A Motherboard for a WiFi Enabled SD Card

Over the last few months, a few very capable hackers have had a hand in cracking open a Transcend WiFi-enable SD card that just happens to be running a small Linux system inside. The possibilities for a wireless Linux device you can lose in your pocket are immense, but so far no one has gotten any IO enabled on this neat piece of hardware. [CNLohr] just did us all a favor with his motherboard for these Transcend WiFi SD cards, allowing the small Linux systems to communicate with I2C devices.

This build is based upon [Dmitry]’s custom kernel for the Transcend WiFiSD card. [CNLohr] did some poking around with this system and found he could use an AVR to speak to the card in its custom 4-bit protocol.

The ‘motherboard’ consists of some sort of ATMega, an AVR programming header, a power supply, and a breakout for the I2C bus. [Lohr] wired up a LED array to the I2C bus and used it to display some configuration settings for the WiFi card before connecting to the card over WiFi and issuing commands directly to the Linux system on the card. The end result was, obviously, a bunch of blinking LEDs.

While this is by far the most complex and overwrought way to blink a LED we’ve ever seen, this is a great proof of concept that makes the Transcend cards extremely interesting for a variety of hardware projects. If you want your own Transcend motherboard, [CNLohr] put all the files up for anyone who wants to etch their own board.

Advanced Transcend WiFi SD Hacking: Custom Kernels, X, and Firefox

[Dmitry] read about hacking the Transcend WiFi cards, and decided to give it a try himself.   We already covered [Pablo’s] work with the Transcend card. [Dmitry] took a different enough approach to warrant a second look.

Rather than work from the web interface and user scripts down, [Dmitry] decided to start from Transcend’s GPL package and work his way up. Unfortunately, he found that the package was woefully incomplete – putting the card firmly into the “violates GPL” category. Undaunted, [Dmitry] fired off some emails to the support staff and soldiered on.

It turns out the card uses u-boot to expand the kernel and basic file system into a ramdisk. Unfortunately the size is limited to 3MB. The limit is hard-coded into u-boot, the sources of which transcend didn’t include in the GPL package.

[Dmitry] was able to create his own binary image within the 3MB limit and load it on the card. He discovered a few very interesting (and scary) things. The flash file system must be formatted FAT32, or the controller will become very upset. The 16 (or 32)GB of flash is also mounted read/write to TWO operating systems. Linux on the SD card, and whatever host system the card happens to be plugged in to. This is dangerous to say the least. Any write to the flash could cause a collision leading to lost data – or even a completely corrupt file system. Continue reading “Advanced Transcend WiFi SD Hacking: Custom Kernels, X, and Firefox”

Hidden RFID reader locks workstation unless keys are present

We don’t know how [Kristoffer Marshall] found himself with free time at work, but he used it to beef up his computer security. Above is the finished project. There is literally nothing to see here. He’s rigged up a hidden RFID reader which locks and unlocks his workstation.

The security of the system depends on xscreensaver, which has a password protected lock feature already built into it. When the tag is removed from the reader’s field it fires up the screensaver using a Perl script.

But waking up from the screensaver is a bit more tricky. The package doesn’t allow you to wake it from the command line — most likely for security. He found the xdotool to be of great use here. It is a command line tool which simulates keyboard and mouse entry. His script detects when the xscreensaver password prompt is on the screen and uses the xdotool to fill in [Kristoffer’s] password. Since the script knows what has focus it won’t give away your password by accident.

See the complete setup in the clip after the break.

Continue reading “Hidden RFID reader locks workstation unless keys are present”

Getting SPI on a router

router

Cheap routers such a s the TP-LINK 703n and the TP-LINK MR3020 (seen above) can be used for much more than just connecting your laptop to your cable modem. They’re actually very small Linux boxes and with OpenWRT, you can control every aspect of these tiny pocket-sized computers. It’s frequently been suggested that these routers are awesome substitutes for the usual methods of getting Internet on a microcontroller, but how do you actually do that? The onboard serial port is a great start, but this also dumps output from the Linux console. What you need here is an SPI connection, and [ramcoderdude] has just the solution for you.

Linux already has a few SPI modules, but these are only accessible with kernel drivers. Traditionally, the only way to access SPI is to recompile the kernel, but [coderdude] created a kernel module that allows any device running the Attitude Adjustment OpenWRT image to dynamically allocate SPI busses.

He’s already submitted this patch to the OpenWRT devs, and hopefully it will be included in future updates. Very cool, we think, and something that can open a whole lot of doors for hacking up routers very easily.

Hacking Transcend Wifi SD Cards

[Pablo] is a recent and proud owner of a Transcend WiFi SD Card. It allows him to transfer his pictures to any  WiFi-enabled device in a matter of seconds.

As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded.

His clear and detailed write-up begins with explaining how a simple trick allowed him to browse through the card’s file system, which (as he guessed correctly) is running busybox. From there he was able to see if any of the poorly written Perl scripts had security holes… and got more than he bargained for.

He first thought he had found a way to make the embedded Linux launch user provided scripts and execute commands by making a special HTTP POST request… which failed due to a small technicality. His second attempt was a success: [Pablo] found that the user set password is directly entered in a Linux shell command. Therefore, the password “admin; echo haxx > /tmp/hi.txt #” could create a hi.txt text file.

From there things got easy. He just had to make the card download another busybox to use all the commands that were originally disabled in the card’s Linux. In the end he got the card to connect a bash to his computer so he could launch every command he wanted.

As it was not enough, [Pablo] even discovered an easy way to find the current password of the card. Talk about security…

Hacklet adds Linux control for the Modlet smart outlet

modlet-for-linux-hacklet

Linux users now have a simple option for controlling the Modlet smart outlet. Hacklet is a Ruby script that can switch and read status information from Modlet.

This is the first we remember hearing about Modlet. It’s another take on controlling your appliances remotely. Unlike WeMo, which puts control of one outlet on WiFi, the Modlet uses a USB dongle to control two outlets wirelessly. It has the additional benefit of reading how much current is being used by each plug. This does mean that you need a running computer with the USB dongle to control it. But cheap embedded systems like the Raspberry Pi make this less of an issue both in up-front cost, and the price to keep it running all the time.

[Matt Colyer’s] demo video includes an unboxing of the $60 starter kit. The screen seen above shows his script pairing with the outlet. It goes on to demonstrate commands to switch it, and to pull the data from the device. He even provides an example of how to use IFTTT with the script.

Continue reading “Hacklet adds Linux control for the Modlet smart outlet”

Android stick mutates into a home server

small-form-factor-home-server

Kiss that energy hungry PC you’ve been using as a home server goodbye. [Vince Loschiavo] shows us how he squeezed a remarkable amount of functionality out of an inexpensive Android stick which manages his home’s digital empire.

He started off just wanting some network attached storage. For this he grabbed an MK802 Android Stick which you can get for a song if you find the right deal. To bend it to his will he said goodbye to the Android OS, installing Ubuntu for ARM instead. The stick (which is missing its case in the image above) connects to a USB hub in host mode, but does actually draw all of its power from the hub itself. This made it possible to attach a USB to Ethernet adapter to boost the speed which would have been limited by the WiFi connection. There’s a 320 gig USB hard drive for the storage. With that much space on hand it makes sense to add streaming media service as well which is simple since it’s running Linux. The last part of his work actually turns it into an Asterisk server by way of Google Voice and a SIP phone. An impressive outcome at a bargain price to be sure!