Nissan Gives Up Root Shell Thanks To Hacked USB Drive

January 30, 2021 by Tom Nardi 46 Comments

For the impatient Nissan owners who may be joining us from Google, a hacker by the name of [ea] has figured out how to get a root shell on the Bosch LCN2kai head unit of their 2015 Xterra, and it looks like the process should be the same for other vehicles in the Nissan family such as the Rogue, Sentra, Altima, and Frontier. If you want to play along at home, all you have to do is write the provided image to a USB flash drive and insert it.

Now for those of us who are a more interested in how this whole process works, [ea] was kind of enough to provide a very detailed account of how the exploit was discovered. Starting with getting a spare Linux-powered head unit out of a crashed Xterra to experiment with, the write-up takes the reader through each discovery and privilege escalation that ultimately leads to the development of a non-invasive hack that doesn’t require the user to pull their whole dashboard apart to run.

The early stages of the process will look familiar to anyone who’s messed with embedded Linux hacking. The first step was to locate the board’s serial port and connect it to the computer. From there, [ea] was able to change the kernel parameters in the bootloader to spawn an interactive shell. To make things a little easier, the boot scripts were then modified so the system would start up an SSH server accessible over a USB Ethernet adapter. With full access to the system, the search for exploits could begin.

A simple script on the flash drive enables the SSH server.

After some poking, [ea] discovered the script designed to mount USB storage devices had a potential flaw in it. The script was written in such a way that the filesystem label of the device would be used to create the mount point, but there were no checks in place to prevent a directory traversal attack. By crafting a label that read ../../usr/bin/ and placing a Bash script on the drive, it’s possible to run arbitrary commands on the head unit. The provided script permanently adds SSHd to the startup process, so when the system reboots, you’ll be able to log in and explore.

So what does [ea] want to do with this new-found exploit? It looks like the goal is to eventually come up with some custom programs that extend the functionality of the in-dash Linux system. As it seems like these “infotainment” systems are now an inescapable feature of modern automobiles, we’re certainly excited to see projects that aim to keep them under the consumer’s control.

Why Blobs Are Important, And Why You Should Care

January 29, 2021 by Jenny List 53 Comments

We are extraordinarily fortunate to live at a time in which hardware with astounding capabilities can be had for only a few dollars. Systems that would once have taken an expensive pile of chips and discretes along with months of development time to assemble are now integrated onto commodity silicon. Whether it is a Linux-capable system-on-chip or a microcontroller, such peripherals as WiFi, GPUs, Bluetooth, or USB stacks now come as part of the chip, just another software library rather than a ton of extra hardware.

Beware The Blob!

An ESP-01 module — The cheapest of chips still comes with a blob.

If there is a price to be paid for this convenience, it comes in the form of the blob. A piece of pre-compiled binary software that does the hard work of talking to the hardware and which presents a unified API to the software. Whether you’re talking to the ESP32 WiFi through an Arduino library or booting a Raspberry Pi with a Linux distribution, while your code may be available or even maybe open source, the blob it relies upon to work is closed source and proprietary. This presents a challenge not only to Software Libre enthusiasts in search of a truly open source computer, but also to the rest of us because we are left reliant upon the willingness of the hardware manufacturer to update and patch their blobs.

An open-source advocate would say that the solution is easy, the manufacturers should simply make their blobs open-source. And it’s true, were all blobs open-source then the Software Libre crowd would be happy and their open-source nature would ease the generation of those updates and patches. So why don’t manufacturers release their blobs as open-source? In some cases that may well be due to a closed-source mindset of never releasing anything to the world to protect company intellectual property, but to leave it at that is not a full answer. To fully understand why that is the case it’s worth looking at how our multifunctional chips are made.

Continue reading “Why Blobs Are Important, And Why You Should Care” →

A Fresh Linux For The Most Unexpected Platform – The Nintendo 64

January 1, 2021 by Jenny List 24 Comments

Though it was famously started by Linus Torvalds as “a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones“, the Linux kernel and surrounding operating system ecosystems have been ported to numerous architectures beyond their x86 roots. It’s therefore not unusual to hear of new ports for unsupported platforms, but it is extremely unexpected to hear of one when the platform is a games console from the mid-1990s. But that’s what [Lauri Kasanen] has done, announcing a fresh Linux port for the Nintendo 64.

