Network Hacks

233 Articles

Getting Root On Cheap WiFi Repeaters, The Long Way Around

September 5, 2024 by 13 Comments

What can you do with a cheap Linux machine with limited flash and only a single free GPIO line? Probably not much, but sometimes, just getting root to prove you can is the main goal of a project. If that happens to lead somewhere useful, well, that’s just icing on the cake.

Like many interesting stories, this one starts on AliExpress, where [Easton] spied some low-cost WiFi repeaters, the ones that plug directly into the wall and extend your wireless network another few meters or so. Unable to resist the siren song, a few of these dongles showed up in the mailbox, ripe for the hacking. Spoiler alert: although the attempt on the first device had some success by getting a console session through the UART port and resetting the root password, [Easton] ended up bricking the repeater while trying to install an OpenWRT image.

The second attempt, this time on a different but similar device, proved more fruitful. The rudimentary web UI provided no easy path in, although it did a pretty good job enumerating the hardware [Easton] was working with. With the UART route only likely to provide temptation to brick this one too, [Easton] turned to a security advisory about a vulnerability that allows remote code execution through a specially crafted SSID. That means getting root on these dongles is as simple as a curl command — no hardware hacks needed!

As for what to do with a bunch of little plug-in Linux boxes with WiFi, we’ll leave that up to your imagination. We like [Easton]’s idea of running something like Pi-Hole on them; maybe Home Assistant would be possible, but these are pretty resource-constrained machines. Still, the lessons learned here are valuable, and at this price point, let the games begin.

DEC’s LAN Bridge 100: The Invention Of The Network Bridge

August 27, 2024 by 13 Comments

DEC’s LAN Bridge 100 was a major milestone in the history of Ethernet which made it a viable option for the ever-growing LANs of yesteryear and today. Its history is also the topic of a recent video by [The Serial Port], in which [Mark] covers the development history of this device. We previously covered the LANBridge 100 Ethernet bridge and what it meant as Ethernet saw itself forced to scale from a shared medium (ether) to a star topology featuring network bridges and switches.

Featured in the video is also an interview with [John Reed], a field service network technician who worked at DEC from 1980 to 1998. He demonstrates what the world was like with early Ethernet, with thicknet coax (10BASE5) requiring a rather enjoyable way to crimp on connectors. Even with the relatively sluggish 10 Mbit of thicknet Ethernet, adding an Ethernet store and forward bridge in between two of these networks required significant amounts of processing power due to the sheer number of packets, but the beefy Motorola 68k CPU was up to the task.

To prevent issues with loops in the network, the spanning tree algorithm was developed and implemented, forming the foundations of the modern-day Ethernet LANs, as demonstrated by the basic LAN Bridge 100 unit that [Mark] fires up and which works fine in a modern-day LAN after its start-up procedure. Even if today’s Ethernet bridges and switches got smarter and more powerful, it all started with that first LAN Bridge.

Continue reading “DEC’s LAN Bridge 100: The Invention Of The Network Bridge”

Ethernet History: Why Do We Have Different Frame Types?

August 23, 2024 by 9 Comments

Although Ethernet is generally considered to be a settled matter, its history was anything but peaceful, with its standardization process (under Project 802) leaving its traces to this very day. This is very clear when looking at the different Ethernet frame types in use today, and with many more historical types. While Ethernet II is the most common frame type, 802.2 LLC (Logical Link Control) and 802 SNAP (Subnetwork Access Protocol) are the two major remnants of this struggle that raged throughout the 1980s, even before IEEE Project 802 was created. An in-depth look at this history with all the gory details is covered in this article by [Daniel].

The originally proposed IEEE 802 layout, with the logical link control (LLC) providing an abstraction layer.
The originally proposed IEEE 802 layout, with the logical link control (LLC) providing an abstraction layer.

We covered the history of Ethernet’s original development by [Robert Metcalfe] and [David Boggs] while they worked at Xerox, leading to its commercial introduction in 1980, and eventual IEEE standardization as 802.3. As [Daniel]’s article makes clear, much of the problem was that it wasn’t just about Ethernet, but also about competing networking technologies, including Token Ring and a host of other technologies, each with its own gaggle of supporting companies backing them.

Over time this condensed into three subcommittees:

  • 802.3: CSMA/CD (Ethernet).
  • 802.4: Token bus.
  • 802.5: Token ring.

An abstraction layer (the LLC, or 802.2) would smooth over the differences for the protocols trying to use the active MAC. Obviously, the group behind the Ethernet and Ethernet II framing push (DIX) wasn’t enamored with this and pushed through Ethernet II framing via alternate means, but with LLC surviving as well, yet its technical limitations caused LLC to mutate into SNAP.  These days network engineers and administrators can still enjoy the fallout of this process, but it was far from the only threat to Ethernet.

Ethernet’s transition from a bus to a star topology was enabled by the LANBridge 100 as an early Ethernet switch, allowing it to scale beyond the limits of a shared medium. Advances in copper wiring (and fiber) have further enabled Ethernet to scale from thin- and thicknet coax to today’s range of network cable categories, taking Ethernet truly beyond the limits of token passing, CSMA/CD and kin, even if their legacy will probably always remain with us.

