TP-Link WR703N Custom Pwn Plug

 Hardware Hacking  5 Responses »
Nov 192012
 

I was wandering the aisles of Fry’s Electronics and spotted a display of Westinghouse Outlet Valet’s for under $10.  The second I saw this I knew I my TP-Link wr703n was destined to be stuffed into it.  I also picked up an Inland USB Hub because I know it has the smallest foot print of any hub I’ve seen.  I’ve actually been able to place it under the wr703n board in the original housing.  I also picked up a Kingston 16GB micro SD card which comes with a small footprint USB reader.  Couple that with a Samsung OEM wall charger I had and we got the makings of a computer hiding in plain sight.

I created a Coppermine Photo Gallery album with some pictures I took of the device as it was being made.

 

Continue reading »

My Custom Power Pwn

 Hardware Hacking  No Responses »
Aug 042012
 

See the Security Bsides Atlanta talk (when it gets posted) at http://www.securitybsides.com/w/page/58266249/BSidesATL-2012.  Powerpoint slides can be found here.

The people over at PwnieExpress are coming out with a neat device called the Power Pwn.  This device follows up on the Pwn Plug and the PwnPhone (Nokia N900). With my experience as a penetration tester and junior hardware hacker I’ve been working on my own “pwn” hardware. I have a Nokia N810 as well as an Alix 6f2 (PCEngines.ch). I purchased an APC BE650R Battery Backup Power Strip off of Ebay and gutted the inside to fit the Alix board. I integrated the Alix connectors for the serial, ethernet, and external antenna connectors with the existing APC coax, rj45, and rj50 ports. The setup has an internal Xpal portable netbook charger that can run the Alix board for over 4 hours.  However, the main power to the board is integrated with the APC power strip.  Plugging in the APC will run power to the Xpal battery which in turn powers the Alix.  Four of the eight plugs on the APC are also functional.  I created a simple DB9 to RJ45 adapter for the serial connection so I can properly configure the device before use.  Since the Xpal battery powers it for 4 hours I have plenty of time to get it configured and to its final pwnage destination.  I didn’t take any photos of the gutting of the APC but it involved a lot of dremel, plastic nipper, and xacto knife work.  I do have photos of everything fitting together.  The only missing item is the internal RP-SMA to female F pigtails.  But as you can see in the photos you can fit some rubber duck antennas inside the APC with no problems.  Also, the best part about the Alix 6f2 is that you can add a mini-pci express GSM card for out of band cellular access to the device.  You don’t see the card installed on the Alix in the pictures.  I currently have the card in a Mini PCI-E WWAN to USB Adapter for testing.

The software I run on the PCEngines Alix is Debian-for-Alix where I contributed to the wiki with instructions on how to install all the tools.
Continue reading »

WRT54GL is Not Dead

 Hardware Hacking  No Responses »
Apr 232012
 

Well the WRT54GL is not dead for me. Due to it’s popularity this venerable wireless router has been documented across the Internet on how to software and hardware hack it. Tinkering with this devices is a great way to learn about embedded Linux, cross-compilation, soldering, and serial communication. I continue to search for new ways to play with this router (I plan on adding some USB ports once my 12v/5v power supply arrives!).  The reason I’m documenting my experiences is because I haven’t seen many tutorials where the device has a GPS module. I’ve seen some documentation on connecting a GPS device (Garmin) to a serial port. Mine goes the extra step and includes a module in the router for a nice compact wardriving box. I’m even able to set the date and time on the device after a GPS lock is obtained.  So I’m going to put together a tutorial on the GPS module and the version of Openwrt, Kismet, and GPSd I used to allow this device to be a self contained wardriving box.

 Posted by at 10:27 am