[Dmitry] read about hacking the Transcend WiFi cards, and decided to give it a try himself. We already covered [Pablo’s] work with the Transcend card. [Dmitry] took a different enough approach to warrant a second look.
Rather than work from the web interface and user scripts down, [Dmitry] decided to start from Transcend’s GPL package and work his way up. Unfortunately, he found that the package was woefully incomplete – putting the card firmly into the “violates GPL” category. Undaunted, [Dmitry] fired off some emails to the support staff and soldiered on.
It turns out the card uses u-boot to expand the kernel and basic file system into a ramdisk. Unfortunately the size is limited to 3MB. The limit is hard-coded into u-boot, the sources of which transcend didn’t include in the GPL package.
[Dmitry] was able to create his own binary image within the 3MB limit and load it on the card. He discovered a few very interesting (and scary) things. The flash file system must be formatted FAT32, or the controller will become very upset. The 16 (or 32)GB of flash is also mounted read/write to TWO operating systems. Linux on the SD card, and whatever host system the card happens to be plugged in to. This is dangerous to say the least. Any write to the flash could cause a collision leading to lost data – or even a completely corrupt file system.
[Dmitry] spent even more time fighting with kernel builds. In the end he did emerge victorious. He was able to bring up his own kernel on the WiFi SD card’s ARMv5 controller and run anything he wanted. He tested the system by booting up with X windows forwarding through an SSH tunnel over WiFi. He was even able to get Firefox running in X, albeit very slowly. The card doesn’t even need to be in a host system – only power and ground are needed to boot and access it via WiFi.
After all this was done, [Dmitry] finally got a response back from one of Transcend’s support engineers. They are “Uninterested” in complying with GPL, and he is “free to report this to any Linux organization” Ouch! That’s one of the most cavalier GPL violations we’ve seen in a long time.
Update: It looks like Transcend has added u-boot sources to their GPL package. However, [Dmitry] states in the comments that they are still missing kernel config and some of the module sources.
Dmitry, I’d suggest publishing the email trail that ended with Transcend declaring that they would not comply with the GPL. If it’s as flagrant as you make it out to be, I suspect it’ll come back to haunt them.
In his writeup page the email address contacts for the 2 representatives he contacted are listed. I’d put them here but that might break rules. You can report them if you like. I’d do it but I’m not that savvy with the rules of the GNU.
Looks like they fixed a few things – they quietly updated their GPL zip file to include u-boot :) still missing kernel config and module sources, but an improvement still…
Thanks Dmitry! I’ve updated the post to reflect the changes. Great hack by the way!
Matthew Garrett needs to hear about this. He knows how to beat on vendors to get them to comply with the GPL.
Absolutely. Throw the scumbags at trancend under the GPL bus. The FSF will gladly sue those suits to force compliance.
If things this small are this capable, I fear what the US government has that’s even smaller and probably as featured as a raspi in power by comparison.
That said, these would make for some interesting dead drop servers if one could come up with a nice waterproof battery pack for it…use it for passing info in a localized area..even better if you find a way to add a better antenna for more wifi range.
SIM cards are actually full embedded systems. And those aren’t even government/military…
I agree with Mr. Alec here. It’s like they are stealing work from volunteers.
I don’t know why companies do that. I’d bet that if they would open up they would get lots of more sales. At least doing it this way, a lot of hackers get to have lots of fun, and the rest of us gets to use a product the way it is meant to be anyways xD
Report it to the OpenSource world, i bet something can be done =D
Awesome job here
I’d start here with a violation of the GPL – https://www.gnu.org/licenses/gpl-violation.html
There is an update on the site “UPDATE: after my emails to them and them telling me to go away, it appears they did include the u-boot source code in their GPL zip archive quietly.”
Apparently the GPL violation is that the sources of the modules are not distributed.
Weather that is a violation, depends on how you interpret “derived work”. If you take an open source image library and use it to create a file conversion tool, that is clearly a “derived work”. So some people (notably the FSF) started calling “linking” the act of creating a derived work. But that is just their interpretation of the word “derived work”.
Next comes the question of when are you really linking with a piece of open source? Are you linking with the OS when your closed source binary loads and somehow manages to call the operating system? Most people would agree: No. Similarly, what if you load a module into the kernel? Linus, and he has a thing or two to say in the Linux community, has clarified that: as long as you use the published symbols as entry points into the kernel, loading a module should be considered the same as running a binary in userspace.
So….. from the information I have, I cannot conclude that transcend violates the GPL by not providing the source to those two modules.
