Jooki - Taking Control of a Forgotten Device

Jooki was a dream come true for parents—an intuitive, screen-free audio player that let kids enjoy music and stories with the tap of a token. But that dream turned into frustration when the company behind Jooki went bankrupt, leaving countless devices bricked and families frustrated. But what if Jooki isn’t as dead as it seems?

This blog post isn’t just about fixing a broken audio player—it’s about peeling back the layers of its firmware, finding hidden exploits, a backdoor and unlocking code execution.

With a bit of ingenuity, we might just breathe new life into these abandoned devices—on our own terms. Ready to dive into the rabbit hole? Let’s crack this thing open.

Scraping By: My YouTube Data Adventure

A while ago, I reached out to Mats, the creator behind the YouTube channel Topfvollgold, offering my help with data scraping. I thought it might be useful for his projects and mentioned that I’d be happy to assist if the need ever arose. Recently, Mats reached out with an intriguing request: he needed help scraping data directly from YouTube for an interesting video idea. Naturally, I jumped at the opportunity and got straight to work.

Reverse Engineering and Dismantling Kekz Headphones

Close to a year ago, I stumbled upon the Kekz Headphones, which seemed like an interesting approach on the whole digital audio device space. They claimed to work without any internet connection and all of the content already on the headphones itself. They are On-Ear Headphones, which work by placing a small chip (I call them “Kekz” or “Cookie”) into a little nook on the side and it plays an audio story. I was intrigued, because there were some speculations going around, how they operate with those “Kekz”-Chips.

I invite you to join me on a journey into the inner workings of those headphones. We will talk about accessing the encrypted files on the device, breaking the crypto and discovering disclosure of data from customers.

ProjectSend - Stored XSS to Account Takeover

I’ve identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities – including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation – an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link.

But let me explain the attack in detail.

Swapping Heads: A Disk-y Business

data recovery
A couple of months ago, i asked around on Mastodon if anybody was able to provide some HDDs with hardware faults. Clicking, Buzzing, Silent. Whatever. I wanted to learn the art of Head Swapping and other shenanigans. Two weeks later, somebody I know, answered my call into the Fediverse, with a drive i could try to get the data from it. I was delighted and scared. Why scared, you might ask.

Children Audio Devices

The first electronic device which a young child autonomously uses, is most likely an audio device to chose their own music or stories. I am in my mid 30s now and we used cassette tapes, which we were pretty much a common standard back then. Nowadays multiple different licensing methods exists. Tonies, Kekz, Jooki, Coins, you name it. Every company has their own methods and ways to store, encrypt and work with audio files.

vTech Penguin Repair

From time to time my girlfriend brings electronic children’s toys home which she found in give-away boxes. Most of the time these don’t work and i am intrigued in fixing them.

It was a beaten up “Vtech Pinguin Rasselspass”.

Infosec Person.

Security Researcher

Germany