Virtualizing Around The FCC’s Firmware Modification Rules

June 14, 2016 by Brian Benchoff 29 Comments

Last year, the FCC introduced new regulations requiring router manufacturers to implement software security to limit the power output in specific 5GHz bands. Government regulations follow the laws of unintended consequences, and the immediate fear surrounding this new directive from the FCC was that WiFi router manufacturers would make the easiest engineering decision. These fears came true early this year when it was revealed a large router manufacturer was not following the FCC regulations to the letter by limiting the output of the radio module itself, but instead locking down the entire router.

The FCC’s rules regarding the power output of 5GHz routers was never a serious concern; the FCC is, after all, directed to keep the spectrum clean, and can force manufacturers to limit the power output of the wireless devices. The problem comes from how manufacturers implement this regulation – the easiest solution to prevent users from modifying the output of the radio module will always be preventing users from modifying the entire router. Developers don’t like it, the smart users are horrified, and even the FCC is a little flustered with the unintended consequences of its regulation.

While the easiest solution to preventing the modification of a radio module is to prevent modification to the entire router, there is another way. The folks at Imagination Technologies have come up with a virtualization scheme that allows router manufacturers to lock down the radio module per the FCC directive while still allowing the use of Open Source router firmware like OpenWrt.

A demonstration of the capabilities of this next-generation router comes from the prpl Security Working Group and uses MIPS Warrior CPUs to create multiple trusted environments. The control of the router can be handled by one secure environment, while the rest of the router firmware – OpenWrt included – can be run in an environment more conducive to Open Source firmware.

The demo of a compartmentalized, virtualized router uses a dev kit consisting of a dual-core MIPS P5600 CPU running at 1GHz, and a Realtek RTL8192 WiFi adapter plugged into the USB port. The driver for the WiFi adapter runs under a secure hypervisor, making it secure enough to pass the FCC’s muster.

This build wouldn’t be possible without hardware virtualization in microprocessors and microcontrollers. Imagination Technologies has been working on this for a while, and only a few years ago demonstrated a PIC32 with baked in virtualization.

In the video below, Imagination Technologies demonstrates a MIPS board running three virtual machines. The first machine is running OpenWrt, the second is running a WiFi driver, and the third is running third-party applications. Crashing one machine doesn’t bring down the others, and the WiFi driver is locked away in a secure environment in accordance with the FCC regulations.

While it’s hard to imagine a router based on a MIPS board that would be cheaper than the already inexpensive router SoCs found in today’s routers, this method of secure virtualization is the best way to give consumers what they deserve: an open source option for all their devices.

Continue reading “Virtualizing Around The FCC’s Firmware Modification Rules” →

Meter All The Phases: Three Phase Energy Meter With OpenWrt

May 25, 2016 by Moritz Walter 36 Comments

Keeping track your overall electricity usage is a good thing, and it’s even better if you know where all the kilowatt-hours are going. [Anurag Chugh’s] house has the three phases coming from the electrical distribution box tidily organized: One for the lighting and fans, one for household appliances, and one for the hot water supply. To monitor and analyze the electrical fingerprint of his house, [Anurag] installed a 3 phase energy meter and hooked it up to the internet.

Continue reading “Meter All The Phases: Three Phase Energy Meter With OpenWrt” →

FCC Locks Down Router Firmware

February 26, 2016 by Brian Benchoff 112 Comments

For years, we have been graced with consumer electronics that run some form of Linux, have a serial port on the circuit board somewhere, and are able to be upgraded through official and unofficial means. That digital picture frame you got for Christmas in 2007 and forgot to regift in 2008? That’s a computer, and it would make a wonderful Twitter feed display. Your old Linksys WRT54G router? You can make a robotic lawnmower out of that thing. The ability to modify the firmware of consumer electronics is the cornerstone of Hackaday’s editorial prerogative. Now that right we have all enjoyed is in jeopardy, thanks to regulations from the FCC and laziness from router manufacturers.
Continue reading “FCC Locks Down Router Firmware” →

Cheap WiFi Devices Are Hardware Hacker Gold

January 27, 2016 by Elliot Williams 51 Comments

Cheap consumer WiFi devices are great for at least three reasons. First, they almost all run an embedded Linux distribution. Second, they’re cheap. If you’re going to break a couple devices in the process of breaking into the things, it’s nice to be able to do so without financial fears. And third, they’re often produced on such low margins that security is an expense that the manufacturers just can’t stomach — meaning they’re often trivially easy to get into.

Case in point: [q3k] sent in this hack of a tiny WiFi-enabled SD card reader device that he and his compatriots [emeryth] and [informatic] worked out with the help of some early work by [Benjamin Henrion]. The device in question is USB bus-powered, and sports an SD card reader and an AR9331 WiFi SOC inside. It’s intended to supply wireless SD card support to a cell phone that doesn’t have enough on-board storage.

