The Electronic Frontier Foundation have released an alpha of their own Open Wireless Router Firmware as part of the Open Wireless Movement. This project aims to make it easier to share your wireless network with others, while maintaining security and prioritization of traffic.
We’ve seen a lot of hacks based on alternative router firmware, such as this standalone web radio. The EFF have based their router firmware off of CeroWRT, one of the many open source firmware options out there. At this time, the firmware package only targets the Netgear WNDR3800.
Many routers out there have guest modes, but they are quite limited and often have serious vulnerabilities. If you’re interested in sharing your wireless network, this firmware will help out by letting you share a specified amount of bandwidth. It also aims to have a secure web interface, and secure auto-update using Tor.
The EFF has announced this “pre-alpha hacker release” as a call for hackers who want to join in the fun. Development is happening over on Github, where you’ll find all of the source and issues.
A surprising number of projects here are in some way influenced by the webcomic xkcd, but usually not as directly as this. Comic 350, “Network” is the tale of a very odd stickman who keeps multiple VMs running an unprotected, old version of Windows. Between the VMs, they have virtually every virus and are, effectively, a computer virus aquarium.
Now it’s a real thing, and best of all, it’s open to the Internet for normal humans to view, complete with screencaps of all seven nodes updated every 30 seconds, the ability to view all processes on each node, and anyone on the Internet can upload any file to a node. All the files uploaded to the nodes are executed, so you get to see in real-time what the effects of “1TB_of_porn_this_took_a_while_to_upload.exe” are on node 3.
The idea of a virus aquarium is cool, but this actually gets much, much more interesting when the project metas itself. Every 24 hours, a virus scanner runs on each node. As of right now, all the nodes are clean making this not a virus aquarium, but a script kiddie aquarium. On at least one node, TeamViewer is running but your guess is as good as mine as to how anyone will get that working.
The D-Link DSP-W215 Smart Plug, a wireless home automation device for monitoring and controlling electrical outlets has just been hacked. Even though it isn’t readily available from Amazon or Best Buy yet, the firmware is already up on D-Link’s web site. The very well detailed write-up explains all the steps that led to this exploit creation.
First, the firmware was unpacked to examine the file system contents. It was found that the smart plug doesn’t have a normal web-based interface as users are expected to configure it using D-Link’s Android/iOS app. The apps however, appear to use the Home Network Administration Protocol (HNAP) to talk to the smart plug running a lighthttpd server. A look at the latter’s configuration file revealed the functions that could be called without any authentication. Another revealed that the firmware could accept an unlimited amount of POST request bytes which were copied in a fix length buffer without any performed checks. We’ll let our readers head to the original article to see where the author went from this point.
We’ve talked about a variety of protocols and how to deal with them in the past. Today, [Dan] is working on sniffing vending machine Multidrop Bus. The Multidrop Bus (MDB) protocol is a standard used in vending machines to connect devices such as currency collectors to the host controller.
To connect to the bus, interface hardware is required. [Dan] worked out compliant hardware and connected it to an Arduino. With the device on the bus, [Dan] got to work on an Arduino sketch to parse the MDB data into a human-readable format. With that working, the bus can easily be sniffed over the Arduino’s serial console.
This is just the start of a more involved project. Since this protocol is used to communicate with a vending machine’s currency collector or card reader, being able to communicate it would allow him to implement his own payment methods. The plan is to augment the vending machine he operates at Vancouver Hack Space to accept Bitcoin. We’re looking forward to seeing that project unfold.
You’re likely aware of the protests and demonstrations happening throughout Venezuela over the past few months, and as it has with similar public outcries in recent memory, technology can provide unique affordances to those out on the streets. [Alfredo] sent us this tip to let us know about riotNAS: a portable storage device for photos and videos taken by protesters (translated).
The premise is straightforward: social media is an ally for protesters on the ground in these situations, but phones and cameras are easily recognized and confiscated. riotNAS serves up portable backup storage via a router running OpenWRT and Samba. [Alfredo] then connected some USB memory for external storage and a battery that gives around 4 hours of operating time.
For now he’s put the equipment inside a soft, makeup-looking bag, which keeps it inconspicuous and doesn’t affect the signal. Check out his website for future design plans—including stashing the device inside a hollowed out book—and some sample photos stored on the riotNAS system. If you’re curious what’s going on in Venezuela, hit up the Wikipedia page or visit some of the resources at the bottom of [Alfredo’s] site.
Being able to use one of your old projects to make a new one better can be quite satisfying. [Steve] from Hackshed did just this: he integrated an Arduino based webserver into a new network controllable RGB lamp.
What makes this lamp unique is that the RGB LED bar comes from an old Epson scanner. Recycling leftover parts from old projects or derelict electronics is truly the hacker way. After determining the pinout and correct voltage to run the LEDs at, the fun began. With the LED bar working correctly, the next step was to integrate an Arduino based webserver. Using an SD card to host the website and an Ethernet Arduino shield, the LEDs become network controllable. Without missing a beat, [Steve] integrated a Javascript based color picker that supports multiple web browsers. This allows the interface to look quite professional. Be sure to watch the lamp in action after the break!
The overall result is an amazing color changing lamp that works perfectly. All that is left to do is create a case for it, or integrate it into an existing lamp. This is a great way to use an LED strip that would have otherwise gone to waste. If you can’t find a scanner with a color wand like this one, you can always start with an RGB strip.
Atmel has just announced a new product line: SmartConnect. This moves beyond the point-to-point nature of WiFi Direct, and enables connections to standard access points. The SmartConnect series is designed for embedding in low cost devices that need to connect to a network.
The first devices in the SmartConnect line will be modules based on two chips: an Atmel SAMD21 Cortex-M0+ microcontroller and an Ozmo 3000 WiFi System on Chip. There’s also an on-board antenna and RF shielding can. It’s a drop in WiFi module, which is certified by the FCC. You can hook up your microcontroller to this device over SPI, and have a fully certified design that supports WiFi.
There’s two ways to use the module. The first is as an add-on, which is similar to existing modules. A host microcontroller communicates with the module over SPI and utilizes its command set. The second method uses the module as a standalone device, with application code running on the internal SAMD21 microcontroller. Atmel has said that the standalone option will only be available on a case to case basis, but we’re hoping this opens up to everyone. If the Arduino toolchain could target this microcontroller, it could be a great development platform for cheap WiFi devices.
The Add-On and Standalone Architectures
At first glance, this module looks very similar to other WiFi modules, including the CC3000 which we’ve discussed in the past. However there are some notable differences. One major feature is the built in support for TLS and HTTPS, which makes it easier to build devices with secure connections. This is critical when deploying devices that are connected over the internet.
Atmel is claiming improvements in power management as well. The module can run straight from a battery at 1.8 V to 3.3 V without external regulation, and has a deep sleep current of 5 nA. Obviously the operating power will be much higher, but this will greatly assist devices that sporadically connect to the internet. They also hinted at the pricing, saying the modules will come close to halving the current price of similar WiFi solutions. SmartConnect is targeting a launch date of June 15, so we hope to learn more this summer.
We’re always excited to see better connectivity solutions. If Atmel comes through with a device allowing for cheaper and more secure WiFi modules, it will be a great part for building Internet of Things devices. With a projected 50 billion IoT devices by 2020, we expect to see a lot of progress in this space from silicon companies trying to grab market share.
