Oddbean new post about | logout
nobody | 2 months ago (raw) | root | parent | reply | flag +1 
 Interesting. Got a spec for it? I would like to poke around
AVERAGE_GARY | 2 months ago (raw) | root | parent | reply | flag 
 Nope. Just wireguarding their Braiins toolbox.
https://i.nostr.build/xdFgwCaHhD3tLFAE.jpg
nobody | 2 months ago (raw) | root | parent | reply | flag +1 
 Hm wonder if it’s got auth. Can you hit it with a schema query?

{
  __schema {
    types {
      name
    }
  }
}
AVERAGE_GARY | 2 months ago (raw) | root | parent | reply | flag 
 405
nobody | 2 months ago (raw) | root | parent | reply | flag 
 With a post to /graphql? Hmm
AVERAGE_GARY | 2 months ago (raw) | root | parent | reply | flag 
 It was low effort using graphiql. I am Rusty on graphql. Maybe there was a mistake.
boerst | 2 months ago (raw) | root | parent | reply | flag +3 
 I played around with their firmware graphql endpoint a while back and I believe that they mainly use it for populating the web UI. Here’s some stuff to play around with if you’re curious…

This auths you and stores the session cookie in a cookie jar (cookies.txt)
```
curl 'http://10.1.45.21/graphql' \
  -H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \
  -H 'Accept-Language: en' \
  -H 'Content-Type: application/json' \
  -H 'Priority: u=0' \
  --data-raw '{"operationName":"RootLogin","query":"mutation RootLogin($username: String!, $password: String!) {\n  auth {\n    login(username: $username, password: $password) {\n      ... on Error {\n        message\n        __typename\n      }\n      __typename\n    }\n    __typename\n  }\n}","variables":{"password":"root","username":"root"}}' \
  --compressed \
  --insecure \
  -c cookies.txt
```

Here's an instrospection query to return their schema:
```
curl 'http://10.1.45.21/graphql' \
  -H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \
  -H 'Accept-Language: en' \
  -H 'Content-Type: application/json' \
  -H 'Priority: u=4' \
  --data-raw '{"operationName":"IntrospectionQuery","query":"query IntrospectionQuery { __schema { queryType { name } mutationType { name } subscriptionType { name } types { ...FullType } directives { name description locations args { ...InputValue } } } } fragment FullType on __Type { kind name description fields(includeDeprecated: true) { name description args { ...InputValue } type { ...TypeRef } isDeprecated deprecationReason } inputFields { ...InputValue } interfaces { ...TypeRef } enumValues(includeDeprecated: true) { name description isDeprecated deprecationReason } possibleTypes { ...TypeRef } } fragment InputValue on __InputValue { name description type { ...TypeRef } defaultValue } fragment TypeRef on __Type { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name ofType { kind name } } } } } } } }","variables":{}}' \
  --compressed \
  --insecure \
  -b cookies.txt
```

…then based on the schema, you can figure out how to get the hashrate, for example:
```
curl 'http://10.1.45.21/graphql' \
  -H 'Accept: application/graphql-response+json, application/graphql+json, application/json, text/event-stream, multipart/mixed' \
  -H 'Accept-Language: en' \
  -H 'Content-Type: application/json' \
  -H 'Priority: u=4' \
  --data-raw '{"operationName":"RealHashrateQuery","query":"query RealHashrateQuery { bosminer { info { summary { realHashrate { mhsAv mhs5S mhs15S mhs30S mhs1M mhs5M mhs15M mhs30M mhs1H mhs24H mhsSinceRestart } } } } }","variables":{}}' \
  --compressed \
  --insecure \
  -b cookies.txt
```
nobody | 2 months ago (raw) | root | parent | reply | flag +1 
 Very sick, thank you!