“Alexa, where are the cats?”

As is well documented, I have a significant number of feline overlords who thanks to multiple Sure Petcare cat flaps can come and go as they please. The new Connected range of cat flaps comes with a web site, iOS app (a thin skin over the same web site) and is built using what appears to be a pretty solid RESTful API. A few months ago I spent a bit of time monitoring the web app to reverse engineer bits of the API, and then built an Alexa skill so that I could ask my house where all the cats are.

Continue reading

Faking Web to SMS so Synology can Notify via Slack

As bits of hackery go, this is pretty niche. I have a bunch of storage in a Synology Diskstation – this can send various notifications in case disks fail, components get too hot, or other bits of the system break down in ways that require immediate attention. It can send emails, you can use their app to enable push notifications to your phone and if you really want to you can have it send you SMS (actual SMS, in 2017?!). What it can’t do out of the box is send a message to a Slack channel.

I really like Slack. As well as running a paid instance of Slack with my teams at FISCAL, I have a separate (free) one for friends and family and for running experiments with bots and other integrations. So I wanted the Synology, like most of my other house/home automation devices, to talk to Slack. The easy way would be to make the Synology send an email to the Slack email integration – except the email->Slack integration is only available to paid Slack instances. So what to do? Continue reading

Iron Man LED Status Mask

In the category of things I do when I should be preparing to move house, I present the Iron Man Status Mask. A Raspberry Pi running a Python based RESTful API inside an Iron Man mask that can indicate any colour via his eyes. As you can imagine, Lindsay is thrilled.

[youtube https://www.youtube.com/watch?v=zVkDad3VpWA] Continue reading

Using Hashcat to Crack Hashes on Azure

More than one friend recently has had their social media account compromised or stolen. Often this is a consequence of a combination of bad password hygiene and a third party data breach. If you use the same password on multiple sites, and one of those sites suffers a breach, you run the risk that your account on every other site where you reused that password is vulnerable to compromise. As an excuse to try out the new Azure N series VMs with their NVidia GPUs, I found an email I recognised in one of the breaches, and followed it from hash through to brute-forced password to prove the point. Continue reading