Comment by hiatus Comment by hiatus a year ago 5 replies Copy Link View on Hacker News Good thing you can still see the domain over the network if you control the network.
Copy Link lukevp a year ago Collapse Comment - You can’t control anything if they do DNS over HTTPS to a hardcoded IP they control and cert pin so you can’t MITM the connection, can you? Reply View | 4 replies Copy Link userbinator a year ago Parent Next Collapse Comment - That's what a firewall is for. Reply View | 0 replies Copy Link Wingy a year ago Parent Prev Next Collapse Comment - If the pinned cert is stored on some kind of ROM chip you could probably rewrite it to replace it with your own cert. Reply View | 0 replies Copy Link hiatus a year ago Parent Prev Collapse Comment - You can at the very least block traffic to the hardcoded IP. Reply View | 1 reply Copy Link pkulak a year ago Root Parent Collapse Comment - Sure, but then DNS breaks on the device and it's useless. Might as well just hit it with a hammer. Reply View | 0 replies
Copy Link userbinator a year ago Parent Next Collapse Comment - That's what a firewall is for. Reply View | 0 replies
Copy Link Wingy a year ago Parent Prev Next Collapse Comment - If the pinned cert is stored on some kind of ROM chip you could probably rewrite it to replace it with your own cert. Reply View | 0 replies
Copy Link hiatus a year ago Parent Prev Collapse Comment - You can at the very least block traffic to the hardcoded IP. Reply View | 1 reply Copy Link pkulak a year ago Root Parent Collapse Comment - Sure, but then DNS breaks on the device and it's useless. Might as well just hit it with a hammer. Reply View | 0 replies
Copy Link pkulak a year ago Root Parent Collapse Comment - Sure, but then DNS breaks on the device and it's useless. Might as well just hit it with a hammer. Reply View | 0 replies
You can’t control anything if they do DNS over HTTPS to a hardcoded IP they control and cert pin so you can’t MITM the connection, can you?