Replying to Avatar average_bitcoiner

TIL. Braiins OS firmware has a graphQL endpoint.
de
nobody 1y ago

Interesting. Got a spec for it? I would like to poke around

Reply to this note

Please Login to reply.

Discussion

Avatar
average_bitcoiner 1y ago

Nope. Just wireguarding their Braiins toolbox.

de
nobody 1y ago

Hm wonder if it’s got auth. Can you hit it with a schema query?

{

__schema {

types {

name

}

}

}

Avatar
average_bitcoiner 1y ago

405

de
nobody 1y ago

With a post to /graphql? Hmm

Avatar
boerst 1y ago

I played around with their firmware graphql endpoint a while back and I believe that they mainly use it for populating the web UI. Here’s some stuff to play around with if you’re curious…

This auths you and stores the session cookie in a cookie jar (cookies.txt)

```

curl 'http://10.1.45.21/graphql' \

-H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \

-H 'Accept-Language: en' \

-H 'Content-Type: application/json' \

-H 'Priority: u=0' \

--data-raw '{"operationName":"RootLogin","query":"mutation RootLogin($username: String!, $password: String!) {\n auth {\n login(username: $username, password: $password) {\n ... on Error {\n message\n __typename\n }\n __typename\n }\n __typename\n }\n}","variables":{"password":"root","username":"root"}}' \

--compressed \

--insecure \

-c cookies.txt

```

Here's an instrospection query to return their schema:

```

curl 'http://10.1.45.21/graphql' \

-H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \

-H 'Accept-Language: en' \

-H 'Content-Type: application/json' \

-H 'Priority: u=4' \

--data-raw '{"operationName":"IntrospectionQuery","query":"query IntrospectionQuery { __schema { queryType { name } mutationType { name } subscriptionType { name } types { ...FullType } directives { name description locations args { ...InputValue } } } } fragment FullType on __Type { kind name description fields(includeDeprecated: true) { name description args { ...InputValue } type { ...TypeRef } isDeprecated deprecationReason } inputFields { ...InputValue } interfaces { ...TypeRef } enumValues(includeDeprecated: true) { name description isDeprecated deprecationReason } possibleTypes { ...TypeRef } } fragment InputValue on __InputValue { name description type { ...TypeRef } defaultValue } fragment TypeRef on __Type { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name } } } } } } } }","variables":{}}' \

--compressed \

--insecure \

-b cookies.txt

```

…then based on the schema, you can figure out how to get the hashrate, for example:

```

curl 'http://10.1.45.21/graphql' \

-H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \

-H 'Accept-Language: en' \

-H 'Content-Type: application/json' \

-H 'Priority: u=4' \

--data-raw '{"operationName":"RealHashrateQuery","query":"query RealHashrateQuery { bosminer { info { summary { realHashrate { mhsAv mhs5S mhs15S mhs30S mhs1M mhs5M mhs15M mhs30M mhs1H mhs24H mhsSinceRestart } } } } }","variables":{}}' \

--compressed \

--insecure \

-b cookies.txt

```

de
nobody 1y ago

Very sick, thank you!