Finding a Shell in a Bose SoundTouch

BOSE Bose, every salesperson’s favorite stereo manufacturer, has a line of WiFi connected systems available. It’s an impressively innovative product, able to connect to Internet Radio, Pandora, music libraries stored elsewhere on the network. A really great idea, and since this connects to a bunch of web services, you just know there’s a Linux shell in there somewhere. [Michael] found it.

The SoundTouch is actually rather easy to get into. The only real work to be done is connecting to port 17000, turning remote services on, and then connecting with telnet. The username is root.

The telnet service on port 17000 is actually pretty interesting, and we’re guessing this is what the SoundTouch iOS app uses for all its wizardry. [Michael] put a listing of the ‘help’ command up on pastebin, and it looks like there are commands for toggling GPIOs, futzing around with Pandora, and references to a Bluetooth module.

Interestingly, when [Michael] first suspected there could be Linux inside this box, he contacted Bose support for any information. He figured out how to get in on his own, before Bose emailed him back saying the information is proprietary in nature.

Getting a Shell on any Android Device

USB

If you’re an Evil Customs Agent or other nefarious Three Letter Agency Person, you’re probably very interesting in getting data off people’s phones. Even if the screen is locked, there’s a way around this problem: just use the Android Debug Bridge (ADB), a handy way to get a shell on any Android device with just a USB cable. The ADB can be turned off, though, so what is the Stasi to do if they can’t access your phone over ADB? [Michael Ossmann] and [Kyle Osborn] have the answer that involves a little-known property of USB devices.

USB mini and micro plugs have five pins – power, ground, D+, D-, and an oft-overlooked ID pin. With a particular resistance between this ID pin and ground, the USB multiplexor inside your phone can allow anyone with the proper hardware to access the state of the charger, get an audio signal, mess around with the MP3s on your device, or even get a shell.

To test their theory, [Michael] and [Kyle] rigged up a simple USB plug to UART adapter (seen above) that included a specific value of resistor to enable a shell on their test phone. Amazingly, it worked and the thought of having a secure phone was never had again.

The guys went farther with some proprietary Samsung hardware that could, if they had the service manual, unlock any samsung phone made in the last 15 years. They’re working on building a device that will automagically get a shell on any phone and have built some rather interesting hardware. If you’re interested in helping them out with their project, they have a project site up with all the information to get up to speed on this very ingenious hack.

[Read more...]

Crash course in HTML manipulation from a shell script

Automating something involving data from the Internet can be confusing when it comes to pages generated by user input. For instance, let’s say you want to scrape data from a page that loads after using a search box. [Andrew Peng] posted a quick and dirty example to help you write your own scripts. The example he used checks stock on one of the websites he frequents. His process outlines finding the link that all searches are submitted to, establishing the method used to send the search string, and grabbing the resulting data. He parses it and sends off an email if it finds what he’s looking for. But this could be used for a lot of things, and it shouldn’t be a problem to make it alert you in any way you can imagine. Maybe we’ll use this to add some functionality to our rat.

Nexus one gets Linux

Considering how hackable the Nexus One is already, we can only imagine a whole new host of interesting things thanks to Ubuntu running on the device. [Max Lee] set his heart out on getting not just Ubuntu on the Nexus One, but also Debian, and he wrote a perfect install guide to help out those wanting to give it a shot.

He cheated a little bit by having Ubuntu run in the background while the X11 interface is simply VNCed, but he still did an awesome job with plenty of pictures and details to help you achieve Ubuntu on your Nexus One.

Arduino command interpreter shell

F77LQEPFYTCLILR.MEDIUM

A lot of people like fancy GUIs and nice graphics, but some of us just feel more at home in a command prompt. [nevdull] is one of those people. Instead of just using the Arduino dev tools that are available for download, he wanted the ability to shell into his Arduino, so he created AVR Shell. AVR Shell is a UNIX-like shell that allows you to “log in” to your Arduino/AVR and see what’s really going on; letting you read registers, scale the CPU speed, create/edit/delete variables, and even set up timers. The shell is even user-customizable! Those of you interested in Arduino shells might also check out bitlash, another open source CLI. Someone ought to hook this up to the Internet enabled Furby and get Flite compiled on there, letting us shell into a Furby from miles away to make it talk.

[Thanks Leesam]

Take command of your BASH prompt

color_bash_prompt

[Joshua] has put together a list of BASH prompt customizations. The command prompt is used in a command-line interface to show that the system is ready for the next command. Often times this is nothing more than a user name, host name, and working directory:

mike@krusty:~$

[Joshua's] customization examples can be used to color code the information in your prompt, change what information is displayed, and make the prompt respond differently when an invalid command is typed. A BASH prompt reference is helpful in deciphering what each of these commands do. The easiest simplification is to understand that non-printing characters (such as color codes) are surrounded in escaped square brackets. For example, line 1 is the sequence for Red, line 2 is the sequence for Dark Grey, and line 3 sets a simple prompt to display in Red and all text after that to be in Dark Grey:

\[\e[0;31m\]
\[\e[1;33m\]
PS1="\[\e[0;31m\]\u@\h:\w\$ \[\e[1;30m\]"

[Read more...]

iPhone dev team shows ssh access

They still haven’t released the jailbreak yet, but the iPhone dev team hasn’t been sitting idly by either. They recently posted this video of ssh access on the iPhone 3G. Not only have they succeeded in hacking into the phone, they say that apple can’t fix it without a hardware change. Having root level access to the device opens up many more possibilities than just hooking an API.

Follow

Get every new post delivered to your Inbox.

Join 96,312 other followers