Hacking the Nokia Fastmile: Part 3

Since my last blog post, a few interesting things happened. The owner of a reverse logistics company who goes by @cookie reached out to me with an interesting problem. He owned close to 10,000 of these Fastmiles, and needed to update them to later firmware versions prior to sale…

Hacking the Nokia Fastmile: Part 2

Having had some time to off to mull over what to do next and attend to some other priorities I decided it was time to get back to looking at this.   But first, I had to address the issue of having to take my internet down every time I wanted…

Hacking the Nokia Fastmile: Part 1

UPDATE: https://eddiez.me/hacking-the-nokia-fastmile-pt2/ As a part of my 5G home internet offering, Optus bundles a 5G gateway called the Nokia Fastmile. The same device seems to be shipped by T-Mobile for their 5G offering and is passionately known as the 'trashcan' in r/tmobileisp. Nokia Fastmile Stock PhotoNaturally,…

Serving Web Services Behind CGNAT with Cloudflare Tunnel

With all the issues I was having with my old ISP, I decided to make the leap and move onto Optus 5G Home Internet. My experience so far has been pretty stellar and I'm currently paying the same amount as I was with my previous provider for quicker speeds. The…

Path Traversal in slowscript.httpfileserver

The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a Path Traversal vulnerability which permits arbitrary directory listing, file read, and file write. Versions below 1.4.1 are also probably impacted but I have not validated this. The application permits users to configure…

Analysing an Invasive App Used by ISPs

UPDATE: I contacted my ISP about this app. They noted that during the install process there's a 'BEGIN' button with text under it that says 'By tapping "begin" you accept our EULA. I don't think it sufficiently covers what they are doing still. The app's name is RouteThis. Beyond this,…

A Tour of My Homelab

Homelab [hom-læb](n): a laboratory of (usually slightly outdated) awesome in the domicile. - r/homelab Homelabbing is how I learn things I don't otherwise get to learn at work. In this post I share some of the hardware I settled on to build my lab. It all started with…

Exporting Nessus Results into a Database

Nessus Pro is a great vulnerability scanner but analysing results quickly becomes unwieldy once you have more than a couple of scheduled scans or a large scan space. So I wrote a tool to export Nessus results using the API into a relational database. https://github.com/eddiez9/nessus-database-export EER…