Hacking the Linksys WRT120N

[Craig Heffner] recently found himself on the case of the Linksys WRT120N router. The router’s firmware was using some previously unknown form of obfuscation, causing headaches for those wishing to run their own software. The WRT120N, being a 2009 model is somewhat out of date at this point. That didn’t stop [Craig] though, as he dove into reverse engineering the firmware obfuscation.

[Craig] started by running the firmware through his own Binwalk tool. Binwalk analyzes firmware files for known data, be it embedded filesystems, raw compression streams, or binary files. In this case Binwalk only found a small LZMA block which contained the compressed html files for the router’s web interface. The rest of the firmware was unknown data with a high level of entropy. [Craig] couldn’t do anything more with the firmware update file alone, so he ordered a router to attack from the hardware side. Inside he found typical low-end router components:  An Atheros AR7240 SoC, a 2MB SPI flash chip, 32MB of RAM. He also found serial and JTAG headers.

[Craig] connected to the serial port and was greeted with a boot menu. This allowed him to run some commands on the router, but didn’t give him any way to dump memory. He had to go straight to the source – connecting directly to the router’s SPI flash with an FTDI C232HM cable. Using libmpsse, another of his open source tools, [Craig] was able to dump the flash. He now had the un-obfuscated bootloader code, albeit in MIPS assembly. [Craig] was then able to go after the bootloader with IDA Pro. After a bit of work, the obfuscation system was exposed. The system was simple – several byte and nibble swaps had been performed between the LZMA header block and the first few bytes of data. [Craig] finished out this part of his hack by writing a simple C program to de-obfuscate and decompress the firmware.

Satisfying way to ‘Build’ Projects

build button 01_27

When you’re writing code for your next big creation, chances are that you build/debug the project 100’s of times a day. Sure, the keyboard hotkey gets the job done, but is it really that satisfying? [Victor] sends in this quick project on turning an Emergency Stop Push button into a ‘Build’ button.

From the looks of it, this project uses a Teensy 2.0, which sports an ATMEGA32U4. Since this part features a USB controller, it is a piece of cake to get it to mimic a keyboard. The circuit is also very simple; the pushbutton contacts are wired from ground to a digital input. On detection of a ‘press’, the Teensy will send out the keyboard combination to build your project: Ctrl-B, F7, etc… If you prefer working within the Arduino IDE, this could upload sketches as well (Ctrl-U).

Adding a little fun to ‘building’ your projects does come at a cost though. Besides forfeiting a Teensy, you also have to give up a precious USB port. [Victor] does mention Bluetooth, but that could break your budget for this sort of project. A possible alternative to the Teensy could be to implement Virtual USB on a low-cost standalone Arduino.

Continue reading “Satisfying way to ‘Build’ Projects”

Your Mouse Is A Terrible Webcam

camera

It should come as no surprise your optical mouse contains a very tiny, very low resolution camera. [Franci] decided to take apart one of his old mice and turn that tiny optical sensor into a webcam.

Inside [Franci]’s Logitech RX 250 is an ADNS-5020 optical sensor. This three wire SPI device stuffed into an 8-pin package is a 15×15 pixel grayscale image sensor. [Franci] started this project by bringing out the Arduino and Ethernet shield. After soldering a pull-up resistor to the image sensor’s reset pin, connecting the rest of the circuit was as simple as soldering a few wires to the Arduino.

The Arduino sketch sends the image data for each pixel to a computer over a serial connection. A bit of javascript and a touch of HTML takes this pixel data and turns it into a webpage with a live view of whatever is directly under [Franci]’s mouse.

Video of the mousewebcam in action below.

Continue reading “Your Mouse Is A Terrible Webcam”

USBPass – a Mooltipass-like Project

In our Developed on Hackaday series some readers may recall a sentence we wrote: “if one’s idea is not yet in the market, it’s either completely stupid or people are already working on it”. Well, [Josh] casually mentioned that he was also working on an offline password keeper after having recently subscribed to our google group. Similarly to the Hackaday-developed platform, the USBPass is connected to a computer via USB and is detected as an HID keyboard. As you can see in the picture shown above, it uses very few components: an ATMega32U2, a USB connector, three buttons and a few passives chips.