Portable Router Build: Finding An LTE Modem

August 19, 2024 by 8 Comments

Ever want your project equipped with a cellular interface for a data uplink? Hop in, I have been hacking on this for a fair bit! As you might remember, I’m building a router, I told you about how I picked its CPU board, and learned some lessons from me daily-driving it as a for a bit – that prototype has let me learn about the kind of extra hardware this router needs.

Here, let’s talk about LTE modems for high data throughput, finding antennas to make it all work, and give you a few tips that should generally help out.  I’d like to outline a path that increases your chances of finding a modem working for you wonderfully – the devices that we build, should be reliable.

Narrowing It Down

If you look at the LTE modem selection, you might be a little overwhelmed: Simcom, Qualcomm, uBlox, Sierra, Telit, and a good few other manufacturers package baseband chipsets into modules and adjust the chipset-maker-provided firmware. The modems will be available in many different packages, too, many of them solderable, and usually, they will be available on mPCIe cards too. If you want to get a modem for data connections for a project, I argue that you should go for mPCIe cards first, and here’s why.

Continue reading “Portable Router Build: Finding An LTE Modem”

A Really Low Level Guide To Doing Ethernet On An FPGA

August 14, 2024 by 7 Comments

With so much of our day-to-day networking done wirelessly these days, it can be easy to forget about Ethernet. But it’s a useful standard and can be a great way to add a reliable high-throughput network link to your projects. To that end, [Robert Feranec] and [Stacy Rieck] whipped up a tutorial on how to work with Ethernet on FPGAs. 

As [Robert] explains, “many people would like to transfer data from FPGA boards to somewhere else.” That basically sums up why you might be interested in doing this. The duo spend over an hour stepping through doing Ethernet at a very low level, without using pre-existing IP blocks to make it easier. The video explains the basic architecture right down to the physical pins on the device and what they do, all the way up to the logic blocks inside the device that do all the protocol work.

If you just want to get data off an embedded project, you can always pull in some existing libraries to do the job. But if you want to really understand Ethernet, this is a great place to start. There’s no better way to learn than doing it yourself. Files are on GitHub for the curious. Continue reading “A Really Low Level Guide To Doing Ethernet On An FPGA”

Portable Router Build: Picking Your CPU

August 13, 2024 by 23 Comments

I want to introduce you to a project of mine – a portable router build, and with its help, show you how you can build a purpose-built device. You might have seen portable routers for sale, but if you’ve been in the hacking spheres long enough, you might notice there are “coverage gaps”, so to speak. The Pi-hole project is a household staple that keeps being product-ized by shady Kickstarter campaigns, a “mobile hotspot” button is a staple in every self-respecting mobile and desktop OS, and “a reset device for the ISP router” is a whole genre of a hacker project. Sort the projects by “All Time” popularity on Hackaday.io, and near the very top, you will see an OpenVPN &Tor router project – it’s there for a reason, and it got into 2014 Hackaday Prize semifinals for a reason, too.

I own a bunch of devices benefitting from both an Internet connection and also point-to-point connections between them. My internet connection comes sometimes from an LTE uplink, sometimes from an Ethernet cable, and sometimes from an open WiFi network with a portal you need to click through before you can even ping anything. If I want to link my pocket devices into my home network for backups and home automation, I can put a VPN client on my laptop, but a VPN client on my phone kills its battery, and the reasonable way would be to VPN the Internet uplink – somehow, that is a feature I’m not supposed to have, and let’s not even talk about DNSSEC! Whenever I tried to use one of those portable LTE+WiFi[+Ethernet] routers and actively use it for a month or two, I’d encounter serious hardware or firmware bugs – which makes sense, they are a niche product that won’t get as much testing as phones.

Continue reading “Portable Router Build: Picking Your CPU”

Hacking Airline WiFi The Hard Way

July 10, 2024 by 28 Comments

We’ve all been there. You are on a flight, there’s WiFi, but you hate to pay the few bucks just to watch dog videos. What to do? Well, we would never suggest you engage in theft of service, but as an intellectual exercise, [Robert Heaton] had an interesting idea. Could the limited free use of the network be coopted to access the general internet? Turns out, the answer is yes.

Admittedly, it is a terrible connection. Here’s how it works. The airline lets you get to your frequent flier account. When there, you can change information such as your name. A machine on the ground can also see that change and make changes, too. That’s all it takes.

It works like a drop box. You take TCP traffic, encode it as fake information for the account and enter it. You then watch for the response via the same channel and reconstitute the TCP traffic from the remote side. Now the network is at your fingertips.

There’s more to it, but you can read about it in the post. It is slow, unreliable, and you definitely shouldn’t be doing it. But from the point of view of a clever hack, we loved it. In fact, [Robert] didn’t do it either. He proved it would work but did all the development using GitHub gist as the drop box. While we appreciate the hack, we also appreciate the ethical behavior!

Some airlines allow free messaging, which is another way to tunnel traffic. If you can connect to something, you can probably find a way to use it as a tunnel.