NVIDIA and AMD both release their shims for drivers as GPL, while drivers themselves are blobs. This has been declared OK. Direct linking with the kernel (last i heard) was not ok
Loading a module is not “direct linking with the kernel”.
There is precedent for binary-only driver modules, that I believe the kernel developer leads have said is legally OK but VERY discouraged. As in, “don’t expect us to ever make your life easy”
Examples of things that include binary-only .ko modules that have proven to be a massive pain for the opensource community but haven’t caused legal trouble for the OEM:
Samsung’s FSR flash translation layer (Galaxy S family of devices, major pain in the ass that required major work from opensource firmware authors to replace with MTD)
Samsung’s RFS filesystem driver (Galaxy S family of devices – easily replaced by ext4)
The ath6k wifi driver module on the Samsung Tab 7 Plus and Tab 7.7
Wow, when reading the article I thought about getting one of these cards to play with it too, but after reading the last sentences I’m convinced to avoid Transcend from now on.
get it anyways. It is a *REALLY* fun toy with lots of uses, and it is *CHEAP* and I did get it to run custom code in every way imaginable, and so can you
This is the same chip found in the PQI Air Card, right? I wonder if their firmware is any different. (I’m on a cellular connection right now otherwise I’d just download it and diff!)
The differences are mostly cosmetic.
Buying it anyway would be the same thing as endorsing a GPL violation, if you ask me. Companies that don’t play by the rules should be sanctioned, regardless of the functionality of the product.
Besides that – one of my ex-gf’s had a Transcend wireless adapter in her PC which I installed. The thing worked, albeit just barely. I haven’t had a good opinion of companies products since.
Any chance it’ll work with the Palm OS SDIO WiFi drivers? Combined with the Power SDHC and FAT32 drivers I could finally have *both* WiFi and lots of storage on my Tungsten E2 that I haven’t used in over 2 years…
Loved the Tungsten, but it was ‘so close yet so far’ to the smartphone revolution. I never got much use out of it other than as an MP3 player and notepad. It did have a reasonably nice screen for what it was. Lemmings looked good. :p
This is not a card that you can access wifi with from the host. It is a ARMv5 device with wifi.
no, but it will work with my PowerSDHC driver :)
I dropped my E2 last month, it is dead. I had a “spare” E2, but it’s battery is dead. The famous Internet auction site (hereafter referred to as TAS (That Auction Site)) lists replacement batteries, but those cost more than some of the E2’s up for bid. (sigh!)
Amazon lists scads of replacement batteries for Palm devices other then the variety that used hot glue to seal the unit. In fact they list scads of Palm devices to begin with……
Inside it should be like two computers connected in parallel to one SD card, if this one is same as my Flucard(which uses exact same Wi-Fi card SoC called Ka2000). It should be possible to make the host and on-board Linux communicate over SD bus with bogus command or dummy write or something, but I’ve never seen it done anywhere.
GPL violations can and should be reported. For example, email to: license-violation@gpl-violations.org . They’re definitely interested and can either take the case or at least assist in taking it forward to the relevant authorities. See http://gpl-violations.org/faq/violation-faq.html for more info.
Regarding both internal and external host mounting the FAT32 fs as R/W. If the internal host only writes to pre-existing file and without changing its size. Will it still be an issue?
but no such limitations exist
Presumably the included firmware’s written with that in mind though, so that will never happen. Or otherwise however many thousands of cards out there are gonna cause a lot of problems.
Sounds reasonable. Though it might be a good idea to also place the pre-existing file in a special directory, that won’t be used by the external host; and/or prevent the internal host from writing updates to that file’s timestamps. Otherwise when the timestamps are updated, you might get concurrency issues updating the directory.
I solved this problem by using a separate partition. It appears that everything was uncached and relatively high speed between my laptop and the card.
i see a possible cheap solution, could you put it in your car-radio that has a SD-card reader . it then creates a “dummy” sound file so you can stream music via Wifi – just a tought
that will work
Plenty of cheap TV’s out there that are not network enabled but do have USB ports for playback of media saved to thumbdrives.
If one were to put this card in place and create a suitable video file that the TV was able to play, but actually it was a wifi stream coming over.
Network enabled TV for MUCH less than many of the other solutions out there.
Pretty much any cheap device which lacks network ability but has a USB interface. LCD picture frames, cheap CCTV recorders. Big list !
Not forgetting there is also a serial port, so interfacing to actually control the device over wifi too is possible !!
A serial port eh? well then i believe it may very well be possible to do more networking related tasks with this little bugger… SLIP anyone?
I’m thinking very expensive Wifi-throwies ? Considering it only needs power and ground to boot up..
