Network Hacks

Bike Computer Exploration Uncovers a Hidden Android

April 29, 2019 by 26 Comments

As a happy side-effect of the smartphone revolution, the world is now awash with tiny computers that are incredibly cheap thanks to the nearly unfathomable volumes in which their components are manufactured. There wouldn’t be a $10 Raspberry Pi Zero if the billions of smartphones that were pumped out before it hadn’t dropped the cost of the individual components to literal pennies. That also means that smartphone hardware, or at least systems that are very close to it, have started to pop up in some unexpected places.

When [Joshua Wise] recently took ownership of a Wahoo ELEMNT BOLT bike computer, he wondered how it worked. With impressive list of features such as Internet connectivity, GPS mapping, and Bluetooth Low Energy support, he reasoned the pocket-sized device must have some pretty decent hardware under the hood. With some poking and prodding he found the device was powered by a MediaTek SoC and incredibly had a full-blown install of Android running in the background.

So how does one find out that their lowly bike computer is essentially a cleverly disguised smartphone? If you’re [Joshua], you listen to who it’s trying to talk do when doing a firmware update over the Internet. He used mitmproxy running between his Internet connection and a WiFi access point setup specifically for the BOLT, from there, he was able to see all of the servers it was connecting to. Seeing the device pull some data down from MediaTek’s servers was a pretty good indication of whose hardware was actually inside the thing, and when it ultimately downloaded some Android .apk files from the Wahoo website, it became pretty clear what operating system it was running underneath the customized user interface.

Further examination of the Bolt’s software brought to light a few troubling issues. It turned out that the firmware made extensive use of Apache-licensed code, for which no attribution was given. [Joshua] contacted the company and was eventually referred to the Wahoo’s CEO, Chip Hawkins. Refreshingly, Chip was not only very interested in getting the licensing issues sorted out, but even had some tips on hacking and modifying the device, including how to enable ADB.

Before the publication of this article, we reached out to Chip Hawkins (yes, he really does respond to emails) for a comment, and he told us that not only has he made sure that all of the open source packages used have now been properly attributed to their original authors, but that his team has been providing source code and information to those who request it. He says that he’s been proud to see owners of his products modifying them for their specific needs, and he’s happy to facilitate that in any way that he can.

Open source license compliance is a big deal in the hacking community, and we’ve seen how being on the wrong side of the GPL can lead to lost sales. It’s good to see Wahoo taking steps to make sure they comply with all applicable licences, but we’re even more impressed with their positive stance on customers exploring and modifying their products. If more companies took such an enlightened approach to hacking, we’d all be a lot better off.

[Thanks to Roman for the tip.]

Transcending the Stack with the Right Network Protocol

April 9, 2019 by 14 Comments

The increase in network-connected devices the past years has been something of a dual-edged sword. While on one hand it’s really nice to have an easy and straight-forward method to have devices talk with each other, this also comes with a whole host of complications, mostly related to reliability and security.

With WiFi, integrating new devices into the network is much trickier than with Ethernet or CAN, and security (e.g. WPA and TLS) isn’t optional any more, because physical access to the network fabric can no longer be restricted. Add to this reliability issues due to interference from nearby competing WiFi networks and other sources of electromagnetic noise, and things get fairly complicated already before considering which top-layer communication protocol one should use. Continue reading “Transcending the Stack with the Right Network Protocol”

Build Your Own Dial-up ISP With A Raspberry Pi

February 16, 2019 by 30 Comments

The bing-bongs, screeches, and whiirings of a diai-up modem are long forgotten now. For good reason. Dial up was slow, and if you’re one of those unlucky people reading this and waiting for the animated gif above this paragraph to load, you have our condolences. But still, nostalgia. It bit [Doge Microsystems] hard, and now there’s a dial-up ISP on [Doge]’s desk.  Why? For fun, probably, and if you’re going to retrocompute, you might as well go the whole way.

The setup for this astonishing feat of dial-up networking is an ISA modem inside a ‘lunchbox’ computer running what is probably Windows 98. The ‘homebrew POTS’ system is a SIP ATA (which is most certainly obsolete and out of stock, but this one will get you close), and a Raspberry Pi clone running Asterisk.  There’s a serial modem and a USB to serial adapter involved, and a PPP daemon running on the Pi clone answers the incoming call, negotiates authentication, and does the NAT. It’s a networking geek’s dream.

As for what good this is, anyone who asks the question is missing the point entirely. Dial up is slow, horrible, and there’s a reason we don’t use it anymore. However, and there’s always a however, if you’re developing your own serial modem hardware for some weird project, I guess this setup would come in handy. If you’d like to test out a wooden modem, this is the setup for you. Yes, it’s ancient technology no one wants anymore, but that’s how you do it if you want.

Learn About BGP With The Internet Of EvE

February 11, 2019 by 3 Comments

When we first saw [Ben Jojo’s] post about the Internet inside EvE Online, we didn’t think we’d be that interested. We don’t play EvE — a massively multiplayer game. But it turns out, the post is really about understanding BGP (Border Gateway Protocol) and how it helps route traffic in large networks. The best part? He actually simulates a network with 8,000 nodes to test out what he’s talking about.

Obviously, you wouldn’t want to fire up 8,000 Raspberry Pi computers for such an experiment. Using Buildroot, he set up a very small Linux image that had the bare minimum required to run the tests. The qemu provided virtualization, including an obscure feature that allows you to transfer data between virtual machines using UDP. The whole thing ran on some pretty beefy hardware in the cloud. Sure, you could have provisioned 8,000 cloud instances, but that would run into some serious money pretty fast, we imagine. As a wrap-up, he even uses BGP to model his local mass transit system.

