D-Link Fails at Strings

Small Office and Home Office (SOHO) wireless routers have terrible security. That’s nothing new. But it is somewhat sad that manufacturers just keep repurposing the same broken firmware. Case in point: D-Link’s new DIR-890L, which looks like a turtled hexapod. [Craig] looked behind the odd case and grabbed the latest firmware for this device from D-Link’s website. Then he found a serious vulnerability.

D-Link's DIR-890 Router

The usual process was applied to the firmware image. Extract it, run binwalk to find the various contents of the firmware image, and then extract the root filesystem. This contains all the code that runs the router’s various services.

The CGI scripts are an obvious place to poke for issues. [Colin] disassembled the single executable that handles all CGI requests and started looking at the code that handles Home Network Administration Protocol (HNAP) requests. The first find was that system commands were being built using HNAP data. The data wasn’t being sanitized, so all that was needed was a way to bypass authentication.

This is where D-Link made a major error. They wanted to allow one specific URL to not require authentication. Seems simple, compare string A to string B and ensure they match. But they used the strstr function. This will return true if string A contains string B. Oops.

So authentication can be bypassed, telnetd can be started, and voila: a root shell on D-Link’s most pyramid-shaped router. Oh, and you can’t disable HNAP. May we suggest OpenWrt or dd-wrt?

Irregular Incurve robotic instrument


The Irregular Incurve is a robotic instrument built by [Xiaoyang Feng] as part of his ITP thesis work. It’s a MIDI instrument with an array of 12 strung bows mounted to a curved shower rod. The end of each bow has a tuning key. The strings are each picked using independently mounted arms. One servo controls the downward motion of the pick while the other controls the rotation of the shaft. A damper is also attached to each arm. The string vibrations are transferred to a spruce soundbox under the bridge. Below you can see a video of Gizmodo playing with it at the ITP show. Check out [Xiaoyang]’s Flickr set for images of the build process plus some early videos of the mechanism.

Continue reading “Irregular Incurve robotic instrument”