A total of 20 passwords can be stored in the microcontroller’s memory, which can be ‘typed’ by the platform using the push buttons. The USBPass firmware is based around the LUFA USB stack, to which [Josh] added HID report functionality to allow data transfer from his desktop application. The latter uses the Linux/Windows/OS X HID API library so bringing his software to other operating systems can be done in no time. All the project resources can be found on GitHub, while [Josh] is currently working on a B revision which will include an OLED screen.

Fubarino Contest: Custom Mech Warrior Online Controller

fubarino-contest-mech-warrior-online-controller

Twenty-two keys, a push button, three flip-switches, and a touch screen all let [Dominic] take his Mech Warrior Online game to the next level. He found that there are so many key bindings in the game it ends up being a huge pain to try to adapt his behavior to a static keyboard layout. Not only does the controller give him a specialized keypad, but he designed the touch screen interface to act as on-the-fly remapping. It even looks like something that would be mounted in a Battle Mech cockpit! What we can’t understand is why he didn’t tell us about this sexy peripheral hack much sooner?

What finally prompted him to tip us off about his project was the Fubarino Contest. Above you can see the easter egg he added to the controller. When the bottom five buttons on the touch screen are mapped to “31337” (aka “elite) the Teensy 3.0 board that drives the controller will automatically load up Hackaday in his browser.


This is an entry in the Fubarino Contest for a chance at one of the 20 Fubarino SD boards which Microchip has put up as prizes!

Continue reading “Fubarino Contest: Custom Mech Warrior Online Controller”

Pimp My Keyboard: Automatic Lift Kit and More

Cherry-keyboard-with-lifts

Wondering what the heck a lift kit is? You know those low-riding cars that bounce? That’s the idea with this hack. [Justblair] added automatic height adjustment to his Cherry G80, and hid a few other extras while he was at it. Since there’s a fair amount of room inside the case of this model he was able to hide everything and keep just a single cord to run it all.

Certainly what catches your eye is the keyboard’s ability to rise to a typing height automatically. This is accomplished with a few servo motors and some 3D printed replacement feet. There were some hiccups along the way with under-powered servos, but bulking up to some HXT 900 9G models provide more power than is currently necessary. The automatic feature is thanks to a capacitive sensor built with a wire that loops the perimeter of the keyboard.

Of course to monitor the sensor and drive the servos you need some kind of brain. For that [Justblair] went with an ATmega32U4 breakout board. Since he had to patch into USB for power anyway he added a USB hub and routed one of the ports out the left side of the keyboard as a convenient way to connect other peripherals. There was even room to include an RFID reader which he uses to unlock his sessions (similar to the desk install from earlier this year). There’s still a lot of potential left in that hardware. To make future improvements easier the hack includes an IDC socket as an auxiliary port.

[Justblair] did a great job of sharing his work. His post links to a Github repo for the code and a Thingiverse project for the 3D printed legs. And it wouldn’t be complete without the demo video which is found below.

Continue reading “Pimp My Keyboard: Automatic Lift Kit and More”

Posterior Posture Videogame Controller

bathroom_scale_game_controller

Normally we see some crazy mad science projects coming from [Ben Krasnow’s] laboratory. This week [Ben] changes gears a bit and hacks his Xbox controller to interface with his bathroom scale and function as a posture controlled input device. You may want to take a moment for that to tumble around in your noggin before we trying to explain. What this means is you sit catawampus on a bathroom scale and when you lean forward your game character moves forward, lean back your character backs up and lean side to side for strafe left and right.

A modern digital bathroom scale has four pressure point transducers — one in each corner — which are read by the central controller and summed to generate the weight of the object setting on the scale. To use the scale as a controller input [Ben] removed the central scale controller and created two amplified Wheatstone bridge differential circuits, one for each diagonal axis between load cells. After adding an offset potentiometer to fix the resting point at 0.8 volts, the amplified differential voltage signals are fed directly into an Xbox controller’s thumb stick input for game control.

Additionally, to add rotation to his new game controller he hacked a an old ball type mouse and added a bit of rubber tubing that contacted and tracked the base of a  Lazy Susan platter. The scale sits on the Lazy Susan and allows for the partial rotation of your torso to controlled game rotation. However, [Ben] still needed a regular mouse interfaced with the game for full 360° rotation control.

There is more after the break, plus the build and demonstration video.

Continue reading “Posterior Posture Videogame Controller”