Cisco Router Repair Revives Piece Of Internet History

These days, it would be fair to say that the Internet as we know it runs on Cisco hardware. While you might never see them at work, there’s an excellent chance that every web-bound packet leaving your computer or smartphone will spend at least a few milliseconds of its life traveling through hardware built by the San Jose, California based company. But of course, even a telecommunications giant like Cisco had to start somewhere.

Cisco’s first commercial router, the Advanced Gateway Server (AGS), was released in 1986 and helped put the company (and the Internet) on the path towards unfathomable success. [Andreas Semmelmann] had wanted to add one of these microwave-sized machines to his collection for some time, so when an AGS+ popped up in the local classifieds he didn’t hesitate to make the hour drive to go pick it up. But like many pieces of vintage computing equipment, it needed a little help getting back on its feet.

What 4 MB of flash looked like in the late 1980s.

Since he had to take the router apart anyway to diagnose what ailed it, [Andreas] decided to take photographs along the way and document this piece of Internet history. He walks the reader through the massive processor, Ethernet, and serial cards that are housed in the unit’s rack-like enclosure. We appreciate him taking the scenic route, as it gives us a great look inside what would have been state-of-the-art telecommunications gear when this version of the AGS hit the market in 1989.

The walk-through is full of interesting details that make us appreciate just how far things have come in the last 32 years. Imagine yanking the EPROMs out of the board and firing up the UV eraser each time you needed to update your router’s firmware. Or needing a special adapter to convert the AUI-15 connectors on the back panel to the now ubiquitous RJ45 jack.

After this stroll down memory lane, [Andreas] gets to the actual repair work. It likely won’t surprise the regular Hackaday reader to find that the power supply wasn’t operating to spec, and that some aged capacitors and a shorted rectifier diode needed to be replaced to put it back on an even keel. But even with the PSU repaired, the router failed to start. The console output indicated the software was crashing, but hardware diagnostics showed no obvious faults.

Replacing these failed PSU components was just the beginning.

With some part swapping, firmware flashing, and even a bit of assistance from Cisco luminary [Phillip Remaker], the issue was eventually identified as a faulty environmental monitoring (ENVM) card installed in the AGS+. As luck would have it the ENVM capability isn’t required to boot the router, so [Andreas] was able to just disconnect the card and continue on with his exploration of the hardware that helped build the Internet as we know it.

Considering its age, this piece of 1980s Cisco gear ended up being in relatively good shape. But that’s not always the case. Over the years we’ve found ourselves in awe of the incredible amount of time, effort, and skill, it takes to restore some of these classic machines. We have great respect for the dedicated individuals who are willing to take on the challenge of keeping these pieces of history up and running for future generations to marvel at.

[Thanks to Bob for the tip.]

This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree

Our first story this week comes courtesy of the Pwn2own contest. For anyone not familiar with it, this event is held twice a year, and features live demonstrations of exploits against up-to-date software. The one exception to this is when a researcher does a coordinated release with the vendor, and the update containing the fix drops just before the event. This time, the event was held virtually, and the attempts are all available on Youtube. There were 23 attacks attempted, and only two were outright failures. There were 5 partial successes and 16 full successes.

One of the interesting demonstrations was a zero-click RCE against Zoom. This was a trio of vulnerabilities chained into a single attack. The only caveat is that the attack must come from an accepted contact. Pwn2Own gives each exploit attempt twenty minutes total, and up to three attempts, each of which can last up to five minutes. Most complex exploits have an element of randomness, and exploits known to work sometimes don’t work every time. The Zoom demonstration didn’t work the first time, and the demonstration team took enough time to reset, they only had enough time for one more try.

BleedingTooth

We first covered BleedingTooth almost exactly six months ago. The details were sparse then, but enough time has gone by to get the full report. BleedingTooth is actually a trio of vulnerabilities, discovered by [Andy Nguyen]. The first is BadVibes, CVE-2020-24490. It’s a lack of a length check in the handling of incoming Bluetooth advertisement packets. This leads to a buffer overflow. The catch here is that the vulnerability is only possible over Bluetooth 5. Continue reading “This Week In Security: Pwn2own, Zoom Zero Day, Clubhouse Data, And An FBI Hacking Spree”

This Week In Security: Google Photos, Whatsapp, And Doom On Deskphones

Google Photos is handy. You take pictures and videos on your cell phone, and they automatically upload to the cloud. If you’re anything like me, however, every snap comes with a self-reminder that “the cloud” is a fancy name for someone else’s server. What could possibly go wrong? How about some of your videos randomly included in another user’s downloads?

Confirmed by Google themselves, this bug hit those using Google Takeout, the service that allows you to download all your data from a Google application, as a single archive. Google Photos archives downloaded between November 21 and November 25 may contain videos from other users, according to a notice sent to the users who downloaded said archives. It’s notable that those notices haven’t been sent to users who’s videos were exposed.
Continue reading “This Week In Security: Google Photos, Whatsapp, And Doom On Deskphones”

This Week In Security: Windows 10 Apocalypse, Paypal Problems, And Cablehaunt

Nicely timed to drop on the final day of Windows 7 support, Windows 10 received a fix to an extremely serious flaw in crypt32.dll. This flaw was reported by the good guys at the NSA. (We know it was the good guys, because they reported it rather than used it to spy on us.) It’s really bad. If you’re running Windows 10, go grab the update now. OK, you’re updated? Good, let’s talk about it now.

