Reverse Engineering and Dismantling Kekz Headphones

02.10.2024

Close to a year ago, I stumbled upon the Kekz Headphones, which seemed like an interesting approach on the whole digital audio device space. They claimed to work without any internet connection and all of the content already on the headphones itself. They are On-Ear Headphones, which work by placing a small chip (I call them “Kekz” or “Cookie”) into a little nook on the side and it plays an audio story. I was intrigued, because there were some speculations going around, how they operate with those “Kekz”-Chips.

I invite you to join me on a journey into the inner workings of those headphones. We will talk about accessing the encrypted files on the device, breaking the crypto and discovering disclosure of data from customers.

ProjectSend - Stored XSS to Account Takeover

06.05.2024

I’ve identified a security concern within the self-hosted file sharing tool ProjectSend in the current version r1605. By exploiting a chain of vulnerabilities – including Cross-Site Scripting (XSS), Insecure Direct Object Reference (IDOR), and weaknesses in its change password implementation – an authenticated attacker can force a logged-in user to unknowingly change their account password, by clicking a link.

But let me explain the attack in detail.

Swapping Heads: A Disk-y Business

02.02.2024 data recovery

A couple of months ago, i asked around on Mastodon if anybody was able to provide some HDDs with hardware faults. Clicking, Buzzing, Silent. Whatever. I wanted to learn the art of Head Swapping and other shenanigans. Two weeks later, somebody I know, answered my call into the Fediverse, with a drive i could try to get the data from it. I was delighted and scared. Why scared, you might ask.

Children Audio Devices

24.12.2023

The first electronic device which a young child autonomously uses, is most likely an audio device to chose their own music or stories. I am in my mid 30s now and we used cassette tapes, which we were pretty much a common standard back then. Nowadays multiple different licensing methods exists. Tonies, Kekz, Jooki, Coins, you name it. Every company has their own methods and ways to store, encrypt and work with audio files.

vTech Penguin Repair

02.03.2023

From time to time my girlfriend brings electronic children’s toys home which she found in give-away boxes. Most of the time these don’t work and i am intrigued in fixing them.

It was a beaten up “Vtech Pinguin Rasselspass”.

The weird BLE-Lock

27.11.2022

tl;dr; My knowledge in Bluetooth LE Communication got quite rusty over time and i wanted to refresh it with an easy target the other day. I wanted to open up the lock with a simple bluetooth command but ended up having access to their entire backend database with a lot of unique users across their entire product lineup. It didn’t go as planned. The Lock and API As all BLE-Locks work, they require an App to talk to the Lock itself and an API on the company side.

I hate you, WD

17.11.2019 data recovery

Storyline It all started with a simple question from my beloved girlfriend: “A friend of mine has problems connecting her external harddrive to her PC. She said she transported the USB drive with the cable attached and now the USB Port looks weired. Can you fix it?”. Okok…No Problem. “No Backup, no pity” doesn’t mean “No Backup, no help” and that should be a fast fix. Popping the Harddrive out of the enclosure, connecting to an external SATA to USB connector, and bob’s your uncle.