Teardown: Creality Wi-Fi Box

December 28, 2020 by Tom Nardi 57 Comments

Creality, makers of the Ender series of 3D printers, have released a product called Wi-Fi Box meant to cheaply add network control to your printer. Naturally I had to order one so we could take a peek, but this is certainly not a product review. If you’re looking to control your 3D printer over the network, get yourself a Raspberry Pi and install Gina Häußge’s phenomenal OctoPrint on it. Despite what Creality might want you to believe, their product is little more than a poor imitation of this incredible open source project.

Even if you manage to get it working with your printer, which judging by early indications is a pretty big if, it won’t give you anywhere near the same experience. At best it’ll save you a few dollars compared to going the DIY route, but at the cost of missing out on the vibrant community of plugin developers that have helped establish OctoPrint as the defacto remote 3D printing solution.

That being said, the hardware itself seems pretty interesting. For just $20 USD you get a palm-sized Linux computer with WiFi, Ethernet, a micro SD slot, and a pair of USB ports; all wrapped up in a fairly rugged enclosure. There’s no video output, but that will hardly scare off the veteran penguin wrangler. Tucked in a corner and sipping down only a few watts, one can imagine plenty of tasks this little gadget would be well suited to. Perhaps it could act as a small MQTT broker for all your smart home devices, or a low-power remote weather station. The possibilities are nearly limitless, assuming we can get into the thing anyway.

So what’s inside the Creality Wi-Fi Box, and how hard will it be to bend it to our will? Let’s take one apart and find out.

Continue reading “Teardown: Creality Wi-Fi Box” →

Dissecting The TL-WR841N For Fun And Profit

September 12, 2019 by Tom Nardi 34 Comments

The TP-Link TL-WR841N isn’t a particularly impressive piece of hardware, but since it works decently well and sells for under $20 USD, it’s one of the most popular consumer routers on Amazon. Now, thanks to [TrendyTofu] of the Zero Day Initiative, we now have a concise step-by-step guide on how to hack your way into the newer versions of the hardware and take full control over this bargain WiFi device. This work was initially done to help test out reported vulnerabilities in the router’s firmware, but we’re sure the readers of Hackaday can come up with all sorts of potential uses for this information.

The story starts, as so many before it have, with a serial port. Finding the UART pads on the PCB and wiring up a level shifter was no problem, but [TrendyTofu] found it was only working one-way. Some troubleshooting and an oscilloscope later, the culprit was found to be a 1kΩ pull down resistor connected to the RX line that was keeping the voltage from peaking high enough to be recognized.

Once two-way communication was established, proper poking around inside the router’s Linux operating system could begin. It wasn’t a huge surprise to find the kernel was ancient (version 2.6.36, from 2010) and that the system utilities had been stripped to the absolute bare minimum to save space. Replacing the firmware entirely would of course be ideal, but unfortunately OpenWRT has dropped support for the newer hardware revisions of the TL-WR841N.

To teach this barebones build of Linux some new tricks, [TrendyTofu] used the mount command to find a partition on the system that actually had write-access, and used that to stash a pre-compiled build of BusyBox for MIPS. With a more complete set of tools, the real fun could begin: using GDB to debug TP-Link’s binaries and look for chinks in the armor. But feel free to insert your own brand of mayhem here.

You might think that in the era of the Raspberry Pi, abusing cheap routers to turn them into general purpose Linux boxes would be somewhat out of style. Frankly, you’d be right. But while the days of strapping Linksys WRT54Gs to remote controlled cars might be long be gone, there are still some routers out there interesting enough to make it worth dusting off this time-honored hardware hacker tradition.

Exploring The Dell N1108T-ON Ethernet Switch

June 17, 2019 by Tom Nardi 24 Comments

In an era where everything seems to be getting “smarter” every year, it will probably come as no surprise to find that even relatively middling networking hardware is now packing advanced features and considerable computational power. A case in point is the Dell N1108T-ON Ethernet switch. Despite only costing around $100 USD on the second hand market, [Ben Cox] discovered this particular switch was capable of a lot more than what was advertised by poking around its onboard operating system.

It all started by plugging into the serial port on the front of the switch, which [Ben] happily notes is an integrated FTDI USB serial adapter to make life easy. Booting into recovery mode gave him local shell access, and some poking around determines it’s the sort of BusyBox-powered Linux system that you’d expect on an embedded device. The biggest discoveries were that it was running a relatively recent kernel (3.8.1), and that it apparently had Python installed.

From there, [Ben] found out that these switches have a feature where the administrator can install and run Python “applications” by packaging them up as tarballs and copying them from a USB flash drive. So he wrote up a simple Python program that used the socket library to open up a reverse shell to his desktop computer, and to his surprise, it worked perfectly on the first try. Now with root access, the fun really started.

The next step was getting an SSH installed and running on the switch, so that he didn’t have to do the reverse shell trick every time. He then started installing the packages necessary to turn the switch into a secure VPN tunnel with Wireguard. This took a little fiddling as [Ben] didn’t have the option of installing the normal Wireguard kernel module, but he eventually got the necessary tools modified and cross-compiled to ARM. He believes this is just the start of what’s capable on devices like this, and we’re interested in seeing where the community goes from here.

