Hacking Transcend Wifi SD Cards

August 12, 2013 by Mathieu Stephan 107 Comments

[Pablo] is a recent and proud owner of a Transcend WiFi SD Card. It allows him to transfer his pictures to any WiFi-enabled device in a matter of seconds.

As he suspected that some kind of Linux was running on it, he began to see if he could get a root access on it… and succeeded.

His clear and detailed write-up begins with explaining how a simple trick allowed him to browse through the card’s file system, which (as he guessed correctly) is running busybox. From there he was able to see if any of the poorly written Perl scripts had security holes… and got more than he bargained for.

He first thought he had found a way to make the embedded Linux launch user provided scripts and execute commands by making a special HTTP POST request… which failed due to a small technicality. His second attempt was a success: [Pablo] found that the user set password is directly entered in a Linux shell command. Therefore, the password “admin; echo haxx > /tmp/hi.txt #” could create a hi.txt text file.

From there things got easy. He just had to make the card download another busybox to use all the commands that were originally disabled in the card’s Linux. In the end he got the card to connect a bash to his computer so he could launch every command he wanted.

As it was not enough, [Pablo] even discovered an easy way to find the current password of the card. Talk about security…

Hackaday Links: September 15, 2011

September 15, 2011 by Brian Benchoff 20 Comments

Open-source Mars rover

[Seth King] wasn’t satisfied with current robotics platforms that don’t work well outdoors. He started the Open Rover Kickstarter with the end goal of having a 6-wheel robot with a rocker-bogie suspension just like the Mars landers. We’re sure it’ll be an interesting platform.

Adding a Flash to a key fob video camera

[doctormord] picked up a key fob “spycam” and was surprised that there wasn’t any onboard illumination. Then again, that would probably defeat the purpose of the “spycam.” A transistor, LED and resistor later (translation), he had a camera with a light. Pics here.

Automated WEP cracking

This is a video of [Elliott] using his autocrack script to crack a WEP wi-fi network. It took [Elliott] less than a minute to crack a network he set up. Lesson: don’t use WEP.

Adding wi-fi to a laptop the fast way

This laptop used to have a broken Mini-PCIe wi-fi adapter. [Mikko] fixed the wireless by taking out the old card and hooking up a USB wi-fi adapter. He soldered the USB leads directly to the back of an internal USB port and used hot glue “to prevent bad things from happening.” A very easy, fast, and cheap way of fixing a broken wireless adapter.

Han Solo’s soldering iron

When [Craig] was 15, he broke the Bakelite casing of his father’s soldering iron. Being a good son, he fixed it by gutting his original Star Wars Han Solo blaster. Nice, but not as great as Starsong from My Little Pony.

Eye-Fi Explore Review

June 27, 2008 by Juan Aguilar 12 Comments

[flickr video=http://www.flickr.com/photos/pauls/2611298593/]

The WiFi uploading Eye-Fi SD card made a big splash when it was first introduced, but now Eye-Fi has a whole line of different products. The top of the line is the Eye-Fi Explore, which supports geotagging without using a GPS. Instead of GPS hardware, it uses the Skyhook Wireless Wi-Fi Postitioning System, which correlates the position of the Eye-Fi’s access point to GPS locations, creating virtual GPS functionality. This allows photos taken with the Eye-Fi to be be geotagged. Of course, the accuracy of the system is noticeably lower than true GPS and seems to be affected by a number of external factors, but it is still accurate enough to tag the photo within the immediate vicinity of where it was taken.

WiFi positioning is great feature, but certainly not limited to photography. Since the Eye-Fi is at its core SD storage media, you could probably have it geotag data saved to the card, even if it wasn’t created by a digital camera..

In Car WiFi

June 26, 2008 by Juan Aguilar 8 Comments

You may have already heard that Chrysler is planning to provide in-car wireless internet access to its vehicles. If not, expect to hear more about it later this year when the requisite hardware becomes a sales-floor option, or next year when it becomes factory standard for some cars.

We can’t say it’s a bad idea, it’s just not a new one. Plenty of commercial portable routers are available, but they still need a modem and data plan to provide internet access. For internet access and wireless routing, look to [Nate True]’s cellphone-router combo, which uses a spare Nokia cellphone and a highly modded Wi-Fi router running OpenWRT. [True] has made it easy by providing the instructions and necessary custom code, but it seems like a lot of effort for a relatively slow connection. We think the original Stompbox is still the most fun since it has the speed of commercial devices and an open x86 OS to modify.

Confessions Of A Wi-Fi Thief

June 21, 2008 by Juan Aguilar 40 Comments

A wry editorial on Time Magazine’s site about tapping into your neighbors’ Wi-Fi tells of how the author [Lev Grossman] stole internet access from his neighbors’ open networks for years. He finally decided to pay for his own connection, which he fittingly leaves on an open network. He makes the point that leaving it open is a violation of his TOS agreement, but he doesn’t seem particularly bothered by the notion of people tapping into his network.

[Bruce Schneier] takes an even stronger stance on the issue, suggesting that it is not only safe to leave your network open, but a matter of politeness toward your guests, similar to providing them with basic amenities. He also mentions that if your computers are not adequately secured, network security won’t make much of a difference. We tend to agree with [Schneier] on this: we also leave our network completely open.

That’s not to say [Grossman] doesn’t have a point about the unreliability of pilfered internet access, noting “I always seemed to lose connectivity just when I was about to send a crucial e-mail.” Sure, we leave our network open, but we have to pay for our internet access. We really can’t afford not to. One thing [Grossman] didn’t mention (neither did [Schneier], but he wrote his article before this happened), is that a Maryland bill that would criminalize leeching Wi-Fi has been shot down. The first legislation of its kind, the defeat of the bill mean citizens of Maryland are free to leech from open networks without fear of prosecution, but it sets a precedent that may influence future rulings.