With everything else going on this summer, you might be forgiven for not keeping abreast of new proposed regulatory frameworks, but if you’re interested in software-defined radio (SDR) or even reflashing your WiFi router, you should. Right now, there’s a proposal to essentially prevent you from flashing your own firmware/software to any product with a radio in it before the European Commission. This obviously matters to Europeans, but because manufacturers often build hardware to the strictest global requirements, it may impact everyone. What counts as radio equipment? Everything from WiFi routers to wearables, SDR dongles to shortwave radios.
The idea is to prevent rogue reconfigurable radios from talking over each other, and prevent consumers from bricking their routers and radios. Before SDR was the norm, and firmware was king, it was easy for regulators to test some hardware and make sure that it’s compliant, but now that anyone can re-flash firmware, how can they be sure that a radio is conformant? Prevent the user from running their own firmware, naturally. It’s pretty hard for Hackaday to get behind that approach.
The impact assessment sounds more like advertising copy for the proposed ruling than an honest assessment, but you should give it a read because it lets you know where the commission is coming from. Reassuring is that they mention open-source software development explicitly as a good to be preserved, but their “likely social impacts” include “increased security and safety” and they conclude that there are no negative environmental impacts. What do you do when the manufacturer no longer wants to support the device? I have plenty of gear that’s no longer supported by firmware updates that is both more secure and simply not in the landfill because of open-source firmware.
Similarly, “the increased capacity of the EU to autonomously secure its products is also likely to help the citizens to better protect their information-related rights” is from a bizarro world where you can trust Xiaomi’s home-automation firmware to not phone home, but can’t trust an open-source replacement.
Public comment is still open, and isn’t limited to European citizens. As mentioned above, it might affect you even if you’re not in the EU, so feel free to make your voice heard. You have until September, and you’ll be in some great company if you register your complaints. Indeed, reading through the public comments is quite heartening: Universities, researchers, and hackers alike have brought up reasons to steer clear of the proposed approach. We hope that the commission hears us.
This article is part of the Hackaday.com newsletter, delivered every seven days for each of the last 200+ weeks. It also includes our favorite articles from the last seven days that you can see on the web version of the newsletter.
Want this type of article to hit your inbox every Friday morning? You should sign up!
We’re not sure how many of you out there own a boat large enough to get its own integrated computer network, but it doesn’t really matter. Even if you can’t use this project personally, it’s impossible not to be impressed with the work [mgrouch] has put into the “Bareboat Necessities” project. From the construction of the hardware to the phenomenal documentation, there’s plenty that even landlubbers can learn from this project.
In its fully realized form, the onboard computer system includes several components that work together to provide a wealth of valuable information to the operator.
What [mgrouch] calls the “Boat Computer” contains a Raspberry Pi 4, a dAISy AIS receiver, an RTL-SDR, a GPS receiver, serial adapters, and the myriad of wires required to get them all talking to each other inside a weatherproof enclosure. As you might expect, this involves running all the connections through watertight panel mounts.
Combined with a suite of open source software tools, the “Boat Computer” is capable of interfacing with NMEA sensors and hardware, receive weather information directly from NOAA satellites, track ships, and of course plot your current position on a digital chart. The computer itself is designed to stay safely below deck, while the operator interacts with it through an Argonaut M7 waterproofed HDMI touch screen located in the cockpit.
For some people, that might be enough. But for those who want to do big, [mgrouch] further details the “Boat Gateway” device. This unit contains an LTE-equipped WiFi router running OpenWrt and all the external antennas required to turn the boat into a floating hotspot. Of course it also has RJ45 jacks to connect up to the other components of the onboard system, and it even includes an M5Stack Core with LAN module so it can display a select subset of sensor readings and navigational data.
The TP-Link TL-WR841N isn’t a particularly impressive piece of hardware, but since it works decently well and sells for under $20 USD, it’s one of the most popular consumer routers on Amazon. Now, thanks to [TrendyTofu] of the Zero Day Initiative, we now have a concise step-by-step guide on how to hack your way into the newer versions of the hardware and take full control over this bargain WiFi device. This work was initially done to help test out reported vulnerabilities in the router’s firmware, but we’re sure the readers of Hackaday can come up with all sorts of potential uses for this information.
The story starts, as so many before it have, with a serial port. Finding the UART pads on the PCB and wiring up a level shifter was no problem, but [TrendyTofu] found it was only working one-way. Some troubleshooting and an oscilloscope later, the culprit was found to be a 1kΩ pull down resistor connected to the RX line that was keeping the voltage from peaking high enough to be recognized.
Once two-way communication was established, proper poking around inside the router’s Linux operating system could begin. It wasn’t a huge surprise to find the kernel was ancient (version 2.6.36, from 2010) and that the system utilities had been stripped to the absolute bare minimum to save space. Replacing the firmware entirely would of course be ideal, but unfortunately OpenWRT has dropped support for the newer hardware revisions of the TL-WR841N.
To teach this barebones build of Linux some new tricks, [TrendyTofu] used the mount command to find a partition on the system that actually had write-access, and used that to stash a pre-compiled build of BusyBox for MIPS. With a more complete set of tools, the real fun could begin: using GDB to debug TP-Link’s binaries and look for chinks in the armor. But feel free to insert your own brand of mayhem here.