Exellent work ! I added a reference to it to the OpenWRT thread dedicated to the KA2000 cards harcking : https://forum.openwrt.org/viewtopic.php?pid=212845
Hey, anyone know what the WiFI AP password is? It shows up as WIFISDV1.6 and 12345678 is not working
Ah, I forgot to explain the update process, so unless you read the doc you’ll be lost. Place my file son card. wait 1 min. remove card. reinsert card. wait 6 min (very important). remove card. reinsert card. wait till “wifisd” network shows up. connect to it
“wifisd1.6” means card is updating – you cannot connect to it
I’m confused. If they are “uninterested” in complying with the GPL, isn’t it easier for them to not even acknowledge it than to put a woefully incomplete source package up?
Maybe they think they’ve done enough to baffle a judge into letting them off, should it ever go to court. There’s little point in sensible engineering-type people discussing the fantasy world that is suing people. And that’s the area of concern.
Not in Germany – afair GPL violations fights in germany by simply going to court, stating their case and getting said companys products BANNED from Import into EU – that works wonders for GPL compliance.
Is it possible to access the I/O pins of the card or is the CPU just connected to the memory?
Did anyone manage to boot one of these ( Trancend) cards by just applying power without having a full functionning host?
I tried all kinds of ways for just powering it ( sd card readers on usb chargers or on mintyboost, regulated power directly to the appropriate pins… ) None worked.
All I could find on this topic seems to indicate that WifiSD cards just won’t boot without a proper usb host, although the other brands seem to do.
Can anybody confirm their experience ? can those exact cards be booted with just power applied ? Does the line that mentions it in the linked article has to do with the kernel being changed? or should it work out of the box ?
This device has tons of potential uses, but most of them depend on this being possible.
I have tried tirelessly to make mine boot, even while talking to it. I’ve tried talking in SPI mode, but it ploughs over my commands, so writes get corrupted. I tried booting it using the SD command set, I seem to be able to get it to read, but still no dice. This card does NOT want to boot up. I tried emailing them, but they refused to give me any additional help.
Did you try accessing it through serial port or used any other form of debugging ( such as boot scripts writing to a logfile on the data partition ) that could indicate at which stage it hangs ?
“Ok, FWIW to make the card boot standalone, without being plugged into a host:
KA2000#setenv bootalone ‘go 208000’
KA2000#setenv bootcmd
KA2000#setenv bootcmd ‘run set_bootargs; run bootalone’
KA2000#saveenv”
How would I go about doing so from a command-line in a booted system? Also, I would prefer to find how to mimic a real system. I have tried a multitude of solutions to talking to the card, and I am finding more and more ways the card is out-of-spec. I.e. it claims it will only use 100mA, and even if you offer it more, it rejects you and says everything is fine :-p.
I don’t understand why these people who don’t want to release sources don’t simply use embedded FreeBSD… It is as easy to port to embedded targets (to arm at least) as linux and you do not need to give corporate know-how away. The feature set is comparable to linux for a device like this. The BSD codebase is slightly cleaner (imho), but that doesn’t matter much if you only need to add some modules.
It’s actually stupid, there probably is little of value in this card a competitor could use except the WiFi driver. For some reason WiFi chipset vendors absolutely don’t like the source of there drivers public.
I’m glad I read this. I’m in the market for a WiFi SD card ever since my camera got stolen out of my car with my Eye-Fi in it. I’d been looking into this card in particular, due to the community’s work in hacking it. I believe very strongly that the GPL is a good thing, and not complying with it undermines all the work countless programmers have donated to the cause, so I won’t be buying any more Transcend products.
Tell me you plan to put a phone-home (and report the MACs of nearby wifi networks) function on this thing? So in case it’s stolen again, you can track it down. :)
That actually is a nice idea. With googles location API, you can then find the location (it allows you to feed it timestamped data of seen wifis and it uses the algorithms also used in android phones to give you an approximate position). Only problem is that needs to find an open WLAN to call home.
in theory you could get around the 3 meg limit by using symbolic links or aliases.
just as you make a shortcut in windows to point to an external drive or alias on the mac or meta file on the web couldnt you make something on the firmware partition to point to the user partition where the binary could live?
or if you can back up the firmware and completely repartition the card to make the firmware partition bigger and flash the firmware back via something like a normal restore on the mac like you would do to build a boot disk for a hackintosh.
