Hacking A Netgear Router

Have you ever wanted to watch someone reverse engineer a piece of hardware and pick up some tips? You can’t be there while [Jeremy] tears open a Netgear N300 router, but you can see his process step by step in some presentation charts, and you’ll get a few ideas for the next time you want to do something like this.

The first part of the presentation might be a little basic for most Hackaday readers, but presumably, the intended audience might not know much about soldering or multimeters. But we enjoyed the methodology used to work out the UART pins on the board. We would have read the baud rate with the scope, which [Jeremy] does, but he also mentions a script to work it out and create a minicom profile that looked interesting.

Continue reading “Hacking A Netgear Router”

Seeing The Skill Is Better Than Seeing The Project

Pulling off a flashy project that gets the viral-media hug of widespread approval feels great. Getting there is no easy path to walk and often times the craft that went into a finished project doesn’t even take the back seat but gets no mention at all. Often I find I’m more impressed by — or a least my attention is more strongly captured by — the skills put on display as prominently as the finished build.

Case-in-point this week comes from the model railroad work of [Diorama111]. Seeing an OLED screen in the nose of an HO scale locomotive just like the real-life version is impressive, but how many people missed the one-off soldering masterpiece that went into this one? You’ll marvel at the SMD techniques used with through-hole protoboard on this one.

Occasionally we do get to look over the shoulder of the master as decades of skills are shared for the purpose of passing them on. So was the case back in May when we watched as [Leo] walked through his tips and tricks for prototyping at the electronics bench. This included a lot of non-obvious but clever stuff; tips on working with copper tape for solder buses, using Teflon tubing with bare wire instead of stripping PVC-insulated wire, and a deep dive into copper clad prototyping.

So remember all of us hardware geeks when you look to tell the story of your project. We want to know how it was done at least as much as what was done. There was a time when electronic designers were a separate work group from electronic technicians (and wow, those technicians were in a league of their own). These days we all have that technician hat hanging on our workbenches and I’m always interested in packing in yet another unlearnt skill. Throw us a bone!

Hammer Seeks Nail

People sometimes say “when you have a hammer, everything looks like a nail” as if that were a bad thing. Hitting up Wikipedia, they’re calling it the Law of the Instrument or Maslow’s Hammer and calling it a cognitive bias. But I like hammers…

I’m working on a new tool, a four-axis hot-wire foam cutter based roughly on this design, but built out of stuff in my basement so far. I want it primarily to turn out wings for RC airplanes so that I can play around with airfoils and construction methods and so on. But halfway through building this new “hammer”, I’m already getting funny ideas of other projects that could be built with it. Classic nail-seeking behavior.

And some of these thoughts are making me reconsider the design of my hammer. I originally wanted to build it low, because it’s not likely that I’ll ever want to cut wing sections taller than 50 mm or so. But as soon as cutting out giant letters to decorate my son’s room, or maybe parts for a boat hull enter my mind, that means a significantly taller cutter, with ensuing complications.

So here I am suffering simultaneously from Maslow’s Hammer and scope creep, but I’m not sad about either of these “ills”. Playing with a couple manual prototypes for the CNC hot-wire cutter has expanded my design vocabulary; I’ve thought of a couple cool projects that I simply wouldn’t have had the mental map for before. Having tools expands the possible ways you can build, cognitive bias or not.

One person’s scope creep is another’s “fully realizing the potential of a project”. I’m pretty sure that I’ll build a version two of this machine anyway, so maybe it’s not a big deal if the first draft were height-limited, but the process of thinking through the height problem has actually lead me to a better design even for the short cutter. (Tension provided by an external bow instead of born by the vertical CNC towers. I’ll write the project up when I’m done. But that’s not the point.)

Maybe instead of lamenting Maslow’s cognitive bias, we should be celebrating the other side of the same coin: that nails are tremendously useful, and that the simple fact of having a hammer can lead you to fully appreciate them, and in turn expand what you’re capable of. As for scope creep? As long as I get the project done over my vacation next week, all’s well, right?

Hackaday Links: July 26, 2020

An Australian teen is in hot water after he allegedly exposed sensitive medical information concerning COVID-19 patients being treated in a local hospital. While the authorities in Western Australia were quick to paint the unidentified teen as a malicious, balaclava-wearing hacker spending his idle days cracking into secure systems, a narrative local media were all too willing to parrot, reading down past the breathless headlines reveals the truth: the teen set up an SDR to receive unencrypted POCSAG pager data from a hospital, and built a web page to display it all in real-time. We’ve covered the use of unsecured pager networks in the medical profession before; this is a well-known problem that should not exactly take any infosec pros by surprise. Apparently authorities just hoped that nobody would spend $20 on an SDR and an afternoon putting it all together rather than address the real problem, and when found out they shifted the blame onto the kid.