We’ve seen hackers add management capability to a “dumb” unmanaged switch in the past, but software modifications like this promise to make the creation of custom, secure, networks far easier even on a hacker’s budget. A lot has certainly changed since the last time we saw somebody really dive into a professional Ethernet switch.

SerialPlot Does Exactly What You Think It Does

May 30, 2019 by Lewin Day 12 Comments

The serial port remains a hacker staple, being one of the easiest ways to move a little bit of data from one machine to another. All manner of projects use the interface, and often, sensors are connected and their data read over such connections. In these cases, it can be useful to plot said data, and SerialPlot is a tool that can do just that.

SerialPlot is capable of reading data over several serial ports at once, and plotting it for your viewing pleasure. It’s capable of interpreting data in a variety of integer and float formats, and plotting multiple channels in a synchronised manner. It’s also capable of sending basic commands out over the serial port, which can be used to trigger or control attached equipment.

Overall, it’s a useful utility for anyone with an array of sensor’s connected over the most classic of interfaces. Of course, if you’re having trouble keeping track of all your serial ports, there’s a utility to help with that, too.

Windows Utility Helps ID Serial Ports

May 22, 2019 by Lewin Day 49 Comments

The humble serial interface has been around for a very long time, and will stay with us in one form or other for the foreseeable future. It was easy enough to keep track of back in the days when a computer only had one, or perhaps two COM ports. However, in this day and age of USB-programmable microcontrollers, it’s likely you’ve got COMs coming out the wazoo. Thankfully, [Amr Bekhit] has put together a utility to help solve this problem.

[Amr’s] utility is called Serial Port Monitor, and it does what it says on the tin. When new serial ports are enumerated in Device Manager, a system tray notification pops up noting the number of the newly attached COM port. Additionally, it maintains a list of ports sorted in order of the newest first, and also features a right-click menu that allows the launching of various terminal programs.

It’s a useful tool to keep in your back pocket that can prove particularly so when programming many devboards at once, or any other time when you find yourself dealing with a mess of serial devices.

Incidentally, if you find yourself having continual headaches with USB-to-Serial adapters on Windows, this might just be your problem. Happy hacking.

Footnote: In light of this article, the author would like to formally apologise to [Cosmos2000] for permanently disabling COM1 on his main programming rig. Sorry, friend.

Easy Portable Serial Ports

September 14, 2018 by Al Williams 51 Comments

Modern operating systems insulate us — as programmers, especially — from so much work. Depending on how far back you go, programmers had to manage their own fonts, their own allocation space on mass storage, or even their own memory allotments. Every year, though, it seems like things get easier and easier. So why is it so annoying to open a simple serial port? It isn’t hard, of course, but on every operating system it seems to be painful — probably in an attempt to be flexible. And it is even worse if you want portability. I needed to write some C code that read data from an FPGA’s embedded logic analyzer, and I was annoyed at having to write yet more serial port code. I have my own shim library, but it isn’t well tested and isn’t all that flexible — it does what I need, but I wanted something better. What I wound up with the serial library from Sigrok. You know Sigrok? The logic analyzer software.

You might counter that the serial port is old hat, so no one wants to support it with modern systems. While the physical serial port might be on life support, there’s no shortage of equipment that connects via USB that appears to be a serial port. So while I was talking to an FTDI chip on an FPGA board, you could just as well be talking to an Arduino or a USB voltmeter or anything.

I guess the Sigrok developers had the same problem I did and they took the time to write a nice API and port it to major platforms. Although Sigrok uses it, they maintain it as a separate project and it was just what I needed. Sort of. I say sort of because the version installed with Ubuntu was old and I needed some features on the newest release, but — as usual — the Internet came to the rescue. A quick Git command, and four lines of build instructions and we were ready to go.

Continue reading “Easy Portable Serial Ports” →

Secret Serial Port For Arduino/ESP32

August 17, 2017 by Al Williams 19 Comments

If you use the Arduino IDE to program the ESP32, you might be interested in [Andreas Spiess’] latest video (see below). In it, he shows an example of using all three ESP32 UARTs from an Arduino program. He calls the third port “secret” although that’s really a misnomer. However, it does require a quick patch to the Arduino library to make it work.

Just gaining access to the additional UARTs isn’t hard. You simply use one of the additional serial port objects available. However, enabling UART 1 causes the ESP32 to crash! The reason is that by default, UART 1 uses the same pins as the ESP32 flash memory.

Luckily, the chip has a matrix switch that can put nearly any logical I/O pin on any physical I/O pin. [Andreas] shows how to modify the code, so that UART 1 maps to unused pins, which makes everything work. it is a simple change, replacing two parameters to a call that — among other things — maps the I/O pins. You could use the technique to relocate the UARTs to other places if you choose.

If you want to learn more about the ESP32, we covered a good set of tutorials for you to check out. Or if you just want a quick overview, you can start here.