It seems like only yesterday that the Linksys WRT54G and the various open source firmware replacements for it were the pinnacle of home router hacking. But like everything else, routers have gotten smaller and faster over the last few years. The software we run on them has also gotten more advanced, and at this point we’ve got routers that you could use as a light duty Linux desktop in a pinch.
But even with no shortage of pocket-sized Linux devices in our lives, the GL-USB150 “Microrouter” that [Mason Taylor] recently brought to our attention is hard to ignore. Inside this USB flash drive sized router is a 400 MHz Qualcomm QCA9331 SoC, 64 MB of RAM, and a healthy 16 MB of storage; all for around $20 USD. Oh, and did we mention it comes with OpenWRT pre-installed? Just plug it in, and you’ve got a tiny WiFi enabled Linux computer ready to do your bidding.
On his blog [Mason] gives a quick rundown on how to get started with the GL-USB150, and details some of the experiments he’s been doing with it as part of his security research, such as using the device as a remote source for Wireshark running on his desktop. He explains that the diminutive router works just fine when plugged into a USB battery bank, offering a very discreet way to deploy a small Linux box wherever you may need it. But when plugged into a computer, things get really interesting.
If you plug the GL-USB150 into a computer, it shows up to the operating system as a USB Ethernet adapter and can be used as the primary Internet connection. All of the traffic from the computer will then be routed through the device to whatever link to the Internet its been configured to use. Depending on how you look at it, this could be extremely useful or extremely dangerous.
For one, it means that something that looks all the world like a normal USB flash drive could be covertly plugged into a computer and become a “wiretap” through which all of the network traffic is routed. That’s the bad news. On the flip side, it also means you could configure the GL-USB150 as a secure endpoint that lets you quickly and easily funnel all the computer’s traffic through a VPN or Tor without any additional setup.
We’ve seen all manner of hacks and projects that made use of small Linux-compatible routers such as the TP-Link TL-MR3020, but we expect the GL-USB150 and devices like it will be the ones to beat going forward. Let’s just hope one of them doesn’t show up uninvited in your network closet.
This is definitely an interesting device from the perspective of computer security. It can be used as an alternative platform for USaBUSe-style attacks (https://hackaday.com/2016/08/17/universal-serial-abuse/), or P4wnPi (https://github.com/mame82/P4wnP1), or Samy Kamkar’s PoisonTap (https://hackaday.com/2016/11/16/poinsontap-makes-raspberry-pi-zero-exploit-locked-computers/)
The USB-Ethernet interface could easily be changed to show up as any other type of USB class gadget, including HID, Sound, camera, Mass Storage, etc.
This could be useful for things other than security, of course! For example, it could be a nice compact dongle to turn an IP camera into a UVC USB-attached camera, for all the videoconferencing apps that can only use local devices. For example, stream a Pi Zero W camera feed over WiFi to the Microuter, and present it as a UVC endpoint, either as a pair (Zero W connects directly to an AP created by the Microuter), or via a broader WiFi infrastructure. You could obviously do it cheaper with two Pi Zero W’s, of course, but this would be neater attached to the PC!
Is it a fact that the USB interface can be reprogrammed on this? If so, that would open up more uses for stuff like making it look like a USB HID device like a keyboard and a mouse. I also like your idea of making it look like a webcam to the attached computer.
The chip supports usb otg. If the usb connector is not just for power and it’s data lines are wired to the cpu it will work.
FYI, I just bought one of these to play around with. The SoC USB controller is NOT USED. The USB interface is provided by a USB to Ethernet chip (RTL8152) which is connected to an Ethernet interface on the SoC. This means you can use this for USB-based ETHERNET attacks all you want, but USB HID, USB serial, USB mass storage, etc attacks are NOT possible with this device.
Smells like a nice “meshpoint”…
Can someone suggest some uses for this?
Since there is no ethernet and only one wifi transceiver, and a very low end ARM CPU, it looks a bit limited. Maybe you could use it as a low speed repeater.
For capture why not just use a wifi card? I guess on Windows it bypasses some driver issues.
The main benefit seems to be stealth, since it looks like a harmless USB flash drive or something.
Basically, you put all your WiFi Credentials (and VPN credentials) in a single device.
Your other devices just have to connect to the same SSID no matter where you are.
So, no more typing of WiFi Passwords into 4 different devices.
And no hazzle with devices that do not support your favourite flavour of VPN.
But, if someone steals your “magic wand”, I guess he will have all your passwords….
I’d hope credentials are stored encrypted and on first connect after powerup you can type a password und unlock the device…
But I think that’s no feature of OpenWRT
Yup, I use one for traveling so I can get my ChromeCast to work on hotel networks. Unfortunately I’ve had a lot of trouble with devices disconnecting from the USB router and have stuck to one of GL.iNet’s mini-routers for most of my travels.
Ah, banana for scale, man of culture
The zsun wifi stick (AR9331-based) is also a compact/low-power router if you install OpenWRT on it. Been using this for a few years as a portable 3G wifi router with a 4×18650 pack, runs for 12-14 hours on a charge. 3G stick connected in place of the SD card reader. Works great.
Guys in the Warsaw hackerspace made an OpenWRT port and have all the hardware specs/hacks here: https://wiki.hackerspace.pl/projects:zsun-wifi-card-reader
Yeah, right? I vaguely remember writing about that somewhere:
https://hackaday.com/2016/01/27/cheap-wifi-devices-are-hardware-hacker-gold/
:)
For a single chip solution see:
https://github.com/AlessandroAU/Chorus32-ESP32LapTimer
Interesting… he even details tcp_dump and wireshark setup. It’s like a micro carnivor or whatever they call it now days. A little movement of info processing so not limited by the 64MB storage and huh… $20.
Oh… only b/g/n and looks like spec’d at 2.4GHz. No 5.8GHz device signals intercept capabilities reads like. Interesting for being COTS. Not as fun for hacking into server side crap wanting to be used locally.
A version that also supports 802.11ac would be more impressive. As it is, it’s just a more expensive and slower competitor to the Raspberry Pi Zero W.
May I suggest that the name could be shortened to “Microuter”?
I read this and thought “might be worth $20 to play around with…”. But apparently this router is no longer made, and this article has brought out the price gougers. Sold out on Amazon; $30 plus $18 shipping on NewEgg; $69 on Ebay. As @NiHaoMike said, why not just a Pi Zero.W?
Probably because the Pi Zero W can’t fit inside a friggin flash drive? Like…is this a serious question or what?
Looks like $28 on Ali with free shipping (of course):
https://www.aliexpress.com/item/MicRouter-GL-USB150-Atheros-AR9331-802-11n-150Mbps-OPENVPN-Wireless-USB-Mini-Travel-WiFi-Router-OPENWRT/32827197999.html
Nah, they are just sold out on Amazon as a direct result of this article, and of course, Chinese New Year is getting in the way of restocking. I have had confirmation from GL.Inet that they will be sending more to Amazon after New Year.
Good news! Amazon has it again for $22. I just got another one.