Camera Hack Peels Back Layers Of Embedded Linux

April 20, 2021 by Tom Nardi 18 Comments

Embedded Linux devices are everywhere these days, and sooner or later, you’re going to want to poke around in one of them. But how? That’s where posts like this one from [Felipe Astroza] come in. While his work is focused on the Foscam C1 security camera, the techniques and tools he outlines here will work on all sorts of gadgets that have a tiny penguin at their core.

Rather than trying to go in through the front door, [Felipe] starts his assault with the nuclear option: removing the SPI MX25L12835F flash chip from the camera’s PCB and dumping its contents with a Raspberry Pi. From there he walks through the use of different tools to determine the partition scheme of the chip and eventually extract passwords and other interesting bits of information from the various file systems within.

That alone would be worth the read, but things really get interesting once [Felipe] discovers the FirmwareUpgrade program. Since the Foscam’s software updates are encrypted, he reasons that reverse engineering this binary would uncover the key and allow for the creation of custom firmware images that can be flashed through the stock interface.

Further investigation with Ghidra and friends identifies an interesting shared library linked to the executable in question, which is then disassembled in an effort to figure out how the key is being obfuscated. We won’t ruin the surprise, but [Felipe] eventually gets what he’s after.

This isn’t the first time [Felipe] has played around with the firmware on these Internet connected cameras, and we dare say it won’t be his last. For those who are really into tinkering with these sort of devices, it’s not unheard of to install a socket for the flash chip to make software modifications faster and easier.

Hacking A Digital Microscope Camera For Fun And Automated PCB Inspection

March 17, 2021 by Zach Zeman 5 Comments

A desire for automated PCB inspection has led [charliex] down some deep rabbit holes. He’s written his own inspection software, he’s mounted his PCB vise on a stepper-controlled table, and now he’s hacked his digital microscope camera to allow remote and automated control.

Eakins cameras have become a relatively popular, relatively inexpensive choice for electronics hobbyists to inspect their small-scale work. The cameras have a USB port for a mouse and overlay a GUI on the HDMI output for controlling the camera’s various settings and capturing images to the SD card. Using the mouse-based GUI can feel clunky, though, so users have already endeavored to streamline the process to fit better in their workflow. [charliex] decided to take streamlining a few steps further.

One issue in microscope photography is that microscopes have an extremely tight focus plane. So, even at the minuscule scales of an SMD circuit board, the components are simply too tall. Only a sub-millimeter-thick layer can be in focus at a time. If you take just a single image, much of what you want to see will be lost in the blurry distance. Focus stacking solves this problem by taking multiple pictures with the focus set at different depths then combining their focused bits into a single sharp image.

This takes care of the focus issue, but even the most streamlined and intuitive manual controls become tedious given the multitude of pictures required. So [charliex] searched for a way to remotely control his camera, automating focus stacking and possibly even full PCB scans.

Continue reading “Hacking A Digital Microscope Camera For Fun And Automated PCB Inspection” →

Nissan Gives Up Root Shell Thanks To Hacked USB Drive

January 30, 2021 by Tom Nardi 46 Comments

For the impatient Nissan owners who may be joining us from Google, a hacker by the name of [ea] has figured out how to get a root shell on the Bosch LCN2kai head unit of their 2015 Xterra, and it looks like the process should be the same for other vehicles in the Nissan family such as the Rogue, Sentra, Altima, and Frontier. If you want to play along at home, all you have to do is write the provided image to a USB flash drive and insert it.

Now for those of us who are a more interested in how this whole process works, [ea] was kind of enough to provide a very detailed account of how the exploit was discovered. Starting with getting a spare Linux-powered head unit out of a crashed Xterra to experiment with, the write-up takes the reader through each discovery and privilege escalation that ultimately leads to the development of a non-invasive hack that doesn’t require the user to pull their whole dashboard apart to run.

