D-Link DIR-850L Router Vulnerability Verification Report

Thursday, June 22, 2017

Preface I flipped through my notes to see if there was anything worth publishing, and found this one—but it’s already outdated. I spent one night getting about halfway through it, then got sent on a business trip. Another intern couldn’t finish it, so it ended up being dropped. It doesn’t have much research value now, so I’ll just post it anyway. …

Exploiting OFFICE OLE2LINK (CVE-2017-0199)

Sunday, May 7, 2017

Preface I’m so dizzy writing this after the graduation banquet! …

FRP Usage Notes

Wednesday, May 3, 2017

Preface frp is a project by the Chinese developer fatedier. Let’s start with the official introduction: …

ngrok Notes

Wednesday, May 3, 2017

Preface Why am I writing this post? Back when I was reproducing the CVE-2017-0199 vulnerability, I needed NAT traversal. I searched for tunneling services and found that many of them were based on ngrok. During the process I found it quite painful to configure. The version I used was 1.7, which reportedly has a memory leak bug. The latest 2.2 is closed-source, and the official documentation no longer works. I read a few posts written by others and decided to record my own setup process as well. I’ve also heard that FRP is stronger than ngrok—maybe I’ll try it next time. …

Developing a Burp Suite Extension to Brute-Force a Platform

Wednesday, March 29, 2017

Introduction Our campus network has officially gone into operation, but the username/password policy is still a default-password scheme: the password is the last six digits of the national ID number. For any platform that uses single sign-on (SSO), this is extremely dangerous. …

Building OpenWrt Firmware from Source

Friday, February 24, 2017

Preface …

First Impressions of KVM/QEMU

Sunday, November 13, 2016

Preface I’ve been using Linux seriously for 11 months now. From Debian to Arch, Linux has become part of my daily life. …

Cracking a Milk Membership Card with an ACR122U on Arch Linux

Tuesday, October 25, 2016

Preface This kind of post has been written to death years ago—there’s nothing particularly novel here. I’m posting it mainly as part of my learning process. A few days ago I got a milk-shop membership card as a bonus after topping up 100. It wasn’t tied to my real name. I just put the card on the reader, swiped once, and the payment went through, which caught my interest. For RFID hacking people usually use a Proxmark3; back when I didn’t know better, I bought an ACR122U. First I used Mifare Classic Tool on my Nexus 5 to verify whether the card provided by the milk shop was a Mifare Classic card (the Nexus 5 hardware doesn’t support this card type, so it can only read basic info). After confirming it was, I dug out my dusty ACR122U and started tinkering on Arch Linux. I’d also lost both of my meal cards while out, and I happened to have backups of the old cards, so I restored those two as well. …

Nexus 5 Can’t Retire Yet — Be My Backup Phone!

Saturday, October 8, 2016

Why I used my Nexus 5 for two years. The battery got worse and worse—going from charging once a day to three times a day. When I was out, even plugged into a power bank, the battery percentage still kept dropping. It ended up dying and going offline by itself multiple times, which delayed a lot of things. …

Lenovo Y410p BIOS Recovery Notes

Monday, June 20, 2016

Preface Yesterday I was messing with a third-party BIOS flash on my laptop. Some options were undocumented, so I tried them manually—and after switching the panel color depth from 18-bit to 24-bit, the machine went down hard. …