[Ge0rg] got himself a fancy new Samsung NX300 mirrorless camera. Many of us would just take some pretty pictures, but not [Ge0rg], he wanted to see what made his camera tick. Instead of busting out the screwdrivers, he started by testing his camera’s security features.
The NX300 is sold as a “smart camera” with NFC and WiFi connectivity. The NFC connectivity turns out to be just an NXP NTAG203 tag embedded somewhere in the camera. This is similar to the NFC tags we gave away at The Gathering in LA. The tag is designed to launch an android app on a well equipped smartphone. The tag can be write-locked, but Samsung didn’t set the lock bit. This means you can reprogram and permanently lock the tag as a link to your favorite website.
[Ge0rg] moved on to the main event, the NX300’s WiFi interface. A port scan revealed the camera is running an unprotected X server and Enlightenment. Let that sink in for a second. The open X server means that an attacker can spoof keystrokes, push images, and point applications to the camera’s screen.
In a second blog post, [Ge0rg] tackled attaining root access on the camera. Based on the information he had already uncovered, [Ge0rg] knew the camera was running Linux. Visiting Samsung’s open source software center to download the open source portions of the NX300 confirmed that. After quite a bit of digging and several red herrings, [Ge0rg] found what he was looking for. The camera would always attempt to run an autoexec.sh from the SD Card’s root folder at boot. [Ge0rg] gave the camera the script it was looking for, and populated it with commands to run BusyBox’s telnet daemon. That’s all it took – root shell access was his.
[Image via Wikimedia Commons/Danrok]
Here’s how you can have a hands-free, no worries about the battery, Android experience while you drive. [Steve] removed the head unit from his car and replaced it with a Samsung Galaxy SIII Android phone. The look is pretty nice, but we do have a few suggested improvements if you try this one for yourself.
It started simply by removing the factory stereo which left a double-height opening in the dashboard. [Steve] cut a piece of wood to fit the gaping hole, painting it a grey that would compliment the interior colors of the car. The phone is mounted on this plate, with plenty of room for the USB and audio cables. From there it is finished up with another wooden plate which has a cutout for the touch screen. See the final project, as well as glimpses of the installation, in the video after the break.
[Steve] demonstrates using the GPS features and playing music. We’d improve this in a couple of ways. First off, using something like the IOIO board you could add a physical volume knob, which we’re not interested in giving up for a touch screen quite yet. If you were willing to go the extra mile, a CAN-BUS chip could be added too that would monitor button presses from the steering wheel music controls.
Continue reading “Galaxy SIII hack puts Android in your dashboard”
[Luigi Auriemma] almost rendered his brother’s TV useless attempting to play a simple practical joke. In the process, he uncovered a bug that could potentially upset a lot of people. His idea was to connect a computer to the system via WiFi, masquerading as a remote control. [Luigi] found that by altering the packet being sent to the TV by adding a line feed and some other characters to the name, it would begin an endless reboot loop.
He also discovered that he could easily crash the devices by setting the MAC address string too long. We’re not sure if he’s modifying the remote, or the television on this one though.
These bugs affect the Samsung TVs and Blu Ray players that utilize the same chip. The crazy part is that despite his attempts, he has been unable to contact anyone at Samsung to let them know!
[Adam Outler] has been pretty heavy into mobile device hacking lately. The biggest problem with that field is recovering from back flashes or development firmware glitches. In many cases you can use a JTAG programmer to reflash stock firmware to resurrect a handset. Unfortunately you’ll be hard pressed to find a phone that comes with a JTAG header, and soldering to the microelectronic boards is not for the faint of heart.
But a solution is here, [Adam] pulled together a wide set of resources to create a package to unbrick Samsung phones. Now we’re sure that there’s more than a handful of people who would argue that a bad firmware flash that can be fixed this way means that the phone wasn’t actually “bricked” in the first place. But what we see is one more barrier torn down between being a hardware user and becoming a hardware hacker. You’re much more likely to get in there and get your hands dirty if you know that you’ll be able to undo your mistakes and reclaim you precious pocket hardware. See just how easy it is in the video after the break.
Continue reading “One-click unbrick for Samsung phones”
If you’ve got a Samsung Vibrant and want to take advantage of that unlimted 3G account you can tether without rooting the phone. This method uses a USB cable to provide internet access to Windows XP and Windows 7 computers. Samsung’s own Kies software handles the tethering, as long as you have the magic number to get connected on T-Mobile USA networks; ‘epc.tmobile.com’ for the APN name and ‘*99#’ as the phone number. [Zedomax] made the video after the break which takes you through the tethering ritual.
Continue reading “Tethering the Samsung Vibrant without rooting”
[Erdem] sent us an update on his work with the SamyGO project. You may remember this Samsung TV firmware hacking initiative from our post back in October. Since then many more TV models have been added to the compatible list. They have also worked out a way to defeat the AES encryption and RSA signature checking on the CI+ devices. Want to lend a hand? Take a look at the compatibility table on the main page and see if you have one of the TV models they need testers for. Otherwise, read the wiki, hit the downloads page, and unlock the hidden abilities of your boob tube.
Yet another netbook can now run OS X. This one happens to be the Samsung n310, making it our first published non-Dell netbook to accomplish the feat. The key lies in a custom (and downloadable) .ISO for intalling said operating system onto a netbook. Full instructions for the task, and an audio driver for the n310 in OS X, are available on the [ComputerSolutions] website.
Oddly enough, the platform swap probably ‘freed up’ some space.