[Pablo] is a recent and proud owner of a Transcend WiFi SD Card. It allows him to transfer his pictures to any WiFi-enabled device in a matter of seconds.
As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded.
His clear and detailed write-up begins with explaining how a simple trick allowed him to browse through the card’s file system, which (as he guessed correctly) is running busybox. From there he was able to see if any of the poorly written Perl scripts had security holes… and got more than he bargained for.
He first thought he had found a way to make the embedded Linux launch user provided scripts and execute commands by making a special HTTP POST request… which failed due to a small technicality. His second attempt was a success: [Pablo] found that the user set password is directly entered in a Linux shell command. Therefore, the password “admin; echo haxx > /tmp/hi.txt #” could create a hi.txt text file.
From there things got easy. He just had to make the card download another busybox to use all the commands that were originally disabled in the card’s Linux. In the end he got the card to connect a bash to his computer so he could launch every command he wanted.
As it was not enough, [Pablo] even discovered an easy way to find the current password of the card. Talk about security…
Linux users now have a simple option for controlling the Modlet smart outlet. Hacklet is a Ruby script that can switch and read status information from Modlet.
This is the first we remember hearing about Modlet. It’s another take on controlling your appliances remotely. Unlike WeMo, which puts control of one outlet on WiFi, the Modlet uses a USB dongle to control two outlets wirelessly. It has the additional benefit of reading how much current is being used by each plug. This does mean that you need a running computer with the USB dongle to control it. But cheap embedded systems like the Raspberry Pi make this less of an issue both in up-front cost, and the price to keep it running all the time.
[Matt Colyer's] demo video includes an unboxing of the $60 starter kit. The screen seen above shows his script pairing with the outlet. It goes on to demonstrate commands to switch it, and to pull the data from the device. He even provides an example of how to use IFTTT with the script.
Continue reading “Hacklet adds Linux control for the Modlet smart outlet”
Kiss that energy hungry PC you’ve been using as a home server goodbye. [Vince Loschiavo] shows us how he squeezed a remarkable amount of functionality out of an inexpensive Android stick which manages his home’s digital empire.
He started off just wanting some network attached storage. For this he grabbed an MK802 Android Stick which you can get for a song if you find the right deal. To bend it to his will he said goodbye to the Android OS, installing Ubuntu for ARM instead. The stick (which is missing its case in the image above) connects to a USB hub in host mode, but does actually draw all of its power from the hub itself. This made it possible to attach a USB to Ethernet adapter to boost the speed which would have been limited by the WiFi connection. There’s a 320 gig USB hard drive for the storage. With that much space on hand it makes sense to add streaming media service as well which is simple since it’s running Linux. The last part of his work actually turns it into an Asterisk server by way of Google Voice and a SIP phone. An impressive outcome at a bargain price to be sure!
If you’ve done any wireless work with hobby electronics you probably recognize this part. The green PCB is an RFM12B wireless board. They come in a few different operating bandwidths, the 433 MHz is probably the most common. They’re super easy to interface with a small microcontroller but what about an embedded Linux board? That is the focus of this project, which builds a kernel driver for the RF module.
You can get your own RFM12B for a few bucks. They’re quite versatile when paired, but a lot of inexpensive wireless consumer goods operate on this band so the board can be used to send commands to wireless outlets, light fixtures, etc. [Georg] has been working with the BeagleBone, BeagleBone Black, and Raspberry Pi. His software package lets you build a kernel module to add an entry for the device into the /dev directory of a Linux system. So far the three boards listed are all that’s supported, but if you have five I/O pins available it should be a snap to tailor this to other hardware.
Wondering what else you can do with the setup? This will get the receiving end of a text-messaging doorbell up and running in no time.
Continue reading “RF wireless kernel module for Raspberry Pi, BeagleBone and others”
On a shopping trip at Aldi [Aaron Christophel] came across this Medion streaming device which connects to your home network via WiFi and works as an Internet radio. He couldn’t resist buying one, and managed to do quite a bit of hacking on the device (translated) once he got it home.
His first order of business was a hardware teardown. An inspection of the board showed what was obviously an unpopulated footprint for a USB mini jack. He added the component, thinking it would allow him to connect it to a computer, but that didn’t work. To investigate the issue further he connected to the device’s serial port using the hard-to-guess credentials root and password. It’s running a Linux kernel and the lsusb command revealed that the USB is enabled as host mode. This mean you can attach mass storage… sweet!
He also did some firmware hacking. Above is the confirmation screen for flashing his altered image file. This resulted in a custom splash screen when it boots up.
We have friends watch the cats when we go out-of-town. But we always leave a server running with a webcam (motion activated using the Linux “motion” software) so we can check in on them ourselves. But this project may inspire a change. It leverages the features of a Carambola2 to capture images and upload them to Dropbox.
In the picture above the green PCB is a development board for the tiny yellow PCB which is the actual Carambola2. It is soldered on the dev board using the same technique as those HC-05 Bluetooth modules. That shielded board includes a Qualcomm SoC running Linux and a WiFi radio. The dev board feeds it power and allows it connect to the USB webcam.
There’s a bit of command line kung-fu to get everything running but it shouldn’t be out of reach for beginners. Linux veterans will know that taking snapshots from a webcam at regular intervals is a simple task. Uploading to a secure cloud storage site is not. A Bash script handles the heavy lifting. It’s using the Dropbox Application API so this will not violate their TOS and you don’t have to figure out your own method of authenticating from the command line.
For how awesome Google Voice is, we’re surprised we haven’t seen this before. [Steve] is using Google Voice to run commands on just about any Linux box.
Google Voice doesn’t have an official API, and existing unofficial APIs weren’t up to snuff for [Steve]‘s project. He ended up writing his own that checks his unread message inbox every minute and looks for new text messages beginning with the phrase, ‘Cmd’. If a series of checks pass – the text coming from a known phone number and a proper terminal command – the command runs and sends the a text back indicating success or failure.
While [Steve] probably won’t be playing nethack or Zork via SMS anytime soon, we can see this being very useful for a Raspi home automation task. Just send a text message and a properly configured Linux box can open your garage door, turn on the lights, or even start a webcam.