The hack begins with [Benajmin] finding a telnet prompt on port 11880 and simply logging in as root, with the same password that’s used across all Zsun devices: zsun1188. It’s like they want to you get in. (If you speak Chinese, you’ll recognize the numbers as being a sound-alike for “want to get rich”. So we’ve got the company name and a cliché pun. This is basically the Chinese equivalent of “password1234”.) Along the way, [Benjamin] also notes that the device executes arbitrary code typed into its web interface. Configure it to use the ESSID “reboot”, for instance, and the device reboots. Oh my!

From here [q3k] and co. took over and ported OpenWRT to the device and documented where its serial port and GPIOs are broken out on the physical board. But that’s not all. They’ve also documented how and where to attach a wired Ethernet adapter, should you want to put this thing on a non-wireless network, or use it as a bridge, or whatever. In short, it’s a tiny WiFi router and Linux box in a package that’s about the size of a (Euro coin | US quarter) and costs less than a good dinner out. Just add USB power and you’re good to go.

Nice hack!

Capture The Flag With Lightsabers

December 15, 2015 by Bryan Cockfield 2 Comments

There’s a great game of capture-the-flag that takes place every year at HITCON. This isn’t your childhood neighborhood’s capture-the-flag in the woods with real flags, though. In this game the flags are on secured servers and it’s the other team’s mission to break into the servers in whatever way they can to capture the flag. This year, though, the creators of the game devised a new scoreboard for keeping track of the game: a lightsaber.

In this particular game, each team has a server that they have to defend. At the same time, each team attempts to gain access to the other’s server. This project uses a lightsaber stand that turns the lightsabers into scoreboards for the competition at the 2015 Hacks In Taiwan Conference. It uses a cheap OpenWRT Linux Wi-Fi/Ethernet development board, LinkIt Smart 7688 which communicates with a server. Whenever a point is scored, the lightsaber illuminates and a sound effect is played. The lightsabers themselves are sourced from a Taiwanese lightsabersmith and are impressive pieces of technology on their own. As a bonus the teams will get to take them home with them.

While we doubt that this is more forced product integration advertisement from Disney, it certainly fits in with the theme of the game. Capture-the-flag contests like this are great ways to learn about cyber security and how to defend your own equipment from real-world attacks. There are other games going on all around the world if you’re looking to get in on the action.

Continue reading “Capture The Flag With Lightsabers” →

VOCore Tutorial Gets You Started With Tiny Router

November 15, 2015 by Elliot Williams 18 Comments

[Vadim] wrote up this short but sweet tutorial on getting started with the Vocore (tiny) OpenWRT-router-on-a-stamp. If you need more computing power than you can get with an ESP8266, and you want an open-source Linux-plus-Wifi solution in a square inch of board space, the Vocore looks pretty sweet.

We covered the Vocore a while ago. It has 28 GPIOs, all accessible from system calls in OpenWRT. It becomes much more computer-like if you add a dock that breaks out the USB and Ethernet functionality, but that also doubles the price.

Getting started with a no-frills Linux box (chip?) can be intimidating. So it’s a good thing that [Vadim] details a first setup of the Vocore over WiFi and SSH, and then takes you through a button-and-LED style ‘Hello World’ application that makes simple use of the GPIOs.

He says he’s going to interface it eventually with a TI CC110 sub-gig radio unit, but that’s going to involve writing some drivers and will take him some time. We’d love to see how to connect peripherals, so we’re waiting with bated breath.

[Vadim] also helpfully included an un-bricking script for the Vocore, which restores the default firmware and gets you out of whatever hole you’ve managed to dig yourself into. Basically, you connect to the device over a USB-Serial adapter, run his script, and you should be set.

Any of you out there using a Vocore? Or other OpenWRT routers? Give [Vadim]’s tutorial a glance and let us know what you think.

FCC Introduces Rules Banning WiFi Router Firmware Modification

August 31, 2015 by Brian Benchoff 212 Comments

For years we have been graced by cheap consumer electronics that are able to be upgraded through unofficial means. Your Nintendo DS is able to run unsigned code, your old XBox was a capable server for its time, your Android smartphone can be made better with CyanogenMod, and your wireless router could be expanded far beyond what it was originally designed to do thanks to the efforts of open source firmware creators. Now, this may change. In a proposed rule from the US Federal Communications Commission, devices with radios may be required to prevent modifications to firmware.

The proposed rule only affects devices operating in the U-NII bands; the portion of the spectrum used for 5GHz WiFi, and the proposed rule only affects the radios inside these devices. Like all government regulations, the law of unintended consequences rears its ugly head, and the proposed rules effectively ban Open Source router firmware.

The rules require all relevant devices to implement software security to ensure the radios of devices operating in this band cannot be modified. Because of the economics of cheap routers, nearly every router is designed around a System on Chip – a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.