The early stages of the process will look familiar to anyone who’s messed with embedded Linux hacking. The first step was to locate the board’s serial port and connect it to the computer. From there, [ea] was able to change the kernel parameters in the bootloader to spawn an interactive shell. To make things a little easier, the boot scripts were then modified so the system would start up an SSH server accessible over a USB Ethernet adapter. With full access to the system, the search for exploits could begin.

A simple script on the flash drive enables the SSH server.

After some poking, [ea] discovered the script designed to mount USB storage devices had a potential flaw in it. The script was written in such a way that the filesystem label of the device would be used to create the mount point, but there were no checks in place to prevent a directory traversal attack. By crafting a label that read ../../usr/bin/ and placing a Bash script on the drive, it’s possible to run arbitrary commands on the head unit. The provided script permanently adds SSHd to the startup process, so when the system reboots, you’ll be able to log in and explore.

So what does [ea] want to do with this new-found exploit? It looks like the goal is to eventually come up with some custom programs that extend the functionality of the in-dash Linux system. As it seems like these “infotainment” systems are now an inescapable feature of modern automobiles, we’re certainly excited to see projects that aim to keep them under the consumer’s control.

Teardown: Creality Wi-Fi Box

December 28, 2020 by Tom Nardi 57 Comments

Creality, makers of the Ender series of 3D printers, have released a product called Wi-Fi Box meant to cheaply add network control to your printer. Naturally I had to order one so we could take a peek, but this is certainly not a product review. If you’re looking to control your 3D printer over the network, get yourself a Raspberry Pi and install Gina Häußge’s phenomenal OctoPrint on it. Despite what Creality might want you to believe, their product is little more than a poor imitation of this incredible open source project.

Even if you manage to get it working with your printer, which judging by early indications is a pretty big if, it won’t give you anywhere near the same experience. At best it’ll save you a few dollars compared to going the DIY route, but at the cost of missing out on the vibrant community of plugin developers that have helped establish OctoPrint as the defacto remote 3D printing solution.

That being said, the hardware itself seems pretty interesting. For just $20 USD you get a palm-sized Linux computer with WiFi, Ethernet, a micro SD slot, and a pair of USB ports; all wrapped up in a fairly rugged enclosure. There’s no video output, but that will hardly scare off the veteran penguin wrangler. Tucked in a corner and sipping down only a few watts, one can imagine plenty of tasks this little gadget would be well suited to. Perhaps it could act as a small MQTT broker for all your smart home devices, or a low-power remote weather station. The possibilities are nearly limitless, assuming we can get into the thing anyway.

So what’s inside the Creality Wi-Fi Box, and how hard will it be to bend it to our will? Let’s take one apart and find out.

Continue reading “Teardown: Creality Wi-Fi Box” →

Hackaday Links: October 25, 2020

October 25, 2020 by Dan Maloney 3 Comments

Siglent has been making pretty big inroads into the mid-range test equipment market, with the manufacturers instruments popping up on benches all over the place. Saulius Lukse, of Kurokesu fame, found himself in possession of a Siglent SPD3303X programmable power supply, which looks like a really nice unit, at least from the hardware side. The software it came with didn’t exactly light his fire, though, so Saulius came up with a Python library to control the power supply. The library lets him control pretty much every aspect of the power supply over its Ethernet port. There are still a few functions that don’t quite work, and he’s only tested it with his specific power supply so far, but chances are pretty good that there’s at least some crossover in the command sets for other Siglent instruments. We’re keen to see others pick this up and run with it.

From the “everyone needs a hobby” department, we found this ultra-detailed miniature of an IBM 1401 mainframe system to be completely enthralling. We may have written this up at an earlier point in its development, but it now appears that the model maker, 6502b, is done with the whole set, so it bears another look. The level of detail is eye-popping — the smallest features of every piece of equipment, from the operator’s console to the line printer, is reproduced . Even the three-ring binders with system documentation are there. And don’t get us started about those tape drives, or the wee chair in period-correct Harvest Gold.

