Pulling MikroTik into the Limelight A comprehensive guide to MikroTik internals, including IPC, hand-rolled cryptography, and a novel post-authentication jailbreak

Building on the previous research, my colleague Harrison and I gave a talk at REcon 2022 on a post-auth 0day found in MikroTik routers.

We distilled that presentation into the following blog post, including a discussion of MikroTik internals, the bug, and the exploit!

margin.re/2022/06/pull...

MikroTik Authentication Revealed A deep-dive into MikroTik's hand-rolled Elliptic Curve Secure Remote Protocol (EC-SRP) cryptography used in client-server authentication

Starting with this post, which was a niche hit in the vulnerability research x cryptography community. Didn't expect to spend so much time reversing proprietary crypto algos and would like to think I'm better for it, but probably not lol. @ert.plus

Check it out here: margin.re/2022/02/mikr...

Been here for a while but haven't been active—hoping to change that going forward!

Will post a bunch of my research links from the other site here, for posterity