Continue reading “Learn About BGP With The Internet Of EvE”

Cheap Power Over Ethernet For The ESP32

February 5, 2019 by 7 Comments

While most projects we see with the ESP32 make use of its considerable wireless capabilities, the chip can be connected to the wired network easily enough should you have the desire to do so. [Steve] liked the idea of putting his ESP32s on the wired network, but found the need for a secondary power connection burdensome. So he took it upon himself to modify some cheap Power Over Ethernet (PoE) hardware and create a single-cable solution (Google Translate).

[Steve] bought a PoE module intended for security cameras and ran a close eye over the board to figure out what kind of hardware it was using to generate the nominal 12 V output. He identified an MP2494 step-down converter, and with the datasheet in hand found how the output voltage is configured by changing the values of resistors in the circuit. Swapping out the stock 21.5 kΩ resistor for a 57.1 kΩ one changed the output of the converter to the 5 V necessary for his electronics.

But of course that was only half of the problem solved; he still had to connect the Ethernet side of the PoE device to the Waveshare LAN8720 board that’s providing Ethernet for the ESP32. So he removed the RJ45 jack from the LAN8720 completely, and wired that directly to the connector on the PoE board. Helpfully, the PoE board had all the pins labeled on the bottom side so this wasn’t nearly as tricky to figure out as you might expect (if only it was always that easy).

We’ve previously covered the Waveshare LAN8720 board for anyone who’s interested in the ins and outs of getting their ESP32 talking Ethernet. If you’re wondering how you can put PoE to work for you, our very own [Jonathan Bennett] has been showing off his home Raspberry Pi infrastructure which makes extensive use of the new PoE hat.

This Tiny Router Could be the Next Big Thing

February 1, 2019 by 22 Comments

It seems like only yesterday that the Linksys WRT54G and the various open source firmware replacements for it were the pinnacle of home router hacking. But like everything else, routers have gotten smaller and faster over the last few years. The software we run on them has also gotten more advanced, and at this point we’ve got routers that you could use as a light duty Linux desktop in a pinch.

But even with no shortage of pocket-sized Linux devices in our lives, the GL-USB150 “Microrouter” that [Mason Taylor] recently brought to our attention is hard to ignore. Inside this USB flash drive sized router is a 400 MHz Qualcomm QCA9331 SoC, 64 MB of RAM, and a healthy 16 MB of storage; all for around $20 USD. Oh, and did we mention it comes with OpenWRT pre-installed? Just plug it in, and you’ve got a tiny WiFi enabled Linux computer ready to do your bidding.

On his blog [Mason] gives a quick rundown on how to get started with the GL-USB150, and details some of the experiments he’s been doing with it as part of his security research, such as using the device as a remote source for Wireshark running on his desktop. He explains that the diminutive router works just fine when plugged into a USB battery bank, offering a very discreet way to deploy a small Linux box wherever you may need it. But when plugged into a computer, things get really interesting.

If you plug the GL-USB150 into a computer, it shows up to the operating system as a USB Ethernet adapter and can be used as the primary Internet connection. All of the traffic from the computer will then be routed through the device to whatever link to the Internet its been configured to use. Depending on how you look at it, this could be extremely useful or extremely dangerous.

For one, it means that something that looks all the world like a normal USB flash drive could be covertly plugged into a computer and become a “wiretap” through which all of the network traffic is routed. That’s the bad news. On the flip side, it also means you could configure the GL-USB150 as a secure endpoint that lets you quickly and easily funnel all the computer’s traffic through a VPN or Tor without any additional setup.

We’ve seen all manner of hacks and projects that made use of small Linux-compatible routers such as the TP-Link TL-MR3020, but we expect the GL-USB150 and devices like it will be the ones to beat going forward. Let’s just hope one of them doesn’t show up uninvited in your network closet.

Solar-Powered OpenWRT Router For Mobile Privacy

January 24, 2019 by 25 Comments

Let’s not pretend we aren’t all guilty of it: at some point we’ve all connected to a public WiFi network to check our email or log into some site or service. We know the risks, we know better. But in a weak moment we can let the convenience of that public network get the better of us. What if you had a small secure router that you could use as an encrypted VPN endpoint, allowing you to connect to those enticing public networks while keeping your traffic secure? That’s precisely what [David] had in mind when he built this pint-sized solar-powered OpenWRT router.

At the heart of this gadget is the TP-Link TL-MR3020, a tiny OpenWRT-compatible router that’s no stranger to the pages of Hackaday. Its small size and low cost have made it a natural choice for a wide array of projects, so it’s little surprise that [David] gravitated towards it. But simply getting OpenWRT installed on the MR3020 and configuring OpenVPN doesn’t exactly grant you entrance into the Hackaday Pantheon, so obviously there’s a bit more to the story.

For one, [David] didn’t like the idea of a USB flash drive hanging out of the side of his router. Since the flash drive would essentially be a permanent part of the router, as it is being used to expand the rather meager internal storage of the MR3020 he decided to wack the USB end off the flash drive and solder it directly to the router’s PCB. This gave him a much cleaner looking package, but it still wasn’t as portable as he’d like.

He decided to order a solar-charged USB power bank to become the new home of his hacked MR3020. He kept the solar panel and charge controller from the original gadget, and after some researched settled on a pair of LG-HG2 3000 mAh batteries as the power source. [David] went through a few charge and discharge cycles making sure everything worked as expected before buttoning up the case. In the future he says he might transplant the electronics into a 3D printed case, but for now he’s pretty pleased with the results.

If you’d like to try your hand at hacking these popular micro routers, you’ll need to start with an OpenWRT firmware. After you’ve got a full blown Linux distro running on this little fellow, the only limitation is your own imagination.