Speaking of RF hacking, even though the 2020 HOPE Conference is going virtual, they’ll still be holding the RF Hacking Village. It’s not clear from the schedule how exactly that will happen; perhaps like this year’s GNU Radio Conference CTF Challenge, they’ll be distributing audio files for participants to decode. If someone attends HOPE, which starts this weekend, we’d love to hear a report on how the RF Village — and the Lockpicking Village and all the other attractions — are organized. Here’s hoping it’s as cool as DEFCON Safe Mode’s cassette tape mystery.

It looks like the Raspberry Pi family is about to get a big performance boost, with Eben Upton’s announcement that the upcoming Pi Compute Module 4 will hopefully support NVMe storage. The non-volatile memory express spec will allow speedy access to storage and make the many hacks Pi users use to increase access speed unnecessary. While the Compute Modules are targeted at embedded system designers, Upton also hinted that NVMe support might make it into the mainstream Pi line with a future Pi 4A.

Campfires on the sun? It sounds strange, but that’s what solar scientists are calling the bright spots revealed on our star’s surface by the newly commissioned ESA/NASA Solar Orbiter satellite. The orbiter recently returned its first images of the sun, which are extreme closeups of the roiling surface. They didn’t expect the first images, which are normally used to calibrate instruments and make sure everything is working, to reveal something new, but the (relatively) tiny bright spots are thought to be smaller versions of the larger solar flares we observe from Earth. There are some fascinating images coming back from the orbiter, and they’re well worth checking out.

And finally, although it’s an old article and has nothing to do with hacking, we stumbled upon Tim Urban’s look at the mathematics of human relations and found it fascinating enough to share. The gist is that everyone on the planet is related, and most of us are a lot more inbred than we would like to think, thanks to the exponential growth of everyone’s tree of ancestors. For example, you have 128 great-great-great-great-great-grandparents, who were probably alive in the early 1800s. That pool doubles in size with every generation you go back, until we eventually — sometime in the 1600s — have a pool of ancestors that exceeds the population of the planet at the time. This means that somewhere along the way, someone in your family tree was hanging out with someone else from a very nearby branch of the same tree. That union, likely between first or second cousins, produced the line that led to you. This is called pedigree collapse and it results in the pool of ancestors being greatly trimmed thanks to sharing grandparents. So the next time someone tells you they’re descended from 16th-century royalty, you can just tell them, “Oh yeah? Me too!” Probably.

Hackaday Links: April 26, 2020

Gosh, what a shame: it turns out that perhaps 2 billion phones won’t be capable of COVID-19 contact-tracing using the API that Google and Apple are jointly developing. The problem is that the scheme the two tech giants have concocted, which Elliot Williams expertly dissected recently, is based on Bluetooth LE. If a phone lacks a BLE chipset, then it won’t work with apps built on the contact-tracing API, which uses the limited range of BLE signals as a proxy for the physical proximity of any two people. If a user is reported to be COVID-19 positive, all the people whose BLE beacons were received by the infected user’s phone within a defined time period can be anonymously notified of their contact. As Elliot points out, numerous questions loom around this scheme, not least of which is privacy, but for now, something like a third of phones in mature smartphone markets won’t be able to participate, and perhaps two-thirds of the phones in developing markets are not compatible. For those who don’t like the privacy-threatening aspects of this scheme, pulling an old phone out and dusting it off might not be a bad idea.

We occasionally cover stories where engineers in industrial settings use an Arduino for a quick-and-dirty automation solution. This is uniformly met with much teeth-gnashing and hair-rending in the comments asserting that Arduinos are not appropriate for industrial use. Whether true or not, such comments miss the point that the Arduino solution is usually a stop-gap or proof-of-concept deal. But now the purists and pedants can relax, because Automation Direct is offering Arduino-compatible, industrial-grade programmable controllers. Their ProductivityOpen line is compatible with the Arduino IDE while having industrial certifications and hardening against harsh conditions, with a rich line of shields available to piece together complete automation controllers. For the home-gamer, an Arduino in an enclosure that can withstand harsh conditions and only cost $49 might fill a niche.

Speaking of Arduinos and Arduino accessories, better watch out if you’ve got any modules and you come under the scrutiny of an authoritarian regime, because you could be accused of being a bomb maker. Police in Hong Kong allegedly arrested a 20-year-old student and posted a picture of parts he used to manufacture a “remote detonated bomb”. The BOM for the bomb was strangely devoid of anything with wireless capabilities or, you know, actual explosives, and instead looks pretty much like the stuff found on any of our workbenches or junk bins. Pretty scary stuff.