The flaw applies to X.509 keys that use elliptic curve cryptography. We’ve discussed ECC in the past, but let’s review. Public key encryption is based on the idea that some calculations are very easy to perform and verify, but extremely difficult to calculate the reverse operation.

The historic calculation is multiplying large primes, as it’s unreasonably difficult to factorize that result by a conventional computer. A true quantum computer with enough qubits will theoretically be able to factorize those numbers much quicker than a classical computer, so the crypto community has been searching for a replacement for years. The elliptic curve is the solution that has become the most popular. An agreed-upon curve and initial vector are all that is needed to perform the ECC calculation.

There are potential weaknesses in ECC. One such weakness is that not all curves are created equal. A well constructed curve results in good cryptography, but there are weak curves that result in breakable encryption.

With that foundation laid, the flaw itself is relatively easy to understand. An X.509 certificate can define its own curve. The Windows 10 implementation doesn’t properly check the curve that is specified. A malicious curve is specified that is similar to the expected curve — similar enough that the checks in crypt32 don’t catch it. Continue reading “This Week In Security: Windows 10 Apocalypse, Paypal Problems, And Cablehaunt”

Old Cisco WAN Card Turned FPGA Playground

Many of us think of FPGAs as some new cutting edge technology, but the fact of the matter is that they’ve been around for quite some time. They’ve just traditionally been used in hardware that’s too expensive for us lowly hackers. A case in point is the Cisco HWIC-3G-CDMA WAN card. A decade ago these would have been part of a router valued in the tens of thousands of dollars, but today they can be had for less than $10 USD on eBay. At that price, [Tom Verbeure] thought it would be worth finding out if they could be repurposed as generic FPGA experimentation devices.

So as not to keep you in suspense, the short answer is a resounding yes. In the end, all [Tom] had to do was figure out what voltages the HWIC-3G-CDMA was expecting on the edge connector, and solder a 2×5 connector onto the helpfully labeled JTAG header. Once powered up and connected to the computer, Intel’s Quartus Programmer software immediately picked up the board’s Cyclone II EP2C35F484C8 chip. The blinking LEDs seen in the video after the break serve as proof that these bargain bin gadgets are ripe for hacking.

Unfortunately, there’s a catch. After studying the rest of the components on the board, [Tom] eventually came to the conclusion that the HWIC-3G-CDMA has no means of actually storing the FPGA’s bitstream. Presumably it was provided by the router itself during startup. If you just want to keep the board tethered to your computer for experimenting, that’s not really a big deal. But if you want to use it in some kind of project, you’ll need to include a microcontroller capable of pushing the roughly 1 MB bitstream into the FPGA to kick things off.

It might not be as easy to get up and running as the 2019 Hackaday Superconference badge, but it’s certainly a lot easier to get your hands on.

Continue reading “Old Cisco WAN Card Turned FPGA Playground”

Introducing The First Cisco Certified Mixologist

You’d be hard pressed to find an IT back office that doesn’t have a few Cisco routers or switches laying around and collecting dust. We’d even bet there are a decent number of people reading this post right now that have a stack of them within arm’s reach. They’re the kind of thing most of us have no practical application for, but we still can’t bear to throw away. But it looks like [Sven Tantau] has found an ideal middle ground: rather than junk his Cisco Catalyst switches, he turned them into automatic bartenders.

Inspired by all those perfect little square openings on the front, [Sven] loaded each switch with a whopping 24 peristaltic pumps, one for each Ethernet port. To fit all his plumbing inside, the switches were naturally gutted to the point of being hollow shells of their former selves, although he does mention that their original power supplies proved useful for keeping two dozen power-hungry motors well fed.

The motors are connected to banks of relays, which in turn are thrown by an ESP32¬†and an Arduino Nano. [Sven] explains that he wasn’t sure if the ESP32 could fire off the relays with its 3 V output, so he decided to just use an Arduino which he already knew could handle the task. The two microcontrollers work in conjunction, with a web interface on the ESP32 ultimately sending I2C commands to the Arduino when it’s time to get the pumps spinning.

[Sven] mentions his robotic bartenders were a hit at the 2019 Chaos Communication Camp, where we know for a fact the computer-controlled alcohol was flowing freely. Of course, if you don’t intend on carrying your barbot around to hacker camps, you can afford to make it look a bit swankier.

Continue reading “Introducing The First Cisco Certified Mixologist”

BSD Breathes New Life Into Obsolete Equipment

An old laptop or desktop computer that’s seen better days might still have a little bit of use left in it for a dedicated task. Grabbing a lightweight flavor of Linux and running a web server, firewall, or Super Nintendo emulator might get a few more years out of it. You can also get pretty creative repurposing obsolete single purpose¬† machines, as [Kristjan] did with some old Cisco server equipment.

The computer in question isn’t something commonly found, either. It’s an intrusion detection system meant to mount in a server rack and protect the server itself from malicious activity. While [Kristjan] mentions that Cisco equipment seems to be the definition of planned obsolescence, we think that this Intel Celeron machine with an IDE hard drive may have gone around the bend quite some time ago. Regardless, it’s modern enough to put back to work in some other capacity.

To that end, a general purpose operating system was installed, and rather than use Linux he reached for BSD to get the system up and running. There’s one other catch, though, besides some cooling issues. Since the machine was meant to be used in a server, there’s no ACPI which means no software shutdown capability. Despite all the quirks, you can still use it to re-implement a network security system if you wanted to bring it full-circle.