We’ve seen a lot of projects recently that take advantage of the Raspberry Pi 2’s augmented abilities. With the increased processor power and double the memory, it puts a lot more utility in the user’s hands. The latest project that takes advantage of this is the Pi-nk, which combines a Pi with a Kindle for some text-based awesomeness.
[Guillaume] has put together this detailed how-to which, unlike other builds we’ve seen in the past, uses wireless instead of USB for almost all of the connections, including the keyboard. Granted, this isn’t a new idea, but he’s presenting the way that he did it. To that end, all of the commands you’ll need to use are extremely well documented on the project page if you want to build your own. When everything is said and done, you’ll be SSHing into the Pi from the Kindle and using the popular “screen” program to get the Pi to use the Kindle as its display.
Additionally, [Guillaume] has posted some schematics for custom enclosures for the Pi-Kindle pair if you’re more ambitious. He points out that the e-ink display is great if the Pi is being run in text or command-line mode, and we’d have to agree. This is a very clean pairing of these devices and puts the strengths of both to great use!
[CNLohr] is famous for his extremely strange projects, including something that does something with Minecraft that even he can’t describe. Over the years, he’s built up a vast collection of projects that have been both incredible fails and successes. Here’s a video tour of all those projects.
For this week’s edition “Kickstarter is going insane”, you only need to look at the title of the campaign: Tesla Coils for North Korea.
Last week, a few slow scan TV signals were received from the International Space Station. Here’s the reddit thread.
The worst thing about using an Arduino in a semi-professional environment is the IDE. Here’s cuwire, a better IDE.
Wanna see something insane? How about an SSH library written in x64 assembly?
Radio Shack is in its death throes, and since you haven’t gone in the last few years, you might as well head out one last time and pick up some items on clearance. Here’s the list of store closings (PDF) and all 1,784 stores slated to be closed plotted on Google Maps.
Maybe you are an elite hax0r. But probably not. Maybe you feel like you should know more about how systems are compromised, and we’re all about that. You can’t keep the black hats out if you have no idea how they go about breaking in in the first place. That’s why war-gaming sites sprouted up in the first place. We find this one in particular to be delightfully engaging. OverTheWire’s Wargames teach you a little about security while the uninitiated also learn about simple concepts like SSH and, well… Linux!
On-the-job training is the best way to learn, and this is pretty close to it. Instead of providing an artificial avenue of learning the creators of OverTheWire have used the real thing to illustrate poor online security. You don’t “play the game” on an artificial web interface, you do it on legitimate platforms. The very first level (appropriately named Level 0) starts by figuring out how to connect to a system using Secure Shell (aka SSH). From there you’re prompted to use Linux command line tools to figure out where to go next.
Even veteran Linux/Security users should find this offering entertaining. The early stages are both quick and simple to navigate as an experienced admin while providing a welcoming learning platform for those who aren’t quite there yet. Work your way through a few different “servers” and before long your own knowledge will be tested. This isn’t a new platform, mentions of the site in Hackaday comments go back to 2010. But if you haven’t given it a try, Wargames is well worth adding to your weekend entertainment list.
If you’re looking for Home Automation appliances, you might want to check out the Wink Hub. It’s fifty bucks, and has six radios on board: WiFi, Bluetooth, Z-Wave, Zigbee, and 433MHz Lutron and Kidde. That’s an insane amount of connectivity in a very cheap package. It’s been pwnzor3d before, but dinnovative has a much better solution for getting root on this device.
Earlier methods of rooting the Wink involved passing commands via URLs – something that’s not exactly secure. The new method leverages what’s already installed on the Wink, specifically Dropbear, to generate public keys on the Wink hub and getting that key onto another computer securely. The complete exploit is just a few lines in a terminal, but once that’s done you’ll have a rooted Wink hub.
Even though the Wink hub has been rooted a few times before, we haven’t seen anything that leverages the capabilities of this hardware. There isn’t another device with a bunch of IoT radios on the market for $50, and we’re dying to see what people can come up with. If you’ve done something with your Wink, send it in on the tip line.
A few months ago, Google bought a $3.2 billion dollar thermostat in the hopes it would pave the way for smart devices in every home. The Nest thermostat itself is actually pretty cool – it’s running Linux with a reasonably capable CPU, and adds WiFi to the mix for some potentially cool applications. It can also be rooted in under a minute,
As [cj] explains, the CPU inside the Nest has a Device Firmware Update mode that’s normally used for testing inside the Nest factory. This DFU mode can also be used to modify the device without any restrictions at all.
With a simple shell script, [cj] plugs the Nest into his laptop’s USB port, puts the device into DFU mode, and uploads a two-stage booloader to enable complete control over the Linux-powered thermostat.
As a bonus, the shell script also installs an SSH server and enables a reverse SSH connection to get around most firewalls. This allows anyone to remotely control the Nest thermostat, a wonderful addition to the Nest that doesn’t rely on iPhone apps or a cloud service to remotely control your Internet enabled thermostat.
Video of the rooting process below.
Continue reading “Rooting The Nest Thermostat”
For how awesome Google Voice is, we’re surprised we haven’t seen this before. [Steve] is using Google Voice to run commands on just about any Linux box.
Google Voice doesn’t have an official API, and existing unofficial APIs weren’t up to snuff for [Steve]’s project. He ended up writing his own that checks his unread message inbox every minute and looks for new text messages beginning with the phrase, ‘Cmd’. If a series of checks pass – the text coming from a known phone number and a proper terminal command – the command runs and sends the a text back indicating success or failure.
While [Steve] probably won’t be playing nethack or Zork via SMS anytime soon, we can see this being very useful for a Raspi home automation task. Just send a text message and a properly configured Linux box can open your garage door, turn on the lights, or even start a webcam.
A pentesting dropbox is used to allow a pentester to remotely access and audit a network. The device is dropped onto a network, and then sets up a connection which allows remote access. As a final project, [Kalen] built the Rogue Pi, a pentesting dropbox based on the Raspberry Pi.
The Rogue Pi has a few features that make it helpful for pentesting. First off, it has a power on test that verifies that the installation onto the target network was successful. Since the install of a dropbox needs to be inconspicuous, this helps with getting the device setup without being detected. A LCD allows the user to see if the installation was successful without an additional computer or external display.
Once powered on, the device creates a reverse SSH tunnel, which provides remote access to the device. Using a reverse tunnel allows the device to get around the network’s firewall. Aircrack-ng has been included on the device to allow for wireless attacks, and a hidden SSID allows for wireless access if the wired network has issues. There is a long list of pentesting tools that have been built to run on the Pi.
Check out a video demonstration of the dropbox after the break.
Continue reading “Rogue Pi: A RPi Pentesting Dropbox”