Feb 112015

In 2013 I presented at the Rhode Island Bsides about the work I did with the TP-Link wr703n creating a “Super” Minipwner (real ingenious name). Below is the abstract for my talk.

The TP-Link WR703N is a low cost wireless access point that has replaced the venerable Linksys WRT54G as the most popular device to crack open and tinker with. Many project tutorials have sprung up on how to hack this device from a hardware and software perspective. One such project is the “minipwner” coined by Kevin Bong with his site www.minipwner.com. This talk builds off of that concept by trying to upgrade and implement as many features as possible while still keeping the original case. Why the original case? Because I said so. We double the RAM and flash storage, add a usb hub, usb sdcard reader storage, usb to Ethernet port, serial port over usb, and finally we have integration with the Teensy so you can run keyboard commands remotely over WiFi. I call this device the very original name of super-minipwner.

Super Minipwner

The TP-Link wr703n is a fun device to tinker with but I want to step it up a notch and use a device that already had two network ports. I always pined after the wr720n (the Chinese model) and even got my hands on one to play with. However, the RAM and Flash were the same as the wr703n and I didn’t want to ruin the device upgrading it. 4mb of flash storage and 32mb of RAM just isn’t going to cut it. Also the devices are harder to find and more expensive…and nobody is selling services on Ebay to upgrade the wr720n like the wr703n. Though if you asked him I bet he would. The router is also larger in size due to AC outlet plug.

Then the Openwrt forums started discussing the GL-iNet. I was hooked the moment I saw it. They took the wr703n and added everything a hacker could want. Two network ports, easy access to GPIO and Serial pins, 64mb of RAM, 16mb of flash, internal power header, and a connector for an external antenna. This all in the same dimensions of the wr703n. The new penetration testing device created using the GL-iNet will be documented in several parts.

Part 1 – Building Openwrt for the GL-iNet

Part 2 – Using Openwrt to Bypass 802.1x Port Security

Part 3 – Remote HID Attacks with a Teensy 2.0 – The Build
Part 3.1 – Remote HID Attacks with a Teensy 3.1 – The Build

Part 4 – Remote HID Attacks with a Teensy – Testing Your Build / Getting Started

Part 5 – Remote HID Attacks with a Teensy – Peensy Code