How is the wifi transfer speed of this card?
can it stream >10Mbits from the SD to remote host?
this card + cheapest loop recording keychain #808 camera = instant networked camera
Have done precisely that with a <2$ dealextreme micro sd to SD card adapter and an arduino battery pack :)
Works well.
no you didnt, arduino has no hope of intercepting SDIO data
He said Arduino battery back, not Arduino.
Hack a Day, where it’s OK to be a turd in response to someone helping you. Even when, by failing reading comprehension, you’re the one who is wrong.
Robert didn’t say he used an arduino, turd.
doesnt change the fact he didnt do it
What a crazy thing to lie about, that crazy liar!
Just sumbled upon those comments months later via google, thanks for the laughs :)
There was no arduino in the mix whatsoever, only an arduino battery shield to keep the 808 running.
The 808 used a “dashboard cam” type firmware where the video file was split at small time intervals and dumed to the card, to be then recovered via wifi from the card by final host, resulting in a not-so-real-time recording with a filelength-seconds lag.
The dashcam type firmware is necessary so you can both power the device and run recordings at the same time, which most default firmwares don’t allow.
Not a full blast neetworked camera, but enough to POC the feasability bandwitdh wise.
Glad I could help you kind sir.
Please! Please! Please! PLEASE document your project! This sounds awesome!
So what’s the wifi range? What’s the wifi speed? How much power does the wifi-sd-card (“wiCard”?) consume?
I’m interested in these, but the cheapest I can seem to find is $60 or so. Which is a little much since I just want to screw around with them. Not to sound cliche or anything, but you could get the parts to build a little 32 gig wifi server for that (although good luck making it that small ahah)
on ebay the 16gb version is 48 usd from hong kong…
not that cheap…
Can’t help but think of how similar this sounds to my problems with VIA8650 wmt android tablet i had. Ran 1.6 and was the hardest thing in the world to get to boot and root. It wouldn’t even take uberoid so I ended up digging around the uboot numbers and this story is dragging on. In the end I was very much upset at the lack of support the same as Dmitry and the uboot woes rung a bell. Kudos for persevering and interested to finish reading as I ironically recover from the second kidney stone surgery (the first of which led me to reading endless forums on the device lol). Thanks :)
You gotta be careful hacking in the transcend, you might accidentally awaken a perversion that swallows up the entire beyond. Eh? Fire upon the deep anyone?
The article spends a lot of time complaining that the module source isn’t available, but Linus Torvalds himself does not think the GPL should apply to all kernel modules. If you claim it’s GPL via MODULE_LICENSE(“gpl”) then you get access to more symbols and functions, but short of that, he does not have a problem with non-GPL modules.
Linus is not a lawyer and did not write the GPL, in fact the writer of the GPL fairly dislikes Linus. Remember Linus took credit for Linux completely disregarding the other %99 of GNU/LINUX. The GPL is a legal document that a lot of lawyers spent a lot of time locking down definitions of, it is not open for interpretation if they do not want to follow the GPL they are free to write their own. Take a watch of Revolution OS if you forget the 90’s.
The issue here isn’t with new non-GPL modules though. The issue is that Transcend haven’t released the GPL source code (as they are obliged) that other people have kindly made available to the community.
Is it possible to partition the thing, so that the first partition is FAT32 to keep the controller happy, and the second is ext? It might need some poking the FAT32’s bootsector to combine it with an MBR, but other than confusing some tools I don’t see why it can’t be done…
camera firmware wouldnt be happy
easier to just keep one fixed size file on fat partition and mount it in the loop
Cleverer yet: a few files, use losetup to bind them to devices, md-raid to concatenate them, rootfs on that. Single file is hard since files over 2GB on FAT are iffy (some OSs like them, others do not)
Welp. http://i.imgur.com/a1Oy0Ck.png
He did not say that so please do not distribute this BS.
Ok, so now just need a hack to expand http://www.lexar.com/workflow to more than four ports so that one could have a battery powered, pocket sized beowulf cluster of transcent SDHC’s!
At least that should in theory give one enough power to do something like
Leapcast ( https://github.com/dz0ny/leapcast ) perhaps?
Or alternatively, should be able to utilize the SDHC’s to make/drive
video glasses such as ( http://geeknizer.com/diy-build-google-glass/ )
with led screen(s) that have a reasonable battery life.
Maybe I’m missing what you’re getting at, but in terms of power/price the PandaBoard is well ahead of even 4 of these things, and has gobs more RAM and lots of I/O options.
Concept: Take aforementioned SDHC ‘linuxable” WiFi card, add lego block
pin hole camera, nitrol wire, and appropriate conductive ink pattern for solar
cell power to paper air plane that under the right lighting conditions can now
be steared via phone accellerator while taking in the birds eye view.
