Cheap consumer WiFi devices are great for at least three reasons. First, they almost all run an embedded Linux distribution. Second, they’re cheap. If you’re going to break a couple devices in the process of breaking into the things, it’s nice to be able to do so without financial fears. And third, they’re often produced on such low margins that security is an expense that the manufacturers just can’t stomach — meaning they’re often trivially easy to get into.
Case in point: [q3k] sent in this hack of a tiny WiFi-enabled SD card reader device that he and his compatriots [emeryth] and [informatic] worked out with the help of some early work by [Benjamin Henrion]. The device in question is USB bus-powered, and sports an SD card reader and an AR9331 WiFi SOC inside. It’s intended to supply wireless SD card support to a cell phone that doesn’t have enough on-board storage.
The hack begins with [Benajmin] finding a telnet prompt on port 11880 and simply logging in as root, with the same password that’s used across all Zsun devices:
zsun1188. It’s like they want to you get in. (If you speak Chinese, you’ll recognize the numbers as being a sound-alike for “want to get rich”. So we’ve got the company name and a cliché pun. This is basically the Chinese equivalent of “password1234”.) Along the way, [Benjamin] also notes that the device executes arbitrary code typed into its web interface. Configure it to use the ESSID “reboot”, for instance, and the device reboots. Oh my!
From here [q3k] and co. took over and ported OpenWRT to the device and documented where its serial port and GPIOs are broken out on the physical board. But that’s not all. They’ve also documented how and where to attach a wired Ethernet adapter, should you want to put this thing on a non-wireless network, or use it as a bridge, or whatever. In short, it’s a tiny WiFi router and Linux box in a package that’s about the size of a (Euro coin | US quarter) and costs less than a good dinner out. Just add USB power and you’re good to go.
There’s a great game of capture-the-flag that takes place every year at HITCON. This isn’t your childhood neighborhood’s capture-the-flag in the woods with real flags, though. In this game the flags are on secured servers and it’s the other team’s mission to break into the servers in whatever way they can to capture the flag. This year, though, the creators of the game devised a new scoreboard for keeping track of the game: a lightsaber.
In this particular game, each team has a server that they have to defend. At the same time, each team attempts to gain access to the other’s server. This project uses a lightsaber stand that turns the lightsabers into scoreboards for the competition at the 2015 Hacks In Taiwan Conference. It uses a cheap OpenWRT Linux Wi-Fi/Ethernet development board, LinkIt Smart 7688 which communicates with a server. Whenever a point is scored, the lightsaber illuminates and a sound effect is played. The lightsabers themselves are sourced from a Taiwanese lightsabersmith and are impressive pieces of technology on their own. As a bonus the teams will get to take them home with them.
While we doubt that this is more forced product integration advertisement from Disney, it certainly fits in with the theme of the game. Capture-the-flag contests like this are great ways to learn about cyber security and how to defend your own equipment from real-world attacks. There are other games going on all around the world if you’re looking to get in on the action.
Continue reading “Capture the Flag with Lightsabers”
[Vadim] wrote up this short but sweet tutorial on getting started with the Vocore (tiny) OpenWRT-router-on-a-stamp. If you need more computing power than you can get with an ESP8266, and you want an open-source Linux-plus-Wifi solution in a square inch of board space, the Vocore looks pretty sweet.
We covered the Vocore a while ago. It has 28 GPIOs, all accessible from system calls in OpenWRT. It becomes much more computer-like if you add a dock that breaks out the USB and Ethernet functionality, but that also doubles the price.
Getting started with a no-frills Linux box (chip?) can be intimidating. So it’s a good thing that [Vadim] details a first setup of the Vocore over WiFi and SSH, and then takes you through a button-and-LED style ‘Hello World’ application that makes simple use of the GPIOs.
He says he’s going to interface it eventually with a TI CC110 sub-gig radio unit, but that’s going to involve writing some drivers and will take him some time. We’d love to see how to connect peripherals, so we’re waiting with bated breath.
[Vadim] also helpfully included an un-bricking script for the Vocore, which restores the default firmware and gets you out of whatever hole you’ve managed to dig yourself into. Basically, you connect to the device over a USB-Serial adapter, run his script, and you should be set.
Any of you out there using a Vocore? Or other OpenWRT routers? Give [Vadim]’s tutorial a glance and let us know what you think.
For years we have been graced by cheap consumer electronics that are able to be upgraded through unofficial means. Your Nintendo DS is able to run unsigned code, your old XBox was a capable server for its time, your Android smartphone can be made better with CyanogenMod, and your wireless router could be expanded far beyond what it was originally designed to do thanks to the efforts of open source firmware creators. Now, this may change. In a proposed rule from the US Federal Communications Commission, devices with radios may be required to prevent modifications to firmware.