This isn’t a Linux from 1996 either. The port builds on an up-to-date kernel version 5.10 with his N64 branch and a tantalising possibility that it might be incorporated into the main Linux source for the MIPS-64 processor architecture. That’s right, the Nintendo 64 could be an officially supported Linux platform.

It would be stretching the story a long way to call this any kind of distro, for what he’s produced is a bootloader that loads the kernel and creates a terminal with busybox loaded. With this on your flashcart you won’t be replacing that Raspberry Pi any time soon, so why other than [Lauri]’s “because I can” would you be interested in it? He supplies the answer and it lies in the emulation scene, because having a Linux for the platform makes it so much easier to port other software to it. If this tickles your fancy you can see the source in his GitHub repository, and we’re certainly looking forward to what the community will do with it.

We are more used to seeing the N64 as a subject for case-modding, whether it be as a handheld or a an all-in-one console.

Via Phoronix, and thanks [David Beckershoff] for the tip.

Header image: Evan-Amos, Public domain.

Teardown: Creality Wi-Fi Box

December 28, 2020 by Tom Nardi 57 Comments

Creality, makers of the Ender series of 3D printers, have released a product called Wi-Fi Box meant to cheaply add network control to your printer. Naturally I had to order one so we could take a peek, but this is certainly not a product review. If you’re looking to control your 3D printer over the network, get yourself a Raspberry Pi and install Gina Häußge’s phenomenal OctoPrint on it. Despite what Creality might want you to believe, their product is little more than a poor imitation of this incredible open source project.

Even if you manage to get it working with your printer, which judging by early indications is a pretty big if, it won’t give you anywhere near the same experience. At best it’ll save you a few dollars compared to going the DIY route, but at the cost of missing out on the vibrant community of plugin developers that have helped establish OctoPrint as the defacto remote 3D printing solution.

That being said, the hardware itself seems pretty interesting. For just $20 USD you get a palm-sized Linux computer with WiFi, Ethernet, a micro SD slot, and a pair of USB ports; all wrapped up in a fairly rugged enclosure. There’s no video output, but that will hardly scare off the veteran penguin wrangler. Tucked in a corner and sipping down only a few watts, one can imagine plenty of tasks this little gadget would be well suited to. Perhaps it could act as a small MQTT broker for all your smart home devices, or a low-power remote weather station. The possibilities are nearly limitless, assuming we can get into the thing anyway.

So what’s inside the Creality Wi-Fi Box, and how hard will it be to bend it to our will? Let’s take one apart and find out.

Continue reading “Teardown: Creality Wi-Fi Box” →

How The Gates (Almost) Stole Christmas

December 24, 2020 by Al Williams 150 Comments

‘Twas the night before Christmas and all through the house

Blue screens were everywhere; no response from the mouse

Windows, it seems, had decided to die

Because it had updated; we didn’t know why

But Santa had a plan while we were all in bed

He reformatted our server and installed Linux instead

In the morning we rushed in and what did we see?

Programs were running, and most of them free!

There was Chrome and Open Office and emacs for me

Not a penny was going to Mr. Gates’ fee

Now we have no more blue screens, ever, of course

Because Santa turned us on to that sweet open source

BASH Template Promises Safer Scripts

December 17, 2020 by Al Williams 21 Comments

Many bash scripts start out as something quick and dirty but then become so useful that they live for years, indeed sometimes seeing more use than our traditional programs. Now that you can even run bash well under Windows (although, you’ve always been able to run it there if you tried), there are even more opportunities for your five-minute bash script to proliferate. [Maciej] decided he was tired of always having to patch up his quick and dirty scripts to be more robust, so he created (and shared) his boilerplate template for scripts.

Probably most of us have at least some basic template we start with, even if it just our last script project. What’s nice about [Maciej’s] template is that he documents what’s going on with each part of it. It is also relatively short without a lot of excess stuff. Of course, you’ll probably customize it, but it is a great place to start.

Continue reading “BASH Template Promises Safer Scripts” →

CentOS Is Dead, Long Live CentOS

December 9, 2020 by Jonathan Bennett 53 Comments

On Tuesday, December 8th, Red Hat and CentOS announced the end of CentOS 8. To be specific, CentOS 8 will reach end of life at the end of 2021, 8 years ahead of schedule. To really understand what that means, and how we got here, it’s worth taking a trip down memory lane, and looking at how the history of Red Hat Enterprise Linux (RHEL), CentOS, and IBM are intertwined.

Continue reading “CentOS Is Dead, Long Live CentOS” →