Techly NewsGet the app

Get the latest tech news

Hacking a Virtual Power Plant


I recently had solar panels and a battery storage system from GivEnergy installed at my house. A major selling point for me was that they have a local network API which can be used to monitor and…

With the factors of the JWT private signing key, I could reconstruct the rest of the parameters and produce modified API tokens that should be accepted as valid. RSA needs three values to work, the modulus n, the private exponent d, and the public exponent e. An RSA signature is computed as s= m d mod n — message m is raised to the power of d modulo n. It’s validated by checking that s e mod n ≡ m. With the prime factors of n, it’s trivial to calculate d, and for a 512 bit key finding the prime factors is doable, but I didn’t have n or e. By convention, e is nearly always 65537, but I had no idea what n was. I’m in favor of task-oriented cryptography libraries which provide tools to solve problems without forcing non-experts to make security decisions.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Virtual Power Plant

Virtual Power Plant

.INTERNAL is now reserved for private-use applications »