How To Get 50 More Zed From Your Rigol DS1054Z

November 12, 2014 by Kristina Panos 98 Comments

[Chris] has been spending a lot of time in the wife’s sewing room lately, and things got pretty serious late last night as he hacked his shiny new Rigol DS1054Z to unlock the 1104Z capabilities lurking within.

The rumors are true, and ungoverning the software is as simple as looking up your serial number and knowing the right URL for generating a valid license. [Chris] ran into a dud site, but that’s the price of doing business in the shadowy parking garage basements of the interwebs. Once he knocked on the right door and uttered the secret word, however, he became the proud owner of 50MHz additional bandwidth, decoders for SPI, I²C, and RS-232, twice the storage depth, and all teh triggers that ship with the 1104Z.

Can’t rationalize the purchase even at the ridiculously low price point? Here’s one way to make it happen. You’ll laugh, you’ll cry, you’ll learn some French.

Continue reading “How To Get 50 More Zed From Your Rigol DS1054Z” →

Finding A Shell In A Bose SoundTouch

September 30, 2014 by Brian Benchoff 49 Comments

Bose, every salesperson’s favorite stereo manufacturer, has a line of Wi-Fi connected systems available. It’s an impressively innovative product, able to connect to Internet radio, Pandora, and music libraries stored elsewhere on the network. A really great idea, and since this connects to a bunch of web services, you just know there’s a Linux shell in there somewhere. [Sara] found it.

The SoundTouch is actually rather easy to get into. The only real work to be done is connecting to port 17000, turning remote services on, and then connecting with telnet. The username is root.

The telnet service on port 17000 is actually pretty interesting, and we’re guessing this is what the SoundTouch iOS app uses for all its wizardry. [Sara] put a listing of the ‘help’ command up on pastebin, and it looks like there are commands for toggling GPIOs, futzing around with Pandora, and references to a Bluetooth module.

Interestingly, when [Sara] first suspected there could be Linux inside this box, she contacted Bose support for any information. She figured out how to get in on her own, before Bose emailed her back saying the information is proprietary in nature.

Chromecast Is Root

August 25, 2014 by Brian Benchoff 44 Comments

Image from [psouza4] on the xda-developers forum

Chromecast is as close as you’re going to get to a perfect device – plug it in the back of your TV, and instantly you have Netflix, Hulu, Pandora, and a web browser on the largest display in your house. It’s a much simpler device than a Raspi running XBMC, and we’ve already seen a few Chromecast hacks that stream videos from a phone and rickroll everyone around you.

Now the Chromecast has been rooted, allowing anyone to change the DNS settings (Netflix and Hulu users that want to watch content not available in their country rejoice), and loading custom apps for the Chromecast.

The process of rooting the Chromecast should be fairly simple for the regular readers of Hackaday. It requires a Teensy 2 or 2++ dev board, a USB OTG cable, and a USB flash drive. Plug the Teensy into the Chromecast and wait a minute. Remove the Teensy, plug in the USB flash drive, and wait several more minutes. Success is you, and your Chromecast is now rooted.

Member of Team-Eureka [riptidewave93] has put up a demo video of rooting a new in box Chromecast in just a few minutes. You can check that out below.

Continue reading “Chromecast Is Root” →

Chromecast Bootloader Exploit

July 29, 2013 by Mike Szczys 29 Comments

chromecast-hack

Well that didn’t take long. The team over at GTVHacker have worked their magic on Chromecast. The HDMI dongle announced by Google last week was so popular they had to cancel their 3-free-months of Netflix perk. We think the thing is worth $35 without it, especially if we end up seeing some awesome hacks from the community.

So far this is just getting your foot in the door by rooting the device. In addition to walking through the exploit the wiki instructions give us a lot more pictures of the internals than we saw from the teardown in yesterday’s links post. There’s an unpopulated pad with seventeen connections on the PCB. You can patch into the serial connections this way, running at a 115200 8n1. But you won’t have terminal access out of the box. The exploit uses a vulnerability in the bootloader to flash a hacked system folder which provides root. After wiping the cache it reboots like normal but now you can access a root shell on port 23.

Continue reading “Chromecast Bootloader Exploit” →

One Kindle Launcher To Rule Them

February 5, 2013 by Mike Szczys 18 Comments

kindle-launcher

Ask around and chances are you can find a friend or family member that still has their early generation Kindle but doesn’t use it anymore. There are quite a number of different things you can do with them, and now there’s a single Launcher that works for all models of hacked Kindles. KUAL is the Kindle Unified Application Launcher.

Loading the launcher on your device does require that it be Jailbroken/Rooted, but that’s really the entire point, right? Once on your device the system is easy to configure. Menus themselves can be customized by editing the XML and JSON pair for each list. The screenshot on the left illustrates some of the applications you might want to run. We could see a VNC viewer being useful, and everyone likes to have games — like Doom II or the entire Z-machine library — on hand when they unexpectedly get stuck somewhere. But MPlayer? Does anyone actually use their ePaper device to watch videos?

CASUAL Seeks To Make Android Hacking OS Agnostic

February 4, 2013 by Mike Szczys 7 Comments

CASUAL-android-hacking-scripts

[Adam Outler] tipped us off about a cross-platform Android hacking suite he’s been working on. The project, which is called CASUAL, brings several things to the table. First and foremost it breaks down the OS requirements seen on some hacks. It can perform pretty much any Android hack out there and it doesn’t care if you’re using Linux, OS X, or Windows.

We’ve embedded two videos after the break. The screenshot seen above is from the first clip where [Adam] demonstrates the package rooting the Oppo Find5 Android phone. He then goes on to show off the scripting language CASUAL uses. This layer of abstraction should make it easier to deploy hacking packages, as CASUAL handles all of the underlying tools like the Android Debug Bridge, fastboot, and Heimdall (an open source Odin replacement which brings the low level tool to all OS platforms) . The second video demonstrates a Galaxy Note II being rooted, and having a new recovery image flashed.

Continue reading “CASUAL Seeks To Make Android Hacking OS Agnostic” →

Rooting Your AT&T U-verse Modem

December 13, 2012 by Mike Szczys 26 Comments

Unhappy with the performance of his U-verse modem [Jordan] decided to dig in and see if a bit of hacking could improve the situation. Motorola makes this exclusively for AT&T and there are no other modems on the market which can used instead. Luckily he was able to fix almost everything that was causing him grief. This can be done in one of two ways. The first is a hardware hack that gains access to a shell though the UART. The second is a method of rooting the device from its stock web interface.

We think the biggest improvement gained by hacking this router is true bridge mode. The hardware is more than capable of behaving this way but AT&T has disabled the feature with no option for an unmodified device to use it. By enabling it the modem does what a modem is supposed to do: translate between WAN and LAN. This allows routing to be handled by a router (novel idea huh?).