Let’s not pretend we aren’t all guilty of it: at some point we’ve all connected to a public WiFi network to check our email or log into some site or service. We know the risks, we know better. But in a weak moment we can let the convenience of that public network get the better of us. What if you had a small secure router that you could use as an encrypted VPN endpoint, allowing you to connect to those enticing public networks while keeping your traffic secure? That’s precisely what [David] had in mind when he built this pint-sized solar-powered OpenWRT router.
At the heart of this gadget is the TP-Link TL-MR3020, a tiny OpenWRT-compatible router that’s no stranger to the pages of Hackaday. Its small size and low cost have made it a natural choice for a wide array of projects, so it’s little surprise that [David] gravitated towards it. But simply getting OpenWRT installed on the MR3020 and configuring OpenVPN doesn’t exactly grant you entrance into the Hackaday Pantheon, so obviously there’s a bit more to the story.
For one, [David] didn’t like the idea of a USB flash drive hanging out of the side of his router. Since the flash drive would essentially be a permanent part of the router, as it is being used to expand the rather meager internal storage of the MR3020 he decided to wack the USB end off the flash drive and solder it directly to the router’s PCB. This gave him a much cleaner looking package, but it still wasn’t as portable as he’d like.
He decided to order a solar-charged USB power bank to become the new home of his hacked MR3020. He kept the solar panel and charge controller from the original gadget, and after some researched settled on a pair of LG-HG2 3000 mAh batteries as the power source. [David] went through a few charge and discharge cycles making sure everything worked as expected before buttoning up the case. In the future he says he might transplant the electronics into a 3D printed case, but for now he’s pretty pleased with the results.
If you’d like to try your hand at hacking these popular micro routers, you’ll need to start with an OpenWRT firmware. After you’ve got a full blown Linux distro running on this little fellow, the only limitation is your own imagination.
If the headline makes today’s hack sound like it was easy, rest assured that it wasn’t. But if you’re interested in embedded device hacking, read on.
[Andres] wanted to install a custom OS firmware on a cheap home router, so he bought a router known to be reflashable only to find that the newer version of the firmware made that difficult. We’ve all been there. But instead of throwing the device in the closet, [Andres] beat it into submission, discovering a bug in the firmware, exploiting it, and writing it up for the manufacturer. (And just as we’re going to press: posting the code for the downgrade exploit here.)
This is not a weekend hack — this took a professional many hours of serious labor. But it was made a lot easier because TP-Link left a debugging protocol active, listening on the LAN interface, and not requiring authentication. [Andres] found most of the information he needed in patents, and soon had debugging insight into the running device.
Continue reading “TP-Link Debug Protocol Gives Up Keys To Kingdom”
[Jean-Christophe Rona] found himself with some free time and decided to finish a project he started two years ago, reverse engineering cheap 433MHz home automation equipment. He hopes to control his space heaters remotely, in preparation for a cold and, now, robotic winter.
In a previous life, he had reverse engineered the protocol these cheap wireless plugs, garage doors, and electric window shutters all use. This eventually resulted in a little library called rf-ctrl that can toggle and read GPIO pins in the correct way to control these objects. He has a few of the more popular protocols built into the library and even wrote a guide on how to do the reverse engineering yourself if you have need.
Having successfully interfaced with the plugs to use with his space heaters, [Jean-Christophe] went about converting a cheap TP Link router into a command center for them. Since TP Link never expected anyone to hammer their square peg into a mismatched hole, it takes a careful hand at soldering and some enamel wire to break out the GPIO pins, but it’s well within the average skill set.
The end result is a nicely contained blue box with a little antenna hanging out of it, and we hope, a warm abode for the coming winter.