Speaking of diversions, have you ever wondered how many people are in space right now? Or how many humans have had the privilege to hitch a ride upstairs? There’s a database for that: the Astronauts Database over on Supercluster. It lists pretty much everything — human and non-human — that has been intentionally launched into space, starting with Yuri Gagarin in 1961 and up to the newest member of the club, Sergey Kud-Sverchkov, who took off got the ISS just last week from his hometown of Baikonur. Everyone and everything is there, including “some tardigrades” that crashed into the Moon. They even included this guy, which makes us wonder why they didn’t include the infamous manhole cover.

And finally, for the machinists out there, if you’ve ever wondered what chatter looks like, wonder no more. Breaking Taps has done an interesting slow-motion analysis of endmill chatter, and the results are a bit unexpected. The footage is really cool — watching the four-flute endmill peel mild steel off and fling the tiny curlicues aside is very satisfying. The value of the high-speed shots is evident when he induces chatter; the spindle, workpiece, vise, and just about everything starts oscillating, resulting in a poor-quality cut and eventually, when pushed beyond its limits, the dramatic end of the endmill’s life. Interesting stuff — reminds us a bit of Ben Krasnow’s up close and personal look at chip formation in his electron microscope.

Hackaday Podcast 069: Calculator Controversy, Socketing SOIC, Metal On The Moon, And Basking In Bench Tools

May 29, 2020 by Mike Szczys No comments

Hackaday editors Mike Szczys and Elliot Williams march to the beat of the hardware hacking drum as they recount the greatest hacks to hit the ‘net this week. First up: Casio stepped in it with a spurious DMCA takedown notice. There’s a finite matrix of resistors that form a glorious clock now on display at CERN. Will a patio paver solve your 3D printer noise problems? And if you ever build with copper clad, you can’t miss this speedrun of priceless prototyping protips.

Take a look at the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Direct download (60 MB or so.)

Continue reading “Hackaday Podcast 069: Calculator Controversy, Socketing SOIC, Metal On The Moon, And Basking In Bench Tools” →

Now Even Your Business Card Can Run Linux

December 24, 2019 by Tom Nardi 50 Comments

It takes a lot of work to get a functional PCB business card that’s thin, cheap, and robust enough to be practical. If you can even blink a few LEDs on the thing and still hand them out with a straight face, you’ve done pretty well for yourself. So you can imagine our surprise when [George Hilliard] wrote in to tell us about his $3 business card computer that boots into a functioning Linux environment. If this were a bit closer to April, we might have figured it was just a joke…

Of course it helps that, as an embedded systems engineer, [George] literally does this kind of thing for a living. Which isn’t to say it was easy, but at least he keeps close enough tabs on the industry to find a suitable ARM solution at a price that makes sense, namely the Allwinner F1C100s. This diminutive chip offers both RAM and CPU in a single package, which greatly simplifies the overall design and construction of the card.

With a root filesystem that weighs in at just 2.4 MB, the environment on the card is minimal to say the least. There’s no networking, limited I/O, and forget about running any heavy software. But it does boot in about six seconds, and [George] managed to pack in a MicroPython interpreter and a copy of the classic Unix dungeon crawler rogue.

Oh yeah, and it also has his resume and some samples of his photography onboard. It is, after all, a business card. All the user has to do is plug it into the USB port of their computer and wait for the virtual serial port to pop up that will let them log into the system running on the card. It also shows up as a USB Mass Storage device for recipients who might not be quite as adept at the command line.

In addition to the high-level documentation for this project, [George] has also prepared a deeper write-up that goes into more technical detail for anyone who might be looking to follow in his footsteps. Thanks to all of the source code that he’s made available, it should be a lot easier for the next person to get their own disposable pocket computer up and running.

We’ve seen all manner of electronic business cards over the years, but never anything quite like this. Which, of course, is quite the point. If you’re ever given a business card that doubles as a computer running a full-fledged operating system on it, you aren’t likely to forget it anytime soon.