Projects

Current Projects

BT HomeHub 5a OpenWrt

hh5a_img

Hardware modifications to allow connection & booting over UART
Custom firmware built from development/testing branch of OpenWrt

Raspberry Pi Zero

Currently working on some reverse engineering & security related projects involving Raspberry Pi Zero’s. I’m using the Raspberry Pi Zero as it has low power usage & has the GPIO required. The Raspberry Pi Zero draws 120mA under load which is a huge difference to the Raspberry Pi 3 which draws 750mA

Acer Chromebook C7/C710 Coreboot

Coreboot opensource firmware image, allowing the chromebook to boot into linux using different payloads eg: seabios, grub2, tianocore (UEFI).

arch_ssd_chromebook

Building coreboot is pretty easy, the instructions on the wiki are quite clear.
Just make sure you know what you are doing as you could brick your chromebook.

Performing operation on 'COREBOOT' region...
Name                           Offset     Type         Size
cbfs master header             0x0        cbfs header  32
cpu_microcode_blob.bin         0x80       microcode    22528
config                         0x5900     raw          248
revision                       0x5a40     raw          569
cmos_layout.bin                0x5cc0     cmos_layout  1412
fallback/dsdt.aml              0x6280     raw          12867
payload_config                 0x9540     raw          1563
payload_revision               0x9bc0     raw          233
(empty)                        0x9d00     null         25176
fallback/romstage              0xff80     stage        68868
fallback/payload               0x20d00    payload      61118
(empty)                        0x2fc00    null         664
mrc.cache                      0x2fec0    mrc_cache    65536
fallback/ramstage              0x3ff00    stage        69806
pci8086,0106.rom               0x51000    optionrom    65536
(empty)                        0x61080    null         648792
bootblock                      0xff700    bootblock    1952
Built google/parrot (Parrot)

For more info on coreboot, visit their wiki here

I have a repo on github for my linux configs and scripts specific to the c710.

Android Testing Tools

Tools to help with testing, debugging & reverse engineering of android devices.

Main Components

  • bootloader dumping tool (boot.bin)
  • device tree extraction script (dtb.img)
  • Android ROM extraction script

The ROM extraction script allows the ability to dump a full ROM to external storage, the script segments the storage into sections making it easier to look at applications & system. This tool makes the job of security testing easier & also helps in the creation of custom ROM patches. (eg: enable google widevine patch)

ARM64 Bootloader Security Testing

Testing U-BOOT related security on specific ARM64 implementations & debugging using serial interface.

It is possible read & write to U-BOOT from within android without any need for root on many of these devices (not just development boards). It is also possible to inject custom scripts & binaries directly to the bootloader.

Some simple examples of this are injecting scripts into preboot or bootcmd. Both result in scripts being run before the target OS.

BlackWidow Macro Keys In Linux

bwidow_header

This is a C program which sends the init code from Razer windows proprietary drivers to initialize the ‘macro’ keys on Razer BlackWidow keyboards on Linux.

Razer BlackWidow Macro Keys v1
Razer BlackWidow Device Found
Sending data:
 00 00 00 00 00 02 00 04
 02 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00
 04 00
Transmitted: 90

Source code is available on github under MIT license.


torjail - sandboxed torbrowser

This script downloads & runs torbrowser in a sandbox within a seperate windowed X session using Xephyr.

features

  • downloads torbrowser from torproject.org
  • sets up a working env
  • runs tor in a sandbox
  • runs in /tmp/ so any changes are not saved
  • runs in its own xephyr dwm session
  • has sha256 verification
  • works on 32bit & 64bit linux
  • stores everything in ~/.torjail
  • version checking & updating
  • gpg verification of downloads

tor_screen

Source code available on github under MIT license.


Netgear wnr2200 OpenWrt

wnr2200_img

Custom Patch to allow usb storage
Custom script to initialize usb at boot to allow overlay pivot
Custom build of OpenWrt

mail console

Extension of mail server cli tools, designed to be easier to use with the possibility of expanding it to include live mail server statistics.

