“Don’t worry! I’m from the government and I’m here to help.”
It’s barely even a dump. People need to relax. When the fed drops rates this month it’ll soar.
Do you mean Yubikeys that Casa distributed?
I just checked my 5Ci and it’s fw 5.4.3.
I played around with their firmware graphql endpoint a while back and I believe that they mainly use it for populating the web UI. Here’s some stuff to play around with if you’re curious…
This auths you and stores the session cookie in a cookie jar (cookies.txt)
```
curl 'http://10.1.45.21/graphql' \
-H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \
-H 'Accept-Language: en' \
-H 'Content-Type: application/json' \
-H 'Priority: u=0' \
--data-raw '{"operationName":"RootLogin","query":"mutation RootLogin($username: String!, $password: String!) {\n auth {\n login(username: $username, password: $password) {\n ... on Error {\n message\n __typename\n }\n __typename\n }\n __typename\n }\n}","variables":{"password":"root","username":"root"}}' \
--compressed \
--insecure \
-c cookies.txt
```
Here's an instrospection query to return their schema:
```
curl 'http://10.1.45.21/graphql' \
-H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \
-H 'Accept-Language: en' \
-H 'Content-Type: application/json' \
-H 'Priority: u=4' \
--data-raw '{"operationName":"IntrospectionQuery","query":"query IntrospectionQuery { __schema { queryType { name } mutationType { name } subscriptionType { name } types { ...FullType } directives { name description locations args { ...InputValue } } } } fragment FullType on __Type { kind name description fields(includeDeprecated: true) { name description args { ...InputValue } type { ...TypeRef } isDeprecated deprecationReason } inputFields { ...InputValue } interfaces { ...TypeRef } enumValues(includeDeprecated: true) { name description isDeprecated deprecationReason } possibleTypes { ...TypeRef } } fragment InputValue on __InputValue { name description type { ...TypeRef } defaultValue } fragment TypeRef on __Type { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name } } } } } } } }","variables":{}}' \
--compressed \
--insecure \
-b cookies.txt
```
…then based on the schema, you can figure out how to get the hashrate, for example:
```
curl 'http://10.1.45.21/graphql' \
-H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \
-H 'Accept-Language: en' \
-H 'Content-Type: application/json' \
-H 'Priority: u=4' \
--data-raw '{"operationName":"RealHashrateQuery","query":"query RealHashrateQuery { bosminer { info { summary { realHashrate { mhsAv mhs5S mhs15S mhs30S mhs1M mhs5M mhs15M mhs30M mhs1H mhs24H mhsSinceRestart } } } } }","variables":{}}' \
--compressed \
--insecure \
-b cookies.txt
```
Very sick, thank you!
I’m not panicked at all. My keys are well distributed and safe.
Oh didn’t realize that was Casa. You guys rock so know you’re on top of it.
My favorite thing from the internet today is the “Chase infinite money glitch”.
Idiots found out about wire fraud and thought it was a “glitch” and they would just get to keep the money.
So sweet. Just chefs kiss.
I saw people talking about putting their Bitcoin keys in yubikeys not even 2 weeks ago… nostr:note1704j6qaly6kxssg59trza396yzluaym5alkxv2kppk5px63grwuqx4a77f
That’s good to know. At least they’re ugly which naturally made me want to stay away from them lol
Do they actually bite/sting? I always just thought they were gross but didn’t know they were dangerous
Fuuuuuuuuuck those things.
It is kind of satisfying how they just disintegrate when you smush em with the paper towel though
Hm wonder if it’s got auth. Can you hit it with a schema query?
{
__schema {
types {
name
}
}
}
Interesting. Got a spec for it? I would like to poke around
*Homer Simpson voice* Mmmmm long term bull flags
“Sun and Hu's arrests come over a month after FBI agents raided the couple's $5.3 million Long Island home on July 23.”
“Sun worked in state government for nearly 14 years, according to her LinkedIn profile, which has since been deleted.
Her husband runs a liquor store in the Flushing neighborhood of Queens.”
How the fuck they afford a $5.3MM home 🤔
She’s said the same thing 💜 good people
Interesting read on the topic: https://blog.thelifeofkenneth.com/2017/11/creating-autonomous-system-for-fun-and.html?m=1