1. XCP-NG On An EliteDesk 805 G8 Mini

    Wed 07 June 2023

    Prologue: Computers Were A Mistake

    I guess it was only a matter of time until a Youtuber showed me something I wanted to buy.

    I'd been thinking about building a small homelab since late last year with the goal of having a local Git repository for my open-source code, and …

    read more
  2. Microcorruption: Algiers

    Wed 17 May 2023

    The Scenario

    My adventures in Algeria begin the same as everywhere else I've gone so far - staring down a Lockitall LockIT Pro, revision d.01 this time with support for the brand-spanking-new LockIT Pro Account Manager. This lock doesn't have an attached HSM so with any luck the exploit will …

    read more
  3. Microcorruption: Novosibirsk

    Wed 17 May 2023

    The Scenario

    Touching down in Russia, I am greeted by the Lockitall LockIT Pro revision c.02 whose manual states "[w]e have added features from b.03 to the new hardware." So another Ethiopian-style format string attack is in the cards. The HSM-2 connected to the lock could potentially …

    read more
  4. Microcorruption: Addis Ababa

    Wed 17 May 2023

    The Scenario

    The bonds in Addis Ababa are secured by a Lockitall LockIT Pro revision b.03, a surprisingly old software revision which claims "[w]e have verified passwords can not be too long." The lock is connected to a LockIT Pro HSM-1, but that hasn't stopped me the other …

    read more
  5. Microcorruption: Jakarta

    Wed 10 May 2023

    The Scenario

    Arriving in Jakarta, I find my next opponent is Lockitall LockIT Pro revision b.06, whose manual claims "We have added further mechanisms to verify that passwords which are too long will be rejected". Second time's the charm, and all that. Or maybe eighth? I dunno, I just …

    read more
  6. Microcorruption: Santa Cruz

    Wed 10 May 2023

    The Scenario

    Having touched down in Johannesburg, I am greeted by revision b.04 of the Lockitall LockIT Pro; coupled with an HSM-1 module, the manual states this version of the firmware "rejects passwords which are too long". Somehow I don't have high hopes for their efforts - but that's not …

    read more
  7. Microcorruption: Johannesburg

    Wed 10 May 2023

    The Scenario

    Having touched down in Johannesburg, I am greeted by revision b.04 of the Lockitall LockIT Pro; coupled with an HSM-1 module, the manual states this version of the firmware "rejects passwords which are too long". Somehow I don't have high hopes for their efforts - but that's not …

    read more
  8. Microcorruption: Montevideo

    Thu 04 May 2023

    I was kinda let down by the difficulty of Whitehorse compared to its predecessor - sure the underlying vulnerability in Reykjavik was also similar to a previous challenge, but the twist forcing the loss of the automatic disassembly made it hit different. But the time for reminiscing is later - the time …

    read more
  9. Microcorruption: Whitehorse

    Wed 03 May 2023

    Reykjavik was the first challenge that was a stumper for a decent amount of time, so I was looking forward to see how things could get more interesting as I touch down in our neighbor to the north.

    The Scenario

    The manual for this exercise informed me I was up …

    read more
  10. Microcorruption: Reykjavik

    Wed 03 May 2023

    After my first Real Hacker Moment(TM) in Cusco, I was excited to see what Iceland had in store.

    The Scenario

    The manual for this exercise informed me I was up against hardware version A and software revision 2 or 3. There was no HSM I'd have to consider here …

    read more