• Hacking the Canon imageCLASS MF742Cdw/MF743Cdw (again)

    Last year I (successfully) targeted the CANON Printer for Pwn2Own toronto, this year I decided to do the same. But I made a terrible mistake. The night before my flight to toronto I realized I had.. hacked the wrong printer (firmware). I scrambled to blindly port the exploit to the correct firmware image, without being able to actually test it. The exploit didn’t work during the competition. Anyway, here is the story behind the bug and an 0day exploit for Canon imageCLASS MF743Cdw.

  • Dumping the Amlogic A113X Bootrom

    In this post we will exploit a memory corruption issue in AMLogic El3 code that is used by various consumer devices like the Sonos One (2nd generation) and the Lenovo Smart Clock. The goal is to get a copy of the OTP/eFUSE data and dump out the code for the application processor BootROM.

  • Exploiting CVE-2021-43267

    Exploiting a heap overflow in the TIPC subsystem of the Linux kernel. In this post we’ll exploit a N-day vulnerability (CVE-2021-43267) originally discovered by Max van Amerongen.

  • Numeric Shellcode

    Generating numeric-only shellcode for Linux/x86. Is it possible? Alphanumeric x86 shellcode is a well-studied and documented subject. But what about only using ascii number characters (0x30-0x39)? Let’s find out!