Posts
2025
8BitDo Mechanical Numpad firmware hackability and adventures with USB sniffing
·3423 words·17 mins
Usb
Firmware
Hardware
Reverse-Engineering
8BitDo produces great gaming accessories, including PC peripherals like the Retro 18 Mechanical Numpad. I recently bought one and was intrigued by the possibility of hacking it. Many 8BitDo devices feature firmware upgrades; some offer extensive configuration options, and others hide undisclosed features. I wanted to see whether I could adapt my numpad to emulate the ancient Canon LS-100TKM built-in calculator mode, which was able to send results from the onboard display to the computer as key presses. Ultimately, it proved nearly impossible, so I submitted a feature request to 8BitDo. However, I’ll share my journey, since most online discussions merely noted the challenges of modifying 8BitDo firmware without offering practical guidance.
2024
Down the AtlasCode rabbit hole - debugging Atlassian VS Code extension
·6763 words·32 mins
Vscode
Jira
Atlassian
Npm
Javascript
Reverse-Engineering
Everyone knows Jira, an Atlassian product where you work with tickets (issues). They have a handy extension to VS Code that (among other things, including Bitbucket support) lets you view tickets inside code editor and have a preview of them, when you hover issue ID in code. However, for quite some time that official extension does not work with managed Jira instances in random places, especially with ticket previews. Stubborn as always, I went on a quest to identify what’s going on and found a plethora of issues in multiple projects; however, the culprits are typical ones - lazy changelog keeping, improper testing, chained bugs and reliance on Open-Source community.
Setting Up strongSwan for L2TP/IPsec VPN server to use with Synology DSM
·1420 words·7 mins
Linux
Vpn
Synology
Dsm
Strongswan
Ipsec
Network
Most modern operating systems, for mobile devices and for workstations, offer VPN clients which support proper IPsec IKEv2 MSCHAPv2. However, there are still some stubborn vendors that in 2024, still offer only L2TP behind IPsec (or PPP if we are unlucky) plus OpenVPN. As stated in many places like Gentoo Wiki IPsec/L2TP is considered a legacy VPN protocol. OpenVPN is not suited for any form of refined connectivity other than simple client-server, plus it’s not supported out-of-the-box in modern OSes.
In this article, I’ll describe how to add this legacy option for use with Synology DSM in strongSwan, that simultaneously hosts IPsec IKEv2 MSCHAPv2 VPN.
2023
Flipper Zero interface board - part 1
·764 words·4 mins
Quick
Flipper-Zero
Hardware
I2c
Today I used prototype boards I purchased with my Flipper Zero pre-order for the first time. I think I didn’t use them before (and I have Flipper for over 6 months) because the single purpose for them that was repeated over and over again was to expand a device with Wi-Fi or general-purpose 2.4GHz radio, which never appealed to me. However, recently, I found a category of FlipperOS applications that’s quite obvious - I2C interfaces, for example for light or temperature sensors. This quickly rendered my previous attempts at creating such a self-contained portable I2C client from scratch obsolete and demanded the soldering iron to be turned on.
macOS Application Firewall and Canonical Multipass debugging
·2192 words·11 mins
Debugging
Networking
Macos
Firewall
Multipass
Canonical’s Multipass is a wonderful tool for bootstrapping Ubuntu VMs on any platform, including macOS on Apple Silicon (M1/arm64). It works well, as everything, until networking breaks. The issue, debugging, and resolution story from this long afternoon reveals few tricks about both Multipass and Application Firewall on macOS, so I’ll describe it in detail.
This tale is yet another confirmation of the fact that majority of macOS problems are coming from corporate security tools - I didn’t have such issues even at Hackintosh era. It all started on a corporate MacBook when I had the bunch of Multipass-created VMs that suddenly stopped working - they were starting up, QEMU process was running, but Multipass couldn’t check their status (it uses SSH for that). Moreover, creation of new ones was also breaking in the worst moment - QEMU process started and Multipass waited for cloud-init loaded from virtual CD-ROM to get networking and SSH. And then it just timed out.
2022
Debugging tale of HTTP/1.0 healthcheck
·1705 words·9 mins
Debugging
Http
Proxy
Load Ballancer
Networking
Netcat
Time for a short tale about an interesting debugging challenge I had recently. Programming issue itself was not the hardest or most involving of all time, probably not even of this year for me, but the mixture of circumstances and debugging techniques used makes it worth telling.
Obviously, many details will be skipped, but I can mention some common components used. But keep in mind that’s a real-world scenario, so the initial environment could definitely be better.
Hello, PHP-free world
·513 words·3 mins
All my websites ( skowron.ski, skowronski.pro and skowronski.tech that replaces blog.dsinf.net) are PHP-free. They are based on Hugo and hosted on S3 with only dynamic content being plausible.io rewrite done by CloudFlare worker scripts.
blog.dsinf.net
Blog.dsinf.net
2021
Hacking into TP-Link Archer C6 – shell access without physical disassembly
·2382 words·12 mins
Hacking
Linux
Linux Embedded
Lua
Mips
Router
Security
Squashfs
Ssh
This story begins with simple need - ability to programmatically obtain all devices connected to my Wi-Fi router - TP-Link Archer C6. None of the existing libraries support this version of Web UI. The issue with the simplest solution (just flashing OpenWRT) - I rely on proprietary OneMesh technology, which enables better home mesh-networking. So, some hacking needed to be done.