Security on Max Ammann

Disclosing unauthenticated user endpoint in outdoor activities app

Mon, 30 Mar 2026 00:00:00 +0000

A machine-translated German version is available below.

Late one night in February I was planning some weekend trips around Freiburg. The Badische Zeitung has an excellent app called “BZ-Lieblingsplätze”. It shows lovely places nearby that are worth visiting. The app does not have a web view that I knew of, so I wanted to check which API was running in the background of the app. This led to the discovery of an API endpoint that allowed the retrieval of the whole user database, including names, emails and encoded transaction metadata concerning app store purchases.

Hacking the hack: Internals of the Dreame FEL rooting method

Sun, 15 Jun 2025 00:00:00 +0000

I got myself a Dreame vacuum robot with the goal of – cleaning. Yes, I did not have the goal originally to root my vacuum. However, in case I ever want to sideload software onto the robot, I picked one that is reliably rootable. The Dreame X40 looked decent, and Dennis Giese did awesome work on getting root access to it back in 2021. This turned out to be a good decision as at some point I was starting to become a bit freaked out by the robot’s camera and decided to checkout the security of the robot.

Onlinezugangsgesetz in action: Disclosing security and privacy issues in NRW

Tue, 15 Oct 2024 00:00:00 +0000

The Tür an Tür Digitalfabrik and I are publicly disclosing several security and privacy issues in the iOS and Android NRW Ehrenamtskarten-App. We found 1 high-severity and 1 informational security issue, as well as 5 additional privacy and legal issues.

Finding mispriced opcodes with fuzzing

Mon, 17 Jun 2024 00:00:00 +0000

This post was release on the Trail of Bits blog.

5 reasons to strive for better disclosure processes

Mon, 15 Apr 2024 00:00:00 +0000

This post was release on the Trail of Bits blog.

Out of the kernel, into the tokens

Fri, 08 Mar 2024 00:00:00 +0000

This post was release on the Trail of Bits blog.

LeftoverLocals: Listening to LLM responses through leaked GPU local memory

Tue, 16 Jan 2024 00:00:00 +0000

This post was release on the Trail of Bits blog.

Billion times emptiness

Fri, 29 Dec 2023 00:00:00 +0000

This post was release on the Trail of Bits blog.

Keeping the wolves out of wolfSSL

Thu, 12 Jan 2023 00:00:00 +0000

This post was release on the Trail of Bits blog.

Enable AddressSanitizer in Rust *-sys crate

Tue, 15 Jun 2021 00:00:00 +0000

For our tlspuffin fuzzer we use Rust to implement the testing harness. The harness is statically linked to OpenSSL via the openssl-sys and openssl-src crates, where the latter just provides a Rust Build Script. openssl-sys runs the script, then looks at the build artifacts and statically links against them.

Inspect Secure Renegotiation using OpenSSL

Mon, 07 Jun 2021 00:00:00 +0000

While trying to reproduce the implementation bug CVE-2021-3449, I had to implement secure renegotiation as specified in RFC 5746. Often it is unclear which RFC is responsible for specific protocol behavior. With the abundance of extensions, messages and protocol versions it is not trivial to find and also verify whether you found the correct specification.

Building OpenSSL with Determinisic Randomness

Wed, 02 Jun 2021 00:00:00 +0000

TLS, like most cryptographic protocols, depend on random numbers to generate keying material. These numbers should come from a trusted and truly random source. While this is necessary for production use, for testing purposes it is beneficial to use a pseudorandom number generator (PRNG). By seeding the generator with a static and not-random number, each execution of the protocol yields the same bytes which are sent over the network.

Distinction between Fuzzing Approaches for TLS

Mon, 12 Apr 2021 00:00:00 +0000

Traditionally, fuzzing mutates bits and bytes. That means that the semantics of the protocol are not directly used to mutate the fuzzing input. Symbolic-model Guided Fuzzers fuzz on a more abstract level. It uses a symbolic model to create inputs. Therefore, there are two main approaches bit-level fuzzing and model-guided fuzzing (also called generation-based fuzzing) ¹. This is also called structure-aware fuzzing by Google.

Dissecting TLS using OpenSSL and Wireshark

Tue, 23 Mar 2021 00:00:00 +0000

TLS is a beast of a protocol with at least 50 extensions and over 20 years of history. This indicates that implementing can be challenging and that it is important to take a close look at its security. TLS drives the web of today. The web can not exist without it anymore. Not only that secrecy and authentication is a must-have today, it is also required by specifications like getUserMedia for WebRTC streaming.

Fuzzing Terminology

Sun, 21 Mar 2021 14:00:33 +0100

Research in Fuzzing has gained a lot of traction in the last decade. A lot of open source fuzzers have been implemented and are available on Github. Everyone who already developed any application knows the pain of naming things. It is very difficult to have a common understanding of the terms used in a project. A standard software engineering practice is to use a glossary. This usually only scaled to a team or a small company but not to thousands of fuzzers on Github. Also, documentation is more of a gimmick than a comprehensive guide in most projects.

Keeping a Secret Safe (and not only Secure)

Tue, 05 Jan 2021 00:00:00 +0000

Keeping a secret like GPG keys safe is not a trivial task. It gets even more complicated if you want to backup it and have access in the more distant future. Having your key on a HSM has the goal of keeping it secret. Keeping a secret safe means that it is not easy to lose your key.

Routing Docker Container over a Specific Host Interface Like a VPN

Thu, 02 Apr 2020 00:00:00 +0000

A docker setup can be very helpful when trying to separate services if they are not packaged otherwise. We don’t only want to separate configuration in this post, but also the network configuration.

Data Visualization of Telegram messages (Encrypted Chats)

Wed, 25 Mar 2020 00:00:00 +0000

We are going to visualize the timestamps of messages in the Telegram database. This also includes encrypted chats as we analyze the SQLite database of the app.

Obtaining the database

We pull the database of Telegram using the ADB tool. You can read here how this tool works and how to set it up. Make sure your phone is rooted and you set Root access to ADB only. Then you can restart ADB using adb root. Finally you can pull the database to your current working directory using:

Armbian: Encrypting the Root Partition

Tue, 21 Jan 2020 00:00:00 +0000

This guide is tested on Armbian 20.8

The default Armbian images do not offer an encrypted root partition. Unfortunately it is requied to build the image yourself inorder to use LUKS on your root partition.

Verifying a Yubikey for genuity using common tools

Wed, 04 Sep 2019 00:00:00 +0000

I received a free Yubikey from an untrusted source on the CCCamp 2019. Therefore I looked for a way to verify its authenticity. The device appeared physically to be an original and not tampered with. A check whether the key was manufactured by Yubico seems like a sufficient way to make sure that the security key is an original.

Using Telegraf and InfluxDB on pfSense with Let’s Encrypt Certificate

Fri, 03 May 2019 00:00:00 +0000

I had problem to connect a InfluxDB from the pfSense because of a invalid certificate chain. The main problem here is that if you are configuring Telegraf with the pfSense UI then you are not using the system certificate chain (on FreeBSD that is /etc/ssl/cert.pem). In fact the generated Telegraf config is using: /usr/local/etc/telegraf.ca The pfSense is generating that chain from your pfSense CAs and certificates (See here for the code which generates the chain).

CTF: Fun with Hardware and Software breakpoints in GDB

Sun, 23 Dec 2018 00:00:00 +0000

I did the orw challange on pwnable.tw yesterday. It is very streight forward. You just have to send some x86 shellcode to stdin and the orw binary will execute it.

But I spend a few hours with getting this to work with gdb as the instructions in gdb were quite weird.