Security research, hardware builds, and radio experiments.

TL;DR -- I rebuilt the old WordPress archive as a Markdown-first Eleventy blog in my homelab, with drafts, preview, and a sane review workflow.

TL;DR -- Disney star wars games involve a bunch of scanning Aztec codes for items and challenges, I couldn't figure out how to generate my own correctly so I took apart the APK and generated each o...

If you just want to build, there is a build guide here there is also a Slack for a more interactive discussion if you just want to peak the code its on github . Ambient lighting has always been som...

This blog post will cover the build process for Aurora up, if you want to find out about how it was built you can read about it here, If you'd like to look at the code you can see the github It's o...

TLDR; You can listen to all of the San Francisco CERS (Public Safety) Trunked system at https://openmhz.com/system/sfcers_am , this guide will show you how you can do the same for it or another tru...

Title: Thats uggzactly what I thought! TLDR; ugg.com orders could be enumerated from just the orderid which was an incrementing number. Any order that was not already dispatched could be cancelled,...

A few years ago (many now as I see it was from 2014!) I got myself a pretty cool Kickstarter project called a BloomSky . Its a simple (but awesome!) device that you put on your balcony/somewhere wi...

Recently I was helping someone who wanted to get started building their own transforms, and after looking at the efforts they had to go through building the transforms, I thought there must be a be...

Overview One thing that always bugged me was if someone says something like "Oh wow you wouldn't believe what happ- actually nevermind". I am far too curious and I usually want to know what was goi...

Many years ago someone told me this interesting fact about how people receive compliments and it went something like this: "If a person receives a compliment, even if they know it is disingenuous,...

Over the years, halloween has always been fun for me, I basically wish I was American so that I could dress up excessively every year! This year I decided that I would like to build my own costume....

Usually I have a blog post about building/breaking something with the intention of actually building or breaking it. This one however is not like the others. It started about 2 years ago, I got a P...

Defcon every year has many many different electronic badges that you can play with / hack / blind your friends with. I was lucky enough to get one of these really cool badges and I wanted to figure...

After the fairly successful ZACon badges I did in 2014 , the BSides team in Cape Town (where I now live) asked if I'd like to be involved in building another one. Naturally my response was abso-fsc...

Recently, I've seen a number of posts on Facebook groups for South African communities about people having their car remotes jammed and the contents of their cars cleaned out while they are at petr...

Badges At some time in the next 6 billion years I will complete the writeup for the badges about how they were put together. For now this is just how to get your badge working at home as well as ho...

First off let me just say a big thank you to the MWR guys who put this CTF together, usually I don't partake in CTFs because the skillset required is usually out of my grasp (IANAP). To have develo...

This blog post will discuss the implementation of Codegrabbing / RollJam, just one method of attacking AM/OOK systems that implement rolling codes (such as keeloq) -- these systems are commonly fou...

Introduction Its been absolutely ages since I've posted anything on the blog, not that I havent been doing things, just really not many things I felt good enough to write an entry about. I got a lo...

The ZaCon badges were a ton of work on the hardware side (see ZaCon V Badge [1/2]: Build Time ), however they provided their own challenges on the software side as well. Since my knowledge of chips...

I realise I should have done this entry a little sooner, but as everyone should be well aware of by now, I am lazy. Also I moved to Cape Town just after ZaCon V which proved rather time consuming!...

UPDATE: For those people that missed the friday night the code and slides are here: Slides: /Badger Badger Badger.pptx Code: https://github.com/AndrewMohawk/zaconv/ MAGICELECTRONICBADGES Ever since...

It has been absolutely ages since I have written a blog post - genuinely I really havent simply been slacking off, i've just been busy! Anyway, figured it was time to do a writeup on some stuff I h...

I really should have written this after ZaCon (november last year), but I'm lazy. However I have been asked to give a brief overview of the same talk at ITWeb this year so I figure I may as well fi...

Its taken a lot of motivation to start writing this, and I hope its okay, I have a mental block that I need to write this and the second post about magstripes before moving on to some new things wi...

Hi Guys, I see I haven't update this blog in ages, I'd love to say I didn't have enough time, but it was mostly just me being.. well lazy. Zacon IV was on the 27th of October ( http://www.zacon.org...

Previously I discussed using my RTL-SDR to merely listen for analog audio signals . In this entry I'll discuss using it to decode digital signals (this example on fixed remote signals often used fo...

This is just an update on the Arduino watering system, everything seems to be going well whilst I am away (I am away for ~a month, till the end of Blackhat / Defcon). In winter the plants don't req...