It seems like only yesterday that the Linksys WRT54G and the various open source firmware replacements for it were the pinnacle of home router hacking. But like everything else, routers have gotten smaller and faster over the last few years. The software we run on them has also gotten more advanced, and at this point we’ve got routers that you could use as a light duty Linux desktop in a pinch.
But even with no shortage of pocket-sized Linux devices in our lives, the GL-USB150 “Microrouter” that [Mason Taylor] recently brought to our attention is hard to ignore. Inside this USB flash drive sized router is a 400 MHz Qualcomm QCA9331 SoC, 64 MB of RAM, and a healthy 16 MB of storage; all for around $20 USD. Oh, and did we mention it comes with OpenWRT pre-installed? Just plug it in, and you’ve got a tiny WiFi enabled Linux computer ready to do your bidding.
On his blog [Mason] gives a quick rundown on how to get started with the GL-USB150, and details some of the experiments he’s been doing with it as part of his security research, such as using the device as a remote source for Wireshark running on his desktop. He explains that the diminutive router works just fine when plugged into a USB battery bank, offering a very discreet way to deploy a small Linux box wherever you may need it. But when plugged into a computer, things get really interesting.
If you plug the GL-USB150 into a computer, it shows up to the operating system as a USB Ethernet adapter and can be used as the primary Internet connection. All of the traffic from the computer will then be routed through the device to whatever link to the Internet its been configured to use. Depending on how you look at it, this could be extremely useful or extremely dangerous.
For one, it means that something that looks all the world like a normal USB flash drive could be covertly plugged into a computer and become a “wiretap” through which all of the network traffic is routed. That’s the bad news. On the flip side, it also means you could configure the GL-USB150 as a secure endpoint that lets you quickly and easily funnel all the computer’s traffic through a VPN or Tor without any additional setup.
Let’s not pretend we aren’t all guilty of it: at some point we’ve all connected to a public WiFi network to check our email or log into some site or service. We know the risks, we know better. But in a weak moment we can let the convenience of that public network get the better of us. What if you had a small secure router that you could use as an encrypted VPN endpoint, allowing you to connect to those enticing public networks while keeping your traffic secure? That’s precisely what [David] had in mind when he built this pint-sized solar-powered OpenWRT router.
At the heart of this gadget is the TP-Link TL-MR3020, a tiny OpenWRT-compatible router that’s no stranger to the pages of Hackaday. Its small size and low cost have made it a natural choice for a wide array of projects, so it’s little surprise that [David] gravitated towards it. But simply getting OpenWRT installed on the MR3020 and configuring OpenVPN doesn’t exactly grant you entrance into the Hackaday Pantheon, so obviously there’s a bit more to the story.
For one, [David] didn’t like the idea of a USB flash drive hanging out of the side of his router. Since the flash drive would essentially be a permanent part of the router, as it is being used to expand the rather meager internal storage of the MR3020 he decided to wack the USB end off the flash drive and solder it directly to the router’s PCB. This gave him a much cleaner looking package, but it still wasn’t as portable as he’d like.
He decided to order a solar-charged USB power bank to become the new home of his hacked MR3020. He kept the solar panel and charge controller from the original gadget, and after some researched settled on a pair of LG-HG2 3000 mAh batteries as the power source. [David] went through a few charge and discharge cycles making sure everything worked as expected before buttoning up the case. In the future he says he might transplant the electronics into a 3D printed case, but for now he’s pretty pleased with the results.
With so many WiFi home automation devices on the market, you might want to take advantage of these low cost products without having to send your data to third-party servers. This can be accomplished by running your own home automation hub on your home network.
If you don’t want to use a full computer for this purpose, [Albert] has you covered. He recently wrote a guide on running Domoticz on the $20 GL-MT300Nv2 pocket router.
The setup is rather simple: just perform a firmware update on your router using the provided image and a full home automation stack is installed. Domoticz provides a web interface for configuring your devices, setting up rules, and viewing sensor data.
The pocket router is also supported by OpenWrt and provides a USB host port, making it a low-cost option for any WiFi hack you might have in mind. We’ve seen quite a few OpenWrt based hacks over the years.
WiFi cameras like many other devices these days come equipped with some sort of Linux subsystem. This makes the life of a tinkerer easier and you know what that means. [Tomas C] saw an opportunity to mod his Xiaomi Dafang IP camera which comes configured to work only with proprietary apps and cloud.
The hack involves voiding the warranty by taking the unit apart and installing custom firmware onto it. Photos posted by [Tomas C] show the mainboard powered by an Ingenic T20 which is a popular IP Camera processor featuring some image and video processing sub-cores. Upon successful flashing of the firmware, the IP camera is now capable of a multitude of things such as remote recording and playback which can be configured using the web UI as documented by [Tomas C]
We did a little more digging on the custom firmware and discovered that the original author of the custom firmware, [EliasKotlyar] has done a lot of work on this project. There are loads of images of the teardown of a camera and an excellent set of documentation of how he made the hack. Everything from adding serial headers, getting root access, dumping the firmware and even toolchain links are given on the page. This is extremely handy for a newbie looking to get into the game.