Hey Matt, loved the video as per usual. I’ve cracked the hash for the boot loader, the password is: ngpriv106
@fusseldieb
Жыл бұрын
Wow, that was fast! How did you manage that?
@neb_setabed
Жыл бұрын
Damn that was quick, nice job!
@Knolraab
Жыл бұрын
I am interested to know too. Sharing is caring
@schrenk-d
Жыл бұрын
Nice. Looks fairly simple.. I'd imagine you had some GPU power to get done so quickly. While you likely wouldn't find this string in a rainbow table, the combination of 9 lowercase letters and 0-9 gives us 9^36 iterations to get through. Modern CPUs and GPUs could knock that around quickly. Few hours at most.
@mattbrwn
Жыл бұрын
Absolute Legend!
@AlexKiraly
8 ай бұрын
What a goldmine of a channel!
@SiAdiaMu
6 күн бұрын
true i just found his channel yesterday and it's very educating to watch !!
@malucullus9100
Жыл бұрын
I know the hash has been cracked now, but if you wanted to get into the older firmware without having to do a chip-off you could also have tried interrupting the boot process a few times, ideally with a reset. This would simulate the crashing firmware that this sort of A/B deployment is supposed to protect against and may have caused the boot loader to fail back to the old version.
@azus5576
7 ай бұрын
It has? In what video does he do that? I couldn't find that hash in those pre-computed lookup tables and using leaked password lists didn't work either. I doubt he could brute-force that hash
@azus5576
7 ай бұрын
nvm, I missed the fixed comment somehow
@kmsec1337
10 ай бұрын
Bruh this is top quality content. Thank you so much 🙏
@LucaCostantino1
4 ай бұрын
Hi @mattbrwn... Just discovering your channel now... Where are you on part 4 of this serie?? :D Awesome videos, keep it up!
@mattbrwn
4 ай бұрын
Device got bricked.
@LucaCostantino1
4 ай бұрын
@@mattbrwn That's a shame! I was really looking forward for more! Thanks!
@xrafter
3 ай бұрын
@@mattbrwn WHAT THE BRICK!
@ChimeFix
3 ай бұрын
@@mattbrwn😢
@rbw9692
2 ай бұрын
I would sponsor a new one just to see the video!
@charlesdorval394
2 ай бұрын
Damn man you're good! I like how you show your discovery process, so much awesome tricks!
@hallisern
Жыл бұрын
Great video Matt, amazing explanations. Very easy to follow and understand!
@ersonthemesa
Жыл бұрын
Thanks Matt....Great video.
@kiyotaka31337
Жыл бұрын
Thanks for the videos I learned a lot from your videos.
@markf8819
Жыл бұрын
Great video
@neon_Nomad
Жыл бұрын
Amazing as always !ganbatte!!
@neon_Nomad
Жыл бұрын
Here i come hash cat.. guess the rainbow road was to easy a route
@Henrik229
Жыл бұрын
Very interesting videos!
@NeverGiveUpYo
Жыл бұрын
Really good content
@bassimyounis5803
Жыл бұрын
Hey Matt thanks for the video. How did you know that the hash was unsalted? Was it in a previous video?
@mattbrwn
Жыл бұрын
Good question! I discussed it in the first video. The bootloader prints out the password hash of what you enter for a password attempt. So I was able to type "password" in, hit enter, and confirm that the password matched the unsalted sha256 hash of "password"
@xrafter
3 ай бұрын
@@mattbrwn What a legend!
@Autokey_Security_Services
Жыл бұрын
Is it not possible for you to write your own known hash into the flash chip raw data dump or is this data retained in the armarello chip??
@mattbrwn
Жыл бұрын
This should be possible. I'm working on this method for a future video.
@habiks
Жыл бұрын
Cool video . But GPIO simply means general purpose input / output pin. GPIO isn't any type of mechanism..
@neon_Nomad
Жыл бұрын
Says it will take a month but im having trouble getting both cpu and GPU running at same time... I don't have much experience with hashcat so if anyone knows whats going wrong im using hashcat launcher
@Ski4974
11 ай бұрын
Did you end up making the 3rd video in this ARLO Q series?
@mattbrwn
11 ай бұрын
Unfortunately my device got bricked so I wasn't able to make the next video.
@Ski4974
11 ай бұрын
@@mattbrwn That's too bad, how did that happen? 😯
@markf8819
Жыл бұрын
What tools would you recommend for a beginner
@mattbrwn
Жыл бұрын
I'm trying to put together a playlist about all my tools but that's a work in progress. For getting UART access you really just need a simple TTL-232R cable: ftdichip.com/products/ttl-232r-3v3/
@neon_Nomad
Жыл бұрын
Hope all is alright
@mattbrwn
Жыл бұрын
Haha thanks for asking! Doing good. Closing on a house so that's been taking a lot of my free time lately. Will post new videos after that is finished.
@gersonsoares6628
Жыл бұрын
bom video matt: o bootloader é u-boot ?
@mattbrwn
Жыл бұрын
No this is not uboot. Ambarella SoCs use a custom bootloader called amboot.
@jordantekelenburg
Жыл бұрын
Is there more coming??
@isheamongus811
9 ай бұрын
Maybe somthing like if (1=1) may work
@ahmedsammoud1924
Жыл бұрын
Any updates on what happened with the arlo?
@same4047
Жыл бұрын
Sir, i have been facings problems on my blutooth speaker, every time I turn it on it prompted heavy annoying sounds like "Bluetooth pairing is on" "usb mode" etc. How can we remove these prompts, or customise the blutooth device name. Also could we make a device which could connect to multiple bluetooth devices and simultaneously output all of them from one source/smartphone 🤔
@jabbawok944
4 ай бұрын
check out darieee . he does that kind of thing.
@tyronetyrone2652
Жыл бұрын
@bomber78963
Жыл бұрын
I'm guessing they beefed up their passwords after this recent CVE: nvd.nist.gov/vuln/detail/CVE-2016-10115 One option may be to fuzz the UART inputs? Perhaps something in the password check logic may have a bug
@mattbrwn
Жыл бұрын
I thought this was going to be the case as well! check the pinned comment! someone cracked it already 😂
Пікірлер: 67