SkyLine
  • SkyLine | Introduction
    • Module Overview
    • SkyLine's Development
    • Skyline's Reason
    • SkyLine Syntax
    • SkyLine Concepts
      • Concepts | Modes
  • SkyLine | Technologies
    • Module Overview
    • REPL
      • REPL - Basic usage
      • REPL - Console Design
      • REPL - Commands
    • SLC
      • SLC - What is it
      • SLC - Use cases
      • SLC - Lexical Analysis
      • SLC - Intro To Development
      • SLC - Error System
  • SkyLine | Theory
    • Module Overview
    • Theory | Type Systems
      • Objects | Strings
      • Objects | Integers & Floats
  • SkyLine | Development
    • Module Overview
    • Development | Hello Integers?
  • SL | Hybrid Development
    • Module Overview
    • Hybrid Projects | Advancing
    • Hybrid Projects | Wrapping
    • Hybrid Projects | Using SLC
  • SkyLine | For Abusers
    • SL Abuser | Security Research
    • SL Abuser | Module Overview
    • SL Abuser | Abusing Helps
  • SkyLine Experiments
    • Introduction To Module
      • Caster - IoT Manipulation With SkyLine
        • Caster In Real World Scenarios
          • Cracking The Grounds
        • Caster: Setting Up
        • Caster - Running Caster
        • Caster - Dev Manipulation
          • Caster - Console
          • Caster - Apple Devs
          • Caster - Amazon Devs
          • Caster - Google Devs
          • Caster - Roku Devs
      • SkyNeXt - Hacking The Skies
      • SkyLine - PwnLib
Powered by GitBook
On this page
  1. SkyLine Experiments
  2. Introduction To Module

Caster - IoT Manipulation With SkyLine

Ah yes, the weird part of this book- talking about what the framework is.

Essentially, Caster is just a framework that automates sending payloads to servers on IoT devices such as Amazon Firesticks, Google Chromecasts, RokuTVs, AppleTVs, Samsung CMS TVs and even home routers. That is the best way to put it.

Caster was originally developed using the Go programming language and could be separated into three different modules.

  • Discovery: The discovery module would be a module that would scan for all devices on the network using Address Resolution Protocol (ARP) packets and would also listen for Amazon devices using specific filters such as listening for UPnP and UDP packets. The reason an SSDP module was used as well as a UDP listener for Amazon devices is because of research that powered the initial idea of Caster. During this research of Amazon IoT devices, it was heavily documented that Amazon will not only randomize specific locations within their API but will also occasionally remotely request data from itself or broadcast API endpoints within the UDP and SSDP packets if a device was supposed to connect to the Amazon device. Unlike Google Chromecasts, AppleTVs, and various other devices, Amazon was surely unique in requiring UUIDs as a valid request header and parameters as a form of verification for authenticity.

  • Viewing: The viewing module was basically for user fun, it would allow users to view all the hosts gathered and also separate and filter devices by name or brand. This helped users be more specific about the devices they wanted to target if they were on a large network- for example, the hotel network this script was initially tested on < legal permission was written, no unethical network testing took place>.

  • Enumeration: The point of Caster was not to take advantage of any flaw on a network but to actually get it to work for enumerating IoT devices to assist during exploitation. The initial idea was that if specific information was needed for an exploit to work, a caster after literally one command could grab anything from the device's serial number to its UUID used within UPnP APIs and hosted servers. This enumeration step was quite important.

After a quick evaluation, it was closely understood especially by the users that the framework had a ton of flaws and needed to be rewritten. So, we took to the skies with SkyLine and started working on a revision. Below are some core features of the framework's current state.

  • Much more versatile

  • Much more faster and performant

  • Much more direct with responses

  • Much easier and nicer with output

  • Allows an optional command line-only mode where you can use just flags

  • Allows for custom data and script loading

  • Allows users to customize everything

  • viewing modules are much nicer

  • advancements to the Google Chromecast enumeration module

  • Nicer front for general information

  • Much more logical when it comes to commands

  • Allows for universal configuration

  • Payloads are stored and accessed on the backend.

The last mark states `payloads are stored and accessed on the backend`- what does this mean? As of September 15th 2023, it was decided among the developers of SkyLine ( at the time, only Totally_Not_A_Haxxer ) that SkyLine would be closed sourced and locked down. This is because SkyLine utilizes some evasion techniques, malicous payloads, buffers and more as well as proprietary algorithms for code generation and translation that would be absolutely ruined and stolen if it was made open sourced. Not to mention, tools like Caster would not be able to function correctly, due to further investigation and possible leaking of proprietary algorithms. While the source code of Caster becomes and remains open sourced, the SkyLine programming language does not which is primarily where Caster pulls and constructs payloads ( using functions on the backend ).

PreviousIntroduction To ModuleNextCaster In Real World Scenarios

Last updated 1 year ago

Page cover image