ralbright Posted September 4, 2017 Posted September 4, 2017 Okay, I realize this might be far-fetched. I just placed an order for these sensors and the Tag Manager a few days ago. But from what I have seen, has anyone tried sniffing the packets from the tag manager, getting the contents of the messages it sends to their server and seeing the response? Could that in theory not be redirected to the network module with a DNS redirect in your router? Then have the network module spit back out the same canned response (or do the logic local side). (Assuming that you have pfSense or equivalent routers.) Or am I barking up a very annoying and complex tree here? (These are the strange ideas that flood my mind in the early morning hours while I am asleep.)
MWareman Posted September 4, 2017 Posted September 4, 2017 Okay, I realize this might be far-fetched. I just placed an order for these sensors and the Tag Manager a few days ago. But from what I have seen, has anyone tried sniffing the packets from the tag manager, getting the contents of the messages it sends to their server and seeing the response? Could that in theory not be redirected to the network module with a DNS redirect in your router? Then have the network module spit back out the same canned response (or do the logic local side). (Assuming that you have pfSense or equivalent routers.) Or am I barking up a very annoying and complex tree here? (These are the strange ideas that flood my mind in the early morning hours while I am asleep.) It's did try a few months ago. It's SSL - so you cannot see it without doing a DNS redirect to a 'reverse' proxy doing SSL interception - and then hoping they don't do SSL pinning. Personally, if they don't do SSL pinning that's a security vulnerability (since it allows interception, such as you are trying to do). Good security design should ensure lack of success trying to intercept it. That being said - I have not tried for quite a while now. I guess I should...
larryllix Posted September 4, 2017 Posted September 4, 2017 Reverse API engineering on these Tag things would be a huge step forward!! Beyond my pay grade there, for sure. My guess is they have it locked down so years of labour would be required to "hack" it. "Total control...endian to endian"
mwester Posted September 4, 2017 Posted September 4, 2017 Yep, it's locked down. But not likely that it's done for security. Maybe, and if so kudos to them -- but I'm a realist, and I suspect they locked it down specifically so that it COULDN'T be reverse-engineered easily. It's all about protecting your future ability to capitalize your customer base with cloud services.
larryllix Posted September 4, 2017 Posted September 4, 2017 Yep, it's locked down. But not likely that it's done for security. Maybe, and if so kudos to them -- but I'm a realist, and I suspect they locked it down specifically so that it COULDN'T be reverse-engineered easily. It's all about protecting your future ability to capitalize your customer base with cloud services. I call that security reasons. Technology secrets security. It's the funny screw head in one corner of the plastic case. It's the lid of the plastic case glued onto the top of the EPROM that tears it apart when you crack the lid open. This comes up more frequently, now. There are many security levels and purposes.
ralbright Posted September 6, 2017 Author Posted September 6, 2017 Well I have been known to tinker.... has anyone come up with where it is sending the HTTPS commands to?
ralbright Posted September 6, 2017 Author Posted September 6, 2017 So interesting feature that can be added to a pFsense router.... I can install a program called Squid that will do 'reverse' proxy doing SSL interception. So now I am waiting for the tag manager, and hopefully I can decipher what is being transmitted to and from the cloud for the CAO Wireless tags.... If anyone else wants to try, give it a go. More hands the better.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.