If you’ve run through every binge-worthy series on Netflix and are looking for a bit of space-nerd entertainment, have we got one for you. Scott Manley has a new video that goes into detail on the four different computers used for each Apollo mission. We knew about the Apollo Guidance Computers that guided the Command Module and the Lunar Module, and the Launch Vehicle Digital Computer that got the whole stack into orbit and on the way to the Moon, but we’d never heard of the Abort Guidance System, a backup to the Lunar Module AGC intended to get the astronauts back into lunar orbit in the event of an emergency. And we’d also never heard that there wasn’t a common architecture for these machines, to the point where each had its own word length. The bit about infighting between MIT and IBM was entertaining too.

And finally, if you still find yourself with time on your hands, why not try your hand at pen-testing a military satellite in orbit? That’s the offer on the table to hackers from the US Air Force, proprietor of some of the tippy-toppest secret hardware in orbit. The Hack-A-Sat Space Security Challenge is aimed at exposing weaknesses that have been inadvertantly baked into space hardware during decades of closed development and secrecy, vulnerabilities that may pose risks to billions of dollars worth of irreplaceable assets. The qualification round requires teams to hack a grounded test satellite before moving on to attacking an orbiting platform during DEFCON in August, with prizes going to the winning teams. Get paid to hack government assets and not get arrested? Maybe 2020 isn’t so bad after all.

Live Hacking And A MIDI Keytar

We can’t think of where you’d buy a new, cheap, MIDI keytar that’s just a keyboard and a handle with some pitch and mod wheels or ribbon controllers. This is a format that died in the 90s or thereabouts. Yes, the Rock Band controller exists, but my point stands. In fact, the closest you can get to a cheap, simple MIDI keytar is the Alesis Vortex Wireless 2 Keytar, but the buttons on the handle don’t make any sense. [marcan] of Wii and Kinect hacking fame took note. (YouTube, embedded below.)

Reverse engineering is a research project, and all research projects begin with looking at the docs. When it comes to consumer electronics, the best resource is the documents a company is required to submit to the FCC (shout out to FCC.io), which gave [marcan] the user manual, and photos of the guts of the keytar. The ‘system update download’ files are living on the Alesis servers, and that’s really all you need to reverse engineer a keytar.

The first step is extracting the actual device firmware from whatever software package appears on the desktop when you download the software update. This is a simple job for 7zip, and after looking at a binary dump of the firmware, [marcan] discovered this was for an STM chip. With the datasheet of the chip, [marcan] got the entry point for the firmware, some values, and the real hardware hacking began. All of this was done with IDA.

This is a five-hour hacking session of cross-referencing the MIDI spec and a microcontroller built thirty years after this spec was developed. It’s an amazing bit of work just to find the bit of code than handled the buttons on the keytar grip, and it gets even better when the patched firmware is uploaded. If you want to ‘learn hacking’, as so many submitters on our tip line want to do, this is what you need to watch. Thanks [hmn] for the tip.

Continue reading “Live Hacking And A MIDI Keytar”

All Things Enigma Hack Chat

Join us Wednesday at noon Pacific time for the All Things Enigma Hack Chat!

This week’s Hack Chat is a bit of a departure for us because our host, Simon Jansen, has tackled so many interesting projects that it’s hard to settle on one topic. Simon is a multidisciplinary hacker whose interests run the gamut from building an ammo-can Apple ][ to a literal steampunk Rickroller. How about a Bender Brewer? Or a MAME in a TARDIS? Or perhaps making an old phone play music to restore a car by? Oh, and remember that awesome ASCII animation of Star Wars: Episode IV? That was Simon.

So, a little hard to choose a topic, but we asked Simon to talk a bit about his recent Enigma watches. He has managed to put an electronic emulation of the Enigma cypher machine from World War II into both a wristwatch and, more recently, a pocket watch. They’re both gorgeous builds that required a raft of skills to complete. We’ll start there and see where the conversation takes us!

Please join us for this Hack Chat, where we’ll discuss:

  • Where the fascination with Enigma came from;
  • Tools, techniques, and shop setup;
  • Melding multiple, disparate skill sets; and
  • What sorts of new projects might we see soon?

You are, of course, encouraged to add your own questions to the discussion. You can do that by leaving a comment on the All Things Enigma Hack Chat and we’ll put that in the queue for the Hack Chat discussion.

join-hack-chatOur Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Wednesday, February 27, at noon, Pacific time. If time zones have got you down, we have a handy time zone converter.

Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io. You don’t have to wait until Wednesday; join whenever you want and you can see what the community is talking about.