[Roberto] recently discovered a clever way to gain root access to an HP t520 thin client computer. These computers run HP’s ThinPro operating system. The OS is based on Linux and is basically just a lightweight system designed to boot into a virtual desktop image loaded from a server. [Roberto’s] discovery works on systems that are running in “kiosk mode”.
The setup for the attack is incredibly simple. The attacker first stops the virtual desktop image from loading. Then, the connection settings are edited. The host field is filled with garbage, which will prevent the connection from actually working properly. The real trick is in the “command line arguments” field. The attacker simply needs to add the argument “&& xterm”. When the connection is launched, it will first fail and then launch the xterm program. This gives the attacker a command shell running under the context of whichever user the original software is running as.
The next step is to escalate privileges to root. [Roberto] discovered a special command that the default user can run as root using sudo. The “”hpobl” command launches the HP Easy Setup Wizard. Once the wizard is opened, the attacker clicks on the “Thank You” link, which will then load up the HP website in a version of Firefox. The final step is to edit Firefox’s default email program association to xterm. Now when the attacker visits an address like “mailto:email@example.com”, Firefox (running as root) launches xterm with full root privileges. These types of attacks are nothing new, but it’s interesting to see that they still persist even in newer software.
Conventional wisdom says small, powerful embedded Linux like the Raspberry Pi, Beaglebone, or the Intel Edison are inherently manufactured devices, and certainly not something the homebrew tinkerer can produce at home. [hak8or] is doing just that, producing not one, but two completely different tiny Linux computers at home.
The first is based on Atmel’s AT91SAM9N12 ARM processor, but the entire board is just about two inches square. On board is 64 MB of DDR2 DRAM, a USB host and OTG port, and not much else. Still, this chip runs a stripped down Linux off of a USB drive.
The second board is based on the Freescale i.MX233. This board is similar in size and capabilities, but it’s not exactly working right now. There’s an issue with the DRAM timings and a capacitor underneath the SD card is a bit too tall.
The real value of [hak8or]’s project is the incredible amount of resources he’s put into his readme.mds for these repos. If you’ve ever wanted to build an embedded Linux device, here’s your one-stop shop for information on booting Linux on these chips.
If you are interested in local wildlife, you may want to consider this wildlife camera project (Google cache). [Arnis] has been using his to film foxes and mice. The core components of this build are a Raspberry Pi and an infrared camera module specifically made for the Pi. The system runs on a 20,000 mAh battery, which [Arnis] claims results in around 18 hours of battery life.
[Arnis] appears to be using a passive infrared (PIR) sensor to detect motion. These sensors work by detecting sudden changes in the amount of ambient infrared radiation. Mammals are good sources of infrared radiation, so the sensor would work well to detect animals in the vicinity. The Pi is also hooked up to a secondary circuit consisting of a relay, a battery, and an infrared light. When it’s dark outside, [Arnis] can enable “night mode” which will turn on the infrared light. This provides some level of night vision for recording the furry critters in low light conditions.
[Arnis] is also using a Bluetooth dongle with the Pi in order to communicate with an Android phone. Using a custom Android app, he is able to connect back to the Pi and start the camera recording script. He can also use the app to sync the time on the Pi or download an updated image from the camera to ensure it is pointed in the right direction. Be sure to check out the demo video below.
If you like these wildlife cameras, you might want to check out some older projects that serve a similar purpose. Continue reading “Remote Controlled Wildlife Camera with Raspberry Pi”
On April 1st the Magic Lantern team announced a proof of concept that lets you run Linux on a Canon EOS camera. Because of the date of the post we’ve poured over this one and are confident it’s no joke. The development has huge potential.
The hack was facilitated by a recent discovery that the LCD screen on the camera can be accessed from the bootloader. In case you don’t recognize the name, Magic Lantern is an Open Source project that adds features to these high-end cameras by utilizing the bootloader with binary files on the SD card. It’s long been a way of hacking more features in but has always been complicated by the fact that you must figure out how to play nicely with the existing firmware. Commanding the LCD was the last part of the hardware that had previously not been driven directly from Magic Lantern.
Now that the Linux kernel is in the picture, ground-up features can be built without dealing with the stock firmware in any way (and without overwriting it). We’re excited to see where this one goes. Currently it’s just a proof that you can boot Linux, it’s not actually functional yet. Here’s your chance to polish those kernel porting skills you’ve been holding in reserve.
We’ve been seeing a lot of garage door opener hacks, whether it’s because one person inspired everyone else to build their own Internet-connected GDO or because there’s something in the water that’s caused the simultaneous building of one specific type of project, we’re not sure. However, the latest one we’ve seen adds a little something extra: motion-based security.
[DeckerEgo] really went all out with this one, too. The core of the project is a Raspberry Pi hardwired to a universal garage door remote. The Pi also handles a small webcam and runs a program called motion, which is a Linux program that allows for all kinds of webcam fun including motion detection. While the other builds we see usually use a button or limit switch to tell whether the door is open or closed, this one just watches the door with the webcam so [DeckerEgo] can actually see what’s going on in the garage. As a bonus, the motion software can be configured to alert him if anything suspicious is going on in the garage.
The build is full-featured as well, with an interesting user interface overlaid on the live picture of the garage door. According to [DeckerEgo] the camera is a necessity because he wouldn’t trust a simple status indicator, but if you wanted to try one of those before breaking out the Raspberry Pi, we’ve featured one recently that you can check out.
If you’ve been holding off on upgrading your kindle, this project might inspire you to finally bite the bullet. [WarriorRocker] recently saved quite a few dollars on his Kindle upgrade by using a demo unit. Of course, it’s not as simple as just finding a demo unit and booting it up. There’s some hacking involved.
[WarriorRocker] found his Kindle Paperwhite demo unit on an online auction site for just $20. Kindles are great for reading but also make popular displays for your own projects. This used display model was much less expensive than a new unit, which makes sense considering it had probably received its share of abuse from the consumers of some retail store. The problem with a demo unit is that the firmware that comes with it is very limited, and can’t be used to sync up with your Amazon account. That’s where the hacking comes in.
The first step was to crack open the case and locate the serial port. [WarriorRocker] soldered a small three pin header to the pads to make it easier to work on his device as needed. He then connected the Kindle to his PC using a small serial to USB adapter. Pulling up the command prompt was as simple as running Putty and connecting to the correct COM port. If the wires are hooked up correctly, then it just takes a press of the enter key to pull up the login prompt.
The next step requires root access. The root password for each unit is related to the unit’s serial number. [WarriorRocker] obtained the serial number by rebooting the Kindle while the Serial connection was still open. The boot sequence will spit out the number. This number can then be entered in to an online tool to generate possible root passwords. The tool is available on [WarriorRocker’s] project page linked above.
Next, the Kindle needs to be rebooted into diagnostic mode. This is because root logins are not allowed while the device is booted to the system partition. To enter diagnostic mode, [WarriorRocker] had to press enter over and over during the boot sequence in order to kill the automatic boot process. Then he checked some environment variables to locate the memory address where the diagnostic mode is stored. One more command tells the system to boot to that address and into diagnostic mode.
The last step of the process begins by mounting the Kindle as a USB storage device and copying over the stock Kindle firmware image. Next [WarriorRocker] had to exit the diagnostic menu and return to a root command prompt. Finally, he used the dd command to copy the image to the Kindle’s partition bit by bit. Fifteen minutes and one reboot later and the Kindle was working just as it should. [WarriorRocker] even notes that the 3G connection still works. Not bad for $20 and an hour or two of work.