Brutkey

pwnage successful!

$console output: >>> testbeep() b'\x02\x03\x00' >>> iomap_w32(CMD_MODULE, CMD_OFF_FNPTR, 0x00200000 + 32*1024) >>> testbeep() b'\x02\x03\xaa' >>> testbeep() b'\x02\x03\xaa'$

R
@r@glauca.space

firmware get!

some text in a terminal, from the NXT version screen. the following timestamp is highlighted:

Mar 3 2006
18:21:03

R
@r@glauca.space

it turns out that there's a """security vulnerability""" allowing for native ARM code execution on the NXT brick

definitely over USB, possibly over bluetooth as well?

of course, the NXT is intentionally hackable and designed to allow you to be able to modify the firmware (it even came with public schematics!), so this isn't actually a big deal

would anybody be interested in a writeup of this?