[jamesone111] bought a Transcend WifiSD card, presumably for photography, but it may just have been because he heard that they’re actually tiny Linux servers.
He read a post about these cards on the OpenWRT forums. They’re all a similar configuration of a relatively large amount of memory (compared to the usual embedded computer), a WiFi chip, and an ARM processor running a tiny Linux install. The card acts as a WiFi access point with a little server running on it, and waits for the user to connect to it via a website. It also has a mode where it will connect to up to three access points specified by the user, but it doesn’t actually have a way to tell the user what its IP address is; which is kind of funny.
[jamesone111] hacked around with the Transcend card for a bit. He found it pretty insecure, which as long as you’re not a naked celebrity, shouldn’t be a huge issue. For the hacker this is great as it opens up the chance of hacking the firmware for other uses.
Some have already pulled off some cool hacks with these cards. For example, [peterburk] hacked a similar card by PQI to turn his iPod into a portable file server.
[Dmitry] read about hacking the Transcend WiFi cards, and decided to give it a try himself. We already covered [Pablo’s] work with the Transcend card. [Dmitry] took a different enough approach to warrant a second look.
Rather than work from the web interface and user scripts down, [Dmitry] decided to start from Transcend’s GPL package and work his way up. Unfortunately, he found that the package was woefully incomplete – putting the card firmly into the “violates GPL” category. Undaunted, [Dmitry] fired off some emails to the support staff and soldiered on.
It turns out the card uses u-boot to expand the kernel and basic file system into a ramdisk. Unfortunately the size is limited to 3MB. The limit is hard-coded into u-boot, the sources of which transcend didn’t include in the GPL package.
[Dmitry] was able to create his own binary image within the 3MB limit and load it on the card. He discovered a few very interesting (and scary) things. The flash file system must be formatted FAT32, or the controller will become very upset. The 16 (or 32)GB of flash is also mounted read/write to TWO operating systems. Linux on the SD card, and whatever host system the card happens to be plugged in to. This is dangerous to say the least. Any write to the flash could cause a collision leading to lost data – or even a completely corrupt file system. Continue reading “Advanced Transcend WiFi SD Hacking: Custom Kernels, X, And Firefox”
[Pablo] is a recent and proud owner of a Transcend WiFi SD Card. It allows him to transfer his pictures to any WiFi-enabled device in a matter of seconds.
As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded.
His clear and detailed write-up begins with explaining how a simple trick allowed him to browse through the card’s file system, which (as he guessed correctly) is running busybox. From there he was able to see if any of the poorly written Perl scripts had security holes… and got more than he bargained for.
He first thought he had found a way to make the embedded Linux launch user provided scripts and execute commands by making a special HTTP POST request… which failed due to a small technicality. His second attempt was a success: [Pablo] found that the user set password is directly entered in a Linux shell command. Therefore, the password “admin; echo haxx > /tmp/hi.txt #” could create a hi.txt text file.
From there things got easy. He just had to make the card download another busybox to use all the commands that were originally disabled in the card’s Linux. In the end he got the card to connect a bash to his computer so he could launch every command he wanted.
As it was not enough, [Pablo] even discovered an easy way to find the current password of the card. Talk about security…
Transcend markets their DrivePro 200 camera for use as a car dashcam. We’re a bit surprised at the quality and apparent feature set for something relegated to a rather mundane task as this. But [Gadget Addict] poked around and found a nice little nugget: you can live stream the video via WiFi; the framerate, quality, and low-lag are pretty impressive. In addition to that, the next hack is just waiting for you to unlock it.
As it stands right now you turn on the camera’s built-in WiFi AP, telnet into two different ports on the device (sending it into smartphone connected mode) and you’ll be able to live stream the view to your computer using RTSP. Great, that in itself is a good hack and we’re sure that before long someone will figure out an automatic way to trigger this. [GA] also found out how to get the thing into script mode at power-on. He hasn’t actually executed any code… that’s where you come in. If you have one of these pull it out and get hacking! It’s a matter put putting files on the SD storage and rebooting. Crafting this file to enable shell access would open up an entire world of hacks, from things like time-lapse and motion sensing to special processing and filtering in real time. We think there’s huge potential so keep us up-to-date as you find new ways to pwn this hardware.
Continue reading “Transcend DrivePro 200 Hack To Stream And Script; Begs For More”
Over the last few months, a few very capable hackers have had a hand in cracking open a Transcend WiFi-enable SD card that just happens to be running a small Linux system inside. The possibilities for a wireless Linux device you can lose in your pocket are immense, but so far no one has gotten any IO enabled on this neat piece of hardware. [CNLohr] just did us all a favor with his motherboard for these Transcend WiFi SD cards, allowing the small Linux systems to communicate with I2C devices.
This build is based upon [Dmitry]’s custom kernel for the Transcend WiFiSD card. [CNLohr] did some poking around with this system and found he could use an AVR to speak to the card in its custom 4-bit protocol.
The ‘motherboard’ consists of some sort of ATMega, an AVR programming header, a power supply, and a breakout for the I2C bus. [Lohr] wired up a LED array to the I2C bus and used it to display some configuration settings for the WiFi card before connecting to the card over WiFi and issuing commands directly to the Linux system on the card. The end result was, obviously, a bunch of blinking LEDs.
While this is by far the most complex and overwrought way to blink a LED we’ve ever seen, this is a great proof of concept that makes the Transcend cards extremely interesting for a variety of hardware projects. If you want your own Transcend motherboard, [CNLohr] put all the files up for anyone who wants to etch their own board.
Linux has changed. Originally inspired by Unix, there were certain well understood but not well enforced rules that everyone understood. Programs did small things and used pipes to communicate. X Windows servers didn’t always run on your local machine. Nothing in
/usr contributed to booting up the system.
These days, we have systemd controlling everything. If you run Chrome on one display, it is locked to that display and it really wants that to be the local video card. And moving
/usr to another partition will easily prevent you from booting up, unless you take precautions. I moved
/usr and I lived to tell about it. If you ever need to do it, you’ll want to hear my story.
A lot of people are critical of systemd — including me — but really it isn’t systemd’s fault. It is the loss of these principles as we get more programmers and many of them are influenced by other systems where things work differently. I’m not just ranting, though. I recently had an experience that brought all this to mind and, along the way, I learned a few things about the modern state of the boot process. The story starts with a friend giving me an Intel Compute Stick. But the problems I had were not specific to that hardware, but rather how modern Linux distributions manage their start-up process.
Continue reading “Linux Fu: Moving /usr”
Last weekend was KiCon, a gathering of hardware developers from all over the world who use KiCad open source EDA software. This included many of the software engineers who drive development, people who use KiCad in their business, and those who simply love it for being a professional quality tool available for anyone to use.
From hardware show-and-tell, to the lineup of talks, and the social events each evening, there was so much packed into two (plus) days. Join me after the break for a whirlwind tour of the people and the hardware found at 2019 KiCon.
Continue reading “KiCad Community Shines At First Ever KiCon”