attacks which could cause user information leaks, permissions dialog bypass and session hijacking.

Affected Products

Samsung Galaxy Apps <= 4.1.01-14

galaxy apps

Read More

How the United Arab Emirates Intelligence Tried to Hire Me to Spy on Its People

Recently, we’ve been overwhelmed with news of horrors, attacks, monsters who murder the innocent in the name of a faith they don’t truly know. I’m publishing this article today to talk about other monsters, and I can guarantee these can be much worse than the ones we are now familiar with. They are the ones you don’t see coming, those you cannot conceive to be real.

Benjamin Franklin said:

Either write something worth reading or do something worth writing.

Well, I’ll do my best.

Read More

Presenting OpenBank, a Safe and Easy to Use BTC Tracker

Are you a BitCoin user and do you happen to have many wallets and have a hard time to track their whole balance like me? If your answer is yes then you might find useful my latest project called OpenBank!

OpenBank is a Laravel and Angular based web application that you can use to keep track of your BitCoin public keys, your total balance and so forth. All the data is collected in realtime and will be shown to you on its web interface.

Read More

Hacking Yourself Out of the Banking System and Live Only on BitCoin [EPISODE 2]


Since my latest post about BitCoin went viral it also got published on Quartz, The Memo and other various magazines.
Some people also asked me to keep writing about this and give them updates about my decision to ditch banks for BitCoin, so here I am :)

Unfortunately I’m still unable to fully avoid banks as I’m moving to another apartment and I need some money in my account, so at least for this month I had to get my wage sent to my main bank account, but within the next 1-2 months I’ll be able to move all of my assets to BTC.

In the meantime, here’re some clarifications about my previous post and some more insights/updates.

Read More

Hacking Yourself Out of the Banking System and Live Only on BitCoin

I’ve been interested in BitCoin since the very beginning but, until now, I considered BTC some very nice cryptographic experiment with high potential but almost no effects on real life.
A few years ago, buying BTC or selling them in order to get fiat ( “real” currency such as USD, EUR, etc ) wasn’t easy at all, but now things changed and things are much easier.
That’s why I decided to live only with BitCoin and this is how I’m trying to do it.


Please be aware that this is still work in progress, I’m trying the methods I’m going to show you these very same days, do not give my word for granted, if you want to follow this path, please be sure you know what you’re doing and most importantly double check every single thing.

Read More