Wireless Hacks

1047 Articles

Cheap WiFi Outlets Reflashed; Found To Use ESP8266

February 6, 2016 by 52 Comments

There’s a bunch of simple WiFi-enabled outlets on the market today, and all of these blister-pack goodies seem to have something in common – crappy software. At least from the hacker’s point of view; there always seems to be something that you want to do that the app just doesn’t support. Stuck in this position, [scootermcgoober] did the smart thing and reflashed his cheap IoT outlets.

Although [scooter]’s video is very recent, and he says he got his plugs at Home Depot, we were unable to find them listed for sale at any store near us. Walmart lists the same device for a paltry $15, though, so the price is right for repeating his experiment. The video after the break shows his teardown, which locates all the major components, including a mystery module that was revealed to be an ESP8266 upon decapping. Pins were traced, leads were tacked to his serial-to-USB adapter, and soon new firmware was flashing. [scooter]’s new app is simple, but there’s plenty of room for improvement once you’ve got the keys. All the code is up on GitHub.

WiFi outlets like this and the WeMo have proved to be fertile ground for hacking. Of course, if you’re not into the whole blister-pack thing, you could always roll your own WiFi outlet.

Continue reading “Cheap WiFi Outlets Reflashed; Found To Use ESP8266”

Learn Bluetooth Or Die Tryin

February 6, 2016 by 5 Comments

Implementing a Bluetooth Low Energy (BLE) device from scratch can be a daunting task. If you’re looking for an incredibly detailed walkthrough of developing a BLE project from essentially the ground up, you’ve now got a lot of reading to do: [Jocelyn Masserot] takes you through all the steps using the ARM-Cortex-M0-plus-BLE nRF51822 chip.

The blog does what blogs do: stacks up in reverse-chronological order. So it’s best that you roll on down to the first post at the bottom and start there. [Jocelyn] walks you through everything from setting up the ARM compiler toolchain through building up a linker script, blinking an LED, flashing the chip, and finally to advertising your device to your cell phone. It’s a lot of detail, but if you’re doing something like this yourself, you’re sure to appreciate it.

Of course, all the code is available for you to crib peruse on [Jocelyn]’s GitHub. And for yet more background reading on BLE, check out the Hackaday Dictionary.

ESP8266 Transmits Television On Channel 3

January 31, 2016 by 57 Comments

We’ve seen a lot of ESP8266 projects in the past, but this one most definitely qualifies as a hack. [Cnlohr] noticed that the ESP8266, when overclocked, could operate the I2S port at around 80MHz and still not lose DMA data. He worked out how to create bit patterns that generate RF around 60MHz. Why is that interesting? Analog TVs can receive signals around that frequency on channel 3.

As you can see in the video below, the output is monochrome only and is a little snowy. It also will lose frames on some WiFi events, but this is all forgivable when you consider this very inexpensive module isn’t meant to do video output at all.

Continue reading “ESP8266 Transmits Television On Channel 3”

Cheap WiFi Devices Are Hardware Hacker Gold

January 27, 2016 by 51 Comments

Cheap consumer WiFi devices are great for at least three reasons. First, they almost all run an embedded Linux distribution. Second, they’re cheap. If you’re going to break a couple devices in the process of breaking into the things, it’s nice to be able to do so without financial fears. And third, they’re often produced on such low margins that security is an expense that the manufacturers just can’t stomach — meaning they’re often trivially easy to get into.

Case in point: [q3k] sent in this hack of a tiny WiFi-enabled SD card reader device that he and his compatriots [emeryth] and [informatic] worked out with the help of some early work by [Benjamin Henrion]. The device in question is USB bus-powered, and sports an SD card reader and an AR9331 WiFi SOC inside. It’s intended to supply wireless SD card support to a cell phone that doesn’t have enough on-board storage.

