Network Hacks

111 Articles

Curbing Internet Addiction In A Threatening Manner

July 15, 2019 by 37 Comments

Those who have children of their own might argue that the youth of today are getting far too much internet time. [Nick] decided to put an emergency stop to it and made this ingenious internet kill switch to threaten teenagers with. Rather unassuming on the outside, the big red button instantly kills all network traffic as soon as you push it down, doing its label justice. Reset the toggle button, and the connection is restored, simple as that.

In order to achieve this, [Nick] fit inside the enclosure a Raspberry Pi Zero W, along with a battery and a wireless charging circuit for portability and completely wireless operation. The button is wired into the Pi’s GPIO and triggers a command to the router via SSH over WiFi, where a script listening to the signal tells it to drop the network interfaces talking to the outside world. It’s simple, it’s clean, and you can carry it around with you as a warning for those who dare disobey you. We love it.

Another use for big red buttons we’ve seen in the past is an AC power timer, but you can do just about anything with them if you turn one into an USB device. Check this one in action after the break.

Continue reading “Curbing Internet Addiction In A Threatening Manner”

Exploring The Dell N1108T-ON Ethernet Switch

June 17, 2019 by 23 Comments

In an era where everything seems to be getting “smarter” every year, it will probably come as no surprise to find that even relatively middling networking hardware is now packing advanced features and considerable computational power. A case in point is the Dell N1108T-ON Ethernet switch. Despite only costing around $100 USD on the second hand market, [Ben Cox] discovered this particular switch was capable of a lot more than what was advertised by poking around its onboard operating system.

It all started by plugging into the serial port on the front of the switch, which [Ben] happily notes is an integrated FTDI USB serial adapter to make life easy. Booting into recovery mode gave him local shell access, and some poking around determines it’s the sort of BusyBox-powered Linux system that you’d expect on an embedded device. The biggest discoveries were that it was running a relatively recent kernel (3.8.1), and that it apparently had Python installed.

The reverse shell Python script

From there, [Ben] found out that these switches have a feature where the administrator can install and run Python “applications” by packaging them up as tarballs and copying them from a USB flash drive. So he wrote up a simple Python program that used the socket library to open up a reverse shell to his desktop computer, and to his surprise, it worked perfectly on the first try. Now with root access, the fun really started.

The next step was getting an SSH installed and running on the switch, so that he didn’t have to do the reverse shell trick every time. He then started installing the packages necessary to turn the switch into a secure VPN tunnel with Wireguard. This took a little fiddling as [Ben] didn’t have the option of installing the normal Wireguard kernel module, but he eventually got the necessary tools modified and cross-compiled to ARM. He believes this is just the start of what’s capable on devices like this, and we’re interested in seeing where the community goes from here.

We’ve seen hackers add management capability to a “dumb” unmanaged switch in the past, but software modifications like this promise to make the creation of custom, secure, networks far easier even on a hacker’s budget. A lot has certainly changed since the last time we saw somebody really dive into a professional Ethernet switch.

ESP8266 Upgrade Gives IKEA LEDs UDP Superpowers

May 27, 2019 by 39 Comments

It can be difficult to resist the impulse buy. You see something interesting, the price is right, and even though you know you should do your research first, you end up putting it in your cart anyway. That’s how [Tobias Girstmair] ended up being the not-so proud owner of a LEDBERG RGB LED strip from IKEA, and what eventually pushed him to replace wimpy original controller with an ESP8266.

So what was the problem with the original controller? If you can believe it, it was incapable of producing white light. When IKEA says an LED is multi-color, they apparently mean it’s only multi-color. A quick check of the reviews online seem to indicate that the white version is sold as a different SKU that apparently looks the same externally and has confused more than a few purchasers.

Rather than having to pick one or the other, [Tobias] decided he would replace the original controller with an ESP-03, hoping that would give him granular enough control over the LEDs to coax a suitably white light out of them. He didn’t want to completely start from scratch, so one of the first decisions he made was to reuse the existing PCB and MOSFETs. Some handy test points on the PCB allowed him to hook the digital pins of the ESP right to the red, blue, and green LED channels.

Then it was just a matter of coming up with the software. To keep things simple, [Tobias] decided to create a “dumb” controller that simply sets the LED color and intensity according to commands it receives over a simplified UDP protocol. Anything beyond that, such as randomized colors or special effects, is done with scripts that run on his computer and fire off the appropriate UDP commands. This also means he can manually control his newly upgraded LEDBERG strips from basically anything that can generate UDP packets, such as an application on his Android phone.

It might not be the most robust implementation we’ve ever seen, but all things considered, it looks as though this modification could be a pretty good way to get some cheap network controlled RGB lighting in your life.

Bike Computer Exploration Uncovers A Hidden Android

April 29, 2019 by 26 Comments

As a happy side-effect of the smartphone revolution, the world is now awash with tiny computers that are incredibly cheap thanks to the nearly unfathomable volumes in which their components are manufactured. There wouldn’t be a $10 Raspberry Pi Zero if the billions of smartphones that were pumped out before it hadn’t dropped the cost of the individual components to literal pennies. That also means that smartphone hardware, or at least systems that are very close to it, have started to pop up in some unexpected places.

