undefined | Better HN

0 pointslukevp1y ago0 comments

You can’t control anything if they do DNS over HTTPS to a hardcoded IP they control and cert pin so you can’t MITM the connection, can you?

0 comments

That's what a firewall is for.

Wingy1y ago

If the pinned cert is stored on some kind of ROM chip you could probably rewrite it to replace it with your own cert.

You can at the very least block traffic to the hardcoded IP.

Sure, but then DNS breaks on the device and it's useless. Might as well just hit it with a hammer.

j / k navigate · click thread line to collapse

That's what a firewall is for.

Wingy1y ago

If the pinned cert is stored on some kind of ROM chip you could probably rewrite it to replace it with your own cert.

You can at the very least block traffic to the hardcoded IP.

Sure, but then DNS breaks on the device and it's useless. Might as well just hit it with a hammer.

j / k navigate · click thread line to collapse