Jun 202013
 

From the site:

“Each BSides is a community-driven framework for building events for and by information security community members.  The goal is to expand the spectrum of conversation beyond the traditional confines of space and time.  It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. “

Presenter: James Edge – Mainstream Security
Title: Show and Tell: Super MiniPwner
Abstract: The TP-Link WR703N is a low cost wireless access point that has replaced the venerable Linksys WRT54G as the most popular device to crack open and tinker with.  Many project tutorials have sprung up on how to hack this device from a hardware and software perspective.  One such project is the “minipwner”  coined by Kevin Bong with his site www.minipwner.com.  This talk builds off of that concept by trying to upgrade and implement as many features as possible while still keeping the original case.  Why the original case?  Because I said so.  We double the RAM and flash storage, add a usb hub, usb sdcard reader storage, usb to Ethernet port, serial port over usb, and finally we have integration with the Teensy so you can run keyboard commands remotely over WiFi.  I call this device the very original name of super-minipwner.

Slides from the presentation are here.

Conference videos, courtesy of Adrian “Irongeek” Crenshaw (www.irongeek.com), are here.

Direct link to my talk here.

Jun 192013
 

The TP_IN and TP_OUT connections on the TP-LINK WR703N are pretty touchy. One wrong tug on the soldered wire and the pad will rip off. Just a guess but I think they are held on by silly putty. So what do you do when you rip the pads off? I know the device is sub $25 but who wants to wait another month for a new one? Never fear as you can move down the line to C55 and C57. In my opinion this is actually an easier place connect the wires.

So…what if you just love tinkering with the device and you accidentally rip the pad on C55 off?
Continue reading »

Nov 192012
 

I was wandering the aisles of Fry’s Electronics and spotted a display of Westinghouse Outlet Valet’s for under $10.  The second I saw this I knew I my TP-Link wr703n was destined to be stuffed into it.  I also picked up an Inland USB Hub because I know it has the smallest foot print of any hub I’ve seen.  I’ve actually been able to place it under the wr703n board in the original housing.  I also picked up a Kingston 16GB micro SD card which comes with a small footprint USB reader.  Couple that with a Samsung OEM wall charger I had and we got the makings of a computer hiding in plain sight.

I created a Coppermine Photo Gallery album with some pictures I took of the device as it was being made.

 

Continue reading »

Oct 212012
 

From the site:

“Each BSides is a community-driven framework for building events for and by information security community members.  The goal is to expand the spectrum of conversation beyond the traditional confines of space and time.  It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. “

Presenter: James Edge – No Affiliation
Title: Show and Tell: Custom Power Pwn
Abstract:  The people over at Pwnie Express are coming out with a neat device called the Power Pwn. This device follows up on the Pwn Plug and the PwnPhone. With my experience as a penetration tester and junior hardware hacker I’ve been working on my own “pwn” hardware. I combined the PCEngines Alix 6f2, an APC BE650R Battery Backup Power Strip, and a battery Power Pack for a Custom Power Pwn. I integrated the Alix connectors for the serial, ethernet, and external antenna connectors with the existing APC coax, rj45, and rj50 ports. This talk is a show and tell on what I did and how anyone who is a fan of hardware hacking can do this themselves.

Slides from the presentation are here.

Conference videos were never posted on the Bsides site but I managed to obtain the video for my talk.

Direct link to my talk here.

 

Aug 042012
 

See the Security Bsides Atlanta talk (when it gets posted) at http://www.securitybsides.com/w/page/58266249/BSidesATL-2012.  Powerpoint slides can be found here.

The people over at PwnieExpress are coming out with a neat device called the Power Pwn.  This device follows up on the Pwn Plug and the PwnPhone (Nokia N900). With my experience as a penetration tester and junior hardware hacker I’ve been working on my own “pwn” hardware. I have a Nokia N810 as well as an Alix 6f2 (PCEngines.ch). I purchased an APC BE650R Battery Backup Power Strip off of Ebay and gutted the inside to fit the Alix board. I integrated the Alix connectors for the serial, ethernet, and external antenna connectors with the existing APC coax, rj45, and rj50 ports. The setup has an internal Xpal portable netbook charger that can run the Alix board for over 4 hours.  However, the main power to the board is integrated with the APC power strip.  Plugging in the APC will run power to the Xpal battery which in turn powers the Alix.  Four of the eight plugs on the APC are also functional.  I created a simple DB9 to RJ45 adapter for the serial connection so I can properly configure the device before use.  Since the Xpal battery powers it for 4 hours I have plenty of time to get it configured and to its final pwnage destination.  I didn’t take any photos of the gutting of the APC but it involved a lot of dremel, plastic nipper, and xacto knife work.  I do have photos of everything fitting together.  The only missing item is the internal RP-SMA to female F pigtails.  But as you can see in the photos you can fit some rubber duck antennas inside the APC with no problems.  Also, the best part about the Alix 6f2 is that you can add a mini-pci express GSM card for out of band cellular access to the device.  You don’t see the card installed on the Alix in the pictures.  I currently have the card in a Mini PCI-E WWAN to USB Adapter for testing.

The software I run on the PCEngines Alix is Debian-for-Alix where I contributed to the wiki with instructions on how to install all the tools.
Continue reading »

Apr 232012
 

Well the WRT54GL is not dead for me. Due to it’s popularity this venerable wireless router has been documented across the Internet on how to software and hardware hack it. Tinkering with this devices is a great way to learn about embedded Linux, cross-compilation, soldering, and serial communication. I continue to search for new ways to play with this router (I plan on adding some USB ports once my 12v/5v power supply arrives!).  The reason I’m documenting my experiences is because I haven’t seen many tutorials where the device has a GPS module. I’ve seen some documentation on connecting a GPS device (Garmin) to a serial port. Mine goes the extra step and includes a module in the router for a nice compact wardriving box. I’m even able to set the date and time on the device after a GPS lock is obtained.  So I’m going to put together a tutorial on the GPS module and the version of Openwrt, Kismet, and GPSd I used to allow this device to be a self contained wardriving box.

 Posted by at 10:27 am