BandaBoard would require a fairly large paper airplane even before
adding in power requirements as compaired to utilizing the SDHC small
form factor
WiFi card is a lot lighter on the glass rims than a Pandaboard.
Although in all fairness, Using the wifi card attached to DIY led glass display
as a way to feed video to/from the pandaboard would likely be a better way to go.
So on that dual access to the filesystem, can’t it flag things as ‘in use’ and force exclusive access to prevent a conflict? Do they really leave it to chance?
Yes, it is possible to protect files from being accessed by two processes at the same time. I n Unix/Linux think they’re called “locks”. There are at least several types of locks available. But I don’t know if this is something the Transcend developers are using.
Any way it can work without requiring configuration files on the FAT partition? There are sensors that won’t work if “foreign” files exist on the SD card.
Great work. Finally i got this. i’ve also a little bit info about firefox on this site: http://www.ComeToHack.com/
I’ve bought a hell of a lot of Transcend products over the years and often recommended their stuff to others but such blatant and wilful GPL violation is disgusting. I won’t being giving them a single dollar more until they get their heads out of their asses and make this right.
FUCK YOU TRANSCEND.
It’s really not that bad. I am really frustrated. Transcend FINALLY LETS HACKERS PLAY WITH THEIR STUFF, unlike EVERYONE ELSE. Because we can play with it, we’ve found something that they may be under NDA not to disclose, and now, because they were nice enough to give us this access, they have to suffer? We should be thanking them and understanding. It’s not like they modified core kernel code. This is hardly different from the Nvidia propreitary drivers!!!
Why should the software developers be “thanking them and understanding” when Transcend have violated the terms under which the software was shared? If Transcend don’t want to comply with the licence, their only option is to not use the software in the first place.
What you’re saying is that Transcend should be free to disregard their obligations because they let people play around with their stuff, when such stuff wouldn’t even get to market without the hard work of the Linux and u-boot developers. But I suppose the sentiment is that those hard-working developers should appreciate the pat on the back (and slap across the face) from their corporate betters.
Transcend still sell these devices, contrary to various reports, so unless they’ve remedied their licence violation (and hopefully sent their representatives off for a refresher course on customer relations and ethics), they’re happily making money off people who don’t dare to challenge them in case the torrent of shiny toys be interrupted for even a moment.
And last time I checked, Nvidia drivers – bad and dodgy enough as they are – aren’t sitting at the bootloader level and concealing special information about how you even start the operating system successfully on your computer, so it is rather different.
I partitioned mine with gparted, using a 5GB FAT32 and a 9GB ext4. There was no “firmware partition”. I have Magic Lantern on it which works with my Canon EOS DSLR camera, and I also use it to boot my Raspberry Pi. For the Pi, I can update the 6GB FAT32 partition (swapping “native mode” kernels and such) over Wi-Fi. Sweet!
It should be possible to do a simple “store and forward” messaging system (like email in the olden days), even without hacking it. But better to customize the card firmware and set up some kind of Wi-Fi tethering for the Pi, I think…
I have my Rift head tracking and my Razer Hydra working on my RasPi, and I plan to do some kind of Wi-Fi proxy or something using this card…
I love swapping RasPi kernels over WiFi without removing the SD card from the Pi. It make kernel debugging so sweet. Of course, I need a RasPi reset switch. Cutting power to the Pi to reboot means I also need to reconnect to the SD WiFi and login again (with Dmitry’s password). ;)
Now, I just need to get a communications channel going between the SD card processor and the Pi. For now, sending message packets through a shared file is a viable (but dirty) hack…
Meh.. The FAT filesystem gets inconsistent if I write files from both sides. The SD card (via SSH) only sees the changes it made and does not see those from the Pi or from WiFi, not even after doing a sync. Likewise, the external connections do not see changes made by the SD card processor (ssh) until after the card is rebooted, and then some stuff might be missing. There must be a better way. I wonder how a camera saving photos to it does not confuse it…
“It DOES get very very upset if you repartition the card or format it with something other then FAT32 – do not do this. ” — dmitry
> I partitioned mine with gparted, using a 5GB FAT32 and a 9GB ext4
“The lesson here is do NOT write to /mnt/sd ” — dmitry
What lesson did you suffer?
Just a question, how does one set the date and time on this device. There is no ntp client available and the system resets everytime the device is turned off. Any ideas?
Just a note that there is now a 1.9 firmware (newer than what Dimitry knew about when he updated his post (and his initial work was done on the 1.6 firmware)
Is it compliant with the software licensing or not? That’s the crucial question.