The hack begins with [Benajmin] finding a telnet prompt on port 11880 and simply logging in as root, with the same password that’s used across all Zsun devices: zsun1188. It’s like they want to you get in. (If you speak Chinese, you’ll recognize the numbers as being a sound-alike for “want to get rich”. So we’ve got the company name and a cliché pun. This is basically the Chinese equivalent of “password1234”.) Along the way, [Benjamin] also notes that the device executes arbitrary code typed into its web interface. Configure it to use the ESSID “reboot”, for instance, and the device reboots. Oh my!

zsun_gpio_bootstrap_annotFrom here [q3k] and co. took over and ported OpenWRT to the device and documented where its serial port and GPIOs are broken out on the physical board. But that’s not all. They’ve also documented how and where to attach a wired Ethernet adapter, should you want to put this thing on a non-wireless network, or use it as a bridge, or whatever. In short, it’s a tiny WiFi router and Linux box in a package that’s about the size of a (Euro coin | US quarter) and costs less than a good dinner out. Just add USB power and you’re good to go.

Nice hack!

TP-LINK’s WiFi Defaults To Worst Unique Passwords Ever

January 27, 2016 by 82 Comments

This “security” is so outrageous we had to look for hidden cameras to make sure we’re not being pranked. We don’t want to ruin the face-palming realization for you, so before clicking past the break look closely at the image above and see if you can spot the exploit. It’s plain as day but might take a second to dawn on you.

The exploit was published on [Mark C.’s] Twitter feed after waiting a couple of weeks to hear back from TP-LINK about the discovery. They didn’t respond so he went public with the info.

Continue reading “TP-LINK’s WiFi Defaults To Worst Unique Passwords Ever”

Hacking A USB Port Onto An Old Router

January 26, 2016 by 25 Comments

Sometimes hacks don’t have to be innovative to be satisfying. We thought that [daffy]’s instructions and video (embedded below the break) for turning an old WRT54G router into an Internet radio were worth a look even if he’s following a well-traveled path and one that we’ve reported on way back when.

The hack itself is simple. [daffy] locates unused USB data lines, adds in a 5V voltage regulator to supply USB bus power, and then connects it all to a USB sound card. Hardware side, done! And while he doesn’t cover the software side of things in this first video, we know where he’s headed.

The WRT54G router was the first commodity Linux-based router to be extensively hacked, and have open-source firmware written for it. If you’re using OpenWRT or dd-wrt on any of your devices, you owe a debt to the early rootability of the WRT54G. Anyway, it’s a good bet that [daffy] is going to find software support for his USB sound card, but we remain in suspense to see just exactly how the details pan out.

Our favorite WRT54G hack is still an oldie: turning a WRT54G into the brains for a robot. But that was eight years ago now, so surely there’s something newer and shinier. What’s the coolest device that you’ve seen a WRT router hacked into?

Continue reading “Hacking A USB Port Onto An Old Router”

Truly Versatile ESP8266 WiFi Webcam Platform

January 24, 2016 by 33 Comments

[Johan Kanflo] built a sweet little ESP8266-based wireless camera. It’s a beautiful little setup, and that it’s all open and comes with working demo code is gravy on the cake! Or icing on the potatoes. Or something.

[Johan]’s setup pairs an ESP8266-12 module with an Arducam, which looks like essentially an SPI breakout board for the ubiquitous small CMOS image sensors. The board naturally has a power supply and headers for programming the ESP module as well as connectors galore. Flash in some camera code, and you’ve got a custom WiFi webcam. Pretty slick.

pogo_pin_animBut since [Johan] designed the ESP-8266 board with standard female headers connecting to the ESP, it could also be used as a general-purpose ESP dev board. [Johan] built a few daughterboards to go along with it, including a bed-of-nails ESP8266 tester (since you can never tell when you’re going to get a dud ESP unit) and WiFi-to-RFM69 radio bridge. That’s two awesome applications for a tidy little system, and a reminder to design for extensibility when you’re laying out your own projects.

We’ve previously covered [Johan]’s Skygrazer project, which tracks planes as they fly overhead and displays them on a gutted old Mac. Is it any surprise, then, that he’s also created an ADS-B-controlled moodlight? This guy is on fire!