Last year, the Federal Communications Commission proposed a rule governing the certification of RF equipment, specifically wireless routers. This proposed rule required router manufacturers to implement security on the radio module inside these routers. Although this rule is fairly limited in scope – the regulation only covers the 5GHz U-NII bands, and only applies to the radio subsystem of a router, the law of unintended consequences reared its ugly head. The simplest way to lock down a radio module is to lock down the entire router, and this is exactly what a few large router manufacturers did. Under this rule, open source, third-party firmwares such as OpenWRT are impossible.
Now, router manufacturer TP-Link has reached an agreement with the FCC to allow third-party firmware. Under the agreement, TP-Link will pay a $200,000 fine for shipping routers that could be configured to run above the permitted power limits.
This agreement is in stark contrast to TP-Link’s earlier policy of shipping routers with signed, locked firmware, in keeping with the FCC’s rule.
This is a huge success for the entire open source movement. Instead of doing the easy thing – locking down a router’s firmware and sending it out the door – TP-Link has chosen to take a hit to their pocketbook. That’s great news for any of the dozens of projects experimenting with mesh networking, amateur radio, or any other wireless networking protocol, and imparts a massive amount of goodwill onto TP-Link.
Thanks [Maave] for the tip.
This “security” is so outrageous we had to look for hidden cameras to make sure we’re not being pranked. We don’t want to ruin the face-palming realization for you, so before clicking past the break look closely at the image above and see if you can spot the exploit. It’s plain as day but might take a second to dawn on you.
The exploit was published on [Mark C.’s] Twitter feed after waiting a couple of weeks to hear back from TP-LINK about the discovery. They didn’t respond so he went public with the info.
Continue reading “TP-LINK’s WiFi Defaults to Worst Unique Passwords Ever”
Like it or not, Hackers gonna hack. And when your hackerspace has someone who looks like Doc Brown from Back to the Future, the builds can get a bit weird, like this Hack42 FestivalCharger.
The Hack42 hackerspace in Arnhem, The Netherlands had collected a large number of TP-Link 5V USB chargers – but all of them had the North American NEMA plug (flat, 2 pin) which wouldn’t fit the Schuko sockets prevalent in The Netherlands. [Simon “MacSimski” Claessen] decided to whip out his giant soldering iron and use it to solder two long pieces of welding filler metal rods to 33 of the chargers, effectively wiring them up in parallel. He did apply his obvious skill and experience to good use. For one, the diameter of the filler metal rods he used were just about the right size to fit in the
Shucko Schuko socket. And the gap between the two turned out to be the right distance too, thus creating a sort of Schucko Schuko plug. All that was needed to power up all the chargers was to connect a socket extension to the FestivalCharger. The unit was built to allow crowds of festival-goers to charge their phones and battery-powered gadgets simultaneously. To make sure the visitors didn’t get electrocuted, he used a piece of PVC pipe to cover up the exposed pins and keep it all safe.
Thanks to Hack42 member [Dennis van Zuijlekom] for sending in this tip.
[Squonk] is rather famous in the world of repurposed routers, having reverse engineered the TL-WR703N wireless router from TP-Link a few years ago. With that knowledge, he’s developed an open platform for Things on the Internet called Domino. It’s pretty much exactly what you would get by cracking open a router bought on AliBaba, only in a much more convenient package with many more pins broken out.
The Domino builds on [Squonk]’s reverse engineering efforts of the TP-Link TL-WR703N wireless router, the router that has stolen the thunder from the Linksys WRT54G for all those sweet, sweet, embedded hacks. Both the 703N and the Domino are built around the Atheros AR9331. While the router version of this chipset only breaks out a few GPIOs and other interesting pins, the Domino breaks out just about everything – GPIO, JTAG, I2S, UART, SPI, USB, and Ethernet can be found on the device.
The basic Domino can hopefully be had with a $25 pledge to the Kickstarter campaign. That’s a little less than the normal price for a WR-703N, and if you’re putting a router in a hat it might be worth your while. There are a few advanced versions that include an ATMega32u4 microcontroller, making it compatible with the Arduino Yun as well.