Windows Powershell Tools

powershell banner

Powershell is great for automating things using group policies etc on large networks. I have a few opensource projects on github to help Windows users & administrators. Some examples:

  • Windows Firewall Blocklists - use IP blocklists
  • Windows 10 Update - ask before installing updates
  • Windows 10 Disable Telemetry
  • Windows Hosts Blocklists
  • Windows 10 Disable Services
  • Windows 10 Disable Scheduled Tasks

mail server cli tools

Command Line Tools for administering my mailserver stack. Written in python, allows a admin to create/delete mailboxes, domains, subdomains & aliases. Also has the ability to do a password reset on users mailboxes using urandom. (passwords are saved with salted hash & users can change with web interface once logged in)

./query.py
*****************************************************************
     ./query.py - equk.co.uk
*****************************************************************
 Copyright (C) 2014  Bradley Walden
*****************************************************************
    This tool will query the postfix MySQL database
*****************************************************************
Email Addresses
===============
e: postmaster@debian.test
e: testing@debian.test
e: test@debian.test
Virtual Domains
===============
d: debian.test
d: local.test
Email Aliases
===============
a: admin@debian.test ==> postmaster@debian.test


mail server stack

Low memory mail server stack with anti-spam features.

main features:

  • anti-spam
  • IMAPS, SMTP (TLS, SASL)
  • salted passwords
  • web based mail with password reset ability
  • daily statistics of mails and spam detection
  • mariadb + xtradb storage
  • SPF + DKIM (signing and checking)

Currently running a server with over 50 mailboxes and 2 domains, 1500+ blocked/dropped spam emails/day using around 130mb of RAM

mail_mem_15feb

Database layout:


minimal nodejs stack

nodejs stack for small webapps

site features:

  • nginx reverse proxy
  • waf
  • disqus commenting
  • static caching on nginx

design / editing features:

  • handlebars templating
  • sass styles
  • grunt automation
  • livereload editing
  • css minimize
  • live js testing

tk_logout

Python tkinter UI for shutdown/logout/reboot more details

tk_logout

Past Projects

lastfm_feed

Simple lasftm feed using php to pull data from the lastfm api (requires a api key).

Github Repo: https://github.com/equk/lastfm_feed

wordpress security modules

Mainly consisting of hooks to secure wordpress. Features include file permissions checking, server optimizations, secure redirects & code fixes. I stopped actively developing this project when I moved to python and nodejs for website development.

wordpress twitter oauth comments

Allow users to use twitter oauth to comment on wordpress. Ended up dropping this when twitter changed their oauth api (the new changes broke a lot of things & alternatives were available)

i5700 dalvik-cache

Relocate dalvik cache to free space on Samsung i5700

The script makes the system put dalvik cache into the /cache partition which is 80mb and gets used by various processes for caching & OTA updates (prob don’t have those anymore anyway). The script also removes old system dumps to free space on each reboot of the phone.

Github Repo: https://github.com/equk/i5700/tree/master/dalvik-cache

mac osx backup

Script which backs up a users data using rsync and then notifies when finished using growl.

osx_backup

::  Starting Sync Process to: /Volumes/-snip-
::  Backing up Documents Folder
::  Documents Sync Complete
::  log saved to /-snip-/log.txt
::  Backing up Pictures Folder
::  Pictures Sync Complete
::  log saved to /-snip-/log2.txt

wp_logo_100 picasa_logo

Link to picasa using API key. Allowed users to click a picasa logo within wordpress and view all albums and photo’s. They could then add a single image or a gallery to the blog posts or pages.

small wordpress modules

wp_logo

  • force HTML5 over HTTPS for youtube embeds (was made when wordpress had HTTP+FLASH embeds)
  • php .htaccess editor within backend
  • SEO Tools (dynamic meta tags & titles etc based on page/post content)
  • Custom Colour Schemes for themes
  • htaccess tweaks - enable gzip compression etc
  • force HTTPS for vimeo embeds
  • IP restricted backend (with cloudflare support)
  • share buttons with automatic url shortening (useful for twitter)