The Amazon Fire TV is Amazon’s answer to all of the other streaming media devices on the market today. Amazon is reportedly selling these devices at cost, making very little off of the hardware sales. Instead, they are relying on the fact that most users will rent or purchase digital content on these boxes, and they can make more money in the long run this way. In fact, the device does not allow users to download content directly from the Google Play store, or even play media via USB disk. This makes it more likely that you will purchase content though Amazon’s own channels.
We’re hackers. We like to make things do what they were never intended to do. We like to add functionality. We want to customize, upgrade, and break our devices. It’s fun for us. It’s no surprise that hackers have been jail breaking these devices to see what else they are capable of. A side effect of these hacks is that content can be downloaded directly from Google Play. USB playback can also be enabled. This makes the device more useful to the consumer, but obviously is not in line with Amazon’s business strategy.
Amazon’s response to these hacks was to release a firmware update that will brick the device if it discovers that it has been rooted. It also will not allow a hacker to downgrade the firmware to an older version, since this would of course remove the root detection features.
This probably doesn’t come as a surprise to most of us. We’ve seen this type of thing for years with mobile phones. The iPhone has been locked to the Apple Store since the first generation, but the first iPhone was jailbroken just days after its initial release. Then there was the PlayStation 3 “downgrade” fiasco that resulted in hacks to restore the functionality. It seems that hackers and corporations are forever destined to disagree on who actually owns the hardware and what ownership really means. We’re locked in an epic game of cat and mouse, but usually the hackers seem to triumph in the end.
[Filipe] has been playing around with custom firmware for inexpensive IP cameras. Specifically, he has been using cameras based on a common HI3815 chip. When you are playing around with firmware like this, a major concern is that you may end up bricking the device and rendering it useless. [Filipe] has documented a relatively simple way to backup and restore the firmware on these cameras so you can hack to your heart’s content.
The first part of this hack is hardware oriented. [Filipe] cracked open the camera to reveal the PCB. The board has labeled serial TX and RX pads. After soldering a couple of wires to these pads, [Filipe] used a USB to serial dongle to hook his computer up to the camera’s serial port.
Any terminal program should now be able to connect to the camera at 115200 baud while the camera is booting up. The trick is to press “enter” during the boot phase. This allows you to log in as root with no password. Next you can reset the root password and reboot the camera. From now on you can simply connect to the phone via telnet and log in as root.
From here, [Filipe] copies all of the camera’s partitions over to an NFS share using the dd command. He mentions that you can also use FTP for this if you prefer. At this point, the firmware backup is completed.
Knowing how to restore the backup is just as important as knowing how to create it. [Filipe] built a simple TFTP server and copied the firmware image to it in two chunks, each less than 5MB. The final step is to tell the camera how to find the image. First you need to use the serial port to get the camera back to the U-Boot prompt. Then you configure the camera’s IP address and the TFTP server’s IP address. Finally, you copy each partition into RAM via TFTP and then copy that into flash memory. Once all five partitions are copied, your backup is safely restored and your camera can live to be hacked another day.
The D-Link DSP-W215 Smart Plug, a wireless home automation device for monitoring and controlling electrical outlets has just been hacked. Even though it isn’t readily available from Amazon or Best Buy yet, the firmware is already up on D-Link’s web site. The very well detailed write-up explains all the steps that led to this exploit creation.
First, the firmware was unpacked to examine the file system contents. It was found that the smart plug doesn’t have a normal web-based interface as users are expected to configure it using D-Link’s Android/iOS app. The apps however, appear to use the Home Network Administration Protocol (HNAP) to talk to the smart plug running a lighthttpd server. A look at the latter’s configuration file revealed the functions that could be called without any authentication. Another revealed that the firmware could accept an unlimited amount of POST request bytes which were copied in a fix length buffer without any performed checks. We’ll let our readers head to the original article to see where the author went from this point.
After going through the original quick list we tossed together, people were chiming in like crazy. We felt another 10 might help satiate the desire to smirk at the silliness of tech portrayed in movies and TV. Gathering examples from your comments, we have compiled part 2. While I would have loved to narrow this down to a specific item like incorrect lingo or screen grabs, I didn’t quite have enough specific scenes to do it yet. Be sure to keep the comments coming and be specific, I haven’t seen many of these till someone points it out.
Continue reading “Top 10 Hacking Failures in movies: part 2″
There is no single and definitive definition of what hacking is. We all have different versions of similar ideas in our head, but depending on your background and area of enthusiasm, hacking means something different. While dictionary.com has many definitions of the word itself, none seem to cover what we see on a daily basis.
We set out to define “hacking” ourselves. We tossed around words like “modify”, “kludge”, “explore”, and “create”. Each time we committed an increasingly vague definition onto the page, we decided it was too narrow and tossed it in the proverbial trash. The variations were just too many.
What we do know is that “hacking” seems to breed advancement and innovation. Much like mutations in an evolutionary chain, each hack pushes the topic in a slightly new direction, inspiring others and thereby perpretuating the evolutary event. In a very short time we’ve witnessed hacking bring forth the evolution of wagons to cars, kites to airplanes, and the creation of the computer.
We at Hackaday would like to declaire August 11th to be “International Hack Day”. A day to celebrate hacking in all of its diverse forms. From soldering to sewing, coding to carbonating, knitting to knurling, we want you to keep on hacking. Take August 11th as a day to show pride in your hacking. Waive your hacker flag high and educate those around you.
We have asked many of our friends to contribute their personal definition of hacking. Here they are, in the order they were received.
Continue reading “Announcing: International Hack Day, August 11th.”
Sometimes it helps to have an entire set of tools with you to tackle a problem, and sometimes it helps to take the discreet route. [StenoPlasma] took the latter of these approaches, and stuffed a USB hub, a 16 GB flash drive, and an Atheros based USB wireless adapter into a regular looking USB mouse to make a Linux bootable system in a mouse. Because he chose the Atheros adapter, he is also capable of doing packet injection with tools like Aircrack-ng, which can invaluable in a security audit or (white hat) hacking situation.
This is the only photo we have, so it could be possible that the mouse is no more than a mouse, however we know all of what [StenoPlasma] claims is 100% possible, so we’ll give him the benefit of the doubt, and hope this inspires others to hack up your own mouse kits. Be sure to check out the full parts list after the break.
Continue reading “Security Audit Kit in a Mouse”
For those out there who would enjoy a quick and interesting weekend project, this odometer made by [PeckLauros] is for you. Featured on Instructables it is made from the simplest of materials including some cardboard, a calculator, wires, glue, hot glue, magnetic drive key, an old CD and a reader, and a rubber band. The magnets, when attached to the CD work in a calculation to add 0.11m to the calculator when a magnet closes the circuit. [PeckLauros] points out that since it is a homebrewed device, it does have flaws such as adding 0.11m twice when the CD is rotated too slowly. It is easily fixed by simply running faster. The video is below the break.
Continue reading “Make Your Own Odometer from Scraps”