A few weeks ago (I've been meaning to do this post for ages, few weeks ago is give or take 2 months) there was a post on reddit regarding a new software defined radio that cost around $20. After re...

Intro So its been nearly a month since I last put a blog post up and I have been working on some stuff in my free time between work (been traveling to the US and took a weekend off to visit some fr...

I know, its been forever since I posted, but I do have two things i'm working on (there are drafts, but they need to be finished) - Its just the effort to actually finishing. Its on Magstripe spoof...

The Quick and dirty: New PasteLert lives at /pasteLertV2/ Downloads: » Interface -> /pasteLertV2/src/pastelertv2_Interface.zip » Cron Tasks -> /pasteLertV2/src/pastelertv2_Cron_Tasks.zip » Scraping...

<responsible_disclosure> Before i discuss this, let me just say that the bug has been patched (was in 2.5.1) and at the time of writing this Joomla is already 2 increments away - 2.5.3 is currently...

Overview I've always been semi interested in botnets/trojans and targetted attacks and the way they get their data in and out and how the command and control centres work. One of the things i'd usu...

Hey guys, I saw the pastebin guys put out a list of the IP addresses that have been attacking them for people to check if they were, I wrote a quick little script to test this at: /pastebinAttack/...

So this is going to be a rather strange post as at the time of writing its not actually implemented, the system is built in a waterproof container as well as the networking setup and so on. I figur...

I've always been harping on about growing my own tomatoes and other veggies and earlier this year i attempted it for a while.Unfortunately with me going away for various conferences and generally b...

zacon - http://www.zacon.org.za/ - is just around the corner now, so badge submission went out. Wasn't particularly inspired but i hacked together 3 diff ones, now we just wait and see. UPDATE Deci...

Sorry guys, I noticed that I haven't been getting any pasteLert updates, and i just realised why (see above picture for my reaction). Change line 4 in truncPastes.php from: mysql_query("truncate pa...

Ohhi Archive for pasteLert So i finally got round to putting the source together and writing this out. We've been really busy with Blackhat training at work and so on and i'm generally just lazy. A...

ANDREW I DONT CARE ABOUT YOUR STORIES! JUST GIVE ME THE LINK! >> /pasteLert/ Hey guys, So here is my latest project, extending from the previous pasteScraper to do something a little different with...

So this is the only entry i have where i've built an app that wont work from day 1. "Oh why andrew, why?" you might say, but as I shrug, this was not my fault. So a while back Samy Kamkar produced...

So i was chatting to Chris Hadnagy and he was having a bit of an issue getting an API key for yahoo BOSS and it seemed troublesome. So i popped off a mail to yahoo to ask how i could get a key to s...

Click here to search the VMWare user database! So last week some time Chris Hadnagy linked me to the following URL: http://info.vmware.com/content/opt-out which was pretty interesting last week. Ba...

Yeah im really lazy, so im not gonna write a lot about it, basically, if you wanna use it on my site hit it up at /pasteScrape/ otherwise feel free to download it and run it yourself from this arch...

So its been ages since i last blogged, and i am determined to try do this more regularly since it will probably get me onto doing more stuff! This is pretty much the first thing i built with the Ar...

So i've commented most of the lines and you should be able to easily follow what has happened in the code. Leave a comment if there are any questions :) Code after the break!

So i see its been forever since i have posted anything, figured its about time, and i wanted to show some of the stuff ive done with my Arduino . The first thing i tried to do with it was create my...

ANDREW I DONT CARE ABOUT YOUR STORIES! JUST GIVE ME THE LINK! >> /facefall/ So its been a long weekend, but i had a lot of time to myself this weekend, and decided to play a bit with some of the si...

So a while back facebook released their graph API a way for websites and other to integrate with facebook, things like: Searching Profile enumeration ( status / feed / info ) Friend enumeration You...

So i figured i'd drop a quick update on what i've been messing around with, firstly ZACon II was awesome! I'm really dissapointed i didn't submit a better talk and get a chance again, however i did...

musicBee mIRC integration dll so that you can have now playing for your musicBee!

So a while ago I asked if I was allowed to play with http://www.bravadogaming.com/ and I got a positive response, I kinda looked around at their custom CMS, didnt see anything immediately available...

So recently we have really been struggling at work with NLP/tags/phrases relating to a specific person/phrase. For example, you put down something like "Maltego" and you would like it to return thi...

So we had a little security con here in .za (South Africa), www.zacon.org.za - basically an uncon styled conference : An unconference is a facilitated, participant-driven conference centered around...