When [Joshua Wise] recently took ownership of a Wahoo ELEMNT BOLT bike computer, he wondered how it worked. With impressive list of features such as Internet connectivity, GPS mapping, and Bluetooth Low Energy support, he reasoned the pocket-sized device must have some pretty decent hardware under the hood. With some poking and prodding he found the device was powered by a MediaTek SoC and incredibly had a full-blown install of Android running in the background.

So how does one find out that their lowly bike computer is essentially a cleverly disguised smartphone? If you’re [Joshua], you listen to who it’s trying to talk do when doing a firmware update over the Internet. He used mitmproxy running between his Internet connection and a WiFi access point setup specifically for the BOLT, from there, he was able to see all of the servers it was connecting to. Seeing the device pull some data down from MediaTek’s servers was a pretty good indication of whose hardware was actually inside the thing, and when it ultimately downloaded some Android .apk files from the Wahoo website, it became pretty clear what operating system it was running underneath the customized user interface.

Further examination of the Bolt’s software brought to light a few troubling issues. It turned out that the firmware made extensive use of Apache-licensed code, for which no attribution was given. [Joshua] contacted the company and was eventually referred to the Wahoo’s CEO, Chip Hawkins. Refreshingly, Chip was not only very interested in getting the licensing issues sorted out, but even had some tips on hacking and modifying the device, including how to enable ADB.

Before the publication of this article, we reached out to Chip Hawkins (yes, he really does respond to emails) for a comment, and he told us that not only has he made sure that all of the open source packages used have now been properly attributed to their original authors, but that his team has been providing source code and information to those who request it. He says that he’s been proud to see owners of his products modifying them for their specific needs, and he’s happy to facilitate that in any way that he can.

Open source license compliance is a big deal in the hacking community, and we’ve seen how being on the wrong side of the GPL can lead to lost sales. It’s good to see Wahoo taking steps to make sure they comply with all applicable licences, but we’re even more impressed with their positive stance on customers exploring and modifying their products. If more companies took such an enlightened approach to hacking, we’d all be a lot better off.

[Thanks to Roman for the tip.]

Transcending The Stack With The Right Network Protocol

April 9, 2019 by 14 Comments

The increase in network-connected devices the past years has been something of a dual-edged sword. While on one hand it’s really nice to have an easy and straight-forward method to have devices talk with each other, this also comes with a whole host of complications, mostly related to reliability and security.

With WiFi, integrating new devices into the network is much trickier than with Ethernet or CAN, and security (e.g. WPA and TLS) isn’t optional any more, because physical access to the network fabric can no longer be restricted. Add to this reliability issues due to interference from nearby competing WiFi networks and other sources of electromagnetic noise, and things get fairly complicated already before considering which top-layer communication protocol one should use. Continue reading “Transcending The Stack With The Right Network Protocol”

Build Your Own Dial-up ISP With A Raspberry Pi

February 16, 2019 by 30 Comments

The bing-bongs, screeches, and whiirings of a diai-up modem are long forgotten now. For good reason. Dial up was slow, and if you’re one of those unlucky people reading this and waiting for the animated gif above this paragraph to load, you have our condolences. But still, nostalgia. It bit [Doge Microsystems] hard, and now there’s a dial-up ISP on [Doge]’s desk.  Why? For fun, probably, and if you’re going to retrocompute, you might as well go the whole way.

The setup for this astonishing feat of dial-up networking is an ISA modem inside a ‘lunchbox’ computer running what is probably Windows 98. The ‘homebrew POTS’ system is a SIP ATA (which is most certainly obsolete and out of stock, but this one will get you close), and a Raspberry Pi clone running Asterisk.  There’s a serial modem and a USB to serial adapter involved, and a PPP daemon running on the Pi clone answers the incoming call, negotiates authentication, and does the NAT. It’s a networking geek’s dream.

As for what good this is, anyone who asks the question is missing the point entirely. Dial up is slow, horrible, and there’s a reason we don’t use it anymore. However, and there’s always a however, if you’re developing your own serial modem hardware for some weird project, I guess this setup would come in handy. If you’d like to test out a wooden modem, this is the setup for you. Yes, it’s ancient technology no one wants anymore, but that’s how you do it if you want.

Learn About BGP With The Internet Of EvE

February 11, 2019 by 3 Comments

When we first saw [Ben Jojo’s] post about the Internet inside EvE Online, we didn’t think we’d be that interested. We don’t play EvE — a massively multiplayer game. But it turns out, the post is really about understanding BGP (Border Gateway Protocol) and how it helps route traffic in large networks. The best part? He actually simulates a network with 8,000 nodes to test out what he’s talking about.

Obviously, you wouldn’t want to fire up 8,000 Raspberry Pi computers for such an experiment. Using Buildroot, he set up a very small Linux image that had the bare minimum required to run the tests. The qemu provided virtualization, including an obscure feature that allows you to transfer data between virtual machines using UDP. The whole thing ran on some pretty beefy hardware in the cloud. Sure, you could have provisioned 8,000 cloud instances, but that would run into some serious money pretty fast, we imagine. As a wrap-up, he even uses BGP to model his local mass transit system.

Continue reading “Learn About BGP With The Internet Of EvE”