Hacking the D-Link DSP-W215 Smart Plug

DSP-W215

The D-Link DSP-W215 Smart Plug, a wireless home automation device for monitoring and controlling electrical outlets has just been hacked. Even though it isn’t readily available from Amazon or Best Buy yet, the firmware is already up on D-Link’s web site. The very well detailed write-up explains all the steps that led to this exploit creation.

First, the firmware was unpacked to examine the file system contents. It was found that the smart plug doesn’t have a normal web-based interface as users are expected to configure it using D-Link’s Android/iOS app. The apps however, appear to use the Home Network Administration Protocol (HNAP) to talk to the smart plug running a lighthttpd server. A look at the latter’s configuration file revealed the functions that could be called without any authentication. Another revealed that the firmware could accept an unlimited amount of POST request bytes which were copied in a fix length buffer without any performed checks. We’ll let our readers head to the original article to see where the author went from this point.

Top 10 Hacking Failures in movies: part 2

After going through the original quick list we tossed together, people were chiming in like crazy. We felt another 10 might help satiate the desire to smirk at the silliness of tech portrayed in movies and TV. Gathering examples from your comments, we have compiled part 2.  While I would have loved to narrow this down to a specific item like incorrect lingo or screen grabs, I didn’t quite have enough specific scenes to do it yet.  Be sure to keep the comments coming and be specific, I haven’t seen many of these till someone points it out.

[Read more...]

Announcing: International Hack Day, August 11th.

There is no single and definitive definition of what hacking is. We all have different versions of similar ideas in our head, but depending on your background and area of enthusiasm, hacking means something different. While dictionary.com has many definitions of the word itself, none seem to cover what we see on a daily basis.

We set out to define “hacking” ourselves. We tossed around words like “modify”, “kludge”, “explore”, and “create”. Each time we committed an increasingly vague definition onto the page, we decided it was too narrow and tossed it in the proverbial trash. The variations were just too many.

What we do know is that “hacking” seems to breed advancement and innovation. Much like mutations in an evolutionary chain, each hack pushes the topic in a slightly new direction, inspiring others and thereby perpretuating the evolutary event. In a very short time we’ve witnessed hacking bring forth the evolution of wagons to cars, kites to airplanes, and the creation of the computer.

We at Hackaday would like to declaire August 11th to be “International Hack Day”. A day to celebrate hacking in all of its diverse forms. From soldering to sewing, coding to carbonating, knitting to knurling, we want you to keep on hacking. Take August 11th as a day to show pride in your hacking. Waive your hacker flag high and educate those around you.

We have asked many of our friends to contribute their personal definition of hacking. Here they are, in the order they were received.

[Read more...]

Security Audit Kit in a Mouse

Sometimes it helps to have an entire set of tools with you to tackle a problem, and sometimes it helps to take the discreet route. [StenoPlasma] took the latter of these approaches, and stuffed a USB hub, a 16 GB flash drive, and an Atheros based USB wireless adapter into a regular looking USB mouse to make a Linux bootable system in a mouse. Because he chose the Atheros adapter, he is also capable of doing packet injection with tools like Aircrack-ng, which can invaluable in a security audit or (white hat) hacking situation.

This is the only photo we have, so it could be possible that the mouse is no more than a mouse, however we know all of what [StenoPlasma] claims is 100% possible, so we’ll give him the benefit of the doubt, and hope this inspires others to hack up your own mouse kits. Be sure to check out the full parts list after the break.

[Read more...]

Make Your Own Odometer from Scraps

For those out there who would enjoy a quick and interesting weekend project, this odometer made by [PeckLauros] is for you. Featured on Instructables it is made from the simplest of materials including some cardboard, a calculator, wires, glue, hot glue, magnetic drive key, an old CD and a reader, and a rubber band.  The magnets, when attached to the CD work in a calculation to add 0.11m to the calculator when a magnet closes the circuit. [PeckLauros] points out that since it is a homebrewed device, it does have flaws such as adding 0.11m twice when the CD is rotated too slowly.  It is easily fixed by simply running faster.  The video is below the break.

[Read more...]

Exploit Bait and Switch

When a new virus or other piece of malware is identified, security researchers attempt to get a hold of the infection toolkit used by malicious users, and then apply this infection into a specially controlled environment in order to study how the virus spreads and communicates. Normally, these toolkits also include some sort of management console commonly used to evaluate successfulness of infection and other factors of the malware application. In the case of the EFTPS Malware campaign however, the admin console had a special trick.

This console was actually a fake, accepting a number of generic passwords and user accounts, and provide fake statistics to whoever looked in to it. All the while, the console would “call home” with as much data about the researcher as possible. By tricking the researchers in this way, the crooks would be able to stay one step ahead of anti-virus tools that would limit the effectiveness of any exploit. Thankfully though, the researchers managed to come out on top this time.

[via boingboing]

GameBoy Advance Rapid Fire Hack

Ever find yourself in the middle of a Game Boy game and your hand cramps up?  Save that sore wrist for something else because now you can hack the Game Boy Advance to add Rapid Fire for the B button.  [William] has developed a way to do this by creating a simple circuit that generates a square wave on the B button when it is pressed.  To do this hack all that was needed was a short shopping list of:

  • A Couple NAND Gate ICs
  • 2n2222 NPN Transistor
  • 0.1uF ceramic capacitor
  • A Switch
  • 1M ohm resistor
  • Some Thin Wire

After that you’re off to the races as [William] documents how he goes about transforming the Game Boy Advance and includes a ton of great pictures and a schematic.  This operation ends with [William] placing the switch for Rapid Fire excellence next to the Right Bumper where it is inconspicuous and yet easy enough to access.

Via [HackedGadgets]

Follow

Get every new post delivered to your Inbox.

Join 96,577 other followers