Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security Camera
40,062
Published 2024-07-31
certmitm repo:
github.com/aapooksman/certmitm
certmitm DEF CON talk:
• DEF CON 31 - certmitm Automatic Expl...
mitmrouter repo:
github.com/nmatt0/mitmrouter
Need IoT pentesting or reverse engineering services?
Please consider Brown Fine Security:
brownfinesecurity.com/
IoT Hackers Hangout Community Discord Invite:
discord.com/invite/vgAcxYdJ7A
🛠️ Stuff I Use 🛠️
🪛 Tools:
Raspberry PI Pico: amzn.to/3XVMS3K
XGecu Universal Programmer: amzn.to/4dIhNWy
Multimeter: amzn.to/4b9cUUG
Power Supply: amzn.to/3QBNSpb
Oscilloscope: amzn.to/3UzoAZM
Logic Analyzer: amzn.to/4a9IfFu
USB UART Adapter: amzn.to/4dSbmjB
iFixit Toolkit: amzn.to/44tTjMB
🫠 Soldering & Hot Air Rework Tools:
Soldering Station: amzn.to/4dygJEv
Microsoldering Pencil: amzn.to/4dxPHwY
Microsoldering Tips: amzn.to/3QyKhrT
Rework Station: amzn.to/3JOPV5x
Air Extraction: amzn.to/3QB28yx
🔬 Microscope Setup:
Microscope: amzn.to/4abMMao
Microscope 0.7X Lens: amzn.to/3wrV1S8
Microscope LED Ring Light: amzn.to/4btqiTm
Microscope Camera: amzn.to/3QXSXsb
About Me:
My name is Matt Brown and I'm an Hardware Security Researcher and Bug Bounty Hunter. This channel is a place where I share my knowledge and experience finding vulnerabilities in IoT systems.
- Soli Deo Gloria
💻 Social:
website: brownfinesecurity.com/
twitter: twitter.com/nmatt0
linkedin: www.linkedin.com/in/mattbrwn/
github: github.com/nmatt0/
#hacking #iot #cybersecurity
All Comments (21)
-
This is my favorite newly discovered Youtube channel. I watch every video as soon as they drop. Keep it up Matt!
-
Helped a friend set up a 6 camera system. He bought 4 reputable cams and two cheapies. We configured all cams to shut off any and all cloud services. All were set with static IP, gateway, NTP server, and NO dns. The four reputable ones generate zero unexpected traffic. The two cheapies? Constant flow of connection attempts to cn owned IPs, as well as dns requests to google DNS IPs (apparently hard coded). Nothing goes anywhere since they're on a segregated VLAN with no outside access... but the firewall packet counters are in the millions.
-
this is the content we need more of, keep it up matt this is legitimately great stuff
-
You are wonderful! A couple of months ago my work was throwing out old IP cams and I asked to have one because I was super interested in hooking it up and digging into everything that’s on it that the user doesn’t get to typically see. The camera is a Vstarcam. How lucky am I that an expert like yourself is doing exactly what I (an absolute amateur) was wanting to do on this brand of ip cam!
-
I’m not a hacker and have zero Linux knowledge but this stuff and how you present it is fascinating to me regardless. Thanks for taking the time to setup these demonstrations and so clearly explain what is a very deep understanding of these devices.
-
This is some really cool content. I would highly recommend a brief intro with some bullets on what you are going to attempt and then as part of the outro, provide a summary of what you discovered. It would really help tie everything together.
-
Yooooooo, You just got a new sub. Lovely vid. Love the work! ❤
-
loving the idea of letting peeps from the web fish around on the device and connect with you and others on discord ❤
-
Very cool. I look forward to part2.
-
What awesome content again thanks matt❤❤
-
Love these videos! Keep it up!
-
I hit the like button 10 seconds into the video as I know I am in for a treat! Great work!
-
TLS encryption, in this case, is probably more about obscuring what this device is doing versus protecting the user's data.
-
This is great content. Have you tried this on any major brand name cameras like Blink or Ring?
-
Another Amazing Video Matt! Are you going to DC 32 this year?
-
Wonderful. Exactly answering some of the questions I had about some of my Chinesium security cameras. I really appreciate you going through this with live workflow. Keep up the good work.
-
Awesome video!
-
Love the homelab.
-
Thank you for letting us know. Having no certificate also means no certificate can expire. :-)
-
I have mad mad respect for this guy.