Hacking An IoT Camera Reveals Hard-Coded Root Password

Hacking — at least the kind where you’re breaking into stuff — is very much a learn-by-doing skill. There’s simply no substitute for getting your hands dirty and just trying something. But that doesn’t mean you can’t learn something by watching, with this root password exploit on a cheap IP video camera being a good look at the basics.

By way of background on this project, [Matt Brown] had previously torn into a VStarcam CB73 security camera, a more or less generic IP camera that he picked up on the cheap, and identified a flash memory chip from which he extracted the firmware. His initial goal was to see if the camera was contacting sketchy servers, and while searching the strings for the expected unsavory items, he found hard-coded IP addresses plus confirmation that the camera was running some Linux variant.

With evidence of sloppy coding practices, [Matt] set off on a search for a hard-coded root password. The second video covers this effort, which started with finding UART pins and getting a console session. Luckily, the bootloader wasn’t locked, which allowed [Matt] to force the camera to boot into a shell session and find the root password hash. With no luck brute-forcing the hash, he turned to Ghidra to understand the structure of a suspicious program in the firmware called encoder. After a little bit of poking and some endian twiddling, he was able to identify the hard-coded root password for every camera made by this outfit, and likely others as well.

Granted, the camera manufacturer made this a lot easier than it should have been, but with a lot of IoT stuff similarly afflicted by security as an afterthought, the skills on display here are probably broadly applicable. Kudos to [Matt] for the effort and the clear, concise presentation that makes us want to dig into the junk bin and get hacking.

Continue reading “Hacking An IoT Camera Reveals Hard-Coded Root Password”

That’s It, No More European IPV4 Addresses

When did you first hear concern expressed about the prospect of explosive growth of the internet resulting in exhaustion of the stock of available IP addresses? About twenty years ago perhaps? All computers directly connected to the internet must have an individual unique address, and the IPv4 scheme used since the 1980s has a 32-bit address space that provides only 4,294,967,296 possibilities. All that growth now means that IPv4 addresses are now in short supply, and this week RIPE, the body which allocates them in Europe, has announced that it no longer has any to allocate. Instead of handing new address blocks they will instead now provide ones that have been relinquished for example by companies that have gone out of business, and parties interested can join a waiting list.

Is the Internet dead then? Hardly, because of course IPv6, the replacement for IPv4, has been with us for decades and has a much larger 128-bit address space. The problem is that there is a huge installed base of IPv4 infrastructure which has always been cited as the reason to delay its adoption, so the vast majority of the internet-connected world has remained with IPv4. Even in an IPv4 world there are opportunities to be more efficient in the use of addresses such as the network address translation or NAT that many private networks use to share one address between many hosts, so it’s not quite curtains for your smart TV or IoT light bulb even though the situation will not get any easier.

The mystery comes in why after so many years we still use IPv4 so much. Your home router and millions like it will pick up an IPv4 address from your broadband provider’s pool, and there seems little reason why it can not instead pick up an IPv6 address and contain a gateway between the two. The same goes for addresses outside the domestic arena, and even in out community we find that IPv6 networks at events are labelled as experimental. Perhaps this news will spur the change, but meanwhile we don’t expect to be using an IPv6 address day-to-day very soon.

We know among Hackaday’s readership there will be people close to the coalface when it comes to IPv6 adoption. As always the comments are open, and we’d like to hear your views.

Header: Robert.Harker [CC BY-SA 3.0].

Networking: Pin The Tail On The Headless Raspberry Pi

Eager to get deeper into robotics after dipping my toe in the water with my BB-8 droid, I purchased a Raspberry Pi 3 Model B. The first step was to connect to it. But while it has built-in 802.11n wireless, I at first didn’t have a wireless access point, though I eventually did get one. That meant I went through different ways of finding it and connecting to it with my desktop computer. Surely there are others seeking to do the same so let’s take a look at the secret incantations used to connect a Pi to a computer directly, and indirectly.

Continue reading “Networking: Pin The Tail On The Headless Raspberry Pi”

IP Tracker

An Arduino Device That Monitors Your External IP Address

[Bayres’] dad setup a webcam as a surveillance camera for a remote property. The only problem was that the only stable Internet connection they could get at this property was DSL. This meant that the external IP address of the webcam would change somewhat often; the needed a way to keep track of the external IP address whenever it changed. That’s when [Bayres] built a solution using Arduino and an Ethernet shield.

The main function of this device is to monitor the public IP address and report any changes. This is accomplished by first making a request to checkip.dyndns.org. This website simply reports your current public IP address. [Bayres] uses an Arduino library called Textfinder in order to search through the returned string and identify the IP address.

From there, the program compares this current value to the previous one. If there is any change, the program uses the Sendmail() function to reach out to an SMTP server and send an e-mail alert to [Beyres’] dad. The system also includes a small LCD. The Arduino outputs the current IP address to this display, making it easy to check up on the connection. The LCD is driven by 74HC595 shift register in order to conserve pins on the Arduino.

The system is also designed with a pretty slick setup interface. When it is booted, the user can enter a configuration menu via a Serial terminal. This setup menu allows the user to configure options such as SMTP server, email address, etc. These variables are then edited and can be committed to EEPROM as a more permanent storage solution. Whenever the system is booted, these values are read back out of the EEPROM and returned to their appropriate variables. This means you can reconfigure the device on the fly without having to edit the source code and re-upload.