The proposed rule only affects devices operating in the U-NII bands; the portion of the spectrum used for 5GHz WiFi, and the proposed rule only affects the radios inside these devices. Like all government regulations, the law of unintended consequences rears its ugly head, and the proposed rules effectively ban Open Source router firmware.
The rules require all relevant devices to implement software security to ensure the radios of devices operating in this band cannot be modified. Because of the economics of cheap routers, nearly every router is designed around a System on Chip – a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.
3D Printers are super convenient when you need a part quickly. However, they can be seriously inconvenient if the 3D printer has to be tethered to your computer for the duration of the entire print. [Matt] purchased a Makerfarm i3v printer and has been using it a bunch. The only thing he wasn’t crazy about was having it occupy his computer while printing objects. Then one day [Matt] was dumpster diving (don’t roll your eyes, we all do it) and found a Netgear WNDR3700v1 WiFi router. This particular router has a USB port and it made [Matt] think, “can I use this to run my printer?”
[Matt] started by checking out 3D print server software OctoPrint and found out that it was entirely written in Python. He had a feeling that he could get Python running on that found Netgear router. The first step was to install OpenWrt to the router and configure it as a client. That was straight forward and went well. The router only had one USB port so a hub was necessary in order to connect a USB drive and the printer. The USB drive was necessary because the router itself did not have enough memory for OctoPrint. Installing OctoPrint to the router was a little complicated and took a bit of trial and error but [Matt] figured out the best method and documented that on his site for anyone interested in doing the same. So now, [Matt] can use his computer’s web browser to access OctoPrint on the Netgear router, start a print and go back to using his computer without fear of a failed print. OctoPrint and the router are now solely responsible for controlling the printer.
If you’re interested in more ways to remotely control your printer, check this out.
If you’ve clocked one-too-many hours at Tetris, it might be time to show the world your skills on this skyscraper-sized display on the Shell Centre in London. [Benjamin], [Tom], and their “army of volunteers” took to the Shell building and assembled their super-screen from a collection of 182 networked wireless lightbulbs, some tracing paper, and mylar to create a playable interface from the Jubilee Gardens below.
[Benjamin] doesn’t deliver many of the technical details on his post, but he does give us an overview. He achieves full wireless coverage of all floors by spacing out 14 TP-Link WR702n routers, each running the same version of OpenWRT. This interface wasn’t [Benjamin’s] first choice, as he would’ve preferred to tap into the building’s existing wireless network; unfortunately, he was left without support from the building’s network team. Equipped with a large donation of wireless bulbs controlled by a central bridge, [Benjamin’s] Python-adaptation of Tetris can refresh the building about about 1-to-2 frames per second. Given his description of the bulb interface, we suspect he’s using the all-too-familiar Philips Hue smart lightbulbs to illuminate the building.
In case you haven’t heard of Faraday’s Christmas Lectures, they’re the UK’s nationally broadcasted “science special” featured at the end of the year and founded in 1825 by [Michael Faraday] himself. The goal of these Lectures is to introduce young people to some aspect from the sciences. We’ve seen giant Tetrises before, but not in a way that inspires such a young audience. We’re thrilled to see that hacking both in software (Python, LAN networks) and hardware (ZigBee, OpenWRT) made the cut for this year’s special. After all, why should MIT keep all the fun to themselves?
If the building-scale is just too big for your taste, why not have a go on your oscilloscope?
Continue reading “Skyscraper Tetris Lets the City Know how Good or Bad You Are”
[Jelmer] recently found his old pager in the middle of a move, and decided to fire it up to relive his fond memories of receiving a page. He soon discovered that the pager’s number was no longer active and the pager’s network was completely shut down. To bring his pager back to life, [Jelmer] built his own OpenWRT-based pager base station that emulates the POCSAG RF pager protocol.
[Jelmer] opened up his pager and started probing signals to determine what protocol the pager used. Soon he found the RF receiver and decoder IC which implements the POCSAG pager protocol. [Jelmer] began going through the sparse POCSAG documentation and assembled enough information to implement the protocol himself.
[Jelmer] used a HLK-RM04 WiFi router module for the brains of his build, which talks to an ATMega that controls a SI4432 RF transceiver. The router runs OpenWRT and generates POCSAG control signals that are transmitted by the SI4432 IC. [Jelmer] successfully used this setup to send control signals to several pagers he had on hand, and plans on using the setup to send customizable alerts in the future. [Jelmer] does note that operating this device may be illegal in many countries, so as always, check local frequency allocations and laws before tackling this project. Check out the video after the break where a pager is initialized by [Jelmer]’s transmitter.
Continue reading “Bringing A Legacy Pager Network Back to Life”