Recovering From A Seagate HDD Firmware Bug

July 30, 2012 by Mike Szczys 41 Comments

Hard drive firmware is about the last place you want to find a bug. But that turned out to be the problem with [BBfoto’s] Seagate HDD which he was using in a RAID array. It stopped working completely, and he later found out the firmware has a bug that makes the drive think it’s permanently in a busy state. There’s a firmware upgrade available, but you have to apply it before the problem shows its face, otherwise you’re out of luck. Some searching led him to a hardware fix for the problem.

[Brad Garcia] put together the tutorial which illustrates the steps needed to unbrick the 7200.11 hard drive with the busy state bug. The image in the lower right shows the drive with a piece of paper between the PCB and the connectors which control the head. This is necessary to boot the drive without it hanging due to the bug. From there he issues serial commands to put it into Access Level 2, then removes the cardboard for the rest of the fix.

In the tutorial [Brad] uses a serial-TTL converter. [BBfoto] grabbed an Arduino instead, using it as a USB-ttl bridge.

A Tale Of (un)bricking A $10k Microsoft Surface Unit

June 29, 2012 by Mike Szczys 20 Comments

We’ve all had that sinking feeling as a piece of hardware stops responding and the nasty thought of “did I just brick this thing?” rockets to the front of our minds. [Florian Echtler] recently experienced this in extremis as his hacking on the University of Munich’s Microsoft Surface 2.0 left it unresponsive. He says this is an 8,000 Euro piece of hardware, which translates to around $10,000! Obviously it was his top priority to get the thing working again.

So what’s the first thing you should do if you get your hands on a piece of hardware like this? Try to run Linux on the thing, of course. And [Florian] managed to make that happen pretty easily (there’s a quick proof-of-concept video after the break). He took a Linux kernel drive written for a different purpose and altered it to interface with the MS Surface. After working out a few error message he packaged it and called to good. Some time later the department called him and asked if his Linux kernel work might have anything to do with the display being dead. Yikes.

He dug into the driver and found that a bug may have caused the firmware on the USB interface chip to be overwritten. The big problem being that they don’t just distribute the image for this chip. So he ended up having to dump what was left from the EEPROM and rebuild the header byte by byte.

Continue reading “A Tale Of (un)bricking A $10k Microsoft Surface Unit” →

Getting Root On A Sony TV

June 20, 2012 by Brian Benchoff 138 Comments

The Sony Bravia series of HDTVs are a great piece of kit; they’re nice displays that usually have enough inputs for the craziest home theatre setups. These TVs also run Linux, but until now we haven’t seen anything that capitalizes on the fact these displays are wall-mounted Linux boxen. [Sam] sent in an exploit to root any Bravia TV – hopefully the first step towards replacing our home media server.

The exploit itself is a regular buffer overflow initialized by a Python script. The script sets up a Telnet server on any Sony Bravia with a USB port, and provides complete root access. [Sam] was able to get a Debian install running off a USB drive and all the Debian programs run correctly.

If you have a Bravia you’d like to test [Sam]’s script on, you’ll need a USB network adapter for the TV and a Telnet client to explore your TV’s file system. Right now there’s not much to do with a rooted Bravia, but at least now running XMBC or other media server on a TV is possible.

If anyone would like to start porting XMBC to a Bravia TV, [Sam] says he’s more than willing to help out. We’re not aware of any HDTV modding communities on the Internet, so if you’re part of one post a link in the comments.

NAS Firmware Hack: Synology Running On QNAP Hardware

January 31, 2012 by Mike Szczys 22 Comments

[XVortex] pulled off a pretty incredible firmware hack. He managed to get a firmware upgrade for Synology running on a QNAP machine. These are both Network Attached Storage devices, but apparently the Synology firmware is better than what QNAP supplies with their offerings.

The nice thing is that this is not a one-off hack. You can download the raw image and give it a spin for yourself. A few words of warning though. It will only work on models which use the Atom and ICH9R chipset, you’re out of luck if you have one sporting an ARM processor. You will also need to format the drives once the new firmware is flashed so do this before you fill them up.

This harkens back to the days when DD-WRT was first being run on Linksys routers. We don’t remember if that started with upgrade image hacks like this one uses, or if the source code was available (Linksys was compelled to release it once it was proven they were in violation of the GPL).

See a proof video of this hack after the break.

Continue reading “NAS Firmware Hack: Synology Running On QNAP Hardware” →

Firmware Programmer For A Cheap Bluetooth Module

January 30, 2012 by Mike Szczys 49 Comments

Here’s a nifty programmer for a cheap Bluetooth module. So just how cheap is this part? Does $6.60 sound like an extreme deal?

The information on this hack is spread throughout a series of posts. The link above goes to the completed programmer (kind of a look back on the hack). But you might start with this post about module firmware options. Just because you can get the part inexpensively doesn’t mean that it’s going to work as you expected. [Byron] sourced similar devices from different suppliers and found they were not running the same firmware; the footprints were the same but he features were not. With his help you can tailor the code to your needs and reflash the device.

The programmer that he build has a nice slot for the module which interfaces with the programming lines using pogo pins (spring-loaded contacts). It connects to the CSR BC417 chip’s SPI pins in order to flash the firmware. If you’ve had any experience working with these cheap parts we’d love to hear your tale in the comment section.

[Thanks MS3FGX]

Rooting A Motorola Actv (Android Wristwatch)

December 27, 2011 by Mike Szczys 22 Comments

[Chris’] family made the mistake of giving him a hackable Christmas gift. We’d bet they didn’t see much of him for the rest of the day as he set about rooting this Android wristwatch.

This thing has some pretty powerful hardware under the hood. It’s sporting an OMAP3 processor running at 600 MHz along with 256 MB of RAM. [Chris] needed to get his hands on a firmware image in order to look for security holes. He found a way to spoof the update application in order to intercept an upgrade image from the Internet.

He dumped the firmware locations and got to work searching for a way to exploit the device. Details are a bit scarce about want exactly he did, but you can download his modified image, letting you root your own Motorola Actv using the Android Debug Bridge.

We’ve embedded a demo video after the break. The OS is pretty snappy on the tiny device. We’re not sure what will come of this functionality, but we assume [Chris] was really only interested in the challenge of rooting process itself.

Continue reading “Rooting A Motorola Actv (Android Wristwatch)” →

Researchers Claim That HP Laser Printers Can Be Hijacked To Steal Data And Catch Fire

November 30, 2011 by Mike Nathan 36 Comments

hp-laserprinter-security-holes

The news was abuzz yesterday with coverage of a study released by Columbia University researchers warning consumers that HP laser printers are wide open to remote tampering and hacking. The researchers claim that the vast majority of printers from HP’s LaserJet line accept firmware updates without checking for any sort of digital authentication, allowing malicious users to abuse the machines remotely. The researchers go so far as to claim that modified firmware can be used to overheat the printer’s fuser, causing fires, to send sensitive documents to criminals, and even force the printers to become part of a botnet.

Officials at HP were quick to counter the claims, stating that all models built in 2009 and beyond require firmware to be digitally signed. Additionally, they say that all of the brand’s laser printers are armed with a thermal cutoff switch which would mitigate the fuser attack vector before any real fire risk would present itself. Despite HP’s statements, the researchers stand by their claims, asserting that vulnerable printers are still available for purchase at major office supply stores.

While most external attacks can easily be prevented with the use of a firewall, the fact that these printers accept unsigned firmware is undoubtedly an interesting one. We are curious to see if these revelations inspire anyone to create their own homebrew LaserJet firmware with advanced capabilities (and low toner warning overrides), or if this all simply fizzles out after a few weeks.